Merge pull request Azure#3476 from luanshixia/dev

Policy parameters support in New-AzureRmPolicyDefinition and New-AzureRmPolicyAssignment

Author: cormacpayne

src/ResourceManager/Resources/Commands.ResourceManager/Cmdlets/Components/Constants.cs

@@ -63,7 +63,7 @@ public static class Constants
         /// <summary>
         /// The default policy API version.
         /// </summary>
-        public static readonly string PolicyApiVersion = "2016-04-01";
+        public static readonly string PolicyApiVersion = "2016-12-01";
 
         /// <summary>
         /// The default providers API version.

src/ResourceManager/Resources/Commands.ResourceManager/Cmdlets/Entities/Policy/PolicyAssignmentProperties.cs

@@ -15,6 +15,7 @@
 namespace Microsoft.Azure.Commands.ResourceManager.Cmdlets.Entities.Policy
 {
     using Newtonsoft.Json;
+    using Newtonsoft.Json.Linq;
 
     /// <summary>
     /// The policy assignment properties.
@@ -38,5 +39,11 @@ public class PolicyAssignmentProperties
         /// </summary>
         [JsonProperty(Required = Required.Always)]
         public string PolicyDefinitionId { get; set; }
+
+        /// <summary>
+        /// The parameter values.
+        /// </summary>
+        [JsonProperty(Required = Required.Default)]
+        public JObject Parameters { get; set; }
     }
 }

src/ResourceManager/Resources/Commands.ResourceManager/Cmdlets/Entities/Policy/PolicyDefinitionProperties.cs

@@ -39,5 +39,11 @@ public class PolicyDefinitionProperties
         /// </summary>
         [JsonProperty(Required = Required.Always)]
         public JObject PolicyRule { get; set; }
+
+        /// <summary>
+        /// The parameters declaration.
+        /// </summary>
+        [JsonProperty(Required = Required.Default)]
+        public JObject Parameters { get; set; }
     }
 }

src/ResourceManager/Resources/Commands.ResourceManager/Cmdlets/Extensions/JsonExtensions.cs

@@ -19,6 +19,7 @@ namespace Microsoft.Azure.Commands.ResourceManager.Cmdlets.Extensions
     using Newtonsoft.Json.Converters;
     using Newtonsoft.Json.Linq;
     using System;
+    using System.Collections;
     using System.Collections.Generic;
     using System.Globalization;
     using System.IO;
@@ -212,5 +213,31 @@ public static bool TryConvertTo<TType>(this JToken jobject, out TType result)
             result = default(TType);
             return false;
         }
+
+        /// <summary>
+        /// Converts an <see cref="IDictionary"/> object to <see cref="JObject"/> with an extra level labeled as "value".
+        /// </summary>
+        /// <param name="dict">The <see cref="IDictionary"/> object.</param>
+        /// <param name="keys">The key set to extract from the <see cref="IDictionary"/> object. Default is all keys.</param>
+        /// <returns>The conversion result.</returns>
+        public static JObject ToJObjectWithValue(this IDictionary dict, IEnumerable keys = null)
+        {
+            if (dict == null)
+            {
+                return null;
+            }
+            if (keys == null)
+            {
+                keys = dict.Keys;
+            }
+            var parameterObject = new JObject();
+            foreach (string paramKey in keys)
+            {
+                var valueObject = new JObject();
+                valueObject.Add("value", dict[paramKey].ToJToken());
+                parameterObject.Add(paramKey, valueObject);
+            }
+            return parameterObject;
+        }
     }
-}
+}

src/ResourceManager/Resources/Commands.ResourceManager/Cmdlets/Extensions/PsObjectExtensions.cs

@@ -133,5 +133,32 @@ private static JToken ToJToken(object value)
 
             return new JValue(value.ToString());
         }
+
+        /// <summary>
+        /// Gets nested property values from a <see cref="PSObject"/> easily using property path.
+        /// </summary>
+        /// <param name="propertyObject">The <see cref="PSObject"/> to get property value from.</param>
+        /// <param name="propertyPath">The nested property path, e.g. "metadata.description".</param>
+        /// <returns>The value of the specified property.</returns>
+        internal static object GetPSObjectProperty(this PSObject propertyObject, string propertyPath)
+        {
+            var propertyNames = propertyPath.Split('.');
+            var tmpObject = propertyObject;
+            foreach (var propertyName in propertyNames)
+            {
+                var propertyInfo = tmpObject.Properties[propertyName];
+                if (propertyInfo != null)
+                {
+                    if (propertyInfo.Value is PSObject)
+                    {
+                        tmpObject = propertyInfo.Value as PSObject;
+                        continue;
+                    }
+                    return propertyInfo.Value;
+                }
+                return null;
+            }
+            return tmpObject;
+        }
     }
 }

src/ResourceManager/Resources/Commands.ResourceManager/Cmdlets/Implementation/Policy/NewAzurePolicyAssignment.cs

