1. Packages
  2. Azure Native
  3. API Docs
  4. authorization
  5. PolicyAssignment
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.73.0 published on Wednesday, Nov 20, 2024 by Pulumi

azure-native.authorization.PolicyAssignment

Explore with Pulumi AI

azure-native logo
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.73.0 published on Wednesday, Nov 20, 2024 by Pulumi

    The policy assignment. Azure REST API version: 2022-06-01. Prior API version in Azure Native 1.x: 2020-09-01.

    Other available API versions: 2016-04-01, 2016-12-01, 2019-06-01, 2020-03-01, 2023-04-01, 2024-04-01, 2024-05-01.

    Example Usage

    Create or update a policy assignment

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureNative = Pulumi.AzureNative;
    
    return await Deployment.RunAsync(() => 
    {
        var policyAssignment = new AzureNative.Authorization.PolicyAssignment("policyAssignment", new()
        {
            Description = "Force resource names to begin with given DeptA and end with -LC",
            DisplayName = "Enforce resource naming rules",
            Metadata = new Dictionary<string, object?>
            {
                ["assignedBy"] = "Special Someone",
            },
            NonComplianceMessages = new[]
            {
                new AzureNative.Authorization.Inputs.NonComplianceMessageArgs
                {
                    Message = "Resource names must start with 'DeptA' and end with '-LC'.",
                },
            },
            Parameters = 
            {
                { "prefix", new AzureNative.Authorization.Inputs.ParameterValuesValueArgs
                {
                    Value = "DeptA",
                } },
                { "suffix", new AzureNative.Authorization.Inputs.ParameterValuesValueArgs
                {
                    Value = "-LC",
                } },
            },
            PolicyAssignmentName = "EnforceNaming",
            PolicyDefinitionId = "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
            Scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
        });
    
    });
    
    package main
    
    import (
    	authorization "github.com/pulumi/pulumi-azure-native-sdk/authorization/v2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := authorization.NewPolicyAssignment(ctx, "policyAssignment", &authorization.PolicyAssignmentArgs{
    			Description: pulumi.String("Force resource names to begin with given DeptA and end with -LC"),
    			DisplayName: pulumi.String("Enforce resource naming rules"),
    			Metadata: pulumi.Any(map[string]interface{}{
    				"assignedBy": "Special Someone",
    			}),
    			NonComplianceMessages: authorization.NonComplianceMessageArray{
    				&authorization.NonComplianceMessageArgs{
    					Message: pulumi.String("Resource names must start with 'DeptA' and end with '-LC'."),
    				},
    			},
    			Parameters: authorization.ParameterValuesValueMap{
    				"prefix": &authorization.ParameterValuesValueArgs{
    					Value: pulumi.Any("DeptA"),
    				},
    				"suffix": &authorization.ParameterValuesValueArgs{
    					Value: pulumi.Any("-LC"),
    				},
    			},
    			PolicyAssignmentName: pulumi.String("EnforceNaming"),
    			PolicyDefinitionId:   pulumi.String("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
    			Scope:                pulumi.String("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azurenative.authorization.PolicyAssignment;
    import com.pulumi.azurenative.authorization.PolicyAssignmentArgs;
    import com.pulumi.azurenative.authorization.inputs.NonComplianceMessageArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var policyAssignment = new PolicyAssignment("policyAssignment", PolicyAssignmentArgs.builder()
                .description("Force resource names to begin with given DeptA and end with -LC")
                .displayName("Enforce resource naming rules")
                .metadata(Map.of("assignedBy", "Special Someone"))
                .nonComplianceMessages(NonComplianceMessageArgs.builder()
                    .message("Resource names must start with 'DeptA' and end with '-LC'.")
                    .build())
                .parameters(Map.ofEntries(
                    Map.entry("prefix", Map.of("value", "DeptA")),
                    Map.entry("suffix", Map.of("value", "-LC"))
                ))
                .policyAssignmentName("EnforceNaming")
                .policyDefinitionId("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming")
                .scope("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2")
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure_native as azure_native
    
    policy_assignment = azure_native.authorization.PolicyAssignment("policyAssignment",
        description="Force resource names to begin with given DeptA and end with -LC",
        display_name="Enforce resource naming rules",
        metadata={
            "assignedBy": "Special Someone",
        },
        non_compliance_messages=[{
            "message": "Resource names must start with 'DeptA' and end with '-LC'.",
        }],
        parameters={
            "prefix": {
                "value": "DeptA",
            },
            "suffix": {
                "value": "-LC",
            },
        },
        policy_assignment_name="EnforceNaming",
        policy_definition_id="/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
        scope="subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2")
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure_native from "@pulumi/azure-native";
    
    const policyAssignment = new azure_native.authorization.PolicyAssignment("policyAssignment", {
        description: "Force resource names to begin with given DeptA and end with -LC",
        displayName: "Enforce resource naming rules",
        metadata: {
            assignedBy: "Special Someone",
        },
        nonComplianceMessages: [{
            message: "Resource names must start with 'DeptA' and end with '-LC'.",
        }],
        parameters: {
            prefix: {
                value: "DeptA",
            },
            suffix: {
                value: "-LC",
            },
        },
        policyAssignmentName: "EnforceNaming",
        policyDefinitionId: "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
        scope: "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
    });
    
    resources:
      policyAssignment:
        type: azure-native:authorization:PolicyAssignment
        properties:
          description: Force resource names to begin with given DeptA and end with -LC
          displayName: Enforce resource naming rules
          metadata:
            assignedBy: Special Someone
          nonComplianceMessages:
            - message: Resource names must start with 'DeptA' and end with '-LC'.
          parameters:
            prefix:
              value: DeptA
            suffix:
              value: -LC
          policyAssignmentName: EnforceNaming
          policyDefinitionId: /subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming
          scope: subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2
    

    Create or update a policy assignment with a system assigned identity

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureNative = Pulumi.AzureNative;
    
    return await Deployment.RunAsync(() => 
    {
        var policyAssignment = new AzureNative.Authorization.PolicyAssignment("policyAssignment", new()
        {
            Description = "Force resource names to begin with given DeptA and end with -LC",
            DisplayName = "Enforce resource naming rules",
            EnforcementMode = AzureNative.Authorization.EnforcementMode.Default,
            Identity = new AzureNative.Authorization.Inputs.IdentityArgs
            {
                Type = AzureNative.Authorization.ResourceIdentityType.SystemAssigned,
            },
            Location = "eastus",
            Metadata = new Dictionary<string, object?>
            {
                ["assignedBy"] = "Foo Bar",
            },
            Parameters = 
            {
                { "prefix", new AzureNative.Authorization.Inputs.ParameterValuesValueArgs
                {
                    Value = "DeptA",
                } },
                { "suffix", new AzureNative.Authorization.Inputs.ParameterValuesValueArgs
                {
                    Value = "-LC",
                } },
            },
            PolicyAssignmentName = "EnforceNaming",
            PolicyDefinitionId = "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
            Scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
        });
    
    });
    
    package main
    
    import (
    	authorization "github.com/pulumi/pulumi-azure-native-sdk/authorization/v2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := authorization.NewPolicyAssignment(ctx, "policyAssignment", &authorization.PolicyAssignmentArgs{
    			Description:     pulumi.String("Force resource names to begin with given DeptA and end with -LC"),
    			DisplayName:     pulumi.String("Enforce resource naming rules"),
    			EnforcementMode: pulumi.String(authorization.EnforcementModeDefault),
    			Identity: &authorization.IdentityArgs{
    				Type: authorization.ResourceIdentityTypeSystemAssigned,
    			},
    			Location: pulumi.String("eastus"),
    			Metadata: pulumi.Any(map[string]interface{}{
    				"assignedBy": "Foo Bar",
    			}),
    			Parameters: authorization.ParameterValuesValueMap{
    				"prefix": &authorization.ParameterValuesValueArgs{
    					Value: pulumi.Any("DeptA"),
    				},
    				"suffix": &authorization.ParameterValuesValueArgs{
    					Value: pulumi.Any("-LC"),
    				},
    			},
    			PolicyAssignmentName: pulumi.String("EnforceNaming"),
    			PolicyDefinitionId:   pulumi.String("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
    			Scope:                pulumi.String("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azurenative.authorization.PolicyAssignment;
    import com.pulumi.azurenative.authorization.PolicyAssignmentArgs;
    import com.pulumi.azurenative.authorization.inputs.IdentityArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var policyAssignment = new PolicyAssignment("policyAssignment", PolicyAssignmentArgs.builder()
                .description("Force resource names to begin with given DeptA and end with -LC")
                .displayName("Enforce resource naming rules")
                .enforcementMode("Default")
                .identity(IdentityArgs.builder()
                    .type("SystemAssigned")
                    .build())
                .location("eastus")
                .metadata(Map.of("assignedBy", "Foo Bar"))
                .parameters(Map.ofEntries(
                    Map.entry("prefix", Map.of("value", "DeptA")),
                    Map.entry("suffix", Map.of("value", "-LC"))
                ))
                .policyAssignmentName("EnforceNaming")
                .policyDefinitionId("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming")
                .scope("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2")
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure_native as azure_native
    
    policy_assignment = azure_native.authorization.PolicyAssignment("policyAssignment",
        description="Force resource names to begin with given DeptA and end with -LC",
        display_name="Enforce resource naming rules",
        enforcement_mode=azure_native.authorization.EnforcementMode.DEFAULT,
        identity={
            "type": azure_native.authorization.ResourceIdentityType.SYSTEM_ASSIGNED,
        },
        location="eastus",
        metadata={
            "assignedBy": "Foo Bar",
        },
        parameters={
            "prefix": {
                "value": "DeptA",
            },
            "suffix": {
                "value": "-LC",
            },
        },
        policy_assignment_name="EnforceNaming",
        policy_definition_id="/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
        scope="subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2")
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure_native from "@pulumi/azure-native";
    
    const policyAssignment = new azure_native.authorization.PolicyAssignment("policyAssignment", {
        description: "Force resource names to begin with given DeptA and end with -LC",
        displayName: "Enforce resource naming rules",
        enforcementMode: azure_native.authorization.EnforcementMode.Default,
        identity: {
            type: azure_native.authorization.ResourceIdentityType.SystemAssigned,
        },
        location: "eastus",
        metadata: {
            assignedBy: "Foo Bar",
        },
        parameters: {
            prefix: {
                value: "DeptA",
            },
            suffix: {
                value: "-LC",
            },
        },
        policyAssignmentName: "EnforceNaming",
        policyDefinitionId: "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
        scope: "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
    });
    
    resources:
      policyAssignment:
        type: azure-native:authorization:PolicyAssignment
        properties:
          description: Force resource names to begin with given DeptA and end with -LC
          displayName: Enforce resource naming rules
          enforcementMode: Default
          identity:
            type: SystemAssigned
          location: eastus
          metadata:
            assignedBy: Foo Bar
          parameters:
            prefix:
              value: DeptA
            suffix:
              value: -LC
          policyAssignmentName: EnforceNaming
          policyDefinitionId: /subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming
          scope: subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2
    

    Create or update a policy assignment with multiple non-compliance messages

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureNative = Pulumi.AzureNative;
    
    return await Deployment.RunAsync(() => 
    {
        var policyAssignment = new AzureNative.Authorization.PolicyAssignment("policyAssignment", new()
        {
            DisplayName = "Enforce security policies",
            NonComplianceMessages = new[]
            {
                new AzureNative.Authorization.Inputs.NonComplianceMessageArgs
                {
                    Message = "Resources must comply with all internal security policies. See <internal site URL> for more info.",
                },
                new AzureNative.Authorization.Inputs.NonComplianceMessageArgs
                {
                    Message = "Resource names must start with 'DeptA' and end with '-LC'.",
                    PolicyDefinitionReferenceId = "10420126870854049575",
                },
                new AzureNative.Authorization.Inputs.NonComplianceMessageArgs
                {
                    Message = "Storage accounts must have firewall rules configured.",
                    PolicyDefinitionReferenceId = "8572513655450389710",
                },
            },
            PolicyAssignmentName = "securityInitAssignment",
            PolicyDefinitionId = "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/securityInitiative",
            Scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
        });
    
    });
    
    package main
    
    import (
    	authorization "github.com/pulumi/pulumi-azure-native-sdk/authorization/v2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := authorization.NewPolicyAssignment(ctx, "policyAssignment", &authorization.PolicyAssignmentArgs{
    			DisplayName: pulumi.String("Enforce security policies"),
    			NonComplianceMessages: authorization.NonComplianceMessageArray{
    				&authorization.NonComplianceMessageArgs{
    					Message: pulumi.String("Resources must comply with all internal security policies. See <internal site URL> for more info."),
    				},
    				&authorization.NonComplianceMessageArgs{
    					Message:                     pulumi.String("Resource names must start with 'DeptA' and end with '-LC'."),
    					PolicyDefinitionReferenceId: pulumi.String("10420126870854049575"),
    				},
    				&authorization.NonComplianceMessageArgs{
    					Message:                     pulumi.String("Storage accounts must have firewall rules configured."),
    					PolicyDefinitionReferenceId: pulumi.String("8572513655450389710"),
    				},
    			},
    			PolicyAssignmentName: pulumi.String("securityInitAssignment"),
    			PolicyDefinitionId:   pulumi.String("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/securityInitiative"),
    			Scope:                pulumi.String("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azurenative.authorization.PolicyAssignment;
    import com.pulumi.azurenative.authorization.PolicyAssignmentArgs;
    import com.pulumi.azurenative.authorization.inputs.NonComplianceMessageArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var policyAssignment = new PolicyAssignment("policyAssignment", PolicyAssignmentArgs.builder()
                .displayName("Enforce security policies")
                .nonComplianceMessages(            
                    NonComplianceMessageArgs.builder()
                        .message("Resources must comply with all internal security policies. See <internal site URL> for more info.")
                        .build(),
                    NonComplianceMessageArgs.builder()
                        .message("Resource names must start with 'DeptA' and end with '-LC'.")
                        .policyDefinitionReferenceId("10420126870854049575")
                        .build(),
                    NonComplianceMessageArgs.builder()
                        .message("Storage accounts must have firewall rules configured.")
                        .policyDefinitionReferenceId("8572513655450389710")
                        .build())
                .policyAssignmentName("securityInitAssignment")
                .policyDefinitionId("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/securityInitiative")
                .scope("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2")
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure_native as azure_native
    
    policy_assignment = azure_native.authorization.PolicyAssignment("policyAssignment",
        display_name="Enforce security policies",
        non_compliance_messages=[
            {
                "message": "Resources must comply with all internal security policies. See <internal site URL> for more info.",
            },
            {
                "message": "Resource names must start with 'DeptA' and end with '-LC'.",
                "policy_definition_reference_id": "10420126870854049575",
            },
            {
                "message": "Storage accounts must have firewall rules configured.",
                "policy_definition_reference_id": "8572513655450389710",
            },
        ],
        policy_assignment_name="securityInitAssignment",
        policy_definition_id="/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/securityInitiative",
        scope="subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2")
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure_native from "@pulumi/azure-native";
    
    const policyAssignment = new azure_native.authorization.PolicyAssignment("policyAssignment", {
        displayName: "Enforce security policies",
        nonComplianceMessages: [
            {
                message: "Resources must comply with all internal security policies. See <internal site URL> for more info.",
            },
            {
                message: "Resource names must start with 'DeptA' and end with '-LC'.",
                policyDefinitionReferenceId: "10420126870854049575",
            },
            {
                message: "Storage accounts must have firewall rules configured.",
                policyDefinitionReferenceId: "8572513655450389710",
            },
        ],
        policyAssignmentName: "securityInitAssignment",
        policyDefinitionId: "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/securityInitiative",
        scope: "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
    });
    
    resources:
      policyAssignment:
        type: azure-native:authorization:PolicyAssignment
        properties:
          displayName: Enforce security policies
          nonComplianceMessages:
            - message: Resources must comply with all internal security policies. See <internal site URL> for more info.
            - message: Resource names must start with 'DeptA' and end with '-LC'.
              policyDefinitionReferenceId: '10420126870854049575'
            - message: Storage accounts must have firewall rules configured.
              policyDefinitionReferenceId: '8572513655450389710'
          policyAssignmentName: securityInitAssignment
          policyDefinitionId: /subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/securityInitiative
          scope: subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2
    

    Create or update a policy assignment with overrides

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureNative = Pulumi.AzureNative;
    
    return await Deployment.RunAsync(() => 
    {
        var policyAssignment = new AzureNative.Authorization.PolicyAssignment("policyAssignment", new()
        {
            Description = "Limit the resource location and resource SKU",
            DisplayName = "Limit the resource location and resource SKU",
            Metadata = new Dictionary<string, object?>
            {
                ["assignedBy"] = "Special Someone",
            },
            Overrides = new[]
            {
                new AzureNative.Authorization.Inputs.OverrideArgs
                {
                    Kind = AzureNative.Authorization.OverrideKind.PolicyEffect,
                    Selectors = new[]
                    {
                        new AzureNative.Authorization.Inputs.SelectorArgs
                        {
                            In = new[]
                            {
                                "Limit_Skus",
                                "Limit_Locations",
                            },
                            Kind = AzureNative.Authorization.SelectorKind.PolicyDefinitionReferenceId,
                        },
                    },
                    Value = "Audit",
                },
            },
            PolicyAssignmentName = "CostManagement",
            PolicyDefinitionId = "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement",
            Scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
        });
    
