pulumi-azure-native-kotlin/com.pulumi.azurenative.security.kotlin/GovernanceRule

GovernanceRule

class GovernanceRule : KotlinCustomResource

Governance rule over a given scope Uses Azure REST API version 2022-01-01-preview. In version 2.x of the Azure Native provider, it used API version 2022-01-01-preview.

Example Usage

Create or update governance rule over management group scope

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
    var governanceRule = new AzureNative.Security.GovernanceRule("governanceRule", new()
    {
        Description = "A rule for a management group",
        DisplayName = "Management group rule",
        ExcludedScopes = new[]
        {
            "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23",
        },
        GovernanceEmailNotification = new AzureNative.Security.Inputs.GovernanceRuleEmailNotificationArgs
        {
            DisableManagerEmailNotification = true,
            DisableOwnerEmailNotification = false,
        },
        IsDisabled = false,
        IsGracePeriod = true,
        OwnerSource = new AzureNative.Security.Inputs.GovernanceRuleOwnerSourceArgs
        {
            Type = AzureNative.Security.GovernanceRuleOwnerSourceType.Manually,
            Value = "user@contoso.com",
        },
        RemediationTimeframe = "7.00:00:00",
        RuleId = "ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
        RulePriority = 200,
        RuleType = AzureNative.Security.GovernanceRuleType.Integrated,
        Scope = "providers/Microsoft.Management/managementGroups/contoso",
        SourceResourceType = AzureNative.Security.GovernanceRuleSourceResourceType.Assessments,
    });
});
Content copied to clipboard
package main
import (
	security "github.com/pulumi/pulumi-azure-native-sdk/security/v3"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := security.NewGovernanceRule(ctx, "governanceRule", &security.GovernanceRuleArgs{
			Description: pulumi.String("A rule for a management group"),
			DisplayName: pulumi.String("Management group rule"),
			ExcludedScopes: pulumi.StringArray{
				pulumi.String("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23"),
			},
			GovernanceEmailNotification: &security.GovernanceRuleEmailNotificationArgs{
				DisableManagerEmailNotification: pulumi.Bool(true),
				DisableOwnerEmailNotification:   pulumi.Bool(false),
			},
			IsDisabled:    pulumi.Bool(false),
			IsGracePeriod: pulumi.Bool(true),
			OwnerSource: &security.GovernanceRuleOwnerSourceArgs{
				Type:  pulumi.String(security.GovernanceRuleOwnerSourceTypeManually),
				Value: pulumi.String("user@contoso.com"),
			},
			RemediationTimeframe: pulumi.String("7.00:00:00"),
			RuleId:               pulumi.String("ad9a8e26-29d9-4829-bb30-e597a58cdbb8"),
			RulePriority:         pulumi.Int(200),
			RuleType:             pulumi.String(security.GovernanceRuleTypeIntegrated),
			Scope:                pulumi.String("providers/Microsoft.Management/managementGroups/contoso"),
			SourceResourceType:   pulumi.String(security.GovernanceRuleSourceResourceTypeAssessments),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.security.GovernanceRule;
import com.pulumi.azurenative.security.GovernanceRuleArgs;
import com.pulumi.azurenative.security.inputs.GovernanceRuleEmailNotificationArgs;
import com.pulumi.azurenative.security.inputs.GovernanceRuleOwnerSourceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var governanceRule = new GovernanceRule("governanceRule", GovernanceRuleArgs.builder()
            .description("A rule for a management group")
            .displayName("Management group rule")
            .excludedScopes("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23")
            .governanceEmailNotification(GovernanceRuleEmailNotificationArgs.builder()
                .disableManagerEmailNotification(true)
                .disableOwnerEmailNotification(false)
                .build())
            .isDisabled(false)
            .isGracePeriod(true)
            .ownerSource(GovernanceRuleOwnerSourceArgs.builder()
                .type("Manually")
                .value("user@contoso.com")
                .build())
            .remediationTimeframe("7.00:00:00")
            .ruleId("ad9a8e26-29d9-4829-bb30-e597a58cdbb8")
            .rulePriority(200)
            .ruleType("Integrated")
            .scope("providers/Microsoft.Management/managementGroups/contoso")
            .sourceResourceType("Assessments")
            .build());
    }
}
Content copied to clipboard

