azure-native.authorization.PolicyDefinition
Explore with Pulumi AI
The policy definition. API Version: 2020-09-01.
Example Usage
Create or update a policy definition
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var policyDefinition = new AzureNative.Authorization.PolicyDefinition("policyDefinition", new()
{
Description = "Force resource names to begin with given 'prefix' and/or end with given 'suffix'",
DisplayName = "Enforce resource naming convention",
Metadata =
{
{ "category", "Naming" },
},
Mode = "All",
Parameters =
{
{ "prefix", new AzureNative.Authorization.Inputs.ParameterDefinitionsValueArgs
{
Metadata = new AzureNative.Authorization.Inputs.ParameterDefinitionsValueMetadataArgs
{
Description = "Resource name prefix",
DisplayName = "Prefix",
},
Type = "String",
} },
{ "suffix", new AzureNative.Authorization.Inputs.ParameterDefinitionsValueArgs
{
Metadata = new AzureNative.Authorization.Inputs.ParameterDefinitionsValueMetadataArgs
{
Description = "Resource name suffix",
DisplayName = "Suffix",
},
Type = "String",
} },
},
PolicyDefinitionName = "ResourceNaming",
PolicyRule =
{
{ "if",
{
{ "not",
{
{ "field", "name" },
{ "like", "[concat(parameters('prefix'), '*', parameters('suffix'))]" },
} },
} },
{ "then",
{
{ "effect", "deny" },
} },
},
});
});
package main
import (
authorization "github.com/pulumi/pulumi-azure-native-sdk/authorization"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := authorization.NewPolicyDefinition(ctx, "policyDefinition", &authorization.PolicyDefinitionArgs{
Description: pulumi.String("Force resource names to begin with given 'prefix' and/or end with given 'suffix'"),
DisplayName: pulumi.String("Enforce resource naming convention"),
Metadata: pulumi.Any{
Category: "Naming",
},
Mode: pulumi.String("All"),
Parameters: authorization.ParameterDefinitionsValueMap{
"prefix": &authorization.ParameterDefinitionsValueArgs{
Metadata: &authorization.ParameterDefinitionsValueMetadataArgs{
Description: pulumi.String("Resource name prefix"),
DisplayName: pulumi.String("Prefix"),
},
Type: pulumi.String("String"),
},
"suffix": &authorization.ParameterDefinitionsValueArgs{
Metadata: &authorization.ParameterDefinitionsValueMetadataArgs{
Description: pulumi.String("Resource name suffix"),
DisplayName: pulumi.String("Suffix"),
},
Type: pulumi.String("String"),
},
},
PolicyDefinitionName: pulumi.String("ResourceNaming"),
PolicyRule: pulumi.Any{
If: map[string]interface{}{
"not": map[string]interface{}{
"field": "name",
"like": "[concat(parameters('prefix'), '*', parameters('suffix'))]",
},
},
Then: map[string]interface{}{
"effect": "deny",
},
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.authorization.PolicyDefinition;
import com.pulumi.azurenative.authorization.PolicyDefinitionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var policyDefinition = new PolicyDefinition("policyDefinition", PolicyDefinitionArgs.builder()
.description("Force resource names to begin with given 'prefix' and/or end with given 'suffix'")
.displayName("Enforce resource naming convention")
.metadata(Map.of("category", "Naming"))
.mode("All")
.parameters(Map.ofEntries(
Map.entry("prefix", Map.ofEntries(
Map.entry("metadata", Map.ofEntries(
Map.entry("description", "Resource name prefix"),
Map.entry("displayName", "Prefix")
)),
Map.entry("type", "String")
)),
Map.entry("suffix", Map.ofEntries(
Map.entry("metadata", Map.ofEntries(
Map.entry("description", "Resource name suffix"),
Map.entry("displayName", "Suffix")
)),
Map.entry("type", "String")
))
))
.policyDefinitionName("ResourceNaming")
.policyRule(Map.ofEntries(
Map.entry("if", Map.of("not", Map.ofEntries(
Map.entry("field", "name"),
Map.entry("like", "[concat(parameters('prefix'), '*', parameters('suffix'))]")
))),
Map.entry("then", Map.of("effect", "deny"))
))
.build());
}
}
import pulumi
import pulumi_azure_native as azure_native
policy_definition = azure_native.authorization.PolicyDefinition("policyDefinition",
description="Force resource names to begin with given 'prefix' and/or end with given 'suffix'",
display_name="Enforce resource naming convention",
metadata={
"category": "Naming",
},
mode="All",
parameters={
"prefix": azure_native.authorization.ParameterDefinitionsValueArgs(
metadata=azure_native.authorization.ParameterDefinitionsValueMetadataArgs(
description="Resource name prefix",
display_name="Prefix",
),
