armpolicy

package module
v0.7.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 28, 2023 License: MIT Imports: 15 Imported by: 18

README

Azure Resource Policy Module for Go

PkgGoDev

The armpolicy module provides operations for working with Azure Resource Policy.

Source code

Getting started

Prerequisites

  • an Azure subscription
  • Go 1.18 or above (You could download and install the latest version of Go from here. It will replace the existing Go on your machine. If you want to install multiple Go versions on the same machine, you could refer this doc.)

Install the package

This project uses Go modules for versioning and dependency management.

Install the Azure Resource Policy module:

go get github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy

Authorization

When creating a client, you will need to provide a credential for authenticating with Azure Resource Policy. The azidentity module provides facilities for various ways of authenticating with Azure including client/secret, certificate, managed identity, and more.

cred, err := azidentity.NewDefaultAzureCredential(nil)

For more information on authentication, please see the documentation for azidentity at pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity.

Client Factory

Azure Resource Policy module consists of one or more clients. We provide a client factory which could be used to create any client in this module.

clientFactory, err := armpolicy.NewClientFactory(<subscription ID>, cred, nil)

You can use ClientOptions in package github.com/Azure/azure-sdk-for-go/sdk/azcore/arm to set endpoint to connect with public and sovereign clouds as well as Azure Stack. For more information, please see the documentation for azcore at pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azcore.

options := arm.ClientOptions {
    ClientOptions: azcore.ClientOptions {
        Cloud: cloud.AzureChina,
    },
}
clientFactory, err := armpolicy.NewClientFactory(<subscription ID>, cred, &options)

Clients

A client groups a set of related APIs, providing access to its functionality. Create one or more clients to access the APIs you require using client factory.

client := clientFactory.NewDefinitionsClient()

Provide Feedback

If you encounter bugs or have suggestions, please open an issue and assign the Resource Policy label.

Contributing

This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.microsoft.com.

When you submit a pull request, a CLA-bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.

This project has adopted the Microsoft Open Source Code of Conduct. For more information, see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.

Documentation

Index

Examples

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Alias 

type Alias struct {
	// The default path for an alias.
	DefaultPath *string `json:"defaultPath,omitempty"`

	// The default pattern for an alias.
	DefaultPattern *AliasPattern `json:"defaultPattern,omitempty"`

	// The alias name.
	Name *string `json:"name,omitempty"`

	// The paths for an alias.
	Paths []*AliasPath `json:"paths,omitempty"`

	// The type of the alias.
	Type *AliasType `json:"type,omitempty"`

	// READ-ONLY; The default alias path metadata. Applies to the default path and to any alias path that doesn't have metadata
	DefaultMetadata *AliasPathMetadata `json:"defaultMetadata,omitempty" azure:"ro"`
}

Alias - The alias type.

func (Alias) MarshalJSON 

func (a Alias) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type Alias.

func (*Alias) UnmarshalJSON added in v0.7.0 

func (a *Alias) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type Alias.

type AliasPath 

type AliasPath struct {
	// The API versions.
	APIVersions []*string `json:"apiVersions,omitempty"`

	// The path of an alias.
	Path *string `json:"path,omitempty"`

	// The pattern for an alias path.
	Pattern *AliasPattern `json:"pattern,omitempty"`

	// READ-ONLY; The metadata of the alias path. If missing, fall back to the default metadata of the alias.
	Metadata *AliasPathMetadata `json:"metadata,omitempty" azure:"ro"`
}

AliasPath - The type of the paths for alias.

func (AliasPath) MarshalJSON 

func (a AliasPath) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AliasPath.

func (*AliasPath) UnmarshalJSON added in v0.7.0 

func (a *AliasPath) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AliasPath.

type AliasPathAttributes 

type AliasPathAttributes string

AliasPathAttributes - The attributes of the token that the alias path is referring to. 

const (
	// AliasPathAttributesModifiable - The token that the alias path is referring to is modifiable by policies with 'modify' effect.
	AliasPathAttributesModifiable AliasPathAttributes = "Modifiable"
	// AliasPathAttributesNone - The token that the alias path is referring to has no attributes.
	AliasPathAttributesNone AliasPathAttributes = "None"
)

func PossibleAliasPathAttributesValues 

func PossibleAliasPathAttributesValues() []AliasPathAttributes

PossibleAliasPathAttributesValues returns the possible values for the AliasPathAttributes const type.

type AliasPathMetadata 

type AliasPathMetadata struct {
	// READ-ONLY; The attributes of the token that the alias path is referring to.
	Attributes *AliasPathAttributes `json:"attributes,omitempty" azure:"ro"`

	// READ-ONLY; The type of the token that the alias path is referring to.
	Type *AliasPathTokenType `json:"type,omitempty" azure:"ro"`
}

func (AliasPathMetadata) MarshalJSON added in v0.7.0 

func (a AliasPathMetadata) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AliasPathMetadata.

func (*AliasPathMetadata) UnmarshalJSON added in v0.7.0 

func (a *AliasPathMetadata) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AliasPathMetadata.

type AliasPathTokenType 

type AliasPathTokenType string

AliasPathTokenType - The type of the token that the alias path is referring to. 

const (
	// AliasPathTokenTypeAny - The token type can be anything.
	AliasPathTokenTypeAny AliasPathTokenType = "Any"
	// AliasPathTokenTypeArray - The token type is array.
	AliasPathTokenTypeArray AliasPathTokenType = "Array"
	// AliasPathTokenTypeBoolean - The token type is boolean.
	AliasPathTokenTypeBoolean AliasPathTokenType = "Boolean"
	// AliasPathTokenTypeInteger - The token type is integer.
	AliasPathTokenTypeInteger AliasPathTokenType = "Integer"
	// AliasPathTokenTypeNotSpecified - The token type is not specified.
	AliasPathTokenTypeNotSpecified AliasPathTokenType = "NotSpecified"
	// AliasPathTokenTypeNumber - The token type is number.
	AliasPathTokenTypeNumber AliasPathTokenType = "Number"
	// AliasPathTokenTypeObject - The token type is object.
	AliasPathTokenTypeObject AliasPathTokenType = "Object"
	// AliasPathTokenTypeString - The token type is string.
	AliasPathTokenTypeString AliasPathTokenType = "String"
)

func PossibleAliasPathTokenTypeValues 

func PossibleAliasPathTokenTypeValues() []AliasPathTokenType

PossibleAliasPathTokenTypeValues returns the possible values for the AliasPathTokenType const type.

type AliasPattern 

type AliasPattern struct {
	// The alias pattern phrase.
	Phrase *string `json:"phrase,omitempty"`

	// The type of alias pattern
	Type *AliasPatternType `json:"type,omitempty"`

	// The alias pattern variable.
	Variable *string `json:"variable,omitempty"`
}

AliasPattern - The type of the pattern for an alias path.

func (AliasPattern) MarshalJSON added in v0.7.0 

func (a AliasPattern) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AliasPattern.

func (*AliasPattern) UnmarshalJSON added in v0.7.0 

func (a *AliasPattern) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AliasPattern.

type AliasPatternType 

type AliasPatternType string

AliasPatternType - The type of alias pattern 

const (
	// AliasPatternTypeNotSpecified - NotSpecified is not allowed.
	AliasPatternTypeNotSpecified AliasPatternType = "NotSpecified"
	// AliasPatternTypeExtract - Extract is the only allowed value.
	AliasPatternTypeExtract AliasPatternType = "Extract"
)

func PossibleAliasPatternTypeValues 

func PossibleAliasPatternTypeValues() []AliasPatternType

PossibleAliasPatternTypeValues returns the possible values for the AliasPatternType const type.

type AliasType 

type AliasType string

AliasType - The type of the alias. 

const (
	// AliasTypeNotSpecified - Alias type is unknown (same as not providing alias type).
	AliasTypeNotSpecified AliasType = "NotSpecified"
	// AliasTypePlainText - Alias value is not secret.
	AliasTypePlainText AliasType = "PlainText"
	// AliasTypeMask - Alias value is secret.
	AliasTypeMask AliasType = "Mask"
)

func PossibleAliasTypeValues 

func PossibleAliasTypeValues() []AliasType

PossibleAliasTypeValues returns the possible values for the AliasType const type.

type Assignment added in v0.2.0 

type Assignment struct {
	// The managed identity associated with the policy assignment.
	Identity *Identity `json:"identity,omitempty"`

	// The location of the policy assignment. Only required when utilizing managed identity.
	Location *string `json:"location,omitempty"`

	// Properties for the policy assignment.
	Properties *AssignmentProperties `json:"properties,omitempty"`

	// READ-ONLY; The ID of the policy assignment.
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the policy assignment.
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; The system metadata relating to this resource.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the policy assignment.
	Type *string `json:"type,omitempty" azure:"ro"`
}

Assignment - The policy assignment.

func (Assignment) MarshalJSON added in v0.7.0 

func (a Assignment) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type Assignment.

func (*Assignment) UnmarshalJSON added in v0.7.0 

func (a *Assignment) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type Assignment.

type AssignmentListResult added in v0.2.0 

type AssignmentListResult struct {
	// The URL to use for getting the next set of results.
	NextLink *string `json:"nextLink,omitempty"`

	// An array of policy assignments.
	Value []*Assignment `json:"value,omitempty"`
}

AssignmentListResult - List of policy assignments.

func (AssignmentListResult) MarshalJSON added in v0.2.0 

func (a AssignmentListResult) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AssignmentListResult.

func (*AssignmentListResult) UnmarshalJSON added in v0.7.0 

func (a *AssignmentListResult) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AssignmentListResult.

type AssignmentProperties added in v0.2.0 

type AssignmentProperties struct {
	// This message will be part of response in case of policy violation.
	Description *string `json:"description,omitempty"`

	// The display name of the policy assignment.
	DisplayName *string `json:"displayName,omitempty"`

	// The policy assignment enforcement mode. Possible values are Default and DoNotEnforce.
	EnforcementMode *EnforcementMode `json:"enforcementMode,omitempty"`

	// The policy assignment metadata. Metadata is an open ended object and is typically a collection of key value pairs.
	Metadata any `json:"metadata,omitempty"`

	// The messages that describe why a resource is non-compliant with the policy.
	NonComplianceMessages []*NonComplianceMessage `json:"nonComplianceMessages,omitempty"`

	// The policy's excluded scopes.
	NotScopes []*string `json:"notScopes,omitempty"`

	// The parameter values for the assigned policy rule. The keys are the parameter names.
	Parameters map[string]*ParameterValuesValue `json:"parameters,omitempty"`

	// The ID of the policy definition or policy set definition being assigned.
	PolicyDefinitionID *string `json:"policyDefinitionId,omitempty"`

	// READ-ONLY; The scope for the policy assignment.
	Scope *string `json:"scope,omitempty" azure:"ro"`
}

AssignmentProperties - The policy assignment properties.

func (AssignmentProperties) MarshalJSON added in v0.2.0 

func (a AssignmentProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AssignmentProperties.

func (*AssignmentProperties) UnmarshalJSON added in v0.7.0 

func (a *AssignmentProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AssignmentProperties.

type AssignmentUpdate added in v0.2.0 

type AssignmentUpdate struct {
	// The managed identity associated with the policy assignment.
	Identity *Identity `json:"identity,omitempty"`

	// The location of the policy assignment. Only required when utilizing managed identity.
	Location *string `json:"location,omitempty"`
}

func (AssignmentUpdate) MarshalJSON added in v0.2.0 

func (a AssignmentUpdate) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AssignmentUpdate.

func (*AssignmentUpdate) UnmarshalJSON added in v0.7.0 

func (a *AssignmentUpdate) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AssignmentUpdate.

type AssignmentsClient added in v0.2.0 

type AssignmentsClient struct {
	// contains filtered or unexported fields
}

AssignmentsClient contains the methods for the PolicyAssignments group. Don't use this type directly, use NewAssignmentsClient() instead.

func NewAssignmentsClient added in v0.2.0 

func NewAssignmentsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*AssignmentsClient, error)

NewAssignmentsClient creates a new instance of AssignmentsClient with the specified values.

  • subscriptionID - The ID of the target subscription.
  • credential - used to authorize requests. Usually a credential from azidentity.
  • options - pass nil to accept the default values.

func (*AssignmentsClient) Create added in v0.2.0 

func (client *AssignmentsClient) Create(ctx context.Context, scope string, policyAssignmentName string, parameters Assignment, options *AssignmentsClientCreateOptions) (AssignmentsClientCreateResponse, error)

Create - This operation creates or updates a policy assignment with the given scope and name. Policy assignments apply to all resources contained within their scope. For example, when you assign a policy at resource group scope, that policy applies to all resources in the group. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-06-01

  • scope - The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
  • policyAssignmentName - The name of the policy assignment.
  • parameters - Parameters for the policy assignment.
  • options - AssignmentsClientCreateOptions contains the optional parameters for the AssignmentsClient.Create method.
Example (CreateOrUpdateAPolicyAssignment)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d55b8005f05b040b852c15e74a0f3e36494a15e1/specification/resources/resource-manager/Microsoft.Authorization/stable/2021-06-01/examples/createPolicyAssignment.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	_, err = clientFactory.NewAssignmentsClient().Create(ctx, "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "EnforceNaming", armpolicy.Assignment{
		Properties: &armpolicy.AssignmentProperties{
			Description: to.Ptr("Force resource names to begin with given DeptA and end with -LC"),
			DisplayName: to.Ptr("Enforce resource naming rules"),
			Metadata: map[string]any{
				"assignedBy": "Special Someone",
			},
			NonComplianceMessages: []*armpolicy.NonComplianceMessage{
				{
					Message: to.Ptr("Resource names must start with 'DeptA' and end with '-LC'."),
				}},
			Parameters: map[string]*armpolicy.ParameterValuesValue{
				"prefix": {
					Value: "DeptA",
				},
				"suffix": {
					Value: "-LC",
				},
			},
			PolicyDefinitionID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
}

Output:
Example (CreateOrUpdateAPolicyAssignmentWithASystemAssignedIdentity)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d55b8005f05b040b852c15e74a0f3e36494a15e1/specification/resources/resource-manager/Microsoft.Authorization/stable/2021-06-01/examples/createPolicyAssignmentWithIdentity.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	_, err = clientFactory.NewAssignmentsClient().Create(ctx, "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "EnforceNaming", armpolicy.Assignment{
		Identity: &armpolicy.Identity{
			Type: to.Ptr(armpolicy.ResourceIdentityTypeSystemAssigned),
		},
		Location: to.Ptr("eastus"),
		Properties: &armpolicy.AssignmentProperties{
			Description:     to.Ptr("Force resource names to begin with given DeptA and end with -LC"),
			DisplayName:     to.Ptr("Enforce resource naming rules"),
			EnforcementMode: to.Ptr(armpolicy.EnforcementModeDefault),
			Metadata: map[string]any{
				"assignedBy": "Foo Bar",
			},
			Parameters: map[string]*armpolicy.ParameterValuesValue{
				"prefix": {
					Value: "DeptA",
				},
				"suffix": {
					Value: "-LC",
				},
			},
			PolicyDefinitionID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
}

Output:
Example (CreateOrUpdateAPolicyAssignmentWithAUserAssignedIdentity)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d55b8005f05b040b852c15e74a0f3e36494a15e1/specification/resources/resource-manager/Microsoft.Authorization/stable/2021-06-01/examples/createPolicyAssignmentWithUserAssignedIdentity.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	_, err = clientFactory.NewAssignmentsClient().Create(ctx, "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "EnforceNaming", armpolicy.Assignment{
		Identity: &armpolicy.Identity{
			Type: to.Ptr(armpolicy.ResourceIdentityTypeUserAssigned),
			UserAssignedIdentities: map[string]*armpolicy.UserAssignedIdentitiesValue{
				"/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-identity": {},
			},
		},
		Location: to.Ptr("eastus"),
		Properties: &armpolicy.AssignmentProperties{
			Description:     to.Ptr("Force resource names to begin with given DeptA and end with -LC"),
			DisplayName:     to.Ptr("Enforce resource naming rules"),
			EnforcementMode: to.Ptr(armpolicy.EnforcementModeDefault),
			Metadata: map[string]any{
				"assignedBy": "Foo Bar",
			},
			Parameters: map[string]*armpolicy.ParameterValuesValue{
				"prefix": {
					Value: "DeptA",
				},
				"suffix": {
					Value: "-LC",
				},
			},
			PolicyDefinitionID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
}

Output:
Example (CreateOrUpdateAPolicyAssignmentWithMultipleNonComplianceMessages)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d55b8005f05b040b852c15e74a0f3e36494a15e1/specification/resources/resource-manager/Microsoft.Authorization/stable/2021-06-01/examples/createPolicyAssignmentNonComplianceMessages.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	_, err = clientFactory.NewAssignmentsClient().Create(ctx, "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "securityInitAssignment", armpolicy.Assignment{
		Properties: &armpolicy.AssignmentProperties{
			DisplayName: to.Ptr("Enforce security policies"),
			NonComplianceMessages: []*armpolicy.NonComplianceMessage{
				{
					Message: to.Ptr("Resources must comply with all internal security policies. See <internal site URL> for more info."),
				},
				{
					Message:                     to.Ptr("Resource names must start with 'DeptA' and end with '-LC'."),
					PolicyDefinitionReferenceID: to.Ptr("10420126870854049575"),
				},
				{
					Message:                     to.Ptr("Storage accounts must have firewall rules configured."),
					PolicyDefinitionReferenceID: to.Ptr("8572513655450389710"),
				}},
			PolicyDefinitionID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/securityInitiative"),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
}

Output:
Example (CreateOrUpdateAPolicyAssignmentWithoutEnforcingPolicyEffectDuringResourceCreationOrUpdate)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d55b8005f05b040b852c15e74a0f3e36494a15e1/specification/resources/resource-manager/Microsoft.Authorization/stable/2021-06-01/examples/createPolicyAssignmentWithoutEnforcement.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	_, err = clientFactory.NewAssignmentsClient().Create(ctx, "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "EnforceNaming", armpolicy.Assignment{
		Properties: &armpolicy.AssignmentProperties{
			Description:     to.Ptr("Force resource names to begin with given DeptA and end with -LC"),
			DisplayName:     to.Ptr("Enforce resource naming rules"),
			EnforcementMode: to.Ptr(armpolicy.EnforcementModeDoNotEnforce),
			Metadata: map[string]any{
				"assignedBy": "Special Someone",
			},
			Parameters: map[string]*armpolicy.ParameterValuesValue{
				"prefix": {
					Value: "DeptA",
				},
				"suffix": {
					Value: "-LC",
				},
			},
			PolicyDefinitionID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
}

Output:

func (*AssignmentsClient) CreateByID added in v0.2.0 

func (client *AssignmentsClient) CreateByID(ctx context.Context, policyAssignmentID string, parameters Assignment, options *AssignmentsClientCreateByIDOptions) (AssignmentsClientCreateByIDResponse, error)

CreateByID - This operation creates or updates the policy assignment with the given ID. Policy assignments made on a scope apply to all resources contained in that scope. For example, when you assign a policy to a resource group that policy applies to all resources in the group. Policy assignment IDs have this format: '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-06-01

  • policyAssignmentID - The ID of the policy assignment to create. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'.
  • parameters - Parameters for policy assignment.
  • options - AssignmentsClientCreateByIDOptions contains the optional parameters for the AssignmentsClient.CreateByID method.
Example (CreateOrUpdatePolicyAssignmentById)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d55b8005f05b040b852c15e74a0f3e36494a15e1/specification/resources/resource-manager/Microsoft.Authorization/stable/2021-06-01/examples/createPolicyAssignmentById.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	_, err = clientFactory.NewAssignmentsClient().CreateByID(ctx, "providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage", armpolicy.Assignment{
		Properties: &armpolicy.AssignmentProperties{
			Description:     to.Ptr("Allow only storage accounts of SKU Standard_GRS or Standard_LRS to be created"),
			DisplayName:     to.Ptr("Enforce storage account SKU"),
			EnforcementMode: to.Ptr(armpolicy.EnforcementModeDefault),
			Metadata: map[string]any{
				"assignedBy": "Cheapskate Boss",
			},
			Parameters: map[string]*armpolicy.ParameterValuesValue{
				"listOfAllowedSKUs": {
					Value: []any{
						"Standard_GRS",
						"Standard_LRS",
					},
				},
			},
			PolicyDefinitionID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1"),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
}

Output:
Example (CreateOrUpdatePolicyAssignmentWithAManagedIdentityById)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d55b8005f05b040b852c15e74a0f3e36494a15e1/specification/resources/resource-manager/Microsoft.Authorization/stable/2021-06-01/examples/createPolicyAssignmentWithIdentityById.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	_, err = clientFactory.NewAssignmentsClient().CreateByID(ctx, "providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage", armpolicy.Assignment{
		Identity: &armpolicy.Identity{
			Type: to.Ptr(armpolicy.ResourceIdentityTypeSystemAssigned),
		},
		Location: to.Ptr("eastus"),
		Properties: &armpolicy.AssignmentProperties{
			Description:     to.Ptr("Allow only storage accounts of SKU Standard_GRS or Standard_LRS to be created"),
			DisplayName:     to.Ptr("Enforce storage account SKU"),
			EnforcementMode: to.Ptr(armpolicy.EnforcementModeDefault),
			Metadata: map[string]any{
				"assignedBy": "Cheapskate Boss",
			},
			Parameters: map[string]*armpolicy.ParameterValuesValue{
				"listOfAllowedSKUs": {
					Value: []any{
						"Standard_GRS",
						"Standard_LRS",
					},
				},
			},
			PolicyDefinitionID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1"),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
}

Output:

func (*AssignmentsClient) Delete added in v0.2.0 

func (client *AssignmentsClient) Delete(ctx context.Context, scope string, policyAssignmentName string, options *AssignmentsClientDeleteOptions) (AssignmentsClientDeleteResponse, error)

Delete - This operation deletes a policy assignment, given its name and the scope it was created in. The scope of a policy assignment is the part of its ID preceding '/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-06-01

  • scope - The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
  • policyAssignmentName - The name of the policy assignment to delete.
  • options - AssignmentsClientDeleteOptions contains the optional parameters for the AssignmentsClient.Delete method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d55b8005f05b040b852c15e74a0f3e36494a15e1/specification/resources/resource-manager/Microsoft.Authorization/stable/2021-06-01/examples/deletePolicyAssignment.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewAssignmentsClient().Delete(ctx, "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "EnforceNaming", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.Assignment = armpolicy.Assignment{
	// 	Name: to.Ptr("EnforceNaming"),
	// 	Type: to.Ptr("Microsoft.Authorization/policyAssignments"),
	// 	ID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming"),
	// 	Properties: &armpolicy.AssignmentProperties{
	// 		Description: to.Ptr("Force resource names to begin with given DeptA and end with -LC"),
	// 		DisplayName: to.Ptr("Enforce resource naming rules"),
	// 		Metadata: map[string]any{
	// 			"assignedBy": "Special Someone",
	// 		},
	// 		NotScopes: []*string{
	// 		},
	// 		Parameters: map[string]*armpolicy.ParameterValuesValue{
	// 			"prefix": &armpolicy.ParameterValuesValue{
	// 				Value: "DeptA",
	// 			},
	// 			"suffix": &armpolicy.ParameterValuesValue{
	// 				Value: "-LC",
	// 			},
	// 		},
	// 		PolicyDefinitionID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
	// 		Scope: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"),
	// 	},
	// }
}

Output:

func (*AssignmentsClient) DeleteByID added in v0.2.0 

func (client *AssignmentsClient) DeleteByID(ctx context.Context, policyAssignmentID string, options *AssignmentsClientDeleteByIDOptions) (AssignmentsClientDeleteByIDResponse, error)

DeleteByID - This operation deletes the policy with the given ID. Policy assignment IDs have this format: '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. Valid formats for {scope} are: '/providers/Microsoft.Management/managementGroups/{managementGroup}' (management group), '/subscriptions/{subscriptionId}' (subscription), '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}' (resource group), or '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' (resource). If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-06-01

  • policyAssignmentID - The ID of the policy assignment to delete. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'.
  • options - AssignmentsClientDeleteByIDOptions contains the optional parameters for the AssignmentsClient.DeleteByID method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d55b8005f05b040b852c15e74a0f3e36494a15e1/specification/resources/resource-manager/Microsoft.Authorization/stable/2021-06-01/examples/deletePolicyAssignmentById.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewAssignmentsClient().DeleteByID(ctx, "providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.Assignment = armpolicy.Assignment{
	// 	Name: to.Ptr("LowCostStorage"),
	// 	Type: to.Ptr("Microsoft.Authorization/policyAssignments"),
	// 	ID: to.Ptr("/providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage"),
	// 	Properties: &armpolicy.AssignmentProperties{
	// 		Description: to.Ptr("Allow only storage accounts of SKU Standard_GRS or Standard_LRS to be created"),
	// 		DisplayName: to.Ptr("Enforce storage account SKU"),
	// 		Metadata: map[string]any{
	// 			"assignedBy": "Cheapskate Boss",
	// 		},
	// 		NotScopes: []*string{
	// 		},
	// 		Parameters: map[string]*armpolicy.ParameterValuesValue{
	// 			"listOfAllowedSKUs": &armpolicy.ParameterValuesValue{
	// 				Value: []any{
	// 					"Standard_GRS",
	// 					"Standard_LRS",
	// 				},
	// 			},
	// 		},
	// 		PolicyDefinitionID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1"),
	// 	},
	// }
}

Output:

func (*AssignmentsClient) Get added in v0.2.0 

func (client *AssignmentsClient) Get(ctx context.Context, scope string, policyAssignmentName string, options *AssignmentsClientGetOptions) (AssignmentsClientGetResponse, error)

Get - This operation retrieves a single policy assignment, given its name and the scope it was created at. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-06-01

  • scope - The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
  • policyAssignmentName - The name of the policy assignment to get.
  • options - AssignmentsClientGetOptions contains the optional parameters for the AssignmentsClient.Get method.
Example (RetrieveAPolicyAssignment)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d55b8005f05b040b852c15e74a0f3e36494a15e1/specification/resources/resource-manager/Microsoft.Authorization/stable/2021-06-01/examples/getPolicyAssignment.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewAssignmentsClient().Get(ctx, "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "EnforceNaming", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.Assignment = armpolicy.Assignment{
	// 	Name: to.Ptr("EnforceNaming"),
	// 	Type: to.Ptr("Microsoft.Authorization/policyAssignments"),
	// 	ID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming"),
	// 	Properties: &armpolicy.AssignmentProperties{
	// 		Description: to.Ptr("Force resource names to begin with given DeptA and end with -LC"),
	// 		DisplayName: to.Ptr("Enforce resource naming rules"),
	// 		EnforcementMode: to.Ptr(armpolicy.EnforcementModeDefault),
	// 		Metadata: map[string]any{
	// 			"assignedBy": "Special Someone",
	// 		},
	// 		NotScopes: []*string{
	// 		},
	// 		Parameters: map[string]*armpolicy.ParameterValuesValue{
	// 			"prefix": &armpolicy.ParameterValuesValue{
	// 				Value: "DeptA",
	// 			},
	// 			"suffix": &armpolicy.ParameterValuesValue{
	// 				Value: "-LC",
	// 			},
	// 		},
	// 		PolicyDefinitionID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
	// 		Scope: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"),
	// 	},
	// }
}

Output:
Example (RetrieveAPolicyAssignmentWithASystemAssignedIdentity)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d55b8005f05b040b852c15e74a0f3e36494a15e1/specification/resources/resource-manager/Microsoft.Authorization/stable/2021-06-01/examples/getPolicyAssignmentWithIdentity.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewAssignmentsClient().Get(ctx, "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "EnforceNaming", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.Assignment = armpolicy.Assignment{
	// 	Name: to.Ptr("EnforceNaming"),
	// 	Type: to.Ptr("Microsoft.Authorization/policyAssignments"),
	// 	ID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming"),
	// 	Identity: &armpolicy.Identity{
	// 		Type: to.Ptr(armpolicy.ResourceIdentityTypeSystemAssigned),
	// 		PrincipalID: to.Ptr("e6d23f8d-af97-4fbc-bda6-00604e4e3d0a"),
	// 		TenantID: to.Ptr("4bee2b8a-1bee-47c2-90e9-404241551135"),
	// 	},
	// 	Location: to.Ptr("westus"),
	// 	Properties: &armpolicy.AssignmentProperties{
	// 		Description: to.Ptr("Force resource names to begin with given DeptA and end with -LC"),
	// 		DisplayName: to.Ptr("Enforce resource naming rules"),
	// 		EnforcementMode: to.Ptr(armpolicy.EnforcementModeDefault),
	// 		Metadata: map[string]any{
	// 			"assignedBy": "Special Someone",
	// 		},
	// 		NotScopes: []*string{
	// 		},
	// 		Parameters: map[string]*armpolicy.ParameterValuesValue{
	// 			"prefix": &armpolicy.ParameterValuesValue{
	// 				Value: "DeptA",
	// 			},
	// 			"suffix": &armpolicy.ParameterValuesValue{
	// 				Value: "-LC",
	// 			},
	// 		},
	// 		PolicyDefinitionID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
	// 		Scope: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"),
	// 	},
	// }
}

