Skip to content

Latest commit

 

History

History
1668 lines (1064 loc) · 78.6 KB

HISTORY.md

File metadata and controls

1668 lines (1064 loc) · 78.6 KB
Raw

Published Policy Change History

Description

This document contains the last 100 policy template merges for the flexera-public/policy_templates repository. Only merges that modify policy templates are included. Changes are sorted by the date the pull request was merged into the master branch, with the most recent changes listed first. A JSON version with the full history all merges, not just the last 100 policy merges, is also available.

History

PR #2813: FLEX-5397 - Modify Meta Parent Compiler to Conditionally Include hide_skip_approvals

Description

This pull request enhances the Meta Parent Policy Template Compiler to conditionally include the hide_skip_approvals field in the generated meta parent policy templates when it exists in the child policy templates. It also removes prior manual modifications to meta parent policies : #2799

More context: Seeking Your Input: Proposed Solution for Conditional "Skip Approvals" Visibility

Issues Resolved

FLEX-5397

Metadata

PR #2808: POL-1402 Azure Rightsizing Compute: Consider Managed Disk

Description

This updates the Azure Rightsize Compute Instances policy template so that it never recommends a downsize to a size that wouldn't support the current number of attached disks for an instance.

The Virtual Machine Sizes - List API call is used during policy execution to get a list of resource types and the maximum number of attached disks. The policy template has been given a major version change since the above API call requires an additional permission.

Metadata

PR #2799: FOPTS-4819 Added hide_skip_approvals to AWS Right Size policies

Description

Adding a new hide_skip_approvals field to the info section of policy templates that do not utilize the request approval option in any escalation. This field enables the UI to dynamically show or hide the "Skip Approval" option based on the policy configuration. Initially, these changes are applied to AWS Right Size policies, with plans to update additional policies in subsequent steps.

More context: Seeking Your Input: Proposed Solution for Conditional "Skip Approvals" Visibility

Issues Resolved

FLEX-5397

Metadata

  • Policies: Not displayed due to PR with > 5 policies. Please see Github Pull Request for these details.
  • Merged At: 2024-11-05 22:00:13 UTC

PR #2802: POL-1397 Flexera One API Event Report

Description

This is a new policy template that reports API requests made to the Flexera API with several filtering options.

Metadata

PR #2800: POL-1408 AWS Account Credentials Meta Not Spawning Children

Description

Fixes issue where the meta policy for AWS Account Credentials was not spawning children due to the policy not properly filtering out meta-specific parameters.

Metadata

  • Policies: Not displayed due to PR with no published policies. Please see Github Pull Request for details about unpublished policies.
  • Merged At: 2024-10-31 17:48:14 UTC

PR #2737: POL-1378 Linting Updates: Cost Policies: Misc

Description

Various small changes to Cost policies not associated with the big 3 hyperscalers to bring them up to current linting standards. Also removes known bad coding patterns to avoid their reuse.

Metadata

  • Policies: Not displayed due to PR with > 5 policies. Please see Github Pull Request for these details.
  • Merged At: 2024-10-30 14:58:32 UTC

PR #2790: POL-1394 Downsize Multiple Sizes: Azure MySQL

Description

Added support for downsizing multiple sizes where appropriate for the two Azure MySQL policy templates. Enabled via an optional parameter.

Metadata

PR #2792: POL-1407 Downsize Multiple Sizes: AWS Rightsize ElastiCache

Description

Added support for downsizing multiple sizes where appropriate. Enabled via an optional parameter.

Metadata

PR #2789: POL-1396 Downsize Multiple Sizes: Azure Rightsize SQL Managed Instances

Description

Added support for downsizing multiple sizes where appropriate. Enabled via an optional parameter.

Metadata

PR #2788: POL-1393 Downsize Multiple Sizes: Azure Rightsize SQL Databases

Description

Added support for downsizing multiple sizes where appropriate. Enabled via an optional parameter.

Metadata

PR #2787: POL-1406 AWS Rightsize RDS Instances Fix

Description

Fixes issue where policy would fail if a "db.serverless" (or any other instance type not present in the mapping file) instance was found.

Also makes it so that the policy template does not bother to gather metrics for "db.serverless" instances, since we won't be making recommendations for these regardless, as they are not ordinary RDS instances.

Metadata

PR #2747: POL-1385 - New Template: Billing Centers from Dimensions

Description

This policy generates a billing center structure based on specified dimensions. It allows users to create a hierarchical billing center structure that reflects their organizational needs by using existing dimensions -- including custom Rule-Based Dimensions, Tag Dimensions, or Cloud Bill Dimensions like Vendor, Cloud Vendor Account Name.

Issues Resolved

https://flexera.atlassian.net/browse/POL-1385

Metadata

PR #2777: POL-1404 AWS Superseded EBS Volumes - Fix Currency Conversion Message in Policy Incident

Description

This change fixes a bug in the policy incident of the AWS Superseded EBS Volumes policy in a customer's tenant.

