Merge pull request #7324 from mentat9/preview

Add missing parameter to Set-AzureRmPolicyDefinition

Author: cormacpayne

src/ResourceManager/Resources/Commands.ResourceManager/Cmdlets/Implementation/Policy/SetAzurePolicyDefinition.cs

@@ -80,6 +80,13 @@ public class SetAzurePolicyDefinitionCmdlet : PolicyCmdletBase
         [ValidateNotNullOrEmpty]
         public string Parameter { get; set; }
 
+        /// <summary>
+        /// Gets or sets the new policy definition mode parameter.
+        /// </summary>
+        [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, HelpMessage = PolicyHelpStrings.NewPolicyDefinitionModeHelp)]
+        [ValidateNotNullOrEmpty]
+        public PolicyDefinitionMode? Mode { get; set; }
+
         /// <summary>
         /// Gets or sets the policy definition management group name parameter.
         /// </summary>
@@ -132,10 +139,17 @@ private JToken GetResource(string resourceId, string apiVersion)
         {
             var resource = this.GetExistingResource(resourceId, apiVersion).Result.ToResource();
 
-            var policyRuleJson = string.IsNullOrEmpty(this.Metadata) ? resource.Properties["policyRule"]?.ToString() : GetObjectFromParameter(this.Policy).ToString();
+            var policyRuleJson = string.IsNullOrEmpty(this.Policy) ? resource.Properties["policyRule"]?.ToString() : GetObjectFromParameter(this.Policy).ToString();
             var metaDataJson = string.IsNullOrEmpty(this.Metadata) ? resource.Properties["metadata"]?.ToString() : GetObjectFromParameter(this.Metadata).ToString();
             var parameterJson = string.IsNullOrEmpty(this.Parameter) ? resource.Properties["parameters"]?.ToString() : GetObjectFromParameter(this.Parameter).ToString();
 
+            PolicyDefinitionMode tempMode;
+            PolicyDefinitionMode? existingMode = null;
+            if (Enum.TryParse(resource.Properties["mode"]?.ToString(), true, out tempMode))
+            {
+                existingMode = tempMode;
+            }
+
             var policyDefinitionObject = new PolicyDefinition
             {
                 Name = this.Name ?? resource.Name,
@@ -145,7 +159,8 @@ private JToken GetResource(string resourceId, string apiVersion)
                     DisplayName = this.DisplayName ?? resource.Properties["displayName"]?.ToString(),
                     PolicyRule = string.IsNullOrEmpty(policyRuleJson) ? null : JObject.Parse(policyRuleJson),
                     Metadata = string.IsNullOrEmpty(metaDataJson) ? null : JObject.Parse(metaDataJson),
-                    Parameters = string.IsNullOrEmpty(parameterJson) ? null : JObject.Parse(parameterJson)
+                    Parameters = string.IsNullOrEmpty(parameterJson) ? null : JObject.Parse(parameterJson),
+                    Mode = this.Mode ?? existingMode
                 }
             };
 

src/ResourceManager/Resources/Commands.Resources.Test/Commands.Resources.Test.csproj

@@ -294,6 +294,9 @@
     <None Include="SessionRecords\Microsoft.Azure.Commands.Resources.Test.ScenarioTests.PolicyTests\TestPolicyAssignmentIdentity.json">
       <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
     </None>
+    <None Include="SessionRecords\Microsoft.Azure.Commands.Resources.Test.ScenarioTests.PolicyTests\TestPolicyDefinitionMode.json">
+      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
+    </None>
     <None Include="SessionRecords\Microsoft.Azure.Commands.Resources.Test.ScenarioTests.SubscriptionLevelDeploymentTests\TestDeploymentAsJob.json">
       <CopyToOutputDirectory>Always</CopyToOutputDirectory>
     </None>

src/ResourceManager/Resources/Commands.Resources.Test/ScenarioTests/PolicyTests.cs

@@ -38,6 +38,13 @@ public void TestPolicyDefinitionCRUD()
             ResourcesController.NewInstance.RunPsTest(_logger, "Test-PolicyDefinitionCRUD");
         }
 
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        public void TestPolicyDefinitionMode()
+        {
+            ResourcesController.NewInstance.RunPsTest(_logger, "Test-PolicyDefinitionMode");
+        }
+
         [Fact]
         [Trait(Category.AcceptanceType, Category.CheckIn)]
         public void TestPolicyDefinitionCRUDAtManagementGroup()

src/ResourceManager/Resources/Commands.Resources.Test/ScenarioTests/PolicyTests.ps1

@@ -66,6 +66,154 @@ function Test-PolicyDefinitionCRUD
     Assert-AreEqual True $remove
 }
 
+<#
+.SYNOPSIS
+Tests Policy definition CRUD operations
+#>
+function Test-PolicyDefinitionMode
+{
+    # setup
+    $policyName = Get-ResourceName
+
+    # make a policy definition with non-default mode, get it back and validate
+    $expected = New-AzureRMPolicyDefinition -Name $policyName -Policy "$TestOutputRoot\SamplePolicyDefinition.json" -Mode All -Description $description
+    $actual = Get-AzureRMPolicyDefinition -Name $policyName
+    Assert-NotNull $actual
+    Assert-AreEqual $expected.Name $actual.Name
+    Assert-AreEqual $expected.PolicyDefinitionId $actual.PolicyDefinitionId
+    Assert-NotNull($actual.Properties.PolicyRule)
+    Assert-AreEqual 'All' $actual.Properties.Mode
+    Assert-AreEqual 'All' $expected.Properties.Mode
+
+    # update the same policy definition without touching mode, get it back and validate
+    $actual = Set-AzureRMPolicyDefinition -Name $policyName -DisplayName testDisplay -Description $updatedDescription -Policy "$TestOutputRoot\SamplePolicyDefinition.json" -Metadata $metadata
+    $expected = Get-AzureRMPolicyDefinition -Name $policyName
+    Assert-AreEqual $expected.Properties.DisplayName $actual.Properties.DisplayName
+    Assert-AreEqual $expected.Properties.Description $actual.Properties.Description
+    Assert-NotNull($actual.Properties.Metadata)
+    Assert-AreEqual $metadataValue $actual.Properties.Metadata.$metadataName
+    Assert-AreEqual 'All' $actual.Properties.Mode
+    Assert-AreEqual 'All' $expected.Properties.Mode
+
+    # update the same policy definition explicitly providing the same mode, get it back and validate
+    $actual = Set-AzureRMPolicyDefinition -Name $policyName -DisplayName testDisplay -Mode 'All' -Description $updatedDescription -Policy "$TestOutputRoot\SamplePolicyDefinition.json" -Metadata $metadata
+    $expected = Get-AzureRMPolicyDefinition -Name $policyName
+    Assert-AreEqual $expected.Properties.DisplayName $actual.Properties.DisplayName
+    Assert-AreEqual $expected.Properties.Description $actual.Properties.Description
+    Assert-NotNull($actual.Properties.Metadata)
+    Assert-AreEqual $metadataValue $actual.Properties.Metadata.$metadataName
+    Assert-AreEqual 'All' $actual.Properties.Mode
+    Assert-AreEqual 'All' $expected.Properties.Mode
+
+    # update the same policy definition explicitly providing a different mode, get it back and validate
+    $actual = Set-AzureRMPolicyDefinition -Name $policyName -DisplayName testDisplay -Mode 'Indexed' -Description $updatedDescription -Policy "$TestOutputRoot\SamplePolicyDefinition.json" -Metadata $metadata
+    $expected = Get-AzureRMPolicyDefinition -Name $policyName
+    Assert-AreEqual $expected.Properties.DisplayName $actual.Properties.DisplayName
+    Assert-AreEqual $expected.Properties.Description $actual.Properties.Description
+    Assert-NotNull($actual.Properties.Metadata)
+    Assert-AreEqual $metadataValue $actual.Properties.Metadata.$metadataName
+    Assert-AreEqual 'Indexed' $actual.Properties.Mode
