Merge pull request #1 from OTCShare2/May22-update

Added new instance types

Author: kevinbleckmann

README.md

@@ -1,10 +1,10 @@
 <p align="center">
-  <img src="https://github.com/intel/policy-library-intel-aws/blob/main/images/logo-classicblue-800px.png?raw=true" alt="Intel Logo" width="250"/>
+  <img src="https://github.com/intel/intel-policy-library/blob/main/images/logo-classicblue-800px.png?raw=true" alt="Intel Logo" width="250"/>
 </p>
 
 # Sentinel Policies for Cloud Workloads - Intel Optimized Cloud Modules
 
-© Copyright 2022, Intel Corporation
+© Copyright 2024, Intel Corporation
 
 ## Purpose of this library
 

docs/aws/policies.md

@@ -24,9 +24,9 @@ Parameter: instance_type
 
 Allowed Types:
 
-- **Optimal:** c7i.large, c7i.xlarge, c7i.2xlarge, c7i.4xlarge, c7i.8xlarge, c7i.12xlarge, c7i.16xlarge, c7i.24xlarge, c7i.48xlarge, c7i.metal-24xl, c7i.metal-48xl, m7i.12xlarge, m7i.16xlarge, m7i.24xlarge, m7i.2xlarge, m7i.48xlarge, m7i.4xlarge, m7i.8xlarge, m7i.large, m7i.xlarge, m7i.metal-24xl, m7i.metal-48xl, m7i-flex.large, m7i-flex.xlarge, m7i-flex.2xlarge, m7i-flex.4xlarge, m7i-flex.8xlarge, r7iz.12xlarge, r7iz.24xlarge, r7iz.2xlarge, r7iz.32xlarge, r7iz.4xlarge, r7iz.8xlarge, r7iz.large, r7iz.metal16xl, r7iz.metal32xl, r7iz.xlarge
+- **Optimal:** c7i.large, c7i.xlarge, c7i.2xlarge, c7i.4xlarge, c7i.8xlarge, c7i.12xlarge, c7i.16xlarge, c7i.24xlarge, c7i.48xlarge, c7i.metal-24xl, c7i.metal-48xl, c7i-flex.large, c7i-flex.xlarge, c7i-flex.2xlarge, c7i-flex.4xlarge, c7i-flex.8xlarge, m7i.12xlarge, m7i.16xlarge, m7i.24xlarge, m7i.2xlarge, m7i.48xlarge, m7i.4xlarge, m7i.8xlarge, m7i.large, m7i.xlarge, m7i.metal-24xl, m7i.metal-48xl, m7i-flex.large, m7i-flex.xlarge, m7i-flex.2xlarge, m7i-flex.4xlarge, m7i-flex.8xlarge, r7iz.12xlarge, r7iz.24xlarge, r7iz.2xlarge, r7iz.32xlarge, r7iz.4xlarge, r7iz.8xlarge, r7iz.large, r7iz.metal16xl, r7iz.metal32xl, r7iz.xlarge
 - **Alternative:** c6i.12xlarge, c6i.16xlarge, c6i.24xlarge, c6i.2xlarge, c6i.32xlarge, c6i.4xlarge, c6i.8xlarge, c6i.large, c6i.metal, c6i.xlarge, c6in.12xlarge, c6in.16xlarge, c6in.24xlarge, c6in.2xlarge, c6in.32xlarge, c6in.4xlarge, c6in.8xlarge, c6in.large, c6in.xlarge, i4i.16xlarge, i4i.2xlarge, i4i.32xlarge, i4i.4xlarge, i4i.8xlarge, i4i.large, i4i.metal, i4i.xlarge, m6i.12xlarge, m6i.16xlarge, m6i.24xlarge, m6i.2xlarge, m6i.32xlarge, m6i.4xlarge, m6i.8xlarge, m6i.large, m6i.metal, m6i.xlarge, m6in.12xlarge, m6in.16xlarge, m6in.24xlarge, m6in.2xlarge, m6in.32xlarge, m6in.4xlarge, m6in.8xlarge, m6in.large, m6in.xlarge, r6i.12xlarge, r6i.16xlarge, r6i.24xlarge, r6i.2xlarge, r6i.32xlarge, r6i.4xlarge, r6i.8xlarge, r6i.large, r6i.metal, r6i.xlarge, r6in.12xlarge, r6in.16xlarge, r6in.24xlarge, r6in.2xlarge, r6in.32xlarge, r6in.4xlarge, r6in.8xlarge, r6in.large, r6in.xlarge, trn1.2xlarge, trn1.32xlarge, x2idn.16xlarge, x2idn.24xlarge, x2idn.32xlarge, x2idn.metal, x2iedn.16xlarge, x2iedn.24xlarge, x2iedn.2xlarge, x2iedn.32xlarge, x2iedn.4xlarge, x2iedn.8xlarge, x2iedn.metal, x2iedn.xlarge
-- **AI:** c7i.large, c7i.xlarge, c7i.2xlarge, c7i.4xlarge, c7i.8xlarge, c7i.12xlarge, c7i.16xlarge, c7i.24xlarge, c7i.48xlarge, c7i.metal-24xl, c7i.metal-48xl, m7i.12xlarge, m7i.16xlarge, m7i.24xlarge, m7i.2xlarge, m7i.48xlarge, m7i.4xlarge, m7i.8xlarge, m7i.large, m7i.xlarge, m7i-flex.large, m7i-flex.xlarge, m7i-flex.2xlarge, m7i-flex.4xlarge, m7i-flex.8xlarge, r7iz.12xlarge, r7iz.24xlarge, r7iz.2xlarge, r7iz.32xlarge, r7iz.4xlarge, r7iz.8xlarge, r7iz.large, r7iz.metal16xl, r7iz.metal32xl, r7iz.xlarge
+- **AI:** c7i.large, c7i.xlarge, c7i.2xlarge, c7i.4xlarge, c7i.8xlarge, c7i.12xlarge, c7i.16xlarge, c7i.24xlarge, c7i.48xlarge, c7i.metal-24xl, c7i.metal-48xl, c7i-flex.large, c7i-flex.xlarge, c7i-flex.2xlarge, c7i-flex.4xlarge, c7i-flex.8xlarge, m7i.12xlarge, m7i.16xlarge, m7i.24xlarge, m7i.2xlarge, m7i.48xlarge, m7i.4xlarge, m7i.8xlarge, m7i.large, m7i.xlarge, m7i-flex.large, m7i-flex.xlarge, m7i-flex.2xlarge, m7i-flex.4xlarge, m7i-flex.8xlarge, r7iz.12xlarge, r7iz.24xlarge, r7iz.2xlarge, r7iz.32xlarge, r7iz.4xlarge, r7iz.8xlarge, r7iz.large, r7iz.metal16xl, r7iz.metal32xl, r7iz.xlarge
 
