Update azurerm_policy_set_definition - Support policy_definition_reference_id

azurerm/internal/services/policy/policy.go

@@ -19,7 +19,7 @@ func getPolicyDefinitionByDisplayName(ctx context.Context, client *policy.Defini
 		policyDefinitions, err = client.ListComplete(ctx)
 	}
 	if err != nil {
-		return policy.Definition{}, fmt.Errorf("failed to load Policy Definition List: %+v", err)
+		return policy.Definition{}, fmt.Errorf("loading Policy Definition List: %+v", err)
 	}
 
 	var results []policy.Definition
@@ -30,18 +30,18 @@ func getPolicyDefinitionByDisplayName(ctx context.Context, client *policy.Defini
 		}
 
 		if err := policyDefinitions.NextWithContext(ctx); err != nil {
-			return policy.Definition{}, fmt.Errorf("failed to load Policy Definition List: %s", err)
+			return policy.Definition{}, fmt.Errorf("loading Policy Definition List: %s", err)
 		}
 	}
 
 	// we found none
 	if len(results) == 0 {
-		return policy.Definition{}, fmt.Errorf("failed to load Policy Definition List: could not find policy '%s'", displayName)
+		return policy.Definition{}, fmt.Errorf("loading Policy Definition List: could not find policy '%s'", displayName)
 	}
 
 	// we found more than one
 	if len(results) > 1 {
-		return policy.Definition{}, fmt.Errorf("failed to load Policy Definition List: found more than one policy '%s'", displayName)
+		return policy.Definition{}, fmt.Errorf("loading Policy Definition List: found more than one policy '%s'", displayName)
 	}
 
 	return results[0], nil
@@ -77,7 +77,7 @@ func getPolicySetDefinitionByDisplayName(ctx context.Context, client *policy.Set
 		setDefinitions, err = client.ListComplete(ctx)
 	}
 	if err != nil {
-		return policy.SetDefinition{}, fmt.Errorf("failed to load Policy Set Definition List: %+v", err)
+		return policy.SetDefinition{}, fmt.Errorf("loading Policy Set Definition List: %+v", err)
 	}
 
 	var results []policy.SetDefinition
@@ -88,18 +88,18 @@ func getPolicySetDefinitionByDisplayName(ctx context.Context, client *policy.Set
 		}
 
 		if err := setDefinitions.NextWithContext(ctx); err != nil {
-			return policy.SetDefinition{}, fmt.Errorf("failed to load Policy Set Definition List: %s", err)
+			return policy.SetDefinition{}, fmt.Errorf("loading Policy Set Definition List: %s", err)
 		}
 	}
 
 	// throw error when we found none
 	if len(results) == 0 {
-		return policy.SetDefinition{}, fmt.Errorf("failed to load Policy Set Definition List: could not find policy '%s'", displayName)
+		return policy.SetDefinition{}, fmt.Errorf("loading Policy Set Definition List: could not find policy '%s'", displayName)
 	}
 
 	// throw error when we found more than one
 	if len(results) > 1 {
-		return policy.SetDefinition{}, fmt.Errorf("failed to load Policy Set Definition List: found more than one policy set definition '%s'", displayName)
+		return policy.SetDefinition{}, fmt.Errorf("loading Policy Set Definition List: found more than one policy set definition '%s'", displayName)
 	}
 
 	return results[0], nil

azurerm/internal/services/policy/policy_assignment_resource.go

@@ -15,7 +15,6 @@ import (
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure"
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/tf"
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/clients"
-	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/features"
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/policy/parse"
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/policy/validate"
 	azSchema "github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/tf/schema"
@@ -135,15 +134,12 @@ func resourceArmPolicyAssignmentCreateUpdate(d *schema.ResourceData, meta interf
 
 	name := d.Get("name").(string)
 	scope := d.Get("scope").(string)
-	enforcementMode := convertEnforcementMode(d.Get("enforcement_mode").(bool))
-	policyDefinitionId := d.Get("policy_definition_id").(string)
-	displayName := d.Get("display_name").(string)
 
-	if features.ShouldResourcesBeImported() && d.IsNewResource() {
+	if d.IsNewResource() {
 		existing, err := client.Get(ctx, scope, name)
 		if err != nil {
 			if !utils.ResponseWasNotFound(existing.Response) {
-				return fmt.Errorf("Error checking for presence of existing Policy Assignment %q: %s", name, err)
+				return fmt.Errorf("checking for presence of existing Policy Assignment %q: %s", name, err)
 			}
 		}
 
