Merge pull request #9 from avinor/add-display-name-exemption

Add display name exemption
avinor · Jun 23, 2022 · b62c5d6 · b62c5d6
2 parents 10671c2 + d7f6d7e
commit b62c5d6
Show file tree

Hide file tree

Showing 5 changed files with 22 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -46,6 +46,12 @@ module "restrict-location" {
                     }
                 }
             PARAMETERS
+            exemption    = {
+               name                            = "exemption-1"
+               display_name                    = "Exemptio One"
+               exemption_category              = "Waiver"
+               policy_definition_reference_ids = ["identityEnableMFAForWritePermissionsMonitoring"]
+          }
         },
     ]
 }
@@ -99,6 +105,7 @@ module "restrict-location" {
                 }
             }
         PARAMETERS
+        exemption = null
     }
 
     assignments = [
@@ -113,6 +120,7 @@ module "restrict-location" {
                     }
                 }
             PARAMETERS
+            exemption = null
         },
     ]
 }

diff --git a/examples/multiple-assignments/main.tf b/examples/multiple-assignments/main.tf
@@ -21,11 +21,13 @@ module "policy-set-definitions" {
             PARAMETERS
       exemption = {
         name                            = "exemption-1"
+        display_name                    = "Exemptio One"
         exemption_category              = "Waiver"
         policy_definition_reference_ids = ["identityEnableMFAForWritePermissionsMonitoring"]
       }
     },
     {
+      name         = "second-assignment-test"
       display_name = "Second assignment for test"
       id           = "/providers/Microsoft.Management/managementGroups/test_mgm_grp"
       not_scopes   = []

diff --git a/examples/policy-set-definitions/main.tf b/examples/policy-set-definitions/main.tf
@@ -21,8 +21,13 @@ module "policy-set-definitions" {
             PARAMETERS
       exemption = {
         name                            = "exemption-1"
+        display_name                    = "MFA should be enabled on accounts with read/write/owner permissions on your subscription"
         exemption_category              = "Waiver"
-        policy_definition_reference_ids = ["identityEnableMFAForWritePermissionsMonitoring"]
+        policy_definition_reference_ids = [
+          "identityEnableMFAForReadPermissionsMonitoring",
+          "identityEnableMFAForWritePermissionsMonitoring",
+          "identityEnableMFAForOwnerPermissionsMonitoring",
+        ]
       }
     }
   ]

diff --git a/main.tf b/main.tf
@@ -69,6 +69,7 @@ resource "azurerm_management_group_policy_assignment" "policy" {
 resource "azurerm_management_group_policy_exemption" "policy" {
   count                           = length(local.management_group_assignments_exemptions)
   name                            = local.management_group_assignments_exemptions[count.index].exemption.name
+  display_name                    = local.management_group_assignments_exemptions[count.index].exemption.display_name
   management_group_id             = local.management_group_assignments_exemptions[count.index].id
   policy_assignment_id            = azurerm_management_group_policy_assignment.policy[count.index].id
   exemption_category              = local.management_group_assignments_exemptions[count.index].exemption.exemption_category
@@ -98,6 +99,7 @@ resource "azurerm_resource_group_policy_assignment" "policy" {
 resource "azurerm_resource_group_policy_exemption" "policy" {
   count                           = length(local.resource_group_assignments_exemptions)
   name                            = local.resource_group_assignments_exemptions[count.index].exemption.name
+  display_name                    = local.resource_group_assignments_exemptions[count.index].exemption.display_name
   resource_group_id               = local.resource_group_assignments_exemptions[count.index].id
   policy_assignment_id            = azurerm_resource_group_policy_assignment.policy[count.index].id
   exemption_category              = local.resource_group_assignments_exemptions[count.index].exemption.exemption_category
@@ -127,6 +129,7 @@ resource "azurerm_resource_policy_assignment" "policy" {
 resource "azurerm_resource_policy_exemption" "policy" {
   count                           = length(local.resource_assignments_exemptions)
   name                            = local.resource_assignments_exemptions[count.index].exemption.name
+  display_name                    = local.resource_assignments_exemptions[count.index].exemption.display_name
   resource_id                     = local.resource_assignments_exemptions[count.index].id
   policy_assignment_id            = azurerm_resource_policy_assignment.policy[count.index].id
   exemption_category              = local.resource_assignments_exemptions[count.index].exemption.exemption_category
@@ -156,8 +159,9 @@ resource "azurerm_subscription_policy_assignment" "policy" {
 resource "azurerm_subscription_policy_exemption" "policy" {
   count                           = length(local.subscription_assignments_exemptions)
   name                            = local.subscription_assignments_exemptions[count.index].exemption.name
+  display_name                    = local.subscription_assignments_exemptions[count.index].exemption.display_name
   subscription_id                 = local.subscription_assignments_exemptions[count.index].id
   policy_assignment_id            = azurerm_subscription_policy_assignment.policy[count.index].id
   exemption_category              = local.subscription_assignments_exemptions[count.index].exemption.exemption_category
   policy_definition_reference_ids = local.subscription_assignments_exemptions[count.index].exemption.policy_definition_reference_ids
-}
+}
diff --git a/variables.tf b/variables.tf
@@ -43,6 +43,7 @@ variable "assignments" {
     parameters   = string
     exemption = object({
       name                            = string
+      display_name                    = string
       exemption_category              = string
       policy_definition_reference_ids = list(string)
     })