The highest tagged major version is
Documentation
¶
Index ¶
- type Assignment
- type AssignmentArgs
- type AssignmentIdentity
- type AssignmentIdentityArgs
- func (AssignmentIdentityArgs) ElementType() reflect.Type
- func (i AssignmentIdentityArgs) ToAssignmentIdentityOutput() AssignmentIdentityOutput
- func (i AssignmentIdentityArgs) ToAssignmentIdentityOutputWithContext(ctx context.Context) AssignmentIdentityOutput
- func (i AssignmentIdentityArgs) ToAssignmentIdentityPtrOutput() AssignmentIdentityPtrOutput
- func (i AssignmentIdentityArgs) ToAssignmentIdentityPtrOutputWithContext(ctx context.Context) AssignmentIdentityPtrOutput
- type AssignmentIdentityInput
- type AssignmentIdentityOutput
- func (AssignmentIdentityOutput) ElementType() reflect.Type
- func (o AssignmentIdentityOutput) PrincipalId() pulumi.StringPtrOutput
- func (o AssignmentIdentityOutput) TenantId() pulumi.StringPtrOutput
- func (o AssignmentIdentityOutput) ToAssignmentIdentityOutput() AssignmentIdentityOutput
- func (o AssignmentIdentityOutput) ToAssignmentIdentityOutputWithContext(ctx context.Context) AssignmentIdentityOutput
- func (o AssignmentIdentityOutput) ToAssignmentIdentityPtrOutput() AssignmentIdentityPtrOutput
- func (o AssignmentIdentityOutput) ToAssignmentIdentityPtrOutputWithContext(ctx context.Context) AssignmentIdentityPtrOutput
- func (o AssignmentIdentityOutput) Type() pulumi.StringPtrOutput
- type AssignmentIdentityPtrInput
- type AssignmentIdentityPtrOutput
- func (o AssignmentIdentityPtrOutput) Elem() AssignmentIdentityOutput
- func (AssignmentIdentityPtrOutput) ElementType() reflect.Type
- func (o AssignmentIdentityPtrOutput) PrincipalId() pulumi.StringPtrOutput
- func (o AssignmentIdentityPtrOutput) TenantId() pulumi.StringPtrOutput
- func (o AssignmentIdentityPtrOutput) ToAssignmentIdentityPtrOutput() AssignmentIdentityPtrOutput
- func (o AssignmentIdentityPtrOutput) ToAssignmentIdentityPtrOutputWithContext(ctx context.Context) AssignmentIdentityPtrOutput
- func (o AssignmentIdentityPtrOutput) Type() pulumi.StringPtrOutput
- type AssignmentState
- type Definition
- type DefinitionArgs
- type DefinitionState
- type GetPolicyDefintionArgs
- type GetPolicyDefintionResult
- type GetPolicySetDefinitionPolicyDefinitionReference
- type GetPolicySetDefinitionPolicyDefinitionReferenceArgs
- func (GetPolicySetDefinitionPolicyDefinitionReferenceArgs) ElementType() reflect.Type
- func (i GetPolicySetDefinitionPolicyDefinitionReferenceArgs) ToGetPolicySetDefinitionPolicyDefinitionReferenceOutput() GetPolicySetDefinitionPolicyDefinitionReferenceOutput
- func (i GetPolicySetDefinitionPolicyDefinitionReferenceArgs) ToGetPolicySetDefinitionPolicyDefinitionReferenceOutputWithContext(ctx context.Context) GetPolicySetDefinitionPolicyDefinitionReferenceOutput
- type GetPolicySetDefinitionPolicyDefinitionReferenceArray
- func (GetPolicySetDefinitionPolicyDefinitionReferenceArray) ElementType() reflect.Type
- func (i GetPolicySetDefinitionPolicyDefinitionReferenceArray) ToGetPolicySetDefinitionPolicyDefinitionReferenceArrayOutput() GetPolicySetDefinitionPolicyDefinitionReferenceArrayOutput
- func (i GetPolicySetDefinitionPolicyDefinitionReferenceArray) ToGetPolicySetDefinitionPolicyDefinitionReferenceArrayOutputWithContext(ctx context.Context) GetPolicySetDefinitionPolicyDefinitionReferenceArrayOutput
- type GetPolicySetDefinitionPolicyDefinitionReferenceArrayInput
- type GetPolicySetDefinitionPolicyDefinitionReferenceArrayOutput
- func (GetPolicySetDefinitionPolicyDefinitionReferenceArrayOutput) ElementType() reflect.Type
- func (o GetPolicySetDefinitionPolicyDefinitionReferenceArrayOutput) Index(i pulumi.IntInput) GetPolicySetDefinitionPolicyDefinitionReferenceOutput
- func (o GetPolicySetDefinitionPolicyDefinitionReferenceArrayOutput) ToGetPolicySetDefinitionPolicyDefinitionReferenceArrayOutput() GetPolicySetDefinitionPolicyDefinitionReferenceArrayOutput
- func (o GetPolicySetDefinitionPolicyDefinitionReferenceArrayOutput) ToGetPolicySetDefinitionPolicyDefinitionReferenceArrayOutputWithContext(ctx context.Context) GetPolicySetDefinitionPolicyDefinitionReferenceArrayOutput
- type GetPolicySetDefinitionPolicyDefinitionReferenceInput
- type GetPolicySetDefinitionPolicyDefinitionReferenceOutput
- func (GetPolicySetDefinitionPolicyDefinitionReferenceOutput) ElementType() reflect.Type
- func (o GetPolicySetDefinitionPolicyDefinitionReferenceOutput) ParameterValues() pulumi.StringOutput
- func (o GetPolicySetDefinitionPolicyDefinitionReferenceOutput) Parameters() pulumi.StringMapOutput
- func (o GetPolicySetDefinitionPolicyDefinitionReferenceOutput) PolicyDefinitionId() pulumi.StringOutput
- func (o GetPolicySetDefinitionPolicyDefinitionReferenceOutput) ReferenceId() pulumi.StringOutput
- func (o GetPolicySetDefinitionPolicyDefinitionReferenceOutput) ToGetPolicySetDefinitionPolicyDefinitionReferenceOutput() GetPolicySetDefinitionPolicyDefinitionReferenceOutput
- func (o GetPolicySetDefinitionPolicyDefinitionReferenceOutput) ToGetPolicySetDefinitionPolicyDefinitionReferenceOutputWithContext(ctx context.Context) GetPolicySetDefinitionPolicyDefinitionReferenceOutput
- type LookupPolicySetDefinitionArgs
- type LookupPolicySetDefinitionResult
- type PolicySetDefinition
- type PolicySetDefinitionArgs
- type PolicySetDefinitionPolicyDefinitionReference
- type PolicySetDefinitionPolicyDefinitionReferenceArgs
- func (PolicySetDefinitionPolicyDefinitionReferenceArgs) ElementType() reflect.Type
- func (i PolicySetDefinitionPolicyDefinitionReferenceArgs) ToPolicySetDefinitionPolicyDefinitionReferenceOutput() PolicySetDefinitionPolicyDefinitionReferenceOutput
- func (i PolicySetDefinitionPolicyDefinitionReferenceArgs) ToPolicySetDefinitionPolicyDefinitionReferenceOutputWithContext(ctx context.Context) PolicySetDefinitionPolicyDefinitionReferenceOutput
- type PolicySetDefinitionPolicyDefinitionReferenceArray
- func (PolicySetDefinitionPolicyDefinitionReferenceArray) ElementType() reflect.Type
- func (i PolicySetDefinitionPolicyDefinitionReferenceArray) ToPolicySetDefinitionPolicyDefinitionReferenceArrayOutput() PolicySetDefinitionPolicyDefinitionReferenceArrayOutput
- func (i PolicySetDefinitionPolicyDefinitionReferenceArray) ToPolicySetDefinitionPolicyDefinitionReferenceArrayOutputWithContext(ctx context.Context) PolicySetDefinitionPolicyDefinitionReferenceArrayOutput
- type PolicySetDefinitionPolicyDefinitionReferenceArrayInput
- type PolicySetDefinitionPolicyDefinitionReferenceArrayOutput
- func (PolicySetDefinitionPolicyDefinitionReferenceArrayOutput) ElementType() reflect.Type
- func (o PolicySetDefinitionPolicyDefinitionReferenceArrayOutput) Index(i pulumi.IntInput) PolicySetDefinitionPolicyDefinitionReferenceOutput
- func (o PolicySetDefinitionPolicyDefinitionReferenceArrayOutput) ToPolicySetDefinitionPolicyDefinitionReferenceArrayOutput() PolicySetDefinitionPolicyDefinitionReferenceArrayOutput
- func (o PolicySetDefinitionPolicyDefinitionReferenceArrayOutput) ToPolicySetDefinitionPolicyDefinitionReferenceArrayOutputWithContext(ctx context.Context) PolicySetDefinitionPolicyDefinitionReferenceArrayOutput
- type PolicySetDefinitionPolicyDefinitionReferenceInput
- type PolicySetDefinitionPolicyDefinitionReferenceOutput
- func (PolicySetDefinitionPolicyDefinitionReferenceOutput) ElementType() reflect.Type
- func (o PolicySetDefinitionPolicyDefinitionReferenceOutput) ParameterValues() pulumi.StringPtrOutput
- func (o PolicySetDefinitionPolicyDefinitionReferenceOutput) Parameters() pulumi.StringMapOutputdeprecated
- func (o PolicySetDefinitionPolicyDefinitionReferenceOutput) PolicyDefinitionId() pulumi.StringOutput
- func (o PolicySetDefinitionPolicyDefinitionReferenceOutput) ReferenceId() pulumi.StringPtrOutput
- func (o PolicySetDefinitionPolicyDefinitionReferenceOutput) ToPolicySetDefinitionPolicyDefinitionReferenceOutput() PolicySetDefinitionPolicyDefinitionReferenceOutput
- func (o PolicySetDefinitionPolicyDefinitionReferenceOutput) ToPolicySetDefinitionPolicyDefinitionReferenceOutputWithContext(ctx context.Context) PolicySetDefinitionPolicyDefinitionReferenceOutput
- type PolicySetDefinitionState
- type Remediation
- type RemediationArgs
- type RemediationState
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Assignment ¶
type Assignment struct {
pulumi.CustomResourceState
// A description to use for this Policy Assignment. Changing this forces a new resource to be created.
