Met deze bewerking wordt een beleidstoewijzing gemaakt of bijgewerkt met het opgegeven bereik en de naam. Beleidstoewijzingen zijn van toepassing op alle resources die binnen hun bereik vallen. Wanneer u bijvoorbeeld een beleid toewijst op het bereik van de resourcegroep, is dat beleid van toepassing op alle resources in de groep.
PUT https://management.azure.com/{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}?api-version=2023-04-01
URI-parameters
| Name |
In |
Vereist |
Type |
Description |
|
policyAssignmentName
|
path |
True
|
string
pattern: ^[^<>*%&:\?.+/]*[^<>*%&:\?.+/ ]+$
|
De naam van de beleidstoewijzing.
|
|
scope
|
path |
True
|
string
|
Het bereik van de beleidstoewijzing. Geldige bereiken zijn: beheergroep (indeling: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), abonnement (indeling: '/subscriptions/{subscriptionId}'), resourcegroep (indeling: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', of resource (indeling: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
|
|
api-version
|
query |
True
|
string
minLength: 1
|
De API-versie die voor deze bewerking moet worden gebruikt.
|
Aanvraagbody
| Name |
Type |
Description |
|
identity
|
Identity
|
De beheerde identiteit die is gekoppeld aan de beleidstoewijzing.
|
|
location
|
string
|
De locatie van de beleidstoewijzing. Alleen vereist bij het gebruik van beheerde identiteit.
|
|
properties.definitionVersion
|
string
|
De versie van de te gebruiken beleidsdefinitie.
|
|
properties.description
|
string
|
Dit bericht maakt deel uit van het antwoord in het geval van een schending van het beleid.
|
|
properties.displayName
|
string
|
De weergavenaam van de beleidstoewijzing.
|
|
properties.enforcementMode
|
enforcementMode
|
De afdwingingsmodus voor beleidstoewijzing. Mogelijke waarden zijn Standaard en DoNotEnforce.
|
|
properties.metadata
|
object
|
De metagegevens van de beleidstoewijzing. Metagegevens zijn een geopend object en zijn meestal een verzameling sleutel-waardeparen.
|
|
properties.nonComplianceMessages
|
NonComplianceMessage[]
|
De berichten die beschrijven waarom een resource niet compatibel is met het beleid.
|
|
properties.notScopes
|
string[]
|
Uitgesloten bereiken van het beleid.
|
|
properties.overrides
|
Override[]
|
De waarde van de beleidseigenschap wordt overschreven.
|
|
properties.parameters
|
<string,
ParameterValuesValue>
|
De parameterwaarden voor de toegewezen beleidsregel. De sleutels zijn de parameternamen.
|
|
properties.policyDefinitionId
|
string
|
De id van de beleidsdefinitie of beleidssetdefinitie die wordt toegewezen.
|
|
properties.resourceSelectors
|
ResourceSelector[]
|
De lijst met resourcekiezers om beleidsregels te filteren op resource-eigenschappen.
|
Antwoorden
| Name |
Type |
Description |
|
201 Created
|
PolicyAssignment
|
Gemaakt: retourneert informatie over de nieuwe beleidstoewijzing.
|
|
Other Status Codes
|
CloudError
|
Foutreactie waarin wordt beschreven waarom de bewerking is mislukt.
|
Beveiliging
azure_auth
OAuth2-stroom voor Azure Active Directory.
Type:
oauth2
Stroom:
implicit
Autorisatie-URL:
https://login.microsoftonline.com/common/oauth2/authorize
Bereiken
| Name |
Description |
|
user_impersonation
|
Uw gebruikersaccount imiteren
|
Voorbeelden
Create or update a policy assignment
Voorbeeldaanvraag
PUT https://management.azure.com/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming?api-version=2023-04-01
{
"properties": {
"displayName": "Enforce resource naming rules",
"description": "Force resource names to begin with given DeptA and end with -LC",
"metadata": {
"assignedBy": "Special Someone"
},
"policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
"parameters": {
"prefix": {
"value": "DeptA"
},
"suffix": {
"value": "-LC"
}
},
"nonComplianceMessages": [
{
"message": "Resource names must start with 'DeptA' and end with '-LC'."
}
]
}
}
import com.azure.core.management.serializer.SerializerFactory;
import com.azure.core.util.serializer.SerializerEncoding;
import com.azure.resourcemanager.resources.fluent.models.PolicyAssignmentInner;
import com.azure.resourcemanager.resources.models.NonComplianceMessage;
import com.azure.resourcemanager.resources.models.ParameterValuesValue;
import java.io.IOException;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for PolicyAssignments Create.
*/
public final class Main {
/*
* x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/
* createPolicyAssignment.json
*/
/**
* Sample code: Create or update a policy assignment.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void createOrUpdateAPolicyAssignment(com.azure.resourcemanager.AzureResourceManager azure)
throws IOException {
azure.genericResources().manager().policyClient().getPolicyAssignments().createWithResponse(
"subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "EnforceNaming",
new PolicyAssignmentInner().withDisplayName("Enforce resource naming rules").withPolicyDefinitionId(
"/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming")
.withParameters(mapOf("prefix", new ParameterValuesValue().withValue("DeptA"), "suffix",
new ParameterValuesValue().withValue("-LC")))
.withDescription("Force resource names to begin with given DeptA and end with -LC")
.withMetadata(SerializerFactory.createDefaultManagementSerializerAdapter()
.deserialize("{\"assignedBy\":\"Special Someone\"}", Object.class, SerializerEncoding.JSON))
.withNonComplianceMessages(Arrays.asList(new NonComplianceMessage()
.withMessage("Resource names must start with 'DeptA' and end with '-LC'."))),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.resource.policy import PolicyClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-resource
# USAGE
python create_policy_assignment.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = PolicyClient(
credential=DefaultAzureCredential(),
subscription_id="SUBSCRIPTION_ID",
)
response = client.policy_assignments.create(
scope="subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
policy_assignment_name="EnforceNaming",
parameters={
"properties": {
"description": "Force resource names to begin with given DeptA and end with -LC",
"displayName": "Enforce resource naming rules",
"metadata": {"assignedBy": "Special Someone"},
"nonComplianceMessages": [{"message": "Resource names must start with 'DeptA' and end with '-LC'."}],
"parameters": {"prefix": {"value": "DeptA"}, "suffix": {"value": "-LC"}},
"policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
}
},
)
print(response)
# x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/createPolicyAssignment.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armpolicy_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/219b2e3ef270f18149774eb2793b48baacde982f/specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/createPolicyAssignment.json
func ExampleAssignmentsClient_Create_createOrUpdateAPolicyAssignment() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
_, err = clientFactory.NewAssignmentsClient().Create(ctx, "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "EnforceNaming", armpolicy.Assignment{
Properties: &armpolicy.AssignmentProperties{
Description: to.Ptr("Force resource names to begin with given DeptA and end with -LC"),
DisplayName: to.Ptr("Enforce resource naming rules"),
Metadata: map[string]any{
"assignedBy": "Special Someone",
},
NonComplianceMessages: []*armpolicy.NonComplianceMessage{
{
Message: to.Ptr("Resource names must start with 'DeptA' and end with '-LC'."),
}},
Parameters: map[string]*armpolicy.ParameterValuesValue{
"prefix": {
Value: "DeptA",
},
"suffix": {
Value: "-LC",
},
},
PolicyDefinitionID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { PolicyClient } = require("@azure/arm-policy");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to This operation creates or updates a policy assignment with the given scope and name. Policy assignments apply to all resources contained within their scope. For example, when you assign a policy at resource group scope, that policy applies to all resources in the group.
