azure-native.authorization.PolicyExemption

The policy exemption. API Version: 2020-07-01-preview.

Example Usage

Create or update a policy exemption

using System.Collections.Generic;
using Pulumi;
using AzureNative = Pulumi.AzureNative;

return await Deployment.RunAsync(() => 
{
    var policyExemption = new AzureNative.Authorization.PolicyExemption("policyExemption", new()
    {
        Description = "Exempt demo cluster from limit sku",
        DisplayName = "Exempt demo cluster",
        ExemptionCategory = "Waiver",
        Metadata = 
        {
            { "reason", "Temporary exemption for a expensive VM demo" },
        },
        PolicyAssignmentId = "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement",
        PolicyDefinitionReferenceIds = new[]
        {
            "Limit_Skus",
        },
        PolicyExemptionName = "DemoExpensiveVM",
        Scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster",
    });

});
package main

import (
	authorization "github.com/pulumi/pulumi-azure-native/sdk/go/azure/authorization"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := authorization.NewPolicyExemption(ctx, "policyExemption", &authorization.PolicyExemptionArgs{
			Description:       pulumi.String("Exempt demo cluster from limit sku"),
			DisplayName:       pulumi.String("Exempt demo cluster"),
			ExemptionCategory: pulumi.String("Waiver"),
			Metadata: pulumi.Any{
				Reason: "Temporary exemption for a expensive VM demo",
			},
			PolicyAssignmentId: pulumi.String("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement"),
			PolicyDefinitionReferenceIds: pulumi.StringArray{
				pulumi.String("Limit_Skus"),
			},
			PolicyExemptionName: pulumi.String("DemoExpensiveVM"),
			Scope:               pulumi.String("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.authorization.PolicyExemption;
import com.pulumi.azurenative.authorization.PolicyExemptionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var policyExemption = new PolicyExemption("policyExemption", PolicyExemptionArgs.builder()        
            .description("Exempt demo cluster from limit sku")
            .displayName("Exempt demo cluster")
            .exemptionCategory("Waiver")
            .metadata(Map.of("reason", "Temporary exemption for a expensive VM demo"))
            .policyAssignmentId("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement")
            .policyDefinitionReferenceIds("Limit_Skus")
            .policyExemptionName("DemoExpensiveVM")
            .scope("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster")
            .build());

    }
}
import pulumi
import pulumi_azure_native as azure_native

policy_exemption = azure_native.authorization.PolicyExemption("policyExemption",
    description="Exempt demo cluster from limit sku",
    display_name="Exempt demo cluster",
    exemption_category="Waiver",
    metadata={
        "reason": "Temporary exemption for a expensive VM demo",
    },
    policy_assignment_id="/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement",
    policy_definition_reference_ids=["Limit_Skus"],
    policy_exemption_name="DemoExpensiveVM",
    scope="subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster")
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";

const policyExemption = new azure_native.authorization.PolicyExemption("policyExemption", {
    description: "Exempt demo cluster from limit sku",
    displayName: "Exempt demo cluster",
    exemptionCategory: "Waiver",
    metadata: {
        reason: "Temporary exemption for a expensive VM demo",
    },
    policyAssignmentId: "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement",
    policyDefinitionReferenceIds: ["Limit_Skus"],
    policyExemptionName: "DemoExpensiveVM",
    scope: "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster",
});
resources:
  policyExemption:
    type: azure-native:authorization:PolicyExemption
    properties:
      description: Exempt demo cluster from limit sku
      displayName: Exempt demo cluster
      exemptionCategory: Waiver
      metadata:
        reason: Temporary exemption for a expensive VM demo
      policyAssignmentId: /subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement
      policyDefinitionReferenceIds:
        - Limit_Skus
      policyExemptionName: DemoExpensiveVM
      scope: subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster

Create PolicyExemption Resource

new PolicyExemption(name: string, args: PolicyExemptionArgs, opts?: CustomResourceOptions);
@overload
def PolicyExemption(resource_name: str,
                    opts: Optional[ResourceOptions] = None,
                    description: Optional[str] = None,
                    display_name: Optional[str] = None,
                    exemption_category: Optional[Union[str, ExemptionCategory]] = None,
                    expires_on: Optional[str] = None,
                    metadata: Optional[Any] = None,
                    policy_assignment_id: Optional[str] = None,
                    policy_definition_reference_ids: Optional[Sequence[str]] = None,
                    policy_exemption_name: Optional[str] = None,
                    scope: Optional[str] = None)
@overload
def PolicyExemption(resource_name: str,
                    args: PolicyExemptionArgs,
                    opts: Optional[ResourceOptions] = None)
func NewPolicyExemption(ctx *Context, name string, args PolicyExemptionArgs, opts ...ResourceOption) (*PolicyExemption, error)
public PolicyExemption(string name, PolicyExemptionArgs args, CustomResourceOptions? opts = null)
public PolicyExemption(String name, PolicyExemptionArgs args)
public PolicyExemption(String name, PolicyExemptionArgs args, CustomResourceOptions options)
type: azure-native:authorization:PolicyExemption
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args PolicyExemptionArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args PolicyExemptionArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args PolicyExemptionArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args PolicyExemptionArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args PolicyExemptionArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