@@ -154,23 +150,22 @@ func resourceArmPolicyAssignmentCreateUpdate(d *schema.ResourceData, meta interf
 
 	assignment := policy.Assignment{
 		AssignmentProperties: &policy.AssignmentProperties{
-			PolicyDefinitionID: utils.String(policyDefinitionId),
-			DisplayName:        utils.String(displayName),
+			PolicyDefinitionID: utils.String(d.Get("policy_definition_id").(string)),
+			DisplayName:        utils.String(d.Get("display_name").(string)),
 			Scope:              utils.String(scope),
-			EnforcementMode:    enforcementMode,
+			EnforcementMode:    convertEnforcementMode(d.Get("enforcement_mode").(bool)),
 		},
 	}
 
 	if v := d.Get("description").(string); v != "" {
 		assignment.AssignmentProperties.Description = utils.String(v)
 	}
 
-	if _, ok := d.GetOk("identity"); ok {
-		if v := d.Get("location").(string); v == "" {
+	if v, ok := d.GetOk("identity"); ok {
+		if location := d.Get("location").(string); location == "" {
 			return fmt.Errorf("`location` must be set when `identity` is assigned")
 		}
-		policyIdentity := expandAzureRmPolicyIdentity(d)
-		assignment.Identity = policyIdentity
+		assignment.Identity = expandAzureRmPolicyIdentity(v.([]interface{}))
 	}
 
 	if v := d.Get("location").(string); v != "" {
@@ -180,19 +175,18 @@ func resourceArmPolicyAssignmentCreateUpdate(d *schema.ResourceData, meta interf
 	if v := d.Get("parameters").(string); v != "" {
 		expandedParams, err := expandParameterValuesValueFromString(v)
 		if err != nil {
-			return fmt.Errorf("Error expanding JSON from Parameters %q: %+v", v, err)
+			return fmt.Errorf("expanding JSON for `parameters` %q: %+v", v, err)
 		}
 
 		assignment.AssignmentProperties.Parameters = expandedParams
 	}
 
-	if _, ok := d.GetOk("not_scopes"); ok {
-		notScopes := expandAzureRmPolicyNotScopes(d)
-		assignment.AssignmentProperties.NotScopes = notScopes
+	if v, ok := d.GetOk("not_scopes"); ok {
+		assignment.AssignmentProperties.NotScopes = expandAzureRmPolicyNotScopes(v.([]interface{}))
 	}
 
 	if _, err := client.Create(ctx, scope, name, assignment); err != nil {
-		return err
+		return fmt.Errorf("creating/updating Policy Assignment %q (Scope %q): %+v", name, scope, err)
 	}
 
 	// Policy Assignments are eventually consistent; wait for them to stabilize
@@ -212,14 +206,17 @@ func resourceArmPolicyAssignmentCreateUpdate(d *schema.ResourceData, meta interf
 	}
 
 	if _, err := stateConf.WaitForState(); err != nil {
-		return fmt.Errorf("Error waiting for Policy Assignment %q to become available: %s", name, err)
+		return fmt.Errorf("waiting for Policy Assignment %q to become available: %s", name, err)
 	}
 
 	resp, err := client.Get(ctx, scope, name)
 	if err != nil {
-		return err
+		return fmt.Errorf("retrieving Policy Assignment %q (Scope %q): %+v", name, scope, err)
 	}
 
+	if resp.ID == nil || *resp.ID == "" {
+		return fmt.Errorf("empty or nil ID returned for Policy Assignment %q (Scope %q)", name, scope)
+	}
 	d.SetId(*resp.ID)
 
 	return resourceArmPolicyAssignmentRead(d, meta)
@@ -240,13 +237,13 @@ func resourceArmPolicyAssignmentRead(d *schema.ResourceData, meta interface{}) e
 			return nil
 		}
 
-		return fmt.Errorf("Error reading Policy Assignment %q: %+v", id, err)
+		return fmt.Errorf("reading Policy Assignment %q: %+v", id, err)
 	}
 
 	d.Set("name", resp.Name)
 
 	if err := d.Set("identity", flattenAzureRmPolicyIdentity(resp.Identity)); err != nil {
-		return fmt.Errorf("Error setting `identity`: %+v", err)
+		return fmt.Errorf("setting `identity`: %+v", err)
 	}
 
 	if location := resp.Location; location != nil {
@@ -263,7 +260,7 @@ func resourceArmPolicyAssignmentRead(d *schema.ResourceData, meta interface{}) e
 		if params := props.Parameters; params != nil {
 			json, err := flattenParameterValuesValueToString(params)
 			if err != nil {
-				return fmt.Errorf("Error serializing JSON from Parameters: %+v", err)
+				return fmt.Errorf("serializing JSON from `parameters`: %+v", err)
 			}
 
 			d.Set("parameters", json)
@@ -288,7 +285,7 @@ func resourceArmPolicyAssignmentDelete(d *schema.ResourceData, meta interface{})
 			return nil
 		}
 
