Docs
Packages
Azure Native v1.102.0, May 2 23
Azure Native v1.102.0, May 2 23
azure-native.authorization.PolicyAssignment
Explore with Pulumi AI
The policy assignment. API Version: 2020-09-01.
Example Usage
Create or update a policy assignment
using System.Collections.Generic;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var policyAssignment = new AzureNative.Authorization.PolicyAssignment("policyAssignment", new()
{
Description = "Force resource names to begin with given DeptA and end with -LC",
DisplayName = "Enforce resource naming rules",
Metadata =
{
{ "assignedBy", "Special Someone" },
},
NonComplianceMessages = new[]
{
new AzureNative.Authorization.Inputs.NonComplianceMessageArgs
{
Message = "Resource names must start with 'DeptA' and end with '-LC'.",
},
},
Parameters =
{
{ "prefix", new AzureNative.Authorization.Inputs.ParameterValuesValueArgs
{
Value = "DeptA",
} },
{ "suffix", new AzureNative.Authorization.Inputs.ParameterValuesValueArgs
{
Value = "-LC",
} },
},
PolicyAssignmentName = "EnforceNaming",
PolicyDefinitionId = "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
Scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
});
});
package main
import (
authorization "github.com/pulumi/pulumi-azure-native/sdk/go/azure/authorization"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := authorization.NewPolicyAssignment(ctx, "policyAssignment", &authorization.PolicyAssignmentArgs{
Description: pulumi.String("Force resource names to begin with given DeptA and end with -LC"),
DisplayName: pulumi.String("Enforce resource naming rules"),
Metadata: pulumi.Any{
AssignedBy: "Special Someone",
},
NonComplianceMessages: []authorization.NonComplianceMessageArgs{
{
Message: pulumi.String("Resource names must start with 'DeptA' and end with '-LC'."),
},
},
Parameters: authorization.ParameterValuesValueMap{
"prefix": &authorization.ParameterValuesValueArgs{
Value: pulumi.Any("DeptA"),
},
"suffix": &authorization.ParameterValuesValueArgs{
Value: pulumi.Any("-LC"),
},
},
PolicyAssignmentName: pulumi.String("EnforceNaming"),
PolicyDefinitionId: pulumi.String("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
Scope: pulumi.String("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.authorization.PolicyAssignment;
import com.pulumi.azurenative.authorization.PolicyAssignmentArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var policyAssignment = new PolicyAssignment("policyAssignment", PolicyAssignmentArgs.builder()
.description("Force resource names to begin with given DeptA and end with -LC")
.displayName("Enforce resource naming rules")
.metadata(Map.of("assignedBy", "Special Someone"))
.nonComplianceMessages(Map.of("message", "Resource names must start with 'DeptA' and end with '-LC'."))
.parameters(Map.ofEntries(
Map.entry("prefix", Map.of("value", "DeptA")),
Map.entry("suffix", Map.of("value", "-LC"))
))
.policyAssignmentName("EnforceNaming")
.policyDefinitionId("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming")
.scope("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2")
.build());
}
}
import pulumi
import pulumi_azure_native as azure_native
policy_assignment = azure_native.authorization.PolicyAssignment("policyAssignment",
description="Force resource names to begin with given DeptA and end with -LC",
display_name="Enforce resource naming rules",
metadata={
"assignedBy": "Special Someone",
},
non_compliance_messages=[{
"message": "Resource names must start with 'DeptA' and end with '-LC'.",
}],
parameters={
"prefix": azure_native.authorization.ParameterValuesValueArgs(
value="DeptA",
),
"suffix": azure_native.authorization.ParameterValuesValueArgs(
value="-LC",
),
},
policy_assignment_name="EnforceNaming",
policy_definition_id="/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
scope="subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2")
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const policyAssignment = new azure_native.authorization.PolicyAssignment("policyAssignment", {
description: "Force resource names to begin with given DeptA and end with -LC",
displayName: "Enforce resource naming rules",
metadata: {
assignedBy: "Special Someone",
},
nonComplianceMessages: [{
message: "Resource names must start with 'DeptA' and end with '-LC'.",
}],
parameters: {
prefix: {
value: "DeptA",
},
suffix: {
value: "-LC",
},
},
policyAssignmentName: "EnforceNaming",
policyDefinitionId: "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
scope: "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
});
resources:
policyAssignment:
type: azure-native:authorization:PolicyAssignment
properties:
description: Force resource names to begin with given DeptA and end with -LC
displayName: Enforce resource naming rules
metadata:
assignedBy: Special Someone
nonComplianceMessages:
- message: Resource names must start with 'DeptA' and end with '-LC'.
