1. Packages
  2. Azure Classic
  3. API Docs
  4. management
  5. GroupPolicyExemption

We recommend using Azure Native.

Azure Classic v5.70.0 published on Wednesday, Mar 27, 2024 by Pulumi

azure.management.GroupPolicyExemption

Explore with Pulumi AI

azure logo

We recommend using Azure Native.

Azure Classic v5.70.0 published on Wednesday, Mar 27, 2024 by Pulumi

    Manages a Management Group Policy Exemption.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as azure from "@pulumi/azure";
    
    const exampleGroup = new azure.management.Group("example", {displayName: "Example MgmtGroup"});
    const example = azure.policy.getPolicySetDefinition({
        displayName: "Audit machines with insecure password security settings",
    });
    const exampleGroupPolicyAssignment = new azure.management.GroupPolicyAssignment("example", {
        name: "assignment1",
        managementGroupId: exampleGroup.id,
        policyDefinitionId: example.then(example => example.id),
        location: "westus",
        identity: {
            type: "SystemAssigned",
        },
    });
    const exampleGroupPolicyExemption = new azure.management.GroupPolicyExemption("example", {
        name: "exemption1",
        managementGroupId: exampleGroup.id,
        policyAssignmentId: exampleGroupPolicyAssignment.id,
        exemptionCategory: "Mitigated",
    });
    
    import pulumi
    import pulumi_azure as azure
    
    example_group = azure.management.Group("example", display_name="Example MgmtGroup")
    example = azure.policy.get_policy_set_definition(display_name="Audit machines with insecure password security settings")
    example_group_policy_assignment = azure.management.GroupPolicyAssignment("example",
        name="assignment1",
        management_group_id=example_group.id,
        policy_definition_id=example.id,
        location="westus",
        identity=azure.management.GroupPolicyAssignmentIdentityArgs(
            type="SystemAssigned",
        ))
    example_group_policy_exemption = azure.management.GroupPolicyExemption("example",
        name="exemption1",
        management_group_id=example_group.id,
        policy_assignment_id=example_group_policy_assignment.id,
        exemption_category="Mitigated")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/management"
    	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/policy"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		exampleGroup, err := management.NewGroup(ctx, "example", &management.GroupArgs{
    			DisplayName: pulumi.String("Example MgmtGroup"),
    		})
    		if err != nil {
    			return err
    		}
    		example, err := policy.LookupPolicySetDefinition(ctx, &policy.LookupPolicySetDefinitionArgs{
    			DisplayName: pulumi.StringRef("Audit machines with insecure password security settings"),
    		}, nil)
    		if err != nil {
    			return err
    		}
    		exampleGroupPolicyAssignment, err := management.NewGroupPolicyAssignment(ctx, "example", &management.GroupPolicyAssignmentArgs{
    			Name:               pulumi.String("assignment1"),
    			ManagementGroupId:  exampleGroup.ID(),
    			PolicyDefinitionId: pulumi.String(example.Id),
    			Location:           pulumi.String("westus"),
    			Identity: &management.GroupPolicyAssignmentIdentityArgs{
    				Type: pulumi.String("SystemAssigned"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		_, err = management.NewGroupPolicyExemption(ctx, "example", &management.GroupPolicyExemptionArgs{
    			Name:               pulumi.String("exemption1"),
    			ManagementGroupId:  exampleGroup.ID(),
    			PolicyAssignmentId: exampleGroupPolicyAssignment.ID(),
    			ExemptionCategory:  pulumi.String("Mitigated"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Azure = Pulumi.Azure;
    
    return await Deployment.RunAsync(() => 
    {
        var exampleGroup = new Azure.Management.Group("example", new()
        {
            DisplayName = "Example MgmtGroup",
        });
    
        var example = Azure.Policy.GetPolicySetDefinition.Invoke(new()
        {
            DisplayName = "Audit machines with insecure password security settings",
        });
    
