`powerplatform_enterprise_policy`

[mattdot]

Description

A policy is a pointer to an Azure resource (like Azure Key Vault). Policies can be added to multiple environments, as long as those environments are in the same region. Environments in different regions will need separate policies.

Creating a resource must link the environment to an existing enterprise policy in Azure. Destroying a resource must unlink.

Resource

• Resource Name: powerplatform_enterprise_policy
• API documentation: https://{bapEndpoint}/providers/Microsoft.BusinessAppPlatform/platformapps/enterprisePolicies/{policyTypeInUrl}/{operationName}?&api-version={apiVersion}
  • https://github.com/microsoft/PowerApps-Samples/tree/master/powershell/enterprisePolicies
  • https://learn.microsoft.com/en-us/power-platform/admin/customer-managed-key#create-encryption-key-and-grant-access
  • https://learn.microsoft.com/en-us/power-platform/admin/vnet-support-setup-configure
  • https://learn.microsoft.com/en-us/azure/templates/microsoft.powerplatform/enterprisepolicies?pivots=deployment-language-terraform
• Estimated complexity/effort: moderate
• Related resources/data sources:

Potential Terraform Configuration

# Sample Terraform config that describes how the new resource might look.

resource "powerplatform_enterprise_policy" "network_injection" {
  environment_id = "<guid>"
  policy_type = "NetworkInjection"
  body = jsonencode({
    SystemId = var.arm_enterprise_policy_id
  })
}

resource "powerplatform_enterprise_policy" "customer_managed_key" {
  environment_id = "<guid>"
  policy_type = "Encryption"
  body = jsonencode({
    SystemId = var.arm_encrytpion_key_id
  })
}

Definition of Done

• [ ] Data Transfer Objects (dtos)
• [ ] Data Client functions
• [ ] Resource Implementation
• [ ] Resource Added to Provider
• [ ] Unit Tests for Happy Path
• [ ] Unit Tests for error path
• [ ] Acceptance Tests
• [ ] Example in the /examples folder
• [ ] Schema Documentation in code
• [ ] Updated auto-generated provider docs with make docs

Contributions

Do you plan to raise a PR to address this issue? YES / NO?

See the contributing guide for more information about what's expected for contributions.

[webstean]

I think, this is a vital addition to the provider, as it would be required by any non-trivial Power Platform implementation.

I'm not sure, why you need the json decode section, my recommendation would be:

# Sample Terraform config that describes how the new resource might look.

resource "powerplatform_enterprise_policy" "network_injection" {
  environment_id = "<guid>"
  policy_type = "NetworkInjection"
  policy_id = var.arm_enterprise_policy_id1
}

resource "powerplatform_enterprise_policy" "customer_managed_key" {
  environment_id = "<guid>"
  policy_type = "Encryption"
  policy_id = var.arm_enterprise_policy_id2
}

[ronmanthe]

I think, this is a vital addition to the provider, as it would be required by any non-trivial Power Platform implementation.

I'm not sure, why you need the json decode section, my recommendation would be:

# Sample Terraform config that describes how the new resource might look.

resource "powerplatform_enterprise_policy" "network_injection" {
  environment_id = "<guid>"
  policy_type = "NetworkInjection"
  policy_id = var.arm_enterprise_policy_id1
}

resource "powerplatform_enterprise_policy" "customer_managed_key" {
  environment_id = "<guid>"
  policy_type = "Encryption"
  policy_id = var.arm_enterprise_policy_id2
}

I second that! We are currently using terraform to build out our power platform environment and also need to use subnet injection.