pulumi-azure-kotlin/com.pulumi.azure.management.kotlin/GroupPolicyAssignmentArgs

GroupPolicyAssignmentArgs

data class GroupPolicyAssignmentArgs(val description: Output<String>? = null, val displayName: Output<String>? = null, val enforce: Output<Boolean>? = null, val identity: Output<GroupPolicyAssignmentIdentityArgs>? = null, val location: Output<String>? = null, val managementGroupId: Output<String>? = null, val metadata: Output<String>? = null, val name: Output<String>? = null, val nonComplianceMessages: Output<List<GroupPolicyAssignmentNonComplianceMessageArgs>>? = null, val notScopes: Output<List<String>>? = null, val overrides: Output<List<GroupPolicyAssignmentOverrideArgs>>? = null, val parameters: Output<String>? = null, val policyDefinitionId: Output<String>? = null, val resourceSelectors: Output<List<GroupPolicyAssignmentResourceSelectorArgs>>? = null) : ConvertibleToJava<GroupPolicyAssignmentArgs>

Manages a Policy Assignment to a Management Group.

Example Usage

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.management.Group;
import com.pulumi.azure.management.GroupArgs;
import com.pulumi.azure.policy.Definition;
import com.pulumi.azure.policy.DefinitionArgs;
import com.pulumi.azure.management.GroupPolicyAssignment;
import com.pulumi.azure.management.GroupPolicyAssignmentArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var exampleGroup = new Group("exampleGroup", GroupArgs.builder()
            .displayName("Some Management Group")
            .build());
        var exampleDefinition = new Definition("exampleDefinition", DefinitionArgs.builder()
            .policyType("Custom")
            .mode("All")
            .displayName("my-policy-definition")
            .managementGroupId(exampleGroup.id())
            .policyRule("""
 {
    "if": {
      "not": {
        "field": "location",
        "equals": "westeurope"
      }
    },
    "then": {
      "effect": "Deny"
    }
  }
            """)
            .build());
        var exampleGroupPolicyAssignment = new GroupPolicyAssignment("exampleGroupPolicyAssignment", GroupPolicyAssignmentArgs.builder()
            .policyDefinitionId(exampleDefinition.id())
            .managementGroupId(exampleGroup.id())
            .build());
    }
}

Import

Management Group Policy Assignments can be imported using the resource id, e.g.

$ pulumi import azure:management/groupPolicyAssignment:GroupPolicyAssignment example /providers/Microsoft.Management/managementGroups/group1/providers/Microsoft.Authorization/policyAssignments/assignment1

Constructors

GroupPolicyAssignmentArgs

fun GroupPolicyAssignmentArgs(description: Output<String>? = null, displayName: Output<String>? = null, enforce: Output<Boolean>? = null, identity: Output<GroupPolicyAssignmentIdentityArgs>? = null, location: Output<String>? = null, managementGroupId: Output<String>? = null, metadata: Output<String>? = null, name: Output<String>? = null, nonComplianceMessages: Output<List<GroupPolicyAssignmentNonComplianceMessageArgs>>? = null, notScopes: Output<List<String>>? = null, overrides: Output<List<GroupPolicyAssignmentOverrideArgs>>? = null, parameters: Output<String>? = null, policyDefinitionId: Output<String>? = null, resourceSelectors: Output<List<GroupPolicyAssignmentResourceSelectorArgs>>? = null)

Functions

toJava

open override fun toJava(): GroupPolicyAssignmentArgs

Properties

description

val description: Output<String>? = null

A description which should be used for this Policy Assignment.

displayName

val displayName: Output<String>? = null

The Display Name for this Policy Assignment.

enforce

val enforce: Output<Boolean>? = null

Specifies if this Policy should be enforced or not? Defaults to true.

identity

val identity: Output<GroupPolicyAssignmentIdentityArgs>? = null

An identity block as defined below.

location

val location: Output<String>? = null

The Azure Region where the Policy Assignment should exist. Changing this forces a new Policy Assignment to be created.

managementGroupId

val managementGroupId: Output<String>? = null

The ID of the Management Group. Changing this forces a new Policy Assignment to be created.

metadata

val metadata: Output<String>? = null

A JSON mapping of any Metadata for this Policy.

name

val name: Output<String>? = null

The name which should be used for this Policy Assignment. Possible values must be between 3 and 24 characters in length. Changing this forces a new Policy Assignment to be created.

nonComplianceMessages

val nonComplianceMessages: Output<List<GroupPolicyAssignmentNonComplianceMessageArgs>>? = null

One or more non_compliance_message blocks as defined below.

notScopes

val notScopes: Output<List<String>>? = null

Specifies a list of Resource Scopes (for example a Subscription, or a Resource Group) within this Management Group which are excluded from this Policy.

overrides

val overrides: Output<List<GroupPolicyAssignmentOverrideArgs>>? = null

One or more overrides blocks as defined below. More detail about overrides and resource_selectors see policy assignment structure

parameters

val parameters: Output<String>? = null

A JSON mapping of any Parameters for this Policy.

policyDefinitionId

val policyDefinitionId: Output<String>? = null

The ID of the Policy Definition or Policy Definition Set. Changing this forces a new Policy Assignment to be created.

resourceSelectors

val resourceSelectors: Output<List<GroupPolicyAssignmentResourceSelectorArgs>>? = null

One or more resource_selectors blocks as defined below to filter polices by resource properties.