azure-native.authorization.PolicyAssignment

The policy assignment. API Version: 2020-09-01.

Example Usage

Create or update a policy assignment

using System.Collections.Generic;
using Pulumi;
using AzureNative = Pulumi.AzureNative;

return await Deployment.RunAsync(() => 
{
    var policyAssignment = new AzureNative.Authorization.PolicyAssignment("policyAssignment", new()
    {
        Description = "Force resource names to begin with given DeptA and end with -LC",
        DisplayName = "Enforce resource naming rules",
        Metadata = 
        {
            { "assignedBy", "Special Someone" },
        },
        NonComplianceMessages = new[]
        {
            new AzureNative.Authorization.Inputs.NonComplianceMessageArgs
            {
                Message = "Resource names must start with 'DeptA' and end with '-LC'.",
            },
        },
        Parameters = 
        {
            { "prefix", new AzureNative.Authorization.Inputs.ParameterValuesValueArgs
            {
                Value = "DeptA",
            } },
            { "suffix", new AzureNative.Authorization.Inputs.ParameterValuesValueArgs
            {
                Value = "-LC",
            } },
        },
        PolicyAssignmentName = "EnforceNaming",
        PolicyDefinitionId = "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
        Scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
    });

});
package main

import (
	authorization "github.com/pulumi/pulumi-azure-native/sdk/go/azure/authorization"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := authorization.NewPolicyAssignment(ctx, "policyAssignment", &authorization.PolicyAssignmentArgs{
			Description: pulumi.String("Force resource names to begin with given DeptA and end with -LC"),
			DisplayName: pulumi.String("Enforce resource naming rules"),
			Metadata: pulumi.Any{
				AssignedBy: "Special Someone",
			},
			NonComplianceMessages: []authorization.NonComplianceMessageArgs{
				{
					Message: pulumi.String("Resource names must start with 'DeptA' and end with '-LC'."),
				},
			},
			Parameters: authorization.ParameterValuesValueMap{
				"prefix": &authorization.ParameterValuesValueArgs{
					Value: pulumi.Any("DeptA"),
				},
				"suffix": &authorization.ParameterValuesValueArgs{
					Value: pulumi.Any("-LC"),
				},
			},
			PolicyAssignmentName: pulumi.String("EnforceNaming"),
			PolicyDefinitionId:   pulumi.String("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
			Scope:                pulumi.String("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.authorization.PolicyAssignment;
import com.pulumi.azurenative.authorization.PolicyAssignmentArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var policyAssignment = new PolicyAssignment("policyAssignment", PolicyAssignmentArgs.builder()        
            .description("Force resource names to begin with given DeptA and end with -LC")
            .displayName("Enforce resource naming rules")
            .metadata(Map.of("assignedBy", "Special Someone"))
            .nonComplianceMessages(Map.of("message", "Resource names must start with 'DeptA' and end with '-LC'."))
            .parameters(Map.ofEntries(
                Map.entry("prefix", Map.of("value", "DeptA")),
                Map.entry("suffix", Map.of("value", "-LC"))
            ))
            .policyAssignmentName("EnforceNaming")
            .policyDefinitionId("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming")
            .scope("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2")
            .build());

    }
}
import pulumi
import pulumi_azure_native as azure_native

policy_assignment = azure_native.authorization.PolicyAssignment("policyAssignment",
    description="Force resource names to begin with given DeptA and end with -LC",
    display_name="Enforce resource naming rules",
    metadata={
        "assignedBy": "Special Someone",
    },
    non_compliance_messages=[{
        "message": "Resource names must start with 'DeptA' and end with '-LC'.",
    }],
    parameters={
        "prefix": azure_native.authorization.ParameterValuesValueArgs(
            value="DeptA",
        ),
        "suffix": azure_native.authorization.ParameterValuesValueArgs(
            value="-LC",
        ),
    },
    policy_assignment_name="EnforceNaming",
    policy_definition_id="/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
    scope="subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2")
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";

