Group
data class GroupPolicyExemptionArgs(val description: Output<String>? = null, val displayName: Output<String>? = null, val exemptionCategory: Output<String>? = null, val expiresOn: Output<String>? = null, val managementGroupId: Output<String>? = null, val metadata: Output<String>? = null, val name: Output<String>? = null, val policyAssignmentId: Output<String>? = null, val policyDefinitionReferenceIds: Output<List<String>>? = null) : ConvertibleToJava<GroupPolicyExemptionArgs>
Manages a Management Group Policy Exemption.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const exampleGroup = new azure.management.Group("example", {displayName: "Example MgmtGroup"});
const example = azure.policy.getPolicySetDefinition({
displayName: "Audit machines with insecure password security settings",
});
const exampleGroupPolicyAssignment = new azure.management.GroupPolicyAssignment("example", {
name: "assignment1",
managementGroupId: exampleGroup.id,
policyDefinitionId: example.then(example => example.id),
location: "westus",
identity: {
type: "SystemAssigned",
},
});
const exampleGroupPolicyExemption = new azure.management.GroupPolicyExemption("example", {
name: "exemption1",
managementGroupId: exampleGroup.id,
policyAssignmentId: exampleGroupPolicyAssignment.id,
exemptionCategory: "Mitigated",
});Content copied to clipboard
import pulumi
import pulumi_azure as azure
example_group = azure.management.Group("example", display_name="Example MgmtGroup")
example = azure.policy.get_policy_set_definition(display_name="Audit machines with insecure password security settings")
example_group_policy_assignment = azure.management.GroupPolicyAssignment("example",
name="assignment1",
management_group_id=example_group.id,
policy_definition_id=example.id,
location="westus",
identity={
"type": "SystemAssigned",
})
example_group_policy_exemption = azure.management.GroupPolicyExemption("example",
name="exemption1",
management_group_id=example_group.id,
policy_assignment_id=example_group_policy_assignment.id,
exemption_category="Mitigated")Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var exampleGroup = new Azure.Management.Group("example", new()
{
DisplayName = "Example MgmtGroup",
});
var example = Azure.Policy.GetPolicySetDefinition.Invoke(new()
{
DisplayName = "Audit machines with insecure password security settings",
});
var exampleGroupPolicyAssignment = new Azure.Management.GroupPolicyAssignment("example", new()
{
Name = "assignment1",
ManagementGroupId = exampleGroup.Id,
PolicyDefinitionId = example.Apply(getPolicySetDefinitionResult => getPolicySetDefinitionResult.Id),
Location = "westus",
Identity = new Azure.Management.Inputs.GroupPolicyAssignmentIdentityArgs
{
Type = "SystemAssigned",
},
});
var exampleGroupPolicyExemption = new Azure.Management.GroupPolicyExemption("example", new()
{
Name = "exemption1",
ManagementGroupId = exampleGroup.Id,
PolicyAssignmentId = exampleGroupPolicyAssignment.Id,
ExemptionCategory = "Mitigated",
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/management"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/policy"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleGroup, err := management.NewGroup(ctx, "example", &management.GroupArgs{
DisplayName: pulumi.String("Example MgmtGroup"),
})
if err != nil {
return err
}
example, err := policy.LookupPolicySetDefinition(ctx, &policy.LookupPolicySetDefinitionArgs{
DisplayName: pulumi.StringRef("Audit machines with insecure password security settings"),
}, nil)
if err != nil {
return err
}
exampleGroupPolicyAssignment, err := management.NewGroupPolicyAssignment(ctx, "example", &management.GroupPolicyAssignmentArgs{
Name: pulumi.String("assignment1"),
ManagementGroupId: exampleGroup.ID(),
PolicyDefinitionId: pulumi.String(example.Id),
Location: pulumi.String("westus"),
Identity: &management.GroupPolicyAssignmentIdentityArgs{
Type: pulumi.String("SystemAssigned"),
},
})
if err != nil {
return err
}
