Esta operación crea o actualiza una asignación de directiva con el ámbito y el nombre especificados. Las asignaciones de directiva se aplican a todos los recursos contenidos dentro de su ámbito. Por ejemplo, al asignar una directiva en el ámbito del grupo de recursos, esa directiva se aplica a todos los recursos del grupo.
PUT https://management.azure.com/{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}?api-version=2023-04-01
Parámetros de identificador URI
| Nombre |
En |
Requerido |
Tipo |
Description |
|
policyAssignmentName
|
path |
True
|
string
pattern: ^[^<>*%&:\?.+/]*[^<>*%&:\?.+/ ]+$
|
Nombre de la asignación de directiva.
|
|
scope
|
path |
True
|
string
|
Ámbito de la asignación de directiva. Los ámbitos válidos son: grupo de administración (formato: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), suscripción (formato: '/subscriptions/{subscriptionId}'), grupo de recursos (formato: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', o recurso (formato: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
|
|
api-version
|
query |
True
|
string
minLength: 1
|
Versión de la API que se va a usar para esta operación.
|
Cuerpo de la solicitud
| Nombre |
Tipo |
Description |
|
identity
|
Identity
|
Identidad administrada asociada a la asignación de directiva.
|
|
location
|
string
|
Ubicación de la asignación de directiva. Solo es necesario al usar la identidad administrada.
|
|
properties.definitionVersion
|
string
|
Versión de la definición de directiva que se va a usar.
|
|
properties.description
|
string
|
Este mensaje formará parte de la respuesta en caso de infracción de directiva.
|
|
properties.displayName
|
string
|
Nombre para mostrar de la asignación de directiva.
|
|
properties.enforcementMode
|
enforcementMode
|
Modo de cumplimiento de asignación de directivas. Los valores posibles son Default y DoNotEnforce.
|
|
properties.metadata
|
object
|
Metadatos de asignación de directiva. Los metadatos son un objeto terminado abierto y normalmente es una colección de pares clave-valor.
|
|
properties.nonComplianceMessages
|
NonComplianceMessage[]
|
Los mensajes que describen por qué un recurso no es compatible con la directiva.
|
|
properties.notScopes
|
string[]
|
Ámbitos excluidos de la directiva.
|
|
properties.overrides
|
Override[]
|
Invalidación del valor de la propiedad de directiva.
|
|
properties.parameters
|
<string,
ParameterValuesValue>
|
Valores de parámetro para la regla de directiva asignada. Las claves son los nombres de parámetro.
|
|
properties.policyDefinitionId
|
string
|
Identificador de la definición de directiva o definición del conjunto de directivas que se asigna.
|
|
properties.resourceSelectors
|
ResourceSelector[]
|
Lista del selector de recursos para filtrar las directivas por propiedades de recursos.
|
Respuestas
| Nombre |
Tipo |
Description |
|
201 Created
|
PolicyAssignment
|
Creado: devuelve información sobre la nueva asignación de directiva.
|
|
Other Status Codes
|
CloudError
|
Respuesta de error que describe por qué se produjo un error en la operación.
|
Seguridad
azure_auth
Flujo de OAuth2 de Azure Active Directory.
Tipo:
oauth2
Flujo:
implicit
Dirección URL de autorización:
https://login.microsoftonline.com/common/oauth2/authorize
Ámbitos
| Nombre |
Description |
|
user_impersonation
|
suplantar la cuenta de usuario
|
Ejemplos
Create or update a policy assignment
Solicitud de ejemplo
PUT https://management.azure.com/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming?api-version=2023-04-01
{
"properties": {
"displayName": "Enforce resource naming rules",
"description": "Force resource names to begin with given DeptA and end with -LC",
"metadata": {
"assignedBy": "Special Someone"
},
"policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
"parameters": {
"prefix": {
"value": "DeptA"
},
"suffix": {
"value": "-LC"
}
},
"nonComplianceMessages": [
{
"message": "Resource names must start with 'DeptA' and end with '-LC'."
}
]
}
}
import com.azure.core.management.serializer.SerializerFactory;
import com.azure.core.util.serializer.SerializerEncoding;
import com.azure.resourcemanager.resources.fluent.models.PolicyAssignmentInner;
import com.azure.resourcemanager.resources.models.NonComplianceMessage;
import com.azure.resourcemanager.resources.models.ParameterValuesValue;
import java.io.IOException;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for PolicyAssignments Create.
*/
public final class Main {
/*
* x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/
* createPolicyAssignment.json
*/
/**
* Sample code: Create or update a policy assignment.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void createOrUpdateAPolicyAssignment(com.azure.resourcemanager.AzureResourceManager azure)
throws IOException {
azure.genericResources().manager().policyClient().getPolicyAssignments().createWithResponse(
"subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "EnforceNaming",
new PolicyAssignmentInner().withDisplayName("Enforce resource naming rules").withPolicyDefinitionId(
"/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming")
.withParameters(mapOf("prefix", new ParameterValuesValue().withValue("DeptA"), "suffix",
new ParameterValuesValue().withValue("-LC")))
.withDescription("Force resource names to begin with given DeptA and end with -LC")
.withMetadata(SerializerFactory.createDefaultManagementSerializerAdapter()
.deserialize("{\"assignedBy\":\"Special Someone\"}", Object.class, SerializerEncoding.JSON))
.withNonComplianceMessages(Arrays.asList(new NonComplianceMessage()
.withMessage("Resource names must start with 'DeptA' and end with '-LC'."))),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armpolicy_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/219b2e3ef270f18149774eb2793b48baacde982f/specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/createPolicyAssignment.json
func ExampleAssignmentsClient_Create_createOrUpdateAPolicyAssignment() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
_, err = clientFactory.NewAssignmentsClient().Create(ctx, "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "EnforceNaming", armpolicy.Assignment{
Properties: &armpolicy.AssignmentProperties{
Description: to.Ptr("Force resource names to begin with given DeptA and end with -LC"),
DisplayName: to.Ptr("Enforce resource naming rules"),
Metadata: map[string]any{
"assignedBy": "Special Someone",
},
NonComplianceMessages: []*armpolicy.NonComplianceMessage{
{
Message: to.Ptr("Resource names must start with 'DeptA' and end with '-LC'."),
}},
Parameters: map[string]*armpolicy.ParameterValuesValue{
"prefix": {
Value: "DeptA",
},
"suffix": {
Value: "-LC",
},
},
PolicyDefinitionID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { PolicyClient } = require("@azure/arm-policy");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to This operation creates or updates a policy assignment with the given scope and name. Policy assignments apply to all resources contained within their scope. For example, when you assign a policy at resource group scope, that policy applies to all resources in the group.
