From 948925626ce6d4846f5ded66919e0f8b65cdd9bb Mon Sep 17 00:00:00 2001 From: Shawn Huckabay Date: Tue, 24 Sep 2024 07:10:40 -0500 Subject: [PATCH] POL-1357 Azure Hybrid Use Benefit Policy Actions (#2639) * update * fix * update * fix * update * fix * update * update --- cost/azure/hybrid_use_benefit/CHANGELOG.md | 4 + .../azure_hybrid_use_benefit.pt | 81 +++++++++++++------ .../azure_hybrid_use_benefit_meta_parent.pt | 2 +- .../hybrid_use_benefit_linux/CHANGELOG.md | 4 + .../hybrid_use_benefit_linux/ahub_linux.pt | 81 +++++++++++++------ .../ahub_linux_meta_parent.pt | 2 +- .../master_policy_permissions_list.json | 4 +- .../master_policy_permissions_list.yaml | 4 +- 8 files changed, 126 insertions(+), 56 deletions(-) diff --git a/cost/azure/hybrid_use_benefit/CHANGELOG.md b/cost/azure/hybrid_use_benefit/CHANGELOG.md index a44db8d42f..6c62170803 100644 --- a/cost/azure/hybrid_use_benefit/CHANGELOG.md +++ b/cost/azure/hybrid_use_benefit/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## v5.2.1 + +- Fixed issue where policy actions were not properly reporting errors + ## v5.2.0 - Added `Resource Hourly Cost` to incident table for added context diff --git a/cost/azure/hybrid_use_benefit/azure_hybrid_use_benefit.pt b/cost/azure/hybrid_use_benefit/azure_hybrid_use_benefit.pt index ee62942732..72f386743b 100644 --- a/cost/azure/hybrid_use_benefit/azure_hybrid_use_benefit.pt +++ b/cost/azure/hybrid_use_benefit/azure_hybrid_use_benefit.pt @@ -7,7 +7,7 @@ severity "low" category "Cost" default_frequency "daily" info( - version: "5.2.0", + version: "5.2.1", provider: "Azure", service: "Compute", policy_set: "Hybrid Use Benefit", @@ -943,33 +943,64 @@ end ############################################################################### define license_instances($data, $param_azure_endpoint) return $all_responses do - $all_responses = [] - - foreach $item in $data do - sub on_error: skip do - $response = http_request( - auth: $$auth_azure, - verb: "patch", - host: $param_azure_endpoint, - https: true, - href: $item["id"], - headers: { - "cache-control": "no-cache", - "content-type": "application/json" - }, - query_strings: { - "api-version": "2018-06-01" - }, - body: { - "properties": { - "licenseType": "Windows_Server" - } - } - ) + $$all_responses = [] - $all_responses << $response + foreach $instance in $data do + sub on_error: handle_error() do + call license_instance($instance, $param_azure_endpoint) retrieve $license_response end end + + if inspect($$errors) != "null" + raise join($$errors, "\n") + end +end + +define license_instance($instance, $param_azure_endpoint) return $response do + $host = $param_azure_endpoint + $href = $instance["id"] + $params = "?api-version=2018-06-01" + $url = $host + $href + $params + task_label("PATCH " + $url) + + $response = http_request( + auth: $$auth_azure, + verb: "patch", + host: $host, + https: true, + href: $href, + query_strings: { + "api-version": "2018-06-01" + }, + headers: { + "cache-control": "no-cache", + "content-type": "application/json" + }, + body: { + "properties": { + "licenseType": "Windows_Server" + } + } + ) + + task_label("Patch Azure Virtual Machine response: " + $instance["id"] + " " + to_json($response)) + $$all_responses << to_json({"req": "PATCH " + $url, "resp": $response}) + + if $response["code"] != 204 && $response["code"] != 202 && $response["code"] != 200 + raise "Unexpected response patching Azure Virtual Machine: "+ $instance["id"] + " " + to_json($response) + else + task_label("Patch Azure Virtual Machine successful: " + $instance["id"]) + end +end + +define handle_error() do + if !$$errors + $$errors = [] + end + $$errors << $_error["type"] + ": " + $_error["message"] + # We check for errors at the end, and raise them all together + # Skip errors handled by this definition + $_error_behavior = "skip" end ############################################################################### diff --git a/cost/azure/hybrid_use_benefit/azure_hybrid_use_benefit_meta_parent.pt b/cost/azure/hybrid_use_benefit/azure_hybrid_use_benefit_meta_parent.pt index 838839a39d..a2e7bafb1f 100644 --- a/cost/azure/hybrid_use_benefit/azure_hybrid_use_benefit_meta_parent.pt +++ b/cost/azure/hybrid_use_benefit/azure_hybrid_use_benefit_meta_parent.pt @@ -7,7 +7,7 @@ category "Meta" default_frequency "15 minutes" info( provider: "Azure", - version: "5.2.0", # This version of the Meta Parent Policy Template should match the version of the Child Policy Template as it appears in the Catalog for best reliability + version: "5.2.1", # This version of the Meta Parent Policy Template should match the version of the Child Policy Template as it appears in the Catalog for best reliability publish: "true", deprecated: "false" ) diff --git a/cost/azure/hybrid_use_benefit_linux/CHANGELOG.md b/cost/azure/hybrid_use_benefit_linux/CHANGELOG.md index 1da78659c0..95fdebbfa5 100644 --- a/cost/azure/hybrid_use_benefit_linux/CHANGELOG.md +++ b/cost/azure/hybrid_use_benefit_linux/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## v5.1.1 + +- Fixed issue where policy actions were not properly reporting errors + ## v5.1.0 - Added `Resource Hourly Cost` and `Currency` to incident table for added context diff --git a/cost/azure/hybrid_use_benefit_linux/ahub_linux.pt b/cost/azure/hybrid_use_benefit_linux/ahub_linux.pt index 3d0f98681d..081b7b326a 100644 --- a/cost/azure/hybrid_use_benefit_linux/ahub_linux.pt +++ b/cost/azure/hybrid_use_benefit_linux/ahub_linux.pt @@ -7,7 +7,7 @@ severity "low" category "Cost" default_frequency "daily" info( - version: "5.1.0", + version: "5.1.1", provider: "Azure", service: "Compute", policy_set: "Hybrid Use Benefit" @@ -785,33 +785,64 @@ end ############################################################################### define license_instances($data, $param_azure_endpoint) return $all_responses do - $all_responses = [] - - foreach $item in $data do - sub on_error: skip do - $response = http_request( - auth: $$auth_azure, - verb: "patch", - host: $param_azure_endpoint, - https: true, - href: $item["id"], - query_strings: { - "api-version": "2018-06-01" - }, - headers: { - "cache-control": "no-cache", - "content-type": "application/json" - }, - body: { - "properties": { - "licenseType": $item["license"] - } - } - ) + $$all_responses = [] - $all_responses << $response + foreach $instance in $data do + sub on_error: handle_error() do + call license_instance($instance, $param_azure_endpoint) retrieve $license_response end end + + if inspect($$errors) != "null" + raise join($$errors, "\n") + end +end + +define license_instance($instance, $param_azure_endpoint) return $response do + $host = $param_azure_endpoint + $href = $instance["id"] + $params = "?api-version=2018-06-01" + $url = $host + $href + $params + task_label("PATCH " + $url) + + $response = http_request( + auth: $$auth_azure, + verb: "patch", + host: $host, + https: true, + href: $href, + query_strings: { + "api-version": "2018-06-01" + }, + headers: { + "cache-control": "no-cache", + "content-type": "application/json" + }, + body: { + "properties": { + "licenseType": $instance["license"] + } + } + ) + + task_label("Patch Azure Virtual Machine response: " + $instance["id"] + " " + to_json($response)) + $$all_responses << to_json({"req": "PATCH " + $url, "resp": $response}) + + if $response["code"] != 204 && $response["code"] != 202 && $response["code"] != 200 + raise "Unexpected response patching Azure Virtual Machine: "+ $instance["id"] + " " + to_json($response) + else + task_label("Patch Azure Virtual Machine successful: " + $instance["id"]) + end +end + +define handle_error() do + if !$$errors + $$errors = [] + end + $$errors << $_error["type"] + ": " + $_error["message"] + # We check for errors at the end, and raise them all together + # Skip errors handled by this definition + $_error_behavior = "skip" end ############################################################################### diff --git a/cost/azure/hybrid_use_benefit_linux/ahub_linux_meta_parent.pt b/cost/azure/hybrid_use_benefit_linux/ahub_linux_meta_parent.pt index e246700ac9..e780c07239 100644 --- a/cost/azure/hybrid_use_benefit_linux/ahub_linux_meta_parent.pt +++ b/cost/azure/hybrid_use_benefit_linux/ahub_linux_meta_parent.pt @@ -7,7 +7,7 @@ category "Meta" default_frequency "15 minutes" info( provider: "Azure", - version: "5.1.0", # This version of the Meta Parent Policy Template should match the version of the Child Policy Template as it appears in the Catalog for best reliability + version: "5.1.1", # This version of the Meta Parent Policy Template should match the version of the Child Policy Template as it appears in the Catalog for best reliability publish: "true", deprecated: "false" ) diff --git a/data/policy_permissions_list/master_policy_permissions_list.json b/data/policy_permissions_list/master_policy_permissions_list.json index 64cd6d75a8..ca341215e7 100644 --- a/data/policy_permissions_list/master_policy_permissions_list.json +++ b/data/policy_permissions_list/master_policy_permissions_list.json @@ -3207,7 +3207,7 @@ { "id": "./cost/azure/hybrid_use_benefit/azure_hybrid_use_benefit.pt", "name": "Azure Hybrid Use Benefit for Windows Server", - "version": "5.2.0", + "version": "5.2.1", "providers": [ { "name": "azure_rm", @@ -3240,7 +3240,7 @@ { "id": "./cost/azure/hybrid_use_benefit_linux/ahub_linux.pt", "name": "Azure Hybrid Use Benefit for Linux Server", - "version": "5.1.0", + "version": "5.1.1", "providers": [ { "name": "azure_rm", diff --git a/data/policy_permissions_list/master_policy_permissions_list.yaml b/data/policy_permissions_list/master_policy_permissions_list.yaml index 3306ac30ef..bce126c5cf 100644 --- a/data/policy_permissions_list/master_policy_permissions_list.yaml +++ b/data/policy_permissions_list/master_policy_permissions_list.yaml @@ -1857,7 +1857,7 @@ required: true - id: "./cost/azure/hybrid_use_benefit/azure_hybrid_use_benefit.pt" name: Azure Hybrid Use Benefit for Windows Server - version: 5.2.0 + version: 5.2.1 :providers: - :name: azure_rm :permissions: @@ -1876,7 +1876,7 @@ required: true - id: "./cost/azure/hybrid_use_benefit_linux/ahub_linux.pt" name: Azure Hybrid Use Benefit for Linux Server - version: 5.1.0 + version: 5.1.1 :providers: - :name: azure_rm :permissions: