Add support for Azure Policy Assignment metadata

azurerm/internal/services/policy/policy_assignment_resource.go

@@ -4,9 +4,12 @@ import (
 	"context"
 	"fmt"
 	"log"
+	"reflect"
 	"strconv"
 	"time"
 
+	"encoding/json"
+
 	"github.com/Azure/azure-sdk-for-go/services/resources/mgmt/2019-09-01/policy"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
@@ -123,10 +126,40 @@ func resourceArmPolicyAssignment() *schema.Resource {
 				Optional: true,
 				Elem:     &schema.Schema{Type: schema.TypeString},
 			},
+
+			"metadata": {
+				Type:             schema.TypeString,
+				Optional:         true,
+				ValidateFunc:     validation.StringIsJSON,
+				DiffSuppressFunc: policyAssignmentsMetadataDiffSuppressFunc,
+			},
 		},
 	}
 }
 
+func policyAssignmentsMetadataDiffSuppressFunc(_, old, new string, _ *schema.ResourceData) bool {
+	var oldPolicyAssignmentsMetadata map[string]interface{}
+	errOld := json.Unmarshal([]byte(old), &oldPolicyAssignmentsMetadata)
+	if errOld != nil {
+		return false
+	}
+
+	var newPolicyAssignmentsMetadata map[string]interface{}
+	errNew := json.Unmarshal([]byte(new), &newPolicyAssignmentsMetadata)
+	if errNew != nil {
+		return false
+	}
+
+	// Ignore the following keys if they're found in the metadata JSON
+	ignoreKeys := [5]string{"assignedBy", "createdBy", "createdOn", "updatedBy", "updatedOn"}
+	for _, key := range ignoreKeys {
+		delete(oldPolicyAssignmentsMetadata, key)
+		delete(newPolicyAssignmentsMetadata, key)
+	}
+
+	return reflect.DeepEqual(oldPolicyAssignmentsMetadata, newPolicyAssignmentsMetadata)
+}
+
 func resourceArmPolicyAssignmentCreateUpdate(d *schema.ResourceData, meta interface{}) error {
 	client := meta.(*clients.Client).Policy.AssignmentsClient
 	ctx, cancel := timeouts.ForCreateUpdate(meta.(*clients.Client).StopContext, d)
@@ -181,6 +214,14 @@ func resourceArmPolicyAssignmentCreateUpdate(d *schema.ResourceData, meta interf
 		assignment.AssignmentProperties.Parameters = expandedParams
 	}
 
+	if metaDataString := d.Get("metadata").(string); metaDataString != "" {
+		metaData, err := structure.ExpandJsonFromString(metaDataString)
+		if err != nil {
+			return fmt.Errorf("unable to parse metadata: %s", err)
+		}
+		assignment.AssignmentProperties.Metadata = &metaData
+	}
+
 	if v, ok := d.GetOk("not_scopes"); ok {
 		assignment.AssignmentProperties.NotScopes = expandAzureRmPolicyNotScopes(v.([]interface{}))
 	}
@@ -257,6 +298,10 @@ func resourceArmPolicyAssignmentRead(d *schema.ResourceData, meta interface{}) e
 		d.Set("display_name", props.DisplayName)
 		d.Set("enforcement_mode", props.EnforcementMode == policy.Default)
 
+		if metadataStr := flattenJSON(props.Metadata); metadataStr != "" {
+			d.Set("metadata", metadataStr)
+		}
+
 		if params := props.Parameters; params != nil {
 			json, err := flattenParameterValuesValueToString(params)
 			if err != nil {

azurerm/internal/services/policy/tests/policy_assignment_resource_test.go

@@ -241,6 +241,11 @@ resource "azurerm_policy_assignment" "test" {
   name                 = "acctestpa-%[1]d"
   scope                = azurerm_resource_group.test.id
   policy_definition_id = azurerm_policy_definition.test.id
+  metadata = <<METADATA
+	{
+		"category": "General"
+	}
+METADATA  
 }
 `, data.RandomInteger, data.Locations.Primary)
 }