Output:
Example (RetrieveAPolicyAssignmentWithAUserAssignedIdentity)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d55b8005f05b040b852c15e74a0f3e36494a15e1/specification/resources/resource-manager/Microsoft.Authorization/stable/2021-06-01/examples/getPolicyAssignmentWithUserAssignedIdentity.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewAssignmentsClient().Get(ctx, "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "EnforceNaming", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.Assignment = armpolicy.Assignment{
	// 	Name: to.Ptr("EnforceNaming"),
	// 	Type: to.Ptr("Microsoft.Authorization/policyAssignments"),
	// 	ID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming"),
	// 	Identity: &armpolicy.Identity{
	// 		Type: to.Ptr(armpolicy.ResourceIdentityTypeUserAssigned),
	// 		UserAssignedIdentities: map[string]*armpolicy.UserAssignedIdentitiesValue{
	// 			"/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-identity": &armpolicy.UserAssignedIdentitiesValue{
	// 				ClientID: to.Ptr("4bee2b8a-1bee-47c2-90e9-404241551135"),
	// 				PrincipalID: to.Ptr("e6d23f8d-af97-4fbc-bda6-00604e4e3d0a"),
	// 			},
	// 		},
	// 	},
	// 	Location: to.Ptr("westus"),
	// 	Properties: &armpolicy.AssignmentProperties{
	// 		Description: to.Ptr("Force resource names to begin with given DeptA and end with -LC"),
	// 		DisplayName: to.Ptr("Enforce resource naming rules"),
	// 		EnforcementMode: to.Ptr(armpolicy.EnforcementModeDefault),
	// 		Metadata: map[string]any{
	// 			"assignedBy": "Special Someone",
	// 		},
	// 		NotScopes: []*string{
	// 		},
	// 		Parameters: map[string]*armpolicy.ParameterValuesValue{
	// 			"prefix": &armpolicy.ParameterValuesValue{
	// 				Value: "DeptA",
	// 			},
	// 			"suffix": &armpolicy.ParameterValuesValue{
	// 				Value: "-LC",
	// 			},
	// 		},
	// 		PolicyDefinitionID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
	// 		Scope: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"),
	// 	},
	// }
}

Output:

func (*AssignmentsClient) GetByID added in v0.2.0 

func (client *AssignmentsClient) GetByID(ctx context.Context, policyAssignmentID string, options *AssignmentsClientGetByIDOptions) (AssignmentsClientGetByIDResponse, error)

GetByID - The operation retrieves the policy assignment with the given ID. Policy assignment IDs have this format: '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-06-01

  • policyAssignmentID - The ID of the policy assignment to get. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'.
  • options - AssignmentsClientGetByIDOptions contains the optional parameters for the AssignmentsClient.GetByID method.
Example (RetrieveAPolicyAssignmentById)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d55b8005f05b040b852c15e74a0f3e36494a15e1/specification/resources/resource-manager/Microsoft.Authorization/stable/2021-06-01/examples/getPolicyAssignmentById.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewAssignmentsClient().GetByID(ctx, "providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.Assignment = armpolicy.Assignment{
	// 	Name: to.Ptr("LowCostStorage"),
	// 	Type: to.Ptr("Microsoft.Authorization/policyAssignments"),
	// 	ID: to.Ptr("/providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage"),
	// 	Properties: &armpolicy.AssignmentProperties{
	// 		Description: to.Ptr("Allow only storage accounts of SKU Standard_GRS or Standard_LRS to be created"),
	// 		DisplayName: to.Ptr("Enforce storage account SKU"),
	// 		EnforcementMode: to.Ptr(armpolicy.EnforcementModeDefault),
	// 		Metadata: map[string]any{
	// 			"assignedBy": "Cheapskate Boss",
	// 		},
	// 		NotScopes: []*string{
	// 		},
	// 		Parameters: map[string]*armpolicy.ParameterValuesValue{
	// 			"listOfAllowedSKUs": &armpolicy.ParameterValuesValue{
	// 				Value: []any{
	// 					"Standard_GRS",
	// 					"Standard_LRS",
	// 				},
	// 			},
	// 		},
	// 		PolicyDefinitionID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1"),
	// 	},
	// }
}

Output:
Example (RetrieveAPolicyAssignmentWithAManagedIdentityById)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d55b8005f05b040b852c15e74a0f3e36494a15e1/specification/resources/resource-manager/Microsoft.Authorization/stable/2021-06-01/examples/getPolicyAssignmentWithIdentityById.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewAssignmentsClient().GetByID(ctx, "providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.Assignment = armpolicy.Assignment{
	// 	Name: to.Ptr("LowCostStorage"),
	// 	Type: to.Ptr("Microsoft.Authorization/policyAssignments"),
	// 	ID: to.Ptr("/providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage"),
	// 	Identity: &armpolicy.Identity{
	// 		Type: to.Ptr(armpolicy.ResourceIdentityTypeSystemAssigned),
	// 		PrincipalID: to.Ptr("e6d23f8d-af97-4fbc-bda6-00604e4e3d0a"),
	// 		TenantID: to.Ptr("4bee2b8a-1bee-47c2-90e9-404241551135"),
	// 	},
	// 	Location: to.Ptr("westus"),
	// 	Properties: &armpolicy.AssignmentProperties{
	// 		Description: to.Ptr("Allow only storage accounts of SKU Standard_GRS or Standard_LRS to be created"),
	// 		DisplayName: to.Ptr("Enforce storage account SKU"),
	// 		EnforcementMode: to.Ptr(armpolicy.EnforcementModeDefault),
	// 		Metadata: map[string]any{
	// 			"assignedBy": "Cheapskate Boss",
	// 		},
	// 		NotScopes: []*string{
	// 		},
	// 		Parameters: map[string]*armpolicy.ParameterValuesValue{
	// 			"listOfAllowedSKUs": &armpolicy.ParameterValuesValue{
	// 				Value: []any{
	// 					"Standard_GRS",
	// 					"Standard_LRS",
	// 				},
	// 			},
	// 		},
	// 		PolicyDefinitionID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1"),
	// 	},
	// }
}

Output:

func (*AssignmentsClient) NewListForManagementGroupPager added in v0.5.0 

func (client *AssignmentsClient) NewListForManagementGroupPager(managementGroupID string, options *AssignmentsClientListForManagementGroupOptions) *runtime.Pager[AssignmentsClientListForManagementGroupResponse]

NewListForManagementGroupPager - This operation retrieves the list of all policy assignments applicable to the management group that match the given $filter. Valid values for $filter are: 'atScope()', 'atExactScope()' or 'policyDefinitionId eq '{value}”. If $filter=atScope() is provided, the returned list includes all policy assignments that are assigned to the management group or the management group's ancestors. If $filter=atExactScope() is provided, the returned list only includes all policy assignments that at the management group. If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value} that apply to the management group.

Generated from API version 2021-06-01

  • managementGroupID - The ID of the management group.
  • options - AssignmentsClientListForManagementGroupOptions contains the optional parameters for the AssignmentsClient.NewListForManagementGroupPager method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d55b8005f05b040b852c15e74a0f3e36494a15e1/specification/resources/resource-manager/Microsoft.Authorization/stable/2021-06-01/examples/listPolicyAssignmentsForManagementGroup.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	pager := clientFactory.NewAssignmentsClient().NewListForManagementGroupPager("TestManagementGroup", &armpolicy.AssignmentsClientListForManagementGroupOptions{Filter: to.Ptr("atScope()"),
		Top: nil,
	})
	for pager.More() {
		page, err := pager.NextPage(ctx)
		if err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		for _, v := range page.Value {
			// You could use page here. We use blank identifier for just demo purposes.
			_ = v
		}
		// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
		// page.AssignmentListResult = armpolicy.AssignmentListResult{
		// 	Value: []*armpolicy.Assignment{
		// 		{
		// 			Name: to.Ptr("TestCostManagement"),
		// 			Type: to.Ptr("Microsoft.Authorization/policyAssignments"),
		// 			ID: to.Ptr("/providers/Microsoft.Management/managementGroups/TestManagementGroup/providers/Microsoft.Authorization/policyAssignments/TestCostManagement"),
		// 			Identity: &armpolicy.Identity{
		// 				Type: to.Ptr(armpolicy.ResourceIdentityTypeSystemAssigned),
		// 				PrincipalID: to.Ptr("e6d23f8d-af97-4fbc-bda6-00604e4e3d0a"),
		// 				TenantID: to.Ptr("4bee2b8a-1bee-47c2-90e9-404241551135"),
		// 			},
		// 			Location: to.Ptr("eastus"),
		// 			Properties: &armpolicy.AssignmentProperties{
		// 				Description: to.Ptr("Minimize the risk of accidental cost overruns"),
		// 				DisplayName: to.Ptr("Storage Cost Management"),
		// 				Metadata: map[string]any{
		// 					"category": "Cost Management",
		// 				},
		// 				NotScopes: []*string{
		// 				},
		// 				Parameters: map[string]*armpolicy.ParameterValuesValue{
		// 					"allowedSkus": &armpolicy.ParameterValuesValue{
		// 						Value: "Standard_A1",
		// 					},
		// 				},
		// 				PolicyDefinitionID: to.Ptr("/providers/Microsoft.Management/managementGroups/TestManagementGroup/providers/Microsoft.Authorization/policyDefinitions/storageSkus"),
		// 				Scope: to.Ptr("/providers/Microsoft.Management/managementGroups/TestManagementGroup"),
		// 			},
		// 		},
		// 		{
		// 			Name: to.Ptr("TestTagEnforcement"),
		// 			Type: to.Ptr("Microsoft.Authorization/policyAssignments"),
		// 			ID: to.Ptr("/providers/Microsoft.Management/managementGroups/TestManagementGroup/providers/Microsoft.Authorization/policyAssignments/TestTagEnforcement"),
		// 			Properties: &armpolicy.AssignmentProperties{
		// 				Description: to.Ptr("Ensure a given tag key and value are present on all resources"),
		// 				DisplayName: to.Ptr("Enforces a tag key and value"),
		// 				NotScopes: []*string{
		// 				},
		// 				PolicyDefinitionID: to.Ptr("/providers/Microsoft.Management/managementGroups/TestManagementGroup/providers/Microsoft.Authorization/policyDefinitions/TagKeyValue"),
		// 				Scope: to.Ptr("/providers/Microsoft.Management/managementGroups/TestManagementGroup"),
		// 			},
		// 	}},
		// }
	}
}

Output:

func (*AssignmentsClient) NewListForResourceGroupPager added in v0.5.0 

func (client *AssignmentsClient) NewListForResourceGroupPager(resourceGroupName string, options *AssignmentsClientListForResourceGroupOptions) *runtime.Pager[AssignmentsClientListForResourceGroupResponse]

NewListForResourceGroupPager - This operation retrieves the list of all policy assignments associated with the given resource group in the given subscription that match the optional given $filter. Valid values for $filter are: 'atScope()', 'atExactScope()' or 'policyDefinitionId eq '{value}”. If $filter is not provided, the unfiltered list includes all policy assignments associated with the resource group, including those that apply directly or apply from containing scopes, as well as any applied to resources contained within the resource group. If $filter=atScope() is provided, the returned list includes all policy assignments that apply to the resource group, which is everything in the unfiltered list except those applied to resources contained within the resource group. If $filter=atExactScope() is provided, the returned list only includes all policy assignments that at the resource group. If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value} that apply to the resource group.

Generated from API version 2021-06-01

  • resourceGroupName - The name of the resource group that contains policy assignments.
  • options - AssignmentsClientListForResourceGroupOptions contains the optional parameters for the AssignmentsClient.NewListForResourceGroupPager method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d55b8005f05b040b852c15e74a0f3e36494a15e1/specification/resources/resource-manager/Microsoft.Authorization/stable/2021-06-01/examples/listPolicyAssignmentsForResourceGroup.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	pager := clientFactory.NewAssignmentsClient().NewListForResourceGroupPager("TestResourceGroup", &armpolicy.AssignmentsClientListForResourceGroupOptions{Filter: to.Ptr("atScope()"),
		Top: nil,
	})
	for pager.More() {
		page, err := pager.NextPage(ctx)
		if err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		for _, v := range page.Value {
			// You could use page here. We use blank identifier for just demo purposes.
			_ = v
		}
		// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
		// page.AssignmentListResult = armpolicy.AssignmentListResult{
		// 	Value: []*armpolicy.Assignment{
		// 		{
		// 			Name: to.Ptr("TestCostManagement"),
		// 			Type: to.Ptr("Microsoft.Authorization/policyAssignments"),
		// 			ID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup/providers/Microsoft.Authorization/policyAssignments/TestCostManagement"),
		// 			Identity: &armpolicy.Identity{
		// 				Type: to.Ptr(armpolicy.ResourceIdentityTypeSystemAssigned),
		// 				PrincipalID: to.Ptr("e6d23f8d-af97-4fbc-bda6-00604e4e3d0a"),
		// 				TenantID: to.Ptr("4bee2b8a-1bee-47c2-90e9-404241551135"),
		// 			},
		// 			Location: to.Ptr("eastus"),
		// 			Properties: &armpolicy.AssignmentProperties{
		// 				Description: to.Ptr("Minimize the risk of accidental cost overruns"),
		// 				DisplayName: to.Ptr("Storage Cost Management"),
		// 				Metadata: map[string]any{
		// 					"category": "Cost Management",
		// 				},
		// 				NotScopes: []*string{
		// 				},
		// 				Parameters: map[string]*armpolicy.ParameterValuesValue{
		// 					"allowedSkus": &armpolicy.ParameterValuesValue{
		// 						Value: "Standard_A1",
		// 					},
		// 				},
		// 				PolicyDefinitionID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/storageSkus"),
		// 				Scope: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup"),
		// 			},
		// 		},
		// 		{
		// 			Name: to.Ptr("TestTagEnforcement"),
		// 			Type: to.Ptr("Microsoft.Authorization/policyAssignments"),
		// 			ID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup/providers/Microsoft.Authorization/policyAssignments/TestTagEnforcement"),
		// 			Properties: &armpolicy.AssignmentProperties{
		// 				Description: to.Ptr("Ensure a given tag key and value are present on all resources"),
		// 				DisplayName: to.Ptr("Enforces a tag key and value"),
		// 				NotScopes: []*string{
		// 				},
		// 				PolicyDefinitionID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/TagKeyValue"),
		// 				Scope: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup"),
		// 			},
		// 	}},
		// }
	}
}

Output:

func (*AssignmentsClient) NewListForResourcePager added in v0.5.0 

func (client *AssignmentsClient) NewListForResourcePager(resourceGroupName string, resourceProviderNamespace string, parentResourcePath string, resourceType string, resourceName string, options *AssignmentsClientListForResourceOptions) *runtime.Pager[AssignmentsClientListForResourceResponse]

NewListForResourcePager - This operation retrieves the list of all policy assignments associated with the specified resource in the given resource group and subscription that match the optional given $filter. Valid values for $filter are: 'atScope()', 'atExactScope()' or 'policyDefinitionId eq '{value}”. If $filter is not provided, the unfiltered list includes all policy assignments associated with the resource, including those that apply directly or from all containing scopes, as well as any applied to resources contained within the resource. If $filter=atScope() is provided, the returned list includes all policy assignments that apply to the resource, which is everything in the unfiltered list except those applied to resources contained within the resource. If $filter=atExactScope() is provided, the returned list only includes all policy assignments that at the resource level. If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value} that apply to the resource. Three parameters plus the resource name are used to identify a specific resource. If the resource is not part of a parent resource (the more common case), the parent resource path should not be provided (or provided as ”). For example a web app could be specified as ({resourceProviderNamespace} == 'Microsoft.Web', {parentResourcePath} == ”, {resourceType} == 'sites', {resourceName} == 'MyWebApp'). If the resource is part of a parent resource, then all parameters should be provided. For example a virtual machine DNS name could be specified as ({resourceProviderNamespace} == 'Microsoft.Compute', {parentResourcePath} == 'virtualMachines/MyVirtualMachine', {resourceType} == 'domainNames', {resourceName} == 'MyComputerName'). A convenient alternative to providing the namespace and type name separately is to provide both in the {resourceType} parameter, format: ({resourceProviderNamespace} == ”, {parentResourcePath} == ”, {resourceType} == 'Microsoft.Web/sites', {resourceName} == 'MyWebApp').

Generated from API version 2021-06-01

  • resourceGroupName - The name of the resource group containing the resource.
  • resourceProviderNamespace - The namespace of the resource provider. For example, the namespace of a virtual machine is Microsoft.Compute (from Microsoft.Compute/virtualMachines)
  • parentResourcePath - The parent resource path. Use empty string if there is none.
  • resourceType - The resource type name. For example the type name of a web app is 'sites' (from Microsoft.Web/sites).
  • resourceName - The name of the resource.
  • options - AssignmentsClientListForResourceOptions contains the optional parameters for the AssignmentsClient.NewListForResourcePager method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d55b8005f05b040b852c15e74a0f3e36494a15e1/specification/resources/resource-manager/Microsoft.Authorization/stable/2021-06-01/examples/listPolicyAssignmentsForResource.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	pager := clientFactory.NewAssignmentsClient().NewListForResourcePager("TestResourceGroup", "Microsoft.Compute", "virtualMachines/MyTestVm", "domainNames", "MyTestComputer.cloudapp.net", &armpolicy.AssignmentsClientListForResourceOptions{Filter: nil,
		Top: nil,
	})
	for pager.More() {
		page, err := pager.NextPage(ctx)
		if err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		for _, v := range page.Value {
			// You could use page here. We use blank identifier for just demo purposes.
			_ = v
		}
		// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
		// page.AssignmentListResult = armpolicy.AssignmentListResult{
		// 	Value: []*armpolicy.Assignment{
		// 		{
		// 			Name: to.Ptr("TestCostManagement"),
		// 			Type: to.Ptr("Microsoft.Authorization/policyAssignments"),
		// 			ID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup/providers/Microsoft.Authorization/policyAssignments/TestCostManagement"),
		// 			Identity: &armpolicy.Identity{
		// 				Type: to.Ptr(armpolicy.ResourceIdentityTypeSystemAssigned),
		// 				PrincipalID: to.Ptr("e6d23f8d-af97-4fbc-bda6-00604e4e3d0a"),
		// 				TenantID: to.Ptr("4bee2b8a-1bee-47c2-90e9-404241551135"),
		// 			},
		// 			Location: to.Ptr("eastus"),
		// 			Properties: &armpolicy.AssignmentProperties{
		// 				Description: to.Ptr("Minimize the risk of accidental cost overruns"),
		// 				DisplayName: to.Ptr("VM Cost Management"),
		// 				Metadata: map[string]any{
		// 					"category": "Cost Management",
		// 				},
		// 				NotScopes: []*string{
		// 				},
		// 				Parameters: map[string]*armpolicy.ParameterValuesValue{
		// 					"allowedSkus": &armpolicy.ParameterValuesValue{
		// 						Value: "Standard_A1",
		// 					},
		// 				},
		// 				PolicyDefinitionID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/vmSkus"),
		// 				Scope: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup"),
		// 			},
		// 		},
		// 		{
		// 			Name: to.Ptr("TestTagEnforcement"),
		// 			Type: to.Ptr("Microsoft.Authorization/policyAssignments"),
		// 			ID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup/providers/Microsoft.Authorization/policyAssignments/TestTagEnforcement"),
		// 			Properties: &armpolicy.AssignmentProperties{
		// 				Description: to.Ptr("Ensure a given tag key and value are present on all resources"),
		// 				DisplayName: to.Ptr("Enforces a tag key and value"),
		// 				NotScopes: []*string{
		// 				},
		// 				PolicyDefinitionID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/TagKeyValue"),
		// 				Scope: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup"),
		// 			},
		// 	}},
		// }
	}
}

Output:

func (*AssignmentsClient) NewListPager added in v0.5.0 

func (client *AssignmentsClient) NewListPager(options *AssignmentsClientListOptions) *runtime.Pager[AssignmentsClientListResponse]

NewListPager - This operation retrieves the list of all policy assignments associated with the given subscription that match the optional given $filter. Valid values for $filter are: 'atScope()', 'atExactScope()' or 'policyDefinitionId eq '{value}”. If $filter is not provided, the unfiltered list includes all policy assignments associated with the subscription, including those that apply directly or from management groups that contain the given subscription, as well as any applied to objects contained within the subscription. If $filter=atScope() is provided, the returned list includes all policy assignments that apply to the subscription, which is everything in the unfiltered list except those applied to objects contained within the subscription. If $filter=atExactScope() is provided, the returned list only includes all policy assignments that at the subscription. If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value}.

Generated from API version 2021-06-01

  • options - AssignmentsClientListOptions contains the optional parameters for the AssignmentsClient.NewListPager method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d55b8005f05b040b852c15e74a0f3e36494a15e1/specification/resources/resource-manager/Microsoft.Authorization/stable/2021-06-01/examples/listPolicyAssignments.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	pager := clientFactory.NewAssignmentsClient().NewListPager(&armpolicy.AssignmentsClientListOptions{Filter: to.Ptr("atScope()"),
		Top: nil,
	})
	for pager.More() {
		page, err := pager.NextPage(ctx)
		if err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		for _, v := range page.Value {
			// You could use page here. We use blank identifier for just demo purposes.
			_ = v
		}
		// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
		// page.AssignmentListResult = armpolicy.AssignmentListResult{
		// 	Value: []*armpolicy.Assignment{
		// 		{
		// 			Name: to.Ptr("CostManagement"),
		// 			Type: to.Ptr("Microsoft.Authorization/policyAssignments"),
		// 			ID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement"),
		// 			Identity: &armpolicy.Identity{
		// 				Type: to.Ptr(armpolicy.ResourceIdentityTypeSystemAssigned),
		// 				PrincipalID: to.Ptr("e6d23f8d-af97-4fbc-bda6-00604e4e3d0a"),
		// 				TenantID: to.Ptr("4bee2b8a-1bee-47c2-90e9-404241551135"),
		// 			},
		// 			Location: to.Ptr("eastus"),
		// 			Properties: &armpolicy.AssignmentProperties{
		// 				Description: to.Ptr("Minimize the risk of accidental cost overruns"),
		// 				DisplayName: to.Ptr("Storage Cost Management"),
		// 				Metadata: map[string]any{
		// 					"category": "Cost Management",
		// 				},
		// 				NotScopes: []*string{
		// 				},
		// 				Parameters: map[string]*armpolicy.ParameterValuesValue{
		// 					"allowedSkus": &armpolicy.ParameterValuesValue{
		// 						Value: "Standard_A1",
		// 					},
		// 				},
		// 				PolicyDefinitionID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/storageSkus"),
		// 				Scope: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"),
		// 			},
		// 		},
		// 		{
		// 			Name: to.Ptr("TagEnforcement"),
		// 			Type: to.Ptr("Microsoft.Authorization/policyAssignments"),
		// 			ID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/TagEnforcement"),
		// 			Properties: &armpolicy.AssignmentProperties{
		// 				Description: to.Ptr("Ensure a given tag key and value are present on all resources"),
		// 				DisplayName: to.Ptr("Enforces a tag key and value"),
		// 				NotScopes: []*string{
		// 				},
		// 				PolicyDefinitionID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/TagKeyValue"),
		// 				Scope: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"),
		// 			},
		// 	}},
		// }
	}
}

Output:

func (*AssignmentsClient) Update added in v0.2.0 

func (client *AssignmentsClient) Update(ctx context.Context, scope string, policyAssignmentName string, parameters AssignmentUpdate, options *AssignmentsClientUpdateOptions) (AssignmentsClientUpdateResponse, error)

Update - This operation updates a policy assignment with the given scope and name. Policy assignments apply to all resources contained within their scope. For example, when you assign a policy at resource group scope, that policy applies to all resources in the group. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-06-01

  • scope - The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
  • policyAssignmentName - The name of the policy assignment.
  • parameters - Parameters for policy assignment patch request.
  • options - AssignmentsClientUpdateOptions contains the optional parameters for the AssignmentsClient.Update method.
Example (UpdateAPolicyAssignmentWithASystemAssignedIdentity)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d55b8005f05b040b852c15e74a0f3e36494a15e1/specification/resources/resource-manager/Microsoft.Authorization/stable/2021-06-01/examples/updatePolicyAssignmentWithIdentity.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewAssignmentsClient().Update(ctx, "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "EnforceNaming", armpolicy.AssignmentUpdate{
		Identity: &armpolicy.Identity{
			Type: to.Ptr(armpolicy.ResourceIdentityTypeSystemAssigned),
		},
		Location: to.Ptr("eastus"),
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.Assignment = armpolicy.Assignment{
	// 	Name: to.Ptr("EnforceNaming"),
	// 	Type: to.Ptr("Microsoft.Authorization/policyAssignments"),
	// 	ID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming"),
	// 	Identity: &armpolicy.Identity{
	// 		Type: to.Ptr(armpolicy.ResourceIdentityTypeSystemAssigned),
	// 		PrincipalID: to.Ptr("e6d23f8d-af97-4fbc-bda6-00604e4e3d0a"),
	// 		TenantID: to.Ptr("4bee2b8a-1bee-47c2-90e9-404241551135"),
	// 	},
	// 	Location: to.Ptr("eastus"),
	// 	Properties: &armpolicy.AssignmentProperties{
	// 		Description: to.Ptr("Force resource names to begin with given DeptA and end with -LC"),
	// 		DisplayName: to.Ptr("Enforce resource naming rules"),
	// 		EnforcementMode: to.Ptr(armpolicy.EnforcementModeDefault),
	// 		Metadata: map[string]any{
	// 			"assignedBy": "Special Someone",
	// 		},
	// 		NotScopes: []*string{
	// 		},
	// 		Parameters: map[string]*armpolicy.ParameterValuesValue{
	// 			"prefix": &armpolicy.ParameterValuesValue{
	// 				Value: "DeptA",
	// 			},
	// 			"suffix": &armpolicy.ParameterValuesValue{
	// 				Value: "-LC",
	// 			},
	// 		},
	// 		PolicyDefinitionID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
	// 		Scope: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"),
	// 	},
	// }
}

Output:
Example (UpdateAPolicyAssignmentWithAUserAssignedIdentity)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d55b8005f05b040b852c15e74a0f3e36494a15e1/specification/resources/resource-manager/Microsoft.Authorization/stable/2021-06-01/examples/updatePolicyAssignmentWithUserAssignedIdentity.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewAssignmentsClient().Update(ctx, "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "EnforceNaming", armpolicy.AssignmentUpdate{
		Identity: &armpolicy.Identity{
			Type: to.Ptr(armpolicy.ResourceIdentityTypeUserAssigned),
			UserAssignedIdentities: map[string]*armpolicy.UserAssignedIdentitiesValue{
				"/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-identity": {},
			},
		},
		Location: to.Ptr("eastus"),
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.Assignment = armpolicy.Assignment{
	// 	Name: to.Ptr("EnforceNaming"),
	// 	Type: to.Ptr("Microsoft.Authorization/policyAssignments"),
	// 	ID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming"),
	// 	Identity: &armpolicy.Identity{
	// 		Type: to.Ptr(armpolicy.ResourceIdentityTypeUserAssigned),
	// 		UserAssignedIdentities: map[string]*armpolicy.UserAssignedIdentitiesValue{
	// 			"/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-identity": &armpolicy.UserAssignedIdentitiesValue{
	// 				ClientID: to.Ptr("4bee2b8a-1bee-47c2-90e9-404241551135"),
	// 				PrincipalID: to.Ptr("e6d23f8d-af97-4fbc-bda6-00604e4e3d0a"),
	// 			},
	// 		},
	// 	},
	// 	Location: to.Ptr("eastus"),
	// 	Properties: &armpolicy.AssignmentProperties{
	// 		Description: to.Ptr("Force resource names to begin with given DeptA and end with -LC"),
	// 		DisplayName: to.Ptr("Enforce resource naming rules"),
	// 		EnforcementMode: to.Ptr(armpolicy.EnforcementModeDefault),
	// 		Metadata: map[string]any{
	// 			"assignedBy": "Special Someone",
	// 		},
	// 		NotScopes: []*string{
	// 		},
	// 		Parameters: map[string]*armpolicy.ParameterValuesValue{
	// 			"prefix": &armpolicy.ParameterValuesValue{
	// 				Value: "DeptA",
	// 			},
	// 			"suffix": &armpolicy.ParameterValuesValue{
	// 				Value: "-LC",
	// 			},
	// 		},
	// 		PolicyDefinitionID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
	// 		Scope: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"),
	// 	},
	// }
}

Output:

func (*AssignmentsClient) UpdateByID added in v0.2.0 

func (client *AssignmentsClient) UpdateByID(ctx context.Context, policyAssignmentID string, parameters AssignmentUpdate, options *AssignmentsClientUpdateByIDOptions) (AssignmentsClientUpdateByIDResponse, error)

UpdateByID - This operation updates the policy assignment with the given ID. Policy assignments made on a scope apply to all resources contained in that scope. For example, when you assign a policy to a resource group that policy applies to all resources in the group. Policy assignment IDs have this format: '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-06-01

