diff --git a/azurerm/internal/services/policy/policy.go b/azurerm/internal/services/policy/policy.go index 7d1fcc33cd1c..40fcc0ced200 100644 --- a/azurerm/internal/services/policy/policy.go +++ b/azurerm/internal/services/policy/policy.go @@ -19,7 +19,7 @@ func getPolicyDefinitionByDisplayName(ctx context.Context, client *policy.Defini policyDefinitions, err = client.ListComplete(ctx) } if err != nil { - return policy.Definition{}, fmt.Errorf("failed to load Policy Definition List: %+v", err) + return policy.Definition{}, fmt.Errorf("loading Policy Definition List: %+v", err) } var results []policy.Definition @@ -30,18 +30,18 @@ func getPolicyDefinitionByDisplayName(ctx context.Context, client *policy.Defini } if err := policyDefinitions.NextWithContext(ctx); err != nil { - return policy.Definition{}, fmt.Errorf("failed to load Policy Definition List: %s", err) + return policy.Definition{}, fmt.Errorf("loading Policy Definition List: %s", err) } } // we found none if len(results) == 0 { - return policy.Definition{}, fmt.Errorf("failed to load Policy Definition List: could not find policy '%s'", displayName) + return policy.Definition{}, fmt.Errorf("loading Policy Definition List: could not find policy '%s'", displayName) } // we found more than one if len(results) > 1 { - return policy.Definition{}, fmt.Errorf("failed to load Policy Definition List: found more than one policy '%s'", displayName) + return policy.Definition{}, fmt.Errorf("loading Policy Definition List: found more than one policy '%s'", displayName) } return results[0], nil @@ -77,7 +77,7 @@ func getPolicySetDefinitionByDisplayName(ctx context.Context, client *policy.Set setDefinitions, err = client.ListComplete(ctx) } if err != nil { - return policy.SetDefinition{}, fmt.Errorf("failed to load Policy Set Definition List: %+v", err) + return policy.SetDefinition{}, fmt.Errorf("loading Policy Set Definition List: %+v", err) } var results []policy.SetDefinition @@ -88,18 +88,18 @@ func getPolicySetDefinitionByDisplayName(ctx context.Context, client *policy.Set } if err := setDefinitions.NextWithContext(ctx); err != nil { - return policy.SetDefinition{}, fmt.Errorf("failed to load Policy Set Definition List: %s", err) + return policy.SetDefinition{}, fmt.Errorf("loading Policy Set Definition List: %s", err) } } // throw error when we found none if len(results) == 0 { - return policy.SetDefinition{}, fmt.Errorf("failed to load Policy Set Definition List: could not find policy '%s'", displayName) + return policy.SetDefinition{}, fmt.Errorf("loading Policy Set Definition List: could not find policy '%s'", displayName) } // throw error when we found more than one if len(results) > 1 { - return policy.SetDefinition{}, fmt.Errorf("failed to load Policy Set Definition List: found more than one policy set definition '%s'", displayName) + return policy.SetDefinition{}, fmt.Errorf("loading Policy Set Definition List: found more than one policy set definition '%s'", displayName) } return results[0], nil diff --git a/azurerm/internal/services/policy/policy_assignment_resource.go b/azurerm/internal/services/policy/policy_assignment_resource.go index cecf045e59ed..552be3cea70a 100644 --- a/azurerm/internal/services/policy/policy_assignment_resource.go +++ b/azurerm/internal/services/policy/policy_assignment_resource.go @@ -15,7 +15,6 @@ import ( "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/tf" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/clients" - "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/features" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/policy/parse" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/policy/validate" azSchema "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/tf/schema" @@ -135,15 +134,12 @@ func resourceArmPolicyAssignmentCreateUpdate(d *schema.ResourceData, meta interf name := d.Get("name").(string) scope := d.Get("scope").(string) - enforcementMode := convertEnforcementMode(d.Get("enforcement_mode").(bool)) - policyDefinitionId := d.Get("policy_definition_id").(string) - displayName := d.Get("display_name").(string) - if features.ShouldResourcesBeImported() && d.IsNewResource() { + if d.IsNewResource() { existing, err := client.Get(ctx, scope, name) if err != nil { if !utils.ResponseWasNotFound(existing.Response) { - return fmt.Errorf("Error checking for presence of existing Policy Assignment %q: %s", name, err) + return fmt.Errorf("checking for presence of existing Policy Assignment %q: %s", name, err) } } @@ -154,10 +150,10 @@ func resourceArmPolicyAssignmentCreateUpdate(d *schema.ResourceData, meta interf assignment := policy.Assignment{ AssignmentProperties: &policy.AssignmentProperties{ - PolicyDefinitionID: utils.String(policyDefinitionId), - DisplayName: utils.String(displayName), + PolicyDefinitionID: utils.String(d.Get("policy_definition_id").(string)), + DisplayName: utils.String(d.Get("display_name").(string)), Scope: utils.String(scope), - EnforcementMode: enforcementMode, + EnforcementMode: convertEnforcementMode(d.Get("enforcement_mode").(bool)), }, } @@ -165,12 +161,11 @@ func resourceArmPolicyAssignmentCreateUpdate(d *schema.ResourceData, meta interf assignment.AssignmentProperties.Description = utils.String(v) } - if _, ok := d.GetOk("identity"); ok { - if v := d.Get("location").(string); v == "" { + if v, ok := d.GetOk("identity"); ok { + if location := d.Get("location").(string); location == "" { return fmt.Errorf("`location` must be set when `identity` is assigned") } - policyIdentity := expandAzureRmPolicyIdentity(d) - assignment.Identity = policyIdentity + assignment.Identity = expandAzureRmPolicyIdentity(v.([]interface{})) } if v := d.Get("location").(string); v != "" { @@ -180,19 +175,18 @@ func resourceArmPolicyAssignmentCreateUpdate(d *schema.ResourceData, meta interf if v := d.Get("parameters").