Docs Home
Packages
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.63.0 published on Tuesday, Sep 24, 2024 by Pulumi
azure-native.authorization.PolicyExemption
Explore with Pulumi AI
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.63.0 published on Tuesday, Sep 24, 2024 by Pulumi
The policy exemption. Azure REST API version: 2022-07-01-preview. Prior API version in Azure Native 1.x: 2020-07-01-preview.
Example Usage
Create or update a policy exemption
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var policyExemption = new AzureNative.Authorization.PolicyExemption("policyExemption", new()
{
Description = "Exempt demo cluster from limit sku",
DisplayName = "Exempt demo cluster",
ExemptionCategory = AzureNative.Authorization.ExemptionCategory.Waiver,
Metadata = new Dictionary<string, object?>
{
["reason"] = "Temporary exemption for a expensive VM demo",
},
PolicyAssignmentId = "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement",
PolicyDefinitionReferenceIds = new[]
{
"Limit_Skus",
},
PolicyExemptionName = "DemoExpensiveVM",
Scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster",
});
});
package main
import (
authorization "github.com/pulumi/pulumi-azure-native-sdk/authorization/v2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := authorization.NewPolicyExemption(ctx, "policyExemption", &authorization.PolicyExemptionArgs{
Description: pulumi.String("Exempt demo cluster from limit sku"),
DisplayName: pulumi.String("Exempt demo cluster"),
ExemptionCategory: pulumi.String(authorization.ExemptionCategoryWaiver),
Metadata: pulumi.Any(map[string]interface{}{
"reason": "Temporary exemption for a expensive VM demo",
}),
PolicyAssignmentId: pulumi.String("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement"),
PolicyDefinitionReferenceIds: pulumi.StringArray{
pulumi.String("Limit_Skus"),
},
PolicyExemptionName: pulumi.String("DemoExpensiveVM"),
Scope: pulumi.String("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.authorization.PolicyExemption;
import com.pulumi.azurenative.authorization.PolicyExemptionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var policyExemption = new PolicyExemption("policyExemption", PolicyExemptionArgs.builder()
.description("Exempt demo cluster from limit sku")
.displayName("Exempt demo cluster")
.exemptionCategory("Waiver")
.metadata(Map.of("reason", "Temporary exemption for a expensive VM demo"))
.policyAssignmentId("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement")
.policyDefinitionReferenceIds("Limit_Skus")
.policyExemptionName("DemoExpensiveVM")
.scope("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster")
.build());
}
}
import pulumi
import pulumi_azure_native as azure_native
policy_exemption = azure_native.authorization.PolicyExemption("policyExemption",
description="Exempt demo cluster from limit sku",
display_name="Exempt demo cluster",
exemption_category=azure_native.authorization.ExemptionCategory.WAIVER,
metadata={
"reason": "Temporary exemption for a expensive VM demo",
},
policy_assignment_id="/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement",
policy_definition_reference_ids=["Limit_Skus"],
policy_exemption_name="DemoExpensiveVM",
scope="subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster")
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const policyExemption = new azure_native.authorization.PolicyExemption("policyExemption", {
description: "Exempt demo cluster from limit sku",
displayName: "Exempt demo cluster",
exemptionCategory: azure_native.authorization.ExemptionCategory.Waiver,
metadata: {
reason: "Temporary exemption for a expensive VM demo",
},
policyAssignmentId: "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement",
policyDefinitionReferenceIds: ["Limit_Skus"],
policyExemptionName: "DemoExpensiveVM",
scope: "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster",
});
resources:
policyExemption:
type: azure-native:authorization:PolicyExemption
properties:
description: Exempt demo cluster from limit sku
displayName: Exempt demo cluster
exemptionCategory: Waiver
metadata:
reason: Temporary exemption for a expensive VM demo
policyAssignmentId: /subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement
policyDefinitionReferenceIds:
- Limit_Skus
policyExemptionName: DemoExpensiveVM
scope: subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster
Create or update a policy exemption with resource selectors
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var policyExemption = new AzureNative.Authorization.PolicyExemption("policyExemption", new()
{
AssignmentScopeValidation = AzureNative.Authorization.AssignmentScopeValidation.Default,
Description = "Exempt demo cluster from limit sku",
DisplayName = "Exempt demo cluster",
ExemptionCategory = AzureNative.Authorization.ExemptionCategory.Waiver,
Metadata = new Dictionary<string, object?>
{
["reason"] = "Temporary exemption for a expensive VM demo",
},
PolicyAssignmentId = "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement",
PolicyDefinitionReferenceIds = new[]
{
"Limit_Skus",
},
PolicyExemptionName = "DemoExpensiveVM",
ResourceSelectors = new[]
{
new AzureNative.Authorization.Inputs.ResourceSelectorArgs
{
Name = "SDPRegions",
Selectors = new[]
{
new AzureNative.Authorization.Inputs.SelectorArgs
{
In = new[]
{
"eastus2euap",
"centraluseuap",
},
Kind = AzureNative.Authorization.SelectorKind.ResourceLocation,
},
},
},
},
Scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster",
});
});
package main
import (
authorization "github.com/pulumi/pulumi-azure-native-sdk/authorization/v2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := authorization.NewPolicyExemption(ctx, "policyExemption", &authorization.PolicyExemptionArgs{
AssignmentScopeValidation: pulumi.String(authorization.AssignmentScopeValidationDefault),
Description: pulumi.String("Exempt demo cluster from limit sku"),
DisplayName: pulumi.String("Exempt demo cluster"),
ExemptionCategory: pulumi.String(authorization.ExemptionCategoryWaiver),
Metadata: pulumi.Any(map[string]interface{}{
"reason": "Temporary exemption for a expensive VM demo",
}),
PolicyAssignmentId: pulumi.String("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement"),
PolicyDefinitionReferenceIds: pulumi.StringArray{
pulumi.String("Limit_Skus"),
},
PolicyExemptionName: pulumi.String("DemoExpensiveVM"),
ResourceSelectors: authorization.ResourceSelectorArray{
&authorization.ResourceSelectorArgs{
Name: pulumi.String("SDPRegions"),
Selectors: authorization.SelectorArray{
&authorization.SelectorArgs{
In: pulumi.StringArray{
pulumi.String("eastus2euap"),
pulumi.String("centraluseuap"),
},
Kind: pulumi.String(authorization.SelectorKindResourceLocation),
},
},
},
},
Scope: pulumi.String("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.authorization.PolicyExemption;
import com.pulumi.azurenative.authorization.PolicyExemptionArgs;
import com.pulumi.azurenative.authorization.inputs.ResourceSelectorArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var policyExemption = new PolicyExemption("policyExemption", PolicyExemptionArgs.builder()
.assignmentScopeValidation("Default")
.description("Exempt demo cluster from limit sku")
.displayName("Exempt demo cluster")
.exemptionCategory("Waiver")
.metadata(Map.of("reason", "Temporary exemption for a expensive VM demo"))
.policyAssignmentId("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement")
.policyDefinitionReferenceIds("Limit_Skus")
.policyExemptionName("DemoExpensiveVM")
.resourceSelectors(ResourceSelectorArgs.builder()
.name("SDPRegions")
.selectors(SelectorArgs.builder()
.in(
"eastus2euap",
"centraluseuap")
.kind("resourceLocation")
.build())
.build())
.scope("subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster")
.build());
}
}
import pulumi
import pulumi_azure_native as azure_native
policy_exemption = azure_native.authorization.PolicyExemption("policyExemption",
assignment_scope_validation=azure_native.authorization.AssignmentScopeValidation.DEFAULT,
description="Exempt demo cluster from limit sku",
display_name="Exempt demo cluster",
exemption_category=azure_native.authorization.ExemptionCategory.WAIVER,
metadata={
"reason": "Temporary exemption for a expensive VM demo",
},
policy_assignment_id="/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement",
policy_definition_reference_ids=["Limit_Skus"],
policy_exemption_name="DemoExpensiveVM",
resource_selectors=[{
"name": "SDPRegions",
"selectors": [{
"in_": [
"eastus2euap",
"centraluseuap",
],
"kind": azure_native.authorization.SelectorKind.RESOURCE_LOCATION,
}],
}],
scope="subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster")
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const policyExemption = new azure_native.authorization.PolicyExemption("policyExemption", {
assignmentScopeValidation: azure_native.authorization.AssignmentScopeValidation.Default,
description: "Exempt demo cluster from limit sku",
displayName: "Exempt demo cluster",
exemptionCategory: azure_native.authorization.ExemptionCategory.Waiver,
metadata: {
reason: "Temporary exemption for a expensive VM demo",
},
policyAssignmentId: "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement",
policyDefinitionReferenceIds: ["Limit_Skus"],
policyExemptionName: "DemoExpensiveVM",
resourceSelectors: [{
name: "SDPRegions",
selectors: [{
"in": [
"eastus2euap",
"centraluseuap",
],
kind: azure_native.authorization.SelectorKind.ResourceLocation,
}],
}],
scope: "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster",
});
resources:
policyExemption:
type: azure-native:authorization:PolicyExemption
properties:
assignmentScopeValidation: Default
description: Exempt demo cluster from limit sku
displayName: Exempt demo cluster
exemptionCategory: Waiver
metadata:
reason: Temporary exemption for a expensive VM demo
policyAssignmentId: /subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement
policyDefinitionReferenceIds:
- Limit_Skus
policyExemptionName: DemoExpensiveVM
resourceSelectors:
- name: SDPRegions
selectors:
- in:
- eastus2euap
- centraluseuap
kind: resourceLocation
scope: subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster
Create PolicyExemption Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new PolicyExemption(name: string, args: PolicyExemptionArgs, opts?: CustomResourceOptions);@overload
def PolicyExemption(resource_name: str,
args: PolicyExemptionArgs,
opts: Optional[ResourceOptions] = None)
@overload
def PolicyExemption(resource_name: str,
opts: Optional[ResourceOptions] = None,
exemption_category: Optional[Union[str, ExemptionCategory]] = None,
policy_assignment_id: Optional[str] = None,
scope: Optional[str] = None,
assignment_scope_validation: Optional[Union[str, AssignmentScopeValidation]] = None,
description: Optional[str] = None,
display_name: Optional[str] = None,
expires_on: Optional[str] = None,
metadata: Optional[Any] = None,
policy_definition_reference_ids: Optional[Sequence[str]] = None,
policy_exemption_name: Optional[str] = None,
resource_selectors: Optional[Sequence[ResourceSelectorArgs]] = None)func NewPolicyExemption(ctx *Context, name string, args PolicyExemptionArgs, opts ...ResourceOption) (*PolicyExemption, error)public PolicyExemption(string name, PolicyExemptionArgs args, CustomResourceOptions? opts = null)
public PolicyExemption(String name, PolicyExemptionArgs args)
public PolicyExemption(String name, PolicyExemptionArgs args, CustomResourceOptions options)
type: azure-native:authorization:PolicyExemption
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args PolicyExemptionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args PolicyExemptionArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args PolicyExemptionArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args PolicyExemptionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args PolicyExemptionArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var policyExemptionResource = new AzureNative.Authorization.PolicyExemption("policyExemptionResource", new()
{
ExemptionCategory = "string",
PolicyAssignmentId = "string",
Scope = "string",
AssignmentScopeValidation = "string",
Description = "string",
DisplayName = "string",
ExpiresOn = "string",
Metadata = "any",
PolicyDefinitionReferenceIds = new[]
{
"string",
},
PolicyExemptionName = "string",
ResourceSelectors = new[]
{
new AzureNative.Authorization.Inputs.ResourceSelectorArgs
{