  • policyAssignmentID - The ID of the policy assignment to update. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'.
  • parameters - Parameters for policy assignment patch request.
  • options - AssignmentsClientUpdateByIDOptions contains the optional parameters for the AssignmentsClient.UpdateByID method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d55b8005f05b040b852c15e74a0f3e36494a15e1/specification/resources/resource-manager/Microsoft.Authorization/stable/2021-06-01/examples/updatePolicyAssignmentWithIdentityById.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewAssignmentsClient().UpdateByID(ctx, "providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage", armpolicy.AssignmentUpdate{
		Identity: &armpolicy.Identity{
			Type: to.Ptr(armpolicy.ResourceIdentityTypeSystemAssigned),
		},
		Location: to.Ptr("eastus"),
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.Assignment = armpolicy.Assignment{
	// 	Name: to.Ptr("LowCostStorage"),
	// 	Type: to.Ptr("Microsoft.Authorization/policyAssignments"),
	// 	ID: to.Ptr("/providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage"),
	// 	Identity: &armpolicy.Identity{
	// 		Type: to.Ptr(armpolicy.ResourceIdentityTypeSystemAssigned),
	// 		PrincipalID: to.Ptr("e6d23f8d-af97-4fbc-bda6-00604e4e3d0a"),
	// 		TenantID: to.Ptr("4bee2b8a-1bee-47c2-90e9-404241551135"),
	// 	},
	// 	Location: to.Ptr("eastus"),
	// 	Properties: &armpolicy.AssignmentProperties{
	// 		Description: to.Ptr("Allow only storage accounts of SKU Standard_GRS or Standard_LRS to be created"),
	// 		DisplayName: to.Ptr("Enforce storage account SKU"),
	// 		EnforcementMode: to.Ptr(armpolicy.EnforcementModeDefault),
	// 		Metadata: map[string]any{
	// 			"assignedBy": "Cheapskate Boss",
	// 		},
	// 		NotScopes: []*string{
	// 		},
	// 		Parameters: map[string]*armpolicy.ParameterValuesValue{
	// 			"listOfAllowedSKUs": &armpolicy.ParameterValuesValue{
	// 				Value: []any{
	// 					"Standard_GRS",
	// 					"Standard_LRS",
	// 				},
	// 			},
	// 		},
	// 		PolicyDefinitionID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1"),
	// 	},
	// }
}

Output:

type AssignmentsClientCreateByIDOptions added in v0.2.0 

type AssignmentsClientCreateByIDOptions struct {
}

AssignmentsClientCreateByIDOptions contains the optional parameters for the AssignmentsClient.CreateByID method.

type AssignmentsClientCreateByIDResponse added in v0.2.0 

type AssignmentsClientCreateByIDResponse struct {
	Assignment
}

AssignmentsClientCreateByIDResponse contains the response from method AssignmentsClient.CreateByID.

type AssignmentsClientCreateOptions added in v0.2.0 

type AssignmentsClientCreateOptions struct {
}

AssignmentsClientCreateOptions contains the optional parameters for the AssignmentsClient.Create method.

type AssignmentsClientCreateResponse added in v0.2.0 

type AssignmentsClientCreateResponse struct {
	Assignment
}

AssignmentsClientCreateResponse contains the response from method AssignmentsClient.Create.

type AssignmentsClientDeleteByIDOptions added in v0.2.0 

type AssignmentsClientDeleteByIDOptions struct {
}

AssignmentsClientDeleteByIDOptions contains the optional parameters for the AssignmentsClient.DeleteByID method.

type AssignmentsClientDeleteByIDResponse added in v0.2.0 

type AssignmentsClientDeleteByIDResponse struct {
	Assignment
}

AssignmentsClientDeleteByIDResponse contains the response from method AssignmentsClient.DeleteByID.

type AssignmentsClientDeleteOptions added in v0.2.0 

type AssignmentsClientDeleteOptions struct {
}

AssignmentsClientDeleteOptions contains the optional parameters for the AssignmentsClient.Delete method.

type AssignmentsClientDeleteResponse added in v0.2.0 

type AssignmentsClientDeleteResponse struct {
	Assignment
}

AssignmentsClientDeleteResponse contains the response from method AssignmentsClient.Delete.

type AssignmentsClientGetByIDOptions added in v0.2.0 

type AssignmentsClientGetByIDOptions struct {
}

AssignmentsClientGetByIDOptions contains the optional parameters for the AssignmentsClient.GetByID method.

type AssignmentsClientGetByIDResponse added in v0.2.0 

type AssignmentsClientGetByIDResponse struct {
	Assignment
}

AssignmentsClientGetByIDResponse contains the response from method AssignmentsClient.GetByID.

type AssignmentsClientGetOptions added in v0.2.0 

type AssignmentsClientGetOptions struct {
}

AssignmentsClientGetOptions contains the optional parameters for the AssignmentsClient.Get method.

type AssignmentsClientGetResponse added in v0.2.0 

type AssignmentsClientGetResponse struct {
	Assignment
}

AssignmentsClientGetResponse contains the response from method AssignmentsClient.Get.

type AssignmentsClientListForManagementGroupOptions added in v0.2.0 

type AssignmentsClientListForManagementGroupOptions struct {
	// The filter to apply on the operation. Valid values for $filter are: 'atScope()', 'atExactScope()' or 'policyDefinitionId
	// eq '{value}”. If $filter is not provided, no filtering is performed. If
	// $filter=atScope() is provided, the returned list only includes all policy assignments that apply to the scope, which is
	// everything in the unfiltered list except those applied to sub scopes contained
	// within the given scope. If $filter=atExactScope() is provided, the returned list only includes all policy assignments that
	// at the given scope. If $filter=policyDefinitionId eq '{value}' is provided,
	// the returned list includes all policy assignments of the policy definition whose id is {value}.
	Filter *string
	// Maximum number of records to return. When the $top filter is not provided, it will return 500 records.
	Top *int32
}

AssignmentsClientListForManagementGroupOptions contains the optional parameters for the AssignmentsClient.NewListForManagementGroupPager method.

type AssignmentsClientListForManagementGroupResponse added in v0.2.0 

type AssignmentsClientListForManagementGroupResponse struct {
	AssignmentListResult
}

AssignmentsClientListForManagementGroupResponse contains the response from method AssignmentsClient.NewListForManagementGroupPager.

type AssignmentsClientListForResourceGroupOptions added in v0.2.0 

type AssignmentsClientListForResourceGroupOptions struct {
	// The filter to apply on the operation. Valid values for $filter are: 'atScope()', 'atExactScope()' or 'policyDefinitionId
	// eq '{value}”. If $filter is not provided, no filtering is performed. If
	// $filter=atScope() is provided, the returned list only includes all policy assignments that apply to the scope, which is
	// everything in the unfiltered list except those applied to sub scopes contained
	// within the given scope. If $filter=atExactScope() is provided, the returned list only includes all policy assignments that
	// at the given scope. If $filter=policyDefinitionId eq '{value}' is provided,
	// the returned list includes all policy assignments of the policy definition whose id is {value}.
	Filter *string
	// Maximum number of records to return. When the $top filter is not provided, it will return 500 records.
	Top *int32
}

AssignmentsClientListForResourceGroupOptions contains the optional parameters for the AssignmentsClient.NewListForResourceGroupPager method.

type AssignmentsClientListForResourceGroupResponse added in v0.2.0 

type AssignmentsClientListForResourceGroupResponse struct {
	AssignmentListResult
}

AssignmentsClientListForResourceGroupResponse contains the response from method AssignmentsClient.NewListForResourceGroupPager.

type AssignmentsClientListForResourceOptions added in v0.2.0 

type AssignmentsClientListForResourceOptions struct {
	// The filter to apply on the operation. Valid values for $filter are: 'atScope()', 'atExactScope()' or 'policyDefinitionId
	// eq '{value}”. If $filter is not provided, no filtering is performed. If
	// $filter=atScope() is provided, the returned list only includes all policy assignments that apply to the scope, which is
	// everything in the unfiltered list except those applied to sub scopes contained
	// within the given scope. If $filter=atExactScope() is provided, the returned list only includes all policy assignments that
	// at the given scope. If $filter=policyDefinitionId eq '{value}' is provided,
	// the returned list includes all policy assignments of the policy definition whose id is {value}.
	Filter *string
	// Maximum number of records to return. When the $top filter is not provided, it will return 500 records.
	Top *int32
}

AssignmentsClientListForResourceOptions contains the optional parameters for the AssignmentsClient.NewListForResourcePager method.

type AssignmentsClientListForResourceResponse added in v0.2.0 

type AssignmentsClientListForResourceResponse struct {
	AssignmentListResult
}

AssignmentsClientListForResourceResponse contains the response from method AssignmentsClient.NewListForResourcePager.

type AssignmentsClientListOptions added in v0.2.0 

type AssignmentsClientListOptions struct {
	// The filter to apply on the operation. Valid values for $filter are: 'atScope()', 'atExactScope()' or 'policyDefinitionId
	// eq '{value}”. If $filter is not provided, no filtering is performed. If
	// $filter=atScope() is provided, the returned list only includes all policy assignments that apply to the scope, which is
	// everything in the unfiltered list except those applied to sub scopes contained
	// within the given scope. If $filter=atExactScope() is provided, the returned list only includes all policy assignments that
	// at the given scope. If $filter=policyDefinitionId eq '{value}' is provided,
	// the returned list includes all policy assignments of the policy definition whose id is {value}.
	Filter *string
	// Maximum number of records to return. When the $top filter is not provided, it will return 500 records.
	Top *int32
}

AssignmentsClientListOptions contains the optional parameters for the AssignmentsClient.NewListPager method.

type AssignmentsClientListResponse added in v0.2.0 

type AssignmentsClientListResponse struct {
	AssignmentListResult
}

AssignmentsClientListResponse contains the response from method AssignmentsClient.NewListPager.

type AssignmentsClientUpdateByIDOptions added in v0.2.0 

type AssignmentsClientUpdateByIDOptions struct {
}

AssignmentsClientUpdateByIDOptions contains the optional parameters for the AssignmentsClient.UpdateByID method.

type AssignmentsClientUpdateByIDResponse added in v0.2.0 

type AssignmentsClientUpdateByIDResponse struct {
	Assignment
}

AssignmentsClientUpdateByIDResponse contains the response from method AssignmentsClient.UpdateByID.

type AssignmentsClientUpdateOptions added in v0.2.0 

type AssignmentsClientUpdateOptions struct {
}

AssignmentsClientUpdateOptions contains the optional parameters for the AssignmentsClient.Update method.

type AssignmentsClientUpdateResponse added in v0.2.0 

type AssignmentsClientUpdateResponse struct {
	Assignment
}

AssignmentsClientUpdateResponse contains the response from method AssignmentsClient.Update.

type ClientFactory added in v0.7.0 

type ClientFactory struct {
	// contains filtered or unexported fields
}

ClientFactory is a client factory used to create any client in this module. Don't use this type directly, use NewClientFactory instead.

func NewClientFactory added in v0.7.0 

func NewClientFactory(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*ClientFactory, error)

NewClientFactory creates a new instance of ClientFactory with the specified values. The parameter values will be propagated to any client created from this factory.

  • subscriptionID - The ID of the target subscription.
  • credential - used to authorize requests. Usually a credential from azidentity.
  • options - pass nil to accept the default values.

func (*ClientFactory) NewAssignmentsClient added in v0.7.0 

func (c *ClientFactory) NewAssignmentsClient() *AssignmentsClient

func (*ClientFactory) NewDataPolicyManifestsClient added in v0.7.0 

func (c *ClientFactory) NewDataPolicyManifestsClient() *DataPolicyManifestsClient

func (*ClientFactory) NewDefinitionsClient added in v0.7.0 

func (c *ClientFactory) NewDefinitionsClient() *DefinitionsClient

func (*ClientFactory) NewExemptionsClient added in v0.7.0 

func (c *ClientFactory) NewExemptionsClient() *ExemptionsClient

func (*ClientFactory) NewSetDefinitionsClient added in v0.7.0 

func (c *ClientFactory) NewSetDefinitionsClient() *SetDefinitionsClient

type CreatedByType 

type CreatedByType string

CreatedByType - The type of identity that created the resource. 

const (
	CreatedByTypeApplication     CreatedByType = "Application"
	CreatedByTypeKey             CreatedByType = "Key"
	CreatedByTypeManagedIdentity CreatedByType = "ManagedIdentity"
	CreatedByTypeUser            CreatedByType = "User"
)

func PossibleCreatedByTypeValues 

func PossibleCreatedByTypeValues() []CreatedByType

PossibleCreatedByTypeValues returns the possible values for the CreatedByType const type.

type DataEffect 

type DataEffect struct {
	// The data effect details schema.
	DetailsSchema any `json:"detailsSchema,omitempty"`

	// The data effect name.
	Name *string `json:"name,omitempty"`
}

DataEffect - The data effect definition.

func (DataEffect) MarshalJSON added in v0.7.0 

func (d DataEffect) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type DataEffect.

func (*DataEffect) UnmarshalJSON added in v0.7.0 

func (d *DataEffect) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type DataEffect.

type DataManifestCustomResourceFunctionDefinition 

type DataManifestCustomResourceFunctionDefinition struct {
	// A value indicating whether the custom properties within the property bag are allowed. Needs api-version to be specified
	// in the policy rule eg - vault('2019-06-01').
	AllowCustomProperties *bool `json:"allowCustomProperties,omitempty"`

	// The top-level properties that can be selected on the function's output. eg - [ "name", "location" ] if vault().name and
	// vault().location are supported
	DefaultProperties []*string `json:"defaultProperties,omitempty"`

	// The fully qualified control plane resource type that this function represents. eg - 'Microsoft.KeyVault/vaults'.
	FullyQualifiedResourceType *string `json:"fullyQualifiedResourceType,omitempty"`

	// The function name as it will appear in the policy rule. eg - 'vault'.
	Name *string `json:"name,omitempty"`
}

DataManifestCustomResourceFunctionDefinition - The custom resource function definition.

func (DataManifestCustomResourceFunctionDefinition) MarshalJSON 

func (d DataManifestCustomResourceFunctionDefinition) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type DataManifestCustomResourceFunctionDefinition.

func (*DataManifestCustomResourceFunctionDefinition) UnmarshalJSON added in v0.7.0 

func (d *DataManifestCustomResourceFunctionDefinition) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type DataManifestCustomResourceFunctionDefinition.

type DataManifestResourceFunctionsDefinition 

type DataManifestResourceFunctionsDefinition struct {
	// An array of data manifest custom resource definition.
	Custom []*DataManifestCustomResourceFunctionDefinition `json:"custom,omitempty"`

	// The standard resource functions (subscription and/or resourceGroup).
	Standard []*string `json:"standard,omitempty"`
}

DataManifestResourceFunctionsDefinition - The resource functions supported by a manifest

func (DataManifestResourceFunctionsDefinition) MarshalJSON 

func (d DataManifestResourceFunctionsDefinition) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type DataManifestResourceFunctionsDefinition.

func (*DataManifestResourceFunctionsDefinition) UnmarshalJSON added in v0.7.0 

func (d *DataManifestResourceFunctionsDefinition) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type DataManifestResourceFunctionsDefinition.

type DataPolicyManifest 

type DataPolicyManifest struct {
	// The data policy manifest properties.
	Properties *DataPolicyManifestProperties `json:"properties,omitempty"`

	// READ-ONLY; The ID of the data policy manifest.
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the data policy manifest (it's the same as the Policy Mode).
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource (Microsoft.Authorization/dataPolicyManifests).
	Type *string `json:"type,omitempty" azure:"ro"`
}

DataPolicyManifest - The data policy manifest.

func (DataPolicyManifest) MarshalJSON added in v0.7.0 

func (d DataPolicyManifest) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type DataPolicyManifest.

func (*DataPolicyManifest) UnmarshalJSON added in v0.7.0 

func (d *DataPolicyManifest) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type DataPolicyManifest.

type DataPolicyManifestListResult 

type DataPolicyManifestListResult struct {
	// The URL to use for getting the next set of results.
	NextLink *string `json:"nextLink,omitempty"`

	// An array of data policy manifests.
	Value []*DataPolicyManifest `json:"value,omitempty"`
}

DataPolicyManifestListResult - List of data policy manifests.

func (DataPolicyManifestListResult) MarshalJSON 

func (d DataPolicyManifestListResult) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type DataPolicyManifestListResult.

func (*DataPolicyManifestListResult) UnmarshalJSON added in v0.7.0 

func (d *DataPolicyManifestListResult) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type DataPolicyManifestListResult.

type DataPolicyManifestProperties 

type DataPolicyManifestProperties struct {
	// The effect definition.
	Effects []*DataEffect `json:"effects,omitempty"`

	// The non-alias field accessor values that can be used in the policy rule.
	FieldValues []*string `json:"fieldValues,omitempty"`

	// A value indicating whether policy mode is allowed only in built-in definitions.
	IsBuiltInOnly *bool `json:"isBuiltInOnly,omitempty"`

	// The list of namespaces for the data policy manifest.
	Namespaces []*string `json:"namespaces,omitempty"`

	// The policy mode of the data policy manifest.
	PolicyMode *string `json:"policyMode,omitempty"`

	// The resource functions definition specified in the data manifest.
	ResourceFunctions *DataManifestResourceFunctionsDefinition `json:"resourceFunctions,omitempty"`

	// An array of resource type aliases.
	ResourceTypeAliases []*ResourceTypeAliases `json:"resourceTypeAliases,omitempty"`
}

DataPolicyManifestProperties - The properties of the data policy manifest.

func (DataPolicyManifestProperties) MarshalJSON 

func (d DataPolicyManifestProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type DataPolicyManifestProperties.

func (*DataPolicyManifestProperties) UnmarshalJSON added in v0.7.0 

func (d *DataPolicyManifestProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type DataPolicyManifestProperties.

type DataPolicyManifestsClient 

type DataPolicyManifestsClient struct {
	// contains filtered or unexported fields
}

DataPolicyManifestsClient contains the methods for the DataPolicyManifests group. Don't use this type directly, use NewDataPolicyManifestsClient() instead.

func NewDataPolicyManifestsClient 

func NewDataPolicyManifestsClient(credential azcore.TokenCredential, options *arm.ClientOptions) (*DataPolicyManifestsClient, error)

NewDataPolicyManifestsClient creates a new instance of DataPolicyManifestsClient with the specified values.

  • credential - used to authorize requests. Usually a credential from azidentity.
  • options - pass nil to accept the default values.

func (*DataPolicyManifestsClient) GetByPolicyMode 

func (client *DataPolicyManifestsClient) GetByPolicyMode(ctx context.Context, policyMode string, options *DataPolicyManifestsClientGetByPolicyModeOptions) (DataPolicyManifestsClientGetByPolicyModeResponse, error)

GetByPolicyMode - This operation retrieves the data policy manifest with the given policy mode. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2020-09-01

  • policyMode - The policy mode of the data policy manifest to get.
  • options - DataPolicyManifestsClientGetByPolicyModeOptions contains the optional parameters for the DataPolicyManifestsClient.GetByPolicyMode method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d55b8005f05b040b852c15e74a0f3e36494a15e1/specification/resources/resource-manager/Microsoft.Authorization/stable/2020-09-01/examples/getDataPolicyManifest.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewDataPolicyManifestsClient().GetByPolicyMode(ctx, "Microsoft.KeyVault.Data", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.DataPolicyManifest = armpolicy.DataPolicyManifest{
	// 	Name: to.Ptr("Microsoft.KeyVault.Data"),
	// 	Type: to.Ptr("Microsoft.Authorization/dataPolicyManifests"),
	// 	ID: to.Ptr("/providers/Microsoft.Authorization/dataPolicyManifests/Microsoft.KeyVault.Data"),
	// 	Properties: &armpolicy.DataPolicyManifestProperties{
	// 		Effects: []*armpolicy.DataEffect{
	// 			{
	// 				Name: to.Ptr("Audit"),
	// 			},
	// 			{
	// 				Name: to.Ptr("Deny"),
	// 		}},
	// 		FieldValues: []*string{
	// 			to.Ptr("type")},
	// 			IsBuiltInOnly: to.Ptr(true),
	// 			Namespaces: []*string{
	// 				to.Ptr("Microsoft.KeyVault")},
	// 				PolicyMode: to.Ptr("Microsoft.KeyVault.Data"),
	// 				ResourceFunctions: &armpolicy.DataManifestResourceFunctionsDefinition{
	// 					Custom: []*armpolicy.DataManifestCustomResourceFunctionDefinition{
	// 						{
	// 							Name: to.Ptr("vault"),
	// 							AllowCustomProperties: to.Ptr(false),
	// 							DefaultProperties: []*string{
	// 								to.Ptr("location"),
	// 								to.Ptr("tags")},
	// 								FullyQualifiedResourceType: to.Ptr("Microsoft.KeyVault/vaults"),
	// 						}},
	// 						Standard: []*string{
	// 							to.Ptr("subscription"),
	// 							to.Ptr("resourceGroup")},
	// 						},
	// 						ResourceTypeAliases: []*armpolicy.ResourceTypeAliases{
	// 							{
	// 								Aliases: []*armpolicy.Alias{
	// 									{
	// 										Name: to.Ptr("Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keyType"),
	// 										Paths: []*armpolicy.AliasPath{
	// 											{
	// 												Path: to.Ptr("keyProperties.keyType"),
	// 												APIVersions: []*string{
	// 													to.Ptr("2019-01-01")},
	// 											}},
	// 									}},
	// 									ResourceType: to.Ptr("vaults/certificates"),
	// 							}},
	// 						},
	// 					}
}

Output:

func (*DataPolicyManifestsClient) NewListPager added in v0.5.0 

func (client *DataPolicyManifestsClient) NewListPager(options *DataPolicyManifestsClientListOptions) *runtime.Pager[DataPolicyManifestsClientListResponse]

NewListPager - This operation retrieves a list of all the data policy manifests that match the optional given $filter. Valid values for $filter are: "$filter=namespace eq '{0}'". If $filter is not provided, the unfiltered list includes all data policy manifests for data resource types. If $filter=namespace is provided, the returned list only includes all data policy manifests that have a namespace matching the provided value.

Generated from API version 2020-09-01

  • options - DataPolicyManifestsClientListOptions contains the optional parameters for the DataPolicyManifestsClient.NewListPager method.
Example (ListDataPolicyManifests)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d55b8005f05b040b852c15e74a0f3e36494a15e1/specification/resources/resource-manager/Microsoft.Authorization/stable/2020-09-01/examples/listDataPolicyManifests.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	pager := clientFactory.NewDataPolicyManifestsClient().NewListPager(&armpolicy.DataPolicyManifestsClientListOptions{Filter: nil})
	for pager.More() {
		page, err := pager.NextPage(ctx)
		if err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		for _, v := range page.Value {
			// You could use page here. We use blank identifier for just demo purposes.
			_ = v
		}
		// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
		// page.DataPolicyManifestListResult = armpolicy.DataPolicyManifestListResult{
		// 	Value: []*armpolicy.DataPolicyManifest{
		// 		{
		// 			Name: to.Ptr("Microsoft.KeyVault.Data"),
		// 			Type: to.Ptr("Microsoft.Authorization/dataPolicyManifests"),
		// 			ID: to.Ptr("/providers/Microsoft.Authorization/dataPolicyManifests/Microsoft.KeyVault.Data"),
		// 			Properties: &armpolicy.DataPolicyManifestProperties{
		// 				Effects: []*armpolicy.DataEffect{
		// 					{
		// 						Name: to.Ptr("audit"),
		// 					},
		// 					{
		// 						Name: to.Ptr("deny"),
		// 				}},
		// 				FieldValues: []*string{
		// 					to.Ptr("type")},
		// 					IsBuiltInOnly: to.Ptr(true),
		// 					Namespaces: []*string{
		// 						to.Ptr("Microsoft.KeyVault")},
		// 						PolicyMode: to.Ptr("Microsoft.KeyVault.Data"),
		// 						ResourceFunctions: &armpolicy.DataManifestResourceFunctionsDefinition{
		// 							Custom: []*armpolicy.DataManifestCustomResourceFunctionDefinition{
		// 								{
		// 									Name: to.Ptr("vault"),
		// 									AllowCustomProperties: to.Ptr(false),
		// 									DefaultProperties: []*string{
		// 										to.Ptr("location"),
		// 										to.Ptr("tags")},
		// 										FullyQualifiedResourceType: to.Ptr("Microsoft.KeyVault/vaults"),
		// 								}},
		// 								Standard: []*string{
		// 									to.Ptr("subscription"),
		// 									to.Ptr("resourceGroup")},
		// 								},
		// 								ResourceTypeAliases: []*armpolicy.ResourceTypeAliases{
		// 									{
		// 										Aliases: []*armpolicy.Alias{
		// 											{
		// 												Name: to.Ptr("Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keyType"),
		// 												Paths: []*armpolicy.AliasPath{
		// 													{
		// 														Path: to.Ptr("keyProperties.keyType"),
		// 														APIVersions: []*string{
		// 															to.Ptr("2019-01-01")},
		// 													}},
		// 											}},
		// 											ResourceType: to.Ptr("vaults/certificates"),
		// 									}},
		// 								},
		// 							},
		// 							{
		// 								Name: to.Ptr("Microsoft.Kubernetes.Data"),
		// 								Type: to.Ptr("Microsoft.Authorization/dataPolicyManifests"),
		// 								ID: to.Ptr("/providers/Microsoft.Authorization/dataPolicyManifests/Microsoft.Kubernetes.Data"),
		// 								Properties: &armpolicy.DataPolicyManifestProperties{
		// 									Effects: []*armpolicy.DataEffect{
		// 										{
		// 											Name: to.Ptr("audit"),
		// 											DetailsSchema: map[string]any{
		// 												"type": "object",
		// 												"additionalProperties": false,
		// 												"properties":map[string]any{
		// 													"constraint":map[string]any{
		// 														"type": "string",
		// 														"pattern": "^(?i)(https:\\/\\/raw\\.githubusercontent\\.com\\/){1}(.+)(\\.){1}(yaml|yml){1}$",
		// 													},
		// 													"constraintTemplate":map[string]any{
		// 														"type": "string",
		// 														"pattern": "^(?i)(https:\\/\\/raw\\.githubusercontent\\.com\\/){1}(.+)(\\.){1}(yaml|yml){1}$",
		// 													},
		// 													"values":map[string]any{
		// 														"type": "object",
		// 														"additionalProperties":map[string]any{
		// 														},
		// 														"maxProperties": float64(10),
		// 													},
		// 												},
		// 												"required":[]any{
		// 													"constraintTemplate",
		// 												},
		// 											},
		// 									}},
		// 									IsBuiltInOnly: to.Ptr(false),
		// 									Namespaces: []*string{
		// 										to.Ptr("Microsoft.Kubernetes"),
		// 										to.Ptr("Microsoft.ContainerService")},
		// 										PolicyMode: to.Ptr("Microsoft.Kubernetes.Data"),
		// 									},
		// 							}},
		// 						}
	}
}

Output:
Example (ListDataPolicyManifestsWithNamespaceFilter)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d55b8005f05b040b852c15e74a0f3e36494a15e1/specification/resources/resource-manager/Microsoft.Authorization/stable/2020-09-01/examples/listDataPolicyManifestsNamespaceFilter.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	pager := clientFactory.NewDataPolicyManifestsClient().NewListPager(&armpolicy.DataPolicyManifestsClientListOptions{Filter: to.Ptr("namespace eq 'Microsoft.KeyVault'")})
	for pager.More() {
		page, err := pager.NextPage(ctx)
		if err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		for _, v := range page.Value {
			// You could use page here. We use blank identifier for just demo purposes.
			_ = v
		}
		// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
		// page.DataPolicyManifestListResult = armpolicy.DataPolicyManifestListResult{
		// 	Value: []*armpolicy.DataPolicyManifest{
		// 		{
		// 			Name: to.Ptr("Microsoft.KeyVault.Data"),
		// 			Type: to.Ptr("Microsoft.Authorization/dataPolicyManifests"),
		// 			ID: to.Ptr("/providers/Microsoft.Authorization/dataPolicyManifests/Microsoft.KeyVault.Data"),
		// 			Properties: &armpolicy.DataPolicyManifestProperties{
		// 				Effects: []*armpolicy.DataEffect{
		// 					{
		// 						Name: to.Ptr("audit"),
		// 					},
		// 					{
		// 						Name: to.Ptr("deny"),
		// 				}},
		// 				FieldValues: []*string{
		// 					to.Ptr("type")},
		// 					IsBuiltInOnly: to.Ptr(true),
		// 					Namespaces: []*string{
		// 						to.Ptr("Microsoft.KeyVault")},
		// 						PolicyMode: to.Ptr("Microsoft.KeyVault.Data"),
		// 						ResourceFunctions: &armpolicy.DataManifestResourceFunctionsDefinition{
		// 							Custom: []*armpolicy.DataManifestCustomResourceFunctionDefinition{
		// 								{
		// 									Name: to.Ptr("vault"),
		// 									AllowCustomProperties: to.Ptr(false),
		// 									DefaultProperties: []*string{
		// 										to.Ptr("location"),
		// 										to.Ptr("tags")},
		// 										FullyQualifiedResourceType: to.Ptr("Microsoft.KeyVault/vaults"),
		// 								}},
		// 								Standard: []*string{
		// 									to.Ptr("subscription"),
		// 									to.Ptr("resourceGroup")},
		// 								},
		// 								ResourceTypeAliases: []*armpolicy.ResourceTypeAliases{
		// 									{
		// 										Aliases: []*armpolicy.Alias{
		// 											{
		// 												Name: to.Ptr("Microsoft.KeyVault.Data/vaults/certificates/keyProperties.keyType"),
		// 												Paths: []*armpolicy.AliasPath{
		// 													{
		// 														Path: to.Ptr("keyProperties.keyType"),
		// 														APIVersions: []*string{
		// 															to.Ptr("2019-01-01")},
		// 													}},
		// 											}},
		// 											ResourceType: to.Ptr("vaults/certificates"),
		// 									}},
		// 								},
		// 						}},
		// 					}
	}
}

Output:

type DataPolicyManifestsClientGetByPolicyModeOptions added in v0.2.0 

type DataPolicyManifestsClientGetByPolicyModeOptions struct {
}

DataPolicyManifestsClientGetByPolicyModeOptions contains the optional parameters for the DataPolicyManifestsClient.GetByPolicyMode method.

type DataPolicyManifestsClientGetByPolicyModeResponse added in v0.2.0 

type DataPolicyManifestsClientGetByPolicyModeResponse struct {
	DataPolicyManifest
}

DataPolicyManifestsClientGetByPolicyModeResponse contains the response from method DataPolicyManifestsClient.GetByPolicyMode.