*
* @summary This operation creates or updates a policy assignment with the given scope and name. Policy assignments apply to all resources contained within their scope. For example, when you assign a policy at resource group scope, that policy applies to all resources in the group.
* x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/createPolicyAssignment.json
*/
async function createOrUpdateAPolicyAssignment() {
const scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2";
const policyAssignmentName = "EnforceNaming";
const parameters = {
description: "Force resource names to begin with given DeptA and end with -LC",
displayName: "Enforce resource naming rules",
metadata: { assignedBy: "Special Someone" },
nonComplianceMessages: [
{ message: "Resource names must start with 'DeptA' and end with '-LC'." },
],
parameters: { prefix: { value: "DeptA" }, suffix: { value: "-LC" } },
policyDefinitionId:
"/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
};
const credential = new DefaultAzureCredential();
const client = new PolicyClient(credential);
const result = await client.policyAssignments.create(scope, policyAssignmentName, parameters);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Voorbeeldrespons
{
"properties": {
"displayName": "Enforce resource naming rules",
"description": "Force resource names to begin with given DeptA and end with -LC",
"metadata": {
"assignedBy": "Special Someone"
},
"policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
"definitionVersion": "1.*.*",
"notScopes": [],
"parameters": {
"prefix": {
"value": "DeptA"
},
"suffix": {
"value": "-LC"
}
},
"enforcementMode": "Default",
"scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
"nonComplianceMessages": [
{
"message": "Resource names must start with 'DeptA' and end with '-LC'."
}
]
},
"id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming",
"type": "Microsoft.Authorization/policyAssignments",
"name": "EnforceNaming"
}
Create or update a policy assignment with a system assigned identity
Voorbeeldaanvraag
PUT https://management.azure.com/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming?api-version=2023-04-01
{
"location": "eastus",
"identity": {
"type": "SystemAssigned"
},
"properties": {
"displayName": "Enforce resource naming rules",
"description": "Force resource names to begin with given DeptA and end with -LC",
"metadata": {
"assignedBy": "Foo Bar"
},
"policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
"parameters": {
"prefix": {
"value": "DeptA"
},
"suffix": {
"value": "-LC"
}
},
"enforcementMode": "Default"
}
}
import com.azure.core.management.serializer.SerializerFactory;
import com.azure.core.util.serializer.SerializerEncoding;
import com.azure.resourcemanager.resources.fluent.models.PolicyAssignmentInner;
import com.azure.resourcemanager.resources.models.EnforcementMode;
import com.azure.resourcemanager.resources.models.Identity;
import com.azure.resourcemanager.resources.models.ParameterValuesValue;
import com.azure.resourcemanager.resources.models.ResourceIdentityType;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for PolicyAssignments Create.
*/
public final class Main {
/*
* x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/
* createPolicyAssignmentWithIdentity.json
*/
/**
* Sample code: Create or update a policy assignment with a system assigned identity.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void createOrUpdateAPolicyAssignmentWithASystemAssignedIdentity(
com.azure.resourcemanager.AzureResourceManager azure) throws IOException {
azure.genericResources().manager().policyClient().getPolicyAssignments().createWithResponse(
"subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "EnforceNaming",
new PolicyAssignmentInner().withLocation("eastus")
.withIdentity(new Identity().withType(ResourceIdentityType.SYSTEM_ASSIGNED))
.withDisplayName("Enforce resource naming rules")
.withPolicyDefinitionId(
"/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming")
.withParameters(mapOf("prefix", new ParameterValuesValue().withValue("DeptA"), "suffix",
new ParameterValuesValue().withValue("-LC")))
.withDescription("Force resource names to begin with given DeptA and end with -LC")
.withMetadata(SerializerFactory.createDefaultManagementSerializerAdapter()
.deserialize("{\"assignedBy\":\"Foo Bar\"}", Object.class, SerializerEncoding.JSON))
.withEnforcementMode(EnforcementMode.DEFAULT),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.resource.policy import PolicyClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-resource
# USAGE
python create_policy_assignment_with_identity.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = PolicyClient(
credential=DefaultAzureCredential(),
subscription_id="SUBSCRIPTION_ID",
)
response = client.policy_assignments.create(
scope="subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
policy_assignment_name="EnforceNaming",
parameters={
"identity": {"type": "SystemAssigned"},
"location": "eastus",
"properties": {
"description": "Force resource names to begin with given DeptA and end with -LC",
"displayName": "Enforce resource naming rules",
"enforcementMode": "Default",
"metadata": {"assignedBy": "Foo Bar"},
"parameters": {"prefix": {"value": "DeptA"}, "suffix": {"value": "-LC"}},
"policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
},
},
)
print(response)
# x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/createPolicyAssignmentWithIdentity.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armpolicy_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/219b2e3ef270f18149774eb2793b48baacde982f/specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/createPolicyAssignmentWithIdentity.json
func ExampleAssignmentsClient_Create_createOrUpdateAPolicyAssignmentWithASystemAssignedIdentity() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
_, err = clientFactory.NewAssignmentsClient().Create(ctx, "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "EnforceNaming", armpolicy.Assignment{
Identity: &armpolicy.Identity{
Type: to.Ptr(armpolicy.ResourceIdentityTypeSystemAssigned),
},
Location: to.Ptr("eastus"),
Properties: &armpolicy.AssignmentProperties{
Description: to.Ptr("Force resource names to begin with given DeptA and end with -LC"),
DisplayName: to.Ptr("Enforce resource naming rules"),
EnforcementMode: to.Ptr(armpolicy.EnforcementModeDefault),
Metadata: map[string]any{
"assignedBy": "Foo Bar",
},
Parameters: map[string]*armpolicy.ParameterValuesValue{
"prefix": {
Value: "DeptA",
},
"suffix": {
Value: "-LC",
},
},
PolicyDefinitionID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { PolicyClient } = require("@azure/arm-policy");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to This operation creates or updates a policy assignment with the given scope and name. Policy assignments apply to all resources contained within their scope. For example, when you assign a policy at resource group scope, that policy applies to all resources in the group.
*
* @summary This operation creates or updates a policy assignment with the given scope and name. Policy assignments apply to all resources contained within their scope. For example, when you assign a policy at resource group scope, that policy applies to all resources in the group.