@@ -17,15 +17,26 @@ namespace Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation
     using Microsoft.Azure.Commands.ResourceManager.Cmdlets.Components;
     using Microsoft.Azure.Commands.ResourceManager.Cmdlets.Entities.Policy;
     using Microsoft.Azure.Commands.ResourceManager.Cmdlets.Extensions;
+    using Microsoft.Azure.Commands.Common.Authentication;
+    using Microsoft.WindowsAzure.Commands.Utilities.Common;
     using Newtonsoft.Json.Linq;
     using System.Management.Automation;
+    using System;
+    using System.Linq;
+    using System.Collections;
 
     /// <summary>
     /// Creates a policy assignment.
     /// </summary>
-    [Cmdlet(VerbsCommon.New, "AzureRmPolicyAssignment"), OutputType(typeof(PSObject))]
-    public class NewAzurePolicyAssignmentCmdlet : PolicyAssignmentCmdletBase
+    [Cmdlet(VerbsCommon.New, "AzureRmPolicyAssignment", DefaultParameterSetName = ParameterlessPolicyParameterSetName), OutputType(typeof(PSObject))]
+    public class NewAzurePolicyAssignmentCmdlet : PolicyAssignmentCmdletBase, IDynamicParameters
     {
+        protected RuntimeDefinedParameterDictionary dynamicParameters = new RuntimeDefinedParameterDictionary();
+
+        protected const string PolicyParameterObjectParameterSetName = "Policy assignment with parameters via policy parameter object";
+        protected const string PolicyParameterStringParameterSetName = "Policy assignment with parameters via policy parameter string";
+        protected const string ParameterlessPolicyParameterSetName = "Policy assignment without parameters";
+
         /// <summary>
         /// Gets or sets the policy assignment name parameter.
         /// </summary>
@@ -50,9 +61,30 @@ public class NewAzurePolicyAssignmentCmdlet : PolicyAssignmentCmdletBase
         /// <summary>
         /// Gets or sets the policy assignment policy definition parameter.
         /// </summary>
-        [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, HelpMessage = "The pollicy definition object.")]
+        [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, HelpMessage = "The policy definition object.")]
+        [Parameter(ParameterSetName = ParameterlessPolicyParameterSetName,
+            Mandatory = true, ValueFromPipelineByPropertyName = true, HelpMessage = "The policy definition object.")]
+        [Parameter(ParameterSetName = PolicyParameterObjectParameterSetName,
+            Mandatory = true, ValueFromPipelineByPropertyName = true, HelpMessage = "The policy definition object.")]
+        [Parameter(ParameterSetName = PolicyParameterStringParameterSetName,
+            Mandatory = true, ValueFromPipelineByPropertyName = true, HelpMessage = "The policy definition object.")]
         public PSObject PolicyDefinition { get; set; }
 
+        /// <summary>
+        /// Gets or sets the policy assignment policy parameter object.
+        /// </summary>
+        [Parameter(ParameterSetName = PolicyParameterObjectParameterSetName,
+            Mandatory = true, ValueFromPipelineByPropertyName = false, HelpMessage = "The policy parameter object.")]
+        public Hashtable PolicyParameterObject { get; set; }
+
+        /// <summary>
+        /// Gets or sets the policy assignment policy parameter file path or policy parameter string.
+        /// </summary>
+        [Parameter(ParameterSetName = PolicyParameterStringParameterSetName, 
+            Mandatory = true, ValueFromPipelineByPropertyName = true, HelpMessage = "The policy parameter file path or policy parameter string.")]
+        [ValidateNotNullOrEmpty]
+        public string PolicyParameter { get; set; }
+
         /// <summary>
         /// Executes the cmdlet.
         /// </summary>
@@ -112,11 +144,72 @@ private JToken GetResource()
                 {
                     DisplayName = this.DisplayName ?? null,
                     PolicyDefinitionId = this.PolicyDefinition.Properties["policyDefinitionId"].Value.ToString(),
-                    Scope = this.Scope
+                    Scope = this.Scope,
+                    Parameters = this.GetParameters()
                 }
             };
 
