policy

class pulumi_azure.policy.Assignment(resource_name, opts=None, description=None, display_name=None, identity=None, location=None, name=None, not_scopes=None, parameters=None, policy_definition_id=None, scope=None, __name__=None, __opts__=None)

Configures the specified Policy Definition at the specified Scope. Also, Policy Set Definitions are supported.

Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • description (pulumi.Input[str]) – A description to use for this Policy Assignment. Changing this forces a new resource to be created.
  • display_name (pulumi.Input[str]) – A friendly display name to use for this Policy Assignment. Changing this forces a new resource to be created.
  • identity (pulumi.Input[dict]) – An identity block.
  • location (pulumi.Input[str]) – The Azure location where this policy assignment should exist. This is required when an Identity is assigned. Changing this forces a new resource to be created.
  • name (pulumi.Input[str]) – The name of the Policy Assignment. Changing this forces a new resource to be created.
  • not_scopes (pulumi.Input[list]) – A list of the Policy Assignment’s excluded scopes. The list must contain Resource IDs (such as Subscriptions e.g. /subscriptions/00000000-0000-0000-000000000000 or Resource Groups e.g./subscriptions/00000000-0000-0000-000000000000/resourceGroups/myResourceGroup).
  • parameters (pulumi.Input[str]) – Parameters for the policy definition. This field is a JSON object that maps to the Parameters field from the Policy Definition. Changing this forces a new resource to be created.
  • policy_definition_id (pulumi.Input[str]) – The ID of the Policy Definition to be applied at the specified Scope.
description = None

A description to use for this Policy Assignment. Changing this forces a new resource to be created.

display_name = None

A friendly display name to use for this Policy Assignment. Changing this forces a new resource to be created.

identity = None

An identity block.

location = None

The Azure location where this policy assignment should exist. This is required when an Identity is assigned. Changing this forces a new resource to be created.

name = None

The name of the Policy Assignment. Changing this forces a new resource to be created.

not_scopes = None

A list of the Policy Assignment’s excluded scopes. The list must contain Resource IDs (such as Subscriptions e.g. /subscriptions/00000000-0000-0000-000000000000 or Resource Groups e.g./subscriptions/00000000-0000-0000-000000000000/resourceGroups/myResourceGroup).

parameters = None

Parameters for the policy definition. This field is a JSON object that maps to the Parameters field from the Policy Definition. Changing this forces a new resource to be created.

policy_definition_id = None

The ID of the Policy Definition to be applied at the specified Scope.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
class pulumi_azure.policy.Definition(resource_name, opts=None, description=None, display_name=None, management_group_id=None, metadata=None, mode=None, name=None, parameters=None, policy_rule=None, policy_type=None, __name__=None, __opts__=None)

Manages a policy rule definition on a management group or your provider subscription.

Policy definitions do not take effect until they are assigned to a scope using a Policy Assignment.

Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • description (pulumi.Input[str]) – The description of the policy definition.
  • display_name (pulumi.Input[str]) – The display name of the policy definition.
  • management_group_id (pulumi.Input[str]) – The ID of the Management Group where this policy should be defined. Changing this forces a new resource to be created.
  • metadata (pulumi.Input[str]) – The metadata for the policy definition. This is a json object representing additional metadata that should be stored with the policy definition.
  • mode (pulumi.Input[str]) – The policy mode that allows you to specify which resource types will be evaluated. The value can be “All”, “Indexed” or “NotSpecified”. Changing this resource forces a new resource to be created.
  • name (pulumi.Input[str]) – The name of the policy definition. Changing this forces a new resource to be created.
  • parameters (pulumi.Input[str]) – Parameters for the policy definition. This field is a json object that allows you to parameterize your policy definition.
  • policy_rule (pulumi.Input[str]) – The policy rule for the policy definition. This is a json object representing the rule that contains an if and a then block.
  • policy_type (pulumi.Input[str]) – The policy type. The value can be “BuiltIn”, “Custom” or “NotSpecified”. Changing this forces a new resource to be created.
description = None