Name = "string",
Selectors = new[]
{
new AzureNative.Authorization.Inputs.SelectorArgs
{
In = new[]
{
"string",
},
Kind = "string",
NotIn = new[]
{
"string",
},
},
},
},
},
});
example, err := authorization.NewPolicyExemption(ctx, "policyExemptionResource", &authorization.PolicyExemptionArgs{
ExemptionCategory: pulumi.String("string"),
PolicyAssignmentId: pulumi.String("string"),
Scope: pulumi.String("string"),
AssignmentScopeValidation: pulumi.String("string"),
Description: pulumi.String("string"),
DisplayName: pulumi.String("string"),
ExpiresOn: pulumi.String("string"),
Metadata: pulumi.Any("any"),
PolicyDefinitionReferenceIds: pulumi.StringArray{
pulumi.String("string"),
},
PolicyExemptionName: pulumi.String("string"),
ResourceSelectors: authorization.ResourceSelectorArray{
&authorization.ResourceSelectorArgs{
Name: pulumi.String("string"),
Selectors: authorization.SelectorArray{
&authorization.SelectorArgs{
In: pulumi.StringArray{
pulumi.String("string"),
},
Kind: pulumi.String("string"),
NotIn: pulumi.StringArray{
pulumi.String("string"),
},
},
},
},
},
})
var policyExemptionResource = new PolicyExemption("policyExemptionResource", PolicyExemptionArgs.builder()
.exemptionCategory("string")
.policyAssignmentId("string")
.scope("string")
.assignmentScopeValidation("string")
.description("string")
.displayName("string")
.expiresOn("string")
.metadata("any")
.policyDefinitionReferenceIds("string")
.policyExemptionName("string")
.resourceSelectors(ResourceSelectorArgs.builder()
.name("string")
.selectors(SelectorArgs.builder()
.in("string")
.kind("string")
.notIn("string")
.build())
.build())
.build());
policy_exemption_resource = azure_native.authorization.PolicyExemption("policyExemptionResource",
exemption_category="string",
policy_assignment_id="string",
scope="string",
assignment_scope_validation="string",
description="string",
display_name="string",
expires_on="string",
metadata="any",
policy_definition_reference_ids=["string"],
policy_exemption_name="string",
resource_selectors=[{
"name": "string",
"selectors": [{
"in": ["string"],
"kind": "string",
"notIn": ["string"],
}],
}])
const policyExemptionResource = new azure_native.authorization.PolicyExemption("policyExemptionResource", {
exemptionCategory: "string",
policyAssignmentId: "string",
scope: "string",
assignmentScopeValidation: "string",
description: "string",
displayName: "string",
expiresOn: "string",
metadata: "any",
policyDefinitionReferenceIds: ["string"],
policyExemptionName: "string",
resourceSelectors: [{
name: "string",
selectors: [{
"in": ["string"],
kind: "string",
notIn: ["string"],
}],
}],
});
type: azure-native:authorization:PolicyExemption
properties:
assignmentScopeValidation: string
description: string
displayName: string
exemptionCategory: string
expiresOn: string
metadata: any
policyAssignmentId: string
policyDefinitionReferenceIds:
- string
policyExemptionName: string
resourceSelectors:
- name: string
selectors:
- in:
- string
kind: string
notIn:
- string
scope: string
PolicyExemption Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The PolicyExemption resource accepts the following input properties:
- Exemption
Category string | Pulumi.Azure Native. Authorization. Exemption Category - The policy exemption category. Possible values are Waiver and Mitigated.
- Policy
Assignment stringId - The ID of the policy assignment that is being exempted.
- Scope string
- The scope of the policy exemption. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
- Assignment
Scope string | Pulumi.Validation Azure Native. Authorization. Assignment Scope Validation - The option whether validate the exemption is at or under the assignment scope.
- Description string
- The description of the policy exemption.
- Display
Name string - The display name of the policy exemption.
- Expires
On string - The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption.
- Metadata object
- The policy exemption metadata. Metadata is an open ended object and is typically a collection of key value pairs.
- Policy
Definition List<string>Reference Ids - The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition.
- Policy
Exemption stringName - The name of the policy exemption to delete.
- Resource
Selectors List<Pulumi.Azure Native. Authorization. Inputs. Resource Selector> - The resource selector list to filter policies by resource properties.
- Exemption
Category string | ExemptionCategory - The policy exemption category. Possible values are Waiver and Mitigated.
- Policy
Assignment stringId - The ID of the policy assignment that is being exempted.
- Scope string
- The scope of the policy exemption. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
- Assignment
Scope string | AssignmentValidation Scope Validation - The option whether validate the exemption is at or under the assignment scope.
- Description string
- The description of the policy exemption.
- Display
Name string - The display name of the policy exemption.
- Expires
On string - The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption.
- Metadata interface{}
- The policy exemption metadata. Metadata is an open ended object and is typically a collection of key value pairs.
- Policy
Definition []stringReference Ids - The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition.
- Policy
Exemption stringName - The name of the policy exemption to delete.
- Resource
Selectors []ResourceSelector Args - The resource selector list to filter policies by resource properties.
- exemption
Category String | ExemptionCategory - The policy exemption category. Possible values are Waiver and Mitigated.
- policy
Assignment StringId - The ID of the policy assignment that is being exempted.
- scope String
- The scope of the policy exemption. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
- assignment
Scope String | AssignmentValidation Scope Validation - The option whether validate the exemption is at or under the assignment scope.
- description String
- The description of the policy exemption.
- display
Name String - The display name of the policy exemption.
- expires
On String - The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption.
- metadata Object
- The policy exemption metadata. Metadata is an open ended object and is typically a collection of key value pairs.
- policy
Definition List<String>Reference Ids - The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition.
- policy
Exemption StringName - The name of the policy exemption to delete.
- resource
Selectors List<ResourceSelector> - The resource selector list to filter policies by resource properties.
- exemption
Category string | ExemptionCategory - The policy exemption category. Possible values are Waiver and Mitigated.
- policy
Assignment stringId - The ID of the policy assignment that is being exempted.
- scope string
- The scope of the policy exemption. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
- assignment
Scope string | AssignmentValidation Scope Validation - The option whether validate the exemption is at or under the assignment scope.
- description string
- The description of the policy exemption.
- display
Name string - The display name of the policy exemption.
- expires
On string - The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption.
- metadata any
- The policy exemption metadata. Metadata is an open ended object and is typically a collection of key value pairs.
- policy
Definition string[]Reference Ids - The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition.
- policy
Exemption stringName - The name of the policy exemption to delete.
- resource
Selectors ResourceSelector[] - The resource selector list to filter policies by resource properties.
- exemption_
category str | ExemptionCategory - The policy exemption category. Possible values are Waiver and Mitigated.
- policy_
assignment_ strid - The ID of the policy assignment that is being exempted.
- scope str
- The scope of the policy exemption. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
- assignment_
scope_ str | Assignmentvalidation Scope Validation - The option whether validate the exemption is at or under the assignment scope.
- description str
- The description of the policy exemption.
- display_
name str - The display name of the policy exemption.
- expires_
on str - The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption.
- metadata Any
- The policy exemption metadata. Metadata is an open ended object and is typically a collection of key value pairs.
- policy_
definition_ Sequence[str]reference_ ids - The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition.
- policy_
exemption_ strname - The name of the policy exemption to delete.
- resource_
selectors Sequence[ResourceSelector Args] - The resource selector list to filter policies by resource properties.
- exemption
Category String | "Waiver" | "Mitigated" - The policy exemption category. Possible values are Waiver and Mitigated.
- policy
Assignment StringId - The ID of the policy assignment that is being exempted.
- scope String
- The scope of the policy exemption. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
- assignment
Scope String | "Default" | "DoValidation Not Validate" - The option whether validate the exemption is at or under the assignment scope.
- description String
- The description of the policy exemption.
- display
Name String - The display name of the policy exemption.
- expires
On String - The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption.
- metadata Any
- The policy exemption metadata. Metadata is an open ended object and is typically a collection of key value pairs.
