add new rule migrate_vm_using_availability_sets_to_vmss_flex

policy/Azure-Proactive-Resiliency-Library-v2/azapi/compute/microsoft_compute_virtualMachines_properties_availabilitySet.mock.json

@@ -0,0 +1,53 @@
+{
+  "mock": {
+    "invalid_case": {
+      "resource_changes": [
+        {
+          "address": "azapi_resource.res",
+          "mode": "managed",
+          "type": "azapi_resource",
+          "name": "res",
+          "provider_name": "registry.terraform.io/azure/azapi",
+          "change": {
+            "actions": [
+              "create"
+            ],
+            "after": {
+              "body": {
+                "properties": {
+                  "availabilitySet": {
+                    "id": "/subscriptions/xxx/resourceGroups/vmss-neat/providers/Microsoft.Compute/availabilitySets/acctestavset"
+                  }
+                }
+              },
+              "type": "Microsoft.Compute/virtualMachines@2024-07-01"
+            }
+          }
+        }
+      ]
+    },
+    "valid_case": {
+      "resource_changes": [
+        {
+          "address": "azapi_resource.res",
+          "mode": "managed",
+          "type": "azapi_resource",
+          "name": "res",
+          "provider_name": "registry.terraform.io/azure/azapi",
+          "change": {
+            "actions": [
+              "create"
+            ],
+            "after": {
+              "body": {
+                "properties": {
+                }
+              },
+              "type": "Microsoft.Compute/virtualMachines@2024-07-01"
+            }
+          }
+        }
+      ]
+    }
+  }
+}

policy/Azure-Proactive-Resiliency-Library-v2/azapi/compute/microsoft_compute_virtualMachines_properties_availabilitySet.rego

@@ -0,0 +1,15 @@
+package Azure_Proactive_Resiliency_Library_v2.migrate_vm_using_availability_sets_to_vmss_flex
+
+import rego.v1
+
+valid_azapi_virtual_machine_properties_availabilitySet(resource) if {
+    not resource.values.body.properties.availabilitySet
+}
+
+deny_migrate_vm_using_availability_sets_to_vmss_flex contains reason if {
+    resource := data.utils.resource(input, "azapi_resource")[_]
+    data.utils.is_azure_type(resource.values, "Microsoft.Compute/virtualMachines")
+    not valid_azapi_virtual_machine_properties_availabilitySet(resource)
+
+    reason := sprintf("Azure-Proactive-Resiliency-Library-v2: '%s' `azapi_resource` must not define `properties.availabilitySet`: https://azure.github.io/Azure-Proactive-Resiliency-Library-v2/azure-resources/Compute/virtualMachines/#migrate-vms-using-availability-sets-to-vmss-flex", [resource.address])
+}

policy/Azure-Proactive-Resiliency-Library-v2/azurerm/compute/azurerm_linux_virtual_machine_availability_set_id.mock.json

@@ -0,0 +1,41 @@
+{
+  "mock": {
+    "default": {
+      "resource_changes": [
+        {
+          "address": "azurerm_linux_virtual_machine.example",
+          "mode": "managed",
+          "type": "azurerm_linux_virtual_machine",
+          "name": "example",
+          "provider_name": "registry.terraform.io/hashicorp/azurerm",
+          "change": {
+            "actions": [
+              "create"
+            ],
+            "after": {
+            }
+          }
+        }
+      ]
+    },
+    "invalid_case": {
+      "resource_changes": [
+        {
+          "address": "azurerm_linux_virtual_machine.example",
+          "mode": "managed",
+          "type": "azurerm_linux_virtual_machine",
+          "name": "example",
+          "provider_name": "registry.terraform.io/hashicorp/azurerm",
+          "change": {
+            "actions": [
+              "create"
+            ],
+            "after": {
+              "availability_set_id": "/subscriptions/xxx/resourceGroups/vmss-neat/providers/Microsoft.Compute/availabilitySets/acctestavset"
+            }
+          }
+        }
+      ]
+    }
+  }
+}

policy/Azure-Proactive-Resiliency-Library-v2/azurerm/compute/azurerm_linux_virtual_machine_availability_set_id.rego

