Docs Home
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.89.1 published on Sunday, Mar 2, 2025 by Pulumi
azure-native.authorization.PolicyDefinition
Explore with Pulumi AI
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.89.1 published on Sunday, Mar 2, 2025 by Pulumi
The policy definition. Azure REST API version: 2021-06-01. Prior API version in Azure Native 1.x: 2020-09-01.
Other available API versions: 2018-05-01, 2019-06-01, 2023-04-01, 2024-05-01, 2025-01-01.
Example Usage
Create or update a policy definition
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var policyDefinition = new AzureNative.Authorization.PolicyDefinition("policyDefinition", new()
{
Description = "Force resource names to begin with given 'prefix' and/or end with given 'suffix'",
DisplayName = "Enforce resource naming convention",
Metadata = new Dictionary<string, object?>
{
["category"] = "Naming",
},
Mode = "All",
Parameters =
{
{ "prefix", new AzureNative.Authorization.Inputs.ParameterDefinitionsValueArgs
{
Metadata = new AzureNative.Authorization.Inputs.ParameterDefinitionsValueMetadataArgs
{
Description = "Resource name prefix",
DisplayName = "Prefix",
},
Type = AzureNative.Authorization.ParameterType.String,
} },
{ "suffix", new AzureNative.Authorization.Inputs.ParameterDefinitionsValueArgs
{
Metadata = new AzureNative.Authorization.Inputs.ParameterDefinitionsValueMetadataArgs
{
Description = "Resource name suffix",
DisplayName = "Suffix",
},
Type = AzureNative.Authorization.ParameterType.String,
} },
},
PolicyDefinitionName = "ResourceNaming",
PolicyRule = new Dictionary<string, object?>
{
["if"] = new Dictionary<string, object?>
{
["not"] = new Dictionary<string, object?>
{
["field"] = "name",
["like"] = "[concat(parameters('prefix'), '*', parameters('suffix'))]",
},
},
["then"] = new Dictionary<string, object?>
{
["effect"] = "deny",
},
},
});
});
package main
import (
authorization "github.com/pulumi/pulumi-azure-native-sdk/authorization/v2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := authorization.NewPolicyDefinition(ctx, "policyDefinition", &authorization.PolicyDefinitionArgs{
Description: pulumi.String("Force resource names to begin with given 'prefix' and/or end with given 'suffix'"),
DisplayName: pulumi.String("Enforce resource naming convention"),
Metadata: pulumi.Any(map[string]interface{}{
"category": "Naming",
}),
Mode: pulumi.String("All"),
Parameters: authorization.ParameterDefinitionsValueMap{
"prefix": &authorization.ParameterDefinitionsValueArgs{
Metadata: &authorization.ParameterDefinitionsValueMetadataArgs{
Description: pulumi.String("Resource name prefix"),
DisplayName: pulumi.String("Prefix"),
},
Type: pulumi.String(authorization.ParameterTypeString),
},
"suffix": &authorization.ParameterDefinitionsValueArgs{
Metadata: &authorization.ParameterDefinitionsValueMetadataArgs{
Description: pulumi.String("Resource name suffix"),
DisplayName: pulumi.String("Suffix"),
},
Type: pulumi.String(authorization.ParameterTypeString),
},
},
PolicyDefinitionName: pulumi.String("ResourceNaming"),
PolicyRule: pulumi.Any(map[string]interface{}{
"if": map[string]interface{}{
"not": map[string]interface{}{
"field": "name",
"like": "[concat(parameters('prefix'), '*', parameters('suffix'))]",
},
},
"then": map[string]interface{}{
"effect": "deny",
},
}),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.authorization.PolicyDefinition;
import com.pulumi.azurenative.authorization.PolicyDefinitionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var policyDefinition = new PolicyDefinition("policyDefinition", PolicyDefinitionArgs.builder()
.description("Force resource names to begin with given 'prefix' and/or end with given 'suffix'")
.displayName("Enforce resource naming convention")
.metadata(Map.of("category", "Naming"))
.mode("All")
.parameters(Map.ofEntries(
Map.entry("prefix", Map.ofEntries(
Map.entry("metadata", Map.ofEntries(
Map.entry("description", "Resource name prefix"),
Map.entry("displayName", "Prefix")
)),
Map.entry("type", "String")
)),
Map.entry("suffix", Map.ofEntries(
Map.entry("metadata", Map.ofEntries(
Map.entry("description", "Resource name suffix"),
Map.entry("displayName", "Suffix")
)),
Map.entry("type", "String")
))
))
.policyDefinitionName("ResourceNaming")
.policyRule(Map.ofEntries(
Map.entry("if", Map.of("not", Map.ofEntries(
Map.entry("field", "name"),
Map.entry("like", "[concat(parameters('prefix'), '*', parameters('suffix'))]")
))),
Map.entry("then", Map.of("effect", "deny"))
))
.build());
}
}
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const policyDefinition = new azure_native.authorization.PolicyDefinition("policyDefinition", {
description: "Force resource names to begin with given 'prefix' and/or end with given 'suffix'",
displayName: "Enforce resource naming convention",
metadata: {
category: "Naming",
},
mode: "All",
parameters: {
prefix: {
metadata: {
description: "Resource name prefix",
displayName: "Prefix",
},
type: azure_native.authorization.ParameterType.String,
},