This bug occurs when the customer’s native currency in the platform is not USD:

“Price and savings values are in USD due to a malfunction with Flexera's internal currency conversion API. Please contact Flexera support to report this issue.”

This message is incorrectly showing even though currency conversion was successful.

This change fixes this bug.

Issues Resolved

Fixes a bug where the Currency Conversion messaging in the policy incident is incorrectly showing.

Metadata

PR #2774: POL-1400 Fix Invalid Recommendations: Azure Rightsize SQL Managed Instances

Description

Azure Rightsize SQL Managed Instances would sometimes produce recommendations for invalid sizes. This is because it was using the existing SQL tier sizes list, and SQL Managed Instances are only available for a much smaller subset of these sizes.

This fixes the issue by creating a separate JSON asset specific to SQL Managed Instances with only the sizes used for that product, and a small modification of the policy template to make use of this new asset.

Metadata

PR #2772: POL-1398 Azure Expiring Certificates - fix Days Until Expiration bug

Description

Regardless of the threshold set, the Azure Expiring Certificates policy returns (in the incident) certificate resources that will expire months and years from now. The reason for this is an incorrect calculation which makes the 'Days Until Expiration' a negative number. This is a change to fix this.

Issues Resolved

  • 'Days Until Expiration' no longer produces a negative value in the policy incident.
  • Certificate resources outside of the threshold set are no longer returned in the policy incident.

Metadata

PR #2763: POL-1392 AWS Rightsize RDS Instances: Downsize Multiple Tiers

Description

Adds option to make recommendations to go down multiple sizes in the AWS Rightsize RDS Instances Instances policy template.

Metadata

PR #2762: POL-1391 Azure Rightsize Compute Instances: Downsize Multiple Tiers

Description

Adds option to make recommendations to go down multiple sizes in the Azure Rightsize Compute Instances policy template.

Metadata

PR #2756: POL-1387 New Object Storage Lifecycle Policies / Deprecate Object Storage Optimization Policies

Description

This adds two new policy templates, AWS S3 Buckets Without Lifecycle Configuration and Google Cloud Storage Without Lifecycle Configuration, to the policy catalog. Additionally, it deprecates the AWS Object Storage Optimization, Azure Blob Storage Optimization, and Google Object Storage Optimization policy templates. The READMEs for these policy templates now direct users to the appropriate lifecycle policy templates instead.

Reason: Due to the scale involved, policy templates that attempt to manage individual objects within object storage buckets are not efficient or, in most cases, even able to run without errors on the Flexera platform. It is bad practice to attempt to micromanage individual objects anyway; users should instead be configuring their cloud environment to automate this via the lifecycle tools all three hyperscalers provide for their object storage solutions. The new policy templates ensure that we have a policy template solution available to users interested in enforcing the usage of lifecycle tools.

(Ignore the dead link warnings. Those links won't be dead once this PR is merged)

Metadata

  • Policies: Not displayed due to PR with > 5 policies. Please see Github Pull Request for these details.
  • Merged At: 2024-10-21 12:15:19 UTC

PR #2759: POL-1390 AWS Rightsize EC2 Instances: Downsize Multiple Tiers

Description

Adds option to make recommendations to go down multiple sizes in the AWS Rightsize EC2 Instances policy template.

Metadata

PR #2745: POL-1383 New Policy: Google Missing Projects

Description

New policy template, Google Missing Projects, that mirrors the Azure Missing Subscriptions policy template. From the README:

This policy template checks the stored Flexera CCO billing data for Google from 3 days ago to obtain a list of Google Projects that we have billing data for and compares that to the list of Google Projects returned by the Google Cloud Resource Manager API. An incident is raised and email sent containing any projects present in Flexera CCO but not returned by the Google Cloud Resource Manager API, as well as projects returned by the Google Cloud Resource Manager API but not present in Flexera CCO. The user can select which of those two reports they'd like to produce.

Metadata

  • Policies: Not displayed due to PR with no published policies. Please see Github Pull Request for details about unpublished policies.
  • Merged At: 2024-10-16 17:15:30 UTC

PR #2738: POL-1380 Applied Policy Template Errors: Child Policy Support

Description

This adds optional support for reporting child policy errors as a separate incident in the Applied Policy Template Errors policy template.

Metadata

PR #2734: POL-1378 Linting Updates: Cost Policies: AWS

Description

Various small changes to Security policies to bring them up to current linting standards. Also removes known bad coding patterns to avoid their reuse.

Metadata

  • Policies: Not displayed due to PR with > 5 policies. Please see Github Pull Request for these details.
  • Merged At: 2024-10-16 12:03:43 UTC

PR #2736: POL-1378 Linting Updates: Cost Policies: Google

Description

Various small changes to Google Cost policies to bring them up to current linting standards. Also removes known bad coding patterns to avoid their reuse.

Metadata

  • Policies: Not displayed due to PR with > 5 policies. Please see Github Pull Request for these details.
  • Merged At: 2024-10-16 12:03:35 UTC

PR #2735: POL-1378 Linting Updates: Cost Policies: Azure

Description

Various small changes to Azure Cost policies to bring them up to current linting standards. Also removes known bad coding patterns to avoid their reuse.

