add built-in policies for both subscriptions and management-groups

[lawrenae]

this is meant as a fix for #2757

Feedback most welcome, of course

[katbyte]

@lawrenae, should we expose more of the properties as the builtin role definition datasource does?

[lawrenae]

@katbyte sure. I don't know how useful those extra properties would be to folks, but it should be easy to add them. Will see what I can do!

[lawrenae]

@katbyte I added

• display_name - (Required) Specifies the name of the built-in Policy Definition.
• id - the ID of the built-in Policy Definition.
• description - the Description of the built-in Policy.
• type - the Type of Policy.
• name - The Name of the Policy Definition

I see a few things in the portal that I couldnt find in the API -- effect and category that might also be useful.

[katbyte]

@lawrenae,

Thanks for the updates. So after some internal discussion we have combined azurerm_builtin_role_definition and azurerm_role_definition together in #2798 and I think we should follow the same pattern here and support both the built-in policies and custom ones in this data source.

As such we should rename this to azurerm_policy_definition and ensure that with a test we can retrieve custom policies. WDYT? I don't think it will require any code changes unlike role definitions.

[lawrenae]

@katbyte I like the idea of combining them. I will get to working on that, hopefully very soon

[katbyte]

Hi @lawrenae,

Wasn't sure if this was ready for a review, but gave it a quick look over anyways 😅

Left a few comments inline and the remaining questions are if we should support looking up a policy by ID and support the rest of the possible properties:

• policy_type
• policy_rule
• metadata
• parameters

[lawrenae]

@katbyte I appreciate the additional feedback, and think I've got this ready for review (again).

[katbyte]

thanks @lawrenae, aside from a few minor nits i've left inline and the build not passing (looks like a simple) this is looking pretty GTM 🙂

[lawrenae]

@katbyte -- good catches on the docs. updated!

[katbyte]

Thanks @lawrenae, LGTM now 🙂

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks!