azurerm_policy_assignment - added support for enforcement_mode
#7331
Conversation
ghost
added
There was a problem hiding this comment.
Hey @ccampo, thanks for taking the time to write this out. This change is nearly there. We're just missing a few things that I've called out below and we want to set this attribute in the read so we can confirm that the attribute is being set properly. We can do that here with d.Set("enforcement_mode", props.EnforcementMode)
There was a problem hiding this comment.
Hi @ccampo based on the doc page here, it sounds to me that this enforcement_mode is a switch which corresponds to a Disable and Enable (see the chart in the doc page). Therefore I suppose maybe we could make this attribute a bool with true corresponded to Default and false corresponded to DoNotEnforce?
@mbfrahry what do you think?
…arameter and added a Default and adressed the other comments (read property)
that sounds fair. I updated the pull request to make the parameter a boolean |
| @@ -251,6 +258,7 @@ func resourceArmPolicyAssignmentRead(d *schema.ResourceData, meta interface{}) e | |||
| d.Set("policy_definition_id", props.PolicyDefinitionID) | |||
| d.Set("description", props.Description) | |||
| d.Set("display_name", props.DisplayName) | |||
| d.Set("enforcement_mode", props.EnforcementMode) | |||
There was a problem hiding this comment.
We'll also want to convert this into a boolean with something like:
| d.Set("enforcement_mode", props.EnforcementMode) | |
| d.Set("enforcement_mode", props.EnforcementMode == policy.Default) |
There was a problem hiding this comment.
I fixed it. Still not sure what this code actually does, or how this fix changes it. The tfstate was already correct and the code was correctly comparing state against definition.
Exactly right! Good catch @ArcturusZhang |
mbfrahry
changed the title
azurerm_policy_assignment - added support for enforcement_mode
|
Fixes #5699 |
|
Thanks for taking the time to write this out @ccampo. It'll make it into the next release! |
|
This has been released in version 2.15.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example: provider "azurerm" {
version = "~> 2.15.0"
}
# ... other configuration ... |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks! |
I added the parameter enforcement_mode to allow policies that are assigned to a scope to be set to "DoNotEnforce". Default behaviour is unchanged and still "Default".
Added the code of the implementation, update the documentation html and added a testcase. My first pull request for this project, so please if anything is missing.