parameters:
prefix:
value: DeptA
suffix:
value: -LC
policyAssignmentName: EnforceNaming
policyDefinitionId: /subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming
scope: subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2
Create or update a policy assignment with a managed identity
using System.Collections.Generic;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var policyAssignment = new AzureNative.Authorization.PolicyAssignment("policyAssignment", new()
{
Description = "Force resource names to begin with given DeptA and end with -LC",
DisplayName = "Enforce resource naming rules",
EnforcementMode = "Default",
Identity = new AzureNative.Authorization.Inputs.IdentityArgs
{
Type = AzureNative.Authorization.ResourceIdentityType.SystemAssigned,
},
Location = "eastus",
Metadata =
{
{ "assignedBy", "Foo Bar" },
},
Parameters =
{
{ "prefix", new AzureNative.Authorization.Inputs.ParameterValuesValueArgs
{
Value = "DeptA",
} },
{ "suffix", new AzureNative.Authorization.Inputs.ParameterValuesValueArgs
{
Value = "-LC",
} },
},
PolicyAssignmentName = "EnforceNaming",
PolicyDefinitionId = "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
Scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
});
});
package main
import (
authorization "github.com/pulumi/pulumi-azure-native/sdk/go/azure/authorization"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := authorization.NewPolicyAssignment(ctx, "policyAssignment", &authorization.PolicyAssignmentArgs{
Description: pulumi.String("Force resource names to begin with given DeptA and end with -LC"),
DisplayName: pulumi.String("Enforce resource naming rules"),
EnforcementMode: pulumi.String("Default"),
Identity: &authorization.IdentityArgs{
Type: authorization.ResourceIdentityTypeSystemAssigned,
},
Location: pulumi.String("eastus"),
Metadata: pulumi.Any{
AssignedBy: "Foo Bar",
},
Parameters: authorization.ParameterValuesValueMap{
"prefix": &authorization.ParameterValuesValueArgs{
Value: pulumi.Any("DeptA"),
},
"suffix": &authorization.ParameterValuesValueArgs{
Value: pulumi.Any("-LC"),
},
},
PolicyAssignmentName: pulumi.String("EnforceNaming"),
PolicyDefinitionId: pulumi.String("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
Scope: pulumi.String("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.authorization.PolicyAssignment;
import com.pulumi.azurenative.authorization.PolicyAssignmentArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var policyAssignment = new PolicyAssignment("policyAssignment", PolicyAssignmentArgs.builder()
.description("Force resource names to begin with given DeptA and end with -LC")
.displayName("Enforce resource naming rules")
.enforcementMode("Default")
.identity(Map.of("type", "SystemAssigned"))
.location("eastus")
.metadata(Map.of("assignedBy", "Foo Bar"))
.parameters(Map.ofEntries(
Map.entry("prefix", Map.of("value", "DeptA")),
Map.entry("suffix", Map.of("value", "-LC"))
))
.policyAssignmentName("EnforceNaming")
.policyDefinitionId("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming")
.scope("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2")
.build());
}
}
import pulumi
import pulumi_azure_native as azure_native
policy_assignment = azure_native.authorization.PolicyAssignment("policyAssignment",
description="Force resource names to begin with given DeptA and end with -LC",
display_name="Enforce resource naming rules",
enforcement_mode="Default",
identity=azure_native.authorization.IdentityArgs(
type=azure_native.authorization.ResourceIdentityType.SYSTEM_ASSIGNED,
),
location="eastus",
metadata={
"assignedBy": "Foo Bar",
},
parameters={
"prefix": azure_native.authorization.ParameterValuesValueArgs(
value="DeptA",
),
"suffix": azure_native.authorization.ParameterValuesValueArgs(
value="-LC",
),
},
policy_assignment_name="EnforceNaming",
policy_definition_id="/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
scope="subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2")
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const policyAssignment = new azure_native.authorization.PolicyAssignment("policyAssignment", {
description: "Force resource names to begin with given DeptA and end with -LC",
displayName: "Enforce resource naming rules",
enforcementMode: "Default",
identity: {