Metadata

  • Policies: Not displayed due to PR with > 5 policies. Please see Github Pull Request for these details.
  • Merged At: 2024-10-14 18:04:01 UTC

PR #2733: POL-1378 Linting Updates: SaaS Policies

Description

Issues Resolved

Metadata

  • Policies: Not displayed due to PR with > 5 policies. Please see Github Pull Request for these details.
  • Merged At: 2024-10-14 17:01:46 UTC

PR #2732: POL-1378 Linting Updates: Operational Policies

Description

Various small changes to Security policies to bring them up to current linting standards. Also removes known bad coding patterns to avoid their reuse.

Dangerfile error is a false positive and can be ignored. The coding pattern causing it is sufficiently niche to not be worth the effort of coding the Dangerfile test around it.

Metadata

  • Policies: Not displayed due to PR with > 5 policies. Please see Github Pull Request for these details.
  • Merged At: 2024-10-14 17:01:39 UTC

PR #2731: POL-1378 Linting Updates: Compliance Policies

Description

Various small changes to Compliance policies to bring them up to current linting standards. Also removes known bad coding patterns to avoid their reuse.

Small tweak to Dangerfile to avoid a false positive for one of the tests.

Metadata

  • Policies: Not displayed due to PR with > 5 policies. Please see Github Pull Request for these details.
  • Merged At: 2024-10-14 17:01:30 UTC

PR #2730: POL-1378 Linting Updates: Security Policies

Description

Various small changes to Security policies to bring them up to current linting standards. Also removes known bad coding patterns to avoid their reuse.

Metadata

  • Policies: Not displayed due to PR with > 5 policies. Please see Github Pull Request for these details.
  • Merged At: 2024-10-14 17:01:21 UTC

PR #2729: POL-1378 Linting Updates: Automation Policies

Description

Various small updates to policy templates in the automation directory to bring them in conformance to current lint tests.

Small tweak to Dangerfile test to avoid false positives for policies that legitimately have no parameters

Metadata

  • Policies: Not displayed due to PR with > 5 policies. Please see Github Pull Request for these details.
  • Merged At: 2024-10-14 14:32:34 UTC

PR #2616: POL-1330 New Policy: AWS Account Credentials

Description

This adds a new, unpublished policy template along with a custom meta parent. The purpose of this policy template is to test all of the various cross-account roles implied by an AWS credential to see if they were working as expected or not. Please see the README for more details.

(A custom meta parent is used because the policy engine does not allow you to ignore_status on a signing error, so the meta parent will compare the aggregated incident results to the status of the child policies to determine if the API request succeeded or failed.)

Metadata

  • Policies: Not displayed due to PR with no published policies. Please see Github Pull Request for details about unpublished policies.
  • Merged At: 2024-10-11 19:31:30 UTC

PR #2728: POL-1379 Azure SQL MI Storage Pricing Automation

Description

This adds automation to gather Azure SQL MI Storage Pricing and updates the Azure SQL MI Storage policy template to use this pricing data. In most cases, this will not matter (the generic SQL DB storage pricing is the same in most cases), but this ensures that any deviations in storage pricing specific to SQL MI are accounted for.

Metadata

PR #2726: POL-1375 Google Label Cardinality Report: BigQuery Fix

Description

Fixes an issue caused by the BigQuery API returning both the project ID and dataset ID in the "id" field when listing datasets. This caused errors when attempting to use this id to query for BigQuery tables in the dataset.

Metadata

PR #2743: POL-1382 Currency Conversion: Multiple Dimension Support

Description

Adds support for multiple dimension filters for the Currency Conversion policy template.

Metadata

PR #2712: POL-1139 New Policy: AWS S3 Usage Type Rule-Based Dimension

Description

This new unpublished policy template, AWS S3 Usage Type Rule-Based Dimension, creates a single rule-based dimension based on the usage_type values for AWS S3. The intent is to provide a more general and human readable alternative to the built-in dimension, whose values tend to be very specific and not very human readable.

Metadata

  • Policies: Not displayed due to PR with no published policies. Please see Github Pull Request for details about unpublished policies.
  • Merged At: 2024-10-10 18:09:28 UTC

PR #2702: POL-1355 New Policy: AWS Rightsize ElastiCache

Description

New policy template to produce rightsizing recommendations for AWS ElastiCache clusters. See README for more details.

Metadata

PR #2709: POL-1374 Email Cost Optimization Recommendations: Added Policy Support

Description

Updates to Email Cost Optimization Recommendations. From the CHANGELOG:

  • Added support for additional recommendation policy templates
  • Changed "Disks" option to "Storage" for Recommendation List parameter to better reflect functionality
  • Added "PaaS" option to Recommendation List parameter

Metadata

PR #2721: POL-1377 Cloud Bill Processing Error Notification: Fixes/Improvements

Description

Fixes for Cloud Bill Processing Error Notification. From the CHANGELOG:

  • Updated some API requests to use newer internal Flexera API
  • Fixed error that sometimes caused functioning bill connections to appear in results
  • Fixed error that sometimes caused the policy template to fail
  • Modified incident table to include more useful information

Metadata

PR #2708: POL-1373 Update AWS Superseded EBS Volumes - fix incorrect "New Monthly List Price" value

Description

This policy was previously showing incorrect values in the incident for "New Monthly List Price" and "Estimated Monthly Savings".

