pulumi-azure-kotlin/com.pulumi.azure.core.kotlin/ResourcePolicyExemption

ResourcePolicyExemption

class ResourcePolicyExemption : KotlinCustomResource

Manages a Resource Policy Exemption.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const exampleResourceGroup = new azure.core.ResourceGroup("example", {
    name: "group1",
    location: "westus",
});
const exampleVirtualNetwork = new azure.network.VirtualNetwork("example", {
    name: "network1",
    resourceGroupName: exampleResourceGroup.name,
    location: exampleResourceGroup.location,
    addressSpaces: ["10.0.0.0/16"],
});
const example = azure.policy.getPolicySetDefinition({
    displayName: "Audit machines with insecure password security settings",
});
const exampleResourcePolicyAssignment = new azure.core.ResourcePolicyAssignment("example", {
    name: "assignment1",
    resourceId: exampleVirtualNetwork.id,
    policyDefinitionId: example.then(example => example.id),
    location: exampleResourceGroup.location,
    identity: {
        type: "SystemAssigned",
    },
});
const exampleResourcePolicyExemption = new azure.core.ResourcePolicyExemption("example", {
    name: "exemption1",
    resourceId: exampleResourcePolicyAssignment.resourceId,
    policyAssignmentId: exampleResourcePolicyAssignment.id,
    exemptionCategory: "Mitigated",
});
Content copied to clipboard
import pulumi
import pulumi_azure as azure
example_resource_group = azure.core.ResourceGroup("example",
    name="group1",
    location="westus")
example_virtual_network = azure.network.VirtualNetwork("example",
    name="network1",
    resource_group_name=example_resource_group.name,
    location=example_resource_group.location,
    address_spaces=["10.0.0.0/16"])
example = azure.policy.get_policy_set_definition(display_name="Audit machines with insecure password security settings")
example_resource_policy_assignment = azure.core.ResourcePolicyAssignment("example",
    name="assignment1",
    resource_id=example_virtual_network.id,
    policy_definition_id=example.id,
    location=example_resource_group.location,
    identity={
        "type": "SystemAssigned",
    })
example_resource_policy_exemption = azure.core.ResourcePolicyExemption("example",
    name="exemption1",
    resource_id=example_resource_policy_assignment.resource_id,
    policy_assignment_id=example_resource_policy_assignment.id,
    exemption_category="Mitigated")
Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
    var exampleResourceGroup = new Azure.Core.ResourceGroup("example", new()
    {
        Name = "group1",
        Location = "westus",
    });
    var exampleVirtualNetwork = new Azure.Network.VirtualNetwork("example", new()
    {
        Name = "network1",
        ResourceGroupName = exampleResourceGroup.Name,
        Location = exampleResourceGroup.Location,
        AddressSpaces = new[]
        {
            "10.0.0.0/16",
        },
    });
    var example = Azure.Policy.GetPolicySetDefinition.Invoke(new()
    {
        DisplayName = "Audit machines with insecure password security settings",
    });
    var exampleResourcePolicyAssignment = new Azure.Core.ResourcePolicyAssignment("example", new()
    {
        Name = "assignment1",
        ResourceId = exampleVirtualNetwork.Id,
        PolicyDefinitionId = example.Apply(getPolicySetDefinitionResult => getPolicySetDefinitionResult.Id),
        Location = exampleResourceGroup.Location,
        Identity = new Azure.Core.Inputs.ResourcePolicyAssignmentIdentityArgs
        {
            Type = "SystemAssigned",
        },
    });
    var exampleResourcePolicyExemption = new Azure.Core.ResourcePolicyExemption("example", new()
    {
        Name = "exemption1",
        ResourceId = exampleResourcePolicyAssignment.ResourceId,
        PolicyAssignmentId = exampleResourcePolicyAssignment.Id,
        ExemptionCategory = "Mitigated",
    });
});
Content copied to clipboard
package main
import (
	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/network"
	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/policy"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleResourceGroup, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
			Name:     pulumi.String("group1"),
			Location: pulumi.String("westus"),
		})
		if err != nil {
			return err
		}
		exampleVirtualNetwork, err := network.NewVirtualNetwork(ctx, "example", &network.VirtualNetworkArgs{
			Name:              pulumi.String("network1"),
			ResourceGroupName: exampleResourceGroup.Name,
			Location:          exampleResourceGroup.Location,
			AddressSpaces: pulumi.StringArray{
				pulumi.String("10.0.0.0/16"),
			},
		})
		if err != nil {
			return err
		}
		example, err := policy.LookupPolicySetDefinition(ctx, &policy.LookupPolicySetDefinitionArgs{
			DisplayName: pulumi.StringRef("Audit machines with insecure password security settings"),
		}, nil)
		if err != nil {
			return err
		}
		exampleResourcePolicyAssignment, err := core.NewResourcePolicyAssignment(ctx, "example", &core.ResourcePolicyAssignmentArgs{
			Name:               pulumi.String("assignment1"),
			ResourceId:         exampleVirtualNetwork.ID(),
			PolicyDefinitionId: pulumi.String(example.Id),
			Location:           exampleResourceGroup.Location,
			Identity: &core.ResourcePolicyAssignmentIdentityArgs{
				Type: pulumi.String("SystemAssigned"),
			},
		})
		if err != nil {
			return err
		}
		_, err = core.NewResourcePolicyExemption(ctx, "example", &core.ResourcePolicyExemptionArgs{
			Name:               pulumi.String("exemption1"),
			ResourceId:         exampleResourcePolicyAssignment.ResourceId,
			PolicyAssignmentId: exampleResourcePolicyAssignment.ID(),
			ExemptionCategory:  pulumi.String("Mitigated"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.network.VirtualNetwork;
import com.pulumi.azure.network.VirtualNetworkArgs;
import com.pulumi.azure.policy.PolicyFunctions;
import com.pulumi.azure.policy.inputs.GetPolicySetDefinitionArgs;
import com.pulumi.azure.core.ResourcePolicyAssignment;
import com.pulumi.azure.core.ResourcePolicyAssignmentArgs;
import com.pulumi.azure.core.inputs.ResourcePolicyAssignmentIdentityArgs;
import com.pulumi.azure.core.ResourcePolicyExemption;
import com.pulumi.azure.core.ResourcePolicyExemptionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var exampleResourceGroup = new ResourceGroup("exampleResourceGroup", ResourceGroupArgs.builder()
            .name("group1")
            .location("westus")
            .build());
        var exampleVirtualNetwork = new VirtualNetwork("exampleVirtualNetwork", VirtualNetworkArgs.builder()
            .name("network1")
            .resourceGroupName(exampleResourceGroup.name())
            .location(exampleResourceGroup.location())
            .addressSpaces("10.0.0.0/16")
            .build());
        final var example = PolicyFunctions.getPolicySetDefinition(GetPolicySetDefinitionArgs.builder()
            .displayName("Audit machines with insecure password security settings")
            .build());
        var exampleResourcePolicyAssignment = new ResourcePolicyAssignment("exampleResourcePolicyAssignment", ResourcePolicyAssignmentArgs.builder()
            .name("assignment1")
            .resourceId(exampleVirtualNetwork.id())
            .policyDefinitionId(example.id())
            .location(exampleResourceGroup.location())
            .identity(ResourcePolicyAssignmentIdentityArgs.builder()
                .type("SystemAssigned")
                .build())
            .build());
        var exampleResourcePolicyExemption = new ResourcePolicyExemption("exampleResourcePolicyExemption", ResourcePolicyExemptionArgs.builder()
            .name("exemption1")
            .resourceId(exampleResourcePolicyAssignment.resourceId())
            .policyAssignmentId(exampleResourcePolicyAssignment.id())
            .exemptionCategory("Mitigated")
            .build());
    }
}
Content copied to clipboard
resources:
  exampleResourceGroup:
    type: azure:core:ResourceGroup
    name: example
    properties:
      name: group1
      location: westus
  exampleVirtualNetwork:
    type: azure:network:VirtualNetwork
    name: example
    properties:
      name: network1
      resourceGroupName: ${exampleResourceGroup.name}
      location: ${exampleResourceGroup.location}
      addressSpaces:
        - 10.0.0.0/16
  exampleResourcePolicyAssignment:
    type: azure:core:ResourcePolicyAssignment
    name: example
    properties:
      name: assignment1
      resourceId: ${exampleVirtualNetwork.id}
      policyDefinitionId: ${example.id}
      location: ${exampleResourceGroup.location}
      identity:
        type: SystemAssigned
  exampleResourcePolicyExemption:
    type: azure:core:ResourcePolicyExemption
    name: example
    properties:
      name: exemption1
      resourceId: ${exampleResourcePolicyAssignment.resourceId}
      policyAssignmentId: ${exampleResourcePolicyAssignment.id}
      exemptionCategory: Mitigated
variables:
  example:
    fn::invoke:
      function: azure:policy:getPolicySetDefinition
      arguments:
        displayName: Audit machines with insecure password security settings
Content copied to clipboard

