POL-1378 Linting Updates: Compliance Policies (#2731)

* update

* fix

* update

* fix

* update

* fix

* update

* update

* update

* update

* update

* update

* update

* update

* update

* update

* update

* update

.dangerfile/readme_tests.rb

@@ -225,7 +225,7 @@ def readme_invalid_credentials?(file, file_lines)
 
     flexera_permission_scanning = false if line.start_with?("- [") && (!line.include?("Flexera") && !line.include?("flexera"))
     flexera_permission_scanning = false if aws_permission_scanning || azure_permission_scanning || google_permission_scanning
-    flexera_permission_scanning = true if !line.start_with?("This Policy Template uses [Credentials]") && !flexera_permission_stop_scanning && !flexera_permission_scanning && prereq_line_number > 0 && (line.include?("[**Flexera") || line.include?("[**flexera")) && (!line.include?("AWS") && !line.include?("aws")) && (!line.include?("Azure") && !line.include?("azure")) && (!line.include?("Google") && !line.include?("google")) && !file.start_with?("saas/fsm/")
+    flexera_permission_scanning = true if !line.start_with?("This Policy Template uses [Credentials]") && !flexera_permission_stop_scanning && !flexera_permission_scanning && prereq_line_number > 0 && (line.include?("[**Flexera") || line.include?("[**flexera")) && !line.include?("ITAM") && (!line.include?("AWS") && !line.include?("aws")) && (!line.include?("Azure") && !line.include?("azure")) && (!line.include?("Google") && !line.include?("google")) && !file.start_with?("saas/fsm/")
     flexera_permission_line = line_number if !flexera_permission_line && flexera_permission_scanning
     flexera_permission_text << line if flexera_permission_scanning
   end

compliance/aws/disallowed_regions/CHANGELOG.md

@@ -1,5 +1,9 @@
 # Changelog
 
+## v5.0.1
+
+- Minor code improvements to conform with current standards. Functionality unchanged.
+
 ## v5.0
 
 - Several parameters altered to be more descriptive and human-readable

compliance/aws/disallowed_regions/README.md

@@ -67,4 +67,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati
 
 ## Cost
 
-This Policy Template does not incur any cloud costs.
+This policy template does not incur any cloud costs.

compliance/aws/disallowed_regions/aws_disallowed_regions.pt

@@ -7,7 +7,7 @@ category "Compliance"
 severity "low"
 default_frequency "weekly"
 info(
-  version: "5.0",
+  version: "5.0.1",
   provider: "AWS",
   service: "Compute",
   policy_set: "Disallowed Regions"
@@ -92,15 +92,6 @@ end
 # Pagination
 ###############################################################################
 
-pagination "pagination_aws" do
-  get_page_marker do
-    body_path jmes_path(response, "NextToken")
-  end
-  set_page_marker do
-    body_field "NextToken"
-  end
-end
-
 ###############################################################################
 # Datasources & Scripts
 ###############################################################################
@@ -164,12 +155,11 @@ end
 datasource "ds_get_caller_identity" do
   request do
     auth $auth_aws
-    verb "GET"
     host "sts.amazonaws.com"
     path "/"
-    header "User-Agent", "RS Policies"
     query "Action", "GetCallerIdentity"
     query "Version", "2011-06-15"
+    header "User-Agent", "RS Policies"
   end
   result do
     encoding "xml"
@@ -205,7 +195,6 @@ end
 datasource "ds_describe_regions" do
   request do
     auth $auth_aws
-    verb "GET"
     host "ec2.amazonaws.com"
     path "/"
     query "Action", "DescribeRegions"
@@ -252,27 +241,27 @@ datasource "ds_instance_sets" do
     auth $auth_aws
     host join(['ec2.', val(iter_item, 'region'), '.amazonaws.com'])
     path '/'
-    header 'User-Agent', 'RS Policies'
-    header 'Content-Type', 'text/xml'
     query 'Action', 'DescribeInstances'
     query 'Version', '2016-11-15'
     query 'Filter.1.Name', 'instance-state-name'
     query 'Filter.1.Value.1', 'running'
+    header 'User-Agent', 'RS Policies'
+    header 'Content-Type', 'text/xml'
   end
   result do
     encoding "xml"
     collect xpath(response, "//DescribeInstancesResponse/reservationSet/item", "array") do
       field "instances_set" do
         collect xpath(col_item,"instancesSet/item","array") do
-          field "region",val(iter_item, "region")
+          field "region", val(iter_item, "region")
           field "instanceId", xpath(col_item, "instanceId")
           field "imageId", xpath(col_item, "imageId")
           field "resourceType", xpath(col_item, "instanceType")
           field "platform", xpath(col_item, "platformDetails")
           field "privateDnsName", xpath(col_item, "privateDnsName")
           field "launchTime", xpath(col_item, "launchTime")
           field "tags" do
-            collect xpath(col_item,"tagSet/item", "array") do
+            collect xpath(col_item, "tagSet/item", "array") do
               field "key", xpath(col_item, "key")
               field "value", xpath(col_item, "value")
             end
@@ -498,7 +487,7 @@ define stop_instances($data) do
 