const policyAssignment = new azure_native.authorization.PolicyAssignment("policyAssignment", {
    description: "Force resource names to begin with given DeptA and end with -LC",
    displayName: "Enforce resource naming rules",
    metadata: {
        assignedBy: "Special Someone",
    },
    nonComplianceMessages: [{
        message: "Resource names must start with 'DeptA' and end with '-LC'.",
    }],
    parameters: {
        prefix: {
            value: "DeptA",
        },
        suffix: {
            value: "-LC",
        },
    },
    policyAssignmentName: "EnforceNaming",
    policyDefinitionId: "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
    scope: "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
});
resources:
  policyAssignment:
    type: azure-native:authorization:PolicyAssignment
    properties:
      description: Force resource names to begin with given DeptA and end with -LC
      displayName: Enforce resource naming rules
      metadata:
        assignedBy: Special Someone
      nonComplianceMessages:
        - message: Resource names must start with 'DeptA' and end with '-LC'.
      parameters:
        prefix:
          value: DeptA
        suffix:
          value: -LC
      policyAssignmentName: EnforceNaming
      policyDefinitionId: /subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming
      scope: subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2

Create or update a policy assignment with a managed identity

using System.Collections.Generic;
using Pulumi;
using AzureNative = Pulumi.AzureNative;

return await Deployment.RunAsync(() => 
{
    var policyAssignment = new AzureNative.Authorization.PolicyAssignment("policyAssignment", new()
    {
        Description = "Force resource names to begin with given DeptA and end with -LC",
        DisplayName = "Enforce resource naming rules",
        EnforcementMode = "Default",
        Identity = new AzureNative.Authorization.Inputs.IdentityArgs
        {
            Type = AzureNative.Authorization.ResourceIdentityType.SystemAssigned,
        },
        Location = "eastus",
        Metadata = 
        {
            { "assignedBy", "Foo Bar" },
        },
        Parameters = 
        {
            { "prefix", new AzureNative.Authorization.Inputs.ParameterValuesValueArgs
            {
                Value = "DeptA",
            } },
            { "suffix", new AzureNative.Authorization.Inputs.ParameterValuesValueArgs
            {
                Value = "-LC",
            } },
        },
        PolicyAssignmentName = "EnforceNaming",
        PolicyDefinitionId = "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
        Scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
    });

});
package main

import (
	authorization "github.com/pulumi/pulumi-azure-native/sdk/go/azure/authorization"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := authorization.NewPolicyAssignment(ctx, "policyAssignment", &authorization.PolicyAssignmentArgs{
			Description:     pulumi.String("Force resource names to begin with given DeptA and end with -LC"),
			DisplayName:     pulumi.String("Enforce resource naming rules"),
			EnforcementMode: pulumi.String("Default"),
			Identity: &authorization.IdentityArgs{
				Type: authorization.ResourceIdentityTypeSystemAssigned,
			},
			Location: pulumi.String("eastus"),
			Metadata: pulumi.Any{
				AssignedBy: "Foo Bar",
			},
			Parameters: authorization.ParameterValuesValueMap{
				"prefix": &authorization.ParameterValuesValueArgs{
					Value: pulumi.Any("DeptA"),
				},
				"suffix": &authorization.ParameterValuesValueArgs{
					Value: pulumi.Any("-LC"),
				},
			},
			PolicyAssignmentName: pulumi.String("EnforceNaming"),
			PolicyDefinitionId:   pulumi.String("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
			Scope:                pulumi.String("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.authorization.PolicyAssignment;
import com.pulumi.azurenative.authorization.PolicyAssignmentArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var policyAssignment = new PolicyAssignment("policyAssignment", PolicyAssignmentArgs.builder()        
            .description("Force resource names to begin with given DeptA and end with -LC")
            .displayName("Enforce resource naming rules")
            .enforcementMode("Default")
            .identity(Map.of("type", "SystemAssigned"))
            .location("eastus")
            .metadata(Map.of("assignedBy", "Foo Bar"))
            .parameters(Map.ofEntries(
                Map.entry("prefix", Map.of("value", "DeptA")),
                Map.entry("suffix", Map.of("value", "-LC"))
            ))
            .policyAssignmentName("EnforceNaming")
            .policyDefinitionId("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming")
            .scope("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2")
            .build());

