assign policy to a managementgroup

[lawrenae]

This pull request adds the ability to optionally define a policy on a management group level. The existing functionality -- define on a subscription or resource group is still intact.

I've done so by adding management_group_id to azurerm_policy_definition. IE:

data "azurerm_management_group" "test" {
  group_id = "00000000-0000-0000-0000-000000000000"
}

resource "azurerm_policy_definition" "policy" {
  name         = "accTestPolicy"
  policy_type  = "Custom"
  mode         = "Indexed"
  display_name = "acceptance test policy definition"
  management_group_id = "${data.azurerm_management_group.test.id}"
...
}

btw, azurerm_policy_assignment will need no change to support this.

Feedback most welcome -- this is my first PR for the azurerm terraform provider

[tombuildsstuff]

hey @lawrenae

Thanks for this PR - apologies for the delayed review here!

I've taken a look through and left some comments inline but this mostly LGTM - if we can fix up the comments (and the tests pass) this should otherwise be good to merge 👍

Thanks!

[lawrenae]

@tombuildsstuff I've incorporated the feedback -- let me know what you think!

[katbyte]

Thanks for the updates @lawrenae, LGTM 👍

[katbyte]

tests pass:

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks!