feat: role management policy resource

[josh-barker]

This PR creates a new resource - role management policy, which allows you to manage the settings for PIM roles on Azure Resources.

Replaces #20496

[tombuildsstuff]

hey @josh-barker

Chatting about this one internally / to give an update on this one - given that PIM spans both azuread and azurerm we're wanting to take a little time to evaluate this one more in-depth - @manicminer would be the person to look into that - but since this is waiting on design/thought I'm gonna add the thinking label to this one for the moment.

Thanks!

[josh-barker]

Hey @tombuildsstuff , no worries. I added it in here as target is Azure resources and that's where the APIs are defined, but also understand from a consumer point of view PIM is a bit awkward if the resources are defined in azurerm and azuread.

Thanks for letting me know where things are up to. :)

[drdamour]

i thinks this would fix #23458 & consequently #22766

regardless of where this goes (azurerm azuread or a 3rd PIM specific provider) the community is anxiously awaiting this functionality as the https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/pim_eligible_role_assignment is effectively dead in the water for the most common use case of just in time PIM

[srjennings]

Bump would really like eyes on this... are we still thinking on this? @tombuildsstuff

[ramonschopper]

Bump here as well - any news on the thinking process? This would enable properly make usage of PIM in an automated way. @tombuildsstuff

[haflidif]

+1 Another bump here any ETA or further thoughts on this feature? @tombuildsstuff , @manicminer

[manicminer]

Hi @josh-barker, thanks for working on this and apologies for the delay in getting to this PR. I've looked through this and #25900 which duplicates this, and whilst I would normally defer to the earlier PR, #25900 is a bit more developed and also contains a matching data source. Therefore whilst I greatly appreciate your work on this, I'm going to close this for now in favor of #25900. Thank you again for your efforts on this PR.

[josh-barker]

Hey @manicminer , no worries! Thanks for your explanation and it totally makes sense. Glad to see the feature get in!

[github-actions]

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.