suffix: {
metadata: {
description: "Resource name suffix",
displayName: "Suffix",
},
type: azure_native.authorization.ParameterType.String,
},
},
policyDefinitionName: "ResourceNaming",
policyRule: {
"if": {
not: {
field: "name",
like: "[concat(parameters('prefix'), '*', parameters('suffix'))]",
},
},
then: {
effect: "deny",
},
},
});
import pulumi
import pulumi_azure_native as azure_native
policy_definition = azure_native.authorization.PolicyDefinition("policyDefinition",
description="Force resource names to begin with given 'prefix' and/or end with given 'suffix'",
display_name="Enforce resource naming convention",
metadata={
"category": "Naming",
},
mode="All",
parameters={
"prefix": {
"metadata": {
"description": "Resource name prefix",
"display_name": "Prefix",
},
"type": azure_native.authorization.ParameterType.STRING,
},
"suffix": {
"metadata": {
"description": "Resource name suffix",
"display_name": "Suffix",
},
"type": azure_native.authorization.ParameterType.STRING,
},
},
policy_definition_name="ResourceNaming",
policy_rule={
"if": {
"not": {
"field": "name",
"like": "[concat(parameters('prefix'), '*', parameters('suffix'))]",
},
},
"then": {
"effect": "deny",
},
})
resources:
policyDefinition:
type: azure-native:authorization:PolicyDefinition
properties:
description: Force resource names to begin with given 'prefix' and/or end with given 'suffix'
displayName: Enforce resource naming convention
metadata:
category: Naming
mode: All
parameters:
prefix:
metadata:
description: Resource name prefix
displayName: Prefix
type: String
suffix:
metadata:
description: Resource name suffix
displayName: Suffix
type: String
policyDefinitionName: ResourceNaming
policyRule:
if:
not:
field: name
like: '[concat(parameters(''prefix''), ''*'', parameters(''suffix''))]'
then:
effect: deny
Create or update a policy definition with advanced parameters
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var policyDefinition = new AzureNative.Authorization.PolicyDefinition("policyDefinition", new()
{
Description = "Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised",
DisplayName = "Event Hubs should have diagnostic logging enabled",
Metadata = new Dictionary<string, object?>
{
["category"] = "Event Hub",
},
Mode = "Indexed",
Parameters =
{
{ "requiredRetentionDays", new AzureNative.Authorization.Inputs.ParameterDefinitionsValueArgs
{
AllowedValues = new[]
{
0,
30,
90,
180,
365,
},
DefaultValue = 365,
Metadata = new AzureNative.Authorization.Inputs.ParameterDefinitionsValueMetadataArgs
{
Description = "The required diagnostic logs retention in days",
DisplayName = "Required retention (days)",
},
Type = AzureNative.Authorization.ParameterType.Integer,
} },
},
PolicyDefinitionName = "EventHubDiagnosticLogs",
PolicyRule = new Dictionary<string, object?>
{
["if"] = new Dictionary<string, object?>
{
["equals"] = "Microsoft.EventHub/namespaces",
["field"] = "type",
},
["then"] = new Dictionary<string, object?>
{
["details"] = new Dictionary<string, object?>
{
["existenceCondition"] = new Dictionary<string, object?>
{
["allOf"] = new[]
{
new Dictionary<string, object?>
{
["equals"] = "true",
["field"] = "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled",
},
new Dictionary<string, object?>
{
["equals"] = "[parameters('requiredRetentionDays')]",
["field"] = "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days",
},
},
},
["type"] = "Microsoft.Insights/diagnosticSettings",
},
["effect"] = "AuditIfNotExists",
},
},
});
});
package main
import (
authorization "github.com/pulumi/pulumi-azure-native-sdk/authorization/v2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := authorization.NewPolicyDefinition(ctx, "policyDefinition", &authorization.PolicyDefinitionArgs{
Description: pulumi.String("Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised"),
DisplayName: pulumi.String("Event Hubs should have diagnostic logging enabled"),
Metadata: pulumi.Any(map[string]interface{}{
"category": "Event Hub",
}),
Mode: pulumi.String("Indexed"),
Parameters: authorization.ParameterDefinitionsValueMap{
"requiredRetentionDays": &authorization.ParameterDefinitionsValueArgs{
AllowedValues: pulumi.Array{
pulumi.Any(0),
pulumi.Any(30),
pulumi.Any(90),
pulumi.Any(180),
pulumi.Any(365),
},
DefaultValue: pulumi.Any(365),
Metadata: &authorization.ParameterDefinitionsValueMetadataArgs{
Description: pulumi.String("The required diagnostic logs retention in days"),
DisplayName: pulumi.String("Required retention (days)"),
},
Type: pulumi.String(authorization.ParameterTypeInteger),
},
},
PolicyDefinitionName: pulumi.String("EventHubDiagnosticLogs"),
PolicyRule: pulumi.Any(map[string]interface{}{
"if": map[string]interface{}{
"equals": "Microsoft.EventHub/namespaces",
"field": "type",
},
"then": map[string]interface{}{
"details": map[string]interface{}{
"existenceCondition": map[string]interface{}{
"allOf": []map[string]interface{}{
map[string]interface{}{
"equals": "true",
"field": "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled",
},
map[string]interface{}{
