Support for policy exemption

[beandrad]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Add a resource to create policy exemptions.

New or Affected Resource(s)

• azurerm_policy_exemption

Potential Terraform Configuration

# Copy-paste your Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key.
resource "azurerm_policy_exemption" "example" {
  name                 = "AllowExpensiveVM"
  scope                = "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster"
  exemption_category   = "Waiver"
  display_name         = "Exempt demo cluster"
  description          = "Exempt demo cluster from limit sku"
  expires_on           = "2050-01-01T00:00:00"
  policy_assignment_id = "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement"
  policy_definition_reference_ids = [
    "Limit_Skus"
  ]
}

References

The corresponding Rest API endpoints are described here.

The client in the Azure Go SDK can be found here.

[ekini]

What happened to #9392?

[ArcturusZhang]

What happened to #9392?

Hi @ekini we need to ensure that this resource would not receive breaking changes (at least big ones) since it comes from a preview api-version. I will reopen the PR once we get a proper reply from the corresponding Azure service team.

[VinceGall]

Also interested in this feature.

[kmcquade]

I will reopen the PR once we get a proper reply from the corresponding Azure service team.
@ArcturusZhang - did you get a reply from the Azure service team? Just wanted to follow up.

[ArcturusZhang]

I will reopen the PR once we get a proper reply from the corresponding Azure service team.
@ArcturusZhang - did you get a reply from the Azure service team? Just wanted to follow up.

Sorry I do not have any news to share about this resource right now. But I will put new comments here once I get any updates, thank you

[danielvca]

I`m also keen on this one... Need to implement policy exemptions to my TF project

[ArcturusZhang]

I`m also keen on this one... Need to implement policy exemptions to my TF project

We are waiting for the GA announcement of this new resource now.

[danielvca]

I`m also keen on this one... Need to implement policy exemptions to my TF project

We are waiting for the GA announcement of this new resource now.

Do you know if there's an ETA? Im implementing a workaround using poweshell and local-exec in TF... Not the best solution, but it`s kinda urgent for me to get this deplyed.

[ArcturusZhang]

Well, unfortunately I do not have an ETA for this right now... sorry about that...

[danielvca]

Well, unfortunately I do not have an ETA for this right now... sorry about that...

i noticed you closed your PR (#9392 ). Any reasons for that?

Also, thaks for replying to my comment.

[ArcturusZhang]

Well, unfortunately I do not have an ETA for this right now... sorry about that...

i noticed you closed your PR (#9392 ). Any reasons for that?

Also, thaks for replying to my comment.

I have to close it because we are planning to have it when it becomes GA

[jesseloudon]

Meanwhile... have released a module which leverages Terraform's resource group template deployment for managing policy exemptions via ARM template

https://registry.terraform.io/modules/globalbao/policy-exemptions/azurerm/latest

[qrilka]

The link to Rest API endpoint in the description should point to https://docs.microsoft.com/en-us/rest/api/policy/policy-exemptions (the current URL gives 404)

[richardlock]

It looks like Policy Exemptions are now GA.

[karishma-kohli]

I need to implement Policy exemptions in my project so I am very interested in this feature. Can anyone please tell if it's GA now?

[sean-keane25]

It appears the code changes for this have completed and a PR was open but it was never merged ?

#9392

[bubbletroubles]

This feature is now in GA - see confirmation via this commit from the MS product group

MicrosoftDocs/azure-docs@c6c17a7

[karishma-kohli]

I still dont see it in azurerm, so not GA yet I guess.

[bubbletroubles]

The capability is now GA from Microsoft - there is no Terraform AzureRM resource yet (previously it was waiting for the Microsoft capability to go GA, that has now happened, so this should be able to progress).

[karishma-kohli]

Ah ok!!! Waiting for them to add this capability to azurerm

[karishma-kohli]

@beandrad any info on when would policy exemptions be included in azurerm?

[mbfrahry]

This was just merged in #16293 and should go out in v3.2.0 of the provider!

[karishma-kohli]

That's great news. Thanks for the update @mbfrahry

[github-actions]

This functionality has been released in v3.2.0 of the Terraform Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.