This change improves the querying of the AWS Price List API to capture all prices associated with GP3 volumes to provide an accurate value for both these fields in the policy incident.

Issues Resolved

Policy incident now shows accurate values for "New Monthly List Price" and "Estimated Monthly Savings" to the user.

Metadata

PR #2713: POL-1329 Fix calculation of IOPS and Bandwith at Azure Rightsize Managed Disk

Description

This addresses the issue when calculating the IOPS and Bandwith of Premium SSD V2 disk recommendations.

Issues Resolved

https://flexera.atlassian.net/browse/POL-1329

Metadata

PR #2668: POL-1354 New Policy: AWS Rightsize Redshift

Description

New policy template to report rightsizing recommendations for AWS Redshift Clusters

Metadata

PR #2705: POL-1371 Azure Rightsize NetApp Resources Meta Parent Fix

Description

Fixes an issue causing the consolidated incident in the meta parent to be misnamed.

Metadata

PR #2649: POL-1361 Azure Rightsize NetApp Files: Add ignore_status / Misc fixes and Improvements

Description

Azure Rightsize NetApp Files: Add ignore_status fields to various datasources for parity with other Azure policy templates

Other misc. changes were also made. From the CHANGELOG:

  • Renamed policy template to Azure Rightsize NetApp Resources to better reflect its functionality
  • Added ability to use regex to filter resources by tag
  • Added Recommendation field to incident table for parity with other Azure policy templates
  • Added logic to skip gathering volume-level data if the user selects "Resize Pools"
  • Several policy parameters updated to more clearly describe their function
  • Incident subject now explicitly indicates that the resources found are oversized
  • Fixed issue where policy template would fail to complete if some subscriptions and resources are inaccessible due to credential permissions
  • Fixed issue where tag filtering was not working as intended

Metadata

PR #2679: POL-1367 New Policy: Azure Rightsize SQL Managed Instance Storage

Description

This is a new policy template: Azure Rightsize SQL Managed Instance Storage. It does what it says on the tin.

Metadata

PR #2645: SQ-9955 Fix Cloud Cost Anomaly Alerts Policy

Description

Issues Resolved

Metadata

PR #2685: POL-1347 - fix: meta_parent_policy_compiler.rb no export block

Description

https://github.com/flexera-public/policy_templates/actions/runs/11059501776 Workflow is currently failing on a PT

Writing parent policy template: ../../security/azure/sql_auditing_retention/sql_auditing_retention_meta_parent.pt
meta_parent_policy_compiler.rb:334:in `block in compile_meta_parent_policy': undefined method `scan' for nil (NoMethodError)

    fields = export_block[0].scan(/(^.*field\s+\".*?\".*?end)/m).flatten
                            ^^^^^
	from meta_parent_policy_compiler.rb:314:in `each'
	from meta_parent_policy_compiler.rb:314:in `compile_meta_parent_policy'
	from meta_parent_policy_compiler.rb:467:in `block in <main>'
	from meta_parent_policy_compiler.rb:466:in `each'
	from meta_parent_policy_compiler.rb:466:in `<main>'

Modified Workflow Run Succesful: https://github.com/flexera-public/policy_templates/actions/runs/11059612277

Which resulted in these changes: #2687

Metadata

PR #2620: POL-1347 - feat: refactor AWS, Azure, and Google Schedule Instance Policy Templates

Description

  • remove next_stop, next_start tag requirements
  • remove static zone to region mapping
  • add task_labels and debugging for CWF actions
  • add error capture, graceful timeout handling

Issues Resolved

https://flexera.atlassian.net/browse/POL-1347

Metadata

PR #2644: POL-1359 AWS Reserved Instances Recommendations: DynamoDB Support

Description

This adds support for DynamoDB and MemoryDB to the AWS Reserved Instances Recommendations policy template.

Metadata

PR #2657: POL-1363 AWS EC2 Compute Optimizer Recommendations: Additional Options

Description

From the AWS EC2 Compute Optimizer Recommendations CHANGELOG:

  • Added option to filter out recommendations for EC2 instances based on OS family
  • Added option to filter out either x86-64 (Intel/AMD) or ARM (Graviton) recommendations

Metadata

  • Policies: Not displayed due to PR with no published policies. Please see Github Pull Request for details about unpublished policies.
  • Merged At: 2024-09-26 19:44:47 UTC

PR #2673: POL-1366 Currency Conversion: Add Arbitrary Dimension Support

Description

This replaces the option to select a cloud provider in the Currency Conversion policy template with an option to specify any arbitrary Dimension=Value. The primary use case is to enable users to do per-bill source conversion, but this of course also enables any number of other possibilities while still retaining the original functionality.

