pulumi-azure-native-kotlin/com.pulumi.azurenative.authorization.kotlin/PolicyExemption

PolicyExemption

class PolicyExemption : KotlinCustomResource

The policy exemption. Uses Azure REST API version 2022-07-01-preview. In version 2.x of the Azure Native provider, it used API version 2022-07-01-preview. Other available API versions: 2020-07-01-preview, 2024-12-01-preview. These can be accessed by generating a local SDK package using the CLI command pulumi package add azure-native authorization [ApiVersion]. See the ../../../version-guide/#accessing-any-api-version-via-local-packages for details.

Example Usage

Create or update a policy exemption

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
    var policyExemption = new AzureNative.Authorization.PolicyExemption("policyExemption", new()
    {
        Description = "Exempt demo cluster from limit sku",
        DisplayName = "Exempt demo cluster",
        ExemptionCategory = AzureNative.Authorization.ExemptionCategory.Waiver,
        Metadata = new Dictionary<string, object?>
        {
            ["reason"] = "Temporary exemption for a expensive VM demo",
        },
        PolicyAssignmentId = "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement",
        PolicyDefinitionReferenceIds = new[]
        {
            "Limit_Skus",
        },
        PolicyExemptionName = "DemoExpensiveVM",
        Scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster",
    });
});
Content copied to clipboard
package main
import (
	authorization "github.com/pulumi/pulumi-azure-native-sdk/authorization/v3"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := authorization.NewPolicyExemption(ctx, "policyExemption", &authorization.PolicyExemptionArgs{
			Description:       pulumi.String("Exempt demo cluster from limit sku"),
			DisplayName:       pulumi.String("Exempt demo cluster"),
			ExemptionCategory: pulumi.String(authorization.ExemptionCategoryWaiver),
			Metadata: pulumi.Any(map[string]interface{}{
				"reason": "Temporary exemption for a expensive VM demo",
			}),
			PolicyAssignmentId: pulumi.String("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement"),
			PolicyDefinitionReferenceIds: pulumi.StringArray{
				pulumi.String("Limit_Skus"),
			},
			PolicyExemptionName: pulumi.String("DemoExpensiveVM"),
			Scope:               pulumi.String("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.authorization.PolicyExemption;
import com.pulumi.azurenative.authorization.PolicyExemptionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var policyExemption = new PolicyExemption("policyExemption", PolicyExemptionArgs.builder()
            .description("Exempt demo cluster from limit sku")
            .displayName("Exempt demo cluster")
            .exemptionCategory("Waiver")
            .metadata(Map.of("reason", "Temporary exemption for a expensive VM demo"))
            .policyAssignmentId("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement")
            .policyDefinitionReferenceIds("Limit_Skus")
            .policyExemptionName("DemoExpensiveVM")
            .scope("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster")
            .build());
    }
}
Content copied to clipboard