"equals": "[parameters('requiredRetentionDays')]",
"field": "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days",
},
},
},
"type": "Microsoft.Insights/diagnosticSettings",
},
"effect": "AuditIfNotExists",
},
}),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.authorization.PolicyDefinition;
import com.pulumi.azurenative.authorization.PolicyDefinitionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var policyDefinition = new PolicyDefinition("policyDefinition", PolicyDefinitionArgs.builder()
.description("Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised")
.displayName("Event Hubs should have diagnostic logging enabled")
.metadata(Map.of("category", "Event Hub"))
.mode("Indexed")
.parameters(Map.of("requiredRetentionDays", Map.ofEntries(
Map.entry("allowedValues",
0,
30,
90,
180,
365),
Map.entry("defaultValue", 365),
Map.entry("metadata", Map.ofEntries(
Map.entry("description", "The required diagnostic logs retention in days"),
Map.entry("displayName", "Required retention (days)")
)),
Map.entry("type", "Integer")
)))
.policyDefinitionName("EventHubDiagnosticLogs")
.policyRule(Map.ofEntries(
Map.entry("if", Map.ofEntries(
Map.entry("equals", "Microsoft.EventHub/namespaces"),
Map.entry("field", "type")
)),
Map.entry("then", Map.ofEntries(
Map.entry("details", Map.ofEntries(
Map.entry("existenceCondition", Map.of("allOf",
Map.ofEntries(
Map.entry("equals", "true"),
Map.entry("field", "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled")
),
Map.ofEntries(
Map.entry("equals", "[parameters('requiredRetentionDays')]"),
Map.entry("field", "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days")
))),
Map.entry("type", "Microsoft.Insights/diagnosticSettings")
)),
Map.entry("effect", "AuditIfNotExists")
))
))
.build());
}
}
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const policyDefinition = new azure_native.authorization.PolicyDefinition("policyDefinition", {
description: "Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised",
displayName: "Event Hubs should have diagnostic logging enabled",
metadata: {
category: "Event Hub",
},
mode: "Indexed",
parameters: {
requiredRetentionDays: {
allowedValues: [
0,
30,
90,
180,
365,
],
defaultValue: 365,
metadata: {
description: "The required diagnostic logs retention in days",
displayName: "Required retention (days)",
},
type: azure_native.authorization.ParameterType.Integer,
},
},
policyDefinitionName: "EventHubDiagnosticLogs",
policyRule: {
"if": {
equals: "Microsoft.EventHub/namespaces",
field: "type",
},
then: {
details: {
existenceCondition: {
allOf: [
{
equals: "true",
field: "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled",
},
{
equals: "[parameters('requiredRetentionDays')]",
field: "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days",
},
],
},
type: "Microsoft.Insights/diagnosticSettings",
},
effect: "AuditIfNotExists",
},
},
});
import pulumi
import pulumi_azure_native as azure_native
policy_definition = azure_native.authorization.PolicyDefinition("policyDefinition",
description="Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised",
display_name="Event Hubs should have diagnostic logging enabled",
metadata={
"category": "Event Hub",
},
mode="Indexed",
parameters={
"requiredRetentionDays": {
"allowed_values": [
0,
30,
90,
180,
365,
],
"default_value": 365,
"metadata": {
"description": "The required diagnostic logs retention in days",
"display_name": "Required retention (days)",
},
"type": azure_native.authorization.ParameterType.INTEGER,
},
},
policy_definition_name="EventHubDiagnosticLogs",
policy_rule={
"if": {
"equals": "Microsoft.EventHub/namespaces",
"field": "type",
},
"then": {
"details": {
"existenceCondition": {
"allOf": [
{
"equals": "true",
"field": "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled",
},
{
"equals": "[parameters('requiredRetentionDays')]",
"field": "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days",
},
],
},
"type": "Microsoft.Insights/diagnosticSettings",
},
"effect": "AuditIfNotExists",
},
})
resources:
policyDefinition:
type: azure-native:authorization:PolicyDefinition
properties:
description: Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised
displayName: Event Hubs should have diagnostic logging enabled
metadata:
category: Event Hub
mode: Indexed
parameters:
requiredRetentionDays:
allowedValues:
- 0
- 30
- 90
- 180
- 365
defaultValue: 365
metadata:
description: The required diagnostic logs retention in days
displayName: Required retention (days)
type: Integer
policyDefinitionName: EventHubDiagnosticLogs
policyRule:
if:
equals: Microsoft.EventHub/namespaces
field: type
then:
details:
existenceCondition:
allOf:
- equals: 'true'
field: Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled
- equals: '[parameters(''requiredRetentionDays'')]'
field: Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days
type: Microsoft.Insights/diagnosticSettings
effect: AuditIfNotExists
Create PolicyDefinition Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new PolicyDefinition(name: string, args?: PolicyDefinitionArgs, opts?: CustomResourceOptions);@overload
def PolicyDefinition(resource_name: str,
args: Optional[PolicyDefinitionArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def PolicyDefinition(resource_name: str,
opts: Optional[ResourceOptions] = None,
description: Optional[str] = None,
display_name: Optional[str] = None,
metadata: Optional[Any] = None,
mode: Optional[str] = None,
parameters: Optional[Mapping[str, ParameterDefinitionsValueArgs]] = None,
policy_definition_name: Optional[str] = None,
policy_rule: Optional[Any] = None,
policy_type: Optional[Union[str, PolicyType]] = None)func NewPolicyDefinition(ctx *Context, name string, args *PolicyDefinitionArgs, opts ...ResourceOption) (*PolicyDefinition, error)public PolicyDefinition(string name, PolicyDefinitionArgs? args = null, CustomResourceOptions? opts = null)
public PolicyDefinition(String name, PolicyDefinitionArgs args)
public PolicyDefinition(String name, PolicyDefinitionArgs args, CustomResourceOptions options)
type: azure-native:authorization:PolicyDefinition
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args PolicyDefinitionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args PolicyDefinitionArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args PolicyDefinitionArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args PolicyDefinitionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args PolicyDefinitionArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var policyDefinitionResource = new AzureNative.Authorization.PolicyDefinition("policyDefinitionResource", new()
{
Description = "string",
DisplayName = "string",
Metadata = "any",
Mode = "string",
Parameters =
{
{ "string", new AzureNative.Authorization.Inputs.ParameterDefinitionsValueArgs
{
AllowedValues = new[]
{
"any",
},
DefaultValue = "any",
Metadata = new AzureNative.Authorization.Inputs.ParameterDefinitionsValueMetadataArgs
{
AssignPermissions = false,
Description = "string",
DisplayName = "string",
StrongType = "string",
},
Schema = "any",
Type = "string",
} },
},
PolicyDefinitionName = "string",
PolicyRule = "any",
PolicyType = "string",
});
example, err := authorization.NewPolicyDefinition(ctx, "policyDefinitionResource", &authorization.PolicyDefinitionArgs{
Description: pulumi.String("string"),
DisplayName: pulumi.String("string"),
Metadata: pulumi.Any("any"),
Mode: pulumi.String("string"),
Parameters: authorization.ParameterDefinitionsValueMap{
"string": &authorization.ParameterDefinitionsValueArgs{
AllowedValues: pulumi.Array{
pulumi.Any("any"),
},
DefaultValue: pulumi.Any("any"),
Metadata: &authorization.ParameterDefinitionsValueMetadataArgs{
AssignPermissions: pulumi.Bool(false),
Description: pulumi.String("string"),
DisplayName: pulumi.String("string"),
StrongType: pulumi.String("string"),
},
Schema: pulumi.Any("any"),
Type: pulumi.String("string"),
},
},
PolicyDefinitionName: pulumi.String("string"),
PolicyRule: pulumi.Any("any"),
PolicyType: pulumi.String("string"),
})
var policyDefinitionResource = new PolicyDefinition("policyDefinitionResource", PolicyDefinitionArgs.builder()
.description("string")
.displayName("string")
.metadata("any")
.mode("string")
.parameters(Map.of("string", Map.ofEntries(
Map.entry("allowedValues", "any"),
Map.entry("defaultValue", "any"),
Map.entry("metadata", Map.ofEntries(
Map.entry("assignPermissions", false),
Map.entry("description", "string"),
Map.entry("displayName", "string"),
Map.entry("strongType", "string")
)),
Map.entry("schema", "any"),
Map.entry("type", "string")
)))
.policyDefinitionName("string")
.policyRule("any")
.policyType("string")
.build());
policy_definition_resource = azure_native.authorization.PolicyDefinition("policyDefinitionResource",
description="string",
display_name="string",
metadata="any",
mode="string",
parameters={
"string": {
"allowed_values": ["any"],
"default_value": "any",
"metadata": {
"assign_permissions": False,
"description": "string",
"display_name": "string",
"strong_type": "string",
},
"schema": "any",
"type": "string",
},
},
policy_definition_name="string",
policy_rule="any",
policy_type="string")
const policyDefinitionResource = new azure_native.authorization.PolicyDefinition("policyDefinitionResource", {
description: "string",
displayName: "string",
metadata: "any",
mode: "string",
parameters: {
string: {
allowedValues: ["any"],
defaultValue: "any",
metadata: {
assignPermissions: false,
description: "string",
displayName: "string",
strongType: "string",
},
schema: "any",
type: "string",
},
},
policyDefinitionName: "string",
policyRule: "any",
policyType: "string",
});
type: azure-native:authorization:PolicyDefinition
properties:
description: string
displayName: string
metadata: any
mode: string
parameters:
string:
allowedValues:
- any
defaultValue: any
metadata:
assignPermissions: false
description: string
displayName: string
strongType: string
schema: any
type: string
policyDefinitionName: string
policyRule: any
policyType: string
