Module policy

policy

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-azure repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-azurerm repo.
class pulumi_azure.policy.Assignment(resource_name, opts=None, description=None, display_name=None, identity=None, location=None, name=None, not_scopes=None, parameters=None, policy_definition_id=None, scope=None, __props__=None, __name__=None, __opts__=None)

Configures the specified Policy Definition at the specified Scope. Also, Policy Set Definitions are supported.

Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • description (pulumi.Input[str]) – A description to use for this Policy Assignment. Changing this forces a new resource to be created.
  • display_name (pulumi.Input[str]) – A friendly display name to use for this Policy Assignment. Changing this forces a new resource to be created.
  • identity (pulumi.Input[dict]) – An identity block.
  • location (pulumi.Input[str]) – The Azure location where this policy assignment should exist. This is required when an Identity is assigned. Changing this forces a new resource to be created.
  • name (pulumi.Input[str]) – The name of the Policy Assignment. Changing this forces a new resource to be created.
  • not_scopes (pulumi.Input[list]) – A list of the Policy Assignment’s excluded scopes. The list must contain Resource IDs (such as Subscriptions e.g. /subscriptions/00000000-0000-0000-000000000000 or Resource Groups e.g./subscriptions/00000000-0000-0000-000000000000/resourceGroups/myResourceGroup).
  • parameters (pulumi.Input[str]) – Parameters for the policy definition. This field is a JSON object that maps to the Parameters field from the Policy Definition. Changing this forces a new resource to be created.
  • policy_definition_id (pulumi.Input[str]) – The ID of the Policy Definition to be applied at the specified Scope.
description = None

A description to use for this Policy Assignment. Changing this forces a new resource to be created.

display_name = None

A friendly display name to use for this Policy Assignment. Changing this forces a new resource to be created.

identity = None

An identity block.

location = None

The Azure location where this policy assignment should exist. This is required when an Identity is assigned. Changing this forces a new resource to be created.

name = None

The name of the Policy Assignment. Changing this forces a new resource to be created.

not_scopes = None

A list of the Policy Assignment’s excluded scopes. The list must contain Resource IDs (such as Subscriptions e.g. /subscriptions/00000000-0000-0000-000000000000 or Resource Groups e.g./subscriptions/00000000-0000-0000-000000000000/resourceGroups/myResourceGroup).

parameters = None

Parameters for the policy definition. This field is a JSON object that maps to the Parameters field from the Policy Definition. Changing this forces a new resource to be created.

policy_definition_id = None

The ID of the Policy Definition to be applied at the specified Scope.

static get(resource_name, id, opts=None, description=None, display_name=None, identity=None, location=None, name=None, not_scopes=None, parameters=None, policy_definition_id=None, scope=None)

Get an existing Assignment resource’s state with the given name, id, and optional extra properties used to qualify the lookup. :param str resource_name: The unique name of the resulting resource. :param str id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] description: A description to use for this Policy Assignment. Changing this forces a new resource to be created. :param pulumi.Input[str] display_name: A friendly display name to use for this Policy Assignment. Changing this forces a new resource to be created. :param pulumi.Input[dict] identity: An identity block. :param pulumi.Input[str] location: The Azure location where this policy assignment should exist. This is required when an Identity is assigned. Changing this forces a new resource to be created. :param pulumi.Input[str] name: The name of the Policy Assignment. Changing this forces a new resource to be created. :param pulumi.Input[list] not_scopes: A list of the Policy Assignment’s excluded scopes. The list must contain Resource IDs (such as Subscriptions e.g. /subscriptions/00000000-0000-0000-000000000000 or Resource Groups e.g./subscriptions/00000000-0000-0000-000000000000/resourceGroups/myResourceGroup). :param pulumi.Input[str] parameters: Parameters for the policy definition. This field is a JSON object that maps to the Parameters field from the Policy Definition. Changing this forces a new resource to be created. :param pulumi.Input[str] policy_definition_id: The ID of the Policy Definition to be applied at the specified Scope.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
class pulumi_azure.policy.AwaitableGetPolicyDefintionResult(description=None, display_name=None, management_group_id=None, metadata=None, name=None, parameters=None, policy_rule=None, policy_type=None, type=None, id=None)
class pulumi_azure.policy.Definition(resource_name, opts=None, description=None, display_name=None, management_group_id=None, metadata=None, mode=None, name=None, parameters=None, policy_rule=None, policy_type=None, __props__=None, __name__=None, __opts__=None)

Manages a policy rule definition on a management group or your provider subscription.

Policy definitions do not take effect until they are assigned to a scope using a Policy Assignment.

Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • description (pulumi.Input[str]) – The description of the policy definition.
  • display_name (pulumi.Input[str]) – The display name of the policy definition.
  • management_group_id (pulumi.Input[str]) – The ID of the Management Group where this policy should be defined. Changing this forces a new resource to be created.
  • metadata (pulumi.Input[str]) – The metadata for the policy definition. This is a json object representing additional metadata that should be stored with the policy definition.
  • mode (pulumi.Input[str]) – The policy mode that allows you to specify which resource types will be evaluated. The value can be “All”, “Indexed” or “NotSpecified”. Changing this resource forces a new resource to be created.
  • name (pulumi.Input[str]) – The name of the policy definition. Changing this forces a new resource to be created.
  • parameters (pulumi.Input[str]) – Parameters for the policy definition. This field is a json object that allows you to parameterize your policy definition.
  • policy_rule (pulumi.Input[str]) – The policy rule for the policy definition. This is a json object representing the rule that contains an if and a then block.
  • policy_type (pulumi.Input[str]) – The policy type. The value can be “BuiltIn”, “Custom” or “NotSpecified”. Changing this forces a new resource to be created.
description = None

The description of the policy definition.

display_name = None

The display name of the policy definition.

management_group_id = None

The ID of the Management Group where this policy should be defined. Changing this forces a new resource to be created.

metadata = None

The metadata for the policy definition. This is a json object representing additional metadata that should be stored with the policy definition.

mode = None

The policy mode that allows you to specify which resource types will be evaluated. The value can be “All”, “Indexed” or “NotSpecified”. Changing this resource forces a new resource to be created.

name = None

The name of the policy definition. Changing this forces a new resource to be created.

parameters = None

Parameters for the policy definition. This field is a json object that allows you to parameterize your policy definition.

policy_rule = None

The policy rule for the policy definition. This is a json object representing the rule that contains an if and a then block.

policy_type = None

The policy type. The value can be “BuiltIn”, “Custom” or “NotSpecified”. Changing this forces a new resource to be created.

static get(resource_name, id, opts=None, description=None, display_name=None, management_group_id=None, metadata=None, mode=None, name=None, parameters=None, policy_rule=None, policy_type=None)

Get an existing Definition resource’s state with the given name, id, and optional extra properties used to qualify the lookup. :param str resource_name: The unique name of the resulting resource. :param str id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] description: The description of the policy definition. :param pulumi.Input[str] display_name: The display name of the policy definition. :param pulumi.Input[str] management_group_id: The ID of the Management Group where this policy should be defined. Changing this forces a new resource to be created. :param pulumi.Input[str] metadata: The metadata for the policy definition. This

is a json object representing additional metadata that should be stored with the policy definition.
Parameters:
  • mode (pulumi.Input[str]) – The policy mode that allows you to specify which resource types will be evaluated. The value can be “All”, “Indexed” or “NotSpecified”. Changing this resource forces a new resource to be created.
  • name (pulumi.Input[str]) – The name of the policy definition. Changing this forces a new resource to be created.
  • parameters (pulumi.Input[str]) – Parameters for the policy definition. This field is a json object that allows you to parameterize your policy definition.
  • policy_rule (pulumi.Input[str]) – The policy rule for the policy definition. This is a json object representing the rule that contains an if and a then block.
  • policy_type (pulumi.Input[str]) – The policy type. The value can be “BuiltIn”, “Custom” or “NotSpecified”. Changing this forces a new resource to be created.
translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
class pulumi_azure.policy.GetPolicyDefintionResult(description=None, display_name=None, management_group_id=None, metadata=None, name=None, parameters=None, policy_rule=None, policy_type=None, type=None, id=None)