type: azure_native.authorization.ResourceIdentityType.SystemAssigned,
},
location: "eastus",
metadata: {
assignedBy: "Foo Bar",
},
parameters: {
prefix: {
value: "DeptA",
},
suffix: {
value: "-LC",
},
},
policyAssignmentName: "EnforceNaming",
policyDefinitionId: "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
scope: "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
});
resources:
policyAssignment:
type: azure-native:authorization:PolicyAssignment
properties:
description: Force resource names to begin with given DeptA and end with -LC
displayName: Enforce resource naming rules
enforcementMode: Default
identity:
type: SystemAssigned
location: eastus
metadata:
assignedBy: Foo Bar
parameters:
prefix:
value: DeptA
suffix:
value: -LC
policyAssignmentName: EnforceNaming
policyDefinitionId: /subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming
scope: subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2
Create or update a policy assignment with multiple non-compliance messages
using System.Collections.Generic;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var policyAssignment = new AzureNative.Authorization.PolicyAssignment("policyAssignment", new()
{
DisplayName = "Enforce security policies",
NonComplianceMessages = new[]
{
new AzureNative.Authorization.Inputs.NonComplianceMessageArgs
{
Message = "Resources must comply with all internal security policies. See <internal site URL> for more info.",
},
new AzureNative.Authorization.Inputs.NonComplianceMessageArgs
{
Message = "Resource names must start with 'DeptA' and end with '-LC'.",
PolicyDefinitionReferenceId = "10420126870854049575",
},
new AzureNative.Authorization.Inputs.NonComplianceMessageArgs
{
Message = "Storage accounts must have firewall rules configured.",
PolicyDefinitionReferenceId = "8572513655450389710",
},
},
PolicyAssignmentName = "securityInitAssignment",
PolicyDefinitionId = "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/securityInitiative",
Scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
});
});
package main
import (
authorization "github.com/pulumi/pulumi-azure-native/sdk/go/azure/authorization"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := authorization.NewPolicyAssignment(ctx, "policyAssignment", &authorization.PolicyAssignmentArgs{
DisplayName: pulumi.String("Enforce security policies"),
NonComplianceMessages: []authorization.NonComplianceMessageArgs{
{
Message: pulumi.String("Resources must comply with all internal security policies. See <internal site URL> for more info."),
},
{
Message: pulumi.String("Resource names must start with 'DeptA' and end with '-LC'."),
PolicyDefinitionReferenceId: pulumi.String("10420126870854049575"),
},
{
Message: pulumi.String("Storage accounts must have firewall rules configured."),
PolicyDefinitionReferenceId: pulumi.String("8572513655450389710"),
},
},
PolicyAssignmentName: pulumi.String("securityInitAssignment"),
PolicyDefinitionId: pulumi.String("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/securityInitiative"),
Scope: pulumi.String("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.authorization.PolicyAssignment;
import com.pulumi.azurenative.authorization.PolicyAssignmentArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var policyAssignment = new PolicyAssignment("policyAssignment", PolicyAssignmentArgs.builder()
.displayName("Enforce security policies")
.nonComplianceMessages(
Map.of("message", "Resources must comply with all internal security policies. See <internal site URL> for more info."),
Map.ofEntries(
Map.entry("message", "Resource names must start with 'DeptA' and end with '-LC'."),
Map.entry("policyDefinitionReferenceId", "10420126870854049575")
),
Map.ofEntries(
Map.entry("message", "Storage accounts must have firewall rules configured."),
Map.entry("policyDefinitionReferenceId", "8572513655450389710")
))
.policyAssignmentName("securityInitAssignment")
.policyDefinitionId("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/securityInitiative")
.scope("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2")
.build());
}
}
import pulumi
import pulumi_azure_native as azure_native
policy_assignment = azure_native.authorization.PolicyAssignment("policyAssignment",
display_name="Enforce security policies",
non_compliance_messages=[
{
