Update azurerm_policy_set_definition - Support `policy_definition_g…

…roup` (#9259) * Policy set definition enhancement * Resolve comments * Add another step to change things back * resolve comment
hashicorp · Nov 19, 2020 · 678402f · 678402f
1 parent 5284324
commit 678402f
Show file tree

Hide file tree

Showing 8 changed files with 364 additions and 13 deletions.
diff --git a/azurerm/internal/services/policy/policy.go b/azurerm/internal/services/policy/policy.go
@@ -6,9 +6,8 @@ import (
 	"encoding/json"
 	"fmt"
 
-	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils"
-
 	"github.com/Azure/azure-sdk-for-go/services/resources/mgmt/2019-09-01/policy"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils"
 )
 
 func getPolicyDefinitionByDisplayName(ctx context.Context, client *policy.DefinitionsClient, displayName, managementGroupName string) (policy.Definition, error) {
@@ -49,7 +48,7 @@ func getPolicyDefinitionByDisplayName(ctx context.Context, client *policy.Defini
 	return results[0], nil
 }
 
-func getPolicyDefinitionByName(ctx context.Context, client *policy.DefinitionsClient, name string, managementGroupName string) (res policy.Definition, err error) {
+func getPolicyDefinitionByName(ctx context.Context, client *policy.DefinitionsClient, name, managementGroupName string) (res policy.Definition, err error) {
 	if managementGroupName == "" {
 		res, err = client.Get(ctx, name)
 		if utils.ResponseWasNotFound(res.Response) {
@@ -62,7 +61,7 @@ func getPolicyDefinitionByName(ctx context.Context, client *policy.DefinitionsCl
 	return res, err
 }
 
-func getPolicySetDefinitionByName(ctx context.Context, client *policy.SetDefinitionsClient, name string, managementGroupID string) (res policy.SetDefinition, err error) {
+func getPolicySetDefinitionByName(ctx context.Context, client *policy.SetDefinitionsClient, name, managementGroupID string) (res policy.SetDefinition, err error) {
 	if managementGroupID == "" {
 		res, err = client.Get(ctx, name)
 		if utils.ResponseWasNotFound(res.Response) {
@@ -121,7 +120,7 @@ func expandParameterDefinitionsValueFromString(jsonString string) (map[string]*p
 	return result, err
 }
 
-func flattenParameterDefintionsValueToString(input map[string]*policy.ParameterDefinitionsValue) (string, error) {
+func flattenParameterDefinitionsValueToString(input map[string]*policy.ParameterDefinitionsValue) (string, error) {
 	if len(input) == 0 {
 		return "", nil
 	}

diff --git a/azurerm/internal/services/policy/policy_definition_data_source.go b/azurerm/internal/services/policy/policy_definition_data_source.go
@@ -131,7 +131,7 @@ func dataSourceArmPolicyDefinitionRead(d *schema.ResourceData, meta interface{})
 		d.Set("metadata", metadataStr)
 	}
 
-	if parametersStr, err := flattenParameterDefintionsValueToString(policyDefinition.Parameters); err == nil {
+	if parametersStr, err := flattenParameterDefinitionsValueToString(policyDefinition.Parameters); err == nil {
 		d.Set("parameters", parametersStr)
 	} else {
 		return fmt.Errorf("failed to flatten Policy Parameters %q: %+v", name, err)

diff --git a/azurerm/internal/services/policy/policy_definition_resource.go b/azurerm/internal/services/policy/policy_definition_resource.go
@@ -312,7 +312,7 @@ func resourceArmPolicyDefinitionRead(d *schema.ResourceData, meta interface{}) e
 			d.Set("metadata", metadataStr)
 		}
 
-		if parametersStr, err := flattenParameterDefintionsValueToString(props.Parameters); err == nil {
+		if parametersStr, err := flattenParameterDefinitionsValueToString(props.Parameters); err == nil {
 			d.Set("parameters", parametersStr)
 		} else {
 			return fmt.Errorf("flattening policy definition parameters %+v", err)
@@ -356,7 +356,7 @@ func resourceArmPolicyDefinitionDelete(d *schema.ResourceData, meta interface{})
 	return nil
 }
 
