azurerm_role_management_policy New resource & data source

internal/services/authorization/client/client.go

@@ -15,6 +15,8 @@ import (
 	"github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2020-10-01/roleeligibilityscheduleinstances"
 	"github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2020-10-01/roleeligibilityschedulerequests"
 	"github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2020-10-01/roleeligibilityschedules"
+	"github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2020-10-01/rolemanagementpolicies"
+	"github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2020-10-01/rolemanagementpolicyassignments"
 	"github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-04-01/roleassignments"
 	"github.com/hashicorp/go-azure-sdk/resource-manager/authorization/2022-05-01-preview/roledefinitions"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/common"
@@ -28,6 +30,8 @@ type Client struct {
 	RoleEligibilityScheduleRequestClient   *roleeligibilityschedulerequests.RoleEligibilityScheduleRequestsClient
 	RoleEligibilityScheduleInstancesClient *roleeligibilityscheduleinstances.RoleEligibilityScheduleInstancesClient
 	RoleEligibilitySchedulesClient         *roleeligibilityschedules.RoleEligibilitySchedulesClient
+	RoleManagementPoliciesClient           *rolemanagementpolicies.RoleManagementPoliciesClient
+	RoleManagementPolicyAssignmentsClient  *rolemanagementpolicyassignments.RoleManagementPolicyAssignmentsClient
 	ScopedRoleAssignmentsClient            *roleassignments.RoleAssignmentsClient
 	ScopedRoleDefinitionsClient            *roledefinitions.RoleDefinitionsClient
 }
@@ -73,6 +77,18 @@ func NewClient(o *common.ClientOptions) (*Client, error) {
 	}
 	o.Configure(roleEligibilitySchedulesClient.Client, o.Authorizers.ResourceManager)
 
+	roleManagementPoliciesClient, err := rolemanagementpolicies.NewRoleManagementPoliciesClientWithBaseURI(o.Environment.ResourceManager)
+	if err != nil {
+		return nil, fmt.Errorf("creating roleManagementPoliciesClient: %+v", err)
+	}
+	o.Configure(roleManagementPoliciesClient.Client, o.Authorizers.ResourceManager)
+
+	roleManagementPolicyAssignmentClient, err := rolemanagementpolicyassignments.NewRoleManagementPolicyAssignmentsClientWithBaseURI(o.Environment.ResourceManager)
+	if err != nil {
+		return nil, fmt.Errorf("creating roleManagementPolicyAssignmentClient: %+v", err)
+	}
+	o.Configure(roleManagementPolicyAssignmentClient.Client, o.Authorizers.ResourceManager)
+
 	scopedRoleAssignmentsClient, err := roleassignments.NewRoleAssignmentsClientWithBaseURI(o.Environment.ResourceManager)
 	if err != nil {
 		return nil, fmt.Errorf("building Role Assignment Client:  %+v", err)
@@ -93,6 +109,8 @@ func NewClient(o *common.ClientOptions) (*Client, error) {
 		RoleEligibilityScheduleRequestClient:   roleEligibilityScheduleRequestClient,
 		RoleEligibilityScheduleInstancesClient: roleEligibilityScheduleInstancesClient,
 		RoleEligibilitySchedulesClient:         roleEligibilitySchedulesClient,
+		RoleManagementPoliciesClient:           roleManagementPoliciesClient,
+		RoleManagementPolicyAssignmentsClient:  roleManagementPolicyAssignmentClient,
 		ScopedRoleAssignmentsClient:            scopedRoleAssignmentsClient,
 		ScopedRoleDefinitionsClient:            scopedRoleDefinitionsClient,
 	}, nil

internal/services/authorization/parse/role_definition_resource_id.go

@@ -0,0 +1,58 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package parse
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/hashicorp/go-azure-helpers/resourcemanager/resourceids"
+)
+
+// Resource Manager Role Definition ID
+type RoleDefinitionResourceId struct {
+	RoleDefinitionId string
+	Scope            string
+}
+
+var _ resourceids.Id = RoleDefinitionResourceId{}
+
+func NewRoleDefinitionResourceId(roleDefinitionId, scope string) RoleDefinitionResourceId {
+	return RoleDefinitionResourceId{
+		RoleDefinitionId: roleDefinitionId,
+		Scope:            scope,
+	}
+}
+
+// ParseSubscriptionID parses 'input' into a RoleDefinitionResourceID
+func ParseRoleDefinitionResourceId(input string) (*RoleDefinitionResourceId, error) {
+	segments := strings.Split(input, "/providers/Microsoft.Authorization/roleDefinitions/")
+	switch {
+	case strings.HasPrefix(input, "/subscriptions/"):
+		return &RoleDefinitionResourceId{
+			Scope:            segments[0],
+			RoleDefinitionId: segments[1],
+		}, nil
+	case strings.HasPrefix(input, "/providers/"):
+		return &RoleDefinitionResourceId{
+			RoleDefinitionId: segments[0],
+		}, nil
+	default:
+		return nil, fmt.Errorf("could not parse Role Definition ID, invalid format %q", input)
+	}
+}
+
+func (id RoleDefinitionResourceId) ID() string {
+	return fmt.Sprintf("%s/providers/Microsoft.Authorization/roleDefinitions/%s", id.Scope, id.RoleDefinitionId)
+}
+
+func (id RoleDefinitionResourceId) String() string {
+	components := []string{
+		fmt.Sprintf("Role Definition ID: %q", id.RoleDefinitionId),
+	}
+	if id.Scope != "" {
+		components = append(components, fmt.Sprintf("Scope: %q", id.Scope))
+	}
+	return fmt.Sprintf("Role Definition (%s)", strings.Join(components, "\n"))
+}

internal/services/authorization/registration.go

@@ -48,6 +48,7 @@ func (r Registration) SupportedResources() map[string]*pluginsdk.Resource {
 func (r Registration) DataSources() []sdk.DataSource {
 	return []sdk.DataSource{
 		RoleDefinitionDataSource{},
+		RoleManagementPolicyDataSource{},
 	}
 }
 
@@ -57,6 +58,7 @@ func (r Registration) Resources() []sdk.Resource {
 		PimEligibleRoleAssignmentResource{},
 		RoleAssignmentMarketplaceResource{},
 		RoleDefinitionResource{},
+		RoleManagementPolicyResource{},
 	}
 	return resources
 }