From c06cb90e961143a9280b8579c64001a04b68f365 Mon Sep 17 00:00:00 2001 From: xuwu1 Date: Tue, 10 Jan 2023 12:52:41 +0800 Subject: [PATCH] policy definition data source support specify policy_type --- internal/services/policy/policy.go | 13 +++++++++---- .../policy/policy_definition_data_source.go | 12 ++++++++++-- .../policy/policy_definition_data_source_test.go | 1 + .../services/policy/policy_definition_resource.go | 8 ++++---- website/docs/d/policy_definition.html.markdown | 2 ++ 5 files changed, 26 insertions(+), 10 deletions(-) diff --git a/internal/services/policy/policy.go b/internal/services/policy/policy.go index 7fefa678e6f7..a827cc6245f8 100644 --- a/internal/services/policy/policy.go +++ b/internal/services/policy/policy.go @@ -10,14 +10,19 @@ import ( "github.com/hashicorp/terraform-provider-azurerm/utils" ) -func getPolicyDefinitionByDisplayName(ctx context.Context, client *policy.DefinitionsClient, displayName, managementGroupName string) (policy.Definition, error) { +func getPolicyDefinitionByDisplayName(ctx context.Context, client *policy.DefinitionsClient, displayName, managementGroupName string, + typ policy.Type) (policy.Definition, error) { var policyDefinitions policy.DefinitionListResultIterator var err error if managementGroupName != "" { policyDefinitions, err = client.ListByManagementGroupComplete(ctx, managementGroupName, "", nil) } else { - policyDefinitions, err = client.ListComplete(ctx, "", nil) + if typ == policy.TypeBuiltIn { + policyDefinitions, err = client.ListBuiltInComplete(ctx, "", nil) + } else { + policyDefinitions, err = client.ListComplete(ctx, "", nil) + } } if err != nil { return policy.Definition{}, fmt.Errorf("loading Policy Definition List: %+v", err) @@ -48,10 +53,10 @@ func getPolicyDefinitionByDisplayName(ctx context.Context, client *policy.Defini return results[0], nil } -func getPolicyDefinitionByName(ctx context.Context, client *policy.DefinitionsClient, name, managementGroupName string) (res policy.Definition, err error) { +func getPolicyDefinitionByName(ctx context.Context, client *policy.DefinitionsClient, name, managementGroupName string, typ policy.Type) (res policy.Definition, err error) { if managementGroupName == "" { res, err = client.GetBuiltIn(ctx, name) - if utils.ResponseWasNotFound(res.Response) { + if utils.ResponseWasNotFound(res.Response) && typ != policy.TypeBuiltIn { res, err = client.Get(ctx, name) } } else { diff --git a/internal/services/policy/policy_definition_data_source.go b/internal/services/policy/policy_definition_data_source.go index 6d42227f76d9..3fbc6a2a126d 100644 --- a/internal/services/policy/policy_definition_data_source.go +++ b/internal/services/policy/policy_definition_data_source.go @@ -55,6 +55,13 @@ func dataSourceArmPolicyDefinition() *pluginsdk.Resource { "policy_type": { Type: pluginsdk.TypeString, Computed: true, + Optional: true, + ValidateFunc: validation.StringInSlice(func() (res []string) { + for _, val := range policy.PossibleTypeValues() { + res = append(res, string(val)) + } + return + }(), false), }, "policy_rule": { @@ -103,14 +110,15 @@ func dataSourceArmPolicyDefinitionRead(d *pluginsdk.ResourceData, meta interface var policyDefinition policy.Definition var err error // one of display_name and name must be non-empty, this is guaranteed by schema + policyType := policy.Type(d.Get("policy_type").