* x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/createPolicyAssignmentWithIdentity.json
*/
async function createOrUpdateAPolicyAssignmentWithASystemAssignedIdentity() {
const scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2";
const policyAssignmentName = "EnforceNaming";
const parameters = {
description: "Force resource names to begin with given DeptA and end with -LC",
displayName: "Enforce resource naming rules",
enforcementMode: "Default",
identity: { type: "SystemAssigned" },
location: "eastus",
metadata: { assignedBy: "Foo Bar" },
parameters: { prefix: { value: "DeptA" }, suffix: { value: "-LC" } },
policyDefinitionId:
"/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
};
const credential = new DefaultAzureCredential();
const client = new PolicyClient(credential);
const result = await client.policyAssignments.create(scope, policyAssignmentName, parameters);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Voorbeeldrespons
{
"properties": {
"displayName": "Enforce resource naming rules",
"description": "Force resource names to begin with given DeptA and end with -LC",
"metadata": {
"assignedBy": "Special Someone"
},
"policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
"definitionVersion": "1.*.*",
"notScopes": [],
"parameters": {
"prefix": {
"value": "DeptA"
},
"suffix": {
"value": "-LC"
}
},
"enforcementMode": "Default",
"scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"
},
"identity": {
"type": "SystemAssigned",
"principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a",
"tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135"
},
"location": "eastus",
"id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming",
"type": "Microsoft.Authorization/policyAssignments",
"name": "EnforceNaming"
}
Create or update a policy assignment with a user assigned identity
Voorbeeldaanvraag
PUT https://management.azure.com/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming?api-version=2023-04-01
{
"location": "eastus",
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-identity": {}
}
},
"properties": {
"displayName": "Enforce resource naming rules",
"description": "Force resource names to begin with given DeptA and end with -LC",
"metadata": {
"assignedBy": "Foo Bar"
},
"policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
"parameters": {
"prefix": {
"value": "DeptA"
},
"suffix": {
"value": "-LC"
}
},
"enforcementMode": "Default"
}
}
import com.azure.core.management.serializer.SerializerFactory;
import com.azure.core.util.serializer.SerializerEncoding;
import com.azure.resourcemanager.resources.fluent.models.PolicyAssignmentInner;
import com.azure.resourcemanager.resources.models.EnforcementMode;
import com.azure.resourcemanager.resources.models.Identity;
import com.azure.resourcemanager.resources.models.IdentityUserAssignedIdentitiesValue;
import com.azure.resourcemanager.resources.models.ParameterValuesValue;
import com.azure.resourcemanager.resources.models.ResourceIdentityType;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for PolicyAssignments Create.
*/
public final class Main {
/*
* x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/
* createPolicyAssignmentWithUserAssignedIdentity.json
*/
/**
* Sample code: Create or update a policy assignment with a user assigned identity.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void createOrUpdateAPolicyAssignmentWithAUserAssignedIdentity(
com.azure.resourcemanager.AzureResourceManager azure) throws IOException {
azure.genericResources().manager().policyClient().getPolicyAssignments().createWithResponse(
"subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "EnforceNaming",
new PolicyAssignmentInner().withLocation("eastus").withIdentity(new Identity()
.withType(ResourceIdentityType.USER_ASSIGNED)
.withUserAssignedIdentities(mapOf(
"/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-identity",
new IdentityUserAssignedIdentitiesValue())))
.withDisplayName("Enforce resource naming rules")
.withPolicyDefinitionId(
"/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming")
.withParameters(mapOf("prefix", new ParameterValuesValue().withValue("DeptA"), "suffix",
new ParameterValuesValue().withValue("-LC")))
.withDescription("Force resource names to begin with given DeptA and end with -LC")
.withMetadata(SerializerFactory.createDefaultManagementSerializerAdapter()
.deserialize("{\"assignedBy\":\"Foo Bar\"}", Object.class, SerializerEncoding.JSON))
.withEnforcementMode(EnforcementMode.DEFAULT),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.resource.policy import PolicyClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-resource
# USAGE
python create_policy_assignment_with_user_assigned_identity.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = PolicyClient(
credential=DefaultAzureCredential(),
subscription_id="SUBSCRIPTION_ID",
)
response = client.policy_assignments.create(
scope="subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
policy_assignment_name="EnforceNaming",
parameters={
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-identity": {}
},
},
"location": "eastus",
"properties": {
"description": "Force resource names to begin with given DeptA and end with -LC",
"displayName": "Enforce resource naming rules",
"enforcementMode": "Default",
"metadata": {"assignedBy": "Foo Bar"},
"parameters": {"prefix": {"value": "DeptA"}, "suffix": {"value": "-LC"}},
"policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
},
},
)
print(response)
# x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/createPolicyAssignmentWithUserAssignedIdentity.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armpolicy_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/219b2e3ef270f18149774eb2793b48baacde982f/specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/createPolicyAssignmentWithUserAssignedIdentity.json
func ExampleAssignmentsClient_Create_createOrUpdateAPolicyAssignmentWithAUserAssignedIdentity() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
_, err = clientFactory.NewAssignmentsClient().Create(ctx, "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "EnforceNaming", armpolicy.Assignment{
Identity: &armpolicy.Identity{
Type: to.Ptr(armpolicy.ResourceIdentityTypeUserAssigned),
UserAssignedIdentities: map[string]*armpolicy.UserAssignedIdentitiesValue{
"/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-identity": {},
},
},
Location: to.Ptr("eastus"),
Properties: &armpolicy.AssignmentProperties{
Description: to.Ptr("Force resource names to begin with given DeptA and end with -LC"),
DisplayName: to.Ptr("Enforce resource naming rules"),
EnforcementMode: to.Ptr(armpolicy.EnforcementModeDefault),
Metadata: map[string]any{
"assignedBy": "Foo Bar",
},
Parameters: map[string]*armpolicy.ParameterValuesValue{
"prefix": {
Value: "DeptA",
},
"suffix": {
Value: "-LC",
},
},
PolicyDefinitionID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { PolicyClient } = require("@azure/arm-policy");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to This operation creates or updates a policy assignment with the given scope and name. Policy assignments apply to all resources contained within their scope. For example, when you assign a policy at resource group scope, that policy applies to all resources in the group.
*
* @summary This operation creates or updates a policy assignment with the given scope and name. Policy assignments apply to all resources contained within their scope. For example, when you assign a policy at resource group scope, that policy applies to all resources in the group.
* x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/createPolicyAssignmentWithUserAssignedIdentity.json
*/
async function createOrUpdateAPolicyAssignmentWithAUserAssignedIdentity() {
const scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2";
const policyAssignmentName = "EnforceNaming";
const parameters = {
description: "Force resource names to begin with given DeptA and end with -LC",
displayName: "Enforce resource naming rules",
enforcementMode: "Default",
identity: {
type: "UserAssigned",
userAssignedIdentities: {
"/subscriptions/ae640e6bBa3e42569d622993eecfa6f2/resourceGroups/testResourceGroup/providers/MicrosoftManagedIdentity/userAssignedIdentities/testIdentity":
{},
},
},
location: "eastus",
metadata: { assignedBy: "Foo Bar" },
parameters: { prefix: { value: "DeptA" }, suffix: { value: "-LC" } },
policyDefinitionId:
"/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
};
const credential = new DefaultAzureCredential();
const client = new PolicyClient(credential);
const result = await client.policyAssignments.create(scope, policyAssignmentName, parameters);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Voorbeeldrespons
{
"properties": {
"displayName": "Enforce resource naming rules",
"description": "Force resource names to begin with given DeptA and end with -LC",
"metadata": {
"assignedBy": "Special Someone"
},
"policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
"definitionVersion": "1.*.*",
"notScopes": [],
"parameters": {
"prefix": {
"value": "DeptA"
},
"suffix": {
"value": "-LC"
}
},
"enforcementMode": "Default",
"scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"
},
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-identity": {
"principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a",
"clientId": "4bee2b8a-1bee-47c2-90e9-404241551135"
}
}
},
"location": "eastus",
"id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming",
"type": "Microsoft.Authorization/policyAssignments",
"name": "EnforceNaming"
}
Create or update a policy assignment with multiple non-compliance messages
Voorbeeldaanvraag
PUT https://management.azure.com/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/securityInitAssignment?api-version=2023-04-01
{
"properties": {
"displayName": "Enforce security policies",
"policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/securityInitiative",
"nonComplianceMessages": [
{
"message": "Resources must comply with all internal security policies. See <internal site URL> for more info."
