Policy types for @turbot/turbot
- Turbot > Change Window
- Turbot > Change Window > Schedule
- Turbot > Claim Precedence [Default]
- Turbot > Firehose
- Turbot > Interval
- Turbot > Mod > Auto Update
- Turbot > Mod > Auto Update > Desired Version
- Turbot > Mod > Auto Update > Schedule
- Turbot > Mod > Auto Update > Version Range
- Turbot > Notifications
- Turbot > Notifications > Email
- Turbot > Notifications > Email > Action Template
- Turbot > Notifications > Email > Action Template > Batch Body
- Turbot > Notifications > Email > Action Template > Batch Subject
- Turbot > Notifications > Email > Action Template > Body
- Turbot > Notifications > Email > Action Template > Subject
- Turbot > Notifications > Email > Control Template
- Turbot > Notifications > Email > Control Template > Batch Body
- Turbot > Notifications > Email > Control Template > Batch Subject
- Turbot > Notifications > Email > Control Template > Body
- Turbot > Notifications > Email > Control Template > Subject
- Turbot > Notifications > Email > From Email Address
- Turbot > Notifications > Email > SMTP Endpoint
- Turbot > Notifications > Email > SMTP Password
- Turbot > Notifications > Email > SMTP Port
- Turbot > Notifications > Email > SMTP Username
- Turbot > Notifications > Microsoft Teams
- Turbot > Notifications > Microsoft Teams > Action Template
- Turbot > Notifications > Microsoft Teams > Action Template > Batch Body
- Turbot > Notifications > Microsoft Teams > Action Template > Body
- Turbot > Notifications > Microsoft Teams > Control Template
- Turbot > Notifications > Microsoft Teams > Control Template > Batch Body
- Turbot > Notifications > Microsoft Teams > Control Template > Body
- Turbot > Notifications > Rule-Based Routing
- Turbot > Notifications > Slack
- Turbot > Notifications > Slack > Action Template
- Turbot > Notifications > Slack > Action Template > Batch Body
- Turbot > Notifications > Slack > Action Template > Body
- Turbot > Notifications > Slack > Control Template
- Turbot > Notifications > Slack > Control Template > Batch Body
- Turbot > Notifications > Slack > Control Template > Body
- Turbot > Quick Actions
- Turbot > Quick Actions > Enabled
- Turbot > Quick Actions > Permission Levels
- Turbot > Runnable Monitor
- Turbot > Stack Ansible Version [Default]
- Turbot > Stack Terraform Version [Default]
- Turbot > Tags
- Turbot > Tags > Transform Rules
- Turbot > Workspace
- Turbot > Workspace > API Secrets
- Turbot > Workspace > Controls Metadata Batch Size
- Turbot > Workspace > Dependencies Batch Size
- Turbot > Workspace > Domain Name
- Turbot > Workspace > Feature Flags
- Turbot > Workspace > Gateway Domain Name
- Turbot > Workspace > Notifications Batch Size
- Turbot > Workspace > Policy Value Maintenance
- Turbot > Workspace > Policy Value Maintenance > Account List
- Turbot > Workspace > Policy Value Maintenance > Last Run
- Turbot > Workspace > Policy Values History Cleanup Batch Size
- Turbot > Workspace > Policy values Metadata Batch Size
- Turbot > Workspace > Resources Metadata Batch Size
- Turbot > Workspace > Retention
- Turbot > Workspace > Retention > Debug Log Purge Limit
- Turbot > Workspace > Retention > Debug Log Retention
- Turbot > Workspace > Retention > Maximum Retention
- Turbot > Workspace > Retention > Minimum Retention
- Turbot > Workspace > Retention > Process Retention
- Turbot > Workspace > Retention > Process Version Purge Limit
- Turbot > Workspace > Retention > Resource Purge Limit
- Turbot > Workspace > Search Data Batch Size
- Turbot > Workspace > Webhook Secrets
- Turbot > Workspace > Webhook Secrets > Expiration Period
- Turbot > Workspace > Webhook Secrets > Rotation
- Turbot > Workspace > Workspace URL
- Turbot > Workspace > Workspace Version
Turbot > Change Window
Determines which (if any) changes are allowed outside of the change
window. By default, all changes are allowed.
If this policy is not set to All Changes
, then Turbot will not
automatically run any actions that would alter a resource. Instead, it
will queue them to run during the next change windows.
If set to allow Forced Changes Only
, actions will not run automatically,
however a user may choose to run a control manually.
During the change window, all changes are allowed, and any queued actions
will run.
tmod:@turbot/turbot#/policy/types/changeWindow
[ "No Changes", "Forced Changes Only", "Turbot Event Handlers Only", "Turbot Event Handlers and Forced Changes Only", "All Changes"]
{ "type": "string", "enum": [ "No Changes", "Forced Changes Only", "Turbot Event Handlers Only", "Turbot Event Handlers and Forced Changes Only", "All Changes" ], "default": "All Changes"}
Turbot > Change Window > Schedule
The period of time when Turbot is permitted to apply changes to resources.
This policy allows you to define recurring schedules and durations in which
changes are allowed to occur. During change windows, all changes are
allowed, and any queued actions will run.
Turbot assumes UTC.
The format of this policy is a list of yaml object, each
with a name, description, a start time, and duration
(in hours). For example:<br />- name: Weekly<br /> description: 'Weekly, Sundays 2am-8am'<br /> cron: '0 02 * * SUN'<br /> duration: 6<br /><br />- name: Daily<br /> description: 'Daily, 10pm - 2am'<br /> start: 'at 10:00pm'<br /> duration: 4<br />
tmod:@turbot/turbot#/policy/types/changeWindowSchedule
{ "type": "array", "items": { "type": "object", "properties": { "description": { "type": "string", "minLength": 1, "maxLength": 64 }, "duration": { "type": "number", "minimum": 1, "maximum": 24 }, "name": { "type": "string", "minLength": 1, "maxLength": 64 }, "start": { "type": "string", "minLength": 1, "maxLength": 64 }, "cron": { "type": "string", "minLength": 1, "maxLength": 64 } }, "anyOf": [ { "required": [ "description", "duration", "name", "cron" ] }, { "required": [ "description", "duration", "name", "start" ] } ], "additionalProperties": false, ".turbot": { "uri": "tmod:@turbot/turbot#/definitions/changeWindowSchedule", "modUri": "tmod:@turbot/turbot" } }, "default": []}
Turbot > Claim Precedence [Default]
An ordered list of who is allowed to claim a resource. A stack cannot
claim a resource if it is already claimed by another stack at a higher
level of precedence.
By default, all resources are configured to use the precedence defined
here, though they can override their Claim Precedence.
The list is comprised of Turbot control type references, as well
as constants:
- current - The current stack (usually the one that created it)
- source - The Configured > Source
sub-policy
The references will allow wildcards following standard bash globbing.
Note that *
matches any character except /
. Use **
to match
recursively.
tmod:@turbot/turbot#/policy/types/claimPrecedenceDefault
{ "type": "array", "items": { "type": "string" }, "default": [ "**" ]}
Turbot > Firehose
Turbot Firehose
Turbot > Interval
Define an interval at which all instances of a control or policy type will be automatically
re-run. For example, if set to days: 1
for a control then it will always be run at least
daily.
Note: It is rare to set this policy, and often a temporary measure. Control
and policy types define their interval by default if required, and make
extensive use of automated triggers in Turbot.
tmod:@turbot/turbot#/policy/types/interval
Turbot > Mod > Auto Update
Specify if this mod should be automatically updated from the Turbot
registry. The current version is checked against the Turbot > Mod ><br />Desired Version
policy, which is calculated from the Turbot > Mod ><br />Version Range
policy.Check
will alarm if the version is out of date, while Enforce
will
attempt to automatically update the mod.
If dependencies for the update are not met, then the update will simply be
tried again later.
tmod:@turbot/turbot#/policy/types/modAutoUpdate
[ "Skip", "Check", "Enforce", "Enforce within Mod Change Window"]
{ "type": "string", "enum": [ "Skip", "Check", "Enforce", "Enforce within Mod Change Window" ], "default": "Skip"}
Turbot > Mod > Auto Update > Desired Version
The desired version of the mod, usually calculated by matching Turbot ><br />Mod > Version Range
against mod versions currently available in the Turbot
Registry.
The desired version is then used by Turbot > Mod > Auto Update
to determine
if an update is available, and the target version to use.
tmod:@turbot/turbot#/policy/types/modDesiredVersion
{ "type": "string"}
Turbot > Mod > Auto Update > Schedule
The period of time when Turbot is permitted to apply changes to Mod using Mod's Auto Update control.
Turbot assumes UTC.
The format of this policy is a list of yaml object, each
with a name, description, a start time, and duration
(in hours). For example:<br />- name: Weekly<br /> description: 'Weekly, Sundays 2am-8am'<br /> cron: '0 02 * * SUN'<br /> duration: 6<br /><br />- name: Daily<br /> description: 'Daily, 10pm - 2am'<br /> start: 'at 10:00pm'<br /> duration: 4<br />
tmod:@turbot/turbot#/policy/types/modChangeWindowSchedule
{ "type": "array", "items": { "type": "object", "properties": { "description": { "type": "string", "minLength": 1, "maxLength": 64 }, "duration": { "type": "number", "minimum": 1, "maximum": 24 }, "name": { "type": "string", "minLength": 1, "maxLength": 64 }, "start": { "type": "string", "minLength": 1, "maxLength": 64 }, "cron": { "type": "string", "minLength": 1, "maxLength": 64 } }, "anyOf": [ { "required": [ "description", "duration", "name", "cron" ] }, { "required": [ "description", "duration", "name", "start" ] } ], "additionalProperties": false, ".turbot": { "uri": "tmod:@turbot/turbot#/definitions/changeWindowSchedule", "modUri": "tmod:@turbot/turbot" } }, "default": []}
Turbot > Mod > Auto Update > Version Range
Specify the allowed range of versions for this mod. This version range is
used to calculate Turbot > Mod > Desired Version
, so the mod can be
automatically updated per Turbot > Mod > Auto Update
.
Special string values are automatically replaced in this policy:
| Value | Description
|-|-
| {{MAJOR}}
| The major version of the currently installed mod. if no mod is installed, the major version of latest recommended release.
| {{MINOR}}
| The minor version of the currently installed mod. if no mod is installed, the minor version of latest recommended release.
| {{PATCH}}
| The patch version of the currently installed mod. if no mod is installed, the patch version of latest recommended release.
Examples:
| Value | Description
|-|-
| ^{{MAJOR}}
| Latest version in the same major release that is installed
| ^{{MAJOR}}.{{MINOR}}.{{PATCH}}
| Latest version in the same major release that is installed that is greater than or equal to the version currently installed
| ^5
or 5.*
| Latest version in the 5.x major release
| ~{{MAJOR}}.{{MINOR}}
or {{MAJOR}}.{{MINOR}}.*
| Latest version in the same minor release that is installed
| ~4.5
or 4.5.*
| Latest version in the 4.5 minor release
| {{MAJOR}}.{{MINOR}}.{{PATCH}}
| Currently installed version exactly (essentially, same as Skip)
| *
| Latest version
| >=5
| Latest version, but at least version 5
tmod:@turbot/turbot#/policy/types/modVersionRange
{ "type": "string", "pattern": "^((\\^|~|>|>=|<|<=)?(0|[1-9]\\d*)\\.?(\\*|0|[1-9]\\d*)?\\.?(\\*|0|[1-9]\\d*)?(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?|\\*|(\\^|~|>|>=|<|<=)?({{MAJOR}})?\\.?({{MINOR}}|\\*)?\\.?({{PATCH}}|\\*)?)$", "default": "^{{MAJOR}}"}
Turbot > Notifications
Enable notifications for control state changes and automatic remediation taken by Turbot.
Enabling notifications for these control state changes and automatic remediation actions allows users to stay informed about changes to their cloud resources and to monitor the actions taken by Turbot to remediate non-compliant resources.
These notifications can be sent via various channels such as email, slack and teams.
tmod:@turbot/turbot#/policy/types/notifications
[ "Enabled", "Disabled"]
{ "type": "string", "enum": [ "Enabled", "Disabled" ], "default": "Disabled"}
Turbot > Notifications > Email
tmod:@turbot/turbot#/policy/types/notificationsEmail
Turbot > Notifications > Email > Action Template
tmod:@turbot/turbot#/policy/types/notificationsEmailActionTemplate
Turbot > Notifications > Email > Action Template > Batch Body
Customize or format messages that are sent to a Email channel for action.
