New Resource: azurerm_policy_definition
#1010
Conversation
There was a problem hiding this comment.
hey @jaymitre
Thanks for this PR - I've taken a look through and left some comments in-line but this is mostly looking good; if we can fix up those issues this should be good to merge :)
Thanks!
|
|
||
| d.Set("id", resp.ID) | ||
| d.Set("name", resp.Name) | ||
| d.Set("policy_type", resp.PolicyType) |
There was a problem hiding this comment.
given the API response will always return these inside the Properties object, can we read these from there and add a nil check to handle bad Swagger/API responses (for older resources or future swagger changes) e.g.
if props := resp.DefinitionProperties; props != nil {
d.Set(“policy_type”, props.PolicyType)
# ...
}
| func testAzureRMPolicyDefinition(ri int) string { | ||
| return fmt.Sprintf(` | ||
| resource "azurerm_policy_definition" "test" { | ||
| name = "acctestRG-%d" |
There was a problem hiding this comment.
can we make this “acctestpol-%d”
vendor/vendor.json
Outdated
| "path": "github.com/Azure/azure-sdk-for-go/services/resources/mgmt/2016-12-01/policy", | ||
| "revision": "e67cd39e942c417ae5e9ae1165f778d9fe8996e0", | ||
| "revisionTime": "2018-03-16T20:43:19Z" | ||
| }, |
There was a problem hiding this comment.
can we pin this to the tag “v14.5.0” which will allow us to merge this PR once #1006 has been merged
| "github.com/hashicorp/terraform/helper/resource" | ||
| "github.com/hashicorp/terraform/terraform" | ||
| "net/http" | ||
| "testing" |
There was a problem hiding this comment.
minor can we order these based on internal then external using “goimports”
|
|
||
| func parsePolicyDefinitionNameFromId(id string) (string, error) { | ||
| idURL, err := url.ParseRequestURI(id) | ||
| if err != nil { |
There was a problem hiding this comment.
Given the ID should be in the format:
/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}
based on what I can see in the SDK - I think we should be able to use the built in functions here:
We can access this via:
id, err := parseAzureResourceID(d.Id())
if err != nil {
return nil
}
return id.Path["policyDefinitions"]
There was a problem hiding this comment.
When we use parseAzureResourceID we get an error that a resource group isn't in the id string.
There was a problem hiding this comment.
in which case can we return just the last segment of this? given we can guarantee there's only 6 segments in the URI (once it's split based on /) we should be able to make this:
components := strings.Split(path, "/")
if len(components) != 6 {
return nil, fmt.Errorf("Azure Policy Definition Id should have 6 segments, got %d: '%s'", len(components), path)
}
return components[5]
| "testing" | ||
| ) | ||
|
|
||
| func TestPolicyDefinitionCreate(t *testing.T) { |
There was a problem hiding this comment.
can we update the name to match the other tests? e.g. TestAccAzureRMPolicyDefinition_basic
| "github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils" | ||
| ) | ||
|
|
||
| func resourceArmPolicyDefinition() *schema.Resource { |
There was a problem hiding this comment.
can we add some documentation for this resource in the website folder?
azurerm/config.go
Outdated
| @@ -864,6 +869,12 @@ func (c *ArmClient) registerWebClients(endpoint, subscriptionId string, auth aut | |||
| c.appServicesClient = appsClient | |||
| } | |||
|
|
|||
| func (c *ArmClient) registerPolicyDefinitionsClients(endpoint, subscriptionId string, auth autorest.Authorizer) { | |||
There was a problem hiding this comment.
can we name this “registerPolicyClients” since this’ll register other types of clients (such as role assignments) in the future too
| } | ||
| } | ||
|
|
||
| func checkIfPolicyDestroyed(s *terraform.State) error { |
There was a problem hiding this comment.
