Policy
data class PolicySetDefinitionArgs(val description: Output<String>? = null, val displayName: Output<String>? = null, val managementGroupId: Output<String>? = null, val metadata: Output<String>? = null, val name: Output<String>? = null, val parameters: Output<String>? = null, val policyDefinitionGroups: Output<List<PolicySetDefinitionPolicyDefinitionGroupArgs>>? = null, val policyDefinitionReferences: Output<List<PolicySetDefinitionPolicyDefinitionReferenceArgs>>? = null, val policyType: Output<String>? = null) : ConvertibleToJava<PolicySetDefinitionArgs>
Manages a policy set definition.
Note: Policy set definitions (also known as policy initiatives) do not take effect until they are assigned to a scope using a Policy Set Assignment.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const example = new azure.policy.PolicySetDefinition("example", {
name: "testPolicySet",
policyType: "Custom",
displayName: "Test Policy Set",
parameters: ` {
"allowedLocations": {
"type": "Array",
"metadata": {
"description": "The list of allowed locations for resources.",
"displayName": "Allowed locations",
"strongType": "location"
}
}
}
`,
policyDefinitionReferences: [{
policyDefinitionId: "/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988",
parameterValues: ` {
"listOfAllowedLocations": {"value": "[parameters('allowedLocations')]"}
}
`,
}],
});Content copied to clipboard
import pulumi
import pulumi_azure as azure
example = azure.policy.PolicySetDefinition("example",
name="testPolicySet",
policy_type="Custom",
display_name="Test Policy Set",
parameters=""" {
"allowedLocations": {
"type": "Array",
"metadata": {
"description": "The list of allowed locations for resources.",
"displayName": "Allowed locations",
"strongType": "location"
}
}
}
""",
policy_definition_references=[{
"policy_definition_id": "/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988",
"parameter_values": """ {
"listOfAllowedLocations": {"value": "[parameters('allowedLocations')]"}
}
""",
}])Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var example = new Azure.Policy.PolicySetDefinition("example", new()
{
Name = "testPolicySet",
PolicyType = "Custom",
DisplayName = "Test Policy Set",
Parameters = @" {
""allowedLocations"": {
""type"": ""Array"",
""metadata"": {
""description"": ""The list of allowed locations for resources."",
""displayName"": ""Allowed locations"",
""strongType"": ""location""
}
}
}
",
PolicyDefinitionReferences = new[]
{
new Azure.Policy.Inputs.PolicySetDefinitionPolicyDefinitionReferenceArgs
{
PolicyDefinitionId = "/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988",
ParameterValues = @" {
""listOfAllowedLocations"": {""value"": ""[parameters('allowedLocations')]""}
}
",
},
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/policy"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := policy.NewPolicySetDefinition(ctx, "example", &policy.PolicySetDefinitionArgs{
Name: pulumi.String("testPolicySet"),
PolicyType: pulumi.String("Custom"),
DisplayName: pulumi.String("Test Policy Set"),
Parameters: pulumi.String(` {
"allowedLocations": {
"type": "Array",
"metadata": {
"description": "The list of allowed locations for resources.",
"displayName": "Allowed locations",
"strongType": "location"
}
}
}
`),
PolicyDefinitionReferences: policy.PolicySetDefinitionPolicyDefinitionReferenceArray{
&policy.PolicySetDefinitionPolicyDefinitionReferenceArgs{
PolicyDefinitionId: pulumi.String("/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988"),
ParameterValues: pulumi.String(" {\n \"listOfAllowedLocations\": {\"value\": \"[parameters('allowedLocations')]\"}\n }\n"),
},
},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.policy.PolicySetDefinition;
import com.pulumi.azure.policy.PolicySetDefinitionArgs;
import com.pulumi.azure.policy.inputs.PolicySetDefinitionPolicyDefinitionReferenceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new PolicySetDefinition("example", PolicySetDefinitionArgs.builder()
.name("testPolicySet")
.policyType("Custom")
.displayName("Test Policy Set")
.parameters("""
{
"allowedLocations": {
"type": "Array",
"metadata": {
"description": "The list of allowed locations for resources.",
"displayName": "Allowed locations",
"strongType": "location"
}
}
}
""")
.policyDefinitionReferences(PolicySetDefinitionPolicyDefinitionReferenceArgs.builder()
.policyDefinitionId("/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988")
.parameterValues("""
{
"listOfAllowedLocations": {"value": "[parameters('allowedLocations')]"}
}
""")
.build())
.build());
}
}Content copied to clipboard
resources:
example:
type: azure:policy:PolicySetDefinition
properties:
name: testPolicySet
policyType: Custom
displayName: Test Policy Set
parameters: |2
{
"allowedLocations": {
"type": "Array",
"metadata": {
"description": "The list of allowed locations for resources.",
"displayName": "Allowed locations",
"strongType": "location"
}
}
}
policyDefinitionReferences:
- policyDefinitionId: /providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988
parameterValues: |2
{
"listOfAllowedLocations": {"value": "[parameters('allowedLocations')]"}
}Content copied to clipboard
Import
Policy Set Definitions can be imported using the resource id, e.g.
$ pulumi import azure:policy/policySetDefinition:PolicySetDefinition example /subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/testPolicySetContent copied to clipboard
or
$ pulumi import azure:policy/policySetDefinition:PolicySetDefinition example /providers/Microsoft.Management/managementGroups/my-mgmt-group-id/providers/Microsoft.Authorization/policySetDefinitions/testPolicySetContent copied to clipboard
Constructors
Link copied to clipboard
constructor(description: Output<String>? = null, displayName: Output<String>? = null, managementGroupId: Output<String>? = null, metadata: Output<String>? = null, name: Output<String>? = null, parameters: Output<String>? = null, policyDefinitionGroups: Output<List<PolicySetDefinitionPolicyDefinitionGroupArgs>>? = null, policyDefinitionReferences: Output<List<PolicySetDefinitionPolicyDefinitionReferenceArgs>>? = null, policyType: Output<String>? = null)
Properties
Link copied to clipboard
The description of the policy set definition.
Link copied to clipboard
The display name of the policy set definition.
Link copied to clipboard
The id of the Management Group where this policy set definition should be defined. Changing this forces a new resource to be created.
Link copied to clipboard
Parameters for the policy set definition. This field is a JSON object that allows you to parameterize your policy definition.
Link copied to clipboard
One or more policy_definition_group blocks as defined below.
Link copied to clipboard
val policyDefinitionReferences: Output<List<PolicySetDefinitionPolicyDefinitionReferenceArgs>>? = null
One or more policy_definition_reference blocks as defined below.
Link copied to clipboard
The policy set type. Possible values are BuiltIn, Custom, NotSpecified and Static. Changing this forces a new resource to be created.