(string); v != "" { expandedParams, err := expandParameterValuesValueFromString(v) if err != nil { - return fmt.Errorf("Error expanding JSON from Parameters %q: %+v", v, err) + return fmt.Errorf("expanding JSON for `parameters` %q: %+v", v, err) } assignment.AssignmentProperties.Parameters = expandedParams } - if _, ok := d.GetOk("not_scopes"); ok { - notScopes := expandAzureRmPolicyNotScopes(d) - assignment.AssignmentProperties.NotScopes = notScopes + if v, ok := d.GetOk("not_scopes"); ok { + assignment.AssignmentProperties.NotScopes = expandAzureRmPolicyNotScopes(v.([]interface{})) } if _, err := client.Create(ctx, scope, name, assignment); err != nil { - return err + return fmt.Errorf("creating/updating Policy Assignment %q (Scope %q): %+v", name, scope, err) } // Policy Assignments are eventually consistent; wait for them to stabilize @@ -212,14 +206,17 @@ func resourceArmPolicyAssignmentCreateUpdate(d *schema.ResourceData, meta interf } if _, err := stateConf.WaitForState(); err != nil { - return fmt.Errorf("Error waiting for Policy Assignment %q to become available: %s", name, err) + return fmt.Errorf("waiting for Policy Assignment %q to become available: %s", name, err) } resp, err := client.Get(ctx, scope, name) if err != nil { - return err + return fmt.Errorf("retrieving Policy Assignment %q (Scope %q): %+v", name, scope, err) } + if resp.ID == nil || *resp.ID == "" { + return fmt.Errorf("empty or nil ID returned for Policy Assignment %q (Scope %q)", name, scope) + } d.SetId(*resp.ID) return resourceArmPolicyAssignmentRead(d, meta) @@ -240,13 +237,13 @@ func resourceArmPolicyAssignmentRead(d *schema.ResourceData, meta interface{}) e return nil } - return fmt.Errorf("Error reading Policy Assignment %q: %+v", id, err) + return fmt.Errorf("reading Policy Assignment %q: %+v", id, err) } d.Set("name", resp.Name) if err := d.Set("identity", flattenAzureRmPolicyIdentity(resp.Identity)); err != nil { - return fmt.Errorf("Error setting `identity`: %+v", err) + return fmt.Errorf("setting `identity`: %+v", err) } if location := resp.Location; location != nil { @@ -263,7 +260,7 @@ func resourceArmPolicyAssignmentRead(d *schema.ResourceData, meta interface{}) e if params := props.Parameters; params != nil { json, err := flattenParameterValuesValueToString(params) if err != nil { - return fmt.Errorf("Error serializing JSON from Parameters: %+v", err) + return fmt.Errorf("serializing JSON from `parameters`: %+v", err) } d.Set("parameters", json) @@ -288,7 +285,7 @@ func resourceArmPolicyAssignmentDelete(d *schema.ResourceData, meta interface{}) return nil } - return fmt.Errorf("Error deleting Policy Assignment %q: %+v", id, err) + return fmt.Errorf("deleting Policy Assignment %q: %+v", id, err) } return nil @@ -298,25 +295,22 @@ func policyAssignmentRefreshFunc(ctx context.Context, client *policy.Assignments return func() (interface{}, string, error) { res, err := client.Get(ctx, scope, name) if err != nil { - return nil, strconv.Itoa(res.StatusCode), fmt.Errorf("Error issuing read request in policyAssignmentRefreshFunc for Policy Assignment %q (Scope: %q): %s", name, scope, err) + return nil, strconv.Itoa(res.StatusCode), fmt.Errorf("issuing read request in policyAssignmentRefreshFunc for Policy Assignment %q (Scope: %q): %s", name, scope, err) } return res, strconv.Itoa(res.StatusCode), nil } } -func expandAzureRmPolicyIdentity(d *schema.ResourceData) *policy.Identity { - v := d.Get("identity") - identities := v.([]interface{}) - identity := identities[0].(map[string]interface{}) - - identityType := policy.ResourceIdentityType(identity["type"].(string)) - - policyIdentity := policy.Identity{ - Type: identityType, +func expandAzureRmPolicyIdentity(input []interface{}) *policy.Identity { + if len(input) == 0 { + return nil } + identity := input[0].(map[string]interface{}) - return &policyIdentity + return &policy.Identity{ + Type: policy.ResourceIdentityType(identity["type"].(string)), + } } func flattenAzureRmPolicyIdentity(identity *policy.Identity) []interface{} { @@ -337,11 +331,10 @@ func flattenAzureRmPolicyIdentity(identity *policy.Identity) []interface{} { return []interface{}{result} } -func expandAzureRmPolicyNotScopes(d *schema.ResourceData) *[]string { - notScopes := d.Get("not_scopes").([]interface{}) +func expandAzureRmPolicyNotScopes(input []interface{}) *[]string { notScopesRes := make([]string, 0) - for _, notScope := range notScopes { + for _, notScope := range input { notScopesRes = append(notScopesRes, notScope.(string)) } diff --git a/azurerm/internal/services/policy/policy_definition_data_source.go b/azurerm/internal/services/policy/policy_definition_data_source.go index 892b3dc9d5e0..92df4351cee7 100644 --- a/azurerm/internal/services/policy/policy_definition_data_source.go +++ b/azurerm/internal/services/policy/policy_definition_data_source.go @@ -103,13 +103,13 @@ func dataSourceArmPolicyDefinitionRead(d *schema.ResourceData, meta interface{}) if displayName != "" { policyDefinition, err = getPolicyDefinitionByDisplayName(ctx, client, displayName, managementGroupName) if err != nil { - return fmt.Errorf("failed to read Policy Definition (Display Name %q): %+v", displayName, err) + return fmt.Errorf("reading Policy Definition (Display Name %q): %+v", displayName, err) } } if name != "" { policyDefinition, err = getPolicyDefinitionByName(ctx, client, name, managementGroupName) if err != nil { - return fmt.Errorf("failed to read Policy Definition %q: %+v", name, err) + return fmt.Errorf("reading Policy Definition %q: %+v", name, err) } } @@ -124,7 +124,7 @@ func dataSourceArmPolicyDefinitionRead(d *schema.ResourceData, meta interface{}) if policyRuleStr := flattenJSON(policyRule); policyRuleStr != "" { d.Set("policy_rule", policyRuleStr) } else { - return fmt.Errorf("failed to flatten Policy Definition Rule %q: %+v", name, err) + return fmt.Errorf("flattening Policy Definition Rule %q: %+v", name, err) } if metadataStr := flattenJSON(policyDefinition.Metadata); metadataStr != "" { diff --git a/azurerm/internal/services/policy/policy_definition_resource.go b/azurerm/internal/services/policy/policy_definition_resource.go index c92d963e1b66..234cea584402 100644 --- a/azurerm/internal/services/policy/policy_definition_resource.go +++ b/azurerm/internal/services/policy/policy_definition_resource.go @@ -163,7 +163,7 @@ func resourceArmPolicyDefinitionCreateUpdate(d *schema.ResourceData, meta interf existing, err := getPolicyDefinitionByName(ctx, client, name, managementGroupName) if err != nil { if !utils.ResponseWasNotFound(existing.Response) { - return fmt.Errorf("Error checking for presence of existing Policy Definition %q: %s", name, err) + return fmt.Errorf("checking for presence of existing Policy Definition %q: %+v", name, err) } } @@ -182,7 +182,7 @@ func resourceArmPolicyDefinitionCreateUpdate(d *schema.ResourceData, meta interf if policyRuleString := d.Get("policy_rule").