papanito/doomemacs.install.md

## doomemacs.install.md

      
    Raw
  

              doomemacs.install.md
            
          
    I currently have to use Windows hence [Cygwin]. In addition, I am sitting behine a corporate proxy. So gitconfig is configured to use the proxy for outoing connections. Plus, as we also have self-signe certificates which are in the credentials store of the Windows host, the sslBackend has to be configured accordingly. So my .gitconfig looks like this:
[http "https://github.com"]
    proxy = http://:@webproxy.intra:8888
[http "https://git.savannah.gnu.org"]
    proxy = http://:@webproxy.intra:8888
sslBackend = schannel

1.Install emacs using chocolatey
choco install emacs.install


Clone doomemacs and trigger installation

git clone --depth 1 https://github.com/doomemacs/doomemacs ~/.emacs.d
~/.emacs.d/bin/doom install

This fails with
> Installing Doom Emacs!

- Skipping ~/.doom.d/ (already exists)
  - Skipping init.el (already exists)
  - Skipping config.el (already exists)
  - Skipping packages.el (already exists)
Generate an envvar file? (see `doom help env` for details) (y or n) > Generating envvars file
  âo" Generated ~/.emacs.d/.local/env
Installing plugins
> Installing straight...
x There was an unexpected runtime error
  Message: File is missing
  Details: ("Cannot open load file" "No such file or directory" "c:/Users/papanito/.emacs.d/.local/straight/repos/straight.el/straight.el")
  Backtrace:
    (require straight "c:/Users/papanito/.emacs.d/.local/straight/repos/straight.el/straight.el")
    (let ((repo-dir (doom-path straight-base-dir "straight/repos/straight.el")) (repo-url (concat "http" (if gnutls-verify-error "s") "://github.com/" (or (plist-get recipe :repo) "radian-software/straight.el"))) (branch (or (plist-get recipe :branch) straight-repository-branch)) (call (if init-file-debug #'(lambda (&rest args) (doom-print (doom-print--format "%s" (cdr (apply #'doom-call-process args))))) #'(lambda (...
    (let ((process-environment (copy-sequence process-environment))) (setenv "GIT_CONFIG" nil) (setenv "GIT_CONFIG_NOSYSTEM" "1") (setenv "GIT_CONFIG_GLOBAL" (or (getenv "DOOMGITCONFIG") "/dev/null")) (let ((repo-dir (doom-path straight-base-dir "straight/repos/straight.el")) (repo-url (concat "http" (if gnutls-verify-error "s") "://github.com/" (or (plist-get recipe :repo) "radian-software/straight.el"))) (branch (o...
    (doom--ensure-straight (:host github :repo "radian-software/straight.el" :branch "develop" :local-repo "straight.el" :files ("straight*.el")) "e20a44c4ac5c04896aecd43a5fdd12c67527c69e")
    (let* ((--cl-rest-- (alist-get 'straight packages)) (recipe (car (cdr (plist-member --cl-rest-- ':recipe)))) (pin (car (cdr (plist-member --cl-rest-- ':pin))))) (doom--ensure-straight recipe pin))
    (let ((packages (doom-package-list '((:core))))) (let* ((--cl-rest-- (alist-get 'straight packages)) (recipe (car (cdr (plist-member --cl-rest-- ':recipe)))) (pin (car (cdr (plist-member --cl-rest-- ':pin))))) (doom--ensure-straight recipe pin)) (doom--ensure-core-packages (seq-filter #'(lambda (%) (eq (plist-get % :type) 'core)) packages)))
    (progn (if doom-inhibit-log nil (doom--log "Initializing straight")) (let ((packages (doom-package-list '((:core))))) (let* ((--cl-rest-- (alist-get 'straight packages)) (recipe (car (cdr (plist-member --cl-rest-- ':recipe)))) (pin (car (cdr (plist-member --cl-rest-- ':pin))))) (doom--ensure-straight recipe pin)) (doom--ensure-core-packages (seq-filter #'(lambda (%) (eq (plist-get % :type) 'core)) packages))))
    (if (or force-p (null (and (boundp 'straight-recipe-repositories) straight-recipe-repositories))) (progn (if doom-inhibit-log nil (doom--log "Initializing straight")) (let ((packages (doom-package-list '((:core))))) (let* ((--cl-rest-- (alist-get 'straight packages)) (recipe (car (cdr (plist-member --cl-rest-- ':recipe)))) (pin (car (cdr (plist-member --cl-rest-- ':pin))))) (doom--ensure-straight recipe pin)) (do...
    (doom-initialize-core-packages nil)
    (doom-initialize-packages)
    (doom-packages-install)
    (if (eq install\? :no) (doom-print (doom-print--format (doom-print--class 'warn "Not installing plugins, as requested"))) (doom-print (doom-print--format "Installing plugins")) (doom-packages-install))
  ! Wrote extended backtrace to ~/.emacs.d/.local/logs/cli.doom.220928141637.836.error
  Finished in 46.28007s

As I reached out in the forum I was informed that

Doom intentionally ignores system git config.

This can by bypassed, so  I tried that.
DOOMGITCONFIG=~/.gitconfig doom install

This did not work as I still get the same error, so following the error message, I went to the directory c:/Users/papanito/.emacs.d/.local/straight/ and did a git pull origin master. After that DOOMGITCONFIG=~/.gitconfig doom install worked like a charm

  
## gistfile1.txt
SHELL_P10K=~/.p10k.zsh
[[ ! -f $SHELL_P10K ]] || source $SHELL_P10K
SHELL_ALIASES=~/.aliases
[[ -f $SHELL_ALIASES ]] || source $SHELL_ALIASES
SHELL_FUNCTIONS=~/.functions
[[ -f $SHELL_FUNCTIONS ]] || source $SHELL_FUNCTIONS
SHELL_AZURE_COMPLETION=~/.azure_completion
[[ -f $SHELL_AZURE_COMPLETION ]] || source $SHELL_AZURE_COMPLETION

## gistfile2.txt
As a starting point lets decode the content from the `[azurerm_policy_set_definition]`

data "azurerm_policy_set_definition" "test" {
  display_name = "Azure Security Benchmark"
}


```
locals {
  decoded_policy_set_definition_params  = jsondecode(data.azurerm_policy_set_definition.test.parameters)
}

output "demo" {
    value = local.decoded_policy_set_definition_params
}
```

This will show you the content:

```
Changes to Outputs:
  + demo = {
      + ASCDependencyAgentAuditLinuxEffect                                                                   = {
          + allowedValues = [
              + "AuditIfNotExists",
              + "Disabled",
            ]
          + defaultValue  = "AuditIfNotExists"
          + metadata      = {
              + description = "Enable or disable Dependency Agent for Linux VMs"
              + displayName = "Audit Dependency Agent for Linux VMs monitoring"
            }
          + type          = "String"
...
```

From there let's iterate over the root elements, by adding this

```
  filtered_policy_set_definition_params  = [
    for v in decoded_policy_set_definition_params : v.type
  ]
```

However `terraform plan` results in this error

```
Error: Invalid reference

  on local.tf line 18, in locals:
  18:     for v in decoded_policy_set_definition_params : s.type

A reference to a resource type must be followed by at least one attribute
```

This is cause the `decoded_policy_set_definition_params ` is local, hence

```
  filtered_policy_set_definition_params  = [
    for v in local.decoded_policy_set_definition_params : v
  ]
```

Works and if we adjust the output as follows

```
output "demo" {
    value = local.filtered_policy_set_definition_params
}
```

We still get the same output:

```
Changes to Outputs:
  + demo = [
      + {
          + allowedValues = [
              + "AuditIfNotExists",
              + "Disabled",
            ]
          + defaultValue  = "AuditIfNotExists"
          + metadata      = {
              + description = "Enable or disable Dependency Agent for Linux VMs"
              + displayName = "Audit Dependency Agent for Linux VMs monitoring"
            }
          + type          = "String"
        },
...
```

Now we want to filter out al elements which contain

```
metadata     = {
  deprecated  = true
```

Following [this post](https://stackoverflow.com/questions/62848141/terraform-for-each-if-value-exists-in-object) the recommended way is to use `[lookup]`, which

> retrieves the value of a single element from a map, given its key. If the given key does not exist, the given default value is returned instead.