    });
    
    package main
    
    import (
    	authorization "github.com/pulumi/pulumi-azure-native-sdk/authorization/v2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := authorization.NewPolicyAssignment(ctx, "policyAssignment", &authorization.PolicyAssignmentArgs{
    			Description: pulumi.String("Limit the resource location and resource SKU"),
    			DisplayName: pulumi.String("Limit the resource location and resource SKU"),
    			Metadata: pulumi.Any(map[string]interface{}{
    				"assignedBy": "Special Someone",
    			}),
    			Overrides: authorization.OverrideArray{
    				&authorization.OverrideArgs{
    					Kind: pulumi.String(authorization.OverrideKindPolicyEffect),
    					Selectors: authorization.SelectorArray{
    						&authorization.SelectorArgs{
    							In: pulumi.StringArray{
    								pulumi.String("Limit_Skus"),
    								pulumi.String("Limit_Locations"),
    							},
    							Kind: pulumi.String(authorization.SelectorKindPolicyDefinitionReferenceId),
    						},
    					},
    					Value: pulumi.String("Audit"),
    				},
    			},
    			PolicyAssignmentName: pulumi.String("CostManagement"),
    			PolicyDefinitionId:   pulumi.String("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement"),
    			Scope:                pulumi.String("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azurenative.authorization.PolicyAssignment;
    import com.pulumi.azurenative.authorization.PolicyAssignmentArgs;
    import com.pulumi.azurenative.authorization.inputs.OverrideArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var policyAssignment = new PolicyAssignment("policyAssignment", PolicyAssignmentArgs.builder()
                .description("Limit the resource location and resource SKU")
                .displayName("Limit the resource location and resource SKU")
                .metadata(Map.of("assignedBy", "Special Someone"))
                .overrides(OverrideArgs.builder()
                    .kind("policyEffect")
                    .selectors(SelectorArgs.builder()
                        .in(                    
                            "Limit_Skus",
                            "Limit_Locations")
                        .kind("policyDefinitionReferenceId")
                        .build())
                    .value("Audit")
                    .build())
                .policyAssignmentName("CostManagement")
                .policyDefinitionId("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement")
                .scope("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2")
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure_native as azure_native
    
    policy_assignment = azure_native.authorization.PolicyAssignment("policyAssignment",
        description="Limit the resource location and resource SKU",
        display_name="Limit the resource location and resource SKU",
        metadata={
            "assignedBy": "Special Someone",
        },
        overrides=[{
            "kind": azure_native.authorization.OverrideKind.POLICY_EFFECT,
            "selectors": [{
                "in_": [
                    "Limit_Skus",
                    "Limit_Locations",
                ],
                "kind": azure_native.authorization.SelectorKind.POLICY_DEFINITION_REFERENCE_ID,
            }],
            "value": "Audit",
        }],
        policy_assignment_name="CostManagement",
        policy_definition_id="/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement",
        scope="subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2")
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure_native from "@pulumi/azure-native";
    
    const policyAssignment = new azure_native.authorization.PolicyAssignment("policyAssignment", {
        description: "Limit the resource location and resource SKU",
        displayName: "Limit the resource location and resource SKU",
        metadata: {
            assignedBy: "Special Someone",
        },
        overrides: [{
            kind: azure_native.authorization.OverrideKind.PolicyEffect,
            selectors: [{
                "in": [
                    "Limit_Skus",
                    "Limit_Locations",
                ],
                kind: azure_native.authorization.SelectorKind.PolicyDefinitionReferenceId,
            }],
            value: "Audit",
        }],
        policyAssignmentName: "CostManagement",
        policyDefinitionId: "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement",
        scope: "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
    });
    
    resources:
      policyAssignment:
        type: azure-native:authorization:PolicyAssignment
        properties:
          description: Limit the resource location and resource SKU
          displayName: Limit the resource location and resource SKU
          metadata:
            assignedBy: Special Someone
          overrides:
            - kind: policyEffect
              selectors:
                - in:
                    - Limit_Skus
                    - Limit_Locations
                  kind: policyDefinitionReferenceId
              value: Audit
          policyAssignmentName: CostManagement
          policyDefinitionId: /subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement
          scope: subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2
    

    Create or update a policy assignment with resource selectors

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureNative = Pulumi.AzureNative;
    
    return await Deployment.RunAsync(() => 
    {
        var policyAssignment = new AzureNative.Authorization.PolicyAssignment("policyAssignment", new()
        {
            Description = "Limit the resource location and resource SKU",
            DisplayName = "Limit the resource location and resource SKU",
            Metadata = new Dictionary<string, object?>
            {
                ["assignedBy"] = "Special Someone",
            },
            PolicyAssignmentName = "CostManagement",
            PolicyDefinitionId = "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement",
            ResourceSelectors = new[]
            {
                new AzureNative.Authorization.Inputs.ResourceSelectorArgs
                {
                    Name = "SDPRegions",
                    Selectors = new[]
                    {
                        new AzureNative.Authorization.Inputs.SelectorArgs
                        {
                            In = new[]
                            {
                                "eastus2euap",
                                "centraluseuap",
                            },
                            Kind = AzureNative.Authorization.SelectorKind.ResourceLocation,
                        },
                    },
                },
            },
            Scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
        });
    
    });
    
    package main
    
    import (
    	authorization "github.com/pulumi/pulumi-azure-native-sdk/authorization/v2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := authorization.NewPolicyAssignment(ctx, "policyAssignment", &authorization.PolicyAssignmentArgs{
    			Description: pulumi.String("Limit the resource location and resource SKU"),
    			DisplayName: pulumi.String("Limit the resource location and resource SKU"),
    			Metadata: pulumi.Any(map[string]interface{}{
    				"assignedBy": "Special Someone",
    			}),
    			PolicyAssignmentName: pulumi.String("CostManagement"),
    			PolicyDefinitionId:   pulumi.String("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement"),
    			ResourceSelectors: authorization.ResourceSelectorArray{
    				&authorization.ResourceSelectorArgs{
    					Name: pulumi.String("SDPRegions"),
    					Selectors: authorization.SelectorArray{
    						&authorization.SelectorArgs{
    							In: pulumi.StringArray{
    								pulumi.String("eastus2euap"),
    								pulumi.String("centraluseuap"),
    							},
    							Kind: pulumi.String(authorization.SelectorKindResourceLocation),
    						},
    					},
    				},
    			},
    			Scope: pulumi.String("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azurenative.authorization.PolicyAssignment;
    import com.pulumi.azurenative.authorization.PolicyAssignmentArgs;
    import com.pulumi.azurenative.authorization.inputs.ResourceSelectorArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var policyAssignment = new PolicyAssignment("policyAssignment", PolicyAssignmentArgs.builder()
                .description("Limit the resource location and resource SKU")
                .displayName("Limit the resource location and resource SKU")
                .metadata(Map.of("assignedBy", "Special Someone"))
                .policyAssignmentName("CostManagement")
                .policyDefinitionId("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement")
                .resourceSelectors(ResourceSelectorArgs.builder()
                    .name("SDPRegions")
                    .selectors(SelectorArgs.builder()
                        .in(                    
                            "eastus2euap",
                            "centraluseuap")
                        .kind("resourceLocation")
                        .build())
                    .build())
                .scope("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2")
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure_native as azure_native
    
    policy_assignment = azure_native.authorization.PolicyAssignment("policyAssignment",
        description="Limit the resource location and resource SKU",
        display_name="Limit the resource location and resource SKU",
        metadata={
            "assignedBy": "Special Someone",
        },
        policy_assignment_name="CostManagement",
        policy_definition_id="/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement",
        resource_selectors=[{
            "name": "SDPRegions",
            "selectors": [{
                "in_": [
                    "eastus2euap",
                    "centraluseuap",
                ],
                "kind": azure_native.authorization.SelectorKind.RESOURCE_LOCATION,
            }],
        }],
        scope="subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2")
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure_native from "@pulumi/azure-native";
    
    const policyAssignment = new azure_native.authorization.PolicyAssignment("policyAssignment", {
        description: "Limit the resource location and resource SKU",
        displayName: "Limit the resource location and resource SKU",
        metadata: {
            assignedBy: "Special Someone",
        },
        policyAssignmentName: "CostManagement",
        policyDefinitionId: "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement",
        resourceSelectors: [{
            name: "SDPRegions",
            selectors: [{
                "in": [
                    "eastus2euap",
                    "centraluseuap",
                ],
                kind: azure_native.authorization.SelectorKind.ResourceLocation,
            }],
        }],
        scope: "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
    });
    
    resources:
      policyAssignment:
        type: azure-native:authorization:PolicyAssignment
        properties:
          description: Limit the resource location and resource SKU
          displayName: Limit the resource location and resource SKU
          metadata:
            assignedBy: Special Someone
          policyAssignmentName: CostManagement
          policyDefinitionId: /subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement
          resourceSelectors:
            - name: SDPRegions
              selectors:
                - in:
                    - eastus2euap
                    - centraluseuap
                  kind: resourceLocation
          scope: subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2
    

    Create or update a policy assignment without enforcing policy effect during resource creation or update.