PolicyDefinition Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The PolicyDefinition resource accepts the following input properties:
- Description string
- The policy definition description.
- Display
Name string - The display name of the policy definition.
- Metadata object
- The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs.
- Mode string
- The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data.
- Parameters
Dictionary<string, Pulumi.
Azure Native. Authorization. Inputs. Parameter Definitions Value Args> - The parameter definitions for parameters used in the policy rule. The keys are the parameter names.
- Policy
Definition stringName - The name of the policy definition to create.
- Policy
Rule object - The policy rule.
- Policy
Type string | Pulumi.Azure Native. Authorization. Policy Type - The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static.
- Description string
- The policy definition description.
- Display
Name string - The display name of the policy definition.
- Metadata interface{}
- The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs.
- Mode string
- The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data.
- Parameters
map[string]Parameter
Definitions Value Args - The parameter definitions for parameters used in the policy rule. The keys are the parameter names.
- Policy
Definition stringName - The name of the policy definition to create.
- Policy
Rule interface{} - The policy rule.
- Policy
Type string | PolicyType - The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static.
- description String
- The policy definition description.
- display
Name String - The display name of the policy definition.
- metadata Object
- The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs.
- mode String
- The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data.
- parameters
Map<String,Parameter
Definitions Value Args> - The parameter definitions for parameters used in the policy rule. The keys are the parameter names.
- policy
Definition StringName - The name of the policy definition to create.
- policy
Rule Object - The policy rule.
- policy
Type String | PolicyType - The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static.
- description string
- The policy definition description.
- display
Name string - The display name of the policy definition.
- metadata any
- The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs.
- mode string
- The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data.
- parameters
{[key: string]: Parameter
Definitions Value Args} - The parameter definitions for parameters used in the policy rule. The keys are the parameter names.
- policy
Definition stringName - The name of the policy definition to create.
- policy
Rule any - The policy rule.
- policy
Type string | PolicyType - The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static.
- description str
- The policy definition description.
- display_
name str - The display name of the policy definition.
- metadata Any
- The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs.
- mode str
- The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data.
- parameters
Mapping[str, Parameter
Definitions Value Args] - The parameter definitions for parameters used in the policy rule. The keys are the parameter names.
- policy_
definition_ strname - The name of the policy definition to create.
- policy_
rule Any - The policy rule.
- policy_
type str | PolicyType - The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static.
- description String
- The policy definition description.
- display
Name String - The display name of the policy definition.
- metadata Any
- The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs.
- mode String
- The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data.
- parameters Map<Property Map>
- The parameter definitions for parameters used in the policy rule. The keys are the parameter names.
- policy
Definition StringName - The name of the policy definition to create.
- policy
Rule Any - The policy rule.
- policy
Type String | "NotSpecified" | "Built In" | "Custom" | "Static" - The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static.
Outputs
All input properties are implicitly available as output properties. Additionally, the PolicyDefinition resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- The name of the policy definition.
- System
Data Pulumi.Azure Native. Authorization. Outputs. System Data Response - The system metadata relating to this resource.
- Type string
- The type of the resource (Microsoft.Authorization/policyDefinitions).
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- The name of the policy definition.
- System
Data SystemData Response - The system metadata relating to this resource.
- Type string
- The type of the resource (Microsoft.Authorization/policyDefinitions).
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- The name of the policy definition.
- system
Data SystemData Response - The system metadata relating to this resource.
