mgmt, support parameters in policy (Azure#22103)

* mgmt, support parameters in policy

* changelog

* use immutable collection

Author: weidongxu-microsoft

sdk/resourcemanager/azure-resourcemanager-resources/CHANGELOG.md

@@ -2,7 +2,8 @@
 
 ## 2.6.0-beta.1 (Unreleased)
 
-- Added Support for Challenge Based Authentication in `AuthenticationPolicy`.
+- Added support for Challenge Based Authentication in `AuthenticationPolicy`.
+- Added support for `parameters` in `PolicyDefinition` and `PolicyAssignment`.
 
 ## 2.5.0 (2021-05-28)
 - Updated `api-version` of resources to `2021-01-01`

sdk/resourcemanager/azure-resourcemanager-resources/src/main/java/com/azure/resourcemanager/resources/implementation/PolicyAssignmentImpl.java

@@ -3,7 +3,9 @@
 
 package com.azure.resourcemanager.resources.implementation;
 
+import com.azure.resourcemanager.resources.models.EnforcementMode;
 import com.azure.resourcemanager.resources.models.GenericResource;
+import com.azure.resourcemanager.resources.models.ParameterValuesValue;
 import com.azure.resourcemanager.resources.models.PolicyAssignment;
 import com.azure.resourcemanager.resources.models.PolicyDefinition;
 import com.azure.resourcemanager.resources.models.ResourceGroup;
@@ -12,6 +14,12 @@
 import com.azure.resourcemanager.resources.fluent.PolicyAssignmentsClient;
 import reactor.core.publisher.Mono;
 
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+import java.util.TreeMap;
+
 /**
  * Implementation for {@link PolicyAssignment}.
  */
@@ -55,6 +63,25 @@ public String type() {
         return innerModel().type();
     }
 
+    @Override
+    public List<String> excludedScopes() {
+        return innerModel().notScopes() == null
+            ? Collections.emptyList()
+            : Collections.unmodifiableList(innerModel().notScopes());
+    }
+
+    @Override
+    public EnforcementMode enforcementMode() {
+        return innerModel().enforcementMode();
+    }
+
+    @Override
+    public Map<String, ParameterValuesValue> parameters() {
+        return innerModel().parameters() == null
+            ? Collections.emptyMap()
+            : Collections.unmodifiableMap(innerModel().parameters());
+    }
+
     @Override
     public PolicyAssignmentImpl withDisplayName(String displayName) {
         innerModel().withDisplayName(displayName);
@@ -105,4 +132,28 @@ public boolean isInCreateMode() {
     protected Mono<PolicyAssignmentInner> getInnerAsync() {
         return innerCollection.getAsync(innerModel().scope(), name());
     }
+
+    @Override
+    public PolicyAssignmentImpl withExcludedScope(String scope) {
+        if (innerModel().notScopes() == null) {
+            innerModel().withNotScopes(new ArrayList<>());
+        }
+        innerModel().notScopes().add(scope);
+        return this;
+    }
+
+    @Override
+    public PolicyAssignmentImpl withParameter(String name, Object value) {
+        if (innerModel().parameters() == null) {
+            innerModel().withParameters(new TreeMap<>());
+        }
+        innerModel().parameters().put(name, new ParameterValuesValue().withValue(value));
+        return this;
+    }
+
+    @Override
+    public PolicyAssignmentImpl withEnforcementMode(EnforcementMode mode) {
+        innerModel().withEnforcementMode(mode);
+        return this;
+    }
 }

sdk/resourcemanager/azure-resourcemanager-resources/src/main/java/com/azure/resourcemanager/resources/implementation/PolicyDefinitionImpl.java