*
* @summary This operation creates or updates a policy assignment with the given scope and name. Policy assignments apply to all resources contained within their scope. For example, when you assign a policy at resource group scope, that policy applies to all resources in the group.
* x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/createPolicyAssignment.json
*/
async function createOrUpdateAPolicyAssignment() {
const scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2";
const policyAssignmentName = "EnforceNaming";
const parameters = {
description: "Force resource names to begin with given DeptA and end with -LC",
displayName: "Enforce resource naming rules",
metadata: { assignedBy: "Special Someone" },
nonComplianceMessages: [
{ message: "Resource names must start with 'DeptA' and end with '-LC'." },
],
parameters: { prefix: { value: "DeptA" }, suffix: { value: "-LC" } },
policyDefinitionId:
"/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
};
const credential = new DefaultAzureCredential();
const client = new PolicyClient(credential);
const result = await client.policyAssignments.create(scope, policyAssignmentName, parameters);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Respuesta de muestra
{
"properties": {
"displayName": "Enforce resource naming rules",
"description": "Force resource names to begin with given DeptA and end with -LC",
"metadata": {
"assignedBy": "Special Someone"
},
"policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
"definitionVersion": "1.*.*",
"notScopes": [],
"parameters": {
"prefix": {
"value": "DeptA"
},
"suffix": {
"value": "-LC"
}
},
"enforcementMode": "Default",
"scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
"nonComplianceMessages": [
{
"message": "Resource names must start with 'DeptA' and end with '-LC'."
}
]
},
"id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming",
"type": "Microsoft.Authorization/policyAssignments",
"name": "EnforceNaming"
}
Create or update a policy assignment with a system assigned identity
Solicitud de ejemplo
PUT https://management.azure.com/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming?api-version=2023-04-01
{
"location": "eastus",
"identity": {
"type": "SystemAssigned"
},
"properties": {
"displayName": "Enforce resource naming rules",
"description": "Force resource names to begin with given DeptA and end with -LC",
"metadata": {
"assignedBy": "Foo Bar"
},
"policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
"parameters": {
"prefix": {
"value": "DeptA"
},
"suffix": {
"value": "-LC"
}
},
"enforcementMode": "Default"
}
}
import com.azure.core.management.serializer.SerializerFactory;
import com.azure.core.util.serializer.SerializerEncoding;
import com.azure.resourcemanager.resources.fluent.models.PolicyAssignmentInner;
import com.azure.resourcemanager.resources.models.EnforcementMode;
import com.azure.resourcemanager.resources.models.Identity;
import com.azure.resourcemanager.resources.models.ParameterValuesValue;
import com.azure.resourcemanager.resources.models.ResourceIdentityType;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for PolicyAssignments Create.
*/
public final class Main {
/*
* x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/
* createPolicyAssignmentWithIdentity.json
*/
/**
* Sample code: Create or update a policy assignment with a system assigned identity.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void createOrUpdateAPolicyAssignmentWithASystemAssignedIdentity(
com.azure.resourcemanager.AzureResourceManager azure) throws IOException {
azure.genericResources().manager().policyClient().getPolicyAssignments().createWithResponse(
"subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "EnforceNaming",
new PolicyAssignmentInner().withLocation("eastus")
.withIdentity(new Identity().withType(ResourceIdentityType.SYSTEM_ASSIGNED))
.withDisplayName("Enforce resource naming rules")
.withPolicyDefinitionId(
"/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming")
.withParameters(mapOf("prefix", new ParameterValuesValue().withValue("DeptA"), "suffix",
new ParameterValuesValue().withValue("-LC")))
.withDescription("Force resource names to begin with given DeptA and end with -LC")
.withMetadata(SerializerFactory.createDefaultManagementSerializerAdapter()
.deserialize("{\"assignedBy\":\"Foo Bar\"}", Object.class, SerializerEncoding.JSON))
.withEnforcementMode(EnforcementMode.DEFAULT),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armpolicy_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/219b2e3ef270f18149774eb2793b48baacde982f/specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/createPolicyAssignmentWithIdentity.json
func ExampleAssignmentsClient_Create_createOrUpdateAPolicyAssignmentWithASystemAssignedIdentity() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
_, err = clientFactory.NewAssignmentsClient().Create(ctx, "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "EnforceNaming", armpolicy.Assignment{
Identity: &armpolicy.Identity{
Type: to.Ptr(armpolicy.ResourceIdentityTypeSystemAssigned),
},
Location: to.Ptr("eastus"),
Properties: &armpolicy.AssignmentProperties{
Description: to.Ptr("Force resource names to begin with given DeptA and end with -LC"),
DisplayName: to.Ptr("Enforce resource naming rules"),
EnforcementMode: to.Ptr(armpolicy.EnforcementModeDefault),
Metadata: map[string]any{
"assignedBy": "Foo Bar",
},
Parameters: map[string]*armpolicy.ParameterValuesValue{
"prefix": {
Value: "DeptA",
},
"suffix": {
Value: "-LC",
},
},
PolicyDefinitionID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { PolicyClient } = require("@azure/arm-policy");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to This operation creates or updates a policy assignment with the given scope and name. Policy assignments apply to all resources contained within their scope. For example, when you assign a policy at resource group scope, that policy applies to all resources in the group.
*
* @summary This operation creates or updates a policy assignment with the given scope and name. Policy assignments apply to all resources contained within their scope. For example, when you assign a policy at resource group scope, that policy applies to all resources in the group.