Description pulumi.StringPtrOutput `pulumi:"description"`
// A friendly display name to use for this Policy Assignment. Changing this forces a new resource to be created.
DisplayName pulumi.StringPtrOutput `pulumi:"displayName"`
// Can be set to 'true' or 'false' to control whether the assignment is enforced (true) or not (false). Default is 'true'.
EnforcementMode pulumi.BoolPtrOutput `pulumi:"enforcementMode"`
// An `identity` block.
Identity AssignmentIdentityOutput `pulumi:"identity"`
// The Azure location where this policy assignment should exist. This is required when an Identity is assigned. Changing this forces a new resource to be created.
Location pulumi.StringOutput `pulumi:"location"`
// The metadata for the policy assignment. This is a JSON string representing additional metadata that should be stored with the policy assignment.
Metadata pulumi.StringOutput `pulumi:"metadata"`
// The name of the Policy Assignment. Changing this forces a new resource to be created.
Name pulumi.StringOutput `pulumi:"name"`
// A list of the Policy Assignment's excluded scopes. The list must contain Resource IDs (such as Subscriptions e.g. `/subscriptions/00000000-0000-0000-000000000000` or Resource Groups e.g.`/subscriptions/00000000-0000-0000-000000000000/resourceGroups/myResourceGroup`).
NotScopes pulumi.StringArrayOutput `pulumi:"notScopes"`
// Parameters for the policy definition. This field is a JSON string that maps to the Parameters field from the Policy Definition. Changing this forces a new resource to be created.
Parameters pulumi.StringPtrOutput `pulumi:"parameters"`
// The ID of the Policy Definition to be applied at the specified Scope.
PolicyDefinitionId pulumi.StringOutput `pulumi:"policyDefinitionId"`
// The Scope at which the Policy Assignment should be applied, which must be a Resource ID (such as Subscription e.g. `/subscriptions/00000000-0000-0000-000000000000` or a Resource Group e.g.`/subscriptions/00000000-0000-0000-000000000000/resourceGroups/myResourceGroup`). Changing this forces a new resource to be created.
Scope pulumi.StringOutput `pulumi:"scope"`
}
Configures the specified Policy Definition at the specified Scope. Also, Policy Set Definitions are supported.
## Example Usage
```go package main
import (
"fmt" "github.com/pulumi/pulumi-azure/sdk/v3/go/azure/core" "github.com/pulumi/pulumi-azure/sdk/v3/go/azure/policy" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleDefinition, err := policy.NewDefinition(ctx, "exampleDefinition", &policy.DefinitionArgs{
PolicyType: pulumi.String("Custom"),
Mode: pulumi.String("All"),
DisplayName: pulumi.String("my-policy-definition"),
PolicyRule: pulumi.String(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v", " {\n", " \"if\": {\n", " \"not\": {\n", " \"field\": \"location\",\n", " \"in\": \"[parameters('allowedLocations')]\"\n", " }\n", " },\n", " \"then\": {\n", " \"effect\": \"audit\"\n", " }\n", " }\n")),
Parameters: pulumi.String(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v", " {\n", " \"allowedLocations\": {\n", " \"type\": \"Array\",\n", " \"metadata\": {\n", " \"description\": \"The list of allowed locations for resources.\",\n", " \"displayName\": \"Allowed locations\",\n", " \"strongType\": \"location\"\n", " }\n", " }\n", " }\n")),
})
if err != nil {
return err
}
exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
Location: pulumi.String("West Europe"),
})
if err != nil {
return err
}
_, err = policy.NewAssignment(ctx, "exampleAssignment", &policy.AssignmentArgs{
Scope: exampleResourceGroup.ID(),
PolicyDefinitionId: exampleDefinition.ID(),
Description: pulumi.String("Policy Assignment created via an Acceptance Test"),
DisplayName: pulumi.String("My Example Policy Assignment"),
Metadata: pulumi.String(fmt.Sprintf("%v%v%v", " {\n", " \"category\": \"General\"\n", " }\n")),
Parameters: pulumi.String(fmt.Sprintf("%v%v%v%v%v", "{\n", " \"allowedLocations\": {\n", " \"value\": [ \"West Europe\" ]\n", " }\n", "}\n")),
})
if err != nil {
return err
}
return nil
})
}
```
func GetAssignment ¶
func GetAssignment(ctx *pulumi.Context, name string, id pulumi.IDInput, state *AssignmentState, opts ...pulumi.ResourceOption) (*Assignment, error)
GetAssignment gets an existing Assignment resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewAssignment ¶
func NewAssignment(ctx *pulumi.Context, name string, args *AssignmentArgs, opts ...pulumi.ResourceOption) (*Assignment, error)
NewAssignment registers a new resource with the given unique name, arguments, and options.
type AssignmentArgs ¶
type AssignmentArgs struct {
// A description to use for this Policy Assignment. Changing this forces a new resource to be created.
Description pulumi.StringPtrInput
// A friendly display name to use for this Policy Assignment. Changing this forces a new resource to be created.
DisplayName pulumi.StringPtrInput
// Can be set to 'true' or 'false' to control whether the assignment is enforced (true) or not (false). Default is 'true'.
EnforcementMode pulumi.BoolPtrInput
// An `identity` block.
Identity AssignmentIdentityPtrInput
// The Azure location where this policy assignment should exist. This is required when an Identity is assigned. Changing this forces a new resource to be created.
Location pulumi.StringPtrInput
// The metadata for the policy assignment. This is a JSON string representing additional metadata that should be stored with the policy assignment.
Metadata pulumi.StringPtrInput
// The name of the Policy Assignment. Changing this forces a new resource to be created.
Name pulumi.StringPtrInput
// A list of the Policy Assignment's excluded scopes. The list must contain Resource IDs (such as Subscriptions e.g. `/subscriptions/00000000-0000-0000-000000000000` or Resource Groups e.g.`/subscriptions/00000000-0000-0000-000000000000/resourceGroups/myResourceGroup`).
NotScopes pulumi.StringArrayInput
// Parameters for the policy definition. This field is a JSON string that maps to the Parameters field from the Policy Definition. Changing this forces a new resource to be created.
Parameters pulumi.StringPtrInput
// The ID of the Policy Definition to be applied at the specified Scope.
PolicyDefinitionId pulumi.StringInput
// The Scope at which the Policy Assignment should be applied, which must be a Resource ID (such as Subscription e.g. `/subscriptions/00000000-0000-0000-000000000000` or a Resource Group e.g.`/subscriptions/00000000-0000-0000-000000000000/resourceGroups/myResourceGroup`). Changing this forces a new resource to be created.
Scope pulumi.StringInput
}
The set of arguments for constructing a Assignment resource.
func (AssignmentArgs) ElementType ¶
func (AssignmentArgs) ElementType() reflect.Type
type AssignmentIdentity ¶
type AssignmentIdentity struct {
// The Principal ID of this Policy Assignment if `type` is `SystemAssigned`.
PrincipalId *string `pulumi:"principalId"`
// The Tenant ID of this Policy Assignment if `type` is `SystemAssigned`.
TenantId *string `pulumi:"tenantId"`
// The Managed Service Identity Type of this Policy Assignment. Possible values are `SystemAssigned` (where Azure will generate a Service Principal for you), or `None` (no use of a Managed Service Identity).
Type *string `pulumi:"type"`
}
type AssignmentIdentityArgs ¶
type AssignmentIdentityArgs struct {
// The Principal ID of this Policy Assignment if `type` is `SystemAssigned`.
PrincipalId pulumi.StringPtrInput `pulumi:"principalId"`
// The Tenant ID of this Policy Assignment if `type` is `SystemAssigned`.
TenantId pulumi.StringPtrInput `pulumi:"tenantId"`
// The Managed Service Identity Type of this Policy Assignment. Possible values are `SystemAssigned` (where Azure will generate a Service Principal for you), or `None` (no use of a Managed Service Identity).
Type pulumi.StringPtrInput `pulumi:"type"`
}
func (AssignmentIdentityArgs) ElementType ¶
func (AssignmentIdentityArgs) ElementType() reflect.Type
func (AssignmentIdentityArgs) ToAssignmentIdentityOutput ¶
func (i AssignmentIdentityArgs) ToAssignmentIdentityOutput() AssignmentIdentityOutput
func (AssignmentIdentityArgs) ToAssignmentIdentityOutputWithContext ¶
func (i AssignmentIdentityArgs) ToAssignmentIdentityOutputWithContext(ctx context.Context) AssignmentIdentityOutput
func (AssignmentIdentityArgs) ToAssignmentIdentityPtrOutput ¶
func (i AssignmentIdentityArgs) ToAssignmentIdentityPtrOutput() AssignmentIdentityPtrOutput
func (AssignmentIdentityArgs) ToAssignmentIdentityPtrOutputWithContext ¶
func (i AssignmentIdentityArgs) ToAssignmentIdentityPtrOutputWithContext(ctx context.Context) AssignmentIdentityPtrOutput
type AssignmentIdentityInput ¶
type AssignmentIdentityInput interface {
pulumi.Input
ToAssignmentIdentityOutput() AssignmentIdentityOutput
ToAssignmentIdentityOutputWithContext(context.Context) AssignmentIdentityOutput
}
AssignmentIdentityInput is an input type that accepts AssignmentIdentityArgs and AssignmentIdentityOutput values. You can construct a concrete instance of `AssignmentIdentityInput` via:
AssignmentIdentityArgs{...}
type AssignmentIdentityOutput ¶
type AssignmentIdentityOutput struct{ *pulumi.OutputState }
func (AssignmentIdentityOutput) ElementType ¶
func (AssignmentIdentityOutput) ElementType() reflect.Type
func (AssignmentIdentityOutput) PrincipalId ¶
func (o AssignmentIdentityOutput) PrincipalId() pulumi.StringPtrOutput
The Principal ID of this Policy Assignment if `type` is `SystemAssigned`.
func (AssignmentIdentityOutput) TenantId ¶
func (o AssignmentIdentityOutput) TenantId() pulumi.StringPtrOutput
The Tenant ID of this Policy Assignment if `type` is `SystemAssigned`.
func (AssignmentIdentityOutput) ToAssignmentIdentityOutput ¶
func (o AssignmentIdentityOutput) ToAssignmentIdentityOutput() AssignmentIdentityOutput
func (AssignmentIdentityOutput) ToAssignmentIdentityOutputWithContext ¶
func (o AssignmentIdentityOutput) ToAssignmentIdentityOutputWithContext(ctx context.Context) AssignmentIdentityOutput
func (AssignmentIdentityOutput) ToAssignmentIdentityPtrOutput ¶
func (o AssignmentIdentityOutput) ToAssignmentIdentityPtrOutput() AssignmentIdentityPtrOutput
func (AssignmentIdentityOutput) ToAssignmentIdentityPtrOutputWithContext ¶
func (o AssignmentIdentityOutput) ToAssignmentIdentityPtrOutputWithContext(ctx context.Context) AssignmentIdentityPtrOutput
func (AssignmentIdentityOutput) Type ¶
func (o AssignmentIdentityOutput) Type() pulumi.StringPtrOutput
The Managed Service Identity Type of this Policy Assignment. Possible values are `SystemAssigned` (where Azure will generate a Service Principal for you), or `None` (no use of a Managed Service Identity).
type AssignmentIdentityPtrInput ¶
type AssignmentIdentityPtrInput interface {
pulumi.Input
ToAssignmentIdentityPtrOutput() AssignmentIdentityPtrOutput
ToAssignmentIdentityPtrOutputWithContext(context.Context) AssignmentIdentityPtrOutput
}
AssignmentIdentityPtrInput is an input type that accepts AssignmentIdentityArgs, AssignmentIdentityPtr and AssignmentIdentityPtrOutput values. You can construct a concrete instance of `AssignmentIdentityPtrInput` via:
AssignmentIdentityArgs{...}
or:
nil
func AssignmentIdentityPtr ¶
func AssignmentIdentityPtr(v *AssignmentIdentityArgs) AssignmentIdentityPtrInput
type AssignmentIdentityPtrOutput ¶
type AssignmentIdentityPtrOutput struct{ *pulumi.OutputState }
func (AssignmentIdentityPtrOutput) Elem ¶
func (o AssignmentIdentityPtrOutput) Elem() AssignmentIdentityOutput
func (AssignmentIdentityPtrOutput) ElementType ¶
func (AssignmentIdentityPtrOutput) ElementType() reflect.Type
func (AssignmentIdentityPtrOutput) PrincipalId ¶
func (o AssignmentIdentityPtrOutput) PrincipalId() pulumi.StringPtrOutput
The Principal ID of this Policy Assignment if `type` is `SystemAssigned`.
func (AssignmentIdentityPtrOutput) TenantId ¶
func (o AssignmentIdentityPtrOutput) TenantId() pulumi.StringPtrOutput
The Tenant ID of this Policy Assignment if `type` is `SystemAssigned`.
func (AssignmentIdentityPtrOutput) ToAssignmentIdentityPtrOutput ¶
func (o AssignmentIdentityPtrOutput) ToAssignmentIdentityPtrOutput() AssignmentIdentityPtrOutput
func (AssignmentIdentityPtrOutput) ToAssignmentIdentityPtrOutputWithContext ¶
func (o AssignmentIdentityPtrOutput) ToAssignmentIdentityPtrOutputWithContext(ctx context.Context) AssignmentIdentityPtrOutput
func (AssignmentIdentityPtrOutput) Type ¶
func (o AssignmentIdentityPtrOutput) Type() pulumi.StringPtrOutput
The Managed Service Identity Type of this Policy Assignment. Possible values are `SystemAssigned` (where Azure will generate a Service Principal for you), or `None` (no use of a Managed Service Identity).
type AssignmentState ¶
type AssignmentState struct {
// A description to use for this Policy Assignment. Changing this forces a new resource to be created.
Description pulumi.StringPtrInput
// A friendly display name to use for this Policy Assignment. Changing this forces a new resource to be created.
DisplayName pulumi.StringPtrInput
// Can be set to 'true' or 'false' to control whether the assignment is enforced (true) or not (false). Default is 'true'.
EnforcementMode pulumi.BoolPtrInput
// An `identity` block.
Identity AssignmentIdentityPtrInput
// The Azure location where this policy assignment should exist. This is required when an Identity is assigned. Changing this forces a new resource to be created.
Location pulumi.StringPtrInput
// The metadata for the policy assignment. This is a JSON string representing additional metadata that should be stored with the policy assignment.
Metadata pulumi.StringPtrInput
// The name of the Policy Assignment. Changing this forces a new resource to be created.
Name pulumi.StringPtrInput
// A list of the Policy Assignment's excluded scopes. The list must contain Resource IDs (such as Subscriptions e.g. `/subscriptions/00000000-0000-0000-000000000000` or Resource Groups e.g.`/subscriptions/00000000-0000-0000-000000000000/resourceGroups/myResourceGroup`).
NotScopes pulumi.StringArrayInput
// Parameters for the policy definition. This field is a JSON string that maps to the Parameters field from the Policy Definition. Changing this forces a new resource to be created.
Parameters pulumi.StringPtrInput
// The ID of the Policy Definition to be applied at the specified Scope.
PolicyDefinitionId pulumi.StringPtrInput
// The Scope at which the Policy Assignment should be applied, which must be a Resource ID (such as Subscription e.g. `/subscriptions/00000000-0000-0000-000000000000` or a Resource Group e.g.`/subscriptions/00000000-0000-0000-000000000000/resourceGroups/myResourceGroup`). Changing this forces a new resource to be created.
Scope pulumi.StringPtrInput
}
func (AssignmentState) ElementType ¶
func (AssignmentState) ElementType() reflect.Type
type Definition ¶
type Definition struct {
pulumi.CustomResourceState
// The description of the policy definition.
Description pulumi.StringPtrOutput `pulumi:"description"`
// The display name of the policy definition.
DisplayName pulumi.StringOutput `pulumi:"displayName"`
// The name of the Management Group where this policy should be defined. Changing this forces a new resource to be created.
//
// Deprecated: Deprecated in favour of `management_group_name`
ManagementGroupId pulumi.StringOutput `pulumi:"managementGroupId"`
// The name of the Management Group where this policy should be defined. Changing this forces a new resource to be created.
ManagementGroupName pulumi.StringOutput `pulumi:"managementGroupName"`
// The metadata for the policy definition. This
// is a JSON string representing additional metadata that should be stored
// with the policy definition.
Metadata pulumi.StringOutput `pulumi:"metadata"`
// The policy mode that allows you to specify which resource
// types will be evaluated. Possible values are `All`, `Indexed`, `Microsoft.ContainerService.Data`, `Microsoft.CustomerLockbox.Data`, `Microsoft.DataCatalog.Data`, `Microsoft.KeyVault.Data`, `Microsoft.Kubernetes.Data`, `Microsoft.MachineLearningServices.Data`, `Microsoft.Network.Data` and `Microsoft.Synapse.Data`.
Mode pulumi.StringOutput `pulumi:"mode"`
// The name of the policy definition. Changing this forces a
// new resource to be created.
Name pulumi.StringOutput `pulumi:"name"`
// Parameters for the policy definition. This field
// is a JSON string that allows you to parameterize your policy definition.
Parameters pulumi.StringPtrOutput `pulumi:"parameters"`
// The policy rule for the policy definition. This
// is a JSON string representing the rule that contains an if and
// a then block.
PolicyRule pulumi.StringPtrOutput `pulumi:"policyRule"`
// The policy type. Possible values are `BuiltIn`, `Custom` and `NotSpecified`. Changing this forces a new resource to be created.
PolicyType pulumi.StringOutput `pulumi:"policyType"`
}
Manages a policy rule definition on a management group or your provider subscription.
Policy definitions do not take effect until they are assigned to a scope using a Policy Assignment.
## Example Usage
```go package main
import (
"fmt" "github.com/pulumi/pulumi-azure/sdk/v3/go/azure/policy" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := policy.NewDefinition(ctx, "policy", &policy.DefinitionArgs{
DisplayName: pulumi.String("acceptance test policy definition"),
Metadata: pulumi.String(fmt.Sprintf("%v%v%v%v%v", " {\n", " \"category\": \"General\"\n", " }\n", "\n", "\n")),
Mode: pulumi.String("Indexed"),
Parameters: pulumi.String(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v", " {\n", " \"allowedLocations\": {\n", " \"type\": \"Array\",\n", " \"metadata\": {\n", " \"description\": \"The list of allowed locations for resources.\",\n", " \"displayName\": \"Allowed locations\",\n", " \"strongType\": \"location\"\n", " }\n", " }\n", " }\n", "\n")),
PolicyRule: pulumi.String(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v%v", " {\n", " \"if\": {\n", " \"not\": {\n", " \"field\": \"location\",\n", " \"in\": \"[parameters('allowedLocations')]\"\n", " }\n", " },\n", " \"then\": {\n", " \"effect\": \"audit\"\n", " }\n", " }\n", "\n")),
PolicyType: pulumi.String("Custom"),
})
if err != nil {
return err
}
return nil
})
}
```
func GetDefinition ¶
func GetDefinition(ctx *pulumi.Context, name string, id pulumi.IDInput, state *DefinitionState, opts ...pulumi.ResourceOption) (*Definition, error)
GetDefinition gets an existing Definition resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewDefinition ¶
func NewDefinition(ctx *pulumi.Context, name string, args *DefinitionArgs, opts ...pulumi.ResourceOption) (*Definition, error)
NewDefinition registers a new resource with the given unique name, arguments, and options.
type DefinitionArgs ¶
type DefinitionArgs struct {
// The description of the policy definition.
Description pulumi.StringPtrInput
// The display name of the policy definition.
DisplayName pulumi.StringInput
// The name of the Management Group where this policy should be defined. Changing this forces a new resource to be created.
//
// Deprecated: Deprecated in favour of `management_group_name`
ManagementGroupId pulumi.StringPtrInput
// The name of the Management Group where this policy should be defined. Changing this forces a new resource to be created.
ManagementGroupName pulumi.StringPtrInput
// The metadata for the policy definition. This
// is a JSON string representing additional metadata that should be stored
// with the policy definition.
Metadata pulumi.StringPtrInput
// The policy mode that allows you to specify which resource
// types will be evaluated. Possible values are `All`, `Indexed`, `Microsoft.ContainerService.Data`, `Microsoft.CustomerLockbox.Data`, `Microsoft.DataCatalog.Data`, `Microsoft.KeyVault.Data`, `Microsoft.Kubernetes.Data`, `Microsoft.MachineLearningServices.Data`, `Microsoft.Network.Data` and `Microsoft.Synapse.Data`.
Mode pulumi.StringInput
// The name of the policy definition. Changing this forces a
// new resource to be created.
Name pulumi.StringPtrInput
// Parameters for the policy definition. This field
// is a JSON string that allows you to parameterize your policy definition.
Parameters pulumi.StringPtrInput
// The policy rule for the policy definition. This
// is a JSON string representing the rule that contains an if and
// a then block.
PolicyRule pulumi.StringPtrInput
// The policy type. Possible values are `BuiltIn`, `Custom` and `NotSpecified`. Changing this forces a new resource to be created.
PolicyType pulumi.StringInput
}
The set of arguments for constructing a Definition resource.
func (DefinitionArgs) ElementType ¶
func (DefinitionArgs) ElementType() reflect.Type
type DefinitionState ¶
type DefinitionState struct {
// The description of the policy definition.
Description pulumi.StringPtrInput
// The display name of the policy definition.
DisplayName pulumi.StringPtrInput
// The name of the Management Group where this policy should be defined. Changing this forces a new resource to be created.
//
// Deprecated: Deprecated in favour of `management_group_name`
ManagementGroupId pulumi.StringPtrInput
// The name of the Management Group where this policy should be defined. Changing this forces a new resource to be created.
ManagementGroupName pulumi.StringPtrInput
// The metadata for the policy definition. This
// is a JSON string representing additional metadata that should be stored
// with the policy definition.
Metadata pulumi.StringPtrInput
// The policy mode that allows you to specify which resource
// types will be evaluated. Possible values are `All`, `Indexed`, `Microsoft.ContainerService.Data`, `Microsoft.CustomerLockbox.Data`, `Microsoft.DataCatalog.Data`, `Microsoft.KeyVault.Data`, `Microsoft.Kubernetes.Data`, `Microsoft.MachineLearningServices.Data`, `Microsoft.Network.Data` and `Microsoft.Synapse.Data`.
Mode pulumi.StringPtrInput
// The name of the policy definition. Changing this forces a
// new resource to be created.
Name pulumi.StringPtrInput
// Parameters for the policy definition. This field
// is a JSON string that allows you to parameterize your policy definition.
Parameters pulumi.StringPtrInput
// The policy rule for the policy definition. This
// is a JSON string representing the rule that contains an if and
// a then block.
PolicyRule pulumi.StringPtrInput
// The policy type. Possible values are `BuiltIn`, `Custom` and `NotSpecified`. Changing this forces a new resource to be created.
PolicyType pulumi.StringPtrInput
}
func (DefinitionState) ElementType ¶
func (DefinitionState) ElementType() reflect.Type
type GetPolicyDefintionArgs ¶
type GetPolicyDefintionArgs struct {
// Specifies the display name of the Policy Definition. Conflicts with `name`.
DisplayName *string `pulumi:"displayName"`
// Deprecated: Deprecated in favour of `management_group_name`
ManagementGroupId *string `pulumi:"managementGroupId"`
// Only retrieve Policy Definitions from this Management Group.
ManagementGroupName *string `pulumi:"managementGroupName"`
// Specifies the name of the Policy Definition. Conflicts with `displayName`.
Name *string `pulumi:"name"`
}
A collection of arguments for invoking getPolicyDefintion.
type GetPolicyDefintionResult ¶
type GetPolicyDefintionResult struct {
// The Description of the Policy.
Description string `pulumi:"description"`
DisplayName string `pulumi:"displayName"`
// The provider-assigned unique ID for this managed resource.
Id string `pulumi:"id"`
// Deprecated: Deprecated in favour of `management_group_name`
ManagementGroupId *string `pulumi:"managementGroupId"`
ManagementGroupName *string `pulumi:"managementGroupName"`
// Any Metadata defined in the Policy.
Metadata string `pulumi:"metadata"`
Name string `pulumi:"name"`
// Any Parameters defined in the Policy.
Parameters string `pulumi:"parameters"`
// The Rule as defined (in JSON) in the Policy.
PolicyRule string `pulumi:"policyRule"`
// The Type of the Policy. Possible values are "BuiltIn", "Custom" and "NotSpecified".
PolicyType string `pulumi:"policyType"`
// The Type of Policy.
Type string `pulumi:"type"`
}
A collection of values returned by getPolicyDefintion.
func GetPolicyDefintion ¶
func GetPolicyDefintion(ctx *pulumi.Context, args *GetPolicyDefintionArgs, opts ...pulumi.InvokeOption) (*GetPolicyDefintionResult, error)
Use this data source to access information about a Policy Definition, both custom and built in. Retrieves Policy Definitions from your current subscription by default.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-azure/sdk/v3/go/azure/policy" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
opt0 := "Allowed resource types"
example, err := policy.GetPolicyDefintion(ctx, &policy.GetPolicyDefintionArgs{
DisplayName: &opt0,
}, nil)
if err != nil {
return err
}
ctx.Export("id", example.Id)
return nil
})
}
```
type GetPolicySetDefinitionPolicyDefinitionReference ¶ added in v3.13.0
type GetPolicySetDefinitionPolicyDefinitionReference struct {
// The parameter values for the referenced policy rule. This field is a json object.
ParameterValues string `pulumi:"parameterValues"`
// The mapping of the parameter values for the referenced policy rule. The keys are the parameter names.
Parameters map[string]string `pulumi:"parameters"`
// The ID of the policy definition or policy set definition that is included in this policy set definition.
PolicyDefinitionId string `pulumi:"policyDefinitionId"`
// The unique ID within this policy set definition for this policy definition reference.
ReferenceId string `pulumi:"referenceId"`
}
type GetPolicySetDefinitionPolicyDefinitionReferenceArgs ¶ added in v3.13.0
type GetPolicySetDefinitionPolicyDefinitionReferenceArgs struct {
// The parameter values for the referenced policy rule. This field is a json object.
ParameterValues pulumi.StringInput `pulumi:"parameterValues"`
// The mapping of the parameter values for the referenced policy rule. The keys are the parameter names.
Parameters pulumi.StringMapInput `pulumi:"parameters"`
// The ID of the policy definition or policy set definition that is included in this policy set definition.
PolicyDefinitionId pulumi.StringInput `pulumi:"policyDefinitionId"`
// The unique ID within this policy set definition for this policy definition reference.
ReferenceId pulumi.StringInput `pulumi:"referenceId"`
}
func (GetPolicySetDefinitionPolicyDefinitionReferenceArgs) ElementType ¶ added in v3.13.0
func (GetPolicySetDefinitionPolicyDefinitionReferenceArgs) ElementType() reflect.Type
func (GetPolicySetDefinitionPolicyDefinitionReferenceArgs) ToGetPolicySetDefinitionPolicyDefinitionReferenceOutput ¶ added in v3.13.0
func (i GetPolicySetDefinitionPolicyDefinitionReferenceArgs) ToGetPolicySetDefinitionPolicyDefinitionReferenceOutput() GetPolicySetDefinitionPolicyDefinitionReferenceOutput
func (GetPolicySetDefinitionPolicyDefinitionReferenceArgs) ToGetPolicySetDefinitionPolicyDefinitionReferenceOutputWithContext ¶ added in v3.13.0
func (i GetPolicySetDefinitionPolicyDefinitionReferenceArgs) ToGetPolicySetDefinitionPolicyDefinitionReferenceOutputWithContext(ctx context.Context) GetPolicySetDefinitionPolicyDefinitionReferenceOutput
type GetPolicySetDefinitionPolicyDefinitionReferenceArray ¶ added in v3.13.0
type GetPolicySetDefinitionPolicyDefinitionReferenceArray []GetPolicySetDefinitionPolicyDefinitionReferenceInput
func (GetPolicySetDefinitionPolicyDefinitionReferenceArray) ElementType ¶ added in v3.13.0
func (GetPolicySetDefinitionPolicyDefinitionReferenceArray) ElementType() reflect.Type
func (GetPolicySetDefinitionPolicyDefinitionReferenceArray) ToGetPolicySetDefinitionPolicyDefinitionReferenceArrayOutput ¶ added in v3.13.0
func (i GetPolicySetDefinitionPolicyDefinitionReferenceArray) ToGetPolicySetDefinitionPolicyDefinitionReferenceArrayOutput() GetPolicySetDefinitionPolicyDefinitionReferenceArrayOutput
func (GetPolicySetDefinitionPolicyDefinitionReferenceArray) ToGetPolicySetDefinitionPolicyDefinitionReferenceArrayOutputWithContext ¶ added in v3.13.0
func (i GetPolicySetDefinitionPolicyDefinitionReferenceArray) ToGetPolicySetDefinitionPolicyDefinitionReferenceArrayOutputWithContext(ctx context.Context) GetPolicySetDefinitionPolicyDefinitionReferenceArrayOutput
type GetPolicySetDefinitionPolicyDefinitionReferenceArrayInput ¶ added in v3.13.0
type GetPolicySetDefinitionPolicyDefinitionReferenceArrayInput interface {
pulumi.Input
ToGetPolicySetDefinitionPolicyDefinitionReferenceArrayOutput() GetPolicySetDefinitionPolicyDefinitionReferenceArrayOutput
ToGetPolicySetDefinitionPolicyDefinitionReferenceArrayOutputWithContext(context.Context) GetPolicySetDefinitionPolicyDefinitionReferenceArrayOutput
}
GetPolicySetDefinitionPolicyDefinitionReferenceArrayInput is an input type that accepts GetPolicySetDefinitionPolicyDefinitionReferenceArray and GetPolicySetDefinitionPolicyDefinitionReferenceArrayOutput values. You can construct a concrete instance of `GetPolicySetDefinitionPolicyDefinitionReferenceArrayInput` via:
GetPolicySetDefinitionPolicyDefinitionReferenceArray{ GetPolicySetDefinitionPolicyDefinitionReferenceArgs{...} }
type GetPolicySetDefinitionPolicyDefinitionReferenceArrayOutput ¶ added in v3.13.0
type GetPolicySetDefinitionPolicyDefinitionReferenceArrayOutput struct{ *pulumi.OutputState }
func (GetPolicySetDefinitionPolicyDefinitionReferenceArrayOutput) ElementType ¶ added in v3.13.0
func (GetPolicySetDefinitionPolicyDefinitionReferenceArrayOutput) ElementType() reflect.Type
func (GetPolicySetDefinitionPolicyDefinitionReferenceArrayOutput) ToGetPolicySetDefinitionPolicyDefinitionReferenceArrayOutput ¶ added in v3.13.0
func (o GetPolicySetDefinitionPolicyDefinitionReferenceArrayOutput) ToGetPolicySetDefinitionPolicyDefinitionReferenceArrayOutput() GetPolicySetDefinitionPolicyDefinitionReferenceArrayOutput
func (GetPolicySetDefinitionPolicyDefinitionReferenceArrayOutput) ToGetPolicySetDefinitionPolicyDefinitionReferenceArrayOutputWithContext ¶ added in v3.13.0
func (o GetPolicySetDefinitionPolicyDefinitionReferenceArrayOutput) ToGetPolicySetDefinitionPolicyDefinitionReferenceArrayOutputWithContext(ctx context.Context) GetPolicySetDefinitionPolicyDefinitionReferenceArrayOutput
type GetPolicySetDefinitionPolicyDefinitionReferenceInput ¶ added in v3.13.0
type GetPolicySetDefinitionPolicyDefinitionReferenceInput interface {
pulumi.Input
ToGetPolicySetDefinitionPolicyDefinitionReferenceOutput() GetPolicySetDefinitionPolicyDefinitionReferenceOutput
ToGetPolicySetDefinitionPolicyDefinitionReferenceOutputWithContext(context.Context) GetPolicySetDefinitionPolicyDefinitionReferenceOutput
}
GetPolicySetDefinitionPolicyDefinitionReferenceInput is an input type that accepts GetPolicySetDefinitionPolicyDefinitionReferenceArgs and GetPolicySetDefinitionPolicyDefinitionReferenceOutput values. You can construct a concrete instance of `GetPolicySetDefinitionPolicyDefinitionReferenceInput` via:
GetPolicySetDefinitionPolicyDefinitionReferenceArgs{...}
type GetPolicySetDefinitionPolicyDefinitionReferenceOutput ¶ added in v3.13.0
type GetPolicySetDefinitionPolicyDefinitionReferenceOutput struct{ *pulumi.OutputState }
func (GetPolicySetDefinitionPolicyDefinitionReferenceOutput) ElementType ¶ added in v3.13.0
func (GetPolicySetDefinitionPolicyDefinitionReferenceOutput) ElementType() reflect.Type
func (GetPolicySetDefinitionPolicyDefinitionReferenceOutput) ParameterValues ¶ added in v3.23.0
func (o GetPolicySetDefinitionPolicyDefinitionReferenceOutput) ParameterValues() pulumi.StringOutput
The parameter values for the referenced policy rule. This field is a json object.