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureNative = Pulumi.AzureNative;
    
    return await Deployment.RunAsync(() => 
    {
        var policyAssignment = new AzureNative.Authorization.PolicyAssignment("policyAssignment", new()
        {
            Description = "Force resource names to begin with given DeptA and end with -LC",
            DisplayName = "Enforce resource naming rules",
            EnforcementMode = AzureNative.Authorization.EnforcementMode.DoNotEnforce,
            Metadata = new Dictionary<string, object?>
            {
                ["assignedBy"] = "Special Someone",
            },
            Parameters = 
            {
                { "prefix", new AzureNative.Authorization.Inputs.ParameterValuesValueArgs
                {
                    Value = "DeptA",
                } },
                { "suffix", new AzureNative.Authorization.Inputs.ParameterValuesValueArgs
                {
                    Value = "-LC",
                } },
            },
            PolicyAssignmentName = "EnforceNaming",
            PolicyDefinitionId = "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
            Scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
        });
    
    });
    
    package main
    
    import (
    	authorization "github.com/pulumi/pulumi-azure-native-sdk/authorization/v2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := authorization.NewPolicyAssignment(ctx, "policyAssignment", &authorization.PolicyAssignmentArgs{
    			Description:     pulumi.String("Force resource names to begin with given DeptA and end with -LC"),
    			DisplayName:     pulumi.String("Enforce resource naming rules"),
    			EnforcementMode: pulumi.String(authorization.EnforcementModeDoNotEnforce),
    			Metadata: pulumi.Any(map[string]interface{}{
    				"assignedBy": "Special Someone",
    			}),
    			Parameters: authorization.ParameterValuesValueMap{
    				"prefix": &authorization.ParameterValuesValueArgs{
    					Value: pulumi.Any("DeptA"),
    				},
    				"suffix": &authorization.ParameterValuesValueArgs{
    					Value: pulumi.Any("-LC"),
    				},
    			},
    			PolicyAssignmentName: pulumi.String("EnforceNaming"),
    			PolicyDefinitionId:   pulumi.String("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
    			Scope:                pulumi.String("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azurenative.authorization.PolicyAssignment;
    import com.pulumi.azurenative.authorization.PolicyAssignmentArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var policyAssignment = new PolicyAssignment("policyAssignment", PolicyAssignmentArgs.builder()
                .description("Force resource names to begin with given DeptA and end with -LC")
                .displayName("Enforce resource naming rules")
                .enforcementMode("DoNotEnforce")
                .metadata(Map.of("assignedBy", "Special Someone"))
                .parameters(Map.ofEntries(
                    Map.entry("prefix", Map.of("value", "DeptA")),
                    Map.entry("suffix", Map.of("value", "-LC"))
                ))
                .policyAssignmentName("EnforceNaming")
                .policyDefinitionId("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming")
                .scope("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2")
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure_native as azure_native
    
    policy_assignment = azure_native.authorization.PolicyAssignment("policyAssignment",
        description="Force resource names to begin with given DeptA and end with -LC",
        display_name="Enforce resource naming rules",
        enforcement_mode=azure_native.authorization.EnforcementMode.DO_NOT_ENFORCE,
        metadata={
            "assignedBy": "Special Someone",
        },
        parameters={
            "prefix": {
                "value": "DeptA",
            },
            "suffix": {
                "value": "-LC",
            },
        },
        policy_assignment_name="EnforceNaming",
        policy_definition_id="/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
        scope="subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2")
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure_native from "@pulumi/azure-native";
    
    const policyAssignment = new azure_native.authorization.PolicyAssignment("policyAssignment", {
        description: "Force resource names to begin with given DeptA and end with -LC",
        displayName: "Enforce resource naming rules",
        enforcementMode: azure_native.authorization.EnforcementMode.DoNotEnforce,
        metadata: {
            assignedBy: "Special Someone",
        },
        parameters: {
            prefix: {
                value: "DeptA",
            },
            suffix: {
                value: "-LC",
            },
        },
        policyAssignmentName: "EnforceNaming",
        policyDefinitionId: "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
        scope: "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
    });
    
    resources:
      policyAssignment:
        type: azure-native:authorization:PolicyAssignment
        properties:
          description: Force resource names to begin with given DeptA and end with -LC
          displayName: Enforce resource naming rules
          enforcementMode: DoNotEnforce
          metadata:
            assignedBy: Special Someone
          parameters:
            prefix:
              value: DeptA
            suffix:
              value: -LC
          policyAssignmentName: EnforceNaming
          policyDefinitionId: /subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming
          scope: subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2
    

    Create PolicyAssignment Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new PolicyAssignment(name: string, args: PolicyAssignmentArgs, opts?: CustomResourceOptions);
    @overload
    def PolicyAssignment(resource_name: str,
                         args: PolicyAssignmentArgs,
                         opts: Optional[ResourceOptions] = None)
    
    @overload
    def PolicyAssignment(resource_name: str,
                         opts: Optional[ResourceOptions] = None,
                         scope: Optional[str] = None,
                         non_compliance_messages: Optional[Sequence[NonComplianceMessageArgs]] = None,
                         enforcement_mode: Optional[Union[str, EnforcementMode]] = None,
                         identity: Optional[IdentityArgs] = None,
                         location: Optional[str] = None,
                         metadata: Optional[Any] = None,
                         description: Optional[str] = None,
                         not_scopes: Optional[Sequence[str]] = None,
                         overrides: Optional[Sequence[OverrideArgs]] = None,
                         parameters: Optional[Mapping[str, ParameterValuesValueArgs]] = None,
                         policy_assignment_name: Optional[str] = None,
                         policy_definition_id: Optional[str] = None,
                         resource_selectors: Optional[Sequence[ResourceSelectorArgs]] = None,
                         display_name: Optional[str] = None)
    func NewPolicyAssignment(ctx *Context, name string, args PolicyAssignmentArgs, opts ...ResourceOption) (*PolicyAssignment, error)
    public PolicyAssignment(string name, PolicyAssignmentArgs args, CustomResourceOptions? opts = null)
    public PolicyAssignment(String name, PolicyAssignmentArgs args)
    public PolicyAssignment(String name, PolicyAssignmentArgs args, CustomResourceOptions options)
    
    type: azure-native:authorization:PolicyAssignment
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args PolicyAssignmentArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args PolicyAssignmentArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args PolicyAssignmentArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args PolicyAssignmentArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args PolicyAssignmentArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var policyAssignmentResource = new AzureNative.Authorization.PolicyAssignment("policyAssignmentResource", new()
    {
        Scope = "string",
        NonComplianceMessages = new[]
        {
            new AzureNative.Authorization.Inputs.NonComplianceMessageArgs
            {
                Message = "string",
                PolicyDefinitionReferenceId = "string",
            },
        },
        EnforcementMode = "string",
        Identity = new AzureNative.Authorization.Inputs.IdentityArgs
        {
            Type = AzureNative.Authorization.ResourceIdentityType.SystemAssigned,
            UserAssignedIdentities = new[]
            {
                "string",
            },
        },
        Location = "string",
        Metadata = "any",
        Description = "string",
        NotScopes = new[]
        {
            "string",
        },
        Overrides = new[]
        {
            new AzureNative.Authorization.Inputs.OverrideArgs
            {
                Kind = "string",
                Selectors = new[]
                {
                    new AzureNative.Authorization.Inputs.SelectorArgs
                    {
                        In = new[]
                        {
                            "string",
                        },
                        Kind = "string",
                        NotIn = new[]
                        {
                            "string",
                        },
                    },
                },
                Value = "string",
            },
        },
        Parameters = 
        {
            { "string", new AzureNative.Authorization.Inputs.ParameterValuesValueArgs
            {
                Value = "any",
            } },
        },
        PolicyAssignmentName = "string",
        PolicyDefinitionId = "string",
        ResourceSelectors = new[]
        {
            new AzureNative.Authorization.Inputs.ResourceSelectorArgs
            {
                Name = "string",
                Selectors = new[]
                {
                    new AzureNative.Authorization.Inputs.SelectorArgs
                    {
                        In = new[]
                        {
                            "string",
                        },
                        Kind = "string",
                        NotIn = new[]
                        {
                            "string",
                        },
                    },
                },
            },
        },
        DisplayName = "string",
    });
    