* x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/createPolicyAssignmentWithIdentity.json
*/
async function createOrUpdateAPolicyAssignmentWithASystemAssignedIdentity() {
const scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2";
const policyAssignmentName = "EnforceNaming";
const parameters = {
description: "Force resource names to begin with given DeptA and end with -LC",
displayName: "Enforce resource naming rules",
enforcementMode: "Default",
identity: { type: "SystemAssigned" },
location: "eastus",
metadata: { assignedBy: "Foo Bar" },
parameters: { prefix: { value: "DeptA" }, suffix: { value: "-LC" } },
policyDefinitionId:
"/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
};
const credential = new DefaultAzureCredential();
const client = new PolicyClient(credential);
const result = await client.policyAssignments.create(scope, policyAssignmentName, parameters);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Respuesta de muestra
{
"properties": {
"displayName": "Enforce resource naming rules",
"description": "Force resource names to begin with given DeptA and end with -LC",
"metadata": {
"assignedBy": "Special Someone"
},
"policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
"definitionVersion": "1.*.*",
"notScopes": [],
"parameters": {
"prefix": {
"value": "DeptA"
},
"suffix": {
"value": "-LC"
}
},
"enforcementMode": "Default",
"scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"
},
"identity": {
"type": "SystemAssigned",
"principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a",
"tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135"
},
"location": "eastus",
"id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming",
"type": "Microsoft.Authorization/policyAssignments",
"name": "EnforceNaming"
}
Create or update a policy assignment with a user assigned identity
Solicitud de ejemplo
PUT https://management.azure.com/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming?api-version=2023-04-01
{
"location": "eastus",
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-identity": {}
}
},
"properties": {
"displayName": "Enforce resource naming rules",
"description": "Force resource names to begin with given DeptA and end with -LC",
"metadata": {
"assignedBy": "Foo Bar"
},
"policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
"parameters": {
"prefix": {
"value": "DeptA"
},
"suffix": {
"value": "-LC"
}
},
"enforcementMode": "Default"
}
}
import com.azure.core.management.serializer.SerializerFactory;
import com.azure.core.util.serializer.SerializerEncoding;
import com.azure.resourcemanager.resources.fluent.models.PolicyAssignmentInner;
import com.azure.resourcemanager.resources.models.EnforcementMode;
import com.azure.resourcemanager.resources.models.Identity;
import com.azure.resourcemanager.resources.models.IdentityUserAssignedIdentitiesValue;
import com.azure.resourcemanager.resources.models.ParameterValuesValue;
import com.azure.resourcemanager.resources.models.ResourceIdentityType;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for PolicyAssignments Create.
*/
public final class Main {
/*
* x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/
* createPolicyAssignmentWithUserAssignedIdentity.json
*/
/**
* Sample code: Create or update a policy assignment with a user assigned identity.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void createOrUpdateAPolicyAssignmentWithAUserAssignedIdentity(
com.azure.resourcemanager.AzureResourceManager azure) throws IOException {
azure.genericResources().manager().policyClient().getPolicyAssignments().createWithResponse(
"subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "EnforceNaming",
new PolicyAssignmentInner().withLocation("eastus").withIdentity(new Identity()
.withType(ResourceIdentityType.USER_ASSIGNED)
.withUserAssignedIdentities(mapOf(
"/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-identity",
new IdentityUserAssignedIdentitiesValue())))
.withDisplayName("Enforce resource naming rules")
.withPolicyDefinitionId(
"/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming")
.withParameters(mapOf("prefix", new ParameterValuesValue().withValue("DeptA"), "suffix",
new ParameterValuesValue().withValue("-LC")))
.withDescription("Force resource names to begin with given DeptA and end with -LC")
.withMetadata(SerializerFactory.createDefaultManagementSerializerAdapter()
.deserialize("{\"assignedBy\":\"Foo Bar\"}", Object.class, SerializerEncoding.JSON))
.withEnforcementMode(EnforcementMode.DEFAULT),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armpolicy_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/219b2e3ef270f18149774eb2793b48baacde982f/specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/createPolicyAssignmentWithUserAssignedIdentity.json
func ExampleAssignmentsClient_Create_createOrUpdateAPolicyAssignmentWithAUserAssignedIdentity() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
_, err = clientFactory.NewAssignmentsClient().Create(ctx, "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "EnforceNaming", armpolicy.Assignment{
Identity: &armpolicy.Identity{
Type: to.Ptr(armpolicy.ResourceIdentityTypeUserAssigned),
UserAssignedIdentities: map[string]*armpolicy.UserAssignedIdentitiesValue{
"/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-identity": {},
},
},
Location: to.Ptr("eastus"),
Properties: &armpolicy.AssignmentProperties{
Description: to.Ptr("Force resource names to begin with given DeptA and end with -LC"),
DisplayName: to.Ptr("Enforce resource naming rules"),
EnforcementMode: to.Ptr(armpolicy.EnforcementModeDefault),
Metadata: map[string]any{
"assignedBy": "Foo Bar",
},
Parameters: map[string]*armpolicy.ParameterValuesValue{
"prefix": {
Value: "DeptA",
},
"suffix": {
Value: "-LC",
},
},
PolicyDefinitionID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { PolicyClient } = require("@azure/arm-policy");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to This operation creates or updates a policy assignment with the given scope and name. Policy assignments apply to all resources contained within their scope. For example, when you assign a policy at resource group scope, that policy applies to all resources in the group.
*
* @summary This operation creates or updates a policy assignment with the given scope and name. Policy assignments apply to all resources contained within their scope. For example, when you assign a policy at resource group scope, that policy applies to all resources in the group.
* x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/createPolicyAssignmentWithUserAssignedIdentity.json
*/
async function createOrUpdateAPolicyAssignmentWithAUserAssignedIdentity() {
const scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2";
const policyAssignmentName = "EnforceNaming";
const parameters = {
description: "Force resource names to begin with given DeptA and end with -LC",
displayName: "Enforce resource naming rules",
enforcementMode: "Default",
identity: {
type: "UserAssigned",
userAssignedIdentities: {
"/subscriptions/ae640e6bBa3e42569d622993eecfa6f2/resourceGroups/testResourceGroup/providers/MicrosoftManagedIdentity/userAssignedIdentities/testIdentity":
{},
},
},
location: "eastus",
metadata: { assignedBy: "Foo Bar" },
parameters: { prefix: { value: "DeptA" }, suffix: { value: "-LC" } },
policyDefinitionId:
"/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
};
const credential = new DefaultAzureCredential();
const client = new PolicyClient(credential);
const result = await client.policyAssignments.create(scope, policyAssignmentName, parameters);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Respuesta de muestra
{
"properties": {
"displayName": "Enforce resource naming rules",
"description": "Force resource names to begin with given DeptA and end with -LC",
"metadata": {
"assignedBy": "Special Someone"
},
"policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
"definitionVersion": "1.*.*",
"notScopes": [],
"parameters": {
"prefix": {
"value": "DeptA"
},
"suffix": {
"value": "-LC"
}
},
"enforcementMode": "Default",
"scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"
},
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-identity": {
"principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a",
"clientId": "4bee2b8a-1bee-47c2-90e9-404241551135"
}
}
},
"location": "eastus",
"id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming",
"type": "Microsoft.Authorization/policyAssignments",
"name": "EnforceNaming"
}
Create or update a policy assignment with multiple non-compliance messages
Solicitud de ejemplo
PUT https://management.azure.com/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/securityInitAssignment?api-version=2023-04-01
{
"properties": {
"displayName": "Enforce security policies",
"policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/securityInitiative",
"nonComplianceMessages": [
{
"message": "Resources must comply with all internal security policies. See <internal site URL> for more info."