type="String",
),
"suffix": azure_native.authorization.ParameterDefinitionsValueArgs(
metadata=azure_native.authorization.ParameterDefinitionsValueMetadataArgs(
description="Resource name suffix",
display_name="Suffix",
),
type="String",
),
},
policy_definition_name="ResourceNaming",
policy_rule={
"if": {
"not": {
"field": "name",
"like": "[concat(parameters('prefix'), '*', parameters('suffix'))]",
},
},
"then": {
"effect": "deny",
},
})
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const policyDefinition = new azure_native.authorization.PolicyDefinition("policyDefinition", {
description: "Force resource names to begin with given 'prefix' and/or end with given 'suffix'",
displayName: "Enforce resource naming convention",
metadata: {
category: "Naming",
},
mode: "All",
parameters: {
prefix: {
metadata: {
description: "Resource name prefix",
displayName: "Prefix",
},
type: "String",
},
suffix: {
metadata: {
description: "Resource name suffix",
displayName: "Suffix",
},
type: "String",
},
},
policyDefinitionName: "ResourceNaming",
policyRule: {
"if": {
not: {
field: "name",
like: "[concat(parameters('prefix'), '*', parameters('suffix'))]",
},
},
then: {
effect: "deny",
},
},
});
resources:
policyDefinition:
type: azure-native:authorization:PolicyDefinition
properties:
description: Force resource names to begin with given 'prefix' and/or end with given 'suffix'
displayName: Enforce resource naming convention
metadata:
category: Naming
mode: All
parameters:
prefix:
metadata:
description: Resource name prefix
displayName: Prefix
type: String
suffix:
metadata:
description: Resource name suffix
displayName: Suffix
type: String
policyDefinitionName: ResourceNaming
policyRule:
if:
not:
field: name
like: '[concat(parameters(''prefix''), ''*'', parameters(''suffix''))]'
then:
effect: deny
Create or update a policy definition with advanced parameters
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var policyDefinition = new AzureNative.Authorization.PolicyDefinition("policyDefinition", new()
{
Description = "Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised",
DisplayName = "Event Hubs should have diagnostic logging enabled",
Metadata =
{
{ "category", "Event Hub" },
},
Mode = "Indexed",
Parameters =
{
{ "requiredRetentionDays", new AzureNative.Authorization.Inputs.ParameterDefinitionsValueArgs
{
AllowedValues = new[]
{
0,
30,
90,
180,
365,
},
DefaultValue = 365,
Metadata = new AzureNative.Authorization.Inputs.ParameterDefinitionsValueMetadataArgs
{
Description = "The required diagnostic logs retention in days",
DisplayName = "Required retention (days)",
},
Type = "Integer",
} },
},
PolicyDefinitionName = "EventHubDiagnosticLogs",
PolicyRule =
{
{ "if",
{
{ "equals", "Microsoft.EventHub/namespaces" },
{ "field", "type" },
} },
{ "then",
{
{ "details",
{
{ "existenceCondition",
{
{ "allOf", new[]
{
{
{ "equals", "true" },
{ "field", "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled" },
},
{
{ "equals", "[parameters('requiredRetentionDays')]" },
{ "field", "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days" },
},
} },
} },
{ "type", "Microsoft.Insights/diagnosticSettings" },
} },
{ "effect", "AuditIfNotExists" },
} },
},
});
});
package main
import (
authorization "github.com/pulumi/pulumi-azure-native-sdk/authorization"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := authorization.NewPolicyDefinition(ctx, "policyDefinition", &authorization.PolicyDefinitionArgs{
Description: pulumi.String("Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised"),
DisplayName: pulumi.String("Event Hubs should have diagnostic logging enabled"),
Metadata: pulumi.Any{
Category: "Event Hub",
},
Mode: pulumi.String("Indexed"),
Parameters: authorization.ParameterDefinitionsValueMap{
"requiredRetentionDays": &authorization.ParameterDefinitionsValueArgs{
AllowedValues: pulumi.AnyArray{
pulumi.Any(0),
pulumi.Any(30),
pulumi.Any(90),
pulumi.Any(180),
pulumi.Any(365),
},
DefaultValue: pulumi.Any(365),
Metadata: &authorization.ParameterDefinitionsValueMetadataArgs{
Description: pulumi.String("The required diagnostic logs retention in days"),
DisplayName: pulumi.String("Required retention (days)"),
},
Type: pulumi.String("Integer"),
},
},
PolicyDefinitionName: pulumi.String("EventHubDiagnosticLogs"),
PolicyRule: pulumi.Any{
If: map[string]interface{}{
"equals": "Microsoft.EventHub/namespaces",
"field": "type",
},
Then: map[string]interface{}{
"details": map[string]interface{}{
"existenceCondition": map[string]interface{}{
"allOf": []map[string]interface{}{
map[string]interface{}{
"equals": "true",
"field": "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled",
},
map[string]interface{}{
"equals": "[parameters('requiredRetentionDays')]",
"field": "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days",
},
},
},
"type": "Microsoft.Insights/diagnosticSettings",
},
"effect": "AuditIfNotExists",
},
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.authorization.PolicyDefinition;
import com.pulumi.azurenative.authorization.PolicyDefinitionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var policyDefinition = new PolicyDefinition("policyDefinition", PolicyDefinitionArgs.builder()
.description("Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised")
.displayName("Event Hubs should have diagnostic logging enabled")
.metadata(Map.of("category", "Event Hub"))
.mode("Indexed")
.parameters(Map.of("requiredRetentionDays", Map.ofEntries(
Map.entry("allowedValues",
0,
30,
90,
180,
365),
Map.entry("defaultValue", 365),
Map.entry("metadata", Map.ofEntries(
Map.entry("description", "The required diagnostic logs retention in days"),
Map.entry("displayName", "Required retention (days)")
)),
Map.entry("type", "Integer")
)))
.policyDefinitionName("EventHubDiagnosticLogs")
.policyRule(Map.ofEntries(
Map.entry("if", Map.ofEntries(
Map.entry("equals", "Microsoft.EventHub/namespaces"),
Map.entry("field", "type")
)),
Map.entry("then", Map.ofEntries(
Map.entry("details", Map.ofEntries(
Map.entry("existenceCondition", Map.of("allOf",
Map.ofEntries(
Map.entry("equals", "true"),
Map.entry("field", "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled")
),
Map.ofEntries(
Map.entry("equals", "[parameters('requiredRetentionDays')]"),
Map.entry("field", "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days")
))),
Map.entry("type", "Microsoft.Insights/diagnosticSettings")
)),
Map.entry("effect", "AuditIfNotExists")
))
))
.build());
}
}
import pulumi
import pulumi_azure_native as azure_native
policy_definition = azure_native.authorization.PolicyDefinition("policyDefinition",
description="Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised",
display_name="Event Hubs should have diagnostic logging enabled",
metadata={
"category": "Event Hub",
},
mode="Indexed",
parameters={
"requiredRetentionDays": azure_native.authorization.ParameterDefinitionsValueArgs(
allowed_values=[
0,
30,
90,
180,
365,
],
default_value=365,
metadata=azure_native.authorization.ParameterDefinitionsValueMetadataArgs(
description="The required diagnostic logs retention in days",
display_name="Required retention (days)",
),
type="Integer",
),
},
policy_definition_name="EventHubDiagnosticLogs",
policy_rule={
"if": {
"equals": "Microsoft.EventHub/namespaces",
"field": "type",
},
"then": {
"details": {
"existenceCondition": {
"allOf": [
{
"equals": "true",
"field": "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled",
},
{
"equals": "[parameters('requiredRetentionDays')]",
"field": "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days",
},
],
},
"type": "Microsoft.Insights/diagnosticSettings",
},
"effect": "AuditIfNotExists",
},
})
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const policyDefinition = new azure_native.authorization.PolicyDefinition("policyDefinition", {
description: "Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised",
displayName: "Event Hubs should have diagnostic logging enabled",
metadata: {
category: "Event Hub",
},
mode: "Indexed",
parameters: {
requiredRetentionDays: {
allowedValues: [
0,
30,
90,
180,
365,
],
defaultValue: 365,
metadata: {
description: "The required diagnostic logs retention in days",
displayName: "Required retention (days)",
},
type: "Integer",
},
},
policyDefinitionName: "EventHubDiagnosticLogs",
policyRule: {
"if": {
equals: "Microsoft.EventHub/namespaces",
field: "type",
},
then: {
details: {
existenceCondition: {
allOf: [
{
equals: "true",
field: "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled",
},
{
equals: "[parameters('requiredRetentionDays')]",
field: "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days",
},
],
},
type: "Microsoft.Insights/diagnosticSettings",
},
effect: "AuditIfNotExists",
},
},
});
resources:
