POL-918 Create Master Policy Permissions List (2) Continued #1816
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* added policy permissions ruby script for parsing readmes for permissions * added github workflow yaml file to automate running ruby script to create master policy permissions json file * minor update to syntax to support older versions of ruby * adding fileutils library to create the directory for the json file * added exclude in gitignore for policy permissions json * try using dist * removed generated json file * revert to ignoring the required "data/*" directory rather than dist * test change * add pull request in workflow * Update Master Policy Permissions List (#1675) Co-authored-by: nia-vf1 <nia-vf1@users.noreply.github.com> * test revert back to original gitignore * reverting as addition to .gitignore file is required for now * Update Master Policy Permissions List (#1676) Co-authored-by: nia-vf1 <nia-vf1@users.noreply.github.com> * Update Master Policy Permissions List (#1680) Co-authored-by: XOmniverse <XOmniverse@users.noreply.github.com> * Delete data/policy_permissions_list/master_policy_permissions_list.json * changed name of workflow yaml file * Update Master Policy Permissions List (#1685) Co-authored-by: nia-vf1 <nia-vf1@users.noreply.github.com> * Delete data/policy_permissions_list directory * updated name of workflow, and updated name of ruby script * fix * Update Policy Master Permissions List (#1687) Co-authored-by: nia-vf1 <nia-vf1@users.noreply.github.com> * remove master_policy_permissions json * update ruby script to capture read-only field for permissions and roles * add output to log * fix read-only field for permissions/roles * add logic to get description field, and correct boolean values for required and read-only permissions * update json to not show "providers" field if no providers exist for a given policy template * Update Policy Master Permissions List (#1724) Co-authored-by: nia-vf1 <nia-vf1@users.noreply.github.com> * task: use a statically defined list * volumes (#1752) * task: add aws_rightsize_rds_instances.pt (#1754) * snapshot * add aws_unused_ip_addresses.pt (#1757) * task: add aws_unused_ip_addresses.pt * rm character * done (#1758) * add aws_rightsize_ec2_instances.pt * done (#1759) * POL-918 AWS RI Recommendations (#1760) * added aws ri recs to list * remove json * unused volumes (#1761) * add azure_compute_rightsizing.pt (#1762) * task: add `,` * add azure_compute_rightsizing.pt * update (#1764) * add azure unused sql to list (#1763) * add azure_delete_old_snapshots.pt (#1765) * docs: Add missing permissions * add azure_delete_old_snapshots.pt * push latest datasets * done (#1766) * good (#1768) * push latest dataset * add azure_savings_plan_recommendations.pt (#1769) * push latest dataset * rightsize (#1771) * add permission json and yaml * google (#1773) * cloud sql (#1774) * feat: Add warning for new datasources and checking README for new permissions * update (#1776) * Add test new datasource * fix test * add debug loggin * done (#1777) * fix: update regex for new datasource blocks * feat: Add check for new datasources and a warning to check README * test: revert change to PT for testing * feat: only check PT files * fix: install ruby using feature in devcontainer * move PT files list to separate file * task: run ruby tools/policy_master_permission_generation/generate_policy_master_permissions.rb * feat: sort output datasets using id mitigate/prevent large diffs between runs * task: run ruby tools/policy_master_permission_generation/generate_policy_master_permissions.rb * fix: rm nvm from post commands * feat: add error if PT not yet enabled * test: add tmp test datasource * fix: use fail instead of error * task: update error message * task: update wording in fail * test: rm temporary test trigger * test: add tmp datasource to test warning trigger * fix: use include? to check if file matches * test: rm test trigger * docs: add README for policy permission generation * docs: update branch name * NVF/POL-918 1705958339 - Validate Google CUD Recommender permissions (#1783) * add google cud recommender policy to permissions list * tested and add google cud recommender policy to permissions list * updated json, yaml to reflect most recent repository changes * Updated permissions list to include AWS Rightsize RDS Instances and Azure Rightsize SQL Instances (#1809) * Updated permissions list to include AWS Rightsize EBS Volumes and Azure Rightsize Managed Disks (#1810) * Updated permissions list to include Azure Reserved Instances Utilization (#1811) * Updated permissions list to include AWS Untagged Resources and Azure Untagged Resources (#1812) * updated permissions Azure Rightsize Compute Instances README to remove white space before asterisk * NVF/POL-918 Add Google Unlabeled Resources (#1814) * updated Permissions list to include Google Unlabeled Resources * POL-1057 Google Unlabeled Resources - Update Permissions in README (#1813) * Update README.md * Sort permissions alphabetically in README * Update README.md Remove redundant IAM Role from Credential Configuration list * Update README.md Remove whitespace on line 53 * reran script with updated Google Unlabeled Resources README to produce correct Permissions list * Updated permissions list to include Azure Untagged VMs --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: nia-vf1 <nia-vf1@users.noreply.github.com> Co-authored-by: XOmniverse <XOmniverse@users.noreply.github.com> Co-authored-by: Bryan Karaffa <bryankaraffa@gmail.com> Co-authored-by: Shawn Huckabay <shuckabay@flexera.com>
…ped EC2 Instances (#1820) * Updated Permissions list to include AWS Long Running Instances and Azure Long Running Instances * Updated Permissions list to include AWS Long Stopped EC2 Instances
… for new datasources
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