        var exampleGroupPolicyAssignment = new Azure.Management.GroupPolicyAssignment("example", new()
        {
            Name = "assignment1",
            ManagementGroupId = exampleGroup.Id,
            PolicyDefinitionId = example.Apply(getPolicySetDefinitionResult => getPolicySetDefinitionResult.Id),
            Location = "westus",
            Identity = new Azure.Management.Inputs.GroupPolicyAssignmentIdentityArgs
            {
                Type = "SystemAssigned",
            },
        });
    
        var exampleGroupPolicyExemption = new Azure.Management.GroupPolicyExemption("example", new()
        {
            Name = "exemption1",
            ManagementGroupId = exampleGroup.Id,
            PolicyAssignmentId = exampleGroupPolicyAssignment.Id,
            ExemptionCategory = "Mitigated",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azure.management.Group;
    import com.pulumi.azure.management.GroupArgs;
    import com.pulumi.azure.policy.PolicyFunctions;
    import com.pulumi.azure.policy.inputs.GetPolicySetDefinitionArgs;
    import com.pulumi.azure.management.GroupPolicyAssignment;
    import com.pulumi.azure.management.GroupPolicyAssignmentArgs;
    import com.pulumi.azure.management.inputs.GroupPolicyAssignmentIdentityArgs;
    import com.pulumi.azure.management.GroupPolicyExemption;
    import com.pulumi.azure.management.GroupPolicyExemptionArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var exampleGroup = new Group("exampleGroup", GroupArgs.builder()        
                .displayName("Example MgmtGroup")
                .build());
    
            final var example = PolicyFunctions.getPolicySetDefinition(GetPolicySetDefinitionArgs.builder()
                .displayName("Audit machines with insecure password security settings")
                .build());
    
            var exampleGroupPolicyAssignment = new GroupPolicyAssignment("exampleGroupPolicyAssignment", GroupPolicyAssignmentArgs.builder()        
                .name("assignment1")
                .managementGroupId(exampleGroup.id())
                .policyDefinitionId(example.applyValue(getPolicySetDefinitionResult -> getPolicySetDefinitionResult.id()))
                .location("westus")
                .identity(GroupPolicyAssignmentIdentityArgs.builder()
                    .type("SystemAssigned")
                    .build())
                .build());
    
            var exampleGroupPolicyExemption = new GroupPolicyExemption("exampleGroupPolicyExemption", GroupPolicyExemptionArgs.builder()        
                .name("exemption1")
                .managementGroupId(exampleGroup.id())
                .policyAssignmentId(exampleGroupPolicyAssignment.id())
                .exemptionCategory("Mitigated")
                .build());
    
        }
    }
    
    resources:
      exampleGroup:
        type: azure:management:Group
        name: example
        properties:
          displayName: Example MgmtGroup
      exampleGroupPolicyAssignment:
        type: azure:management:GroupPolicyAssignment
        name: example
        properties:
          name: assignment1
          managementGroupId: ${exampleGroup.id}
          policyDefinitionId: ${example.id}
          location: westus
          identity:
            type: SystemAssigned
      exampleGroupPolicyExemption:
        type: azure:management:GroupPolicyExemption
        name: example
        properties:
          name: exemption1
          managementGroupId: ${exampleGroup.id}
          policyAssignmentId: ${exampleGroupPolicyAssignment.id}
          exemptionCategory: Mitigated
    variables:
      example:
        fn::invoke:
          Function: azure:policy:getPolicySetDefinition
          Arguments:
            displayName: Audit machines with insecure password security settings
    