func (GetPolicySetDefinitionPolicyDefinitionReferenceOutput) Parameters ¶ added in v3.13.0
func (o GetPolicySetDefinitionPolicyDefinitionReferenceOutput) Parameters() pulumi.StringMapOutput
The mapping of the parameter values for the referenced policy rule. The keys are the parameter names.
func (GetPolicySetDefinitionPolicyDefinitionReferenceOutput) PolicyDefinitionId ¶ added in v3.13.0
func (o GetPolicySetDefinitionPolicyDefinitionReferenceOutput) PolicyDefinitionId() pulumi.StringOutput
The ID of the policy definition or policy set definition that is included in this policy set definition.
func (GetPolicySetDefinitionPolicyDefinitionReferenceOutput) ReferenceId ¶ added in v3.13.0
func (o GetPolicySetDefinitionPolicyDefinitionReferenceOutput) ReferenceId() pulumi.StringOutput
The unique ID within this policy set definition for this policy definition reference.
func (GetPolicySetDefinitionPolicyDefinitionReferenceOutput) ToGetPolicySetDefinitionPolicyDefinitionReferenceOutput ¶ added in v3.13.0
func (o GetPolicySetDefinitionPolicyDefinitionReferenceOutput) ToGetPolicySetDefinitionPolicyDefinitionReferenceOutput() GetPolicySetDefinitionPolicyDefinitionReferenceOutput
func (GetPolicySetDefinitionPolicyDefinitionReferenceOutput) ToGetPolicySetDefinitionPolicyDefinitionReferenceOutputWithContext ¶ added in v3.13.0
func (o GetPolicySetDefinitionPolicyDefinitionReferenceOutput) ToGetPolicySetDefinitionPolicyDefinitionReferenceOutputWithContext(ctx context.Context) GetPolicySetDefinitionPolicyDefinitionReferenceOutput
type LookupPolicySetDefinitionArgs ¶ added in v3.1.0
type LookupPolicySetDefinitionArgs struct {
// Specifies the display name of the Policy Set Definition. Conflicts with `name`.
DisplayName *string `pulumi:"displayName"`
// Only retrieve Policy Set Definitions from this Management Group.
ManagementGroupName *string `pulumi:"managementGroupName"`
// Specifies the name of the Policy Set Definition. Conflicts with `displayName`.
Name *string `pulumi:"name"`
}
A collection of arguments for invoking getPolicySetDefinition.
type LookupPolicySetDefinitionResult ¶ added in v3.1.0
type LookupPolicySetDefinitionResult struct {
// The Description of the Policy Set Definition.
Description string `pulumi:"description"`
DisplayName string `pulumi:"displayName"`
// The provider-assigned unique ID for this managed resource.
Id string `pulumi:"id"`
ManagementGroupName *string `pulumi:"managementGroupName"`
// Any Metadata defined in the Policy Set Definition.
Metadata string `pulumi:"metadata"`
Name string `pulumi:"name"`
// The mapping of the parameter values for the referenced policy rule. The keys are the parameter names.
Parameters string `pulumi:"parameters"`
// One or more `policyDefinitionReference` blocks as defined below.
PolicyDefinitionReferences []GetPolicySetDefinitionPolicyDefinitionReference `pulumi:"policyDefinitionReferences"`
// The policy definitions contained within the policy set definition.
PolicyDefinitions string `pulumi:"policyDefinitions"`
// The Type of the Policy Set Definition.
PolicyType string `pulumi:"policyType"`
}
A collection of values returned by getPolicySetDefinition.
func LookupPolicySetDefinition ¶ added in v3.1.0
func LookupPolicySetDefinition(ctx *pulumi.Context, args *LookupPolicySetDefinitionArgs, opts ...pulumi.InvokeOption) (*LookupPolicySetDefinitionResult, error)
Use this data source to access information about an existing Policy Set Definition.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-azure/sdk/v3/go/azure/policy" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
opt0 := "Policy Set Definition Example"
example, err := policy.LookupPolicySetDefinition(ctx, &policy.LookupPolicySetDefinitionArgs{
DisplayName: &opt0,
}, nil)
if err != nil {
return err
}
ctx.Export("id", example.Id)
return nil
})
}
```
type PolicySetDefinition ¶
type PolicySetDefinition struct {
pulumi.CustomResourceState
// The description of the policy set definition.
Description pulumi.StringPtrOutput `pulumi:"description"`
// The display name of the policy set definition.
DisplayName pulumi.StringOutput `pulumi:"displayName"`
// The name of the Management Group where this policy set definition should be defined. Changing this forces a new resource to be created.
//
// Deprecated: Deprecated in favour of `management_group_name`
ManagementGroupId pulumi.StringOutput `pulumi:"managementGroupId"`
// The name of the Management Group where this policy set definition should be defined. Changing this forces a new resource to be created.
ManagementGroupName pulumi.StringOutput `pulumi:"managementGroupName"`
// The metadata for the policy set definition. This is a json object representing additional metadata that should be stored with the policy definition.
Metadata pulumi.StringOutput `pulumi:"metadata"`
// The name of the policy set definition. Changing this forces a new resource to be created.
Name pulumi.StringOutput `pulumi:"name"`
// Parameters for the policy set definition. This field is a json object that allows you to parameterize your policy definition.
Parameters pulumi.StringPtrOutput `pulumi:"parameters"`
// One or more `policyDefinitionReference` blocks as defined below.
PolicyDefinitionReferences PolicySetDefinitionPolicyDefinitionReferenceArrayOutput `pulumi:"policyDefinitionReferences"`
// The policy definitions for the policy set definition. This is a json object representing the bundled policy definitions.
//
// Deprecated: Deprecated in favor of `policy_definition_reference`
PolicyDefinitions pulumi.StringOutput `pulumi:"policyDefinitions"`
// The policy set type. Possible values are `BuiltIn` or `Custom`. Changing this forces a new resource to be created.
PolicyType pulumi.StringOutput `pulumi:"policyType"`
}
Manages a policy set definition.
> **NOTE:** Policy set definitions (also known as policy initiatives) do not take effect until they are assigned to a scope using a Policy Set Assignment.
## Example Usage
```go package main
import (
"fmt" "github.com/pulumi/pulumi-azure/sdk/v3/go/azure/policy" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := policy.NewPolicySetDefinition(ctx, "example", &policy.PolicySetDefinitionArgs{
DisplayName: pulumi.String("Test Policy Set"),
Parameters: pulumi.String(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v", " {\n", " \"allowedLocations\": {\n", " \"type\": \"Array\",\n", " \"metadata\": {\n", " \"description\": \"The list of allowed locations for resources.\",\n", " \"displayName\": \"Allowed locations\",\n", " \"strongType\": \"location\"\n", " }\n", " }\n", " }\n", "\n")),
PolicyDefinitionReferences: policy.PolicySetDefinitionPolicyDefinitionReferenceArray{
&policy.PolicySetDefinitionPolicyDefinitionReferenceArgs{
ParameterValues: pulumi.String(fmt.Sprintf("%v%v%v%v", " {\n", " \"listOfAllowedLocations\": {\"value\": \"[parameters('allowedLocations')]\"}\n", " }\n", " \n")),
PolicyDefinitionId: pulumi.String("/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988"),
},
},
PolicyType: pulumi.String("Custom"),
})
if err != nil {
return err
}
return nil
})
}
```
func GetPolicySetDefinition ¶
func GetPolicySetDefinition(ctx *pulumi.Context, name string, id pulumi.IDInput, state *PolicySetDefinitionState, opts ...pulumi.ResourceOption) (*PolicySetDefinition, error)
GetPolicySetDefinition gets an existing PolicySetDefinition resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewPolicySetDefinition ¶
func NewPolicySetDefinition(ctx *pulumi.Context, name string, args *PolicySetDefinitionArgs, opts ...pulumi.ResourceOption) (*PolicySetDefinition, error)
NewPolicySetDefinition registers a new resource with the given unique name, arguments, and options.
type PolicySetDefinitionArgs ¶
type PolicySetDefinitionArgs struct {
// The description of the policy set definition.
Description pulumi.StringPtrInput
// The display name of the policy set definition.
DisplayName pulumi.StringInput
// The name of the Management Group where this policy set definition should be defined. Changing this forces a new resource to be created.
//
// Deprecated: Deprecated in favour of `management_group_name`
ManagementGroupId pulumi.StringPtrInput
// The name of the Management Group where this policy set definition should be defined. Changing this forces a new resource to be created.
ManagementGroupName pulumi.StringPtrInput
// The metadata for the policy set definition. This is a json object representing additional metadata that should be stored with the policy definition.
Metadata pulumi.StringPtrInput
// The name of the policy set definition. Changing this forces a new resource to be created.