-		return fmt.Errorf("Error deleting Policy Assignment %q: %+v", id, err)
+		return fmt.Errorf("deleting Policy Assignment %q: %+v", id, err)
 	}
 
 	return nil
@@ -298,25 +295,22 @@ func policyAssignmentRefreshFunc(ctx context.Context, client *policy.Assignments
 	return func() (interface{}, string, error) {
 		res, err := client.Get(ctx, scope, name)
 		if err != nil {
-			return nil, strconv.Itoa(res.StatusCode), fmt.Errorf("Error issuing read request in policyAssignmentRefreshFunc for Policy Assignment %q (Scope: %q): %s", name, scope, err)
+			return nil, strconv.Itoa(res.StatusCode), fmt.Errorf("issuing read request in policyAssignmentRefreshFunc for Policy Assignment %q (Scope: %q): %s", name, scope, err)
 		}
 
 		return res, strconv.Itoa(res.StatusCode), nil
 	}
 }
 
-func expandAzureRmPolicyIdentity(d *schema.ResourceData) *policy.Identity {
-	v := d.Get("identity")
-	identities := v.([]interface{})
-	identity := identities[0].(map[string]interface{})
-
-	identityType := policy.ResourceIdentityType(identity["type"].(string))
-
-	policyIdentity := policy.Identity{
-		Type: identityType,
+func expandAzureRmPolicyIdentity(input []interface{}) *policy.Identity {
+	if len(input) == 0 {
+		return nil
 	}
+	identity := input[0].(map[string]interface{})
 
-	return &policyIdentity
+	return &policy.Identity{
+		Type: policy.ResourceIdentityType(identity["type"].(string)),
+	}
 }
 
 func flattenAzureRmPolicyIdentity(identity *policy.Identity) []interface{} {
@@ -337,11 +331,10 @@ func flattenAzureRmPolicyIdentity(identity *policy.Identity) []interface{} {
 	return []interface{}{result}
 }
 
-func expandAzureRmPolicyNotScopes(d *schema.ResourceData) *[]string {
-	notScopes := d.Get("not_scopes").([]interface{})
+func expandAzureRmPolicyNotScopes(input []interface{}) *[]string {
 	notScopesRes := make([]string, 0)
 
-	for _, notScope := range notScopes {
+	for _, notScope := range input {
 		notScopesRes = append(notScopesRes, notScope.(string))
 	}
 

azurerm/internal/services/policy/policy_definition_data_source.go

@@ -103,13 +103,13 @@ func dataSourceArmPolicyDefinitionRead(d *schema.ResourceData, meta interface{})
 	if displayName != "" {
 		policyDefinition, err = getPolicyDefinitionByDisplayName(ctx, client, displayName, managementGroupName)
 		if err != nil {
-			return fmt.Errorf("failed to read Policy Definition (Display Name %q): %+v", displayName, err)
+			return fmt.Errorf("reading Policy Definition (Display Name %q): %+v", displayName, err)
 		}
 	}
 	if name != "" {
 		policyDefinition, err = getPolicyDefinitionByName(ctx, client, name, managementGroupName)
 		if err != nil {
-			return fmt.Errorf("failed to read Policy Definition %q: %+v", name, err)
+			return fmt.Errorf("reading Policy Definition %q: %+v", name, err)
 		}
 	}
 
@@ -124,7 +124,7 @@ func dataSourceArmPolicyDefinitionRead(d *schema.ResourceData, meta interface{})
 	if policyRuleStr := flattenJSON(policyRule); policyRuleStr != "" {
 		d.Set("policy_rule", policyRuleStr)
 	} else {
-		return fmt.Errorf("failed to flatten Policy Definition Rule %q: %+v", name, err)
+		return fmt.Errorf("flattening Policy Definition Rule %q: %+v", name, err)
 	}
 
 	if metadataStr := flattenJSON(policyDefinition.Metadata); metadataStr != "" {

azurerm/internal/services/policy/policy_definition_resource.go

@@ -163,7 +163,7 @@ func resourceArmPolicyDefinitionCreateUpdate(d *schema.ResourceData, meta interf
 		existing, err := getPolicyDefinitionByName(ctx, client, name, managementGroupName)
 		if err != nil {
 			if !utils.ResponseWasNotFound(existing.Response) {
-				return fmt.Errorf("Error checking for presence of existing Policy Definition %q: %s", name, err)
+				return fmt.Errorf("checking for presence of existing Policy Definition %q: %+v", name, err)
 			}
 		}
 