Create or update governance rule over security connector scope

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
    var governanceRule = new AzureNative.Security.GovernanceRule("governanceRule", new()
    {
        Description = "A rule on critical GCP recommendations",
        DisplayName = "GCP Admin's rule",
        GovernanceEmailNotification = new AzureNative.Security.Inputs.GovernanceRuleEmailNotificationArgs
        {
            DisableManagerEmailNotification = true,
            DisableOwnerEmailNotification = false,
        },
        IsDisabled = false,
        IsGracePeriod = true,
        OwnerSource = new AzureNative.Security.Inputs.GovernanceRuleOwnerSourceArgs
        {
            Type = AzureNative.Security.GovernanceRuleOwnerSourceType.Manually,
            Value = "user@contoso.com",
        },
        RemediationTimeframe = "7.00:00:00",
        RuleId = "ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
        RulePriority = 200,
        RuleType = AzureNative.Security.GovernanceRuleType.Integrated,
        Scope = "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector",
        SourceResourceType = AzureNative.Security.GovernanceRuleSourceResourceType.Assessments,
    });
});
Content copied to clipboard
package main
import (
	security "github.com/pulumi/pulumi-azure-native-sdk/security/v3"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := security.NewGovernanceRule(ctx, "governanceRule", &security.GovernanceRuleArgs{
			Description: pulumi.String("A rule on critical GCP recommendations"),
			DisplayName: pulumi.String("GCP Admin's rule"),
			GovernanceEmailNotification: &security.GovernanceRuleEmailNotificationArgs{
				DisableManagerEmailNotification: pulumi.Bool(true),
				DisableOwnerEmailNotification:   pulumi.Bool(false),
			},
			IsDisabled:    pulumi.Bool(false),
			IsGracePeriod: pulumi.Bool(true),
			OwnerSource: &security.GovernanceRuleOwnerSourceArgs{
				Type:  pulumi.String(security.GovernanceRuleOwnerSourceTypeManually),
				Value: pulumi.String("user@contoso.com"),
			},
			RemediationTimeframe: pulumi.String("7.00:00:00"),
			RuleId:               pulumi.String("ad9a8e26-29d9-4829-bb30-e597a58cdbb8"),
			RulePriority:         pulumi.Int(200),
			RuleType:             pulumi.String(security.GovernanceRuleTypeIntegrated),
			Scope:                pulumi.String("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector"),
			SourceResourceType:   pulumi.String(security.GovernanceRuleSourceResourceTypeAssessments),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.security.GovernanceRule;
import com.pulumi.azurenative.security.GovernanceRuleArgs;
import com.pulumi.azurenative.security.inputs.GovernanceRuleEmailNotificationArgs;
import com.pulumi.azurenative.security.inputs.GovernanceRuleOwnerSourceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var governanceRule = new GovernanceRule("governanceRule", GovernanceRuleArgs.builder()
            .description("A rule on critical GCP recommendations")
            .displayName("GCP Admin's rule")
            .governanceEmailNotification(GovernanceRuleEmailNotificationArgs.builder()
                .disableManagerEmailNotification(true)
                .disableOwnerEmailNotification(false)
                .build())
            .isDisabled(false)
            .isGracePeriod(true)
            .ownerSource(GovernanceRuleOwnerSourceArgs.builder()
                .type("Manually")
                .value("user@contoso.com")
                .build())
            .remediationTimeframe("7.00:00:00")
            .ruleId("ad9a8e26-29d9-4829-bb30-e597a58cdbb8")
            .rulePriority(200)
            .ruleType("Integrated")
            .scope("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector")
            .sourceResourceType("Assessments")
            .build());
    }
}
Content copied to clipboard

