Resource
data class ResourceGroupPolicyExemptionArgs(val description: Output<String>? = null, val displayName: Output<String>? = null, val exemptionCategory: Output<String>? = null, val expiresOn: Output<String>? = null, val metadata: Output<String>? = null, val name: Output<String>? = null, val policyAssignmentId: Output<String>? = null, val policyDefinitionReferenceIds: Output<List<String>>? = null, val resourceGroupId: Output<String>? = null) : ConvertibleToJava<ResourceGroupPolicyExemptionArgs>
Manages a Resource Group Policy Exemption.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const exampleResourceGroup = new azure.core.ResourceGroup("example", {
name: "resourceGroup1",
location: "westus",
});
const example = azure.policy.getPolicyDefintion({
displayName: "Allowed locations",
});
const exampleResourceGroupPolicyAssignment = new azure.core.ResourceGroupPolicyAssignment("example", {
name: "exampleAssignment",
resourceGroupId: exampleResourceGroup.id,
policyDefinitionId: example.then(example => example.id),
parameters: pulumi.jsonStringify({
listOfAllowedLocations: {
value: [exampleResourceGroup.location],
},
}),
});
const exampleResourceGroupPolicyExemption = new azure.core.ResourceGroupPolicyExemption("example", {
name: "exampleExemption",
resourceGroupId: exampleResourceGroup.id,
policyAssignmentId: exampleResourceGroupPolicyAssignment.id,
exemptionCategory: "Mitigated",
});Content copied to clipboard
import pulumi
import json
import pulumi_azure as azure
example_resource_group = azure.core.ResourceGroup("example",
name="resourceGroup1",
location="westus")
example = azure.policy.get_policy_defintion(display_name="Allowed locations")
example_resource_group_policy_assignment = azure.core.ResourceGroupPolicyAssignment("example",
name="exampleAssignment",
resource_group_id=example_resource_group.id,
policy_definition_id=example.id,
parameters=pulumi.Output.json_dumps({
"listOfAllowedLocations": {
"value": [example_resource_group.location],
},
}))
example_resource_group_policy_exemption = azure.core.ResourceGroupPolicyExemption("example",
name="exampleExemption",
resource_group_id=example_resource_group.id,
policy_assignment_id=example_resource_group_policy_assignment.id,
exemption_category="Mitigated")Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var exampleResourceGroup = new Azure.Core.ResourceGroup("example", new()
{
Name = "resourceGroup1",
Location = "westus",
});
var example = Azure.Policy.GetPolicyDefintion.Invoke(new()
{
DisplayName = "Allowed locations",
});
var exampleResourceGroupPolicyAssignment = new Azure.Core.ResourceGroupPolicyAssignment("example", new()
{
Name = "exampleAssignment",
ResourceGroupId = exampleResourceGroup.Id,
PolicyDefinitionId = example.Apply(getPolicyDefintionResult => getPolicyDefintionResult.Id),
Parameters = Output.JsonSerialize(Output.Create(new Dictionary<string, object?>
{
["listOfAllowedLocations"] = new Dictionary<string, object?>
{
["value"] = new[]
{
exampleResourceGroup.Location,
},
},
})),
});
var exampleResourceGroupPolicyExemption = new Azure.Core.ResourceGroupPolicyExemption("example", new()
{
Name = "exampleExemption",
ResourceGroupId = exampleResourceGroup.Id,
PolicyAssignmentId = exampleResourceGroupPolicyAssignment.Id,
ExemptionCategory = "Mitigated",
});
});Content copied to clipboard
package main
import (
"encoding/json"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/policy"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleResourceGroup, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
Name: pulumi.String("resourceGroup1"),
Location: pulumi.String("westus"),
})
if err != nil {
return err
}
example, err := policy.GetPolicyDefintion(ctx, &policy.GetPolicyDefintionArgs{
DisplayName: pulumi.StringRef("Allowed locations"),
}, nil)
if err != nil {
return err
}
exampleResourceGroupPolicyAssignment, err := core.NewResourceGroupPolicyAssignment(ctx, "example", &core.ResourceGroupPolicyAssignmentArgs{
Name: pulumi.String("exampleAssignment"),
ResourceGroupId: exampleResourceGroup.ID(),
PolicyDefinitionId: pulumi.String(example.Id),
Parameters: exampleResourceGroup.Location.ApplyT(func(location string) (pulumi.String, error) {
var _zero pulumi.String
tmpJSON0, err := json.Marshal(map[string]interface{}{
"listOfAllowedLocations": map[string]interface{}{
"value": []string{