"message": "Resources must comply with all internal security policies. See <internal site URL> for more info.",
},
{
"message": "Resource names must start with 'DeptA' and end with '-LC'.",
"policyDefinitionReferenceId": "10420126870854049575",
},
{
"message": "Storage accounts must have firewall rules configured.",
"policyDefinitionReferenceId": "8572513655450389710",
},
],
policy_assignment_name="securityInitAssignment",
policy_definition_id="/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/securityInitiative",
scope="subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2")
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const policyAssignment = new azure_native.authorization.PolicyAssignment("policyAssignment", {
displayName: "Enforce security policies",
nonComplianceMessages: [
{
message: "Resources must comply with all internal security policies. See <internal site URL> for more info.",
},
{
message: "Resource names must start with 'DeptA' and end with '-LC'.",
policyDefinitionReferenceId: "10420126870854049575",
},
{
message: "Storage accounts must have firewall rules configured.",
policyDefinitionReferenceId: "8572513655450389710",
},
],
policyAssignmentName: "securityInitAssignment",
policyDefinitionId: "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/securityInitiative",
scope: "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
});
resources:
policyAssignment:
type: azure-native:authorization:PolicyAssignment
properties:
displayName: Enforce security policies
nonComplianceMessages:
- message: Resources must comply with all internal security policies. See <internal site URL> for more info.
- message: Resource names must start with 'DeptA' and end with '-LC'.
policyDefinitionReferenceId: '10420126870854049575'
- message: Storage accounts must have firewall rules configured.
policyDefinitionReferenceId: '8572513655450389710'
policyAssignmentName: securityInitAssignment
policyDefinitionId: /subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/securityInitiative
scope: subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2
Create or update a policy assignment without enforcing policy effect during resource creation or update.
using System.Collections.Generic;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var policyAssignment = new AzureNative.Authorization.PolicyAssignment("policyAssignment", new()
{
Description = "Force resource names to begin with given DeptA and end with -LC",
DisplayName = "Enforce resource naming rules",
EnforcementMode = "DoNotEnforce",
Metadata =
{
{ "assignedBy", "Special Someone" },
},
Parameters =
{
{ "prefix", new AzureNative.Authorization.Inputs.ParameterValuesValueArgs
{
Value = "DeptA",
} },
{ "suffix", new AzureNative.Authorization.Inputs.ParameterValuesValueArgs
{
Value = "-LC",
} },
},
PolicyAssignmentName = "EnforceNaming",
PolicyDefinitionId = "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
Scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
});
});
package main
import (
authorization "github.com/pulumi/pulumi-azure-native/sdk/go/azure/authorization"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := authorization.NewPolicyAssignment(ctx, "policyAssignment", &authorization.PolicyAssignmentArgs{
Description: pulumi.String("Force resource names to begin with given DeptA and end with -LC"),
DisplayName: pulumi.String("Enforce resource naming rules"),
EnforcementMode: pulumi.String("DoNotEnforce"),
Metadata: pulumi.Any{
AssignedBy: "Special Someone",
},
Parameters: authorization.ParameterValuesValueMap{
"prefix": &authorization.ParameterValuesValueArgs{
Value: pulumi.Any("DeptA"),
},
"suffix": &authorization.ParameterValuesValueArgs{
Value: pulumi.Any("-LC"),
},
},
PolicyAssignmentName: pulumi.String("EnforceNaming"),
PolicyDefinitionId: pulumi.String("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
Scope: pulumi.String("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.authorization.PolicyAssignment;
import com.pulumi.azurenative.authorization.PolicyAssignmentArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var policyAssignment = new PolicyAssignment("policyAssignment", PolicyAssignmentArgs.builder()
.description("Force resource names to begin with given DeptA and end with -LC")
.displayName("Enforce resource naming rules")
