Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update azurerm_policy_set_definition - Support policy_definition_group #9259

Merged
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 4 additions & 5 deletions azurerm/internal/services/policy/policy.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,8 @@ import (
"encoding/json"
"fmt"

"github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils"

"github.com/Azure/azure-sdk-for-go/services/resources/mgmt/2019-09-01/policy"
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils"
)

func getPolicyDefinitionByDisplayName(ctx context.Context, client *policy.DefinitionsClient, displayName, managementGroupName string) (policy.Definition, error) {
Expand Down Expand Up @@ -49,7 +48,7 @@ func getPolicyDefinitionByDisplayName(ctx context.Context, client *policy.Defini
return results[0], nil
}

func getPolicyDefinitionByName(ctx context.Context, client *policy.DefinitionsClient, name string, managementGroupName string) (res policy.Definition, err error) {
func getPolicyDefinitionByName(ctx context.Context, client *policy.DefinitionsClient, name, managementGroupName string) (res policy.Definition, err error) {
if managementGroupName == "" {
res, err = client.Get(ctx, name)
if utils.ResponseWasNotFound(res.Response) {
Expand All @@ -62,7 +61,7 @@ func getPolicyDefinitionByName(ctx context.Context, client *policy.DefinitionsCl
return res, err
}

func getPolicySetDefinitionByName(ctx context.Context, client *policy.SetDefinitionsClient, name string, managementGroupID string) (res policy.SetDefinition, err error) {
func getPolicySetDefinitionByName(ctx context.Context, client *policy.SetDefinitionsClient, name, managementGroupID string) (res policy.SetDefinition, err error) {
if managementGroupID == "" {
res, err = client.Get(ctx, name)
if utils.ResponseWasNotFound(res.Response) {
Expand Down Expand Up @@ -121,7 +120,7 @@ func expandParameterDefinitionsValueFromString(jsonString string) (map[string]*p
return result, err
}

func flattenParameterDefintionsValueToString(input map[string]*policy.ParameterDefinitionsValue) (string, error) {
func flattenParameterDefinitionsValueToString(input map[string]*policy.ParameterDefinitionsValue) (string, error) {
if len(input) == 0 {
return "", nil
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -131,7 +131,7 @@ func dataSourceArmPolicyDefinitionRead(d *schema.ResourceData, meta interface{})
d.Set("metadata", metadataStr)
}

if parametersStr, err := flattenParameterDefintionsValueToString(policyDefinition.Parameters); err == nil {
if parametersStr, err := flattenParameterDefinitionsValueToString(policyDefinition.Parameters); err == nil {
d.Set("parameters", parametersStr)
} else {
return fmt.Errorf("failed to flatten Policy Parameters %q: %+v", name, err)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -312,7 +312,7 @@ func resourceArmPolicyDefinitionRead(d *schema.ResourceData, meta interface{}) e
d.Set("metadata", metadataStr)
}

if parametersStr, err := flattenParameterDefintionsValueToString(props.Parameters); err == nil {
if parametersStr, err := flattenParameterDefinitionsValueToString(props.Parameters); err == nil {
d.Set("parameters", parametersStr)
} else {
return fmt.Errorf("flattening policy definition parameters %+v", err)
Expand Down Expand Up @@ -356,7 +356,7 @@ func resourceArmPolicyDefinitionDelete(d *schema.ResourceData, meta interface{})
return nil
}

func policyDefinitionRefreshFunc(ctx context.Context, client *policy.DefinitionsClient, name string, managementGroupID string) resource.StateRefreshFunc {
func policyDefinitionRefreshFunc(ctx context.Context, client *policy.DefinitionsClient, name, managementGroupID string) resource.StateRefreshFunc {
return func() (interface{}, string, error) {
res, err := getPolicyDefinitionByName(ctx, client, name, managementGroupID)
if err != nil {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,14 @@ func dataSourceArmPolicySetDefinition() *schema.Resource {
Type: schema.TypeString,
Computed: true,
},

"policy_group_names": {
Type: schema.TypeList,
Computed: true,
Elem: &schema.Schema{
Type: schema.TypeString,
},
},
},
},
},
Expand All @@ -97,6 +105,39 @@ func dataSourceArmPolicySetDefinition() *schema.Resource {
Type: schema.TypeString,
Computed: true,
},