(string)) if displayName != "" { - policyDefinition, err = getPolicyDefinitionByDisplayName(ctx, client, displayName, managementGroupName) + policyDefinition, err = getPolicyDefinitionByDisplayName(ctx, client, displayName, managementGroupName, policyType) if err != nil { return fmt.Errorf("reading Policy Definition (Display Name %q): %+v", displayName, err) } } if name != "" { - policyDefinition, err = getPolicyDefinitionByName(ctx, client, name, managementGroupName) + policyDefinition, err = getPolicyDefinitionByName(ctx, client, name, managementGroupName, policyType) if err != nil { return fmt.Errorf("reading Policy Definition %q: %+v", name, err) } diff --git a/internal/services/policy/policy_definition_data_source_test.go b/internal/services/policy/policy_definition_data_source_test.go index bb1b89e7b140..dc56cf519204 100644 --- a/internal/services/policy/policy_definition_data_source_test.go +++ b/internal/services/policy/policy_definition_data_source_test.go @@ -127,6 +127,7 @@ provider "azurerm" { data "azurerm_policy_definition" "test" { display_name = "%s" + policy_type = "BuiltIn" } `, name) } diff --git a/internal/services/policy/policy_definition_resource.go b/internal/services/policy/policy_definition_resource.go index fdd3e4c105d5..2d322f9a6c6f 100644 --- a/internal/services/policy/policy_definition_resource.go +++ b/internal/services/policy/policy_definition_resource.go @@ -63,7 +63,7 @@ func resourceArmPolicyDefinitionCreateUpdate(d *pluginsdk.ResourceData, meta int } if d.IsNewResource() { - existing, err := getPolicyDefinitionByName(ctx, client, name, managementGroupName) + existing, err := getPolicyDefinitionByName(ctx, client, name, managementGroupName, "") if err != nil { if !utils.ResponseWasNotFound(existing.Response) { return fmt.Errorf("checking for presence of existing Policy Definition %q: %+v", name, err) @@ -143,7 +143,7 @@ func resourceArmPolicyDefinitionCreateUpdate(d *pluginsdk.ResourceData, meta int return fmt.Errorf("waiting for Policy Definition %q to become available: %+v", name, err) } - resp, err := getPolicyDefinitionByName(ctx, client, name, managementGroupName) + resp, err := getPolicyDefinitionByName(ctx, client, name, managementGroupName, "") if err != nil { return err } @@ -179,7 +179,7 @@ func resourceArmPolicyDefinitionRead(d *pluginsdk.ResourceData, meta interface{} managementGroupName = managementGroupId.Name } - resp, err := getPolicyDefinitionByName(ctx, client, id.Name, managementGroupName) + resp, err := getPolicyDefinitionByName(ctx, client, id.Name, managementGroupName, "") if err != nil { if utils.ResponseWasNotFound(resp.Response) { log.Printf("[INFO] Error reading Policy Definition %q - removing from state", d.Id()) @@ -259,7 +259,7 @@ func resourceArmPolicyDefinitionDelete(d *pluginsdk.ResourceData, meta interface func policyDefinitionRefreshFunc(ctx context.Context, client *policy.DefinitionsClient, name, managementGroupID string) pluginsdk.StateRefreshFunc { return func() (interface{}, string, error) { - res, err := getPolicyDefinitionByName(ctx, client, name, managementGroupID) + res, err := getPolicyDefinitionByName(ctx, client, name, managementGroupID, "") if err != nil { return nil, strconv.Itoa(res.StatusCode), fmt.Errorf("issuing read request in policyAssignmentRefreshFunc for Policy Assignment %q: %+v", name, err) } diff --git a/website/docs/d/policy_definition.html.markdown b/website/docs/d/policy_definition.html.markdown index 900e10c62587..fad0e5f448a7 100644 --- a/website/docs/d/policy_definition.html.markdown +++ b/website/docs/d/policy_definition.html.markdown @@ -32,6 +32,8 @@ output "id" { * `management_group_name` - (Optional) Only retrieve Policy Definitions from this Management Group. +* `policy_type` - (Optional) The Type of the Policy. The only possible values is `BuiltIn`. + ## Attributes Reference * `id` - The ID of the Policy Definition.