},
{
"message": "Resource names must start with 'DeptA' and end with '-LC'.",
"policyDefinitionReferenceId": "10420126870854049575"
},
{
"message": "Storage accounts must have firewall rules configured.",
"policyDefinitionReferenceId": "8572513655450389710"
}
]
}
}
import com.azure.resourcemanager.resources.fluent.models.PolicyAssignmentInner;
import com.azure.resourcemanager.resources.models.NonComplianceMessage;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for PolicyAssignments Create.
*/
public final class Main {
/*
* x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/
* createPolicyAssignmentNonComplianceMessages.json
*/
/**
* Sample code: Create or update a policy assignment with multiple non-compliance messages.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void createOrUpdateAPolicyAssignmentWithMultipleNonComplianceMessages(
com.azure.resourcemanager.AzureResourceManager azure) {
azure.genericResources().manager().policyClient().getPolicyAssignments().createWithResponse(
"subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "securityInitAssignment",
new PolicyAssignmentInner().withDisplayName("Enforce security policies").withPolicyDefinitionId(
"/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/securityInitiative")
.withNonComplianceMessages(Arrays.asList(new NonComplianceMessage().withMessage(
"Resources must comply with all internal security policies. See <internal site URL> for more info."),
new NonComplianceMessage().withMessage("Resource names must start with 'DeptA' and end with '-LC'.")
.withPolicyDefinitionReferenceId("10420126870854049575"),
new NonComplianceMessage().withMessage("Storage accounts must have firewall rules configured.")
.withPolicyDefinitionReferenceId("8572513655450389710"))),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armpolicy_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/219b2e3ef270f18149774eb2793b48baacde982f/specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/createPolicyAssignmentNonComplianceMessages.json
func ExampleAssignmentsClient_Create_createOrUpdateAPolicyAssignmentWithMultipleNonComplianceMessages() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
_, err = clientFactory.NewAssignmentsClient().Create(ctx, "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "securityInitAssignment", armpolicy.Assignment{
Properties: &armpolicy.AssignmentProperties{
DisplayName: to.Ptr("Enforce security policies"),
NonComplianceMessages: []*armpolicy.NonComplianceMessage{
{
Message: to.Ptr("Resources must comply with all internal security policies. See <internal site URL> for more info."),
},
{
Message: to.Ptr("Resource names must start with 'DeptA' and end with '-LC'."),
PolicyDefinitionReferenceID: to.Ptr("10420126870854049575"),
},
{
Message: to.Ptr("Storage accounts must have firewall rules configured."),
PolicyDefinitionReferenceID: to.Ptr("8572513655450389710"),
}},
PolicyDefinitionID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/securityInitiative"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { PolicyClient } = require("@azure/arm-policy");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to This operation creates or updates a policy assignment with the given scope and name. Policy assignments apply to all resources contained within their scope. For example, when you assign a policy at resource group scope, that policy applies to all resources in the group.
*
* @summary This operation creates or updates a policy assignment with the given scope and name. Policy assignments apply to all resources contained within their scope. For example, when you assign a policy at resource group scope, that policy applies to all resources in the group.
* x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/createPolicyAssignmentNonComplianceMessages.json
*/
async function createOrUpdateAPolicyAssignmentWithMultipleNonComplianceMessages() {
const scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2";
const policyAssignmentName = "securityInitAssignment";
const parameters = {
displayName: "Enforce security policies",
nonComplianceMessages: [
{
message:
"Resources must comply with all internal security policies. See <internal site URL> for more info.",
},
{
message: "Resource names must start with 'DeptA' and end with '-LC'.",
policyDefinitionReferenceId: "10420126870854049575",
},
{
message: "Storage accounts must have firewall rules configured.",
policyDefinitionReferenceId: "8572513655450389710",
},
],
policyDefinitionId:
"/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/securityInitiative",
};
const credential = new DefaultAzureCredential();
const client = new PolicyClient(credential);
const result = await client.policyAssignments.create(scope, policyAssignmentName, parameters);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Respuesta de muestra
{
"properties": {
"displayName": "Enforce security policies",
"metadata": {
"assignedBy": "User 1"
},
"policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/securityInitiative",
"definitionVersion": "1.*.*",
"notScopes": [],
"enforcementMode": "Default",
"scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
"nonComplianceMessages": [
{
"message": "Resources must comply with all internal security policies. See <internal site URL> for more info."
},
{
"message": "Resource names must start with 'DeptA' and end with '-LC'.",
"policyDefinitionReferenceId": "10420126870854049575"
},
{
"message": "Storage accounts must have firewall rules configured.",
"policyDefinitionReferenceId": "8572513655450389710"
}
]
},
"id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/securityInitAssignment",
"type": "Microsoft.Authorization/policyAssignments",
"name": "securityInitAssignment"
}
Create or update a policy assignment with overrides
Solicitud de ejemplo
PUT https://management.azure.com/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement?api-version=2023-04-01
{
"properties": {
"displayName": "Limit the resource location and resource SKU",
"description": "Limit the resource location and resource SKU",
"metadata": {
"assignedBy": "Special Someone"
},
"policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement",
"overrides": [
{
"kind": "policyEffect",
"value": "Audit",
"selectors": [
{
"kind": "policyDefinitionReferenceId",
"in": [
"Limit_Skus",
"Limit_Locations"
]
}
]
}
]
}
}
import com.azure.core.management.serializer.SerializerFactory;
import com.azure.core.util.serializer.SerializerEncoding;
import com.azure.resourcemanager.resources.fluent.models.PolicyAssignmentInner;
import com.azure.resourcemanager.resources.models.OverrideKind;
import com.azure.resourcemanager.resources.models.OverrideModel;
import com.azure.resourcemanager.resources.models.Selector;
import com.azure.resourcemanager.resources.models.SelectorKind;
import java.io.IOException;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for PolicyAssignments Create.
