pulumi-azure-native-kotlin/com.pulumi.azurenative.security.kotlin/GovernanceRuleArgs

GovernanceRuleArgs

data class GovernanceRuleArgs(val description: Output<String>? = null, val displayName: Output<String>? = null, val excludedScopes: Output<List<String>>? = null, val governanceEmailNotification: Output<GovernanceRuleEmailNotificationArgs>? = null, val includeMemberScopes: Output<Boolean>? = null, val isDisabled: Output<Boolean>? = null, val isGracePeriod: Output<Boolean>? = null, val ownerSource: Output<GovernanceRuleOwnerSourceArgs>? = null, val remediationTimeframe: Output<String>? = null, val ruleId: Output<String>? = null, val rulePriority: Output<Int>? = null, val ruleType: Output<Either<String, GovernanceRuleType>>? = null, val scope: Output<String>? = null, val sourceResourceType: Output<Either<String, GovernanceRuleSourceResourceType>>? = null) : ConvertibleToJava<GovernanceRuleArgs>

Governance rule over a given scope Azure REST API version: 2022-01-01-preview.

Example Usage

Create or update governance rule over management group scope

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
    var governanceRule = new AzureNative.Security.GovernanceRule("governanceRule", new()
    {
        Description = "A rule for a management group",
        DisplayName = "Management group rule",
        ExcludedScopes = new[]
        {
            "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23",
        },
        GovernanceEmailNotification = new AzureNative.Security.Inputs.GovernanceRuleEmailNotificationArgs
        {
            DisableManagerEmailNotification = true,
            DisableOwnerEmailNotification = false,
        },
        IsDisabled = false,
        IsGracePeriod = true,
        OwnerSource = new AzureNative.Security.Inputs.GovernanceRuleOwnerSourceArgs
        {
            Type = "Manually",
            Value = "user@contoso.com",
        },
        RemediationTimeframe = "7.00:00:00",
        RuleId = "ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
        RulePriority = 200,
        RuleType = "Integrated",
        Scope = "providers/Microsoft.Management/managementGroups/contoso",
        SourceResourceType = "Assessments",
    });
});
Content copied to clipboard
package main
import (
	"github.com/pulumi/pulumi-azure-native-sdk/security/v2"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := security.NewGovernanceRule(ctx, "governanceRule", &security.GovernanceRuleArgs{
			Description: pulumi.String("A rule for a management group"),
			DisplayName: pulumi.String("Management group rule"),
			ExcludedScopes: pulumi.StringArray{
				pulumi.String("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23"),
			},
			GovernanceEmailNotification: &security.GovernanceRuleEmailNotificationArgs{
				DisableManagerEmailNotification: pulumi.Bool(true),
				DisableOwnerEmailNotification:   pulumi.Bool(false),
			},
			IsDisabled:    pulumi.Bool(false),
			IsGracePeriod: pulumi.Bool(true),
			OwnerSource: &security.GovernanceRuleOwnerSourceArgs{
				Type:  pulumi.String("Manually"),
				Value: pulumi.String("user@contoso.com"),
			},
			RemediationTimeframe: pulumi.String("7.00:00:00"),
			RuleId:               pulumi.String("ad9a8e26-29d9-4829-bb30-e597a58cdbb8"),
			RulePriority:         pulumi.Int(200),
			RuleType:             pulumi.String("Integrated"),
			Scope:                pulumi.String("providers/Microsoft.Management/managementGroups/contoso"),
			SourceResourceType:   pulumi.String("Assessments"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.security.GovernanceRule;
import com.pulumi.azurenative.security.GovernanceRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var governanceRule = new GovernanceRule("governanceRule", GovernanceRuleArgs.builder()
            .description("A rule for a management group")
            .displayName("Management group rule")
            .excludedScopes("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23")
            .governanceEmailNotification(Map.ofEntries(
                Map.entry("disableManagerEmailNotification", true),
                Map.entry("disableOwnerEmailNotification", false)
            ))
            .isDisabled(false)
            .isGracePeriod(true)
            .ownerSource(Map.ofEntries(
                Map.entry("type", "Manually"),
                Map.entry("value", "user@contoso.com")
            ))
            .remediationTimeframe("7.00:00:00")
            .ruleId("ad9a8e26-29d9-4829-bb30-e597a58cdbb8")
            .rulePriority(200)
            .ruleType("Integrated")
            .scope("providers/Microsoft.Management/managementGroups/contoso")
            .sourceResourceType("Assessments")
            .build());
    }
}
Content copied to clipboard

Create or update governance rule over security connector scope

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
    var governanceRule = new AzureNative.Security.GovernanceRule("governanceRule", new()
    {
        Description = "A rule on critical GCP recommendations",
        DisplayName = "GCP Admin's rule",
        GovernanceEmailNotification = new AzureNative.Security.Inputs.GovernanceRuleEmailNotificationArgs
        {
            DisableManagerEmailNotification = true,
            DisableOwnerEmailNotification = false,
        },
        IsDisabled = false,
        IsGracePeriod = true,
        OwnerSource = new AzureNative.Security.Inputs.GovernanceRuleOwnerSourceArgs
        {
            Type = "Manually",
            Value = "user@contoso.com",
        },
        RemediationTimeframe = "7.00:00:00",
        RuleId = "ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
        RulePriority = 200,
        RuleType = "Integrated",
        Scope = "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector",
        SourceResourceType = "Assessments",
    });
});
Content copied to clipboard
package main
import (
	"github.com/pulumi/pulumi-azure-native-sdk/security/v2"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := security.NewGovernanceRule(ctx, "governanceRule", &security.GovernanceRuleArgs{
			Description: pulumi.String("A rule on critical GCP recommendations"),
			DisplayName: pulumi.String("GCP Admin's rule"),
			GovernanceEmailNotification: &security.GovernanceRuleEmailNotificationArgs{
				DisableManagerEmailNotification: pulumi.Bool(true),
				DisableOwnerEmailNotification:   pulumi.Bool(false),
			},
			IsDisabled:    pulumi.Bool(false),
			IsGracePeriod: pulumi.Bool(true),
			OwnerSource: &security.GovernanceRuleOwnerSourceArgs{
				Type:  pulumi.String("Manually"),
				Value: pulumi.String("user@contoso.com"),
			},
			RemediationTimeframe: pulumi.String("7.00:00:00"),
			RuleId:               pulumi.String("ad9a8e26-29d9-4829-bb30-e597a58cdbb8"),
			RulePriority:         pulumi.Int(200),
			RuleType:             pulumi.String("Integrated"),
			Scope:                pulumi.String("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector"),
			SourceResourceType:   pulumi.String("Assessments"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.security.GovernanceRule;
import com.pulumi.azurenative.security.GovernanceRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var governanceRule = new GovernanceRule("governanceRule", GovernanceRuleArgs.builder()
            .description("A rule on critical GCP recommendations")
            .displayName("GCP Admin's rule")
            .governanceEmailNotification(Map.ofEntries(
                Map.entry("disableManagerEmailNotification", true),
                Map.entry("disableOwnerEmailNotification", false)
            ))
            .isDisabled(false)
            .isGracePeriod(true)
            .ownerSource(Map.ofEntries(
                Map.entry("type", "Manually"),
                Map.entry("value", "user@contoso.com")
            ))
            .remediationTimeframe("7.00:00:00")
            .ruleId("ad9a8e26-29d9-4829-bb30-e597a58cdbb8")
            .rulePriority(200)
            .ruleType("Integrated")
            .scope("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector")
            .sourceResourceType("Assessments")
            .build());
    }
}
Content copied to clipboard

Create or update governance rule over subscription scope

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
    var governanceRule = new AzureNative.Security.GovernanceRule("governanceRule", new()
    {
        Description = "A rule for critical recommendations",
        DisplayName = "Admin's rule",
        GovernanceEmailNotification = new AzureNative.Security.Inputs.GovernanceRuleEmailNotificationArgs
        {
            DisableManagerEmailNotification = false,
            DisableOwnerEmailNotification = false,
        },
        IsDisabled = false,
        IsGracePeriod = true,
        OwnerSource = new AzureNative.Security.Inputs.GovernanceRuleOwnerSourceArgs
        {
            Type = "Manually",
            Value = "user@contoso.com",
        },
        RemediationTimeframe = "7.00:00:00",
        RuleId = "ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
        RulePriority = 200,
        RuleType = "Integrated",
        Scope = "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23",
        SourceResourceType = "Assessments",
    });
});
Content copied to clipboard
package main
import (
	"github.com/pulumi/pulumi-azure-native-sdk/security/v2"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := security.NewGovernanceRule(ctx, "governanceRule", &security.GovernanceRuleArgs{
			Description: pulumi.String("A rule for critical recommendations"),
			DisplayName: pulumi.String("Admin's rule"),
			GovernanceEmailNotification: &security.GovernanceRuleEmailNotificationArgs{
				DisableManagerEmailNotification: pulumi.Bool(false),
				DisableOwnerEmailNotification:   pulumi.Bool(false),
			},
			IsDisabled:    pulumi.Bool(false),
			IsGracePeriod: pulumi.Bool(true),
			OwnerSource: &security.GovernanceRuleOwnerSourceArgs{
				Type:  pulumi.String("Manually"),
				Value: pulumi.String("user@contoso.com"),
			},
			RemediationTimeframe: pulumi.String("7.00:00:00"),
			RuleId:               pulumi.String("ad9a8e26-29d9-4829-bb30-e597a58cdbb8"),
			RulePriority:         pulumi.Int(200),
			RuleType:             pulumi.String("Integrated"),
			Scope:                pulumi.String("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23"),
			SourceResourceType:   pulumi.String("Assessments"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.security.GovernanceRule;
import com.pulumi.azurenative.security.GovernanceRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var governanceRule = new GovernanceRule("governanceRule", GovernanceRuleArgs.builder()
            .description("A rule for critical recommendations")
            .displayName("Admin's rule")
            .governanceEmailNotification(Map.ofEntries(
                Map.entry("disableManagerEmailNotification", false),
                Map.entry("disableOwnerEmailNotification", false)
            ))
            .isDisabled(false)
            .isGracePeriod(true)
            .ownerSource(Map.ofEntries(
                Map.entry("type", "Manually"),
                Map.entry("value", "user@contoso.com")
            ))
            .remediationTimeframe("7.00:00:00")
            .ruleId("ad9a8e26-29d9-4829-bb30-e597a58cdbb8")
            .rulePriority(200)
            .ruleType("Integrated")
            .scope("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23")
            .sourceResourceType("Assessments")
            .build());
    }
}
Content copied to clipboard