A collection of values returned by getPolicyDefintion.

description = None

The Description of the Policy.

metadata = None

Any Metadata defined in the Policy.

name = None

The Name of the Policy Definition.

parameters = None

Any Parameters defined in the Policy.

policy_rule = None

The Rule as defined (in JSON) in the Policy.

policy_type = None

The Type of the Policy, such as Microsoft.Authorization/policyDefinitions.

type = None

The Type of Policy.

id = None

id is the provider-assigned unique ID for this managed resource.

class pulumi_azure.policy.PolicySetDefinition(resource_name, opts=None, description=None, display_name=None, management_group_id=None, metadata=None, name=None, parameters=None, policy_definitions=None, policy_type=None, __props__=None, __name__=None, __opts__=None)

Manages a policy set definition.

NOTE: Policy set definitions (also known as policy initiatives) do not take effect until they are assigned to a scope using a Policy Set Assignment.
Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • description (pulumi.Input[str]) – The description of the policy set definition.
  • display_name (pulumi.Input[str]) – The display name of the policy set definition.
  • management_group_id (pulumi.Input[str]) – The ID of the Management Group where this policy should be defined. Changing this forces a new resource to be created.
  • metadata (pulumi.Input[str]) – The metadata for the policy set definition. This is a json object representing additional metadata that should be stored with the policy definition.
  • name (pulumi.Input[str]) – The name of the policy set definition. Changing this forces a new resource to be created.
  • parameters (pulumi.Input[str]) – Parameters for the policy set definition. This field is a json object that allows you to parameterize your policy definition.
  • policy_definitions (pulumi.Input[str]) – The policy definitions for the policy set definition. This is a json object representing the bundled policy definitions .
  • policy_type (pulumi.Input[str]) – The policy set type. Possible values are BuiltIn or Custom. Changing this forces a new resource to be created.
description = None

The description of the policy set definition.

display_name = None

The display name of the policy set definition.

management_group_id = None

The ID of the Management Group where this policy should be defined. Changing this forces a new resource to be created.

metadata = None

The metadata for the policy set definition. This is a json object representing additional metadata that should be stored with the policy definition.

name = None

The name of the policy set definition. Changing this forces a new resource to be created.

parameters = None

Parameters for the policy set definition. This field is a json object that allows you to parameterize your policy definition.

policy_definitions = None

The policy definitions for the policy set definition. This is a json object representing the bundled policy definitions .

policy_type = None

The policy set type. Possible values are BuiltIn or Custom. Changing this forces a new resource to be created.

static get(resource_name, id, opts=None, description=None, display_name=None, management_group_id=None, metadata=None, name=None, parameters=None, policy_definitions=None, policy_type=None)

Get an existing PolicySetDefinition resource’s state with the given name, id, and optional extra properties used to qualify the lookup. :param str resource_name: The unique name of the resulting resource. :param str id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] description: The description of the policy set definition. :param pulumi.Input[str] display_name: The display name of the policy set definition. :param pulumi.Input[str] management_group_id: The ID of the Management Group where this policy should be defined. Changing this forces a new resource to be created. :param pulumi.Input[str] metadata: The metadata for the policy set definition. This is a json object representing additional metadata that should be stored with the policy definition. :param pulumi.Input[str] name: The name of the policy set definition. Changing this forces a new resource to be created. :param pulumi.Input[str] parameters: Parameters for the policy set definition. This field is a json object that allows you to parameterize your policy definition. :param pulumi.Input[str] policy_definitions: The policy definitions for the policy set definition. This is a json object representing the bundled policy definitions . :param pulumi.Input[str] policy_type: The policy set type. Possible values are BuiltIn or Custom. Changing this forces a new resource to be created.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
pulumi_azure.policy.get_policy_defintion(display_name=None, management_group_id=None, opts=None)

Use this data source to access information about a Policy Definition, both custom and built in. Retrieves Policy Definitions from your current subscription by default.