added policy permissions ruby script for parsing readmes for permissions
added github workflow yaml file to automate running ruby script to create master policy permissions json file
minor update to syntax to support older versions of ruby
adding fileutils library to create the directory for the json file
added exclude in gitignore for policy permissions json
try using dist
removed generated json file
revert to ignoring the required "data/*" directory rather than dist
test change
add pull request in workflow
Update Master Policy Permissions List (Update Master Policy Permissions List #1675)
test revert back to original gitignore
reverting as addition to .gitignore file is required for now
Update Master Policy Permissions List (Update Master Policy Permissions List #1676)
Update Master Policy Permissions List (Update Master Policy Permissions List #1680)
Delete data/policy_permissions_list/master_policy_permissions_list.json
changed name of workflow yaml file
Update Master Policy Permissions List (Update Master Policy Permissions List #1685)
Delete data/policy_permissions_list directory
updated name of workflow, and updated name of ruby script
fix
Update Policy Master Permissions List (Update Policy Master Permissions List #1687)
remove master_policy_permissions json
update ruby script to capture read-only field for permissions and roles
add output to log
fix read-only field for permissions/roles
add logic to get description field, and correct boolean values for required and read-only permissions
update json to not show "providers" field if no providers exist for a given policy template
Update Policy Master Permissions List (Update Policy Master Permissions List #1724)
task: use a statically defined list
volumes (AWS Unused Volumes #1752)
task: add aws_rightsize_rds_instances.pt (Add aws_rightsize_rds_instances.pt #1754)
snapshot
add aws_unused_ip_addresses.pt (add aws_unused_ip_addresses.pt #1757)
task: add aws_unused_ip_addresses.pt
rm character
done (POL-918 AWS Tag Cardinality #1758)
add aws_rightsize_ec2_instances.pt
done (POL-918 AWS Savings Plan #1759)
POL-918 AWS RI Recommendations (POL-918 AWS RI Recommendations #1760)
added aws ri recs to list
remove json
unused volumes (POL-918 Azure Unused Volumes #1761)
add azure_compute_rightsizing.pt (add azure_compute_rightsizing.pt #1762)
task: add
,add azure_compute_rightsizing.pt
update (POL-918 Azure Unused IPs #1764)
add azure unused sql to list (POL-918 add azure unused sql to list #1763)
add azure_delete_old_snapshots.pt (add azure_delete_old_snapshots.pt #1765)
docs: Add missing permissions
add azure_delete_old_snapshots.pt
push latest datasets
done (POL-918 Azure Reserved Instances #1766)
good (POL-918 Azure Tag Cardinality #1768)
push latest dataset
add azure_savings_plan_recommendations.pt (add azure_savings_plan_recommendations.pt #1769)
push latest dataset
rightsize (POL-918 Google Rightsize VM #1771)
add permission json and yaml
google (POL-918 Google Idle Disk #1773)
cloud sql (POL-918 Google SQL #1774)
feat: Add warning for new datasources and checking README for new permissions
update (POL-918 Idle IP Address #1776)
Add test new datasource
fix test
add debug loggin
done (POL-918 Azure Long Stopped Compute #1777)
fix: update regex for new datasource blocks
feat: Add check for new datasources and a warning to check README
test: revert change to PT for testing
feat: only check PT files
fix: install ruby using feature in devcontainer
move PT files list to separate file
task: run ruby tools/policy_master_permission_generation/generate_policy_master_permissions.rb
feat: sort output datasets using id mitigate/prevent large diffs between runs
task: run ruby tools/policy_master_permission_generation/generate_policy_master_permissions.rb
fix: rm nvm from post commands
feat: add error if PT not yet enabled
test: add tmp test datasource
fix: use fail instead of error
task: update error message
task: update wording in fail
test: rm temporary test trigger
test: add tmp datasource to test warning trigger
fix: use include? to check if file matches
test: rm test trigger
docs: add README for policy permission generation
docs: update branch name
NVF/POL-918 1705958339 - Validate Google CUD Recommender permissions (NVF/POL-918 1705958339 - Validate Google CUD Recommender permissions #1783)
add google cud recommender policy to permissions list
tested and add google cud recommender policy to permissions list
updated json, yaml to reflect most recent repository changes
Updated permissions list to include AWS Rightsize RDS Instances and Azure Rightsize SQL Instances (NVF/POL-918 - Add AWS Rightsize RDS Instances and Azure Rightsize SQL Instances #1809)
Updated permissions list to include AWS Rightsize EBS Volumes and Azure Rightsize Managed Disks (NVF/POL-918 Add AWS Rightsize EBS Volumes and Azure Rightsize Managed Disks #1810)
Updated permissions list to include Azure Reserved Instances Utilization (NVF/POL-918 Add Azure Reserved Instances Utilization #1811)
Updated permissions list to include AWS Untagged Resources and Azure Untagged Resources (NVF/POL-918 Add Untagged Resources (AWS and Azure) #1812)
updated permissions Azure Rightsize Compute Instances README to remove white space before asterisk
NVF/POL-918 Add Google Unlabeled Resources (NVF/POL-918 Add Google Unlabeled Resources #1814)
updated Permissions list to include Google Unlabeled Resources
POL-1057 Google Unlabeled Resources - Update Permissions in README (POL-1057 Google Unlabeled Resources - Update Permissions in README #1813)
Update README.md
Sort permissions alphabetically in README
Update README.md
Remove redundant IAM Role from Credential Configuration list
Remove whitespace on line 53
reran script with updated Google Unlabeled Resources README to produce correct Permissions list
Updated permissions list to include Azure Untagged VMs
Description
Issues Resolved
Link to Example Applied Policy
Contribution Check List