When rendering messages for Email using Nunjucks, users can create templates that include placeholders for variables or dynamic content. These placeholders can then be populated with data at runtime, allowing messages to be customized based on specific conditions or events.
tmod:@turbot/turbot#/policy/types/notificationsEmailActionTemplateBatchBody
{ "type": "string", "x-schema-form": { "type": "code", "language": "hcl" }, "default": "{% input %}\nquery notificationDetails($filter: [String!], $resourceId: ID!) {\n workspaceUrl: policyValue(\n uri: \"tmod:@turbot/turbot#/policy/types/workspaceUrl\"\n resourceId: $resourceId\n ) {\n value\n }\n turbotId: resource(id: \"tmod:@turbot/turbot#/\") {\n turbot {\n id\n }\n }\n notifications(filter: $filter) {\n items {\n notificationType\n message\n resource {\n turbot {\n id\n }\n trunk {\n title\n }\n }\n turbot {\n createTimestamp\n }\n }\n }\n}\n\n{% endinput %}\n\n<!DOCTYPE html>\n<html>\n <head>\n <meta charset=\"UTF-8\">\n <title>Email Content</title>\n </head>\n <body>\n <div>\n {%- for item in $.notifications.items %}\n <p style=\"font-size: small; font-family: Arial, Helvetica, sans-serif; margin-top: 0; margin-bottom: 0;\">\n <a style=\"color: #0000FF; text-decoration: none;\" href=\"{{domain}}/resources/{{ item.resource.turbot.id }}\">{{ item.resource.trunk.title }}</a>\n </p>\n <p style=\"font-size: small; font-family: Arial, Helvetica, sans-serif; margin-top: 0; margin-bottom: 0;\">{{ item.message }}</p>\n <p style=\"font-size: small; font-family: Arial, Helvetica, sans-serif; margin-top: 0; margin-bottom: 0;\">{{ item.turbot.createTimestamp }} UTC</p>\n <br>\n {%- endfor %}\n </div>\n <div style=\"font-size: 11px; color: #848884;\">\n You have been subscribed to these email alerts by the system administrator of <a style=\"color: #0000FF; text-decoration: none;\" href=\"{{domain}}\">{{domain}}</a>. Please contact them directly for changes.\n </div>\n </body>\n</html>\n"}
Turbot > Notifications > Email > Action Template > Batch Subject
Customize the subject of the mail to be sent to a Email channel for action.
This policy enables the customization of the subject line for emails sent to an Email channel. By utilizing this policy, users can modify the subject of the main email, allowing for more personalized and informative email notifications
tmod:@turbot/turbot#/policy/types/notificationsEmailActionTemplateBatchSubject
{ "type": "string", "x-schema-form": { "type": "code", "language": "hcl" }, "default": "{% input %}\nquery notificationDetails($filter: [String!], $resourceId: ID!) {\n workspaceUrl: policyValue(\n uri: \"tmod:@turbot/turbot#/policy/types/workspaceUrl\"\n resourceId: $resourceId\n ) {\n value\n }\n notifications(filter: $filter) {\n items {\n notificationType\n message\n resource {\n turbot {\n id\n }\n trunk {\n title\n }\n }\n turbot {\n createTimestamp\n }\n }\n }\n}\n{% endinput %}\n\n{%- if domain %}\n {% set workspace = domain.split('/')[2].split('.')[0] %}\n [{{ workspace }}] {{ $.notifications.items.length }} actions by Turbot\n{%- else %}\n {{ $.notifications.items.length }} actions by Turbot\n{%- endif %}\n"}
Turbot > Notifications > Email > Action Template > Body
Customize or format messages that are sent to a Email channel for action.
When rendering messages for Email using Nunjucks, users can create templates that include placeholders for variables or dynamic content. These placeholders can then be populated with data at runtime, allowing messages to be customized based on specific conditions or events.
tmod:@turbot/turbot#/policy/types/notificationsEmailActionTemplateBody
{ "type": "string", "x-schema-form": { "type": "code", "language": "hcl" }, "default": "{% input %}\nquery controlGet($id: ID!, $resourceId: ID!, $notificationId: ID!) {\n workspaceUrl: policyValue(\n uri: \"tmod:@turbot/turbot#/policy/types/workspaceUrl\"\n resourceId: $resourceId\n ) {\n value\n }\n notification(id: $notificationId) {\n message\n resource {\n turbot{\n id\n }\n trunk {\n title\n }\n }\n turbot {\n createTimestamp\n }\n }\n control(id: $id) {\n turbot{\n id\n }\n type {\n trunk {\n title\n }\n }\n }\n}\n\n{% endinput %}\n\n<!DOCTYPE html>\n<html>\n <head>\n <meta charset=\"UTF-8\">\n <title>Email Content</title>\n </head>\n <body>\n <p style=\"color: #999999; font-size: 10px; font-family: Arial, Helvetica, sans-serif; margin-bottom: 0;\">RESOURCE</p>\n <p style=\"font-size: small; font-family: Arial, Helvetica, sans-serif; margin-top: 0;\">\n <a style=\"color: #0000FF; text-decoration: none;\" href=\"{{ domain }}/resources/{{$.notification.resource.turbot.id }}\">{{ $.notification.resource.trunk.title | replace('>', '>')}}</a>\n </p>\n <p style=\"color: #999999; font-size: 10px; font-family: Arial, Helvetica, sans-serif; margin-bottom: 0; margin-top: 20px;\">CONTROL</p>\n <p style=\"font-size: small; font-family: Arial, Helvetica, sans-serif; margin-top: 0;\">\n <a style=\"color: #0000FF; text-decoration: none;\" href=\"{{ domain }}/controls/{{$.control.turbot.id }}\">{{ $.control.type.trunk.title | replace('>', '>')}}</a>\n </p>\n <p style=\"color: #999999; font-size: 10px; font-family: Arial, Helvetica, sans-serif; margin-bottom: 0; margin-top: 20px;\">REASON</p>\n <p style=\"font-size: small; font-family: Arial, Helvetica, sans-serif; margin-top: 0;\">{{ $.notification.message }}</p>\n <p style=\"color: #999999; font-size: 10px; font-family: Arial, Helvetica, sans-serif; margin-bottom: 0; margin-top: 20px;\">TIMESTAMP</p>\n <p style=\"font-size: small; font-family: Arial, Helvetica, sans-serif; margin-top: 0;\">{{ $.notification.turbot.createTimestamp }} UTC <a style=\"color: #0000FF; text-decoration: none;\" href=\"{{ domain }}/processes/{{ process.id }}/logs?filter=logLevel%3A>%3Dinfo\">[Log]</a></p>\n <div style=\"font-size: 11px; color: #848884; margin-top: 20px;\">\n You have been subscribed to these email alerts by the system administrator of <a style=\"color: #0000FF; text-decoration: none;\" href=\"{{ domain }}\">{{ domain }}</a>. Please contact them directly for changes.\n </div>\n </body>\n</html>\n"}
Turbot > Notifications > Email > Action Template > Subject
Customize the subject of the mail to be sent to a Email channel for action.
This policy enables the customization of the subject line for emails sent to an Email channel. By utilizing this policy, users can modify the subject of the main email, allowing for more personalized and informative email notifications
tmod:@turbot/turbot#/policy/types/notificationsEmailActionTemplateSubject
{ "type": "string", "x-schema-form": { "type": "code", "language": "hcl" }, "default": "{% input %}\nquery controlGet($id: ID!, $resourceId: ID!, $notificationId: ID!) {\n workspaceUrl: policyValue(\n uri: \"tmod:@turbot/turbot#/policy/types/workspaceUrl\"\n resourceId: $resourceId\n ) {\n value\n }\n control(id: $id) {\n state\n type {\n title\n trunk {\n title\n }\n }\n reason\n resource {\n type{\n title\n }\n metadata\n trunk {\n title\n }\n }\n }\n notification(id: $notificationId) {\n message\n resource {\n turbot{\n id\n }\n trunk {\n title\n }\n }\n turbot {\n createTimestamp\n }\n }\n}\n\n{% endinput %}\n\n{%- if domain %}\n {% set workspace = domain.split('/')[2].split('.')[0] %}\n [{{ workspace }}] Turbot has \"{{ $.notification.message }}\" for {{ $.control.resource.trunk.title }} at {{ $.notification.turbot.createTimestamp }} UTC\n{%- else %}\n Turbot has \"{{ $.notification.message }}\" for {{ $.control.resource.trunk.title }} at {{ $.notification.turbot.createTimestamp }} UTC\n{%- endif %}"}
Turbot > Notifications > Email > Control Template
tmod:@turbot/turbot#/policy/types/notificationsEmailControlTemplate
Turbot > Notifications > Email > Control Template > Batch Body
Customize or format messages that are sent to a Email channel for control.
When rendering messages for Email using Nunjucks, users can create templates that include placeholders for variables or dynamic content. These placeholders can then be populated with data at runtime, allowing messages to be customized based on specific conditions or events.
tmod:@turbot/turbot#/policy/types/notificationsEmailControlTemplateBatchBody
{ "type": "string", "x-schema-form": { "type": "code", "language": "hcl" }, "default": "{% input %}\nquery notificationDetails($filter: [String!], $resourceId: ID!) {\n workspaceUrl: policyValue(uri: \"tmod:@turbot/turbot#/policy/types/workspaceUrl\", resourceId:$resourceId) {\n value\n }\n notifications(filter: $filter) {\n items {\n control {\n state\n reason\n details\n lastProcess {\n turbot {\n id\n }\n }\n type {\n trunk {\n title\n }\n }\n turbot {\n versionId\n id\n updateTimestamp\n }\n resource {\n turbot {\n id\n }\n trunk {\n title\n }\n type {\n trunk {\n title\n }\n }\n }\n }\n oldControl {\n state\n reason\n details\n }\n turbot {\n createTimestamp\n }\n }\n }\n}\n\n{% endinput %}\n\n\n<!DOCTYPE html>\n<html>\n <head>\n <meta charset=\"UTF-8\">\n <title>Email Content</title>\n </head>\n <body>\n <div>\n {%- for item in $.notifications.items %}\n <p style=\"font-size: small; font-family: Arial, Helvetica, sans-serif; margin-top: 0; margin-bottom: 0;\">\n <a style=\"color: #0000FF; text-decoration: none;\" href=\"{{domain}}/resources/{{ item.control.resource.turbot.id }}\">{{ item.control.resource.trunk.title }}</a>\n </p>\n <p style=\"font-size: small; font-family: Arial, Helvetica, sans-serif; margin-top: 0; margin-bottom: 0;\">\n <a style=\"color: #0000FF; text-decoration: none;\" href=\"{{domain}}/controls/{{item.control.turbot.id}}\">{{ item.control.type.trunk.title}}</a>\n </p>\n <p style=\"font-size: small; font-family: Arial, Helvetica, sans-serif; margin-top: 0; margin-bottom: 0;\">{% if item.oldControl.state == 'ok' %}OK{% elif item.oldControl.state == 'tbd'%}TBD{% else %}{{ item.oldControl.state | capitalize }}{% endif %} → <span style=\"font-weight: bold; {% if item.control.state == 'alarm' or item.control.state == 'error' %}color: #CC0000;{% elif item.control.state == 'ok' %}color: #36a64f;{% else %}color: #d3d3d3;{% endif %}\">{% if item.control.state == 'ok' %}OK{% elif item.control.state == 'tbd'%}TBD{% else %}{{ item.control.state | capitalize }}{% endif %}</span></p>\n <p style=\"font-size: small; font-family: Arial, Helvetica, sans-serif; margin-top: 0; margin-bottom: 0;\">{{ item.control.reason }}</p>\n <p style=\"font-size: small; font-family: Arial, Helvetica, sans-serif; margin-top: 0; margin-bottom: 0;\">{{ item.turbot.createTimestamp }} UTC <a style=\"color: #0000FF; text-decoration: none;\" href=\"{{ domain }}/processes/{{ item.control.lastProcess.turbot.id }}/logs?filter=logLevel%3A>%3Dinfo\">[Log]</a></p>\n <br>\n {%- endfor %}\n </div>\n <div style=\"font-size: 11px; color: #848884;\">\n You have been subscribed to these email alerts by the system administrator of <a style=\"color: #0000FF; text-decoration: none;\" href=\"{{domain}}\">{{domain}}</a>. Please contact them directly for changes.\n </div>\n\n </body>\n</html>\n\n\n"}
Turbot > Notifications > Email > Control Template > Batch Subject
Customize the subject of the mail to be sent to a Email channel for control.
This policy enables the customization of the subject line for emails sent to an Email channel. By utilizing this policy, users can modify the subject of the main email, allowing for more personalized and informative email notifications
tmod:@turbot/turbot#/policy/types/notificationsEmailControlTemplateBatchSubject
{ "type": "string", "x-schema-form": { "type": "code", "language": "hcl" }, "default": "{% input %}\nquery notificationDetails($filter: [String!], $resourceId: ID!) {\n workspaceUrl: policyValue(uri: \"tmod:@turbot/turbot#/policy/types/workspaceUrl\", resourceId:$resourceId) {\n value\n }\n notifications(filter: $filter) {\n items {\n turbot {\n id\n }\n }\n }\n}\n\n{% endinput %}\n\n{%- if domain %}\n {% set workspace = domain.split('/')[2].split('.')[0] %}\n [{{ workspace }}] {{ $.notifications.items.length }} control updates\n{%- else %}\n {{ $.notifications.items.length }} control updates\n{%- endif %}\n"}
Turbot > Notifications > Email > Control Template > Body
Customize or format messages that are sent to a Email channel for control.
