ISSUE TITLE: Kubernetes clusters should minimize wildcard use in role and cluster role policy does not support list of exclude clusterrole.
'PolicyName: Kubernetes clusters should minimize wildcard use in role and cluster role.
ISSUE DESCRIPTION (this template): Kubernetes clusters should minimize wildcard use in role and cluster role policy always show non compliance if you deploy cluster with calico plugin. Calico network plugin is aks managed add-on however tigera-operator cluster role does not under default exclusion list.
Details of the scenario you tried and the problem that is occurring
If you deploy AKS cluster with calico plugin, this wild card clusterrole policy alway show non-compliance state.
Details of the scenario you tried and the problem that is occurring
If you deploy AKS cluster with calico plugin, this wild card clusterrole policy alway show non-compliance state.
Verbose logs showing the problem
Suggested solution to the issue
Either policy need enhancement and support exclude clusterrole parameter, currently support only exclude namespace. Otherwise include https://store.policy.core.windows.net/kubernetes/block-wildcard-roles/v1/template.yaml With tigera-operator as AKS_MANAGED_CLUSTER_ROLE_NAMES.
If policy is Guest Configuration - details about target node