_, err = management.NewGroupPolicyExemption(ctx, "example", &management.GroupPolicyExemptionArgs{
Name: pulumi.String("exemption1"),
ManagementGroupId: exampleGroup.ID(),
PolicyAssignmentId: exampleGroupPolicyAssignment.ID(),
ExemptionCategory: pulumi.String("Mitigated"),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.management.Group;
import com.pulumi.azure.management.GroupArgs;
import com.pulumi.azure.policy.PolicyFunctions;
import com.pulumi.azure.policy.inputs.GetPolicySetDefinitionArgs;
import com.pulumi.azure.management.GroupPolicyAssignment;
import com.pulumi.azure.management.GroupPolicyAssignmentArgs;
import com.pulumi.azure.management.inputs.GroupPolicyAssignmentIdentityArgs;
import com.pulumi.azure.management.GroupPolicyExemption;
import com.pulumi.azure.management.GroupPolicyExemptionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleGroup = new Group("exampleGroup", GroupArgs.builder()
.displayName("Example MgmtGroup")
.build());
final var example = PolicyFunctions.getPolicySetDefinition(GetPolicySetDefinitionArgs.builder()
.displayName("Audit machines with insecure password security settings")
.build());
var exampleGroupPolicyAssignment = new GroupPolicyAssignment("exampleGroupPolicyAssignment", GroupPolicyAssignmentArgs.builder()
.name("assignment1")
.managementGroupId(exampleGroup.id())
.policyDefinitionId(example.applyValue(getPolicySetDefinitionResult -> getPolicySetDefinitionResult.id()))
.location("westus")
.identity(GroupPolicyAssignmentIdentityArgs.builder()
.type("SystemAssigned")
.build())
.build());
var exampleGroupPolicyExemption = new GroupPolicyExemption("exampleGroupPolicyExemption", GroupPolicyExemptionArgs.builder()
.name("exemption1")
.managementGroupId(exampleGroup.id())
.policyAssignmentId(exampleGroupPolicyAssignment.id())
.exemptionCategory("Mitigated")
.build());
}
}Content copied to clipboard
resources:
exampleGroup:
type: azure:management:Group
name: example
properties:
displayName: Example MgmtGroup
exampleGroupPolicyAssignment:
type: azure:management:GroupPolicyAssignment
name: example
properties:
name: assignment1
managementGroupId: ${exampleGroup.id}
policyDefinitionId: ${example.id}
location: westus
identity:
type: SystemAssigned
exampleGroupPolicyExemption:
type: azure:management:GroupPolicyExemption
name: example
properties:
name: exemption1
managementGroupId: ${exampleGroup.id}
policyAssignmentId: ${exampleGroupPolicyAssignment.id}
exemptionCategory: Mitigated
variables:
example:
fn::invoke:
function: azure:policy:getPolicySetDefinition
arguments:
displayName: Audit machines with insecure password security settingsContent copied to clipboard
Import
Policy Exemptions can be imported using the resource id, e.g.
$ pulumi import azure:management/groupPolicyExemption:GroupPolicyExemption exemption1 /providers/Microsoft.Management/managementGroups/group1/providers/Microsoft.Authorization/policyExemptions/exemption1Content copied to clipboard
Constructors
Link copied to clipboard
constructor(description: Output<String>? = null, displayName: Output<String>? = null, exemptionCategory: Output<String>? = null, expiresOn: Output<String>? = null, managementGroupId: Output<String>? = null, metadata: Output<String>? = null, name: Output<String>? = null, policyAssignmentId: Output<String>? = null, policyDefinitionReferenceIds: Output<List<String>>? = null)
Properties
Link copied to clipboard
A description to use for this Policy Exemption.
Link copied to clipboard
A friendly display name to use for this Policy Exemption.
Link copied to clipboard
The category of this policy exemption. Possible values are Waiver and Mitigated.
Link copied to clipboard
The Management Group ID where the Policy Exemption should be applied. Changing this forces a new resource to be created.
Link copied to clipboard
The ID of the Policy Assignment to be exempted at the specified Scope.
Link copied to clipboard
The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition.