add rule for postgresql azapi

policy/Azure-Proactive-Resiliency-Library-v2/azapi/postgresql/microsoft_db_for_postgresql_flexibleServers_backup_geo_redundant_backup.mock.json

@@ -0,0 +1,83 @@
+{
+  "mock": {
+    "default": {
+      "resource_changes": [
+        {
+          "address": "azapi_resource.res",
+          "mode": "managed",
+          "type": "azapi_resource",
+          "name": "res",
+          "provider_name": "registry.terraform.io/azure/azapi",
+          "change": {
+            "actions": [
+              "create"
+            ],
+            "before": null,
+            "after": {
+              "body": {
+                "properties": {
+                  "backup": {
+                    "geoRedundantBackup": "Enabled"
+                  }
+                }
+              },
+              "type": "Microsoft.DBforPostgreSQL/flexibleServers@2024-11-01-preview"
+            }
+          }
+        }
+      ]
+    },
+    "invalid_geo_redundant_backup_disabled": {
+      "resource_changes": [
+        {
+          "address": "azapi_resource.res",
+          "mode": "managed",
+          "type": "azapi_resource",
+          "name": "res",
+          "provider_name": "registry.terraform.io/azure/azapi",
+          "change": {
+            "actions": [
+              "create"
+            ],
+            "before": null,
+            "after": {
+              "body": {
+                "properties": {
+                  "backup": {
+                    "geoRedundantBackup": "Disabled"
+                  }
+                }
+              },
+              "type": "Microsoft.DBforPostgreSQL/flexibleServers@2024-11-01-preview"
+            }
+          }
+        }
+      ]
+    },
+    "invalid_geo_redundant_backup_omitted": {
+      "resource_changes": [
+        {
+          "address": "azapi_resource.res",
+          "mode": "managed",
+          "type": "azapi_resource",
+          "name": "res",
+          "provider_name": "registry.terraform.io/azure/azapi",
+          "change": {
+            "actions": [
+              "create"
+            ],
+            "before": null,
+            "after": {
+              "body": {
+                "properties": {
+                  "backup": {}
+                }
+              },
+              "type": "Microsoft.DBforPostgreSQL/flexibleServers@2024-11-01-preview"
+            }
+          }
+        }
+      ]
+    }
+  }
+}

policy/Azure-Proactive-Resiliency-Library-v2/azapi/postgresql/microsoft_db_for_postgresql_flexibleServers_backup_geo_redundant_backup.rego

@@ -0,0 +1,15 @@
+package Azure_Proactive_Resiliency_Library_v2
+
+import rego.v1
+
+valid_azapi_postgres_flexible_server_geo_redundant_backup_enabled(resource) if {
+    resource.values.body.properties.backup.geoRedundantBackup == "Enabled"
+}
+
+deny_postgresql_flexible_server_geo_redundant_backup_enabled contains reason if {
+    resource := data.utils.resource(input, "azapi_resource")[_]
+    data.utils.is_azure_type(resource.values, "Microsoft.DBforPostgreSQL/flexibleServers")
+    not valid_azapi_postgres_flexible_server_geo_redundant_backup_enabled(resource)
+
+    reason := sprintf("Azure-Proactive-Resiliency-Library-v2/postgresql_flexible_server_geo_redundant_backup_enabled: '%s' `azapi_resource` must have 'backup.geoRedundantBackup' set to '\"Enabled\"': https://azure.github.io/Azure-Proactive-Resiliency-Library-v2/azure-resources/DBforMySQL/flexibleServers/#configure-geo-redundant-backup-storage", [resource.address])
+}

policy/Azure-Proactive-Resiliency-Library-v2/azapi/postgresql/microsoft_db_for_postgresql_flexibleServers_high_availabillity_mode.mock.json