When rendering messages for Email using Nunjucks, users can create templates that include placeholders for variables or dynamic content. These placeholders can then be populated with data at runtime, allowing messages to be customized based on specific conditions or events.
tmod:@turbot/turbot#/policy/types/notificationsEmailControlTemplateBody
{ "type": "string", "x-schema-form": { "type": "code", "language": "hcl" }, "default": "{% input %}\nquery controlGet($id: ID!, $resourceId: ID!, $filter: [String!]) {\n workspaceUrl: policyValue(uri: \"tmod:@turbot/turbot#/policy/types/workspaceUrl\", resourceId:$resourceId){\n value\n }\n oldControl: control(id: $id) {\n actor {\n identity {\n picture\n turbot {\n title\n id\n }\n }\n }\n state\n reason\n details\n type {\n trunk {\n title\n }\n }\n turbot {\n createTimestamp\n updateTimestamp\n id\n }\n resource {\n turbot {\n id\n }\n trunk {\n title\n }\n type {\n title\n }\n }\n }\n quickActions: controlTypes(filter: $filter) {\n items {\n actionTypes{\n items{\n title\n icon\n description\n uri\n confirmationType\n defaultActionPermissionLevels\n turbot {\n id\n }\n }\n }\n }\n }\n}\n\n{% endinput %}\n\n<!DOCTYPE html>\n<html>\n <head>\n <meta charset=\"UTF-8\">\n <title>Email Content</title>\n </head>\n <body>\n <p style=\"color: #999999; font-size: 10px; font-family: Arial, Helvetica, sans-serif; margin-bottom: 0;\">RESOURCE</p>\n <p style=\"font-size: small; font-family: Arial, Helvetica, sans-serif; margin-top: 0;\">\n <a style=\"color: #0000FF; text-decoration: none;\" href=\"{{ domain }}/resources/{{$.oldControl.resource.turbot.id }}\">{{ $.oldControl.resource.trunk.title | replace('>', '>')}}</a>\n </p>\n <p style=\"color: #999999; font-size: 10px; font-family: Arial, Helvetica, sans-serif; margin-bottom: 0; margin-top: 20px;\">CONTROL</p>\n <p style=\"font-size: small; font-family: Arial, Helvetica, sans-serif; margin-top: 0;\">\n <a style=\"color: #0000FF; text-decoration: none;\" href=\"{{ domain }}/controls/{{$.oldControl.turbot.id }}\">{{ $.oldControl.type.trunk.title | replace('>', '>')}}</a>\n </p>\n <p style=\"color: #999999; font-size: 10px; font-family: Arial, Helvetica, sans-serif; margin-bottom: 0; margin-top: 20px;\">STATUS</p>\n <p style=\"font-size: small; font-family: Arial, Helvetica, sans-serif; margin-top: 0;\">{% if $.oldControl.state == 'ok' %}OK{% elif $.oldControl.state == 'tbd'%}TBD{% else %}{{ $.oldControl.state | capitalize }}{% endif %} → <span style=\"font-weight: bold; {% if newControl.state == 'alarm' or newControl.state == 'error' %}color: #CC0000;{% elif newControl.state == 'ok' %}color: #36a64f;{% else %}color: #d3d3d3;{% endif %}\">{% if newControl.state == 'ok' %}OK{% elif newControl.state == 'tbd'%}TBD{% else %}{{ newControl.state | capitalize }}{% endif %}</span></p>\n <p style=\"color: #999999; font-size: 10px; font-family: Arial, Helvetica, sans-serif; margin-bottom: 0; margin-top: 20px;\">REASON</p>\n <p style=\"font-size: small; font-family: Arial, Helvetica, sans-serif; margin-top: 0;\">{{ newControl.reason }}</p>\n {%- if $.quickActions.items and $.quickActions.items[0].actionTypes and $.quickActions.items[0].actionTypes.items.length > 0 %}\n <p style=\"color: #999999; font-size: 10px; font-family: Arial, Helvetica, sans-serif; margin-bottom: 0; margin-top: 20px;\">QUICK ACTIONS</p>\n <p style=\"font-size: small; font-family: Arial, Helvetica, sans-serif; margin-top: 0;\">\n {% for item in $.quickActions.items[0].actionTypes.items -%}\n → <a style=\"color: #0000FF; text-decoration: none;\" href=\"{{ domain }}/resources/{{ $.oldControl.resource.turbot.id }}?executeActionType={{ item.uri | replace('#', '%23')}}\">{{ item.title }}</a><br>\n {% endfor -%}\n </p>\n {% endif -%}\n <p style=\"color: #999999; font-size: 10px; font-family: Arial, Helvetica, sans-serif; margin-bottom: 0; margin-top: 20px;\">TIMESTAMP</p>\n <p style=\"font-size: small; font-family: Arial, Helvetica, sans-serif; margin-top: 0;\">{{ newControl.turbot.updateTimestamp }} UTC <a style=\"color: #0000FF; text-decoration: none;\" href=\"{{ domain }}/processes/{{ process.id }}/logs?filter=logLevel%3A>%3Dinfo\">[Log]</a></p>\n <div style=\"font-size: 11px; color: #848884; margin-top: 20px;\">\n You have been subscribed to these email alerts by the system administrator of <a style=\"color: #0000FF; text-decoration: none;\" href=\"{{ domain }}\">{{ domain }}</a>. Please contact them directly for changes.\n </div>\n </body>\n</html>\n"}
Turbot > Notifications > Email > Control Template > Subject
Customize the subject of the mail to be sent to a Email channel for control.
This policy enables the customization of the subject line for emails sent to an Email channel. By utilizing this policy, users can modify the subject of the main email, allowing for more personalized and informative email notifications
tmod:@turbot/turbot#/policy/types/notificationsEmailControlTemplateSubject
{ "type": "string", "x-schema-form": { "type": "code", "language": "hcl" }, "default": "{% input %}\nquery controlGet($id: ID!, $resourceId: ID!) {\n workspaceUrl: policyValue(uri: \"tmod:@turbot/turbot#/policy/types/workspaceUrl\", resourceId:$resourceId){\n value\n }\n oldControl: control(id: $id) {\n state\n type {\n title\n trunk {\n title\n }\n }\n reason\n resource {\n type {\n title\n }\n metadata\n trunk {\n title\n }\n }\n turbot {\n updateTimestamp\n createTimestamp\n }\n }\n}\n\n\n\n{% endinput %}\n\n{%- if domain %}\n {% set workspace = domain.split('/')[2].split('.')[0] %}\n \"[{{workspace}}] {% if $.oldControl.state == 'tbd' or $.oldControl.state == 'ok' %}{{ $.oldControl.state | upper }}{% else %}{{ $.oldControl.state | capitalize }}{% endif %} → {% if newControl.state == 'tbd' or newControl.state == 'ok' %}{{ newControl.state | upper }}{% else %}{{ newControl.state | capitalize }}{% endif %}: {{ $.oldControl.type.trunk.title }} for {{ $.oldControl.resource.trunk.title }} at {{ newControl.turbot.updateTimestamp }} UTC\"\n{%- else %}\n {% set workspace = \"\" %}\n \"{% if $.oldControl.state == 'tbd' or $.oldControl.state == 'ok' %}{{ $.oldControl.state | upper }}{% else %}{{ $.oldControl.state | capitalize }}{% endif %} → {% if newControl.state == 'tbd' or newControl.state == 'ok' %}{{ newControl.state | upper }}{% else %}{{ newControl.state | capitalize }}{% endif %}: {{ $.oldControl.type.trunk.title }} for {{ $.oldControl.resource.trunk.title }} at {{ newControl.turbot.updateTimestamp }} UTC\"\n{%- endif %}\n"}
Turbot > Notifications > Email > From Email Address
Refers to the email address that will appear in the From
field of the email sent to the recipient.
When setting up Turbot notifications, you can configure the "From Email Address" to be any email address you have access to, such as an email address associated with your organization or a personal email address. It is important to ensure that the email address is valid and has been verified to ensure successful delivery of the email.
tmod:@turbot/turbot#/policy/types/notificationsEmailFromAddress
{ "type": "string", "default": ""}
Turbot > Notifications > Email > SMTP Endpoint
The SMTP host through which email will be sent.
tmod:@turbot/turbot#/policy/types/notificationsEmailSmtpEndpoint
{ "type": "string", "default": ""}
Turbot > Notifications > Email > SMTP Password
The SMTP password.
tmod:@turbot/turbot#/policy/types/notificationsEmailSmtpPassword
{ "type": "string", "default": ""}
Turbot > Notifications > Email > SMTP Port
The SMTP port to connect via.
tmod:@turbot/turbot#/policy/types/notificationsEmailSmtpPort
{ "type": "number", "default": 587}
Turbot > Notifications > Email > SMTP Username
The SMTP user name used to authenticate against the SMTP server.
tmod:@turbot/turbot#/policy/types/notificationsEmailSmtpUsername
{ "type": "string", "default": ""}
Turbot > Notifications > Microsoft Teams
tmod:@turbot/turbot#/policy/types/notificationsMsTeams
Turbot > Notifications > Microsoft Teams > Action Template
tmod:@turbot/turbot#/policy/types/notificationsMsTeamsActionTemplate
Turbot > Notifications > Microsoft Teams > Action Template > Batch Body
Customize or format messages that are sent to a MS Teams channel for action.
When rendering messages for MS Teams using Nunjucks, users can create templates that include placeholders for variables or dynamic content. These placeholders can then be populated with data at runtime, allowing messages to be customized based on specific conditions or events.
tmod:@turbot/turbot#/policy/types/notificationsMsTeamsActionTemplateBatchBody
{ "type": "string", "x-schema-form": { "type": "code", "language": "hcl" }, "default": "{% input %}\nquery notificationDetails($filter: [String!], $resourceId: ID!) {\n workspaceUrl: policyValue(\n uri: \"tmod:@turbot/turbot#/policy/types/workspaceUrl\"\n resourceId: $resourceId\n ) {\n value\n }\n turbotId: resource(id: \"tmod:@turbot/turbot#/\") {\n turbot {\n id\n }\n }\n accountableResource: resource(id: $resourceId) {\n turbot {\n id\n }\n trunk{\n title\n }\n }\n notifications(filter: $filter) {\n items {\n notificationType\n message\n resource {\n turbot {\n id\n }\n trunk {\n title\n }\n }\n }\n }\n}\n\n{% endinput %}\n\n{\n \"summary\": \"[{{ $.accountableResource.trunk.title | replace('>', '>')}}]({{ domain }}/resources/{{$.accountableResource.turbot.id}})\",\n \"sections\": [\n {%- for i in range(0, 3) -%}\n {%- if $.notifications.items[i] %}\n {\n \"activityTitle\": \"<a href='{{ domain }}/resources/{{$.notifications.items[i].resource.turbot.id }}' style='font-weight:bold; color:black'>{{ $.notifications.items[i].resource.trunk.title | replace('>', '>')}}</a>\",\n \"activitySubtitle\": \"<span style='font-size: 14px'>_{{ $.notifications.items[i].message }}_</span>\"\n }\n {%- if $.notifications.items.length <= 3 and $.notifications.items.length - 1 > i %},{% endif %}\n {%- if $.notifications.items.length > 3 %},{% endif %}\n {%- endif %}\n {%- endfor %}\n {%- if $.notifications.items.length > 3 %}\n {\n \"activityTitle\": \"[View all {{ $.notifications.items.length }} notifications →]({{ domain }}/resources/{{$.accountableResource.turbot.id}}/activity?search=id:{{notificationIds}}&level=self%2Cdescendant)\",\n \"markdown\": true\n }\n {%- endif %}\n ]\n}\n"}
Turbot > Notifications > Microsoft Teams > Action Template > Body
Customize or format messages that are sent to a MS Teams channel for action.
When rendering messages for MS Teams using Nunjucks, users can create templates that include placeholders for variables or dynamic content. These placeholders can then be populated with data at runtime, allowing messages to be customized based on specific conditions or events.
tmod:@turbot/turbot#/policy/types/notificationsMsTeamsActionTemplateBody
{ "type": "string", "x-schema-form": { "type": "code", "language": "hcl" }, "default": "{% input %}\nquery controlGet($id: ID!, $resourceId: ID!, $notificationId: ID!) {\n workspaceUrl: policyValue(\n uri: \"tmod:@turbot/turbot#/policy/types/workspaceUrl\"\n resourceId: $resourceId\n ) {\n value\n }\n notification(id: $notificationId) {\n message\n resource {\n turbot{\n id\n }\n trunk {\n title\n }\n }\n }\n control(id: $id) {\n turbot{\n id\n }\n type {\n trunk {\n title\n }\n }\n }\n}\n\n{% endinput %}\n\n\n{\n \"themeColor\": \"#36a64f\",\n \"summary\": \"{{ $.control.type.trunk.title }}\",\n \"sections\": [\n {\n \"activityTitle\": \"<a href='{{ domain }}/resources/{{$.notification.resource.turbot.id }}' style='font-weight:bold; color:black'>{{ $.notification.resource.trunk.title | replace('>', '>')}}</a>\\n\\n[{{ $.control.type.trunk.title }}]({{ domain}}/controls/{{$.control.turbot.id }})\",\n \"activitySubtitle\": \"<span style='font-size: 14px'>_{{ $.notification.message }}_</span>\"\n }\n ]\n}\n"}
Turbot > Notifications > Microsoft Teams > Control Template
tmod:@turbot/turbot#/policy/types/notificationsMsTeamsControlTemplate
Turbot > Notifications > Microsoft Teams > Control Template > Batch Body
Customize or format messages that are sent to a MS Teams channel for control.
