Flexera Policy Development Training

This Github repository contains lessons and resources intended to train someone on policy development.

This is a work in progress. Please use the Issues page both for errors and general feedback.

Prerequisites

• These lessons focus specifically on developing policy templates and assume that you are already familiar with making use of policy templates as an end-user in the Flexera One platform. Some basics are covered in the first lesson, but if you're unfamiliar with policy templates more generally, it is recommended that you review the Policy Engine Documentation and experiment with using policy templates from the Policy Catalog.

• You will need a basic level of familiarity with REST APIs and how they work. The Learning REST APIs course on LinkedIn Learning is recommended, but many other resources for learning about REST APIs are available on most technical learning platforms.

• You will need a basic level of proficiency in JavaScript. If you've never used JavaScript, but are already well-versed in another high-level programming language, you should be able to pick it up quickly. There are many resources available for learning JavaScript, such as the JavaScript Essential Training course on LinkedIn Learning, if you need to get up to speed.

• While Git is only very lightly used during these lessons, some familiarity with Git and version control is recommended if you intend to develop policy templates. Resources for learning how to use Git are widely available, such as the Git Essential Training course on LinkedIn Learning.

Where to Begin?

We recommended that you begin by following the steps in the Initial Setup guide to create a functioning development environment on your local workstation, and then proceed to Lesson 01.

Syllabus

Note: Each lesson builds upon ideas and concepts in the previous lesson. We recommended that you proceed in order rather than skip around.

• Initial Setup
  • Windows (PowerShell)
  • Windows (WSL2)
  • macOS
  • Linux
• Lesson 01 - Introduction: A basic description of policy templates, what they do, and how they are used.
• Lesson 02 - Hello World: Create a very basic policy template.
• Lesson 03 - Parameters: Learn how to enable user input in policy templates with parameters.
  • Exercise 01 - Summation: Create a policy template to report the sum of two numbers.
• Lesson 04 - Escalations: Learn how to escalate incidents in policy templates.
• Lesson 05 - fpt: Deep dive into the fpt command line tool.
• Lesson 06 - APIs: Learn how to call REST APIs within a policy template.
  • Exercise 02 - Tutorial Policy Templates: Create a policy template to report a list of tutorial policy templates.
• Lesson 07 - Pagination: Learn how to handle paginated results from REST APIs.
• Lesson 08 - Underscore.js: Learn more about the Underscore.js library included in the policy engine.
• Lesson 09 - Relational Data: Learn how to relate data from two different datasources..
• Lesson 10 - Debugging: Learn the flow and process for debugging malfunctioning policy templates.
  • Exercise 03 - Employees: Create a policy template to report a list of employees and their department heads
• Lesson 11 - Request Scripts: Learn how to encapsulate API requests within script blocks.
• Lesson 12 - Iterating: Learn how to iterate through a datasource to make multiple API requests.
• Lesson 13 - Optimization: Learn how to optimize policy templates for lower memory usage and faster execution.
• Lesson 14 - Miscellaneous: Learn a few miscellaneous things not covered in previous lessons.
  • Exercise 04 - Departments: Create a policy template to reported detailed information about an organization's departments.
• Lesson 15 - Best Practices: Learn some best practices for policy template formatting.
• Lesson 16 - XML & Text Responses: Learn how to parse XML and text responses from APIs.
• Lesson 17 - Local JavaScript Testing: Learn how to test script blocks locally using node.js.
• Lesson 18 - Go Template Syntax: Learn how to use Go template syntax and Markdown in incidents.
  • Exercise 05 - Employees Table: Modify the policy template from Exercise 03 to present the results as a table using Go template syntax and Markdown.
• Lesson 19 - Cloud Workflow: Learn about how Cloud Workflow Language can be used to add policy actions.
• Lesson 20 - Further Learning: Learn where to go to continue learning about policy development.

About The Lessons

These lessons are intended to get someone familiar with policy template development by starting simple and gradually introducing new concepts along the way. Most the lessons will walk you through creating or modifying a policy template in order to achieve specific functionality. The actual development will occur on your local workstation, but each lesson will have a "solution" folder containing correct versions of the assets that you will be creating during the lesson as a reference.

These lessons will not provide full coverage of every aspect of the policy template language. Once you've completed these lessons and are confident in your understanding of their contents, we recommended that you review the official documentation for more detail. Scroll down to the Reference Materials section for more information.

NOTE: Some aspects of this training require access to a functioning Flexera One organization. It is highly recommended that you have access to a UAT or other low risk environment to test in. None of the policy templates developed in these lessons have the potential to do anything destructive, but we recommended that you not use a production Flexera One organization to avoid cluttering it with training assets.

If you do not have this access, you can still follow along and write policy templates, but you may need to read along the sections that involve the Flexera One user interface and the fpt command line tool rather than perform those steps directly.

Reference Materials

• Policy Engine Documentation
• Policy Template Language Documentation
• Flexera Policy Templates GitHub Repository
• Cloud Workflow Language Documentation
• Flexera One API Documentation
• Flexera CMP Documentation
• fpt Documentation

Other Useful Resources

• Underscore.js: Documentation for the Underscore.js library.
• Go Template: Information on Go template syntax.
• Markdown: Information on Markdown.
• LinkedIn Learning: Training on JavaScript, public clouds, APIs, and other concepts relevant to the policy engine. The JavaScript Essential Training course should cover what is needed for policy template development.

Repository Information

Note: This is not of interest if you're just here to learn policy development. This section is intended for developers and other interested parties that need more detailed information about how this GitHub repository is configured.

Pull Requests

Anyone can make a pull request to the "main" branch. Pull requests can only be merged once the pull request has been reviewed and approved by at least one person on the "Policy Developers" team. This team consists of Flexera employees with expertise on policy development.

When a pull request is made, the following automated tests will occur:

• CodeQL will check the code in the pull request for vulnerabilities.
• Dangerfile will do tests for syntax and spelling. The Dangerfile file in the root directory of the repository, along with the files in the .dangerfile directory, contain the specific tests that are performed.

Any issues identified by automated testing will be raised as notes within the pull request as either warnings or errors. There is no hard requirement for all tests to pass to merge a pull request but every warning or error should be reviewed in detail to ensure it hasn't identified a legitimate problem.

Branch Structure

The "main" branch is the production branch intended for day-to-day usage. Other branches are for development and, once development work is done, should be merged into the "main" branch via pull request. Branches should be deleted after being merged.

Directory Structure

• /: The root directory of the repository contains various configuration files used by git, GitHub, Dangerfile, VSCode, etc. as well as this README.md file.
• /.dangerfile: Contains various tests that are executed via Dangerfile when a pull request is made to the "main" branch.
• /.data: Contains fake data for simulating API responses.
• /.github: Contains Github-specific configurations, such as issue templates and workflows.
• /.vscode: Contains configuration data for VSCode.
• /exercises: Contains exercises where the student needs to build their own policy template.
• /lessons: Contains lessons with interactive development to learn policy template development.
• /setup: Contains instructions for the student to configure their local workstation.
• /supplemental: Contains supplemental materials that may be useful for learning or teaching policy development that are not part of the training itself.

GitHub Workflows

The following GitHub Workflows perform automated tasks for this repository:

• Test Changes: Performs Dangerfile testing when a pull request to the "main" branch is made.