policyDefinition:
type: azure-native:authorization:PolicyDefinition
properties:
description: Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised
displayName: Event Hubs should have diagnostic logging enabled
metadata:
category: Event Hub
mode: Indexed
parameters:
requiredRetentionDays:
allowedValues:
- 0
- 30
- 90
- 180
- 365
defaultValue: 365
metadata:
description: The required diagnostic logs retention in days
displayName: Required retention (days)
type: Integer
policyDefinitionName: EventHubDiagnosticLogs
policyRule:
if:
equals: Microsoft.EventHub/namespaces
field: type
then:
details:
existenceCondition:
allOf:
- equals: 'true'
field: Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled
- equals: '[parameters(''requiredRetentionDays'')]'
field: Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days
type: Microsoft.Insights/diagnosticSettings
effect: AuditIfNotExists
Create PolicyDefinition Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new PolicyDefinition(name: string, args?: PolicyDefinitionArgs, opts?: CustomResourceOptions);
@overload
def PolicyDefinition(resource_name: str,
args: Optional[PolicyDefinitionArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def PolicyDefinition(resource_name: str,
opts: Optional[ResourceOptions] = None,
description: Optional[str] = None,
display_name: Optional[str] = None,
metadata: Optional[Any] = None,
mode: Optional[str] = None,
parameters: Optional[Mapping[str, ParameterDefinitionsValueArgs]] = None,
policy_definition_name: Optional[str] = None,
policy_rule: Optional[Any] = None,
policy_type: Optional[Union[str, PolicyType]] = None)
func NewPolicyDefinition(ctx *Context, name string, args *PolicyDefinitionArgs, opts ...ResourceOption) (*PolicyDefinition, error)
public PolicyDefinition(string name, PolicyDefinitionArgs? args = null, CustomResourceOptions? opts = null)
public PolicyDefinition(String name, PolicyDefinitionArgs args)
public PolicyDefinition(String name, PolicyDefinitionArgs args, CustomResourceOptions options)
type: azure-native:authorization:PolicyDefinition
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args PolicyDefinitionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args PolicyDefinitionArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args PolicyDefinitionArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args PolicyDefinitionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args PolicyDefinitionArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var policyDefinitionResource = new AzureNative.Authorization.PolicyDefinition("policyDefinitionResource", new()
{
Description = "string",
DisplayName = "string",
Metadata = "any",
Mode = "string",
Parameters =
{
{ "string",
{
{ "allowedValues", new[]
{
"any",
} },
{ "defaultValue", "any" },
{ "metadata",
{
{ "assignPermissions", false },
{ "description", "string" },
{ "displayName", "string" },
{ "strongType", "string" },
} },
{ "type", "string" },
} },
},
PolicyDefinitionName = "string",
PolicyRule = "any",
PolicyType = "string",
});
example, err := authorization.NewPolicyDefinition(ctx, "policyDefinitionResource", &authorization.PolicyDefinitionArgs{
Description: "string",
DisplayName: "string",
Metadata: "any",
Mode: "string",
Parameters: map[string]interface{}{
"string": map[string]interface{}{
"allowedValues": []string{
"any",
},
"defaultValue": "any",
"metadata": map[string]interface{}{
"assignPermissions": false,
"description": "string",
"displayName": "string",
"strongType": "string",
},
"type": "string",
},
},
PolicyDefinitionName: "string",
PolicyRule: "any",
PolicyType: "string",
})
var policyDefinitionResource = new PolicyDefinition("policyDefinitionResource", PolicyDefinitionArgs.builder()
.description("string")
.displayName("string")
.metadata("any")
.mode("string")
.parameters(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
.policyDefinitionName("string")
.policyRule("any")
.policyType("string")
.build());
policy_definition_resource = azure_native.authorization.PolicyDefinition("policyDefinitionResource",
description=string,
display_name=string,
metadata=any,
mode=string,
parameters={
string: {
allowedValues: [any],
defaultValue: any,
metadata: {
assignPermissions: False,
description: string,
displayName: string,
strongType: string,
},
type: string,
},
},
policy_definition_name=string,
policy_rule=any,
