-
Notifications
You must be signed in to change notification settings - Fork 4.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New Resource: azurerm_policy_definition
#1010
Merged
Merged
Changes from all commits
Commits
Show all changes
10 commits
Select commit
Hold shift + click to select a range
c287731
New resource to manage azure policies
jaymitre 591d6ee
Add documentation for policy definition resource
jaymitre 632dfbb
Clean code based on PR feedback
jaymitre 1c9c58b
Update policy definition resource documentation
jaymitre ece0f49
Refactor policy definition resource
jaymitre 163edd5
Update policy definition resource documentation
jaymitre 3046109
Downgrading to v12.5.0-beta of the Azure SDK for Go
tombuildsstuff ee01577
fixes to `azurerm_policy_definition`
tombuildsstuff 74156c0
Adding the missing `metadata` field to the documentation
tombuildsstuff 06a5842
Merge pull request #1 from terraform-providers/policy-definition
jaymitre File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
package azurerm | ||
|
||
import ( | ||
"testing" | ||
|
||
"github.com/hashicorp/terraform/helper/acctest" | ||
"github.com/hashicorp/terraform/helper/resource" | ||
) | ||
|
||
func TestAccAzureRMPolicyDefinition_importBasic(t *testing.T) { | ||
rInt := acctest.RandInt() | ||
resourceName := "azurerm_policy_definition.test" | ||
|
||
resource.Test(t, resource.TestCase{ | ||
PreCheck: func() { testAccPreCheck(t) }, | ||
Providers: testAccProviders, | ||
CheckDestroy: testCheckAzureRMPolicyDefinitionDestroy, | ||
Steps: []resource.TestStep{ | ||
{ | ||
Config: testAzureRMPolicyDefinition_basic(rInt), | ||
}, | ||
{ | ||
ResourceName: resourceName, | ||
ImportState: true, | ||
ImportStateVerify: true, | ||
}, | ||
}, | ||
}) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,241 @@ | ||
package azurerm | ||
|
||
import ( | ||
"fmt" | ||
"log" | ||
"strings" | ||
|
||
"github.com/Azure/azure-sdk-for-go/services/resources/mgmt/2016-12-01/policy" | ||
"github.com/hashicorp/terraform/helper/schema" | ||
"github.com/hashicorp/terraform/helper/structure" | ||
"github.com/hashicorp/terraform/helper/validation" | ||
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils" | ||
) | ||
|
||
func resourceArmPolicyDefinition() *schema.Resource { | ||
return &schema.Resource{ | ||
Create: resourceArmPolicyDefinitionCreateUpdate, | ||
Update: resourceArmPolicyDefinitionCreateUpdate, | ||
Read: resourceArmPolicyDefinitionRead, | ||
Delete: resourceArmPolicyDefinitionDelete, | ||
Importer: &schema.ResourceImporter{ | ||
State: schema.ImportStatePassthrough, | ||
}, | ||
|
||
Schema: map[string]*schema.Schema{ | ||
"name": { | ||
Type: schema.TypeString, | ||
Required: true, | ||
ForceNew: true, | ||
}, | ||
|
||
"policy_type": { | ||
Type: schema.TypeString, | ||
Required: true, | ||
ForceNew: true, | ||
ValidateFunc: validation.StringInSlice([]string{ | ||
string(policy.TypeBuiltIn), | ||
string(policy.TypeCustom), | ||
string(policy.TypeNotSpecified), | ||
}, true)}, | ||
|
||
"mode": { | ||
Type: schema.TypeString, | ||
Required: true, | ||
ForceNew: true, | ||
ValidateFunc: validation.StringInSlice([]string{ | ||
string(policy.All), | ||
string(policy.Indexed), | ||
string(policy.NotSpecified), | ||
}, true), | ||
}, | ||
|
||
"display_name": { | ||
Type: schema.TypeString, | ||
Required: true, | ||
}, | ||
|
||
"description": { | ||
Type: schema.TypeString, | ||
Optional: true, | ||
}, | ||
|
||
"policy_rule": { | ||
Type: schema.TypeString, | ||
Optional: true, | ||
ValidateFunc: validation.ValidateJsonString, | ||
DiffSuppressFunc: structure.SuppressJsonDiff, | ||
}, | ||
|
||
"metadata": { | ||
Type: schema.TypeString, | ||
Optional: true, | ||
ValidateFunc: validation.ValidateJsonString, | ||
DiffSuppressFunc: structure.SuppressJsonDiff, | ||
}, | ||
|
||
"parameters": { | ||
Type: schema.TypeString, | ||
Optional: true, | ||
ValidateFunc: validation.ValidateJsonString, | ||
DiffSuppressFunc: structure.SuppressJsonDiff, | ||
}, | ||
}, | ||
} | ||
} | ||
|
||
func resourceArmPolicyDefinitionCreateUpdate(d *schema.ResourceData, meta interface{}) error { | ||
client := meta.(*ArmClient).policyDefinitionsClient | ||
ctx := meta.(*ArmClient).StopContext | ||
|
||
name := d.Get("name").(string) | ||
policyType := d.Get("policy_type").(string) | ||
mode := d.Get("mode").(string) | ||
displayName := d.Get("display_name").(string) | ||
description := d.Get("description").(string) | ||
|