.enforcementMode("DoNotEnforce")
.metadata(Map.of("assignedBy", "Special Someone"))
.parameters(Map.ofEntries(
Map.entry("prefix", Map.of("value", "DeptA")),
Map.entry("suffix", Map.of("value", "-LC"))
))
.policyAssignmentName("EnforceNaming")
.policyDefinitionId("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming")
.scope("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2")
.build());
}
}
import pulumi
import pulumi_azure_native as azure_native
policy_assignment = azure_native.authorization.PolicyAssignment("policyAssignment",
description="Force resource names to begin with given DeptA and end with -LC",
display_name="Enforce resource naming rules",
enforcement_mode="DoNotEnforce",
metadata={
"assignedBy": "Special Someone",
},
parameters={
"prefix": azure_native.authorization.ParameterValuesValueArgs(
value="DeptA",
),
"suffix": azure_native.authorization.ParameterValuesValueArgs(
value="-LC",
),
},
policy_assignment_name="EnforceNaming",
policy_definition_id="/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
scope="subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2")
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const policyAssignment = new azure_native.authorization.PolicyAssignment("policyAssignment", {
description: "Force resource names to begin with given DeptA and end with -LC",
displayName: "Enforce resource naming rules",
enforcementMode: "DoNotEnforce",
metadata: {
assignedBy: "Special Someone",
},
parameters: {
prefix: {
value: "DeptA",
},
suffix: {
value: "-LC",
},
},
policyAssignmentName: "EnforceNaming",
policyDefinitionId: "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
scope: "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
});
resources:
policyAssignment:
type: azure-native:authorization:PolicyAssignment
properties:
description: Force resource names to begin with given DeptA and end with -LC
displayName: Enforce resource naming rules
enforcementMode: DoNotEnforce
metadata:
assignedBy: Special Someone
parameters:
prefix:
value: DeptA
suffix:
value: -LC
policyAssignmentName: EnforceNaming
policyDefinitionId: /subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming
scope: subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2
Create PolicyAssignment Resource
new PolicyAssignment(name: string, args: PolicyAssignmentArgs, opts?: CustomResourceOptions);@overload
def PolicyAssignment(resource_name: str,
opts: Optional[ResourceOptions] = None,
description: Optional[str] = None,
display_name: Optional[str] = None,
enforcement_mode: Optional[Union[str, EnforcementMode]] = None,
identity: Optional[IdentityArgs] = None,
location: Optional[str] = None,
metadata: Optional[Any] = None,
non_compliance_messages: Optional[Sequence[NonComplianceMessageArgs]] = None,
not_scopes: Optional[Sequence[str]] = None,
parameters: Optional[Mapping[str, ParameterValuesValueArgs]] = None,
policy_assignment_name: Optional[str] = None,
policy_definition_id: Optional[str] = None,
scope: Optional[str] = None)
@overload
def PolicyAssignment(resource_name: str,
args: PolicyAssignmentArgs,
opts: Optional[ResourceOptions] = None)func NewPolicyAssignment(ctx *Context, name string, args PolicyAssignmentArgs, opts ...ResourceOption) (*PolicyAssignment, error)public PolicyAssignment(string name, PolicyAssignmentArgs args, CustomResourceOptions? opts = null)
public PolicyAssignment(String name, PolicyAssignmentArgs args)
public PolicyAssignment(String name, PolicyAssignmentArgs args, CustomResourceOptions options)
type: azure-native:authorization:PolicyAssignment
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args PolicyAssignmentArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args PolicyAssignmentArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args PolicyAssignmentArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args PolicyAssignmentArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args PolicyAssignmentArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
PolicyAssignment Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The PolicyAssignment resource accepts the following input properties:
- Scope string
The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
- Description string
This message will be part of response in case of policy violation.