@@ -4,6 +4,8 @@
 package com.azure.resourcemanager.resources.implementation;
 
 import com.azure.core.util.logging.ClientLogger;
+import com.azure.resourcemanager.resources.models.ParameterDefinitionsValue;
+import com.azure.resourcemanager.resources.models.ParameterType;
 import com.azure.resourcemanager.resources.models.PolicyDefinition;
 import com.azure.resourcemanager.resources.models.PolicyType;
 import com.azure.resourcemanager.resources.fluent.models.PolicyDefinitionInner;
@@ -13,6 +15,9 @@
 import reactor.core.publisher.Mono;
 
 import java.io.IOException;
+import java.util.Collections;
+import java.util.Map;
+import java.util.TreeMap;
 
 /**
  * Implementation for {@link PolicyDefinition}.
@@ -51,6 +56,13 @@ public Object policyRule() {
         return innerModel().policyRule();
     }
 
+    @Override
+    public Map<String, ParameterDefinitionsValue> parameters() {
+        return innerModel().parameters() == null
+            ? Collections.emptyMap()
+            : Collections.unmodifiableMap(innerModel().parameters());
+    }
+
     @Override
     public String id() {
         return innerModel().id();
@@ -105,4 +117,25 @@ public Mono<PolicyDefinition> createResourceAsync() {
     public boolean isInCreateMode() {
         return id() == null;
     }
+
+    @Override
+    public PolicyDefinitionImpl withParameter(String name, ParameterDefinitionsValue definition) {
+        if (innerModel().parameters() == null) {
+            innerModel().withParameters(new TreeMap<>());
+        }
+        innerModel().parameters().put(name, definition);
+        return this;
+    }
+
+    @Override
+    public PolicyDefinitionImpl withParameter(String name, ParameterType parameterType, Object defaultValue) {
+        if (innerModel().parameters() == null) {
+            innerModel().withParameters(new TreeMap<>());
+        }
+        innerModel().parameters().put(name,
+            new ParameterDefinitionsValue()
+                .withType(parameterType)
+                .withDefaultValue(defaultValue));
+        return this;
+    }
 }

sdk/resourcemanager/azure-resourcemanager-resources/src/main/java/com/azure/resourcemanager/resources/models/PolicyAssignment.java

@@ -12,6 +12,9 @@
 import com.azure.resourcemanager.resources.fluentcore.model.Refreshable;
 import com.azure.resourcemanager.resources.fluent.models.PolicyAssignmentInner;
 
+import java.util.List;
+import java.util.Map;
+
 /**
  * An immutable client-side representation of an Azure policy assignment.
  */
@@ -43,6 +46,21 @@ public interface PolicyAssignment extends
      */
     String type();
 
+    /**
+     * @return the excluded scopes of the policy assignment
+     */
+    List<String> excludedScopes();
+
+    /**
+     * @return the enforcement mode of the policy assignment
+     */
+    EnforcementMode enforcementMode();
+
+    /**
+     * @return the parameters of the policy assignment
+     */
+    Map<String, ParameterValuesValue> parameters();
+
     /**
      * Container interface for all the definitions that need to be implemented.
      */
@@ -125,14 +143,57 @@ interface WithDisplayName {
             WithCreate withDisplayName(String displayName);
         }
 
+        /**
+         * A policy assignment allowing the excluded scopes to be set.
+         */
+        interface WithExcludedScopes {
+            /**
+             * Specifies the excluded scope of the policy assignment.
+             *
+             * @param scope the scope to be excluded from the policy assignment
+             * @return the next stage of policy assignment
+             */
+            WithCreate withExcludedScope(String scope);
+        }
+
+        /**
+         * A policy assignment allowing the parameters to be set.
+         */
+        interface WithParameters {
+            /**
+             * Specifies the parameter of the policy assignment.
+             *
+             * @param name the name of the parameter
+             * @param value the value of the parameter
+             * @return the next stage of policy assignment
+             */
+            WithCreate withParameter(String name, Object value);
+        }
+
+        /**
+         * A policy assignment allowing the enforcement mode to be set.
+         */
+        interface WithEnforcementMode {
+            /**
+             * Specifies the enforcement mode of the policy assignment.
+             *
+             * @param mode the enforcement mode of the policy assignment
+             * @return the next stage of policy assignment
+             */
+            WithCreate withEnforcementMode(EnforcementMode mode);
+        }
+
         /**
          * A policy assignment with sufficient inputs to create a new policy
          * assignment in the cloud, but exposing additional optional inputs to
          * specify.
          */
         interface WithCreate extends
                 Creatable<PolicyAssignment>,
-                DefinitionStages.WithDisplayName {
+                DefinitionStages.WithDisplayName,
+                DefinitionStages.WithExcludedScopes,
+                DefinitionStages.WithParameters,
+                DefinitionStages.WithEnforcementMode {
         }
     }
 }