Metadata

PR #2139: POL-1218 New Policy: Google Rightsize Cloud SQL Recommender

Description

New policy to produce recommendations for both idle and underutilized Google Cloud SQL recommendations.

Also deprecates the now redundant Google Idle Cloud SQL Instance Recommender and Google Rightsize CloudSQL Instances policies.

Metadata

  • Policies: Not displayed due to PR with > 5 policies. Please see Github Pull Request for these details.
  • Merged At: 2024-09-25 14:06:51 UTC

PR #2640: POL-1351 Google Unlabeled Resources: Add Project Support

Description

Adds option to report/update Project labels to Google Unlabeled Resources policy template

Metadata

PR #2633: POL-1352 Outdated Applied Policies: Deprecated Policy Support

Description

This updates the Flexera Automation Outdated Applied Policies policy template to also, optionally, report on deprecated policy templates. It also allows the user, via parameter, to allow for automated major version upgrades. Documentation has been updated accordingly.

This also makes a very minor tweak to Dangerfile tests to address a false positive.

Metadata

PR #2639: POL-1357 Azure Hybrid Use Benefit Policy Actions

Description

This updates the policy actions in two Azure Hybrid Use Benefit policy templates to correctly use task labels to log errors.

Metadata

PR #2638: POL-1356 AWS Rightsize EBS Volume: Type Filtering

Description

Adds a parameter to AWS Rightsize EBS Volume to enable the user to filter any arbitrary volume type from the results if desired.

Metadata

PR #2663: POL-1364 Update Azure Savings Plan Expiration - Fix Policy Set value

Description

The policy_set field in the policy template metadata has been changed from its current value of "Savings Plan" to "Savings Plans" .

Issues Resolved

This does not change the functionality of the policy but it does help us internally with reporting on templates in our repository.

Metadata

PR #2656: POL-1013 Add Azure Expiring Savings Plans Policy

Description

Pretty self-explanatory. This is a change to add Azure Expiring Savings Plans policy to the Catalog. This policy will be added to remain consistent with its AWS counterpart. This policy will report on Savings Plans that are expired and/or nearing expiration.

Issues Resolved

Maintains parity between AWS and Azure. Customers can now be alerted via email when Savings Plans are nearing expiration or have expired.

Metadata

PR #2624: POL-1349 Applied Policy Template Errors Revamp

Description

This is a revamp of the Applied Policy Error Notification policy template. From the CHANGELOG:

  • Renamed to Applied Policy Template Errors to conform to policy template naming conventions
  • Added ability to ignore specific applied policy templates by name or ID
  • Parameters altered to be more descriptive and human-readable
  • Added additional fields to incident table to provide more context
  • Incident table now includes links to the problematic applied policy templates
  • Streamlined code for better readability and faster execution
  • Policy template is now published in the public catalog

Metadata

PR #2621: POL-1345 Azure Untagged Resources: Subscription/Resource Group Support

Description

Adds support for reporting untagged Azure Subscriptions and Resource Groups to the Azure Untagged Resources policy template.

Metadata

PR #2647: POL-1360 Meta Parent: Fix Deprecation Status

Description

This fixes an issue where the "deprecated" field in the info() blocks of generated meta parent policy templates did not match the child.

Metadata

  • Policies: Not displayed due to PR with > 5 policies. Please see Github Pull Request for these details.
  • Merged At: 2024-09-20 12:23:46 UTC

PR #2610: POL-1338 Validated Permissions

Description

This PR makes several changes related to tracking policy permissions:

  • Several policy templates that were missing have been validated and added. Where appropriate, these policy templates and their associated README files were updated.
  • Automation has been added to track every non-deprecated policy template that is not in the validation list. This is to assist in completing this project by getting all of the missing policy templates added.
  • A couple of deprecated policy templates were missing the deprecated: "true" field in the info block. This has been fixed.
  • Minor tweaks made to changed files to pass current Dangerfile tests

Metadata

  • Policies: Not displayed due to PR with > 5 policies. Please see Github Pull Request for these details.
  • Merged At: 2024-09-20 12:03:15 UTC

PR #2642: POL-1358 AWS Rule-Based Dimension From Account Tags: Tag Casing Fix

Description

This updates the AWS Rule-Based Dimension From Account Tags policy template to fix an issue where tag keys were being ignored if they contained upper case letters.

Metadata

  • Policies: Not displayed due to PR with no published policies. Please see Github Pull Request for details about unpublished policies.
  • Merged At: 2024-09-19 17:53:06 UTC

PR #2622: POL-1348 Cloud Bill Processing Error Notification: Ignore List

Description

Cloud Bill Processing Error Notification: Added Bill Connection Ignore List parameter to allow user to ignore specific bill connections.

Metadata

PR #2634: POL-1353 New Policy: Azure Unused Load Balancers

Description

New policy that reports on Azure Unused Load Balancers

Metadata

PR #2565: POL-1327 New Policy: AWS Lambda Functions Without Provisioned Concurrency

Description

New template AWS Lambda Functions Without Provisioned Concurrency does what it says on the tin.

