Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

azurerm_policy_set_definition - fix empty group names on update #19890

Merged
merged 5 commits into from
Jan 11, 2023
Merged

azurerm_policy_set_definition - fix empty group names on update #19890

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
6a402e3
Add missing groupNames field to policy_set_definition update method (…
aurelschwitter Jan 6, 2023
335c61e
convert set to string[]
aurelschwitter Jan 6, 2023
8d8989c
Add acceptance test for `policy_definition_reference.policy_group_names`
aurelschwitter Jan 11, 2023
a145d23
fix alignment of comment
aurelschwitter Jan 11, 2023
860ed66
remove unneeded comments
aurelschwitter Jan 11, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions internal/services/policy/policy_set_definition_resource.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ import (

"github.com/Azure/azure-sdk-for-go/services/preview/resources/mgmt/2021-06-01-preview/policy" // nolint: staticcheck
"github.com/Azure/go-autorest/autorest"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
"github.com/hashicorp/terraform-provider-azurerm/helpers/tf"
"github.com/hashicorp/terraform-provider-azurerm/internal/clients"
mgmtGrpParse "github.com/hashicorp/terraform-provider-azurerm/internal/services/managementgroup/parse"
Expand Down Expand Up @@ -570,6 +571,7 @@ func expandAzureRMPolicySetDefinitionPolicyDefinitionsUpdate(d *pluginsdk.Resour
PolicyDefinitionID: utils.String(d.Get(fmt.Sprintf("policy_definition_reference.%d.policy_definition_id", i)).(string)),
Parameters: parameters,
PolicyDefinitionReferenceID: utils.String(d.Get(fmt.Sprintf("policy_definition_reference.%d.reference_id", i)).(string)),
GroupNames: utils.ExpandStringSlice(d.Get(fmt.Sprintf("policy_definition_reference.%d.policy_group_names", i)).(*schema.Set).List()),
})
}

Expand Down
158 changes: 158 additions & 0 deletions internal/services/policy/policy_set_definition_resource_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -185,6 +185,41 @@ func TestAccAzureRMPolicySetDefinition_customWithDefinitionGroups(t *testing.T)
})
}

func TestAccAzureRMPolicySetDefinition_customWithGroupsInDefinitionReferenceUpdate(t *testing.T) {
data := acceptance.BuildTestData(t, "azurerm_policy_set_definition", "test")
r := PolicySetDefinitionResource{}

data.ResourceTest(t, r, []acceptance.TestStep{
{
// provision a policy set without group names
Config: r.customWithDefinitionGroupsNotUsedInPolicyReference(data),
Check: acceptance.ComposeTestCheckFunc(
check.That(data.ResourceName).ExistsInAzure(r),
check.That(data.ResourceName).Key("policy_definition_reference.0.policy_group_names").DoesNotExist(),
),
},
data.ImportStep(),
{
// test if group_names were correctly added
Config: r.customWithDefinitionGroupsUsedInPolicyReference(data),
Check: acceptance.ComposeTestCheckFunc(
check.That(data.ResourceName).ExistsInAzure(r),
check.That(data.ResourceName).Key("policy_definition_reference.0.policy_group_names.#").HasValue("3"),
),
},
data.ImportStep(),
{
// test if the deletion of the group_names works again
Config: r.customWithDefinitionGroupsNotUsedInPolicyReference(data),
Check: acceptance.ComposeTestCheckFunc(
check.That(data.ResourceName).ExistsInAzure(r),
check.That(data.ResourceName).Key("policy_definition_reference.0.policy_group_names.0").DoesNotExist(),
),
},
data.ImportStep(),
})
}

func TestAccAzureRMPolicySetDefinition_managementGroup(t *testing.T) {
data := acceptance.BuildTestData(t, "azurerm_policy_set_definition", "test")
r := PolicySetDefinitionResource{}
Expand Down Expand Up @@ -665,6 +700,129 @@ VALUES
`, template, data.RandomInteger, data.RandomInteger)
}

// test adding "group-3" to policy_definition_reference.policy_group_names
func (r PolicySetDefinitionResource) customWithDefinitionGroupsUsedInPolicyReference(data acceptance.TestData) string {
template := r.template(data)
return fmt.Sprintf(`
%s

resource "azurerm_policy_set_definition" "test" {
name = "acctestPolSet-%d"
policy_type = "Custom"
display_name = "acctestPolSet-display-%d"

parameters = <<PARAMETERS
{
"allowedLocations": {
"type": "Array",
"metadata": {
"description": "The list of allowed locations for resources.",
"displayName": "Allowed locations",
"strongType": "location"
}
}
}
PARAMETERS

policy_definition_reference {
policy_definition_id = azurerm_policy_definition.test.id
parameter_values = <<VALUES
{
"allowedLocations": {"value": "[parameters('allowedLocations')]"}
}
VALUES
policy_group_names = ["group-1", "group-2", "group-3"]
}

policy_definition_group {
name = "redundant"
}

policy_definition_group {
name = "group-1"
display_name = "Group-Display-1"
category = "My Access Control"
description = "Controls accesses"
}

policy_definition_group {
name = "group-2"
display_name = "group-display-2"
category = "My Security Control"
description = "Controls security"
}

policy_definition_group {
name = "group-3"
display_name = "group-display-3"
category = "Category-3"
description = "Newly added group 3"
}
}
`, template, data.RandomInteger, data.RandomInteger)
}

// test adding "group-3" to policy_definition_reference.policy_group_names
func (r PolicySetDefinitionResource) customWithDefinitionGroupsNotUsedInPolicyReference(data acceptance.TestData) string {
template := r.template(data)
return fmt.Sprintf(`
%s

resource "azurerm_policy_set_definition" "test" {
name = "acctestPolSet-%d"
policy_type = "Custom"
display_name = "acctestPolSet-display-%d"

parameters = <<PARAMETERS
{
"allowedLocations": {
"type": "Array",
"metadata": {
"description": "The list of allowed locations for resources.",
"displayName": "Allowed locations",
"strongType": "location"
}
}
}
PARAMETERS

policy_definition_reference {
policy_definition_id = azurerm_policy_definition.test.id
parameter_values = <<VALUES
{
"allowedLocations": {"value": "[parameters('allowedLocations')]"}
}
VALUES
}

policy_definition_group {
name = "redundant"
}

policy_definition_group {
name = "group-1"
display_name = "Group-Display-1"
category = "My Access Control"
description = "Controls accesses"
}

policy_definition_group {
name = "group-2"
display_name = "group-display-2"
category = "My Security Control"
description = "Controls security"
}

policy_definition_group {
name = "group-3"
display_name = "group-display-3"
category = "Category-3"
description = "Newly added group 3"
}
}
`, template, data.RandomInteger, data.RandomInteger)
}

func (r PolicySetDefinitionResource) template(data acceptance.TestData) string {
return fmt.Sprintf(`
provider "azurerm" {
Expand Down