Merge pull request #1475 from eladperets/master

anthony-c-martin · web-flow · commit 0e1c9ba68278 · 2021-01-22T14:55:57.000-05:00
Add new policy 'count' expressions
diff --git a/schemas/2015-10-01-preview/policyDefinition.json b/schemas/2015-10-01-preview/policyDefinition.json
@@ -2,7 +2,7 @@
   "id": "https://schema.management.azure.com/schemas/2015-10-01-preview/policyDefinition.json#",
   "$schema": "http://json-schema.org/draft-04/schema#",
   "title": "Policy Definition",
-  "description": "This schema defines Azure resource policy definition, please see https://azure.microsoft.com/en-us/documentation/articles/resource-manager-policy/ for more details.",
+  "description": "This schema defines Azure Policy definition policy rules. For more details, see https://docs.microsoft.com/azure/governance/policy/.",
   "type": "object",
   "properties": {
     "if": {
diff --git a/schemas/2016-12-01/policyDefinition.json b/schemas/2016-12-01/policyDefinition.json
@@ -2,7 +2,7 @@
   "id": "https://schema.management.azure.com/schemas/2016-12-01/policyDefinition.json#",
   "$schema": "http://json-schema.org/draft-04/schema#",
   "title": "Policy Definition",
-  "description": "This schema defines Azure resource policy definition, please see https://azure.microsoft.com/en-us/documentation/articles/resource-manager-policy/ for more details.",
+  "description": "This schema defines Azure Policy definition policy rules. For more details, see https://docs.microsoft.com/azure/governance/policy/.",
   "type": "object",
   "properties": {
     "if": {
diff --git a/schemas/2018-05-01/policyDefinition.json b/schemas/2018-05-01/policyDefinition.json
@@ -2,7 +2,7 @@
   "id": "https://schema.management.azure.com/schemas/2018-05-01/policyDefinition.json#",
   "$schema": "http://json-schema.org/draft-04/schema#",
   "title": "Policy Definition",
-  "description": "This schema defines Azure resource policy definition, please see https://azure.microsoft.com/en-us/documentation/articles/resource-manager-policy/ for more details.",
+  "description": "This schema defines Azure Policy definition policy rules. For more details, see https://docs.microsoft.com/azure/governance/policy/.",
   "type": "object",
   "properties": {
     "if": {
diff --git a/schemas/2019-01-01/policyDefinition.json b/schemas/2019-01-01/policyDefinition.json
@@ -2,7 +2,7 @@
   "id": "https://schema.management.azure.com/schemas/2019-01-01/policyDefinition.json#",
   "$schema": "http://json-schema.org/draft-04/schema#",
   "title": "Policy Definition",
-  "description": "This schema defines Azure resource policy definition, please see https://azure.microsoft.com/documentation/articles/resource-manager-policy/ for more details.",
+  "description": "This schema defines Azure Policy definition policy rules. For more details, see https://docs.microsoft.com/azure/governance/policy/.",
   "type": "object",
   "properties": {
     "if": {
diff --git a/schemas/2019-06-01/policyDefinition.json b/schemas/2019-06-01/policyDefinition.json
@@ -2,7 +2,7 @@
   "id": "https://schema.management.azure.com/schemas/2019-06-01/policyDefinition.json#",
   "$schema": "http://json-schema.org/draft-04/schema#",
   "title": "Policy Definition",
-  "description": "This schema defines Azure resource policy definition, please see https://azure.microsoft.com/documentation/articles/resource-manager-policy/ for more details.",
+  "description": "This schema defines Azure Policy definition policy rules. For more details, see https://docs.microsoft.com/azure/governance/policy/.",
   "type": "object",
   "properties": {
     "if": {
diff --git a/schemas/2019-09-01/policyDefinition.json b/schemas/2019-09-01/policyDefinition.json
@@ -348,21 +348,45 @@
       ]
     },
     "countExpression": {
-      "properties": {
-        "field": {
-          "type": "string"
+      "oneOf": [
+        {
+          "properties": {
+            "field": {
+              "type": "string"
+            },
+            "where": {
+              "oneOf": [
+                { "$ref": "#/definitions/condition" },
+                { "$ref": "#/definitions/operatorNot" },
+                { "$ref": "#/definitions/operatorAnyOf" },
+                { "$ref": "#/definitions/operatorAllOf" }
+              ]
+            }
+          },
+          "required": [ "field" ],
+          "additionalProperties": false
         },
-        "where": {
-          "oneOf": [
-            { "$ref": "#/definitions/condition" },
-            { "$ref": "#/definitions/operatorNot" },
-            { "$ref": "#/definitions/operatorAnyOf" },
-            { "$ref": "#/definitions/operatorAllOf" }
-          ]
+        {
+          "properties": {
+            "value": {
+              "type": [ "array", "string" ]
+            },
+            "name": {
+              "type": "string"
+            },
+            "where": {
+              "oneOf": [
+                { "$ref": "#/definitions/condition" },
+                { "$ref": "#/definitions/operatorNot" },
+                { "$ref": "#/definitions/operatorAnyOf" },
+                { "$ref": "#/definitions/operatorAllOf" }
+              ]
+            }
+          },
+          "required": [ "value" ],
+          "additionalProperties": false
         }
-      },
-      "required": [ "field" ],
-      "additionalProperties": false
+      ]
     },
     "operatorNot": {
       "properties": {
diff --git a/tests/2019-09-01/policyDefinition.tests.json b/tests/2019-09-01/policyDefinition.tests.json
@@ -57,7 +57,7 @@
       }
     },
     {
-      "name": "PolicyDefinition tests - valid complex count condition",
+      "name": "PolicyDefinition tests - valid complex field count condition",
       "definition": "https://schema.management.azure.com/schemas/2019-09-01/policyDefinition.json#",
       "json": {
         "if": {
@@ -93,6 +93,67 @@
         }
       }
     },
+    {
+      "name": "PolicyDefinition tests - valid value count conditions",
+      "definition": "https://schema.management.azure.com/schemas/2019-09-01/policyDefinition.json#",
+      "json": {
+        "if": {
+          "allOf": [
+            {
+              "count": {
+                "value": []
+              },
+              "greater": 0
+            },
+            {
+              "count": {
+                "value": [],
+                "name": "currentValue"
+              },
+              "greater": 0
+            },
+            {
+              "count": {
+                "value": [],
+                "name": "currentValue",
+                "where": {
+                  "value": "[current('currentValue')]",
+                  "equals": 1
+                }
+              },
+              "greater": 0
+            },
+            {
+              "count": {
+                "value": "[parameters('arrayParam')]"
+              },
+              "greater": 0
+            },
+            {
+              "count": {
+                "value": "[parameters('arrayParam')]",
+                "name": "currentValue"
+              },
+              "greater": 0
+            },
+            {
+              "count": {
+                "value": "[parameters('arrayParam')]",
+                "name": "currentValue",
+                "where": {
+                  "value": "[current('currentValue')]",
+                  "equals": 1
+                }
+              },
+              "greater": 0
+            }
+          ]
+        },
+        "then": {
+          "effect": "deny"
+        }
+      }
+    },
     {
       "name": "PolicyDefinition tests - valid append details",
       "definition": "https://schema.management.azure.com/schemas/2019-09-01/policyDefinition.json#",