   # If we encountered any errors, use `raise` to mark the CWF process as errored
   if inspect($$errors) != "null"
-    raise join($$errors,"\n")
+    raise join($$errors, "\n")
   end
 end
 
@@ -516,7 +505,7 @@ define terminate_instances($data) do
 
   # If we encountered any errors, use `raise` to mark the CWF process as errored
   if inspect($$errors) != "null"
-    raise join($$errors,"\n")
+    raise join($$errors, "\n")
   end
 end
 
@@ -636,7 +625,7 @@ datasource "ds_get_policy" do
     auth $auth_flexera
     host rs_governance_host
     ignore_status [404]
-    path join(["/api/governance/projects/", rs_project_id, "/applied_policies/", switch(ne(meta_parent_policy_id,""), meta_parent_policy_id, policy_id) ])
+    path join(["/api/governance/projects/", rs_project_id, "/applied_policies/", switch(ne(meta_parent_policy_id, ""), meta_parent_policy_id, policy_id)])
     header "Api-Version", "1.0"
   end
   result do

compliance/aws/disallowed_regions/aws_disallowed_regions_meta_parent.pt

@@ -7,7 +7,7 @@ category "Meta"
 default_frequency "15 minutes"
 info(
   provider: "AWS",
-  version: "5.0", # This version of the Meta Parent Policy Template should match the version of the Child Policy Template as it appears in the Catalog for best reliability
+  version: "5.0.1", # This version of the Meta Parent Policy Template should match the version of the Child Policy Template as it appears in the Catalog for best reliability
   publish: "true",
   deprecated: "false"
 )

compliance/aws/ecs_unused/CHANGELOG.md

@@ -1,5 +1,9 @@
 # Changelog
 
+## v4.0.1
+
+- Minor code improvements to conform with current standards. Functionality unchanged.
+
 ## v4.0.0
 
 - Several parameters altered to be more descriptive and human-readable

compliance/aws/ecs_unused/README.md

@@ -78,4 +78,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati
 
 ## Cost
 
-This Policy Template does not incur any cloud costs.
+This policy template does not incur any cloud costs.

compliance/aws/ecs_unused/aws_unused_ecs_clusters.pt

@@ -7,7 +7,7 @@ severity "low"
 category "Compliance"
 default_frequency "weekly"
 info(
-  version: "4.0.0",
+  version: "4.0.1",
   provider: "AWS",
   service: "Compute",
   policy_set: "Unused Containers"
@@ -159,7 +159,6 @@ end
 datasource "ds_get_caller_identity" do
   request do
     auth $auth_aws
-    verb "GET"
     host "sts.amazonaws.com"
     path "/"
     query "Action", "GetCallerIdentity"
@@ -200,7 +199,6 @@ end
 datasource "ds_describe_regions" do
   request do
     auth $auth_aws
-    verb "GET"
     host "ec2.amazonaws.com"
     path "/"
     query "Action", "DescribeRegions"

compliance/aws/ecs_unused/aws_unused_ecs_clusters_meta_parent.pt

@@ -7,7 +7,7 @@ category "Meta"
 default_frequency "15 minutes"
 info(
   provider: "AWS",
-  version: "4.0.0", # This version of the Meta Parent Policy Template should match the version of the Child Policy Template as it appears in the Catalog for best reliability
+  version: "4.0.1", # This version of the Meta Parent Policy Template should match the version of the Child Policy Template as it appears in the Catalog for best reliability
   publish: "true",
   deprecated: "false"
 )

compliance/aws/iam_role_audit/CHANGELOG.md

@@ -1,5 +1,9 @@
 # Changelog
 
+## v3.0.2
+
+- Minor code improvements to conform with current standards. Functionality unchanged.
+
 ## v3.0.1
 
 - Add default value for `IAM Role Names/IDs/ARNs` param

compliance/aws/iam_role_audit/README.md

@@ -62,4 +62,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati
 
 ## Cost
 
-This Policy Template does not incur any cloud costs.
+This policy template does not incur any cloud costs.

compliance/aws/iam_role_audit/aws_iam_role_audit.pt

@@ -7,7 +7,7 @@ severity "medium"
 category "Compliance"
 default_frequency "daily"
 info(
-  version: "3.0.1",
+  version: "3.0.2",
   provider:"AWS",
   service: "IAM",
   policy_set: "Identity & Access Management"
@@ -145,7 +145,6 @@ end
 datasource "ds_get_caller_identity" do
   request do
     auth $auth_aws
-    verb "GET"
     host "sts.amazonaws.com"
     path "/"
     query "Action", "GetCallerIdentity"
@@ -187,7 +186,6 @@ datasource "ds_iam_roles_without_tags" do
   request do
     auth $auth_aws
     pagination $pagination_aws_iam_role_json
-    verb "GET"
     host "iam.amazonaws.com"
     path "/"
     query "Action", "ListRoles"
@@ -231,7 +229,6 @@ datasource "ds_iam_roles" do
   request do
     auth $auth_aws
     pagination $pagination_aws_iam_role_tag_json
-    verb "GET"
     host "iam.amazonaws.com"
     path "/"
     query "Action", "ListRoleTags"