policy_type=string)
const policyDefinitionResource = new azure_native.authorization.PolicyDefinition("policyDefinitionResource", {
description: "string",
displayName: "string",
metadata: "any",
mode: "string",
parameters: {
string: {
allowedValues: ["any"],
defaultValue: "any",
metadata: {
assignPermissions: false,
description: "string",
displayName: "string",
strongType: "string",
},
type: "string",
},
},
policyDefinitionName: "string",
policyRule: "any",
policyType: "string",
});
type: azure-native:authorization:PolicyDefinition
properties:
description: string
displayName: string
metadata: any
mode: string
parameters:
string:
allowedValues:
- any
defaultValue: any
metadata:
assignPermissions: false
description: string
displayName: string
strongType: string
type: string
policyDefinitionName: string
policyRule: any
policyType: string
PolicyDefinition Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The PolicyDefinition resource accepts the following input properties:
- Description string
- The policy definition description.
- Display
Name string - The display name of the policy definition.
- Metadata object
- The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs.
- Mode string
- The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data.
- Parameters
Dictionary<string, Pulumi.
Azure Native. Authorization. Inputs. Parameter Definitions Value Args> - The parameter definitions for parameters used in the policy rule. The keys are the parameter names.
- Policy
Definition stringName - The name of the policy definition to create.
- Policy
Rule object - The policy rule.
- Policy
Type string | Pulumi.Azure Native. Authorization. Policy Type - The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static.
- Description string
- The policy definition description.
- Display
Name string - The display name of the policy definition.
- Metadata interface{}
- The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs.
- Mode string
- The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data.
- Parameters
map[string]Parameter
Definitions Value Args - The parameter definitions for parameters used in the policy rule. The keys are the parameter names.
- Policy
Definition stringName - The name of the policy definition to create.
- Policy
Rule interface{} - The policy rule.
- Policy
Type string | PolicyType - The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static.
- description String
- The policy definition description.
- display
Name String - The display name of the policy definition.
- metadata Object
- The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs.
- mode String
- The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data.
- parameters
Map<String,Parameter
Definitions Value Args> - The parameter definitions for parameters used in the policy rule. The keys are the parameter names.
- policy
Definition StringName - The name of the policy definition to create.
- policy
Rule Object - The policy rule.
- policy
Type String | PolicyType - The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static.
- description string
- The policy definition description.
- display
Name string - The display name of the policy definition.
- metadata any
- The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs.
- mode string
- The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data.
- parameters
{[key: string]: Parameter
Definitions Value Args} - The parameter definitions for parameters used in the policy rule. The keys are the parameter names.
- policy
Definition stringName - The name of the policy definition to create.
- policy
Rule any - The policy rule.
- policy
Type string | PolicyType - The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static.
- description str
- The policy definition description.
- display_
name str - The display name of the policy definition.
- metadata Any
- The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs.
- mode str
- The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data.
- parameters
Mapping[str, Parameter
Definitions Value Args] - The parameter definitions for parameters used in the policy rule. The keys are the parameter names.
- policy_
definition_ strname - The name of the policy definition to create.
- policy_
rule Any - The policy rule.
- policy_
type str | PolicyType - The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static.
