2020-09-25 22:39:19 +03:00
resource " azurerm_policy_assignment " " enterprise_scale " {
2020-10-09 15:45:50 +03:00
for_each = local . azurerm_policy_assignment_enterprise_scale
2020-09-25 22:39:19 +03:00
# Mandatory resource attributes
# The policy assignment name length must not exceed '24' characters, but Terraform plan is unable to validate this in the plan stage. The following logic forces an error during plan if an invalid name length is specified.
name = tonumber ( length ( each . value . template . name ) > 24 ? " The policy assignment name ' ${ each . value . template . name } ' is invalid. The policy assignment name length must not exceed '24' characters. " : length ( each . value . template . name ) ) > 24 ? null : each . value . template . name
scope = each . value . scope_id
policy_definition_id = each . value . template . properties . policyDefinitionId
# Optional resource attributes
identity {
2021-04-07 18:14:39 +03:00
type = try ( each . value . template . identity . type , " None " )
2020-09-25 22:39:19 +03:00
}
2021-04-07 18:14:39 +03:00
location = try ( each . value . template . location , null )
description = try ( each . value . template . properties . description , " ${ each . value . template . name } Policy Assignment at scope ${ each . value . scope_id } " )
display_name = try ( each . value . template . properties . displayName , each . value . template . name )
metadata = try ( length ( each . value . template . properties . metadata ) > 0 , false ) ? jsonencode ( each . value . template . properties . metadata ) : null
2021-04-29 00:07:14 +03:00
parameters = try ( length ( each . value . parameters ) > 0 , false ) ? jsonencode ( each . value . parameters ) : null
2021-04-07 18:14:39 +03:00
not_scopes = try ( each . value . template . properties . notScopes , local . empty_list )
2021-04-29 00:07:14 +03:00
enforcement_mode = each . value . enforcement_mode
2020-09-25 22:39:19 +03:00
2020-10-19 22:22:24 +03:00
# Set explicit dependency on Management Group, Policy Definition and Policy Set Definition deployments
2020-09-25 22:39:19 +03:00
depends_on = [
2021-03-06 22:29:26 +03:00
time_sleep . after_azurerm_management_group ,
time_sleep . after_azurerm_policy_definition ,
time_sleep . after_azurerm_policy_set_definition ,
2020-09-25 22:39:19 +03:00
]
}
2021-03-06 22:29:26 +03:00
resource " time_sleep " " after_azurerm_policy_assignment " {
depends_on = [
time_sleep . after_azurerm_management_group ,
time_sleep . after_azurerm_policy_definition ,
time_sleep . after_azurerm_policy_set_definition ,
azurerm_policy_assignment . enterprise_scale ,
]
triggers = {
" azurerm_policy_assignment_enterprise_scale " = jsonencode ( keys ( azurerm_policy_assignment . enterprise_scale ) )
}
create_duration = local . create_duration_delay [ " after_azurerm_policy_assignment " ]
destroy_duration = local . destroy_duration_delay [ " after_azurerm_policy_assignment " ]
}