Import

Policy Exemptions can be imported using the resource id, e.g.

$ pulumi import azure:core/resourcePolicyExemption:ResourcePolicyExemption exemption1 /subscriptions/00000000-0000-0000-000000000000/resourceGroups/resGroup1/providers/Microsoft.Authorization/policyExemptions/exemption1
Content copied to clipboard

Properties

Link copied to clipboard
val description: Output<String>?

A description to use for this Policy Exemption.

Link copied to clipboard
val displayName: Output<String>?

A friendly display name to use for this Policy Exemption.

Link copied to clipboard
val exemptionCategory: Output<String>

The category of this policy exemption. Possible values are Waiver and Mitigated.

Link copied to clipboard
val expiresOn: Output<String>?

The expiration date and time in UTC ISO 8601 format of this policy exemption.

Link copied to clipboard
val id: Output<String>
Link copied to clipboard
val metadata: Output<String>

The metadata for this policy exemption. This is a JSON string representing additional metadata that should be stored with the policy exemption.

Link copied to clipboard
val name: Output<String>

The name of the Policy Exemption. Changing this forces a new resource to be created.

Link copied to clipboard
val policyAssignmentId: Output<String>

The ID of the Policy Assignment to be exempted at the specified Scope. Changing this forces a new resource to be created.

Link copied to clipboard
val policyDefinitionReferenceIds: Output<List<String>>?

The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition.

Link copied to clipboard
val pulumiChildResources: Set<KotlinResource>
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
val resourceId: Output<String>

The Resource ID where the Policy Exemption should be applied. Changing this forces a new resource to be created.

Link copied to clipboard
val urn: Output<String>