wenzel-felix / terraform-azurerm-policy-module Goto Github PK

Is your feature request related to a problem? Please describe.
It would be helpful to support quite regularly needed arguments from the used resources in the policy assignment submodule.

Describe the solution you'd like
Add an additional parameter called identity to assignments.
As system-assigned MIs are really needed for the policy assignment, the value can be declared as bool.

Describe alternatives you've considered
Implement the identity argument as in the native assignment as block, which would allow to reference also the role definition, which will be associated with it.

Additional context
Here are some references:
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_policy_assignment#identity

Is your feature request related to a problem? Please describe.
It would be helpful to support quite regularly needed arguments from the used resources in the policy assignment submodule.

Describe the solution you'd like
Add an additional parameter called non_compliance_message to assignments.

Describe alternatives you've considered
None

Additional context
Here are some references:
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_policy_assignment#non_compliance_message

Describe the bug
Looking at here it is clear that MG exemptions for MG assignments won't work, as their "path" is not incremental or based on their relation with each other.

To Reproduce/Test
Make an assignment at MG scope and add an exemption for a child MG.

Expected behavior
There should be no issue.

Currently, assignments and exemptions are within one module.
This makes this module very bloated. To increase readability it should be split into two separate submodules.

The documentation is quite outdated. To enable the best user experience it should be updated for the current version. Before the next release.

Is your feature request related to a problem? Please describe.
The configuration file is very big and provides a bad overview.

Describe the solution you'd like
Move to a more file-based approach.

Describe alternatives you've considered
None

Additional context
Instead of maintaining a folder for policies, we should maintain two folders - one for policies and one for initiatives, and one for the assignments (+ exemptions). The policies and initiatives should be per file and the assignments should be concatenated over all files where each file holds an individual list.

Is your feature request related to a problem? Please describe.
The policy set resource supports adding parameter values for each policy reference. The module right now does not.

Describe the solution you'd like
The list of references can probably be adjusted to a list of maps or objects instead of just a list of strings.