As we want all that don't have the attribute `metadata.deprecated`, we would use this

```
for v in local.decoded_policy_set_definition_params : s if lookup(v.metadata, "deprecated", null) == null
```

The result contains all elements, but we are missing the key of the element (the policy name)

```
Changes to Outputs:
  + demo = [
      + {
          + allowedValues = [
              + "AuditIfNotExists",
              + "Disabled",
            ]
          + defaultValue  = "AuditIfNotExists"
          + metadata      = {
              + description = "Enable or disable Dependency Agent for Linux VMs"
              + displayName = "Audit Dependency Agent for Linux VMs monitoring"
            }
...
```


So when iterating over the json object we have to read carefully what it tells [here][result types]

> The type of brackets around the for expression decide what type of result it produces.
> `[]` produces a tuple
> `{}` result is an object and you must provide two result expressions that are separated by the `=>` symbol

So the adjusted expression is

```
  filtered_policy_set_definition_params  = {
    for k, v in local.decoded_policy_set_definition_params : k=>v if lookup(v.metadata, "deprecated", null) == null
  }
```

Which results in this

```
  + demo = {
      + ASCDependencyAgentAuditLinuxEffect                                                                   = {
          + allowedValues = [
              + "AuditIfNotExists",
              + "Disabled",
            ]
          + defaultValue  = "AuditIfNotExists"
          + metadata      = {
              + description = "Enable or disable Dependency Agent for Linux VMs"
              + displayName = "Audit Dependency Agent for Linux VMs monitoring"
            }
          + type          = "String"
...
```

Now we can use this in our `azurerm_policy_set_definition`


```
resource "azurerm_policy_set_definition" "Example" {
  name                = "Example-Policy-Set"
  policy_type         = "Custom"
  display_name        = "Example-Policy-Set"
  management_group_id = data.azurerm_management_group.Sandboxes.id
  parameters          = jsonencode(local.filtered_policy_set_definition_params)
  dynamic "policy_definition_reference" {
    for_each = data.azurerm_policy_set_definition.test.policy_definition_reference
    content {
      parameter_values     = policy_definition_reference.value.parameter_values
      policy_definition_id = policy_definition_reference.value.policy_definition_id
      reference_id         = policy_definition_reference.value.reference_id

    }
  }
}
```


[result type]: https://developer.hashicorp.com/terraform/language/expressions/for#result-types]
[azurerm_policy_set_definition]: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/policy_set_definition
[jsondecode]: https://developer.hashicorp.com/terraform/language/functions/jsondecode
[lookup]: https://www.terraform.io/docs/configuration/functions/lookup.html
	SHELL_P10K=~/.p10k.zsh
	[[ ! -f $SHELL_P10K ]] \|\| source $SHELL_P10K
	SHELL_ALIASES=~/.aliases
	[[ -f $SHELL_ALIASES ]] \|\| source $SHELL_ALIASES
	SHELL_FUNCTIONS=~/.functions
	[[ -f $SHELL_FUNCTIONS ]] \|\| source $SHELL_FUNCTIONS
	SHELL_AZURE_COMPLETION=~/.azure_completion
	[[ -f $SHELL_AZURE_COMPLETION ]] \|\| source $SHELL_AZURE_COMPLETION
	As a starting point lets decode the content from the `[azurerm_policy_set_definition]`

	data "azurerm_policy_set_definition" "test" {
	display_name = "Azure Security Benchmark"
	}


	```
	locals {
	decoded_policy_set_definition_params = jsondecode(data.azurerm_policy_set_definition.test.parameters)
	}

	output "demo" {
	value = local.decoded_policy_set_definition_params
	}
	```

	This will show you the content:

	```
	Changes to Outputs:
	+ demo = {
	+ ASCDependencyAgentAuditLinuxEffect = {
	+ allowedValues = [
	+ "AuditIfNotExists",
	+ "Disabled",
	]
	+ defaultValue = "AuditIfNotExists"
	+ metadata = {
	+ description = "Enable or disable Dependency Agent for Linux VMs"
	+ displayName = "Audit Dependency Agent for Linux VMs monitoring"
	}
	+ type = "String"
	...
	```