},
{
"message": "Resource names must start with 'DeptA' and end with '-LC'.",
"policyDefinitionReferenceId": "10420126870854049575"
},
{
"message": "Storage accounts must have firewall rules configured.",
"policyDefinitionReferenceId": "8572513655450389710"
}
]
}
}
import com.azure.resourcemanager.resources.fluent.models.PolicyAssignmentInner;
import com.azure.resourcemanager.resources.models.NonComplianceMessage;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for PolicyAssignments Create.
*/
public final class Main {
/*
* x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/
* createPolicyAssignmentNonComplianceMessages.json
*/
/**
* Sample code: Create or update a policy assignment with multiple non-compliance messages.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void createOrUpdateAPolicyAssignmentWithMultipleNonComplianceMessages(
com.azure.resourcemanager.AzureResourceManager azure) {
azure.genericResources().manager().policyClient().getPolicyAssignments().createWithResponse(
"subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "securityInitAssignment",
new PolicyAssignmentInner().withDisplayName("Enforce security policies").withPolicyDefinitionId(
"/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/securityInitiative")
.withNonComplianceMessages(Arrays.asList(new NonComplianceMessage().withMessage(
"Resources must comply with all internal security policies. See <internal site URL> for more info."),
new NonComplianceMessage().withMessage("Resource names must start with 'DeptA' and end with '-LC'.")
.withPolicyDefinitionReferenceId("10420126870854049575"),
new NonComplianceMessage().withMessage("Storage accounts must have firewall rules configured.")
.withPolicyDefinitionReferenceId("8572513655450389710"))),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.resource.policy import PolicyClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-resource
# USAGE
python create_policy_assignment_non_compliance_messages.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = PolicyClient(
credential=DefaultAzureCredential(),
subscription_id="SUBSCRIPTION_ID",
)
response = client.policy_assignments.create(
scope="subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
policy_assignment_name="securityInitAssignment",
parameters={
"properties": {
"displayName": "Enforce security policies",
"nonComplianceMessages": [
{
"message": "Resources must comply with all internal security policies. See <internal site URL> for more info."
},
{
"message": "Resource names must start with 'DeptA' and end with '-LC'.",
"policyDefinitionReferenceId": "10420126870854049575",
},
{
"message": "Storage accounts must have firewall rules configured.",
"policyDefinitionReferenceId": "8572513655450389710",
},
],
"policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/securityInitiative",
}
},
)
print(response)
# x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/createPolicyAssignmentNonComplianceMessages.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armpolicy_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/219b2e3ef270f18149774eb2793b48baacde982f/specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/createPolicyAssignmentNonComplianceMessages.json
func ExampleAssignmentsClient_Create_createOrUpdateAPolicyAssignmentWithMultipleNonComplianceMessages() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
_, err = clientFactory.NewAssignmentsClient().Create(ctx, "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "securityInitAssignment", armpolicy.Assignment{
Properties: &armpolicy.AssignmentProperties{
DisplayName: to.Ptr("Enforce security policies"),
NonComplianceMessages: []*armpolicy.NonComplianceMessage{
{
Message: to.Ptr("Resources must comply with all internal security policies. See <internal site URL> for more info."),
},
{
Message: to.Ptr("Resource names must start with 'DeptA' and end with '-LC'."),
PolicyDefinitionReferenceID: to.Ptr("10420126870854049575"),
},
{
Message: to.Ptr("Storage accounts must have firewall rules configured."),
PolicyDefinitionReferenceID: to.Ptr("8572513655450389710"),
}},
PolicyDefinitionID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/securityInitiative"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { PolicyClient } = require("@azure/arm-policy");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to This operation creates or updates a policy assignment with the given scope and name. Policy assignments apply to all resources contained within their scope. For example, when you assign a policy at resource group scope, that policy applies to all resources in the group.
*
* @summary This operation creates or updates a policy assignment with the given scope and name. Policy assignments apply to all resources contained within their scope. For example, when you assign a policy at resource group scope, that policy applies to all resources in the group.
* x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/createPolicyAssignmentNonComplianceMessages.json
*/
async function createOrUpdateAPolicyAssignmentWithMultipleNonComplianceMessages() {
const scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2";
const policyAssignmentName = "securityInitAssignment";
const parameters = {
displayName: "Enforce security policies",
nonComplianceMessages: [
{
message:
"Resources must comply with all internal security policies. See <internal site URL> for more info.",
},
{
message: "Resource names must start with 'DeptA' and end with '-LC'.",
policyDefinitionReferenceId: "10420126870854049575",
},
{
message: "Storage accounts must have firewall rules configured.",
policyDefinitionReferenceId: "8572513655450389710",
},
],
policyDefinitionId:
"/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/securityInitiative",
};
const credential = new DefaultAzureCredential();
const client = new PolicyClient(credential);
const result = await client.policyAssignments.create(scope, policyAssignmentName, parameters);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Voorbeeldrespons
{
"properties": {
"displayName": "Enforce security policies",
"metadata": {
"assignedBy": "User 1"
},
"policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/securityInitiative",
"definitionVersion": "1.*.*",
"notScopes": [],
"enforcementMode": "Default",
"scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
"nonComplianceMessages": [
{
"message": "Resources must comply with all internal security policies. See <internal site URL> for more info."
},
{
"message": "Resource names must start with 'DeptA' and end with '-LC'.",
"policyDefinitionReferenceId": "10420126870854049575"
},
{
"message": "Storage accounts must have firewall rules configured.",
"policyDefinitionReferenceId": "8572513655450389710"
}
]
},
"id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/securityInitAssignment",
"type": "Microsoft.Authorization/policyAssignments",
"name": "securityInitAssignment"
}
Create or update a policy assignment with overrides
Voorbeeldaanvraag
PUT https://management.azure.com/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement?api-version=2023-04-01
{
"properties": {
"displayName": "Limit the resource location and resource SKU",
"description": "Limit the resource location and resource SKU",
"metadata": {
"assignedBy": "Special Someone"
},
"policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement",
"overrides": [
{
"kind": "policyEffect",
"value": "Audit",
"selectors": [
{
"kind": "policyDefinitionReferenceId",
"in": [
"Limit_Skus",
"Limit_Locations"
]
}
]
}
]
}
}
import com.azure.core.management.serializer.SerializerFactory;
import com.azure.core.util.serializer.SerializerEncoding;
import com.azure.resourcemanager.resources.fluent.models.PolicyAssignmentInner;
import com.azure.resourcemanager.resources.models.OverrideKind;
import com.azure.resourcemanager.resources.models.OverrideModel;
import com.azure.resourcemanager.resources.models.Selector;
import com.azure.resourcemanager.resources.models.SelectorKind;
import java.io.IOException;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for PolicyAssignments Create.
*/
public final class Main {
/*
* x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/
* createPolicyAssignmentWithOverrides.json
*/
/**
* Sample code: Create or update a policy assignment with overrides.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void createOrUpdateAPolicyAssignmentWithOverrides(
com.azure.resourcemanager.AzureResourceManager azure) throws IOException {
azure.genericResources().manager().policyClient().getPolicyAssignments().createWithResponse(
"subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "CostManagement",
new PolicyAssignmentInner().withDisplayName("Limit the resource location and resource SKU")
.withPolicyDefinitionId(
"/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement")
.withDescription("Limit the resource location and resource SKU")
.withMetadata(SerializerFactory.createDefaultManagementSerializerAdapter()
.deserialize("{\"assignedBy\":\"Special Someone\"}", Object.class, SerializerEncoding.JSON))
.withOverrides(Arrays.asList(new OverrideModel().withKind(OverrideKind.POLICY_EFFECT).withValue("Audit")
.withSelectors(Arrays.asList(new Selector().withKind(SelectorKind.POLICY_DEFINITION_REFERENCE_ID)
.withIn(Arrays.asList("Limit_Skus", "Limit_Locations")))))),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.resource.policy import PolicyClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-resource
# USAGE
python create_policy_assignment_with_overrides.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = PolicyClient(
credential=DefaultAzureCredential(),
subscription_id="SUBSCRIPTION_ID",
)
response = client.policy_assignments.create(
scope="subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
policy_assignment_name="CostManagement",
parameters={
"properties": {
"description": "Limit the resource location and resource SKU",
"displayName": "Limit the resource location and resource SKU",
"metadata": {"assignedBy": "Special Someone"},
"overrides": [
{
"kind": "policyEffect",
"selectors": [{"in": ["Limit_Skus", "Limit_Locations"], "kind": "policyDefinitionReferenceId"}],
"value": "Audit",
}
],
"policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement",
}
},
)
print(response)
# x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/createPolicyAssignmentWithOverrides.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armpolicy_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/219b2e3ef270f18149774eb2793b48baacde982f/specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/createPolicyAssignmentWithOverrides.json
func ExampleAssignmentsClient_Create_createOrUpdateAPolicyAssignmentWithOverrides() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
_, err = clientFactory.NewAssignmentsClient().Create(ctx, "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "CostManagement", armpolicy.Assignment{
Properties: &armpolicy.AssignmentProperties{
Description: to.Ptr("Limit the resource location and resource SKU"),
DisplayName: to.Ptr("Limit the resource location and resource SKU"),
Metadata: map[string]any{
"assignedBy": "Special Someone",
},
Overrides: []*armpolicy.Override{
{
Kind: to.Ptr(armpolicy.OverrideKindPolicyEffect),
Selectors: []*armpolicy.Selector{
{
In: []*string{
to.Ptr("Limit_Skus"),
to.Ptr("Limit_Locations")},
Kind: to.Ptr(armpolicy.SelectorKindPolicyDefinitionReferenceID),
}},
Value: to.Ptr("Audit"),
}},
PolicyDefinitionID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { PolicyClient } = require("@azure/arm-policy");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to This operation creates or updates a policy assignment with the given scope and name. Policy assignments apply to all resources contained within their scope. For example, when you assign a policy at resource group scope, that policy applies to all resources in the group.
*
* @summary This operation creates or updates a policy assignment with the given scope and name. Policy assignments apply to all resources contained within their scope. For example, when you assign a policy at resource group scope, that policy applies to all resources in the group.
* x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/createPolicyAssignmentWithOverrides.json
*/
async function createOrUpdateAPolicyAssignmentWithOverrides() {
const scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2";
const policyAssignmentName = "CostManagement";
const parameters = {
description: "Limit the resource location and resource SKU",
displayName: "Limit the resource location and resource SKU",
metadata: { assignedBy: "Special Someone" },
overrides: [
{
kind: "policyEffect",
selectors: [
{
in: ["Limit_Skus", "Limit_Locations"],
kind: "policyDefinitionReferenceId",
},
],
value: "Audit",
},
],
policyDefinitionId:
"/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement",
};
const credential = new DefaultAzureCredential();
const client = new PolicyClient(credential);
const result = await client.policyAssignments.create(scope, policyAssignmentName, parameters);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Voorbeeldrespons
{
"properties": {
"displayName": "Limit the resource location and resource SKU",
"description": "Limit the resource location and resource SKU",
"metadata": {
"assignedBy": "Special Someone"
},
"policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement",
"definitionVersion": "1.*.*",
"notScopes": [],
"enforcementMode": "Default",
"scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
"overrides": [
{
"kind": "policyEffect",
"value": "Audit",
"selectors": [
{
"kind": "policyDefinitionReferenceId",
"in": [
"Limit_Skus",
"Limit_Locations"
]
}
]
}
]
},
"id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement",
"type": "Microsoft.Authorization/policyAssignments",
"name": "CostManagement"
}
Create or update a policy assignment with resource selectors
Voorbeeldaanvraag
PUT https://management.azure.com/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement?api-version=2023-04-01
{
"properties": {
"displayName": "Limit the resource location and resource SKU",
"description": "Limit the resource location and resource SKU",
"metadata": {
"assignedBy": "Special Someone"
},
"policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement",
"resourceSelectors": [
{
"name": "SDPRegions",
"selectors": [
{
"kind": "resourceLocation",
"in": [
"eastus2euap",
"centraluseuap"
]
}
]
}
]
}
}
import com.azure.core.management.serializer.SerializerFactory;
import com.azure.core.util.serializer.SerializerEncoding;
import com.azure.resourcemanager.resources.fluent.models.PolicyAssignmentInner;
import com.azure.resourcemanager.resources.models.ResourceSelector;
import com.azure.resourcemanager.resources.models.Selector;
import com.azure.resourcemanager.resources.models.SelectorKind;
import java.io.IOException;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for PolicyAssignments Create.
