From 04bef467bb894c538b59a3b25d393181af6a4063 Mon Sep 17 00:00:00 2001 From: Elad Perets Date: Thu, 21 Jan 2021 17:17:01 -0800 Subject: [PATCH] Add new policy 'count' expressions Also updating some descriptions --- .../2015-10-01-preview/policyDefinition.json | 2 +- schemas/2016-12-01/policyDefinition.json | 2 +- schemas/2018-05-01/policyDefinition.json | 2 +- schemas/2019-01-01/policyDefinition.json | 2 +- schemas/2019-06-01/policyDefinition.json | 2 +- schemas/2019-09-01/policyDefinition.json | 50 +++++++++++---- tests/2019-09-01/policyDefinition.tests.json | 63 ++++++++++++++++++- 7 files changed, 104 insertions(+), 19 deletions(-) diff --git a/schemas/2015-10-01-preview/policyDefinition.json b/schemas/2015-10-01-preview/policyDefinition.json index 49c0519fce..2f31aae4d4 100644 --- a/schemas/2015-10-01-preview/policyDefinition.json +++ b/schemas/2015-10-01-preview/policyDefinition.json @@ -2,7 +2,7 @@ "id": "https://schema.management.azure.com/schemas/2015-10-01-preview/policyDefinition.json#", "$schema": "http://json-schema.org/draft-04/schema#", "title": "Policy Definition", - "description": "This schema defines Azure resource policy definition, please see https://azure.microsoft.com/en-us/documentation/articles/resource-manager-policy/ for more details.", + "description": "This schema defines Azure Policy definition policy rules. For more details, see https://docs.microsoft.com/azure/governance/policy/.", "type": "object", "properties": { "if": { diff --git a/schemas/2016-12-01/policyDefinition.json b/schemas/2016-12-01/policyDefinition.json index d888412e00..93d79a782f 100644 --- a/schemas/2016-12-01/policyDefinition.json +++ b/schemas/2016-12-01/policyDefinition.json @@ -2,7 +2,7 @@ "id": "https://schema.management.azure.com/schemas/2016-12-01/policyDefinition.json#", "$schema": "http://json-schema.org/draft-04/schema#", "title": "Policy Definition", - "description": "This schema defines Azure resource policy definition, please see https://azure.microsoft.com/en-us/documentation/articles/resource-manager-policy/ for more details.", + "description": "This schema defines Azure Policy definition policy rules. For more details, see https://docs.microsoft.com/azure/governance/policy/.", "type": "object", "properties": { "if": { diff --git a/schemas/2018-05-01/policyDefinition.json b/schemas/2018-05-01/policyDefinition.json index d34f19fbb0..8c18348cfe 100644 --- a/schemas/2018-05-01/policyDefinition.json +++ b/schemas/2018-05-01/policyDefinition.json @@ -2,7 +2,7 @@ "id": "https://schema.management.azure.com/schemas/2018-05-01/policyDefinition.json#", "$schema": "http://json-schema.org/draft-04/schema#", "title": "Policy Definition", - "description": "This schema defines Azure resource policy definition, please see https://azure.microsoft.com/en-us/documentation/articles/resource-manager-policy/ for more details.", + "description": "This schema defines Azure Policy definition policy rules. For more details, see https://docs.microsoft.com/azure/governance/policy/.", "type": "object", "properties": { "if": { diff --git a/schemas/2019-01-01/policyDefinition.json b/schemas/2019-01-01/policyDefinition.json index ec2f18af4a..b345b3319e 100644 --- a/schemas/2019-01-01/policyDefinition.json +++ b/schemas/2019-01-01/policyDefinition.json @@ -2,7 +2,7 @@ "id": "https://schema.management.azure.com/schemas/2019-01-01/policyDefinition.json#", "$schema": "http://json-schema.org/draft-04/schema#", "title": "Policy Definition", - "description": "This schema defines Azure resource policy definition, please see https://azure.microsoft.com/documentation/articles/resource-manager-policy/ for more details.", + "description": "This schema defines Azure Policy definition policy rules. For more details, see https://docs.microsoft.com/azure/governance/policy/.", "type": "object", "properties": { "if": { diff --git a/schemas/2019-06-01/policyDefinition.json b/schemas/2019-06-01/policyDefinition.json index 4c5b578e77..2b6ef2c311 100644 --- a/schemas/2019-06-01/policyDefinition.json +++ b/schemas/2019-06-01/policyDefinition.json @@ -2,7 +2,7 @@ "id": "https://schema.management.azure.com/schemas/2019-06-01/policyDefinition.json#", "$schema": "http://json-schema.org/draft-04/schema#", "title": "Policy Definition", - "description": "This schema defines Azure resource policy definition, please see https://azure.microsoft.com/documentation/articles/resource-manager-policy/ for more details.", + "description": "This schema defines Azure Policy definition policy rules. For more details, see https://docs.microsoft.com/azure/governance/policy/.", "type": "object", "properties": { "if": { diff --git a/schemas/2019-09-01/policyDefinition.json b/schemas/2019-09-01/policyDefinition.json index 67189082ef..079c7b8d98 100644 --- a/schemas/2019-09-01/policyDefinition.json +++ b/schemas/2019-09-01/policyDefinition.json @@ -348,21 +348,45 @@ ] }, "countExpression": { - "properties": { - "field": { - "type": "string" + "oneOf": [ + { + "properties": { + "field": { + "type": "string" + }, + "where": { + "oneOf": [ + { "$ref": "#/definitions/condition" }, + { "$ref": "#/definitions/operatorNot" }, + { "$ref": "#/definitions/operatorAnyOf" }, + { "$ref": "#/definitions/operatorAllOf" } + ] + } + }, + "required": [ "field" ], + "additionalProperties": false }, - "where": { - "oneOf": [ - { "$ref": "#/definitions/condition" }, - { "$ref": "#/definitions/operatorNot" }, - { "$ref": "#/definitions/operatorAnyOf" }, - { "$ref": "#/definitions/operatorAllOf" } - ] + { + "properties": { + "value": { + "type": [ "array", "string" ] + }, + "name": { + "type": "string" + }, + "where": { + "oneOf": [ + { "$ref": "#/definitions/condition" }, + { "$ref": "#/definitions/operatorNot" }, + { "$ref": "#/definitions/operatorAnyOf" }, + { "$ref": "#/definitions/operatorAllOf" } + ] + } + }, + "required": [ "value" ], + "additionalProperties": false } - }, - "required": [ "field" ], - "additionalProperties": false + ] }, "operatorNot": { "properties": { diff --git a/tests/2019-09-01/policyDefinition.tests.json b/tests/2019-09-01/policyDefinition.tests.json index cbc025695b..743d9922c3 100644 --- a/tests/2019-09-01/policyDefinition.tests.json +++ b/tests/2019-09-01/policyDefinition.tests.json @@ -57,7 +57,7 @@ } }, { - "name": "PolicyDefinition tests - valid complex count condition", + "name": "PolicyDefinition tests - valid complex field count condition", "definition": "https://schema.management.azure.com/schemas/2019-09-01/policyDefinition.json#", "json": { "if": { @@ -93,6 +93,67 @@ } } }, + { + "name": "PolicyDefinition tests - valid value count conditions", + "definition": "https://schema.management.azure.com/schemas/2019-09-01/policyDefinition.json#", + "json": { + "if": { + "allOf": [ + { + "count": { + "value": [] + }, + "greater": 0 + }, + { + "count": { + "value": [], + "name": "currentValue" + }, + "greater": 0 + }, + { + "count": { + "value": [], + "name": "currentValue", + "where": { + "value": "[current('currentValue')]", + "equals": 1 + } + }, + "greater": 0 + }, + { + "count": { + "value": "[parameters('arrayParam')]" + }, + "greater": 0 + }, + { + "count": { + "value": "[parameters('arrayParam')]", + "name": "currentValue" + }, + "greater": 0 + }, + { + "count": { + "value": "[parameters('arrayParam')]", + "name": "currentValue", + "where": { + "value": "[current('currentValue')]", + "equals": 1 + } + }, + "greater": 0 + } + ] + }, + "then": { + "effect": "deny" + } + } + }, { "name": "PolicyDefinition tests - valid append details", "definition": "https://schema.management.azure.com/schemas/2019-09-01/policyDefinition.json#",