type DataPolicyManifestsClientListOptions added in v0.2.0 

type DataPolicyManifestsClientListOptions struct {
	// The filter to apply on the operation. Valid values for $filter are: "namespace eq '{value}'". If $filter is not provided,
	// no filtering is performed. If $filter=namespace eq '{value}' is provided, the
	// returned list only includes all data policy manifests that have a namespace matching the provided value.
	Filter *string
}

DataPolicyManifestsClientListOptions contains the optional parameters for the DataPolicyManifestsClient.NewListPager method.

type DataPolicyManifestsClientListResponse added in v0.2.0 

type DataPolicyManifestsClientListResponse struct {
	DataPolicyManifestListResult
}

DataPolicyManifestsClientListResponse contains the response from method DataPolicyManifestsClient.NewListPager.

type Definition added in v0.2.0 

type Definition struct {
	// The policy definition properties.
	Properties *DefinitionProperties `json:"properties,omitempty"`

	// READ-ONLY; The ID of the policy definition.
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the policy definition.
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; The system metadata relating to this resource.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource (Microsoft.Authorization/policyDefinitions).
	Type *string `json:"type,omitempty" azure:"ro"`
}

Definition - The policy definition.

func (Definition) MarshalJSON added in v0.7.0 

func (d Definition) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type Definition.

func (*Definition) UnmarshalJSON added in v0.7.0 

func (d *Definition) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type Definition.

type DefinitionGroup added in v0.2.0 

type DefinitionGroup struct {
	// REQUIRED; The name of the group.
	Name *string `json:"name,omitempty"`

	// A resource ID of a resource that contains additional metadata about the group.
	AdditionalMetadataID *string `json:"additionalMetadataId,omitempty"`

	// The group's category.
	Category *string `json:"category,omitempty"`

	// The group's description.
	Description *string `json:"description,omitempty"`

	// The group's display name.
	DisplayName *string `json:"displayName,omitempty"`
}

DefinitionGroup - The policy definition group.

func (DefinitionGroup) MarshalJSON added in v0.7.0 

func (d DefinitionGroup) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type DefinitionGroup.

func (*DefinitionGroup) UnmarshalJSON added in v0.7.0 

func (d *DefinitionGroup) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type DefinitionGroup.

type DefinitionListResult added in v0.2.0 

type DefinitionListResult struct {
	// The URL to use for getting the next set of results.
	NextLink *string `json:"nextLink,omitempty"`

	// An array of policy definitions.
	Value []*Definition `json:"value,omitempty"`
}

DefinitionListResult - List of policy definitions.

func (DefinitionListResult) MarshalJSON added in v0.2.0 

func (d DefinitionListResult) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type DefinitionListResult.

func (*DefinitionListResult) UnmarshalJSON added in v0.7.0 

func (d *DefinitionListResult) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type DefinitionListResult.

type DefinitionProperties added in v0.2.0 

type DefinitionProperties struct {
	// The policy definition description.
	Description *string `json:"description,omitempty"`

	// The display name of the policy definition.
	DisplayName *string `json:"displayName,omitempty"`

	// The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs.
	Metadata any `json:"metadata,omitempty"`

	// The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data.
	Mode *string `json:"mode,omitempty"`

	// The parameter definitions for parameters used in the policy rule. The keys are the parameter names.
	Parameters map[string]*ParameterDefinitionsValue `json:"parameters,omitempty"`

	// The policy rule.
	PolicyRule any `json:"policyRule,omitempty"`

	// The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static.
	PolicyType *PolicyType `json:"policyType,omitempty"`
}

DefinitionProperties - The policy definition properties.

func (DefinitionProperties) MarshalJSON added in v0.2.0 

func (d DefinitionProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type DefinitionProperties.

func (*DefinitionProperties) UnmarshalJSON added in v0.7.0 

func (d *DefinitionProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type DefinitionProperties.

type DefinitionReference added in v0.2.0 

type DefinitionReference struct {
	// REQUIRED; The ID of the policy definition or policy set definition.
	PolicyDefinitionID *string `json:"policyDefinitionId,omitempty"`

	// The name of the groups that this policy definition reference belongs to.
	GroupNames []*string `json:"groupNames,omitempty"`

	// The parameter values for the referenced policy rule. The keys are the parameter names.
	Parameters map[string]*ParameterValuesValue `json:"parameters,omitempty"`

	// A unique id (within the policy set definition) for this policy definition reference.
	PolicyDefinitionReferenceID *string `json:"policyDefinitionReferenceId,omitempty"`
}

DefinitionReference - The policy definition reference.

func (DefinitionReference) MarshalJSON added in v0.2.0 

func (d DefinitionReference) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type DefinitionReference.

func (*DefinitionReference) UnmarshalJSON added in v0.7.0 

func (d *DefinitionReference) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type DefinitionReference.

type DefinitionsClient added in v0.2.0 

type DefinitionsClient struct {
	// contains filtered or unexported fields
}

DefinitionsClient contains the methods for the PolicyDefinitions group. Don't use this type directly, use NewDefinitionsClient() instead.

func NewDefinitionsClient added in v0.2.0 

func NewDefinitionsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*DefinitionsClient, error)

NewDefinitionsClient creates a new instance of DefinitionsClient with the specified values.

  • subscriptionID - The ID of the target subscription.
  • credential - used to authorize requests. Usually a credential from azidentity.
  • options - pass nil to accept the default values.

func (*DefinitionsClient) CreateOrUpdate added in v0.2.0 

func (client *DefinitionsClient) CreateOrUpdate(ctx context.Context, policyDefinitionName string, parameters Definition, options *DefinitionsClientCreateOrUpdateOptions) (DefinitionsClientCreateOrUpdateResponse, error)

CreateOrUpdate - This operation creates or updates a policy definition in the given subscription with the given name. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-06-01

  • policyDefinitionName - The name of the policy definition to create.
  • parameters - The policy definition properties.
  • options - DefinitionsClientCreateOrUpdateOptions contains the optional parameters for the DefinitionsClient.CreateOrUpdate method.
Example (CreateOrUpdateAPolicyDefinition)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d55b8005f05b040b852c15e74a0f3e36494a15e1/specification/resources/resource-manager/Microsoft.Authorization/stable/2021-06-01/examples/createOrUpdatePolicyDefinition.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	_, err = clientFactory.NewDefinitionsClient().CreateOrUpdate(ctx, "ResourceNaming", armpolicy.Definition{
		Properties: &armpolicy.DefinitionProperties{
			Description: to.Ptr("Force resource names to begin with given 'prefix' and/or end with given 'suffix'"),
			DisplayName: to.Ptr("Enforce resource naming convention"),
			Metadata: map[string]any{
				"category": "Naming",
			},
			Mode: to.Ptr("All"),
			Parameters: map[string]*armpolicy.ParameterDefinitionsValue{
				"prefix": {
					Type: to.Ptr(armpolicy.ParameterTypeString),
					Metadata: &armpolicy.ParameterDefinitionsValueMetadata{
						Description: to.Ptr("Resource name prefix"),
						DisplayName: to.Ptr("Prefix"),
					},
				},
				"suffix": {
					Type: to.Ptr(armpolicy.ParameterTypeString),
					Metadata: &armpolicy.ParameterDefinitionsValueMetadata{
						Description: to.Ptr("Resource name suffix"),
						DisplayName: to.Ptr("Suffix"),
					},
				},
			},
			PolicyRule: map[string]any{
				"if": map[string]any{
					"not": map[string]any{
						"field": "name",
						"like":  "[concat(parameters('prefix'), '*', parameters('suffix'))]",
					},
				},
				"then": map[string]any{
					"effect": "deny",
				},
			},
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
}

Output:
Example (CreateOrUpdateAPolicyDefinitionWithAdvancedParameters)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d55b8005f05b040b852c15e74a0f3e36494a15e1/specification/resources/resource-manager/Microsoft.Authorization/stable/2021-06-01/examples/createOrUpdatePolicyDefinitionAdvancedParams.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	_, err = clientFactory.NewDefinitionsClient().CreateOrUpdate(ctx, "EventHubDiagnosticLogs", armpolicy.Definition{
		Properties: &armpolicy.DefinitionProperties{
			Description: to.Ptr("Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised"),
			DisplayName: to.Ptr("Event Hubs should have diagnostic logging enabled"),
			Metadata: map[string]any{
				"category": "Event Hub",
			},
			Mode: to.Ptr("Indexed"),
			Parameters: map[string]*armpolicy.ParameterDefinitionsValue{
				"requiredRetentionDays": {
					Type: to.Ptr(armpolicy.ParameterTypeInteger),
					AllowedValues: []any{
						float64(0),
						float64(30),
						float64(90),
						float64(180),
						float64(365)},
					DefaultValue: float64(365),
					Metadata: &armpolicy.ParameterDefinitionsValueMetadata{
						Description: to.Ptr("The required diagnostic logs retention in days"),
						DisplayName: to.Ptr("Required retention (days)"),
					},
				},
			},
			PolicyRule: map[string]any{
				"if": map[string]any{
					"equals": "Microsoft.EventHub/namespaces",
					"field":  "type",
				},
				"then": map[string]any{
					"effect": "AuditIfNotExists",
					"details": map[string]any{
						"type": "Microsoft.Insights/diagnosticSettings",
						"existenceCondition": map[string]any{
							"allOf": []any{
								map[string]any{
									"equals": "true",
									"field":  "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled",
								},
								map[string]any{
									"equals": "[parameters('requiredRetentionDays')]",
									"field":  "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days",
								},
							},
						},
					},
				},
			},
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
}

Output:

func (*DefinitionsClient) CreateOrUpdateAtManagementGroup added in v0.2.0 

func (client *DefinitionsClient) CreateOrUpdateAtManagementGroup(ctx context.Context, policyDefinitionName string, managementGroupID string, parameters Definition, options *DefinitionsClientCreateOrUpdateAtManagementGroupOptions) (DefinitionsClientCreateOrUpdateAtManagementGroupResponse, error)

CreateOrUpdateAtManagementGroup - This operation creates or updates a policy definition in the given management group with the given name. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-06-01

  • policyDefinitionName - The name of the policy definition to create.
  • managementGroupID - The ID of the management group.
  • parameters - The policy definition properties.
  • options - DefinitionsClientCreateOrUpdateAtManagementGroupOptions contains the optional parameters for the DefinitionsClient.CreateOrUpdateAtManagementGroup method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d55b8005f05b040b852c15e74a0f3e36494a15e1/specification/resources/resource-manager/Microsoft.Authorization/stable/2021-06-01/examples/createOrUpdatePolicyDefinitionAtManagementGroup.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	_, err = clientFactory.NewDefinitionsClient().CreateOrUpdateAtManagementGroup(ctx, "ResourceNaming", "MyManagementGroup", armpolicy.Definition{
		Properties: &armpolicy.DefinitionProperties{
			Description: to.Ptr("Force resource names to begin with given 'prefix' and/or end with given 'suffix'"),
			DisplayName: to.Ptr("Enforce resource naming convention"),
			Metadata: map[string]any{
				"category": "Naming",
			},
			Mode: to.Ptr("All"),
			Parameters: map[string]*armpolicy.ParameterDefinitionsValue{
				"prefix": {
					Type: to.Ptr(armpolicy.ParameterTypeString),
					Metadata: &armpolicy.ParameterDefinitionsValueMetadata{
						Description: to.Ptr("Resource name prefix"),
						DisplayName: to.Ptr("Prefix"),
					},
				},
				"suffix": {
					Type: to.Ptr(armpolicy.ParameterTypeString),
					Metadata: &armpolicy.ParameterDefinitionsValueMetadata{
						Description: to.Ptr("Resource name suffix"),
						DisplayName: to.Ptr("Suffix"),
					},
				},
			},
			PolicyRule: map[string]any{
				"if": map[string]any{
					"not": map[string]any{
						"field": "name",
						"like":  "[concat(parameters('prefix'), '*', parameters('suffix'))]",
					},
				},
				"then": map[string]any{
					"effect": "deny",
				},
			},
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
}

Output:

func (*DefinitionsClient) Delete added in v0.2.0 

func (client *DefinitionsClient) Delete(ctx context.Context, policyDefinitionName string, options *DefinitionsClientDeleteOptions) (DefinitionsClientDeleteResponse, error)

Delete - This operation deletes the policy definition in the given subscription with the given name. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-06-01

  • policyDefinitionName - The name of the policy definition to delete.
  • options - DefinitionsClientDeleteOptions contains the optional parameters for the DefinitionsClient.Delete method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d55b8005f05b040b852c15e74a0f3e36494a15e1/specification/resources/resource-manager/Microsoft.Authorization/stable/2021-06-01/examples/deletePolicyDefinition.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	_, err = clientFactory.NewDefinitionsClient().Delete(ctx, "ResourceNaming", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
}

Output:

func (*DefinitionsClient) DeleteAtManagementGroup added in v0.2.0 

func (client *DefinitionsClient) DeleteAtManagementGroup(ctx context.Context, policyDefinitionName string, managementGroupID string, options *DefinitionsClientDeleteAtManagementGroupOptions) (DefinitionsClientDeleteAtManagementGroupResponse, error)

DeleteAtManagementGroup - This operation deletes the policy definition in the given management group with the given name. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-06-01

  • policyDefinitionName - The name of the policy definition to delete.
  • managementGroupID - The ID of the management group.
  • options - DefinitionsClientDeleteAtManagementGroupOptions contains the optional parameters for the DefinitionsClient.DeleteAtManagementGroup method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d55b8005f05b040b852c15e74a0f3e36494a15e1/specification/resources/resource-manager/Microsoft.Authorization/stable/2021-06-01/examples/deletePolicyDefinitionAtManagementGroup.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	_, err = clientFactory.NewDefinitionsClient().DeleteAtManagementGroup(ctx, "ResourceNaming", "MyManagementGroup", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
}

Output:

func (*DefinitionsClient) Get added in v0.2.0 

func (client *DefinitionsClient) Get(ctx context.Context, policyDefinitionName string, options *DefinitionsClientGetOptions) (DefinitionsClientGetResponse, error)

Get - This operation retrieves the policy definition in the given subscription with the given name. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-06-01

  • policyDefinitionName - The name of the policy definition to get.
  • options - DefinitionsClientGetOptions contains the optional parameters for the DefinitionsClient.Get method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d55b8005f05b040b852c15e74a0f3e36494a15e1/specification/resources/resource-manager/Microsoft.Authorization/stable/2021-06-01/examples/getPolicyDefinition.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewDefinitionsClient().Get(ctx, "ResourceNaming", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.Definition = armpolicy.Definition{
	// 	Name: to.Ptr("ResourceNaming"),
	// 	Type: to.Ptr("Microsoft.Authorization/policyDefinitions"),
	// 	ID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
	// 	Properties: &armpolicy.DefinitionProperties{
	// 		Description: to.Ptr("Force resource names to begin with 'prefix' and end with 'suffix'"),
	// 		DisplayName: to.Ptr("Naming Convention"),
	// 		Metadata: map[string]any{
	// 			"category": "Naming",
	// 		},
	// 		Mode: to.Ptr("All"),
	// 		Parameters: map[string]*armpolicy.ParameterDefinitionsValue{
	// 			"prefix": &armpolicy.ParameterDefinitionsValue{
	// 				Type: to.Ptr(armpolicy.ParameterTypeString),
	// 				Metadata: &armpolicy.ParameterDefinitionsValueMetadata{
	// 					Description: to.Ptr("Resource name prefix"),
	// 					DisplayName: to.Ptr("Prefix"),
	// 				},
	// 			},
	// 			"suffix": &armpolicy.ParameterDefinitionsValue{
	// 				Type: to.Ptr(armpolicy.ParameterTypeString),
	// 				Metadata: &armpolicy.ParameterDefinitionsValueMetadata{
	// 					Description: to.Ptr("Resource name suffix"),
	// 					DisplayName: to.Ptr("Suffix"),
	// 				},
	// 			},
	// 		},
	// 		PolicyRule: map[string]any{
	// 			"if":map[string]any{
	// 				"not":map[string]any{
	// 					"field": "name",
	// 					"like": "[concat(parameters('prefix'), '*', parameters('suffix'))]",
	// 				},
	// 			},
	// 			"then":map[string]any{
	// 				"effect": "deny",
	// 			},
	// 		},
	// 		PolicyType: to.Ptr(armpolicy.PolicyTypeCustom),
	// 	},
	// }
}

Output:

func (*DefinitionsClient) GetAtManagementGroup added in v0.2.0 

func (client *DefinitionsClient) GetAtManagementGroup(ctx context.Context, policyDefinitionName string, managementGroupID string, options *DefinitionsClientGetAtManagementGroupOptions) (DefinitionsClientGetAtManagementGroupResponse, error)

GetAtManagementGroup - This operation retrieves the policy definition in the given management group with the given name. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-06-01

  • policyDefinitionName - The name of the policy definition to get.
  • managementGroupID - The ID of the management group.
  • options - DefinitionsClientGetAtManagementGroupOptions contains the optional parameters for the DefinitionsClient.GetAtManagementGroup method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d55b8005f05b040b852c15e74a0f3e36494a15e1/specification/resources/resource-manager/Microsoft.Authorization/stable/2021-06-01/examples/getPolicyDefinitionAtManagementGroup.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewDefinitionsClient().GetAtManagementGroup(ctx, "ResourceNaming", "MyManagementGroup", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.Definition = armpolicy.Definition{
	// 	Name: to.Ptr("ResourceNaming"),
	// 	Type: to.Ptr("Microsoft.Authorization/policyDefinitions"),
	// 	ID: to.Ptr("/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
	// 	Properties: &armpolicy.DefinitionProperties{
	// 		Description: to.Ptr("Force resource names to begin with 'prefix' and end with 'suffix'"),
	// 		DisplayName: to.Ptr("Naming Convention"),
	// 		Metadata: map[string]any{
	// 			"category": "Naming",
	// 		},
	// 		Mode: to.Ptr("All"),
	// 		Parameters: map[string]*armpolicy.ParameterDefinitionsValue{
	// 			"prefix": &armpolicy.ParameterDefinitionsValue{
	// 				Type: to.Ptr(armpolicy.ParameterTypeString),
	// 				Metadata: &armpolicy.ParameterDefinitionsValueMetadata{
	// 					Description: to.Ptr("Resource name prefix"),
	// 					DisplayName: to.Ptr("Prefix"),
	// 				},
	// 			},
	// 			"suffix": &armpolicy.ParameterDefinitionsValue{
	// 				Type: to.Ptr(armpolicy.ParameterTypeString),
	// 				Metadata: &armpolicy.ParameterDefinitionsValueMetadata{
	// 					Description: to.Ptr("Resource name suffix"),
	// 					DisplayName: to.Ptr("Suffix"),
	// 				},
	// 			},
	// 		},
	// 		PolicyRule: map[string]any{
	// 			"if":map[string]any{
	// 				"not":map[string]any{
	// 					"field": "name",
	// 					"like": "[concat(parameters('prefix'), '*', parameters('suffix'))]",
	// 				},
	// 			},
	// 			"then":map[string]any{
	// 				"effect": "deny",
	// 			},
	// 		},
	// 		PolicyType: to.Ptr(armpolicy.PolicyTypeCustom),
	// 	},
	// }
}

Output:

func (*DefinitionsClient) GetBuiltIn added in v0.2.0 

func (client *DefinitionsClient) GetBuiltIn(ctx context.Context, policyDefinitionName string, options *DefinitionsClientGetBuiltInOptions) (DefinitionsClientGetBuiltInResponse, error)

GetBuiltIn - This operation retrieves the built-in policy definition with the given name. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-06-01

  • policyDefinitionName - The name of the built-in policy definition to get.
  • options - DefinitionsClientGetBuiltInOptions contains the optional parameters for the DefinitionsClient.GetBuiltIn method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d55b8005f05b040b852c15e74a0f3e36494a15e1/specification/resources/resource-manager/Microsoft.Authorization/stable/2021-06-01/examples/getBuiltinPolicyDefinition.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewDefinitionsClient().GetBuiltIn(ctx, "7433c107-6db4-4ad1-b57a-a76dce0154a1", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.Definition = armpolicy.Definition{
	// 	Name: to.Ptr("7433c107-6db4-4ad1-b57a-a76dce0154a1"),
	// 	Type: to.Ptr("Microsoft.Authorization/policyDefinitions"),
	// 	ID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1"),
	// 	Properties: &armpolicy.DefinitionProperties{
	// 		Description: to.Ptr("This policy enables you to specify a set of storage account SKUs that your organization can deploy."),
	// 		DisplayName: to.Ptr("Allowed storage account SKUs"),
	// 		Mode: to.Ptr("All"),
	// 		Parameters: map[string]*armpolicy.ParameterDefinitionsValue{
	// 			"listOfAllowedSKUs": &armpolicy.ParameterDefinitionsValue{
	// 				Type: to.Ptr(armpolicy.ParameterTypeArray),
	// 				Metadata: &armpolicy.ParameterDefinitionsValueMetadata{
	// 					Description: to.Ptr("The list of SKUs that can be specified for storage accounts."),
	// 					DisplayName: to.Ptr("Allowed SKUs"),
	// 					StrongType: to.Ptr("StorageSKUs"),
	// 				},
	// 			},
	// 		},
	// 		PolicyRule: map[string]any{
	// 			"if":map[string]any{
	// 				"allOf":[]any{
	// 					map[string]any{
	// 						"equals": "Microsoft.Storage/storageAccounts",
	// 						"field": "type",
	// 					},
	// 					map[string]any{
	// 						"not":map[string]any{
	// 							"field": "Microsoft.Storage/storageAccounts/sku.name",
	// 							"in": "[parameters('listOfAllowedSKUs')]",
	// 						},
	// 					},
	// 				},
	// 			},
	// 			"then":map[string]any{
	// 				"effect": "Deny",
	// 			},
	// 		},
	// 		PolicyType: to.Ptr(armpolicy.PolicyTypeBuiltIn),
	// 	},
	// }
}

Output:

func (*DefinitionsClient) NewListBuiltInPager added in v0.5.0 

func (client *DefinitionsClient) NewListBuiltInPager(options *DefinitionsClientListBuiltInOptions) *runtime.Pager[DefinitionsClientListBuiltInResponse]

NewListBuiltInPager - This operation retrieves a list of all the built-in policy definitions that match the optional given $filter. If $filter='policyType -eq {value}' is provided, the returned list only includes all built-in policy definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all built-in policy definitions whose category match the {value}.

Generated from API version 2021-06-01

  • options - DefinitionsClientListBuiltInOptions contains the optional parameters for the DefinitionsClient.NewListBuiltInPager method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d55b8005f05b040b852c15e74a0f3e36494a15e1/specification/resources/resource-manager/Microsoft.Authorization/stable/2021-06-01/examples/listBuiltInPolicyDefinitions.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	pager := clientFactory.NewDefinitionsClient().NewListBuiltInPager(&armpolicy.DefinitionsClientListBuiltInOptions{Filter: nil,
		Top: nil,
	})
	for pager.More() {
		page, err := pager.NextPage(ctx)
		if err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		for _, v := range page.Value {
			// You could use page here. We use blank identifier for just demo purposes.
			_ = v
		}
		// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
		// page.DefinitionListResult = armpolicy.DefinitionListResult{
		// 	Value: []*armpolicy.Definition{
		// 		{
		// 			Name: to.Ptr("06a78e20-9358-41c9-923c-fb736d382a12"),
		// 			Type: to.Ptr("Microsoft.Authorization/policyDefinitions"),
		// 			ID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12"),
		// 			Properties: &armpolicy.DefinitionProperties{
		// 				Description: to.Ptr("Audit DB level audit setting for SQL databases"),
		// 				DisplayName: to.Ptr("Audit SQL DB Level Audit Setting"),
		// 				Mode: to.Ptr("All"),
		// 				Parameters: map[string]*armpolicy.ParameterDefinitionsValue{
		// 					"setting": &armpolicy.ParameterDefinitionsValue{
		// 						Type: to.Ptr(armpolicy.ParameterTypeString),
		// 						AllowedValues: []any{
		// 							"enabled",
		// 							"disabled"},
		// 							Metadata: &armpolicy.ParameterDefinitionsValueMetadata{
		// 								DisplayName: to.Ptr("Audit Setting"),
		// 							},
		// 						},
		// 					},
		// 					PolicyRule: map[string]any{
		// 						"if":map[string]any{
		// 							"equals": "Microsoft.Sql/servers/databases",
		// 							"field": "type",
		// 						},
		// 						"then":map[string]any{
		// 							"effect": "AuditIfNotExists",
		// 							"details":map[string]any{
		// 								"name": "default",
		// 								"type": "Microsoft.Sql/servers/databases/auditingSettings",
		// 								"existenceCondition":map[string]any{
		// 									"allOf":[]any{
		// 										map[string]any{
		// 											"equals": "[parameters('setting')]",
		// 											"field": "Microsoft.Sql/auditingSettings.state",
		// 										},
		// 									},
		// 								},
		// 							},
		// 						},
		// 					},
		// 					PolicyType: to.Ptr(armpolicy.PolicyTypeBuiltIn),
		// 				},
		// 			},
		// 			{
		// 				Name: to.Ptr("7433c107-6db4-4ad1-b57a-a76dce0154a1"),
		// 				Type: to.Ptr("Microsoft.Authorization/policyDefinitions"),
		// 				ID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1"),
		// 				Properties: &armpolicy.DefinitionProperties{
		// 					Description: to.Ptr("This policy enables you to specify a set of storage account SKUs that your organization can deploy."),
		// 					DisplayName: to.Ptr("Allowed storage account SKUs"),
		// 					Mode: to.Ptr("All"),
		// 					Parameters: map[string]*armpolicy.ParameterDefinitionsValue{
		// 						"listOfAllowedSKUs": &armpolicy.ParameterDefinitionsValue{
		// 							Type: to.Ptr(armpolicy.ParameterTypeArray),
		// 							Metadata: &armpolicy.ParameterDefinitionsValueMetadata{
		// 								Description: to.Ptr("The list of SKUs that can be specified for storage accounts."),
		// 								DisplayName: to.Ptr("Allowed SKUs"),
		// 								StrongType: to.Ptr("StorageSKUs"),
		// 							},
		// 						},
		// 					},
		// 					PolicyRule: map[string]any{
		// 						"if":map[string]any{
		// 							"allOf":[]any{
		// 								map[string]any{
		// 									"equals": "Microsoft.Storage/storageAccounts",
		// 									"field": "type",
		// 								},
		// 								map[string]any{
		// 									"not":map[string]any{
		// 										"field": "Microsoft.Storage/storageAccounts/sku.name",
		// 										"in": "[parameters('listOfAllowedSKUs')]",
		// 									},
		// 								},
		// 							},
		// 						},
		// 						"then":map[string]any{
		// 							"effect": "Deny",
		// 						},
		// 					},
		// 					PolicyType: to.Ptr(armpolicy.PolicyTypeStatic),
		// 				},
		// 			},
		// 			{
		// 				Name: to.Ptr("abeed54a-73c5-441d-8a8c-6b5e7a0c299e"),
		// 				Type: to.Ptr("Microsoft.Authorization/policyDefinitions"),
		// 				ID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/abeed54a-73c5-441d-8a8c-6b5e7a0c299e"),
		// 				Properties: &armpolicy.DefinitionProperties{
		// 					Description: to.Ptr("Audit certificates that are stored in Azure Key Vault, that expire within 'X' number of days."),
		// 					DisplayName: to.Ptr("Audit KeyVault certificates that expire within specified number of days"),
		// 					Metadata: map[string]any{
		// 						"category": "KeyVault DataPlane",
		// 					},
		// 					Mode: to.Ptr("Microsoft.KeyVault.Data"),
		// 					Parameters: map[string]*armpolicy.ParameterDefinitionsValue{
		// 						"daysToExpire": &armpolicy.ParameterDefinitionsValue{
		// 							Type: to.Ptr(armpolicy.ParameterTypeInteger),
		// 							Metadata: &armpolicy.ParameterDefinitionsValueMetadata{
		// 								Description: to.Ptr("The number of days for a certificate to expire."),
		// 								DisplayName: to.Ptr("Days to expire"),
		// 							},
		// 						},
		// 					},
		// 					PolicyRule: map[string]any{
		// 						"if":map[string]any{
		// 							"field": "Microsoft.KeyVault.Data/vaults/certificates/attributes/expiresOn",
		// 							"lessOrEquals": "[addDays(utcNow(), parameters('daysToExpire'))]",
		// 						},
		// 						"then":map[string]any{
		// 							"effect": "audit",
		// 						},
		// 					},
		// 					PolicyType: to.Ptr(armpolicy.PolicyTypeBuiltIn),
		// 				},
		// 		}},
		// 	}
	}
}

Output:

func (*DefinitionsClient) NewListByManagementGroupPager added in v0.5.0 

func (client *DefinitionsClient) NewListByManagementGroupPager(managementGroupID string, options *DefinitionsClientListByManagementGroupOptions) *runtime.Pager[DefinitionsClientListByManagementGroupResponse]

NewListByManagementGroupPager - This operation retrieves a list of all the policy definitions in a given management group that match the optional given $filter. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}”. If $filter is not provided, the unfiltered list includes all policy definitions associated with the management group, including those that apply directly or from management groups that contain the given management group. If $filter=atExactScope() is provided, the returned list only includes all policy definitions that at the given management group. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all policy definitions whose category match the {value}.

