add built-in policies for both subscriptions and management-groups #2788
Conversation
ghost
added
the
|
@lawrenae, should we expose more of the properties as the builtin role definition datasource does? |
|
@katbyte sure. I don't know how useful those extra properties would be to folks, but it should be easy to add them. Will see what I can do! |
|
@katbyte I added
I see a few things in the portal that I couldnt find in the API -- |
There was a problem hiding this comment.
Thanks for the updates. So after some internal discussion we have combined azurerm_builtin_role_definition and azurerm_role_definition together in #2798 and I think we should follow the same pattern here and support both the built-in policies and custom ones in this data source.
As such we should rename this to azurerm_policy_definition and ensure that with a test we can retrieve custom policies. WDYT? I don't think it will require any code changes unlike role definitions.
|
@katbyte I like the idea of combining them. I will get to working on that, hopefully very soon |
There was a problem hiding this comment.
Hi @lawrenae,
Wasn't sure if this was ready for a review, but gave it a quick look over anyways 😅
Left a few comments inline and the remaining questions are if we should support looking up a policy by ID and support the rest of the possible properties:
policy_typepolicy_rulemetadataparameters
|
@katbyte I appreciate the additional feedback, and think I've got this ready for review (again). |
|
@katbyte -- good catches on the docs. updated! |
|
Thanks @lawrenae, LGTM now 🙂 |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks! |
this is meant as a fix for #2757
Feedback most welcome, of course