Policy Assignments - Get

サービス:: Policy

API バージョン:: 2023-04-01

ポリシーの割り当てを取得します。
この操作では、名前と作成されたスコープを指定して、1 つのポリシー割り当てを取得します。

GET https://management.azure.com/{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}?api-version=2023-04-01

省略可能なパラメーターを含む:

GET https://management.azure.com/{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}?$expand={$expand}&api-version=2023-04-01

URI パラメーター

名前	/	必須	型	説明
policyAssignmentName	path	True	string pattern: ^[^<>%&:\?.+/][^<>*%&:\?.+/ ]+$	取得するポリシー割り当ての名前。
scope	path	True	string	ポリシー割り当てのスコープ。有効なスコープは、管理グループ (形式: '/providers/Microsoft.Management/managementGroups/{managementGroup}')、サブスクリプション (形式: '/subscriptions/{subscriptionId}')、リソースグループ (形式: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}') です。またはリソース (形式: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
api-version	query	True	string minLength: 1	この操作に使用する API バージョン。
$expand	query		string	応答に含める追加プロパティのコンマ区切りの一覧。サポートされている値は 'LatestDefinitionVersion, EffectiveDefinitionVersion' です。

応答

名前	型	説明
200 OK	PolicyAssignment	OK - ポリシーの割り当てに関する情報を返します。
Other Status Codes	CloudError	操作が失敗した理由を説明するエラー応答。

セキュリティ

azure_auth

Azure Active Directory OAuth2 フロー。

型: oauth2
フロー: implicit
Authorization URL (承認 URL): https://login.microsoftonline.com/common/oauth2/authorize

スコープ

名前	説明
user_impersonation	ユーザーアカウントを偽装する

例

Retrieve a policy assignment

Retrieve a policy assignment with a system assigned identity

Retrieve a policy assignment with a user assigned identity

Retrieve a policy assignment with overrides

Retrieve a policy assignment with resource selectors

Retrieve a policy assignment

要求のサンプル

GET https://management.azure.com/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming?api-version=2023-04-01


/**
 * Samples for PolicyAssignments Get.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/getPolicyAssignment.
     * json
     */
    /**
     * Sample code: Retrieve a policy assignment.
     * 
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void retrieveAPolicyAssignment(com.azure.resourcemanager.AzureResourceManager azure) {
        azure.genericResources().manager().policyClient().getPolicyAssignments().getWithResponse(
            "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "EnforceNaming", null,
            com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armpolicy_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/219b2e3ef270f18149774eb2793b48baacde982f/specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/getPolicyAssignment.json
func ExampleAssignmentsClient_Get_retrieveAPolicyAssignment() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewAssignmentsClient().Get(ctx, "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "EnforceNaming", &armpolicy.AssignmentsClientGetOptions{Expand: nil})
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.Assignment = armpolicy.Assignment{
	// 	Name: to.Ptr("EnforceNaming"),
	// 	Type: to.Ptr("Microsoft.Authorization/policyAssignments"),
	// 	ID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming"),
	// 	Properties: &armpolicy.AssignmentProperties{
	// 		Description: to.Ptr("Force resource names to begin with given DeptA and end with -LC"),
	// 		DefinitionVersion: to.Ptr("1.*.*"),
	// 		DisplayName: to.Ptr("Enforce resource naming rules"),
	// 		EnforcementMode: to.Ptr(armpolicy.EnforcementModeDefault),
	// 		Metadata: map[string]any{
	// 			"assignedBy": "Special Someone",
	// 		},
	// 		NotScopes: []*string{
	// 		},
	// 		Parameters: map[string]*armpolicy.ParameterValuesValue{
	// 			"prefix": &armpolicy.ParameterValuesValue{
	// 				Value: "DeptA",
	// 			},
	// 			"suffix": &armpolicy.ParameterValuesValue{
	// 				Value: "-LC",
	// 			},
	// 		},
	// 		PolicyDefinitionID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
	// 		Scope: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"),
	// 	},
	// }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { PolicyClient } = require("@azure/arm-policy");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");