    }
}
import pulumi
import pulumi_azure_native as azure_native

policy_assignment = azure_native.authorization.PolicyAssignment("policyAssignment",
    description="Force resource names to begin with given DeptA and end with -LC",
    display_name="Enforce resource naming rules",
    enforcement_mode="Default",
    identity=azure_native.authorization.IdentityArgs(
        type=azure_native.authorization.ResourceIdentityType.SYSTEM_ASSIGNED,
    ),
    location="eastus",
    metadata={
        "assignedBy": "Foo Bar",
    },
    parameters={
        "prefix": azure_native.authorization.ParameterValuesValueArgs(
            value="DeptA",
        ),
        "suffix": azure_native.authorization.ParameterValuesValueArgs(
            value="-LC",
        ),
    },
    policy_assignment_name="EnforceNaming",
    policy_definition_id="/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
    scope="subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2")
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";

const policyAssignment = new azure_native.authorization.PolicyAssignment("policyAssignment", {
    description: "Force resource names to begin with given DeptA and end with -LC",
    displayName: "Enforce resource naming rules",
    enforcementMode: "Default",
    identity: {
        type: azure_native.authorization.ResourceIdentityType.SystemAssigned,
    },
    location: "eastus",
    metadata: {
        assignedBy: "Foo Bar",
    },
    parameters: {
        prefix: {
            value: "DeptA",
        },
        suffix: {
            value: "-LC",
        },
    },
    policyAssignmentName: "EnforceNaming",
    policyDefinitionId: "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
    scope: "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
});
resources:
  policyAssignment:
    type: azure-native:authorization:PolicyAssignment
    properties:
      description: Force resource names to begin with given DeptA and end with -LC
      displayName: Enforce resource naming rules
      enforcementMode: Default
      identity:
        type: SystemAssigned
      location: eastus
      metadata:
        assignedBy: Foo Bar
      parameters:
        prefix:
          value: DeptA
        suffix:
          value: -LC
      policyAssignmentName: EnforceNaming
      policyDefinitionId: /subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming
      scope: subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2

Create or update a policy assignment with multiple non-compliance messages

using System.Collections.Generic;
using Pulumi;
using AzureNative = Pulumi.AzureNative;

return await Deployment.RunAsync(() => 
{
    var policyAssignment = new AzureNative.Authorization.PolicyAssignment("policyAssignment", new()
    {
        DisplayName = "Enforce security policies",
        NonComplianceMessages = new[]
        {
            new AzureNative.Authorization.Inputs.NonComplianceMessageArgs
            {
                Message = "Resources must comply with all internal security policies. See <internal site URL> for more info.",
            },
            new AzureNative.Authorization.Inputs.NonComplianceMessageArgs
            {
                Message = "Resource names must start with 'DeptA' and end with '-LC'.",
                PolicyDefinitionReferenceId = "10420126870854049575",
            },
            new AzureNative.Authorization.Inputs.NonComplianceMessageArgs
            {
                Message = "Storage accounts must have firewall rules configured.",
                PolicyDefinitionReferenceId = "8572513655450389710",
            },
        },
        PolicyAssignmentName = "securityInitAssignment",
        PolicyDefinitionId = "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/securityInitiative",
        Scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
    });

});
package main

import (
	authorization "github.com/pulumi/pulumi-azure-native/sdk/go/azure/authorization"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := authorization.NewPolicyAssignment(ctx, "policyAssignment", &authorization.PolicyAssignmentArgs{
			DisplayName: pulumi.String("Enforce security policies"),
			NonComplianceMessages: []authorization.NonComplianceMessageArgs{
				{
					Message: pulumi.String("Resources must comply with all internal security policies. See <internal site URL> for more info."),
				},
				{
					Message:                     pulumi.String("Resource names must start with 'DeptA' and end with '-LC'."),
					PolicyDefinitionReferenceId: pulumi.String("10420126870854049575"),
				},
				{
					Message:                     pulumi.String("Storage accounts must have firewall rules configured."),
					PolicyDefinitionReferenceId: pulumi.String("8572513655450389710"),
				},
			},
			PolicyAssignmentName: pulumi.String("securityInitAssignment"),
			PolicyDefinitionId:   pulumi.String("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/securityInitiative"),
			Scope:                pulumi.String("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.authorization.PolicyAssignment;
import com.pulumi.azurenative.authorization.PolicyAssignmentArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var policyAssignment = new PolicyAssignment("policyAssignment", PolicyAssignmentArgs.builder()        
            .displayName("Enforce security policies")
            .nonComplianceMessages(            
                Map.of("message", "Resources must comply with all internal security policies. See <internal site URL> for more info."),
                Map.ofEntries(
                    Map.entry("message", "Resource names must start with 'DeptA' and end with '-LC'."),
                    Map.entry("policyDefinitionReferenceId", "10420126870854049575")
                ),
                Map.ofEntries(
                    Map.entry("message", "Storage accounts must have firewall rules configured."),
                    Map.entry("policyDefinitionReferenceId", "8572513655450389710")
                ))
            .policyAssignmentName("securityInitAssignment")
            .policyDefinitionId("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/securityInitiative")
            .scope("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2")
            .build());

