extract regex match into funcion is_azure_type

Azure · Jan 26, 2025 · f90720e · f90720e
1 parent 7a8e1cd
commit f90720e
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 2 deletions.
diff --git a/...e-Resiliency-Library-v2/azapi/network/microsoft_network_applicationGateways_sku_name.rego b/...e-Resiliency-Library-v2/azapi/network/microsoft_network_applicationGateways_sku_name.rego
@@ -13,8 +13,8 @@ deny[reason] {
     resource := tfplan.resource_changes[_]
     resource.mode == "managed"
     resource.type == "azapi_resource"
-    regex.match(`^Microsoft.Network/applicationGateways@`, resource.change.after.type)
     data.utils.is_create_or_update(resource.change.actions)
+    data.utils.is_azure_type(resource.change.after, "Microsoft.Network/applicationGateways")
     not valid_sku(resource)
 
     reason := sprintf("Azure-Proactive-Resiliency-Library-v2: '%s' `azapi_resource` must have 'body.properties.sku.name' set to 'Standard_v2' or 'WAF_v2': https://azure.github.io/Azure-Proactive-Resiliency-Library-v2/azure-resources/Network/applicationGateways/#migrate-to-application-gateway-v2", [resource.address])

diff --git a/...tive-Resiliency-Library-v2/azapi/network/microsoft_network_applicationGateways_zones.rego b/...tive-Resiliency-Library-v2/azapi/network/microsoft_network_applicationGateways_zones.rego
@@ -10,7 +10,7 @@ deny[reason] {
     resource := tfplan.resource_changes[_]
     resource.mode == "managed"
     resource.type == "azapi_resource"
-    regex.match(`^Microsoft.Network/applicationGateways@`, resource.change.after.type)
+    data.utils.is_azure_type(resource.change.after, "Microsoft.Network/applicationGateways")
     data.utils.is_create_or_update(resource.change.actions)
     not valid_zones(resource.change.after)
 

diff --git a/policy/common/avm.utils.rego b/policy/common/avm.utils.rego
@@ -8,4 +8,8 @@ tfplan(d) = output {
 tfplan(d) = output {
     not d.plan.resource_changes
     output := d
+}
+
+is_azure_type(resource, azure_type) {
+    regex.match(sprintf("^%s@", [azure_type]), resource.type)
 }