Add documentation for policy definition resource

hashicorp · Mar 22, 2018 · dbcba5a · dbcba5a
1 parent c287731
commit dbcba5a
Show file tree

Hide file tree

Showing 8 changed files with 215 additions and 0 deletions.
diff --git a/examples/main.tf b/examples/main.tf
@@ -0,0 +1,40 @@
+# provider "azurerm" {
+#   subscription_id = "REPLACE-WITH-YOUR-SUBSCRIPTION-ID"
+#   client_id       = "REPLACE-WITH-YOUR-CLIENT-ID"
+#   client_secret   = "REPLACE-WITH-YOUR-CLIENT-SECRET"
+#   tenant_id       = "REPLACE-WITH-YOUR-TENANT-ID"
+# }
+
+resource "azurerm_policy_definition" "policy" {
+  name                = "${var.policy_definition_name}"
+  policy_type            = "${var.policy_type}"
+  mode                 = "${var.mode}"
+  display_name       = "${var.display_name}"
+  policy_rule =<<POLICY_RULE
+	{
+    "if": {
+      "not": {
+        "field": "location",
+        "in": "[parameters('allowedLocations')]"
+      }
+    },
+    "then": {
+      "effect": "audit"
+    }
+  }
+	POLICY_RULE
+
+  parameters =<<PARAMETERS
+	{
+    "allowedLocations": {
+      "type": "Array",
+      "metadata": {
+        "description": "The list of allowed locations for resources.",
+        "displayName": "Allowed locations",
+        "strongType": "location"
+      }
+    }
+  }
+  	PARAMETERS
+
+}
diff --git a/examples/outputs.tf b/examples/outputs.tf
@@ -0,0 +1,3 @@
+output "Policy Defintion" {
+  value = "${azurerm_policy_definition.policy.name}"
+}
diff --git a/examples/policy-definition/main.tf b/examples/policy-definition/main.tf
@@ -0,0 +1,33 @@
+resource "azurerm_policy_definition" "policy" {
+  name                = "${var.policy_definition_name}"
+  policy_type            = "${var.policy_type}"
+  mode                 = "${var.mode}"
+  display_name       = "${var.display_name}"
+  policy_rule =<<POLICY_RULE
+	{
+    "if": {
+      "not": {
+        "field": "location",
+        "in": "[parameters('allowedLocations')]"
+      }
+    },
+    "then": {
+      "effect": "audit"
+    }
+  }
+	POLICY_RULE
+
+  parameters =<<PARAMETERS
+	{
+    "allowedLocations": {
+      "type": "Array",
+      "metadata": {
+        "description": "The list of allowed locations for resources.",
+        "displayName": "Allowed locations",
+        "strongType": "location"
+      }
+    }
+  }
+  	PARAMETERS
+
+}
diff --git a/examples/policy-definition/outputs.tf b/examples/policy-definition/outputs.tf
@@ -0,0 +1,3 @@
+output "Policy Defintion" {
+  value = "${azurerm_policy_definition.policy.name}"
+}
diff --git a/examples/policy-definition/variables.tf b/examples/policy-definition/variables.tf
@@ -0,0 +1,19 @@
+variable "policy_definition_name" {
+  description = "Policy definition name must only contain lowercase letters, digits or dashes, cannot use dash as the first two or last one characters, cannot contain consecutive dashes, and is limited between 2 and 60 characters in length."
+  default     = "demoPolicy"
+}
+
+variable "policy_type" {
+  description = "Valid values are 'BuiltIn', 'Custom' and 'NotSpecified'."
+  default     = "Custom"
+}
+
+variable "mode" {
+  description = "Valid values are 'All', 'Indexed' and 'NotSpecified'."
+  default     = "All"
+}
+
+variable "display_name" {
+  description = "Policy display name must only contain lowercase letters, digits or dashes, cannot use dash as the first two or last one characters, cannot contain consecutive dashes, and is limited between 2 and 60 characters in length."
+  default     = "demoPolicy"
+}
diff --git a/examples/variables.tf b/examples/variables.tf
@@ -0,0 +1,19 @@
+variable "policy_definition_name" {
+  description = "Policy definition name must only contain lowercase letters, digits or dashes, cannot use dash as the first two or last one characters, cannot contain consecutive dashes, and is limited between 2 and 60 characters in length."
+  default     = "liams-test5"
+}
+
+variable "policy_type" {
+  description = "Valid values are 'BuiltIn', 'Custom' and 'NotSpecified'."
+  default     = "Custom"
+}
+
+variable "mode" {
+  description = "Valid values are 'All', 'Indexed' and 'NotSpecified'."
+  default     = "All"
+}
+
+variable "display_name" {
+  description = "Policy display name must only contain lowercase letters, digits or dashes, cannot use dash as the first two or last one characters, cannot contain consecutive dashes, and is limited between 2 and 60 characters in length."
+  default     = "liams-test5"
+}
diff --git a/website/azurerm.erb b/website/azurerm.erb
@@ -594,6 +594,15 @@
               </ul>
             </li>
 