When rendering messages for MS Teams using Nunjucks, users can create templates that include placeholders for variables or dynamic content. These placeholders can then be populated with data at runtime, allowing messages to be customized based on specific conditions or events.
tmod:@turbot/turbot#/policy/types/notificationsMsTeamsControlTemplateBatchBody
{ "type": "string", "x-schema-form": { "type": "code", "language": "hcl" }, "default": "{% input %}\nquery notificationDetails($filter: [String!], $resourceId: ID!) {\n workspaceUrl: policyValue(\n uri: \"tmod:@turbot/turbot#/policy/types/workspaceUrl\"\n resourceId: $resourceId\n ) {\n value\n }\n turbotId: resource(id: \"tmod:@turbot/turbot#/\") {\n turbot {\n id\n }\n }\n accountableResource: resource(id: $resourceId) {\n turbot {\n id\n }\n trunk{\n title\n }\n }\n notifications(filter: $filter) {\n items {\n data\n control {\n state\n reason\n details\n type {\n trunk {\n title\n }\n }\n turbot {\n versionId\n id\n updateTimestamp\n }\n resource {\n turbot {\n id\n }\n trunk {\n title\n }\n type {\n trunk {\n title\n }\n }\n }\n }\n oldControl {\n state\n reason\n details\n }\n }\n }\n}\n\n{% endinput %}\n\n{\n \"summary\": \"[{{ $.accountableResource.trunk.title | replace('>', '>')}}]({{ domain }}/resources/{{$.accountableResource.turbot.id}})\",\n \"sections\": [\n {%- for i in range(0, 3) -%}\n {%- if $.notifications.items[i] %}\n {\n \"activityTitle\": \"<a href='{{ domain }}/resources/{{$.notifications.items[i].control.resource.turbot.id }}' style='font-weight:bold; color:black'>{{ $.notifications.items[i].control.resource.trunk.title | replace('>', '>')}}</a>\\n\\n[{{ $.notifications.items[i].control.type.trunk.title }}]({{ domain}}/controls/{{$.notifications.items[i].control.turbot.id }})\",\n \"activitySubtitle\": \"<span style='font-size: 14px'>{% if $.notifications.items[i].oldControl.state == 'ok' %}OK{% elif $.notifications.items[i].oldControl.state == 'tbd'%}TBD{% else %}{{ $.notifications.items[i].oldControl.state | capitalize }}{% endif %}</span> → <span style=\\\"font-size: 14px; color: {% if $.notifications.items[i].control.state == 'alarm' or $.notifications.items[i].control.state == 'error' %}#cb1119{% elif $.notifications.items[i].control.state == 'ok' %}#36a64f{% else %}#d3d3d3{% endif %}; font-weight: bold;\\\">{% if $.notifications.items[i].control.state == 'ok' %}OK{% elif $.notifications.items[i].control.state == 'tbd'%}TBD{% else %}{{ $.notifications.items[i].control.state | capitalize }}{% endif %}</span> \\n\\n</span>\\n\\n<span style='font-size: 14px'>_{{ $.notifications.items[i].control.reason }}_</span>\"\n }\n {%- if $.notifications.items.length <= 3 and $.notifications.items.length - 1 > i %},{% endif %}\n {%- if $.notifications.items.length > 3 %},{% endif %}\n {%- endif %}\n {%- endfor %}\n {%- if $.notifications.items.length > 3 %}\n {\n \"activityTitle\": \"[View all {{ $.notifications.items.length }} notifications →]({{ domain }}/resources/{{$.accountableResource.turbot.id}}/activity?search=controlNewVersionId:{{controlIds}}&level=self%2Cdescendant)\",\n \"markdown\": true\n }\n {%- endif %}\n ]\n}"}
Turbot > Notifications > Microsoft Teams > Control Template > Body
Customize or format messages that are sent to a MS Teams channel for control.
When rendering messages for MS Teams using Nunjucks, users can create templates that include placeholders for variables or dynamic content. These placeholders can then be populated with data at runtime, allowing messages to be customized based on specific conditions or events.
tmod:@turbot/turbot#/policy/types/notificationsMsTeamsControlTemplateBody
{ "type": "string", "x-schema-form": { "type": "code", "language": "hcl" }, "default": "{% input %}\nquery controlGet($id: ID!, $resourceId: ID!, $filter: [String!]) {\n workspaceUrl: policyValue(uri: \"tmod:@turbot/turbot#/policy/types/workspaceUrl\", resourceId:$resourceId){\n value\n }\n oldControl: control(id: $id) {\n actor {\n identity {\n picture\n turbot {\n title\n id\n }\n }\n }\n state\n reason\n details\n type {\n trunk {\n title\n }\n }\n turbot {\n createTimestamp\n updateTimestamp\n id\n }\n resource {\n turbot {\n id\n title\n }\n trunk {\n title\n }\n type {\n title\n }\n }\n }\n quickActions: controlTypes(filter: $filter) {\n items {\n actionTypes{\n items{\n title\n icon\n description\n uri\n confirmationType\n defaultActionPermissionLevels\n turbot {\n id\n }\n }\n }\n }\n }\n}\n{% endinput %}\n\n{\n \"themeColor\": \"{% if newControl.state == 'alarm' or newControl.state == 'error' %}#cb1119{% elif newControl.state == 'ok' %}#36a64f{% else %}#d3d3d3{% endif %}\",\n \"summary\": \"{{ $.oldControl.type.trunk.title }}\",\n \"sections\": [\n {\n \"activityTitle\": \"<a href='{{ domain }}/resources/{{$.oldControl.resource.turbot.id }}' style='font-weight:bold; color:black'>{{ $.oldControl.resource.trunk.title | replace('>', '>')}}</a>\\n\\n[{{ $.oldControl.type.trunk.title }}]({{ domain}}/controls/{{$.oldControl.turbot.id }})\",\n \"activitySubtitle\": \"<span style='font-size: 14px'>{% if $.oldControl.state == 'ok' %}OK{% elif $.oldControl.state == 'tbd'%}TBD{% else %}{{ $.oldControl.state | capitalize }}{% endif %} → **{% if newControl.state == 'ok' %}OK{% elif newControl.state == 'tbd'%}TBD{% else %}{{ newControl.state | capitalize }}{% endif %}**</span> \\n\\n</span>\\n\\n<span style='font-size: 14px'>_{{ newControl.reason }}_</span>\"\n }\n {%- if $.quickActions.items[0] -%}\n ,\n {\n \"activityTitle\": \"{%- for item in $.quickActions.items[0].actionTypes.items -%}[⢠{{ item.title }}]( {{ domain }}/resources/{{ $.oldControl.resource.turbot.id }}?executeActionType={{ item.uri | replace('#', '%23')}})\\n\\n {%- endfor %}\",\n \"markdown\": true\n }\n {%- endif %}\n ]\n}\n"}
Turbot > Notifications > Rule-Based Routing
A rule-based routing policy is a mechanism that allows users to filter notifications based on a set of rules. These rules can specify certain conditions or criteria that must be met in order for a notification to be sent to a particular target audience.
For example, a user may create a rule that specifies that notifications should only be sent for a particular resource or control type. If the condition of the rule is satisfied, then the notification will be sent to the target audience. The target audience can be a specific email address, a group of users, or a webhook URL that triggers an action in another system.
By using the notification filter policy, users can reduce noise and ensure that only relevant notifications are sent to the appropriate recipients. This can help to improve the overall efficiency of the notification system and reduce the amount of time users spend processing notifications that are not relevant to their responsibilities.<br />example:<br /> - rules: NOTIFY $.oldControl.state:alarm $.control.state:ok<br /> emails:<br /> - abhinash@gmail.com<br /> slackWebhookUrl: https://hooks.slack.com/services/XXXXXXX/YYYYYYYYYY/ZZZZZZZZZZZZZZ<br /> - rules: |<br /> NOTIFY $.oldControl.state:alarm $.control.state:ok<br /> NOTIFY $.oldControl.state:ok $.control.state:alarm<br /> emails:<br /> - abhinash@gmail.com<br /> slackWebhookUrl: https://hooks.slack.com/services/XXXXXXX/YYYYYYYYYY/ZZZZZZZZZZZZZZ<br /> - rules: |<br /> NOTIFY $.oldControl.state:alarm $.control.state:ok<br /> NOTIFY $.oldControl.state:alarm $.control.state:ok<br /> emails:<br /> - abhinash@gmail.com<br /> msTeamsWebhookUrl: https://XXXXX.webhook.office.com/webhookb2/25bbe4f5-XXXX-YYYY-9fd6-a2cdb9841829@fcdb3d04-ad61-XXXX-ZZZZ-2932a277ddbc/IncomingWebhook/977828d9c021479XxXXXdfd0c4788a0/944a8e14-YYYY-ZZZZ-ZZZZ-6e93612f6c2d<br />
tmod:@turbot/turbot#/policy/types/notificationsRuleBasedRouting
{ "type": "array", "default": [], "items": { "type": "object", "properties": { "rules": { "type": "string" }, "slackWebhookUrl": { "type": "string", "pattern": "https:\\/\\/hooks\\.slack\\.com\\/services\\/[A-Z0-9]+\\/[A-Z0-9]+\\/[A-Za-z0-9]+" }, "msTeamsWebhookUrl": { "type": "string", "pattern": "https:\\/\\/[\\w.-]+\\.webhook\\.office\\.com\\/[\\w\\/\\@-]+" }, "emails": { "type": "array", "maxItems": 5, "items": { "type": "string" } } }, "additionalProperties": false }}
Turbot > Notifications > Slack
tmod:@turbot/turbot#/policy/types/notificationsSlack
Turbot > Notifications > Slack > Action Template
tmod:@turbot/turbot#/policy/types/notificationsSlackActionTemplate
Turbot > Notifications > Slack > Action Template > Batch Body
Customize or format messages that are sent to a Slack channel for action.
When rendering messages for Slack using Nunjucks, users can create templates that include placeholders for variables or dynamic content. These placeholders can then be populated with data at runtime, allowing messages to be customized based on specific conditions or events.
tmod:@turbot/turbot#/policy/types/notificationsSlackActionTemplateBatchBody
{ "type": "string", "x-schema-form": { "type": "code", "language": "hcl" }, "default": "{% input %}\nquery notificationDetails($filter: [String!], $resourceId: ID!) {\n workspaceUrl: policyValue(\n uri: \"tmod:@turbot/turbot#/policy/types/workspaceUrl\"\n resourceId: $resourceId\n ) {\n value\n }\n turbotId: resource(id: \"tmod:@turbot/turbot#/\") {\n turbot {\n id\n }\n }\n accountableResource: resource(id: $resourceId) {\n turbot {\n id\n }\n trunk{\n title\n }\n }\n notifications(filter: $filter) {\n items {\n notificationType\n message\n resource {\n turbot {\n id\n }\n trunk {\n title\n }\n }\n }\n }\n}\n\n{% endinput %}\n\n{\n \"attachments\": [\n {%- for i in range(0, 3) %}\n {%- if $.notifications.items[i] -%}\n {\n \"color\": \"#36a64f\",\n \"author_name\": \"{{ $.notifications.items[i].resource.trunk.title }}\",\n \"author_link\": \"{{ domain }}/resources/{{ $.notifications.items[i].resource.turbot.id }}\",\n \"mrkdwn_in\": [\n \"text\"\n ],\n \"text\": \"_{{ $.notifications.items[i].message }}_\"\n }\n {%- if $.notifications.items.length <= 3 and $.notifications.items.length - 1 > i %},{% endif %}\n {%- if $.notifications.items.length > 3 %},{% endif %}\n {% endif %}\n {%- endfor -%}\n {%- if $.notifications.items.length > 3 -%}\n {\n \"color\": \"#ddd\",\n \"mrkdwn_in\": [\n \"text\"\n ],\n \"text\": \"<{{ domain }}/resources/{{$.accountableResource.turbot.id}}/activity?search=id:{{ notificationIds }}&level=self%2Cdescendant|View all {{ $.notifications.items.length }} notifications →>\"\n }\n {%- endif %}\n ]\n}"}
Turbot > Notifications > Slack > Action Template > Body
Customize or format messages that are sent to a Slack channel for action.
When rendering messages for Slack using Nunjucks, users can create templates that include placeholders for variables or dynamic content. These placeholders can then be populated with data at runtime, allowing messages to be customized based on specific conditions or events.
tmod:@turbot/turbot#/policy/types/notificationsSlackActionTemplateBody
{ "type": "string", "x-schema-form": { "type": "code", "language": "hcl" }, "default": "{% input %}\nquery controlGet($id: ID!, $resourceId: ID!, $notificationId: ID!) {\n workspaceUrl: policyValue(\n uri: \"tmod:@turbot/turbot#/policy/types/workspaceUrl\"\n resourceId: $resourceId\n ) {\n value\n }\n notification(id: $notificationId) {\n message\n resource {\n turbot{\n id\n }\n trunk {\n title\n }\n }\n }\n control(id: $id) {\n turbot{\n id\n }\n type {\n trunk {\n title\n }\n }\n }\n}\n\n{% endinput %}\n\n\n{\n \"attachments\": [\n {\n \"color\": \"#36a64f\",\n \"author_name\": \"{{ $.notification.resource.trunk.title }}\",\n \"author_link\": \"{{ domain }}/resources/{{ $.notification.resource.turbot.id }}\",\n \"title\": \"{{ $.control.type.trunk.title }}\",\n \"title_link\": \"{{ domain }}/controls/{{ $.control.turbot.id }}\",\n \"mrkdwn_in\": [\n \"text\"\n ],\n \"text\": \"{{ $.notification.message }}\"\n\n }\n ]\n}"}
Turbot > Notifications > Slack > Control Template
tmod:@turbot/turbot#/policy/types/notificationsSlackControlTemplate
Turbot > Notifications > Slack > Control Template > Batch Body
Customize or format messages that are sent to a Slack channel.
