Policy Setting: Azure > Network Watcher > Network Watcher > Approved > Custom

resource "turbot_policy_setting" "azure_network_watcher_approved_custom" {
  resource       = turbot_policy_pack.main.id
  type           = "tmod:@turbot/azure-networkwatcher#/policy/types/networkWatcherApprovedCustom"
  note           = "Azure CIS v2.0.0 - Controls: 6.6"
  template_input = <<-EOT
    {
      networkWatcher {
        provisioningState: get(path: "provisioningState")
      }
    }
    EOT
  template       = <<-EOT
    {%- if $.networkWatcher.provisioningState == "Succeeded" -%}

      {%- set data = {
          "title": "Enabled",
          "result": "Approved",
          "message": "Network Watcher is enabled"
      } -%}

    {%- elif $.networkWatcher.provisioningState and $.networkWatcher.provisioningState != "Succeeded" -%}

      {%- set data = {
          "title": "Enabled",
          "result": "Not approved",
          "message": "Network Watcher is not enabled"
      } -%}

    {%- else -%}

      {%- set data = {
          "title": "Enabled",
          "result": "Skip",
          "message": "No data for Network Watcher yet"
      } -%}

    {%- endif -%}
    {{ data | json }}
  EOT
}