diff --git a/internal/services/policy/assignment_resource_group_resource_test.go b/internal/services/policy/assignment_resource_group_resource_test.go index e76105a682ad0..e133ca11656d4 100644 --- a/internal/services/policy/assignment_resource_group_resource_test.go +++ b/internal/services/policy/assignment_resource_group_resource_test.go @@ -306,9 +306,9 @@ resource "azurerm_resource_group_policy_assignment" "test" { resource_group_id = azurerm_resource_group.test.id policy_definition_id = data.azurerm_policy_definition.test.id - non_compliance_message { - message = "test" - } + non_compliance_message { + message = "test" + } parameters = jsonencode({ "listOfAllowedLocations" = { @@ -420,9 +420,9 @@ resource "azurerm_resource_group_policy_assignment" "test" { policy_definition_id = data.azurerm_policy_set_definition.test.id location = azurerm_resource_group.test.location - non_compliance_message { - message = "test" - } + non_compliance_message { + message = "test" + } identity { type = "SystemAssigned" @@ -450,14 +450,14 @@ resource "azurerm_resource_group_policy_assignment" "test" { policy_definition_id = data.azurerm_policy_set_definition.test.id location = azurerm_resource_group.test.location - non_compliance_message { - message = "test" - } + non_compliance_message { + message = "test" + } - non_compliance_message { - message = "test2" - policy_definition_reference_id = "AINE_MinimumPasswordLength" - } + non_compliance_message { + message = "test2" + policy_definition_reference_id = "AINE_MinimumPasswordLength" + } identity { type = "SystemAssigned" diff --git a/internal/services/policy/assignment_resource_test.go b/internal/services/policy/assignment_resource_test.go index f2d28ccfa92b5..4dc465724ccbe 100644 --- a/internal/services/policy/assignment_resource_test.go +++ b/internal/services/policy/assignment_resource_test.go @@ -44,6 +44,40 @@ func TestAccResourcePolicyAssignment_basicWithBuiltInPolicy(t *testing.T) { }) } +func TestAccResourcePolicyAssignment_basicWithBuiltInPolicyNonComplianceMessage(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_resource_policy_assignment", "test") + r := ResourceAssignmentTestResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.withBuiltInPolicyNonComplianceMessage(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("non_compliance_message.#").HasValue("1"), + check.That(data.ResourceName).Key("non_compliance_message.0.message").HasValue("test"), + ), + }, + data.ImportStep(), + { + Config: r.withBuiltInPolicyNonComplianceMessageUpdated(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("non_compliance_message").DoesNotExist(), + ), + }, + data.ImportStep(), + { + Config: r.withBuiltInPolicyNonComplianceMessage(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("non_compliance_message.#").HasValue("1"), + check.That(data.ResourceName).Key("non_compliance_message.0.message").HasValue("test"), + ), + }, + data.ImportStep(), + }) +} + func TestAccResourcePolicyAssignment_basicWithBuiltInPolicySet(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_resource_policy_assignment", "test") r := ResourceAssignmentTestResource{} @@ -73,6 +107,43 @@ func TestAccResourcePolicyAssignment_basicWithBuiltInPolicySet(t *testing.T) { }) } +func TestAccResourcePolicyAssignment_basicWithBuiltInPolicySetNonComplianceMessage(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_resource_policy_assignment", "test") + r := ResourceAssignmentTestResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.withBuiltInPolicySetNonComplianceMessage(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("non_compliance_message.#").HasValue("1"), + check.That(data.ResourceName).Key("non_compliance_message.0.message").HasValue("test"), + ), + }, + data.ImportStep(), + { + Config: r.withBuiltInPolicySetNonComplianceMessageUpdated(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("non_compliance_message.#").HasValue("2"), + check.That(data.ResourceName).Key("non_compliance_message.0.message").HasValue("test"), + check.That(data.ResourceName).Key("non_compliance_message.1.message").HasValue("test2"), + check.That(data.ResourceName).Key("non_compliance_message.1.policy_definition_reference_id").HasValue("AINE_MinimumPasswordLength"), + ), + }, + data.ImportStep(), + { + Config: r.withBuiltInPolicySetNonComplianceMessage(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("non_compliance_message.