@@ -0,0 +1,79 @@
+{
+  "mock": {
+    "valid_zone_redundant": {
+      "resource_changes": [
+        {
+          "address": "azapi_resource.res",
+          "mode": "managed",
+          "type": "azapi_resource",
+          "name": "res",
+          "provider_name": "registry.terraform.io/azure/azapi",
+          "change": {
+            "actions": [
+              "create"
+            ],
+            "after": {
+              "body": {
+                "properties": {
+                  "highAvailability": {
+                    "mode": "ZoneRedundant"
+                  }
+                }
+              },
+              "type": "Microsoft.DBforPostgreSQL/flexibleServers@2024-11-01-preview"
+            }
+          }
+        }
+      ]
+    },
+    "invalid_same_zone": {
+      "resource_changes": [
+        {
+          "address": "azapi_resource.res",
+          "mode": "managed",
+          "type": "azapi_resource",
+          "name": "res",
+          "provider_name": "registry.terraform.io/azure/azapi",
+          "change": {
+            "actions": [
+              "create"
+            ],
+            "after": {
+              "body": {
+                "properties": {
+                  "highAvailability": {
+                    "mode": "SameZone"
+                  }
+                }
+              },
+              "type": "Microsoft.DBforPostgreSQL/flexibleServers@2024-11-01-preview"
+            }
+          }
+        }
+      ]
+    },
+    "invalid_no_high_availability": {
+      "resource_changes": [
+        {
+          "address": "azapi_resource.res",
+          "mode": "managed",
+          "type": "azapi_resource",
+          "name": "res",
+          "provider_name": "registry.terraform.io/azure/azapi",
+          "change": {
+            "actions": [
+              "create"
+            ],
+            "after": {
+              "body": {
+                "properties": {
+                }
+              },
+              "type": "Microsoft.DBforPostgreSQL/flexibleServers@2024-11-01-preview"
+            }
+          }
+        }
+      ]
+    }
+  }
+}

policy/Azure-Proactive-Resiliency-Library-v2/azapi/postgresql/microsoft_db_for_postgresql_flexibleServers_high_availabillity_mode.rego

@@ -0,0 +1,15 @@
+package Azure_Proactive_Resiliency_Library_v2
+
+import rego.v1
+
+valid_azapi_postgres_flexible_server_high_availability_zone_redundant(resource) if {
+    resource.values.body.properties.highAvailability.mode == "ZoneRedundant"
+}
+
+deny_postgresql_flexible_server_high_availability_zone_redundant contains reason if {
+    resource := data.utils.resource(input, "azapi_resource")[_]
+    data.utils.is_azure_type(resource.values, "Microsoft.DBforPostgreSQL/flexibleServers")
+    not valid_azapi_postgres_flexible_server_high_availability_zone_redundant(resource)
+
+    reason := sprintf("Azure-Proactive-Resiliency-Library-v2/postgresql_flexible_server_high_availability_zone_redundant: '%s' `azapi_resource` must have 'highAvailability.mode' set to 'ZoneRedundant': https://azure.github.io/Azure-Proactive-Resiliency-Library-v2/azure-resources/DBforPostgreSQL/flexibleServers/#enable-ha-with-zone-redundancy", [resource.address])
+}

policy/Azure-Proactive-Resiliency-Library-v2/azurerm/mysql/azurerm_mysql_flexible_server_geo_redundant_backup_enabled.rego

@@ -10,5 +10,5 @@ deny_mysql_flexible_server_geo_redundant_backup_enabled contains reason if {
     resource := data.utils.resource(input, "azurerm_mysql_flexible_server")[_]
     not valid_mysql_flexible_server_geo_redundant_backup_enabled(resource)
 
-    reason := sprintf("Azure-Proactive-Resiliency-Library-v2/mysql_flexible_server_geo_redundant_backup_enabled: '%s' `azurerm_mysql_flexible_server` must have 'geo_redundant_backup_enabled.mode' set to 'true': https://azure.github.io/Azure-Proactive-Resiliency-Library-v2/azure-resources/DBforMySQL/flexibleServers/#configure-geo-redundant-backup-storage", [resource.address])
+    reason := sprintf("Azure-Proactive-Resiliency-Library-v2/mysql_flexible_server_geo_redundant_backup_enabled: '%s' `azurerm_mysql_flexible_server` must have 'geo_redundant_backup_enabled' set to 'true': https://azure.github.io/Azure-Proactive-Resiliency-Library-v2/azure-resources/DBforMySQL/flexibleServers/#configure-geo-redundant-backup-storage", [resource.address])
 }

policy/Azure-Proactive-Resiliency-Library-v2/azurerm/postgres/azurerm_postgresql_flexible_server_geo_redundant_backup_enabled.mock.json