	From there let's iterate over the root elements, by adding this

	```
	filtered_policy_set_definition_params = [
	for v in decoded_policy_set_definition_params : v.type
	]
	```

	However `terraform plan` results in this error

	```
	Error: Invalid reference

	on local.tf line 18, in locals:
	18: for v in decoded_policy_set_definition_params : s.type

	A reference to a resource type must be followed by at least one attribute
	```

	This is cause the `decoded_policy_set_definition_params ` is local, hence

	```
	filtered_policy_set_definition_params = [
	for v in local.decoded_policy_set_definition_params : v
	]
	```

	Works and if we adjust the output as follows

	```
	output "demo" {
	value = local.filtered_policy_set_definition_params
	}
	```

	We still get the same output:

	```
	Changes to Outputs:
	+ demo = [
	+ {
	+ allowedValues = [
	+ "AuditIfNotExists",
	+ "Disabled",
	]
	+ defaultValue = "AuditIfNotExists"
	+ metadata = {
	+ description = "Enable or disable Dependency Agent for Linux VMs"
	+ displayName = "Audit Dependency Agent for Linux VMs monitoring"
	}
	+ type = "String"
	},
	...
	```

	Now we want to filter out al elements which contain

	```
	metadata = {
	deprecated = true
	```

	Following [this post](https://stackoverflow.com/questions/62848141/terraform-for-each-if-value-exists-in-object) the recommended way is to use `[lookup]`, which

	> retrieves the value of a single element from a map, given its key. If the given key does not exist, the given default value is returned instead.

	As we want all that don't have the attribute `metadata.deprecated`, we would use this

	```
	for v in local.decoded_policy_set_definition_params : s if lookup(v.metadata, "deprecated", null) == null
	```

	The result contains all elements, but we are missing the key of the element (the policy name)

	```
	Changes to Outputs:
	+ demo = [
	+ {
	+ allowedValues = [
	+ "AuditIfNotExists",
	+ "Disabled",
	]
	+ defaultValue = "AuditIfNotExists"
	+ metadata = {
	+ description = "Enable or disable Dependency Agent for Linux VMs"
	+ displayName = "Audit Dependency Agent for Linux VMs monitoring"
	}
	...
	```



	So when iterating over the json object we have to read carefully what it tells [here][result types]

	> The type of brackets around the for expression decide what type of result it produces.
	> `[]` produces a tuple
	> `{}` result is an object and you must provide two result expressions that are separated by the `=>` symbol

	So the adjusted expression is

	```
	filtered_policy_set_definition_params = {
	for k, v in local.decoded_policy_set_definition_params : k=>v if lookup(v.metadata, "deprecated", null) == null
	}
	```

	Which results in this

	```
	+ demo = {
	+ ASCDependencyAgentAuditLinuxEffect = {
	+ allowedValues = [
	+ "AuditIfNotExists",
	+ "Disabled",
	]
	+ defaultValue = "AuditIfNotExists"
	+ metadata = {
	+ description = "Enable or disable Dependency Agent for Linux VMs"
	+ displayName = "Audit Dependency Agent for Linux VMs monitoring"
	}
	+ type = "String"
	...
	```

	Now we can use this in our `azurerm_policy_set_definition`


	```
	resource "azurerm_policy_set_definition" "Example" {
	name = "Example-Policy-Set"
	policy_type = "Custom"
	display_name = "Example-Policy-Set"
	management_group_id = data.azurerm_management_group.Sandboxes.id
	parameters = jsonencode(local.filtered_policy_set_definition_params)
	dynamic "policy_definition_reference" {
	for_each = data.azurerm_policy_set_definition.test.policy_definition_reference
	content {
	parameter_values = policy_definition_reference.value.parameter_values
	policy_definition_id = policy_definition_reference.value.policy_definition_id
	reference_id = policy_definition_reference.value.reference_id

	}
	}
	}
	```





	[result type]: https://developer.hashicorp.com/terraform/language/expressions/for#result-types]
	[azurerm_policy_set_definition]: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/policy_set_definition
	[jsondecode]: https://developer.hashicorp.com/terraform/language/functions/jsondecode
	[lookup]: https://www.terraform.io/docs/configuration/functions/lookup.html