azure-native.authorization.PolicyDefinition

Explore with Pulumi AI

The policy definition. API Version: 2020-09-01.

Example Usage

Create or update a policy definition

using System.Collections.Generic;
using Pulumi;
using AzureNative = Pulumi.AzureNative;

return await Deployment.RunAsync(() => 
{
    var policyDefinition = new AzureNative.Authorization.PolicyDefinition("policyDefinition", new()
    {
        Description = "Force resource names to begin with given 'prefix' and/or end with given 'suffix'",
        DisplayName = "Enforce resource naming convention",
        Metadata = 
        {
            { "category", "Naming" },
        },
        Mode = "All",
        Parameters = 
        {
            { "prefix", new AzureNative.Authorization.Inputs.ParameterDefinitionsValueArgs
            {
                Metadata = new AzureNative.Authorization.Inputs.ParameterDefinitionsValueMetadataArgs
                {
                    Description = "Resource name prefix",
                    DisplayName = "Prefix",
                },
                Type = "String",
            } },
            { "suffix", new AzureNative.Authorization.Inputs.ParameterDefinitionsValueArgs
            {
                Metadata = new AzureNative.Authorization.Inputs.ParameterDefinitionsValueMetadataArgs
                {
                    Description = "Resource name suffix",
                    DisplayName = "Suffix",
                },
                Type = "String",
            } },
        },
        PolicyDefinitionName = "ResourceNaming",
        PolicyRule = 
        {
            { "if", 
            {
                { "not", 
                {
                    { "field", "name" },
                    { "like", "[concat(parameters('prefix'), '*', parameters('suffix'))]" },
                } },
            } },
            { "then", 
            {
                { "effect", "deny" },
            } },
        },
    });

});
package main

import (
	authorization "github.com/pulumi/pulumi-azure-native/sdk/go/azure/authorization"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := authorization.NewPolicyDefinition(ctx, "policyDefinition", &authorization.PolicyDefinitionArgs{
			Description: pulumi.String("Force resource names to begin with given 'prefix' and/or end with given 'suffix'"),
			DisplayName: pulumi.String("Enforce resource naming convention"),
			Metadata: pulumi.Any{
				Category: "Naming",
			},
			Mode: pulumi.String("All"),
			Parameters: authorization.ParameterDefinitionsValueMap{
				"prefix": &authorization.ParameterDefinitionsValueArgs{
					Metadata: &authorization.ParameterDefinitionsValueMetadataArgs{
						Description: pulumi.String("Resource name prefix"),
						DisplayName: pulumi.String("Prefix"),
					},
					Type: pulumi.String("String"),
				},
				"suffix": &authorization.ParameterDefinitionsValueArgs{
					Metadata: &authorization.ParameterDefinitionsValueMetadataArgs{
						Description: pulumi.String("Resource name suffix"),
						DisplayName: pulumi.String("Suffix"),
					},
					Type: pulumi.String("String"),
				},
			},
			PolicyDefinitionName: pulumi.String("ResourceNaming"),
			PolicyRule: pulumi.Any{
				If: map[string]interface{}{
					"not": map[string]interface{}{
						"field": "name",
						"like":  "[concat(parameters('prefix'), '*', parameters('suffix'))]",
					},
				},
				Then: map[string]interface{}{
					"effect": "deny",
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.authorization.PolicyDefinition;
import com.pulumi.azurenative.authorization.PolicyDefinitionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var policyDefinition = new PolicyDefinition("policyDefinition", PolicyDefinitionArgs.builder()        
            .description("Force resource names to begin with given 'prefix' and/or end with given 'suffix'")
            .displayName("Enforce resource naming convention")
            .metadata(Map.of("category", "Naming"))
            .mode("All")
            .parameters(Map.ofEntries(
                Map.entry("prefix", Map.ofEntries(
                    Map.entry("metadata", Map.ofEntries(
                        Map.entry("description", "Resource name prefix"),
                        Map.entry("displayName", "Prefix")
                    )),
                    Map.entry("type", "String")
                )),
                Map.entry("suffix", Map.ofEntries(
                    Map.entry("metadata", Map.ofEntries(
                        Map.entry("description", "Resource name suffix"),
                        Map.entry("displayName", "Suffix")
                    )),
                    Map.entry("type", "String")
                ))
            ))
            .policyDefinitionName("ResourceNaming")
            .policyRule(Map.ofEntries(
                Map.entry("if", Map.of("not", Map.ofEntries(
                    Map.entry("field", "name"),
                    Map.entry("like", "[concat(parameters('prefix'), '*', parameters('suffix'))]")
                ))),
                Map.entry("then", Map.of("effect", "deny"))
            ))
            .build());

    }
}
import pulumi
import pulumi_azure_native as azure_native

policy_definition = azure_native.authorization.PolicyDefinition("policyDefinition",
    description="Force resource names to begin with given 'prefix' and/or end with given 'suffix'",
    display_name="Enforce resource naming convention",
    metadata={
        "category": "Naming",
    },
    mode="All",
    parameters={
        "prefix": azure_native.authorization.ParameterDefinitionsValueArgs(
            metadata=azure_native.authorization.ParameterDefinitionsValueMetadataArgs(
                description="Resource name prefix",
                display_name="Prefix",
            ),
            type="String",
        ),
        "suffix": azure_native.authorization.ParameterDefinitionsValueArgs(
            metadata=azure_native.authorization.ParameterDefinitionsValueMetadataArgs(
                description="Resource name suffix",
                display_name="Suffix",
            ),
            type="String",
        ),
    },
    policy_definition_name="ResourceNaming",
    policy_rule={
        "if": {
            "not": {
                "field": "name",
                "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]",
            },
        },
        "then": {
            "effect": "deny",
        },
    })
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";

const policyDefinition = new azure_native.authorization.PolicyDefinition("policyDefinition", {
    description: "Force resource names to begin with given 'prefix' and/or end with given 'suffix'",
    displayName: "Enforce resource naming convention",
    metadata: {
        category: "Naming",
    },
    mode: "All",
    parameters: {
        prefix: {
            metadata: {
                description: "Resource name prefix",
                displayName: "Prefix",
            },
            type: "String",
        },
        suffix: {
            metadata: {
                description: "Resource name suffix",
                displayName: "Suffix",
            },
            type: "String",
        },
    },
    policyDefinitionName: "ResourceNaming",
    policyRule: {
        "if": {
            not: {
                field: "name",
                like: "[concat(parameters('prefix'), '*', parameters('suffix'))]",
            },
        },
        then: {
            effect: "deny",
        },
    },
});
resources:
  policyDefinition:
    type: azure-native:authorization:PolicyDefinition
    properties:
      description: Force resource names to begin with given 'prefix' and/or end with given 'suffix'
      displayName: Enforce resource naming convention
      metadata:
        category: Naming
      mode: All
      parameters:
        prefix:
          metadata:
            description: Resource name prefix
            displayName: Prefix
          type: String
        suffix:
          metadata:
            description: Resource name suffix
            displayName: Suffix
          type: String
      policyDefinitionName: ResourceNaming
      policyRule:
        if:
          not:
            field: name
            like: '[concat(parameters(''prefix''), ''*'', parameters(''suffix''))]'
        then:
          effect: deny

Create or update a policy definition with advanced parameters

using System.Collections.Generic;
using Pulumi;
using AzureNative = Pulumi.AzureNative;