Name pulumi.StringPtrInput
// Parameters for the policy set definition. This field is a json object that allows you to parameterize your policy definition.
Parameters pulumi.StringPtrInput
// One or more `policyDefinitionReference` blocks as defined below.
PolicyDefinitionReferences PolicySetDefinitionPolicyDefinitionReferenceArrayInput
// The policy definitions for the policy set definition. This is a json object representing the bundled policy definitions.
//
// Deprecated: Deprecated in favor of `policy_definition_reference`
PolicyDefinitions pulumi.StringPtrInput
// The policy set type. Possible values are `BuiltIn` or `Custom`. Changing this forces a new resource to be created.
PolicyType pulumi.StringInput
}
The set of arguments for constructing a PolicySetDefinition resource.
func (PolicySetDefinitionArgs) ElementType ¶
func (PolicySetDefinitionArgs) ElementType() reflect.Type
type PolicySetDefinitionPolicyDefinitionReference ¶ added in v3.13.0
type PolicySetDefinitionPolicyDefinitionReference struct {
// Parameter values for the referenced policy rule. This field is a JSON string that allows you to assign parameters to this policy rule.
ParameterValues *string `pulumi:"parameterValues"`
// Parameters for the policy set definition. This field is a json object that allows you to parameterize your policy definition.
//
// Deprecated: Deprecated in favour of `parameter_values`
Parameters map[string]string `pulumi:"parameters"`
// The ID of the policy definition or policy set definition that will be included in this policy set definition.
PolicyDefinitionId string `pulumi:"policyDefinitionId"`
// A unique ID within this policy set definition for this policy definition reference.
ReferenceId *string `pulumi:"referenceId"`
}
type PolicySetDefinitionPolicyDefinitionReferenceArgs ¶ added in v3.13.0
type PolicySetDefinitionPolicyDefinitionReferenceArgs struct {
// Parameter values for the referenced policy rule. This field is a JSON string that allows you to assign parameters to this policy rule.
ParameterValues pulumi.StringPtrInput `pulumi:"parameterValues"`
// Parameters for the policy set definition. This field is a json object that allows you to parameterize your policy definition.
//
// Deprecated: Deprecated in favour of `parameter_values`
Parameters pulumi.StringMapInput `pulumi:"parameters"`
// The ID of the policy definition or policy set definition that will be included in this policy set definition.
PolicyDefinitionId pulumi.StringInput `pulumi:"policyDefinitionId"`
// A unique ID within this policy set definition for this policy definition reference.
ReferenceId pulumi.StringPtrInput `pulumi:"referenceId"`
}
func (PolicySetDefinitionPolicyDefinitionReferenceArgs) ElementType ¶ added in v3.13.0
func (PolicySetDefinitionPolicyDefinitionReferenceArgs) ElementType() reflect.Type
func (PolicySetDefinitionPolicyDefinitionReferenceArgs) ToPolicySetDefinitionPolicyDefinitionReferenceOutput ¶ added in v3.13.0
func (i PolicySetDefinitionPolicyDefinitionReferenceArgs) ToPolicySetDefinitionPolicyDefinitionReferenceOutput() PolicySetDefinitionPolicyDefinitionReferenceOutput
func (PolicySetDefinitionPolicyDefinitionReferenceArgs) ToPolicySetDefinitionPolicyDefinitionReferenceOutputWithContext ¶ added in v3.13.0
func (i PolicySetDefinitionPolicyDefinitionReferenceArgs) ToPolicySetDefinitionPolicyDefinitionReferenceOutputWithContext(ctx context.Context) PolicySetDefinitionPolicyDefinitionReferenceOutput
type PolicySetDefinitionPolicyDefinitionReferenceArray ¶ added in v3.13.0
type PolicySetDefinitionPolicyDefinitionReferenceArray []PolicySetDefinitionPolicyDefinitionReferenceInput
func (PolicySetDefinitionPolicyDefinitionReferenceArray) ElementType ¶ added in v3.13.0
func (PolicySetDefinitionPolicyDefinitionReferenceArray) ElementType() reflect.Type
func (PolicySetDefinitionPolicyDefinitionReferenceArray) ToPolicySetDefinitionPolicyDefinitionReferenceArrayOutput ¶ added in v3.13.0
func (i PolicySetDefinitionPolicyDefinitionReferenceArray) ToPolicySetDefinitionPolicyDefinitionReferenceArrayOutput() PolicySetDefinitionPolicyDefinitionReferenceArrayOutput
func (PolicySetDefinitionPolicyDefinitionReferenceArray) ToPolicySetDefinitionPolicyDefinitionReferenceArrayOutputWithContext ¶ added in v3.13.0
func (i PolicySetDefinitionPolicyDefinitionReferenceArray) ToPolicySetDefinitionPolicyDefinitionReferenceArrayOutputWithContext(ctx context.Context) PolicySetDefinitionPolicyDefinitionReferenceArrayOutput
type PolicySetDefinitionPolicyDefinitionReferenceArrayInput ¶ added in v3.13.0
type PolicySetDefinitionPolicyDefinitionReferenceArrayInput interface {
pulumi.Input
ToPolicySetDefinitionPolicyDefinitionReferenceArrayOutput() PolicySetDefinitionPolicyDefinitionReferenceArrayOutput
ToPolicySetDefinitionPolicyDefinitionReferenceArrayOutputWithContext(context.Context) PolicySetDefinitionPolicyDefinitionReferenceArrayOutput
}
PolicySetDefinitionPolicyDefinitionReferenceArrayInput is an input type that accepts PolicySetDefinitionPolicyDefinitionReferenceArray and PolicySetDefinitionPolicyDefinitionReferenceArrayOutput values. You can construct a concrete instance of `PolicySetDefinitionPolicyDefinitionReferenceArrayInput` via:
PolicySetDefinitionPolicyDefinitionReferenceArray{ PolicySetDefinitionPolicyDefinitionReferenceArgs{...} }
type PolicySetDefinitionPolicyDefinitionReferenceArrayOutput ¶ added in v3.13.0
type PolicySetDefinitionPolicyDefinitionReferenceArrayOutput struct{ *pulumi.OutputState }
func (PolicySetDefinitionPolicyDefinitionReferenceArrayOutput) ElementType ¶ added in v3.13.0
func (PolicySetDefinitionPolicyDefinitionReferenceArrayOutput) ElementType() reflect.Type
func (PolicySetDefinitionPolicyDefinitionReferenceArrayOutput) ToPolicySetDefinitionPolicyDefinitionReferenceArrayOutput ¶ added in v3.13.0
func (o PolicySetDefinitionPolicyDefinitionReferenceArrayOutput) ToPolicySetDefinitionPolicyDefinitionReferenceArrayOutput() PolicySetDefinitionPolicyDefinitionReferenceArrayOutput
func (PolicySetDefinitionPolicyDefinitionReferenceArrayOutput) ToPolicySetDefinitionPolicyDefinitionReferenceArrayOutputWithContext ¶ added in v3.13.0
func (o PolicySetDefinitionPolicyDefinitionReferenceArrayOutput) ToPolicySetDefinitionPolicyDefinitionReferenceArrayOutputWithContext(ctx context.Context) PolicySetDefinitionPolicyDefinitionReferenceArrayOutput
type PolicySetDefinitionPolicyDefinitionReferenceInput ¶ added in v3.13.0
type PolicySetDefinitionPolicyDefinitionReferenceInput interface {
pulumi.Input
ToPolicySetDefinitionPolicyDefinitionReferenceOutput() PolicySetDefinitionPolicyDefinitionReferenceOutput
ToPolicySetDefinitionPolicyDefinitionReferenceOutputWithContext(context.Context) PolicySetDefinitionPolicyDefinitionReferenceOutput
}
PolicySetDefinitionPolicyDefinitionReferenceInput is an input type that accepts PolicySetDefinitionPolicyDefinitionReferenceArgs and PolicySetDefinitionPolicyDefinitionReferenceOutput values. You can construct a concrete instance of `PolicySetDefinitionPolicyDefinitionReferenceInput` via:
PolicySetDefinitionPolicyDefinitionReferenceArgs{...}
type PolicySetDefinitionPolicyDefinitionReferenceOutput ¶ added in v3.13.0
type PolicySetDefinitionPolicyDefinitionReferenceOutput struct{ *pulumi.OutputState }
func (PolicySetDefinitionPolicyDefinitionReferenceOutput) ElementType ¶ added in v3.13.0
func (PolicySetDefinitionPolicyDefinitionReferenceOutput) ElementType() reflect.Type
func (PolicySetDefinitionPolicyDefinitionReferenceOutput) ParameterValues ¶ added in v3.23.0
func (o PolicySetDefinitionPolicyDefinitionReferenceOutput) ParameterValues() pulumi.StringPtrOutput
Parameter values for the referenced policy rule. This field is a JSON string that allows you to assign parameters to this policy rule.
func (PolicySetDefinitionPolicyDefinitionReferenceOutput) Parameters
deprecated
added in
v3.13.0
func (o PolicySetDefinitionPolicyDefinitionReferenceOutput) Parameters() pulumi.StringMapOutput
Parameters for the policy set definition. This field is a json object that allows you to parameterize your policy definition.