/**
 * This sample demonstrates how to This operation retrieves a single policy assignment, given its name and the scope it was created at.
 *
 * @summary This operation retrieves a single policy assignment, given its name and the scope it was created at.
 * x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/getPolicyAssignment.json
 */
async function retrieveAPolicyAssignment() {
  const scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2";
  const policyAssignmentName = "EnforceNaming";
  const credential = new DefaultAzureCredential();
  const client = new PolicyClient(credential);
  const result = await client.policyAssignments.get(scope, policyAssignmentName);
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

応答のサンプル

状態コード:: 200

{
  "properties": {
    "displayName": "Enforce resource naming rules",
    "description": "Force resource names to begin with given DeptA and end with -LC",
    "metadata": {
      "assignedBy": "Special Someone"
    },
    "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
    "definitionVersion": "1.*.*",
    "notScopes": [],
    "parameters": {
      "prefix": {
        "value": "DeptA"
      },
      "suffix": {
        "value": "-LC"
      }
    },
    "enforcementMode": "Default",
    "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"
  },
  "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming",
  "type": "Microsoft.Authorization/policyAssignments",
  "name": "EnforceNaming"
}

Retrieve a policy assignment with a system assigned identity

要求のサンプル

GET https://management.azure.com/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming?api-version=2023-04-01


/**
 * Samples for PolicyAssignments Get.
 */
public final class Main {
    /*
     * x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/
     * getPolicyAssignmentWithIdentity.json
     */
    /**
     * Sample code: Retrieve a policy assignment with a system assigned identity.
     * 
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void
        retrieveAPolicyAssignmentWithASystemAssignedIdentity(com.azure.resourcemanager.AzureResourceManager azure) {
        azure.genericResources().manager().policyClient().getPolicyAssignments().getWithResponse(
            "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "EnforceNaming", null,
            com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armpolicy_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/219b2e3ef270f18149774eb2793b48baacde982f/specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/getPolicyAssignmentWithIdentity.json
func ExampleAssignmentsClient_Get_retrieveAPolicyAssignmentWithASystemAssignedIdentity() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewAssignmentsClient().Get(ctx, "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "EnforceNaming", &armpolicy.AssignmentsClientGetOptions{Expand: nil})
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.Assignment = armpolicy.Assignment{
	// 	Name: to.Ptr("EnforceNaming"),
	// 	Type: to.Ptr("Microsoft.Authorization/policyAssignments"),
	// 	ID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming"),
	// 	Identity: &armpolicy.Identity{
	// 		Type: to.Ptr(armpolicy.ResourceIdentityTypeSystemAssigned),
	// 		PrincipalID: to.Ptr("e6d23f8d-af97-4fbc-bda6-00604e4e3d0a"),
	// 		TenantID: to.Ptr("4bee2b8a-1bee-47c2-90e9-404241551135"),
	// 	},
	// 	Location: to.Ptr("westus"),
	// 	Properties: &armpolicy.AssignmentProperties{
	// 		Description: to.Ptr("Force resource names to begin with given DeptA and end with -LC"),
	// 		DefinitionVersion: to.Ptr("1.*.*"),
	// 		DisplayName: to.Ptr("Enforce resource naming rules"),
	// 		EnforcementMode: to.Ptr(armpolicy.EnforcementModeDefault),
	// 		Metadata: map[string]any{
	// 			"assignedBy": "Special Someone",
	// 		},
	// 		NotScopes: []*string{
	// 		},
	// 		Parameters: map[string]*armpolicy.ParameterValuesValue{
	// 			"prefix": &armpolicy.ParameterValuesValue{
	// 				Value: "DeptA",
	// 			},
	// 			"suffix": &armpolicy.ParameterValuesValue{
	// 				Value: "-LC",
	// 			},
	// 		},
	// 		PolicyDefinitionID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
	// 		Scope: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"),
	// 	},
	// }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { PolicyClient } = require("@azure/arm-policy");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");

/**
 * This sample demonstrates how to This operation retrieves a single policy assignment, given its name and the scope it was created at.
 *
 * @summary This operation retrieves a single policy assignment, given its name and the scope it was created at.
 * x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/getPolicyAssignmentWithIdentity.json
 */
async function retrieveAPolicyAssignmentWithASystemAssignedIdentity() {
  const scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2";
  const policyAssignmentName = "EnforceNaming";
  const credential = new DefaultAzureCredential();
  const client = new PolicyClient(credential);
  const result = await client.policyAssignments.get(scope, policyAssignmentName);
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