sdk/resourcemanager/azure-resourcemanager-resources/src/main/java/com/azure/resourcemanager/resources/models/PolicyDefinition.java

@@ -14,6 +14,8 @@
 import com.azure.resourcemanager.resources.fluentcore.model.Updatable;
 import com.azure.resourcemanager.resources.fluentcore.model.HasInnerModel;
 
+import java.util.Map;
+
 /**
  * An immutable client-side representation of an Azure policy.
  */
@@ -46,6 +48,11 @@ public interface PolicyDefinition extends
      */
     Object policyRule();
 
+    /**
+     * @return the parameters of the policy definition
+     */
+    Map<String, ParameterDefinitionsValue> parameters();
+
     /**
      * Container interface for all the definitions that need to be implemented.
      */
@@ -124,6 +131,30 @@ interface WithDescription {
             WithCreate withDescription(String description);
         }
 
+        /**
+         * A policy definition allowing parameters to be set.
+         */
+        interface WithParameters {
+            /**
+             * Specifies the parameters of the policy.
+             *
+             * @param name the name of the parameter
+             * @param definition the definition of the parameter
+             * @return the next stage of policy definition
+             */
+            WithCreate withParameter(String name, ParameterDefinitionsValue definition);
+
+            /**
+             * Specifies the parameters of the policy.
+             *
+             * @param name the name of the parameter
+             * @param parameterType the type of the parameter
+             * @param defaultValue the default value of the parameter
+             * @return the next stage of policy definition
+             */
+            WithCreate withParameter(String name, ParameterType parameterType, Object defaultValue);
+        }
+
         /**
          * A policy definition with sufficient inputs to create a new
          * policy in the cloud, but exposing additional optional inputs to
@@ -133,7 +164,8 @@ interface WithCreate extends
                 Creatable<PolicyDefinition>,
                 DefinitionStages.WithDescription,
                 DefinitionStages.WithDisplayName,
-                DefinitionStages.WithPolicyType {
+                DefinitionStages.WithPolicyType,
+                DefinitionStages.WithParameters {
         }
     }
 

sdk/resourcemanager/azure-resourcemanager-resources/src/test/java/com/azure/resourcemanager/resources/PolicyTests.java

@@ -5,6 +5,9 @@
 
 import com.azure.core.http.rest.PagedIterable;
 import com.azure.core.test.annotation.DoNotRecord;
+import com.azure.resourcemanager.resources.models.EnforcementMode;
+import com.azure.resourcemanager.resources.models.ParameterDefinitionsValue;
+import com.azure.resourcemanager.resources.models.ParameterType;
 import com.azure.resourcemanager.test.utils.TestUtilities;
 import com.azure.resourcemanager.resources.models.GenericResource;
 import com.azure.resourcemanager.resources.models.PolicyAssignment;
@@ -16,8 +19,11 @@
 import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.Test;
 
+import java.util.Collections;
+
 public class PolicyTests extends ResourceManagementTest {
     private String policyRule = "{\"if\":{\"not\":{\"field\":\"location\",\"in\":[\"southcentralus\",\"westeurope\"]}},\"then\":{\"effect\":\"deny\"}}";
+    private String policyRule2 = "{\"if\":{\"not\":{\"field\":\"name\",\"like\":\"[concat(parameters('prefix'),'*',parameters('suffix'))]\"}},\"then\":{\"effect\":\"deny\"}}";
 