Metadata

PR #2556: POL-793 Azure MySQL Policy Templates

Description

Two new policy templates: Azure Rightsize MySQL Single Servers and Azure Rightsize MySQL Flexible Servers

Two templates because of substantial differences between API requests and metrics between the two kinds of MySQL instances. Single servers are also an increasingly outdated instance type, so most users can likely just get away with using the latter policy template only.

Metadata

  • Policies: Not displayed due to PR with > 5 policies. Please see Github Pull Request for these details.
  • Merged At: 2024-09-16 12:11:48 UTC

PR #2617: POL-1344 Account Support for AWS Untagged Resources Policy Template

Description

AWS Untagged Resources: This adds the option to include the AWS account itself in the results and adds the necessary cloud workflow logic to enable accounts to be tagged.

Should natively work as expected with the meta parent, since each child incident would include one account, and the consolidated incident would include all of them.

Additionally, significant modifications were made to speed up policy execution when the savings option is enabled. The previous method took a very long time due to inefficient searching techniques.

Metadata

PR #2576: POL-1331 New Policy: Azure Advisor Carbon Reduction Recommendations

Description

This is a new policy to report all CO2 emissions reduction opportunities reported by Azure Advisor.

Issues Resolved

https://app.flexera.com/orgs/6/automation/applied-policies/projects/7954?policyId=66ce16f9a79b5457a281dbba

Metadata

PR #2560: POL-411 Low Usage: Added Resource List

Description

This adds a link to the Resource Analyzer Dashboard with the appropriate settings to the incident table to make it easy for the user to see the specific resources that exist in the dimension value with low usage.

Metadata

PR #2601: POL-1252 Cloud Cost Anomaly Alerts: Additional Parameters

Description

New functionality added to Cloud Cost Anomaly Alerts policy template. From the CHANGELOG:

  • Added Minimum Period Spend Variance parameter to optionally limit results based on amount of variance
  • Added Anomalies To Report parameter to optionally limit results based on whether the anomaly is upward or downward
  • Added Variance From Average field to incident table containing the difference (absolute value) between the total cost and the moving average

Metadata

PR #2596: POL-1334 Meta Parent Fix: Empty Policy Responses

Description

This is a fix for an issue with Meta Parents where the policy template would fail if no applied policies exist. To fix this issue, the jq statements that were causing the issue have been replaced with standard jmes_path statements, and any additional filtering has been moved to separate javascript blocks.

Metadata

  • Policies: Not displayed due to PR with > 5 policies. Please see Github Pull Request for these details.
  • Merged At: 2024-09-03 18:11:14 UTC

PR #2597: POL-1336 AWS Savings Plan Recommendations: Remove "Any" Option From Savings Plan Term Parameter

Description

Removes invalid "Any" option from the Savings Plan Term parameter in the AWS Savings Plan Recommendations policy template. The only valid values for this parameter are 1 year and 3 year.

A handful of other small changes were made to bring policy template into compliance with current Dangerfile tests.

Metadata

PR #2584: POL-1335 Add ARN to AWS Recommendation Policy Template Incident Tables

Description

This adds a resource ARN field to the incidents of all existing AWS recommendations policy templates. This is because the ARN is a useful value for other functionality that might build off of the incident or recommendations table, such as using the AWS tagging API to tag resources.

Metadata

  • Policies: Not displayed due to PR with > 5 policies. Please see Github Pull Request for these details.
  • Merged At: 2024-09-03 13:10:25 UTC

PR #2544: POL-802 New Policy: Azure Unused Virtual Network Gateways

Description

This is a new policy template to report on unused Azure Virtual Network Gateways.

Currently, savings is not reported because Azure billing data stored in Flexera does not appear to contain Virtual Network Gateway costs at the resource level. This may be added with a later update if a solution is found.

Metadata

PR #2543: POL-803 New Policy: Azure Unused App Service Plans

Description

This is a new policy template to report on unused App Service Plans in Azure.

Metadata

PR #1917: POL-727 Azure Savings Plan Utilization v0.1.0

Description

Adds Azure Savings Plan Utilization Report to bring parity with what we have for AWS

Issues Resolved

https://flexera.atlassian.net/browse/POL-727

Metadata

PR #2567: POL-1325 AWS Oversized S3 Buckets: Switch to GetMetricData

Description

This updates the AWS Oversized S3 Buckets policy template to use batched GetMetricData requests to gather metrics in order to speed up execution.

Various small tweaks were also made to bring it in compliance with current Dangerfile tests.

Metadata

PR #2566: POL-1324 AWS Burstable EC2 Instances: Switch to GetMetricData

Description

This updates the AWS Burstable EC2 Instances policy template to use batched GetMetricData requests to gather metrics in order to speed up execution.

Various small tweaks were also made to bring it in compliance with current Dangerfile tests.

