feat: create azurerm_pim_active_role_assignment and azurerm_pim_eligible_role_assignment resource

[josh-barker]

This PR creates 2 x resources for Azure PIM role assignments - eligible and active

It relates to #20496

There is a test case that depends on the above PR so that the role settings can be set to allow permanent assignments.

FYI @manicminer

[katbyte]

@josh-barker & @ealdaon - we are currently waiting on some AAD licences so we can properly test this, hopefully within the next few weeks

[katbyte]

Ran the tests today and they are failing with:

  Error: retrieving Role Management Policy: (Principal Id "3aa04c8c-5a75-4e5e-9117-1b7cf6f33e21" / Scope "/subscriptions/*******/resourceGroups/acctestRG-230614155046681271/providers/Microsoft.Network/virtualNetworks/amtestVNET1-230614155046681271" / Role Definition Id "/subscriptions/*******/providers/Microsoft.Authorization/roleDefinitions/3e5e47e6-65f7-47ef-90b5-e5dd4d455f24"): roleassignmentschedulerequests.RoleAssignmentScheduleRequestsClient#Get: Failure responding to request: StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="InsufficientPermissions" Message="The requestor 3aa04c8c-5a75-4e5e-9117-1b7cf6f33e21 does not have permissions for this request. Please use $filter=asTarget() to filter on the requestor's assignments."

not sure if this is something we can configure/fix in the test config?

[josh-barker]

Hey @katbyte , I've run some tests and have found that the service principal needs either Owner or
User Access Administrator + Contributor, as it is creating resources & role assignments.

I saw the same error as you when it didn't have those permissions.

Let me know if you need anything else!

[katbyte]

Thanks @josh-barker - we've got the tests passing now so LGTM! 🏗️

[katbyte]

Was doing one last skim and spotted one minor charge we should make: ticket block properties can drop the ticket_ otherwise we would have ticket.ticket_*
once thats done this should be good to merge for this weeks release

[josh-barker]

Hey @katbyte , I had to rebase from main and update some of the code to match the latest sdk generation. Let me know if you need any more adjustments on that.

Thanks!

[katbyte]

Thanks @josh-barker ! LGTM now 🌩️

[josh-barker]

Thanks @katbyte & @manicminer for your help on this one!!

[github-actions]

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.