Subscription
data class SubscriptionPolicyAssignmentArgs(val description: Output<String>? = null, val displayName: Output<String>? = null, val enforce: Output<Boolean>? = null, val identity: Output<SubscriptionPolicyAssignmentIdentityArgs>? = null, val location: Output<String>? = null, val metadata: Output<String>? = null, val name: Output<String>? = null, val nonComplianceMessages: Output<List<SubscriptionPolicyAssignmentNonComplianceMessageArgs>>? = null, val notScopes: Output<List<String>>? = null, val overrides: Output<List<SubscriptionPolicyAssignmentOverrideArgs>>? = null, val parameters: Output<String>? = null, val policyDefinitionId: Output<String>? = null, val resourceSelectors: Output<List<SubscriptionPolicyAssignmentResourceSelectorArgs>>? = null, val subscriptionId: Output<String>? = null) : ConvertibleToJava<SubscriptionPolicyAssignmentArgs>
Manages a Subscription Policy Assignment.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const current = azure.core.getSubscription({});
const example = new azure.policy.Definition("example", {
name: "only-deploy-in-westeurope",
policyType: "Custom",
mode: "All",
displayName: "Allowed resource types",
policyRule: ` {
"if": {
"not": {
"field": "location",
"equals": "westeurope"
}
},
"then": {
"effect": "Deny"
}
}
`,
});
const exampleSubscriptionPolicyAssignment = new azure.core.SubscriptionPolicyAssignment("example", {
name: "example",
policyDefinitionId: example.id,
subscriptionId: current.then(current => current.id),
});Content copied to clipboard
import pulumi
import pulumi_azure as azure
current = azure.core.get_subscription()
example = azure.policy.Definition("example",
name="only-deploy-in-westeurope",
policy_type="Custom",
mode="All",
display_name="Allowed resource types",
policy_rule=""" {
"if": {
"not": {
"field": "location",
"equals": "westeurope"
}
},
"then": {
"effect": "Deny"
}
}
""")
example_subscription_policy_assignment = azure.core.SubscriptionPolicyAssignment("example",
name="example",
policy_definition_id=example.id,
subscription_id=current.id)Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var current = Azure.Core.GetSubscription.Invoke();
var example = new Azure.Policy.Definition("example", new()
{
Name = "only-deploy-in-westeurope",
PolicyType = "Custom",
Mode = "All",
DisplayName = "Allowed resource types",
PolicyRule = @" {
""if"": {
""not"": {
""field"": ""location"",
""equals"": ""westeurope""
}
},
""then"": {
""effect"": ""Deny""
}
}
",
});
var exampleSubscriptionPolicyAssignment = new Azure.Core.SubscriptionPolicyAssignment("example", new()
{
Name = "example",
PolicyDefinitionId = example.Id,
SubscriptionId = current.Apply(getSubscriptionResult => getSubscriptionResult.Id),
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/policy"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
current, err := core.LookupSubscription(ctx, &core.LookupSubscriptionArgs{}, nil)
if err != nil {
return err
}
example, err := policy.NewDefinition(ctx, "example", &policy.DefinitionArgs{
Name: pulumi.String("only-deploy-in-westeurope"),
PolicyType: pulumi.String("Custom"),
Mode: pulumi.String("All"),
DisplayName: pulumi.String("Allowed resource types"),
PolicyRule: pulumi.String(` {
"if": {
"not": {
"field": "location",
"equals": "westeurope"
}
},
"then": {
"effect": "Deny"
}
}
`),
})
if err != nil {
return err
}
_, err = core.NewSubscriptionPolicyAssignment(ctx, "example", &core.SubscriptionPolicyAssignmentArgs{
Name: pulumi.String("example"),
PolicyDefinitionId: example.ID(),
SubscriptionId: pulumi.String(current.Id),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.CoreFunctions;
import com.pulumi.azure.core.inputs.GetSubscriptionArgs;
import com.pulumi.azure.policy.Definition;
import com.pulumi.azure.policy.DefinitionArgs;
import com.pulumi.azure.core.SubscriptionPolicyAssignment;
import com.pulumi.azure.core.SubscriptionPolicyAssignmentArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var current = CoreFunctions.getSubscription(GetSubscriptionArgs.builder()
.build());
var example = new Definition("example", DefinitionArgs.builder()
.name("only-deploy-in-westeurope")
.policyType("Custom")
.mode("All")
.displayName("Allowed resource types")
.policyRule("""
{
"if": {
"not": {
"field": "location",
"equals": "westeurope"
}
},
"then": {
"effect": "Deny"
}
}
""")
.build());
var exampleSubscriptionPolicyAssignment = new SubscriptionPolicyAssignment("exampleSubscriptionPolicyAssignment", SubscriptionPolicyAssignmentArgs.builder()
.name("example")
.policyDefinitionId(example.id())
.subscriptionId(current.id())
.build());
}
}Content copied to clipboard
resources:
example:
type: azure:policy:Definition
properties:
name: only-deploy-in-westeurope
policyType: Custom
mode: All
displayName: Allowed resource types
policyRule: |2
{
"if": {
"not": {
"field": "location",
"equals": "westeurope"
}
},
"then": {
"effect": "Deny"
}
}
exampleSubscriptionPolicyAssignment:
type: azure:core:SubscriptionPolicyAssignment
name: example
properties:
name: example
policyDefinitionId: ${example.id}
subscriptionId: ${current.id}
variables:
current:
fn::invoke:
function: azure:core:getSubscription
arguments: {}Content copied to clipboard
API Providers
This resource uses the following Azure API Providers:
Microsoft.Authorization: 2022-06-01
Import
Subscription Policy Assignments can be imported using the resource id, e.g.
$ pulumi import azure:core/subscriptionPolicyAssignment:SubscriptionPolicyAssignment example /subscriptions/00000000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/assignment1Content copied to clipboard
Constructors
Link copied to clipboard
constructor(description: Output<String>? = null, displayName: Output<String>? = null, enforce: Output<Boolean>? = null, identity: Output<SubscriptionPolicyAssignmentIdentityArgs>? = null, location: Output<String>? = null, metadata: Output<String>? = null, name: Output<String>? = null, nonComplianceMessages: Output<List<SubscriptionPolicyAssignmentNonComplianceMessageArgs>>? = null, notScopes: Output<List<String>>? = null, overrides: Output<List<SubscriptionPolicyAssignmentOverrideArgs>>? = null, parameters: Output<String>? = null, policyDefinitionId: Output<String>? = null, resourceSelectors: Output<List<SubscriptionPolicyAssignmentResourceSelectorArgs>>? = null, subscriptionId: Output<String>? = null)
Properties
Link copied to clipboard
A description which should be used for this Policy Assignment.
Link copied to clipboard
The Display Name for this Policy Assignment.
Link copied to clipboard
An identity block as defined below.
Link copied to clipboard
val nonComplianceMessages: Output<List<SubscriptionPolicyAssignmentNonComplianceMessageArgs>>? = null
One or more non_compliance_message blocks as defined below.
Link copied to clipboard
One or more overrides blocks as defined below. More detail about overrides and resource_selectors see policy assignment structure
Link copied to clipboard
A JSON mapping of any Parameters for this Policy.
Link copied to clipboard
The ID of the Policy Definition or Policy Definition Set. Changing this forces a new Policy Assignment to be created.
Link copied to clipboard
One or more resource_selectors blocks as defined below to filter polices by resource properties.
Link copied to clipboard
The ID of the Subscription where this Policy Assignment should be created. Changing this forces a new Policy Assignment to be created.