When rendering messages for Slack using Nunjucks, users can create templates that include placeholders for variables or dynamic content. These placeholders can then be populated with data at runtime, allowing messages to be customized based on specific conditions or events.
tmod:@turbot/turbot#/policy/types/notificationsSlackControlTemplateBatchBody
{ "type": "string", "x-schema-form": { "type": "code", "language": "hcl" }, "default": "{% input %}\nquery notificationDetails($filter: [String!], $resourceId: ID!) {\n workspaceUrl: policyValue(\n uri: \"tmod:@turbot/turbot#/policy/types/workspaceUrl\"\n resourceId: $resourceId\n ) {\n value\n }\n turbotId: resource(id: \"tmod:@turbot/turbot#/\") {\n turbot {\n id\n }\n }\n accountableResource: resource(id: $resourceId) {\n turbot {\n id\n }\n trunk{\n title\n }\n }\n notifications(filter: $filter) {\n items {\n data\n control {\n state\n reason\n details\n type {\n trunk {\n title\n }\n }\n turbot {\n versionId\n id\n updateTimestamp\n }\n resource {\n turbot {\n id\n }\n trunk {\n title\n }\n type {\n trunk {\n title\n }\n }\n }\n }\n oldControl {\n state\n reason\n details\n }\n }\n }\n}\n\n{% endinput %}\n\n\n{\n \"attachments\": [\n {%- for i in range(0, 3) %}\n {%- if $.notifications.items[i] -%}\n {\n \"color\": \"{% if $.notifications.items[i].control.state == 'alarm' or $.notifications.items[i].control.state == 'error' %}#cb1119{% elif $.notifications.items[i].control.state == 'ok' %}#36a64f{% else %}#d3d3d3{% endif %}\",\n \"author_name\": \"{{ $.notifications.items[i].control.resource.trunk.title }}\",\n \"author_link\": \"{{ domain }}/resources/{{ $.notifications.items[i].control.resource.turbot.id }}\",\n \"title\": \"{{ $.notifications.items[i].control.type.trunk.title }}\",\n \"title_link\": \"{{ domain }}/resources/{{ $.notifications.items[i].control.resource.turbot.id }}\",\n \"mrkdwn_in\": [\n \"text\",\n \"footer\"\n ],\n \"text\": \"{% if $.notifications.items[i].oldControl.state == 'ok' %}OK{% elif $.notifications.items[i].oldControl.state == 'tbd'%}TBD{% else %}{{ $.notifications.items[i].oldControl.state | capitalize }}{% endif %} → *{% if $.notifications.items[i].control.state == 'ok' %}OK{% elif $.notifications.items[i].control.state == 'tbd'%}TBD{% else %}{{ $.notifications.items[i].control.state | capitalize }}{% endif %}*\\n_{{ $.notifications.items[i].control.reason }}_\"\n }\n {%- if $.notifications.items.length <= 3 and $.notifications.items.length - 1 > i %},{% endif %}\n {%- if $.notifications.items.length > 3 %},{% endif %}\n {% endif %}\n {%- endfor -%}\n {%- if $.notifications.items.length > 3 -%}\n {\n \"color\": \"#ddd\",\n \"mrkdwn_in\": [\n \"text\"\n ],\n \"text\": \"<{{ domain }}/resources/{{$.accountableResource.turbot.id}}/activity?search=controlNewVersionId:{{controlIds}}&level=self%2Cdescendant|View all {{ $.notifications.items.length }} notifications →>\"\n }\n {%- endif %}\n ]\n}\n\n"}
Turbot > Notifications > Slack > Control Template > Body
Customize or format messages that are sent to a Slack channel for control.
When rendering messages for Slack using Nunjucks, users can create templates that include placeholders for variables or dynamic content. These placeholders can then be populated with data at runtime, allowing messages to be customized based on specific conditions or events.
tmod:@turbot/turbot#/policy/types/notificationsSlackControlTemplateBody
{ "type": "string", "x-schema-form": { "type": "code", "language": "hcl" }, "default": "{% input %}\nquery controlGet($id: ID!, $resourceId: ID!, $filter: [String!]) {\n workspaceUrl: policyValue(\n uri: \"tmod:@turbot/turbot#/policy/types/workspaceUrl\"\n resourceId: $resourceId\n ) {\n value\n }\n oldControl: control(id: $id) {\n actor {\n identity {\n picture\n turbot {\n title\n id\n }\n }\n }\n state\n reason\n details\n type {\n trunk {\n title\n }\n }\n turbot {\n createTimestamp\n updateTimestamp\n id\n }\n resource {\n turbot {\n id\n title\n }\n trunk {\n title\n }\n type {\n title\n }\n }\n }\n quickActions: controlTypes(filter: $filter) {\n items {\n actionTypes{\n items{\n title\n icon\n description\n uri\n confirmationType\n defaultActionPermissionLevels\n turbot {\n id\n }\n }\n }\n }\n }\n}\n\n{% endinput %}\n\n{\n \"attachments\": [\n {\n \"color\": \"{% if newControl.state == 'alarm' or newControl.state == 'error' %}#cb1119{% elif newControl.state == 'ok' %}#36a64f{% else %}#d3d3d3{% endif %}\",\n \"author_name\": \"{{ $.oldControl.resource.trunk.title }}\",\n \"author_link\": \"{{ domain }}/resources/{{ $.oldControl.resources.turbot.id }}\",\n \"title\": \"{{ $.oldControl.type.trunk.title }}\",\n \"title_link\": \"{{ domain }}/controls/{{ $.oldControl.turbot.id }}\",\n \"mrkdwn_in\": [\n \"text\",\n \"footer\"\n ],\n \"text\": \"{% if $.oldControl.state == 'ok' %}OK{% elif $.oldControl.state == 'tbd'%}TBD{% else %}{{ $.oldControl.state | capitalize }}{% endif %} → *{% if newControl.state == 'ok' %}OK{% elif newControl.state == 'tbd'%}TBD{% else %}{{ newControl.state | capitalize }}{% endif %}*\\n_{{ newControl.reason }}_\\n{%- if domain %}{%- for item in $.quickActions.items[0].actionTypes.items %}⢠<{{domain}}/resources/{{$.oldControl.resource.turbot.id}}?executeActionType={{ item.uri | replace('#', '%23')}}|{{ item.title }}>\\n{%- endfor %}{%- endif %}\"\n\n }\n ]\n}"}
Turbot > Quick Actions
Turbot > Quick Actions > Enabled
Users can perform quick actions on resources with a click of a button, without setting different enforcement policies for automatic remediation.
E.g. Enable versioning on an S3 bucket, start/stop instances, detach, snapshot and delete an EBS volume etc. with a click of a button in Turbot.
Users can also skip alarms on controls like Active, Approved, Tags and Encryption at Rest for a period of 90 days to come back and look at it later, or Skip it forever if needed.
tmod:@turbot/turbot#/policy/types/quickActionsEnabled
[ "Enabled", "Disabled"]
{ "type": "string", "enum": [ "Enabled", "Disabled" ], "default": "Disabled"}
Turbot > Quick Actions > Permission Levels
Quick actions are attached to certain default action permission levels required to run the action in Turbot.
E.g. Setting tags on resources per the tagging policies would require a minimum of Turbot/Operator. Setting versioning on S3 bucket, or deleting a resource from AWS would require a minimum of Turbot/Admin.
If you want to override such settings and e.g. allow Turbot/Operator to set versioning on an S3 bucket, you'd have to set the policy on any accountable resource as a list of YAML objects<br />[<br /> {<br /> "rule": "tmod:@turbot/aws-s3#/action/types/s3BucketVersioningEnabledQuickAction",<br /> "authorization": "permitted",<br /> "permissions": [<br /> {<br /> "type": "tmod:@turbot/turbot-iam#/permission/types/turbot",<br /> "level": "tmod:@turbot/turbot-iam#/permission/levels/operator"<br /> }<br /> ]<br /> }<br />]<br />
To deny all users to perform a specific action, you can set authorization
to forbidden
. You can also use widcard characters for rules to set permissions on multiple actions.
tmod:@turbot/turbot#/policy/types/quickActionsPermissionLevels
{ "type": "array", "items": { "type": "object", "properties": { "rule": { "type": "string" }, "authorization": { "type": "string", "pattern": "^(permitted|forbidden)$" }, "permissions": { "type": "array", "items": { "type": "object", "properties": { "type": { "type": "string", "pattern": "^tmod:@turbot/(turbot-iam|aws)#/permission/types/(aws|turbot)" }, "level": { "type": "string", "pattern": "^tmod:@turbot/turbot-iam#/permission/levels/(admin|owner|operator|readonly|metadata|user)" } } } } }, "required": [ "rule", "permissions" ] }, "default": []}
Turbot > Runnable Monitor
The maximum number of runnables (controls and policies) to restart when found to be 'stale'.
Stale: runnables in error or tbd state with less than 56 days since last state change, but no next tick timestamp set.
tmod:@turbot/turbot#/policy/types/runnableMonitor
{ "type": "integer", "minimum": 1, "maximum": 1000, "default": 50, "defaultMetadata": { "precedence": "must" }}
Turbot > Stack Ansible Version [Default]
The Version of Ansible to use for Turbot Ansible Stacks.
Specify an npm-style semver string to
determine which version of the Ansible container Turbot will use to run
this stack.
Examples:~2.9
: Latest version in the 2.9.x release*
: Latest version
tmod:@turbot/turbot#/policy/types/stackAnsibleVersion
{ "type": "string", "default": "2.*"}
Turbot > Stack Terraform Version [Default]
The Version of Terraform to use for Turbot Custom Stacks and Configured
controls.
Specify an npm-style semver string to
determine which version of the Terraform container Turbot will use to run
this stack.
All Configured controls will use this version unless they are claimed by
another stack. Custom stacks will use this policy as a default in their
Stack > Terraform Version policy.
Examples:
| Value | Description
|-|-
| ~0.11
| Latest version in the 0.11.x release
| *
| Latest version
tmod:@turbot/turbot#/policy/types/stackTerraformVersion
{ "type": "string", "default": "0.11.*"}
Turbot > Tags
Turbot > Tags > Transform Rules
A list of keys with their corresponding incorrect keys and values that should be fixed. This list can then be used in the transformMap()
nunjucks function in the calculated policy builder to evaluate tag fixes on resources where the policy setting is applied.
