Policy
data class PolicyExemptionArgs(val assignmentScopeValidation: Output<Either<String, AssignmentScopeValidation>>? = null, val description: Output<String>? = null, val displayName: Output<String>? = null, val exemptionCategory: Output<Either<String, ExemptionCategory>>? = null, val expiresOn: Output<String>? = null, val metadata: Output<Any>? = null, val policyAssignmentId: Output<String>? = null, val policyDefinitionReferenceIds: Output<List<String>>? = null, val policyExemptionName: Output<String>? = null, val resourceSelectors: Output<List<ResourceSelectorArgs>>? = null, val scope: Output<String>? = null) : ConvertibleToJava<PolicyExemptionArgs>
The policy exemption. Uses Azure REST API version 2022-07-01-preview. In version 2.x of the Azure Native provider, it used API version 2022-07-01-preview. Other available API versions: 2020-07-01-preview, 2024-12-01-preview. These can be accessed by generating a local SDK package using the CLI command pulumi package add azure-native authorization [ApiVersion]. See the ../../../version-guide/#accessing-any-api-version-via-local-packages for details.
Example Usage
Create or update a policy exemption
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var policyExemption = new AzureNative.Authorization.PolicyExemption("policyExemption", new()
{
Description = "Exempt demo cluster from limit sku",
DisplayName = "Exempt demo cluster",
ExemptionCategory = AzureNative.Authorization.ExemptionCategory.Waiver,
Metadata = new Dictionary<string, object?>
{
["reason"] = "Temporary exemption for a expensive VM demo",
},
PolicyAssignmentId = "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement",
PolicyDefinitionReferenceIds = new[]
{
"Limit_Skus",
},
PolicyExemptionName = "DemoExpensiveVM",
Scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster",
});
});Content copied to clipboard
package main
import (
authorization "github.com/pulumi/pulumi-azure-native-sdk/authorization/v2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := authorization.NewPolicyExemption(ctx, "policyExemption", &authorization.PolicyExemptionArgs{
Description: pulumi.String("Exempt demo cluster from limit sku"),
DisplayName: pulumi.String("Exempt demo cluster"),
ExemptionCategory: pulumi.String(authorization.ExemptionCategoryWaiver),
Metadata: pulumi.Any(map[string]interface{}{
"reason": "Temporary exemption for a expensive VM demo",
}),
PolicyAssignmentId: pulumi.String("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement"),
PolicyDefinitionReferenceIds: pulumi.StringArray{
pulumi.String("Limit_Skus"),
},
PolicyExemptionName: pulumi.String("DemoExpensiveVM"),
Scope: pulumi.String("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster"),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.authorization.PolicyExemption;
import com.pulumi.azurenative.authorization.PolicyExemptionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var policyExemption = new PolicyExemption("policyExemption", PolicyExemptionArgs.builder()
.description("Exempt demo cluster from limit sku")
.displayName("Exempt demo cluster")
.exemptionCategory("Waiver")
.metadata(Map.of("reason", "Temporary exemption for a expensive VM demo"))
.policyAssignmentId("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement")
.policyDefinitionReferenceIds("Limit_Skus")
.policyExemptionName("DemoExpensiveVM")
.scope("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster")
.build());
}
}Content copied to clipboard
Create or update a policy exemption with resource selectors
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var policyExemption = new AzureNative.Authorization.PolicyExemption("policyExemption", new()
{
AssignmentScopeValidation = AzureNative.Authorization.AssignmentScopeValidation.Default,
Description = "Exempt demo cluster from limit sku",
DisplayName = "Exempt demo cluster",
ExemptionCategory = AzureNative.Authorization.ExemptionCategory.Waiver,
Metadata = new Dictionary<string, object?>
{
["reason"] = "Temporary exemption for a expensive VM demo",
},
PolicyAssignmentId = "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement",
PolicyDefinitionReferenceIds = new[]
{
"Limit_Skus",
},
PolicyExemptionName = "DemoExpensiveVM",
ResourceSelectors = new[]
{
new AzureNative.Authorization.Inputs.ResourceSelectorArgs
{
Name = "SDPRegions",
Selectors = new[]
{
new AzureNative.Authorization.Inputs.SelectorArgs
{
In = new[]
{
"eastus2euap",
"centraluseuap",
},
Kind = AzureNative.Authorization.SelectorKind.ResourceLocation,
},
},
},
},
Scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster",
});
});Content copied to clipboard
package main
import (
authorization "github.com/pulumi/pulumi-azure-native-sdk/authorization/v2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := authorization.NewPolicyExemption(ctx, "policyExemption", &authorization.PolicyExemptionArgs{
AssignmentScopeValidation: pulumi.String(authorization.AssignmentScopeValidationDefault),
Description: pulumi.String("Exempt demo cluster from limit sku"),
DisplayName: pulumi.String("Exempt demo cluster"),
ExemptionCategory: pulumi.String(authorization.ExemptionCategoryWaiver),
Metadata: pulumi.Any(map[string]interface{}{
"reason": "Temporary exemption for a expensive VM demo",
}),
PolicyAssignmentId: pulumi.String("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement"),
PolicyDefinitionReferenceIds: pulumi.StringArray{
pulumi.String("Limit_Skus"),
},
PolicyExemptionName: pulumi.String("DemoExpensiveVM"),
ResourceSelectors: authorization.ResourceSelectorArray{
&authorization.ResourceSelectorArgs{
Name: pulumi.String("SDPRegions"),
Selectors: authorization.SelectorArray{
&authorization.SelectorArgs{
In: pulumi.StringArray{
pulumi.String("eastus2euap"),
pulumi.String("centraluseuap"),
},
Kind: pulumi.String(authorization.SelectorKindResourceLocation),
},
},
},
},
Scope: pulumi.String("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster"),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.authorization.PolicyExemption;
import com.pulumi.azurenative.authorization.PolicyExemptionArgs;
import com.pulumi.azurenative.authorization.inputs.ResourceSelectorArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var policyExemption = new PolicyExemption("policyExemption", PolicyExemptionArgs.builder()
.assignmentScopeValidation("Default")
.description("Exempt demo cluster from limit sku")
.displayName("Exempt demo cluster")
.exemptionCategory("Waiver")
.metadata(Map.of("reason", "Temporary exemption for a expensive VM demo"))
.policyAssignmentId("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement")
.policyDefinitionReferenceIds("Limit_Skus")
.policyExemptionName("DemoExpensiveVM")
.resourceSelectors(ResourceSelectorArgs.builder()
.name("SDPRegions")
.selectors(SelectorArgs.builder()
.in(
"eastus2euap",
"centraluseuap")
.kind("resourceLocation")
.build())
.build())
.scope("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster")
.build());
}
}Content copied to clipboard
Import
An existing resource can be imported using its type token, name, and identifier, e.g.
$ pulumi import azure-native:authorization:PolicyExemption DemoExpensiveVM /{scope}/providers/Microsoft.Authorization/policyExemptions/{policyExemptionName}Content copied to clipboard
Constructors
Link copied to clipboard
constructor(assignmentScopeValidation: Output<Either<String, AssignmentScopeValidation>>? = null, description: Output<String>? = null, displayName: Output<String>? = null, exemptionCategory: Output<Either<String, ExemptionCategory>>? = null, expiresOn: Output<String>? = null, metadata: Output<Any>? = null, policyAssignmentId: Output<String>? = null, policyDefinitionReferenceIds: Output<List<String>>? = null, policyExemptionName: Output<String>? = null, resourceSelectors: Output<List<ResourceSelectorArgs>>? = null, scope: Output<String>? = null)
Properties
Link copied to clipboard
The option whether validate the exemption is at or under the assignment scope.
Link copied to clipboard
The description of the policy exemption.
Link copied to clipboard
The display name of the policy exemption.
Link copied to clipboard
The policy exemption category. Possible values are Waiver and Mitigated.
Link copied to clipboard
The ID of the policy assignment that is being exempted.
Link copied to clipboard
The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition.
Link copied to clipboard
The name of the policy exemption to delete.
Link copied to clipboard
The resource selector list to filter policies by resource properties.
Link copied to clipboard
The scope of the policy exemption. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{parentResourcePath}/{resourceType}/{resourceName}'