Import

An existing resource can be imported using its type token, name, and identifier, e.g.

$ pulumi import azure-native:security:GovernanceRule ad9a8e26-29d9-4829-bb30-e597a58cdbb8 /{scope}/providers/Microsoft.Security/governanceRules/{ruleId}
Content copied to clipboard

Constructors

Link copied to clipboard
fun GovernanceRuleArgs(description: Output<String>? = null, displayName: Output<String>? = null, excludedScopes: Output<List<String>>? = null, governanceEmailNotification: Output<GovernanceRuleEmailNotificationArgs>? = null, includeMemberScopes: Output<Boolean>? = null, isDisabled: Output<Boolean>? = null, isGracePeriod: Output<Boolean>? = null, ownerSource: Output<GovernanceRuleOwnerSourceArgs>? = null, remediationTimeframe: Output<String>? = null, ruleId: Output<String>? = null, rulePriority: Output<Int>? = null, ruleType: Output<Either<String, GovernanceRuleType>>? = null, scope: Output<String>? = null, sourceResourceType: Output<Either<String, GovernanceRuleSourceResourceType>>? = null)

Functions

Link copied to clipboard
open override fun toJava(): GovernanceRuleArgs

Properties

Link copied to clipboard
val description: Output<String>? = null

Description of the governance rule

Link copied to clipboard
val displayName: Output<String>? = null

Display name of the governance rule

Link copied to clipboard
val excludedScopes: Output<List<String>>? = null

Excluded scopes, filter out the descendants of the scope (on management scopes)

Link copied to clipboard
val governanceEmailNotification: Output<GovernanceRuleEmailNotificationArgs>? = null

The email notifications settings for the governance rule, states whether to disable notifications for mangers and owners

Link copied to clipboard
val includeMemberScopes: Output<Boolean>? = null

Defines whether the rule is management scope rule (master connector as a single scope or management scope)

Link copied to clipboard
val isDisabled: Output<Boolean>? = null

Defines whether the rule is active/inactive

Link copied to clipboard
val isGracePeriod: Output<Boolean>? = null

Defines whether there is a grace period on the governance rule

Link copied to clipboard
val ownerSource: Output<GovernanceRuleOwnerSourceArgs>? = null

The owner source for the governance rule - e.g. Manually by user@contoso.com - see example

Link copied to clipboard
val remediationTimeframe: Output<String>? = null

Governance rule remediation timeframe - this is the time that will affect on the grace-period duration e.g. 7.00:00:00 - means 7 days

Link copied to clipboard
val ruleId: Output<String>? = null

The governance rule key - unique key for the standard governance rule (GUID)

Link copied to clipboard
val rulePriority: Output<Int>? = null

The governance rule priority, priority to the lower number. Rules with the same priority on the same scope will not be allowed

Link copied to clipboard
val ruleType: Output<Either<String, GovernanceRuleType>>? = null

The rule type of the governance rule, defines the source of the rule e.g. Integrated

Link copied to clipboard
val scope: Output<String>? = null

The scope of the Governance rules. Valid scopes are: management group (format: 'providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: 'subscriptions/{subscriptionId}'), or security connector (format: 'subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/securityConnectors/{securityConnectorName})'

Link copied to clipboard
val sourceResourceType: Output<Either<String, GovernanceRuleSourceResourceType>>? = null

The governance rule source, what the rule affects, e.g. Assessments