diff --git a/.github/workflows/check_pr_plugin_aws.yml b/.github/workflows/check_pr_plugin_aws.yml
index 30741eb48d..e9ce86fb35 100644
--- a/.github/workflows/check_pr_plugin_aws.yml
+++ b/.github/workflows/check_pr_plugin_aws.yml
@@ -73,19 +73,3 @@ jobs:
user: __token__
password: ${{ secrets.PYPI_FIXINVENTORY_PLUGIN_AWS }}
packages_dir: ./plugins/aws/dist/
-
- - name: Upload AWS policies
- if: github.event_name != 'pull_request'
- working-directory: ./plugins/aws
- run: |
- pip install --upgrade --editable .
- pip install --upgrade --editable ./tools/awspolicygen
- export GITHUB_REF="${{ github.ref }}"
- export GITHUB_REF_TYPE="${{ github.ref_type }}"
- export GITHUB_EVENT_NAME="${{ github.event_name }}"
- export API_TOKEN="${{ secrets.API_TOKEN }}"
- export SPACES_KEY="${{ secrets.SPACES_KEY }}"
- export SPACES_SECRET="${{ secrets.SPACES_SECRET }}"
- export AWS_ACCESS_KEY_ID="${{ secrets.S3_FIXINVENTORYPUBLIC_AWS_ACCESS_KEY_ID }}"
- export AWS_SECRET_ACCESS_KEY="${{ secrets.S3_FIXINVENTORYPUBLIC_AWS_SECRET_ACCESS_KEY }}"
- awspolicygen --verbose --spaces-name somecdn --spaces-region ams3 --spaces-path fix/aws/ --aws-s3-bucket fixinventorypublic --aws-s3-bucket-path cf/
diff --git a/.github/workflows/check_pr_plugin_gcp.yml b/.github/workflows/check_pr_plugin_gcp.yml
index 7d4a3ac68a..c6c2fd8078 100644
--- a/.github/workflows/check_pr_plugin_gcp.yml
+++ b/.github/workflows/check_pr_plugin_gcp.yml
@@ -73,17 +73,3 @@ jobs:
user: __token__
password: ${{ secrets.PYPI_FIXINVENTORY_PLUGIN_GCP }}
packages_dir: ./plugins/gcp/dist/
-
- - name: Upload GCP policies
- if: github.event_name != 'pull_request'
- working-directory: ./plugins/gcp
- run: |
- pip install --upgrade --editable .
- pip install --upgrade --editable ./tools/gcppolicygen
- export GITHUB_REF="${{ github.ref }}"
- export GITHUB_REF_TYPE="${{ github.ref_type }}"
- export GITHUB_EVENT_NAME="${{ github.event_name }}"
- export API_TOKEN="${{ secrets.API_TOKEN }}"
- export SPACES_KEY="${{ secrets.SPACES_KEY }}"
- export SPACES_SECRET="${{ secrets.SPACES_SECRET }}"
- gcppolicygen --verbose --spaces-name somecdn --spaces-region ams3 --spaces-path fix/gcp/
diff --git a/.github/workflows/create_plugin_workflows.py b/.github/workflows/create_plugin_workflows.py
index ac311bdf62..4700998f7d 100755
--- a/.github/workflows/create_plugin_workflows.py
+++ b/.github/workflows/create_plugin_workflows.py
@@ -138,7 +138,8 @@
.replace("@name@", plugin)
.replace("@PKGNAME@", f"fixinventory_plugin_{plugin}".upper())
)
- if plugin == "aws":
- yml.write(aws_policygen)
- elif plugin == "gcp":
- yml.write(gcp_policygen)
+ # PolicyGen Upload disabled for now. Uncomment when required.