- type String
- The type of the resource (Microsoft.Authorization/policyDefinitions).
- id string
- The provider-assigned unique ID for this managed resource.
- name string
- The name of the policy definition.
- system
Data SystemData Response - The system metadata relating to this resource.
- type string
- The type of the resource (Microsoft.Authorization/policyDefinitions).
- id str
- The provider-assigned unique ID for this managed resource.
- name str
- The name of the policy definition.
- system_
data SystemData Response - The system metadata relating to this resource.
- type str
- The type of the resource (Microsoft.Authorization/policyDefinitions).
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- The name of the policy definition.
- system
Data Property Map - The system metadata relating to this resource.
- type String
- The type of the resource (Microsoft.Authorization/policyDefinitions).
Supporting Types
ParameterDefinitionsValue, ParameterDefinitionsValueArgs
- Allowed
Values List<object> - The allowed values for the parameter.
- Default
Value object - The default value for the parameter if no value is provided.
- Metadata
Pulumi.
Azure Native. Authorization. Inputs. Parameter Definitions Value Metadata - General metadata for the parameter.
- Schema object
- Provides validation of parameter inputs during assignment using a self-defined JSON schema. This property is only supported for object-type parameters and follows the Json.NET Schema 2019-09 implementation. You can learn more about using schemas at https://json-schema.org/ and test draft schemas at https://www.jsonschemavalidator.net/.
- Type
string | Pulumi.
Azure Native. Authorization. Parameter Type - The data type of the parameter.
- Allowed
Values []interface{} - The allowed values for the parameter.
- Default
Value interface{} - The default value for the parameter if no value is provided.
- Metadata
Parameter
Definitions Value Metadata - General metadata for the parameter.
- Schema interface{}
- Provides validation of parameter inputs during assignment using a self-defined JSON schema. This property is only supported for object-type parameters and follows the Json.NET Schema 2019-09 implementation. You can learn more about using schemas at https://json-schema.org/ and test draft schemas at https://www.jsonschemavalidator.net/.
- Type
string | Parameter
Type - The data type of the parameter.
- allowed
Values List<Object> - The allowed values for the parameter.
- default
Value Object - The default value for the parameter if no value is provided.
- metadata
Parameter
Definitions Value Metadata - General metadata for the parameter.
- schema Object
- Provides validation of parameter inputs during assignment using a self-defined JSON schema. This property is only supported for object-type parameters and follows the Json.NET Schema 2019-09 implementation. You can learn more about using schemas at https://json-schema.org/ and test draft schemas at https://www.jsonschemavalidator.net/.
- type
String | Parameter
Type - The data type of the parameter.
- allowed
Values any[] - The allowed values for the parameter.
- default
Value any - The default value for the parameter if no value is provided.
- metadata
Parameter
Definitions Value Metadata - General metadata for the parameter.
- schema any
- Provides validation of parameter inputs during assignment using a self-defined JSON schema. This property is only supported for object-type parameters and follows the Json.NET Schema 2019-09 implementation. You can learn more about using schemas at https://json-schema.org/ and test draft schemas at https://www.jsonschemavalidator.net/.
- type
string | Parameter
Type - The data type of the parameter.
- allowed_
values Sequence[Any] - The allowed values for the parameter.
- default_
value Any - The default value for the parameter if no value is provided.
- metadata
Parameter
Definitions Value Metadata - General metadata for the parameter.
- schema Any
- Provides validation of parameter inputs during assignment using a self-defined JSON schema. This property is only supported for object-type parameters and follows the Json.NET Schema 2019-09 implementation. You can learn more about using schemas at https://json-schema.org/ and test draft schemas at https://www.jsonschemavalidator.net/.
- type
str | Parameter
Type - The data type of the parameter.
- allowed
Values List<Any> - The allowed values for the parameter.
- default
Value Any - The default value for the parameter if no value is provided.
- metadata Property Map
- General metadata for the parameter.
- schema Any
- Provides validation of parameter inputs during assignment using a self-defined JSON schema. This property is only supported for object-type parameters and follows the Json.NET Schema 2019-09 implementation. You can learn more about using schemas at https://json-schema.org/ and test draft schemas at https://www.jsonschemavalidator.net/.
- type
String | "String" | "Array" | "Object" | "Boolean" | "Integer" | "Float" | "Date
Time" - The data type of the parameter.
ParameterDefinitionsValueMetadata, ParameterDefinitionsValueMetadataArgs
- Assign
Permissions bool - Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope.
- Description string
- The description of the parameter.
- Display
Name string - The display name for the parameter.
- Strong
Type string - Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from.
- Assign
Permissions bool - Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope.
- Description string
- The description of the parameter.
- Display
Name string - The display name for the parameter.
- Strong
Type string - Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from.