PolicyExemption Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The PolicyExemption resource accepts the following input properties:

ExemptionCategory string | Pulumi.AzureNative.Authorization.ExemptionCategory

The policy exemption category. Possible values are Waiver and Mitigated.

PolicyAssignmentId string

The ID of the policy assignment that is being exempted.

Scope string

The scope of the policy exemption. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'

Description string

The description of the policy exemption.

DisplayName string

The display name of the policy exemption.

ExpiresOn string

The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption.

Metadata object

The policy exemption metadata. Metadata is an open ended object and is typically a collection of key value pairs.

PolicyDefinitionReferenceIds List<string>

The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition.

PolicyExemptionName string

The name of the policy exemption to delete.

ExemptionCategory string | ExemptionCategory

The policy exemption category. Possible values are Waiver and Mitigated.

PolicyAssignmentId string

The ID of the policy assignment that is being exempted.

Scope string

The scope of the policy exemption. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'

Description string

The description of the policy exemption.

DisplayName string

The display name of the policy exemption.

ExpiresOn string

The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption.

Metadata interface{}

The policy exemption metadata. Metadata is an open ended object and is typically a collection of key value pairs.

PolicyDefinitionReferenceIds []string

The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition.

PolicyExemptionName string

The name of the policy exemption to delete.

exemptionCategory String | ExemptionCategory

The policy exemption category. Possible values are Waiver and Mitigated.

policyAssignmentId String

The ID of the policy assignment that is being exempted.

scope String

The scope of the policy exemption. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'

description String

The description of the policy exemption.

displayName String

The display name of the policy exemption.

expiresOn String

The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption.

metadata Object

The policy exemption metadata. Metadata is an open ended object and is typically a collection of key value pairs.

policyDefinitionReferenceIds List<String>

The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition.

policyExemptionName String

The name of the policy exemption to delete.

exemptionCategory string | ExemptionCategory

The policy exemption category. Possible values are Waiver and Mitigated.

policyAssignmentId string

The ID of the policy assignment that is being exempted.

scope string

The scope of the policy exemption. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'

description string

The description of the policy exemption.

displayName string

The display name of the policy exemption.

expiresOn string

The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption.

metadata any

The policy exemption metadata. Metadata is an open ended object and is typically a collection of key value pairs.

policyDefinitionReferenceIds string[]

The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition.

policyExemptionName string

The name of the policy exemption to delete.

exemption_category str | ExemptionCategory

The policy exemption category. Possible values are Waiver and Mitigated.

policy_assignment_id str

The ID of the policy assignment that is being exempted.

scope str

The scope of the policy exemption. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'

description str

The description of the policy exemption.

display_name str

The display name of the policy exemption.

expires_on str

The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption.

metadata Any

The policy exemption metadata. Metadata is an open ended object and is typically a collection of key value pairs.

policy_definition_reference_ids Sequence[str]

The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition.

policy_exemption_name str

The name of the policy exemption to delete.

exemptionCategory String | "Waiver" | "Mitigated"

The policy exemption category. Possible values are Waiver and Mitigated.

policyAssignmentId String

The ID of the policy assignment that is being exempted.

scope String

The scope of the policy exemption. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'

description String

The description of the policy exemption.

displayName String

The display name of the policy exemption.

expiresOn String

The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption.

metadata Any

The policy exemption metadata. Metadata is an open ended object and is typically a collection of key value pairs.

policyDefinitionReferenceIds List<String>

The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition.

policyExemptionName String

The name of the policy exemption to delete.

Outputs

All input properties are implicitly available as output properties. Additionally, the PolicyExemption resource produces the following output properties:

Id string

The provider-assigned unique ID for this managed resource.

Name string

The name of the policy exemption.

SystemData Pulumi.AzureNative.Authorization.Outputs.SystemDataResponse

Azure Resource Manager metadata containing createdBy and modifiedBy information.

Type string

The type of the resource (Microsoft.Authorization/policyExemptions).

Id string

The provider-assigned unique ID for this managed resource.

Name string

The name of the policy exemption.

SystemData SystemDataResponse

Azure Resource Manager metadata containing createdBy and modifiedBy information.