Generated from API version 2021-06-01

  • managementGroupID - The ID of the management group.
  • options - DefinitionsClientListByManagementGroupOptions contains the optional parameters for the DefinitionsClient.NewListByManagementGroupPager method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d55b8005f05b040b852c15e74a0f3e36494a15e1/specification/resources/resource-manager/Microsoft.Authorization/stable/2021-06-01/examples/listPolicyDefinitionsByManagementGroup.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	pager := clientFactory.NewDefinitionsClient().NewListByManagementGroupPager("MyManagementGroup", &armpolicy.DefinitionsClientListByManagementGroupOptions{Filter: nil,
		Top: nil,
	})
	for pager.More() {
		page, err := pager.NextPage(ctx)
		if err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		for _, v := range page.Value {
			// You could use page here. We use blank identifier for just demo purposes.
			_ = v
		}
		// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
		// page.DefinitionListResult = armpolicy.DefinitionListResult{
		// 	Value: []*armpolicy.Definition{
		// 		{
		// 			Name: to.Ptr("7433c107-6db4-4ad1-b57a-a76dce0154a1"),
		// 			Type: to.Ptr("Microsoft.Authorization/policyDefinitions"),
		// 			ID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1"),
		// 			Properties: &armpolicy.DefinitionProperties{
		// 				Description: to.Ptr("This policy enables you to specify a set of storage account SKUs that your organization can deploy."),
		// 				DisplayName: to.Ptr("Allowed storage account SKUs"),
		// 				Mode: to.Ptr("All"),
		// 				Parameters: map[string]*armpolicy.ParameterDefinitionsValue{
		// 					"listOfAllowedSKUs": &armpolicy.ParameterDefinitionsValue{
		// 						Type: to.Ptr(armpolicy.ParameterTypeArray),
		// 						Metadata: &armpolicy.ParameterDefinitionsValueMetadata{
		// 							Description: to.Ptr("The list of SKUs that can be specified for storage accounts."),
		// 							DisplayName: to.Ptr("Allowed SKUs"),
		// 							StrongType: to.Ptr("StorageSKUs"),
		// 						},
		// 					},
		// 				},
		// 				PolicyRule: map[string]any{
		// 					"if":map[string]any{
		// 						"allOf":[]any{
		// 							map[string]any{
		// 								"equals": "Microsoft.Storage/storageAccounts",
		// 								"field": "type",
		// 							},
		// 							map[string]any{
		// 								"not":map[string]any{
		// 									"field": "Microsoft.Storage/storageAccounts/sku.name",
		// 									"in": "[parameters('listOfAllowedSKUs')]",
		// 								},
		// 							},
		// 						},
		// 					},
		// 					"then":map[string]any{
		// 						"effect": "Deny",
		// 					},
		// 				},
		// 				PolicyType: to.Ptr(armpolicy.PolicyTypeBuiltIn),
		// 			},
		// 		},
		// 		{
		// 			Name: to.Ptr("ResourceNaming"),
		// 			Type: to.Ptr("Microsoft.Authorization/policyDefinitions"),
		// 			ID: to.Ptr("/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
		// 			Properties: &armpolicy.DefinitionProperties{
		// 				Description: to.Ptr("Force resource names to begin with 'prefix' and end with 'suffix'"),
		// 				DisplayName: to.Ptr("Naming Convention"),
		// 				Metadata: map[string]any{
		// 					"category": "Naming",
		// 				},
		// 				Mode: to.Ptr("All"),
		// 				Parameters: map[string]*armpolicy.ParameterDefinitionsValue{
		// 					"prefix": &armpolicy.ParameterDefinitionsValue{
		// 						Type: to.Ptr(armpolicy.ParameterTypeString),
		// 						Metadata: &armpolicy.ParameterDefinitionsValueMetadata{
		// 							Description: to.Ptr("Resource name prefix"),
		// 							DisplayName: to.Ptr("Prefix"),
		// 						},
		// 					},
		// 					"suffix": &armpolicy.ParameterDefinitionsValue{
		// 						Type: to.Ptr(armpolicy.ParameterTypeString),
		// 						Metadata: &armpolicy.ParameterDefinitionsValueMetadata{
		// 							Description: to.Ptr("Resource name suffix"),
		// 							DisplayName: to.Ptr("Suffix"),
		// 						},
		// 					},
		// 				},
		// 				PolicyRule: map[string]any{
		// 					"if":map[string]any{
		// 						"not":map[string]any{
		// 							"field": "name",
		// 							"like": "[concat(parameters('prefix'), '*', parameters('suffix'))]",
		// 						},
		// 					},
		// 					"then":map[string]any{
		// 						"effect": "deny",
		// 					},
		// 				},
		// 				PolicyType: to.Ptr(armpolicy.PolicyTypeCustom),
		// 			},
		// 	}},
		// }
	}
}

Output:

func (*DefinitionsClient) NewListPager added in v0.5.0 

func (client *DefinitionsClient) NewListPager(options *DefinitionsClientListOptions) *runtime.Pager[DefinitionsClientListResponse]

NewListPager - This operation retrieves a list of all the policy definitions in a given subscription that match the optional given $filter. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}”. If $filter is not provided, the unfiltered list includes all policy definitions associated with the subscription, including those that apply directly or from management groups that contain the given subscription. If $filter=atExactScope() is provided, the returned list only includes all policy definitions that at the given subscription. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all policy definitions whose category match the {value}.

Generated from API version 2021-06-01

  • options - DefinitionsClientListOptions contains the optional parameters for the DefinitionsClient.NewListPager method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d55b8005f05b040b852c15e74a0f3e36494a15e1/specification/resources/resource-manager/Microsoft.Authorization/stable/2021-06-01/examples/listPolicyDefinitions.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	pager := clientFactory.NewDefinitionsClient().NewListPager(&armpolicy.DefinitionsClientListOptions{Filter: nil,
		Top: nil,
	})
	for pager.More() {
		page, err := pager.NextPage(ctx)
		if err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		for _, v := range page.Value {
			// You could use page here. We use blank identifier for just demo purposes.
			_ = v
		}
		// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
		// page.DefinitionListResult = armpolicy.DefinitionListResult{
		// 	Value: []*armpolicy.Definition{
		// 		{
		// 			Name: to.Ptr("7433c107-6db4-4ad1-b57a-a76dce0154a1"),
		// 			Type: to.Ptr("Microsoft.Authorization/policyDefinitions"),
		// 			ID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1"),
		// 			Properties: &armpolicy.DefinitionProperties{
		// 				Description: to.Ptr("This policy enables you to specify a set of storage account SKUs that your organization can deploy."),
		// 				DisplayName: to.Ptr("Allowed storage account SKUs"),
		// 				Mode: to.Ptr("All"),
		// 				Parameters: map[string]*armpolicy.ParameterDefinitionsValue{
		// 					"listOfAllowedSKUs": &armpolicy.ParameterDefinitionsValue{
		// 						Type: to.Ptr(armpolicy.ParameterTypeArray),
		// 						Metadata: &armpolicy.ParameterDefinitionsValueMetadata{
		// 							Description: to.Ptr("The list of SKUs that can be specified for storage accounts."),
		// 							DisplayName: to.Ptr("Allowed SKUs"),
		// 							StrongType: to.Ptr("StorageSKUs"),
		// 						},
		// 					},
		// 				},
		// 				PolicyRule: map[string]any{
		// 					"if":map[string]any{
		// 						"allOf":[]any{
		// 							map[string]any{
		// 								"equals": "Microsoft.Storage/storageAccounts",
		// 								"field": "type",
		// 							},
		// 							map[string]any{
		// 								"not":map[string]any{
		// 									"field": "Microsoft.Storage/storageAccounts/sku.name",
		// 									"in": "[parameters('listOfAllowedSKUs')]",
		// 								},
		// 							},
		// 						},
		// 					},
		// 					"then":map[string]any{
		// 						"effect": "Deny",
		// 					},
		// 				},
		// 				PolicyType: to.Ptr(armpolicy.PolicyTypeBuiltIn),
		// 			},
		// 		},
		// 		{
		// 			Name: to.Ptr("ResourceNaming"),
		// 			Type: to.Ptr("Microsoft.Authorization/policyDefinitions"),
		// 			ID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
		// 			Properties: &armpolicy.DefinitionProperties{
		// 				Description: to.Ptr("Force resource names to begin with 'prefix' and end with 'suffix'"),
		// 				DisplayName: to.Ptr("Naming Convention"),
		// 				Metadata: map[string]any{
		// 					"category": "Naming",
		// 				},
		// 				Mode: to.Ptr("All"),
		// 				Parameters: map[string]*armpolicy.ParameterDefinitionsValue{
		// 					"prefix": &armpolicy.ParameterDefinitionsValue{
		// 						Type: to.Ptr(armpolicy.ParameterTypeString),
		// 						Metadata: &armpolicy.ParameterDefinitionsValueMetadata{
		// 							Description: to.Ptr("Resource name prefix"),
		// 							DisplayName: to.Ptr("Prefix"),
		// 						},
		// 					},
		// 					"suffix": &armpolicy.ParameterDefinitionsValue{
		// 						Type: to.Ptr(armpolicy.ParameterTypeString),
		// 						Metadata: &armpolicy.ParameterDefinitionsValueMetadata{
		// 							Description: to.Ptr("Resource name suffix"),
		// 							DisplayName: to.Ptr("Suffix"),
		// 						},
		// 					},
		// 				},
		// 				PolicyRule: map[string]any{
		// 					"if":map[string]any{
		// 						"not":map[string]any{
		// 							"field": "name",
		// 							"like": "[concat(parameters('prefix'), '*', parameters('suffix'))]",
		// 						},
		// 					},
		// 					"then":map[string]any{
		// 						"effect": "deny",
		// 					},
		// 				},
		// 				PolicyType: to.Ptr(armpolicy.PolicyTypeCustom),
		// 			},
		// 		},
		// 		{
		// 			Name: to.Ptr("AuditSoonToExpireCerts"),
		// 			Type: to.Ptr("Microsoft.Authorization/policyDefinitions"),
		// 			ID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/AuditSoonToExpireCerts"),
		// 			Properties: &armpolicy.DefinitionProperties{
		// 				Description: to.Ptr("Audit certificates that are stored in Azure Key Vault, that expire within 'X' number of days."),
		// 				DisplayName: to.Ptr("Audit KeyVault certificates that expire within specified number of days"),
		// 				Metadata: map[string]any{
		// 					"category": "KeyVault DataPlane",
		// 				},
		// 				Mode: to.Ptr("Microsoft.KeyVault.Data"),
		// 				Parameters: map[string]*armpolicy.ParameterDefinitionsValue{
		// 					"daysToExpire": &armpolicy.ParameterDefinitionsValue{
		// 						Type: to.Ptr(armpolicy.ParameterTypeInteger),
		// 						Metadata: &armpolicy.ParameterDefinitionsValueMetadata{
		// 							Description: to.Ptr("The number of days for a certificate to expire."),
		// 							DisplayName: to.Ptr("Days to expire"),
		// 						},
		// 					},
		// 				},
		// 				PolicyRule: map[string]any{
		// 					"if":map[string]any{
		// 						"field": "Microsoft.KeyVault.Data/vaults/certificates/attributes/expiresOn",
		// 						"lessOrEquals": "[addDays(utcNow(), parameters('daysToExpire'))]",
		// 					},
		// 					"then":map[string]any{
		// 						"effect": "audit",
		// 					},
		// 				},
		// 				PolicyType: to.Ptr(armpolicy.PolicyTypeCustom),
		// 			},
		// 	}},
		// }
	}
}

Output:

type DefinitionsClientCreateOrUpdateAtManagementGroupOptions added in v0.2.0 

type DefinitionsClientCreateOrUpdateAtManagementGroupOptions struct {
}

DefinitionsClientCreateOrUpdateAtManagementGroupOptions contains the optional parameters for the DefinitionsClient.CreateOrUpdateAtManagementGroup method.

type DefinitionsClientCreateOrUpdateAtManagementGroupResponse added in v0.2.0 

type DefinitionsClientCreateOrUpdateAtManagementGroupResponse struct {
	Definition
}

DefinitionsClientCreateOrUpdateAtManagementGroupResponse contains the response from method DefinitionsClient.CreateOrUpdateAtManagementGroup.

type DefinitionsClientCreateOrUpdateOptions added in v0.2.0 

type DefinitionsClientCreateOrUpdateOptions struct {
}

DefinitionsClientCreateOrUpdateOptions contains the optional parameters for the DefinitionsClient.CreateOrUpdate method.

type DefinitionsClientCreateOrUpdateResponse added in v0.2.0 

type DefinitionsClientCreateOrUpdateResponse struct {
	Definition
}

DefinitionsClientCreateOrUpdateResponse contains the response from method DefinitionsClient.CreateOrUpdate.

type DefinitionsClientDeleteAtManagementGroupOptions added in v0.2.0 

type DefinitionsClientDeleteAtManagementGroupOptions struct {
}

DefinitionsClientDeleteAtManagementGroupOptions contains the optional parameters for the DefinitionsClient.DeleteAtManagementGroup method.

type DefinitionsClientDeleteAtManagementGroupResponse added in v0.2.0 

type DefinitionsClientDeleteAtManagementGroupResponse struct {
}

DefinitionsClientDeleteAtManagementGroupResponse contains the response from method DefinitionsClient.DeleteAtManagementGroup.

type DefinitionsClientDeleteOptions added in v0.2.0 

type DefinitionsClientDeleteOptions struct {
}

DefinitionsClientDeleteOptions contains the optional parameters for the DefinitionsClient.Delete method.

type DefinitionsClientDeleteResponse added in v0.2.0 

type DefinitionsClientDeleteResponse struct {
}

DefinitionsClientDeleteResponse contains the response from method DefinitionsClient.Delete.

type DefinitionsClientGetAtManagementGroupOptions added in v0.2.0 

type DefinitionsClientGetAtManagementGroupOptions struct {
}

DefinitionsClientGetAtManagementGroupOptions contains the optional parameters for the DefinitionsClient.GetAtManagementGroup method.

type DefinitionsClientGetAtManagementGroupResponse added in v0.2.0 

type DefinitionsClientGetAtManagementGroupResponse struct {
	Definition
}

DefinitionsClientGetAtManagementGroupResponse contains the response from method DefinitionsClient.GetAtManagementGroup.

type DefinitionsClientGetBuiltInOptions added in v0.2.0 

type DefinitionsClientGetBuiltInOptions struct {
}

DefinitionsClientGetBuiltInOptions contains the optional parameters for the DefinitionsClient.GetBuiltIn method.

type DefinitionsClientGetBuiltInResponse added in v0.2.0 

type DefinitionsClientGetBuiltInResponse struct {
	Definition
}

DefinitionsClientGetBuiltInResponse contains the response from method DefinitionsClient.GetBuiltIn.

type DefinitionsClientGetOptions added in v0.2.0 

type DefinitionsClientGetOptions struct {
}

DefinitionsClientGetOptions contains the optional parameters for the DefinitionsClient.Get method.

type DefinitionsClientGetResponse added in v0.2.0 

type DefinitionsClientGetResponse struct {
	Definition
}

DefinitionsClientGetResponse contains the response from method DefinitionsClient.Get.

type DefinitionsClientListBuiltInOptions added in v0.2.0 

type DefinitionsClientListBuiltInOptions struct {
	// The filter to apply on the operation. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category
	// eq '{value}”. If $filter is not provided, no filtering is performed. If
	// $filter=atExactScope() is provided, the returned list only includes all policy definitions that at the given scope. If
	// $filter='policyType -eq {value}' is provided, the returned list only includes all
	// policy definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static.
	// If $filter='category -eq {value}' is provided, the returned list only
	// includes all policy definitions whose category match the {value}.
	Filter *string
	// Maximum number of records to return. When the $top filter is not provided, it will return 500 records.
	Top *int32
}

DefinitionsClientListBuiltInOptions contains the optional parameters for the DefinitionsClient.NewListBuiltInPager method.

type DefinitionsClientListBuiltInResponse added in v0.2.0 

type DefinitionsClientListBuiltInResponse struct {
	DefinitionListResult
}

DefinitionsClientListBuiltInResponse contains the response from method DefinitionsClient.NewListBuiltInPager.

type DefinitionsClientListByManagementGroupOptions added in v0.2.0 

type DefinitionsClientListByManagementGroupOptions struct {
	// The filter to apply on the operation. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category
	// eq '{value}”. If $filter is not provided, no filtering is performed. If
	// $filter=atExactScope() is provided, the returned list only includes all policy definitions that at the given scope. If
	// $filter='policyType -eq {value}' is provided, the returned list only includes all
	// policy definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static.
	// If $filter='category -eq {value}' is provided, the returned list only
	// includes all policy definitions whose category match the {value}.
	Filter *string
	// Maximum number of records to return. When the $top filter is not provided, it will return 500 records.
	Top *int32
}

DefinitionsClientListByManagementGroupOptions contains the optional parameters for the DefinitionsClient.NewListByManagementGroupPager method.

type DefinitionsClientListByManagementGroupResponse added in v0.2.0 

type DefinitionsClientListByManagementGroupResponse struct {
	DefinitionListResult
}

DefinitionsClientListByManagementGroupResponse contains the response from method DefinitionsClient.NewListByManagementGroupPager.

type DefinitionsClientListOptions added in v0.2.0 

type DefinitionsClientListOptions struct {
	// The filter to apply on the operation. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category
	// eq '{value}”. If $filter is not provided, no filtering is performed. If
	// $filter=atExactScope() is provided, the returned list only includes all policy definitions that at the given scope. If
	// $filter='policyType -eq {value}' is provided, the returned list only includes all
	// policy definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static.
	// If $filter='category -eq {value}' is provided, the returned list only
	// includes all policy definitions whose category match the {value}.
	Filter *string
	// Maximum number of records to return. When the $top filter is not provided, it will return 500 records.
	Top *int32
}

DefinitionsClientListOptions contains the optional parameters for the DefinitionsClient.NewListPager method.

type DefinitionsClientListResponse added in v0.2.0 

type DefinitionsClientListResponse struct {
	DefinitionListResult
}

DefinitionsClientListResponse contains the response from method DefinitionsClient.NewListPager.

type EnforcementMode 

type EnforcementMode string

EnforcementMode - The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. 

const (
	// EnforcementModeDefault - The policy effect is enforced during resource creation or update.
	EnforcementModeDefault EnforcementMode = "Default"
	// EnforcementModeDoNotEnforce - The policy effect is not enforced during resource creation or update.
	EnforcementModeDoNotEnforce EnforcementMode = "DoNotEnforce"
)

func PossibleEnforcementModeValues 

func PossibleEnforcementModeValues() []EnforcementMode

PossibleEnforcementModeValues returns the possible values for the EnforcementMode const type.

type ErrorAdditionalInfo 

type ErrorAdditionalInfo struct {
	// READ-ONLY; The additional info.
	Info any `json:"info,omitempty" azure:"ro"`

	// READ-ONLY; The additional info type.
	Type *string `json:"type,omitempty" azure:"ro"`
}

ErrorAdditionalInfo - The resource management error additional info.

func (ErrorAdditionalInfo) MarshalJSON added in v0.7.0 

func (e ErrorAdditionalInfo) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ErrorAdditionalInfo.

func (*ErrorAdditionalInfo) UnmarshalJSON added in v0.7.0 

func (e *ErrorAdditionalInfo) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ErrorAdditionalInfo.

type ErrorResponse 

type ErrorResponse struct {
	// READ-ONLY; The error additional info.
	AdditionalInfo []*ErrorAdditionalInfo `json:"additionalInfo,omitempty" azure:"ro"`

	// READ-ONLY; The error code.
	Code *string `json:"code,omitempty" azure:"ro"`

	// READ-ONLY; The error details.
	Details []*ErrorResponse `json:"details,omitempty" azure:"ro"`

	// READ-ONLY; The error message.
	Message *string `json:"message,omitempty" azure:"ro"`

	// READ-ONLY; The error target.
	Target *string `json:"target,omitempty" azure:"ro"`
}

ErrorResponse - Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.)

func (ErrorResponse) MarshalJSON 

func (e ErrorResponse) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ErrorResponse.

func (*ErrorResponse) UnmarshalJSON added in v0.7.0 

func (e *ErrorResponse) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ErrorResponse.

type Exemption added in v0.2.0 

type Exemption struct {
	// REQUIRED; Properties for the policy exemption.
	Properties *ExemptionProperties `json:"properties,omitempty"`

	// READ-ONLY; The ID of the policy exemption.
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the policy exemption.
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource (Microsoft.Authorization/policyExemptions).
	Type *string `json:"type,omitempty" azure:"ro"`
}

Exemption - The policy exemption.

func (Exemption) MarshalJSON added in v0.7.0 

func (e Exemption) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type Exemption.

func (*Exemption) UnmarshalJSON added in v0.7.0 

func (e *Exemption) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type Exemption.

type ExemptionCategory 

type ExemptionCategory string

ExemptionCategory - The policy exemption category. Possible values are Waiver and Mitigated. 

const (
	// ExemptionCategoryMitigated - This category of exemptions usually means the mitigation actions have been applied to the
	// scope.
	ExemptionCategoryMitigated ExemptionCategory = "Mitigated"
	// ExemptionCategoryWaiver - This category of exemptions usually means the scope is not applicable for the policy.
	ExemptionCategoryWaiver ExemptionCategory = "Waiver"
)

func PossibleExemptionCategoryValues 

func PossibleExemptionCategoryValues() []ExemptionCategory

PossibleExemptionCategoryValues returns the possible values for the ExemptionCategory const type.

type ExemptionListResult added in v0.2.0 

type ExemptionListResult struct {
	// An array of policy exemptions.
	Value []*Exemption `json:"value,omitempty"`

	// READ-ONLY; The URL to use for getting the next set of results.
	NextLink *string `json:"nextLink,omitempty" azure:"ro"`
}

ExemptionListResult - List of policy exemptions.

func (ExemptionListResult) MarshalJSON added in v0.2.0 

func (e ExemptionListResult) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ExemptionListResult.

func (*ExemptionListResult) UnmarshalJSON added in v0.7.0 

func (e *ExemptionListResult) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ExemptionListResult.

type ExemptionProperties added in v0.2.0 

type ExemptionProperties struct {
	// REQUIRED; The policy exemption category. Possible values are Waiver and Mitigated.
	ExemptionCategory *ExemptionCategory `json:"exemptionCategory,omitempty"`

	// REQUIRED; The ID of the policy assignment that is being exempted.
	PolicyAssignmentID *string `json:"policyAssignmentId,omitempty"`

	// The description of the policy exemption.
	Description *string `json:"description,omitempty"`

	// The display name of the policy exemption.
	DisplayName *string `json:"displayName,omitempty"`

	// The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption.
	ExpiresOn *time.Time `json:"expiresOn,omitempty"`

	// The policy exemption metadata. Metadata is an open ended object and is typically a collection of key value pairs.
	Metadata any `json:"metadata,omitempty"`

	// The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition.
	PolicyDefinitionReferenceIDs []*string `json:"policyDefinitionReferenceIds,omitempty"`
}

ExemptionProperties - The policy exemption properties.

func (ExemptionProperties) MarshalJSON added in v0.2.0 

func (e ExemptionProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ExemptionProperties.

func (*ExemptionProperties) UnmarshalJSON added in v0.2.0 

func (e *ExemptionProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ExemptionProperties.

type ExemptionsClient added in v0.2.0 

type ExemptionsClient struct {
	// contains filtered or unexported fields
}

ExemptionsClient contains the methods for the PolicyExemptions group. Don't use this type directly, use NewExemptionsClient() instead.

func NewExemptionsClient added in v0.2.0 

func NewExemptionsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*ExemptionsClient, error)

NewExemptionsClient creates a new instance of ExemptionsClient with the specified values.

  • subscriptionID - The ID of the target subscription.
  • credential - used to authorize requests. Usually a credential from azidentity.
  • options - pass nil to accept the default values.

func (*ExemptionsClient) CreateOrUpdate added in v0.2.0 

func (client *ExemptionsClient) CreateOrUpdate(ctx context.Context, scope string, policyExemptionName string, parameters Exemption, options *ExemptionsClientCreateOrUpdateOptions) (ExemptionsClientCreateOrUpdateResponse, error)

CreateOrUpdate - This operation creates or updates a policy exemption with the given scope and name. Policy exemptions apply to all resources contained within their scope. For example, when you create a policy exemption at resource group scope for a policy assignment at the same or above level, the exemption exempts to all applicable resources in the resource group. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2020-07-01-preview

  • scope - The scope of the policy exemption. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
  • policyExemptionName - The name of the policy exemption to delete.
  • parameters - Parameters for the policy exemption.
  • options - ExemptionsClientCreateOrUpdateOptions contains the optional parameters for the ExemptionsClient.CreateOrUpdate method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d55b8005f05b040b852c15e74a0f3e36494a15e1/specification/resources/resource-manager/Microsoft.Authorization/preview/2020-07-01-preview/examples/createOrUpdatePolicyExemption.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewExemptionsClient().CreateOrUpdate(ctx, "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster", "DemoExpensiveVM", armpolicy.Exemption{
		Properties: &armpolicy.ExemptionProperties{
			Description:       to.Ptr("Exempt demo cluster from limit sku"),
			DisplayName:       to.Ptr("Exempt demo cluster"),
			ExemptionCategory: to.Ptr(armpolicy.ExemptionCategoryWaiver),
			Metadata: map[string]any{
				"reason": "Temporary exemption for a expensive VM demo",
			},
			PolicyAssignmentID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement"),
			PolicyDefinitionReferenceIDs: []*string{
				to.Ptr("Limit_Skus")},
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.Exemption = armpolicy.Exemption{
	// 	Name: to.Ptr("DemoExpensiveVM"),
	// 	Type: to.Ptr("Microsoft.Authorization/policyExemptions"),
	// 	ID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster/providers/Microsoft.Authorization/policyExemptions/DemoExpensiveVM"),
	// 	Properties: &armpolicy.ExemptionProperties{
	// 		Description: to.Ptr("Exempt demo cluster from limit sku"),
	// 		DisplayName: to.Ptr("Exempt demo cluster"),
	// 		ExemptionCategory: to.Ptr(armpolicy.ExemptionCategoryWaiver),
	// 		Metadata: map[string]any{
	// 			"reason": "Temporary exemption for a expensive VM demo",
	// 		},
	// 		PolicyAssignmentID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement"),
	// 		PolicyDefinitionReferenceIDs: []*string{
	// 			to.Ptr("Limit_Skus")},
	// 		},
	// 		SystemData: &armpolicy.SystemData{
	// 			CreatedAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-07-01T01:01:01.1075056Z"); return t}()),
	// 			CreatedBy: to.Ptr("string"),
	// 			CreatedByType: to.Ptr(armpolicy.CreatedByTypeUser),
	// 			LastModifiedAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-07-01T02:01:01.1075056Z"); return t}()),
	// 			LastModifiedBy: to.Ptr("string"),
	// 			LastModifiedByType: to.Ptr(armpolicy.CreatedByTypeUser),
	// 		},
	// 	}
}

Output:

func (*ExemptionsClient) Delete added in v0.2.0 

func (client *ExemptionsClient) Delete(ctx context.Context, scope string, policyExemptionName string, options *ExemptionsClientDeleteOptions) (ExemptionsClientDeleteResponse, error)

Delete - This operation deletes a policy exemption, given its name and the scope it was created in. The scope of a policy exemption is the part of its ID preceding '/providers/Microsoft.Authorization/policyExemptions/{policyExemptionName}'. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2020-07-01-preview

  • scope - The scope of the policy exemption. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
  • policyExemptionName - The name of the policy exemption to delete.
  • options - ExemptionsClientDeleteOptions contains the optional parameters for the ExemptionsClient.Delete method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d55b8005f05b040b852c15e74a0f3e36494a15e1/specification/resources/resource-manager/Microsoft.Authorization/preview/2020-07-01-preview/examples/deletePolicyExemption.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	_, err = clientFactory.NewExemptionsClient().Delete(ctx, "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster", "DemoExpensiveVM", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
}

Output:

func (*ExemptionsClient) Get added in v0.2.0 

func (client *ExemptionsClient) Get(ctx context.Context, scope string, policyExemptionName string, options *ExemptionsClientGetOptions) (ExemptionsClientGetResponse, error)

Get - This operation retrieves a single policy exemption, given its name and the scope it was created at. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2020-07-01-preview

  • scope - The scope of the policy exemption. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
  • policyExemptionName - The name of the policy exemption to delete.
  • options - ExemptionsClientGetOptions contains the optional parameters for the ExemptionsClient.Get method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d55b8005f05b040b852c15e74a0f3e36494a15e1/specification/resources/resource-manager/Microsoft.Authorization/preview/2020-07-01-preview/examples/getPolicyExemption.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewExemptionsClient().Get(ctx, "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster", "DemoExpensiveVM", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.Exemption = armpolicy.Exemption{
	// 	Name: to.Ptr("DemoExpensiveVM"),
	// 	Type: to.Ptr("Microsoft.Authorization/policyExemptions"),
	// 	ID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster/providers/Microsoft.Authorization/policyExemptions/DemoExpensiveVM"),
	// 	Properties: &armpolicy.ExemptionProperties{
	// 		Description: to.Ptr("Exempt demo cluster from limit sku"),
	// 		DisplayName: to.Ptr("Exempt demo cluster"),
	// 		ExemptionCategory: to.Ptr(armpolicy.ExemptionCategoryWaiver),
	// 		Metadata: map[string]any{
	// 			"reason": "Temporary exemption for a expensive VM demo",
	// 		},
	// 		PolicyAssignmentID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement"),
	// 		PolicyDefinitionReferenceIDs: []*string{
	// 			to.Ptr("Limit_Skus")},
	// 		},
	// 		SystemData: &armpolicy.SystemData{
	// 			CreatedAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-07-01T01:01:01.1075056Z"); return t}()),
	// 			CreatedBy: to.Ptr("string"),
	// 			CreatedByType: to.Ptr(armpolicy.CreatedByTypeUser),
	// 			LastModifiedAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-07-01T02:01:01.1075056Z"); return t}()),
	// 			LastModifiedBy: to.Ptr("string"),
	// 			LastModifiedByType: to.Ptr(armpolicy.CreatedByTypeUser),
	// 		},
	// 	}
}

Output:

func (*ExemptionsClient) NewListForManagementGroupPager added in v0.5.0 

func (client *ExemptionsClient) NewListForManagementGroupPager(managementGroupID string, options *ExemptionsClientListForManagementGroupOptions) *runtime.Pager[ExemptionsClientListForManagementGroupResponse]

NewListForManagementGroupPager - This operation retrieves the list of all policy exemptions applicable to the management group that match the given $filter. Valid values for $filter are: 'atScope()', 'atExactScope()', 'excludeExpired()' or 'policyAssignmentId eq '{value}”. If $filter=atScope() is provided, the returned list includes all policy exemptions that are assigned to the management group or the management group's ancestors.