||
properties := policy.DefinitionProperties{ | ||
PolicyType: policy.Type(policyType), | ||
Mode: policy.Mode(mode), | ||
DisplayName: utils.String(displayName), | ||
Description: utils.String(description), | ||
} | ||
|
||
if policyRuleString := d.Get("policy_rule").(string); policyRuleString != "" { | ||
policyRule, err := structure.ExpandJsonFromString(policyRuleString) | ||
if err != nil { | ||
return fmt.Errorf("unable to parse policy_rule: %s", err) | ||
} | ||
properties.PolicyRule = &policyRule | ||
} | ||
|
||
if metaDataString := d.Get("metadata").(string); metaDataString != "" { | ||
metaData, err := structure.ExpandJsonFromString(metaDataString) | ||
if err != nil { | ||
return fmt.Errorf("unable to parse metadata: %s", err) | ||
} | ||
properties.Metadata = &metaData | ||
} | ||
|
||
if parametersString := d.Get("parameters").(string); parametersString != "" { | ||
parameters, err := structure.ExpandJsonFromString(parametersString) | ||
if err != nil { | ||
return fmt.Errorf("unable to parse parameters: %s", err) | ||
} | ||
properties.Parameters = ¶meters | ||
} | ||
|
||
definition := policy.Definition{ | ||
Name: utils.String(name), | ||
DefinitionProperties: &properties, | ||
} | ||
|
||
_, err := client.CreateOrUpdate(ctx, name, definition) | ||
if err != nil { | ||
return err | ||
} | ||
|
||
resp, err := client.Get(ctx, name) | ||
if err != nil { | ||
return err | ||
} | ||
|
||
d.SetId(*resp.ID) | ||
|
||
return resourceArmPolicyDefinitionRead(d, meta) | ||
} | ||
|
||
func resourceArmPolicyDefinitionRead(d *schema.ResourceData, meta interface{}) error { | ||
client := meta.(*ArmClient).policyDefinitionsClient | ||
ctx := meta.(*ArmClient).StopContext | ||
|
||
name, err := parsePolicyDefinitionNameFromId(d.Id()) | ||
if err != nil { | ||
return err | ||
} | ||
|
||
resp, err := client.Get(ctx, name) | ||
if err != nil { | ||
if utils.ResponseWasNotFound(resp.Response) { | ||
log.Printf("[INFO] Error reading Policy Definition %q - removing from state", d.Id()) | ||
d.SetId("") | ||
return nil | ||
} | ||
|
||
return fmt.Errorf("Error reading Policy Definition %+v", err) | ||
} | ||
|
||
d.Set("name", resp.Name) | ||
|
||
if props := resp.DefinitionProperties; props != nil { | ||
d.Set("policy_type", props.PolicyType) | ||
d.Set("mode", props.Mode) | ||
d.Set("display_name", props.DisplayName) | ||
d.Set("description", props.Description) | ||
|
||
if policyRule := props.PolicyRule; policyRule != nil { | ||
policyRuleStr, err := structure.FlattenJsonToString(*policyRule) | ||
if err != nil { | ||
return fmt.Errorf("unable to flatten JSON for `policy_rule`: %s", err) | ||
} | ||
|
||
d.Set("policy_rule", policyRuleStr) | ||
} | ||
|
||
if metadata := props.Metadata; metadata != nil { | ||
metadataStr, err := structure.FlattenJsonToString(*metadata) | ||
if err != nil { | ||
return fmt.Errorf("unable to flatten JSON for `metadata`: %s", err) | ||
} | ||
|
||
d.Set("metadata", metadataStr) | ||
} | ||
|
||
if parameters := props.Parameters; parameters != nil { | ||
parametersStr, err := structure.FlattenJsonToString(*props.Parameters) | ||
if err != nil { | ||
return fmt.Errorf("unable to flatten JSON for `parameters`: %s", err) | ||
} | ||
|
||
d.Set("parameters", parametersStr) | ||
} | ||
} | ||
|
||
return nil | ||
} | ||
|
||
func resourceArmPolicyDefinitionDelete(d *schema.ResourceData, meta interface{}) error { | ||
client := meta.(*ArmClient).policyDefinitionsClient | ||
ctx := meta.(*ArmClient).StopContext | ||
|
||
name, err := parsePolicyDefinitionNameFromId(d.Id()) | ||
if err != nil { | ||
return err | ||
} | ||
|
||
resp, err := client.Delete(ctx, name) | ||
|
||
if err != nil { | ||
if utils.ResponseWasNotFound(resp) { | ||
return nil | ||
} | ||
|
||
return fmt.Errorf("Error deleting Policy Definition %q: %+v", name, err) | ||
} | ||
|
||
return nil | ||
} | ||
|
||
func parsePolicyDefinitionNameFromId(id string) (string, error) { | ||
components := strings.Split(id, "/") | ||
|
||
if len(components) == 0 { | ||
return "", fmt.Errorf("Azure Policy Definition Id is empty or not formatted correctly: %s", id) | ||
} | ||
|
||
if len(components) != 7 { | ||
return "", fmt.Errorf("Azure Policy Definition Id should have 6 segments, got %d: '%s'", len(components)-1, id) | ||
} | ||
|
||
return components[6], nil | ||
} |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can we add some documentation for this resource in the website folder?