    }
}
import pulumi
import pulumi_azure_native as azure_native

policy_assignment = azure_native.authorization.PolicyAssignment("policyAssignment",
    display_name="Enforce security policies",
    non_compliance_messages=[
        {
            "message": "Resources must comply with all internal security policies. See <internal site URL> for more info.",
        },
        {
            "message": "Resource names must start with 'DeptA' and end with '-LC'.",
            "policyDefinitionReferenceId": "10420126870854049575",
        },
        {
            "message": "Storage accounts must have firewall rules configured.",
            "policyDefinitionReferenceId": "8572513655450389710",
        },
    ],
    policy_assignment_name="securityInitAssignment",
    policy_definition_id="/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/securityInitiative",
    scope="subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2")
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";

const policyAssignment = new azure_native.authorization.PolicyAssignment("policyAssignment", {
    displayName: "Enforce security policies",
    nonComplianceMessages: [
        {
            message: "Resources must comply with all internal security policies. See <internal site URL> for more info.",
        },
        {
            message: "Resource names must start with 'DeptA' and end with '-LC'.",
            policyDefinitionReferenceId: "10420126870854049575",
        },
        {
            message: "Storage accounts must have firewall rules configured.",
            policyDefinitionReferenceId: "8572513655450389710",
        },
    ],
    policyAssignmentName: "securityInitAssignment",
    policyDefinitionId: "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/securityInitiative",
    scope: "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
});
resources:
  policyAssignment:
    type: azure-native:authorization:PolicyAssignment
    properties:
      displayName: Enforce security policies
      nonComplianceMessages:
        - message: Resources must comply with all internal security policies. See <internal site URL> for more info.
        - message: Resource names must start with 'DeptA' and end with '-LC'.
          policyDefinitionReferenceId: '10420126870854049575'
        - message: Storage accounts must have firewall rules configured.
          policyDefinitionReferenceId: '8572513655450389710'
      policyAssignmentName: securityInitAssignment
      policyDefinitionId: /subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/securityInitiative
      scope: subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2

Create or update a policy assignment without enforcing policy effect during resource creation or update.

using System.Collections.Generic;
using Pulumi;
using AzureNative = Pulumi.AzureNative;

return await Deployment.RunAsync(() => 
{
    var policyAssignment = new AzureNative.Authorization.PolicyAssignment("policyAssignment", new()
    {
        Description = "Force resource names to begin with given DeptA and end with -LC",
        DisplayName = "Enforce resource naming rules",
        EnforcementMode = "DoNotEnforce",
        Metadata = 
        {
            { "assignedBy", "Special Someone" },
        },
        Parameters = 
        {
            { "prefix", new AzureNative.Authorization.Inputs.ParameterValuesValueArgs
            {
                Value = "DeptA",
            } },
            { "suffix", new AzureNative.Authorization.Inputs.ParameterValuesValueArgs
            {
                Value = "-LC",
            } },
        },
        PolicyAssignmentName = "EnforceNaming",
        PolicyDefinitionId = "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
        Scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
    });