+ # if plugin == "aws":
+ # yml.write(aws_policygen)
+ # elif plugin == "gcp":
+ # yml.write(gcp_policygen)
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index e91fd803cd..4b062e2284 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -34,34 +34,34 @@ jobs:
run: |
yarn install --frozen-lockfile
- - name: Wait for AWS policies to be uploaded
- if: github.event_name != 'workflow_dispatch'
- uses: lewagon/wait-on-check-action@v1.3.1
- with:
- ref: ${{ github.ref }}
- check-name: aws
- repo-token: ${{ secrets.GITHUB_TOKEN }}
-
- - name: Update AWS policy JSON
- shell: bash
- working-directory: ./docs.fix.security/iam/aws
- run: |
- wget -qO FixOrgList.json https://cdn.some.engineering/fix/aws/edge/FixOrgList.json
- wget -qO FixCollect.json https://cdn.some.engineering/fix/aws/edge/FixCollect.json
-
- - name: Wait for GCP policies to be uploaded
- if: github.event_name != 'workflow_dispatch'
- uses: lewagon/wait-on-check-action@v1.3.1
- with:
- ref: ${{ github.ref }}
- check-name: gcp
- repo-token: ${{ secrets.GITHUB_TOKEN }}
-
- - name: Update GCP policy JSON
- shell: bash
- working-directory: ./docs.fix.security/iam/gcp
- run: |
- wget -qO fix_access.json https://cdn.some.engineering/fix/gcp/edge/fix_access.json
+# - name: Wait for AWS policies to be uploaded
+# if: github.event_name != 'workflow_dispatch'
+# uses: lewagon/wait-on-check-action@v1.3.1
+# with:
+# ref: ${{ github.ref }}
+# check-name: aws
+# repo-token: ${{ secrets.GITHUB_TOKEN }}
+#
+# - name: Update AWS policy JSON
+# shell: bash
+# working-directory: ./docs.fix.security/iam/aws
+# run: |
+# wget -qO FixOrgList.json https://cdn.some.engineering/fix/aws/edge/FixOrgList.json
+# wget -qO FixCollect.json https://cdn.some.engineering/fix/aws/edge/FixCollect.json
+#
+# - name: Wait for GCP policies to be uploaded
+# if: github.event_name != 'workflow_dispatch'
+# uses: lewagon/wait-on-check-action@v1.3.1
+# with:
+# ref: ${{ github.ref }}
+# check-name: gcp
+# repo-token: ${{ secrets.GITHUB_TOKEN }}
+#
+# - name: Update GCP policy JSON
+# shell: bash
+# working-directory: ./docs.fix.security/iam/gcp
+# run: |
+# wget -qO fix_access.json https://cdn.some.engineering/fix/gcp/edge/fix_access.json
- name: Clean existing Kroki images
shell: bash
@@ -138,28 +138,28 @@ jobs:
run: |
yarn gen-api-docs
- - name: Update AWS policy JSON
- shell: bash
- working-directory: ./inventory.fix.security/iam/aws/edge
- run: |
- wget -qO FixOrgList.json https://cdn.some.engineering/fix/aws/edge/FixOrgList.json
- wget -qO FixCollect.json https://cdn.some.engineering/fix/aws/edge/FixCollect.json
- wget -qO FixMutate.json https://cdn.some.engineering/fix/aws/edge/FixMutate.json
-
- - name: Wait for GCP policies to be uploaded
- if: github.event_name != 'workflow_dispatch'
- uses: lewagon/wait-on-check-action@v1.3.1
- with:
- ref: ${{ github.ref }}
- check-name: gcp
- repo-token: ${{ secrets.GITHUB_TOKEN }}
-
- - name: Update GCP policy JSON
- shell: bash
- working-directory: ./inventory.fix.security/iam/gcp/edge
- run: |
- wget -qO fix_access.json https://cdn.some.engineering/fix/gcp/edge/fix_access.json
- wget -qO fix_mutate.json https://cdn.some.engineering/fix/gcp/edge/fix_mutate.json
+# - name: Update AWS policy JSON
+# shell: bash
+# working-directory: ./inventory.fix.security/iam/aws/edge
+# run: |
+# wget -qO FixOrgList.json https://cdn.some.engineering/fix/aws/edge/FixOrgList.json
+# wget -qO FixCollect.json https://cdn.some.engineering/fix/aws/edge/FixCollect.json
+# wget -qO FixMutate.json https://cdn.some.engineering/fix/aws/edge/FixMutate.json
+#
+# - name: Wait for GCP policies to be uploaded
+# if: github.event_name != 'workflow_dispatch'
+# uses: lewagon/wait-on-check-action@v1.3.1
+# with:
+# ref: ${{ github.ref }}
+# check-name: gcp
+# repo-token: ${{ secrets.GITHUB_TOKEN }}
+#
+# - name: Update GCP policy JSON
+# shell: bash
+# working-directory: ./inventory.fix.security/iam/gcp/edge
+# run: |