Generated from API version 2020-07-01-preview

  • managementGroupID - The ID of the management group.
  • options - ExemptionsClientListForManagementGroupOptions contains the optional parameters for the ExemptionsClient.NewListForManagementGroupPager method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d55b8005f05b040b852c15e74a0f3e36494a15e1/specification/resources/resource-manager/Microsoft.Authorization/preview/2020-07-01-preview/examples/listPolicyExemptionsForManagementGroup.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	pager := clientFactory.NewExemptionsClient().NewListForManagementGroupPager("DevOrg", &armpolicy.ExemptionsClientListForManagementGroupOptions{Filter: to.Ptr("atScope()")})
	for pager.More() {
		page, err := pager.NextPage(ctx)
		if err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		for _, v := range page.Value {
			// You could use page here. We use blank identifier for just demo purposes.
			_ = v
		}
		// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
		// page.ExemptionListResult = armpolicy.ExemptionListResult{
		// 	Value: []*armpolicy.Exemption{
		// 		{
		// 			Name: to.Ptr("ResearchBudgetExemption"),
		// 			Type: to.Ptr("Microsoft.Authorization/policyExemptions"),
		// 			ID: to.Ptr("/providers/Microsoft.Management/managementGroups/DevOrg/providers/Microsoft.Authorization/policyExemptions/ResearchBudgetExemption"),
		// 			Properties: &armpolicy.ExemptionProperties{
		// 				Description: to.Ptr("Exempt demo cluster from limit sku"),
		// 				DisplayName: to.Ptr("Exempt demo cluster"),
		// 				ExemptionCategory: to.Ptr(armpolicy.ExemptionCategoryWaiver),
		// 				Metadata: map[string]any{
		// 					"reason": "Temporary exemption for a expensive VM demo",
		// 				},
		// 				PolicyAssignmentID: to.Ptr("/providers/Microsoft.Management/managementGroups/HardwareDivision/providers/Microsoft.Authorization/policyAssignments/CostManagement"),
		// 				PolicyDefinitionReferenceIDs: []*string{
		// 					to.Ptr("Limit_Skus")},
		// 				},
		// 				SystemData: &armpolicy.SystemData{
		// 					CreatedAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-07-01T01:01:01.1075056Z"); return t}()),
		// 					CreatedBy: to.Ptr("string"),
		// 					CreatedByType: to.Ptr(armpolicy.CreatedByTypeUser),
		// 					LastModifiedAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-07-01T02:01:01.1075056Z"); return t}()),
		// 					LastModifiedBy: to.Ptr("string"),
		// 					LastModifiedByType: to.Ptr(armpolicy.CreatedByTypeUser),
		// 				},
		// 			},
		// 			{
		// 				Name: to.Ptr("VNetIsMonitored"),
		// 				Type: to.Ptr("Microsoft.Authorization/policyExemptions"),
		// 				ID: to.Ptr("/providers/Microsoft.Management/managementGroups/DevOrg/providers/Microsoft.Authorization/policyExemptions/VNetIsMonitored"),
		// 				Properties: &armpolicy.ExemptionProperties{
		// 					Description: to.Ptr("Exempt jump box open ports from limit ports policy"),
		// 					DisplayName: to.Ptr("Exempt jump box open ports"),
		// 					ExemptionCategory: to.Ptr(armpolicy.ExemptionCategoryMitigated),
		// 					Metadata: map[string]any{
		// 						"reason": "Need to open RDP port to corp net",
		// 					},
		// 					PolicyAssignmentID: to.Ptr("/providers/Microsoft.Management/managementGroups/HardwareDivision/providers/Microsoft.Authorization/policyAssignments/LimitPorts"),
		// 				},
		// 				SystemData: &armpolicy.SystemData{
		// 					CreatedAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-07-01T01:01:01.1075056Z"); return t}()),
		// 					CreatedBy: to.Ptr("string"),
		// 					CreatedByType: to.Ptr(armpolicy.CreatedByTypeUser),
		// 					LastModifiedAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-07-01T02:01:01.1075056Z"); return t}()),
		// 					LastModifiedBy: to.Ptr("string"),
		// 					LastModifiedByType: to.Ptr(armpolicy.CreatedByTypeUser),
		// 				},
		// 		}},
		// 	}
	}
}

Output:

func (*ExemptionsClient) NewListForResourceGroupPager added in v0.5.0 

func (client *ExemptionsClient) NewListForResourceGroupPager(resourceGroupName string, options *ExemptionsClientListForResourceGroupOptions) *runtime.Pager[ExemptionsClientListForResourceGroupResponse]

NewListForResourceGroupPager - This operation retrieves the list of all policy exemptions associated with the given resource group in the given subscription that match the optional given $filter. Valid values for $filter are: 'atScope()', 'atExactScope()', 'excludeExpired()' or 'policyAssignmentId eq '{value}”. If $filter is not provided, the unfiltered list includes all policy exemptions associated with the resource group, including those that apply directly or apply from containing scopes, as well as any applied to resources contained within the resource group.

Generated from API version 2020-07-01-preview

  • resourceGroupName - The name of the resource group containing the resource.
  • options - ExemptionsClientListForResourceGroupOptions contains the optional parameters for the ExemptionsClient.NewListForResourceGroupPager method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d55b8005f05b040b852c15e74a0f3e36494a15e1/specification/resources/resource-manager/Microsoft.Authorization/preview/2020-07-01-preview/examples/listPolicyExemptionsForResourceGroup.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	pager := clientFactory.NewExemptionsClient().NewListForResourceGroupPager("TestResourceGroup", &armpolicy.ExemptionsClientListForResourceGroupOptions{Filter: to.Ptr("atScope()")})
	for pager.More() {
		page, err := pager.NextPage(ctx)
		if err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		for _, v := range page.Value {
			// You could use page here. We use blank identifier for just demo purposes.
			_ = v
		}
		// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
		// page.ExemptionListResult = armpolicy.ExemptionListResult{
		// 	Value: []*armpolicy.Exemption{
		// 		{
		// 			Name: to.Ptr("TestVMSub"),
		// 			Type: to.Ptr("Microsoft.Authorization/policyExemptions"),
		// 			ID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyExemptions/TestVMSub"),
		// 			Properties: &armpolicy.ExemptionProperties{
		// 				Description: to.Ptr("Exempt demo cluster from limit sku"),
		// 				DisplayName: to.Ptr("Exempt demo cluster"),
		// 				ExemptionCategory: to.Ptr(armpolicy.ExemptionCategoryWaiver),
		// 				Metadata: map[string]any{
		// 					"reason": "Temporary exemption for a expensive VM demo",
		// 				},
		// 				PolicyAssignmentID: to.Ptr("/providers/Microsoft.Management/managementGroups/DevOrg/providers/Microsoft.Authorization/policyAssignments/CostManagement"),
		// 				PolicyDefinitionReferenceIDs: []*string{
		// 					to.Ptr("Limit_Skus")},
		// 				},
		// 				SystemData: &armpolicy.SystemData{
		// 					CreatedAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-07-01T01:01:01.1075056Z"); return t}()),
		// 					CreatedBy: to.Ptr("string"),
		// 					CreatedByType: to.Ptr(armpolicy.CreatedByTypeUser),
		// 					LastModifiedAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-07-01T02:01:01.1075056Z"); return t}()),
		// 					LastModifiedBy: to.Ptr("string"),
		// 					LastModifiedByType: to.Ptr(armpolicy.CreatedByTypeUser),
		// 				},
		// 			},
		// 			{
		// 				Name: to.Ptr("TestVNetRG"),
		// 				Type: to.Ptr("Microsoft.Authorization/policyExemptions"),
		// 				ID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup/providers/Microsoft.Authorization/policyExemptions/TestVNetRG"),
		// 				Properties: &armpolicy.ExemptionProperties{
		// 					Description: to.Ptr("Exempt jump box open ports from limit ports policy"),
		// 					DisplayName: to.Ptr("Exempt jump box open ports"),
		// 					ExemptionCategory: to.Ptr(armpolicy.ExemptionCategoryMitigated),
		// 					Metadata: map[string]any{
		// 						"reason": "Need to open RDP port to corp net",
		// 					},
		// 					PolicyAssignmentID: to.Ptr("/providers/Microsoft.Management/managementGroups/DevOrg/providers/Microsoft.Authorization/policyAssignments/LimitPorts"),
		// 				},
		// 				SystemData: &armpolicy.SystemData{
		// 					CreatedAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-07-01T01:01:01.1075056Z"); return t}()),
		// 					CreatedBy: to.Ptr("string"),
		// 					CreatedByType: to.Ptr(armpolicy.CreatedByTypeUser),
		// 					LastModifiedAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-07-01T02:01:01.1075056Z"); return t}()),
		// 					LastModifiedBy: to.Ptr("string"),
		// 					LastModifiedByType: to.Ptr(armpolicy.CreatedByTypeUser),
		// 				},
		// 		}},
		// 	}
	}
}

Output:

func (*ExemptionsClient) NewListForResourcePager added in v0.5.0 

func (client *ExemptionsClient) NewListForResourcePager(resourceGroupName string, resourceProviderNamespace string, parentResourcePath string, resourceType string, resourceName string, options *ExemptionsClientListForResourceOptions) *runtime.Pager[ExemptionsClientListForResourceResponse]

NewListForResourcePager - This operation retrieves the list of all policy exemptions associated with the specified resource in the given resource group and subscription that match the optional given $filter. Valid values for $filter are: 'atScope()', 'atExactScope()', 'excludeExpired()' or 'policyAssignmentId eq '{value}”. If $filter is not provided, the unfiltered list includes all policy exemptions associated with the resource, including those that apply directly or from all containing scopes, as well as any applied to resources contained within the resource. Three parameters plus the resource name are used to identify a specific resource. If the resource is not part of a parent resource (the more common case), the parent resource path should not be provided (or provided as ”). For example a web app could be specified as ({resourceProviderNamespace} == 'Microsoft.Web', {parentResourcePath} == ”, {resourceType} == 'sites', {resourceName} == 'MyWebApp'). If the resource is part of a parent resource, then all parameters should be provided. For example a virtual machine DNS name could be specified as ({resourceProviderNamespace} == 'Microsoft.Compute', {parentResourcePath} == 'virtualMachines/MyVirtualMachine', {resourceType} == 'domainNames', {resourceName} == 'MyComputerName'). A convenient alternative to providing the namespace and type name separately is to provide both in the {resourceType} parameter, format: ({resourceProviderNamespace} == ”, {parentResourcePath} == ”, {resourceType} == 'Microsoft.Web/sites', {resourceName} == 'MyWebApp').

Generated from API version 2020-07-01-preview

  • resourceGroupName - The name of the resource group containing the resource.
  • resourceProviderNamespace - The namespace of the resource provider. For example, the namespace of a virtual machine is Microsoft.Compute (from Microsoft.Compute/virtualMachines)
  • parentResourcePath - The parent resource path. Use empty string if there is none.
  • resourceType - The resource type name. For example the type name of a web app is 'sites' (from Microsoft.Web/sites).
  • resourceName - The name of the resource.
  • options - ExemptionsClientListForResourceOptions contains the optional parameters for the ExemptionsClient.NewListForResourcePager method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d55b8005f05b040b852c15e74a0f3e36494a15e1/specification/resources/resource-manager/Microsoft.Authorization/preview/2020-07-01-preview/examples/listPolicyExemptionsForResource.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	pager := clientFactory.NewExemptionsClient().NewListForResourcePager("TestResourceGroup", "Microsoft.Compute", "virtualMachines/MyTestVm", "domainNames", "MyTestComputer.cloudapp.net", &armpolicy.ExemptionsClientListForResourceOptions{Filter: nil})
	for pager.More() {
		page, err := pager.NextPage(ctx)
		if err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		for _, v := range page.Value {
			// You could use page here. We use blank identifier for just demo purposes.
			_ = v
		}
		// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
		// page.ExemptionListResult = armpolicy.ExemptionListResult{
		// 	Value: []*armpolicy.Exemption{
		// 		{
		// 			Name: to.Ptr("DemoExpensiveVMGroup"),
		// 			Type: to.Ptr("Microsoft.Authorization/policyExemptions"),
		// 			ID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup/providers/Microsoft.Authorization/policyExemptions/DemoExpensiveVMGroup"),
		// 			Properties: &armpolicy.ExemptionProperties{
		// 				Description: to.Ptr("Exempt demo cluster from limit sku"),
		// 				DisplayName: to.Ptr("Exempt demo cluster"),
		// 				ExemptionCategory: to.Ptr(armpolicy.ExemptionCategoryWaiver),
		// 				Metadata: map[string]any{
		// 					"reason": "Temporary exemption for a expensive VM demo",
		// 				},
		// 				PolicyAssignmentID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement"),
		// 				PolicyDefinitionReferenceIDs: []*string{
		// 					to.Ptr("Limit_Skus")},
		// 				},
		// 				SystemData: &armpolicy.SystemData{
		// 					CreatedAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-07-01T01:01:01.1075056Z"); return t}()),
		// 					CreatedBy: to.Ptr("string"),
		// 					CreatedByType: to.Ptr(armpolicy.CreatedByTypeUser),
		// 					LastModifiedAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-07-01T02:01:01.1075056Z"); return t}()),
		// 					LastModifiedBy: to.Ptr("string"),
		// 					LastModifiedByType: to.Ptr(armpolicy.CreatedByTypeUser),
		// 				},
		// 			},
		// 			{
		// 				Name: to.Ptr("jumpBoxExemption"),
		// 				Type: to.Ptr("Microsoft.Authorization/policyExemptions"),
		// 				ID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup/providers/Microsoft.Compute/virtualMachines/MyTestVm/providers/Microsoft.Authorization/policyExemptions/jumpBoxExemption"),
		// 				Properties: &armpolicy.ExemptionProperties{
		// 					Description: to.Ptr("Exempt jump box open ports from limit ports policy"),
		// 					DisplayName: to.Ptr("Exempt jump box open ports"),
		// 					ExemptionCategory: to.Ptr(armpolicy.ExemptionCategoryMitigated),
		// 					Metadata: map[string]any{
		// 						"reason": "Need to open RDP port to corp net",
		// 					},
		// 					PolicyAssignmentID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/LimitPorts"),
		// 				},
		// 				SystemData: &armpolicy.SystemData{
		// 					CreatedAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-07-01T01:01:01.1075056Z"); return t}()),
		// 					CreatedBy: to.Ptr("string"),
		// 					CreatedByType: to.Ptr(armpolicy.CreatedByTypeUser),
		// 					LastModifiedAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-07-01T02:01:01.1075056Z"); return t}()),
		// 					LastModifiedBy: to.Ptr("string"),
		// 					LastModifiedByType: to.Ptr(armpolicy.CreatedByTypeUser),
		// 				},
		// 		}},
		// 	}
	}
}

Output:

func (*ExemptionsClient) NewListPager added in v0.5.0 

func (client *ExemptionsClient) NewListPager(options *ExemptionsClientListOptions) *runtime.Pager[ExemptionsClientListResponse]

NewListPager - This operation retrieves the list of all policy exemptions associated with the given subscription that match the optional given $filter. Valid values for $filter are: 'atScope()', 'atExactScope()', 'excludeExpired()' or 'policyAssignmentId eq '{value}”. If $filter is not provided, the unfiltered list includes all policy exemptions associated with the subscription, including those that apply directly or from management groups that contain the given subscription, as well as any applied to objects contained within the subscription.

Generated from API version 2020-07-01-preview

  • options - ExemptionsClientListOptions contains the optional parameters for the ExemptionsClient.NewListPager method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d55b8005f05b040b852c15e74a0f3e36494a15e1/specification/resources/resource-manager/Microsoft.Authorization/preview/2020-07-01-preview/examples/listPolicyExemptionsForSubscription.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	pager := clientFactory.NewExemptionsClient().NewListPager(&armpolicy.ExemptionsClientListOptions{Filter: to.Ptr("atScope()")})
	for pager.More() {
		page, err := pager.NextPage(ctx)
		if err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		for _, v := range page.Value {
			// You could use page here. We use blank identifier for just demo purposes.
			_ = v
		}
		// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
		// page.ExemptionListResult = armpolicy.ExemptionListResult{
		// 	Value: []*armpolicy.Exemption{
		// 		{
		// 			Name: to.Ptr("TestVMSub"),
		// 			Type: to.Ptr("Microsoft.Authorization/policyExemptions"),
		// 			ID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyExemptions/TestVMSub"),
		// 			Properties: &armpolicy.ExemptionProperties{
		// 				Description: to.Ptr("Exempt demo cluster from limit sku"),
		// 				DisplayName: to.Ptr("Exempt demo cluster"),
		// 				ExemptionCategory: to.Ptr(armpolicy.ExemptionCategoryWaiver),
		// 				Metadata: map[string]any{
		// 					"reason": "Temporary exemption for a expensive VM demo",
		// 				},
		// 				PolicyAssignmentID: to.Ptr("/providers/Microsoft.Management/managementGroups/DevOrg/providers/Microsoft.Authorization/policyAssignments/CostManagement"),
		// 				PolicyDefinitionReferenceIDs: []*string{
		// 					to.Ptr("Limit_Skus")},
		// 				},
		// 				SystemData: &armpolicy.SystemData{
		// 					CreatedAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-07-01T01:01:01.1075056Z"); return t}()),
		// 					CreatedBy: to.Ptr("string"),
		// 					CreatedByType: to.Ptr(armpolicy.CreatedByTypeUser),
		// 					LastModifiedAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-07-01T02:01:01.1075056Z"); return t}()),
		// 					LastModifiedBy: to.Ptr("string"),
		// 					LastModifiedByType: to.Ptr(armpolicy.CreatedByTypeUser),
		// 				},
		// 			},
		// 			{
		// 				Name: to.Ptr("TestVNetSub"),
		// 				Type: to.Ptr("Microsoft.Authorization/policyExemptions"),
		// 				ID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyExemptions/TestVNetSub"),
		// 				Properties: &armpolicy.ExemptionProperties{
		// 					Description: to.Ptr("Exempt jump box open ports from limit ports policy"),
		// 					DisplayName: to.Ptr("Exempt jump box open ports"),
		// 					ExemptionCategory: to.Ptr(armpolicy.ExemptionCategoryMitigated),
		// 					Metadata: map[string]any{
		// 						"reason": "Need to open RDP port to corp net",
		// 					},
		// 					PolicyAssignmentID: to.Ptr("/providers/Microsoft.Management/managementGroups/DevOrg/providers/Microsoft.Authorization/policyAssignments/LimitPorts"),
		// 				},
		// 				SystemData: &armpolicy.SystemData{
		// 					CreatedAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-07-01T01:01:01.1075056Z"); return t}()),
		// 					CreatedBy: to.Ptr("string"),
		// 					CreatedByType: to.Ptr(armpolicy.CreatedByTypeUser),
		// 					LastModifiedAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-07-01T02:01:01.1075056Z"); return t}()),
		// 					LastModifiedBy: to.Ptr("string"),
		// 					LastModifiedByType: to.Ptr(armpolicy.CreatedByTypeUser),
		// 				},
		// 		}},
		// 	}
	}
}

Output:

type ExemptionsClientCreateOrUpdateOptions added in v0.2.0 

type ExemptionsClientCreateOrUpdateOptions struct {
}

ExemptionsClientCreateOrUpdateOptions contains the optional parameters for the ExemptionsClient.CreateOrUpdate method.

type ExemptionsClientCreateOrUpdateResponse added in v0.2.0 

type ExemptionsClientCreateOrUpdateResponse struct {
	Exemption
}

ExemptionsClientCreateOrUpdateResponse contains the response from method ExemptionsClient.CreateOrUpdate.

type ExemptionsClientDeleteOptions added in v0.2.0 

type ExemptionsClientDeleteOptions struct {
}

ExemptionsClientDeleteOptions contains the optional parameters for the ExemptionsClient.Delete method.

type ExemptionsClientDeleteResponse added in v0.2.0 

type ExemptionsClientDeleteResponse struct {
}

ExemptionsClientDeleteResponse contains the response from method ExemptionsClient.Delete.

type ExemptionsClientGetOptions added in v0.2.0 

type ExemptionsClientGetOptions struct {
}

ExemptionsClientGetOptions contains the optional parameters for the ExemptionsClient.Get method.

type ExemptionsClientGetResponse added in v0.2.0 

type ExemptionsClientGetResponse struct {
	Exemption
}

ExemptionsClientGetResponse contains the response from method ExemptionsClient.Get.

type ExemptionsClientListForManagementGroupOptions added in v0.2.0 

type ExemptionsClientListForManagementGroupOptions struct {
	// The filter to apply on the operation. Valid values for $filter are: 'atScope()', 'atExactScope()', 'excludeExpired()' or
	// 'policyAssignmentId eq '{value}”. If $filter is not provided, no filtering is
	// performed. If $filter is not provided, the unfiltered list includes all policy exemptions associated with the scope, including
	// those that apply directly or apply from containing scopes. If
	// $filter=atScope() is provided, the returned list only includes all policy exemptions that apply to the scope, which is
	// everything in the unfiltered list except those applied to sub scopes contained
	// within the given scope. If $filter=atExactScope() is provided, the returned list only includes all policy exemptions that
	// at the given scope. If $filter=excludeExpired() is provided, the returned list
	// only includes all policy exemptions that either haven't expired or didn't set expiration date. If $filter=policyAssignmentId
	// eq '{value}' is provided. the returned list only includes all policy
	// exemptions that are associated with the give policyAssignmentId.
	Filter *string
}

ExemptionsClientListForManagementGroupOptions contains the optional parameters for the ExemptionsClient.NewListForManagementGroupPager method.

type ExemptionsClientListForManagementGroupResponse added in v0.2.0 

type ExemptionsClientListForManagementGroupResponse struct {
	ExemptionListResult
}

ExemptionsClientListForManagementGroupResponse contains the response from method ExemptionsClient.NewListForManagementGroupPager.

type ExemptionsClientListForResourceGroupOptions added in v0.2.0 

type ExemptionsClientListForResourceGroupOptions struct {
	// The filter to apply on the operation. Valid values for $filter are: 'atScope()', 'atExactScope()', 'excludeExpired()' or
	// 'policyAssignmentId eq '{value}”. If $filter is not provided, no filtering is
	// performed. If $filter is not provided, the unfiltered list includes all policy exemptions associated with the scope, including
	// those that apply directly or apply from containing scopes. If
	// $filter=atScope() is provided, the returned list only includes all policy exemptions that apply to the scope, which is
	// everything in the unfiltered list except those applied to sub scopes contained
	// within the given scope. If $filter=atExactScope() is provided, the returned list only includes all policy exemptions that
	// at the given scope. If $filter=excludeExpired() is provided, the returned list
	// only includes all policy exemptions that either haven't expired or didn't set expiration date. If $filter=policyAssignmentId
	// eq '{value}' is provided. the returned list only includes all policy
	// exemptions that are associated with the give policyAssignmentId.
	Filter *string
}

ExemptionsClientListForResourceGroupOptions contains the optional parameters for the ExemptionsClient.NewListForResourceGroupPager method.

type ExemptionsClientListForResourceGroupResponse added in v0.2.0 

type ExemptionsClientListForResourceGroupResponse struct {
	ExemptionListResult
}

ExemptionsClientListForResourceGroupResponse contains the response from method ExemptionsClient.NewListForResourceGroupPager.

type ExemptionsClientListForResourceOptions added in v0.2.0 

type ExemptionsClientListForResourceOptions struct {
	// The filter to apply on the operation. Valid values for $filter are: 'atScope()', 'atExactScope()', 'excludeExpired()' or
	// 'policyAssignmentId eq '{value}”. If $filter is not provided, no filtering is
	// performed. If $filter is not provided, the unfiltered list includes all policy exemptions associated with the scope, including
	// those that apply directly or apply from containing scopes. If
	// $filter=atScope() is provided, the returned list only includes all policy exemptions that apply to the scope, which is
	// everything in the unfiltered list except those applied to sub scopes contained
	// within the given scope. If $filter=atExactScope() is provided, the returned list only includes all policy exemptions that
	// at the given scope. If $filter=excludeExpired() is provided, the returned list
	// only includes all policy exemptions that either haven't expired or didn't set expiration date. If $filter=policyAssignmentId
	// eq '{value}' is provided. the returned list only includes all policy
	// exemptions that are associated with the give policyAssignmentId.
	Filter *string
}

ExemptionsClientListForResourceOptions contains the optional parameters for the ExemptionsClient.NewListForResourcePager method.

type ExemptionsClientListForResourceResponse added in v0.2.0 

type ExemptionsClientListForResourceResponse struct {
	ExemptionListResult
}

ExemptionsClientListForResourceResponse contains the response from method ExemptionsClient.NewListForResourcePager.

type ExemptionsClientListOptions added in v0.2.0 

type ExemptionsClientListOptions struct {
	// The filter to apply on the operation. Valid values for $filter are: 'atScope()', 'atExactScope()', 'excludeExpired()' or
	// 'policyAssignmentId eq '{value}”. If $filter is not provided, no filtering is
	// performed. If $filter is not provided, the unfiltered list includes all policy exemptions associated with the scope, including
	// those that apply directly or apply from containing scopes. If
	// $filter=atScope() is provided, the returned list only includes all policy exemptions that apply to the scope, which is
	// everything in the unfiltered list except those applied to sub scopes contained
	// within the given scope. If $filter=atExactScope() is provided, the returned list only includes all policy exemptions that
	// at the given scope. If $filter=excludeExpired() is provided, the returned list
	// only includes all policy exemptions that either haven't expired or didn't set expiration date. If $filter=policyAssignmentId
	// eq '{value}' is provided. the returned list only includes all policy
	// exemptions that are associated with the give policyAssignmentId.
	Filter *string
}

ExemptionsClientListOptions contains the optional parameters for the ExemptionsClient.NewListPager method.

type ExemptionsClientListResponse added in v0.2.0 

type ExemptionsClientListResponse struct {
	ExemptionListResult
}

ExemptionsClientListResponse contains the response from method ExemptionsClient.NewListPager.

type Identity 

type Identity struct {
	// The identity type. This is the only required field when adding a system or user assigned identity to a resource.
	Type *ResourceIdentityType `json:"type,omitempty"`

	// The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the
	// form:
	// '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
	UserAssignedIdentities map[string]*UserAssignedIdentitiesValue `json:"userAssignedIdentities,omitempty"`

	// READ-ONLY; The principal ID of the resource identity. This property will only be provided for a system assigned identity
	PrincipalID *string `json:"principalId,omitempty" azure:"ro"`

	// READ-ONLY; The tenant ID of the resource identity. This property will only be provided for a system assigned identity
	TenantID *string `json:"tenantId,omitempty" azure:"ro"`
}

Identity for the resource. Policy assignments support a maximum of one identity. That is either a system assigned identity or a single user assigned identity.

func (Identity) MarshalJSON 

func (i Identity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type Identity.

func (*Identity) UnmarshalJSON added in v0.7.0 

func (i *Identity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type Identity.

type NonComplianceMessage 

type NonComplianceMessage struct {
	// REQUIRED; A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages
	// and on resource's non-compliant compliance results.
	Message *string `json:"message,omitempty"`

	// The policy definition reference ID within a policy set definition the message is intended for. This is only applicable
	// if the policy assignment assigns a policy set definition. If this is not provided
	// the message applies to all policies assigned by this policy assignment.
	PolicyDefinitionReferenceID *string `json:"policyDefinitionReferenceId,omitempty"`
}

NonComplianceMessage - A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results.

func (NonComplianceMessage) MarshalJSON added in v0.7.0 

func (n NonComplianceMessage) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type NonComplianceMessage.

func (*NonComplianceMessage) UnmarshalJSON added in v0.7.0 

func (n *NonComplianceMessage) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type NonComplianceMessage.

type ParameterDefinitionsValue 

type ParameterDefinitionsValue struct {
	// The allowed values for the parameter.
	AllowedValues []any `json:"allowedValues,omitempty"`

	// The default value for the parameter if no value is provided.
	DefaultValue any `json:"defaultValue,omitempty"`

	// General metadata for the parameter.
	Metadata *ParameterDefinitionsValueMetadata `json:"metadata,omitempty"`

	// The data type of the parameter.
	Type *ParameterType `json:"type,omitempty"`
}

ParameterDefinitionsValue - The definition of a parameter that can be provided to the policy.

func (ParameterDefinitionsValue) MarshalJSON 

func (p ParameterDefinitionsValue) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ParameterDefinitionsValue.

func (*ParameterDefinitionsValue) UnmarshalJSON added in v0.7.0 

func (p *ParameterDefinitionsValue) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ParameterDefinitionsValue.

type ParameterDefinitionsValueMetadata 

type ParameterDefinitionsValueMetadata struct {
	// OPTIONAL; Contains additional key/value pairs not defined in the schema.
	AdditionalProperties map[string]any

	// Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during
	// policy assignment. This property is useful in case you wish to assign
	// permissions outside the assignment scope.
	AssignPermissions *bool `json:"assignPermissions,omitempty"`

	// The description of the parameter.
	Description *string `json:"description,omitempty"`

	// The display name for the parameter.
	DisplayName *string `json:"displayName,omitempty"`

	// Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose
	// from.
	StrongType *string `json:"strongType,omitempty"`
}

ParameterDefinitionsValueMetadata - General metadata for the parameter.

func (ParameterDefinitionsValueMetadata) MarshalJSON 

func (p ParameterDefinitionsValueMetadata) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ParameterDefinitionsValueMetadata.

func (*ParameterDefinitionsValueMetadata) UnmarshalJSON 

func (p *ParameterDefinitionsValueMetadata) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ParameterDefinitionsValueMetadata.

type ParameterType 

type ParameterType string

ParameterType - The data type of the parameter. 

const (
	ParameterTypeArray    ParameterType = "Array"
	ParameterTypeBoolean  ParameterType = "Boolean"
	ParameterTypeDateTime ParameterType = "DateTime"
	ParameterTypeFloat    ParameterType = "Float"
	ParameterTypeInteger  ParameterType = "Integer"
	ParameterTypeObject   ParameterType = "Object"
	ParameterTypeString   ParameterType = "String"
)

func PossibleParameterTypeValues 

func PossibleParameterTypeValues() []ParameterType

PossibleParameterTypeValues returns the possible values for the ParameterType const type.

type ParameterValuesValue 

type ParameterValuesValue struct {
	// The value of the parameter.
	Value any `json:"value,omitempty"`
}

ParameterValuesValue - The value of a parameter.

func (ParameterValuesValue) MarshalJSON added in v0.7.0 

func (p ParameterValuesValue) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ParameterValuesValue.

func (*ParameterValuesValue) UnmarshalJSON added in v0.7.0 

func (p *ParameterValuesValue) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ParameterValuesValue.

type PolicyType 

type PolicyType string

PolicyType - The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. 

const (
	PolicyTypeBuiltIn      PolicyType = "BuiltIn"
	PolicyTypeCustom       PolicyType = "Custom"
	PolicyTypeNotSpecified PolicyType = "NotSpecified"
	PolicyTypeStatic       PolicyType = "Static"
)

func PossiblePolicyTypeValues 

func PossiblePolicyTypeValues() []PolicyType

PossiblePolicyTypeValues returns the possible values for the PolicyType const type.

type ResourceIdentityType 

type ResourceIdentityType string

ResourceIdentityType - The identity type. This is the only required field when adding a system or user assigned identity to a resource. 

const (
	// ResourceIdentityTypeSystemAssigned - Indicates that a system assigned identity is associated with the resource.
	ResourceIdentityTypeSystemAssigned ResourceIdentityType = "SystemAssigned"
	// ResourceIdentityTypeUserAssigned - Indicates that a system assigned identity is associated with the resource.
	ResourceIdentityTypeUserAssigned ResourceIdentityType = "UserAssigned"
	// ResourceIdentityTypeNone - Indicates that no identity is associated with the resource or that the existing identity should
	// be removed.
	ResourceIdentityTypeNone ResourceIdentityType = "None"
)

func PossibleResourceIdentityTypeValues 

func PossibleResourceIdentityTypeValues() []ResourceIdentityType

PossibleResourceIdentityTypeValues returns the possible values for the ResourceIdentityType const type.

type ResourceTypeAliases 

type ResourceTypeAliases struct {
	// The aliases for property names.
	Aliases []*Alias `json:"aliases,omitempty"`

	// The resource type name.
	ResourceType *string `json:"resourceType,omitempty"`
}

ResourceTypeAliases - The resource type aliases definition.

func (ResourceTypeAliases) MarshalJSON 

func (r ResourceTypeAliases) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ResourceTypeAliases.

func (*ResourceTypeAliases) UnmarshalJSON added in v0.7.0 

func (r *ResourceTypeAliases) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ResourceTypeAliases.

type SetDefinition added in v0.2.0 

type SetDefinition struct {
	// The policy definition properties.
	Properties *SetDefinitionProperties `json:"properties,omitempty"`

	// READ-ONLY; The ID of the policy set definition.
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the policy set definition.
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; The system metadata relating to this resource.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource (Microsoft.Authorization/policySetDefinitions).
	Type *string `json:"type,omitempty" azure:"ro"`
}

SetDefinition - The policy set definition.

func (SetDefinition) MarshalJSON added in v0.7.0 

func (s SetDefinition) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type SetDefinition.

func (*SetDefinition) UnmarshalJSON added in v0.7.0 

func (s *SetDefinition) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type SetDefinition.

type SetDefinitionListResult added in v0.2.0 

type SetDefinitionListResult struct {
	// The URL to use for getting the next set of results.
	NextLink *string `json:"nextLink,omitempty"`

	// An array of policy set definitions.
	Value []*SetDefinition `json:"value,omitempty"`
}

SetDefinitionListResult - List of policy set definitions.

func (SetDefinitionListResult) MarshalJSON added in v0.2.0 

func (s SetDefinitionListResult) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type SetDefinitionListResult.

func (*SetDefinitionListResult) UnmarshalJSON added in v0.7.0 

func (s *SetDefinitionListResult) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type SetDefinitionListResult.

type SetDefinitionProperties added in v0.2.0 

type SetDefinitionProperties struct {
	// REQUIRED; An array of policy definition references.
	PolicyDefinitions []*DefinitionReference `json:"policyDefinitions,omitempty"`

	// The policy set definition description.
	Description *string `json:"description,omitempty"`

	// The display name of the policy set definition.
	DisplayName *string `json:"displayName,omitempty"`

	// The policy set definition metadata. Metadata is an open ended object and is typically a collection of key value pairs.
	Metadata any `json:"metadata,omitempty"`

	// The policy set definition parameters that can be used in policy definition references.
	Parameters map[string]*ParameterDefinitionsValue `json:"parameters,omitempty"`

	// The metadata describing groups of policy definition references within the policy set definition.
	PolicyDefinitionGroups []*DefinitionGroup `json:"policyDefinitionGroups,omitempty"`

	// The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static.
	PolicyType *PolicyType `json:"policyType,omitempty"`
}

SetDefinitionProperties - The policy set definition properties.

func (SetDefinitionProperties) MarshalJSON added in v0.2.0 

func (s SetDefinitionProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type SetDefinitionProperties.

func (*SetDefinitionProperties) UnmarshalJSON added in v0.7.0 

func (s *SetDefinitionProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type SetDefinitionProperties.

type SetDefinitionsClient added in v0.2.0 

type SetDefinitionsClient struct {
	// contains filtered or unexported fields
}

SetDefinitionsClient contains the methods for the PolicySetDefinitions group. Don't use this type directly, use NewSetDefinitionsClient() instead.

func NewSetDefinitionsClient added in v0.2.0 

func NewSetDefinitionsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*SetDefinitionsClient, error)

NewSetDefinitionsClient creates a new instance of SetDefinitionsClient with the specified values.

  • subscriptionID - The ID of the target subscription.
  • credential - used to authorize requests. Usually a credential from azidentity.
  • options - pass nil to accept the default values.

func (*SetDefinitionsClient) CreateOrUpdate added in v0.2.0 

func (client *SetDefinitionsClient) CreateOrUpdate(ctx context.Context, policySetDefinitionName string, parameters SetDefinition, options *SetDefinitionsClientCreateOrUpdateOptions) (SetDefinitionsClientCreateOrUpdateResponse, error)

CreateOrUpdate - This operation creates or updates a policy set definition in the given subscription with the given name. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-06-01

  • policySetDefinitionName - The name of the policy set definition to create.
  • parameters - The policy set definition properties.
  • options - SetDefinitionsClientCreateOrUpdateOptions contains the optional parameters for the SetDefinitionsClient.CreateOrUpdate method.
Example (CreateOrUpdateAPolicySetDefinition)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d55b8005f05b040b852c15e74a0f3e36494a15e1/specification/resources/resource-manager/Microsoft.Authorization/stable/2021-06-01/examples/createOrUpdatePolicySetDefinition.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewSetDefinitionsClient().CreateOrUpdate(ctx, "CostManagement", armpolicy.SetDefinition{
		Properties: &armpolicy.SetDefinitionProperties{
			Description: to.Ptr("Policies to enforce low cost storage SKUs"),
			DisplayName: to.Ptr("Cost Management"),
			Metadata: map[string]any{
				"category": "Cost Management",
			},
			Parameters: map[string]*armpolicy.ParameterDefinitionsValue{
				"namePrefix": {
					Type:         to.Ptr(armpolicy.ParameterTypeString),
					DefaultValue: "myPrefix",
					Metadata: &armpolicy.ParameterDefinitionsValueMetadata{
						DisplayName: to.Ptr("Prefix to enforce on resource names"),
					},
				},
			},
			PolicyDefinitions: []*armpolicy.DefinitionReference{
				{
					Parameters: map[string]*armpolicy.ParameterValuesValue{
						"listOfAllowedSKUs": {
							Value: []any{
								"Standard_GRS",
								"Standard_LRS",
							},
						},
					},
					PolicyDefinitionID:          to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1"),
					PolicyDefinitionReferenceID: to.Ptr("Limit_Skus"),
				},
				{
					Parameters: map[string]*armpolicy.ParameterValuesValue{
						"prefix": {
							Value: "[parameters('namePrefix')]",
						},
						"suffix": {
							Value: "-LC",
						},
					},
					PolicyDefinitionID:          to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
					PolicyDefinitionReferenceID: to.Ptr("Resource_Naming"),
				}},
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.SetDefinition = armpolicy.SetDefinition{
	// 	Name: to.Ptr("CostManagement"),
	// 	Type: to.Ptr("Microsoft.Authorization/policySetDefinitions"),
	// 	ID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement"),
	// 	Properties: &armpolicy.SetDefinitionProperties{
	// 		Description: to.Ptr("Policies to enforce low cost storage SKUs"),
	// 		DisplayName: to.Ptr("Cost Management"),
	// 		Metadata: map[string]any{
	// 			"category": "Cost Management",
	// 		},
	// 		Parameters: map[string]*armpolicy.ParameterDefinitionsValue{
	// 			"namePrefix": &armpolicy.ParameterDefinitionsValue{
	// 				Type: to.Ptr(armpolicy.ParameterTypeString),
	// 				DefaultValue: "myPrefix",
	// 				Metadata: &armpolicy.ParameterDefinitionsValueMetadata{
	// 					DisplayName: to.Ptr("Prefix to enforce on resource names"),
	// 				},
	// 			},
	// 		},
	// 		PolicyDefinitions: []*armpolicy.DefinitionReference{
	// 			{
	// 				Parameters: map[string]*armpolicy.ParameterValuesValue{
	// 					"listOfAllowedSKUs": &armpolicy.ParameterValuesValue{
	// 						Value: []any{
	// 							"Standard_GRS",
	// 							"Standard_LRS",
	// 						},
	// 					},
	// 				},
	// 				PolicyDefinitionID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1"),
	// 				PolicyDefinitionReferenceID: to.Ptr("Limit_Skus"),
	// 			},
	// 			{
	// 				Parameters: map[string]*armpolicy.ParameterValuesValue{
	// 					"prefix": &armpolicy.ParameterValuesValue{
	// 						Value: "[parameters('namePrefix')]",
	// 					},
	// 					"suffix": &armpolicy.ParameterValuesValue{
	// 						Value: "-LC",
	// 					},
	// 				},
	// 				PolicyDefinitionID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
	// 				PolicyDefinitionReferenceID: to.Ptr("Resource_Naming"),
	// 		}},
	// 	},
	// }
}

Output:
Example (CreateOrUpdateAPolicySetDefinitionWithGroups)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d55b8005f05b040b852c15e74a0f3e36494a15e1/specification/resources/resource-manager/Microsoft.Authorization/stable/2021-06-01/examples/createOrUpdatePolicySetDefinitionWithGroups.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewSetDefinitionsClient().CreateOrUpdate(ctx, "CostManagement", armpolicy.SetDefinition{
		Properties: &armpolicy.SetDefinitionProperties{
			Description: to.Ptr("Policies to enforce low cost storage SKUs"),
			DisplayName: to.Ptr("Cost Management"),
			Metadata: map[string]any{
				"category": "Cost Management",
			},
			PolicyDefinitionGroups: []*armpolicy.DefinitionGroup{
				{
					Name:        to.Ptr("CostSaving"),
					Description: to.Ptr("Policies designed to control spend within a subscription."),
					DisplayName: to.Ptr("Cost Management Policies"),
				},
				{
					Name:        to.Ptr("Organizational"),
					Description: to.Ptr("Policies that help enforce resource organization standards within a subscription."),
					DisplayName: to.Ptr("Organizational Policies"),
				}},
			PolicyDefinitions: []*armpolicy.DefinitionReference{
				{
					GroupNames: []*string{
						to.Ptr("CostSaving")},
					Parameters: map[string]*armpolicy.ParameterValuesValue{
						"listOfAllowedSKUs": {
							Value: []any{
								"Standard_GRS",
								"Standard_LRS",
							},
						},
					},
					PolicyDefinitionID:          to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1"),
					PolicyDefinitionReferenceID: to.Ptr("Limit_Skus"),
				},
				{
					GroupNames: []*string{
						to.Ptr("Organizational")},
					Parameters: map[string]*armpolicy.ParameterValuesValue{
						"prefix": {
							Value: "DeptA",
						},
						"suffix": {
							Value: "-LC",
						},
					},
					PolicyDefinitionID:          to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
					PolicyDefinitionReferenceID: to.Ptr("Resource_Naming"),
				}},
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.SetDefinition = armpolicy.SetDefinition{
	// 	Name: to.Ptr("CostManagement"),
	// 	Type: to.Ptr("Microsoft.Authorization/policySetDefinitions"),
	// 	ID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement"),
	// 	Properties: &armpolicy.SetDefinitionProperties{
	// 		Description: to.Ptr("Policies to enforce low cost storage SKUs"),
	// 		DisplayName: to.Ptr("Cost Management"),
	// 		Metadata: map[string]any{
	// 			"category": "Cost Management",
	// 		},
	// 		PolicyDefinitionGroups: []*armpolicy.DefinitionGroup{
	// 			{
	// 				Name: to.Ptr("CostSaving"),
	// 				Description: to.Ptr("Policies designed to control spend within a subscription."),
	// 				DisplayName: to.Ptr("Cost Management Policies"),
	// 			},
	// 			{
	// 				Name: to.Ptr("Organizational"),
	// 				Description: to.Ptr("Policies that help enforce resource organization standards within a subscription."),
	// 				DisplayName: to.Ptr("Organizational Policies"),
	// 		}},
	// 		PolicyDefinitions: []*armpolicy.DefinitionReference{
	// 			{
	// 				GroupNames: []*string{
	// 					to.Ptr("CostSaving")},
	// 					Parameters: map[string]*armpolicy.ParameterValuesValue{
	// 						"listOfAllowedSKUs": &armpolicy.ParameterValuesValue{
	// 							Value: []any{
	// 								"Standard_GRS",
	// 								"Standard_LRS",
	// 							},
	// 						},
	// 					},
	// 					PolicyDefinitionID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1"),
	// 					PolicyDefinitionReferenceID: to.Ptr("Limit_Skus"),
	// 				},
	// 				{
	// 					GroupNames: []*string{
	// 						to.Ptr("Organizational")},
	// 						Parameters: map[string]*armpolicy.ParameterValuesValue{
	// 							"prefix": &armpolicy.ParameterValuesValue{
	// 								Value: "DeptA",
	// 							},
	// 							"suffix": &armpolicy.ParameterValuesValue{
	// 								Value: "-LC",
	// 							},
	// 						},
	// 						PolicyDefinitionID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
	// 						PolicyDefinitionReferenceID: to.Ptr("Resource_Naming"),
	// 				}},
	// 			},
	// 		}
}

Output:

func (*SetDefinitionsClient) CreateOrUpdateAtManagementGroup added in v0.2.0 

func (client *SetDefinitionsClient) CreateOrUpdateAtManagementGroup(ctx context.Context, policySetDefinitionName string, managementGroupID string, parameters SetDefinition, options *SetDefinitionsClientCreateOrUpdateAtManagementGroupOptions) (SetDefinitionsClientCreateOrUpdateAtManagementGroupResponse, error)

CreateOrUpdateAtManagementGroup - This operation creates or updates a policy set definition in the given management group with the given name. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-06-01

  • policySetDefinitionName - The name of the policy set definition to create.
  • managementGroupID - The ID of the management group.
  • parameters - The policy set definition properties.
  • options - SetDefinitionsClientCreateOrUpdateAtManagementGroupOptions contains the optional parameters for the SetDefinitionsClient.CreateOrUpdateAtManagementGroup method.
Example (CreateOrUpdateAPolicySetDefinitionAtManagementGroupLevel)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d55b8005f05b040b852c15e74a0f3e36494a15e1/specification/resources/resource-manager/Microsoft.Authorization/stable/2021-06-01/examples/createOrUpdatePolicySetDefinitionAtManagementGroup.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewSetDefinitionsClient().CreateOrUpdateAtManagementGroup(ctx, "CostManagement", "MyManagementGroup", armpolicy.SetDefinition{
		Properties: &armpolicy.SetDefinitionProperties{
			Description: to.Ptr("Policies to enforce low cost storage SKUs"),
			DisplayName: to.Ptr("Cost Management"),
			Metadata: map[string]any{
				"category": "Cost Management",
			},
			PolicyDefinitions: []*armpolicy.DefinitionReference{
				{
					Parameters: map[string]*armpolicy.ParameterValuesValue{
						"listOfAllowedSKUs": {
							Value: []any{
								"Standard_GRS",
								"Standard_LRS",
							},
						},
					},
					PolicyDefinitionID:          to.Ptr("/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1"),
					PolicyDefinitionReferenceID: to.Ptr("Limit_Skus"),
				},
				{
					Parameters: map[string]*armpolicy.ParameterValuesValue{
						"prefix": {
							Value: "DeptA",
						},
						"suffix": {
							Value: "-LC",
						},
					},
					PolicyDefinitionID:          to.Ptr("/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
					PolicyDefinitionReferenceID: to.Ptr("Resource_Naming"),
				}},
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.SetDefinition = armpolicy.SetDefinition{
	// 	Name: to.Ptr("CostManagement"),
	// 	Type: to.Ptr("Microsoft.Authorization/policySetDefinitions"),
	// 	ID: to.Ptr("/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement"),
	// 	Properties: &armpolicy.SetDefinitionProperties{
	// 		Description: to.Ptr("Policies to enforce low cost storage SKUs"),
	// 		DisplayName: to.Ptr("Cost Management"),
	// 		Metadata: map[string]any{
	// 			"category": "Cost Management",
	// 		},
	// 		PolicyDefinitions: []*armpolicy.DefinitionReference{
	// 			{
	// 				Parameters: map[string]*armpolicy.ParameterValuesValue{
	// 					"listOfAllowedSKUs": &armpolicy.ParameterValuesValue{
	// 						Value: []any{
	// 							"Standard_GRS",
	// 							"Standard_LRS",
	// 						},
	// 					},
	// 				},
	// 				PolicyDefinitionID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1"),
	// 				PolicyDefinitionReferenceID: to.Ptr("Limit_Skus"),
	// 			},
	// 			{
	// 				Parameters: map[string]*armpolicy.ParameterValuesValue{
	// 					"prefix": &armpolicy.ParameterValuesValue{
	// 						Value: "DeptA",
	// 					},
	// 					"suffix": &armpolicy.ParameterValuesValue{
	// 						Value: "-LC",
	// 					},
	// 				},
	// 				PolicyDefinitionID: to.Ptr("/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
	// 				PolicyDefinitionReferenceID: to.Ptr("Resource_Naming"),
	// 		}},
	// 	},
	// }
}

Output:
Example (CreateOrUpdateAPolicySetDefinitionWithGroupsAtManagementGroupLevel)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d55b8005f05b040b852c15e74a0f3e36494a15e1/specification/resources/resource-manager/Microsoft.Authorization/stable/2021-06-01/examples/createOrUpdatePolicySetDefinitionWithGroupsAtManagementGroup.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewSetDefinitionsClient().CreateOrUpdateAtManagementGroup(ctx, "CostManagement", "MyManagementGroup", armpolicy.SetDefinition{
		Properties: &armpolicy.SetDefinitionProperties{
			Description: to.Ptr("Policies to enforce low cost storage SKUs"),
			DisplayName: to.Ptr("Cost Management"),
			Metadata: map[string]any{
				"category": "Cost Management",
			},
			PolicyDefinitionGroups: []*armpolicy.DefinitionGroup{
				{
					Name:        to.Ptr("CostSaving"),
					Description: to.Ptr("Policies designed to control spend within a subscription."),
					DisplayName: to.Ptr("Cost Management Policies"),
				},
				{
					Name:        to.Ptr("Organizational"),
					Description: to.Ptr("Policies that help enforce resource organization standards within a subscription."),
					DisplayName: to.Ptr("Organizational Policies"),
				}},
			PolicyDefinitions: []*armpolicy.DefinitionReference{
				{
					GroupNames: []*string{
						to.Ptr("CostSaving")},
					Parameters: map[string]*armpolicy.ParameterValuesValue{
						"listOfAllowedSKUs": {
							Value: []any{
								"Standard_GRS",
								"Standard_LRS",
							},
						},
					},
					PolicyDefinitionID:          to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1"),
					PolicyDefinitionReferenceID: to.Ptr("Limit_Skus"),
				},
				{
					GroupNames: []*string{
						to.Ptr("Organizational")},
					Parameters: map[string]*armpolicy.ParameterValuesValue{
						"prefix": {
							Value: "DeptA",
						},
						"suffix": {
							Value: "-LC",
						},
					},
					PolicyDefinitionID:          to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
					PolicyDefinitionReferenceID: to.Ptr("Resource_Naming"),
				}},
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.SetDefinition = armpolicy.SetDefinition{
	// 	Name: to.Ptr("CostManagement"),
	// 	Type: to.Ptr("Microsoft.Authorization/policySetDefinitions"),
	// 	ID: to.Ptr("/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement"),
	// 	Properties: &armpolicy.SetDefinitionProperties{
	// 		Description: to.Ptr("Policies to enforce low cost storage SKUs"),
	// 		DisplayName: to.Ptr("Cost Management"),
	// 		Metadata: map[string]any{
	// 			"category": "Cost Management",
	// 		},
	// 		PolicyDefinitionGroups: []*armpolicy.DefinitionGroup{
	// 			{
	// 				Name: to.Ptr("CostSaving"),
	// 				Description: to.Ptr("Policies designed to control spend within a subscription."),
	// 				DisplayName: to.Ptr("Cost Management Policies"),
	// 			},
	// 			{
	// 				Name: to.Ptr("Organizational"),
	// 				Description: to.Ptr("Policies that help enforce resource organization standards within a subscription."),
	// 				DisplayName: to.Ptr("Organizational Policies"),
	// 		}},
	// 		PolicyDefinitions: []*armpolicy.DefinitionReference{
	// 			{
	// 				GroupNames: []*string{
	// 					to.Ptr("CostSaving")},
	// 					Parameters: map[string]*armpolicy.ParameterValuesValue{
	// 						"listOfAllowedSKUs": &armpolicy.ParameterValuesValue{
	// 							Value: []any{
	// 								"Standard_GRS",
	// 								"Standard_LRS",
	// 							},
	// 						},
	// 					},
	// 					PolicyDefinitionID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1"),
	// 					PolicyDefinitionReferenceID: to.Ptr("Limit_Skus"),
	// 				},
	// 				{
	// 					GroupNames: []*string{
	// 						to.Ptr("Organizational")},
	// 						Parameters: map[string]*armpolicy.ParameterValuesValue{
	// 							"prefix": &armpolicy.ParameterValuesValue{
	// 								Value: "DeptA",
	// 							},
	// 							"suffix": &armpolicy.ParameterValuesValue{
	// 								Value: "-LC",
	// 							},
	// 						},
	// 						PolicyDefinitionID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
	// 						PolicyDefinitionReferenceID: to.Ptr("Resource_Naming"),
	// 				}},
	// 			},
	// 		}
}

Output:

func (*SetDefinitionsClient) Delete added in v0.2.0 

func (client *SetDefinitionsClient) Delete(ctx context.Context, policySetDefinitionName string, options *SetDefinitionsClientDeleteOptions) (SetDefinitionsClientDeleteResponse, error)

Delete - This operation deletes the policy set definition in the given subscription with the given name. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-06-01

  • policySetDefinitionName - The name of the policy set definition to delete.
  • options - SetDefinitionsClientDeleteOptions contains the optional parameters for the SetDefinitionsClient.Delete method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d55b8005f05b040b852c15e74a0f3e36494a15e1/specification/resources/resource-manager/Microsoft.Authorization/stable/2021-06-01/examples/deletePolicySetDefinition.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	_, err = clientFactory.NewSetDefinitionsClient().Delete(ctx, "CostManagement", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
}

Output:

func (*SetDefinitionsClient) DeleteAtManagementGroup added in v0.2.0 

func (client *SetDefinitionsClient) DeleteAtManagementGroup(ctx context.Context, policySetDefinitionName string, managementGroupID string, options *SetDefinitionsClientDeleteAtManagementGroupOptions) (SetDefinitionsClientDeleteAtManagementGroupResponse, error)

DeleteAtManagementGroup - This operation deletes the policy set definition in the given management group with the given name. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-06-01

  • policySetDefinitionName - The name of the policy set definition to delete.
  • managementGroupID - The ID of the management group.
  • options - SetDefinitionsClientDeleteAtManagementGroupOptions contains the optional parameters for the SetDefinitionsClient.DeleteAtManagementGroup method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d55b8005f05b040b852c15e74a0f3e36494a15e1/specification/resources/resource-manager/Microsoft.Authorization/stable/2021-06-01/examples/deletePolicySetDefinitionAtManagementGroup.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	_, err = clientFactory.NewSetDefinitionsClient().DeleteAtManagementGroup(ctx, "CostManagement", "MyManagementGroup", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
}

Output:

func (*SetDefinitionsClient) Get added in v0.2.0 

func (client *SetDefinitionsClient) Get(ctx context.Context, policySetDefinitionName string, options *SetDefinitionsClientGetOptions) (SetDefinitionsClientGetResponse, error)

Get - This operation retrieves the policy set definition in the given subscription with the given name. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-06-01

  • policySetDefinitionName - The name of the policy set definition to get.
  • options - SetDefinitionsClientGetOptions contains the optional parameters for the SetDefinitionsClient.Get method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d55b8005f05b040b852c15e74a0f3e36494a15e1/specification/resources/resource-manager/Microsoft.Authorization/stable/2021-06-01/examples/getPolicySetDefinition.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewSetDefinitionsClient().Get(ctx, "CostManagement", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.SetDefinition = armpolicy.SetDefinition{
	// 	Name: to.Ptr("CostManagement"),
	// 	Type: to.Ptr("Microsoft.Authorization/policySetDefinitions"),
	// 	ID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement"),
	// 	Properties: &armpolicy.SetDefinitionProperties{
	// 		Description: to.Ptr("Policies to enforce low cost storage SKUs"),
	// 		DisplayName: to.Ptr("Cost Management"),
	// 		Metadata: map[string]any{
	// 			"category": "Cost Management",
	// 		},
	// 		PolicyDefinitionGroups: []*armpolicy.DefinitionGroup{
	// 			{
	// 				Name: to.Ptr("CostSaving"),
	// 				Description: to.Ptr("Policies designed to control spend within a subscription."),
	// 				DisplayName: to.Ptr("Cost Management Policies"),
	// 			},
	// 			{
	// 				Name: to.Ptr("Organizational"),
	// 				Description: to.Ptr("Policies that help enforce resource organization standards within a subscription."),
	// 				DisplayName: to.Ptr("Organizational Policies"),
	// 		}},
	// 		PolicyDefinitions: []*armpolicy.DefinitionReference{
	// 			{
	// 				GroupNames: []*string{
	// 					to.Ptr("CostSaving")},
	// 					Parameters: map[string]*armpolicy.ParameterValuesValue{
	// 						"listOfAllowedSKUs": &armpolicy.ParameterValuesValue{
	// 							Value: []any{
	// 								"Standard_GRS",
	// 								"Standard_LRS",
	// 							},
	// 						},
	// 					},
	// 					PolicyDefinitionID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1"),
	// 					PolicyDefinitionReferenceID: to.Ptr("Limit_Skus"),
	// 				},
	// 				{
	// 					GroupNames: []*string{
	// 						to.Ptr("Organizational")},
	// 						Parameters: map[string]*armpolicy.ParameterValuesValue{
	// 							"prefix": &armpolicy.ParameterValuesValue{
	// 								Value: "DeptA",
	// 							},
	// 							"suffix": &armpolicy.ParameterValuesValue{
	// 								Value: "-LC",
	// 							},
	// 						},
	// 						PolicyDefinitionID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
	// 						PolicyDefinitionReferenceID: to.Ptr("Resource_Naming"),
	// 				}},
	// 			},
	// 		}
}

Output:

func (*SetDefinitionsClient) GetAtManagementGroup added in v0.2.0 

func (client *SetDefinitionsClient) GetAtManagementGroup(ctx context.Context, policySetDefinitionName string, managementGroupID string, options *SetDefinitionsClientGetAtManagementGroupOptions) (SetDefinitionsClientGetAtManagementGroupResponse, error)

