Question about custom policies

[regel]

Hey 👋 thanks for sharing this terraform example. You have included custom policies. However, they are not used in main.tf so how to actually use them during provisioning?

[luizhlelis]

Hello @regel , that's a great question and I've searched for it when I started this project. Unfortunately, there is no way to use the azuread Terraform provider to manage Trust Framework Policy (custom policy) or to configure the User Flow. The reason is: the Terraform provider uses Microsoft Graph and the beta version in Microsoft Graph (which supports managing the Trust Framework policy and user flow) is in preview, see this opened issue from the official hashicorp repo. There are some alternatives to import the custom policy:

1. Manually import the xml file in the Azure portal (I chose this one 🥲);
2. You can import the custom policies automatically via ieftool, see this example;
3. Maybe, you can also try the beta version of Microsoft Graph directly, but I've never tried this before and there is a note from microsoft about that:

Important: APIs under the /beta version in Microsoft Graph are in preview and are subject to change. Use of these APIs in production applications is not supported.

I'll let this issue open, if Microsoft Graph or hashicorp launch any updates, I'm gonna update this project too.

[helvetia-regel]

Linked or not: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_policy

I'm not sure if the above allows for the definition of custom policies via their own XML files, or not.

The microsoft graph client has apparently been upgraded to support the upload of policies. It is used in Github action workflows, which sound like an acceptable alternative if terraform cannot write these custom policies.