 ## AWS Db Instance Deny Unapproved Instance Types
 

docs/google/policies.md

@@ -78,7 +78,7 @@ Parameter: machine_type
 
 Allowed Types:
 
-- **Optimal:** c3-highcpu-4, c3-highcpu-8, c3-highcpu-22, c3-highcpu-44, c3-highcpu-88, c3-highcpu-176, c3-highmem-4, c3-highmem-8, c3-highmem-22, c3-highmem-44, c3-highmem-88, c3-highmem-176, c3-standard-4, c3-standard-8, c3-standard-22, c3-standard-44, c3-standard-88, c3-standard-176
+- **Optimal:** c3-highcpu-4, c3-highcpu-8, c3-highcpu-22, c3-highcpu-44, c3-highcpu-88, c3-highcpu-176, c3-highmem-4, c3-highmem-8, c3-highmem-22, c3-highmem-44, c3-highmem-88, c3-highmem-176, c3-standard-4, c3-standard-8, c3-standard-22, c3-standard-44, c3-standard-88, c3-standard-176, n4-standard-2, n4-standard-4, n4-standard-8, n4-standard-16, n4-standard-32, n4-standard-48, n4-standard-64, n4-standard-80, n4-highcpu-2, n4-highcpu-4, n4-highcpu-8, n4-highcpu-16, n4-highcpu-32, n4-highcpu-48, n4-highcpu-64, n4-highcpu-80, n4-highmem-2, n4-highmem-4, n4-highmem-8, n4-highmem-16, n4-highmem-32, n4-highmem-48, n4-highmem-64, n4-highmem-80
 - **Alternative:** n2-standard-2, n2-standard-4, n2-standard-8, n2-standard-16, n2-standard-32, n2-standard-48, n2-standard-64, n2-standard-80, n2-standard-96, n2-standard-128, n2-highmem-2, n2-highmem-4, n2-highmem-8, n2-highmem-16, n2-highmem-32, n2-highmem-48, n2-highmem-64, n2-highmem-80, n2-highmem-96, n2-highmem-128, n2-highcpu-2, n2-highcpu-4, n2-highcpu-8, n2-highcpu-16, n2-highcpu-32, n2-highcpu-48, n2-highcpu-64, n2-highcpu-80, n2-highcpu-96, m2-megamem-416, m2-hypermem-416, m2-ultramem-208, m2-ultramem-416
-- **AI:** c3-highcpu-4, c3-highcpu-8, c3-highcpu-22, c3-highcpu-44, c3-highcpu-88, c3-highcpu-176, c3-highmem-4, c3-highmem-8, c3-highmem-22, c3-highmem-44, c3-highmem-88, c3-highmem-176, c3-standard-4, c3-standard-8, c3-standard-22, c3-standard-44, c3-standard-88, c3-standard-176
+- **AI:** c3-highcpu-4, c3-highcpu-8, c3-highcpu-22, c3-highcpu-44, c3-highcpu-88, c3-highcpu-176, c3-highmem-4, c3-highmem-8, c3-highmem-22, c3-highmem-44, c3-highmem-88, c3-highmem-176, c3-standard-4, c3-standard-8, c3-standard-22, c3-standard-44, c3-standard-88, c3-standard-176, n4-standard-2, n4-standard-4, n4-standard-8, n4-standard-16, n4-standard-32, n4-standard-48, n4-standard-64, n4-standard-80, n4-highcpu-2, n4-highcpu-4, n4-highcpu-8, n4-highcpu-16, n4-highcpu-32, n4-highcpu-48, n4-highcpu-64, n4-highcpu-80, n4-highmem-2, n4-highmem-4, n4-highmem-8, n4-highmem-16, n4-highmem-32, n4-highmem-48, n4-highmem-64, n4-highmem-80
 

policies/ibm/intel-ibm-is-instance-check-optimal-instance-types/testdata/mock-tfplan-failure.sentinel

@@ -348,4 +348,3 @@ resource_changes = {
 		"type":           "ibm_is_security_group_rule",
 	},
 }
-

policies/ibm/intel-ibm-is-instance-check-optimal-instance-types/testdata/mock-tfplan-success.sentinel

@@ -348,4 +348,3 @@ resource_changes = {
 		"type":           "ibm_is_security_group_rule",
 	},
 }
-

policies/ibm/intel-ibm-is-instance-deny-unapproved-instance-types/testdata/mock-tfplan-failure.sentinel

@@ -348,4 +348,3 @@ resource_changes = {
 		"type":           "ibm_is_security_group_rule",
 	},
 }
-

policies/ibm/intel-ibm-is-instance-deny-unapproved-instance-types/testdata/mock-tfplan-success.sentinel

@@ -348,4 +348,3 @@ resource_changes = {
 		"type":           "ibm_is_security_group_rule",
 	},
 }
-

policies/intel/intel-check-aws-optimized-instance-types/intel-check-aws-optimized-instance-types.sentinel

@@ -4,48 +4,48 @@ import "approved"
 