return await Deployment.RunAsync(() => 
{
    var policyDefinition = new AzureNative.Authorization.PolicyDefinition("policyDefinition", new()
    {
        Description = "Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised",
        DisplayName = "Event Hubs should have diagnostic logging enabled",
        Metadata = 
        {
            { "category", "Event Hub" },
        },
        Mode = "Indexed",
        Parameters = 
        {
            { "requiredRetentionDays", new AzureNative.Authorization.Inputs.ParameterDefinitionsValueArgs
            {
                AllowedValues = new[]
                {
                    0,
                    30,
                    90,
                    180,
                    365,
                },
                DefaultValue = 365,
                Metadata = new AzureNative.Authorization.Inputs.ParameterDefinitionsValueMetadataArgs
                {
                    Description = "The required diagnostic logs retention in days",
                    DisplayName = "Required retention (days)",
                },
                Type = "Integer",
            } },
        },
        PolicyDefinitionName = "EventHubDiagnosticLogs",
        PolicyRule = 
        {
            { "if", 
            {
                { "equals", "Microsoft.EventHub/namespaces" },
                { "field", "type" },
            } },
            { "then", 
            {
                { "details", 
                {
                    { "existenceCondition", 
                    {
                        { "allOf", new[]
                        {
                            
                            {
                                { "equals", "true" },
                                { "field", "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled" },
                            },
                            
                            {
                                { "equals", "[parameters('requiredRetentionDays')]" },
                                { "field", "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days" },
                            },
                        } },
                    } },
                    { "type", "Microsoft.Insights/diagnosticSettings" },
                } },
                { "effect", "AuditIfNotExists" },
            } },
        },
    });

});
package main

import (
	authorization "github.com/pulumi/pulumi-azure-native/sdk/go/azure/authorization"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := authorization.NewPolicyDefinition(ctx, "policyDefinition", &authorization.PolicyDefinitionArgs{
			Description: pulumi.String("Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised"),
			DisplayName: pulumi.String("Event Hubs should have diagnostic logging enabled"),
			Metadata: pulumi.Any{
				Category: "Event Hub",
			},
			Mode: pulumi.String("Indexed"),
			Parameters: authorization.ParameterDefinitionsValueMap{
				"requiredRetentionDays": &authorization.ParameterDefinitionsValueArgs{
					AllowedValues: pulumi.AnyArray{
						pulumi.Any(0),
						pulumi.Any(30),
						pulumi.Any(90),
						pulumi.Any(180),
						pulumi.Any(365),
					},
					DefaultValue: pulumi.Any(365),
					Metadata: &authorization.ParameterDefinitionsValueMetadataArgs{
						Description: pulumi.String("The required diagnostic logs retention in days"),
						DisplayName: pulumi.String("Required retention (days)"),
					},
					Type: pulumi.String("Integer"),
				},
			},
			PolicyDefinitionName: pulumi.String("EventHubDiagnosticLogs"),
			PolicyRule: pulumi.Any{
				If: map[string]interface{}{
					"equals": "Microsoft.EventHub/namespaces",
					"field":  "type",
				},
				Then: map[string]interface{}{
					"details": map[string]interface{}{
						"existenceCondition": map[string]interface{}{
							"allOf": []map[string]interface{}{
								map[string]interface{}{
									"equals": "true",
									"field":  "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled",
								},
								map[string]interface{}{
									"equals": "[parameters('requiredRetentionDays')]",
									"field":  "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days",
								},
							},
						},
						"type": "Microsoft.Insights/diagnosticSettings",
					},
					"effect": "AuditIfNotExists",
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.authorization.PolicyDefinition;
import com.pulumi.azurenative.authorization.PolicyDefinitionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var policyDefinition = new PolicyDefinition("policyDefinition", PolicyDefinitionArgs.builder()        
            .description("Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised")
            .displayName("Event Hubs should have diagnostic logging enabled")
            .metadata(Map.of("category", "Event Hub"))
            .mode("Indexed")
            .parameters(Map.of("requiredRetentionDays", Map.ofEntries(
                Map.entry("allowedValues",                 
                    0,
                    30,
                    90,
                    180,
                    365),
                Map.entry("defaultValue", 365),
                Map.entry("metadata", Map.ofEntries(
                    Map.entry("description", "The required diagnostic logs retention in days"),
                    Map.entry("displayName", "Required retention (days)")
                )),
                Map.entry("type", "Integer")
            )))
            .policyDefinitionName("EventHubDiagnosticLogs")
            .policyRule(Map.ofEntries(
                Map.entry("if", Map.ofEntries(
                    Map.entry("equals", "Microsoft.EventHub/namespaces"),
                    Map.entry("field", "type")
                )),
                Map.entry("then", Map.ofEntries(
                    Map.entry("details", Map.ofEntries(
                        Map.entry("existenceCondition", Map.of("allOf",                         
                            Map.ofEntries(
                                Map.entry("equals", "true"),
                                Map.entry("field", "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled")
                            ),
                            Map.ofEntries(
                                Map.entry("equals", "[parameters('requiredRetentionDays')]"),
                                Map.entry("field", "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days")
                            ))),
                        Map.entry("type", "Microsoft.Insights/diagnosticSettings")
                    )),
                    Map.entry("effect", "AuditIfNotExists")
                ))
            ))
            .build());