(string); policyRuleString != "" { policyRule, err := structure.ExpandJsonFromString(policyRuleString) if err != nil { - return fmt.Errorf("unable to parse policy_rule: %s", err) + return fmt.Errorf("expanding JSON for `policy_rule`: %+v", err) } properties.PolicyRule = &policyRule } @@ -190,7 +190,7 @@ func resourceArmPolicyDefinitionCreateUpdate(d *schema.ResourceData, meta interf if metaDataString := d.Get("metadata").(string); metaDataString != "" { metaData, err := structure.ExpandJsonFromString(metaDataString) if err != nil { - return fmt.Errorf("unable to parse metadata: %s", err) + return fmt.Errorf("expanding JSON for `metadata`: %+v", err) } properties.Metadata = &metaData } @@ -198,7 +198,7 @@ func resourceArmPolicyDefinitionCreateUpdate(d *schema.ResourceData, meta interf if parametersString := d.Get("parameters").(string); parametersString != "" { parameters, err := expandParameterDefinitionsValueFromString(parametersString) if err != nil { - return fmt.Errorf("unable to parse parameters: %s", err) + return fmt.Errorf("expanding JSON for `parameters`: %+v", err) } properties.Parameters = parameters } @@ -217,7 +217,7 @@ func resourceArmPolicyDefinitionCreateUpdate(d *schema.ResourceData, meta interf } if err != nil { - return err + return fmt.Errorf("creating/updating Policy Definition %q: %+v", name, err) } // Policy Definitions are eventually consistent; wait for them to stabilize @@ -237,7 +237,7 @@ func resourceArmPolicyDefinitionCreateUpdate(d *schema.ResourceData, meta interf } if _, err = stateConf.WaitForState(); err != nil { - return fmt.Errorf("Error waiting for Policy Definition %q to become available: %s", name, err) + return fmt.Errorf("waiting for Policy Definition %q to become available: %+v", name, err) } resp, err := getPolicyDefinitionByName(ctx, client, name, managementGroupName) @@ -245,6 +245,9 @@ func resourceArmPolicyDefinitionCreateUpdate(d *schema.ResourceData, meta interf return err } + if resp.ID == nil || *resp.ID == "" { + return fmt.Errorf("empty or nil ID returned for Policy Assignment %q", name) + } d.SetId(*resp.ID) return resourceArmPolicyDefinitionRead(d, meta) @@ -275,7 +278,7 @@ func resourceArmPolicyDefinitionRead(d *schema.ResourceData, meta interface{}) e return nil } - return fmt.Errorf("Error reading Policy Definition %+v", err) + return fmt.Errorf("reading Policy Definition %+v", err) } d.Set("name", resp.Name) @@ -299,7 +302,7 @@ func resourceArmPolicyDefinitionRead(d *schema.ResourceData, meta interface{}) e if parametersStr, err := flattenParameterDefintionsValueToString(props.Parameters); err == nil { d.Set("parameters", parametersStr) } else { - return fmt.Errorf("Error flattening policy definition parameters %+v", err) + return fmt.Errorf("flattening policy definition parameters %+v", err) } } @@ -334,7 +337,7 @@ func resourceArmPolicyDefinitionDelete(d *schema.ResourceData, meta interface{}) return nil } - return fmt.Errorf("Error deleting Policy Definition %q: %+v", id.Name, err) + return fmt.Errorf("deleting Policy Definition %q: %+v", id.Name, err) } return nil @@ -345,7 +348,7 @@ func policyDefinitionRefreshFunc(ctx context.Context, client *policy.Definitions res, err := getPolicyDefinitionByName(ctx, client, name, managementGroupID) if err != nil { - return nil, strconv.Itoa(res.StatusCode), fmt.Errorf("Error issuing read request in policyAssignmentRefreshFunc for Policy Assignment %q: %s", name, err) + return nil, strconv.Itoa(res.StatusCode), fmt.Errorf("issuing read request in policyAssignmentRefreshFunc for Policy Assignment %q: %+v", name, err) } return res, strconv.Itoa(res.StatusCode), nil diff --git a/azurerm/internal/services/policy/policy_remediation_resource.go b/azurerm/internal/services/policy/policy_remediation_resource.go index bdff2017145b..341c09893d45 100644 --- a/azurerm/internal/services/policy/policy_remediation_resource.go +++ b/azurerm/internal/services/policy/policy_remediation_resource.go @@ -11,7 +11,6 @@ import ( "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/suppress" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/tf" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/clients" - "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/features" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/policy/parse" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/policy/validate" azSchema "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/tf/schema" @@ -90,14 +89,14 @@ func resourceArmPolicyRemediationCreateUpdate(d *schema.ResourceData, meta inter name := d.Get("name").(string) scope, err := parse.PolicyScopeID(d.Get("scope").(string)) if err != nil { - return fmt.Errorf("unable to create Policy Remediation %q: %+v", name, err) + return fmt.Errorf("creating/updating Policy Remediation %q: %+v", name, err) } - if features.ShouldResourcesBeImported() && d.IsNewResource() { + if d.IsNewResource() { existing, err := RemediationGetAtScope(ctx, client, name, scope) if err != nil { if !utils.ResponseWasNotFound(existing.Response) { - return fmt.Errorf("unable to check for present of existing Policy Remediation %q (Scope %q): %+v", name, scope.ScopeId(), err) + return fmt.Errorf("checking for present of existing Policy Remediation %q (Scope %q): %+v", name, scope.ScopeId(), err) } } if existing.ID != nil && *existing.ID != "" { @@ -105,17 +104,13 @@ func resourceArmPolicyRemediationCreateUpdate(d *schema.ResourceData, meta inter } } - filters := d.Get("location_filters").([]interface{}) - policyAssignmentID := d.Get("policy_assignment_id").