 # Define a function to validate instance types
 validate_instance_types = func() {
-    # Assume all instance types are valid initially
-    all_valid = true
-
-    # Iterate over each AWS resource in the optimal file
-    for optimal.aws as resource, details {
-        # Skip processing for the 'policies_url' key
-        if resource == "policies_url" {
-            continue
-        }
-
-        # Ensure the resource exists in the approved file and has an optimal property
-        if resource in approved.aws and "optimal" in approved.aws[resource] {
-            approved_types = approved.aws[resource].optimal
-
-            # Iterate over each optimal instance type for the resource
-            for details.optimal as type {
-                # If the instance type is not approved, set all_valid to false
-                if type not in approved_types {
-                    all_valid = false
-                    break  # Found an unapproved type, no need to check further
-                }
-            }
-        } else {
-            all_valid = false
-        }
-
-        # Break out of the loop if a validation failure is detected
-        if not all_valid {
-            break
-        }
-    }
-
-    # If validation fails, print a specific message
-    if !all_valid {
-        print("New Intel optimal instance type recommendations are available. \n Update your policy library to take advantage of the latest series of performance and security enhancements available from Intel \n For instructions on staying up to date see https://github.com/intel/intel-policy-library")
-    }
-
-    # Return the validation result
-    return all_valid
+	# Assume all instance types are valid initially
+	all_valid = true
+
+	# Iterate over each AWS resource in the optimal file
+	for optimal.aws as resource, details {
+		# Skip processing for the 'policies_url' key
+		if resource == "policies_url" {
+			continue
+		}
+
+		# Ensure the resource exists in the approved file and has an optimal property
+		if resource in approved.aws and "optimal" in approved.aws[resource] {
+			approved_types = approved.aws[resource].optimal
+
+			# Iterate over each optimal instance type for the resource
+			for details.optimal as type {
+				# If the instance type is not approved, set all_valid to false
+				if type not in approved_types {
+					all_valid = false
+					break # Found an unapproved type, no need to check further
+				}
+			}
+		} else {
+			all_valid = false
+		}
+
+		# Break out of the loop if a validation failure is detected
+		if not all_valid {
+			break
+		}
+	}
+
+	# If validation fails, print a specific message
+	if !all_valid {
+		print("New Intel optimal instance type recommendations are available. \n Update your policy library to take advantage of the latest series of performance and security enhancements available from Intel \n For instructions on staying up to date see https://github.com/intel/intel-policy-library")
+	}
+
+	# Return the validation result
+	return all_valid
 }
 
 # New updates are available from Intel. Please update your policy library
 main = rule {
-    validate_instance_types()
+	validate_instance_types()
 }

policies/intel/intel-check-azurerm-optimized-instance-types/intel-check-azurerm-optimized-instance-types.sentinel

@@ -4,48 +4,48 @@ import "approved"
 
 # Define a function to validate instance types
 validate_instance_types = func() {
-    # Assume all instance types are valid initially
-    all_valid = true
-
-    # Iterate over each AZURERM resource in the optimal file
-    for optimal.azurerm as resource, details {
-        # Skip processing for the 'policies_url' key
-        if resource == "policies_url" {
-            continue
-        }
-
-        # Ensure the resource exists in the approved file and has an optimal property
-        if resource in approved.azurerm and "optimal" in approved.azurerm[resource] {
-            approved_types = approved.azurerm[resource].optimal
-
-            # Iterate over each optimal instance type for the resource
-            for details.optimal as type {
-                # If the instance type is not approved, set all_valid to false
-                if type not in approved_types {
-                    all_valid = false
-                    break  # Found an unapproved type, no need to check further
-                }
-            }
-        } else {
-            all_valid = false
-        }
-
-        # Break out of the loop if a validation failure is detected
-        if not all_valid {
-            break
-        }
-    }
-
-    # If validation fails, print a specific message
-    if !all_valid {
-        print("New Intel optimal instance type recommendations are available. \n Update your policy library to take advantage of the latest series of performance and security enhancements available from Intel \n For instructions on staying up to date see https://github.com/intel/intel-policy-library")
-    }
-
-    # Return the validation result
-    return all_valid
+	# Assume all instance types are valid initially
+	all_valid = true
+
+	# Iterate over each AZURERM resource in the optimal file
+	for optimal.azurerm as resource, details {
+		# Skip processing for the 'policies_url' key
+		if resource == "policies_url" {
+			continue
+		}
+
+		# Ensure the resource exists in the approved file and has an optimal property
+		if resource in approved.azurerm and "optimal" in approved.azurerm[resource] {
+			approved_types = approved.azurerm[resource].optimal
+
+			# Iterate over each optimal instance type for the resource
+			for details.optimal as type {
+				# If the instance type is not approved, set all_valid to false
+				if type not in approved_types {
+					all_valid = false
+					break # Found an unapproved type, no need to check further
+				}
+			}
+		} else {
+			all_valid = false
+		}
+
+		# Break out of the loop if a validation failure is detected
+		if not all_valid {
+			break
+		}
+	}
+
+	# If validation fails, print a specific message
+	if !all_valid {
+		print("New Intel optimal instance type recommendations are available. \n Update your policy library to take advantage of the latest series of performance and security enhancements available from Intel \n For instructions on staying up to date see https://github.com/intel/intel-policy-library")
+	}
+
+	# Return the validation result
+	return all_valid
 }
 