    example, err := authorization.NewPolicyAssignment(ctx, "policyAssignmentResource", &authorization.PolicyAssignmentArgs{
    	Scope: pulumi.String("string"),
    	NonComplianceMessages: authorization.NonComplianceMessageArray{
    		&authorization.NonComplianceMessageArgs{
    			Message:                     pulumi.String("string"),
    			PolicyDefinitionReferenceId: pulumi.String("string"),
    		},
    	},
    	EnforcementMode: pulumi.String("string"),
    	Identity: &authorization.IdentityArgs{
    		Type: authorization.ResourceIdentityTypeSystemAssigned,
    		UserAssignedIdentities: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    	},
    	Location:    pulumi.String("string"),
    	Metadata:    pulumi.Any("any"),
    	Description: pulumi.String("string"),
    	NotScopes: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	Overrides: authorization.OverrideArray{
    		&authorization.OverrideArgs{
    			Kind: pulumi.String("string"),
    			Selectors: authorization.SelectorArray{
    				&authorization.SelectorArgs{
    					In: pulumi.StringArray{
    						pulumi.String("string"),
    					},
    					Kind: pulumi.String("string"),
    					NotIn: pulumi.StringArray{
    						pulumi.String("string"),
    					},
    				},
    			},
    			Value: pulumi.String("string"),
    		},
    	},
    	Parameters: authorization.ParameterValuesValueMap{
    		"string": &authorization.ParameterValuesValueArgs{
    			Value: pulumi.Any("any"),
    		},
    	},
    	PolicyAssignmentName: pulumi.String("string"),
    	PolicyDefinitionId:   pulumi.String("string"),
    	ResourceSelectors: authorization.ResourceSelectorArray{
    		&authorization.ResourceSelectorArgs{
    			Name: pulumi.String("string"),
    			Selectors: authorization.SelectorArray{
    				&authorization.SelectorArgs{
    					In: pulumi.StringArray{
    						pulumi.String("string"),
    					},
    					Kind: pulumi.String("string"),
    					NotIn: pulumi.StringArray{
    						pulumi.String("string"),
    					},
    				},
    			},
    		},
    	},
    	DisplayName: pulumi.String("string"),
    })
    
    var policyAssignmentResource = new PolicyAssignment("policyAssignmentResource", PolicyAssignmentArgs.builder()
        .scope("string")
        .nonComplianceMessages(NonComplianceMessageArgs.builder()
            .message("string")
            .policyDefinitionReferenceId("string")
            .build())
        .enforcementMode("string")
        .identity(IdentityArgs.builder()
            .type("SystemAssigned")
            .userAssignedIdentities("string")
            .build())
        .location("string")
        .metadata("any")
        .description("string")
        .notScopes("string")
        .overrides(OverrideArgs.builder()
            .kind("string")
            .selectors(SelectorArgs.builder()
                .in("string")
                .kind("string")
                .notIn("string")
                .build())
            .value("string")
            .build())
        .parameters(Map.of("string", Map.of("value", "any")))
        .policyAssignmentName("string")
        .policyDefinitionId("string")
        .resourceSelectors(ResourceSelectorArgs.builder()
            .name("string")
            .selectors(SelectorArgs.builder()
                .in("string")
                .kind("string")
                .notIn("string")
                .build())
            .build())
        .displayName("string")
        .build());
    
    policy_assignment_resource = azure_native.authorization.PolicyAssignment("policyAssignmentResource",
        scope="string",
        non_compliance_messages=[{
            "message": "string",
            "policy_definition_reference_id": "string",
        }],
        enforcement_mode="string",
        identity={
            "type": azure_native.authorization.ResourceIdentityType.SYSTEM_ASSIGNED,
            "user_assigned_identities": ["string"],
        },
        location="string",
        metadata="any",
        description="string",
        not_scopes=["string"],
        overrides=[{
            "kind": "string",
            "selectors": [{
                "in_": ["string"],
                "kind": "string",
                "not_in": ["string"],
            }],
            "value": "string",
        }],
        parameters={
            "string": {
                "value": "any",
            },
        },
        policy_assignment_name="string",
        policy_definition_id="string",
        resource_selectors=[{
            "name": "string",
            "selectors": [{
                "in_": ["string"],
                "kind": "string",
                "not_in": ["string"],
            }],
        }],
        display_name="string")
    
    const policyAssignmentResource = new azure_native.authorization.PolicyAssignment("policyAssignmentResource", {
        scope: "string",
        nonComplianceMessages: [{
            message: "string",
            policyDefinitionReferenceId: "string",
        }],
        enforcementMode: "string",
        identity: {
            type: azure_native.authorization.ResourceIdentityType.SystemAssigned,
            userAssignedIdentities: ["string"],
        },
        location: "string",
        metadata: "any",
        description: "string",
        notScopes: ["string"],
        overrides: [{
            kind: "string",
            selectors: [{
                "in": ["string"],
                kind: "string",
                notIn: ["string"],
            }],
            value: "string",
        }],
        parameters: {
            string: {
                value: "any",
            },
        },
        policyAssignmentName: "string",
        policyDefinitionId: "string",
        resourceSelectors: [{
            name: "string",
            selectors: [{
                "in": ["string"],
                kind: "string",
                notIn: ["string"],
            }],
        }],
        displayName: "string",
    });
    
    type: azure-native:authorization:PolicyAssignment
    properties:
        description: string
        displayName: string
        enforcementMode: string
        identity:
            type: SystemAssigned
            userAssignedIdentities:
                - string
        location: string
        metadata: any
        nonComplianceMessages:
            - message: string
              policyDefinitionReferenceId: string
        notScopes:
            - string
        overrides:
            - kind: string
              selectors:
                - in:
                    - string
                  kind: string
                  notIn:
                    - string
              value: string
        parameters:
            string:
                value: any
        policyAssignmentName: string
        policyDefinitionId: string
        resourceSelectors:
            - name: string
              selectors:
                - in:
                    - string
                  kind: string
                  notIn:
                    - string
        scope: string
    

    PolicyAssignment Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The PolicyAssignment resource accepts the following input properties:

