Merge pull request #6734 from richeney/policy_set_metadata

Custom metadata DiffSuppressFunc - issue #5014

azurerm/internal/services/policy/resource_arm_policy_definition.go

@@ -2,8 +2,10 @@ package policy
 
 import (
 	"context"
+	"encoding/json"
 	"fmt"
 	"log"
+	"reflect"
 	"strconv"
 	"time"
 
@@ -114,12 +116,35 @@ func resourceArmPolicyDefinition() *schema.Resource {
 				Optional:         true,
 				Computed:         true,
 				ValidateFunc:     validation.StringIsJSON,
-				DiffSuppressFunc: structure.SuppressJsonDiff,
+				DiffSuppressFunc: policyDefinitionsMetadataDiffSuppressFunc,
 			},
 		},
 	}
 }
 
+func policyDefinitionsMetadataDiffSuppressFunc(_, old, new string, _ *schema.ResourceData) bool {
+	var oldPolicyDefinitionsMetadata map[string]interface{}
+	errOld := json.Unmarshal([]byte(old), &oldPolicyDefinitionsMetadata)
+	if errOld != nil {
+		return false
+	}
+
+	var newPolicyDefinitionsMetadata map[string]interface{}
+	errNew := json.Unmarshal([]byte(new), &newPolicyDefinitionsMetadata)
+	if errNew != nil {
+		return false
+	}
+
+	// Ignore the following keys if they're found in the metadata JSON
+	ignoreKeys := [4]string{"createdBy", "createdOn", "updatedBy", "updatedOn"}
+	for _, key := range ignoreKeys {
+		delete(oldPolicyDefinitionsMetadata, key)
+		delete(newPolicyDefinitionsMetadata, key)
+	}
+
+	return reflect.DeepEqual(oldPolicyDefinitionsMetadata, newPolicyDefinitionsMetadata)
+}
+
 func resourceArmPolicyDefinitionCreateUpdate(d *schema.ResourceData, meta interface{}) error {
 	client := meta.(*clients.Client).Policy.DefinitionsClient
 	ctx, cancel := timeouts.ForCreateUpdate(meta.(*clients.Client).StopContext, d)

azurerm/internal/services/policy/resource_arm_policy_set_definition.go

@@ -85,7 +85,7 @@ func resourceArmPolicySetDefinition() *schema.Resource {
 				Optional:         true,
 				Computed:         true,
 				ValidateFunc:     validation.StringIsJSON,
-				DiffSuppressFunc: structure.SuppressJsonDiff,
+				DiffSuppressFunc: policySetDefinitionsMetadataDiffSuppressFunc,
 			},
 
 			"parameters": {
@@ -105,6 +105,29 @@ func resourceArmPolicySetDefinition() *schema.Resource {
 	}
 }
 
+func policySetDefinitionsMetadataDiffSuppressFunc(_, old, new string, _ *schema.ResourceData) bool {
+	var oldPolicySetDefinitionsMetadata map[string]interface{}
+	errOld := json.Unmarshal([]byte(old), &oldPolicySetDefinitionsMetadata)
+	if errOld != nil {
+		return false
+	}
+
+	var newPolicySetDefinitionsMetadata map[string]interface{}
+	errNew := json.Unmarshal([]byte(new), &newPolicySetDefinitionsMetadata)
+	if errNew != nil {
+		return false
+	}
+
+	// Ignore the following keys if they're found in the metadata JSON
+	ignoreKeys := [4]string{"createdBy", "createdOn", "updatedBy", "updatedOn"}
+	for _, key := range ignoreKeys {
+		delete(oldPolicySetDefinitionsMetadata, key)
+		delete(newPolicySetDefinitionsMetadata, key)
+	}
+
+	return reflect.DeepEqual(oldPolicySetDefinitionsMetadata, newPolicySetDefinitionsMetadata)
+}
+
 func policyDefinitionsDiffSuppressFunc(_, old, new string, _ *schema.ResourceData) bool {
 	var oldPolicyDefinitions []policy.DefinitionReference
 	errOld := json.Unmarshal([]byte(old), &oldPolicyDefinitions)

azurerm/internal/services/policy/tests/resource_arm_policy_definition_test.go

@@ -84,6 +84,24 @@ func TestAccAzureRMPolicyDefinitionAtMgmtGroup_basic(t *testing.T) {
 	})
 }
 
