in src/PSRule.Rules.Azure/Data/Policy/PolicyAssignmentVisitor.cs [887:963]
protected virtual bool TryPolicyDefinition(PolicyAssignmentContext context, JObject definition, string policyDefinitionId, out PolicyDefinition policyDefinition)
{
policyDefinition = null;
// A definition must have properties, policyRule, and a non-disabled effect.
if (!definition.TryObjectProperty(PROPERTY_PROPERTIES, out var properties) ||
!properties.TryObjectProperty(PROPERTY_POLICYRULE, out var policyRule) ||
!policyRule.TryObjectProperty(PROPERTY_IF, out _) ||
!policyRule.TryObjectProperty(PROPERTY_THEN, out var then))
return false;
if (!properties.TryStringProperty(PROPERTY_MODE, out var mode) || !IsPolicyMode(mode, out var policyMode))
{
context.Pipeline?.Writer?.VerbosePolicyIgnoreNotApplicable(policyDefinitionId);
return false;
}
properties.TryStringProperty(PROPERTY_DISPLAYNAME, out var displayName);
properties.TryStringProperty(PROPERTY_DESCRIPTION, out var description);
var result = new PolicyDefinition(policyDefinitionId, description, definition, displayName);
// Set annotations
if (properties.TryObjectProperty(PROPERTY_METADATA, out var metadata))
{
if (metadata.TryStringProperty(PROPERTY_CATEGORY, out var category))
result.Category = category;
if (metadata.TryStringProperty(PROPERTY_VERSION, out var version))
result.Version = version;
}
// Set parameters
if (properties.TryObjectProperty(PROPERTY_PARAMETERS, out var parameters))
{
foreach (var parameter in parameters.Properties())
context.SetDefinitionParameterAssignment(result, parameter);
// Check if definition with same parameters has already been added
if (context.DefinitionParameterMap.TryGetValue(policyDefinitionId, out var previousDefinitionParameters))
{
var foundDuplicateDefinition = true;
foreach (var currentParameter in result.Parameters)
{
if (previousDefinitionParameters.TryGetValue(currentParameter.Key, out var previousParameterValue))
{
if (!ParametersEqual(context, previousParameterValue, currentParameter.Value))
{
foundDuplicateDefinition = false;
break;
}
}
}
// Skip adding definition if duplicate parameters found
if (foundDuplicateDefinition)
return false;
}
context.DefinitionParameterMap[policyDefinitionId] = result.Parameters;
}
if (!TryPolicyRuleEffect(context, then, out var effect) || ShouldFilterRule(context, policyDefinitionId, then, effect))
return false;
// Modify policy rule
TrimPolicyRule(policyRule);
VisitPolicyRule(context, result, policyRule, effect);
AddSelectors(result, policyMode);
// Check for an resulting empty condition.
if (result.Condition == null || result.Condition.Count == 0)
throw ThrowEmptyConditionExpandResult(context, policyDefinitionId);
var policyRuleHash = GetPolicyRuleHash(policyDefinitionId, result.Condition, result.Where);
result.Name = $"{context.PolicyRulePrefix}.Policy.{policyRuleHash}";
policyDefinition = result;
return true;
}