From 8b02b24839d245079df3c38eccdd098edbe7d220 Mon Sep 17 00:00:00 2001 From: Shawn Huckabay Date: Mon, 14 Oct 2024 09:32:34 -0500 Subject: [PATCH] POL-1378 Linting Updates: Automation Policies (#2729) * update * fix * update * fix * update * fix * update * update * update * update * update * update * update --- .dangerfile/policy_tests.rb | 35 +++++++++++++++---- .spellignore | 31 +++++++++++++++- .../aws/aws_account_credentials/CHANGELOG.md | 4 +++ .../aws_account_credentials.pt | 3 +- .../aws_account_credentials_meta_parent.pt | 2 +- .../aws/aws_missing_regions/CHANGELOG.md | 4 +++ automation/aws/aws_missing_regions/README.md | 2 +- .../aws_missing_regions.pt | 4 +-- .../aws_missing_regions_meta_parent.pt | 2 +- automation/aws/aws_rbd_from_tag/README.md | 2 +- .../azure_missing_subscriptions/CHANGELOG.md | 4 +++ .../azure_missing_subscriptions/README.md | 2 +- .../azure_missing_subscriptions.pt | 4 +-- .../azure/azure_rbd_from_rg_tag/README.md | 2 +- automation/azure/azure_rbd_from_tag/README.md | 2 +- .../delete_all_billing_centers/CHANGELOG.md | 4 +++ .../delete_all_billing_centers/README.md | 10 +++++- .../delete_all_billing_centers.pt | 4 +-- .../outdated_applied_policies/CHANGELOG.md | 4 +++ .../outdated_applied_policies/README.md | 2 +- .../outdated_applied_policies.pt | 3 +- .../google/google_rbd_from_label/README.md | 2 +- .../master_policy_permissions_list.json | 10 +++--- .../master_policy_permissions_list.yaml | 10 +++--- 24 files changed, 114 insertions(+), 38 deletions(-) diff --git a/.dangerfile/policy_tests.rb b/.dangerfile/policy_tests.rb index 64aba43c43..170ecf3585 100644 --- a/.dangerfile/policy_tests.rb +++ b/.dangerfile/policy_tests.rb @@ -619,6 +619,29 @@ def policy_sections_out_of_order?(file, file_lines) policy_fail = false escalations_fail = false + # Record whether certain policy blocks exist at all + metadata_exists = false + parameters_exists = false + credentials_exists = false + pagination_exists = false + datasources_exists = false + policy_exists = false + escalations_exists = false + cwf_exists = false + + file_lines.each_with_index do |line, index| + metadata_exists = true if line.start_with?('name ') + parameters_exists = true if line.strip.start_with?('parameter ') && line.strip.end_with?('do') + credentials_exists = true if line.strip.start_with?('credentials ') && line.strip.end_with?('do') + pagination_exists = true if line.strip.start_with?('pagination ') && line.strip.end_with?('do') + datasources_exists = true if line.strip.start_with?('datasource ') && line.strip.end_with?('do') + policy_exists = true if line.strip.start_with?('policy ') && line.strip.end_with?('do') + escalations_exists = true if line.strip.start_with?('escalation ') && line.strip.end_with?('do') + cwf_exists = true if line.strip.start_with?('define ') && line.strip.end_with?('do') + + break if line.strip.start_with?('# Meta Policy [alpha]') + end + # Failsafe for meta policy code which won't be in the correct order by design found_meta = false @@ -637,32 +660,32 @@ def policy_sections_out_of_order?(file, file_lines) found_escalations = true if line.strip.start_with?('escalation ') && line.strip.end_with?('do') found_cwf = true if line.strip.start_with?('define ') && line.strip.end_with?('do') - if !metadata_fail && !found_metadata && (found_parameters || found_credentials || found_pagination || found_datasources || found_policy || found_escalations || found_cwf) + if metadata_exists && !metadata_fail && !found_metadata && (found_parameters || found_credentials || found_pagination || found_datasources || found_policy || found_escalations || found_cwf) fail_message += "Line #{line_number.to_s}: Invalid blocks found before metadata\n\n" metadata_fail = true end - if !parameters_fail && !found_parameters && (found_credentials || found_pagination || found_datasources || found_policy || found_escalations || found_cwf) + if parameters_exists && !parameters_fail && !found_parameters && (found_credentials || found_pagination || found_datasources || found_policy || found_escalations || found_cwf) fail_message += "Line #{line_number.to_s}: Invalid blocks found before parameter\n\n" parameters_fail = true end - if !credentials_fail && !found_credentials && (found_pagination || found_datasources || found_policy || found_escalations || found_cwf) + if credentials_exists && !credentials_fail && !found_credentials && (found_pagination || found_datasources || found_policy || found_escalations || found_cwf) fail_message += "Line #{line_number.to_s}: Invalid blocks found before credentials\n\n" credentials_fail = true end - if !datasources_fail && !found_datasources && (found_policy || found_escalations || found_cwf) + if datasources_exists && !datasources_fail && !found_datasources && (found_policy || found_escalations || found_cwf) fail_message += "Line #{line_number.to_s}: Invalid blocks found before datasources\n\n" datasources_fail = true end - if !policy_fail && !found_policy && (found_escalations || found_cwf) + if policy_exists && !policy_fail && !found_policy && (found_escalations || found_cwf) fail_message += "Line #{line_number.to_s}: Invalid blocks found before policy block\n\n" policy_fail = true end - if !escalations_fail && !found_escalations && (found_cwf) + if escalations_exists && !escalations_fail && !found_escalations && (found_cwf) fail_message += "Line #{line_number.to_s}: Invalid blocks found before escalations\n\n" escalations_fail = true end diff --git a/.spellignore b/.spellignore index a9b6d8f306..9e3b060535 100644 --- a/.spellignore +++ b/.spellignore @@ -586,6 +586,36 @@ ByteCount PacketCount balancers backfill +FNMS +CBI +workspace +workspaces +Workspace +Workspaces +OCID +OAuth +oauth +BYOL +GCP +TLS +SSL +Balancer +balancer +LUN +Unmanaged +unmanaged +Oversized +oversized +AMI +actioning +actioned +VPN +VPNs +Dataset +dataset +Datasets +datasets +failsafe MSP msp onboarding @@ -596,5 +626,4 @@ Customizations customizations ElastiCache elasticache -oversized freeable diff --git a/automation/aws/aws_account_credentials/CHANGELOG.md b/automation/aws/aws_account_credentials/CHANGELOG.md index a1ed544621..74a3156afd 100644 --- a/automation/aws/aws_account_credentials/CHANGELOG.md +++ b/automation/aws/aws_account_credentials/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## v0.1.1 + +- Minor code improvements to conform with current standards. Functionality unchanged. + ## v0.1.0 - Initial release diff --git a/automation/aws/aws_account_credentials/aws_account_credentials.pt b/automation/aws/aws_account_credentials/aws_account_credentials.pt index ffa8391604..932dcdd500 100644 --- a/automation/aws/aws_account_credentials/aws_account_credentials.pt +++ b/automation/aws/aws_account_credentials/aws_account_credentials.pt @@ -7,7 +7,7 @@ category "Cost" severity "low" default_frequency "daily" info( - version: "0.1.0", + version: "0.1.1", provider: "AWS", service: "IAM", policy_set: "Authentication", @@ -120,7 +120,6 @@ end datasource "ds_get_caller_identity" do request do auth $auth_aws - verb "GET" host "sts.amazonaws.com" path "/" query "Action", "GetCallerIdentity" diff --git a/automation/aws/aws_account_credentials/aws_account_credentials_meta_parent.pt b/automation/aws/aws_account_credentials/aws_account_credentials_meta_parent.pt index 7a0e95e977..9f795512d2 100644 --- a/automation/aws/aws_account_credentials/aws_account_credentials_meta_parent.pt +++ b/automation/aws/aws_account_credentials/aws_account_credentials_meta_parent.pt @@ -7,7 +7,7 @@ category "Meta" default_frequency "15 minutes" info( provider: "AWS", - version: "0.1.0", # This version of the Meta Parent Policy Template should match the version of the Child Policy Template as it appears in the Catalog for best reliability + version: "0.1.1", # This version of the Meta Parent Policy Template should match the version of the Child Policy Template as it appears in the Catalog for best reliability publish: "false", deprecated: "false" ) diff --git a/automation/aws/aws_missing_regions/CHANGELOG.md b/automation/aws/aws_missing_regions/CHANGELOG.md index c0e1662927..0f8c537bef 100644 --- a/automation/aws/aws_missing_regions/CHANGELOG.md +++ b/automation/aws/aws_missing_regions/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## v0.2.1 + +- Minor code improvements to conform with current standards. Functionality unchanged. + ## v0.2.0 - Fixed issue with meta policy not working due to missing `Account Number` parameter diff --git a/automation/aws/aws_missing_regions/README.md b/automation/aws/aws_missing_regions/README.md