+# wget -qO fix_access.json https://cdn.some.engineering/fix/gcp/edge/fix_access.json
+# wget -qO fix_mutate.json https://cdn.some.engineering/fix/gcp/edge/fix_mutate.json
- name: Clean existing Kroki images
if: github.event_name == 'workflow_dispatch' # only when triggered manually
@@ -286,38 +286,38 @@ jobs:
run: |
yarn gen-api-docs
- - name: Wait for AWS policies to be uploaded
- if: steps.release.outputs.prerelease == 'false' && github.event_name != 'workflow_dispatch'
- uses: lewagon/wait-on-check-action@v1.3.1
- with:
- ref: ${{ github.ref }}
- check-name: aws
- repo-token: ${{ secrets.GITHUB_TOKEN }}
-
- - name: Update AWS policy JSON
- if: steps.release.outputs.prerelease == 'false'
- shell: bash
- working-directory: ./inventory.fix.security/iam/aws/${{ steps.release.outputs.docsVersion }}
- run: |
- wget -qO FixOrgList.json https://cdn.some.engineering/fix/aws/${{ steps.release.outputs.tag }}/FixOrgList.json
- wget -qO FixCollect.json https://cdn.some.engineering/fix/aws/${{ steps.release.outputs.tag }}/FixCollect.json
- wget -qO FixMutate.json https://cdn.some.engineering/fix/aws/${{ steps.release.outputs.tag }}/FixMutate.json
-
- - name: Wait for GCP policies to be uploaded
- if: steps.release.outputs.prerelease == 'false' && github.event_name != 'workflow_dispatch'
- uses: lewagon/wait-on-check-action@v1.3.1
- with:
- ref: ${{ github.ref }}
- check-name: gcp
- repo-token: ${{ secrets.GITHUB_TOKEN }}
-
- - name: Update GCP policy JSON
- if: steps.release.outputs.prerelease == 'false'
- shell: bash
- working-directory: ./inventory.fix.security/iam/gcp/${{ steps.release.outputs.docsVersion }}
- run: |
- wget -qO fix_access.json https://cdn.some.engineering/fix/gcp/${{ steps.release.outputs.tag }}/fix_access.json
- wget -qO fix_mutate.json https://cdn.some.engineering/fix/gcp/${{ steps.release.outputs.tag }}/fix_mutate.json
+# - name: Wait for AWS policies to be uploaded
+# if: steps.release.outputs.prerelease == 'false' && github.event_name != 'workflow_dispatch'
+# uses: lewagon/wait-on-check-action@v1.3.1
+# with:
+# ref: ${{ github.ref }}
+# check-name: aws
+# repo-token: ${{ secrets.GITHUB_TOKEN }}
+#
+# - name: Update AWS policy JSON
+# if: steps.release.outputs.prerelease == 'false'
+# shell: bash
+# working-directory: ./inventory.fix.security/iam/aws/${{ steps.release.outputs.docsVersion }}
+# run: |
+# wget -qO FixOrgList.json https://cdn.some.engineering/fix/aws/${{ steps.release.outputs.tag }}/FixOrgList.json
+# wget -qO FixCollect.json https://cdn.some.engineering/fix/aws/${{ steps.release.outputs.tag }}/FixCollect.json
+# wget -qO FixMutate.json https://cdn.some.engineering/fix/aws/${{ steps.release.outputs.tag }}/FixMutate.json
+#
+# - name: Wait for GCP policies to be uploaded
+# if: steps.release.outputs.prerelease == 'false' && github.event_name != 'workflow_dispatch'
+# uses: lewagon/wait-on-check-action@v1.3.1
+# with:
+# ref: ${{ github.ref }}
+# check-name: gcp
+# repo-token: ${{ secrets.GITHUB_TOKEN }}
+#
+# - name: Update GCP policy JSON
+# if: steps.release.outputs.prerelease == 'false'
+# shell: bash
+# working-directory: ./inventory.fix.security/iam/gcp/${{ steps.release.outputs.docsVersion }}
+# run: |
+# wget -qO fix_access.json https://cdn.some.engineering/fix/gcp/${{ steps.release.outputs.tag }}/fix_access.json
+# wget -qO fix_mutate.json https://cdn.some.engineering/fix/gcp/${{ steps.release.outputs.tag }}/fix_mutate.json
- name: Modify Docker Compose YAML
if: steps.release.outputs.prerelease == 'false'
diff --git a/fixcore/fixcore/static/api-doc.yaml b/fixcore/fixcore/static/api-doc.yaml
index d32c72bc04..b9c0410e79 100644
--- a/fixcore/fixcore/static/api-doc.yaml
+++ b/fixcore/fixcore/static/api-doc.yaml
@@ -404,7 +404,6 @@ paths:
post:
summary: "Merge a given graph with the existing graph under marked merge nodes as batch update."
description: |
- **Experimental**: This API is not stable and might be subject of change.