*/
public final class Main {
/*
* x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/
* createPolicyAssignmentWithOverrides.json
*/
/**
* Sample code: Create or update a policy assignment with overrides.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void createOrUpdateAPolicyAssignmentWithOverrides(
com.azure.resourcemanager.AzureResourceManager azure) throws IOException {
azure.genericResources().manager().policyClient().getPolicyAssignments().createWithResponse(
"subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "CostManagement",
new PolicyAssignmentInner().withDisplayName("Limit the resource location and resource SKU")
.withPolicyDefinitionId(
"/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement")
.withDescription("Limit the resource location and resource SKU")
.withMetadata(SerializerFactory.createDefaultManagementSerializerAdapter()
.deserialize("{\"assignedBy\":\"Special Someone\"}", Object.class, SerializerEncoding.JSON))
.withOverrides(Arrays.asList(new OverrideModel().withKind(OverrideKind.POLICY_EFFECT).withValue("Audit")
.withSelectors(Arrays.asList(new Selector().withKind(SelectorKind.POLICY_DEFINITION_REFERENCE_ID)
.withIn(Arrays.asList("Limit_Skus", "Limit_Locations")))))),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armpolicy_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/219b2e3ef270f18149774eb2793b48baacde982f/specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/createPolicyAssignmentWithOverrides.json
func ExampleAssignmentsClient_Create_createOrUpdateAPolicyAssignmentWithOverrides() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
_, err = clientFactory.NewAssignmentsClient().Create(ctx, "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "CostManagement", armpolicy.Assignment{
Properties: &armpolicy.AssignmentProperties{
Description: to.Ptr("Limit the resource location and resource SKU"),
DisplayName: to.Ptr("Limit the resource location and resource SKU"),
Metadata: map[string]any{
"assignedBy": "Special Someone",
},
Overrides: []*armpolicy.Override{
{
Kind: to.Ptr(armpolicy.OverrideKindPolicyEffect),
Selectors: []*armpolicy.Selector{
{
In: []*string{
to.Ptr("Limit_Skus"),
to.Ptr("Limit_Locations")},
Kind: to.Ptr(armpolicy.SelectorKindPolicyDefinitionReferenceID),
}},
Value: to.Ptr("Audit"),
}},
PolicyDefinitionID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { PolicyClient } = require("@azure/arm-policy");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to This operation creates or updates a policy assignment with the given scope and name. Policy assignments apply to all resources contained within their scope. For example, when you assign a policy at resource group scope, that policy applies to all resources in the group.
*
* @summary This operation creates or updates a policy assignment with the given scope and name. Policy assignments apply to all resources contained within their scope. For example, when you assign a policy at resource group scope, that policy applies to all resources in the group.
* x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/createPolicyAssignmentWithOverrides.json
*/
async function createOrUpdateAPolicyAssignmentWithOverrides() {
const scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2";
const policyAssignmentName = "CostManagement";
const parameters = {
description: "Limit the resource location and resource SKU",
displayName: "Limit the resource location and resource SKU",
metadata: { assignedBy: "Special Someone" },
overrides: [
{
kind: "policyEffect",
selectors: [
{
in: ["Limit_Skus", "Limit_Locations"],
kind: "policyDefinitionReferenceId",
},
],
value: "Audit",
},
],
policyDefinitionId:
"/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement",
};
const credential = new DefaultAzureCredential();
const client = new PolicyClient(credential);
const result = await client.policyAssignments.create(scope, policyAssignmentName, parameters);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Respuesta de muestra
{
"properties": {
"displayName": "Limit the resource location and resource SKU",
"description": "Limit the resource location and resource SKU",
"metadata": {
"assignedBy": "Special Someone"
},
"policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement",
"definitionVersion": "1.*.*",
"notScopes": [],
"enforcementMode": "Default",
"scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
"overrides": [
{
"kind": "policyEffect",
"value": "Audit",
"selectors": [
{
"kind": "policyDefinitionReferenceId",
"in": [
"Limit_Skus",
"Limit_Locations"
]
}
]
}
]
},
"id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement",
"type": "Microsoft.Authorization/policyAssignments",
"name": "CostManagement"
}
Create or update a policy assignment with resource selectors
Solicitud de ejemplo
PUT https://management.azure.com/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement?api-version=2023-04-01
{
"properties": {
"displayName": "Limit the resource location and resource SKU",
"description": "Limit the resource location and resource SKU",
"metadata": {
"assignedBy": "Special Someone"
},
"policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement",
"resourceSelectors": [
{
"name": "SDPRegions",
"selectors": [
{
"kind": "resourceLocation",
"in": [
"eastus2euap",
"centraluseuap"
]
}
]
}
]
}
}
import com.azure.core.management.serializer.SerializerFactory;
import com.azure.core.util.serializer.SerializerEncoding;
import com.azure.resourcemanager.resources.fluent.models.PolicyAssignmentInner;
import com.azure.resourcemanager.resources.models.ResourceSelector;
import com.azure.resourcemanager.resources.models.Selector;
import com.azure.resourcemanager.resources.models.SelectorKind;
import java.io.IOException;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for PolicyAssignments Create.
