Terraform modules that simplify the workflow of custom and built-in Azure Policies
MIT License
Bot releases are hidden (Show)
Full Changelog: https://github.com/gettek/terraform-azurerm-policy-as-code/compare/2.9.1...2.9.2
Published by gettek 8 months ago
Fixes #101 and removes definition reference (64) character limit
2.9.1 by @gettek in https://github.com/gettek/terraform-azurerm-policy-as-code/pull/102
Full Changelog: https://github.com/gettek/terraform-azurerm-policy-as-code/compare/2.9.0...2.9.1
Published by gettek 8 months ago
ENHANCEMENTS:
initiative
READMEFEATURES:
metadata.non_compliance_message
, description
, display_name
Flagged by Policy: <policy_name>
UPDATES:
Published by gettek about 1 year ago
Full Changelog: https://github.com/gettek/terraform-azurerm-policy-as-code/compare/2.8.2...2.8.3
Published by gettek over 1 year ago
assignment_name
should be trimmed to 24 characters if scope is at Management Group and 64 characters for all other scopes
See #82
Full Changelog: https://github.com/gettek/terraform-azurerm-policy-as-code/compare/2.8.1...2.8.2
Published by gettek over 1 year ago
Full Changelog: https://github.com/gettek/terraform-azurerm-policy-as-code/compare/2.8.0...2.8.1
Published by gettek over 1 year ago
*_assignment
modules in #73:
re_evaluate_compliance [bool]
replaces resource_discovery_mode [string]
true
will Re-Evaluate Compliance for remediation tasksAzureRM >=3.49.0
definition_reference_ids
and added output initiative.reference_ids
assignment_enforcement_mode=false
by @pmatthews05 in #72Full Changelog: https://github.com/gettek/terraform-azurerm-policy-as-code/compare/2.7.2...2.8.0
Published by gettek over 1 year ago
Full Changelog: https://github.com/gettek/terraform-azurerm-policy-as-code/compare/2.7.1...2.7.2
Published by gettek almost 2 years ago
Fixes #62 - Role Assignment syntax was incorrect
Full Changelog: https://github.com/gettek/terraform-azurerm-policy-as-code/compare/2.7.0...2.7.1
Published by gettek almost 2 years ago
Fixes #58 - Adds support for User Assigned Managed Identities at assignment
Fixes #59 - Syntax fix on def_assignment
Full Changelog: https://github.com/gettek/terraform-azurerm-policy-as-code/compare/2.6.5...2.7.0
Published by gettek almost 2 years ago
Fixes #52 - initiative
module now populates parameter displayName
making it easier to identify definition references in the Azure Portal
Full Changelog: https://github.com/gettek/terraform-azurerm-policy-as-code/compare/2.6.4...2.6.5
Published by gettek about 2 years ago
Better handling of empty parameters (second fix: https://github.com/gettek/terraform-azurerm-policy-as-code/issues/46)
Full Changelog: https://github.com/gettek/terraform-azurerm-policy-as-code/compare/2.6.3...2.6.4
Published by gettek about 2 years ago
set_assignment
module - Initiative Remediation tasks now use policy_definition_reference_id
in favour of policy_definition_id
(requires AzureRM Provider Version: 3.23.0
). See: https://github.com/hashicorp/terraform-provider-azurerm/pull/18037
Published by gettek about 2 years ago
*-assignment
modules:
resource_count
, parallel_deployments
and failure_percentage
hashicorp/azurerm >=3.21.0
convert_from_tf_plan.ps1
: export policies from a terraform plan output for easy library importsprecommit.ps1
: precommit tasks that generate tf docsmerge_parameters = false
will create unique parameter references for each member definitionPublished by gettek over 2 years ago
definition
module:
coalesce()
did not correctly evaluate policy object metadata into local.metadata
initiative
module:
var.merge_effects
allows member definitions to have unique "effect" parameters at assignment*-assignment
modules:
var.assignment_metadata
set_assignment
module:
var.non_compliance_message
attribute changed to var.non_compliance_messages
to allow both default and definition-specific messagesPublished by gettek over 2 years ago
definition
module:
file_path
for custom policies located outside the module library*-assignment
modules:
remediation_scope
set_assignment
module:
role_definition_ids
attribute no longer an explicit requirement to successfully assign rolesskip_remediation=true
(see: https://github.com/gettek/terraform-azurerm-policy-as-code/issues/21)resource_discovery_mode
from azurerm_management_group_policy_remediation
(see: https://github.com/hashicorp/terraform-provider-azurerm/issues/17007)Published by gettek over 2 years ago
set_assignment
would suffer from an Error: Invalid for_each argument
. Now there is no need to run -var="skip_remediation=true"
on first time plan/apply.policy_definition_reference_ids
are no longer md5 hashed making it easier to identify references.Published by gettek over 2 years ago
def_assignment
& set_assignment
modules now use the split remediation resources (#13) (AzureRM >=3.0.0
):
azurerm_management_group_policy_remediation
azurerm_subscription_policy_remediation
azurerm_resource_group_policy_remediation
azurerm_resource_policy_remediation
exemption
module replaces arm template deployment in favor of new provider resources (AzureRM >=3.2.0
):
azurerm_management_group_policy_exemption
azurerm_subscription_policy_exemption
azurerm_resource_group_policy_exemption
azurerm_resource_policy_exemption
management_group
=> management_group_id
Error: no schema available for module.{assignment_name}.azurerm_policy_remediation.rem[0] while reading state; this is a bug in Terraform and should be reported
Use def_assignment
and set_assignment
module <=2.4.0
to safely remove all existing remediation resources before upgrading to this version. To do this simply specify skip_remediation=true
.
Published by gettek over 2 years ago
management_group_name
is deprecated in favour of management_group_id
management_group_name
=> management_group
name
or group_id
attribute, but not id
Published by gettek almost 3 years ago
try {}
block from policy_object
local in the definition
module to better present errors when definition files are not foundexamples-guest-config
markdown_generator.ps1
script to better present local definition library