+func TestAccAzureRMPolicyDefinition_metadata(t *testing.T) {
+	data := acceptance.BuildTestData(t, "azurerm_policy_definition", "test")
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:     func() { acceptance.PreCheck(t) },
+		Providers:    acceptance.SupportedProviders,
+		CheckDestroy: testCheckAzureRMPolicyDefinitionDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAzureRMPolicyDefinition_metadata(data),
+				Check: resource.ComposeTestCheckFunc(
+					testCheckAzureRMPolicyDefinitionExists(data.ResourceName),
+				),
+			},
+			data.ImportStep(),
+		},
+	})
+}
+
 func testCheckAzureRMPolicyDefinitionExistsInMgmtGroup(policyName string) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		client := acceptance.AzureProvider.Meta().(*clients.Client).Policy.DefinitionsClient
@@ -336,3 +354,51 @@ PARAMETERS
 }
 `, data.RandomInteger, data.RandomInteger, data.RandomInteger)
 }
+
+func testAzureRMPolicyDefinition_metadata(data acceptance.TestData) string {
+	return fmt.Sprintf(`
+provider "azurerm" {
+  features {}
+}
+
+resource "azurerm_policy_definition" "test" {
+  name         = "acctestpol-%d"
+  policy_type  = "Custom"
+  mode         = "All"
+  display_name = "acctestpol-%d"
+
+  policy_rule = <<POLICY_RULE
+	{
+    "if": {
+      "not": {
+        "field": "location",
+        "in": "[parameters('allowedLocations')]"
+      }
+    },
+    "then": {
+      "effect": "audit"
+    }
+  }
+POLICY_RULE
+
+  parameters = <<PARAMETERS
+	{
+    "allowedLocations": {
+      "type": "Array",
+      "metadata": {
+        "description": "The list of allowed locations for resources.",
+        "displayName": "Allowed locations",
+        "strongType": "location"
+      }
+    }
+  }
+PARAMETERS
+
+  metadata = <<METADATA
+  {
+  		"foo": "bar"
+  }
+METADATA
+}
+`, data.RandomInteger, data.RandomInteger)
+}

azurerm/internal/services/policy/tests/resource_arm_policy_set_definition_test.go

@@ -85,6 +85,24 @@ func TestAccAzureRMPolicySetDefinition_ManagementGroup(t *testing.T) {
 	})
 }
 
+func TestAccAzureRMPolicySetDefinition_metadata(t *testing.T) {
+	data := acceptance.BuildTestData(t, "azurerm_policy_set_definition", "test")
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:     func() { acceptance.PreCheck(t) },
+		Providers:    acceptance.SupportedProviders,
+		CheckDestroy: testCheckAzureRMPolicySetDefinitionDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAzureRMPolicySetDefinition_metadata(data),
+				Check: resource.ComposeTestCheckFunc(
+					testCheckAzureRMPolicySetDefinitionExists(data.ResourceName),
+				),
+			},
+			data.ImportStep(),
+		},
+	})
+}
+
 func testAzureRMPolicySetDefinition_builtIn(data acceptance.TestData) string {
 	return fmt.Sprintf(`
 provider "azurerm" {
@@ -258,6 +276,52 @@ POLICY_DEFINITIONS
 `, data.RandomInteger, data.RandomInteger, data.RandomInteger)
 }
 
+func testAzureRMPolicySetDefinition_metadata(data acceptance.TestData) string {
+	return fmt.Sprintf(`
+provider "azurerm" {
+  features {}
+}
+
+resource "azurerm_policy_set_definition" "test" {
+  name         = "acctestpolset-%d"
+  policy_type  = "Custom"
+  display_name = "acctestpolset-%d"
+
+  parameters = <<PARAMETERS
+    {
+        "allowedLocations": {
+            "type": "Array",
+            "metadata": {
+                "description": "The list of allowed locations for resources.",
+                "displayName": "Allowed locations",
+                "strongType": "location"
+            }
+        }
+    }
+PARAMETERS
+
+  policy_definitions = <<POLICY_DEFINITIONS
+    [
+        {
+            "parameters": {
+                "listOfAllowedLocations": {
+                    "value": "[parameters('allowedLocations')]"
+                }
+            },
+            "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988"
+        }
+    ]
+POLICY_DEFINITIONS
+
+  metadata = <<METADATA
+    {
+        "foo": "bar"
+    }
+METADATA
+}
+`, data.RandomInteger, data.RandomInteger)
+}
+
 func testCheckAzureRMPolicySetDefinitionExists(resourceName string) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		client := acceptance.AzureProvider.Meta().(*clients.Client).Policy.SetDefinitionsClient