 # New updates are available from Intel. Please update your policy library
 main = rule {
-    validate_instance_types()
+	validate_instance_types()
 }

policies/intel/intel-check-google-optimized-instance-types/intel-check-google-optimized-instance-types.sentinel

@@ -4,48 +4,48 @@ import "approved"
 
 # Define a function to validate instance types
 validate_instance_types = func() {
-    # Assume all instance types are valid initially
-    all_valid = true
-
-    # Iterate over each GOOGLE resource in the optimal file
-    for optimal.google as resource, details {
-        # Skip processing for the 'policies_url' key
-        if resource == "policies_url" {
-            continue
-        }
-
-        # Ensure the resource exists in the approved file and has an optimal property
-        if resource in approved.google and "optimal" in approved.google[resource] {
-            approved_types = approved.google[resource].optimal
-
-            # Iterate over each optimal instance type for the resource
-            for details.optimal as type {
-                # If the instance type is not approved, set all_valid to false
-                if type not in approved_types {
-                    all_valid = false
-                    break  # Found an unapproved type, no need to check further
-                }
-            }
-        } else {
-            all_valid = false
-        }
-
-        # Break out of the loop if a validation failure is detected
-        if not all_valid {
-            break
-        }
-    }
-
-    # If validation fails, print a specific message
-    if !all_valid {
-        print("New Intel optimal instance type recommendations are available. \n Update your policy library to take advantage of the latest series of performance and security enhancements available from Intel \n For instructions on staying up to date see https://github.com/intel/intel-policy-library")
-    }
-
-    # Return the validation result
-    return all_valid
+	# Assume all instance types are valid initially
+	all_valid = true
+
+	# Iterate over each GOOGLE resource in the optimal file
+	for optimal.google as resource, details {
+		# Skip processing for the 'policies_url' key
+		if resource == "policies_url" {
+			continue
+		}
+
+		# Ensure the resource exists in the approved file and has an optimal property
+		if resource in approved.google and "optimal" in approved.google[resource] {
+			approved_types = approved.google[resource].optimal
+
+			# Iterate over each optimal instance type for the resource
+			for details.optimal as type {
+				# If the instance type is not approved, set all_valid to false
+				if type not in approved_types {
+					all_valid = false
+					break # Found an unapproved type, no need to check further
+				}
+			}
+		} else {
+			all_valid = false
+		}
+
+		# Break out of the loop if a validation failure is detected
+		if not all_valid {
+			break
+		}
+	}
+
+	# If validation fails, print a specific message
+	if !all_valid {
+		print("New Intel optimal instance type recommendations are available. \n Update your policy library to take advantage of the latest series of performance and security enhancements available from Intel \n For instructions on staying up to date see https://github.com/intel/intel-policy-library")
+	}
+
+	# Return the validation result
+	return all_valid
 }
 
 # New updates are available from Intel. Please update your policy library
 main = rule {
-    validate_instance_types()
+	validate_instance_types()
 }