tmod:@turbot/turbot#/policy/types/transformRules
{ "type": "object", "patternProperties": { "^[-+=\\._:@/\\sA-Za-z0-9\\u00AA\\u00B5\\u00BA\\u00C0-\\u00D6\\u00D8-\\u00F6\\u00F8-\\u02C1\\u02C6-\\u02D1\\u02E0-\\u02E4\\u02EC\\u02EE\\u0370-\\u0374\\u0376\\u0377\\u037A-\\u037D\\u037F\\u0386\\u0388-\\u038A\\u038C\\u038E-\\u03A1\\u03A3-\\u03F5\\u03F7-\\u0481\\u048A-\\u052F\\u0531-\\u0556\\u0559\\u0561-\\u0587\\u05D0-\\u05EA\\u05F0-\\u05F2\\u0620-\\u064A\\u066E\\u066F\\u0671-\\u06D3\\u06D5\\u06E5\\u06E6\\u06EE\\u06EF\\u06FA-\\u06FC\\u06FF\\u0710\\u0712-\\u072F\\u074D-\\u07A5\\u07B1\\u07CA-\\u07EA\\u07F4\\u07F5\\u07FA\\u0800-\\u0815\\u081A\\u0824\\u0828\\u0840-\\u0858\\u08A0-\\u08B4\\u0904-\\u0939\\u093D\\u0950\\u0958-\\u0961\\u0971-\\u0980\\u0985-\\u098C\\u098F\\u0990\\u0993-\\u09A8\\u09AA-\\u09B0\\u09B2\\u09B6-\\u09B9\\u09BD\\u09CE\\u09DC\\u09DD\\u09DF-\\u09E1\\u09F0\\u09F1\\u0A05-\\u0A0A\\u0A0F\\u0A10\\u0A13-\\u0A28\\u0A2A-\\u0A30\\u0A32\\u0A33\\u0A35\\u0A36\\u0A38\\u0A39\\u0A59-\\u0A5C\\u0A5E\\u0A72-\\u0A74\\u0A85-\\u0A8D\\u0A8F-\\u0A91\\u0A93-\\u0AA8\\u0AAA-\\u0AB0\\u0AB2\\u0AB3\\u0AB5-\\u0AB9\\u0ABD\\u0AD0\\u0AE0\\u0AE1\\u0AF9\\u0B05-\\u0B0C\\u0B0F\\u0B10\\u0B13-\\u0B28\\u0B2A-\\u0B30\\u0B32\\u0B33\\u0B35-\\u0B39\\u0B3D\\u0B5C\\u0B5D\\u0B5F-\\u0B61\\u0B71\\u0B83\\u0B85-\\u0B8A\\u0B8E-\\u0B90\\u0B92-\\u0B95\\u0B99\\u0B9A\\u0B9C\\u0B9E\\u0B9F\\u0BA3\\u0BA4\\u0BA8-\\u0BAA\\u0BAE-\\u0BB9\\u0BD0\\u0C05-\\u0C0C\\u0C0E-\\u0C10\\u0C12-\\u0C28\\u0C2A-\\u0C39\\u0C3D\\u0C58-\\u0C5A\\u0C60\\u0C61\\u0C85-\\u0C8C\\u0C8E-\\u0C90\\u0C92-\\u0CA8\\u0CAA-\\u0CB3\\u0CB5-\\u0CB9\\u0CBD\\u0CDE\\u0CE0\\u0CE1\\u0CF1\\u0CF2\\u0D05-\\u0D0C\\u0D0E-\\u0D10\\u0D12-\\u0D3A\\u0D3D\\u0D4E\\u0D5F-\\u0D61\\u0D7A-\\u0D7F\\u0D85-\\u0D96\\u0D9A-\\u0DB1\\u0DB3-\\u0DBB\\u0DBD\\u0DC0-\\u0DC6\\u0E01-\\u0E30\\u0E32\\u0E33\\u0E40-\\u0E46\\u0E81\\u0E82\\u0E84\\u0E87\\u0E88\\u0E8A\\u0E8D\\u0E94-\\u0E97\\u0E99-\\u0E9F\\u0EA1-\\u0EA3\\u0EA5\\u0EA7\\u0EAA\\u0EAB\\u0EAD-\\u0EB0\\u0EB2\\u0EB3\\u0EBD\\u0EC0-\\u0EC4\\u0EC6\\u0EDC-\\u0EDF\\u0F00\\u0F40-\\u0F47\\u0F49-\\u0F6C\\u0F88-\\u0F8C\\u1000-\\u102A\\u103F\\u1050-\\u1055\\u105A-\\u105D\\u1061\\u1065\\u1066\\u106E-\\u1070\\u1075-\\u1081\\u108E\\u10A0-\\u10C5\\u10C7\\u10CD\\u10D0-\\u10FA\\u10FC-\\u1248\\u124A-\\u124D\\u1250-\\u1256\\u1258\\u125A-\\u125D\\u1260-\\u1288\\u128A-\\u128D\\u1290-\\u12B0\\u12B2-\\u12B5\\u12B8-\\u12BE\\u12C0\\u12C2-\\u12C5\\u12C8-\\u12D6\\u12D8-\\u1310\\u1312-\\u1315\\u1318-\\u135A\\u1380-\\u138F\\u13A0-\\u13F5\\u13F8-\\u13FD\\u1401-\\u166C\\u166F-\\u167F\\u1681-\\u169A\\u16A0-\\u16EA\\u16F1-\\u16F8\\u1700-\\u170C\\u170E-\\u1711\\u1720-\\u1731\\u1740-\\u1751\\u1760-\\u176C\\u176E-\\u1770\\u1780-\\u17B3\\u17D7\\u17DC\\u1820-\\u1877\\u1880-\\u18A8\\u18AA\\u18B0-\\u18F5\\u1900-\\u191E\\u1950-\\u196D\\u1970-\\u1974\\u1980-\\u19AB\\u19B0-\\u19C9\\u1A00-\\u1A16\\u1A20-\\u1A54\\u1AA7\\u1B05-\\u1B33\\u1B45-\\u1B4B\\u1B83-\\u1BA0\\u1BAE\\u1BAF\\u1BBA-\\u1BE5\\u1C00-\\u1C23\\u1C4D-\\u1C4F\\u1C5A-\\u1C7D\\u1CE9-\\u1CEC\\u1CEE-\\u1CF1\\u1CF5\\u1CF6\\u1D00-\\u1DBF\\u1E00-\\u1F15\\u1F18-\\u1F1D\\u1F20-\\u1F45\\u1F48-\\u1F4D\\u1F50-\\u1F57\\u1F59\\u1F5B\\u1F5D\\u1F5F-\\u1F7D\\u1F80-\\u1FB4\\u1FB6-\\u1FBC\\u1FBE\\u1FC2-\\u1FC4\\u1FC6-\\u1FCC\\u1FD0-\\u1FD3\\u1FD6-\\u1FDB\\u1FE0-\\u1FEC\\u1FF2-\\u1FF4\\u1FF6-\\u1FFC\\u2071\\u207F\\u2090-\\u209C\\u2102\\u2107\\u210A-\\u2113\\u2115\\u2119-\\u211D\\u2124\\u2126\\u2128\\u212A-\\u212D\\u212F-\\u2139\\u213C-\\u213F\\u2145-\\u2149\\u214E\\u2183\\u2184\\u2C00-\\u2C2E\\u2C30-\\u2C5E\\u2C60-\\u2CE4\\u2CEB-\\u2CEE\\u2CF2\\u2CF3\\u2D00-\\u2D25\\u2D27\\u2D2D\\u2D30-\\u2D67\\u2D6F\\u2D80-\\u2D96\\u2DA0-\\u2DA6\\u2DA8-\\u2DAE\\u2DB0-\\u2DB6\\u2DB8-\\u2DBE\\u2DC0-\\u2DC6\\u2DC8-\\u2DCE\\u2DD0-\\u2DD6\\u2DD8-\\u2DDE\\u2E2F\\u3005\\u3006\\u3031-\\u3035\\u303B\\u303C\\u3041-\\u3096\\u309D-\\u309F\\u30A1-\\u30FA\\u30FC-\\u30FF\\u3105-\\u312D\\u3131-\\u318E\\u31A0-\\u31BA\\u31F0-\\u31FF\\u3400-\\u4DB5\\u4E00-\\u9FD5\\uA000-\\uA48C\\uA4D0-\\uA4FD\\uA500-\\uA60C\\uA610-\\uA61F\\uA62A\\uA62B\\uA640-\\uA66E\\uA67F-\\uA69D\\uA6A0-\\uA6E5\\uA717-\\uA71F\\uA722-\\uA788\\uA78B-\\uA7AD\\uA7B0-\\uA7B7\\uA7F7-\\uA801\\uA803-\\uA805\\uA807-\\uA80A\\uA80C-\\uA822\\uA840-\\uA873\\uA882-\\uA8B3\\uA8F2-\\uA8F7\\uA8FB\\uA8FD\\uA90A-\\uA925\\uA930-\\uA946\\uA960-\\uA97C\\uA984-\\uA9B2\\uA9CF\\uA9E0-\\uA9E4\\uA9E6-\\uA9EF\\uA9FA-\\uA9FE\\uAA00-\\uAA28\\uAA40-\\uAA42\\uAA44-\\uAA4B\\uAA60-\\uAA76\\uAA7A\\uAA7E-\\uAAAF\\uAAB1\\uAAB5\\uAAB6\\uAAB9-\\uAABD\\uAAC0\\uAAC2\\uAADB-\\uAADD\\uAAE0-\\uAAEA\\uAAF2-\\uAAF4\\uAB01-\\uAB06\\uAB09-\\uAB0E\\uAB11-\\uAB16\\uAB20-\\uAB26\\uAB28-\\uAB2E\\uAB30-\\uAB5A\\uAB5C-\\uAB65\\uAB70-\\uABE2\\uAC00-\\uD7A3\\uD7B0-\\uD7C6\\uD7CB-\\uD7FB\\uF900-\\uFA6D\\uFA70-\\uFAD9\\uFB00-\\uFB06\\uFB13-\\uFB17\\uFB1D\\uFB1F-\\uFB28\\uFB2A-\\uFB36\\uFB38-\\uFB3C\\uFB3E\\uFB40\\uFB41\\uFB43\\uFB44\\uFB46-\\uFBB1\\uFBD3-\\uFD3D\\uFD50-\\uFD8F\\uFD92-\\uFDC7\\uFDF0-\\uFDFB\\uFE70-\\uFE74\\uFE76-\\uFEFC\\uFF21-\\uFF3A\\uFF41-\\uFF5A\\uFF66-\\uFFBE\\uFFC2-\\uFFC7\\uFFCA-\\uFFCF\\uFFD2-\\uFFD7\\uFFDA-\\uFFDC\\u0660-\\u0669\\u06F0-\\u06F9\\u07C0-\\u07C9\\u0966-\\u096F\\u09E6-\\u09EF\\u0A66-\\u0A6F\\u0AE6-\\u0AEF\\u0B66-\\u0B6F\\u0BE6-\\u0BEF\\u0C66-\\u0C6F\\u0CE6-\\u0CEF\\u0D66-\\u0D6F\\u0DE6-\\u0DEF\\u0E50-\\u0E59\\u0ED0-\\u0ED9\\u0F20-\\u0F29\\u1040-\\u1049\\u1090-\\u1099\\u17E0-\\u17E9\\u1810-\\u1819\\u1946-\\u194F\\u19D0-\\u19D9\\u1A80-\\u1A89\\u1A90-\\u1A99\\u1B50-\\u1B59\\u1BB0-\\u1BB9\\u1C40-\\u1C49\\u1C50-\\u1C59\\uA620-\\uA629\\uA8D0-\\uA8D9\\uA900-\\uA909\\uA9D0-\\uA9D9\\uA9F0-\\uA9F9\\uAA50-\\uAA59\\uABF0-\\uABF9\\uFF10-\\uFF19]{1,128}$": { "type": "object", "properties": { "replacementValue": { "type": "string" }, "incorrectKeys": { "type": "array", "items": { "type": "string" } }, "values": { "type": "object", "patternProperties": { "^[-+=\\._:@/\\sA-Za-z0-9\\u00AA\\u00B5\\u00BA\\u00C0-\\u00D6\\u00D8-\\u00F6\\u00F8-\\u02C1\\u02C6-\\u02D1\\u02E0-\\u02E4\\u02EC\\u02EE\\u0370-\\u0374\\u0376\\u0377\\u037A-\\u037D\\u037F\\u0386\\u0388-\\u038A\\u038C\\u038E-\\u03A1\\u03A3-\\u03F5\\u03F7-\\u0481\\u048A-\\u052F\\u0531-\\u0556\\u0559\\u0561-\\u0587\\u05D0-\\u05EA\\u05F0-\\u05F2\\u0620-\\u064A\\u066E\\u066F\\u0671-\\u06D3\\u06D5\\u06E5\\u06E6\\u06EE\\u06EF\\u06FA-\\u06FC\\u06FF\\u0710\\u0712-\\u072F\\u074D-\\u07A5\\u07B1\\u07CA-\\u07EA\\u07F4\\u07F5\\u07FA\\u0800-\\u0815\\u081A\\u0824\\u0828\\u0840-\\u0858\\u08A0-\\u08B4\\u0904-\\u0939\\u093D\\u0950\\u0958-\\u0961\\u0971-\\u0980\\u0985-\\u098C\\u098F\\u0990\\u0993-\\u09A8\\u09AA-\\u09B0\\u09B2\\u09B6-\\u09B9\\u09BD\\u09CE\\u09DC\\u09DD\\u09DF-\\u09E1\\u09F0\\u09F1\\u0A05-\\u0A0A\\u0A0F\\u0A10\\u0A13-\\u0A28\\u0A2A-\\u0A30\\u0A32\\u0A33\\u0A35\\u0A36\\u0A38\\u0A39\\u0A59-\\u0A5C\\u0A5E\\u0A72-\\u0A74\\u0A85-\\u0A8D\\u0A8F-\\u0A91\\u0A93-\\u0AA8\\u0AAA-\\u0AB0\\u0AB2\\u0AB3\\u0AB5-\\u0AB9\\u0ABD\\u0AD0\\u0AE0\\u0AE1\\u0AF9\\u0B05-\\u0B0C\\u0B0F\\u0B10\\u0B13-\\u0B28\\u0B2A-\\u0B30\\u0B32\\u0B33\\u0B35-\\u0B39\\u0B3D\\u0B5C\\u0B5D\\u0B5F-\\u0B61\\u0B71\\u0B83\\u0B85-\\u0B8A\\u0B8E-\\u0B90\\u0B92-\\u0B95\\u0B99\\u0B9A\\u0B9C\\u0B9E\\u0B9F\\u0BA3\\u0BA4\\u0BA8-\\u0BAA\\u0BAE-\\u0BB9\\u0BD0\\u0C05-\\u0C0C\\u0C0E-\\u0C10\\u0C12-\\u0C28\\u0C2A-\\u0C39\\u0C3D\\u0C58-\\u0C5A\\u0C60\\u0C61\\u0C85-\\u0C8C\\u0C8E-\\u0C90\\u0C92-\\u0CA8\\u0CAA-\\u0CB3\\u0CB5-\\u0CB9\\u0CBD\\u0CDE\\u0CE0\\u0CE1\\u0CF1\\u0CF2\\u0D05-\\u0D0C\\u0D0E-\\u0D10\\u0D12-\\u0D3A\\u0D3D\\u0D4E\\u0D5F-\\u0D61\\u0D7A-\\u0D7F\\u0D85-\\u0D96\\u0D9A-\\u0DB1\\u0DB3-\\u0DBB\\u0DBD\\u0DC0-\\u0DC6\\u0E01-\\u0E30\\u0E32\\u0E33\\u0E40-\\u0E46\\u0E81\\u0E82\\u0E84\\u0E87\\u0E88\\u0E8A\\u0E8D\\u0E94-\\u0E97\\u0E99-\\u0E9F\\u0EA1-\\u0EA3\\u0EA5\\u0EA7\\u0EAA\\u0EAB\\u0EAD-\\u0EB0\\u0EB2\\u0EB3\\u0EBD\\u0EC0-\\u0EC4\\u0EC6\\u0EDC-\\u0EDF\\u0F00\\u0F40-\\u0F47\\u0F49-\\u0F6C\\u0F88-\\u0F8C\\u1000-\\u102A\\u103F\\u1050-\\u1055\\u105A-\\u105D\\u1061\\u1065\\u1066\\u106E-\\u1070\\u1075-\\u1081\\u108E\\u10A0-\\u10C5\\u10C7\\u10CD\\u10D0-\\u10FA\\u10FC-\\u1248\\u124A-\\u124D\\u1250-\\u1256\\u1258\\u125A-\\u125D\\u1260-\\u1288\\u128A-\\u128D\\u1290-\\u12B0\\u12B2-\\u12B5\\u12B8-\\u12BE\\u12C0\\u12C2-\\u12C5\\u12C8-\\u12D6\\u12D8-\\u1310\\u1312-\\u1315\\u1318-\