Skip to content

Commit

Permalink
add microsoft_network_applicationGateways_sku_name rule
Browse files Browse the repository at this point in the history
  • Loading branch information
@lonegunmanb
lonegunmanb committed Jan 24, 2025
1 parent d1ed4b1 commit ccd10bf
Show file tree
Hide file tree
Showing 3 changed files with 118 additions and 0 deletions.
91 changes: 91 additions & 0 deletions ...iliency-Library-v2/azapi/network/microsoft_network_applicationGateways_sku_name.mock.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,91 @@
{
"mock": {
"Standard_v2": {
"resource_changes": [
{
"address": "azapi_resource.gw",
"mode": "managed",
"type": "azapi_resource",
"name": "gw",
"provider_name": "registry.terraform.io/azure/azapi",
"change": {
"actions": [
"create"
],
"after": {
"body": {
"properties": {
"sku": {
"capacity": 2,
"name": "Standard_v2",
"tier": "Standard_v2"
}
}
},
"name": "example-appgateway",
"type": "Microsoft.Network/applicationGateways@2024-03-01"
}
}
}
]
},
"WAF_v2": {
"resource_changes": [
{
"address": "azapi_resource.gw",
"mode": "managed",
"type": "azapi_resource",
"name": "gw",
"provider_name": "registry.terraform.io/azure/azapi",
"change": {
"actions": [
"create"
],
"after": {
"body": {
"properties": {
"sku": {
"capacity": 2,
"name": "WAF_v2",
"tier": "WAF_v2"
}
}
},
"name": "example-appgateway",
"type": "Microsoft.Network/applicationGateways@2024-03-01"
}
}
}
]
},
"invalid_basic": {
"resource_changes": [
{
"address": "azapi_resource.gw",
"mode": "managed",
"type": "azapi_resource",
"name": "gw",
"provider_name": "registry.terraform.io/azure/azapi",
"change": {
"actions": [
"create"
],
"after": {
"body": {
"properties": {
"sku": {
"capacity": 2,
"name": "Basic",
"tier": "Basic"
}
}
},
"name": "example-appgateway",
"type": "Microsoft.Network/applicationGateways@2024-03-01"
}
}
}
]
}
}
}
21 changes: 21 additions & 0 deletions ...e-Resiliency-Library-v2/azapi/network/microsoft_network_applicationGateways_sku_name.rego
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
package Azure_Proactive_Resiliency_Library_v2.azurerm_application_gateway

valid_azapi_sku(resource) {
resource.change.after.body.properties.sku.name == "Standard_v2"
}

valid_azapi_sku(resource) {
resource.change.after.body.properties.sku.name == "WAF_v2"
}

deny[reason] {
tfplan := data.utils.tfplan(input)
resource := tfplan.resource_changes[_]
resource.mode == "managed"
resource.type == "azapi_resource"
data.utils.azapi_resource_type_equals(resource.change.after, "Microsoft.Network/applicationGateways")
data.utils.is_create_or_update(resource.change.actions)
not valid_azapi_sku(resource)

reason := sprintf("Azure-Proactive-Resiliency-Library-v2: '%s' `azapi_resource` must have 'body.properties.sku.name' set to 'Standard_v2' or 'WAF_v2': https://azure.github.io/Azure-Proactive-Resiliency-Library-v2/azure-resources/Network/applicationGateways/#migrate-to-application-gateway-v2", [resource.address])
}
6 changes: 6 additions & 0 deletions policy/common/avm.utils.rego
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,4 +8,10 @@ tfplan(d) = output {
tfplan(d) = output {
not d.plan.resource_changes
output := d
}

azapi_resource_type_equals(resource, type) {
regex.match(sprintf(`^%s@`, type), resource.type)
} else = false {
true
}

0 comments on commit ccd10bf

Please sign in to comment.