*/
public final class Main {
/*
* x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/
* createPolicyAssignmentWithResourceSelectors.json
*/
/**
* Sample code: Create or update a policy assignment with resource selectors.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void createOrUpdateAPolicyAssignmentWithResourceSelectors(
com.azure.resourcemanager.AzureResourceManager azure) throws IOException {
azure.genericResources().manager().policyClient().getPolicyAssignments().createWithResponse(
"subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "CostManagement",
new PolicyAssignmentInner().withDisplayName("Limit the resource location and resource SKU")
.withPolicyDefinitionId(
"/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement")
.withDescription("Limit the resource location and resource SKU")
.withMetadata(SerializerFactory.createDefaultManagementSerializerAdapter()
.deserialize("{\"assignedBy\":\"Special Someone\"}", Object.class, SerializerEncoding.JSON))
.withResourceSelectors(
Arrays.asList(new ResourceSelector().withName("SDPRegions")
.withSelectors(Arrays.asList(new Selector().withKind(SelectorKind.RESOURCE_LOCATION)
.withIn(Arrays.asList("eastus2euap", "centraluseuap")))))),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.resource.policy import PolicyClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-resource
# USAGE
python create_policy_assignment_with_resource_selectors.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = PolicyClient(
credential=DefaultAzureCredential(),
subscription_id="SUBSCRIPTION_ID",
)
response = client.policy_assignments.create(
scope="subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
policy_assignment_name="CostManagement",
parameters={
"properties": {
"description": "Limit the resource location and resource SKU",
"displayName": "Limit the resource location and resource SKU",
"metadata": {"assignedBy": "Special Someone"},
"policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement",
"resourceSelectors": [
{
"name": "SDPRegions",
"selectors": [{"in": ["eastus2euap", "centraluseuap"], "kind": "resourceLocation"}],
}
],
}
},
)
print(response)
# x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/createPolicyAssignmentWithResourceSelectors.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armpolicy_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/219b2e3ef270f18149774eb2793b48baacde982f/specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/createPolicyAssignmentWithResourceSelectors.json
func ExampleAssignmentsClient_Create_createOrUpdateAPolicyAssignmentWithResourceSelectors() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
_, err = clientFactory.NewAssignmentsClient().Create(ctx, "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "CostManagement", armpolicy.Assignment{
Properties: &armpolicy.AssignmentProperties{
Description: to.Ptr("Limit the resource location and resource SKU"),
DisplayName: to.Ptr("Limit the resource location and resource SKU"),
Metadata: map[string]any{
"assignedBy": "Special Someone",
},
PolicyDefinitionID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement"),
ResourceSelectors: []*armpolicy.ResourceSelector{
{
Name: to.Ptr("SDPRegions"),
Selectors: []*armpolicy.Selector{
{
In: []*string{
to.Ptr("eastus2euap"),
to.Ptr("centraluseuap")},
Kind: to.Ptr(armpolicy.SelectorKindResourceLocation),
}},
}},
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { PolicyClient } = require("@azure/arm-policy");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to This operation creates or updates a policy assignment with the given scope and name. Policy assignments apply to all resources contained within their scope. For example, when you assign a policy at resource group scope, that policy applies to all resources in the group.
*
* @summary This operation creates or updates a policy assignment with the given scope and name. Policy assignments apply to all resources contained within their scope. For example, when you assign a policy at resource group scope, that policy applies to all resources in the group.
* x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/createPolicyAssignmentWithResourceSelectors.json
*/
async function createOrUpdateAPolicyAssignmentWithResourceSelectors() {
const scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2";
const policyAssignmentName = "CostManagement";
const parameters = {
description: "Limit the resource location and resource SKU",
displayName: "Limit the resource location and resource SKU",
metadata: { assignedBy: "Special Someone" },
policyDefinitionId:
"/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement",
resourceSelectors: [
{
name: "SDPRegions",
selectors: [{ in: ["eastus2euap", "centraluseuap"], kind: "resourceLocation" }],
},
],
};
const credential = new DefaultAzureCredential();
const client = new PolicyClient(credential);
const result = await client.policyAssignments.create(scope, policyAssignmentName, parameters);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Voorbeeldrespons
{
"properties": {
"displayName": "Limit the resource location and resource SKU",
"description": "Limit the resource location and resource SKU",
"metadata": {
"assignedBy": "Special Someone"
},
"policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement",
"definitionVersion": "1.*.*",
"notScopes": [],
"enforcementMode": "Default",
"scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
"resourceSelectors": [
{
"name": "SDPRegions",
"selectors": [
{
"kind": "resourceLocation",
"in": [
"eastus2euap",
"centraluseuap"
]
}
]
}
]
},
"id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement",
"type": "Microsoft.Authorization/policyAssignments",
"name": "CostManagement"
}
Create or update a policy assignment without enforcing policy effect during resource creation or update.
Voorbeeldaanvraag
PUT https://management.azure.com/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming?api-version=2023-04-01
{
"properties": {
"displayName": "Enforce resource naming rules",
"description": "Force resource names to begin with given DeptA and end with -LC",
"metadata": {
"assignedBy": "Special Someone"
},
"policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
"parameters": {
"prefix": {
"value": "DeptA"
},
"suffix": {
"value": "-LC"
}
},
"enforcementMode": "DoNotEnforce"
}
}
import com.azure.core.management.serializer.SerializerFactory;
import com.azure.core.util.serializer.SerializerEncoding;
import com.azure.resourcemanager.resources.fluent.models.PolicyAssignmentInner;
import com.azure.resourcemanager.resources.models.EnforcementMode;
import com.azure.resourcemanager.resources.models.ParameterValuesValue;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for PolicyAssignments Create.
*/
public final class Main {
/*
* x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/
* createPolicyAssignmentWithoutEnforcement.json
*/
/**
* Sample code: Create or update a policy assignment without enforcing policy effect during resource creation or
* update.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void createOrUpdateAPolicyAssignmentWithoutEnforcingPolicyEffectDuringResourceCreationOrUpdate(
com.azure.resourcemanager.AzureResourceManager azure) throws IOException {
azure.genericResources().manager().policyClient().getPolicyAssignments().createWithResponse(
"subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "EnforceNaming",
new PolicyAssignmentInner().withDisplayName("Enforce resource naming rules").withPolicyDefinitionId(
"/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming")
.withParameters(mapOf("prefix", new ParameterValuesValue().withValue("DeptA"), "suffix",
new ParameterValuesValue().withValue("-LC")))
.withDescription("Force resource names to begin with given DeptA and end with -LC")
.withMetadata(SerializerFactory.createDefaultManagementSerializerAdapter()
.deserialize("{\"assignedBy\":\"Special Someone\"}", Object.class, SerializerEncoding.JSON))
.withEnforcementMode(EnforcementMode.DO_NOT_ENFORCE),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.resource.policy import PolicyClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-resource
# USAGE
python create_policy_assignment_without_enforcement.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = PolicyClient(
credential=DefaultAzureCredential(),
subscription_id="SUBSCRIPTION_ID",
)
response = client.policy_assignments.create(
scope="subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
policy_assignment_name="EnforceNaming",
parameters={
"properties": {
"description": "Force resource names to begin with given DeptA and end with -LC",
"displayName": "Enforce resource naming rules",
"enforcementMode": "DoNotEnforce",
"metadata": {"assignedBy": "Special Someone"},
"parameters": {"prefix": {"value": "DeptA"}, "suffix": {"value": "-LC"}},
"policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
}
},
)
print(response)
# x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/createPolicyAssignmentWithoutEnforcement.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armpolicy_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/219b2e3ef270f18149774eb2793b48baacde982f/specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/createPolicyAssignmentWithoutEnforcement.json
func ExampleAssignmentsClient_Create_createOrUpdateAPolicyAssignmentWithoutEnforcingPolicyEffectDuringResourceCreationOrUpdate() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
_, err = clientFactory.NewAssignmentsClient().Create(ctx, "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "EnforceNaming", armpolicy.Assignment{
Properties: &armpolicy.AssignmentProperties{
Description: to.Ptr("Force resource names to begin with given DeptA and end with -LC"),
DisplayName: to.Ptr("Enforce resource naming rules"),
EnforcementMode: to.Ptr(armpolicy.EnforcementModeDoNotEnforce),
Metadata: map[string]any{
"assignedBy": "Special Someone",
},
Parameters: map[string]*armpolicy.ParameterValuesValue{
"prefix": {
Value: "DeptA",
},
"suffix": {
Value: "-LC",
},
},
PolicyDefinitionID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { PolicyClient } = require("@azure/arm-policy");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to This operation creates or updates a policy assignment with the given scope and name. Policy assignments apply to all resources contained within their scope. For example, when you assign a policy at resource group scope, that policy applies to all resources in the group.