index 22893aed73..4aa17c94e2 100644 --- a/automation/aws/aws_missing_regions/README.md +++ b/automation/aws/aws_missing_regions/README.md @@ -59,4 +59,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/automation/aws/aws_missing_regions/aws_missing_regions.pt b/automation/aws/aws_missing_regions/aws_missing_regions.pt index 5b41cc8225..2c01cfc8e7 100644 --- a/automation/aws/aws_missing_regions/aws_missing_regions.pt +++ b/automation/aws/aws_missing_regions/aws_missing_regions.pt @@ -7,7 +7,7 @@ severity "low" category "Cost" default_frequency "weekly" info( - version: "0.2.0", + version: "0.2.1", provider: "Flexera", service: "Optima", policy_set: "Automation", @@ -124,7 +124,6 @@ end datasource "ds_get_caller_identity" do request do auth $auth_aws - verb "GET" host "sts.amazonaws.com" path "/" query "Action", "GetCallerIdentity" @@ -165,7 +164,6 @@ end datasource "ds_regions" do request do auth $auth_aws - verb "GET" host "ec2.amazonaws.com" path "/" query "Action", "DescribeRegions" diff --git a/automation/aws/aws_missing_regions/aws_missing_regions_meta_parent.pt b/automation/aws/aws_missing_regions/aws_missing_regions_meta_parent.pt index dbe5d526b0..eee4c277c4 100644 --- a/automation/aws/aws_missing_regions/aws_missing_regions_meta_parent.pt +++ b/automation/aws/aws_missing_regions/aws_missing_regions_meta_parent.pt @@ -7,7 +7,7 @@ category "Meta" default_frequency "15 minutes" info( provider: "AWS", - version: "0.2.0", # This version of the Meta Parent Policy Template should match the version of the Child Policy Template as it appears in the Catalog for best reliability + version: "0.2.1", # This version of the Meta Parent Policy Template should match the version of the Child Policy Template as it appears in the Catalog for best reliability publish: "false", deprecated: "false" ) diff --git a/automation/aws/aws_rbd_from_tag/README.md b/automation/aws/aws_rbd_from_tag/README.md index 311f531d76..e8ebf29119 100644 --- a/automation/aws/aws_rbd_from_tag/README.md +++ b/automation/aws/aws_rbd_from_tag/README.md @@ -34,4 +34,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not launch any instances, and so does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/automation/azure/azure_missing_subscriptions/CHANGELOG.md b/automation/azure/azure_missing_subscriptions/CHANGELOG.md index 1ad604f8d4..f18747584b 100644 --- a/automation/azure/azure_missing_subscriptions/CHANGELOG.md +++ b/automation/azure/azure_missing_subscriptions/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## v0.1.1 + +- Minor code improvements to conform with current standards. Functionality unchanged. + ## v0.1 - initial release diff --git a/automation/azure/azure_missing_subscriptions/README.md b/automation/azure/azure_missing_subscriptions/README.md index 5f33caf7f3..716d93e8f3 100644 --- a/automation/azure/azure_missing_subscriptions/README.md +++ b/automation/azure/azure_missing_subscriptions/README.md @@ -37,4 +37,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/automation/azure/azure_missing_subscriptions/azure_missing_subscriptions.pt b/automation/azure/azure_missing_subscriptions/azure_missing_subscriptions.pt index 4cdf0a2821..31fa39c86c 100644 --- a/automation/azure/azure_missing_subscriptions/azure_missing_subscriptions.pt +++ b/automation/azure/azure_missing_subscriptions/azure_missing_subscriptions.pt @@ -7,7 +7,7 @@ severity "low" category "Cost" default_frequency "weekly" info( - version: "0.1", + version: "0.1.1", provider: "Flexera", service: "Optima", policy_set: "Automation", @@ -102,9 +102,9 @@ datasource "ds_billing_centers" do auth $auth_flexera host rs_optima_host path join(["/analytics/orgs/", rs_org_id, "/billing_centers"]) + query "view", "allocation_table" header "Api-Version", "1.0" header "User-Agent", "RS Policies" - query "view", "allocation_table" ignore_status [403] end result do diff --git a/automation/azure/azure_rbd_from_rg_tag/README.md b/automation/azure/azure_rbd_from_rg_tag/README.md index 98ae4beb88..12e7c4928a 100644 --- a/automation/azure/azure_rbd_from_rg_tag/README.md +++ b/automation/azure/azure_rbd_from_rg_tag/README.md @@ -40,4 +40,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not launch any instances, and so