-func policyDefinitionRefreshFunc(ctx context.Context, client *policy.DefinitionsClient, name string, managementGroupID string) resource.StateRefreshFunc {
+func policyDefinitionRefreshFunc(ctx context.Context, client *policy.DefinitionsClient, name, managementGroupID string) resource.StateRefreshFunc {
 	return func() (interface{}, string, error) {
 		res, err := getPolicyDefinitionByName(ctx, client, name, managementGroupID)
 		if err != nil {

diff --git a/azurerm/internal/services/policy/policy_set_definition_data_source.go b/azurerm/internal/services/policy/policy_set_definition_data_source.go
@@ -89,6 +89,14 @@ func dataSourceArmPolicySetDefinition() *schema.Resource {
 							Type:     schema.TypeString,
 							Computed: true,
 						},
+
+						"policy_group_names": {
+							Type:     schema.TypeList,
+							Computed: true,
+							Elem: &schema.Schema{
+								Type: schema.TypeString,
+							},
+						},
 					},
 				},
 			},
@@ -97,6 +105,39 @@ func dataSourceArmPolicySetDefinition() *schema.Resource {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
+
+			"policy_definition_group": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"name": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+
+						"display_name": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+
+						"category": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+
+						"description": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+
+						"additional_metadata_resource_id": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+					},
+				},
+			},
 		},
 	}
 }
@@ -137,7 +178,7 @@ func dataSourceArmPolicySetDefinitionRead(d *schema.ResourceData, meta interface
 	d.Set("policy_type", setDefinition.PolicyType)
 	d.Set("metadata", flattenJSON(setDefinition.Metadata))
 
-	if paramsStr, err := flattenParameterDefintionsValueToString(setDefinition.Parameters); err != nil {
+	if paramsStr, err := flattenParameterDefinitionsValueToString(setDefinition.Parameters); err != nil {
 		return fmt.Errorf("flattening JSON for `parameters`: %+v", err)
 	} else {
 		d.Set("parameters", paramsStr)
@@ -157,5 +198,9 @@ func dataSourceArmPolicySetDefinitionRead(d *schema.ResourceData, meta interface
 		return fmt.Errorf("setting `policy_definition_reference`: %+v", err)
 	}
 
+	if err := d.Set("policy_definition_group", flattenAzureRMPolicySetDefinitionPolicyGroups(setDefinition.PolicyDefinitionGroups)); err != nil {
+		return fmt.Errorf("setting `policy_definition_group`: %+v", err)
+	}
+
 	return nil
 }
diff --git a/azurerm/internal/services/policy/policy_set_definition_resource.go b/azurerm/internal/services/policy/policy_set_definition_resource.go
@@ -1,6 +1,7 @@
 package policy
 
 import (
+	"bytes"
 	"context"
 	"encoding/json"
 	"fmt"
@@ -11,6 +12,7 @@ import (
 
 	"github.com/Azure/azure-sdk-for-go/services/resources/mgmt/2019-09-01/policy"
 	"github.com/Azure/go-autorest/autorest"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/hashcode"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/structure"
@@ -152,9 +154,57 @@ func resourceArmPolicySetDefinition() *schema.Resource {
 							Optional: true,
 							Computed: true,
 						},
+
+						"policy_group_names": {
+							Type:     schema.TypeSet,
+							Optional: true,
+							Elem: &schema.Schema{
+								Type:         schema.TypeString,
+								ValidateFunc: validation.StringIsNotEmpty,
+							},
+						},
 					},
 				},
 			},
+
+			"policy_definition_group": {
+				Type:     schema.TypeSet,
+				Optional: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"name": {
+							Type:         schema.TypeString,
+							Required:     true,
+							ValidateFunc: validation.StringIsNotEmpty,
+						},
+
+						"display_name": {
+							Type:         schema.TypeString,
+							Optional:     true,
+							ValidateFunc: validation.StringIsNotEmpty,
+						},
+
+						"category": {
+							Type:         schema.TypeString,
+							Optional:     true,
+							ValidateFunc: validation.StringIsNotEmpty,
+						},
+
+						"description": {
+							Type:         schema.TypeString,
+							Optional:     true,
+							ValidateFunc: validation.StringIsNotEmpty,
+						},
+
+						"additional_metadata_resource_id": {
+							Type:         schema.TypeString,
+							Optional:     true,
+							ValidateFunc: validation.StringIsNotEmpty,
+						},
+					},
+				},
+				Set: resourceARMPolicySetDefinitionPolicyDefinitionGroupHash,
+			},
 		},
 	}
 }
@@ -271,6 +321,10 @@ func resourceArmPolicySetDefinitionCreate(d *schema.ResourceData, meta interface
 		properties.PolicyDefinitions = definitions
 	}
 
+	if v, ok := d.GetOk("policy_definition_group"); ok {
+		properties.PolicyDefinitionGroups = expandAzureRMPolicySetDefinitionPolicyGroups(v.(*schema.Set).List())
+	}
+
 	definition := policy.SetDefinition{
 		SetDefinitionProperties: &properties,
 	}
@@ -462,7 +516,7 @@ func resourceArmPolicySetDefinitionRead(d *schema.ResourceData, meta interface{}
 		}
 