compliance/aws/iam_role_audit/aws_iam_role_audit_meta_parent.pt

@@ -7,7 +7,7 @@ category "Meta"
 default_frequency "15 minutes"
 info(
   provider: "AWS",
-  version: "3.0.1", # This version of the Meta Parent Policy Template should match the version of the Child Policy Template as it appears in the Catalog for best reliability
+  version: "3.0.2", # This version of the Meta Parent Policy Template should match the version of the Child Policy Template as it appears in the Catalog for best reliability
   publish: "true",
   deprecated: "false"
 )

compliance/aws/instances_without_fnm_agent/CHANGELOG.md

@@ -1,5 +1,9 @@
 # Changelog
 
+## v4.3.2
+
+- Minor code improvements to conform with current standards. Functionality unchanged.
+
 ## v4.3.1
 
 - Added default value for parameters that do not require user input

compliance/aws/instances_without_fnm_agent/README.md

@@ -1,12 +1,12 @@
 # AWS EC2 Instances not running FlexNet Inventory Agent
 
-## What it does
+## What It Does
 
 This policy uses the SOAP version of the FlexNet Manager Cloud APIs, checks all EC2 instances running in AWS to determine if the FlexNet Inventory Agent is running on the instance, and reports on any that are missing the agent.
 
 The policy is a recommendation only policy, no action is taken during the Policy Escalation.
 
-## Functional Description
+## How It Works
 
 The policy leverages the cloud API to get all current EC2 instances and the FlexNet Manager report (Custom view) API to get all AWS cloud instances with agent. It cross-checks the two lists to determine if any instances are running on the cloud that aren't known to FlexNet Manager.  The policy matches the InstanceCloudID from FlexNet Manager System and the instanceId from AWS.
 
@@ -56,7 +56,7 @@ This Policy Template uses [Credentials](https://docs.flexera.com/flexera/EN/Auto
   }
   ```
 
-- [**Flexera Credential**](https://docs.flexera.com/flexera/EN/Automation/ProviderCredentials.htm) (*provider=flexera*) which has the following roles:
+- [**Flexera ITAM Credential**](https://docs.flexera.com/flexera/EN/Automation/ProviderCredentials.htm) (*provider=flexera*) which has the following roles:
   - `Web Service` or equivalent role in IT Asset Accounts (for calling ITAM SOAP APIs)
 
 The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automation/ProviderCredentials.htm) page in the docs has detailed instructions for setting up Credentials for the most common providers.
@@ -76,7 +76,7 @@ Once saved, note the report number in the URL field : ![Alt text][ReportNumber]
 
 ## Cost
 
-This Policy Template does not incur any cloud costs.
+This policy template does not incur any cloud costs.
 
 <!-- Image referances -->
 [APIToken]: images/APIToken.png "APIToken"

compliance/aws/instances_without_fnm_agent/aws_instances_not_running_flexnet_inventory_agent.pt

@@ -7,7 +7,7 @@ severity "medium"
 category "Compliance"
 default_frequency "weekly"
 info(
-  version: "4.3.1",
+  version: "4.3.2",
   provider: "AWS",
   service: "Compute",
   policy_set: "Instances not running FlexNet Inventory Agent"
@@ -105,7 +105,6 @@ datasource "ds_regions_list" do
   # https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeRegions.html
   request do
     auth $auth_aws
-    verb "GET"
     host "ec2.amazonaws.com"
     path "/"
     query "Action", "DescribeRegions"
@@ -173,7 +172,6 @@ datasource "ds_aws_ec2_instances_list" do
   iterate $ds_regions
   request do
     auth $auth_aws
-    verb "GET"
     host join(["ec2.", val(iter_item, "region"), ".amazonaws.com"])
     path "/"
     query "Action", "DescribeInstances"
@@ -412,4 +410,3 @@ script "js_check_deleted", type: "javascript" do
   result = {"path":"/"}
   EOS
 end
-

compliance/aws/instances_without_fnm_agent/aws_instances_not_running_flexnet_inventory_agent_meta_parent.pt

@@ -7,7 +7,7 @@ category "Meta"
 default_frequency "15 minutes"
 info(
   provider: "AWS",
-  version: "4.3.1", # This version of the Meta Parent Policy Template should match the version of the Child Policy Template as it appears in the Catalog for best reliability
+  version: "4.3.2", # This version of the Meta Parent Policy Template should match the version of the Child Policy Template as it appears in the Catalog for best reliability
   publish: "true",
   deprecated: "false"
 )

compliance/aws/long_stopped_instances/CHANGELOG.md

@@ -1,5 +1,9 @@
 # Changelog
 
+## v6.0.1
+
+- Minor code improvements to conform with current standards. Functionality unchanged.
+
 ## v6.0
 
 - Added support for regex when filtering resources by tag

compliance/aws/long_stopped_instances/README.md

@@ -83,4 +83,4 @@ The [Provider-Specific Credentials](https://docs.flexera.com/flexera/EN/Automati
 
 ## Cost
 
-This Policy Template does not incur any cloud costs.
+This policy template does not incur any cloud costs.