});
package main

import (
	authorization "github.com/pulumi/pulumi-azure-native/sdk/go/azure/authorization"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := authorization.NewPolicyAssignment(ctx, "policyAssignment", &authorization.PolicyAssignmentArgs{
			Description:     pulumi.String("Force resource names to begin with given DeptA and end with -LC"),
			DisplayName:     pulumi.String("Enforce resource naming rules"),
			EnforcementMode: pulumi.String("DoNotEnforce"),
			Metadata: pulumi.Any{
				AssignedBy: "Special Someone",
			},
			Parameters: authorization.ParameterValuesValueMap{
				"prefix": &authorization.ParameterValuesValueArgs{
					Value: pulumi.Any("DeptA"),
				},
				"suffix": &authorization.ParameterValuesValueArgs{
					Value: pulumi.Any("-LC"),
				},
			},
			PolicyAssignmentName: pulumi.String("EnforceNaming"),
			PolicyDefinitionId:   pulumi.String("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
			Scope:                pulumi.String("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.authorization.PolicyAssignment;
import com.pulumi.azurenative.authorization.PolicyAssignmentArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var policyAssignment = new PolicyAssignment("policyAssignment", PolicyAssignmentArgs.builder()        
            .description("Force resource names to begin with given DeptA and end with -LC")
            .displayName("Enforce resource naming rules")
            .enforcementMode("DoNotEnforce")
            .metadata(Map.of("assignedBy", "Special Someone"))
            .parameters(Map.ofEntries(
                Map.entry("prefix", Map.of("value", "DeptA")),
                Map.entry("suffix", Map.of("value", "-LC"))
            ))
            .policyAssignmentName("EnforceNaming")
            .policyDefinitionId("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming")
            .scope("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2")
            .build());

    }
}
import pulumi
import pulumi_azure_native as azure_native

policy_assignment = azure_native.authorization.PolicyAssignment("policyAssignment",
    description="Force resource names to begin with given DeptA and end with -LC",
    display_name="Enforce resource naming rules",
    enforcement_mode="DoNotEnforce",
    metadata={
        "assignedBy": "Special Someone",
    },
    parameters={
        "prefix": azure_native.authorization.ParameterValuesValueArgs(
            value="DeptA",
        ),
        "suffix": azure_native.authorization.ParameterValuesValueArgs(
            value="-LC",
        ),
    },
    policy_assignment_name="EnforceNaming",
    policy_definition_id="/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
    scope="subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2")
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";

const policyAssignment = new azure_native.authorization.PolicyAssignment("policyAssignment", {
    description: "Force resource names to begin with given DeptA and end with -LC",
    displayName: "Enforce resource naming rules",
    enforcementMode: "DoNotEnforce",
    metadata: {
        assignedBy: "Special Someone",
    },
    parameters: {
        prefix: {
            value: "DeptA",
        },
        suffix: {
            value: "-LC",
        },
    },
    policyAssignmentName: "EnforceNaming",
    policyDefinitionId: "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
    scope: "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
});
resources:
  policyAssignment:
    type: azure-native:authorization:PolicyAssignment
    properties:
      description: Force resource names to begin with given DeptA and end with -LC
      displayName: Enforce resource naming rules
      enforcementMode: DoNotEnforce
      metadata:
        assignedBy: Special Someone
      parameters:
        prefix:
          value: DeptA
        suffix:
          value: -LC
      policyAssignmentName: EnforceNaming
      policyDefinitionId: /subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming
      scope: subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2

Create PolicyAssignment Resource

new PolicyAssignment(name: string, args: PolicyAssignmentArgs, opts?: CustomResourceOptions);
@overload
def PolicyAssignment(resource_name: str,
                     opts: Optional[ResourceOptions] = None,
                     description: Optional[str] = None,
                     display_name: Optional[str] = None,
                     enforcement_mode: Optional[Union[str, EnforcementMode]] = None,
                     identity: Optional[IdentityArgs] = None,
                     location: Optional[str] = None,
                     metadata: Optional[Any] = None,
                     non_compliance_messages: Optional[Sequence[NonComplianceMessageArgs]] = None,
                     not_scopes: Optional[Sequence[str]] = None,
                     parameters: Optional[Mapping[str, ParameterValuesValueArgs]] = None,
                     policy_assignment_name: Optional[str] = None,
                     policy_definition_id: Optional[str] = None,
                     scope: Optional[str] = None)
@overload
def PolicyAssignment(resource_name: str,
                     args: PolicyAssignmentArgs,
                     opts: Optional[ResourceOptions] = None)
func NewPolicyAssignment(ctx *Context, name string, args PolicyAssignmentArgs, opts ...ResourceOption) (*PolicyAssignment, error)
public PolicyAssignment(string name, PolicyAssignmentArgs args, CustomResourceOptions? opts = null)
public PolicyAssignment(String name, PolicyAssignmentArgs args)
public PolicyAssignment(String name, PolicyAssignmentArgs args, CustomResourceOptions options)
type: azure-native:authorization:PolicyAssignment
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args PolicyAssignmentArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args PolicyAssignmentArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args PolicyAssignmentArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args PolicyAssignmentArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args PolicyAssignmentArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