@@ -0,0 +1,59 @@
+{
+  "mock": {
+    "default": {
+      "resource_changes": [
+        {
+          "address": "azurerm_postgresql_flexible_server.example",
+          "mode": "managed",
+          "type": "azurerm_postgresql_flexible_server",
+          "name": "example",
+          "provider_name": "registry.terraform.io/hashicorp/azurerm",
+          "change": {
+            "actions": [
+              "create"
+            ],
+            "after": {
+              "geo_redundant_backup_enabled": true
+            }
+          }
+        }
+      ]
+    },
+    "invalid_geo_redundant_backup_disabled": {
+      "resource_changes": [
+        {
+          "address": "azurerm_postgresql_flexible_server.example",
+          "mode": "managed",
+          "type": "azurerm_postgresql_flexible_server",
+          "name": "example",
+          "provider_name": "registry.terraform.io/hashicorp/azurerm",
+          "change": {
+            "actions": [
+              "create"
+            ],
+            "after": {
+              "geo_redundant_backup_enabled": false
+            }
+          }
+        }
+      ]
+    },
+    "invalid_geo_redundant_backup_omitted": {
+      "resource_changes": [
+        {
+          "address": "azurerm_postgresql_flexible_server.example",
+          "mode": "managed",
+          "type": "azurerm_postgresql_flexible_server",
+          "name": "example",
+          "provider_name": "registry.terraform.io/hashicorp/azurerm",
+          "change": {
+            "actions": [
+              "create"
+            ],
+            "after": {}
+          }
+        }
+      ]
+    }
+  }
+}

policy/Azure-Proactive-Resiliency-Library-v2/azurerm/postgres/azurerm_postgresql_flexible_server_geo_redundant_backup_enabled.rego

@@ -0,0 +1,14 @@
+package Azure_Proactive_Resiliency_Library_v2
+
+import rego.v1
+
+valid_postgresql_flexible_server_geo_redundant_backup_enabled(resource) if {
+    resource.values.geo_redundant_backup_enabled == true
+}
+
+deny_postgresql_flexible_server_geo_redundant_backup_enabled contains reason if {
+    resource := data.utils.resource(input, "azurerm_postgresql_flexible_server")[_]
+    not valid_postgresql_flexible_server_geo_redundant_backup_enabled(resource)
+
+    reason := sprintf("Azure-Proactive-Resiliency-Library-v2/postgresql_flexible_server_geo_redundant_backup_enabled: '%s' `azurerm_postgresql_flexible_server` must have 'geo_redundant_backup_enabled' set to 'true': https://azure.github.io/Azure-Proactive-Resiliency-Library-v2/azure-resources/DBforPostgreSQL/flexibleServers/#configure-geo-redundant-backup-storage", [resource.address])
+}

readme.md

@@ -67,6 +67,7 @@ conftest test --all-namespaces --update git::https://github.com/lonegunmanb/poli
 
 * `Microsoft.DBforPostgreSQL/flexibleServers`
 
+[`postgresql_flexible_server_geo_redundant_backup_enabled`](https://azure.github.io/Azure-Proactive-Resiliency-Library-v2/azure-resources/DBforMySQL/flexibleServers/#configure-geo-redundant-backup-storage)
 [`postgresql_flexible_server_high_availability_mode_zone_redundant`](https://azure.github.io/Azure-Proactive-Resiliency-Library-v2/azure-resources/DBforPostgreSQL/flexibleServers/#enable-ha-with-zone-redundancy)
 
 * `Microsoft.Storage/storageAccounts`