@@ -182,23 +182,23 @@ func resourceArmPolicyDefinitionCreateUpdate(d *schema.ResourceData, meta interf
 	if policyRuleString := d.Get("policy_rule").(string); policyRuleString != "" {
 		policyRule, err := structure.ExpandJsonFromString(policyRuleString)
 		if err != nil {
-			return fmt.Errorf("unable to parse policy_rule: %s", err)
+			return fmt.Errorf("expanding JSON for `policy_rule`: %+v", err)
 		}
 		properties.PolicyRule = &policyRule
 	}
 
 	if metaDataString := d.Get("metadata").(string); metaDataString != "" {
 		metaData, err := structure.ExpandJsonFromString(metaDataString)
 		if err != nil {
-			return fmt.Errorf("unable to parse metadata: %s", err)
+			return fmt.Errorf("expanding JSON for `metadata`: %+v", err)
 		}
 		properties.Metadata = &metaData
 	}
 
 	if parametersString := d.Get("parameters").(string); parametersString != "" {
 		parameters, err := expandParameterDefinitionsValueFromString(parametersString)
 		if err != nil {
-			return fmt.Errorf("unable to parse parameters: %s", err)
+			return fmt.Errorf("expanding JSON for `parameters`: %+v", err)
 		}
 		properties.Parameters = parameters
 	}
@@ -217,7 +217,7 @@ func resourceArmPolicyDefinitionCreateUpdate(d *schema.ResourceData, meta interf
 	}
 
 	if err != nil {
-		return err
+		return fmt.Errorf("creating/updating Policy Definition %q: %+v", name, err)
 	}
 
 	// Policy Definitions are eventually consistent; wait for them to stabilize
@@ -237,14 +237,17 @@ func resourceArmPolicyDefinitionCreateUpdate(d *schema.ResourceData, meta interf
 	}
 
 	if _, err = stateConf.WaitForState(); err != nil {
-		return fmt.Errorf("Error waiting for Policy Definition %q to become available: %s", name, err)
+		return fmt.Errorf("waiting for Policy Definition %q to become available: %+v", name, err)
 	}
 
 	resp, err := getPolicyDefinitionByName(ctx, client, name, managementGroupName)
 	if err != nil {
 		return err
 	}
 
+	if resp.ID == nil || *resp.ID == "" {
+		return fmt.Errorf("empty or nil ID returned for Policy Assignment %q", name)
+	}
 	d.SetId(*resp.ID)
 
 	return resourceArmPolicyDefinitionRead(d, meta)
@@ -275,7 +278,7 @@ func resourceArmPolicyDefinitionRead(d *schema.ResourceData, meta interface{}) e
 			return nil
 		}
 
-		return fmt.Errorf("Error reading Policy Definition %+v", err)
+		return fmt.Errorf("reading Policy Definition %+v", err)
 	}
 
 	d.Set("name", resp.Name)
@@ -299,7 +302,7 @@ func resourceArmPolicyDefinitionRead(d *schema.ResourceData, meta interface{}) e
 		if parametersStr, err := flattenParameterDefintionsValueToString(props.Parameters); err == nil {
 			d.Set("parameters", parametersStr)
 		} else {
-			return fmt.Errorf("Error flattening policy definition parameters %+v", err)
+			return fmt.Errorf("flattening policy definition parameters %+v", err)
 		}
 	}
 
@@ -334,7 +337,7 @@ func resourceArmPolicyDefinitionDelete(d *schema.ResourceData, meta interface{})
 			return nil
 		}
 
-		return fmt.Errorf("Error deleting Policy Definition %q: %+v", id.Name, err)
+		return fmt.Errorf("deleting Policy Definition %q: %+v", id.Name, err)
 	}
 
 	return nil
@@ -345,7 +348,7 @@ func policyDefinitionRefreshFunc(ctx context.Context, client *policy.Definitions
 		res, err := getPolicyDefinitionByName(ctx, client, name, managementGroupID)
 
 		if err != nil {
-			return nil, strconv.Itoa(res.StatusCode), fmt.Errorf("Error issuing read request in policyAssignmentRefreshFunc for Policy Assignment %q: %s", name, err)
+			return nil, strconv.Itoa(res.StatusCode), fmt.Errorf("issuing read request in policyAssignmentRefreshFunc for Policy Assignment %q: %+v", name, err)
 		}
 
 		return res, strconv.Itoa(res.StatusCode), nil