PolicyAssignment Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The PolicyAssignment resource accepts the following input properties:

Scope string

The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'

Description string

This message will be part of response in case of policy violation.

DisplayName string

The display name of the policy assignment.

EnforcementMode string | Pulumi.AzureNative.Authorization.EnforcementMode

The policy assignment enforcement mode. Possible values are Default and DoNotEnforce.

Identity Pulumi.AzureNative.Authorization.Inputs.IdentityArgs

The managed identity associated with the policy assignment.

Location string

The location of the policy assignment. Only required when utilizing managed identity.

Metadata object

The policy assignment metadata. Metadata is an open ended object and is typically a collection of key value pairs.

NonComplianceMessages List<Pulumi.AzureNative.Authorization.Inputs.NonComplianceMessageArgs>

The messages that describe why a resource is non-compliant with the policy.

NotScopes List<string>

The policy's excluded scopes.

Parameters Dictionary<string, Pulumi.AzureNative.Authorization.Inputs.ParameterValuesValueArgs>

The parameter values for the assigned policy rule. The keys are the parameter names.

PolicyAssignmentName string

The name of the policy assignment.

PolicyDefinitionId string

The ID of the policy definition or policy set definition being assigned.

Scope string

The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'

Description string

This message will be part of response in case of policy violation.

DisplayName string

The display name of the policy assignment.

EnforcementMode string | EnforcementMode

The policy assignment enforcement mode. Possible values are Default and DoNotEnforce.

Identity IdentityArgs

The managed identity associated with the policy assignment.

Location string

The location of the policy assignment. Only required when utilizing managed identity.

Metadata interface{}

The policy assignment metadata. Metadata is an open ended object and is typically a collection of key value pairs.

NonComplianceMessages []NonComplianceMessageArgs

The messages that describe why a resource is non-compliant with the policy.

NotScopes []string

The policy's excluded scopes.

Parameters map[string]ParameterValuesValueArgs

The parameter values for the assigned policy rule. The keys are the parameter names.

PolicyAssignmentName string

The name of the policy assignment.

PolicyDefinitionId string

The ID of the policy definition or policy set definition being assigned.

scope String

The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'

description String

This message will be part of response in case of policy violation.

displayName String

The display name of the policy assignment.

enforcementMode String | EnforcementMode

The policy assignment enforcement mode. Possible values are Default and DoNotEnforce.

identity IdentityArgs

The managed identity associated with the policy assignment.

location String

The location of the policy assignment. Only required when utilizing managed identity.

metadata Object

The policy assignment metadata. Metadata is an open ended object and is typically a collection of key value pairs.

nonComplianceMessages List<NonComplianceMessageArgs>

The messages that describe why a resource is non-compliant with the policy.

notScopes List<String>

The policy's excluded scopes.

parameters Map<String,ParameterValuesValueArgs>

The parameter values for the assigned policy rule. The keys are the parameter names.

policyAssignmentName String

The name of the policy assignment.

policyDefinitionId String

The ID of the policy definition or policy set definition being assigned.

scope string

The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'

description string

This message will be part of response in case of policy violation.

displayName string

The display name of the policy assignment.

enforcementMode string | EnforcementMode

The policy assignment enforcement mode. Possible values are Default and DoNotEnforce.

identity IdentityArgs

The managed identity associated with the policy assignment.

location string

The location of the policy assignment. Only required when utilizing managed identity.

metadata any

The policy assignment metadata. Metadata is an open ended object and is typically a collection of key value pairs.

nonComplianceMessages NonComplianceMessageArgs[]

The messages that describe why a resource is non-compliant with the policy.

notScopes string[]

The policy's excluded scopes.