- assign
Permissions Boolean - Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope.
- description String
- The description of the parameter.
- display
Name String - The display name for the parameter.
- strong
Type String - Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from.
- assign
Permissions boolean - Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope.
- description string
- The description of the parameter.
- display
Name string - The display name for the parameter.
- strong
Type string - Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from.
- assign_
permissions bool - Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope.
- description str
- The description of the parameter.
- display_
name str - The display name for the parameter.
- strong_
type str - Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from.
- assign
Permissions Boolean - Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope.
- description String
- The description of the parameter.
- display
Name String - The display name for the parameter.
- strong
Type String - Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from.
ParameterDefinitionsValueResponse, ParameterDefinitionsValueResponseArgs
- Allowed
Values List<object> - The allowed values for the parameter.
- Default
Value object - The default value for the parameter if no value is provided.
- Metadata
Pulumi.
Azure Native. Authorization. Inputs. Parameter Definitions Value Response Metadata - General metadata for the parameter.
- Schema object
- Provides validation of parameter inputs during assignment using a self-defined JSON schema. This property is only supported for object-type parameters and follows the Json.NET Schema 2019-09 implementation. You can learn more about using schemas at https://json-schema.org/ and test draft schemas at https://www.jsonschemavalidator.net/.
- Type string
- The data type of the parameter.
- Allowed
Values []interface{} - The allowed values for the parameter.
- Default
Value interface{} - The default value for the parameter if no value is provided.
- Metadata
Parameter
Definitions Value Response Metadata - General metadata for the parameter.
- Schema interface{}
- Provides validation of parameter inputs during assignment using a self-defined JSON schema. This property is only supported for object-type parameters and follows the Json.NET Schema 2019-09 implementation. You can learn more about using schemas at https://json-schema.org/ and test draft schemas at https://www.jsonschemavalidator.net/.
- Type string
- The data type of the parameter.
- allowed
Values List<Object> - The allowed values for the parameter.
- default
Value Object - The default value for the parameter if no value is provided.
- metadata
Parameter
Definitions Value Response Metadata - General metadata for the parameter.
- schema Object
- Provides validation of parameter inputs during assignment using a self-defined JSON schema. This property is only supported for object-type parameters and follows the Json.NET Schema 2019-09 implementation. You can learn more about using schemas at https://json-schema.org/ and test draft schemas at https://www.jsonschemavalidator.net/.
- type String
- The data type of the parameter.
- allowed
Values any[] - The allowed values for the parameter.
- default
Value any - The default value for the parameter if no value is provided.
- metadata
Parameter
Definitions Value Response Metadata - General metadata for the parameter.
- schema any
- Provides validation of parameter inputs during assignment using a self-defined JSON schema. This property is only supported for object-type parameters and follows the Json.NET Schema 2019-09 implementation. You can learn more about using schemas at https://json-schema.org/ and test draft schemas at https://www.jsonschemavalidator.net/.
- type string
- The data type of the parameter.
- allowed_
values Sequence[Any] - The allowed values for the parameter.
- default_
value Any - The default value for the parameter if no value is provided.
- metadata
Parameter
Definitions Value Response Metadata - General metadata for the parameter.
- schema Any
- Provides validation of parameter inputs during assignment using a self-defined JSON schema. This property is only supported for object-type parameters and follows the Json.NET Schema 2019-09 implementation. You can learn more about using schemas at https://json-schema.org/ and test draft schemas at https://www.jsonschemavalidator.net/.
- type str
- The data type of the parameter.
- allowed
Values List<Any> - The allowed values for the parameter.
- default
Value Any - The default value for the parameter if no value is provided.
- metadata Property Map
- General metadata for the parameter.
- schema Any
- Provides validation of parameter inputs during assignment using a self-defined JSON schema. This property is only supported for object-type parameters and follows the Json.NET Schema 2019-09 implementation. You can learn more about using schemas at https://json-schema.org/ and test draft schemas at https://www.jsonschemavalidator.net/.
- type String
- The data type of the parameter.
ParameterDefinitionsValueResponseMetadata, ParameterDefinitionsValueResponseMetadataArgs
- Assign
Permissions bool - Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope.
- Description string
- The description of the parameter.
- Display
Name string - The display name for the parameter.
- Strong
Type string - Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from.
- Assign
Permissions bool - Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope.
- Description string
- The description of the parameter.
- Display
Name string - The display name for the parameter.
- Strong
Type string - Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from.
- assign
Permissions Boolean - Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope.
- description String
- The description of the parameter.
- display
Name String - The display name for the parameter.
- strong
Type String - Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from.
- assign
Permissions boolean - Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope.
- description string
- The description of the parameter.
- display
Name string - The display name for the parameter.
- strong
Type string - Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from.
- assign_
permissions bool - Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope.