    Create GroupPolicyExemption Resource

    new GroupPolicyExemption(name: string, args: GroupPolicyExemptionArgs, opts?: CustomResourceOptions);
    @overload
    def GroupPolicyExemption(resource_name: str,
                             opts: Optional[ResourceOptions] = None,
                             description: Optional[str] = None,
                             display_name: Optional[str] = None,
                             exemption_category: Optional[str] = None,
                             expires_on: Optional[str] = None,
                             management_group_id: Optional[str] = None,
                             metadata: Optional[str] = None,
                             name: Optional[str] = None,
                             policy_assignment_id: Optional[str] = None,
                             policy_definition_reference_ids: Optional[Sequence[str]] = None)
    @overload
    def GroupPolicyExemption(resource_name: str,
                             args: GroupPolicyExemptionArgs,
                             opts: Optional[ResourceOptions] = None)
    func NewGroupPolicyExemption(ctx *Context, name string, args GroupPolicyExemptionArgs, opts ...ResourceOption) (*GroupPolicyExemption, error)
    public GroupPolicyExemption(string name, GroupPolicyExemptionArgs args, CustomResourceOptions? opts = null)
    public GroupPolicyExemption(String name, GroupPolicyExemptionArgs args)
    public GroupPolicyExemption(String name, GroupPolicyExemptionArgs args, CustomResourceOptions options)
    
    type: azure:management:GroupPolicyExemption
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args GroupPolicyExemptionArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args GroupPolicyExemptionArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args GroupPolicyExemptionArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args GroupPolicyExemptionArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args GroupPolicyExemptionArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    GroupPolicyExemption Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The GroupPolicyExemption resource accepts the following input properties:

    ExemptionCategory string
    The category of this policy exemption. Possible values are Waiver and Mitigated.
    ManagementGroupId string
    The Management Group ID where the Policy Exemption should be applied. Changing this forces a new resource to be created.
    PolicyAssignmentId string
    The ID of the Policy Assignment to be exempted at the specified Scope.
    Description string
    A description to use for this Policy Exemption.
    DisplayName string
    A friendly display name to use for this Policy Exemption.
    ExpiresOn string
    The expiration date and time in UTC ISO 8601 format of this policy exemption.
    Metadata string
    The metadata for this policy exemption. This is a JSON string representing additional metadata that should be stored with the policy exemption.
    Name string
    The name of the Policy Exemption. Changing this forces a new resource to be created.
    PolicyDefinitionReferenceIds List<string>
    The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition.
    ExemptionCategory string
    The category of this policy exemption. Possible values are Waiver and Mitigated.
    ManagementGroupId string
    The Management Group ID where the Policy Exemption should be applied. Changing this forces a new resource to be created.
    PolicyAssignmentId string
    The ID of the Policy Assignment to be exempted at the specified Scope.
    Description string
    A description to use for this Policy Exemption.
    DisplayName string
    A friendly display name to use for this Policy Exemption.
    ExpiresOn string
    The expiration date and time in UTC ISO 8601 format of this policy exemption.
    Metadata string
    The metadata for this policy exemption. This is a JSON string representing additional metadata that should be stored with the policy exemption.
    Name string
    The name of the Policy Exemption. Changing this forces a new resource to be created.
    PolicyDefinitionReferenceIds []string
    The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition.