Create or update governance rule over subscription scope

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
    var governanceRule = new AzureNative.Security.GovernanceRule("governanceRule", new()
    {
        Description = "A rule for critical recommendations",
        DisplayName = "Admin's rule",
        GovernanceEmailNotification = new AzureNative.Security.Inputs.GovernanceRuleEmailNotificationArgs
        {
            DisableManagerEmailNotification = false,
            DisableOwnerEmailNotification = false,
        },
        IsDisabled = false,
        IsGracePeriod = true,
        OwnerSource = new AzureNative.Security.Inputs.GovernanceRuleOwnerSourceArgs
        {
            Type = AzureNative.Security.GovernanceRuleOwnerSourceType.Manually,
            Value = "user@contoso.com",
        },
        RemediationTimeframe = "7.00:00:00",
        RuleId = "ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
        RulePriority = 200,
        RuleType = AzureNative.Security.GovernanceRuleType.Integrated,
        Scope = "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23",
        SourceResourceType = AzureNative.Security.GovernanceRuleSourceResourceType.Assessments,
    });
});
Content copied to clipboard
package main
import (
	security "github.com/pulumi/pulumi-azure-native-sdk/security/v3"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := security.NewGovernanceRule(ctx, "governanceRule", &security.GovernanceRuleArgs{
			Description: pulumi.String("A rule for critical recommendations"),
			DisplayName: pulumi.String("Admin's rule"),
			GovernanceEmailNotification: &security.GovernanceRuleEmailNotificationArgs{
				DisableManagerEmailNotification: pulumi.Bool(false),
				DisableOwnerEmailNotification:   pulumi.Bool(false),
			},
			IsDisabled:    pulumi.Bool(false),
			IsGracePeriod: pulumi.Bool(true),
			OwnerSource: &security.GovernanceRuleOwnerSourceArgs{
				Type:  pulumi.String(security.GovernanceRuleOwnerSourceTypeManually),
				Value: pulumi.String("user@contoso.com"),
			},
			RemediationTimeframe: pulumi.String("7.00:00:00"),
			RuleId:               pulumi.String("ad9a8e26-29d9-4829-bb30-e597a58cdbb8"),
			RulePriority:         pulumi.Int(200),
			RuleType:             pulumi.String(security.GovernanceRuleTypeIntegrated),
			Scope:                pulumi.String("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23"),
			SourceResourceType:   pulumi.String(security.GovernanceRuleSourceResourceTypeAssessments),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.security.GovernanceRule;
import com.pulumi.azurenative.security.GovernanceRuleArgs;
import com.pulumi.azurenative.security.inputs.GovernanceRuleEmailNotificationArgs;
import com.pulumi.azurenative.security.inputs.GovernanceRuleOwnerSourceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var governanceRule = new GovernanceRule("governanceRule", GovernanceRuleArgs.builder()
            .description("A rule for critical recommendations")
            .displayName("Admin's rule")
            .governanceEmailNotification(GovernanceRuleEmailNotificationArgs.builder()
                .disableManagerEmailNotification(false)
                .disableOwnerEmailNotification(false)
                .build())
            .isDisabled(false)
            .isGracePeriod(true)
            .ownerSource(GovernanceRuleOwnerSourceArgs.builder()
                .type("Manually")
                .value("user@contoso.com")
                .build())
            .remediationTimeframe("7.00:00:00")
            .ruleId("ad9a8e26-29d9-4829-bb30-e597a58cdbb8")
            .rulePriority(200)
            .ruleType("Integrated")
            .scope("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23")
            .sourceResourceType("Assessments")
            .build());
    }
}
Content copied to clipboard

Import

An existing resource can be imported using its type token, name, and identifier, e.g.

$ pulumi import azure-native:security:GovernanceRule ad9a8e26-29d9-4829-bb30-e597a58cdbb8 /{scope}/providers/Microsoft.Security/governanceRules/{ruleId}
Content copied to clipboard

Properties

Link copied to clipboard
val azureApiVersion: Output<String>

The Azure API version of the resource.

Link copied to clipboard
val description: Output<String>?

Description of the governance rule

Link copied to clipboard
val displayName: Output<String>

Display name of the governance rule

Link copied to clipboard
val excludedScopes: Output<List<String>>?

Excluded scopes, filter out the descendants of the scope (on management scopes)

Link copied to clipboard
val governanceEmailNotification: Output<GovernanceRuleEmailNotificationResponse>?

The email notifications settings for the governance rule, states whether to disable notifications for mangers and owners

Link copied to clipboard
val id: Output<String>
Link copied to clipboard
val includeMemberScopes: Output<Boolean>?

Defines whether the rule is management scope rule (master connector as a single scope or management scope)

Link copied to clipboard
val isDisabled: Output<Boolean>?

Defines whether the rule is active/inactive

Link copied to clipboard
val isGracePeriod: Output<Boolean>?

Defines whether there is a grace period on the governance rule

Link copied to clipboard
val metadata: Output<GovernanceRuleMetadataResponse>?

The governance rule metadata

Link copied to clipboard
val name: Output<String>

Resource name

Link copied to clipboard
val ownerSource: Output<GovernanceRuleOwnerSourceResponse>

The owner source for the governance rule - e.g. Manually by user@contoso.com - see example

Link copied to clipboard
val pulumiChildResources: Set<KotlinResource>
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
val remediationTimeframe: Output<String>?

Governance rule remediation timeframe - this is the time that will affect on the grace-period duration e.g. 7.00:00:00 - means 7 days

Link copied to clipboard
val rulePriority: Output<Int>

The governance rule priority, priority to the lower number. Rules with the same priority on the same scope will not be allowed

Link copied to clipboard
val ruleType: Output<String>

The rule type of the governance rule, defines the source of the rule e.g. Integrated

Link copied to clipboard
val sourceResourceType: Output<String>

The governance rule source, what the rule affects, e.g. Assessments

Link copied to clipboard
val tenantId: Output<String>

The tenantId (GUID)

Link copied to clipboard
val type: Output<String>

Resource type

Link copied to clipboard
val urn: Output<String>