- Display
Name string The display name of the policy assignment.
- Enforcement
Mode string | Pulumi.Azure Native. Authorization. Enforcement Mode The policy assignment enforcement mode. Possible values are Default and DoNotEnforce.
- Identity
Pulumi.
Azure Native. Authorization. Inputs. Identity Args The managed identity associated with the policy assignment.
- Location string
The location of the policy assignment. Only required when utilizing managed identity.
- Metadata object
The policy assignment metadata. Metadata is an open ended object and is typically a collection of key value pairs.
- Non
Compliance List<Pulumi.Messages Azure Native. Authorization. Inputs. Non Compliance Message Args> The messages that describe why a resource is non-compliant with the policy.
- Not
Scopes List<string> The policy's excluded scopes.
- Parameters
Dictionary<string, Pulumi.
Azure Native. Authorization. Inputs. Parameter Values Value Args> The parameter values for the assigned policy rule. The keys are the parameter names.
- Policy
Assignment stringName The name of the policy assignment.
- Policy
Definition stringId The ID of the policy definition or policy set definition being assigned.
- Scope string
The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
- Description string
This message will be part of response in case of policy violation.
- Display
Name string The display name of the policy assignment.
- Enforcement
Mode string | EnforcementMode The policy assignment enforcement mode. Possible values are Default and DoNotEnforce.
- Identity
Identity
Args The managed identity associated with the policy assignment.
- Location string
The location of the policy assignment. Only required when utilizing managed identity.
- Metadata interface{}
The policy assignment metadata. Metadata is an open ended object and is typically a collection of key value pairs.
- Non
Compliance []NonMessages Compliance Message Args The messages that describe why a resource is non-compliant with the policy.
- Not
Scopes []string The policy's excluded scopes.
- Parameters
map[string]Parameter
Values Value Args The parameter values for the assigned policy rule. The keys are the parameter names.
- Policy
Assignment stringName The name of the policy assignment.
- Policy
Definition stringId The ID of the policy definition or policy set definition being assigned.
- scope String
The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
- description String
This message will be part of response in case of policy violation.
- display
Name String The display name of the policy assignment.
- enforcement
Mode String | EnforcementMode The policy assignment enforcement mode. Possible values are Default and DoNotEnforce.
- identity
Identity
Args The managed identity associated with the policy assignment.
- location String
The location of the policy assignment. Only required when utilizing managed identity.
- metadata Object
The policy assignment metadata. Metadata is an open ended object and is typically a collection of key value pairs.
- non
Compliance List<NonMessages Compliance Message Args> The messages that describe why a resource is non-compliant with the policy.
- not
Scopes List<String> The policy's excluded scopes.
- parameters
Map<String,Parameter
Values Value Args> The parameter values for the assigned policy rule. The keys are the parameter names.
- policy
Assignment StringName The name of the policy assignment.
- policy
Definition StringId The ID of the policy definition or policy set definition being assigned.
- scope string
The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
- description string
This message will be part of response in case of policy violation.
- display
Name string The display name of the policy assignment.
- enforcement
Mode string | EnforcementMode The policy assignment enforcement mode. Possible values are Default and DoNotEnforce.
- identity
Identity
Args The managed identity associated with the policy assignment.
- location string
The location of the policy assignment. Only required when utilizing managed identity.
- metadata any
The policy assignment metadata. Metadata is an open ended object and is typically a collection of key value pairs.
- non
Compliance NonMessages Compliance Message Args[] The messages that describe why a resource is non-compliant with the policy.
- not
Scopes string[] The policy's excluded scopes.
