Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

updated the documentation to the current version #18

Merged
merged 1 commit into from
Aug 31, 2022
Merged

updated the documentation to the current version #18

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
42 changes: 33 additions & 9 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ Terraform Module to create Policy with optional Assignments and Exemptions creat
Type of resources are supported:

* [Policy Definition](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/policy_definition)
* [Policy Set Definition](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/policy_set_definition)
* [Management Group Policy Assignment](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/management_group_policy_assignment)
* [Subscription Policy Assignment](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subscription_policy_assignment)
* [Resource Group Policy Assignment](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group_policy_assignment)
Expand All @@ -25,8 +26,10 @@ provider "azurerm" {
module "policy" {
source = "felix-wenzel/policy-module/azurerm"
version = "0.1"
policy_config_path = "policies/" # policy_config_path is set to "policies/" by default
policies = var.policies
default_identity_location = "westeurope"
custom_policies = var.custom_policies
policy_sets = var.policy_sets
builtIn_policies = var.builtIn_policies
}
```

Expand All @@ -53,23 +56,41 @@ If you want to run the test, you have to first add your subscription id in the "
Name | Description | Type | Default
---- | ----------- | ---- | -------
`policy_config_path` | The path where the policy folders are located | string | `"policies/"`
`policies` | The policies map includes individual policies to be implemented | map | `{}`
`default_identity_location` | The Azure location the SystemAssigned Identity will be created | string | `"westeurope"`
`custom_policies` | The map including the individual parameters for each custom policy that will be created | map | `{}`
`policy_sets` | The map including the individual parameters for each policy set that will be created | map | `{}`
`builtIn_policies` | The map including the individual parameters for each built-in policy that will be created | map | `{}`

## Structure of the individual __policies__
## Structure of the individual __custom_policy__
Name | Description | Type | Default
---- | ----------- | ---- | -------
`policy` | The policy itself contains all parameters needed for the resource and has a key unique to the policy similar to the folder of the json data files. | map | `-`
`{key}` | The key of each custom policy represents the display_name unique to the policy and needs to be similar with the folder of the json data files. | string | `"My policy name"`
`mode` | This is a [original policy definition argument](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/policy_definition#mode) | string | `"All"`
`disply_name` | This is a [original policy definition argument](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/policy_definition#display_name) | string | `-`
`metadata` | This is a [original policy definition argument](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/policy_definition#metadata) | string | `-`
`metadata` | This is a [original policy definition argument](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/policy_definition#metadata) adjusted to be a map instead of json string. | map | `{Category = General}`
`assignments` | This is a list containing the individual assignments of the policy definition and their exemptions | list | `-`

## Structure of the individual __builtIn_policy__
Name | Description | Type | Default
---- | ----------- | ---- | -------
`{key}` | The key of each built-in policy represents the display_name unique to the policy and needs to be similar to the display name of the built-in policy itself within Azure. | string | `"My built-in Azure policy name"`
`mode` | This is a [original policy definition argument](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/policy_definition#mode) | string | `"All"`
`metadata` | This is a [original policy definition argument](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/policy_definition#metadata) adjusted to be a map instead of json string. | map | `{Category = General}`
`assignments` | This is a list containing the individual assignments of the policy definition and their exemptions | list | `-`

## Structure of the individual __policy set__
Name | Description | Type | Default
---- | ----------- | ---- | -------
`{key}` | The key of each policy set represents the display_name unique to the policy set and can be chosen freely. | string | `"My policy set name"`
`policy_definition_references` | A list of all the defined custom and builtIn policies that the set contains. | list[string] | `[custom_policy1, builtIn_policy5, builtIn_policy4]`
`metadata` | This is a [original policy definition argument](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/policy_definition#metadata) adjusted to be a map instead of json string. | map | `{Category = General}`
`assignments` | This is a list containing the individual assignments of the policy definition and their exemptions | list | `-`

## Structure of the individual __assignments__
Name | Description | Type | Default
---- | ----------- | ---- | -------
`type` | The type of the resource for the assignment (needs to be aligned with the scope) | `string of ["MG", "SUB", "RG", "RES"]` | `-`
`scope` | This string can dependent on the type given be associated with either [management_group_id](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/management_group_policy_assignment#management_group_id), [subscription_id](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subscription_policy_assignment#subscription_id), [resource_group_id](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group_policy_assignment#resource_group_id) or [resource_id](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_policy_assignment#resource_id) | string | `-`
`metadata` | This is a [original policy assignment argument](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/management_group_policy_assignment#metadata) | string | `-`
`metadata` | This is a [original policy assignment argument](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/management_group_policy_assignment#metadata) adjusted to be a map instead of json string. | map | `{Category = General}`
`exemptions` | This is a list containing the individual exemptions of the policy assignment | list | `-`

## Structure of the individual __exemptions__
Expand All @@ -78,12 +99,15 @@ Name | Description | Type | Default
`type` | The type of the resource for the assignment (needs to be aligned with the scope) | `string of ["MG", "SUB", "RG", "RES"]` | `-`
`exemption_category` | This is a [original policy exemption argument](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/management_group_policy_exemption#exemption_category) | `string of ["Waiver", "Mitigated"]` | `-`
`scope` | This string can dependent on the type given be associated with either [management_group_id](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/management_group_policy_exemption#management_group_id), [subscription_id](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subscription_policy_exemption#subscription_id), [resource_group_id](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group_policy_exemption#resource_group_id) or [resource_id](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_policy_exemption#resource_id) | string | `-`
`metadata` | This is a [original policy exemption argument](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/management_group_policy_exemption#metadata) | string | `-`
`metadata` | This is a [original policy exemption argument](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/management_group_policy_exemption#metadata) adjusted to be a map instead of json string. | map | `{Category = General}`

## Outputs

Name | Description
---- | -----------
policy_set_definitions | You can reference each created policy set by using this value.
builtIn_policy_definitions | You can reference each fetched builtIn policy by using this value.
custom_policy_definitions | You can reference each created custom policy by using this value.

<br>

Expand Down