Deprecated: Deprecated in favour of `parameter_values`
func (PolicySetDefinitionPolicyDefinitionReferenceOutput) PolicyDefinitionId ¶ added in v3.13.0
func (o PolicySetDefinitionPolicyDefinitionReferenceOutput) PolicyDefinitionId() pulumi.StringOutput
The ID of the policy definition or policy set definition that will be included in this policy set definition.
func (PolicySetDefinitionPolicyDefinitionReferenceOutput) ReferenceId ¶ added in v3.13.0
func (o PolicySetDefinitionPolicyDefinitionReferenceOutput) ReferenceId() pulumi.StringPtrOutput
A unique ID within this policy set definition for this policy definition reference.
func (PolicySetDefinitionPolicyDefinitionReferenceOutput) ToPolicySetDefinitionPolicyDefinitionReferenceOutput ¶ added in v3.13.0
func (o PolicySetDefinitionPolicyDefinitionReferenceOutput) ToPolicySetDefinitionPolicyDefinitionReferenceOutput() PolicySetDefinitionPolicyDefinitionReferenceOutput
func (PolicySetDefinitionPolicyDefinitionReferenceOutput) ToPolicySetDefinitionPolicyDefinitionReferenceOutputWithContext ¶ added in v3.13.0
func (o PolicySetDefinitionPolicyDefinitionReferenceOutput) ToPolicySetDefinitionPolicyDefinitionReferenceOutputWithContext(ctx context.Context) PolicySetDefinitionPolicyDefinitionReferenceOutput
type PolicySetDefinitionState ¶
type PolicySetDefinitionState struct {
// The description of the policy set definition.
Description pulumi.StringPtrInput
// The display name of the policy set definition.
DisplayName pulumi.StringPtrInput
// The name of the Management Group where this policy set definition should be defined. Changing this forces a new resource to be created.
//
// Deprecated: Deprecated in favour of `management_group_name`
ManagementGroupId pulumi.StringPtrInput
// The name of the Management Group where this policy set definition should be defined. Changing this forces a new resource to be created.
ManagementGroupName pulumi.StringPtrInput
// The metadata for the policy set definition. This is a json object representing additional metadata that should be stored with the policy definition.
Metadata pulumi.StringPtrInput
// The name of the policy set definition. Changing this forces a new resource to be created.
Name pulumi.StringPtrInput
// Parameters for the policy set definition. This field is a json object that allows you to parameterize your policy definition.
Parameters pulumi.StringPtrInput
// One or more `policyDefinitionReference` blocks as defined below.
PolicyDefinitionReferences PolicySetDefinitionPolicyDefinitionReferenceArrayInput
// The policy definitions for the policy set definition. This is a json object representing the bundled policy definitions.
//
// Deprecated: Deprecated in favor of `policy_definition_reference`
PolicyDefinitions pulumi.StringPtrInput
// The policy set type. Possible values are `BuiltIn` or `Custom`. Changing this forces a new resource to be created.
PolicyType pulumi.StringPtrInput
}
func (PolicySetDefinitionState) ElementType ¶
func (PolicySetDefinitionState) ElementType() reflect.Type
type Remediation ¶
type Remediation struct {
pulumi.CustomResourceState
// A list of the resource locations that will be remediated.
LocationFilters pulumi.StringArrayOutput `pulumi:"locationFilters"`
// The name of the Policy Remediation. Changing this forces a new resource to be created.
Name pulumi.StringOutput `pulumi:"name"`
// The ID of the Policy Assignment that should be remediated.
PolicyAssignmentId pulumi.StringOutput `pulumi:"policyAssignmentId"`
// The unique ID for the policy definition within the policy set definition that should be remediated. Required when the policy assignment being remediated assigns a policy set definition.
PolicyDefinitionReferenceId pulumi.StringPtrOutput `pulumi:"policyDefinitionReferenceId"`
// The Scope at which the Policy Remediation should be applied. Changing this forces a new resource to be created. A scope must be a Resource ID out of one of the following list:
Scope pulumi.StringOutput `pulumi:"scope"`
}
Manages an Azure Policy Remediation at the specified Scope.
## Example Usage
```go package main
import (
"fmt" "github.com/pulumi/pulumi-azure/sdk/v3/go/azure/core" "github.com/pulumi/pulumi-azure/sdk/v3/go/azure/policy" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
Location: pulumi.String("West Europe"),
})
if err != nil {
return err
}
exampleDefinition, err := policy.NewDefinition(ctx, "exampleDefinition", &policy.DefinitionArgs{
PolicyType: pulumi.String("Custom"),
Mode: pulumi.String("All"),
DisplayName: pulumi.String("my-policy-definition"),
PolicyRule: pulumi.String(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v", " {\n", " \"if\": {\n", " \"not\": {\n", " \"field\": \"location\",\n", " \"in\": \"[parameters('allowedLocations')]\"\n", " }\n", " },\n", " \"then\": {\n", " \"effect\": \"audit\"\n", " }\n", " }\n")),
Parameters: pulumi.String(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v", " {\n", " \"allowedLocations\": {\n", " \"type\": \"Array\",\n", " \"metadata\": {\n", " \"description\": \"The list of allowed locations for resources.\",\n", " \"displayName\": \"Allowed locations\",\n", " \"strongType\": \"location\"\n", " }\n", " }\n", " }\n")),
})
if err != nil {
return err
}
exampleAssignment, err := policy.NewAssignment(ctx, "exampleAssignment", &policy.AssignmentArgs{
Scope: exampleResourceGroup.ID(),
PolicyDefinitionId: exampleDefinition.ID(),
Description: pulumi.String("Policy Assignment created via an Acceptance Test"),
DisplayName: pulumi.String("My Example Policy Assignment"),
Parameters: pulumi.String(fmt.Sprintf("%v%v%v%v%v", "{\n", " \"allowedLocations\": {\n", " \"value\": [ \"West Europe\" ]\n", " }\n", "}\n")),
})
if err != nil {
return err
}
_, err = policy.NewRemediation(ctx, "exampleRemediation", &policy.RemediationArgs{
Scope: exampleAssignment.Scope,
PolicyAssignmentId: exampleAssignment.ID(),
LocationFilters: pulumi.StringArray{
pulumi.String("West Europe"),
},
})
if err != nil {
return err
}
return nil
})
}
```
func GetRemediation ¶
func GetRemediation(ctx *pulumi.Context, name string, id pulumi.IDInput, state *RemediationState, opts ...pulumi.ResourceOption) (*Remediation, error)
GetRemediation gets an existing Remediation resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewRemediation ¶
func NewRemediation(ctx *pulumi.Context, name string, args *RemediationArgs, opts ...pulumi.ResourceOption) (*Remediation, error)
NewRemediation registers a new resource with the given unique name, arguments, and options.
type RemediationArgs ¶
type RemediationArgs struct {
// A list of the resource locations that will be remediated.
LocationFilters pulumi.StringArrayInput
// The name of the Policy Remediation. Changing this forces a new resource to be created.
Name pulumi.StringPtrInput
// The ID of the Policy Assignment that should be remediated.
PolicyAssignmentId pulumi.StringInput
// The unique ID for the policy definition within the policy set definition that should be remediated. Required when the policy assignment being remediated assigns a policy set definition.
PolicyDefinitionReferenceId pulumi.StringPtrInput
// The Scope at which the Policy Remediation should be applied. Changing this forces a new resource to be created. A scope must be a Resource ID out of one of the following list:
Scope pulumi.StringInput
}
The set of arguments for constructing a Remediation resource.
func (RemediationArgs) ElementType ¶
func (RemediationArgs) ElementType() reflect.Type
type RemediationState ¶
type RemediationState struct {
// A list of the resource locations that will be remediated.
LocationFilters pulumi.StringArrayInput
// The name of the Policy Remediation. Changing this forces a new resource to be created.
Name pulumi.StringPtrInput
// The ID of the Policy Assignment that should be remediated.
PolicyAssignmentId pulumi.StringPtrInput
// The unique ID for the policy definition within the policy set definition that should be remediated. Required when the policy assignment being remediated assigns a policy set definition.
PolicyDefinitionReferenceId pulumi.StringPtrInput
// The Scope at which the Policy Remediation should be applied. Changing this forces a new resource to be created. A scope must be a Resource ID out of one of the following list:
Scope pulumi.StringPtrInput
}
func (RemediationState) ElementType ¶
func (RemediationState) ElementType() reflect.Type
Source Files
Click to show internal directories.
Click to hide internal directories.