does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/automation/azure/azure_rbd_from_tag/README.md b/automation/azure/azure_rbd_from_tag/README.md index 270f1ef5ef..10d38b2d6d 100644 --- a/automation/azure/azure_rbd_from_tag/README.md +++ b/automation/azure/azure_rbd_from_tag/README.md @@ -39,4 +39,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not launch any instances, and so does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/automation/flexera/delete_all_billing_centers/CHANGELOG.md b/automation/flexera/delete_all_billing_centers/CHANGELOG.md index 3a41ea7330..6b508a1e70 100644 --- a/automation/flexera/delete_all_billing_centers/CHANGELOG.md +++ b/automation/flexera/delete_all_billing_centers/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## v1.1.1 + +- Minor code improvements to conform with current standards. Functionality unchanged. + ## v1.1 - Updated policy metadata to make it more clear what Flexera service the policy is for diff --git a/automation/flexera/delete_all_billing_centers/README.md b/automation/flexera/delete_all_billing_centers/README.md index 45be0de250..878c9a5917 100644 --- a/automation/flexera/delete_all_billing_centers/README.md +++ b/automation/flexera/delete_all_billing_centers/README.md @@ -13,6 +13,14 @@ This policy deletes all Billing Centers in the Flexera organization it is execut - If this is the policy's second time executing, but for some reason the policy has failed to self-terminate, no action will be taken. - If this is the policy's first time executing, all of the Billing Centers in the Flexera organization are deleted. +## Input Parameters + +This policy template has no input parameters. + +## Policy Actions + +- Delete all Billing Centers + ## Prerequisites This Policy Template uses [Credentials](https://docs.flexera.com/flexera/EN/Automation/ManagingCredentialsExternal.htm) for authenticating to datasources -- in order to apply this policy you must have a Credential registered in the system that is compatible with this policy. If there are no Credentials listed when you apply the policy, please contact your Flexera Org Admin and ask them to register a Credential that is compatible with this policy. The information below should be consulted when creating the credential(s). @@ -31,4 +39,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/automation/flexera/delete_all_billing_centers/delete_all_billing_centers.pt b/automation/flexera/delete_all_billing_centers/delete_all_billing_centers.pt index c39455a663..2eb4046e2c 100644 --- a/automation/flexera/delete_all_billing_centers/delete_all_billing_centers.pt +++ b/automation/flexera/delete_all_billing_centers/delete_all_billing_centers.pt @@ -7,7 +7,7 @@ severity "high" category "Cost" default_frequency "15 minutes" info( - version: "1.1", + version: "1.1.1", provider: "Flexera", service: "Cloud Cost Optimization", policy_set: "Automation", @@ -78,8 +78,8 @@ datasource "ds_self_terminate" do iterate $ds_self_terminate_boolean request do auth $auth_flexera - host rs_governance_host verb "DELETE" + host rs_governance_host path val(iter_item, 'id') header "Api-Version", "1.0" end diff --git a/automation/flexera/outdated_applied_policies/CHANGELOG.md b/automation/flexera/outdated_applied_policies/CHANGELOG.md index 85a84d011f..a926d4d81b 100644 --- a/automation/flexera/outdated_applied_policies/CHANGELOG.md +++ b/automation/flexera/outdated_applied_policies/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## v0.2.1 + +- Minor code improvements to conform with current standards. Functionality unchanged. + ## v0.2.0 - Policy template now reports both outdated and deprecated policy templates with a parameter to choose which diff --git a/automation/flexera/outdated_applied_policies/README.md b/automation/flexera/outdated_applied_policies/README.md index 8a91fe0a0d..91be793e28 100644 --- a/automation/flexera/outdated_applied_policies/README.md +++ b/automation/flexera/outdated_applied_policies/README.md @@ -68,4 +68,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not incur any cloud costs. Cloud costs may be incurred by the applied policies that this policy reports on and updates. Please consult the README of each policy for more information. +This policy template does not incur any cloud costs. Cloud costs may be incurred by the applied