- parameters
{[key: string]: Parameter
Values Value Args} The parameter values for the assigned policy rule. The keys are the parameter names.
- policy
Assignment stringName The name of the policy assignment.
- policy
Definition stringId The ID of the policy definition or policy set definition being assigned.
- scope str
The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
- description str
This message will be part of response in case of policy violation.
- display_
name str The display name of the policy assignment.
- enforcement_
mode str | EnforcementMode The policy assignment enforcement mode. Possible values are Default and DoNotEnforce.
- identity
Identity
Args The managed identity associated with the policy assignment.
- location str
The location of the policy assignment. Only required when utilizing managed identity.
- metadata Any
The policy assignment metadata. Metadata is an open ended object and is typically a collection of key value pairs.
- non_
compliance_ Sequence[Nonmessages Compliance Message Args] The messages that describe why a resource is non-compliant with the policy.
- not_
scopes Sequence[str] The policy's excluded scopes.
- parameters
Mapping[str, Parameter
Values Value Args] The parameter values for the assigned policy rule. The keys are the parameter names.
- policy_
assignment_ strname The name of the policy assignment.
- policy_
definition_ strid The ID of the policy definition or policy set definition being assigned.
- scope String
The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
- description String
This message will be part of response in case of policy violation.
- display
Name String The display name of the policy assignment.
- enforcement
Mode String | "Default" | "DoNot Enforce" The policy assignment enforcement mode. Possible values are Default and DoNotEnforce.
- identity Property Map
The managed identity associated with the policy assignment.
- location String
The location of the policy assignment. Only required when utilizing managed identity.
- metadata Any
The policy assignment metadata. Metadata is an open ended object and is typically a collection of key value pairs.
- non
Compliance List<Property Map>Messages The messages that describe why a resource is non-compliant with the policy.
- not
Scopes List<String> The policy's excluded scopes.
- parameters Map<Property Map>
The parameter values for the assigned policy rule. The keys are the parameter names.
- policy
Assignment StringName The name of the policy assignment.
- policy
Definition StringId The ID of the policy definition or policy set definition being assigned.
Outputs
All input properties are implicitly available as output properties. Additionally, the PolicyAssignment resource produces the following output properties:
Supporting Types
EnforcementMode
- Default
- Default
The policy effect is enforced during resource creation or update.
- Do
Not Enforce - DoNotEnforce
The policy effect is not enforced during resource creation or update.
- Enforcement
Mode Default - Default
The policy effect is enforced during resource creation or update.
- Enforcement
Mode Do Not Enforce - DoNotEnforce
The policy effect is not enforced during resource creation or update.
- Default
- Default
The policy effect is enforced during resource creation or update.
- Do
Not Enforce - DoNotEnforce
The policy effect is not enforced during resource creation or update.
- Default
- Default
The policy effect is enforced during resource creation or update.
- Do
Not Enforce - DoNotEnforce
The policy effect is not enforced during resource creation or update.
- DEFAULT
- Default
The policy effect is enforced during resource creation or update.
- DO_NOT_ENFORCE
- DoNotEnforce
The policy effect is not enforced during resource creation or update.
- "Default"
- Default
The policy effect is enforced during resource creation or update.
- "Do
Not Enforce" - DoNotEnforce
The policy effect is not enforced during resource creation or update.
Identity
- Type
Pulumi.
Azure Native. Authorization. Resource Identity Type The identity type. This is the only required field when adding a system assigned identity to a resource.
- Type
Resource
Identity Type The identity type. This is the only required field when adding a system assigned identity to a resource.
- type
Resource
Identity Type The identity type. This is the only required field when adding a system assigned identity to a resource.
- type
Resource
Identity Type The identity type. This is the only required field when adding a system assigned identity to a resource.
- type
Resource
Identity Type The identity type. This is the only required field when adding a system assigned identity to a resource.
- type
"System
Assigned" | "None" The identity type. This is the only required field when adding a system assigned identity to a resource.
IdentityResponse
- Principal
Id string The principal ID of the resource identity.
