Define policy to test Location in Json (#2)

Author: arnaud-tincelin

README.md

@@ -13,6 +13,9 @@ For each test case, the following directory structure must be created:
 |   +-- terraform files for test cases
 ```
 
+Note: the definition of the policy and the content of the terraform test code is up to you. The folders `policy_defintions` and `test` aim to be used as examples.
+You may define policies in Json (see `policy_defintions/location`), in TF (any other definition), in ARM template or whatever suits your need as long as you are able to wrap it in Terraform.
+
 Additionally, a `.yaml` configuration file must describe the test as following:
 
 ```yaml

policy_definitions/location/definition.tf

@@ -1,45 +1,24 @@
-resource "azurerm_policy_definition" "Prevent_from_bad_location" {
-  name         = "Prevent from bad location${var.suffix}"
-  policy_type  = "Custom"
-  mode         = "All"
-  display_name = "Prevent from bad location${var.suffix}"
+locals {
+  file         = jsondecode(file("${path.module}/policy.json"))
+  name         = "${local.file.name}${var.suffix}"
+  policy_type  = local.file.properties.policyType
+  mode         = local.file.properties.mode
+  display_name = "${local.file.properties.displayName}${var.suffix}"
+  description  = local.file.properties.description
+  rule         = jsonencode(local.file.properties.policyRule)
+  parameters   = jsonencode(local.file.properties.parameters)
+  metadata     = jsonencode(local.file.properties.metadata)
+}
 
-  policy_rule = jsonencode(
-    {
-      "if" : {
-        "not" : {
-          "field" : "location",
-          "in" : "[parameters('allowedLocations')]"
-        }
-      },
-      "then" : {
-        "effect" : "[parameters('effect')]"
-      }
-  })
+resource "azurerm_policy_definition" "policy" {
+  name         = local.name
+  policy_type  = local.policy_type
+  mode         = local.mode
+  display_name = local.display_name
+  policy_rule  = local.rule
+  parameters   = local.parameters
+}
 
-  parameters = jsonencode(
-    {
-      "allowedLocations" : {
-        "type" : "Array",
-        "defaultValue" : ["North Europe", "---", "East US 2"],
-        "metadata" : {
-          "description" : "The list of allowed locations for resources.",
-          "displayName" : "Allowed locations",
-          "strongType" : "location"
-        }
-      },
-      "effect" : {
-        "type" : "String",
-        "metadata" : {
-          "displayName" : "Effect",
-          "description" : "Enable or disable or change the execution of this policy"
-        },
-        "allowedValues" : [
-          "Audit",
-          "Deny",
-          "Disabled"
-        ],
-        "defaultValue" : "Audit"
-      }
-  })
+output "policy_id" {
+  value = azurerm_policy_definition.policy.id
 }

policy_definitions/location/output.tf

@@ -0,0 +1,64 @@
+{
+  "properties": {
+    "displayName": "Prevent from bad location",
+    "policyType": "Custom",
+    "mode": "All",
+    "description": "",
+    "metadata": {
+      "createdBy": "f3a7783b-3b3b-4568-9b0f-03775e509e8e",
+      "createdOn": "2021-11-17T09:10:14.99062Z",
+      "updatedBy": null,
+      "updatedOn": null
+    },
+    "parameters": {
+      "allowedLocations": {
+        "type": "Array",
+        "metadata": {
+          "description": "The list of allowed locations for resources.",
+          "displayName": "Allowed locations",
+          "strongType": "location"
+        },
+        "defaultValue": [
+          "North Europe",
+          "---",
+          "East US 2"
+        ]
+      },
+      "effect": {
+        "type": "String",
+        "metadata": {
+          "description": "Enable or disable or change the execution of this policy",
+          "displayName": "Effect"
+        },
+        "allowedValues": [
+          "Audit",
+          "Deny",
+          "Disabled"
+        ],
+        "defaultValue": "Audit"
+      }
+    },
+    "policyRule": {
+      "if": {
+        "not": {
+          "field": "location",
+          "in": "[parameters('allowedLocations')]"
+        }
+      },
+      "then": {
+        "effect": "[parameters('effect')]"
+      }
+    }
+  },
+  "id": "/subscriptions/cdd50b30-b156-4574-b9dd-57ec4a587268/providers/Microsoft.Authorization/policyDefinitions/Prevent from bad location",
+  "type": "Microsoft.Authorization/policyDefinitions",
+  "name": "Prevent from bad location",
+  "systemData": {
+    "createdBy": "[email protected]",
+    "createdByType": "User",
+    "createdAt": "2021-11-17T09:10:14.9450521Z",
+    "lastModifiedBy": "[email protected]",
+    "lastModifiedByType": "User",
+    "lastModifiedAt": "2021-11-17T09:10:14.9450521Z"
+  }
+}