+            <li<%= sidebar_current("docs-azurerm-policy-definition") %>>
+              <a href="#">Policy Definition</a>
+              <ul class="nav nav-visible">
+                <li<%= sidebar_current("docs-azurerm-resource-policy-definition") %>>
+                  <a href="/docs/providers/azurerm/r/policy_definition.html">azurerm_policy_definition</a>
+                </li>
+              </ul>
+            </li>
+
             <li<%= sidebar_current("docs-azurerm-oms") %>>
               <a href="#">OMS Resources</a>
               <ul class="nav nav-visible">

diff --git a/website/docs/r/policy_definition.html.markdown b/website/docs/r/policy_definition.html.markdown
@@ -0,0 +1,89 @@
+---
+layout: "azurerm"
+page_title: "Azure Resource Manager: azure_policy_definition"
+sidebar_current: "docs-azurerm-resource-policy-definition"
+description: |-
+  Creates a policy for all of the resource groups under the subscription.
+---
+
+# azurerm_policy_definition
+
+Creates a policy for all of the resource groups under the subscription.
+
+## Example Usage
+
+```hcl
+resource "azurerm_policy_definition" "policy" {
+  name                = "accTestPolicy"
+  policy_type            = "BuiltIn"
+  mode                 = "Indexed"
+  display_name       = "acceptance test policy definition"
+  policy_rule =<<POLICY_RULE
+	{
+    "if": {
+      "not": {
+        "field": "location",
+        "in": "[parameters('allowedLocations')]"
+      }
+    },
+    "then": {
+      "effect": "audit"
+    }
+  }
+	POLICY_RULE
+
+  parameters =<<PARAMETERS
+	{
+    "allowedLocations": {
+      "type": "Array",
+      "metadata": {
+        "description": "The list of allowed locations for resources.",
+        "displayName": "Allowed locations",
+        "strongType": "location"
+      }
+    }
+  }
+  	PARAMETERS
+
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Required) The name of the policy definition. Changing this forces a
+    new resource to be created.
+
+* `policy_type` - (Required) The policy type.  The value can be BuiltIn, Custom 
+    or NotSpecified. Changing this forces a new resource to be created.
+
+* `mode` - (Required) The policy mode that allows you to specify which resource
+    types will be evaluated.  The value can be All, Indexed or
+    NotSpecified. Changing this resource forces a new resource to be
+    created.
+
+* `display_name` - (Required) The display name of the policy definition.
+
+* `description` - (Optional) The description of the policy definition.
+
+* `policy_rule` - (Optional) The policy rule for the policy definition. This
+    is a json object representing the rule that contains an if and 
+    a then block.
+
+* `parameters` - (Optional) Parameters for the policy definition. This field
+    is a json object that allows you to parameterize your policy definition.
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `id` - The policy defenition id.
+
+## Import
+
+Policy Definitions can be imported using the `policy name`, e.g.
+
+```shell
+terraform import azurerm_policy_definition.testPolict  /subscriptions/<SUBSCRIPTION_ID>/providers/Microsoft.Authorization/policyDefinitions/<POLICY_NAME>
+```