\u135A\\u1380-\\u138F\\u13A0-\\u13F5\\u13F8-\\u13FD\\u1401-\\u166C\\u166F-\\u167F\\u1681-\\u169A\\u16A0-\\u16EA\\u16F1-\\u16F8\\u1700-\\u170C\\u170E-\\u1711\\u1720-\\u1731\\u1740-\\u1751\\u1760-\\u176C\\u176E-\\u1770\\u1780-\\u17B3\\u17D7\\u17DC\\u1820-\\u1877\\u1880-\\u18A8\\u18AA\\u18B0-\\u18F5\\u1900-\\u191E\\u1950-\\u196D\\u1970-\\u1974\\u1980-\\u19AB\\u19B0-\\u19C9\\u1A00-\\u1A16\\u1A20-\\u1A54\\u1AA7\\u1B05-\\u1B33\\u1B45-\\u1B4B\\u1B83-\\u1BA0\\u1BAE\\u1BAF\\u1BBA-\\u1BE5\\u1C00-\\u1C23\\u1C4D-\\u1C4F\\u1C5A-\\u1C7D\\u1CE9-\\u1CEC\\u1CEE-\\u1CF1\\u1CF5\\u1CF6\\u1D00-\\u1DBF\\u1E00-\\u1F15\\u1F18-\\u1F1D\\u1F20-\\u1F45\\u1F48-\\u1F4D\\u1F50-\\u1F57\\u1F59\\u1F5B\\u1F5D\\u1F5F-\\u1F7D\\u1F80-\\u1FB4\\u1FB6-\\u1FBC\\u1FBE\\u1FC2-\\u1FC4\\u1FC6-\\u1FCC\\u1FD0-\\u1FD3\\u1FD6-\\u1FDB\\u1FE0-\\u1FEC\\u1FF2-\\u1FF4\\u1FF6-\\u1FFC\\u2071\\u207F\\u2090-\\u209C\\u2102\\u2107\\u210A-\\u2113\\u2115\\u2119-\\u211D\\u2124\\u2126\\u2128\\u212A-\\u212D\\u212F-\\u2139\\u213C-\\u213F\\u2145-\\u2149\\u214E\\u2183\\u2184\\u2C00-\\u2C2E\\u2C30-\\u2C5E\\u2C60-\\u2CE4\\u2CEB-\\u2CEE\\u2CF2\\u2CF3\\u2D00-\\u2D25\\u2D27\\u2D2D\\u2D30-\\u2D67\\u2D6F\\u2D80-\\u2D96\\u2DA0-\\u2DA6\\u2DA8-\\u2DAE\\u2DB0-\\u2DB6\\u2DB8-\\u2DBE\\u2DC0-\\u2DC6\\u2DC8-\\u2DCE\\u2DD0-\\u2DD6\\u2DD8-\\u2DDE\\u2E2F\\u3005\\u3006\\u3031-\\u3035\\u303B\\u303C\\u3041-\\u3096\\u309D-\\u309F\\u30A1-\\u30FA\\u30FC-\\u30FF\\u3105-\\u312D\\u3131-\\u318E\\u31A0-\\u31BA\\u31F0-\\u31FF\\u3400-\\u4DB5\\u4E00-\\u9FD5\\uA000-\\uA48C\\uA4D0-\\uA4FD\\uA500-\\uA60C\\uA610-\\uA61F\\uA62A\\uA62B\\uA640-\\uA66E\\uA67F-\\uA69D\\uA6A0-\\uA6E5\\uA717-\\uA71F\\uA722-\\uA788\\uA78B-\\uA7AD\\uA7B0-\\uA7B7\\uA7F7-\\uA801\\uA803-\\uA805\\uA807-\\uA80A\\uA80C-\\uA822\\uA840-\\uA873\\uA882-\\uA8B3\\uA8F2-\\uA8F7\\uA8FB\\uA8FD\\uA90A-\\uA925\\uA930-\\uA946\\uA960-\\uA97C\\uA984-\\uA9B2\\uA9CF\\uA9E0-\\uA9E4\\uA9E6-\\uA9EF\\uA9FA-\\uA9FE\\uAA00-\\uAA28\\uAA40-\\uAA42\\uAA44-\\uAA4B\\uAA60-\\uAA76\\uAA7A\\uAA7E-\\uAAAF\\uAAB1\\uAAB5\\uAAB6\\uAAB9-\\uAABD\\uAAC0\\uAAC2\\uAADB-\\uAADD\\uAAE0-\\uAAEA\\uAAF2-\\uAAF4\\uAB01-\\uAB06\\uAB09-\\uAB0E\\uAB11-\\uAB16\\uAB20-\\uAB26\\uAB28-\\uAB2E\\uAB30-\\uAB5A\\uAB5C-\\uAB65\\uAB70-\\uABE2\\uAC00-\\uD7A3\\uD7B0-\\uD7C6\\uD7CB-\\uD7FB\\uF900-\\uFA6D\\uFA70-\\uFAD9\\uFB00-\\uFB06\\uFB13-\\uFB17\\uFB1D\\uFB1F-\\uFB28\\uFB2A-\\uFB36\\uFB38-\\uFB3C\\uFB3E\\uFB40\\uFB41\\uFB43\\uFB44\\uFB46-\\uFBB1\\uFBD3-\\uFD3D\\uFD50-\\uFD8F\\uFD92-\\uFDC7\\uFDF0-\\uFDFB\\uFE70-\\uFE74\\uFE76-\\uFEFC\\uFF21-\\uFF3A\\uFF41-\\uFF5A\\uFF66-\\uFFBE\\uFFC2-\\uFFC7\\uFFCA-\\uFFCF\\uFFD2-\\uFFD7\\uFFDA-\\uFFDC\\u0660-\\u0669\\u06F0-\\u06F9\\u07C0-\\u07C9\\u0966-\\u096F\\u09E6-\\u09EF\\u0A66-\\u0A6F\\u0AE6-\\u0AEF\\u0B66-\\u0B6F\\u0BE6-\\u0BEF\\u0C66-\\u0C6F\\u0CE6-\\u0CEF\\u0D66-\\u0D6F\\u0DE6-\\u0DEF\\u0E50-\\u0E59\\u0ED0-\\u0ED9\\u0F20-\\u0F29\\u1040-\\u1049\\u1090-\\u1099\\u17E0-\\u17E9\\u1810-\\u1819\\u1946-\\u194F\\u19D0-\\u19D9\\u1A80-\\u1A89\\u1A90-\\u1A99\\u1B50-\\u1B59\\u1BB0-\\u1BB9\\u1C40-\\u1C49\\u1C50-\\u1C59\\uA620-\\uA629\\uA8D0-\\uA8D9\\uA900-\\uA909\\uA9D0-\\uA9D9\\uA9F0-\\uA9F9\\uAA50-\\uAA59\\uABF0-\\uABF9\\uFF10-\\uFF19]{1,128}$": { "type": "object", "properties": { "incorrectValues": { "type": "array", "items": { "type": "string" } } }, "additionalProperties": false } } } }, "additionalProperties": false } }, "example": { "Environment": { "replacementValue": "undefined", "incorrectKeys": [ "environment", "env", "Environ" ], "values": { "Production": { "incorrectValues": [ "prod", "production", "prd" ] }, "Development": { "incorrectValues": [ "dev", "development", "develop" ] } } }, "CostCenter": { "incorrectKeys": [ "CC", "costC", "costcenter" ], "values": { "CentralPerk": { "incorrectValues": [ "cp", "centralperk", "cperk" ] }, "CheesecakeFactory": { "incorrectValues": [ "cf", "cfactory", "cheesecakefactory" ] } } } }}
Turbot > Workspace
Manage workspace configuration.
Turbot > Workspace > API Secrets
API and GraphQL requests to Turbot can be authenticated using a JWT token.
The typical flow is to login (using SAML, password, or access keys) and
obtain a JWT token. Subsequent requests are then authorized by the JWT
token.
The JWT token is signed by Turbot using an API Secret
, as set by this
policy. This ensures that fake tokens cannot be generated or used.
Turbot sets this policy on installation to complex password unique to your
workspace. This is a secure, effective default.
To ensure secrets work, even during rotation, this policy is defined as an
array. The first item is the current secret and is used to sign all newly
issued tokens. Other secrets in the array are used for verifying existing
tokens only.
If you wish or need to rotate this secret, you should:
1. Add a new secret as the first item in the array, leaving existing secrets below.
2. Allow time for all use of existing secrets to end. This will vary depending on
console timeout settings, etc - but is generally less than 24 hours.
3. Update the policy to remove old secrets that are no longer valid.
See also: Turbot > Workspace > Webhook Secrets
defines secrets for longer
term webhook URLs deployed for event ingestion.
tmod:@turbot/turbot#/policy/types/apiSecrets
{ "type": "array", "items": { "type": "string" }, "minItems": 1, "default": [ "turbot" ]}
Turbot > Workspace > Controls Metadata Batch Size
The number of controls to be updated with its metadata information. The metadata includes the
resource path and resource type information of the associated resource.
tmod:@turbot/turbot#/policy/types/controlsMetadataBatchSize
{ "type": "integer", "minimum": 1, "default": 10000, "defaultMetadata": { "precedence": "must" }}
Turbot > Workspace > Dependencies Batch Size
The number of controls and policy values dependencies to be migrated to the new dependencies table
tmod:@turbot/turbot#/policy/types/dependenciesBatchSize
{ "type": "integer", "minimum": 1, "default": 300, "defaultMetadata": { "precedence": "must" }}
Turbot > Workspace > Domain Name
Fully qualified domain name of the workspace - for example,pilot-gnb.cloud.turbot.com
. Set to the domain name only, do not include
protocol or path information.
Only required when using the Public API Gateway option.
See also: Turbot > Workspace > Gateway Domain Name
tmod:@turbot/turbot#/policy/types/domainName
{ "type": "string", "pattern": "^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.){2,}([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\\-]*[A-Za-z0-9]){2,}$"}
Turbot > Workspace > Feature Flags
Feature flags enabled for this workspace.
This policy is automatically updated as part of each workspace upgrade.
tmod:@turbot/turbot#/policy/types/workspaceFeatureFlags
{ "type": "array", "items": { "type": "string" }, "default": []}
Turbot > Workspace > Gateway Domain Name
Fully qualified domain name of the publicly accessible gateway to the
workspace - for example, gateway.turbot.acme.com
. Set to the domain
name only, do not include protocol or path information.
If you are using the Public API Gateway option, you should ensure that
gateway is set in the Turbot > Workspace > Gateway Domain Name
policy to
your gateway DNS name. You can find the value in the ApiGatewayEventsURL
output of the TEF stack. The policy should be set to the DNS name only,
without the protocol or path. This is usually gateway.{installation domain}
– for example if your installation domain is turbot.mycompany.com
, the
gateway would be gateway.turbot.mycompany.com
.
If the API Gateway option is not being used then this policy should be blank.
See also: Turbot > Workspace > Domain Name
tmod:@turbot/turbot#/policy/types/gatewayDomainName
{ "type": "string", "pattern": "^(?:(?:[a-z0-9]+|[a-z0-9][a-z0-9\\-]*[a-z0-9])\\.){1,}(?:[a-z0-9]+|[a-z0-9][a-z0-9\\-]*[a-z0-9])(?:\\/[A-Za-z0-9_-]+)*"}
Turbot > Workspace > Notifications Batch Size
Notifications to clean for obsoleted notifications-types.
tmod:@turbot/turbot#/policy/types/notificationsCleanupBatchSize
{ "type": "integer", "minimum": 1, "default": 1000, "defaultMetadata": { "precedence": "must" }}
Turbot > Workspace > Policy Value Maintenance
Manage Policy Value maintenance policy values.