Can we update the name of this to be consistent with the other resources? eg testCheckAzureRMPolicyDefinitionDestroy
|
Thank you for taking a look at the PR and for your helpful feedback. I made a commit to update the PR based on your feedback. |
website/azurerm.erb
Outdated
| @@ -594,6 +594,15 @@ | |||
| </ul> | |||
| </li> | |||
|
|
|||
| <li<%= sidebar_current("docs-azurerm-policy-definition") %>> | |||
| <a href="#">Policy Definition</a> | |||
There was a problem hiding this comment.
missed this earlier - can we make this Policy Resources?
| @@ -0,0 +1,89 @@ | |||
| --- | |||
| layout: "azurerm" | |||
| page_title: "Azure Resource Manager: azure_policy_definition" | |||
There was a problem hiding this comment.
can we update azure_policy_definition -> azurerm_policy_definition
|
Updated the naming. Thank you. |
tombuildsstuff
added
the
upstream/terraform
tombuildsstuff
changed the title
azurerm_policy_definition
|
Hey @tombuildsstuff, made a few changes with to address your remaining comments. |
There was a problem hiding this comment.
hey @jaymitre
Thanks for pushing those updates :)
I've left a couple of minor comments but this now otherwise LGTM; so that we can get this merged I'm going to push a couple of commits to fix those issues and pin this to v12.5 of the Azure SDK for Go (since we're currently blocked upgrading to v14/v15) - I hope you don't mind!
Thanks!
| new resource to be created. | ||
|
|
||
| * `policy_type` - (Required) The policy type. The value can be BuiltIn, Custom | ||
| or NotSpecified. Changing this forces a new resource to be created. |
There was a problem hiding this comment.
minor can we quote these values e.g. "BuiltIn, Custom and NotSpecified"
|
|
||
| * `mode` - (Required) The policy mode that allows you to specify which resource | ||
| types will be evaluated. The value can be All, Indexed or | ||
| NotSpecified. Changing this resource forces a new resource to be |
There was a problem hiding this comment.
(same here) can we quote these values e.g. All, Indexed or NotSpecified
|
|
||
| The following attributes are exported: | ||
|
|
||
| * `id` - The policy defenition id. |
There was a problem hiding this comment.
minor defenition -> definition
| Policy Definitions can be imported using the `policy name`, e.g. | ||
|
|
||
| ```shell | ||
| terraform import azurerm_policy_definition.testPolict /subscriptions/<SUBSCRIPTION_ID>/providers/Microsoft.Authorization/policyDefinitions/<POLICY_NAME> |
There was a problem hiding this comment.
minor could we update testPolict to be testPolicy? :)
- adding an import test - serializing the json responses for metadata, parameters and policy_rule ``` $ acctests azurerm TestAccAzureRMPolicyDefinition_ === RUN TestAccAzureRMPolicyDefinition_importBasic --- PASS: TestAccAzureRMPolicyDefinition_importBasic (29.37s) === RUN TestAccAzureRMPolicyDefinition_basic --- PASS: TestAccAzureRMPolicyDefinition_basic (23.87s) PASS ok github.com/terraform-providers/terraform-provider-azurerm/azurerm 53.277s ```
|
hey @jaymitre Thanks for pushing those updates - I've opened a PR on your fork (since I don't have permissions to push to your fork's master branch) which includes a couple of bug fixes I noticed when testing this PR - if we can merge that in then this PR should be good to merge :) Thanks! |
tombuildsstuff
added
waiting-response
and removed
upstream/terraform
Fixes for `azurerm_policy_definition`
|
@tombuildsstuff Thank you for taking the time to review the PR and make those fixes. Your changes have been merged. |
|
Tests pass: |
|
Hello, does it support for policy tier? Currently it seems that the default assignment tier is free. I would like to see if it can support standard tier |
|
Also does it support retrieving existing builtin policy definition? ie: "Allowed locations" def |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks! |
ghost
locked and limited conversation to collaborators
The goal of this change is to allow CRUD operations to be performed on azure policies using terraform.