    exemptionCategory String
    The category of this policy exemption. Possible values are Waiver and Mitigated.
    managementGroupId String
    The Management Group ID where the Policy Exemption should be applied. Changing this forces a new resource to be created.
    policyAssignmentId String
    The ID of the Policy Assignment to be exempted at the specified Scope.
    description String
    A description to use for this Policy Exemption.
    displayName String
    A friendly display name to use for this Policy Exemption.
    expiresOn String
    The expiration date and time in UTC ISO 8601 format of this policy exemption.
    metadata String
    The metadata for this policy exemption. This is a JSON string representing additional metadata that should be stored with the policy exemption.
    name String
    The name of the Policy Exemption. Changing this forces a new resource to be created.
    policyDefinitionReferenceIds List<String>
    The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition.
    exemptionCategory string
    The category of this policy exemption. Possible values are Waiver and Mitigated.
    managementGroupId string
    The Management Group ID where the Policy Exemption should be applied. Changing this forces a new resource to be created.
    policyAssignmentId string
    The ID of the Policy Assignment to be exempted at the specified Scope.
    description string
    A description to use for this Policy Exemption.
    displayName string
    A friendly display name to use for this Policy Exemption.
    expiresOn string
    The expiration date and time in UTC ISO 8601 format of this policy exemption.
    metadata string
    The metadata for this policy exemption. This is a JSON string representing additional metadata that should be stored with the policy exemption.
    name string
    The name of the Policy Exemption. Changing this forces a new resource to be created.
    policyDefinitionReferenceIds string[]
    The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition.
    exemption_category str
    The category of this policy exemption. Possible values are Waiver and Mitigated.
    management_group_id str
    The Management Group ID where the Policy Exemption should be applied. Changing this forces a new resource to be created.
    policy_assignment_id str
    The ID of the Policy Assignment to be exempted at the specified Scope.
    description str
    A description to use for this Policy Exemption.
    display_name str
    A friendly display name to use for this Policy Exemption.
    expires_on str
    The expiration date and time in UTC ISO 8601 format of this policy exemption.
    metadata str
    The metadata for this policy exemption. This is a JSON string representing additional metadata that should be stored with the policy exemption.
    name str
    The name of the Policy Exemption. Changing this forces a new resource to be created.
    policy_definition_reference_ids Sequence[str]
    The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition.
    exemptionCategory String
    The category of this policy exemption. Possible values are Waiver and Mitigated.
    managementGroupId String
    The Management Group ID where the Policy Exemption should be applied. Changing this forces a new resource to be created.
    policyAssignmentId String
    The ID of the Policy Assignment to be exempted at the specified Scope.
    description String
    A description to use for this Policy Exemption.
    displayName String
    A friendly display name to use for this Policy Exemption.
    expiresOn String
    The expiration date and time in UTC ISO 8601 format of this policy exemption.
    metadata String
    The metadata for this policy exemption. This is a JSON string representing additional metadata that should be stored with the policy exemption.
    name String
    The name of the Policy Exemption. Changing this forces a new resource to be created.
    policyDefinitionReferenceIds List<String>
    The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the GroupPolicyExemption resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing GroupPolicyExemption Resource