policies that this policy reports on and updates. Please consult the README of each policy for more information. diff --git a/automation/flexera/outdated_applied_policies/outdated_applied_policies.pt b/automation/flexera/outdated_applied_policies/outdated_applied_policies.pt index 367dee8444..1aab4750a2 100644 --- a/automation/flexera/outdated_applied_policies/outdated_applied_policies.pt +++ b/automation/flexera/outdated_applied_policies/outdated_applied_policies.pt @@ -7,7 +7,7 @@ severity "low" category "Operational" default_frequency "weekly" info( - version: "0.2.0", + version: "0.2.1", provider: "Flexera", service: "Automation", policy_set: "Automation" @@ -149,7 +149,6 @@ end datasource "ds_catalog_policies" do request do - verb "GET" host "raw.githubusercontent.com" path "/flexera-public/policy_templates/master/data/active_policy_list/active_policy_list.json" header "User-Agent", "RS Policies" diff --git a/automation/google/google_rbd_from_label/README.md b/automation/google/google_rbd_from_label/README.md index 16ec257e2c..0f4903041c 100644 --- a/automation/google/google_rbd_from_label/README.md +++ b/automation/google/google_rbd_from_label/README.md @@ -37,4 +37,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati ## Cost -This Policy Template does not launch any instances, and so does not incur any cloud costs. +This policy template does not incur any cloud costs. diff --git a/data/policy_permissions_list/master_policy_permissions_list.json b/data/policy_permissions_list/master_policy_permissions_list.json index e49383c375..cde678f9a7 100644 --- a/data/policy_permissions_list/master_policy_permissions_list.json +++ b/data/policy_permissions_list/master_policy_permissions_list.json @@ -3,7 +3,7 @@ { "id": "./automation/aws/aws_account_credentials/aws_account_credentials.pt", "name": "AWS Account Credentials", - "version": "0.1.0", + "version": "0.1.1", "providers": [ { "name": "aws", @@ -30,7 +30,7 @@ { "id": "./automation/aws/aws_missing_regions/aws_missing_regions.pt", "name": "AWS Missing Regions", - "version": "0.2.0", + "version": "0.2.1", "providers": [ { "name": "aws", @@ -121,7 +121,7 @@ { "id": "./automation/azure/azure_missing_subscriptions/azure_missing_subscriptions.pt", "name": "Azure Missing Subscriptions", - "version": "0.1", + "version": "0.1.1", "providers": [ { "name": "azure_rm", @@ -242,7 +242,7 @@ { "id": "./automation/flexera/delete_all_billing_centers/delete_all_billing_centers.pt", "name": "Flexera CCO Delete All Billing Centers", - "version": "1.1", + "version": "1.1.1", "providers": [ { "name": "flexera", @@ -264,7 +264,7 @@ { "id": "./automation/flexera/outdated_applied_policies/outdated_applied_policies.pt", "name": "Flexera Automation Outdated Applied Policies", - "version": "0.2.0", + "version": "0.2.1", "providers": [ { "name": "flexera", diff --git a/data/policy_permissions_list/master_policy_permissions_list.yaml b/data/policy_permissions_list/master_policy_permissions_list.yaml index d29ce2e226..0f8bba74e8 100644 --- a/data/policy_permissions_list/master_policy_permissions_list.yaml +++ b/data/policy_permissions_list/master_policy_permissions_list.yaml @@ -2,7 +2,7 @@ :values: - id: "./automation/aws/aws_account_credentials/aws_account_credentials.pt" name: AWS Account Credentials - version: 0.1.0 + version: 0.1.1 :providers: - :name: aws :permissions: @@ -16,7 +16,7 @@ required: true - id: "./automation/aws/aws_missing_regions/aws_missing_regions.pt" name: AWS Missing Regions - version: 0.2.0 + version: 0.2.1 :providers: - :name: aws :permissions: @@ -66,7 +66,7 @@ required: true - id: "./automation/azure/azure_missing_subscriptions/azure_missing_subscriptions.pt" name: Azure Missing Subscriptions - version: '0.1' + version: 0.1.1 :providers: - :name: azure_rm :permissions: @@ -132,7 +132,7 @@ required: true - id: "./automation/flexera/delete_all_billing_centers/delete_all_billing_centers.pt" name: Flexera CCO Delete All Billing Centers - version: '1.1' + version: 1.1.1 :providers: - :name: flexera :permissions: @@ -144,7 +144,7 @@ required: true - id: "./automation/flexera/outdated_applied_policies/outdated_applied_policies.pt" name: Flexera Automation Outdated Applied Policies - version: 0.2.0 + version: 0.2.1 :providers: - :name: flexera :permissions: