From 29637611d3bd0d599fe386fad7b61643a5ee5db1 Mon Sep 17 00:00:00 2001 From: nunocenteno Date: Wed, 8 Apr 2020 23:13:55 +0000 Subject: [PATCH] Avoid creating unecessary policy definitions. --- .../policies/custom/create_pip.tf | 3 ++- .../policies/custom/pip_on_nic.tf | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/landingzones/landingzone_caf_foundations/blueprint_foundations_governance/policies/custom/create_pip.tf b/landingzones/landingzone_caf_foundations/blueprint_foundations_governance/policies/custom/create_pip.tf index c07ce55b6..500b890e8 100644 --- a/landingzones/landingzone_caf_foundations/blueprint_foundations_governance/policies/custom/create_pip.tf +++ b/landingzones/landingzone_caf_foundations/blueprint_foundations_governance/policies/custom/create_pip.tf @@ -1,5 +1,6 @@ resource "azurerm_policy_definition" "deny_publicip_spoke" { + count = var.policies_matrix.cant_create_ip_spoke ? 1 : 0 name = "pol-deny-publicip-creation" policy_type = "Custom" mode = "Indexed" @@ -23,7 +24,7 @@ resource "azurerm_policy_assignment" "deny-publicip-spoke" { count = var.policies_matrix.cant_create_ip_spoke ? 1 : 0 name = "deny-publicip-spoke" scope = var.scope - policy_definition_id = azurerm_policy_definition.deny_publicip_spoke.id + policy_definition_id = azurerm_policy_definition.deny_publicip_spoke[0].id description = "Policy Assignment for deny public IP creatin in spokes" display_name = "TF Deny public IP in spoke" diff --git a/landingzones/landingzone_caf_foundations/blueprint_foundations_governance/policies/custom/pip_on_nic.tf b/landingzones/landingzone_caf_foundations/blueprint_foundations_governance/policies/custom/pip_on_nic.tf index 2ad1ee9c1..a0021ed86 100644 --- a/landingzones/landingzone_caf_foundations/blueprint_foundations_governance/policies/custom/pip_on_nic.tf +++ b/landingzones/landingzone_caf_foundations/blueprint_foundations_governance/policies/custom/pip_on_nic.tf @@ -1,5 +1,6 @@ resource "azurerm_policy_definition" "deny_publicips_on_nics" { + count = var.policies_matrix.no_public_ip_spoke ? 1 : 0 name = "pol-deny-publicips-on-nics" policy_type = "Custom" mode = "Indexed" @@ -31,7 +32,7 @@ resource "azurerm_policy_assignment" "publicIP-deny-on-nics" { count = var.policies_matrix.no_public_ip_spoke ? 1 : 0 name = "deny-publicip-on-nics" scope = var.scope - policy_definition_id = azurerm_policy_definition.deny_publicips_on_nics.id + policy_definition_id = azurerm_policy_definition.deny_publicips_on_nics[0].id description = "Policy Assignment for deny public IP on NICs" display_name = "TF Deny public IP assignment on NICs"