"policy_definition_group": {
Type: schema.TypeList,
Computed: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"name": {
Type: schema.TypeString,
Computed: true,
},

"display_name": {
Type: schema.TypeString,
Computed: true,
},

"category": {
Type: schema.TypeString,
Computed: true,
},

"description": {
Type: schema.TypeString,
Computed: true,
},

"additional_metadata_resource_id": {
Type: schema.TypeString,
Computed: true,
},
},
},
},
},
}
}
Expand Down Expand Up @@ -137,7 +178,7 @@ func dataSourceArmPolicySetDefinitionRead(d *schema.ResourceData, meta interface
d.Set("policy_type", setDefinition.PolicyType)
d.Set("metadata", flattenJSON(setDefinition.Metadata))

if paramsStr, err := flattenParameterDefintionsValueToString(setDefinition.Parameters); err != nil {
if paramsStr, err := flattenParameterDefinitionsValueToString(setDefinition.Parameters); err != nil {
return fmt.Errorf("flattening JSON for `parameters`: %+v", err)
} else {
d.Set("parameters", paramsStr)
Expand All @@ -157,5 +198,9 @@ func dataSourceArmPolicySetDefinitionRead(d *schema.ResourceData, meta interface
return fmt.Errorf("setting `policy_definition_reference`: %+v", err)
}

if err := d.Set("policy_definition_group", flattenAzureRMPolicySetDefinitionPolicyGroups(setDefinition.PolicyDefinitionGroups)); err != nil {
return fmt.Errorf("setting `policy_definition_group`: %+v", err)
}

return nil
}
144 changes: 140 additions & 4 deletions azurerm/internal/services/policy/policy_set_definition_resource.go
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package policy

import (
"bytes"
"context"
"encoding/json"
"fmt"
Expand All @@ -11,6 +12,7 @@ import (

"github.com/Azure/azure-sdk-for-go/services/resources/mgmt/2019-09-01/policy"
"github.com/Azure/go-autorest/autorest"
"github.com/hashicorp/terraform-plugin-sdk/helper/hashcode"
"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
"github.com/hashicorp/terraform-plugin-sdk/helper/structure"
Expand Down Expand Up @@ -152,9 +154,57 @@ func resourceArmPolicySetDefinition() *schema.Resource {
Optional: true,
Computed: true,
},

"policy_group_names": {
Type: schema.TypeSet,
Optional: true,
Elem: &schema.Schema{
Type: schema.TypeString,
ValidateFunc: validation.StringIsNotEmpty,
},
},
},
},
},

"policy_definition_group": {
Type: schema.TypeSet,
Optional: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"name": {
Type: schema.TypeString,
Required: true,
ValidateFunc: validation.StringIsNotEmpty,
},

"display_name": {
Type: schema.TypeString,
Optional: true,
ValidateFunc: validation.StringIsNotEmpty,
},

"category": {
Type: schema.TypeString,
Optional: true,
ValidateFunc: validation.StringIsNotEmpty,
},

"description": {
Type: schema.TypeString,
Optional: true,
ValidateFunc: validation.StringIsNotEmpty,
},

"additional_metadata_resource_id": {
Type: schema.TypeString,
Optional: true,
ValidateFunc: validation.StringIsNotEmpty,
},
},
},
Set: resourceARMPolicySetDefinitionPolicyDefinitionGroupHash,
},
},
}
}
Expand Down Expand Up @@ -271,6 +321,10 @@ func resourceArmPolicySetDefinitionCreate(d *schema.ResourceData, meta interface
properties.PolicyDefinitions = definitions
}

if v, ok := d.GetOk("policy_definition_group"); ok {
properties.PolicyDefinitionGroups = expandAzureRMPolicySetDefinitionPolicyGroups(v.(*schema.Set).List())
}

definition := policy.SetDefinition{
SetDefinitionProperties: &properties,
}
Expand Down Expand Up @@ -462,7 +516,7 @@ func resourceArmPolicySetDefinitionRead(d *schema.ResourceData, meta interface{}
}

if parameters := props.Parameters; parameters != nil {
parametersStr, err := flattenParameterDefintionsValueToString(parameters)
parametersStr, err := flattenParameterDefinitionsValueToString(parameters)
if err != nil {
return fmt.Errorf("flattening JSON for `parameters`: %+v", err)
}
Expand All @@ -485,6 +539,10 @@ func resourceArmPolicySetDefinitionRead(d *schema.ResourceData, meta interface{}
if err := d.Set("policy_definition_reference", references); err != nil {
return fmt.Errorf("setting `policy_definition_reference`: %+v", err)
}