*/
public final class Main {
/*
* x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/
* createPolicyAssignmentWithResourceSelectors.json
*/
/**
* Sample code: Create or update a policy assignment with resource selectors.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void createOrUpdateAPolicyAssignmentWithResourceSelectors(
com.azure.resourcemanager.AzureResourceManager azure) throws IOException {
azure.genericResources().manager().policyClient().getPolicyAssignments().createWithResponse(
"subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "CostManagement",
new PolicyAssignmentInner().withDisplayName("Limit the resource location and resource SKU")
.withPolicyDefinitionId(
"/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement")
.withDescription("Limit the resource location and resource SKU")
.withMetadata(SerializerFactory.createDefaultManagementSerializerAdapter()
.deserialize("{\"assignedBy\":\"Special Someone\"}", Object.class, SerializerEncoding.JSON))
.withResourceSelectors(
Arrays.asList(new ResourceSelector().withName("SDPRegions")
.withSelectors(Arrays.asList(new Selector().withKind(SelectorKind.RESOURCE_LOCATION)
.withIn(Arrays.asList("eastus2euap", "centraluseuap")))))),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armpolicy_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/219b2e3ef270f18149774eb2793b48baacde982f/specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/createPolicyAssignmentWithResourceSelectors.json
func ExampleAssignmentsClient_Create_createOrUpdateAPolicyAssignmentWithResourceSelectors() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
_, err = clientFactory.NewAssignmentsClient().Create(ctx, "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "CostManagement", armpolicy.Assignment{
Properties: &armpolicy.AssignmentProperties{
Description: to.Ptr("Limit the resource location and resource SKU"),
DisplayName: to.Ptr("Limit the resource location and resource SKU"),
Metadata: map[string]any{
"assignedBy": "Special Someone",
},
PolicyDefinitionID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement"),
ResourceSelectors: []*armpolicy.ResourceSelector{
{
Name: to.Ptr("SDPRegions"),
Selectors: []*armpolicy.Selector{
{
In: []*string{
to.Ptr("eastus2euap"),
to.Ptr("centraluseuap")},
Kind: to.Ptr(armpolicy.SelectorKindResourceLocation),
}},
}},
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { PolicyClient } = require("@azure/arm-policy");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to This operation creates or updates a policy assignment with the given scope and name. Policy assignments apply to all resources contained within their scope. For example, when you assign a policy at resource group scope, that policy applies to all resources in the group.
*
* @summary This operation creates or updates a policy assignment with the given scope and name. Policy assignments apply to all resources contained within their scope. For example, when you assign a policy at resource group scope, that policy applies to all resources in the group.
* x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/createPolicyAssignmentWithResourceSelectors.json
*/
async function createOrUpdateAPolicyAssignmentWithResourceSelectors() {
const scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2";
const policyAssignmentName = "CostManagement";
const parameters = {
description: "Limit the resource location and resource SKU",
displayName: "Limit the resource location and resource SKU",
metadata: { assignedBy: "Special Someone" },
policyDefinitionId:
"/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement",
resourceSelectors: [
{
name: "SDPRegions",
selectors: [{ in: ["eastus2euap", "centraluseuap"], kind: "resourceLocation" }],
},
],
};
const credential = new DefaultAzureCredential();
const client = new PolicyClient(credential);
const result = await client.policyAssignments.create(scope, policyAssignmentName, parameters);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Respuesta de muestra
{
"properties": {
"displayName": "Limit the resource location and resource SKU",
"description": "Limit the resource location and resource SKU",
"metadata": {
"assignedBy": "Special Someone"
},
"policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement",
"definitionVersion": "1.*.*",
"notScopes": [],
"enforcementMode": "Default",
"scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
"resourceSelectors": [
{
"name": "SDPRegions",
"selectors": [
{
"kind": "resourceLocation",
"in": [
"eastus2euap",
"centraluseuap"
]
}
]
}
]
},
"id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement",
"type": "Microsoft.Authorization/policyAssignments",
"name": "CostManagement"
}
Create or update a policy assignment without enforcing policy effect during resource creation or update.
Solicitud de ejemplo
PUT https://management.azure.com/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming?api-version=2023-04-01
{
"properties": {
"displayName": "Enforce resource naming rules",
"description": "Force resource names to begin with given DeptA and end with -LC",
"metadata": {
"assignedBy": "Special Someone"
},
"policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
"parameters": {
"prefix": {
"value": "DeptA"
},
"suffix": {
"value": "-LC"
}
},
"enforcementMode": "DoNotEnforce"
}
}
import com.azure.core.management.serializer.SerializerFactory;
import com.azure.core.util.serializer.SerializerEncoding;
import com.azure.resourcemanager.resources.fluent.models.PolicyAssignmentInner;
import com.azure.resourcemanager.resources.models.EnforcementMode;
import com.azure.resourcemanager.resources.models.ParameterValuesValue;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for PolicyAssignments Create.
*/
public final class Main {
/*
* x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/
* createPolicyAssignmentWithoutEnforcement.json
*/
/**
* Sample code: Create or update a policy assignment without enforcing policy effect during resource creation or
* update.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void createOrUpdateAPolicyAssignmentWithoutEnforcingPolicyEffectDuringResourceCreationOrUpdate(
com.azure.resourcemanager.AzureResourceManager azure) throws IOException {
azure.genericResources().manager().policyClient().getPolicyAssignments().createWithResponse(
"subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "EnforceNaming",
new PolicyAssignmentInner().withDisplayName("Enforce resource naming rules").withPolicyDefinitionId(
"/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming")
.withParameters(mapOf("prefix", new ParameterValuesValue().withValue("DeptA"), "suffix",
new ParameterValuesValue().withValue("-LC")))
.withDescription("Force resource names to begin with given DeptA and end with -LC")
.withMetadata(SerializerFactory.createDefaultManagementSerializerAdapter()
.deserialize("{\"assignedBy\":\"Special Someone\"}", Object.class, SerializerEncoding.JSON))
.withEnforcementMode(EnforcementMode.DO_NOT_ENFORCE),
com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armpolicy_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/219b2e3ef270f18149774eb2793b48baacde982f/specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/createPolicyAssignmentWithoutEnforcement.json
func ExampleAssignmentsClient_Create_createOrUpdateAPolicyAssignmentWithoutEnforcingPolicyEffectDuringResourceCreationOrUpdate() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
_, err = clientFactory.NewAssignmentsClient().Create(ctx, "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "EnforceNaming", armpolicy.Assignment{
Properties: &armpolicy.AssignmentProperties{
Description: to.Ptr("Force resource names to begin with given DeptA and end with -LC"),
DisplayName: to.Ptr("Enforce resource naming rules"),
EnforcementMode: to.Ptr(armpolicy.EnforcementModeDoNotEnforce),
Metadata: map[string]any{
"assignedBy": "Special Someone",
},
Parameters: map[string]*armpolicy.ParameterValuesValue{
"prefix": {
Value: "DeptA",
},
"suffix": {
Value: "-LC",
},
},
PolicyDefinitionID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { PolicyClient } = require("@azure/arm-policy");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to This operation creates or updates a policy assignment with the given scope and name. Policy assignments apply to all resources contained within their scope. For example, when you assign a policy at resource group scope, that policy applies to all resources in the group.
