Skip to content

Commit

Permalink
add microsoft_network_applicationGateways_zones rule
Browse files Browse the repository at this point in the history
  • Loading branch information
@lonegunmanb
lonegunmanb committed Jan 24, 2025
1 parent a160a92 commit 7a8e1cd
Show file tree
Hide file tree
Showing 3 changed files with 126 additions and 4 deletions.
8 changes: 4 additions & 4 deletions ...e-Resiliency-Library-v2/azapi/network/microsoft_network_applicationGateways_sku_name.rego
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
package Azure_Proactive_Resiliency_Library_v2.azurerm_application_gateway
package Azure_Proactive_Resiliency_Library_v2.Microsoft_Network_applicationGateways

valid_azapi_sku(resource) {
valid_sku(resource) {
resource.change.after.body.properties.sku.name == "Standard_v2"
}

valid_azapi_sku(resource) {
valid_sku(resource) {
resource.change.after.body.properties.sku.name == "WAF_v2"
}

Expand All @@ -15,7 +15,7 @@ deny[reason] {
resource.type == "azapi_resource"
regex.match(`^Microsoft.Network/applicationGateways@`, resource.change.after.type)
data.utils.is_create_or_update(resource.change.actions)
not valid_azapi_sku(resource)
not valid_sku(resource)

reason := sprintf("Azure-Proactive-Resiliency-Library-v2: '%s' `azapi_resource` must have 'body.properties.sku.name' set to 'Standard_v2' or 'WAF_v2': https://azure.github.io/Azure-Proactive-Resiliency-Library-v2/azure-resources/Network/applicationGateways/#migrate-to-application-gateway-v2", [resource.address])
}
104 changes: 104 additions & 0 deletions ...Resiliency-Library-v2/azapi/network/microsoft_network_applicationGateways_zones.mock.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,104 @@
{
"mock": {
"3zones": {
"resource_changes": [
{
"address": "azapi_resource.gw",
"mode": "managed",
"type": "azapi_resource",
"name": "gw",
"provider_name": "registry.terraform.io/azure/azapi",
"change": {
"actions": [
"create"
],
"after": {
"body": {
"zones": [
"1",
"2",
"3"
]
},
"name": "example-appgateway",
"type": "Microsoft.Network/applicationGateways@2024-03-01"
}
}
}
]
},
"2zones": {
"resource_changes": [
{
"address": "azapi_resource.gw",
"mode": "managed",
"type": "azapi_resource",
"name": "gw",
"provider_name": "registry.terraform.io/azure/azapi",
"change": {
"actions": [
"create"
],
"after": {
"body": {
"zones": [
"1",
"2"
]
},
"name": "example-appgateway",
"type": "Microsoft.Network/applicationGateways@2024-03-01"
}
}
}
]
},
"invalid_no_zones": {
"resource_changes": [
{
"address": "azapi_resource.gw",
"mode": "managed",
"type": "azapi_resource",
"name": "gw",
"provider_name": "registry.terraform.io/azure/azapi",
"change": {
"actions": [
"create"
],
"after": {
"body": {
},
"name": "example-appgateway",
"type": "Microsoft.Network/applicationGateways@2024-03-01"
}
}
}
]
},
"invalid_no_enough_zones":{
"resource_changes": [
{
"address": "azapi_resource.gw",
"mode": "managed",
"type": "azapi_resource",
"name": "gw",
"provider_name": "registry.terraform.io/azure/azapi",
"change": {
"actions": [
"create"
],
"after": {
"body": {
"zones": [
"1"
]
},
"name": "example-appgateway",
"type": "Microsoft.Network/applicationGateways@2024-03-01"
}
}
}
]
}
}
}
18 changes: 18 additions & 0 deletions ...tive-Resiliency-Library-v2/azapi/network/microsoft_network_applicationGateways_zones.rego
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
package Azure_Proactive_Resiliency_Library_v2.Microsoft_Network_applicationGateways

valid_zones(after) {
after.body.zones
count(after.body.zones) >= 2
}

deny[reason] {
tfplan := data.utils.tfplan(input)
resource := tfplan.resource_changes[_]
resource.mode == "managed"
resource.type == "azapi_resource"
regex.match(`^Microsoft.Network/applicationGateways@`, resource.change.after.type)
data.utils.is_create_or_update(resource.change.actions)
not valid_zones(resource.change.after)

reason := sprintf("Azure-Proactive-Resiliency-Library-v2: '%s' `azapi_resource` must have must have configured to use at least 2 Availability Zones: https://azure.github.io/Azure-Proactive-Resiliency-Library-v2/azure-resources/Network/applicationGateways/#deploy-application-gateway-in-a-zone-redundant-configuration", [resource.address])
}

0 comments on commit 7a8e1cd

Please sign in to comment.