- description String
- The policy definition description.
- display
Name String - The display name of the policy definition.
- metadata Any
- The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs.
- mode String
- The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data.
- parameters Map<Property Map>
- The parameter definitions for parameters used in the policy rule. The keys are the parameter names.
- policy
Definition StringName - The name of the policy definition to create.
- policy
Rule Any - The policy rule.
- policy
Type String | "NotSpecified" | "Built In" | "Custom" | "Static" - The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static.
Outputs
All input properties are implicitly available as output properties. Additionally, the PolicyDefinition resource produces the following output properties:
Supporting Types
ParameterDefinitionsValue, ParameterDefinitionsValueArgs
- Allowed
Values List<object> - The allowed values for the parameter.
- Default
Value object - The default value for the parameter if no value is provided.
- Metadata
Pulumi.
Azure Native. Authorization. Inputs. Parameter Definitions Value Metadata - General metadata for the parameter.
- Type
string | Pulumi.
Azure Native. Authorization. Parameter Type - The data type of the parameter.
- Allowed
Values []interface{} - The allowed values for the parameter.
- Default
Value interface{} - The default value for the parameter if no value is provided.
- Metadata
Parameter
Definitions Value Metadata - General metadata for the parameter.
- Type
string | Parameter
Type - The data type of the parameter.
- allowed
Values List<Object> - The allowed values for the parameter.
- default
Value Object - The default value for the parameter if no value is provided.
- metadata
Parameter
Definitions Value Metadata - General metadata for the parameter.
- type
String | Parameter
Type - The data type of the parameter.
- allowed
Values any[] - The allowed values for the parameter.
- default
Value any - The default value for the parameter if no value is provided.
- metadata
Parameter
Definitions Value Metadata - General metadata for the parameter.
- type
string | Parameter
Type - The data type of the parameter.
- allowed_
values Sequence[Any] - The allowed values for the parameter.
- default_
value Any - The default value for the parameter if no value is provided.
- metadata
Parameter
Definitions Value Metadata - General metadata for the parameter.
- type
str | Parameter
Type - The data type of the parameter.
- allowed
Values List<Any> - The allowed values for the parameter.
- default
Value Any - The default value for the parameter if no value is provided.
- metadata Property Map
- General metadata for the parameter.
- type
String | "String" | "Array" | "Object" | "Boolean" | "Integer" | "Float" | "Date
Time" - The data type of the parameter.
ParameterDefinitionsValueMetadata, ParameterDefinitionsValueMetadataArgs
- Assign
Permissions bool - Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope.
- Description string
- The description of the parameter.
- Display
Name string - The display name for the parameter.
- Strong
Type string - Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from.
- Assign
Permissions bool - Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope.
- Description string
- The description of the parameter.
- Display
Name string - The display name for the parameter.
- Strong
Type string - Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from.
- assign
Permissions Boolean - Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope.
- description String
- The description of the parameter.
- display
Name String - The display name for the parameter.
- strong
Type String - Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from.
- assign
Permissions boolean - Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope.
- description string
- The description of the parameter.
- display
Name string - The display name for the parameter.
- strong
Type string - Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from.
- assign_
permissions bool - Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope.
- description str
- The description of the parameter.
- display_
name str - The display name for the parameter.
- strong_
type str - Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from.
- assign
Permissions Boolean - Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope.
- description String
- The description of the parameter.
- display
Name String - The display name for the parameter.
- strong
Type String - Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from.
ParameterDefinitionsValueResponse, ParameterDefinitionsValueResponseArgs
- Allowed
Values List<object> - The allowed values for the parameter.
- Default
Value object - The default value for the parameter if no value is provided.
- Metadata
Pulumi.
Azure Native. Authorization. Inputs. Parameter Definitions Value Response Metadata - General metadata for the parameter.
- Type string
- The data type of the parameter.
- Allowed
Values []interface{} - The allowed values for the parameter.
- Default
Value interface{} - The default value for the parameter if no value is provided.
- Metadata
Parameter
Definitions Value Response Metadata - General metadata for the parameter.
- Type string
- The data type of the parameter.
- allowed
Values List<Object> - The allowed values for the parameter.
- default
Value Object - The default value for the parameter if no value is provided.