(string) - policyDefinitionReferenceID := d.Get("policy_definition_reference_id").(string) - parameters := policyinsights.Remediation{ RemediationProperties: &policyinsights.RemediationProperties{ Filters: &policyinsights.RemediationFilters{ - Locations: utils.ExpandStringSlice(filters), + Locations: utils.ExpandStringSlice(d.Get("location_filters").([]interface{})), }, - PolicyAssignmentID: utils.String(policyAssignmentID), - PolicyDefinitionReferenceID: utils.String(policyDefinitionReferenceID), + PolicyAssignmentID: utils.String(d.Get("policy_assignment_id").(string)), + PolicyDefinitionReferenceID: utils.String(d.Get("policy_definition_reference_id").(string)), }, } @@ -129,18 +124,19 @@ func resourceArmPolicyRemediationCreateUpdate(d *schema.ResourceData, meta inter case parse.ScopeAtManagementGroup: _, err = client.CreateOrUpdateAtManagementGroup(ctx, scope.ManagementGroupName, name, parameters) default: - return fmt.Errorf("unable to create Policy Remediation %q: invalid scope type", name) + return fmt.Errorf("creating/updating Policy Remediation %q: invalid scope type", name) } if err != nil { - return fmt.Errorf("unable to create Policy Remediation %q (Scope %q): %+v", name, scope.ScopeId(), err) + return fmt.Errorf("creating/updating Policy Remediation %q (Scope %q): %+v", name, scope.ScopeId(), err) } resp, err := RemediationGetAtScope(ctx, client, name, scope) if err != nil { - return fmt.Errorf("unable to retrieve Policy Remediation %q (Scope %q): %+v", name, scope.ScopeId(), err) + return fmt.Errorf("retrieving Policy Remediation %q (Scope %q): %+v", name, scope.ScopeId(), err) } - if resp.ID == nil { - return fmt.Errorf("cannot read Policy Remediation %q (Scope %q) ID", name, scope.ScopeId()) + + if resp.ID == nil || *resp.ID == "" { + return fmt.Errorf("empty or nil ID returned for Policy Remediation %q (Scope %q)", name, scope.ScopeId()) } d.SetId(*resp.ID) @@ -154,7 +150,7 @@ func resourceArmPolicyRemediationRead(d *schema.ResourceData, meta interface{}) id, err := parse.PolicyRemediationID(d.Id()) if err != nil { - return fmt.Errorf("unable to read Policy Remediation: %+v", err) + return fmt.Errorf("reading Policy Remediation: %+v", err) } resp, err := RemediationGetAtScope(ctx, client, id.Name, id.PolicyScopeId) @@ -164,7 +160,7 @@ func resourceArmPolicyRemediationRead(d *schema.ResourceData, meta interface{}) d.SetId("") return nil } - return fmt.Errorf("unable to read Policy Remediation %q (Scope %q): %+v", id.Name, id.ScopeId(), err) + return fmt.Errorf("reading Policy Remediation %q (Scope %q): %+v", id.Name, id.ScopeId(), err) } d.Set("name", id.Name) @@ -176,7 +172,7 @@ func resourceArmPolicyRemediationRead(d *schema.ResourceData, meta interface{}) locations = utils.FlattenStringSlice(filters.Locations) } if err := d.Set("location_filters", locations); err != nil { - return fmt.Errorf("unable to set `location_filters`: %+v", err) + return fmt.Errorf("setting `location_filters`: %+v", err) } d.Set("policy_assignment_id", props.PolicyAssignmentID) @@ -206,10 +202,10 @@ func resourceArmPolicyRemediationDelete(d *schema.ResourceData, meta interface{} case parse.ScopeAtManagementGroup: _, err = client.DeleteAtManagementGroup(ctx, scope.ManagementGroupName, id.Name) default: - return fmt.Errorf("unable to delete Policy Remediation %q: invalid scope type", id.Name) + return fmt.Errorf("deleting Policy Remediation %q: invalid scope type", id.Name) } if err != nil { - return fmt.Errorf("unable to delete Policy Remediation %q (Scope %q): %+v", id.Name, id.ScopeId(), err) + return fmt.Errorf("deleting Policy Remediation %q (Scope %q): %+v", id.Name, id.ScopeId(), err) } return nil @@ -227,6 +223,6 @@ func RemediationGetAtScope(ctx context.Context, client *policyinsights.Remediati case parse.ScopeAtManagementGroup: return client.GetAtManagementGroup(ctx, scopeId.ManagementGroupName, name) default: - return policyinsights.Remediation{}, fmt.Errorf("unable to read Policy Remediation %q: invalid scope type", name) + return policyinsights.Remediation{}, fmt.Errorf("reading Policy Remediation %q: invalid scope type", name) } } diff --git a/azurerm/internal/services/policy/policy_set_definition_data_source.go b/azurerm/internal/services/policy/policy_set_definition_data_source.go index 888f1c23ba20..fef4cb8edc21 100644 --- a/azurerm/internal/services/policy/policy_set_definition_data_source.go +++ b/azurerm/internal/services/policy/policy_set_definition_data_source.go @@ -57,11 +57,34 @@ func dataSourceArmPolicySetDefinition() *schema.Resource { Computed: true, }, - "policy_definitions": { + "policy_definitions": { // TODO -- remove in the next major version Type: schema.TypeString, Computed: true, }, + "policy_definition_reference": { // TODO -- rename this back to `policy_definition` after the deprecation + Type: schema.TypeList, + Computed: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "policy_definition_id": { + Type: schema.TypeString, + Computed: true, + }, + + "parameters": { + Type: schema.TypeMap, + Computed: true, + }, + + "reference_id": { + Type: schema.TypeString, + Computed: true, + }, + }, + }, + }, + "policy_type": { Type: schema.TypeString, Computed: true, @@ -86,16 +109,19 @@ func dataSourceArmPolicySetDefinitionRead(d *schema.ResourceData, meta interface if displayName != "" { setDefinition, err = getPolicySetDefinitionByDisplayName(ctx, client, displayName, managementGroupID) if err != nil { - return fmt.Errorf("failed to read Policy Set Definition (Display Name %q): %+v", displayName, err) + return fmt.Errorf("reading Policy Set Definition (Display Name %q): %+v", displayName, err) } } if name != "" { setDefinition, err = getPolicySetDefinitionByName(ctx, client, name, managementGroupID) if err != nil { - return fmt.Errorf("failed to read Policy Set Definition %q: %+v", name, err) + return fmt.Errorf("reading Policy Set Definition %q: %+v", name, err) } } + if setDefinition.ID == nil || *setDefinition.ID == "" { + return fmt.Errorf("empty or nil ID returned for Policy Set Definition %q", name) + } d.SetId(*setDefinition.ID) d.Set("name", setDefinition.Name) d.Set("display_name", setDefinition.DisplayName) @@ -104,16 +130,20 @@ func dataSourceArmPolicySetDefinitionRead(d *schema.ResourceData, meta interface d.Set("metadata", flattenJSON(setDefinition.Metadata)) if paramsStr, err := flattenParameterDefintionsValueToString(setDefinition.Parameters); err != nil { - return fmt.Errorf("unable to flatten JSON for `parameters`: %+v", err) + return fmt.Errorf("flattening JSON for `parameters`: %+v", err) } else { d.Set("parameters", paramsStr) } definitionBytes, err := json.Marshal(setDefinition.PolicyDefinitions) if err != nil { - return fmt.Errorf("unable to flatten JSON for `policy_defintions`: %+v", err) + return fmt.Errorf("flattening JSON for `policy_defintions`: %+v", err) } d.Set("policy_definitions", string(definitionBytes)) + if err := d.Set("policy_definition_reference", flattenAzureRMPolicySetDefinitionPolicyDefinitions(setDefinition.PolicyDefinitions)); err != nil { + return fmt.Errorf("setting `policy_definition_reference`: %+v", err) + } + return nil } diff --git a/azurerm/internal/services/policy/policy_set_definition_resource.go b/azurerm/internal/services/policy/policy_set_definition_resource.go index 5d89d5d53a83..764780439b35 100644 --- a/azurerm/internal/services/policy/policy_set_definition_resource.go +++ b/azurerm/internal/services/policy/policy_set_definition_resource.go @@ -17,8 +17,8 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/helper/validation" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/tf" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/clients" - "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/features" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/policy/parse" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/policy/validate" azSchema "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/tf/schema" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/timeouts" "github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils" @@ -106,11 +106,41 @@ func resourceArmPolicySetDefinition() *schema.Resource { DiffSuppressFunc: structure.SuppressJsonDiff, }, - "policy_definitions": { + "policy_definitions": { // TODO -- remove in the next major version Type: schema.TypeString, Optional: true, + Computed: true, ValidateFunc: validation.StringIsJSON, DiffSuppressFunc: policyDefinitionsDiffSuppressFunc, + ExactlyOneOf: []string{"policy_definitions", "policy_definition_reference"}, + Deprecated: "Deprecated in favor of `policy_definition_reference`", + }, + + "policy_definition_reference": { // TODO -- rename this back to `policy_definition` after the deprecation + Type: schema.TypeList, + Optional: true, // TODO -- change this to Required after the deprecation + Computed: true, // TODO -- remove Computed after the deprecation + ExactlyOneOf: []string{"policy_definitions", "policy_definition_reference"}, // TODO -- remove after the deprecation + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "policy_definition_id": { + Type: schema.TypeString, + Required: true, + ValidateFunc: validate.PolicyDefinitionID, + }, + + "parameters": { + Type: schema.TypeMap, + Optional: true, + }, + + "reference_id": { + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + }, + }, }, }, } @@ -139,39 +169,38 @@ func policySetDefinitionsMetadataDiffSuppressFunc(_, old, new string, _ *schema. return reflect.DeepEqual(oldPolicySetDefinitionsMetadata, newPolicySetDefinitionsMetadata) } +// This function only serves the deprecated attribute `policy_definitions` in the old api-version. +// The old api-version only support two attribute - `policy_definition_id` and `parameters` in each element. +// Therefore this function is used for ignoring any other keys and then compare if there is a diff func policyDefinitionsDiffSuppressFunc(_, old, new string, _ *schema.ResourceData) bool { - var oldPolicyDefinitions []policy.DefinitionReference + var oldPolicyDefinitions []DefinitionReferenceInOldApiVersion errOld := json.Unmarshal([]byte(old), &oldPolicyDefinitions) if errOld != nil { return false } - var newPolicyDefinitions []policy.DefinitionReference + var newPolicyDefinitions []DefinitionReferenceInOldApiVersion errNew := json.Unmarshal([]byte(new), &newPolicyDefinitions) if errNew != nil { return false } - for i := range newPolicyDefinitions { - newPolicyDefinitions[i].PolicyDefinitionReferenceID = nil - } - - for i := range oldPolicyDefinitions { - oldPolicyDefinitions[i].PolicyDefinitionReferenceID = nil - } - return reflect.DeepEqual(oldPolicyDefinitions, newPolicyDefinitions) } +type DefinitionReferenceInOldApiVersion struct { + // PolicyDefinitionID - The ID of the policy definition or policy set definition. + PolicyDefinitionID *string `json:"policyDefinitionId,omitempty"` + // Parameters - The parameter values for the referenced policy rule. The keys are the parameter names. + Parameters map[string]*policy.ParameterValuesValue `json:"parameters"` +} + func resourceArmPolicySetDefinitionCreateUpdate(d *schema.ResourceData, meta interface{}) error { client := meta.(*clients.Client).Policy.SetDefinitionsClient ctx, cancel := timeouts.ForCreateUpdate(meta.(*clients.Client).StopContext, d) defer cancel() name := d.Get("name").(string) - policyType := d.Get("policy_type").(string) - displayName := d.Get("display_name").(string) - description := d.Get("description").(string) managementGroupName := "" if v, ok := d.GetOk("management_group_name"); ok { managementGroupName = v.(string) @@ -180,11 +209,11 @@ func resourceArmPolicySetDefinitionCreateUpdate(d *schema.ResourceData, meta int managementGroupName = v.(string) } - if features.ShouldResourcesBeImported() && d.IsNewResource() { + if d.IsNewResource() { existing, err := getPolicySetDefinitionByName(ctx, client, name, managementGroupName) if err != nil { if !utils.ResponseWasNotFound(existing.Response) { - return fmt.Errorf("Error checking for presence of existing Policy Set Definition %q: %s", name, err) + return fmt.Errorf("checking for presence of existing Policy Set Definition %q: %+v", name, err) } } @@ -194,15 +223,15 @@ func resourceArmPolicySetDefinitionCreateUpdate(d *schema.ResourceData, meta int } properties := policy.SetDefinitionProperties{ - PolicyType: policy.Type(policyType), - DisplayName: utils.String(displayName), - Description: utils.String(description), + PolicyType: policy.Type(d.Get("policy_type").