The description of the policy definition.

display_name = None

The display name of the policy definition.

management_group_id = None

The ID of the Management Group where this policy should be defined. Changing this forces a new resource to be created.

metadata = None

The metadata for the policy definition. This is a json object representing additional metadata that should be stored with the policy definition.

mode = None

The policy mode that allows you to specify which resource types will be evaluated. The value can be “All”, “Indexed” or “NotSpecified”. Changing this resource forces a new resource to be created.

name = None

The name of the policy definition. Changing this forces a new resource to be created.

parameters = None

Parameters for the policy definition. This field is a json object that allows you to parameterize your policy definition.

policy_rule = None

The policy rule for the policy definition. This is a json object representing the rule that contains an if and a then block.

policy_type = None

The policy type. The value can be “BuiltIn”, “Custom” or “NotSpecified”. Changing this forces a new resource to be created.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
class pulumi_azure.policy.GetPolicyDefintionResult(description=None, metadata=None, name=None, parameters=None, policy_rule=None, policy_type=None, type=None, id=None)

A collection of values returned by getPolicyDefintion.

description = None

The Description of the Policy.

metadata = None

Any Metadata defined in the Policy.

name = None

The Name of the Policy Definition.

parameters = None

Any Parameters defined in the Policy.

policy_rule = None

The Rule as defined (in JSON) in the Policy.

policy_type = None

The Type of the Policy, such as Microsoft.Authorization/policyDefinitions.

type = None

The Type of Policy.

id = None

id is the provider-assigned unique ID for this managed resource.

class pulumi_azure.policy.PolicySetDefinition(resource_name, opts=None, description=None, display_name=None, management_group_id=None, metadata=None, name=None, parameters=None, policy_definitions=None, policy_type=None, __name__=None, __opts__=None)

Manages a policy set definition.

NOTE: Policy set definitions (also known as policy initiatives) do not take effect until they are assigned to a scope using a Policy Set Assignment.
Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • description (pulumi.Input[str]) – The description of the policy set definition.
  • display_name (pulumi.Input[str]) – The display name of the policy set definition.
  • management_group_id (pulumi.Input[str]) – The ID of the Management Group where this policy should be defined. Changing this forces a new resource to be created.
  • metadata (pulumi.Input[str]) – The metadata for the policy set definition. This is a json object representing additional metadata that should be stored with the policy definition.
  • name (pulumi.Input[str]) – The name of the policy set definition. Changing this forces a new resource to be created.
  • parameters (pulumi.Input[str]) – Parameters for the policy set definition. This field is a json object that allows you to parameterize your policy definition.
  • policy_definitions (pulumi.Input[str]) – The policy definitions for the policy set definition. This is a json object representing the bundled policy definitions .
  • policy_type (pulumi.Input[str]) – The policy set type. Possible values are BuiltIn or Custom. Changing this forces a new resource to be created.
description = None

The description of the policy set definition.

display_name = None

The display name of the policy set definition.

management_group_id = None

The ID of the Management Group where this policy should be defined. Changing this forces a new resource to be created.

metadata = None

The metadata for the policy set definition. This is a json object representing additional metadata that should be stored with the policy definition.

name = None

The name of the policy set definition. Changing this forces a new resource to be created.

parameters = None

Parameters for the policy set definition. This field is a json object that allows you to parameterize your policy definition.

policy_definitions = None

The policy definitions for the policy set definition. This is a json object representing the bundled policy definitions .

policy_type = None

The policy set type. Possible values are BuiltIn or Custom. Changing this forces a new resource to be created.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
pulumi_azure.policy.get_policy_defintion(display_name=None, management_group_id=None, opts=None)

Use this data source to access information about a Policy Definition, both custom and built in. Retrieves Policy Definitions from your current subscription by default.