- Tenant
Id string The tenant ID of the resource identity.
- Type string
The identity type. This is the only required field when adding a system assigned identity to a resource.
- Principal
Id string The principal ID of the resource identity.
- Tenant
Id string The tenant ID of the resource identity.
- Type string
The identity type. This is the only required field when adding a system assigned identity to a resource.
- principal
Id String The principal ID of the resource identity.
- tenant
Id String The tenant ID of the resource identity.
- type String
The identity type. This is the only required field when adding a system assigned identity to a resource.
- principal
Id string The principal ID of the resource identity.
- tenant
Id string The tenant ID of the resource identity.
- type string
The identity type. This is the only required field when adding a system assigned identity to a resource.
- principal_
id str The principal ID of the resource identity.
- tenant_
id str The tenant ID of the resource identity.
- type str
The identity type. This is the only required field when adding a system assigned identity to a resource.
- principal
Id String The principal ID of the resource identity.
- tenant
Id String The tenant ID of the resource identity.
- type String
The identity type. This is the only required field when adding a system assigned identity to a resource.
NonComplianceMessage
- Message string
A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results.
- Policy
Definition stringReference Id The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment.
- Message string
A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results.
- Policy
Definition stringReference Id The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment.
- message String
A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results.
- policy
Definition StringReference Id The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment.
- message string
A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results.
- policy
Definition stringReference Id The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment.
- message str
A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results.
- policy_
definition_ strreference_ id The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment.
- message String
A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results.
- policy
Definition StringReference Id The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment.
NonComplianceMessageResponse
- Message string
A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results.
- Policy
Definition stringReference Id The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment.
- Message string
A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results.
- Policy
Definition stringReference Id The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment.
- message String
A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results.
- policy
Definition StringReference Id The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment.
- message string
A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results.
- policy
Definition stringReference Id The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment.
- message str
A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results.
- policy_
definition_ strreference_ id The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment.
- message String
A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results.
- policy
Definition StringReference Id The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment.
ParameterValuesValue
- Value object
The value of the parameter.
- Value interface{}
The value of the parameter.
- value Object
The value of the parameter.
- value any
The value of the parameter.
- value Any
The value of the parameter.
- value Any
The value of the parameter.
ParameterValuesValueResponse
- Value object
The value of the parameter.
- Value interface{}
The value of the parameter.
- value Object
The value of the parameter.
- value any
The value of the parameter.
- value Any
The value of the parameter.
- value Any
The value of the parameter.
ResourceIdentityType
- System
Assigned - SystemAssigned
Indicates that a system assigned identity is associated with the resource.
- None
- None
Indicates that no identity is associated with the resource or that the existing identity should be removed.
- Resource
Identity Type System Assigned - SystemAssigned
Indicates that a system assigned identity is associated with the resource.
- Resource
Identity Type None - None
Indicates that no identity is associated with the resource or that the existing identity should be removed.
- System
Assigned - SystemAssigned
Indicates that a system assigned identity is associated with the resource.
- None
- None
Indicates that no identity is associated with the resource or that the existing identity should be removed.
- System
Assigned - SystemAssigned
Indicates that a system assigned identity is associated with the resource.
- None
- None
Indicates that no identity is associated with the resource or that the existing identity should be removed.
- SYSTEM_ASSIGNED
- SystemAssigned
Indicates that a system assigned identity is associated with the resource.
- NONE
- None
Indicates that no identity is associated with the resource or that the existing identity should be removed.
- "System
Assigned" - SystemAssigned
Indicates that a system assigned identity is associated with the resource.
- "None"
- None
Indicates that no identity is associated with the resource or that the existing identity should be removed.
Import
An existing resource can be imported using its type token, name, and identifier, e.g.
$ pulumi import azure-native:authorization:PolicyAssignment EnforceNaming /subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming
Package Details
- Repository
- Azure Native pulumi/pulumi-azure-native
- License
- Apache-2.0