Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for specifying built-in policy definition version when creating azurerm_*_policy_assignment #26855

Open
1 task done
eehret opened this issue Jul 29, 2024 · 1 comment
Open
1 task done

Support for specifying built-in policy definition version when creating azurerm_*_policy_assignment #26855

eehret opened this issue Jul 29, 2024 · 1 comment
Labels
enhancement preview service/policy

Comments

@eehret
Copy link

eehret commented Jul 29, 2024
edited
Loading

Is there an existing issue for this?

  • I have searched the existing issues

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Description

Apologies if this exists already - I did look for it and came up empty.

Currently in preview there's support for indicating specific versions of built-in policies, both when viewing information about the policy definitions as well as when managing policy assignments at different scopes.

I am not currently seeing a way to do this in Terraform azurerm provider though; there doesn't seem to be a version attribute that can be specified in which I could pin the assignment to a specific version, or to opt in/out of the automatic minor version updates.

New or Affected Resource(s)/Data Source(s)

azurerm_*_policy_assignment, data.policy_definition_built_in

Potential Terraform Configuration

Slightly modifying the example here: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/management_group_policy_assignment

And following the syntax shown here: 


resource "azurerm_management_group_policy_assignment" "example" {
  name                 = "example-policy"
  management_group_id  = azurerm_management_group.example.id
  policy_definition_id = azurerm_policy_definition.example.id
  policy_definition_version = "2.*.*"    # Optional
}

Note that the policy_definition_version field would only be valid for built-in policy and initiative definitions.

A similar change could be done for resource group, and resource scoped assignments and I suppose it might be considered for the data source policy_definition_built_in as well.



### References

https://techcommunity.microsoft.com/t5/azure-governance-and-management/public-preview-announcement-azure-policy-built-in-versioning/ba-p/4186105

https://learn.microsoft.com/en-us/azure/governance/policy/concepts/assignment-structure#policy-definition-id-and-version-preview
@jrhalasz
Copy link

jrhalasz commented Nov 6, 2024

Do you know when this will be implemented?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement preview service/policy
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@eehret @mybayern1974 @jrhalasz @rcskosir