location,
},
},
})
if err != nil {
return _zero, err
}
json0 := string(tmpJSON0)
return pulumi.String(json0), nil
}).(pulumi.StringOutput),
})
if err != nil {
return err
}
_, err = core.NewResourceGroupPolicyExemption(ctx, "example", &core.ResourceGroupPolicyExemptionArgs{
Name: pulumi.String("exampleExemption"),
ResourceGroupId: exampleResourceGroup.ID(),
PolicyAssignmentId: exampleResourceGroupPolicyAssignment.ID(),
ExemptionCategory: pulumi.String("Mitigated"),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.policy.PolicyFunctions;
import com.pulumi.azure.policy.inputs.GetPolicyDefintionArgs;
import com.pulumi.azure.core.ResourceGroupPolicyAssignment;
import com.pulumi.azure.core.ResourceGroupPolicyAssignmentArgs;
import com.pulumi.azure.core.ResourceGroupPolicyExemption;
import com.pulumi.azure.core.ResourceGroupPolicyExemptionArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleResourceGroup = new ResourceGroup("exampleResourceGroup", ResourceGroupArgs.builder()
.name("resourceGroup1")
.location("westus")
.build());
final var example = PolicyFunctions.getPolicyDefintion(GetPolicyDefintionArgs.builder()
.displayName("Allowed locations")
.build());
var exampleResourceGroupPolicyAssignment = new ResourceGroupPolicyAssignment("exampleResourceGroupPolicyAssignment", ResourceGroupPolicyAssignmentArgs.builder()
.name("exampleAssignment")
.resourceGroupId(exampleResourceGroup.id())
.policyDefinitionId(example.applyValue(getPolicyDefintionResult -> getPolicyDefintionResult.id()))
.parameters(exampleResourceGroup.location().applyValue(location -> serializeJson(
jsonObject(
jsonProperty("listOfAllowedLocations", jsonObject(
jsonProperty("value", jsonArray(location))
))
))))
.build());
var exampleResourceGroupPolicyExemption = new ResourceGroupPolicyExemption("exampleResourceGroupPolicyExemption", ResourceGroupPolicyExemptionArgs.builder()
.name("exampleExemption")
.resourceGroupId(exampleResourceGroup.id())
.policyAssignmentId(exampleResourceGroupPolicyAssignment.id())
.exemptionCategory("Mitigated")
.build());
}
}Content copied to clipboard
resources:
exampleResourceGroup:
type: azure:core:ResourceGroup
name: example
properties:
name: resourceGroup1
location: westus
exampleResourceGroupPolicyAssignment:
type: azure:core:ResourceGroupPolicyAssignment
name: example
properties:
name: exampleAssignment
resourceGroupId: ${exampleResourceGroup.id}
policyDefinitionId: ${example.id}
parameters:
fn::toJSON:
listOfAllowedLocations:
value:
- ${exampleResourceGroup.location}
exampleResourceGroupPolicyExemption:
type: azure:core:ResourceGroupPolicyExemption
name: example
properties:
name: exampleExemption
resourceGroupId: ${exampleResourceGroup.id}
policyAssignmentId: ${exampleResourceGroupPolicyAssignment.id}
exemptionCategory: Mitigated
variables:
example:
fn::invoke:
function: azure:policy:getPolicyDefintion
arguments:
displayName: Allowed locationsContent copied to clipboard
Import
Policy Exemptions can be imported using the resource id, e.g.
$ pulumi import azure:core/resourceGroupPolicyExemption:ResourceGroupPolicyExemption exemption1 /subscriptions/00000000-0000-0000-000000000000/resourceGroups/resGroup1/providers/Microsoft.Authorization/policyExemptions/exemption1Content copied to clipboard
Constructors
Link copied to clipboard
constructor(description: Output<String>? = null, displayName: Output<String>? = null, exemptionCategory: Output<String>? = null, expiresOn: Output<String>? = null, metadata: Output<String>? = null, name: Output<String>? = null, policyAssignmentId: Output<String>? = null, policyDefinitionReferenceIds: Output<List<String>>? = null, resourceGroupId: Output<String>? = null)
Properties
Link copied to clipboard
A description to use for this Policy Exemption.
Link copied to clipboard
A friendly display name to use for this Policy Exemption.
Link copied to clipboard
The category of this policy exemption. Possible values are Waiver and Mitigated.
Link copied to clipboard
The ID of the Policy Assignment to be exempted at the specified Scope. Changing this forces a new resource to be created.
Link copied to clipboard
The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition.
Link copied to clipboard
The Resource Group ID where the Policy Exemption should be applied. Changing this forces a new resource to be created.