Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New resource azurerm_policy_exemption #9392

Closed
wants to merge 4 commits into from
Closed

New resource azurerm_policy_exemption #9392

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
249fde5
Initial commit for policy exemption
ArcturusZhang Nov 17, 2020
acf32bc
Merge remote-tracking branch 'origin/master' into policy-exemption
ArcturusZhang Nov 19, 2020
7c6d2ef
Add tests and docs
ArcturusZhang Nov 19, 2020
232a5d7
Fix test cases
ArcturusZhang Nov 19, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions azurerm/internal/services/policy/client/client.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,15 @@ package client

import (
"github.com/Azure/azure-sdk-for-go/services/preview/policyinsights/mgmt/2019-10-01-preview/policyinsights"
policyPreview "github.com/Azure/azure-sdk-for-go/services/preview/resources/mgmt/2020-03-01-preview/policy"
"github.com/Azure/azure-sdk-for-go/services/resources/mgmt/2019-09-01/policy"
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/common"
)

type Client struct {
AssignmentsClient *policy.AssignmentsClient
DefinitionsClient *policy.DefinitionsClient
ExemptionsClient *policyPreview.ExemptionsClient
SetDefinitionsClient *policy.SetDefinitionsClient
RemediationsClient *policyinsights.RemediationsClient
}
Expand All @@ -20,6 +22,9 @@ func NewClient(o *common.ClientOptions) *Client {
definitionsClient := policy.NewDefinitionsClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
o.ConfigureClient(&definitionsClient.Client, o.ResourceManagerAuthorizer)

exemptionsClient := policyPreview.NewExemptionsClientWithBaseURI(o.ResourceManagerEndpoint)
o.ConfigureClient(&exemptionsClient.Client, o.ResourceManagerAuthorizer)

setDefinitionsClient := policy.NewSetDefinitionsClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
o.ConfigureClient(&setDefinitionsClient.Client, o.ResourceManagerAuthorizer)

Expand All @@ -29,6 +34,7 @@ func NewClient(o *common.ClientOptions) *Client {
return &Client{
AssignmentsClient: &assignmentsClient,
DefinitionsClient: &definitionsClient,
ExemptionsClient: &exemptionsClient,
SetDefinitionsClient: &setDefinitionsClient,
RemediationsClient: &remediationsClient,
}
Expand Down
41 changes: 41 additions & 0 deletions azurerm/internal/services/policy/parse/exemption.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
package parse

import (
"fmt"
"regexp"
)

type PolicyExemptionId struct {
Name string
PolicyScopeId
}

func PolicyExemptionID(input string) (*PolicyExemptionId, error) {
// in general, the id of an exemption should be:
// {scope}/providers/Microsoft.Authorization/policyExemptions/{name}
regex := regexp.MustCompile(`/providers/Microsoft\.Authorization/policyExemptions/`)
if !regex.MatchString(input) {
return nil, fmt.Errorf("unable to parse Policy Exemption ID %q", input)
}

segments := regex.Split(input, -1)

if len(segments) != 2 {
return nil, fmt.Errorf("unable to parse Policy Exemption ID %q: Expected 2 segments after split", input)
}

scope, name := segments[0], segments[1]
if name == "" {
return nil, fmt.Errorf("unable to parse Policy Exemption ID %q: exemption name is empty", input)
}

scopeId, err := PolicyScopeID(scope)
if err != nil {
return nil, fmt.Errorf("unable to parse Policy Exemption ID %q: %+v", input, err)
}

return &PolicyExemptionId{
Name: name,
PolicyScopeId: scopeId,
}, nil
}
106 changes: 106 additions & 0 deletions azurerm/internal/services/policy/parse/exemption_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,106 @@
package parse

import (
"reflect"
"testing"
)

func TestPolicyExemptionID(t *testing.T) {
testData := []struct {
Name string
Input string
Error bool
Expected *PolicyExemptionId
}{
{
Name: "empty",
Input: "",
Error: true,
},
{
Name: "policy exemption in resource group",
Input: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/foo/providers/Microsoft.Authorization/policyExemptions/exemption1",
Expected: &PolicyExemptionId{
Name: "exemption1",
PolicyScopeId: ScopeAtResourceGroup{
scopeId: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/foo",
SubscriptionId: "00000000-0000-0000-0000-000000000000",
ResourceGroup: "foo",
},
},
},
{
Name: "policy assignment in resource group but no name",
Input: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/foo/providers/Microsoft.Authorization/policyExemptions/",
Error: true,
},
{
Name: "policy assignment in subscription",
Input: "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyExemptions/exemption1",
Expected: &PolicyExemptionId{
Name: "exemption1",
PolicyScopeId: ScopeAtSubscription{
scopeId: "/subscriptions/00000000-0000-0000-0000-000000000000",
SubscriptionId: "00000000-0000-0000-0000-000000000000",
},
},
},
{
Name: "policy assignment in subscription but no name",
Input: "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyExemptions/",
Error: true,
},
{
Name: "policy assignment in management group",
Input: "/providers/Microsoft.Management/managementGroups/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyExemptions/exemption1",
Expected: &PolicyExemptionId{
Name: "exemption1",
PolicyScopeId: ScopeAtManagementGroup{
scopeId: "/providers/Microsoft.Management/managementGroups/00000000-0000-0000-0000-000000000000",
ManagementGroupName: "00000000-0000-0000-0000-000000000000",
},
},
},
{
Name: "policy assignment in management group but no name",
Input: "/providers/Microsoft.Management/managementGroups/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyExemptions/",
Error: true,
},
{
Name: "policy assignment in resource",
Input: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/foo/providers/Microsoft.Compute/virtualMachines/vm1/providers/Microsoft.Authorization/policyExemptions/exemption1",
Expected: &PolicyExemptionId{
Name: "exemption1",
PolicyScopeId: ScopeAtResource{
scopeId: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/foo/providers/Microsoft.Compute/virtualMachines/vm1",
},
},
},
{
Name: "policy assignment in resource but no name",
Input: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/foo/providers/Microsoft.Compute/virtualMachines/vm1/providers/Microsoft.Authorization/policyExemptions/",
Error: true,
},
}

for _, v := range testData {
t.Logf("[DEBUG] Testing %q", v.Name)

actual, err := PolicyExemptionID(v.Input)
if err != nil {
if v.Error {
continue
}

t.Fatalf("Expected a value but got an error: %+v", err)
}

if actual.Name != v.Expected.Name {
t.Fatalf("Expected %q but got %q", v.Expected.Name, actual.Name)
}

if !reflect.DeepEqual(v.Expected.PolicyScopeId, actual.PolicyScopeId) {
t.Fatalf("Expected %+v but got %+v", v.Expected.PolicyScopeId, actual.PolicyScopeId)
}
}
}
Loading