POL-1158 Policy Catalog Reorganization (#1937)

* update

* update

* update

* update

* update

* update

* reorg

* update

* update

* more sorting

* update

* update

* more moves

* update

* update

* update

* update

* update

* update

* update

* update

* update

* update

* update

* update

* update

* update

* update

* fix

* update

* update

* update

* update

* update

* update

* update

* update

.dangerfile/policy_tests.rb

@@ -68,6 +68,40 @@ def policy_bad_filename_casing?(file)
   return false
 end
 
+### README Link test
+# Verify that the readme in the short_description is valid
+def policy_bad_readme_link?(file)
+  fail_message = ""
+
+  pp = PolicyParser.new
+  pp.parse(file)
+  short_description = pp.parsed_short_description
+
+  file_path = file.split('/')
+  file_path.pop
+  file_url = "https://github.com/flexera-public/policy_templates/tree/master/" + file_path.join('/')
+
+  url_regex = /https:\/\/[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)+(?:\/[^\s]*[^\s)])?/
+  url_list = short_description.scan(url_regex)
+
+  good_urls = 0
+  bad_urls = 0
+
+  url_list.each do |url|
+    if url.include?("github.com")
+      bad_urls += 1 if url != file_url && url != file_url + "/"
+      good_urls += 1 unless url != file_url && url != file_url + "/"
+    end
+  end
+
+  if bad_urls > 0 || good_urls == 0
+    fail_message = "**#{file}**\nPolicy `short_description` is missing a valid link to the policy README. Please ensure that the following link is present in the `short_description`:\n\n#{file_url}/"
+  end
+
+  return fail_message.strip if !fail_message.empty?
+  return false
+end
+
 ### Publish test
 # Return false if policy info block is missing publish field or publish is set to a value other than "false"
 def policy_unpublished?(file)

.github/workflows/test-policies.yaml

@@ -8,6 +8,11 @@ on:
     branches:
       - master
 
+  # Workflow dispatch trigger allows manually running workflow
+  workflow_dispatch:
+    branches:
+      - master
+
 jobs:
   policy_test:
     name: "Policy Test"

.github/workflows/update-active-policy-list.yaml

@@ -10,6 +10,11 @@ on:
     types:
       - completed
 
+  # Workflow dispatch trigger allows manually running workflow
+  workflow_dispatch:
+    branches:
+      - master
+
 jobs:
   policy_list:
     name: "Update Active Policy List"

Dangerfile

@@ -203,6 +203,9 @@ changed_pt_files.each do |file|
   # Raise error if policy filename/path contains any uppercase letters
   test = policy_bad_filename_casing?(file); fail test if test
 
+  # Raise error if policy short_description is missing valid README link
+  test = policy_bad_readme_link?(file); fail test if test
+
   # Raise warning if policy won't be published
   test = policy_unpublished?(file); warn test if test
 

Gemfile

@@ -11,3 +11,4 @@ gem "danger-rubocop", "~> 0.12.0"
 gem "pry", "~> 0.14.2"
 gem "rb-readline", "~> 0.5.5"
 gem "mdl", "~> 0.13.0"
+gem "octokit", "~> 8.1.0"

Gemfile.lock

@@ -135,6 +135,7 @@ DEPENDENCIES
   danger-textlint (~> 2.0.4)
   json (~> 2.7)
   mdl (~> 0.13.0)
+  octokit (~> 8.1.0)
   pry (~> 0.14.2)
   rake (~> 13.1.0)
   rb-readline (~> 0.5.5)

Rakefile

@@ -1,23 +1,32 @@
 require 'rubygems'
 require 'json'
 require 'fileutils'
+require 'octokit'
+require 'uri'
+require 'time'
 require_relative '.dangerfile/policy_parser'
 
-# the list of policies is consumed by the tools/policy_sync/policy_sync.pt
+# The list of policies is consumed by the tools/policy_sync/policy_sync.pt
 # and the docs.rightscale.com build to generate the policies/user/policy_list.html
 # the file is uploaded to S3 during a merge to master deploy step in .travis.yml
 desc "Create a list of active policies to be published to the Public Policy Catalog"
+
 task :generate_policy_list do
+  # Preparation for getting information from Github repository
+  repo_name = "flexera-public/policy_templates"
+  branch = "master"
+  github_client = Octokit::Client.new
+
   FileUtils.mkdir_p 'dist'
   file_list = []
-  Dir['**/*.pt'].reject{ |f| f['msp/'] }.each do |file|
-    change_log = ::File.join(file.split('/')[0...-1].join('/'),'CHANGELOG.md')
-    readme = ::File.join(file.split('/')[0...-1].join('/'),'README.md')
-    publish = true
 
-    if !file.match(/test_code/)
-      f = File.open(file, "r:bom|utf-8")
+  Dir['**/*.pt'].each do |file|
+    change_log = ::File.join(file.split('/')[0...-1].join('/'), 'CHANGELOG.md')
+    readme = ::File.join(file.split('/')[0...-1].join('/'), 'README.md')
+    publish = true
+    updated_at = nil
 