#").HasValue("1"), + check.That(data.ResourceName).Key("non_compliance_message.0.message").HasValue("test"), + ), + }, + data.ImportStep(), + }) +} + func TestAccResourcePolicyAssignment_basicWithCustomPolicy(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_resource_policy_assignment", "test") r := ResourceAssignmentTestResource{} @@ -217,6 +288,63 @@ resource "azurerm_resource_policy_assignment" "test" { `, template, data.RandomInteger, data.Locations.Secondary) } +func (r ResourceAssignmentTestResource) withBuiltInPolicyNonComplianceMessage(data acceptance.TestData) string { + template := r.template(data) + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +%s + +data "azurerm_policy_definition" "test" { + display_name = "Allowed locations" +} + +resource "azurerm_resource_policy_assignment" "test" { + name = "acctestpa-%[2]d" + resource_id = azurerm_virtual_network.test.id + policy_definition_id = data.azurerm_policy_definition.test.id + + non_compliance_message { + message = "test" + } + + parameters = jsonencode({ + "listOfAllowedLocations" = { + "value" = [azurerm_resource_group.test.location] + } + }) +} +`, template, data.RandomInteger) +} + +func (r ResourceAssignmentTestResource) withBuiltInPolicyNonComplianceMessageUpdated(data acceptance.TestData) string { + template := r.template(data) + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +%s + +data "azurerm_policy_definition" "test" { + display_name = "Allowed locations" +} + +resource "azurerm_resource_policy_assignment" "test" { + name = "acctestpa-%[2]d" + resource_id = azurerm_virtual_network.test.id + policy_definition_id = data.azurerm_policy_definition.test.id + parameters = jsonencode({ + "listOfAllowedLocations" = { + "value" = [azurerm_resource_group.test.location, "%[3]s"] + } + }) +} +`, template, data.RandomInteger, data.Locations.Secondary) +} + func (r ResourceAssignmentTestResource) withBuiltInPolicySetBasic(data acceptance.TestData) string { template := r.template(data) return fmt.Sprintf(` @@ -273,6 +401,75 @@ resource "azurerm_resource_policy_assignment" "test" { `, template, data.RandomInteger) } +func (r ResourceAssignmentTestResource) withBuiltInPolicySetNonComplianceMessage(data acceptance.TestData) string { + template := r.template(data) + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +%s + +data "azurerm_policy_set_definition" "test" { + display_name = "Audit machines with insecure password security settings" +} + +resource "azurerm_resource_policy_assignment" "test" { + name = "acctestpa-%[2]d" + resource_id = azurerm_virtual_network.test.id + policy_definition_id = data.azurerm_policy_set_definition.test.id + location = azurerm_resource_group.test.location + + non_compliance_message { + message = "test" + } + + identity { + type = "SystemAssigned" + } +} +`, template, data.RandomInteger) +} + +func (r ResourceAssignmentTestResource) withBuiltInPolicySetNonComplianceMessageUpdated(data acceptance.TestData) string { + template := r.template(data) + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +%s + +data "azurerm_policy_set_definition" "test" { + display_name = "Audit machines with insecure password security settings" +} + +resource "azurerm_resource_policy_assignment" "test" { + name = "acctestpa-%[2]d" + resource_id = azurerm_virtual_network.test.id + policy_definition_id = data.azurerm_policy_set_definition.test.id + location = azurerm_resource_group.test.location + + non_compliance_message { + message = "test" + } + + non_compliance_message { + message = "test2" + policy_definition_reference_id = "AINE_MinimumPasswordLength" + } + + identity { + type = "SystemAssigned" + } + + metadata = jsonencode({ + "category" : "Testing" + }) +} +`, template, data.RandomInteger) +} + func (r ResourceAssignmentTestResource) withCustomPolicyBasic(data acceptance.TestData) string { template := r.templateWithCustomPolicy(data) return fmt.Sprintf(` diff --git a/internal/services/policy/assignment_subscription_resource_test.go b/internal/services/policy/assignment_subscription_resource_test.go index e3447cc838cb8..76174257ccd7e 100644 --- a/internal/services/policy/assignment_subscription_resource_test.go +++ b/internal/services/policy/assignment_subscription_resource_test.go @@ -44,6 +44,40 @@ func TestAccSubscriptionPolicyAssignment_basicWithBuiltInPolicy(t *testing.T) { }) } +func TestAccSubscriptionPolicyAssignment_basicWithBuiltInPolicyNonComplianceMessage(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_subscription_policy_assignment", "test") + r := SubscriptionAssignmentTestResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.withBuiltInPolicyNonComplianceMessage(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("non_compliance_message.#").HasValue("1"), + check.That(data.ResourceName).Key("non_compliance_message.0.message").HasValue("test"), + ), + }, + data.ImportStep(), + { + Config: r.withBuiltInPolicyNonComplianceMessageUpdated(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("non_compliance_message").DoesNotExist(), + ), + }, + data.ImportStep(), + { + Config: r.withBuiltInPolicyNonComplianceMessage(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("non_compliance_message.#").HasValue("1"), + check.That(data.ResourceName).Key("non_compliance_message.0.message").HasValue("test"), + ), + }, + data.ImportStep(), + }) +} + func TestAccSubscriptionPolicyAssignment_basicWithBuiltInPolicySet(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_subscription_policy_assignment", "test") r := SubscriptionAssignmentTestResource{} @@ -73,6 +107,43 @@ func TestAccSubscriptionPolicyAssignment_basicWithBuiltInPolicySet(t *testing.T) }) } +func TestAccSubscriptionPolicyAssignment_basicWithBuiltInPolicySetNonComplianceMessage(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_subscription_policy_assignment", "test") + r := SubscriptionAssignmentTestResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.withBuiltInPolicySetNonComplianceMessage(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("non_compliance_message.