 		if parameters := props.Parameters; parameters != nil {
-			parametersStr, err := flattenParameterDefintionsValueToString(parameters)
+			parametersStr, err := flattenParameterDefinitionsValueToString(parameters)
 			if err != nil {
 				return fmt.Errorf("flattening JSON for `parameters`: %+v", err)
 			}
@@ -485,6 +539,10 @@ func resourceArmPolicySetDefinitionRead(d *schema.ResourceData, meta interface{}
 		if err := d.Set("policy_definition_reference", references); err != nil {
 			return fmt.Errorf("setting `policy_definition_reference`: %+v", err)
 		}
+
+		if err := d.Set("policy_definition_group", flattenAzureRMPolicySetDefinitionPolicyGroups(props.PolicyDefinitionGroups)); err != nil {
+			return fmt.Errorf("setting `policy_definition_group`: %+v", err)
+		}
 	}
 
 	return nil
@@ -501,8 +559,7 @@ func resourceArmPolicySetDefinitionDelete(d *schema.ResourceData, meta interface
 	}
 
 	managementGroupName := ""
-	switch scopeId := id.PolicyScopeId.(type) { // nolint gocritic
-	case parse.ScopeAtManagementGroup:
+	if scopeId, ok := id.PolicyScopeId.(parse.ScopeAtManagementGroup); ok {
 		managementGroupName = scopeId.ManagementGroupName
 	}
 
@@ -524,7 +581,7 @@ func resourceArmPolicySetDefinitionDelete(d *schema.ResourceData, meta interface
 	return nil
 }
 
-func policySetDefinitionRefreshFunc(ctx context.Context, client *policy.SetDefinitionsClient, name string, managementGroupId string) resource.StateRefreshFunc {
+func policySetDefinitionRefreshFunc(ctx context.Context, client *policy.SetDefinitionsClient, name, managementGroupId string) resource.StateRefreshFunc {
 	return func() (interface{}, string, error) {
 		res, err := getPolicySetDefinitionByName(ctx, client, name, managementGroupId)
 		if err != nil {
@@ -600,6 +657,7 @@ func expandAzureRMPolicySetDefinitionPolicyDefinitions(input []interface{}) (*[]
 			PolicyDefinitionID:          utils.String(v["policy_definition_id"].(string)),
 			Parameters:                  parameters,
 			PolicyDefinitionReferenceID: utils.String(v["reference_id"].(string)),
+			GroupNames:                  utils.ExpandStringSlice(v["policy_group_names"].(*schema.Set).List()),
 		})
 	}
 
@@ -641,7 +699,85 @@ func flattenAzureRMPolicySetDefinitionPolicyDefinitions(input *[]policy.Definiti
 			"parameters":           parametersMap,
 			"parameter_values":     parameterValues,
 			"reference_id":         policyDefinitionReference,
+			"policy_group_names":   utils.FlattenStringSlice(definition.GroupNames),
 		})
 	}
 	return result, nil
 }
+
+func expandAzureRMPolicySetDefinitionPolicyGroups(input []interface{}) *[]policy.DefinitionGroup {
+	result := make([]policy.DefinitionGroup, 0)
+
+	for _, item := range input {
+		v := item.(map[string]interface{})
+		group := policy.DefinitionGroup{}
+		if name := v["name"].(string); name != "" {
+			group.Name = utils.String(name)
+		}
+		if displayName := v["display_name"].(string); displayName != "" {
+			group.DisplayName = utils.String(displayName)
+		}
+		if category := v["category"].(string); category != "" {
+			group.Category = utils.String(category)
+		}
+		if description := v["description"].(string); description != "" {
+			group.Description = utils.String(description)
+		}
+		if metadataID := v["additional_metadata_resource_id"].(string); metadataID != "" {
+			group.AdditionalMetadataID = utils.String(metadataID)
+		}
+		result = append(result, group)
+	}
+
+	return &result
+}
+
+func flattenAzureRMPolicySetDefinitionPolicyGroups(input *[]policy.DefinitionGroup) []interface{} {
+	result := make([]interface{}, 0)
+	if input == nil {
+		return result
+	}
+
+	for _, group := range *input {
+		name := ""
+		if group.Name != nil {
+			name = *group.Name
+		}
+		displayName := ""
+		if group.DisplayName != nil {
+			displayName = *group.DisplayName
+		}
+		category := ""
+		if group.Category != nil {
+			category = *group.Category
+		}
+		description := ""
+		if group.Description != nil {
+			description = *group.Description
+		}
+		metadataID := ""
+		if group.AdditionalMetadataID != nil {
+			metadataID = *group.AdditionalMetadataID
+		}
+
+		result = append(result, map[string]interface{}{
+			"name":                            name,
+			"display_name":                    displayName,
+			"category":                        category,
+			"description":                     description,
+			"additional_metadata_resource_id": metadataID,
+		})
+	}
+
+	return result
+}
+
+func resourceARMPolicySetDefinitionPolicyDefinitionGroupHash(v interface{}) int {
+	var buf bytes.Buffer
+
+	if m, ok := v.(map[string]interface{}); ok {
+		buf.WriteString(m["name"].(string))
+	}
+
+	return hashcode.String(buf.String())
+}