Group
data class GroupPolicyAssignmentArgs(val description: Output<String>? = null, val displayName: Output<String>? = null, val enforce: Output<Boolean>? = null, val identity: Output<GroupPolicyAssignmentIdentityArgs>? = null, val location: Output<String>? = null, val managementGroupId: Output<String>? = null, val metadata: Output<String>? = null, val name: Output<String>? = null, val nonComplianceMessages: Output<List<GroupPolicyAssignmentNonComplianceMessageArgs>>? = null, val notScopes: Output<List<String>>? = null, val overrides: Output<List<GroupPolicyAssignmentOverrideArgs>>? = null, val parameters: Output<String>? = null, val policyDefinitionId: Output<String>? = null, val resourceSelectors: Output<List<GroupPolicyAssignmentResourceSelectorArgs>>? = null) : ConvertibleToJava<GroupPolicyAssignmentArgs>
Manages a Policy Assignment to a Management Group.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const example = new azure.management.Group("example", {displayName: "Some Management Group"});
const exampleDefinition = new azure.policy.Definition("example", {
name: "only-deploy-in-westeurope",
policyType: "Custom",
mode: "All",
displayName: "my-policy-definition",
managementGroupId: example.id,
policyRule: ` {
"if": {
"not": {
"field": "location",
"equals": "westeurope"
}
},
"then": {
"effect": "Deny"
}
}
`,
});
const exampleGroupPolicyAssignment = new azure.management.GroupPolicyAssignment("example", {
name: "example-policy",
policyDefinitionId: exampleDefinition.id,
managementGroupId: example.id,
});Content copied to clipboard
import pulumi
import pulumi_azure as azure
example = azure.management.Group("example", display_name="Some Management Group")
example_definition = azure.policy.Definition("example",
name="only-deploy-in-westeurope",
policy_type="Custom",
mode="All",
display_name="my-policy-definition",
management_group_id=example.id,
policy_rule=""" {
"if": {
"not": {
"field": "location",
"equals": "westeurope"
}
},
"then": {
"effect": "Deny"
}
}
""")
example_group_policy_assignment = azure.management.GroupPolicyAssignment("example",
name="example-policy",
policy_definition_id=example_definition.id,
management_group_id=example.id)Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var example = new Azure.Management.Group("example", new()
{
DisplayName = "Some Management Group",
});
var exampleDefinition = new Azure.Policy.Definition("example", new()
{
Name = "only-deploy-in-westeurope",
PolicyType = "Custom",
Mode = "All",
DisplayName = "my-policy-definition",
ManagementGroupId = example.Id,
PolicyRule = @" {
""if"": {
""not"": {
""field"": ""location"",
""equals"": ""westeurope""
}
},
""then"": {
""effect"": ""Deny""
}
}
",
});
var exampleGroupPolicyAssignment = new Azure.Management.GroupPolicyAssignment("example", new()
{
Name = "example-policy",
PolicyDefinitionId = exampleDefinition.Id,
ManagementGroupId = example.Id,
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/management"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/policy"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := management.NewGroup(ctx, "example", &management.GroupArgs{
DisplayName: pulumi.String("Some Management Group"),
})
if err != nil {
return err
}
exampleDefinition, err := policy.NewDefinition(ctx, "example", &policy.DefinitionArgs{
Name: pulumi.String("only-deploy-in-westeurope"),
PolicyType: pulumi.String("Custom"),
Mode: pulumi.String("All"),
DisplayName: pulumi.String("my-policy-definition"),
ManagementGroupId: example.ID(),
PolicyRule: pulumi.String(` {
"if": {
"not": {
"field": "location",
"equals": "westeurope"
}
},
"then": {
"effect": "Deny"
}
}
`),
})
if err != nil {
return err
}
_, err = management.NewGroupPolicyAssignment(ctx, "example", &management.GroupPolicyAssignmentArgs{
Name: pulumi.String("example-policy"),
PolicyDefinitionId: exampleDefinition.ID(),
ManagementGroupId: example.ID(),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.management.Group;
import com.pulumi.azure.management.GroupArgs;
import com.pulumi.azure.policy.Definition;
import com.pulumi.azure.policy.DefinitionArgs;
import com.pulumi.azure.management.GroupPolicyAssignment;
import com.pulumi.azure.management.GroupPolicyAssignmentArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Group("example", GroupArgs.builder()
.displayName("Some Management Group")
.build());
var exampleDefinition = new Definition("exampleDefinition", DefinitionArgs.builder()
.name("only-deploy-in-westeurope")
.policyType("Custom")
.mode("All")
.displayName("my-policy-definition")
.managementGroupId(example.id())
.policyRule("""
{
"if": {
"not": {
"field": "location",
"equals": "westeurope"
}
},
"then": {
"effect": "Deny"
}
}
""")
.build());
var exampleGroupPolicyAssignment = new GroupPolicyAssignment("exampleGroupPolicyAssignment", GroupPolicyAssignmentArgs.builder()
.name("example-policy")
.policyDefinitionId(exampleDefinition.id())
.managementGroupId(example.id())
.build());
}
}Content copied to clipboard
resources:
example:
type: azure:management:Group
properties:
displayName: Some Management Group
exampleDefinition:
type: azure:policy:Definition
name: example
properties:
name: only-deploy-in-westeurope
policyType: Custom
mode: All
displayName: my-policy-definition
managementGroupId: ${example.id}
policyRule: |2
{
"if": {
"not": {
"field": "location",
"equals": "westeurope"
}
},
"then": {
"effect": "Deny"
}
}
exampleGroupPolicyAssignment:
type: azure:management:GroupPolicyAssignment
name: example
properties:
name: example-policy
policyDefinitionId: ${exampleDefinition.id}
managementGroupId: ${example.id}Content copied to clipboard
Import
Management Group Policy Assignments can be imported using the resource id, e.g.
$ pulumi import azure:management/groupPolicyAssignment:GroupPolicyAssignment example /providers/Microsoft.Management/managementGroups/group1/providers/Microsoft.Authorization/policyAssignments/assignment1Content copied to clipboard
Constructors
Link copied to clipboard
constructor(description: Output<String>? = null, displayName: Output<String>? = null, enforce: Output<Boolean>? = null, identity: Output<GroupPolicyAssignmentIdentityArgs>? = null, location: Output<String>? = null, managementGroupId: Output<String>? = null, metadata: Output<String>? = null, name: Output<String>? = null, nonComplianceMessages: Output<List<GroupPolicyAssignmentNonComplianceMessageArgs>>? = null, notScopes: Output<List<String>>? = null, overrides: Output<List<GroupPolicyAssignmentOverrideArgs>>? = null, parameters: Output<String>? = null, policyDefinitionId: Output<String>? = null, resourceSelectors: Output<List<GroupPolicyAssignmentResourceSelectorArgs>>? = null)
Properties
Link copied to clipboard
A description which should be used for this Policy Assignment.
Link copied to clipboard
The Display Name for this Policy Assignment.
Link copied to clipboard
An identity block as defined below.
Link copied to clipboard
The ID of the Management Group. Changing this forces a new Policy Assignment to be created.
Link copied to clipboard
One or more non_compliance_message blocks as defined below.
Link copied to clipboard
One or more overrides blocks as defined below. More detail about overrides and resource_selectors see policy assignment structure
Link copied to clipboard
A JSON mapping of any Parameters for this Policy.
Link copied to clipboard
The ID of the Policy Definition or Policy Definition Set. Changing this forces a new Policy Assignment to be created.
Link copied to clipboard
One or more resource_selectors blocks as defined below to filter polices by resource properties.