*
* @summary This operation creates or updates a policy assignment with the given scope and name. Policy assignments apply to all resources contained within their scope. For example, when you assign a policy at resource group scope, that policy applies to all resources in the group.
* x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/createPolicyAssignmentWithoutEnforcement.json
*/
async function createOrUpdateAPolicyAssignmentWithoutEnforcingPolicyEffectDuringResourceCreationOrUpdate() {
const scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2";
const policyAssignmentName = "EnforceNaming";
const parameters = {
description: "Force resource names to begin with given DeptA and end with -LC",
displayName: "Enforce resource naming rules",
enforcementMode: "DoNotEnforce",
metadata: { assignedBy: "Special Someone" },
parameters: { prefix: { value: "DeptA" }, suffix: { value: "-LC" } },
policyDefinitionId:
"/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
};
const credential = new DefaultAzureCredential();
const client = new PolicyClient(credential);
const result = await client.policyAssignments.create(scope, policyAssignmentName, parameters);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Respuesta de muestra
{
"properties": {
"displayName": "Enforce resource naming rules",
"description": "Force resource names to begin with given DeptA and end with -LC",
"metadata": {
"assignedBy": "Special Someone"
},
"policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
"definitionVersion": "1.*.*",
"notScopes": [],
"parameters": {
"prefix": {
"value": "DeptA"
},
"suffix": {
"value": "-LC"
}
},
"enforcementMode": "DoNotEnforce",
"scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"
},
"id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming",
"type": "Microsoft.Authorization/policyAssignments",
"name": "EnforceNaming"
}
Definiciones
| Nombre |
Description |
|
CloudError
|
Respuesta de error de una operación de directiva.
|
|
createdByType
|
Tipo de identidad que creó el recurso.
|
|
enforcementMode
|
Modo de cumplimiento de asignación de directivas. Los valores posibles son Default y DoNotEnforce.
|
|
ErrorAdditionalInfo
|
Información adicional sobre el error de administración de recursos.
|
|
ErrorResponse
|
Respuesta de error
|
|
Identity
|
Identidad del recurso. Las asignaciones de directivas admiten un máximo de una identidad. Es una identidad asignada por el sistema o una única identidad asignada por el usuario.
|
|
NonComplianceMessage
|
Mensaje que describe por qué un recurso no es compatible con la directiva. Esto se muestra en los mensajes de error "deny" y en los resultados de cumplimiento no compatibles del recurso.
|
|
Override
|
Invalidación del valor de la propiedad de directiva.
|
|
OverrideKind
|
Tipo de invalidación.
|
|
ParameterValuesValue
|
Valor de un parámetro.
|
|
PolicyAssignment
|
Asignación de directiva.
|
|
ResourceIdentityType
|
Tipo de identidad. Este es el único campo obligatorio al agregar una identidad asignada por el sistema o el usuario a un recurso.
|
|
ResourceSelector
|
Selector de recursos para filtrar las directivas por propiedades de recursos.
|
|
Selector
|
Expresión del selector.
|
|
SelectorKind
|
Tipo de selector.
|
|
systemData
|
Metadatos relativos a la creación y última modificación del recurso.
|
|
UserAssignedIdentities
|
Identidad de usuario asociada a la directiva. Las referencias de clave de diccionario de identidad de usuario serán identificadores de recursos de ARM con el formato: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
|
CloudError
Object
Respuesta de error de una operación de directiva.
| Nombre |
Tipo |
Description |
|
error
|
ErrorResponse
|
Respuesta de error
Respuesta de error común para todas las API de Azure Resource Manager para devolver los detalles de error de las operaciones con errores. (Esto también sigue el formato de respuesta de error de OData).
|
createdByType
Enumeración
Tipo de identidad que creó el recurso.
| Valor |
Description |
|
Application
|
|
|
Key
|
|
|
ManagedIdentity
|
|
|
User
|
|
enforcementMode
Enumeración
Modo de cumplimiento de asignación de directivas. Los valores posibles son Default y DoNotEnforce.
| Valor |
Description |
|
Default
|
El efecto de la directiva se aplica durante la creación o actualización de recursos.
|
|
DoNotEnforce
|
El efecto de la directiva no se aplica durante la creación o actualización de recursos.
|
ErrorAdditionalInfo
Object
Información adicional sobre el error de administración de recursos.
| Nombre |
Tipo |
Description |
|
info
|
object
|
Información adicional.
|
|
type
|
string
|
Tipo de información adicional.
|
ErrorResponse
Object
Respuesta de error
| Nombre |
Tipo |
Description |
|
additionalInfo
|
ErrorAdditionalInfo[]
|
Información adicional del error.
|
|
code
|
string
|
Código de error.
|
|
details
|
ErrorResponse[]
|
Detalles del error.
|
|
message
|
string
|
Mensaje de error.
|
|
target
|
string
|
Destino del error.
|
Identity
Object
Identidad del recurso. Las asignaciones de directivas admiten un máximo de una identidad. Es una identidad asignada por el sistema o una única identidad asignada por el usuario.
| Nombre |
Tipo |
Description |
|
principalId
|
string
|
Identificador de entidad de seguridad de la identidad del recurso. Esta propiedad solo se proporcionará para una identidad asignada por el sistema.
|
|
tenantId
|
string
|
Identificador de inquilino de la identidad del recurso. Esta propiedad solo se proporcionará para una identidad asignada por el sistema.
|
|
type
|
ResourceIdentityType
|
Tipo de identidad. Este es el único campo obligatorio al agregar una identidad asignada por el sistema o el usuario a un recurso.
|
|
userAssignedIdentities
|
UserAssignedIdentities
|
Identidad de usuario asociada a la directiva. Las referencias de clave de diccionario de identidad de usuario serán identificadores de recursos de ARM con el formato: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
|
NonComplianceMessage
Object
Mensaje que describe por qué un recurso no es compatible con la directiva. Esto se muestra en los mensajes de error "deny" y en los resultados de cumplimiento no compatibles del recurso.