    }
}
import pulumi
import pulumi_azure_native as azure_native

policy_definition = azure_native.authorization.PolicyDefinition("policyDefinition",
    description="Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised",
    display_name="Event Hubs should have diagnostic logging enabled",
    metadata={
        "category": "Event Hub",
    },
    mode="Indexed",
    parameters={
        "requiredRetentionDays": azure_native.authorization.ParameterDefinitionsValueArgs(
            allowed_values=[
                0,
                30,
                90,
                180,
                365,
            ],
            default_value=365,
            metadata=azure_native.authorization.ParameterDefinitionsValueMetadataArgs(
                description="The required diagnostic logs retention in days",
                display_name="Required retention (days)",
            ),
            type="Integer",
        ),
    },
    policy_definition_name="EventHubDiagnosticLogs",
    policy_rule={
        "if": {
            "equals": "Microsoft.EventHub/namespaces",
            "field": "type",
        },
        "then": {
            "details": {
                "existenceCondition": {
                    "allOf": [
                        {
                            "equals": "true",
                            "field": "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled",
                        },
                        {
                            "equals": "[parameters('requiredRetentionDays')]",
                            "field": "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days",
                        },
                    ],
                },
                "type": "Microsoft.Insights/diagnosticSettings",
            },
            "effect": "AuditIfNotExists",
        },
    })
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";

const policyDefinition = new azure_native.authorization.PolicyDefinition("policyDefinition", {
    description: "Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised",
    displayName: "Event Hubs should have diagnostic logging enabled",
    metadata: {
        category: "Event Hub",
    },
    mode: "Indexed",
    parameters: {
        requiredRetentionDays: {
            allowedValues: [
                0,
                30,
                90,
                180,
                365,
            ],
            defaultValue: 365,
            metadata: {
                description: "The required diagnostic logs retention in days",
                displayName: "Required retention (days)",
            },
            type: "Integer",
        },
    },
    policyDefinitionName: "EventHubDiagnosticLogs",
    policyRule: {
        "if": {
            equals: "Microsoft.EventHub/namespaces",
            field: "type",
        },
        then: {
            details: {
                existenceCondition: {
                    allOf: [
                        {
                            equals: "true",
                            field: "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled",
                        },
                        {
                            equals: "[parameters('requiredRetentionDays')]",
                            field: "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days",
                        },
                    ],
                },
                type: "Microsoft.Insights/diagnosticSettings",
            },
            effect: "AuditIfNotExists",
        },
    },
});
resources:
  policyDefinition:
    type: azure-native:authorization:PolicyDefinition
    properties:
      description: Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised
      displayName: Event Hubs should have diagnostic logging enabled
      metadata:
        category: Event Hub
      mode: Indexed
      parameters:
        requiredRetentionDays:
          allowedValues:
            - 0
            - 30
            - 90
            - 180
            - 365
          defaultValue: 365
          metadata:
            description: The required diagnostic logs retention in days
            displayName: Required retention (days)
          type: Integer
      policyDefinitionName: EventHubDiagnosticLogs
      policyRule:
        if:
          equals: Microsoft.EventHub/namespaces
          field: type
        then:
          details:
            existenceCondition:
              allOf:
                - equals: 'true'
                  field: Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled
                - equals: '[parameters(''requiredRetentionDays'')]'
                  field: Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days
            type: Microsoft.Insights/diagnosticSettings
          effect: AuditIfNotExists

Create PolicyDefinition Resource

new PolicyDefinition(name: string, args?: PolicyDefinitionArgs, opts?: CustomResourceOptions);
@overload
def PolicyDefinition(resource_name: str,
                     opts: Optional[ResourceOptions] = None,
                     description: Optional[str] = None,
                     display_name: Optional[str] = None,
                     metadata: Optional[Any] = None,
                     mode: Optional[str] = None,
                     parameters: Optional[Mapping[str, ParameterDefinitionsValueArgs]] = None,
                     policy_definition_name: Optional[str] = None,
                     policy_rule: Optional[Any] = None,
                     policy_type: Optional[Union[str, PolicyType]] = None)
@overload
def PolicyDefinition(resource_name: str,
                     args: Optional[PolicyDefinitionArgs] = None,
                     opts: Optional[ResourceOptions] = None)
func NewPolicyDefinition(ctx *Context, name string, args *PolicyDefinitionArgs, opts ...ResourceOption) (*PolicyDefinition, error)
public PolicyDefinition(string name, PolicyDefinitionArgs? args = null, CustomResourceOptions? opts = null)
public PolicyDefinition(String name, PolicyDefinitionArgs args)
public PolicyDefinition(String name, PolicyDefinitionArgs args, CustomResourceOptions options)
type: azure-native:authorization:PolicyDefinition
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args PolicyDefinitionArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args PolicyDefinitionArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args PolicyDefinitionArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args PolicyDefinitionArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args PolicyDefinitionArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

PolicyDefinition Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The PolicyDefinition resource accepts the following input properties:

Description string

The policy definition description.

DisplayName string

The display name of the policy definition.

Metadata object

The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs.

Mode string

The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data.

Parameters Dictionary<string, Pulumi.AzureNative.Authorization.Inputs.ParameterDefinitionsValueArgs>

The parameter definitions for parameters used in the policy rule. The keys are the parameter names.

PolicyDefinitionName string

The name of the policy definition to create.

PolicyRule object

The policy rule.

PolicyType string | Pulumi.AzureNative.Authorization.PolicyType

The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static.

Description string

The policy definition description.

DisplayName string

The display name of the policy definition.

Metadata interface{}

The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs.

Mode string

The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data.

Parameters map[string]ParameterDefinitionsValueArgs

The parameter definitions for parameters used in the policy rule. The keys are the parameter names.

PolicyDefinitionName string

The name of the policy definition to create.

PolicyRule interface{}

The policy rule.

PolicyType string | PolicyType

The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static.

description String

The policy definition description.

displayName String

The display name of the policy definition.

metadata Object

The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs.

mode String

The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data.

parameters Map<String,ParameterDefinitionsValueArgs>

The parameter definitions for parameters used in the policy rule. The keys are the parameter names.

policyDefinitionName String

The name of the policy definition to create.

policyRule Object

The policy rule.

policyType String | PolicyType

The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static.

description string

The policy definition description.

displayName string

The display name of the policy definition.

metadata any

The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs.

mode string

The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data.

parameters {[key: string]: ParameterDefinitionsValueArgs}

The parameter definitions for parameters used in the policy rule. The keys are the parameter names.

policyDefinitionName string

The name of the policy definition to create.

policyRule any

The policy rule.

policyType string | PolicyType

The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static.

description str

The policy definition description.

display_name str

The display name of the policy definition.

metadata Any

The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs.

mode str

The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data.

parameters Mapping[str, ParameterDefinitionsValueArgs]

The parameter definitions for parameters used in the policy rule. The keys are the parameter names.

policy_definition_name str

The name of the policy definition to create.

policy_rule Any

The policy rule.

policy_type str | PolicyType

The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static.

description String

The policy definition description.

displayName String

The display name of the policy definition.

metadata Any

The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs.

mode String

The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data.

parameters Map<Property Map>

The parameter definitions for parameters used in the policy rule. The keys are the parameter names.

policyDefinitionName String

The name of the policy definition to create.

policyRule Any

The policy rule.

policyType String | "NotSpecified" | "BuiltIn" | "Custom" | "Static"

The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static.