parameters {[key: string]: ParameterValuesValueArgs}

The parameter values for the assigned policy rule. The keys are the parameter names.

policyAssignmentName string

The name of the policy assignment.

policyDefinitionId string

The ID of the policy definition or policy set definition being assigned.

scope str

The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'

description str

This message will be part of response in case of policy violation.

display_name str

The display name of the policy assignment.

enforcement_mode str | EnforcementMode

The policy assignment enforcement mode. Possible values are Default and DoNotEnforce.

identity IdentityArgs

The managed identity associated with the policy assignment.

location str

The location of the policy assignment. Only required when utilizing managed identity.

metadata Any

The policy assignment metadata. Metadata is an open ended object and is typically a collection of key value pairs.

non_compliance_messages Sequence[NonComplianceMessageArgs]

The messages that describe why a resource is non-compliant with the policy.

not_scopes Sequence[str]

The policy's excluded scopes.

parameters Mapping[str, ParameterValuesValueArgs]

The parameter values for the assigned policy rule. The keys are the parameter names.

policy_assignment_name str

The name of the policy assignment.

policy_definition_id str

The ID of the policy definition or policy set definition being assigned.

scope String

The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'

description String

This message will be part of response in case of policy violation.

displayName String

The display name of the policy assignment.

enforcementMode String | "Default" | "DoNotEnforce"

The policy assignment enforcement mode. Possible values are Default and DoNotEnforce.

identity Property Map

The managed identity associated with the policy assignment.

location String

The location of the policy assignment. Only required when utilizing managed identity.

metadata Any

The policy assignment metadata. Metadata is an open ended object and is typically a collection of key value pairs.

nonComplianceMessages List<Property Map>

The messages that describe why a resource is non-compliant with the policy.

notScopes List<String>

The policy's excluded scopes.

parameters Map<Property Map>

The parameter values for the assigned policy rule. The keys are the parameter names.

policyAssignmentName String

The name of the policy assignment.

policyDefinitionId String

The ID of the policy definition or policy set definition being assigned.

Outputs

All input properties are implicitly available as output properties. Additionally, the PolicyAssignment resource produces the following output properties:

Id string

The provider-assigned unique ID for this managed resource.

Name string

The name of the policy assignment.

Type string

The type of the policy assignment.

Id string

The provider-assigned unique ID for this managed resource.

Name string

The name of the policy assignment.

Type string

The type of the policy assignment.

id String

The provider-assigned unique ID for this managed resource.

name String

The name of the policy assignment.

type String

The type of the policy assignment.

id string

The provider-assigned unique ID for this managed resource.

name string

The name of the policy assignment.

type string

The type of the policy assignment.

id str

The provider-assigned unique ID for this managed resource.

name str

The name of the policy assignment.

type str

The type of the policy assignment.

id String

The provider-assigned unique ID for this managed resource.

name String

The name of the policy assignment.

type String

The type of the policy assignment.

Supporting Types

EnforcementMode

Default
Default

The policy effect is enforced during resource creation or update.

DoNotEnforce
DoNotEnforce

The policy effect is not enforced during resource creation or update.

EnforcementModeDefault
Default

The policy effect is enforced during resource creation or update.

EnforcementModeDoNotEnforce
DoNotEnforce

The policy effect is not enforced during resource creation or update.

Default
Default

The policy effect is enforced during resource creation or update.

DoNotEnforce
DoNotEnforce

The policy effect is not enforced during resource creation or update.

Default
Default

The policy effect is enforced during resource creation or update.

DoNotEnforce
DoNotEnforce

The policy effect is not enforced during resource creation or update.

DEFAULT
Default

The policy effect is enforced during resource creation or update.

DO_NOT_ENFORCE
DoNotEnforce

The policy effect is not enforced during resource creation or update.

"Default"
Default

The policy effect is enforced during resource creation or update.

"DoNotEnforce"
DoNotEnforce

The policy effect is not enforced during resource creation or update.

Identity

Type Pulumi.AzureNative.Authorization.ResourceIdentityType

The identity type. This is the only required field when adding a system assigned identity to a resource.

