Unified package name

policy/Azure-Proactive-Resiliency-Library-v2/azapi/compute/microsoft_compute_disks_sku_name.rego

@@ -1,19 +1,19 @@
-package Azure_Proactive_Resiliency_Library_v2.mission_critical_virtual_machine_should_use_premium_or_ultra_disks
+package Azure_Proactive_Resiliency_Library_v2
 
 import rego.v1
 
-valid_azapi_disk_sku_name(resource) if {
+valid_azapi_mission_critical_virtual_machine_should_use_premium_or_ultra_disks(resource) if {
     startswith(resource.values.body.sku.name, "Premium")
 }
 
-valid_azapi_disk_sku_name(resource) if {
+valid_azapi_mission_critical_virtual_machine_should_use_premium_or_ultra_disks(resource) if {
     startswith(resource.values.body.sku.name, "Ultra")
 }
 
 deny_mission_critical_virtual_machine_should_use_premium_or_ultra_disks contains reason if {
     resource := data.utils.resource(input, "azapi_resource")[_]
     data.utils.is_azure_type(resource.values, "Microsoft.Compute/disks")
-    not valid_azapi_disk_sku_name(resource)
+    not valid_azapi_mission_critical_virtual_machine_should_use_premium_or_ultra_disks(resource)
 
     reason := sprintf("Azure-Proactive-Resiliency-Library-v2: '%s' `azapi_resource` must have configured `sku.name` to use Premium or Ultra type: https://azure.github.io/Azure-Proactive-Resiliency-Library-v2/azure-resources/Compute/virtualMachines/#mission-critical-workloads-should-consider-using-premium-or-ultra-disks", [resource.address])
 }

policy/Azure-Proactive-Resiliency-Library-v2/azapi/compute/microsoft_compute_virtualMachines_properties_availabilitySet.rego

@@ -1,15 +1,15 @@
-package Azure_Proactive_Resiliency_Library_v2.migrate_vm_using_availability_sets_to_vmss_flex
+package Azure_Proactive_Resiliency_Library_v2
 
 import rego.v1
 
-valid_azapi_virtual_machine_properties_availabilitySet(resource) if {
+valid_azapi_migrate_vm_using_availability_sets_to_vmss_flex(resource) if {
     not resource.values.body.properties.availabilitySet
 }
 
 deny_migrate_vm_using_availability_sets_to_vmss_flex contains reason if {
     resource := data.utils.resource(input, "azapi_resource")[_]
     data.utils.is_azure_type(resource.values, "Microsoft.Compute/virtualMachines")
-    not valid_azapi_virtual_machine_properties_availabilitySet(resource)
+    not valid_azapi_migrate_vm_using_availability_sets_to_vmss_flex(resource)
 
     reason := sprintf("Azure-Proactive-Resiliency-Library-v2: '%s' `azapi_resource` must not define `properties.availabilitySet`: https://azure.github.io/Azure-Proactive-Resiliency-Library-v2/azure-resources/Compute/virtualMachines/#migrate-vms-using-availability-sets-to-vmss-flex", [resource.address])
 }

policy/Azure-Proactive-Resiliency-Library-v2/azapi/compute/microsoft_compute_virtualMachines_storageProfile_osDisk_managedDisk_storageAccountType.rego

@@ -1,19 +1,19 @@
-package Azure_Proactive_Resiliency_Library_v2.mission_critical_virtual_machine_should_use_premium_or_ultra_disks
+package Azure_Proactive_Resiliency_Library_v2
 
 import rego.v1
 
-valid_azapi_virtual_machine_properties_storageProfile_osDisk_storageAccountType(resource) if {
+valid_azapi_mission_critical_virtual_machine_should_use_premium_or_ultra_disks(resource) if {
     startswith(resource.values.body.properties.storageProfile.osDisk.managedDisk.storageAccountType, "Premium")
 }
 
-valid_azapi_virtual_machine_properties_storageProfile_osDisk_storageAccountType(resource) if {
+valid_azapi_mission_critical_virtual_machine_should_use_premium_or_ultra_disks(resource) if {
     startswith(resource.values.body.properties.storageProfile.osDisk.managedDisk.storageAccountType, "Ultra")
 }
 
 deny_mission_critical_virtual_machine_should_use_premium_or_ultra_disks contains reason if {
     resource := data.utils.resource(input, "azapi_resource")[_]
     data.utils.is_azure_type(resource.values, "Microsoft.Compute/virtualMachines")
-    not valid_azapi_virtual_machine_properties_storageProfile_osDisk_storageAccountType(resource)
+    not valid_azapi_mission_critical_virtual_machine_should_use_premium_or_ultra_disks(resource)
 
     reason := sprintf("Azure-Proactive-Resiliency-Library-v2: '%s' `azapi_resource` must have configured `storageProfile.osDisk.managedDisk.storageAccountType` to use Premium or Ultra type: https://azure.github.io/Azure-Proactive-Resiliency-Library-v2/azure-resources/Compute/virtualMachines/#mission-critical-workloads-should-consider-using-premium-or-ultra-disks", [resource.address])
 }

policy/Azure-Proactive-Resiliency-Library-v2/azapi/containerservice/aks/microsoft_container_service_managedClusters_agentPoolProfiles_availabilityZones.rego

@@ -1,16 +1,16 @@
-package Azure_Proactive_Resiliency_Library_v2.configure_aks_default_node_pool_zones
+package Azure_Proactive_Resiliency_Library_v2
 
 import rego.v1
 
-valid_azapi_zones(resource) if {
+valid_azapi_configure_aks_default_node_pool_zones(resource) if {
     pool := resource.values.body.properties.agentPoolProfiles[_]
     count(pool.availabilityZones) >= 2
 }
 
 deny_configure_aks_default_node_pool_zones contains reason if {
     resource := data.utils.resource(input, "azapi_resource")[_]
     data.utils.is_azure_type(resource.values, "Microsoft.ContainerService/managedClusters")
-    not valid_azapi_zones(resource)
+    not valid_azapi_configure_aks_default_node_pool_zones(resource)
 
     reason := sprintf("Azure-Proactive-Resiliency-Library-v2: '%s' `azapi_resource` must have configured `agentPoolProfiles.availabilityZones` to use at least 2 Availability Zones: https://azure.github.io/Azure-Proactive-Resiliency-Library-v2/azure-resources/ContainerService/managedClusters/#deploy-aks-cluster-across-availability-zones", [resource.address])
 }

policy/Azure-Proactive-Resiliency-Library-v2/azapi/cosmos-db/microsoft_documentdb_databaseAccounts_backupPolicy_type.rego

@@ -1,15 +1,15 @@
-package Azure_Proactive_Resiliency_Library_v2.configure_cosmosdb_account_continuous_backup_mode
+package Azure_Proactive_Resiliency_Library_v2
 
 import rego.v1
 
-valid_azapi_cosmosdb_account_backup_policy_type(resource) if {
+valid_azapi_configure_cosmosdb_account_continuous_backup_mode(resource) if {
     resource.values.body.properties.backupPolicy.type == "Continuous"
 }
 
 deny_configure_cosmosdb_account_continuous_backup_mode contains reason if {
     resource := data.utils.resource(input, "azapi_resource")[_]
     data.utils.is_azure_type(resource.values, "Microsoft.DocumentDB/databaseAccounts")
-    not valid_azapi_cosmosdb_account_backup_policy_type(resource)
+    not valid_azapi_configure_cosmosdb_account_continuous_backup_mode(resource)
 
     reason := sprintf("Azure-Proactive-Resiliency-Library-v2: '%s' `azapi_resource` must have backup type configured to 'Continuous': https://azure.github.io/Azure-Proactive-Resiliency-Library-v2/azure-resources/DocumentDB/databaseAccounts/#configure-continuous-backup-mode", [resource.address])
 }

policy/Azure-Proactive-Resiliency-Library-v2/azapi/mysql/microsoft_db_for_mysql_flexibleServers_backup_geo_redundant_backup.rego

@@ -1,15 +1,15 @@
-package Azure_Proactive_Resiliency_Library_v2.Microsoft_DBforMySQL_flexibleServers
+package Azure_Proactive_Resiliency_Library_v2
 
 import rego.v1
 
-valid_geo_redundant_backup_enabled(resource) if {
+valid_azapi_mysql_flexible_server_geo_redundant_backup_enabled(resource) if {
     resource.values.body.properties.backup.geoRedundantBackup == "Enabled"
 }
 
 deny_mysql_flexible_server_geo_redundant_backup_enabled contains reason if {
     resource := data.utils.resource(input, "azapi_resource")[_]
     data.utils.is_azure_type(resource.values, "Microsoft.DBforMySQL/flexibleServers")
-    not valid_geo_redundant_backup_enabled(resource)
+    not valid_azapi_mysql_flexible_server_geo_redundant_backup_enabled(resource)
 
     reason := sprintf("Azure-Proactive-Resiliency-Library-v2: '%s' `azapi_resource` must have 'backup.geoRedundantBackup' set to '\"Enabled\"': https://azure.github.io/Azure-Proactive-Resiliency-Library-v2/azure-resources/DBforMySQL/flexibleServers/#configure-geo-redundant-backup-storage", [resource.address])
 }

policy/Azure-Proactive-Resiliency-Library-v2/azapi/mysql/microsoft_db_for_mysql_flexibleServers_high_availability_mode.rego

@@ -1,15 +1,15 @@
-package Azure_Proactive_Resiliency_Library_v2.Microsoft_DBforMySQL_flexibleServers
+package Azure_Proactive_Resiliency_Library_v2
 
 import rego.v1
 
-valid_high_availability_mode(resource) if {
+valid_azapi_mysql_flexible_server_high_availability_zone_redundant(resource) if {
     resource.values.body.properties.highAvailability.mode == "ZoneRedundant"
 }
 
 deny_mysql_flexible_server_high_availability_zone_redundant contains reason if {
     resource := data.utils.resource(input, "azapi_resource")[_]
     data.utils.is_azure_type(resource.values, "Microsoft.DBforMySQL/flexibleServers")
-    not valid_high_availability_mode(resource)
+    not valid_azapi_mysql_flexible_server_high_availability_zone_redundant(resource)
 
     reason := sprintf("Azure-Proactive-Resiliency-Library-v2: '%s' `azapi_resource` must have 'highAvailability.mode' set to 'ZoneRedundant': https://azure.github.io/Azure-Proactive-Resiliency-Library-v2/azure-resources/DBforMySQL/flexibleServers/#enable-ha-with-zone-redundancy", [resource.address])
 }

policy/Azure-Proactive-Resiliency-Library-v2/azapi/network/microsoft_network_applicationGateways_sku_name.rego

@@ -1,19 +1,19 @@
-package Azure_Proactive_Resiliency_Library_v2.migrate_to_application_gateway_v2
+package Azure_Proactive_Resiliency_Library_v2
 
 import rego.v1
 
-valid_azapi_sku(resource) if {
+valid_azapi_migrate_to_application_gateway_v2(resource) if {
     resource.values.body.properties.sku.name == "Standard_v2"
 }
 
-valid_azapi_sku(resource) if {
+valid_azapi_migrate_to_application_gateway_v2(resource) if {
     resource.values.body.properties.sku.name == "WAF_v2"
 }
 
 deny_migrate_to_application_gateway_v2 contains reason if {
     resource := data.utils.resource(input, "azapi_resource")[_]
     data.utils.is_azure_type(resource.values, "Microsoft.Network/applicationGateways")
-    not valid_azapi_sku(resource)
+    not valid_azapi_migrate_to_application_gateway_v2(resource)
 
     reason := sprintf("Azure-Proactive-Resiliency-Library-v2: '%s' `azapi_resource` must have 'body.properties.sku.name' set to 'Standard_v2' or 'WAF_v2': https://azure.github.io/Azure-Proactive-Resiliency-Library-v2/azure-resources/Network/applicationGateways/#migrate-to-application-gateway-v2", [resource.address])
 }

policy/Azure-Proactive-Resiliency-Library-v2/azapi/network/microsoft_network_applicationGateways_zones.rego

@@ -1,16 +1,16 @@
-package Azure_Proactive_Resiliency_Library_v2.deploy_application_gateway_in_a_zone_redundant_configuration
+package Azure_Proactive_Resiliency_Library_v2
 
 import rego.v1
 
-valid_azapi_zones(resource) if {
+valid_azapi_deploy_application_gateway_in_a_zone_redundant_configuration(resource) if {
     resource.values.body.zones == resource.values.body.zones
     count(resource.values.body.zones) >= 2
 }
 
 deny_deploy_application_gateway_in_a_zone_redundant_configuration contains reason if {
     resource := data.utils.resource(input, "azapi_resource")[_]
     data.utils.is_azure_type(resource.values, "Microsoft.Network/applicationGateways")
-    not valid_azapi_zones(resource)
+    not valid_azapi_deploy_application_gateway_in_a_zone_redundant_configuration(resource)
 
     reason := sprintf("Azure-Proactive-Resiliency-Library-v2: '%s' `azapi_resource` must have must have configured to use at least 2 Availability Zones: https://azure.github.io/Azure-Proactive-Resiliency-Library-v2/azure-resources/Network/applicationGateways/#deploy-application-gateway-in-a-zone-redundant-configuration", [resource.address])
 }

policy/Azure-Proactive-Resiliency-Library-v2/azapi/network/microsoft_network_loadBalancers_outbound_rules.rego

@@ -1,19 +1,19 @@
-package Azure_Proactive_Resiliency_Library_v2.use_nat_gateway_instead_of_outbound_rules_for_production_load_lalancer
+package Azure_Proactive_Resiliency_Library_v2
 
 import rego.v1
 
-valid_azapi_outbound_rules(resource) if {
+valid_azapi_use_nat_gateway_instead_of_outbound_rules_for_production_load_lalancer(resource) if {
     count(resource.values.body.properties.outboundRules) == 0
 }
 
-valid_azapi_outbound_rules(resource) if {
+valid_azapi_use_nat_gateway_instead_of_outbound_rules_for_production_load_lalancer(resource) if {
     not resource.values.body.properties.outboundRules == resource.values.body.properties.outboundRules
 }
 
 deny_use_nat_gateway_instead_of_outbound_rules_for_production_load_lalancer contains reason if {
     resource := data.utils.resource(input, "azapi_resource")[_]
     data.utils.is_azure_type(resource.values, "Microsoft.Network/loadBalancers")
-    not valid_azapi_outbound_rules(resource)
+    not valid_azapi_use_nat_gateway_instead_of_outbound_rules_for_production_load_lalancer(resource)
 
     reason := sprintf("Azure-Proactive-Resiliency-Library-v2: '%s' `azapi_resource` must not config `outboundRules. Outbound rules for Standard Public Load Balancer involve manual port allocation for backend pools, limiting scalability and risk of SNAT port exhaustion. NAT Gateway is recommended for its dynamic scaling and secure internet connectivity.: https://azure.github.io/Azure-Proactive-Resiliency-Library-v2/azure-resources/Network/loadBalancers/#use-nat-gateway-instead-of-outbound-rules-for-production-workloads", [resource.address])
 }

policy/Azure-Proactive-Resiliency-Library-v2/azapi/network/microsoft_network_loadBalancers_sku.rego

@@ -1,16 +1,16 @@
-package Azure_Proactive_Resiliency_Library_v2.use_resilient_load_lalancer_sku
+package Azure_Proactive_Resiliency_Library_v2
 
 import rego.v1
 
-valid_azapi_sku(resource) if {
+valid_azapi_use_resilient_load_lalancer_sku(resource) if {
     resource.values.body.sku.name
     resource.values.body.sku.name != "Basic"
 }
 
 deny_use_resilient_load_lalancer_sku contains reason if {
     resource := data.utils.resource(input, "azapi_resource")[_]
     data.utils.is_azure_type(resource.values, "Microsoft.Network/loadBalancers")
-    not valid_azapi_sku(resource)
+    not valid_azapi_use_resilient_load_lalancer_sku(resource)
 
     reason := sprintf("Azure-Proactive-Resiliency-Library-v2: '%s' `azapi_resource` must not have 'sku.name' set to 'Basic': https://azure.github.io/Azure-Proactive-Resiliency-Library-v2/azure-resources/Network/loadBalancers/#use-standard-load-balancer-sku", [resource.address])
 }

policy/Azure-Proactive-Resiliency-Library-v2/azapi/network/microsoft_network_publicIPAddresses.rego

