Check definition version changes in policy set definition.

[anwather]

As above

[sdecker]

@anwather I was about to open a bug about version issues and curious if this entry covers the same intent. The issue I'm seeing is that EPAC only ever supports one version of a policy set. For example, if I update the policy to include new policy definitions, EPAC updates the existing policy set object and the old version is lost. It also completely ignores the properties.version and properties.versions[] values. Regardless of what we put for these in code when EPAC deploys they are always "1.0.0". On the assignment side definitionEntry.defintionVersion is ignored.

Is our use case the same as the intent of this issue or should I open a new bug?

[anwather]

@sdecker - The issue you have is a limitation of Azure Policy - it doesn't support multiple versions for custom policies. A bit of a pain but if I'm developing or updating a policy I normally tack a _v2 or similar onto the end of the definition name while testing. If I'm happy with the changes I normally just update the original policy and kill off the v2 version, you might like to keep them but up to you I guess.

This enhancement is to detect version changes for set definitions that are inline in the policy definition blocks.

[apybar]

I also had this on my radar - was hoping there would also be a way to check with deployed Policy Assignments and comparing the used definition there with the latest version of the non-deployed definition. However, this is not possible due to current limitations from Azure Policy.