- policy
Definition List<String>Reference Ids - The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition.
- policy
Exemption StringName - The name of the policy exemption to delete.
- resource
Selectors List<Property Map> - The resource selector list to filter policies by resource properties.
Outputs
All input properties are implicitly available as output properties. Additionally, the PolicyExemption resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- The name of the policy exemption.
- System
Data Pulumi.Azure Native. Authorization. Outputs. System Data Response - Azure Resource Manager metadata containing createdBy and modifiedBy information.
- Type string
- The type of the resource (Microsoft.Authorization/policyExemptions).
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- The name of the policy exemption.
- System
Data SystemData Response - Azure Resource Manager metadata containing createdBy and modifiedBy information.
- Type string
- The type of the resource (Microsoft.Authorization/policyExemptions).
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- The name of the policy exemption.
- system
Data SystemData Response - Azure Resource Manager metadata containing createdBy and modifiedBy information.
- type String
- The type of the resource (Microsoft.Authorization/policyExemptions).
- id string
- The provider-assigned unique ID for this managed resource.
- name string
- The name of the policy exemption.
- system
Data SystemData Response - Azure Resource Manager metadata containing createdBy and modifiedBy information.
- type string
- The type of the resource (Microsoft.Authorization/policyExemptions).
- id str
- The provider-assigned unique ID for this managed resource.
- name str
- The name of the policy exemption.
- system_
data SystemData Response - Azure Resource Manager metadata containing createdBy and modifiedBy information.
- type str
- The type of the resource (Microsoft.Authorization/policyExemptions).
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- The name of the policy exemption.
- system
Data Property Map - Azure Resource Manager metadata containing createdBy and modifiedBy information.
- type String
- The type of the resource (Microsoft.Authorization/policyExemptions).
Supporting Types
AssignmentScopeValidation, AssignmentScopeValidationArgs
- Default
- DefaultThis option will validate the exemption is at or under the assignment scope.
- Do
Not Validate - DoNotValidateThis option will bypass the validation the exemption scope is at or under the policy assignment scope.
- Assignment
Scope Validation Default - DefaultThis option will validate the exemption is at or under the assignment scope.
- Assignment
Scope Validation Do Not Validate - DoNotValidateThis option will bypass the validation the exemption scope is at or under the policy assignment scope.
- Default
- DefaultThis option will validate the exemption is at or under the assignment scope.
- Do
Not Validate - DoNotValidateThis option will bypass the validation the exemption scope is at or under the policy assignment scope.
- Default
- DefaultThis option will validate the exemption is at or under the assignment scope.
- Do
Not Validate - DoNotValidateThis option will bypass the validation the exemption scope is at or under the policy assignment scope.
- DEFAULT
- DefaultThis option will validate the exemption is at or under the assignment scope.
- DO_NOT_VALIDATE
- DoNotValidateThis option will bypass the validation the exemption scope is at or under the policy assignment scope.
- "Default"
- DefaultThis option will validate the exemption is at or under the assignment scope.
- "Do
Not Validate" - DoNotValidateThis option will bypass the validation the exemption scope is at or under the policy assignment scope.
ExemptionCategory, ExemptionCategoryArgs
- Waiver
- WaiverThis category of exemptions usually means the scope is not applicable for the policy.
- Mitigated
- MitigatedThis category of exemptions usually means the mitigation actions have been applied to the scope.
- Exemption
Category Waiver - WaiverThis category of exemptions usually means the scope is not applicable for the policy.
- Exemption
Category Mitigated - MitigatedThis category of exemptions usually means the mitigation actions have been applied to the scope.
- Waiver
- WaiverThis category of exemptions usually means the scope is not applicable for the policy.
- Mitigated
- MitigatedThis category of exemptions usually means the mitigation actions have been applied to the scope.
- Waiver
- WaiverThis category of exemptions usually means the scope is not applicable for the policy.
- Mitigated
- MitigatedThis category of exemptions usually means the mitigation actions have been applied to the scope.
- WAIVER
- WaiverThis category of exemptions usually means the scope is not applicable for the policy.
- MITIGATED
- MitigatedThis category of exemptions usually means the mitigation actions have been applied to the scope.
- "Waiver"
- WaiverThis category of exemptions usually means the scope is not applicable for the policy.
- "Mitigated"
- MitigatedThis category of exemptions usually means the mitigation actions have been applied to the scope.
ResourceSelector, ResourceSelectorArgs
- Name string
- The name of the resource selector.
- Selectors
List<Pulumi.
Azure Native. Authorization. Inputs. Selector> - The list of the selector expressions.
- Name string
- The name of the resource selector.
- Selectors []Selector
- The list of the selector expressions.
- name String
- The name of the resource selector.
- selectors List<Selector>
- The list of the selector expressions.
- name string
- The name of the resource selector.
- selectors Selector[]
- The list of the selector expressions.
- name str
- The name of the resource selector.
- selectors Sequence[Selector]
- The list of the selector expressions.
- name String
- The name of the resource selector.
- selectors List<Property Map>
- The list of the selector expressions.
ResourceSelectorResponse, ResourceSelectorResponseArgs
- Name string
- The name of the resource selector.
- Selectors
List<Pulumi.
Azure Native. Authorization. Inputs. Selector Response> - The list of the selector expressions.
- Name string
- The name of the resource selector.
- Selectors
[]Selector
Response - The list of the selector expressions.
- name String
- The name of the resource selector.
- selectors
List<Selector
Response> - The list of the selector expressions.
- name string
- The name of the resource selector.
- selectors
Selector
Response[] - The list of the selector expressions.
- name str
- The name of the resource selector.
- selectors
Sequence[Selector
Response] - The list of the selector expressions.
- name String
- The name of the resource selector.
- selectors List<Property Map>
- The list of the selector expressions.
Selector, SelectorArgs
- In List<string>
- The list of values to filter in.
- Kind
string | Pulumi.
Azure Native. Authorization. Selector Kind - The selector kind.
- Not
In List<string> - The list of values to filter out.
- In []string
- The list of values to filter in.
- Kind
string | Selector
Kind - The selector kind.
- Not
In []string - The list of values to filter out.
- in List<String>
- The list of values to filter in.
- kind
String | Selector
Kind - The selector kind.
- not
In List<String> - The list of values to filter out.
- in string[]
- The list of values to filter in.
- kind
string | Selector
Kind - The selector kind.
- not
In string[] - The list of values to filter out.
- in_ Sequence[str]
- The list of values to filter in.
- kind
str | Selector
Kind - The selector kind.
- not_
in Sequence[str] - The list of values to filter out.
- in List<String>
- The list of values to filter in.
- kind
String | "resource
Location" | "resource Type" | "resource Without Location" | "policy Definition Reference Id" - The selector kind.
- not
In List<String> - The list of values to filter out.
SelectorKind, SelectorKindArgs
- Resource
Location - resourceLocationThe selector kind to filter policies by the resource location.
- Resource
Type - resourceTypeThe selector kind to filter policies by the resource type.
- Resource
Without Location - resourceWithoutLocationThe selector kind to filter policies by the resource without location.
- Policy
Definition Reference Id - policyDefinitionReferenceIdThe selector kind to filter policies by the policy definition reference ID.
- Selector
Kind Resource Location - resourceLocationThe selector kind to filter policies by the resource location.
- Selector
Kind Resource Type - resourceTypeThe selector kind to filter policies by the resource type.
- Selector
Kind Resource Without Location - resourceWithoutLocationThe selector kind to filter policies by the resource without location.
- Selector
Kind Policy Definition Reference Id - policyDefinitionReferenceIdThe selector kind to filter policies by the policy definition reference ID.
- Resource
Location - resourceLocationThe selector kind to filter policies by the resource location.
- Resource
Type - resourceTypeThe selector kind to filter policies by the resource type.
- Resource
Without Location - resourceWithoutLocationThe selector kind to filter policies by the resource without location.