Create or update a policy exemption with resource selectors

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
    var policyExemption = new AzureNative.Authorization.PolicyExemption("policyExemption", new()
    {
        AssignmentScopeValidation = AzureNative.Authorization.AssignmentScopeValidation.Default,
        Description = "Exempt demo cluster from limit sku",
        DisplayName = "Exempt demo cluster",
        ExemptionCategory = AzureNative.Authorization.ExemptionCategory.Waiver,
        Metadata = new Dictionary<string, object?>
        {
            ["reason"] = "Temporary exemption for a expensive VM demo",
        },
        PolicyAssignmentId = "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement",
        PolicyDefinitionReferenceIds = new[]
        {
            "Limit_Skus",
        },
        PolicyExemptionName = "DemoExpensiveVM",
        ResourceSelectors = new[]
        {
            new AzureNative.Authorization.Inputs.ResourceSelectorArgs
            {
                Name = "SDPRegions",
                Selectors = new[]
                {
                    new AzureNative.Authorization.Inputs.SelectorArgs
                    {
                        In = new[]
                        {
                            "eastus2euap",
                            "centraluseuap",
                        },
                        Kind = AzureNative.Authorization.SelectorKind.ResourceLocation,
                    },
                },
            },
        },
        Scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster",
    });
});
Content copied to clipboard
package main
import (
	authorization "github.com/pulumi/pulumi-azure-native-sdk/authorization/v3"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := authorization.NewPolicyExemption(ctx, "policyExemption", &authorization.PolicyExemptionArgs{
			AssignmentScopeValidation: pulumi.String(authorization.AssignmentScopeValidationDefault),
			Description:               pulumi.String("Exempt demo cluster from limit sku"),
			DisplayName:               pulumi.String("Exempt demo cluster"),
			ExemptionCategory:         pulumi.String(authorization.ExemptionCategoryWaiver),
			Metadata: pulumi.Any(map[string]interface{}{
				"reason": "Temporary exemption for a expensive VM demo",
			}),
			PolicyAssignmentId: pulumi.String("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement"),
			PolicyDefinitionReferenceIds: pulumi.StringArray{
				pulumi.String("Limit_Skus"),
			},
			PolicyExemptionName: pulumi.String("DemoExpensiveVM"),
			ResourceSelectors: authorization.ResourceSelectorArray{
				&authorization.ResourceSelectorArgs{
					Name: pulumi.String("SDPRegions"),
					Selectors: authorization.SelectorArray{
						&authorization.SelectorArgs{
							In: pulumi.StringArray{
								pulumi.String("eastus2euap"),
								pulumi.String("centraluseuap"),
							},
							Kind: pulumi.String(authorization.SelectorKindResourceLocation),
						},
					},
				},
			},
			Scope: pulumi.String("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.authorization.PolicyExemption;
import com.pulumi.azurenative.authorization.PolicyExemptionArgs;
import com.pulumi.azurenative.authorization.inputs.ResourceSelectorArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var policyExemption = new PolicyExemption("policyExemption", PolicyExemptionArgs.builder()
            .assignmentScopeValidation("Default")
            .description("Exempt demo cluster from limit sku")
            .displayName("Exempt demo cluster")
            .exemptionCategory("Waiver")
            .metadata(Map.of("reason", "Temporary exemption for a expensive VM demo"))
            .policyAssignmentId("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement")
            .policyDefinitionReferenceIds("Limit_Skus")
            .policyExemptionName("DemoExpensiveVM")
            .resourceSelectors(ResourceSelectorArgs.builder()
                .name("SDPRegions")
                .selectors(SelectorArgs.builder()
                    .in(
                        "eastus2euap",
                        "centraluseuap")
                    .kind("resourceLocation")
                    .build())
                .build())
            .scope("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster")
            .build());
    }
}
Content copied to clipboard

Import

An existing resource can be imported using its type token, name, and identifier, e.g.

$ pulumi import azure-native:authorization:PolicyExemption DemoExpensiveVM /{scope}/providers/Microsoft.Authorization/policyExemptions/{policyExemptionName}
Content copied to clipboard

Properties

Link copied to clipboard
val assignmentScopeValidation: Output<String>?

The option whether validate the exemption is at or under the assignment scope.

Link copied to clipboard
val azureApiVersion: Output<String>

The Azure API version of the resource.

Link copied to clipboard
val description: Output<String>?

The description of the policy exemption.

Link copied to clipboard
val displayName: Output<String>?

The display name of the policy exemption.

Link copied to clipboard
val exemptionCategory: Output<String>

The policy exemption category. Possible values are Waiver and Mitigated.

Link copied to clipboard
val expiresOn: Output<String>?

The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption.

Link copied to clipboard
val id: Output<String>
Link copied to clipboard
val metadata: Output<Any>?

The policy exemption metadata. Metadata is an open ended object and is typically a collection of key value pairs.

Link copied to clipboard
val name: Output<String>

The name of the policy exemption.

Link copied to clipboard
val policyAssignmentId: Output<String>

The ID of the policy assignment that is being exempted.

Link copied to clipboard
val policyDefinitionReferenceIds: Output<List<String>>?

The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition.

Link copied to clipboard
val pulumiChildResources: Set<KotlinResource>
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
val resourceSelectors: Output<List<ResourceSelectorResponse>>?

The resource selector list to filter policies by resource properties.

Link copied to clipboard
val systemData: Output<SystemDataResponse>

Azure Resource Manager metadata containing createdBy and modifiedBy information.

Link copied to clipboard
val type: Output<String>

The type of the resource (Microsoft.Authorization/policyExemptions).

Link copied to clipboard
val urn: Output<String>