    Scope string
    The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
    Description string
    This message will be part of response in case of policy violation.
    DisplayName string
    The display name of the policy assignment.
    EnforcementMode string | Pulumi.AzureNative.Authorization.EnforcementMode
    The policy assignment enforcement mode. Possible values are Default and DoNotEnforce.
    Identity Pulumi.AzureNative.Authorization.Inputs.Identity
    The managed identity associated with the policy assignment.
    Location string
    The location of the policy assignment. Only required when utilizing managed identity.
    Metadata object
    The policy assignment metadata. Metadata is an open ended object and is typically a collection of key value pairs.
    NonComplianceMessages List<Pulumi.AzureNative.Authorization.Inputs.NonComplianceMessage>
    The messages that describe why a resource is non-compliant with the policy.
    NotScopes List<string>
    The policy's excluded scopes.
    Overrides List<Pulumi.AzureNative.Authorization.Inputs.Override>
    The policy property value override.
    Parameters Dictionary<string, Pulumi.AzureNative.Authorization.Inputs.ParameterValuesValueArgs>
    The parameter values for the assigned policy rule. The keys are the parameter names.
    PolicyAssignmentName string
    The name of the policy assignment.
    PolicyDefinitionId string
    The ID of the policy definition or policy set definition being assigned.
    ResourceSelectors List<Pulumi.AzureNative.Authorization.Inputs.ResourceSelector>
    The resource selector list to filter policies by resource properties.
    Scope string
    The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
    Description string
    This message will be part of response in case of policy violation.
    DisplayName string
    The display name of the policy assignment.
    EnforcementMode string | EnforcementMode
    The policy assignment enforcement mode. Possible values are Default and DoNotEnforce.
    Identity IdentityArgs
    The managed identity associated with the policy assignment.
    Location string
    The location of the policy assignment. Only required when utilizing managed identity.
    Metadata interface{}
    The policy assignment metadata. Metadata is an open ended object and is typically a collection of key value pairs.
    NonComplianceMessages []NonComplianceMessageArgs
    The messages that describe why a resource is non-compliant with the policy.
    NotScopes []string
    The policy's excluded scopes.
    Overrides []OverrideArgs
    The policy property value override.
    Parameters map[string]ParameterValuesValueArgs
    The parameter values for the assigned policy rule. The keys are the parameter names.
    PolicyAssignmentName string
    The name of the policy assignment.
    PolicyDefinitionId string
    The ID of the policy definition or policy set definition being assigned.
    ResourceSelectors []ResourceSelectorArgs
    The resource selector list to filter policies by resource properties.
    scope String
    The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
    description String
    This message will be part of response in case of policy violation.
    displayName String
    The display name of the policy assignment.
    enforcementMode String | EnforcementMode
    The policy assignment enforcement mode. Possible values are Default and DoNotEnforce.
    identity Identity
    The managed identity associated with the policy assignment.
    location String
    The location of the policy assignment. Only required when utilizing managed identity.
    metadata Object
    The policy assignment metadata. Metadata is an open ended object and is typically a collection of key value pairs.
    nonComplianceMessages List<NonComplianceMessage>
    The messages that describe why a resource is non-compliant with the policy.
    notScopes List<String>
    The policy's excluded scopes.
    overrides List<Override>
    The policy property value override.
    parameters Map<String,ParameterValuesValueArgs>
    The parameter values for the assigned policy rule. The keys are the parameter names.
    policyAssignmentName String
    The name of the policy assignment.
    policyDefinitionId String
    The ID of the policy definition or policy set definition being assigned.
    resourceSelectors List<ResourceSelector>
    The resource selector list to filter policies by resource properties.
    scope string
    The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
    description string
    This message will be part of response in case of policy violation.
    displayName string
    The display name of the policy assignment.
    enforcementMode string | EnforcementMode
    The policy assignment enforcement mode. Possible values are Default and DoNotEnforce.
    identity Identity
    The managed identity associated with the policy assignment.
    location string
    The location of the policy assignment. Only required when utilizing managed identity.
    metadata any
    The policy assignment metadata. Metadata is an open ended object and is typically a collection of key value pairs.
    nonComplianceMessages NonComplianceMessage[]
    The messages that describe why a resource is non-compliant with the policy.
    notScopes string[]
    The policy's excluded scopes.
    overrides Override[]
    The policy property value override.
    parameters {[key: string]: ParameterValuesValueArgs}
    The parameter values for the assigned policy rule. The keys are the parameter names.
    policyAssignmentName string
    The name of the policy assignment.
    policyDefinitionId string
    The ID of the policy definition or policy set definition being assigned.
    resourceSelectors ResourceSelector[]
    The resource selector list to filter policies by resource properties.
    scope str
    The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
    description str
    This message will be part of response in case of policy violation.
    display_name str
    The display name of the policy assignment.
    enforcement_mode str | EnforcementMode
    The policy assignment enforcement mode. Possible values are Default and DoNotEnforce.
    identity IdentityArgs
    The managed identity associated with the policy assignment.
    location str
    The location of the policy assignment. Only required when utilizing managed identity.
    metadata Any
    The policy assignment metadata. Metadata is an open ended object and is typically a collection of key value pairs.
    non_compliance_messages Sequence[NonComplianceMessageArgs]
    The messages that describe why a resource is non-compliant with the policy.
    not_scopes Sequence[str]
    The policy's excluded scopes.
    overrides Sequence[OverrideArgs]
    The policy property value override.
    parameters Mapping[str, ParameterValuesValueArgs]
    The parameter values for the assigned policy rule. The keys are the parameter names.
    policy_assignment_name str
    The name of the policy assignment.
    policy_definition_id str
    The ID of the policy definition or policy set definition being assigned.
    resource_selectors Sequence[ResourceSelectorArgs]
    The resource selector list to filter policies by resource properties.
    scope String
    The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
    description String
    This message will be part of response in case of policy violation.
    displayName String
    The display name of the policy assignment.
    enforcementMode String | "Default" | "DoNotEnforce"
    The policy assignment enforcement mode. Possible values are Default and DoNotEnforce.
    identity Property Map
    The managed identity associated with the policy assignment.
    location String
    The location of the policy assignment. Only required when utilizing managed identity.
    metadata Any
    The policy assignment metadata. Metadata is an open ended object and is typically a collection of key value pairs.
    nonComplianceMessages List<Property Map>
    The messages that describe why a resource is non-compliant with the policy.
    notScopes List<String>
    The policy's excluded scopes.
    overrides List<Property Map>
    The policy property value override.
    parameters Map<Property Map>
    The parameter values for the assigned policy rule. The keys are the parameter names.
    policyAssignmentName String
    The name of the policy assignment.
    policyDefinitionId String
    The ID of the policy definition or policy set definition being assigned.
    resourceSelectors List<Property Map>
    The resource selector list to filter policies by resource properties.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the PolicyAssignment resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Name string
    The name of the policy assignment.
    SystemData Pulumi.AzureNative.Authorization.Outputs.SystemDataResponse
    The system metadata relating to this resource.
    Type string
    The type of the policy assignment.
    Id string
    The provider-assigned unique ID for this managed resource.
    Name string
    The name of the policy assignment.
    SystemData SystemDataResponse
    The system metadata relating to this resource.
    Type string
    The type of the policy assignment.
    id String
    The provider-assigned unique ID for this managed resource.
    name String
    The name of the policy assignment.
    systemData SystemDataResponse
    The system metadata relating to this resource.
    type String
    The type of the policy assignment.
    id string
    The provider-assigned unique ID for this managed resource.
    name string
    The name of the policy assignment.
    systemData SystemDataResponse
    The system metadata relating to this resource.
    type string
    The type of the policy assignment.
    id str
    The provider-assigned unique ID for this managed resource.
    name str
    The name of the policy assignment.
    system_data SystemDataResponse
    The system metadata relating to this resource.
    type str
    The type of the policy assignment.
    id String
    The provider-assigned unique ID for this managed resource.
    name String
    The name of the policy assignment.
    systemData Property Map
    The system metadata relating to this resource.
    type String
    The type of the policy assignment.

    Supporting Types

    EnforcementMode, EnforcementModeArgs

    Default
    DefaultThe policy effect is enforced during resource creation or update.
    DoNotEnforce
    DoNotEnforceThe policy effect is not enforced during resource creation or update.
    EnforcementModeDefault
    DefaultThe policy effect is enforced during resource creation or update.
    EnforcementModeDoNotEnforce
    DoNotEnforceThe policy effect is not enforced during resource creation or update.
    Default
    DefaultThe policy effect is enforced during resource creation or update.
    DoNotEnforce
    DoNotEnforceThe policy effect is not enforced during resource creation or update.
    Default
    DefaultThe policy effect is enforced during resource creation or update.
    DoNotEnforce
    DoNotEnforceThe policy effect is not enforced during resource creation or update.
    DEFAULT
    DefaultThe policy effect is enforced during resource creation or update.
    DO_NOT_ENFORCE
    DoNotEnforceThe policy effect is not enforced during resource creation or update.
    "Default"
    DefaultThe policy effect is enforced during resource creation or update.
    "DoNotEnforce"
    DoNotEnforceThe policy effect is not enforced during resource creation or update.

    Identity, IdentityArgs

    Type Pulumi.AzureNative.Authorization.ResourceIdentityType
    The identity type. This is the only required field when adding a system or user assigned identity to a resource.
    UserAssignedIdentities List<string>
    The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
    Type ResourceIdentityType
    The identity type. This is the only required field when adding a system or user assigned identity to a resource.
    UserAssignedIdentities []string
    The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
    type ResourceIdentityType
    The identity type. This is the only required field when adding a system or user assigned identity to a resource.
    userAssignedIdentities List<String>
    The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
    type ResourceIdentityType
    The identity type. This is the only required field when adding a system or user assigned identity to a resource.
    userAssignedIdentities string[]
    The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
    type ResourceIdentityType
    The identity type. This is the only required field when adding a system or user assigned identity to a resource.
    user_assigned_identities Sequence[str]
    The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
    type "SystemAssigned" | "UserAssigned" | "None"
    The identity type. This is the only required field when adding a system or user assigned identity to a resource.
    userAssignedIdentities List<String>
    The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.