Type ResourceIdentityType

The identity type. This is the only required field when adding a system assigned identity to a resource.

type ResourceIdentityType

The identity type. This is the only required field when adding a system assigned identity to a resource.

type ResourceIdentityType

The identity type. This is the only required field when adding a system assigned identity to a resource.

type ResourceIdentityType

The identity type. This is the only required field when adding a system assigned identity to a resource.

type "SystemAssigned" | "None"

The identity type. This is the only required field when adding a system assigned identity to a resource.

IdentityResponse

PrincipalId string

The principal ID of the resource identity.

TenantId string

The tenant ID of the resource identity.

Type string

The identity type. This is the only required field when adding a system assigned identity to a resource.

PrincipalId string

The principal ID of the resource identity.

TenantId string

The tenant ID of the resource identity.

Type string

The identity type. This is the only required field when adding a system assigned identity to a resource.

principalId String

The principal ID of the resource identity.

tenantId String

The tenant ID of the resource identity.

type String

The identity type. This is the only required field when adding a system assigned identity to a resource.

principalId string

The principal ID of the resource identity.

tenantId string

The tenant ID of the resource identity.

type string

The identity type. This is the only required field when adding a system assigned identity to a resource.

principal_id str

The principal ID of the resource identity.

tenant_id str

The tenant ID of the resource identity.

type str

The identity type. This is the only required field when adding a system assigned identity to a resource.

principalId String

The principal ID of the resource identity.

tenantId String

The tenant ID of the resource identity.

type String

The identity type. This is the only required field when adding a system assigned identity to a resource.

NonComplianceMessage

Message string

A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results.

PolicyDefinitionReferenceId string

The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment.

Message string

A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results.

PolicyDefinitionReferenceId string

The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment.

message String

A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results.

policyDefinitionReferenceId String

The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment.

message string

A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results.

policyDefinitionReferenceId string

The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment.

message str

A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results.

policy_definition_reference_id str

The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment.

message String

A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results.

policyDefinitionReferenceId String

The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment.

NonComplianceMessageResponse

Message string

A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results.

PolicyDefinitionReferenceId string

The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment.

Message string

A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results.

PolicyDefinitionReferenceId string

The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment.

message String

A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results.

policyDefinitionReferenceId String

The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment.

message string

A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results.

policyDefinitionReferenceId string

The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment.

message str

A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results.

policy_definition_reference_id str

The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment.

message String

A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results.

policyDefinitionReferenceId String

The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment.

ParameterValuesValue

Value object

The value of the parameter.

Value interface{}

The value of the parameter.

value Object

The value of the parameter.

value any

The value of the parameter.

value Any

The value of the parameter.

value Any

The value of the parameter.

ParameterValuesValueResponse

Value object

The value of the parameter.

Value interface{}

The value of the parameter.

value Object

The value of the parameter.

value any

The value of the parameter.

value Any

The value of the parameter.

value Any

The value of the parameter.

ResourceIdentityType

SystemAssigned
SystemAssigned

Indicates that a system assigned identity is associated with the resource.

None
None

Indicates that no identity is associated with the resource or that the existing identity should be removed.

ResourceIdentityTypeSystemAssigned
SystemAssigned

Indicates that a system assigned identity is associated with the resource.

ResourceIdentityTypeNone
None

Indicates that no identity is associated with the resource or that the existing identity should be removed.

SystemAssigned
SystemAssigned

Indicates that a system assigned identity is associated with the resource.

None
None

Indicates that no identity is associated with the resource or that the existing identity should be removed.

SystemAssigned
SystemAssigned

Indicates that a system assigned identity is associated with the resource.

None
None

Indicates that no identity is associated with the resource or that the existing identity should be removed.

SYSTEM_ASSIGNED
SystemAssigned

Indicates that a system assigned identity is associated with the resource.

NONE
None

Indicates that no identity is associated with the resource or that the existing identity should be removed.

"SystemAssigned"
SystemAssigned

Indicates that a system assigned identity is associated with the resource.

"None"
None

Indicates that no identity is associated with the resource or that the existing identity should be removed.

Import

An existing resource can be imported using its type token, name, and identifier, e.g.

$ pulumi import azure-native:authorization:PolicyAssignment EnforceNaming /subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming 

Package Details

Repository
Azure Native pulumi/pulumi-azure-native
License
Apache-2.0