+    Assert-AreEqual 'Indexed' $expected.Properties.Mode
+
+    # clean up
+    $remove = Remove-AzureRMPolicyDefinition -Name $policyName -Force
+    Assert-AreEqual True $remove
+
+    # repeat the same four tests at management group
+    $managementGroup = 'AzGovTest8'
+
+    # make a policy definition with non-default mode, get it back and validate
+    $expected = New-AzureRMPolicyDefinition -ManagementGroupName $managementGroup -Name $policyName -Policy "$TestOutputRoot\SamplePolicyDefinition.json" -Mode All -Description $description
+    $actual = Get-AzureRMPolicyDefinition -ManagementGroupName $managementGroup -Name $policyName
+    Assert-NotNull $actual
+    Assert-AreEqual $expected.Name $actual.Name
+    Assert-AreEqual $expected.PolicyDefinitionId $actual.PolicyDefinitionId
+    Assert-NotNull($actual.Properties.PolicyRule)
+    Assert-AreEqual 'All' $actual.Properties.Mode
+    Assert-AreEqual 'All' $expected.Properties.Mode
+
+    # update the same policy definition without touching mode, get it back and validate
+    $actual = Set-AzureRMPolicyDefinition -ManagementGroupName $managementGroup -Name $policyName -DisplayName testDisplay -Description $updatedDescription -Policy "$TestOutputRoot\SamplePolicyDefinition.json" -Metadata $metadata
+    $expected = Get-AzureRMPolicyDefinition -ManagementGroupName $managementGroup -Name $policyName
+    Assert-AreEqual $expected.Properties.DisplayName $actual.Properties.DisplayName
+    Assert-AreEqual $expected.Properties.Description $actual.Properties.Description
+    Assert-NotNull($actual.Properties.Metadata)
+    Assert-AreEqual $metadataValue $actual.Properties.Metadata.$metadataName
+    Assert-AreEqual 'All' $actual.Properties.Mode
+    Assert-AreEqual 'All' $expected.Properties.Mode
+
+    # update the same policy definition explicitly providing the same mode, get it back and validate
+    $actual = Set-AzureRMPolicyDefinition -ManagementGroupName $managementGroup -Name $policyName -DisplayName testDisplay -Mode 'All' -Description $updatedDescription -Policy "$TestOutputRoot\SamplePolicyDefinition.json" -Metadata $metadata
+    $expected = Get-AzureRMPolicyDefinition -ManagementGroupName $managementGroup -Name $policyName
+    Assert-AreEqual $expected.Properties.DisplayName $actual.Properties.DisplayName
+    Assert-AreEqual $expected.Properties.Description $actual.Properties.Description
+    Assert-NotNull($actual.Properties.Metadata)
+    Assert-AreEqual $metadataValue $actual.Properties.Metadata.$metadataName
+    Assert-AreEqual 'All' $actual.Properties.Mode
+    Assert-AreEqual 'All' $expected.Properties.Mode
+
+    # update the same policy definition explicitly providing a different mode, get it back and validate
+    $actual = Set-AzureRMPolicyDefinition -ManagementGroupName $managementGroup -Name $policyName -DisplayName testDisplay -Mode 'Indexed' -Description $updatedDescription -Policy "$TestOutputRoot\SamplePolicyDefinition.json" -Metadata $metadata
+    $expected = Get-AzureRMPolicyDefinition -ManagementGroupName $managementGroup -Name $policyName
+    Assert-AreEqual $expected.Properties.DisplayName $actual.Properties.DisplayName
+    Assert-AreEqual $expected.Properties.Description $actual.Properties.Description
+    Assert-NotNull($actual.Properties.Metadata)
+    Assert-AreEqual $metadataValue $actual.Properties.Metadata.$metadataName
+    Assert-AreEqual 'Indexed' $actual.Properties.Mode
+    Assert-AreEqual 'Indexed' $expected.Properties.Mode
+
+    # clean up
+    $remove = Remove-AzureRMPolicyDefinition -ManagementGroupName $managementGroup -Name $policyName -Force