Outputs

All input properties are implicitly available as output properties. Additionally, the PolicyDefinition resource produces the following output properties:

Id string

The provider-assigned unique ID for this managed resource.

Name string

The name of the policy definition.

Type string

The type of the resource (Microsoft.Authorization/policyDefinitions).

Id string

The provider-assigned unique ID for this managed resource.

Name string

The name of the policy definition.

Type string

The type of the resource (Microsoft.Authorization/policyDefinitions).

id String

The provider-assigned unique ID for this managed resource.

name String

The name of the policy definition.

type String

The type of the resource (Microsoft.Authorization/policyDefinitions).

id string

The provider-assigned unique ID for this managed resource.

name string

The name of the policy definition.

type string

The type of the resource (Microsoft.Authorization/policyDefinitions).

id str

The provider-assigned unique ID for this managed resource.

name str

The name of the policy definition.

type str

The type of the resource (Microsoft.Authorization/policyDefinitions).

id String

The provider-assigned unique ID for this managed resource.

name String

The name of the policy definition.

type String

The type of the resource (Microsoft.Authorization/policyDefinitions).

Supporting Types

ParameterDefinitionsValue

AllowedValues List<object>

The allowed values for the parameter.

DefaultValue object

The default value for the parameter if no value is provided.

Metadata Pulumi.AzureNative.Authorization.Inputs.ParameterDefinitionsValueMetadata

General metadata for the parameter.

Type string | Pulumi.AzureNative.Authorization.ParameterType

The data type of the parameter.

AllowedValues []interface{}

The allowed values for the parameter.

DefaultValue interface{}

The default value for the parameter if no value is provided.

Metadata ParameterDefinitionsValueMetadata

General metadata for the parameter.

Type string | ParameterType

The data type of the parameter.

allowedValues List<Object>

The allowed values for the parameter.

defaultValue Object

The default value for the parameter if no value is provided.

metadata ParameterDefinitionsValueMetadata

General metadata for the parameter.

type String | ParameterType

The data type of the parameter.

allowedValues any[]

The allowed values for the parameter.

defaultValue any

The default value for the parameter if no value is provided.

metadata ParameterDefinitionsValueMetadata

General metadata for the parameter.

type string | ParameterType

The data type of the parameter.

allowed_values Sequence[Any]

The allowed values for the parameter.

default_value Any

The default value for the parameter if no value is provided.

metadata ParameterDefinitionsValueMetadata

General metadata for the parameter.

type str | ParameterType

The data type of the parameter.

allowedValues List<Any>

The allowed values for the parameter.

defaultValue Any

The default value for the parameter if no value is provided.

metadata Property Map

General metadata for the parameter.

type String | "String" | "Array" | "Object" | "Boolean" | "Integer" | "Float" | "DateTime"

The data type of the parameter.

ParameterDefinitionsValueMetadata

AssignPermissions bool

Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope.

Description string

The description of the parameter.

DisplayName string

The display name for the parameter.

StrongType string

Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from.

AssignPermissions bool

Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope.

Description string

The description of the parameter.

DisplayName string

The display name for the parameter.

StrongType string

Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from.

assignPermissions Boolean

Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope.

description String

The description of the parameter.

displayName String

The display name for the parameter.

strongType String

Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from.

assignPermissions boolean

Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope.

description string

The description of the parameter.

displayName string

The display name for the parameter.

strongType string

Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from.

assign_permissions bool

Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope.

description str

The description of the parameter.

display_name str

The display name for the parameter.

strong_type str

Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from.

assignPermissions Boolean

Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope.

description String

The description of the parameter.

displayName String

The display name for the parameter.

strongType String

Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from.

ParameterDefinitionsValueResponse

AllowedValues List<object>

The allowed values for the parameter.

DefaultValue object

The default value for the parameter if no value is provided.

Metadata Pulumi.AzureNative.Authorization.Inputs.ParameterDefinitionsValueResponseMetadata

General metadata for the parameter.