Metadata

PR #2557: POL-1323 - fix: AWS Rightsize EC2 get memory metrics for Autoscaling groups

Description

Fix bug preventing Memory metrics from being included in result for some EC2 Instances created by Autoscaling Group

Issues Resolved

https://flexera.atlassian.net/browse/POL-1323

Metadata

PR #2531: POL-980 New AWS Load Balancer Policy Templates

Description

This PR adds two new policy templates, AWS Unused Application Load Balancers and AWS Unused Network Load Balancers. It also modifies the existing AWS Unused Classic Load Balancers policy template to bring it more in alignment with the new policy templates.

I opted for 3 separate templates because there are enough differences between the three, especially when it comes to Classic vs App/Network, that a single policy template for all of them would be complex and cumbersome to maintain. The simplest way to offer users an intuitive experience while making the templates themselves maintainable was to simply have a separate policy template for each.

Metadata

  • Policies: Not displayed due to PR with > 5 policies. Please see Github Pull Request for these details.
  • Merged At: 2024-08-19 18:05:12 UTC

PR #2547: POL-1322 New Policy: Google Label Cardinality Report

Description

This is a new policy that reports on Google Label Cardinality. This template has an important caveat that is unique to Google. From the README:

NOTE: Google Cloud does not offer a straight-forward way to list all resources in a given Project along with their labels. This report should not be considered complete and should be used for general guidance. A list of supported resources is provided below.

  • Compute
    • Disks
    • Images
    • IP Addresses
    • Snapshots
    • Storage Pools
    • VPN Gateways
    • VPN Tunnels
    • Virtual Machines
  • Database
    • BigQuery Datasets
    • BigQuery Tables
    • Cloud SQL for MySQL Instances
  • Storage
    • Object Storage Buckets

Metadata

PR #2521: POL-1318 New Policy: AWS CloudTrails With Read Logging Enabled

Description

New policy template that reports CloudTrails with read logging enabled, with the option of disabling read logging.

Metadata

PR #2485: POL-1262 - feat: scheduled report percent change, alert threshold

Description

Adds percent change field to report fields (additional inform) and capabilities for sending this when a threshold is crossed (alerting use-case)

Issues Resolved

https://flexera.atlassian.net/browse/POL-1262

Metadata

PR #2511: POL-1308 New Policy: Flexera One User Access Report

Description

New policy that produces a list of users and the various roles they have assigned to them in order to assist with auditing users in a Flexera org.

Metadata

PR #2533: POL-1321 Meta Policy Unpublish Fix

Description

This adds publish to the info block of meta parent policies that corresponds to the child policy. This is to prevent meta parent policies for unpublished child policies from themselves being published by mistake.

Metadata

  • Policies: Not displayed due to PR with > 5 policies. Please see Github Pull Request for these details.
  • Merged At: 2024-08-13 19:13:27 UTC

PR #2534: POL-1294 RBD Policy Logic Fix

Description

Modified logic in unpublished RBD policies to reduce risk of policy failure due to an account having no tags

Metadata

  • Policies: Not displayed due to PR with no published policies. Please see Github Pull Request for details about unpublished policies.
  • Merged At: 2024-08-13 18:55:54 UTC

PR #2496: POL-1311 New Policy: Azure Advisor Compute Instances Recommendations

Description

This is a new policy template that reports virtual machine resizing recommendations from the Azure Advisor tool. See the README for more details.

Metadata

  • Policies: Not displayed due to PR with no published policies. Please see Github Pull Request for details about unpublished policies.
  • Merged At: 2024-08-13 12:04:51 UTC

PR #2494: POL-1310 New Policy: AWS EC2 Compute Optimizer Recommendations

Description

This is a new policy template that reports EC2 resizing recommendations from AWS Compute Optimizer tool. See the README for more details.

Metadata

  • Policies: Not displayed due to PR with no published policies. Please see Github Pull Request for details about unpublished policies.
  • Merged At: 2024-08-13 12:04:43 UTC

PR #2529: POL-1320 Azure RI/SP Policy API Update

Description

Updates the API versions for various API calls for the Azure Reserved Instances Recommendations and Azure Savings Plan Recommendations policy templates. This is mainly to fix an issue where the old API versions did not produce results that match the Azure console, causing user confusion and concern.

Metadata

PR #2527: POL-1319: Fix Spelling Issue In Description: AWS Unused Classic Load Balancers

Description

Fixed minor spelling issue in policy template description

Metadata

PR #2505: POL-1315 AWS Rightsize RDS Instances: Additional Metrics

Description

This adds memory and network metrics to the incident output for underutilized instances. These metrics are not used for producing recommendations and are merely for added context to assist the user in making decisions.

Metadata

PR #2506: POL-1317 AWS Superseded EC2 Instances Fix/Improvement

Description

Improvements to AWS Superseded EC2 Instances. From the CHANGELOG:

  • Fixed bug where invalid recommendations with no new resource type would sometimes be included in results
  • Added Fallback Instance Type Category parameter to provide alternate recommendations when the selected category is not available

This also updates the local Gemfile to use the current version of Danger

Metadata

PR #2472: POL-1297 Azure Security Policy Revamps: Part 4

Description

This is a revamp of several Azure Security policy templates. Please see their respective CHANGELOGs and READMEs for details.