+    Assert-AreEqual True $remove
+
+    # repeat the same four tests at subscription id
+    $subscriptionId = 'e8a0d3c2-c26a-4363-ba6b-f56ac74c5ae0'  # AIMES Deployment Test
+
+    # make a policy definition with non-default mode, get it back and validate
+    $expected = New-AzureRMPolicyDefinition -SubscriptionId $subscriptionId -Name $policyName -Policy "$TestOutputRoot\SamplePolicyDefinition.json" -Mode All -Description $description
+    $actual = Get-AzureRMPolicyDefinition -SubscriptionId $subscriptionId -Name $policyName
+    Assert-NotNull $actual
+    Assert-AreEqual $expected.Name $actual.Name
+    Assert-AreEqual $expected.PolicyDefinitionId $actual.PolicyDefinitionId
+    Assert-NotNull($actual.Properties.PolicyRule)
+    Assert-AreEqual 'All' $actual.Properties.Mode
+    Assert-AreEqual 'All' $expected.Properties.Mode
+
+    # update the same policy definition without touching mode, get it back and validate
+    $actual = Set-AzureRMPolicyDefinition -SubscriptionId $subscriptionId -Name $policyName -DisplayName testDisplay -Description $updatedDescription -Policy "$TestOutputRoot\SamplePolicyDefinition.json" -Metadata $metadata
+    $expected = Get-AzureRMPolicyDefinition -SubscriptionId $subscriptionId -Name $policyName
+    Assert-AreEqual $expected.Properties.DisplayName $actual.Properties.DisplayName
+    Assert-AreEqual $expected.Properties.Description $actual.Properties.Description
+    Assert-NotNull($actual.Properties.Metadata)
+    Assert-AreEqual $metadataValue $actual.Properties.Metadata.$metadataName
+    Assert-AreEqual 'All' $actual.Properties.Mode
+    Assert-AreEqual 'All' $expected.Properties.Mode
+
+    # update the same policy definition explicitly providing the same mode, get it back and validate
+    $actual = Set-AzureRMPolicyDefinition -SubscriptionId $subscriptionId -Name $policyName -DisplayName testDisplay -Mode 'All' -Description $updatedDescription -Policy "$TestOutputRoot\SamplePolicyDefinition.json" -Metadata $metadata
+    $expected = Get-AzureRMPolicyDefinition -SubscriptionId $subscriptionId -Name $policyName
+    Assert-AreEqual $expected.Properties.DisplayName $actual.Properties.DisplayName
+    Assert-AreEqual $expected.Properties.Description $actual.Properties.Description
+    Assert-NotNull($actual.Properties.Metadata)
+    Assert-AreEqual $metadataValue $actual.Properties.Metadata.$metadataName
+    Assert-AreEqual 'All' $actual.Properties.Mode
+    Assert-AreEqual 'All' $expected.Properties.Mode
+
+    # update the same policy definition explicitly providing a different mode, get it back and validate
+    $actual = Set-AzureRMPolicyDefinition -SubscriptionId $subscriptionId -Name $policyName -DisplayName testDisplay -Mode 'Indexed' -Description $updatedDescription -Policy "$TestOutputRoot\SamplePolicyDefinition.json" -Metadata $metadata
+    $expected = Get-AzureRMPolicyDefinition -SubscriptionId $subscriptionId -Name $policyName
+    Assert-AreEqual $expected.Properties.DisplayName $actual.Properties.DisplayName
+    Assert-AreEqual $expected.Properties.Description $actual.Properties.Description
+    Assert-NotNull($actual.Properties.Metadata)
+    Assert-AreEqual $metadataValue $actual.Properties.Metadata.$metadataName
+    Assert-AreEqual 'Indexed' $actual.Properties.Mode
+    Assert-AreEqual 'Indexed' $expected.Properties.Mode
+
+    # clean up
+    $remove = Remove-AzureRMPolicyDefinition -SubscriptionId $subscriptionId -Name $policyName -Force
+    Assert-AreEqual True $remove
+}
+
 <#
 .SYNOPSIS
 Tests Policy definition with uri