GetAtManagementGroup - This operation retrieves the policy set definition in the given management group with the given name. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-06-01

  • policySetDefinitionName - The name of the policy set definition to get.
  • managementGroupID - The ID of the management group.
  • options - SetDefinitionsClientGetAtManagementGroupOptions contains the optional parameters for the SetDefinitionsClient.GetAtManagementGroup method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d55b8005f05b040b852c15e74a0f3e36494a15e1/specification/resources/resource-manager/Microsoft.Authorization/stable/2021-06-01/examples/getPolicySetDefinitionAtManagementGroup.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewSetDefinitionsClient().GetAtManagementGroup(ctx, "CostManagement", "MyManagementGroup", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.SetDefinition = armpolicy.SetDefinition{
	// 	Name: to.Ptr("CostManagement"),
	// 	Type: to.Ptr("Microsoft.Authorization/policySetDefinitions"),
	// 	ID: to.Ptr("/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement"),
	// 	Properties: &armpolicy.SetDefinitionProperties{
	// 		Description: to.Ptr("Policies to enforce low cost storage SKUs"),
	// 		DisplayName: to.Ptr("Cost Management"),
	// 		Metadata: map[string]any{
	// 			"category": "Cost Management",
	// 		},
	// 		PolicyDefinitions: []*armpolicy.DefinitionReference{
	// 			{
	// 				Parameters: map[string]*armpolicy.ParameterValuesValue{
	// 					"listOfAllowedSKUs": &armpolicy.ParameterValuesValue{
	// 						Value: []any{
	// 							"Standard_GRS",
	// 							"Standard_LRS",
	// 						},
	// 					},
	// 				},
	// 				PolicyDefinitionID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1"),
	// 				PolicyDefinitionReferenceID: to.Ptr("Limit_Skus"),
	// 			},
	// 			{
	// 				Parameters: map[string]*armpolicy.ParameterValuesValue{
	// 					"prefix": &armpolicy.ParameterValuesValue{
	// 						Value: "DeptA",
	// 					},
	// 					"suffix": &armpolicy.ParameterValuesValue{
	// 						Value: "-LC",
	// 					},
	// 				},
	// 				PolicyDefinitionID: to.Ptr("/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
	// 				PolicyDefinitionReferenceID: to.Ptr("Resource_Naming"),
	// 		}},
	// 	},
	// }
}

Output:

func (*SetDefinitionsClient) GetBuiltIn added in v0.2.0 

func (client *SetDefinitionsClient) GetBuiltIn(ctx context.Context, policySetDefinitionName string, options *SetDefinitionsClientGetBuiltInOptions) (SetDefinitionsClientGetBuiltInResponse, error)

GetBuiltIn - This operation retrieves the built-in policy set definition with the given name. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-06-01

  • policySetDefinitionName - The name of the policy set definition to get.
  • options - SetDefinitionsClientGetBuiltInOptions contains the optional parameters for the SetDefinitionsClient.GetBuiltIn method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d55b8005f05b040b852c15e74a0f3e36494a15e1/specification/resources/resource-manager/Microsoft.Authorization/stable/2021-06-01/examples/getBuiltInPolicySetDefinition.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewSetDefinitionsClient().GetBuiltIn(ctx, "1f3afdf9-d0c9-4c3d-847f-89da613e70a8", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.SetDefinition = armpolicy.SetDefinition{
	// 	Name: to.Ptr("1f3afdf9-d0c9-4c3d-847f-89da613e70a8"),
	// 	Type: to.Ptr("Microsoft.Authorization/policySetDefinitions"),
	// 	ID: to.Ptr("/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8"),
	// 	Properties: &armpolicy.SetDefinitionProperties{
	// 		Description: to.Ptr("Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center."),
	// 		DisplayName: to.Ptr("[Preview]: Enable Monitoring in Azure Security Center"),
	// 		Metadata: map[string]any{
	// 			"category": "Security Center",
	// 		},
	// 		Parameters: map[string]*armpolicy.ParameterDefinitionsValue{
	// 		},
	// 		PolicyDefinitions: []*armpolicy.DefinitionReference{
	// 			{
	// 				PolicyDefinitionID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16"),
	// 				PolicyDefinitionReferenceID: to.Ptr("RefId1"),
	// 			},
	// 			{
	// 				PolicyDefinitionID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d"),
	// 				PolicyDefinitionReferenceID: to.Ptr("RefId2"),
	// 			},
	// 			{
	// 				PolicyDefinitionID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60"),
	// 				PolicyDefinitionReferenceID: to.Ptr("RefId3"),
	// 			},
	// 			{
	// 				PolicyDefinitionID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759"),
	// 				PolicyDefinitionReferenceID: to.Ptr("RefId4"),
	// 			},
	// 			{
	// 				PolicyDefinitionID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c"),
	// 				PolicyDefinitionReferenceID: to.Ptr("RefId5"),
	// 			},
	// 			{
	// 				PolicyDefinitionID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc"),
	// 				PolicyDefinitionReferenceID: to.Ptr("RefId6"),
	// 			},
	// 			{
	// 				PolicyDefinitionID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed"),
	// 				PolicyDefinitionReferenceID: to.Ptr("RefId7"),
	// 			},
	// 			{
	// 				PolicyDefinitionID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15"),
	// 				PolicyDefinitionReferenceID: to.Ptr("RefId8"),
	// 			},
	// 			{
	// 				PolicyDefinitionID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9"),
	// 				PolicyDefinitionReferenceID: to.Ptr("RefId9"),
	// 			},
	// 			{
	// 				PolicyDefinitionID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d"),
	// 				PolicyDefinitionReferenceID: to.Ptr("RefId10"),
	// 		}},
	// 		PolicyType: to.Ptr(armpolicy.PolicyTypeBuiltIn),
	// 	},
	// }
}

Output:

func (*SetDefinitionsClient) NewListBuiltInPager added in v0.5.0 

func (client *SetDefinitionsClient) NewListBuiltInPager(options *SetDefinitionsClientListBuiltInOptions) *runtime.Pager[SetDefinitionsClientListBuiltInResponse]

NewListBuiltInPager - This operation retrieves a list of all the built-in policy set definitions that match the optional given $filter. If $filter='category -eq {value}' is provided, the returned list only includes all built-in policy set definitions whose category match the {value}.

Generated from API version 2021-06-01

  • options - SetDefinitionsClientListBuiltInOptions contains the optional parameters for the SetDefinitionsClient.NewListBuiltInPager method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d55b8005f05b040b852c15e74a0f3e36494a15e1/specification/resources/resource-manager/Microsoft.Authorization/stable/2021-06-01/examples/listBuiltInPolicySetDefinitions.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	pager := clientFactory.NewSetDefinitionsClient().NewListBuiltInPager(&armpolicy.SetDefinitionsClientListBuiltInOptions{Filter: nil,
		Top: nil,
	})
	for pager.More() {
		page, err := pager.NextPage(ctx)
		if err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		for _, v := range page.Value {
			// You could use page here. We use blank identifier for just demo purposes.
			_ = v
		}
		// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
		// page.SetDefinitionListResult = armpolicy.SetDefinitionListResult{
		// 	Value: []*armpolicy.SetDefinition{
		// 		{
		// 			Name: to.Ptr("1f3afdf9-d0c9-4c3d-847f-89da613e70a8"),
		// 			Type: to.Ptr("Microsoft.Authorization/policySetDefinitions"),
		// 			ID: to.Ptr("/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8"),
		// 			Properties: &armpolicy.SetDefinitionProperties{
		// 				Description: to.Ptr("Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center."),
		// 				DisplayName: to.Ptr("[Preview]: Enable Monitoring in Azure Security Center"),
		// 				Metadata: map[string]any{
		// 					"category": "Security Center",
		// 				},
		// 				Parameters: map[string]*armpolicy.ParameterDefinitionsValue{
		// 				},
		// 				PolicyDefinitions: []*armpolicy.DefinitionReference{
		// 					{
		// 						PolicyDefinitionID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16"),
		// 						PolicyDefinitionReferenceID: to.Ptr("RefId1"),
		// 					},
		// 					{
		// 						PolicyDefinitionID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d"),
		// 						PolicyDefinitionReferenceID: to.Ptr("RefId2"),
		// 					},
		// 					{
		// 						PolicyDefinitionID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60"),
		// 						PolicyDefinitionReferenceID: to.Ptr("RefId3"),
		// 					},
		// 					{
		// 						PolicyDefinitionID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759"),
		// 						PolicyDefinitionReferenceID: to.Ptr("RefId4"),
		// 					},
		// 					{
		// 						PolicyDefinitionID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c"),
		// 						PolicyDefinitionReferenceID: to.Ptr("RefId5"),
		// 					},
		// 					{
		// 						PolicyDefinitionID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc"),
		// 						PolicyDefinitionReferenceID: to.Ptr("RefId6"),
		// 					},
		// 					{
		// 						PolicyDefinitionID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed"),
		// 						PolicyDefinitionReferenceID: to.Ptr("RefId7"),
		// 					},
		// 					{
		// 						PolicyDefinitionID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15"),
		// 						PolicyDefinitionReferenceID: to.Ptr("RefId8"),
		// 					},
		// 					{
		// 						PolicyDefinitionID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9"),
		// 						PolicyDefinitionReferenceID: to.Ptr("RefId9"),
		// 					},
		// 					{
		// 						PolicyDefinitionID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d"),
		// 						PolicyDefinitionReferenceID: to.Ptr("RefId10"),
		// 				}},
		// 				PolicyType: to.Ptr(armpolicy.PolicyTypeBuiltIn),
		// 			},
		// 	}},
		// }
	}
}

Output:

func (*SetDefinitionsClient) NewListByManagementGroupPager added in v0.5.0 

func (client *SetDefinitionsClient) NewListByManagementGroupPager(managementGroupID string, options *SetDefinitionsClientListByManagementGroupOptions) *runtime.Pager[SetDefinitionsClientListByManagementGroupResponse]

NewListByManagementGroupPager - This operation retrieves a list of all the policy set definitions in a given management group that match the optional given $filter. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}”. If $filter is not provided, the unfiltered list includes all policy set definitions associated with the management group, including those that apply directly or from management groups that contain the given management group. If $filter=atExactScope() is provided, the returned list only includes all policy set definitions that at the given management group. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy set definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn and Custom. If $filter='category -eq {value}' is provided, the returned list only includes all policy set definitions whose category match the {value}.

Generated from API version 2021-06-01

  • managementGroupID - The ID of the management group.
  • options - SetDefinitionsClientListByManagementGroupOptions contains the optional parameters for the SetDefinitionsClient.NewListByManagementGroupPager method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d55b8005f05b040b852c15e74a0f3e36494a15e1/specification/resources/resource-manager/Microsoft.Authorization/stable/2021-06-01/examples/listPolicySetDefinitionsByManagementGroup.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	pager := clientFactory.NewSetDefinitionsClient().NewListByManagementGroupPager("MyManagementGroup", &armpolicy.SetDefinitionsClientListByManagementGroupOptions{Filter: nil,
		Top: nil,
	})
	for pager.More() {
		page, err := pager.NextPage(ctx)
		if err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		for _, v := range page.Value {
			// You could use page here. We use blank identifier for just demo purposes.
			_ = v
		}
		// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
		// page.SetDefinitionListResult = armpolicy.SetDefinitionListResult{
		// 	Value: []*armpolicy.SetDefinition{
		// 		{
		// 			Name: to.Ptr("1f3afdf9-d0c9-4c3d-847f-89da613e70a8"),
		// 			Type: to.Ptr("Microsoft.Authorization/policySetDefinitions"),
		// 			ID: to.Ptr("/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8"),
		// 			Properties: &armpolicy.SetDefinitionProperties{
		// 				Description: to.Ptr("Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center."),
		// 				DisplayName: to.Ptr("[Preview]: Enable Monitoring in Azure Security Center"),
		// 				Metadata: map[string]any{
		// 					"category": "Security Center",
		// 				},
		// 				Parameters: map[string]*armpolicy.ParameterDefinitionsValue{
		// 				},
		// 				PolicyDefinitions: []*armpolicy.DefinitionReference{
		// 					{
		// 						PolicyDefinitionID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16"),
		// 						PolicyDefinitionReferenceID: to.Ptr("RefId1"),
		// 					},
		// 					{
		// 						PolicyDefinitionID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d"),
		// 						PolicyDefinitionReferenceID: to.Ptr("RefId2"),
		// 					},
		// 					{
		// 						PolicyDefinitionID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60"),
		// 						PolicyDefinitionReferenceID: to.Ptr("RefId3"),
		// 					},
		// 					{
		// 						PolicyDefinitionID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759"),
		// 						PolicyDefinitionReferenceID: to.Ptr("RefId4"),
		// 					},
		// 					{
		// 						PolicyDefinitionID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c"),
		// 						PolicyDefinitionReferenceID: to.Ptr("RefId5"),
		// 					},
		// 					{
		// 						PolicyDefinitionID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc"),
		// 						PolicyDefinitionReferenceID: to.Ptr("RefId6"),
		// 					},
		// 					{
		// 						PolicyDefinitionID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed"),
		// 						PolicyDefinitionReferenceID: to.Ptr("RefId7"),
		// 					},
		// 					{
		// 						PolicyDefinitionID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15"),
		// 						PolicyDefinitionReferenceID: to.Ptr("RefId8"),
		// 					},
		// 					{
		// 						PolicyDefinitionID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9"),
		// 						PolicyDefinitionReferenceID: to.Ptr("RefId9"),
		// 					},
		// 					{
		// 						PolicyDefinitionID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d"),
		// 						PolicyDefinitionReferenceID: to.Ptr("RefId10"),
		// 				}},
		// 				PolicyType: to.Ptr(armpolicy.PolicyTypeBuiltIn),
		// 			},
		// 		},
		// 		{
		// 			Name: to.Ptr("CostManagement"),
		// 			Type: to.Ptr("Microsoft.Authorization/policySetDefinitions"),
		// 			ID: to.Ptr("/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement"),
		// 			Properties: &armpolicy.SetDefinitionProperties{
		// 				Description: to.Ptr("Policies to enforce low cost storage SKUs"),
		// 				DisplayName: to.Ptr("Cost Management"),
		// 				Metadata: map[string]any{
		// 					"category": "Cost Management",
		// 				},
		// 				PolicyDefinitions: []*armpolicy.DefinitionReference{
		// 					{
		// 						Parameters: map[string]*armpolicy.ParameterValuesValue{
		// 							"listOfAllowedSKUs": &armpolicy.ParameterValuesValue{
		// 								Value: []any{
		// 									"Standard_GRS",
		// 									"Standard_LRS",
		// 								},
		// 							},
		// 						},
		// 						PolicyDefinitionID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1"),
		// 						PolicyDefinitionReferenceID: to.Ptr("Limit_Skus"),
		// 					},
		// 					{
		// 						Parameters: map[string]*armpolicy.ParameterValuesValue{
		// 							"prefix": &armpolicy.ParameterValuesValue{
		// 								Value: "DeptA",
		// 							},
		// 							"suffix": &armpolicy.ParameterValuesValue{
		// 								Value: "-LC",
		// 							},
		// 						},
		// 						PolicyDefinitionID: to.Ptr("/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
		// 						PolicyDefinitionReferenceID: to.Ptr("Resource_Naming"),
		// 				}},
		// 			},
		// 	}},
		// }
	}
}

Output:

func (*SetDefinitionsClient) NewListPager added in v0.5.0 

func (client *SetDefinitionsClient) NewListPager(options *SetDefinitionsClientListOptions) *runtime.Pager[SetDefinitionsClientListResponse]

NewListPager - This operation retrieves a list of all the policy set definitions in a given subscription that match the optional given $filter. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}”. If $filter is not provided, the unfiltered list includes all policy set definitions associated with the subscription, including those that apply directly or from management groups that contain the given subscription. If $filter=atExactScope() is provided, the returned list only includes all policy set definitions that at the given subscription. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy set definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn and Custom. If $filter='category -eq {value}' is provided, the returned list only includes all policy set definitions whose category match the {value}.

Generated from API version 2021-06-01

  • options - SetDefinitionsClientListOptions contains the optional parameters for the SetDefinitionsClient.NewListPager method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d55b8005f05b040b852c15e74a0f3e36494a15e1/specification/resources/resource-manager/Microsoft.Authorization/stable/2021-06-01/examples/listPolicySetDefinitions.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	pager := clientFactory.NewSetDefinitionsClient().NewListPager(&armpolicy.SetDefinitionsClientListOptions{Filter: nil,
		Top: nil,
	})
	for pager.More() {
		page, err := pager.NextPage(ctx)
		if err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		for _, v := range page.Value {
			// You could use page here. We use blank identifier for just demo purposes.
			_ = v
		}
		// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
		// page.SetDefinitionListResult = armpolicy.SetDefinitionListResult{
		// 	Value: []*armpolicy.SetDefinition{
		// 		{
		// 			Name: to.Ptr("1f3afdf9-d0c9-4c3d-847f-89da613e70a8"),
		// 			Type: to.Ptr("Microsoft.Authorization/policySetDefinitions"),
		// 			ID: to.Ptr("/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8"),
		// 			Properties: &armpolicy.SetDefinitionProperties{
		// 				Description: to.Ptr("Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center."),
		// 				DisplayName: to.Ptr("[Preview]: Enable Monitoring in Azure Security Center"),
		// 				Metadata: map[string]any{
		// 					"category": "Security Center",
		// 				},
		// 				Parameters: map[string]*armpolicy.ParameterDefinitionsValue{
		// 				},
		// 				PolicyDefinitions: []*armpolicy.DefinitionReference{
		// 					{
		// 						PolicyDefinitionID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16"),
		// 						PolicyDefinitionReferenceID: to.Ptr("RefId1"),
		// 					},
		// 					{
		// 						PolicyDefinitionID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d"),
		// 						PolicyDefinitionReferenceID: to.Ptr("RefId2"),
		// 					},
		// 					{
		// 						PolicyDefinitionID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60"),
		// 						PolicyDefinitionReferenceID: to.Ptr("RefId3"),
		// 					},
		// 					{
		// 						PolicyDefinitionID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759"),
		// 						PolicyDefinitionReferenceID: to.Ptr("RefId4"),
		// 					},
		// 					{
		// 						PolicyDefinitionID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c"),
		// 						PolicyDefinitionReferenceID: to.Ptr("RefId5"),
		// 					},
		// 					{
		// 						PolicyDefinitionID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc"),
		// 						PolicyDefinitionReferenceID: to.Ptr("RefId6"),
		// 					},
		// 					{
		// 						PolicyDefinitionID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed"),
		// 						PolicyDefinitionReferenceID: to.Ptr("RefId7"),
		// 					},
		// 					{
		// 						PolicyDefinitionID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15"),
		// 						PolicyDefinitionReferenceID: to.Ptr("RefId8"),
		// 					},
		// 					{
		// 						PolicyDefinitionID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9"),
		// 						PolicyDefinitionReferenceID: to.Ptr("RefId9"),
		// 					},
		// 					{
		// 						PolicyDefinitionID: to.Ptr("/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d"),
		// 						PolicyDefinitionReferenceID: to.Ptr("RefId10"),
		// 				}},
		// 				PolicyType: to.Ptr(armpolicy.PolicyTypeBuiltIn),
		// 			},
		// 		},
		// 		{
		// 			Name: to.Ptr("CostManagement"),
		// 			Type: to.Ptr("Microsoft.Authorization/policySetDefinitions"),
		// 			ID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement"),
		// 			Properties: &armpolicy.SetDefinitionProperties{
		// 				Description: to.Ptr("Policies to enforce low cost storage SKUs"),
		// 				DisplayName: to.Ptr("Cost Management"),
		// 				Metadata: map[string]any{
		// 					"category": "Cost Management",
		// 				},
		// 				PolicyDefinitions: []*armpolicy.DefinitionReference{
		// 					{
		// 						Parameters: map[string]*armpolicy.ParameterValuesValue{
		// 							"listOfAllowedSKUs": &armpolicy.ParameterValuesValue{
		// 								Value: []any{
		// 									"Standard_GRS",
		// 									"Standard_LRS",
		// 								},
		// 							},
		// 						},
		// 						PolicyDefinitionID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1"),
		// 						PolicyDefinitionReferenceID: to.Ptr("Limit_Skus"),
		// 					},
		// 					{
		// 						Parameters: map[string]*armpolicy.ParameterValuesValue{
		// 							"prefix": &armpolicy.ParameterValuesValue{
		// 								Value: "DeptA",
		// 							},
		// 							"suffix": &armpolicy.ParameterValuesValue{
		// 								Value: "-LC",
		// 							},
		// 						},
		// 						PolicyDefinitionID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
		// 						PolicyDefinitionReferenceID: to.Ptr("Resource_Naming"),
		// 				}},
		// 			},
		// 	}},
		// }
	}
}

Output:

type SetDefinitionsClientCreateOrUpdateAtManagementGroupOptions added in v0.2.0 

type SetDefinitionsClientCreateOrUpdateAtManagementGroupOptions struct {
}

SetDefinitionsClientCreateOrUpdateAtManagementGroupOptions contains the optional parameters for the SetDefinitionsClient.CreateOrUpdateAtManagementGroup method.

type SetDefinitionsClientCreateOrUpdateAtManagementGroupResponse added in v0.2.0 

type SetDefinitionsClientCreateOrUpdateAtManagementGroupResponse struct {
	SetDefinition
}

SetDefinitionsClientCreateOrUpdateAtManagementGroupResponse contains the response from method SetDefinitionsClient.CreateOrUpdateAtManagementGroup.

type SetDefinitionsClientCreateOrUpdateOptions added in v0.2.0 

type SetDefinitionsClientCreateOrUpdateOptions struct {
}

SetDefinitionsClientCreateOrUpdateOptions contains the optional parameters for the SetDefinitionsClient.CreateOrUpdate method.

type SetDefinitionsClientCreateOrUpdateResponse added in v0.2.0 

type SetDefinitionsClientCreateOrUpdateResponse struct {
	SetDefinition
}

SetDefinitionsClientCreateOrUpdateResponse contains the response from method SetDefinitionsClient.CreateOrUpdate.

type SetDefinitionsClientDeleteAtManagementGroupOptions added in v0.2.0 

type SetDefinitionsClientDeleteAtManagementGroupOptions struct {
}

SetDefinitionsClientDeleteAtManagementGroupOptions contains the optional parameters for the SetDefinitionsClient.DeleteAtManagementGroup method.

type SetDefinitionsClientDeleteAtManagementGroupResponse added in v0.2.0 

type SetDefinitionsClientDeleteAtManagementGroupResponse struct {
}

SetDefinitionsClientDeleteAtManagementGroupResponse contains the response from method SetDefinitionsClient.DeleteAtManagementGroup.

type SetDefinitionsClientDeleteOptions added in v0.2.0 

type SetDefinitionsClientDeleteOptions struct {
}

SetDefinitionsClientDeleteOptions contains the optional parameters for the SetDefinitionsClient.Delete method.

type SetDefinitionsClientDeleteResponse added in v0.2.0 

type SetDefinitionsClientDeleteResponse struct {
}

SetDefinitionsClientDeleteResponse contains the response from method SetDefinitionsClient.Delete.

type SetDefinitionsClientGetAtManagementGroupOptions added in v0.2.0 

type SetDefinitionsClientGetAtManagementGroupOptions struct {
}

SetDefinitionsClientGetAtManagementGroupOptions contains the optional parameters for the SetDefinitionsClient.GetAtManagementGroup method.

type SetDefinitionsClientGetAtManagementGroupResponse added in v0.2.0 

type SetDefinitionsClientGetAtManagementGroupResponse struct {
	SetDefinition
}

SetDefinitionsClientGetAtManagementGroupResponse contains the response from method SetDefinitionsClient.GetAtManagementGroup.

type SetDefinitionsClientGetBuiltInOptions added in v0.2.0 

type SetDefinitionsClientGetBuiltInOptions struct {
}

SetDefinitionsClientGetBuiltInOptions contains the optional parameters for the SetDefinitionsClient.GetBuiltIn method.

type SetDefinitionsClientGetBuiltInResponse added in v0.2.0 

type SetDefinitionsClientGetBuiltInResponse struct {
	SetDefinition
}

SetDefinitionsClientGetBuiltInResponse contains the response from method SetDefinitionsClient.GetBuiltIn.

type SetDefinitionsClientGetOptions added in v0.2.0 

type SetDefinitionsClientGetOptions struct {
}

SetDefinitionsClientGetOptions contains the optional parameters for the SetDefinitionsClient.Get method.

type SetDefinitionsClientGetResponse added in v0.2.0 

type SetDefinitionsClientGetResponse struct {
	SetDefinition
}

SetDefinitionsClientGetResponse contains the response from method SetDefinitionsClient.Get.

type SetDefinitionsClientListBuiltInOptions added in v0.2.0 

type SetDefinitionsClientListBuiltInOptions struct {
	// The filter to apply on the operation. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category
	// eq '{value}”. If $filter is not provided, no filtering is performed. If
	// $filter=atExactScope() is provided, the returned list only includes all policy set definitions that at the given scope.
	// If $filter='policyType -eq {value}' is provided, the returned list only includes
	// all policy set definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom,
	// and Static. If $filter='category -eq {value}' is provided, the returned list only
	// includes all policy set definitions whose category match the {value}.
	Filter *string
	// Maximum number of records to return. When the $top filter is not provided, it will return 500 records.
	Top *int32
}

SetDefinitionsClientListBuiltInOptions contains the optional parameters for the SetDefinitionsClient.NewListBuiltInPager method.

type SetDefinitionsClientListBuiltInResponse added in v0.2.0 

type SetDefinitionsClientListBuiltInResponse struct {
	SetDefinitionListResult
}

SetDefinitionsClientListBuiltInResponse contains the response from method SetDefinitionsClient.NewListBuiltInPager.

type SetDefinitionsClientListByManagementGroupOptions added in v0.2.0 

type SetDefinitionsClientListByManagementGroupOptions struct {
	// The filter to apply on the operation. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category
	// eq '{value}”. If $filter is not provided, no filtering is performed. If
	// $filter=atExactScope() is provided, the returned list only includes all policy set definitions that at the given scope.
	// If $filter='policyType -eq {value}' is provided, the returned list only includes
	// all policy set definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom,
	// and Static. If $filter='category -eq {value}' is provided, the returned list only
	// includes all policy set definitions whose category match the {value}.
	Filter *string
	// Maximum number of records to return. When the $top filter is not provided, it will return 500 records.
	Top *int32
}

SetDefinitionsClientListByManagementGroupOptions contains the optional parameters for the SetDefinitionsClient.NewListByManagementGroupPager method.

type SetDefinitionsClientListByManagementGroupResponse added in v0.2.0 

type SetDefinitionsClientListByManagementGroupResponse struct {
	SetDefinitionListResult
}

SetDefinitionsClientListByManagementGroupResponse contains the response from method SetDefinitionsClient.NewListByManagementGroupPager.

type SetDefinitionsClientListOptions added in v0.2.0 

type SetDefinitionsClientListOptions struct {
	// The filter to apply on the operation. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category
	// eq '{value}”. If $filter is not provided, no filtering is performed. If
	// $filter=atExactScope() is provided, the returned list only includes all policy set definitions that at the given scope.
	// If $filter='policyType -eq {value}' is provided, the returned list only includes
	// all policy set definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom,
	// and Static. If $filter='category -eq {value}' is provided, the returned list only
	// includes all policy set definitions whose category match the {value}.
	Filter *string
	// Maximum number of records to return. When the $top filter is not provided, it will return 500 records.
	Top *int32
}

SetDefinitionsClientListOptions contains the optional parameters for the SetDefinitionsClient.NewListPager method.

type SetDefinitionsClientListResponse added in v0.2.0 

type SetDefinitionsClientListResponse struct {
	SetDefinitionListResult
}

SetDefinitionsClientListResponse contains the response from method SetDefinitionsClient.NewListPager.

type SystemData 

type SystemData struct {
	// The timestamp of resource creation (UTC).
	CreatedAt *time.Time `json:"createdAt,omitempty"`

	// The identity that created the resource.
	CreatedBy *string `json:"createdBy,omitempty"`

	// The type of identity that created the resource.
	CreatedByType *CreatedByType `json:"createdByType,omitempty"`

	// The timestamp of resource last modification (UTC)
	LastModifiedAt *time.Time `json:"lastModifiedAt,omitempty"`

	// The identity that last modified the resource.
	LastModifiedBy *string `json:"lastModifiedBy,omitempty"`

	// The type of identity that last modified the resource.
	LastModifiedByType *CreatedByType `json:"lastModifiedByType,omitempty"`
}

SystemData - Metadata pertaining to creation and last modification of the resource.

func (SystemData) MarshalJSON 

func (s SystemData) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type SystemData.

func (*SystemData) UnmarshalJSON 

func (s *SystemData) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type SystemData.

type UserAssignedIdentitiesValue 

type UserAssignedIdentitiesValue struct {
	// READ-ONLY; The client id of user assigned identity.
	ClientID *string `json:"clientId,omitempty" azure:"ro"`

	// READ-ONLY; The principal id of user assigned identity.
	PrincipalID *string `json:"principalId,omitempty" azure:"ro"`
}

func (UserAssignedIdentitiesValue) MarshalJSON added in v0.7.0 

func (u UserAssignedIdentitiesValue) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type UserAssignedIdentitiesValue.

func (*UserAssignedIdentitiesValue) UnmarshalJSON added in v0.7.0 

func (u *UserAssignedIdentitiesValue) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type UserAssignedIdentitiesValue.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.