Add policy sample to restrict to aiservices kind (#350)

* deny connection variants

* include custom policy samples

* add sample

* fix sample

* fix missing var

Author: deeikele

samples/microsoft/infrastructure-setup-terraform/00-basic-azurerm/code/providers.tf

@@ -2,4 +2,5 @@
 provider "azurerm" {
   features {}
   storage_use_azuread = true
+  subscription_id = var.subscription_id
 }

samples/microsoft/infrastructure-setup-terraform/00-basic-azurerm/code/variables.tf

@@ -2,3 +2,7 @@ variable "location" {
   description = "The name of the location to provision the resources to"
   type        = string
 }
+
+variable "subscription_id" {
+  type = string
+}

samples/microsoft/infrastructure-setup-terraform/00-basic/code/providers.tf

@@ -1,3 +1,4 @@
 # Setup providers
 provider "azapi" {
+  subscription_id = var.subscription_id
 }

samples/microsoft/infrastructure-setup-terraform/00-basic/code/variables.tf

@@ -2,3 +2,7 @@ variable "location" {
   description = "The name of the location to provision the resources to"
   type        = string
 }
+
+variable "subscription_id" {
+  type = string
+}

samples/microsoft/infrastructure-setup/05-custom-policy-definitions/deny-non-foundry-resource-kinds.json

@@ -0,0 +1,30 @@
+{
+  "properties": {
+    "displayName": "Deny account kinds that do not support the full AI Foundry capabilities.",
+    "policyType": "Custom",
+    "mode": "All",
+    "description": "This policy denies the creation of account kinds that do not support the full AI Foundry capabilities.",
+    "version": "1.0.0",
+    "parameters": {},
+    "policyRule": {
+      "if": {
+        "allOf": [
+          {
+            "field": "type",
+            "equals": "Microsoft.CognitiveServices/accounts"
+          },
+          {
+            "field": "kind",
+            "notEquals": "AIServices"
+          }
+        ]
+      },
+      "then": {
+        "effect": "deny"
+      }
+    },
+    "versions": [
+      "1.0.0"
+    ]
+  }
+}