From d92243e060fe0a095aea118211d662fc32db0594 Mon Sep 17 00:00:00 2001 From: Kirill Logachev Date: Fri, 31 Jul 2020 09:48:56 -0700 Subject: [PATCH 1/3] Mode can be changed in-place --- azurerm/internal/services/policy/policy_definition_resource.go | 1 - 1 file changed, 1 deletion(-) diff --git a/azurerm/internal/services/policy/policy_definition_resource.go b/azurerm/internal/services/policy/policy_definition_resource.go index 234cea584402..2f16de93256e 100644 --- a/azurerm/internal/services/policy/policy_definition_resource.go +++ b/azurerm/internal/services/policy/policy_definition_resource.go @@ -63,7 +63,6 @@ func resourceArmPolicyDefinition() *schema.Resource { "mode": { Type: schema.TypeString, Required: true, - ForceNew: true, }, "management_group_id": { From 5f45e7f7b3ab439f5852a964ede026401fd0a717 Mon Sep 17 00:00:00 2001 From: Kirill Logachev Date: Sun, 16 Aug 2020 23:57:09 -0700 Subject: [PATCH 2/3] Add tests --- .../tests/policy_definition_resource_test.go | 90 +++++++++++++++++-- 1 file changed, 84 insertions(+), 6 deletions(-) diff --git a/azurerm/internal/services/policy/tests/policy_definition_resource_test.go b/azurerm/internal/services/policy/tests/policy_definition_resource_test.go index 7b3f7da01412..392533fb99ad 100644 --- a/azurerm/internal/services/policy/tests/policy_definition_resource_test.go +++ b/azurerm/internal/services/policy/tests/policy_definition_resource_test.go @@ -22,7 +22,7 @@ func TestAccAzureRMPolicyDefinition_basic(t *testing.T) { { Config: testAzureRMPolicyDefinition_basic(data), Check: resource.ComposeTestCheckFunc( - testCheckAzureRMPolicyDefinitionExists(data.ResourceName), + testCheckAzureRMPolicyDefinitionExists(data.ResourceName, "All"), ), }, data.ImportStep(), @@ -40,7 +40,7 @@ func TestAccAzureRMPolicyDefinition_requiresImport(t *testing.T) { { Config: testAzureRMPolicyDefinition_basic(data), Check: resource.ComposeTestCheckFunc( - testCheckAzureRMPolicyDefinitionExists(data.ResourceName), + testCheckAzureRMPolicyDefinitionExists(data.ResourceName, "All"), ), }, data.RequiresImportErrorStep(testAzureRMPolicyDefinition_requiresImport), @@ -58,7 +58,7 @@ func TestAccAzureRMPolicyDefinition_computedMetadata(t *testing.T) { { Config: testAzureRMPolicyDefinition_computedMetadata(data), Check: resource.ComposeTestCheckFunc( - testCheckAzureRMPolicyDefinitionExists(data.ResourceName), + testCheckAzureRMPolicyDefinitionExists(data.ResourceName, "Indexed"), ), }, data.ImportStep(), @@ -94,7 +94,38 @@ func TestAccAzureRMPolicyDefinition_metadata(t *testing.T) { { Config: testAzureRMPolicyDefinition_metadata(data), Check: resource.ComposeTestCheckFunc( - testCheckAzureRMPolicyDefinitionExists(data.ResourceName), + testCheckAzureRMPolicyDefinitionExists(data.ResourceName, "All"), + ), + }, + data.ImportStep(), + }, + }) +} + +func TestAccAzureRMPolicyDefinition_mode_update(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_policy_definition", "test") + number := data.RandomInteger + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acceptance.PreCheck(t) }, + Providers: acceptance.SupportedProviders, + CheckDestroy: testCheckAzureRMPolicyDefinitionDestroy, + Steps: []resource.TestStep{ + { + Config: testAzureRMPolicyDefinition_mode(number, "All"), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMPolicyDefinitionExists(data.ResourceName, "All"), + ), + }, + { + Config: testAzureRMPolicyDefinition_mode(number, "Indexed"), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMPolicyDefinitionExists(data.ResourceName, "Indexed"), + ), + }, + { + Config: testAzureRMPolicyDefinition_mode(number, "All"), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMPolicyDefinitionExists(data.ResourceName, "All"), ), }, data.ImportStep(), @@ -162,7 +193,7 @@ func testCheckAzureRMPolicyDefinitionDestroyInMgmtGroup(s *terraform.State) erro return nil } -func testCheckAzureRMPolicyDefinitionExists(resourceName string) resource.TestCheckFunc { +func testCheckAzureRMPolicyDefinitionExists(resourceName string, mode string) resource.TestCheckFunc { return func(s *terraform.State) error { client := acceptance.AzureProvider.Meta().(*clients.Client).Policy.DefinitionsClient ctx := acceptance.AzureProvider.Meta().(*clients.Client).StopContext @@ -177,13 +208,18 @@ func testCheckAzureRMPolicyDefinitionExists(resourceName string) resource.TestCh return err } - if resp, err := client.Get(ctx, id.Name); err != nil { + resp, err := client.Get(ctx, id.Name) + if err != nil { if utils.ResponseWasNotFound(resp.Response) { return fmt.Errorf("Bad: Policy Definition %q does not exist", id.Name) } return fmt.Errorf("Bad: Get on Policy.DefinitionsClient: %+v", err) } + if mode != *resp.DefinitionProperties.Mode { + return fmt.Errorf("Bad: Policy Definition Mode is different. Expected: %s, Actual: %s", mode, *resp.DefinitionProperties.Mode) + } + return nil } } @@ -402,3 +438,45 @@ METADATA } `, data.RandomInteger, data.RandomInteger) } + +func testAzureRMPolicyDefinition_mode(number int, mode string) string { + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +resource "azurerm_policy_definition" "test" { + name = "acctestpol-%d" + policy_type = "Custom" + mode = "%s" + display_name = "acctestpol-%d" + + policy_rule = < Date: Sun, 16 Aug 2020 23:58:55 -0700 Subject: [PATCH 3/3] Update docs --- website/docs/r/policy_definition.html.markdown | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/website/docs/r/policy_definition.html.markdown b/website/docs/r/policy_definition.html.markdown index 3b978cda8c5a..b1c9527e9682 100644 --- a/website/docs/r/policy_definition.html.markdown +++ b/website/docs/r/policy_definition.html.markdown @@ -25,7 +25,7 @@ resource "azurerm_policy_definition" "policy" { { "category": "General" } - + METADATA @@ -71,8 +71,7 @@ The following arguments are supported: * `mode` - (Required) The policy mode that allows you to specify which resource types will be evaluated. The value can be "All", "Indexed" or - "NotSpecified". Changing this resource forces a new resource to be - created. + "NotSpecified". * `display_name` - (Required) The display name of the policy definition.