- Policy
Definition Reference Id - policyDefinitionReferenceIdThe selector kind to filter policies by the policy definition reference ID.
- Resource
Location - resourceLocationThe selector kind to filter policies by the resource location.
- Resource
Type - resourceTypeThe selector kind to filter policies by the resource type.
- Resource
Without Location - resourceWithoutLocationThe selector kind to filter policies by the resource without location.
- Policy
Definition Reference Id - policyDefinitionReferenceIdThe selector kind to filter policies by the policy definition reference ID.
- RESOURCE_LOCATION
- resourceLocationThe selector kind to filter policies by the resource location.
- RESOURCE_TYPE
- resourceTypeThe selector kind to filter policies by the resource type.
- RESOURCE_WITHOUT_LOCATION
- resourceWithoutLocationThe selector kind to filter policies by the resource without location.
- POLICY_DEFINITION_REFERENCE_ID
- policyDefinitionReferenceIdThe selector kind to filter policies by the policy definition reference ID.
- "resource
Location" - resourceLocationThe selector kind to filter policies by the resource location.
- "resource
Type" - resourceTypeThe selector kind to filter policies by the resource type.
- "resource
Without Location" - resourceWithoutLocationThe selector kind to filter policies by the resource without location.
- "policy
Definition Reference Id" - policyDefinitionReferenceIdThe selector kind to filter policies by the policy definition reference ID.
SelectorResponse, SelectorResponseArgs
SystemDataResponse, SystemDataResponseArgs
- Created
At string - The timestamp of resource creation (UTC).
- Created
By string - The identity that created the resource.
- Created
By stringType - The type of identity that created the resource.
- Last
Modified stringAt - The timestamp of resource last modification (UTC)
- Last
Modified stringBy - The identity that last modified the resource.
- Last
Modified stringBy Type - The type of identity that last modified the resource.
- Created
At string - The timestamp of resource creation (UTC).
- Created
By string - The identity that created the resource.
- Created
By stringType - The type of identity that created the resource.
- Last
Modified stringAt - The timestamp of resource last modification (UTC)
- Last
Modified stringBy - The identity that last modified the resource.
- Last
Modified stringBy Type - The type of identity that last modified the resource.
- created
At String - The timestamp of resource creation (UTC).
- created
By String - The identity that created the resource.
- created
By StringType - The type of identity that created the resource.
- last
Modified StringAt - The timestamp of resource last modification (UTC)
- last
Modified StringBy - The identity that last modified the resource.
- last
Modified StringBy Type - The type of identity that last modified the resource.
- created
At string - The timestamp of resource creation (UTC).
- created
By string - The identity that created the resource.
- created
By stringType - The type of identity that created the resource.
- last
Modified stringAt - The timestamp of resource last modification (UTC)
- last
Modified stringBy - The identity that last modified the resource.
- last
Modified stringBy Type - The type of identity that last modified the resource.
- created_
at str - The timestamp of resource creation (UTC).
- created_
by str - The identity that created the resource.
- created_
by_ strtype - The type of identity that created the resource.
- last_
modified_ strat - The timestamp of resource last modification (UTC)
- last_
modified_ strby - The identity that last modified the resource.
- last_
modified_ strby_ type - The type of identity that last modified the resource.
- created
At String - The timestamp of resource creation (UTC).
- created
By String - The identity that created the resource.
- created
By StringType - The type of identity that created the resource.
- last
Modified StringAt - The timestamp of resource last modification (UTC)
- last
Modified StringBy - The identity that last modified the resource.
- last
Modified StringBy Type - The type of identity that last modified the resource.
Import
An existing resource can be imported using its type token, name, and identifier, e.g.
$ pulumi import azure-native:authorization:PolicyExemption DemoExpensiveVM /{scope}/providers/Microsoft.Authorization/policyExemptions/{policyExemptionName}
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure Native pulumi/pulumi-azure-native
- License
- Apache-2.0
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.63.0 published on Tuesday, Sep 24, 2024 by Pulumi