#").HasValue("1"), + check.That(data.ResourceName).Key("non_compliance_message.0.message").HasValue("test"), + ), + }, + data.ImportStep(), + { + Config: r.withBuiltInPolicySetNonComplianceMessageUpdated(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("non_compliance_message.#").HasValue("2"), + check.That(data.ResourceName).Key("non_compliance_message.0.message").HasValue("test"), + check.That(data.ResourceName).Key("non_compliance_message.1.message").HasValue("test2"), + check.That(data.ResourceName).Key("non_compliance_message.1.policy_definition_reference_id").HasValue("AINE_MinimumPasswordLength"), + ), + }, + data.ImportStep(), + { + Config: r.withBuiltInPolicySetNonComplianceMessage(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + check.That(data.ResourceName).Key("non_compliance_message.#").HasValue("1"), + check.That(data.ResourceName).Key("non_compliance_message.0.message").HasValue("test"), + ), + }, + data.ImportStep(), + }) +} + func TestAccSubscriptionPolicyAssignment_basicWithCustomPolicy(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_subscription_policy_assignment", "test") r := SubscriptionAssignmentTestResource{} @@ -217,6 +288,63 @@ resource "azurerm_subscription_policy_assignment" "test" { `, template, data.RandomInteger, data.Locations.Primary, data.Locations.Secondary) } +func (r SubscriptionAssignmentTestResource) withBuiltInPolicyNonComplianceMessage(data acceptance.TestData) string { + template := r.template() + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +%s + +data "azurerm_policy_definition" "test" { + display_name = "Allowed locations" +} + +resource "azurerm_subscription_policy_assignment" "test" { + name = "acctestpa-%[2]d" + subscription_id = data.azurerm_subscription.test.id + policy_definition_id = data.azurerm_policy_definition.test.id + + non_compliance_message { + message = "test" + } + + parameters = jsonencode({ + "listOfAllowedLocations" = { + "value" = ["%s"] + } + }) +} +`, template, data.RandomInteger, data.Locations.Primary) +} + +func (r SubscriptionAssignmentTestResource) withBuiltInPolicyNonComplianceMessageUpdated(data acceptance.TestData) string { + template := r.template() + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +%s + +data "azurerm_policy_definition" "test" { + display_name = "Allowed locations" +} + +resource "azurerm_subscription_policy_assignment" "test" { + name = "acctestpa-%[2]d" + subscription_id = data.azurerm_subscription.test.id + policy_definition_id = data.azurerm_policy_definition.test.id + parameters = jsonencode({ + "listOfAllowedLocations" = { + "value" = ["%[3]s", "%[4]s"] + } + }) +} +`, template, data.RandomInteger, data.Locations.Primary, data.Locations.Secondary) +} + func (r SubscriptionAssignmentTestResource) withBuiltInPolicySetBasic(data acceptance.TestData) string { template := r.template() return fmt.Sprintf(` @@ -273,6 +401,75 @@ resource "azurerm_subscription_policy_assignment" "test" { `, template, data.RandomInteger, data.Locations.Primary) } +func (r SubscriptionAssignmentTestResource) withBuiltInPolicySetNonComplianceMessage(data acceptance.TestData) string { + template := r.template() + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +%s + +data "azurerm_policy_set_definition" "test" { + display_name = "Audit machines with insecure password security settings" +} + +resource "azurerm_subscription_policy_assignment" "test" { + name = "acctestpa-%[2]d" + subscription_id = data.azurerm_subscription.test.id + policy_definition_id = data.azurerm_policy_set_definition.test.id + location = %[3]q + + non_compliance_message { + message = "test" + } + + identity { + type = "SystemAssigned" + } +} +`, template, data.RandomInteger, data.Locations.Primary) +} + +func (r SubscriptionAssignmentTestResource) withBuiltInPolicySetNonComplianceMessageUpdated(data acceptance.TestData) string { + template := r.template() + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +%s + +data "azurerm_policy_set_definition" "test" { + display_name = "Audit machines with insecure password security settings" +} + +resource "azurerm_subscription_policy_assignment" "test" { + name = "acctestpa-%[2]d" + subscription_id = data.azurerm_subscription.test.id + policy_definition_id = data.azurerm_policy_set_definition.test.id + location = %[3]q + + non_compliance_message { + message = "test" + } + + non_compliance_message { + message = "test2" + policy_definition_reference_id = "AINE_MinimumPasswordLength" + } + + identity { + type = "SystemAssigned" + } + + metadata = jsonencode({ + "category" : "Testing" + }) +} +`, template, data.RandomInteger, data.Locations.Primary) +} + func (r SubscriptionAssignmentTestResource) withCustomPolicyBasic(data acceptance.TestData) string { template := r.templateWithCustomPolicy(data) return fmt.Sprintf(`