Type string

The data type of the parameter.

AllowedValues []interface{}

The allowed values for the parameter.

DefaultValue interface{}

The default value for the parameter if no value is provided.

Metadata ParameterDefinitionsValueResponseMetadata

General metadata for the parameter.

Type string

The data type of the parameter.

allowedValues List<Object>

The allowed values for the parameter.

defaultValue Object

The default value for the parameter if no value is provided.

metadata ParameterDefinitionsValueResponseMetadata

General metadata for the parameter.

type String

The data type of the parameter.

allowedValues any[]

The allowed values for the parameter.

defaultValue any

The default value for the parameter if no value is provided.

metadata ParameterDefinitionsValueResponseMetadata

General metadata for the parameter.

type string

The data type of the parameter.

allowed_values Sequence[Any]

The allowed values for the parameter.

default_value Any

The default value for the parameter if no value is provided.

metadata ParameterDefinitionsValueResponseMetadata

General metadata for the parameter.

type str

The data type of the parameter.

allowedValues List<Any>

The allowed values for the parameter.

defaultValue Any

The default value for the parameter if no value is provided.

metadata Property Map

General metadata for the parameter.

type String

The data type of the parameter.

ParameterDefinitionsValueResponseMetadata

AssignPermissions bool

Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope.

Description string

The description of the parameter.

DisplayName string

The display name for the parameter.

StrongType string

Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from.

AssignPermissions bool

Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope.

Description string

The description of the parameter.

DisplayName string

The display name for the parameter.

StrongType string

Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from.

assignPermissions Boolean

Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope.

description String

The description of the parameter.

displayName String

The display name for the parameter.

strongType String

Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from.

assignPermissions boolean

Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope.

description string

The description of the parameter.

displayName string

The display name for the parameter.

strongType string

Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from.

assign_permissions bool

Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope.

description str

The description of the parameter.

display_name str

The display name for the parameter.

strong_type str

Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from.

assignPermissions Boolean

Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope.

description String

The description of the parameter.

displayName String

The display name for the parameter.

strongType String

Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from.

ParameterType

String
String
Array
Array
Object
Object
Boolean
Boolean
Integer
Integer
Float
Float
DateTime
DateTime
ParameterTypeString
String
ParameterTypeArray
Array
ParameterTypeObject
Object
ParameterTypeBoolean
Boolean
ParameterTypeInteger
Integer
ParameterTypeFloat
Float
ParameterTypeDateTime
DateTime
String
String
Array
Array
Object
Object
Boolean
Boolean
Integer
Integer
Float
Float
DateTime
DateTime
String
String
Array
Array
Object
Object
Boolean
Boolean
Integer
Integer
Float
Float
DateTime
DateTime
STRING
String
ARRAY
Array
OBJECT
Object
BOOLEAN
Boolean
INTEGER
Integer
FLOAT
Float
DATE_TIME
DateTime
"String"
String
"Array"
Array
"Object"
Object
"Boolean"
Boolean
"Integer"
Integer
"Float"
Float
"DateTime"
DateTime

PolicyType

NotSpecified
NotSpecified
BuiltIn
BuiltIn
Custom
Custom
Static
Static
PolicyTypeNotSpecified
NotSpecified
PolicyTypeBuiltIn
BuiltIn
PolicyTypeCustom
Custom
PolicyTypeStatic
Static
NotSpecified
NotSpecified
BuiltIn
BuiltIn
Custom
Custom
Static
Static
NotSpecified
NotSpecified
BuiltIn
BuiltIn
Custom
Custom
Static
Static
NOT_SPECIFIED
NotSpecified
BUILT_IN
BuiltIn
CUSTOM
Custom
STATIC
Static
"NotSpecified"
NotSpecified
"BuiltIn"
BuiltIn
"Custom"
Custom
"Static"
Static

Import

An existing resource can be imported using its type token, name, and identifier, e.g.

$ pulumi import azure-native:authorization:PolicyDefinition ResourceNaming /subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming 

Package Details

Repository
Azure Native pulumi/pulumi-azure-native
License
Apache-2.0