    IdentityResponse, IdentityResponseArgs

    PrincipalId string
    The principal ID of the resource identity. This property will only be provided for a system assigned identity
    TenantId string
    The tenant ID of the resource identity. This property will only be provided for a system assigned identity
    Type string
    The identity type. This is the only required field when adding a system or user assigned identity to a resource.
    UserAssignedIdentities Dictionary<string, Pulumi.AzureNative.Authorization.Inputs.IdentityResponseUserAssignedIdentities>
    The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
    PrincipalId string
    The principal ID of the resource identity. This property will only be provided for a system assigned identity
    TenantId string
    The tenant ID of the resource identity. This property will only be provided for a system assigned identity
    Type string
    The identity type. This is the only required field when adding a system or user assigned identity to a resource.
    UserAssignedIdentities map[string]IdentityResponseUserAssignedIdentities
    The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
    principalId String
    The principal ID of the resource identity. This property will only be provided for a system assigned identity
    tenantId String
    The tenant ID of the resource identity. This property will only be provided for a system assigned identity
    type String
    The identity type. This is the only required field when adding a system or user assigned identity to a resource.
    userAssignedIdentities Map<String,IdentityResponseUserAssignedIdentities>
    The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
    principalId string
    The principal ID of the resource identity. This property will only be provided for a system assigned identity
    tenantId string
    The tenant ID of the resource identity. This property will only be provided for a system assigned identity
    type string
    The identity type. This is the only required field when adding a system or user assigned identity to a resource.
    userAssignedIdentities {[key: string]: IdentityResponseUserAssignedIdentities}
    The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
    principal_id str
    The principal ID of the resource identity. This property will only be provided for a system assigned identity
    tenant_id str
    The tenant ID of the resource identity. This property will only be provided for a system assigned identity
    type str
    The identity type. This is the only required field when adding a system or user assigned identity to a resource.
    user_assigned_identities Mapping[str, IdentityResponseUserAssignedIdentities]
    The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
    principalId String
    The principal ID of the resource identity. This property will only be provided for a system assigned identity
    tenantId String
    The tenant ID of the resource identity. This property will only be provided for a system assigned identity
    type String
    The identity type. This is the only required field when adding a system or user assigned identity to a resource.
    userAssignedIdentities Map<Property Map>
    The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.

    IdentityResponseUserAssignedIdentities, IdentityResponseUserAssignedIdentitiesArgs

    ClientId string
    The client id of user assigned identity.
    PrincipalId string
    The principal id of user assigned identity.
    ClientId string
    The client id of user assigned identity.
    PrincipalId string
    The principal id of user assigned identity.
    clientId String
    The client id of user assigned identity.
    principalId String
    The principal id of user assigned identity.
    clientId string
    The client id of user assigned identity.
    principalId string
    The principal id of user assigned identity.
    client_id str
    The client id of user assigned identity.
    principal_id str
    The principal id of user assigned identity.
    clientId String
    The client id of user assigned identity.
    principalId String
    The principal id of user assigned identity.

    NonComplianceMessage, NonComplianceMessageArgs

    Message string
    A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results.
    PolicyDefinitionReferenceId string
    The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment.
    Message string
    A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results.
    PolicyDefinitionReferenceId string
    The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment.
    message String
    A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results.
    policyDefinitionReferenceId String
    The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment.
    message string
    A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results.
    policyDefinitionReferenceId string
    The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment.
    message str
    A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results.
    policy_definition_reference_id str
    The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment.
    message String
    A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results.
    policyDefinitionReferenceId String
    The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment.

    NonComplianceMessageResponse, NonComplianceMessageResponseArgs

    Message string
    A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results.
    PolicyDefinitionReferenceId string
    The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment.
    Message string
    A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results.
    PolicyDefinitionReferenceId string
    The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment.
    message String
    A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results.
    policyDefinitionReferenceId String
    The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment.
    message string
    A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results.
    policyDefinitionReferenceId string
    The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment.
    message str
    A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results.
    policy_definition_reference_id str
    The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment.
    message String
    A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results.
    policyDefinitionReferenceId String
    The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment.

    Override, OverrideArgs

    Kind string | Pulumi.AzureNative.Authorization.OverrideKind
    The override kind.
    Selectors List<Pulumi.AzureNative.Authorization.Inputs.Selector>
    The list of the selector expressions.
    Value string
    The value to override the policy property.
    Kind string | OverrideKind
    The override kind.
    Selectors []Selector
    The list of the selector expressions.
    Value string
    The value to override the policy property.
    kind String | OverrideKind
    The override kind.
    selectors List<Selector>
    The list of the selector expressions.
    value String
    The value to override the policy property.
    kind string | OverrideKind
    The override kind.
    selectors Selector[]
    The list of the selector expressions.
    value string
    The value to override the policy property.
    kind str | OverrideKind
    The override kind.
    selectors Sequence[Selector]
    The list of the selector expressions.
    value str
    The value to override the policy property.
    kind String | "policyEffect"
    The override kind.
    selectors List<Property Map>
    The list of the selector expressions.
    value String
    The value to override the policy property.

    OverrideKind, OverrideKindArgs

    PolicyEffect
    policyEffectIt will override the policy effect type.
    OverrideKindPolicyEffect
    policyEffectIt will override the policy effect type.
    PolicyEffect
    policyEffectIt will override the policy effect type.
    PolicyEffect
    policyEffectIt will override the policy effect type.
    POLICY_EFFECT
    policyEffectIt will override the policy effect type.
    "policyEffect"
    policyEffectIt will override the policy effect type.

    OverrideResponse, OverrideResponseArgs

    Kind string
    The override kind.
    Selectors List<Pulumi.AzureNative.Authorization.Inputs.SelectorResponse>
    The list of the selector expressions.
    Value string
    The value to override the policy property.
    Kind string
    The override kind.
    Selectors []SelectorResponse
    The list of the selector expressions.
    Value string
    The value to override the policy property.
    kind String
    The override kind.
    selectors List<SelectorResponse>
    The list of the selector expressions.
    value String
    The value to override the policy property.
    kind string
    The override kind.
    selectors SelectorResponse[]
    The list of the selector expressions.
    value string
    The value to override the policy property.
    kind str
    The override kind.
    selectors Sequence[SelectorResponse]
    The list of the selector expressions.
    value str
    The value to override the policy property.
    kind String
    The override kind.
    selectors List<Property Map>
    The list of the selector expressions.
    value String
    The value to override the policy property.

    ParameterValuesValue, ParameterValuesValueArgs

    Value object
    The value of the parameter.
    Value interface{}
    The value of the parameter.
    value Object
    The value of the parameter.
    value any
    The value of the parameter.
    value Any
    The value of the parameter.
    value Any
    The value of the parameter.

    ParameterValuesValueResponse, ParameterValuesValueResponseArgs

    Value object
    The value of the parameter.
    Value interface{}
    The value of the parameter.
    value Object
    The value of the parameter.
    value any
    The value of the parameter.
    value Any
    The value of the parameter.
    value Any
    The value of the parameter.

    ResourceIdentityType, ResourceIdentityTypeArgs

    SystemAssigned
    SystemAssignedIndicates that a system assigned identity is associated with the resource.
    UserAssigned
    UserAssignedIndicates that a system assigned identity is associated with the resource.
    None
    NoneIndicates that no identity is associated with the resource or that the existing identity should be removed.
    ResourceIdentityTypeSystemAssigned
    SystemAssignedIndicates that a system assigned identity is associated with the resource.
    ResourceIdentityTypeUserAssigned
    UserAssignedIndicates that a system assigned identity is associated with the resource.
    ResourceIdentityTypeNone
    NoneIndicates that no identity is associated with the resource or that the existing identity should be removed.
    SystemAssigned
    SystemAssignedIndicates that a system assigned identity is associated with the resource.
    UserAssigned
    UserAssignedIndicates that a system assigned identity is associated with the resource.
    None
    NoneIndicates that no identity is associated with the resource or that the existing identity should be removed.
    SystemAssigned
    SystemAssignedIndicates that a system assigned identity is associated with the resource.
    UserAssigned
    UserAssignedIndicates that a system assigned identity is associated with the resource.
    None
    NoneIndicates that no identity is associated with the resource or that the existing identity should be removed.
    SYSTEM_ASSIGNED
    SystemAssignedIndicates that a system assigned identity is associated with the resource.
    USER_ASSIGNED
    UserAssignedIndicates that a system assigned identity is associated with the resource.
    NONE
    NoneIndicates that no identity is associated with the resource or that the existing identity should be removed.
    "SystemAssigned"
    SystemAssignedIndicates that a system assigned identity is associated with the resource.
    "UserAssigned"
    UserAssignedIndicates that a system assigned identity is associated with the resource.
    "None"
    NoneIndicates that no identity is associated with the resource or that the existing identity should be removed.

    ResourceSelector, ResourceSelectorArgs

    Name string
    The name of the resource selector.
    Selectors List<Pulumi.AzureNative.Authorization.Inputs.Selector>
    The list of the selector expressions.
    Name string
    The name of the resource selector.
    Selectors []Selector
    The list of the selector expressions.
    name String
    The name of the resource selector.
    selectors List<Selector>
    The list of the selector expressions.
    name string
    The name of the resource selector.
    selectors Selector[]
    The list of the selector expressions.
    name str
    The name of the resource selector.
    selectors Sequence[Selector]
    The list of the selector expressions.
    name String
    The name of the resource selector.
    selectors List<Property Map>
    The list of the selector expressions.

    ResourceSelectorResponse, ResourceSelectorResponseArgs

    Name string
    The name of the resource selector.
    Selectors List<Pulumi.AzureNative.Authorization.Inputs.SelectorResponse>
    The list of the selector expressions.
    Name string
    The name of the resource selector.
    Selectors []SelectorResponse
    The list of the selector expressions.
    name String
    The name of the resource selector.
    selectors List<SelectorResponse>
    The list of the selector expressions.
    name string
    The name of the resource selector.
    selectors SelectorResponse[]
    The list of the selector expressions.
    name str
    The name of the resource selector.
    selectors Sequence[SelectorResponse]
    The list of the selector expressions.
    name String
    The name of the resource selector.
    selectors List<Property Map>
    The list of the selector expressions.

    Selector, SelectorArgs

    In List<string>
    The list of values to filter in.
    Kind string | Pulumi.AzureNative.Authorization.SelectorKind
    The selector kind.
    NotIn List<string>
    The list of values to filter out.
    In []string
    The list of values to filter in.
    Kind string | SelectorKind
    The selector kind.
    NotIn []string
    The list of values to filter out.
    in List<String>
    The list of values to filter in.
    kind String | SelectorKind
    The selector kind.
    notIn List<String>
    The list of values to filter out.
    in string[]
    The list of values to filter in.
    kind string | SelectorKind
    The selector kind.
    notIn string[]
    The list of values to filter out.
    in_ Sequence[str]
    The list of values to filter in.
    kind str | SelectorKind
    The selector kind.
    not_in Sequence[str]
    The list of values to filter out.
    in List<String>
    The list of values to filter in.
    kind String | "resourceLocation" | "resourceType" | "resourceWithoutLocation" | "policyDefinitionReferenceId"
    The selector kind.
    notIn List<String>
    The list of values to filter out.

    SelectorKind, SelectorKindArgs

    ResourceLocation
    resourceLocationThe selector kind to filter policies by the resource location.
    ResourceType
    resourceTypeThe selector kind to filter policies by the resource type.
    ResourceWithoutLocation
    resourceWithoutLocationThe selector kind to filter policies by the resource without location.
    PolicyDefinitionReferenceId
    policyDefinitionReferenceIdThe selector kind to filter policies by the policy definition reference ID.
    SelectorKindResourceLocation
    resourceLocationThe selector kind to filter policies by the resource location.
    SelectorKindResourceType
    resourceTypeThe selector kind to filter policies by the resource type.
    SelectorKindResourceWithoutLocation
    resourceWithoutLocationThe selector kind to filter policies by the resource without location.
    SelectorKindPolicyDefinitionReferenceId
    policyDefinitionReferenceIdThe selector kind to filter policies by the policy definition reference ID.
    ResourceLocation
    resourceLocationThe selector kind to filter policies by the resource location.
    ResourceType
    resourceTypeThe selector kind to filter policies by the resource type.
    ResourceWithoutLocation
    resourceWithoutLocationThe selector kind to filter policies by the resource without location.
    PolicyDefinitionReferenceId
    policyDefinitionReferenceIdThe selector kind to filter policies by the policy definition reference ID.
    ResourceLocation
    resourceLocationThe selector kind to filter policies by the resource location.
    ResourceType
    resourceTypeThe selector kind to filter policies by the resource type.
    ResourceWithoutLocation
    resourceWithoutLocationThe selector kind to filter policies by the resource without location.
    PolicyDefinitionReferenceId
    policyDefinitionReferenceIdThe selector kind to filter policies by the policy definition reference ID.
    RESOURCE_LOCATION
    resourceLocationThe selector kind to filter policies by the resource location.
    RESOURCE_TYPE
    resourceTypeThe selector kind to filter policies by the resource type.
    RESOURCE_WITHOUT_LOCATION
    resourceWithoutLocationThe selector kind to filter policies by the resource without location.
    POLICY_DEFINITION_REFERENCE_ID
    policyDefinitionReferenceIdThe selector kind to filter policies by the policy definition reference ID.
    "resourceLocation"
    resourceLocationThe selector kind to filter policies by the resource location.
    "resourceType"
    resourceTypeThe selector kind to filter policies by the resource type.
    "resourceWithoutLocation"
    resourceWithoutLocationThe selector kind to filter policies by the resource without location.
    "policyDefinitionReferenceId"
    policyDefinitionReferenceIdThe selector kind to filter policies by the policy definition reference ID.

    SelectorResponse, SelectorResponseArgs

    In List<string>
    The list of values to filter in.
    Kind string
    The selector kind.
    NotIn List<string>
    The list of values to filter out.
    In []string
    The list of values to filter in.
    Kind string
    The selector kind.
    NotIn []string
    The list of values to filter out.
    in List<String>
    The list of values to filter in.
    kind String
    The selector kind.
    notIn List<String>
    The list of values to filter out.
    in string[]
    The list of values to filter in.
    kind string
    The selector kind.
    notIn string[]
    The list of values to filter out.
    in_ Sequence[str]
    The list of values to filter in.
    kind str
    The selector kind.
    not_in Sequence[str]
    The list of values to filter out.
    in List<String>
    The list of values to filter in.
    kind String
    The selector kind.
    notIn List<String>
    The list of values to filter out.

    SystemDataResponse, SystemDataResponseArgs

    CreatedAt string
    The timestamp of resource creation (UTC).
    CreatedBy string
    The identity that created the resource.
    CreatedByType string
    The type of identity that created the resource.
    LastModifiedAt string
    The timestamp of resource last modification (UTC)
    LastModifiedBy string
    The identity that last modified the resource.
    LastModifiedByType string
    The type of identity that last modified the resource.
    CreatedAt string
    The timestamp of resource creation (UTC).
    CreatedBy string
    The identity that created the resource.
    CreatedByType string
    The type of identity that created the resource.
    LastModifiedAt string
    The timestamp of resource last modification (UTC)
    LastModifiedBy string
    The identity that last modified the resource.
    LastModifiedByType string
    The type of identity that last modified the resource.
    createdAt String
    The timestamp of resource creation (UTC).
    createdBy String
    The identity that created the resource.
    createdByType String
    The type of identity that created the resource.
    lastModifiedAt String
    The timestamp of resource last modification (UTC)
    lastModifiedBy String
    The identity that last modified the resource.
    lastModifiedByType String
    The type of identity that last modified the resource.
    createdAt string
    The timestamp of resource creation (UTC).
    createdBy string
    The identity that created the resource.
    createdByType string
    The type of identity that created the resource.
    lastModifiedAt string
    The timestamp of resource last modification (UTC)
    lastModifiedBy string
    The identity that last modified the resource.
    lastModifiedByType string
    The type of identity that last modified the resource.
    created_at str
    The timestamp of resource creation (UTC).
    created_by str
    The identity that created the resource.
    created_by_type str
    The type of identity that created the resource.
    last_modified_at str
    The timestamp of resource last modification (UTC)
    last_modified_by str
    The identity that last modified the resource.
    last_modified_by_type str
    The type of identity that last modified the resource.
    createdAt String
    The timestamp of resource creation (UTC).
    createdBy String
    The identity that created the resource.
    createdByType String
    The type of identity that created the resource.
    lastModifiedAt String
    The timestamp of resource last modification (UTC)
    lastModifiedBy String
    The identity that last modified the resource.
    lastModifiedByType String
    The type of identity that last modified the resource.

    Import

    An existing resource can be imported using its type token, name, and identifier, e.g.

    $ pulumi import azure-native:authorization:PolicyAssignment EnforceNaming /{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName} 
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Azure Native pulumi/pulumi-azure-native
    License
    Apache-2.0
    azure-native logo
    This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
    Azure Native v2.73.0 published on Wednesday, Nov 20, 2024 by Pulumi