@@ -1,16 +1,16 @@
-package Azure_Proactive_Resiliency_Library_v2.use_standard_sku_and_zone_redundant_ip
+package Azure_Proactive_Resiliency_Library_v2
 
 import rego.v1
 
-valid_azapi_sku_name(resource) if {
+valid_azapi_use_standard_sku_and_zone_redundant_ip(resource) if {
     resource.values.body.sku.name == "Sandard"
     count(resource.values.body.zones) >= 2
 }
 
 deny_use_standard_sku_and_zone_redundant_ip contains reason if {
     resource := data.utils.resource(input, "azapi_resource")[_]
     data.utils.is_azure_type(resource.values, "Microsoft.Network/publicIPAddresses")
-    not valid_azapi_sku_name(resource)
+    not valid_azapi_use_standard_sku_and_zone_redundant_ip(resource)
 
     reason := sprintf("Azure-Proactive-Resiliency-Library-v2: '%s' `azapi_resource` must have configured `sku.name` to `\"Standard\"` and a `zones` that cotnains at least 2 zones: https://azure.github.io/Azure-Proactive-Resiliency-Library-v2/azure-resources/Network/publicIPAddresses/#use-standard-sku-and-zone-redundant-ips-when-applicable", [resource.address])
 }

policy/Azure-Proactive-Resiliency-Library-v2/azapi/network/microsoft_network_virtualNetworkGateways_properties_sku_name.rego

@@ -1,8 +1,8 @@
-package Azure_Proactive_Resiliency_Library_v2.virtual_network_gateway_use_zone_redundant_sku
+package Azure_Proactive_Resiliency_Library_v2
 
 import rego.v1
 
-valid_azapi_sku_name(resource) if {
+valid_azapi_virtual_network_gateway_use_zone_redundant_sku(resource) if {
    zone_redundant_skus := {"ErGw1AZ", "ErGw2AZ", "ErGw3AZ", "VpnGw1AZ", "VpnGw2AZ", "VpnGw3AZ", "VpnGw4AZ", "VpnGw5AZ"}
    zone_redundant_skus[resource.values.body.properties.sku.name]
 }
@@ -11,7 +11,7 @@ valid_azapi_sku_name(resource) if {
 deny_virtual_network_gateway_use_zone_redundant_sku contains reason if {
     resource := data.utils.resource(input, "azapi_resource")[_]
     data.utils.is_azure_type(resource.values, "Microsoft.Network/virtualNetworkGateways")
-    not valid_azapi_sku_name(resource)
+    not valid_azapi_virtual_network_gateway_use_zone_redundant_sku(resource)
 
     reason := sprintf("Azure-Proactive-Resiliency-Library-v2: '%s' `azapi_resource` must have configured `sku.name` to one of {\"ErGw1AZ\", \"ErGw2AZ\", \"ErGw3AZ\", \"VpnGw1AZ\", \"VpnGw2AZ\", \"VpnGw3AZ\", \"VpnGw4AZ\", \"VpnGw5AZ\"}: https://azure.github.io/Azure-Proactive-Resiliency-Library-v2/azure-resources/Network/virtualNetworkGateways/#use-zone-redundant-expressroute-gateway-skus", [resource.address])
 }

policy/Azure-Proactive-Resiliency-Library-v2/azapi/storage/microsoft_storage_storageAccounts_sku_name.rego

@@ -1,15 +1,15 @@
-package Azure_Proactive_Resiliency_Library_v2.storage_accounts_are_zone_or_region_redundant
+package Azure_Proactive_Resiliency_Library_v2
 
 import rego.v1
 
-valid_azapi_account_replication_type(resource) if {
+valid_azapi_storage_accounts_are_zone_or_region_redundant(resource) if {
     not endswith(resource.values.body.sku.name, "LRS")
 }
 
 deny_storage_accounts_are_zone_or_region_redundant contains reason if {
     resource := data.utils.resource(input, "azapi_resource")[_]
     data.utils.is_azure_type(resource.values, "Microsoft.Storage/storageAccounts")
-    not valid_azapi_account_replication_type(resource)
+    not valid_azapi_storage_accounts_are_zone_or_region_redundant(resource)
 
     reason := sprintf("Azure-Proactive-Resiliency-Library-v2: '%s' `azapi_resource` must not have configured `sku.name` to `\"Standard_LRS\"` nor `\"Premium_LRS\"`: https://azure.github.io/Azure-Proactive-Resiliency-Library-v2/azure-resources/Storage/storageAccounts/#ensure-that-storage-accounts-are-zone-or-region-redundant", [resource.address])
 }

policy/Azure-Proactive-Resiliency-Library-v2/azurerm/compute/azurerm_linux_virtual_machine_availability_set_id.mock.json