- description str
- The description of the parameter.
- display_
name str - The display name for the parameter.
- strong_
type str - Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from.
- assign
Permissions Boolean - Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope.
- description String
- The description of the parameter.
- display
Name String - The display name for the parameter.
- strong
Type String - Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from.
ParameterType, ParameterTypeArgs
- String
- String
- Array
- Array
- Object
- Object
- Boolean
- Boolean
- Integer
- Integer
- Float
- Float
- Date
Time - DateTime
- Parameter
Type String - String
- Parameter
Type Array - Array
- Parameter
Type Object - Object
- Parameter
Type Boolean - Boolean
- Parameter
Type Integer - Integer
- Parameter
Type Float - Float
- Parameter
Type Date Time - DateTime
- String
- String
- Array
- Array
- Object
- Object
- Boolean
- Boolean
- Integer
- Integer
- Float
- Float
- Date
Time - DateTime
- String
- String
- Array
- Array
- Object
- Object
- Boolean
- Boolean
- Integer
- Integer
- Float
- Float
- Date
Time - DateTime
- STRING
- String
- ARRAY
- Array
- OBJECT
- Object
- BOOLEAN
- Boolean
- INTEGER
- Integer
- FLOAT
- Float
- DATE_TIME
- DateTime
- "String"
- String
- "Array"
- Array
- "Object"
- Object
- "Boolean"
- Boolean
- "Integer"
- Integer
- "Float"
- Float
- "Date
Time" - DateTime
PolicyType, PolicyTypeArgs
- Not
Specified - NotSpecified
- Built
In - BuiltIn
- Custom
- Custom
- Static
- Static
- Policy
Type Not Specified - NotSpecified
- Policy
Type Built In - BuiltIn
- Policy
Type Custom - Custom
- Policy
Type Static - Static
- Not
Specified - NotSpecified
- Built
In - BuiltIn
- Custom
- Custom
- Static
- Static
- Not
Specified - NotSpecified
- Built
In - BuiltIn
- Custom
- Custom
- Static
- Static
- NOT_SPECIFIED
- NotSpecified
- BUILT_IN
- BuiltIn
- CUSTOM
- Custom
- STATIC
- Static
- "Not
Specified" - NotSpecified
- "Built
In" - BuiltIn
- "Custom"
- Custom
- "Static"
- Static
SystemDataResponse, SystemDataResponseArgs
- Created
At string - The timestamp of resource creation (UTC).
- Created
By string - The identity that created the resource.
- Created
By stringType - The type of identity that created the resource.
- Last
Modified stringAt - The timestamp of resource last modification (UTC)
- Last
Modified stringBy - The identity that last modified the resource.
- Last
Modified stringBy Type - The type of identity that last modified the resource.
- Created
At string - The timestamp of resource creation (UTC).
- Created
By string - The identity that created the resource.
- Created
By stringType - The type of identity that created the resource.
- Last
Modified stringAt - The timestamp of resource last modification (UTC)
- Last
Modified stringBy - The identity that last modified the resource.
- Last
Modified stringBy Type - The type of identity that last modified the resource.
- created
At String - The timestamp of resource creation (UTC).
- created
By String - The identity that created the resource.
- created
By StringType - The type of identity that created the resource.
- last
Modified StringAt - The timestamp of resource last modification (UTC)
- last
Modified StringBy - The identity that last modified the resource.
- last
Modified StringBy Type - The type of identity that last modified the resource.
- created
At string - The timestamp of resource creation (UTC).
- created
By string - The identity that created the resource.
- created
By stringType - The type of identity that created the resource.
- last
Modified stringAt - The timestamp of resource last modification (UTC)
- last
Modified stringBy - The identity that last modified the resource.
- last
Modified stringBy Type - The type of identity that last modified the resource.
- created_
at str - The timestamp of resource creation (UTC).
- created_
by str - The identity that created the resource.
- created_
by_ strtype - The type of identity that created the resource.
- last_
modified_ strat - The timestamp of resource last modification (UTC)
- last_
modified_ strby - The identity that last modified the resource.
- last_
modified_ strby_ type - The type of identity that last modified the resource.
- created
At String - The timestamp of resource creation (UTC).
- created
By String - The identity that created the resource.
- created
By StringType - The type of identity that created the resource.
- last
Modified StringAt - The timestamp of resource last modification (UTC)
- last
Modified StringBy - The identity that last modified the resource.
- last
Modified StringBy Type - The type of identity that last modified the resource.
Import
An existing resource can be imported using its type token, name, and identifier, e.g.
$ pulumi import azure-native:authorization:PolicyDefinition ResourceNaming /subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure Native pulumi/pulumi-azure-native
- License
- Apache-2.0
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.89.1 published on Sunday, Mar 2, 2025 by Pulumi