It contains two child policy values, which controls the maintenance of policy values in the workspace.
The values of these child policy values are read by the control - workspaceBackgroundTasks to run the maintenance activity.
The child policy values are :
1. Account List - An array of accounts on which policy value maintenance will be run.
2. Last Maintenance Run - Timestamp indicating the last time 'Account List' policy value was
read to determine on which accounts policy value maintenance is to be run. It is used to ensure
that the maintenance activity is not run too frequently.
tmod:@turbot/turbot#/policy/types/policyValueMaintenance
Turbot > Workspace > Policy Value Maintenance > Account List
List of accounts on which policy value maintenance activities will be run in a weekly fashion.
The account list should contain the turbot id's of the accounts.
Possible values and their implication include:
1. [ "" ] - The maintenance activity will not consider any accounts.
2. [ "222103709428044", "230857214315311" ] - Run weekly maintenance on these n accounts.
3. [ "*" ] - Run weekly maintenance on all accounts in the workspace.
tmod:@turbot/turbot#/policy/types/policyValueMaintenanceAccountList
{ "type": "array", "items": { "type": "string" }, "minItems": 1, "default": [ "" ]}
Turbot > Workspace > Policy Value Maintenance > Last Run
Timestamp when the maintenance activity last read the list of accounts on which
policy value maintenance will be run.
tmod:@turbot/turbot#/policy/types/policyValueMaintenanceLastRun
{ "type": "string", "format": "date-time"}
Turbot > Workspace > Policy Values History Cleanup Batch Size
Define the batch size for policy values history cleanup.
tmod:@turbot/turbot#/policy/types/policyValuesHistoryCleanupBatchSize
{ "type": "integer", "minimum": 0, "default": 1000, "defaultMetadata": { "precedence": "must" }}
Turbot > Workspace > Policy values Metadata Batch Size
The number of policy values to be updated with its metadata information. The metadata includes the
resource path and resource type information of the associated resource.
tmod:@turbot/turbot#/policy/types/policyValuesMetadataBatchSize
{ "type": "integer", "minimum": 1, "default": 10000, "defaultMetadata": { "precedence": "must" }}
Turbot > Workspace > Resources Metadata Batch Size
The number of resources to be updated with its metadata information. The metadata includes the
resource type path information of the associated resource.
tmod:@turbot/turbot#/policy/types/resourcesMetadataBatchSize
{ "type": "integer", "minimum": 1, "default": 10000, "defaultMetadata": { "precedence": "must" }}
Turbot > Workspace > Retention
One of the principal design goals of Turbot is to enable change - to help
ensure security, reliability, and consistency in dynamic environments. As a
result, capturing change and storing historical information are fundamental
to the way Turbot operates. In fact, Turbot creates a new version for each
resource every time that resource is changed, providing a full history of
the resource. Controls, Policy Settings, Policy Values, and Logs are also
versioned per resource.
While there is some benefit is storing all versions of all entities
forever, there is a tradeoff in performance and storage capacity. Every
version must be stored and indexed. Every version added is another to
search through.Turbot > Workspace > Retention > *
policies automatically cleanup that
data to ensure you have the critical information, but the system remains
efficient and performant.
Always use Enforce: Enable purging via Smart Retention
unless you have discussed
your use case with Turbot Support.
tmod:@turbot/turbot#/policy/types/retention
[ "Skip", "Check: Preview purging via Smart Retention", "Enforce: Enable purging via Smart Retention"]
{ "type": "string", "enum": [ "Skip", "Check: Preview purging via Smart Retention", "Enforce: Enable purging via Smart Retention" ], "default": "Enforce: Enable purging via Smart Retention"}
Turbot > Workspace > Retention > Debug Log Purge Limit
The number of debug log records to purge in each retention control run. An
appropriate size ensures rapid cleanup, but without large operations causing
spikes in database load.
Generally only needs to be changed in large environments undergoing rapid
change or backlogs of work.
tmod:@turbot/turbot#/policy/types/debugLogPurgeLimit
{ "type": "integer", "minimum": 1, "default": 1000, "defaultMetadata": { "precedence": "must" }}
Turbot > Workspace > Retention > Debug Log Retention
The maxmimum number of days that Turbot will maintain debug information in
process logs.
Note: Since v5.19.0 process logs are managed in object storage. This policy
relates to debug logs stored in the database layer only from before that
change.
tmod:@turbot/turbot#/policy/types/debugLogRetention
{ "type": "integer", "minimum": 1, "default": 14, "defaultMetadata": { "precedence": "must" }}
Turbot > Workspace > Retention > Maximum Retention
The maximum number of days that Turbot will
keep historical versions of a deleted resource.
When a resource is deleted, Turbot marks the resource as deleted, but does
not immediately delete the historical versions of the resource (or its
policies, controls, logs, etc). Turbot Smart Retention maintains the most
recent versions in the CMDB for a length of time that is proportionate to
the resource's lifetime, subject to a minimum and maximum threshold.
For example, an instance that was only active for a week will maintain 1
week of history, while one that was active for 6 months should retain
historical versions for a 6 months after it is deleted. Well this is
generally appropriate, Turbot provides policies to specify a minimum and
maximum retention as well.
Note that when a resource version is deleted, all of the associated
policies, controls, processes, and process logs are deleted as well.
See also: Turbot > Workspace > Retention > Minimum Retention
tmod:@turbot/turbot#/policy/types/maximumRetention
{ "type": "integer", "minimum": 1, "default": 365, "defaultMetadata": { "precedence": "must" }}
Turbot > Workspace > Retention > Minimum Retention
The minimum number of days that Turbot will
keep historical versions of a deleted resource.
When a resource is deleted, Turbot marks the resource as deleted, but does
not immediately delete the historical versions of the resource (or its
policies, controls, logs, etc). Turbot Smart Retention maintains the most
recent versions in the CMDB for a length of time that is proportionate to
the resource's lifetime, subject to a minimum and maximum threshold.
For example, an instance that was only active for a week will maintain 1
week of history, while one that was active for 6 months should retain
historical versions for a 6 months after it is deleted. Well this is
generally appropriate, Turbot provides policies to specify a minimum and
maximum retention as well.
Note that when a resource version is deleted, all of the associated
policies, controls, processes, and process logs are deleted as well.
See also: `Turbot > Workspace > Retention > Maximum Retention`
tmod:@turbot/turbot#/policy/types/minimumRetention
{ "type": "integer", "minimum": 1, "default": 7, "defaultMetadata": { "precedence": "must" }}
Turbot > Workspace > Retention > Process Retention
When a process is terminated, Turbot marks the process as deleted, but does
not immediately delete the historical versions of the process. This policy
specifies the maximum number of days that versions of a deleted process
will be maintained.
This policy sets the minimum number of days that Turbot will keep
historical versions of a terminated process.
See also: Turbot > Workspace > Retention > Process Purge Limit
tmod:@turbot/turbot#/policy/types/processRetention
{ "type": "integer", "minimum": 1, "default": 2, "defaultMetadata": { "precedence": "must" }}
Turbot > Workspace > Retention > Process Version Purge Limit
This policy specifies the number of process versions to purge in each
retention control run. An appropriate size ensures rapid cleanup, but
without large operations causing spikes in database load.
Generally only needs to be changed in large environments undergoing rapid
change or backlogs of work.
See also: Turbot > Workspace > Retention > Process Retention
tmod:@turbot/turbot#/policy/types/processPurgeLimit
{ "type": "integer", "minimum": 1, "default": 1000, "defaultMetadata": { "precedence": "must" }}
Turbot > Workspace > Retention > Resource Purge Limit
The number of resource versions to purge in each retention control run. An
appropriate size ensures rapid cleanup, but without large operations causing
spikes in database load.
Generally only needs to be changed in large environments undergoing rapid
change or backlogs of work.
tmod:@turbot/turbot#/policy/types/resourcePurgeLimit
{ "type": "integer", "minimum": 1, "default": 30, "defaultMetadata": { "precedence": "must" }}
Turbot > Workspace > Search Data Batch Size
The number of controls and policy values to be updated with trunk details in search data. This repairs
the controls and policies with empty trunk information
The trunk information in search data helps the user to perform FTS ( Free Text Search ) on controls and policy values using a partial trunk title.
tmod:@turbot/turbot#/policy/types/searchDataBatchSize
{ "type": "integer", "minimum": 1, "default": 300, "defaultMetadata": { "precedence": "must" }}
Turbot > Workspace > Webhook Secrets
Turbot has a dedicated webhook endpoint to receive external events from
cloud providers, services and other infrastructure. Requests to this endpoint
are not subject to the usual API authentication, but instead rely on webhook
JWT tokens.
The JWT token is signed by Turbot using a Webhook Secret
, as set by this
policy. This ensures that fake tokens cannot be generated or used.
Turbot sets this policy on installation to complex password unique to your
workspace. This is a secure, effective default.
To ensure secrets work, even during rotation, this policy is defined as an
array. The first item is the current secret and is used to sign all newly
issued tokens. Other secrets in the array are used for verifying existing
tokens only.
Webhook Secrets are generally either distributed manually, making them difficult
to rotate, or managed by Turbot (e.g. with Stacks) and automatically rotated
per the Turbot > Workspace > Webhook Secrets > Rotation
policy.
If you wish or need to rotate this secret manually, you should:
1. Add a new secret as the first item in the array, leaving existing secrets below.
2. Allow time for all existing webhook URLs to be updated to the new token - usually manually.
3. Update the policy to remove old secrets that are no longer valid.
This policy defines a list of objects, including creation, expiration and
active information for each secret. For example:<br />[<br /> {<br /> "secret": "E!TJ8x4!P15ic=DN",<br /> "created": "2020-07-28T21:32:27.537Z",<br /> "expiration": "2021-03-31T00:00:00.000Z",<br /> "isActive": true<br /> }<br />]<br />
See also: Turbot > Workspace > API Secrets
defines secrets for short term
JWT tokens used in the UI and general API requests.
tmod:@turbot/turbot#/policy/types/webhookSecrets
{ "type": "array", "items": { "type": "object", "properties": { "secret": { "type": "string" }, "created": { "type": "string", "format": "date-time" }, "expiration": { "type": "string", "format": "date-time" }, "isActive": { "type": "boolean" } }, "additionalProperties": false }, "minItems": 2, "default": [ { "secret": "turbot", "isActive": false } ]}
Turbot > Workspace > Webhook Secrets > Expiration Period
Rotation of webhook JWT tokens should be performed to ensure the Expiration<br />Period
is never exceeded. For example, if Webhook Secrets > Rotation
is set to Enforce: ...
and this policy is set to 1 year
, then webhook
secrets will actually be rotated every 6 months or so (half the period).
tmod:@turbot/turbot#/policy/types/webhookSecretsExpirationPeriod
[ "1 month", "2 months", "3 months", "6 months", "1 year", "2 years", "3 years", "5 years", "Never"]
{ "type": "string", "enum": [ "1 month", "2 months", "3 months", "6 months", "1 year", "2 years", "3 years", "5 years", "Never" ], "default": "Never"}
Turbot > Workspace > Webhook Secrets > Rotation
Check or Enforce that Turbot > Workspace > Webhook Secrets
are being
per the Turbot > Workspace > Webhook Secrets > Expiration Period
policy.
For example, secrets must be rotated every year.
This policy is very useful when combined with Turbot's automatic management
of event handlers across cloud providers. Turbot will setup webhook handlers
in hundreds of cloud accounts, and then automatically rotate the JWT token
they use to send events back to Turbot. This rotation can automate that entire
process.
If managing your event handlers and webhooks to Turbot by hand, then it's
recommended to use Check: Webhook secret requires rotation
. This notifies
you that your secret has reached the policy maximum for your organization and
is due for rotation.
If your organization requires continuous rotation of secrets, then use Turbot
automation combined with Enforce: Rotate webhook secret
.
A common (and practical) policy position is having the ability to rotate secrets
when required - as opposed to continuous rotating them. In that case you could
set this policy to Check
combined with an expiration period of Never
.
tmod:@turbot/turbot#/policy/types/webhookSecretRotation
[ "Skip", "Check: Webhook secret requires rotation", "Enforce: Rotate webhook secret"]
{ "type": "string", "enum": [ "Skip", "Check: Webhook secret requires rotation", "Enforce: Rotate webhook secret" ], "example": [ "Check: Webhook secret requires rotation" ], "default": "Skip"}
Turbot > Workspace > Workspace URL
Turbot workspace URL for this workspace.
tmod:@turbot/turbot#/policy/types/workspaceUrl
{ "example": [ "https://random.com/apollo", "https://demo.cloud.turbot.com/apollo" ], "type": "string", "pattern": "^https://.+/apollo$", "default": ""}
Turbot > Workspace > Workspace Version
Turbot Enterprise version currently installed for this workspace.
This policy is automatically updated as part of each workspace upgrade.
tmod:@turbot/turbot#/policy/types/workspaceVersion
{ "type": "string", "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$", "example": "5.27.0"}