Additionally, the Azure Storage Accounts Without HTTPs Enforced policy template is being deprecated because it is redundant.

Metadata

  • Policies: Not displayed due to PR with > 5 policies. Please see Github Pull Request for these details.
  • Merged At: 2024-08-09 15:01:45 UTC

PR #2474: POL-1302 New Usage Revamp

Description

This is a revamp of the New Service Usage policy template, which has been renamed to New Usage. From the CHANGELOG:

  • Policy template renamed to New Usage to better reflect its functionality
  • Added ability to report new usage for any cost dimension
  • Added ability to specify a cost metric and look back period
  • Added ability to filter results by estimated monthly cost
  • Improved Billing Center filtering options
  • Added additional fields and text to incident output for added context
  • Streamlined code for better readability and faster execution

Note: Ignore the "run_script statements" error. The same script is invoked twice; once with a hard value, and once with a parameter value, so there's not a way to place them in the correct order in both situations without needlessly making two identical scripts.

Metadata

  • Policies: New Usage
  • Merged At: 2024-08-09 13:13:00 UTC

PR #2503: POL-1313 SaaS Policy Revamps

Description

These are revamps of the following policy templates:

Office 365 Security Alerts

  • Modified credential to correctly match Microsoft Graph credentials in the Flexera platform
  • Several parameters altered to be more descriptive and human-readable
  • Removed unused Azure AD Tenant ID parameter
  • Updated Microsoft Graph API call to use production /v1.0/security/alerts_v2 endpoint
  • Fixed issue where policy template would report alerts unrelated to Office 365
  • Streamlined code for better readability and faster execution

Okta Inactive Users

  • Several parameters altered to be more descriptive and human-readable
  • Normalized incident export to be consistent with other policies
  • Streamlined code for better readability and faster execution

ServiceNow Inactive Approvers

  • Several parameters altered to be more descriptive and human-readable
  • Normalized incident export to be consistent with other policies
  • Streamlined code for better readability and faster execution

Metadata

  • Policies: Not displayed due to PR with > 5 policies. Please see Github Pull Request for these details.
  • Merged At: 2024-08-09 13:12:36 UTC

PR #2504: POL-1314 Deprecate Budget Alerts by Cloud Account Policy Template

Description

The Budget Alerts by Cloud Account policy template is being deprecated because its functionality can be entirely replicated in the Budget Alerts policy template, making it redundant.

Metadata

PR #2508: fix: minor wording fix on incident detail template

Description

Updated incident message to be more relative for this policy template

Metadata

PR #2501: POL-1309 Vendor Spend Commitment Forecast Revamp

Description

This is a revamp of the Vendor Commitment Forecast policy template. From the CHANGELOG:

  • Renamed policy template to Vendor Spend Commitment Forecast to avoid confusion with policy templates for RIs/SPs
  • Added ability to specify a cost metric to use when gathering spend data
  • Several parameters altered to be more descriptive and human-readable
  • Additional fields added to incident table for context
  • Streamlined code for better readability and faster execution

Metadata

PR #2468: POL-1297 Azure Security Policy Revamps: Part 3

Description

This is a revamp of several Azure Security policies. Please see their respective CHANGELOGs and READMEs for details.

This also fixes a small issue in the Azure Rightsize SQL policy with how actions are logged.

Metadata

  • Policies: Not displayed due to PR with > 5 policies. Please see Github Pull Request for these details.
  • Merged At: 2024-08-01 12:23:52 UTC

PR #2471: POL-1301 Add Case Sensitivity Option to RBD Policy Templates

Description

This adds the option to retain the casing of tag values when creating RBDs instead of normalizing them to lowercase. Default is still normalizing them to ensure consistency with previous versions and to reduce the risk of the policy template failing due to duplicate values with different casings.

Metadata

  • Policies: Not displayed due to PR with > 5 policies. Please see Github Pull Request for these details.
  • Merged At: 2024-08-01 12:21:31 UTC

PR #2475: POL-1303 Kubecost Policy Template Revamps

Description

This is a revamp of the 2 Kubecost policy templates. From their CHANGELOGs:

Kubecost Cluster Rightsizing Recommendation

  • Policy template renamed to Kubecost Cluster Rightsizing Recommendation to better reflect its functionality
  • Kubecost API requests now use HTTPS for added security
  • Policy template now falls back to Flexera-configured currency if Kubecost does not report a currency
  • Added additional context to incident
  • Renamed some incident fields to conform with other recommendations policy templates
  • Streamlined code for better readability and faster execution
  • Policy template now requires a valid Flexera credential

Kubecost Request Rightsizing Recommendations

  • Policy template renamed to Kubecost Container Request Rightsizing Recommendations to better reflect its functionality
  • Kubecost API requests now use HTTPS for added security
  • Policy template now falls back to Flexera-configured currency if Kubecost does not report a currency
  • Added additional context to incident
  • Renamed some incident fields to conform with other recommendations policy templates
  • Streamlined code for better readability and faster execution
  • Policy template now requires a valid Flexera credential

Metadata