if err := d.Set("policy_definition_group", flattenAzureRMPolicySetDefinitionPolicyGroups(props.PolicyDefinitionGroups)); err != nil {
return fmt.Errorf("setting `policy_definition_group`: %+v", err)
}
}

return nil
Expand All @@ -501,8 +559,7 @@ func resourceArmPolicySetDefinitionDelete(d *schema.ResourceData, meta interface
}

managementGroupName := ""
switch scopeId := id.PolicyScopeId.(type) { // nolint gocritic
case parse.ScopeAtManagementGroup:
if scopeId, ok := id.PolicyScopeId.(parse.ScopeAtManagementGroup); ok {
managementGroupName = scopeId.ManagementGroupName
}

Expand All @@ -524,7 +581,7 @@ func resourceArmPolicySetDefinitionDelete(d *schema.ResourceData, meta interface
return nil
}

func policySetDefinitionRefreshFunc(ctx context.Context, client *policy.SetDefinitionsClient, name string, managementGroupId string) resource.StateRefreshFunc {
func policySetDefinitionRefreshFunc(ctx context.Context, client *policy.SetDefinitionsClient, name, managementGroupId string) resource.StateRefreshFunc {
return func() (interface{}, string, error) {
res, err := getPolicySetDefinitionByName(ctx, client, name, managementGroupId)
if err != nil {
Expand Down Expand Up @@ -600,6 +657,7 @@ func expandAzureRMPolicySetDefinitionPolicyDefinitions(input []interface{}) (*[]
PolicyDefinitionID: utils.String(v["policy_definition_id"].(string)),
Parameters: parameters,
PolicyDefinitionReferenceID: utils.String(v["reference_id"].(string)),
GroupNames: utils.ExpandStringSlice(v["policy_group_names"].(*schema.Set).List()),
})
}

Expand Down Expand Up @@ -641,7 +699,85 @@ func flattenAzureRMPolicySetDefinitionPolicyDefinitions(input *[]policy.Definiti
"parameters": parametersMap,
"parameter_values": parameterValues,
"reference_id": policyDefinitionReference,
"policy_group_names": utils.FlattenStringSlice(definition.GroupNames),
})
}
return result, nil
}

func expandAzureRMPolicySetDefinitionPolicyGroups(input []interface{}) *[]policy.DefinitionGroup {
result := make([]policy.DefinitionGroup, 0)

for _, item := range input {
v := item.(map[string]interface{})
group := policy.DefinitionGroup{}
if name := v["name"].(string); name != "" {
group.Name = utils.String(name)
}
if displayName := v["display_name"].(string); displayName != "" {
group.DisplayName = utils.String(displayName)
}
if category := v["category"].(string); category != "" {
group.Category = utils.String(category)
}
if description := v["description"].(string); description != "" {
group.Description = utils.String(description)
}
if metadataID := v["additional_metadata_resource_id"].(string); metadataID != "" {
group.AdditionalMetadataID = utils.String(metadataID)
}
result = append(result, group)
}

return &result
}

func flattenAzureRMPolicySetDefinitionPolicyGroups(input *[]policy.DefinitionGroup) []interface{} {
result := make([]interface{}, 0)
if input == nil {
return result
}

for _, group := range *input {
name := ""
if group.Name != nil {
name = *group.Name
}
displayName := ""
if group.DisplayName != nil {
displayName = *group.DisplayName
}
category := ""
if group.Category != nil {
category = *group.Category
}
description := ""
if group.Description != nil {
description = *group.Description
}
metadataID := ""
if group.AdditionalMetadataID != nil {
metadataID = *group.AdditionalMetadataID
}

result = append(result, map[string]interface{}{
"name": name,
"display_name": displayName,
"category": category,
"description": description,
"additional_metadata_resource_id": metadataID,
})
}

return result
}

func resourceARMPolicySetDefinitionPolicyDefinitionGroupHash(v interface{}) int {
var buf bytes.Buffer

if m, ok := v.(map[string]interface{}); ok {
buf.WriteString(m["name"].(string))
}

return hashcode.String(buf.String())
}
Loading