Merge a given graph with the existing graph under marked merge nodes as batch update.
tags:
- graph_management
@@ -458,7 +457,6 @@ paths:
get:
summary: "Get a list of all running batch updates"
description: |
- **Experimental**: This API is not stable and might be subject of change.
Get a list of all running batch updates.
tags:
- graph_management
@@ -475,7 +473,6 @@ paths:
post:
summary: "Commit a batch update"
description: |
- **Experimental**: This API is not stable and might be subject of change.
Commit a batch update.
tags:
- graph_management
@@ -498,7 +495,6 @@ paths:
delete:
summary: "Abort a batch update"
description: |
- **Experimental**: This API is not stable and might be subject of change.
Abort a batch update.
tags:
- graph_management
@@ -584,7 +580,6 @@ paths:
post:
summary: "Create a new node under the given parent node"
description: |
- **Experimental**: This API is not stable and might be subject of change.
Create a new node under the given parent node.
tags:
- node_management
@@ -619,7 +614,6 @@ paths:
get:
summary: "Get a node with the given node id"
description: |
- **Experimental**: This API is not stable and might be subject of change.
Get a node with the given node id
tags:
- node_management
@@ -641,7 +635,6 @@ paths:
patch:
summary: "Update a node with the given node id"
description: |
- **Experimental**: This API is not stable and might be subject of change.
Update a node with the given node id
tags:
- node_management
@@ -670,7 +663,6 @@ paths:
delete:
summary: "Delete a node with the given node id."
description: |
- **Experimental**: This API is not stable and might be subject of change.
Delete a node with the given node id.
tags:
- node_management
@@ -689,7 +681,6 @@ paths:
patch:
summary: "Patch a node with the given node id in given section"
description: |
- **Experimental**: This API is not stable and might be subject of change.
Patch a node with the given node id in given section
tags:
- node_management
@@ -723,7 +714,6 @@ paths:
post:
summary: "Transform the search into the raw database search"
description: |
- **Experimental**: This API is not stable and might be subject of change.
Show the underlying raw search.
tags:
- debug
@@ -2153,7 +2143,6 @@ paths:
get:
summary: "Get all configuration keys"
description: |
- **Experimental**: This API is not stable and might be subject of change.
Get all configuration keys in the system.
tags:
- config
@@ -2213,7 +2202,6 @@ paths:
get:
summary: "Get all configuration keys that have a model defined."
description: |
- **Experimental**: This API is not stable and might be subject of change.
Get all configuration keys that have a model defined.
tags:
- config_validation
@@ -2231,7 +2219,6 @@ paths:
get:
summary: "Get a configuration by its id"
description: |
- **Experimental**: This API is not stable and might be subject of change.
Fetch a configuration by id.
tags:
- config
@@ -2261,7 +2248,6 @@ paths:
put:
summary: "Replace a configuration with given id"
description: |
- **Experimental**: This API is not stable and might be subject of change.
Replace a configuration identified by id with provided value.
tags:
- config
@@ -2310,7 +2296,6 @@ paths:
patch:
summary: "Patch a configuration by its id"
description: |
- **Experimental**: This API is not stable and might be subject of change.
Patch a configuration identified by id with provided value.
tags:
- config
@@ -2359,7 +2344,6 @@ paths:
delete:
summary: "Delete a configuration by its id"
description: |
- **Experimental**: This API is not stable and might be subject of change.
Delete a configuration identified by id with provided value.
tags:
- config
@@ -2378,7 +2362,6 @@ paths:
get:
summary: "Get a configuration validation by its id"
description: |
- **Experimental**: This API is not stable and might be subject of change.
Fetch the validation of a configuration by id.
tags:
- config_validation
@@ -2405,7 +2388,6 @@ paths:
put:
summary: "Replace a configuration validation with given id"
description: |
- **Experimental**: This API is not stable and might be subject of change.
Replace a configuration validation identified by id with provided value.
tags:
- config_validation
@@ -2519,7 +2501,6 @@ paths:
get:
summary: Get information about CLI
description: |
- **Experimental**: This API is not stable and might be subject of change.
Get information about CLI
tags:
- cli