- metadata
Parameter
Definitions Value Response Metadata - General metadata for the parameter.
- type String
- The data type of the parameter.
- allowed
Values any[] - The allowed values for the parameter.
- default
Value any - The default value for the parameter if no value is provided.
- metadata
Parameter
Definitions Value Response Metadata - General metadata for the parameter.
- type string
- The data type of the parameter.
- allowed_
values Sequence[Any] - The allowed values for the parameter.
- default_
value Any - The default value for the parameter if no value is provided.
- metadata
Parameter
Definitions Value Response Metadata - General metadata for the parameter.
- type str
- The data type of the parameter.
- allowed
Values List<Any> - The allowed values for the parameter.
- default
Value Any - The default value for the parameter if no value is provided.
- metadata Property Map
- General metadata for the parameter.
- type String
- The data type of the parameter.
ParameterDefinitionsValueResponseMetadata, ParameterDefinitionsValueResponseMetadataArgs
- Assign
Permissions bool - Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope.
- Description string
- The description of the parameter.
- Display
Name string - The display name for the parameter.
- Strong
Type string - Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from.
- Assign
Permissions bool - Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope.
- Description string
- The description of the parameter.
- Display
Name string - The display name for the parameter.
- Strong
Type string - Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from.
- assign
Permissions Boolean - Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope.
- description String
- The description of the parameter.
- display
Name String - The display name for the parameter.
- strong
Type String - Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from.
- assign
Permissions boolean - Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope.
- description string
- The description of the parameter.
- display
Name string - The display name for the parameter.
- strong
Type string - Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from.
- assign_
permissions bool - Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope.
- description str
- The description of the parameter.
- display_
name str - The display name for the parameter.
- strong_
type str - Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from.
- assign
Permissions Boolean - Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope.
- description String
- The description of the parameter.
- display
Name String - The display name for the parameter.
- strong
Type String - Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from.
ParameterType, ParameterTypeArgs
- String
- String
- Array
- Array
- Object
- Object
- Boolean
- Boolean
- Integer
- Integer
- Float
- Float
- Date
Time - DateTime
- Parameter
Type String - String
- Parameter
Type Array - Array
- Parameter
Type Object - Object
- Parameter
Type Boolean - Boolean
- Parameter
Type Integer - Integer
- Parameter
Type Float - Float
- Parameter
Type Date Time - DateTime
- String
- String
- Array
- Array
- Object
- Object
- Boolean
- Boolean
- Integer
- Integer
- Float
- Float
- Date
Time - DateTime
- String
- String
- Array
- Array
- Object
- Object
- Boolean
- Boolean
- Integer
- Integer
- Float
- Float
- Date
Time - DateTime
- STRING
- String
- ARRAY
- Array
- OBJECT
- Object
- BOOLEAN
- Boolean
- INTEGER
- Integer
- FLOAT
- Float
- DATE_TIME
- DateTime
- "String"
- String
- "Array"
- Array
- "Object"
- Object
- "Boolean"
- Boolean
- "Integer"
- Integer
- "Float"
- Float
- "Date
Time" - DateTime
PolicyType, PolicyTypeArgs
- Not
Specified - NotSpecified
- Built
In - BuiltIn
- Custom
- Custom
- Static
- Static
- Policy
Type Not Specified - NotSpecified
- Policy
Type Built In - BuiltIn
- Policy
Type Custom - Custom
- Policy
Type Static - Static
- Not
Specified - NotSpecified
- Built
In - BuiltIn
- Custom
- Custom
- Static
- Static
- Not
Specified - NotSpecified
- Built
In - BuiltIn
- Custom
- Custom
- Static
- Static
- NOT_SPECIFIED
- NotSpecified
- BUILT_IN
- BuiltIn
- CUSTOM
- Custom
- STATIC
- Static
- "Not
Specified" - NotSpecified
- "Built
In" - BuiltIn
- "Custom"
- Custom
- "Static"
- Static
Import
An existing resource can be imported using its type token, name, and identifier, e.g.
$ pulumi import azure-native:authorization:PolicyDefinition ResourceNaming /subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- azure-native-v1 pulumi/pulumi-azure-native
- License
- Apache-2.0