Policy
data class PolicyAssignmentArgs(val description: Output<String>? = null, val displayName: Output<String>? = null, val enforcementMode: Output<Either<String, EnforcementMode>>? = null, val identity: Output<IdentityArgs>? = null, val location: Output<String>? = null, val metadata: Output<Any>? = null, val nonComplianceMessages: Output<List<NonComplianceMessageArgs>>? = null, val notScopes: Output<List<String>>? = null, val parameters: Output<Map<String, ParameterValuesValueArgs>>? = null, val policyAssignmentName: Output<String>? = null, val policyDefinitionId: Output<String>? = null, val scope: Output<String>? = null) : ConvertibleToJava<PolicyAssignmentArgs>
The policy assignment. API Version: 2020-09-01.
Example Usage
Create or update a policy assignment
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var policyAssignment = new AzureNative.Authorization.PolicyAssignment("policyAssignment", new()
{
Description = "Force resource names to begin with given DeptA and end with -LC",
DisplayName = "Enforce resource naming rules",
Metadata =
{
{ "assignedBy", "Special Someone" },
},
NonComplianceMessages = new[]
{
new AzureNative.Authorization.Inputs.NonComplianceMessageArgs
{
Message = "Resource names must start with 'DeptA' and end with '-LC'.",
},
},
Parameters =
{
{ "prefix", new AzureNative.Authorization.Inputs.ParameterValuesValueArgs
{
Value = "DeptA",
} },
{ "suffix", new AzureNative.Authorization.Inputs.ParameterValuesValueArgs
{
Value = "-LC",
} },
},
PolicyAssignmentName = "EnforceNaming",
PolicyDefinitionId = "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
Scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
});
});Content copied to clipboard
package main
import (
authorization "github.com/pulumi/pulumi-azure-native-sdk/authorization"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := authorization.NewPolicyAssignment(ctx, "policyAssignment", &authorization.PolicyAssignmentArgs{
Description: pulumi.String("Force resource names to begin with given DeptA and end with -LC"),
DisplayName: pulumi.String("Enforce resource naming rules"),
Metadata: pulumi.Any{
AssignedBy: "Special Someone",
},
NonComplianceMessages: []authorization.NonComplianceMessageArgs{
{
Message: pulumi.String("Resource names must start with 'DeptA' and end with '-LC'."),
},
},
Parameters: authorization.ParameterValuesValueMap{
"prefix": &authorization.ParameterValuesValueArgs{
Value: pulumi.Any("DeptA"),
},
"suffix": &authorization.ParameterValuesValueArgs{
Value: pulumi.Any("-LC"),
},
},
PolicyAssignmentName: pulumi.String("EnforceNaming"),
PolicyDefinitionId: pulumi.String("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
Scope: pulumi.String("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.authorization.PolicyAssignment;
import com.pulumi.azurenative.authorization.PolicyAssignmentArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var policyAssignment = new PolicyAssignment("policyAssignment", PolicyAssignmentArgs.builder()
.description("Force resource names to begin with given DeptA and end with -LC")
.displayName("Enforce resource naming rules")
.metadata(Map.of("assignedBy", "Special Someone"))
.nonComplianceMessages(Map.of("message", "Resource names must start with 'DeptA' and end with '-LC'."))
.parameters(Map.ofEntries(
Map.entry("prefix", Map.of("value", "DeptA")),
Map.entry("suffix", Map.of("value", "-LC"))
))
.policyAssignmentName("EnforceNaming")
.policyDefinitionId("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming")
.scope("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2")
.build());
}
}Content copied to clipboard
Create or update a policy assignment with a managed identity
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var policyAssignment = new AzureNative.Authorization.PolicyAssignment("policyAssignment", new()
{
Description = "Force resource names to begin with given DeptA and end with -LC",
DisplayName = "Enforce resource naming rules",
EnforcementMode = "Default",
Identity = new AzureNative.Authorization.Inputs.IdentityArgs
{
Type = AzureNative.Authorization.ResourceIdentityType.SystemAssigned,
},
Location = "eastus",
Metadata =
{
{ "assignedBy", "Foo Bar" },
},
Parameters =
{
{ "prefix", new AzureNative.Authorization.Inputs.ParameterValuesValueArgs
{
Value = "DeptA",
} },
{ "suffix", new AzureNative.Authorization.Inputs.ParameterValuesValueArgs
{
Value = "-LC",
} },
},
PolicyAssignmentName = "EnforceNaming",
PolicyDefinitionId = "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
Scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
});
});Content copied to clipboard
package main
import (
authorization "github.com/pulumi/pulumi-azure-native-sdk/authorization"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := authorization.NewPolicyAssignment(ctx, "policyAssignment", &authorization.PolicyAssignmentArgs{
Description: pulumi.String("Force resource names to begin with given DeptA and end with -LC"),
DisplayName: pulumi.String("Enforce resource naming rules"),
EnforcementMode: pulumi.String("Default"),
Identity: &authorization.IdentityArgs{
Type: authorization.ResourceIdentityTypeSystemAssigned,
},
Location: pulumi.String("eastus"),
Metadata: pulumi.Any{
AssignedBy: "Foo Bar",
},
Parameters: authorization.ParameterValuesValueMap{
"prefix": &authorization.ParameterValuesValueArgs{
Value: pulumi.Any("DeptA"),
},
"suffix": &authorization.ParameterValuesValueArgs{
Value: pulumi.Any("-LC"),
},
},
PolicyAssignmentName: pulumi.String("EnforceNaming"),
PolicyDefinitionId: pulumi.String("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
Scope: pulumi.String("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.authorization.PolicyAssignment;
import com.pulumi.azurenative.authorization.PolicyAssignmentArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var policyAssignment = new PolicyAssignment("policyAssignment", PolicyAssignmentArgs.builder()
.description("Force resource names to begin with given DeptA and end with -LC")
.displayName("Enforce resource naming rules")
.enforcementMode("Default")
.identity(Map.of("type", "SystemAssigned"))
.location("eastus")
.metadata(Map.of("assignedBy", "Foo Bar"))
.parameters(Map.ofEntries(
Map.entry("prefix", Map.of("value", "DeptA")),
Map.entry("suffix", Map.of("value", "-LC"))
))
.policyAssignmentName("EnforceNaming")
.policyDefinitionId("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming")
.scope("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2")
.build());
}
}Content copied to clipboard
Create or update a policy assignment with multiple non-compliance messages
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var policyAssignment = new AzureNative.Authorization.PolicyAssignment("policyAssignment", new()
{
DisplayName = "Enforce security policies",
NonComplianceMessages = new[]
{
new AzureNative.Authorization.Inputs.NonComplianceMessageArgs
{
Message = "Resources must comply with all internal security policies. See <internal site URL> for more info.",
},
new AzureNative.Authorization.Inputs.NonComplianceMessageArgs
{
Message = "Resource names must start with 'DeptA' and end with '-LC'.",
PolicyDefinitionReferenceId = "10420126870854049575",
},
new AzureNative.Authorization.Inputs.NonComplianceMessageArgs
{
Message = "Storage accounts must have firewall rules configured.",
PolicyDefinitionReferenceId = "8572513655450389710",
},
},
PolicyAssignmentName = "securityInitAssignment",
PolicyDefinitionId = "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/securityInitiative",
Scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
});
});Content copied to clipboard
package main
import (
authorization "github.com/pulumi/pulumi-azure-native-sdk/authorization"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := authorization.NewPolicyAssignment(ctx, "policyAssignment", &authorization.PolicyAssignmentArgs{
DisplayName: pulumi.String("Enforce security policies"),
NonComplianceMessages: []authorization.NonComplianceMessageArgs{
{
Message: pulumi.String("Resources must comply with all internal security policies. See <internal site URL> for more info."),
},
{
Message: pulumi.String("Resource names must start with 'DeptA' and end with '-LC'."),
PolicyDefinitionReferenceId: pulumi.String("10420126870854049575"),
},
{
Message: pulumi.String("Storage accounts must have firewall rules configured."),
PolicyDefinitionReferenceId: pulumi.String("8572513655450389710"),
},
},
PolicyAssignmentName: pulumi.String("securityInitAssignment"),
PolicyDefinitionId: pulumi.String("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/securityInitiative"),
Scope: pulumi.String("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.authorization.PolicyAssignment;
import com.pulumi.azurenative.authorization.PolicyAssignmentArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var policyAssignment = new PolicyAssignment("policyAssignment", PolicyAssignmentArgs.builder()
.displayName("Enforce security policies")
.nonComplianceMessages(
Map.of("message", "Resources must comply with all internal security policies. See <internal site URL> for more info."),
Map.ofEntries(
Map.entry("message", "Resource names must start with 'DeptA' and end with '-LC'."),
Map.entry("policyDefinitionReferenceId", "10420126870854049575")
),
Map.ofEntries(
Map.entry("message", "Storage accounts must have firewall rules configured."),
Map.entry("policyDefinitionReferenceId", "8572513655450389710")
))
.policyAssignmentName("securityInitAssignment")
.policyDefinitionId("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/securityInitiative")
.scope("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2")
.build());
}
}Content copied to clipboard
Create or update a policy assignment without enforcing policy effect during resource creation or update.
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var policyAssignment = new AzureNative.Authorization.PolicyAssignment("policyAssignment", new()
{
Description = "Force resource names to begin with given DeptA and end with -LC",
DisplayName = "Enforce resource naming rules",
EnforcementMode = "DoNotEnforce",
Metadata =
{
{ "assignedBy", "Special Someone" },
},
Parameters =
{
{ "prefix", new AzureNative.Authorization.Inputs.ParameterValuesValueArgs
{
Value = "DeptA",
} },
{ "suffix", new AzureNative.Authorization.Inputs.ParameterValuesValueArgs
{
Value = "-LC",
} },
},
PolicyAssignmentName = "EnforceNaming",
PolicyDefinitionId = "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
Scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
});
});Content copied to clipboard
package main
import (
authorization "github.com/pulumi/pulumi-azure-native-sdk/authorization"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := authorization.NewPolicyAssignment(ctx, "policyAssignment", &authorization.PolicyAssignmentArgs{
Description: pulumi.String("Force resource names to begin with given DeptA and end with -LC"),
DisplayName: pulumi.String("Enforce resource naming rules"),
EnforcementMode: pulumi.String("DoNotEnforce"),
Metadata: pulumi.Any{
AssignedBy: "Special Someone",
},
Parameters: authorization.ParameterValuesValueMap{
"prefix": &authorization.ParameterValuesValueArgs{
Value: pulumi.Any("DeptA"),
},
"suffix": &authorization.ParameterValuesValueArgs{
Value: pulumi.Any("-LC"),
},
},
PolicyAssignmentName: pulumi.String("EnforceNaming"),
PolicyDefinitionId: pulumi.String("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
Scope: pulumi.String("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.authorization.PolicyAssignment;
import com.pulumi.azurenative.authorization.PolicyAssignmentArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var policyAssignment = new PolicyAssignment("policyAssignment", PolicyAssignmentArgs.builder()
.description("Force resource names to begin with given DeptA and end with -LC")
.displayName("Enforce resource naming rules")
.enforcementMode("DoNotEnforce")
.metadata(Map.of("assignedBy", "Special Someone"))
.parameters(Map.ofEntries(
Map.entry("prefix", Map.of("value", "DeptA")),
Map.entry("suffix", Map.of("value", "-LC"))
))
.policyAssignmentName("EnforceNaming")
.policyDefinitionId("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming")
.scope("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2")
.build());
}
}Content copied to clipboard
Import
An existing resource can be imported using its type token, name, and identifier, e.g.
$ pulumi import azure-native:authorization:PolicyAssignment EnforceNaming /subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNamingContent copied to clipboard
Constructors
Link copied to clipboard
constructor(description: Output<String>? = null, displayName: Output<String>? = null, enforcementMode: Output<Either<String, EnforcementMode>>? = null, identity: Output<IdentityArgs>? = null, location: Output<String>? = null, metadata: Output<Any>? = null, nonComplianceMessages: Output<List<NonComplianceMessageArgs>>? = null, notScopes: Output<List<String>>? = null, parameters: Output<Map<String, ParameterValuesValueArgs>>? = null, policyAssignmentName: Output<String>? = null, policyDefinitionId: Output<String>? = null, scope: Output<String>? = null)
Properties
Link copied to clipboard
This message will be part of response in case of policy violation.
Link copied to clipboard
The display name of the policy assignment.
Link copied to clipboard
The policy assignment enforcement mode. Possible values are Default and DoNotEnforce.
Link copied to clipboard
The managed identity associated with the policy assignment.
Link copied to clipboard
The messages that describe why a resource is non-compliant with the policy.
Link copied to clipboard
The parameter values for the assigned policy rule. The keys are the parameter names.
Link copied to clipboard
The name of the policy assignment.
Link copied to clipboard
The ID of the policy definition or policy set definition being assigned.
Link copied to clipboard
The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{parentResourcePath}/{resourceType}/{resourceName}'