     @Override
     protected void cleanUpResources() {
@@ -64,10 +70,12 @@ public void canCRUDPolicyDefinition() throws Exception {
     @DoNotRecord(skipInPlayback = true)
     public void canCRUDPolicyAssignment() throws Exception {
         String policyName = generateRandomResourceName("policy", 15);
+        String policyName2 = generateRandomResourceName("policy2", 15);
         String displayName = generateRandomResourceName("mypolicy", 15);
         String rgName = generateRandomResourceName("javarg", 15);
         String assignmentName1 = generateRandomResourceName("assignment1", 15);
         String assignmentName2 = generateRandomResourceName("assignment2", 15);
+        String assignmentName3 = generateRandomResourceName("assignment3", 15);
         String resourceName = generateRandomResourceName("webassignment", 15);
         try {
             // Create definition
@@ -90,13 +98,18 @@ public void canCRUDPolicyAssignment() throws Exception {
             Assertions.assertNotNull(assignment1);
             Assertions.assertEquals("My Assignment", assignment1.displayName());
 
+            Assertions.assertEquals(group.id(), assignment1.scope());
+            Assertions.assertEquals(0, assignment1.excludedScopes().size());
+            Assertions.assertEquals(EnforcementMode.DEFAULT, assignment1.enforcementMode());
+            Assertions.assertEquals(0, assignment1.parameters().size());
+
             GenericResource resource = resourceClient.genericResources().define(resourceName)
                     .withRegion(Region.US_SOUTH_CENTRAL)
                     .withExistingResourceGroup(group)
                     .withResourceType("sites")
                     .withProviderNamespace("Microsoft.Web")
                     .withoutPlan()
-                    .withApiVersion("2015-08-01")
+                    .withApiVersion("2020-12-01")
                     .withParentResourcePath("")
                     .withProperties(new ObjectMapper().readTree("{\"SiteMode\":\"Limited\",\"ComputeMode\":\"Shared\"}"))
                     .create();
@@ -125,10 +138,37 @@ public void canCRUDPolicyAssignment() throws Exception {
             Assertions.assertTrue(foundAssignment1);
             Assertions.assertTrue(foundAssignment2);
 
+            // definition and assignment with parameters
+            PolicyDefinition definition2 = resourceClient.policyDefinitions().define(policyName)
+                .withPolicyRuleJson(policyRule2)
+                .withPolicyType(PolicyType.CUSTOM)
+                .withParameter("prefix", ParameterType.STRING, "dept")
+                .withParameter("suffix", new ParameterDefinitionsValue().withType(ParameterType.STRING).withDefaultValue("-US"))
+                .withDisplayName(displayName)
+                .withDescription("Test policy")
+                .create();
+            PolicyAssignment assignment3 = resourceClient.policyAssignments().define(assignmentName3)
+                .forResourceGroup(group)
+                .withPolicyDefinition(definition2)
+                .withExcludedScope(resource.id())
+                .withEnforcementMode(EnforcementMode.DO_NOT_ENFORCE)
+                .withParameter("prefix", "DeptA")
+                .withParameter("suffix", "-LC")
+                .withDisplayName("Test Assignment")
+                .create();
+
+            assignment3 = resourceClient.policyAssignments().getById(assignment3.id());
+            Assertions.assertEquals(group.id(), assignment3.scope());
+            Assertions.assertEquals(Collections.singletonList(resource.id()), assignment3.excludedScopes());
+            Assertions.assertEquals(EnforcementMode.DO_NOT_ENFORCE, assignment3.enforcementMode());
+            Assertions.assertEquals(2, assignment3.parameters().size());
+
             // Delete
             resourceClient.policyAssignments().deleteById(assignment1.id());
             resourceClient.policyAssignments().deleteById(assignment2.id());
+            resourceClient.policyAssignments().deleteById(assignment3.id());
             resourceClient.policyDefinitions().deleteByName(policyName);
+            resourceClient.policyDefinitions().deleteByName(policyName2);
         } finally {
             resourceClient.resourceGroups().deleteByName(rgName);
         }