@@ -0,0 +1,10 @@
+package Azure_Proactive_Resiliency_Library_v2.migrate_vm_using_availability_sets_to_vmss_flex
+
+import rego.v1
+
+deny_migrate_vm_using_availability_sets_to_vmss_flex contains reason if {
+    resource := data.utils.resource(input, "azurerm_linux_virtual_machine")[_]
+    resource.values.availability_set_id
+
+    reason := sprintf("Azure-Proactive-Resiliency-Library-v2: '%s' `azurerm_linux_virtual_machine` must not define `availability_set_id`: https://azure.github.io/Azure-Proactive-Resiliency-Library-v2/azure-resources/Compute/virtualMachines/#migrate-vms-using-availability-sets-to-vmss-flex", [resource.address])
+}

policy/Azure-Proactive-Resiliency-Library-v2/azurerm/compute/azurerm_windows_virtual_machine_availability_set_id.mock.json

@@ -0,0 +1,41 @@
+{
+  "mock": {
+    "default": {
+      "resource_changes": [
+        {
+          "address": "azurerm_windows_virtual_machine.example",
+          "mode": "managed",
+          "type": "azurerm_windows_virtual_machine",
+          "name": "example",
+          "provider_name": "registry.terraform.io/hashicorp/azurerm",
+          "change": {
+            "actions": [
+              "create"
+            ],
+            "after": {
+            }
+          }
+        }
+      ]
+    },
+    "invalid_case": {
+      "resource_changes": [
+        {
+          "address": "azurerm_windows_virtual_machine.example",
+          "mode": "managed",
+          "type": "azurerm_windows_virtual_machine",
+          "name": "example",
+          "provider_name": "registry.terraform.io/hashicorp/azurerm",
+          "change": {
+            "actions": [
+              "create"
+            ],
+            "after": {
+              "availability_set_id": "/subscriptions/xxx/resourceGroups/vmss-neat/providers/Microsoft.Compute/availabilitySets/acctestavset"
+            }
+          }
+        }
+      ]
+    }
+  }
+}

policy/Azure-Proactive-Resiliency-Library-v2/azurerm/compute/azurerm_windows_virtual_machine_availability_set_id.rego

@@ -0,0 +1,10 @@
+package Azure_Proactive_Resiliency_Library_v2.migrate_vm_using_availability_sets_to_vmss_flex
+
+import rego.v1
+
+deny_migrate_vm_using_availability_sets_to_vmss_flex contains reason if {
+    resource := data.utils.resource(input, "azurerm_windows_virtual_machine")[_]
+    resource.values.availability_set_id
+
+    reason := sprintf("Azure-Proactive-Resiliency-Library-v2: '%s' `azurerm_linux_virtual_machine` must not define `availability_set_id`: https://azure.github.io/Azure-Proactive-Resiliency-Library-v2/azure-resources/Compute/virtualMachines/#migrate-vms-using-availability-sets-to-vmss-flex", [resource.address])
+}

readme.md

@@ -29,8 +29,9 @@ conftest test --all-namespaces --update git::https://github.com/lonegunmanb/poli
 
 * `Microsoft.Compute/virtualMachines`
 
-[`mission_critical_virtual_machine_should_use_premium_or_ultra_disks`](https://azure.github.io/Azure-Proactive-Resiliency-Library-v2/azure-resources/Compute/virtualMachines/#mission-critical-workloads-should-consider-using-premium-or-ultra-disks)
 `legacy_virtual_machine_not_allowed`
+[`migrate_vm_using_availability_sets_to_vmss_flex`](https://azure.github.io/Azure-Proactive-Resiliency-Library-v2/azure-resources/Compute/virtualMachines/#migrate-vms-using-availability-sets-to-vmss-flex)
+[`mission_critical_virtual_machine_should_use_premium_or_ultra_disks`](https://azure.github.io/Azure-Proactive-Resiliency-Library-v2/azure-resources/Compute/virtualMachines/#mission-critical-workloads-should-consider-using-premium-or-ultra-disks)
 
 * `Microsoft.ContainerService/managedClusters`