             return policyassignmentObject.ToJToken();
         }
+
+        object IDynamicParameters.GetDynamicParameters()
+        {
+            if (this.PolicyDefinition != null)
+            {
+                var parameters = this.PolicyDefinition.GetPSObjectProperty("Properties.parameters") as PSObject;
+                if (parameters != null)
+                {
+                    foreach (var param in parameters.Properties)
+                    {
+                        var type = (param.Value as PSObject).Properties["type"];
+                        var typeString = type != null ? type.Value.ToString() : string.Empty;
+                        var description = (param.Value as PSObject).GetPSObjectProperty("metadata.description");
+                        var helpString = description != null ? description.ToString() : string.Format("The {0} policy parameter.", param.Name);
+                        var dp = new RuntimeDefinedParameter
+                        {
+                            Name = param.Name,
+                            ParameterType = typeString.Equals("array", StringComparison.OrdinalIgnoreCase) ? typeof(string[]) : typeof(string)
+                        };
+                        dp.Attributes.Add(new ParameterAttribute
+                        {
+                            ParameterSetName = ParameterlessPolicyParameterSetName,
+                            Mandatory = true,
+                            ValueFromPipelineByPropertyName = false,
+                            HelpMessage = helpString
+                        });
+                        this.dynamicParameters.Add(param.Name, dp);
+                    }
+                }
+            }
+
+            return this.dynamicParameters;
+        }
+
+        private JObject GetParameters()
+        {
+            // Load parameters from local file or literal
+            if (this.PolicyParameter != null)
+            {
+                string policyParameterFilePath = this.TryResolvePath(this.PolicyParameter);
+                return FileUtilities.DataStore.FileExists(policyParameterFilePath)
+                    ? JObject.Parse(FileUtilities.DataStore.ReadFileAsText(policyParameterFilePath))
+                    : JObject.Parse(this.PolicyParameter);
+            }
+
+            // Load from PS object
+            if (this.PolicyParameterObject != null)
+            {
+                return this.PolicyParameterObject.ToJObjectWithValue();
+            }
+
+            // Load dynamic parameters
+            var parameters = PowerShellUtilities.GetUsedDynamicParameters(dynamicParameters, MyInvocation);
+            if (parameters.Count() > 0)
+            {
+                return MyInvocation.BoundParameters.ToJObjectWithValue(parameters.Select(p => p.Name));
+            }
+
+            return null;
+        }
     }
-}
+}

src/ResourceManager/Resources/Commands.ResourceManager/Cmdlets/Implementation/Policy/NewAzurePolicyDefinition.cs

@@ -52,12 +52,19 @@ public class NewAzurePolicyDefinitionCmdlet : PolicyDefinitionCmdletBase
         public string Description { get; set; }
 
         /// <summary>
-        /// Gets or sets the policy parameter
+        /// Gets or sets the policy definition policy rule parameter
         /// </summary>
         [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, HelpMessage = "The rule for policy definition. This can either be a path to a file name containing the rule, or the rule as string.")]
         [ValidateNotNullOrEmpty]
         public string Policy { get; set; }
 
+        /// <summary>
+        /// Gets or sets the policy definition parameters parameter
+        /// </summary>
+        [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, HelpMessage = "The parameters declaration for policy definition. This can either be a path to a file name containing the parameters declaration, or the parameters declaration as string.")]
+        [ValidateNotNullOrEmpty]
+        public string Parameter { get; set; }
+
         /// <summary>
         /// Executes the cmdlet.
         /// </summary>
@@ -113,7 +120,8 @@ private JToken GetResource()
                 {
                     Description = this.Description ?? null,
                     DisplayName = this.DisplayName ?? null,
-                    PolicyRule = JObject.Parse(GetPolicyRuleObject().ToString())
+                    PolicyRule = JObject.Parse(this.GetPolicyRuleObject().ToString()),
+                    Parameters = this.Parameter == null ? null : JObject.Parse(this.GetParametersObject().ToString())
                 }
             };
 