(string)), + DisplayName: utils.String(d.Get("display_name").(string)), + Description: utils.String(d.Get("description").(string)), } if metaDataString := d.Get("metadata").(string); metaDataString != "" { metaData, err := structure.ExpandJsonFromString(metaDataString) if err != nil { - return fmt.Errorf("unable to expand metadata json: %s", err) + return fmt.Errorf("expanding JSON for `metadata`: %+v", err) } properties.Metadata = &metaData } @@ -210,19 +239,22 @@ func resourceArmPolicySetDefinitionCreateUpdate(d *schema.ResourceData, meta int if parametersString := d.Get("parameters").(string); parametersString != "" { parameters, err := expandParameterDefinitionsValueFromString(parametersString) if err != nil { - return fmt.Errorf("unable to expand parameters json: %s", err) + return fmt.Errorf("expanding JSON for `parameters`: %+v", err) } properties.Parameters = parameters } - if policyDefinitionsString := d.Get("policy_definitions").(string); policyDefinitionsString != "" { + if v, ok := d.GetOk("policy_definitions"); ok { var policyDefinitions []policy.DefinitionReference - err := json.Unmarshal([]byte(policyDefinitionsString), &policyDefinitions) + err := json.Unmarshal([]byte(v.(string)), &policyDefinitions) if err != nil { - return fmt.Errorf("unable to expand parameters json: %s", err) + return fmt.Errorf("expanding JSON for `policy_definitions`: %+v", err) } properties.PolicyDefinitions = &policyDefinitions } + if v, ok := d.GetOk("policy_definition_reference"); ok { + properties.PolicyDefinitions = expandAzureRMPolicySetDefinitionPolicyDefinitions(v.([]interface{})) + } definition := policy.SetDefinition{ Name: utils.String(name), @@ -237,7 +269,7 @@ func resourceArmPolicySetDefinitionCreateUpdate(d *schema.ResourceData, meta int } if err != nil { - return fmt.Errorf("Error creating/updating Policy Set Definition %q: %s", name, err) + return fmt.Errorf("creating/updating Policy Set Definition %q: %+v", name, err) } // Policy Definitions are eventually consistent; wait for them to stabilize @@ -257,13 +289,13 @@ func resourceArmPolicySetDefinitionCreateUpdate(d *schema.ResourceData, meta int } if _, err = stateConf.WaitForState(); err != nil { - return fmt.Errorf("Error waiting for Policy Set Definition %q to become available: %s", name, err) + return fmt.Errorf("waiting for Policy Set Definition %q to become available: %+v", name, err) } var resp policy.SetDefinition resp, err = getPolicySetDefinitionByName(ctx, client, name, managementGroupName) if err != nil { - return fmt.Errorf("Error retrieving Policy Set Definition %q: %s", name, err) + return fmt.Errorf("retrieving Policy Set Definition %q: %+v", name, err) } d.SetId(*resp.ID) @@ -296,7 +328,7 @@ func resourceArmPolicySetDefinitionRead(d *schema.ResourceData, meta interface{} return nil } - return fmt.Errorf("Error reading Policy Set Definition %+v", err) + return fmt.Errorf("reading Policy Set Definition %+v", err) } d.Set("name", resp.Name) @@ -312,16 +344,16 @@ func resourceArmPolicySetDefinitionRead(d *schema.ResourceData, meta interface{} metadataVal := metadata.(map[string]interface{}) metadataStr, err := structure.FlattenJsonToString(metadataVal) if err != nil { - return fmt.Errorf("unable to flatten JSON for `metadata`: %s", err) + return fmt.Errorf("flattening JSON for `metadata`: %+v", err) } d.Set("metadata", metadataStr) } - if props.Parameters != nil { - parametersStr, err := flattenParameterDefintionsValueToString(props.Parameters) + if parameters := props.Parameters; parameters != nil { + parametersStr, err := flattenParameterDefintionsValueToString(parameters) if err != nil { - return fmt.Errorf("unable to flatten JSON for `parameters`: %s", err) + return fmt.Errorf("flattening JSON for `parameters`: %+v", err) } d.Set("parameters", parametersStr) @@ -330,11 +362,13 @@ func resourceArmPolicySetDefinitionRead(d *schema.ResourceData, meta interface{} if policyDefinitions := props.PolicyDefinitions; policyDefinitions != nil { policyDefinitionsRes, err := json.Marshal(policyDefinitions) if err != nil { - return fmt.Errorf("unable to flatten JSON for `policy_defintions`: %s", err) + return fmt.Errorf("flattening JSON for `policy_defintions`: %+v", err) } - policyDefinitionsStr := string(policyDefinitionsRes) - d.Set("policy_definitions", policyDefinitionsStr) + d.Set("policy_definitions", string(policyDefinitionsRes)) + } + if err := d.Set("policy_definition_reference", flattenAzureRMPolicySetDefinitionPolicyDefinitions(props.PolicyDefinitions)); err != nil { + return fmt.Errorf("setting `policy_definition_reference`: %+v", err) } } @@ -369,7 +403,7 @@ func resourceArmPolicySetDefinitionDelete(d *schema.ResourceData, meta interface return nil } - return fmt.Errorf("Error deleting Policy Set Definition %q: %+v", id.Name, err) + return fmt.Errorf("deleting Policy Set Definition %q: %+v", id.Name, err) } return nil @@ -379,9 +413,66 @@ func policySetDefinitionRefreshFunc(ctx context.Context, client *policy.SetDefin return func() (interface{}, string, error) { res, err := getPolicySetDefinitionByName(ctx, client, name, managementGroupId) if err != nil { - return nil, strconv.Itoa(res.StatusCode), fmt.Errorf("Error issuing read request in policySetDefinitionRefreshFunc for Policy Set Definition %q: %s", name, err) + return nil, strconv.Itoa(res.StatusCode), fmt.Errorf("issuing read request in policySetDefinitionRefreshFunc for Policy Set Definition %q: %+v", name, err) } return res, strconv.Itoa(res.StatusCode), nil } } + +func expandAzureRMPolicySetDefinitionPolicyDefinitions(input []interface{}) *[]policy.DefinitionReference { + result := make([]policy.DefinitionReference, 0) + + for _, item := range input { + v := item.(map[string]interface{}) + + parameters := make(map[string]*policy.ParameterValuesValue) + for k, value := range v["parameters"].