*
* @summary This operation creates or updates a policy assignment with the given scope and name. Policy assignments apply to all resources contained within their scope. For example, when you assign a policy at resource group scope, that policy applies to all resources in the group.
* x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/createPolicyAssignmentWithoutEnforcement.json
*/
async function createOrUpdateAPolicyAssignmentWithoutEnforcingPolicyEffectDuringResourceCreationOrUpdate() {
const scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2";
const policyAssignmentName = "EnforceNaming";
const parameters = {
description: "Force resource names to begin with given DeptA and end with -LC",
displayName: "Enforce resource naming rules",
enforcementMode: "DoNotEnforce",
metadata: { assignedBy: "Special Someone" },
parameters: { prefix: { value: "DeptA" }, suffix: { value: "-LC" } },
policyDefinitionId:
"/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
};
const credential = new DefaultAzureCredential();
const client = new PolicyClient(credential);
const result = await client.policyAssignments.create(scope, policyAssignmentName, parameters);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Voorbeeldrespons
{
"properties": {
"displayName": "Enforce resource naming rules",
"description": "Force resource names to begin with given DeptA and end with -LC",
"metadata": {
"assignedBy": "Special Someone"
},
"policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
"definitionVersion": "1.*.*",
"notScopes": [],
"parameters": {
"prefix": {
"value": "DeptA"
},
"suffix": {
"value": "-LC"
}
},
"enforcementMode": "DoNotEnforce",
"scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"
},
"id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming",
"type": "Microsoft.Authorization/policyAssignments",
"name": "EnforceNaming"
}
Definities
| Name |
Description |
|
CloudError
|
Een foutbericht van een beleidsbewerking.
|
|
createdByType
|
Het type identiteit waarmee de resource is gemaakt.
|
|
enforcementMode
|
De afdwingingsmodus voor beleidstoewijzing. Mogelijke waarden zijn Standaard en DoNotEnforce.
|
|
ErrorAdditionalInfo
|
Aanvullende informatie over de resourcebeheerfout.
|
|
ErrorResponse
|
Foutreactie
|
|
Identity
|
Identiteit voor de resource. Beleidstoewijzingen ondersteunen maximaal één identiteit. Dat is een door het systeem toegewezen identiteit of één door de gebruiker toegewezen identiteit.
|
|
NonComplianceMessage
|
Een bericht waarin wordt beschreven waarom een resource niet compatibel is met het beleid. Dit wordt weergegeven in foutberichten 'weigeren' en in de niet-compatibele nalevingsresultaten van de resource.
|
|
Override
|
De waarde van de beleidseigenschap wordt overschreven.
|
|
OverrideKind
|
Het onderdrukkingstype.
|
|
ParameterValuesValue
|
De waarde van een parameter.
|
|
PolicyAssignment
|
De beleidstoewijzing.
|
|
ResourceIdentityType
|
Het identiteitstype. Dit is het enige vereiste veld bij het toevoegen van een door het systeem of de gebruiker toegewezen identiteit aan een resource.
|
|
ResourceSelector
|
De resourceselector voor het filteren van beleidsregels op resource-eigenschappen.
|
|
Selector
|
De selector-expressie.
|
|
SelectorKind
|
De soort selector.
|
|
systemData
|
Metagegevens met betrekking tot het maken en de laatste wijziging van de resource.
|
|
UserAssignedIdentities
|
De gebruikersidentiteit die is gekoppeld aan het beleid. De sleutelverwijzingen voor de gebruikersidentiteitswoordenlijst zijn ARM-resource-id's in de vorm: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}.
|
CloudError
Object
Een foutbericht van een beleidsbewerking.
| Name |
Type |
Description |
|
error
|
ErrorResponse
|
Foutreactie
Veelvoorkomende foutreactie voor alle Azure Resource Manager-API's om foutdetails te retourneren voor mislukte bewerkingen. (Dit volgt ook de OData-foutreactie-indeling.)
|
createdByType
Inventarisatie
Het type identiteit waarmee de resource is gemaakt.
| Waarde |
Description |
|
User
|
|
|
Application
|
|
|
ManagedIdentity
|
|
|
Key
|
|
enforcementMode
Inventarisatie
De afdwingingsmodus voor beleidstoewijzing. Mogelijke waarden zijn Standaard en DoNotEnforce.
| Waarde |
Description |
|
Default
|
Het beleidseffect wordt afgedwongen tijdens het maken of bijwerken van resources.
|
|
DoNotEnforce
|
Het beleidseffect wordt niet afgedwongen tijdens het maken of bijwerken van resources.
|
ErrorAdditionalInfo
Object
Aanvullende informatie over de resourcebeheerfout.
| Name |
Type |
Description |
|
info
|
object
|
De aanvullende informatie.
|
|
type
|
string
|
Het extra informatietype.
|
ErrorResponse
Object
Foutreactie
| Name |
Type |
Description |
|
additionalInfo
|
ErrorAdditionalInfo[]
|
De fout bevat aanvullende informatie.
|
|
code
|
string
|
De foutcode.
|
|
details
|
ErrorResponse[]
|
De foutdetails.
|
|
message
|
string
|
Het foutbericht.
|
|
target
|
string
|
Het foutdoel.
|
Identity
Object
Identiteit voor de resource. Beleidstoewijzingen ondersteunen maximaal één identiteit. Dat is een door het systeem toegewezen identiteit of één door de gebruiker toegewezen identiteit.
| Name |
Type |
Description |
|
principalId
|
string
|
De principal-id van de resource-id. Deze eigenschap wordt alleen verstrekt voor een door het systeem toegewezen identiteit
|
|
tenantId
|
string
|
De tenant-id van de resource-id. Deze eigenschap wordt alleen verstrekt voor een door het systeem toegewezen identiteit
|
|
type
|
ResourceIdentityType
|
Het identiteitstype. Dit is het enige vereiste veld bij het toevoegen van een door het systeem of de gebruiker toegewezen identiteit aan een resource.
|
|
userAssignedIdentities
|
UserAssignedIdentities
|
De gebruikersidentiteit die is gekoppeld aan het beleid. De sleutelverwijzingen voor de gebruikersidentiteitswoordenlijst zijn ARM-resource-id's in de vorm: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}.
