terraform-provider-azurerm icon indicating copy to clipboard operation
terraform-provider-azurerm copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

feat: role management policy resource

Open josh-barker opened this issue 11 months ago • 6 comments

This PR creates a new resource - role management policy, which allows you to manage the settings for PIM roles on Azure Resources.

Replaces #20496

josh-barker avatar Sep 18 '23 06:09 josh-barker

hey @josh-barker

Chatting about this one internally / to give an update on this one - given that PIM spans both azuread and azurerm we're wanting to take a little time to evaluate this one more in-depth - @manicminer would be the person to look into that - but since this is waiting on design/thought I'm gonna add the thinking label to this one for the moment.

Thanks!

tombuildsstuff avatar Dec 07 '23 17:12 tombuildsstuff

Hey @tombuildsstuff , no worries. I added it in here as target is Azure resources and that's where the APIs are defined, but also understand from a consumer point of view PIM is a bit awkward if the resources are defined in azurerm and azuread.

Thanks for letting me know where things are up to. :)

josh-barker avatar Dec 12 '23 22:12 josh-barker

i thinks this would fix #23458 & consequently #22766

regardless of where this goes (azurerm azuread or a 3rd PIM specific provider) the community is anxiously awaiting this functionality as the https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/pim_eligible_role_assignment is effectively dead in the water for the most common use case of just in time PIM

drdamour avatar Jan 13 '24 16:01 drdamour

Bump would really like eyes on this... are we still thinking on this? @tombuildsstuff

srjennings avatar Mar 27 '24 18:03 srjennings

Bump here as well - any news on the thinking process? This would enable properly make usage of PIM in an automated way. @tombuildsstuff

ramonschopper avatar May 02 '24 08:05 ramonschopper

+1 Another bump here any ETA or further thoughts on this feature? @tombuildsstuff , @manicminer

haflidif avatar May 03 '24 08:05 haflidif

Hi @josh-barker, thanks for working on this and apologies for the delay in getting to this PR. I've looked through this and #25900 which duplicates this, and whilst I would normally defer to the earlier PR, #25900 is a bit more developed and also contains a matching data source. Therefore whilst I greatly appreciate your work on this, I'm going to close this for now in favor of #25900. Thank you again for your efforts on this PR.

manicminer avatar May 09 '24 20:05 manicminer

Hey @manicminer , no worries! Thanks for your explanation and it totally makes sense. Glad to see the feature get in!

josh-barker avatar May 12 '24 23:05 josh-barker