Initial policies and method for creating policy definition.

This adds some initial example policies: - One for region restrictions - One for service restrictions Note that the MS ARM team has said that region restrictions may be controlled by ARM, so that policy might prove unnecessary. The parameters list for the service restrictions is stubbed for now, pending the full list. I also added an internal method for adding policy definitions to a management group. This method is agnostic about what tier of management group the policy is being defined at. It requires that a dictionary representing the properties section of a valid Azure JSON policy definition be passed as an argument.
2019-12-13 16:32:46 -05:00
parent 7dbdeb3ae7
commit b61956080e
8 changed files with 309 additions and 87 deletions
--- a/tests/domain/cloud/test_azure_csp.py
+++ b/tests/domain/cloud/test_azure_csp.py
@@ -90,3 +90,28 @@ def test_create_atat_admin_user_succeeds(mock_azure: AzureCloudProvider):
    result = mock_azure.create_atat_admin_user(AUTH_CREDENTIALS, environment_id)

    assert result.get("csp_user_id") == csp_user_id
+
+
+def test_create_policy_definition_succeeds(mock_azure: AzureCloudProvider):
+    subscription_id = str(uuid4())
+    management_group_id = str(uuid4())
+    properties = {
+        "policyType": "test",
+        "displayName": "test policy",
+    }
+
+    result = mock_azure._create_policy_definition(
+        AUTH_CREDENTIALS, subscription_id, management_group_id, properties
+    )
+    azure_sdk_method = (
+        mock_azure.sdk.policy.PolicyClient.return_value.policy_definitions.create_or_update_at_management_group
+    )
+    mock_policy_definition = (
+        mock_azure.sdk.policy.PolicyClient.return_value.policy_definitions.models.PolicyDefinition()
+    )
+    assert azure_sdk_method.called
+    azure_sdk_method.assert_called_with(
+        management_group_id=management_group_id,
+        policy_definition_name=properties.get("displayName"),
+        parameters=mock_policy_definition,
+    )
--- a/tests/mock_azure.py
+++ b/tests/mock_azure.py
@@ -46,6 +46,12 @@ def mock_credentials():
    return Mock(spec=credentials)


+def mock_policy():
+    from azure.mgmt.resource import policy
+
+    return Mock(spec=policy)
+
+
 class MockAzureSDK(object):
    def __init__(self):
        from msrestazure.azure_cloud import AZURE_PUBLIC_CLOUD
@@ -55,6 +61,7 @@ class MockAzureSDK(object):
        self.managementgroups = mock_managementgroups()
        self.graphrbac = mock_graphrbac()
        self.credentials = mock_credentials()
+        self.policy = mock_policy()
        # may change to a JEDI cloud
        self.cloud = AZURE_PUBLIC_CLOUD