|
NonComplianceMessage
Object
Een bericht waarin wordt beschreven waarom een resource niet compatibel is met het beleid. Dit wordt weergegeven in foutberichten 'weigeren' en in de niet-compatibele nalevingsresultaten van de resource.
| Name |
Type |
Description |
|
message
|
string
|
Een bericht waarin wordt beschreven waarom een resource niet compatibel is met het beleid. Dit wordt weergegeven in foutberichten 'weigeren' en in de niet-compatibele nalevingsresultaten van de resource.
|
|
policyDefinitionReferenceId
|
string
|
De referentie-id van de beleidsdefinitie binnen een beleidssetdefinitie waarvoor het bericht is bedoeld. Dit is alleen van toepassing als aan de beleidstoewijzing een beleidssetdefinitie wordt toegewezen. Als dit niet is opgegeven, is het bericht van toepassing op alle beleidsregels die door deze beleidstoewijzing zijn toegewezen.
|
Override
Object
De waarde van de beleidseigenschap wordt overschreven.
| Name |
Type |
Description |
|
kind
|
OverrideKind
|
Het onderdrukkingstype.
|
|
selectors
|
Selector[]
|
De lijst met de selectorexpressies.
|
|
value
|
string
|
De waarde voor het overschrijven van de beleidseigenschap.
|
OverrideKind
Inventarisatie
Het onderdrukkingstype.
| Waarde |
Description |
|
policyEffect
|
Het beleidseffecttype wordt overschreven.
|
ParameterValuesValue
Object
De waarde van een parameter.
| Name |
Type |
Description |
|
value
|
object
|
De waarde van de parameter.
|
PolicyAssignment
Object
De beleidstoewijzing.
| Name |
Type |
Default value |
Description |
|
id
|
string
|
|
De id van de beleidstoewijzing.
|
|
identity
|
Identity
|
|
De beheerde identiteit die is gekoppeld aan de beleidstoewijzing.
|
|
location
|
string
|
|
De locatie van de beleidstoewijzing. Alleen vereist bij het gebruik van beheerde identiteit.
|
|
name
|
string
|
|
De naam van de beleidstoewijzing.
|
|
properties.definitionVersion
|
string
|
|
De versie van de te gebruiken beleidsdefinitie.
|
|
properties.description
|
string
|
|
Dit bericht maakt deel uit van het antwoord in het geval van een schending van het beleid.
|
|
properties.displayName
|
string
|
|
De weergavenaam van de beleidstoewijzing.
|
|
properties.effectiveDefinitionVersion
|
string
|
|
De effectieve versie van de gebruikte beleidsdefinitie. Dit is alleen aanwezig als dit wordt aangevraagd via de $expand queryparameter.
|
|
properties.enforcementMode
|
enforcementMode
|
Default
|
De afdwingingsmodus voor beleidstoewijzing. Mogelijke waarden zijn Standaard en DoNotEnforce.
|
|
properties.latestDefinitionVersion
|
string
|
|
De nieuwste versie van de beschikbare beleidsdefinitie. Dit is alleen aanwezig als dit wordt aangevraagd via de $expand queryparameter.
|
|
properties.metadata
|
object
|
|
De metagegevens van de beleidstoewijzing. Metagegevens zijn een geopend object en zijn meestal een verzameling sleutel-waardeparen.
|
|
properties.nonComplianceMessages
|
NonComplianceMessage[]
|
|
De berichten die beschrijven waarom een resource niet compatibel is met het beleid.
|
|
properties.notScopes
|
string[]
|
|
Uitgesloten bereiken van het beleid.
|
|
properties.overrides
|
Override[]
|
|
De waarde van de beleidseigenschap wordt overschreven.
|
|
properties.parameters
|
<string,
ParameterValuesValue>
|
|
De parameterwaarden voor de toegewezen beleidsregel. De sleutels zijn de parameternamen.
|
|
properties.policyDefinitionId
|
string
|
|
De id van de beleidsdefinitie of beleidssetdefinitie die wordt toegewezen.
|
|
properties.resourceSelectors
|
ResourceSelector[]
|
|
De lijst met resourcekiezers om beleidsregels te filteren op resource-eigenschappen.
|
|
properties.scope
|
string
|
|
Het bereik voor de beleidstoewijzing.
|
|
systemData
|
systemData
|
|
De systeemmetagegevens met betrekking tot deze resource.
|
|
type
|
string
|
|
Het type beleidstoewijzing.
|
ResourceIdentityType
Inventarisatie
Het identiteitstype. Dit is het enige vereiste veld bij het toevoegen van een door het systeem of de gebruiker toegewezen identiteit aan een resource.
| Waarde |
Description |
|
SystemAssigned
|
Geeft aan dat een door het systeem toegewezen identiteit is gekoppeld aan de resource.
|
|
UserAssigned
|
Geeft aan dat een door het systeem toegewezen identiteit is gekoppeld aan de resource.
|
|
None
|
Geeft aan dat er geen identiteit is gekoppeld aan de resource of dat de bestaande identiteit moet worden verwijderd.
|
ResourceSelector
Object
De resourceselector voor het filteren van beleidsregels op resource-eigenschappen.
| Name |
Type |
Description |
|
name
|
string
|
De naam van de resourcekiezer.
|
|
selectors
|
Selector[]
|
De lijst met de selectorexpressies.
|
Selector
Object
De selector-expressie.
| Name |
Type |
Description |
|
in
|
string[]
|
De lijst met waarden waarin u wilt filteren.
|
|
kind
|
SelectorKind
|
De soort selector.
|
|
notIn
|
string[]
|
De lijst met waarden die moeten worden gefilterd.
|
SelectorKind
Inventarisatie
De soort selector.
| Waarde |
Description |
|
resourceLocation
|
Het type selector voor het filteren van beleidsregels op de resourcelocatie.
|
|
resourceType
|
Het type selector om beleidsregels te filteren op het resourcetype.
|
|
resourceWithoutLocation
|
Het type selector om beleidsregels te filteren op de resource zonder locatie.
|
|
policyDefinitionReferenceId
|
Het type selector om beleid te filteren op basis van de referentie-id van de beleidsdefinitie.
|
systemData
Object
Metagegevens met betrekking tot het maken en de laatste wijziging van de resource.
| Name |
Type |
Description |
|
createdAt
|
string
(date-time)
|
De tijdstempel van het maken van resources (UTC).
|
|
createdBy
|
string
|
De identiteit waarmee de resource is gemaakt.
|
|
createdByType
|
createdByType
|
Het type identiteit waarmee de resource is gemaakt.
|
|
lastModifiedAt
|
string
(date-time)
|
De tijdstempel van de laatste wijziging van de resource (UTC)
|
|
lastModifiedBy
|
string
|
De identiteit die de resource voor het laatst heeft gewijzigd.
|
|
lastModifiedByType
|
createdByType
|
Het type identiteit dat de resource voor het laatst heeft gewijzigd.
|
UserAssignedIdentities
Object
De gebruikersidentiteit die is gekoppeld aan het beleid. De sleutelverwijzingen voor de gebruikersidentiteitswoordenlijst zijn ARM-resource-id's in de vorm: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}.