@pulumi/azure-native

Version:

[![Slack](http://www.pulumi.com/images/docs/badges/slack.svg)](https://slack.pulumi.com) [![NPM version](https://badge.fury.io/js/%40pulumi%2Fazure-native.svg)](https://npmjs.com/package/@pulumi/azure-native) [![Python version](https://badge.fury.io/py/pu

pulumi.com

pulumi/pulumi-azure-native

197 lines (196 loc) • 8.54 kB

TypeScript

import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; import * as enums from "../types/enums"; /** * The policy assignment. * * Uses Azure REST API version 2025-01-01. In version 2.x of the Azure Native provider, it used API version 2022-06-01. * * Other available API versions: 2020-09-01, 2021-06-01, 2022-06-01, 2023-04-01, 2024-04-01, 2024-05-01, 2025-03-01. These can be accessed by generating a local SDK package using the CLI command `pulumi package add azure-native authorization [ApiVersion]`. See the [version guide](../../../version-guide/#accessing-any-api-version-via-local-packages) for details. */ export declare class PolicyAssignment extends pulumi.CustomResource { /** * Get an existing PolicyAssignment resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, opts?: pulumi.CustomResourceOptions): PolicyAssignment; /** * Returns true if the given object is an instance of PolicyAssignment. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is PolicyAssignment; /** * The type of policy assignment. Possible values are NotSpecified, System, SystemHidden, and Custom. Immutable. */ readonly assignmentType: pulumi.Output<string | undefined>; /** * The Azure API version of the resource. */ readonly azureApiVersion: pulumi.Output<string>; /** * The version of the policy definition to use. */ readonly definitionVersion: pulumi.Output<string | undefined>; /** * This message will be part of response in case of policy violation. */ readonly description: pulumi.Output<string | undefined>; /** * The display name of the policy assignment. */ readonly displayName: pulumi.Output<string | undefined>; /** * The effective version of the policy definition in use. This is only present if requested via the $expand query parameter. */ readonly effectiveDefinitionVersion: pulumi.Output<string>; /** * The policy assignment enforcement mode. Possible values are Default, DoNotEnforce, and Enroll */ readonly enforcementMode: pulumi.Output<string | undefined>; /** * The managed identity associated with the policy assignment. */ readonly identity: pulumi.Output<outputs.authorization.IdentityResponse | undefined>; /** * The instance ID of the policy assignment. This ID only and always changes when the assignment is deleted and recreated. */ readonly instanceId: pulumi.Output<string>; /** * The latest version of the policy definition available. This is only present if requested via the $expand query parameter. */ readonly latestDefinitionVersion: pulumi.Output<string>; /** * The location of the policy assignment. Only required when utilizing managed identity. */ readonly location: pulumi.Output<string | undefined>; /** * The policy assignment metadata. Metadata is an open ended object and is typically a collection of key value pairs. */ readonly metadata: pulumi.Output<any | undefined>; /** * The name of the policy assignment. */ readonly name: pulumi.Output<string>; /** * The messages that describe why a resource is non-compliant with the policy. */ readonly nonComplianceMessages: pulumi.Output<outputs.authorization.NonComplianceMessageResponse[] | undefined>; /** * The policy's excluded scopes. */ readonly notScopes: pulumi.Output<string[] | undefined>; /** * The policy property value override. */ readonly overrides: pulumi.Output<outputs.authorization.OverrideResponse[] | undefined>; /** * The parameter values for the assigned policy rule. The keys are the parameter names. */ readonly parameters: pulumi.Output<{ [key: string]: outputs.authorization.ParameterValuesValueResponse; } | undefined>; /** * The ID of the policy definition or policy set definition being assigned. */ readonly policyDefinitionId: pulumi.Output<string | undefined>; /** * The resource selector list to filter policies by resource properties. */ readonly resourceSelectors: pulumi.Output<outputs.authorization.ResourceSelectorResponse[] | undefined>; /** * The scope for the policy assignment. */ readonly scope: pulumi.Output<string>; /** * The system metadata relating to this resource. */ readonly systemData: pulumi.Output<outputs.authorization.SystemDataResponse>; /** * The type of the policy assignment. */ readonly type: pulumi.Output<string>; /** * Create a PolicyAssignment resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: PolicyAssignmentArgs, opts?: pulumi.CustomResourceOptions); } /** * The set of arguments for constructing a PolicyAssignment resource. */ export interface PolicyAssignmentArgs { /** * The type of policy assignment. Possible values are NotSpecified, System, SystemHidden, and Custom. Immutable. */ assignmentType?: pulumi.Input<string | enums.authorization.AssignmentType>; /** * The version of the policy definition to use. */ definitionVersion?: pulumi.Input<string>; /** * This message will be part of response in case of policy violation. */ description?: pulumi.Input<string>; /** * The display name of the policy assignment. */ displayName?: pulumi.Input<string>; /** * The policy assignment enforcement mode. Possible values are Default, DoNotEnforce, and Enroll */ enforcementMode?: pulumi.Input<string | enums.authorization.EnforcementMode>; /** * The managed identity associated with the policy assignment. */ identity?: pulumi.Input<inputs.authorization.IdentityArgs>; /** * The location of the policy assignment. Only required when utilizing managed identity. */ location?: pulumi.Input<string>; /** * The policy assignment metadata. Metadata is an open ended object and is typically a collection of key value pairs. */ metadata?: any; /** * The messages that describe why a resource is non-compliant with the policy. */ nonComplianceMessages?: pulumi.Input<pulumi.Input<inputs.authorization.NonComplianceMessageArgs>[]>; /** * The policy's excluded scopes. */ notScopes?: pulumi.Input<pulumi.Input<string>[]>; /** * The policy property value override. */ overrides?: pulumi.Input<pulumi.Input<inputs.authorization.OverrideArgs>[]>; /** * The parameter values for the assigned policy rule. The keys are the parameter names. */ parameters?: pulumi.Input<{ [key: string]: pulumi.Input<inputs.authorization.ParameterValuesValueArgs>; }>; /** * The name of the policy assignment. */ policyAssignmentName?: pulumi.Input<string>; /** * The ID of the policy definition or policy set definition being assigned. */ policyDefinitionId?: pulumi.Input<string>; /** * The resource selector list to filter policies by resource properties. */ resourceSelectors?: pulumi.Input<pulumi.Input<inputs.authorization.ResourceSelectorArgs>[]>; /** * The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' */ scope: pulumi.Input<string>; }