@@ -18,6 +18,25 @@
         }
       ]
     },
+    "null": {
+      "resource_changes": [
+        {
+          "address": "azurerm_linux_virtual_machine.example",
+          "mode": "managed",
+          "type": "azurerm_linux_virtual_machine",
+          "name": "example",
+          "provider_name": "registry.terraform.io/hashicorp/azurerm",
+          "change": {
+            "actions": [
+              "create"
+            ],
+            "after": {
+              "availability_set_id": null
+            }
+          }
+        }
+      ]
+    },
     "invalid_case": {
       "resource_changes": [
         {

policy/Azure-Proactive-Resiliency-Library-v2/azurerm/compute/azurerm_linux_virtual_machine_availability_set_id.rego

@@ -1,10 +1,18 @@
-package Azure_Proactive_Resiliency_Library_v2.migrate_vm_using_availability_sets_to_vmss_flex
+package Azure_Proactive_Resiliency_Library_v2
 
 import rego.v1
 
+valid_azurerm_deny_migrate_vm_using_availability_sets_to_vmss_flex(_resource) if {
+    not _resource.values.availability_set_id
+}
+
+valid_azurerm_deny_migrate_vm_using_availability_sets_to_vmss_flex(_resource) if {
+    _resource.values.availability_set_id == null
+}
+
 deny_migrate_vm_using_availability_sets_to_vmss_flex contains reason if {
     resource := data.utils.resource(input, "azurerm_linux_virtual_machine")[_]
-    resource.values.availability_set_id
+    not valid_azurerm_deny_migrate_vm_using_availability_sets_to_vmss_flex(resource)
 
     reason := sprintf("Azure-Proactive-Resiliency-Library-v2: '%s' `azurerm_linux_virtual_machine` must not define `availability_set_id`: https://azure.github.io/Azure-Proactive-Resiliency-Library-v2/azure-resources/Compute/virtualMachines/#migrate-vms-using-availability-sets-to-vmss-flex", [resource.address])
 }

policy/Azure-Proactive-Resiliency-Library-v2/azurerm/compute/azurerm_linux_virtual_machine_os_disk_storage_account_type.rego

@@ -1,18 +1,18 @@
-package Azure_Proactive_Resiliency_Library_v2.mission_critical_virtual_machine_should_use_premium_or_ultra_disks
+package Azure_Proactive_Resiliency_Library_v2
 
 import rego.v1
 
-valid_azurerm_virtual_machine_os_disk_storage_account_type(resource) if {
+valid_azurerm_mission_critical_virtual_machine_should_use_premium_or_ultra_disks_os_disk_linux(resource) if {
     startswith(resource.values.os_disk[_].storage_account_type, "Premium")
 }
 
-valid_azurerm_virtual_machine_os_disk_storage_account_type(resource) if {
+valid_azurerm_mission_critical_virtual_machine_should_use_premium_or_ultra_disks_os_disk_linux(resource) if {
     startswith(resource.values.os_disk[_].storage_account_type, "Ultra")
 }
 
 deny_mission_critical_virtual_machine_should_use_premium_or_ultra_disks contains reason if {
     resource := data.utils.resource(input, "azurerm_linux_virtual_machine")[_]
-    not valid_azurerm_virtual_machine_os_disk_storage_account_type(resource)
+    not valid_azurerm_mission_critical_virtual_machine_should_use_premium_or_ultra_disks_os_disk_linux(resource)
 
     reason := sprintf("Azure-Proactive-Resiliency-Library-v2: '%s' `azurerm_linux_virtual_machine` must have configured `os_disk.storage_account_type` to use Premium or Ultra type: https://azure.github.io/Azure-Proactive-Resiliency-Library-v2/azure-resources/Compute/virtualMachines/#mission-critical-workloads-should-consider-using-premium-or-ultra-disks", [resource.address])
 }