+    unless file.match(/test_code/)
       pp = PolicyParser.new
       pp.parse(file)
 
@@ -26,30 +35,31 @@ task :generate_policy_list do
         provider = pp.parsed_info[:provider]
         service = pp.parsed_info[:service]
         policy_set = pp.parsed_info[:policy_set]
+        recommendation_type = pp.parsed_info[:recommendation_type]
         publish = pp.parsed_info[:publish]
-        # not all templates have the publish key
-        # set these to true,
-        if ( publish.nil? || publish=='true' || publish==true ) && provider!="Flexera Cloud Management"
-          publish = true
-        else
-          publish = false
-        end
+
+        # Set publish to false unless publish is missing or set to true in policy metadata
+        publish = false unless publish.nil? || publish == 'true' || publish == true
       end
 
-      # get version from long description
+      # Get version from long description
       if version.nil? && pp.parsed_long_description =~ /Version/
         version = pp.parsed_long_description.split(':').last.strip.chomp("\"")
       end
 
-      # skip policy if the version isn't supplied or if version is '0.0'
-      if ! version || version == '0.0' || ! publish
-        puts "Skipping #{pp.parsed_name}, policy not published"
+      # Skip policy if the version isn't supplied or if version is '0.0'
+      if !version || version == '0.0' || !publish
+        puts "Skipping #{pp.parsed_name} because publish flag set to a value other than 'true'"
         next
       end
 
+      # Get datetime for last time file was modified
+      commits = github_client.commits(repo_name, branch, path: file)
+      updated_at = commits.first.commit.author.date.utc.iso8601 unless commits.empty?
+
       puts "Adding #{pp.parsed_name}"
 
-      file_list<<{
+      file_list << {
         "name": pp.parsed_name,
         "file_name": file,
         "version": version,
@@ -61,14 +71,21 @@ task :generate_policy_list do
         "provider": provider,
         "service": service,
         "policy_set": policy_set,
+        "recommendation_type": recommendation_type,
+        "updated_at": updated_at
       }
     end
   end
+
   # Sort the file list by Policy Template Name
   # This minimizes output diffs between runs
   file_list = file_list.sort_by { |pt| pt[:name] }
+
   # Construct final object
-  policies = {"policies": file_list }
+  policies = { "policies": file_list }
+
   # Write the output JSON file to disk
-  File.open('dist/active-policy-list.json', 'w') { |file| file.write(JSON.pretty_generate(policies)+"\n") }
+  File.open('dist/active-policy-list.json', 'w') {
+    |file| file.write(JSON.pretty_generate(policies) + "\n")
+  }
 end

automation/google/google_rbd_from_label/CHANGELOG.md

@@ -1,5 +1,9 @@
 # Changelog
 
+## v1.2
+
+- fixed link to README in policy description
+
 ## v1.1
 
 - added ability to specify names for the newly created dimensions

automation/google/google_rbd_from_label/google_rbd_from_label.pt

@@ -1,13 +1,13 @@
 name "Google Rule-Based Dimension From Project Labels"
 rs_pt_ver 20180301
 type "policy"
-short_description "Creates and/or updates individual Rule-Based Dimensions based on Google Project labels. See the [README](https://github.com/flexera-public/policy_templates/tree/master/automation/azure/azure_rbd_from_tag) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more."
+short_description "Creates and/or updates individual Rule-Based Dimensions based on Google Project labels. See the [README](https://github.com/flexera-public/policy_templates/tree/master/automation/google/google_rbd_from_label) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more."
 long_description ""
 severity "low"
 category "Cost"
 default_frequency "daily"
 info(
-  version: "1.0",
+  version: "1.2",
   provider: "Flexera",
   service: "Optima",
   policy_set: "Automation",

compliance/tags/azure_rg_tags/CHANGELOG.md → compliance/azure/azure_rg_tags/CHANGELOG.md

@@ -1,5 +1,9 @@
 # Changelog
 
+## v2.7
+
+- fixed link to README in policy description
+
 ## v2.6
 
 - Replaced the term **whitelist** with **allowed list**.

compliance/tags/azure_rg_tags/azure_resource_group_tags.pt → compliance/azure/azure_rg_tags/azure_resource_group_tags.pt

@@ -1,13 +1,13 @@
 name "Azure Tag Resources with Resource Group Name"
 rs_pt_ver 20180301
 type "policy"
-short_description "Scan all resources in an Azure Subscription, raise an incident if any resources are not tagged with the name of their Resource Group, and remediate by tagging the resource. \n See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/tags/azure_rg_tags) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more."
+short_description "Scan all resources in an Azure Subscription, raise an incident if any resources are not tagged with the name of their Resource Group, and remediate by tagging the resource. \n See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/azure/azure_rg_tags) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more."
 long_description ""
 severity "medium"
 category "Compliance"
 default_frequency "daily"
 info(
-  version: "2.6",
+  version: "2.7",
   provider: "Azure",
   service: "",
   policy_set: ""