add rule for postgresql_flexible_server_high_availability_mode_zone_r…

…edundant
Azure · Feb 7, 2025 · 60bfc61 · 60bfc61
1 parent 758c8e3
commit 60bfc61
Show file tree

Hide file tree

Showing 4 changed files with 107 additions and 2 deletions.
diff --git a/...liency-Library-v2/azurerm/mysql/azurerm_mysql_flexible_server_high_availability_mode.rego b/...liency-Library-v2/azurerm/mysql/azurerm_mysql_flexible_server_high_availability_mode.rego
@@ -4,7 +4,7 @@ valid_high_availability_mode(resource) {
     resource.change.after.high_availability[_].mode == "ZoneRedundant"
 }
 
-deny_mysql_flexible_server_high_availability_zone_redundant[reason] {
+deny_mysql_flexible_server_high_availability_mode_zone_redundant[reason] {
     tfplan := data.utils.tfplan(input)
     resource := tfplan.resource_changes[_]
     resource.mode == "managed"

diff --git a/...y-v2/azurerm/postgres/azurerm_postgresql_flexible_server_high_availability_mode.mock.json b/...y-v2/azurerm/postgres/azurerm_postgresql_flexible_server_high_availability_mode.mock.json
@@ -0,0 +1,87 @@
+{
+  "mock": {
+    "default": {
+      "resource_changes": [
+        {
+          "address": "azurerm_postgresql_flexible_server.example",
+          "mode": "managed",
+          "type": "azurerm_postgresql_flexible_server",
+          "name": "example",
+          "provider_name": "registry.terraform.io/hashicorp/azurerm",
+          "change": {
+            "actions": [
+              "create"
+            ],
+            "after": {
+              "high_availability": [
+                {
+                  "mode": "ZoneRedundant"
+                }
+              ]
+            }
+          }
+        }
+      ]
+    },
+    "invalid_same_zone": {
+      "resource_changes": [
+        {
+          "address": "azurerm_postgresql_flexible_server.example",
+          "mode": "managed",
+          "type": "azurerm_postgresql_flexible_server",
+          "name": "example",
+          "provider_name": "registry.terraform.io/hashicorp/azurerm",
+          "change": {
+            "actions": [
+              "create"
+            ],
+            "after": {
+              "high_availability": [
+                {
+                  "mode": "SameZone"
+                }
+              ]
+            }
+          }
+        }
+      ]
+    },
+    "invalid_empty_availability": {
+      "resource_changes": [
+        {
+          "address": "azurerm_postgresql_flexible_server.example",
+          "mode": "managed",
+          "type": "azurerm_postgresql_flexible_server",
+          "name": "example",
+          "provider_name": "registry.terraform.io/hashicorp/azurerm",
+          "change": {
+            "actions": [
+              "create"
+            ],
+            "after": {
+              "high_availability": [
+              ]
+            }
+          }
+        }
+      ]
+    },
+    "invalid_no_high_availability": {
+      "resource_changes": [
+        {
+          "address": "azurerm_postgresql_flexible_server.example",
+          "mode": "managed",
+          "type": "azurerm_postgresql_flexible_server",
+          "name": "example",
+          "provider_name": "registry.terraform.io/hashicorp/azurerm",
+          "change": {
+            "actions": [
+              "create"
+            ],
+            "after": {}
+          }
+        }
+      ]
+    }
+  }
+}
diff --git a/...ibrary-v2/azurerm/postgres/azurerm_postgresql_flexible_server_high_availability_mode.rego b/...ibrary-v2/azurerm/postgres/azurerm_postgresql_flexible_server_high_availability_mode.rego
@@ -0,0 +1,16 @@
+package Azure_Proactive_Resiliency_Library_v2.azurerm_postgresql_flexible_server
+
+valid_high_availability_mode(resource) {
+    resource.change.after.high_availability[_].mode == "ZoneRedundant"
+}
+
+deny_postgresql_flexible_server_high_availability_mode_zone_redundant[reason] {
+    tfplan := data.utils.tfplan(input)
+    resource := tfplan.resource_changes[_]
+    resource.mode == "managed"
+    resource.type == "azurerm_postgresql_flexible_server"
+    data.utils.is_create_or_update(resource.change.actions)
+    not valid_high_availability_mode(resource)
+
+    reason := sprintf("Azure-Proactive-Resiliency-Library-v2: '%s' `azurerm_postgresql_flexible_server` must have 'high_availability.mode' set to 'ZoneRedundant': https://azure.github.io/Azure-Proactive-Resiliency-Library-v2/azure-resources/DBforPostgreSQL/flexibleServers/#enable-ha-with-zone-redundancy", [resource.address])
+}
diff --git a/readme.md b/readme.md
@@ -25,8 +25,10 @@ conftest test --all-namespaces -p <path-to-policies>/policy <path-to-tfplan>
 [`use_nat_gateway_instead_of_outbound_rules_for_production_load_lalancer`](https://azure.github.io/Azure-Proactive-Resiliency-Library-v2/azure-resources/Network/loadBalancers/#use-nat-gateway-instead-of-outbound-rules-for-production-workloads)
 [`use_resilient_load_lalancer_sku`](https://azure.github.io/Azure-Proactive-Resiliency-Library-v2/azure-resources/Network/loadBalancers/#use-standard-load-balancer-sku)
 #### `Microsoft.DBforMySQL/flexibleServers`
-[`mysql_flexible_server_high_availability_zone_redundant`](https://azure.github.io/Azure-Proactive-Resiliency-Library-v2/azure-resources/DBforMySQL/flexibleServers/#enable-ha-with-zone-redundancy)
+[`mysql_flexible_server_high_availability_mode_zone_redundant`](https://azure.github.io/Azure-Proactive-Resiliency-Library-v2/azure-resources/DBforMySQL/flexibleServers/#enable-ha-with-zone-redundancy)
 [`mysql_flexible_server_geo_redundant_backup_enabled`](https://azure.github.io/Azure-Proactive-Resiliency-Library-v2/azure-resources/DBforMySQL/flexibleServers/#configure-geo-redundant-backup-storage)
+#### `Microsoft.DBforPostgreSQL/flexibleServers`
+[`postgresql_flexible_server_high_availability_mode_zone_redundant`](https://azure.github.io/Azure-Proactive-Resiliency-Library-v2/azure-resources/DBforPostgreSQL/flexibleServers/#enable-ha-with-zone-redundancy)
 
 ## Apply(skip) policies