(map[string]interface{}) { + parameters[k] = &policy.ParameterValuesValue{ + Value: value.(string), + } + } + + result = append(result, policy.DefinitionReference{ + PolicyDefinitionID: utils.String(v["policy_definition_id"].(string)), + Parameters: parameters, + PolicyDefinitionReferenceID: utils.String(v["reference_id"].(string)), + }) + } + + return &result +} + +func flattenAzureRMPolicySetDefinitionPolicyDefinitions(input *[]policy.DefinitionReference) []interface{} { + result := make([]interface{}, 0) + if input == nil { + return result + } + + for _, definition := range *input { + policyDefinitionID := "" + if definition.PolicyDefinitionID != nil { + policyDefinitionID = *definition.PolicyDefinitionID + } + + parametersMap := make(map[string]interface{}) + for k, v := range definition.Parameters { + if v == nil { + continue + } + parametersMap[k] = v.Value + } + + policyDefinitionReference := "" + if definition.PolicyDefinitionReferenceID != nil { + policyDefinitionReference = *definition.PolicyDefinitionReferenceID + } + + result = append(result, map[string]interface{}{ + "policy_definition_id": policyDefinitionID, + "parameters": parametersMap, + "reference_id": policyDefinitionReference, + }) + } + return result +} diff --git a/azurerm/internal/services/policy/tests/policy_definition_data_source_test.go b/azurerm/internal/services/policy/tests/policy_definition_data_source_test.go index b2b14c6bc2e5..c991beee16e5 100644 --- a/azurerm/internal/services/policy/tests/policy_definition_data_source_test.go +++ b/azurerm/internal/services/policy/tests/policy_definition_data_source_test.go @@ -61,7 +61,7 @@ func TestAccDataSourceAzureRMPolicyDefinition_customByDisplayName(t *testing.T) resource.TestCheckResourceAttr(data.ResourceName, "type", "Microsoft.Authorization/policyDefinitions"), resource.TestCheckResourceAttr(data.ResourceName, "policy_type", "Custom"), resource.TestCheckResourceAttr(data.ResourceName, "policy_rule", "{\"if\":{\"not\":{\"field\":\"location\",\"in\":\"[parameters('allowedLocations')]\"}},\"then\":{\"effect\":\"audit\"}}"), - resource.TestCheckResourceAttr(data.ResourceName, "parameters", "{\"allowedLocations\":{\"metadata\":{\"description\":\"The list of allowed locations for resources.\",\"displayName\":\"Allowed locations\",\"strongType\":\"location\"},\"type\":\"Array\"}}"), + resource.TestCheckResourceAttr(data.ResourceName, "parameters", "{\"allowedLocations\":{\"type\":\"Array\",\"metadata\":{\"description\":\"The list of allowed locations for resources.\",\"displayName\":\"Allowed locations\",\"strongType\":\"location\"}}}"), resource.TestCheckResourceAttrSet(data.ResourceName, "metadata"), ), }, @@ -84,7 +84,7 @@ func TestAccDataSourceAzureRMPolicyDefinition_customByName(t *testing.T) { resource.TestCheckResourceAttr(data.ResourceName, "type", "Microsoft.Authorization/policyDefinitions"), resource.TestCheckResourceAttr(data.ResourceName, "policy_type", "Custom"), resource.TestCheckResourceAttr(data.ResourceName, "policy_rule", "{\"if\":{\"not\":{\"field\":\"location\",\"in\":\"[parameters('allowedLocations')]\"}},\"then\":{\"effect\":\"audit\"}}"), - resource.TestCheckResourceAttr(data.ResourceName, "parameters", "{\"allowedLocations\":{\"metadata\":{\"description\":\"The list of allowed locations for resources.\",\"displayName\":\"Allowed locations\",\"strongType\":\"location\"},\"type\":\"Array\"}}"), + resource.TestCheckResourceAttr(data.ResourceName, "parameters", "{\"allowedLocations\":{\"type\":\"Array\",\"metadata\":{\"description\":\"The list of allowed locations for resources.\",\"displayName\":\"Allowed locations\",\"strongType\":\"location\"}}}"), resource.TestCheckResourceAttrSet(data.ResourceName, "metadata"), ), }, diff --git a/azurerm/internal/services/policy/tests/policy_definition_resource_test.go b/azurerm/internal/services/policy/tests/policy_definition_resource_test.go index de7dd8f4f871..7b3f7da01412 100644 --- a/azurerm/internal/services/policy/tests/policy_definition_resource_test.go +++ b/azurerm/internal/services/policy/tests/policy_definition_resource_test.go @@ -74,7 +74,7 @@ func TestAccAzureRMPolicyDefinitionAtMgmtGroup_basic(t *testing.T) { CheckDestroy: testCheckAzureRMPolicyDefinitionDestroyInMgmtGroup, Steps: []resource.TestStep{ { - Config: testAzureRMPolicyDefinition_ManagementGroup(data), + Config: testAzureRMPolicyDefinition_managementGroup(data), Check: resource.ComposeTestCheckFunc( testCheckAzureRMPolicyDefinitionExistsInMgmtGroup(data.ResourceName), ), @@ -308,7 +308,7 @@ POLICY_RULE `, data.RandomInteger) } -func testAzureRMPolicyDefinition_ManagementGroup(data acceptance.TestData) string { +func testAzureRMPolicyDefinition_managementGroup(data acceptance.TestData) string { return fmt.Sprintf(` provider "azurerm" { features {} diff --git a/azurerm/internal/services/policy/tests/policy_set_definition_data_source_test.go b/azurerm/internal/services/policy/tests/policy_set_definition_data_source_test.go index 21ea87750f4a..1a6dbd24b3e5 100644 --- a/azurerm/internal/services/policy/tests/policy_set_definition_data_source_test.go +++ b/azurerm/internal/services/policy/tests/policy_set_definition_data_source_test.go @@ -20,10 +20,11 @@ func TestAccDataSourceAzureRMPolicySetDefinition_builtIn(t *testing.T) { Config: testAccDataSourceAzureRMPolicySetDefinition_builtIn("Audit Windows VMs with a pending reboot"), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr(data.ResourceName, "name", "c96b2a9c-6fab-4ac2-ae21-502143491cd4"), - resource.TestCheckResourceAttr(data.ResourceName, "displayName", "Audit Windows VMs with a pending reboot"), + resource.TestCheckResourceAttr(data.ResourceName, "display_name", "Audit Windows VMs with a pending reboot"), resource.TestCheckResourceAttr(data.ResourceName, "policy_type", "BuiltIn"), - resource.TestCheckResourceAttrSet(data.ResourceName, "parameters"), + resource.TestCheckResourceAttr(data.ResourceName, "parameters", ""), resource.TestCheckResourceAttrSet(data.ResourceName, "policy_definitions"), + resource.TestCheckResourceAttr(data.ResourceName, "policy_definition_reference.