    Get an existing GroupPolicyExemption resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: GroupPolicyExemptionState, opts?: CustomResourceOptions): GroupPolicyExemption
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            description: Optional[str] = None,
            display_name: Optional[str] = None,
            exemption_category: Optional[str] = None,
            expires_on: Optional[str] = None,
            management_group_id: Optional[str] = None,
            metadata: Optional[str] = None,
            name: Optional[str] = None,
            policy_assignment_id: Optional[str] = None,
            policy_definition_reference_ids: Optional[Sequence[str]] = None) -> GroupPolicyExemption
    func GetGroupPolicyExemption(ctx *Context, name string, id IDInput, state *GroupPolicyExemptionState, opts ...ResourceOption) (*GroupPolicyExemption, error)
    public static GroupPolicyExemption Get(string name, Input<string> id, GroupPolicyExemptionState? state, CustomResourceOptions? opts = null)
    public static GroupPolicyExemption get(String name, Output<String> id, GroupPolicyExemptionState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Description string
    A description to use for this Policy Exemption.
    DisplayName string
    A friendly display name to use for this Policy Exemption.
    ExemptionCategory string
    The category of this policy exemption. Possible values are Waiver and Mitigated.
    ExpiresOn string
    The expiration date and time in UTC ISO 8601 format of this policy exemption.
    ManagementGroupId string
    The Management Group ID where the Policy Exemption should be applied. Changing this forces a new resource to be created.
    Metadata string
    The metadata for this policy exemption. This is a JSON string representing additional metadata that should be stored with the policy exemption.
    Name string
    The name of the Policy Exemption. Changing this forces a new resource to be created.
    PolicyAssignmentId string
    The ID of the Policy Assignment to be exempted at the specified Scope.
    PolicyDefinitionReferenceIds List<string>
    The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition.
    Description string
    A description to use for this Policy Exemption.
    DisplayName string
    A friendly display name to use for this Policy Exemption.
    ExemptionCategory string
    The category of this policy exemption. Possible values are Waiver and Mitigated.
    ExpiresOn string
    The expiration date and time in UTC ISO 8601 format of this policy exemption.
    ManagementGroupId string
    The Management Group ID where the Policy Exemption should be applied. Changing this forces a new resource to be created.
    Metadata string
    The metadata for this policy exemption. This is a JSON string representing additional metadata that should be stored with the policy exemption.
    Name string
    The name of the Policy Exemption. Changing this forces a new resource to be created.
    PolicyAssignmentId string
    The ID of the Policy Assignment to be exempted at the specified Scope.
    PolicyDefinitionReferenceIds []string
    The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition.
    description String
    A description to use for this Policy Exemption.
    displayName String
    A friendly display name to use for this Policy Exemption.
    exemptionCategory String
    The category of this policy exemption. Possible values are Waiver and Mitigated.
    expiresOn String
    The expiration date and time in UTC ISO 8601 format of this policy exemption.
    managementGroupId String
    The Management Group ID where the Policy Exemption should be applied. Changing this forces a new resource to be created.
    metadata String
    The metadata for this policy exemption. This is a JSON string representing additional metadata that should be stored with the policy exemption.
    name String
    The name of the Policy Exemption. Changing this forces a new resource to be created.
    policyAssignmentId String
    The ID of the Policy Assignment to be exempted at the specified Scope.
    policyDefinitionReferenceIds List<String>
    The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition.
    description string
    A description to use for this Policy Exemption.
    displayName string
    A friendly display name to use for this Policy Exemption.
    exemptionCategory string
    The category of this policy exemption. Possible values are Waiver and Mitigated.
    expiresOn string
    The expiration date and time in UTC ISO 8601 format of this policy exemption.
    managementGroupId string
    The Management Group ID where the Policy Exemption should be applied. Changing this forces a new resource to be created.
    metadata string
    The metadata for this policy exemption. This is a JSON string representing additional metadata that should be stored with the policy exemption.
    name string
    The name of the Policy Exemption. Changing this forces a new resource to be created.
    policyAssignmentId string
    The ID of the Policy Assignment to be exempted at the specified Scope.
    policyDefinitionReferenceIds string[]
    The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition.
    description str
    A description to use for this Policy Exemption.
    display_name str
    A friendly display name to use for this Policy Exemption.
    exemption_category str
    The category of this policy exemption. Possible values are Waiver and Mitigated.
    expires_on str
    The expiration date and time in UTC ISO 8601 format of this policy exemption.
    management_group_id str
    The Management Group ID where the Policy Exemption should be applied. Changing this forces a new resource to be created.
    metadata str
    The metadata for this policy exemption. This is a JSON string representing additional metadata that should be stored with the policy exemption.
    name str
    The name of the Policy Exemption. Changing this forces a new resource to be created.
    policy_assignment_id str
    The ID of the Policy Assignment to be exempted at the specified Scope.
    policy_definition_reference_ids Sequence[str]
    The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition.
    description String
    A description to use for this Policy Exemption.
    displayName String
    A friendly display name to use for this Policy Exemption.
    exemptionCategory String
    The category of this policy exemption. Possible values are Waiver and Mitigated.
    expiresOn String
    The expiration date and time in UTC ISO 8601 format of this policy exemption.
    managementGroupId String
    The Management Group ID where the Policy Exemption should be applied. Changing this forces a new resource to be created.
    metadata String
    The metadata for this policy exemption. This is a JSON string representing additional metadata that should be stored with the policy exemption.
    name String
    The name of the Policy Exemption. Changing this forces a new resource to be created.
    policyAssignmentId String
    The ID of the Policy Assignment to be exempted at the specified Scope.
    policyDefinitionReferenceIds List<String>
    The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition.

    Import

    Policy Exemptions can be imported using the resource id, e.g.

    $ pulumi import azure:management/groupPolicyExemption:GroupPolicyExemption exemption1 /providers/Microsoft.Management/managementGroups/group1/providers/Microsoft.Authorization/policyExemptions/exemption1
    

    Package Details

    Repository
    Azure Classic pulumi/pulumi-azure
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the azurerm Terraform Provider.
    azure logo

    We recommend using Azure Native.

    Azure Classic v5.70.0 published on Wednesday, Mar 27, 2024 by Pulumi