Type string

The type of the resource (Microsoft.Authorization/policyExemptions).

id String

The provider-assigned unique ID for this managed resource.

name String

The name of the policy exemption.

systemData SystemDataResponse

Azure Resource Manager metadata containing createdBy and modifiedBy information.

type String

The type of the resource (Microsoft.Authorization/policyExemptions).

id string

The provider-assigned unique ID for this managed resource.

name string

The name of the policy exemption.

systemData SystemDataResponse

Azure Resource Manager metadata containing createdBy and modifiedBy information.

type string

The type of the resource (Microsoft.Authorization/policyExemptions).

id str

The provider-assigned unique ID for this managed resource.

name str

The name of the policy exemption.

system_data SystemDataResponse

Azure Resource Manager metadata containing createdBy and modifiedBy information.

type str

The type of the resource (Microsoft.Authorization/policyExemptions).

id String

The provider-assigned unique ID for this managed resource.

name String

The name of the policy exemption.

systemData Property Map

Azure Resource Manager metadata containing createdBy and modifiedBy information.

type String

The type of the resource (Microsoft.Authorization/policyExemptions).

Supporting Types

ExemptionCategory

Waiver
Waiver

This category of exemptions usually means the scope is not applicable for the policy.

Mitigated
Mitigated

This category of exemptions usually means the mitigation actions have been applied to the scope.

ExemptionCategoryWaiver
Waiver

This category of exemptions usually means the scope is not applicable for the policy.

ExemptionCategoryMitigated
Mitigated

This category of exemptions usually means the mitigation actions have been applied to the scope.

Waiver
Waiver

This category of exemptions usually means the scope is not applicable for the policy.

Mitigated
Mitigated

This category of exemptions usually means the mitigation actions have been applied to the scope.

Waiver
Waiver

This category of exemptions usually means the scope is not applicable for the policy.

Mitigated
Mitigated

This category of exemptions usually means the mitigation actions have been applied to the scope.

WAIVER
Waiver

This category of exemptions usually means the scope is not applicable for the policy.

MITIGATED
Mitigated

This category of exemptions usually means the mitigation actions have been applied to the scope.

"Waiver"
Waiver

This category of exemptions usually means the scope is not applicable for the policy.

"Mitigated"
Mitigated

This category of exemptions usually means the mitigation actions have been applied to the scope.

SystemDataResponse

CreatedAt string

The timestamp of resource creation (UTC).

CreatedBy string

The identity that created the resource.

CreatedByType string

The type of identity that created the resource.

LastModifiedAt string

The timestamp of resource last modification (UTC)

LastModifiedBy string

The identity that last modified the resource.

LastModifiedByType string

The type of identity that last modified the resource.

CreatedAt string

The timestamp of resource creation (UTC).

CreatedBy string

The identity that created the resource.

CreatedByType string

The type of identity that created the resource.

LastModifiedAt string

The timestamp of resource last modification (UTC)

LastModifiedBy string

The identity that last modified the resource.

LastModifiedByType string

The type of identity that last modified the resource.

createdAt String

The timestamp of resource creation (UTC).

createdBy String

The identity that created the resource.

createdByType String

The type of identity that created the resource.

lastModifiedAt String

The timestamp of resource last modification (UTC)

lastModifiedBy String

The identity that last modified the resource.

lastModifiedByType String

The type of identity that last modified the resource.

createdAt string

The timestamp of resource creation (UTC).

createdBy string

The identity that created the resource.

createdByType string

The type of identity that created the resource.

lastModifiedAt string

The timestamp of resource last modification (UTC)

lastModifiedBy string

The identity that last modified the resource.

lastModifiedByType string

The type of identity that last modified the resource.

created_at str

The timestamp of resource creation (UTC).

created_by str

The identity that created the resource.

created_by_type str

The type of identity that created the resource.

last_modified_at str

The timestamp of resource last modification (UTC)

last_modified_by str

The identity that last modified the resource.

last_modified_by_type str

The type of identity that last modified the resource.

createdAt String

The timestamp of resource creation (UTC).

createdBy String

The identity that created the resource.

createdByType String

The type of identity that created the resource.

lastModifiedAt String

The timestamp of resource last modification (UTC)

lastModifiedBy String

The identity that last modified the resource.

lastModifiedByType String

The type of identity that last modified the resource.

Import

An existing resource can be imported using its type token, name, and identifier, e.g.

$ pulumi import azure-native:authorization:PolicyExemption DemoExpensiveVM /subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster/providers/Microsoft.Authorization/policyExemptions/DemoExpensiveVM 

Package Details

Repository
Azure Native pulumi/pulumi-azure-native
License
Apache-2.0