#", "2"), ), }, }, @@ -46,6 +47,7 @@ func TestAccDataSourceAzureRMPolicySetDefinition_customByName(t *testing.T) { resource.TestCheckResourceAttr(data.ResourceName, "policy_type", "Custom"), resource.TestCheckResourceAttrSet(data.ResourceName, "parameters"), resource.TestCheckResourceAttrSet(data.ResourceName, "policy_definitions"), + resource.TestCheckResourceAttr(data.ResourceName, "policy_definition_reference.#", "1"), ), }, }, @@ -68,6 +70,7 @@ func TestAccDataSourceAzureRMPolicySetDefinition_customByDisplayName(t *testing. resource.TestCheckResourceAttr(data.ResourceName, "policy_type", "Custom"), resource.TestCheckResourceAttrSet(data.ResourceName, "parameters"), resource.TestCheckResourceAttrSet(data.ResourceName, "policy_definitions"), + resource.TestCheckResourceAttr(data.ResourceName, "policy_definition_reference.#", "1"), ), }, }, diff --git a/azurerm/internal/services/policy/tests/policy_set_definition_resource_test.go b/azurerm/internal/services/policy/tests/policy_set_definition_resource_test.go index e45175db2e80..46d3c17467fd 100644 --- a/azurerm/internal/services/policy/tests/policy_set_definition_resource_test.go +++ b/azurerm/internal/services/policy/tests/policy_set_definition_resource_test.go @@ -13,6 +13,24 @@ import ( "github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils" ) +func TestAccAzureRMPolicySetDefinition_builtInDeprecated(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_policy_set_definition", "test") + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acceptance.PreCheck(t) }, + Providers: acceptance.SupportedProviders, + CheckDestroy: testCheckAzureRMPolicySetDefinitionDestroy, + Steps: []resource.TestStep{ + { + Config: testAzureRMPolicySetDefinition_builtInDeprecated(data), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMPolicySetDefinitionExists(data.ResourceName), + ), + }, + data.ImportStep(), + }, + }) +} + func TestAccAzureRMPolicySetDefinition_builtIn(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_policy_set_definition", "test") resource.ParallelTest(t, resource.TestCase{ @@ -49,6 +67,24 @@ func TestAccAzureRMPolicySetDefinition_requiresImport(t *testing.T) { }) } +func TestAccAzureRMPolicySetDefinition_customDeprecated(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_policy_set_definition", "test") + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acceptance.PreCheck(t) }, + Providers: acceptance.SupportedProviders, + CheckDestroy: testCheckAzureRMPolicySetDefinitionDestroy, + Steps: []resource.TestStep{ + { + Config: testAzureRMPolicySetDefinition_customDeprecated(data), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMPolicySetDefinitionExists(data.ResourceName), + ), + }, + data.ImportStep(), + }, + }) +} + func TestAccAzureRMPolicySetDefinition_custom(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_policy_set_definition", "test") resource.ParallelTest(t, resource.TestCase{ @@ -67,7 +103,62 @@ func TestAccAzureRMPolicySetDefinition_custom(t *testing.T) { }) } -func TestAccAzureRMPolicySetDefinition_ManagementGroup(t *testing.T) { +func TestAccAzureRMPolicySetDefinition_customWithPolicyReferenceID(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_policy_set_definition", "test") + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acceptance.PreCheck(t) }, + Providers: acceptance.SupportedProviders, + CheckDestroy: testCheckAzureRMPolicySetDefinitionDestroy, + Steps: []resource.TestStep{ + { + Config: testAzureRMPolicySetDefinition_customWithPolicyReferenceID(data), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMPolicySetDefinitionExists(data.ResourceName), + ), + }, + data.ImportStep(), + }, + }) +} + +func TestAccAzureRMPolicySetDefinition_managementGroupDeprecated(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_policy_set_definition", "test") + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acceptance.PreCheck(t) }, + Providers: acceptance.SupportedProviders, + CheckDestroy: testCheckAzureRMPolicySetDefinitionDestroy, + Steps: []resource.TestStep{ + { + Config: testAzureRMPolicySetDefinition_managementGroupDeprecated(data), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMPolicySetDefinitionExists(data.ResourceName), + ), + }, + data.ImportStep(), + }, + }) +} + +func TestAccAzureRMPolicySetDefinition_managementGroup(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_policy_set_definition", "test") + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acceptance.PreCheck(t) }, + Providers: acceptance.SupportedProviders, + CheckDestroy: testCheckAzureRMPolicySetDefinitionDestroy, + Steps: []resource.TestStep{ + { + Config: testAzureRMPolicySetDefinition_managementGroup(data), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMPolicySetDefinitionExists(data.ResourceName), + ), + }, + data.ImportStep(), + }, + }) +} + +func TestAccAzureRMPolicySetDefinition_metadataDeprecated(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_policy_set_definition", "test") resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { acceptance.PreCheck(t) }, @@ -75,7 +166,7 @@ func TestAccAzureRMPolicySetDefinition_ManagementGroup(t *testing.T) { CheckDestroy: testCheckAzureRMPolicySetDefinitionDestroy, Steps: []resource.TestStep{ { - Config: testAzureRMPolicySetDefinition_ManagementGroup(data), + Config: testAzureRMPolicySetDefinition_metadataDeprecated(data), Check: resource.ComposeTestCheckFunc( testCheckAzureRMPolicySetDefinitionExists(data.ResourceName), ), @@ -103,7 +194,7 @@ func TestAccAzureRMPolicySetDefinition_metadata(t *testing.T) { }) } -func testAzureRMPolicySetDefinition_builtIn(data acceptance.TestData) string { +func testAzureRMPolicySetDefinition_builtInDeprecated(data acceptance.TestData) string { return fmt.Sprintf(` provider "azurerm" { features {} @@ -143,8 +234,42 @@ POLICY_DEFINITIONS `, data.RandomInteger, data.RandomInteger) } +func testAzureRMPolicySetDefinition_builtIn(data acceptance.TestData) string { + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +resource "azurerm_policy_set_definition" "test" { + name = "acctestpolset-%d" + policy_type = "Custom" + display_name = "acctestpolset-%d" + + parameters = <