@@ -131,5 +139,17 @@ private JToken GetPolicyRuleObject()
                 ? JToken.FromObject(FileUtilities.DataStore.ReadFileAsText(policyFilePath))
                 : JToken.FromObject(this.Policy);
         }
+
+        /// <summary>
+        /// Gets the parameters object
+        /// </summary>
+        private JToken GetParametersObject()
+        {
+            string parametersFilePath = this.TryResolvePath(this.Parameter);
+
+            return File.Exists(parametersFilePath)
+                ? JToken.FromObject(FileUtilities.DataStore.ReadFileAsText(parametersFilePath))
+                : JToken.FromObject(this.Parameter);
+        }
     }
 }

src/ResourceManager/Resources/Commands.ResourceManager/Cmdlets/Implementation/Policy/SetAzurePolicyAssignment.cs

@@ -145,4 +145,4 @@ protected string GetResourceId()
                 extensionResourceName: this.Name);
         }
     }
-}
+}

src/ResourceManager/Resources/Commands.Resources.Test/Commands.Resources.Test.csproj

@@ -274,6 +274,15 @@
     <None Include="keyVaultTemplateParams.json">
       <CopyToOutputDirectory>Always</CopyToOutputDirectory>
     </None>
+    <None Include="SamplePolicyAssignmentParameters.json">
+      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
+    </None>
+    <None Include="SamplePolicyDefinitionParameters.json">
+      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
+    </None>
+    <None Include="SamplePolicyDefinitionWithParameters.json">
+      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
+    </None>
     <None Include="SamplePolicyDefinition.json">
       <CopyToOutputDirectory>Always</CopyToOutputDirectory>
     </None>
@@ -395,8 +404,14 @@
     <None Include="SessionRecords\Microsoft.Azure.Commands.Resources.Test.ScenarioTests.PolicyTests\TestPolicyAssignmentCRUD.json">
       <CopyToOutputDirectory>Always</CopyToOutputDirectory>
     </None>
+    <None Include="SessionRecords\Microsoft.Azure.Commands.Resources.Test.ScenarioTests.PolicyTests\TestPolicyAssignmentWithParameters.json">
+      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
+    </None>
     <None Include="SessionRecords\Microsoft.Azure.Commands.Resources.Test.ScenarioTests.PolicyTests\TestPolicyDefinitionCRUD.json">
-      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
+    </None>
+    <None Include="SessionRecords\Microsoft.Azure.Commands.Resources.Test.ScenarioTests.PolicyTests\TestPolicyDefinitionWithParameters.json">
+      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
     </None>
     <None Include="SessionRecords\Microsoft.Azure.Commands.Resources.Test.ScenarioTests.ProviderFeatureTests\TestAzureProviderFeature.json">
       <CopyToOutputDirectory>Always</CopyToOutputDirectory>

src/ResourceManager/Resources/Commands.Resources.Test/SamplePolicyAssignmentParameters.json

@@ -0,0 +1,8 @@
+{
+  "listOfAllowedLocations": {
+    "value": [
+      "West US",
+      "West US 2"
+    ]
+  }
+}

src/ResourceManager/Resources/Commands.Resources.Test/SamplePolicyDefinitionParameters.json

@@ -0,0 +1,10 @@
+{
+    "listOfAllowedLocations": {
+        "type": "array",
+      "metadata": {
+        "description": "An array of permitted locations for resources.",
+        "strongType": "location",
+        "displayName": "List of locations"
+      }
+    }
+}

src/ResourceManager/Resources/Commands.Resources.Test/SamplePolicyDefinitionWithParameters.json

@@ -0,0 +1,11 @@
+{
+  "if": {
+    "not": {
+      "field": "location",
+      "in": "[parameters('listOfAllowedLocations')]"
+    }
+  },
+  "then": {
+    "effect": "deny"
+  }
+}

src/ResourceManager/Resources/Commands.Resources.Test/ScenarioTests/PolicyTests.cs

@@ -41,5 +41,19 @@ public void TestPolicyAssignmentCRUD()
         {
             ResourcesController.NewInstance.RunPsTest("Test-PolicyAssignmentCRUD");
         }
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        public void TestPolicyDefinitionWithParameters()
+        {
+            ResourcesController.NewInstance.RunPsTest("Test-PolicyDefinitionWithParameters");
+        }
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        public void TestPolicyAssignmentWithParameters()
+        {
+            ResourcesController.NewInstance.RunPsTest("Test-PolicyAssignmentWithParameters");
+        }
     }
 }