| Nombre |
Tipo |
Description |
|
message
|
string
|
Mensaje que describe por qué un recurso no es compatible con la directiva. Esto se muestra en los mensajes de error "deny" y en los resultados de cumplimiento no compatibles del recurso.
|
|
policyDefinitionReferenceId
|
string
|
Identificador de referencia de definición de directiva dentro de una definición de conjunto de directivas para el que está destinado el mensaje. Esto solo es aplicable si la asignación de directiva asigna una definición de conjunto de directivas. Si no se proporciona, el mensaje se aplica a todas las directivas asignadas por esta asignación de directiva.
|
Override
Object
Invalidación del valor de la propiedad de directiva.
| Nombre |
Tipo |
Description |
|
kind
|
OverrideKind
|
Tipo de invalidación.
|
|
selectors
|
Selector[]
|
Lista de las expresiones del selector.
|
|
value
|
string
|
Valor que se va a invalidar la propiedad de directiva.
|
OverrideKind
Enumeración
Tipo de invalidación.
| Valor |
Description |
|
policyEffect
|
Invalidará el tipo de efecto de directiva.
|
ParameterValuesValue
Object
Valor de un parámetro.
| Nombre |
Tipo |
Description |
|
value
|
object
|
Valor del parámetro .
|
PolicyAssignment
Object
Asignación de directiva.
| Nombre |
Tipo |
Valor predeterminado |
Description |
|
id
|
string
|
|
Identificador de la asignación de directiva.
|
|
identity
|
Identity
|
|
Identidad administrada asociada a la asignación de directiva.
|
|
location
|
string
|
|
Ubicación de la asignación de directiva. Solo es necesario al usar la identidad administrada.
|
|
name
|
string
|
|
Nombre de la asignación de directiva.
|
|
properties.definitionVersion
|
string
|
|
Versión de la definición de directiva que se va a usar.
|
|
properties.description
|
string
|
|
Este mensaje formará parte de la respuesta en caso de infracción de directiva.
|
|
properties.displayName
|
string
|
|
Nombre para mostrar de la asignación de directiva.
|
|
properties.effectiveDefinitionVersion
|
string
|
|
Versión efectiva de la definición de directiva en uso. Esto solo está presente si se solicita a través del parámetro de consulta $expand.
|
|
properties.enforcementMode
|
enforcementMode
|
Default
|
Modo de cumplimiento de asignación de directivas. Los valores posibles son Default y DoNotEnforce.
|
|
properties.latestDefinitionVersion
|
string
|
|
La versión más reciente de la definición de directiva disponible. Esto solo está presente si se solicita a través del parámetro de consulta $expand.
|
|
properties.metadata
|
object
|
|
Metadatos de asignación de directiva. Los metadatos son un objeto terminado abierto y normalmente es una colección de pares clave-valor.
|
|
properties.nonComplianceMessages
|
NonComplianceMessage[]
|
|
Los mensajes que describen por qué un recurso no es compatible con la directiva.
|
|
properties.notScopes
|
string[]
|
|
Ámbitos excluidos de la directiva.
|
|
properties.overrides
|
Override[]
|
|
Invalidación del valor de la propiedad de directiva.
|
|
properties.parameters
|
<string,
ParameterValuesValue>
|
|
Valores de parámetro para la regla de directiva asignada. Las claves son los nombres de parámetro.
|
|
properties.policyDefinitionId
|
string
|
|
Identificador de la definición de directiva o definición del conjunto de directivas que se asigna.
|
|
properties.resourceSelectors
|
ResourceSelector[]
|
|
Lista del selector de recursos para filtrar las directivas por propiedades de recursos.
|
|
properties.scope
|
string
|
|
Ámbito de la asignación de directiva.
|
|
systemData
|
systemData
|
|
Metadatos del sistema relacionados con este recurso.
|
|
type
|
string
|
|
Tipo de la asignación de directiva.
|
ResourceIdentityType
Enumeración
Tipo de identidad. Este es el único campo obligatorio al agregar una identidad asignada por el sistema o el usuario a un recurso.
| Valor |
Description |
|
None
|
Indica que no hay ninguna identidad asociada al recurso o que se debe quitar la identidad existente.
|
|
SystemAssigned
|
Indica que una identidad asignada por el sistema está asociada al recurso.
|
|
UserAssigned
|
Indica que una identidad asignada por el sistema está asociada al recurso.
|
ResourceSelector
Object
Selector de recursos para filtrar las directivas por propiedades de recursos.
| Nombre |
Tipo |
Description |
|
name
|
string
|
Nombre del selector de recursos.
|
|
selectors
|
Selector[]
|
Lista de las expresiones del selector.
|
Selector
Object
Expresión del selector.
| Nombre |
Tipo |
Description |
|
in
|
string[]
|
Lista de valores en los que se va a filtrar.
|
|
kind
|
SelectorKind
|
Tipo de selector.
|
|
notIn
|
string[]
|
Lista de valores que se van a filtrar.
|
SelectorKind
Enumeración
Tipo de selector.
| Valor |
Description |
|
policyDefinitionReferenceId
|
Tipo de selector para filtrar las directivas por el identificador de referencia de definición de directiva.
|
|
resourceLocation
|
Tipo de selector para filtrar las directivas por la ubicación del recurso.
|
|
resourceType
|
Tipo de selector para filtrar las directivas por el tipo de recurso.
|
|
resourceWithoutLocation
|
Tipo de selector para filtrar las directivas por el recurso sin ubicación.
|
systemData
Object
Metadatos relativos a la creación y última modificación del recurso.
| Nombre |
Tipo |
Description |
|
createdAt
|
string
(date-time)
|
Marca de tiempo de creación de recursos (UTC).
|
|
createdBy
|
string
|
Identidad que creó el recurso.
|
|
createdByType
|
createdByType
|
Tipo de identidad que creó el recurso.
|
|
lastModifiedAt
|
string
(date-time)
|
Marca de tiempo de la última modificación del recurso (UTC)
|
|
lastModifiedBy
|
string
|
Identidad que modificó por última vez el recurso.
|
|
lastModifiedByType
|
createdByType
|
Tipo de identidad que modificó por última vez el recurso.
|
UserAssignedIdentities
Object
Identidad de usuario asociada a la directiva. Las referencias de clave de diccionario de identidad de usuario serán identificadores de recursos de ARM con el formato: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.