応答のサンプル

状態コード:: 200

{
  "properties": {
    "displayName": "Enforce resource naming rules",
    "description": "Force resource names to begin with given DeptA and end with -LC",
    "metadata": {
      "assignedBy": "Special Someone"
    },
    "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
    "definitionVersion": "1.*.*",
    "notScopes": [],
    "parameters": {
      "prefix": {
        "value": "DeptA"
      },
      "suffix": {
        "value": "-LC"
      }
    },
    "enforcementMode": "Default",
    "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"
  },
  "identity": {
    "type": "SystemAssigned",
    "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a",
    "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135"
  },
  "location": "westus",
  "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming",
  "type": "Microsoft.Authorization/policyAssignments",
  "name": "EnforceNaming"
}

Retrieve a policy assignment with a user assigned identity

要求のサンプル

GET https://management.azure.com/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming?api-version=2023-04-01


/**
 * Samples for PolicyAssignments Get.
 */
public final class Main {
    /*
     * x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/
     * getPolicyAssignmentWithUserAssignedIdentity.json
     */
    /**
     * Sample code: Retrieve a policy assignment with a user assigned identity.
     * 
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void
        retrieveAPolicyAssignmentWithAUserAssignedIdentity(com.azure.resourcemanager.AzureResourceManager azure) {
        azure.genericResources().manager().policyClient().getPolicyAssignments().getWithResponse(
            "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "EnforceNaming", null,
            com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armpolicy_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/219b2e3ef270f18149774eb2793b48baacde982f/specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/getPolicyAssignmentWithUserAssignedIdentity.json
func ExampleAssignmentsClient_Get_retrieveAPolicyAssignmentWithAUserAssignedIdentity() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewAssignmentsClient().Get(ctx, "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "EnforceNaming", &armpolicy.AssignmentsClientGetOptions{Expand: nil})
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.Assignment = armpolicy.Assignment{
	// 	Name: to.Ptr("EnforceNaming"),
	// 	Type: to.Ptr("Microsoft.Authorization/policyAssignments"),
	// 	ID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming"),
	// 	Identity: &armpolicy.Identity{
	// 		Type: to.Ptr(armpolicy.ResourceIdentityTypeUserAssigned),
	// 		UserAssignedIdentities: map[string]*armpolicy.UserAssignedIdentitiesValue{
	// 			"/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-identity": &armpolicy.UserAssignedIdentitiesValue{
	// 				ClientID: to.Ptr("4bee2b8a-1bee-47c2-90e9-404241551135"),
	// 				PrincipalID: to.Ptr("e6d23f8d-af97-4fbc-bda6-00604e4e3d0a"),
	// 			},
	// 		},
	// 	},
	// 	Location: to.Ptr("westus"),
	// 	Properties: &armpolicy.AssignmentProperties{
	// 		Description: to.Ptr("Force resource names to begin with given DeptA and end with -LC"),
	// 		DefinitionVersion: to.Ptr("1.*.*"),
	// 		DisplayName: to.Ptr("Enforce resource naming rules"),
	// 		EnforcementMode: to.Ptr(armpolicy.EnforcementModeDefault),
	// 		Metadata: map[string]any{
	// 			"assignedBy": "Special Someone",
	// 		},
	// 		NotScopes: []*string{
	// 		},
	// 		Parameters: map[string]*armpolicy.ParameterValuesValue{
	// 			"prefix": &armpolicy.ParameterValuesValue{
	// 				Value: "DeptA",
	// 			},
	// 			"suffix": &armpolicy.ParameterValuesValue{
	// 				Value: "-LC",
	// 			},
	// 		},
	// 		PolicyDefinitionID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
	// 		Scope: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"),
	// 	},
	// }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { PolicyClient } = require("@azure/arm-policy");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");

/**
 * This sample demonstrates how to This operation retrieves a single policy assignment, given its name and the scope it was created at.
 *
 * @summary This operation retrieves a single policy assignment, given its name and the scope it was created at.
 * x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/getPolicyAssignmentWithUserAssignedIdentity.json
 */
async function retrieveAPolicyAssignmentWithAUserAssignedIdentity() {
  const scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2";
  const policyAssignmentName = "EnforceNaming";
  const credential = new DefaultAzureCredential();
  const client = new PolicyClient(credential);
  const result = await client.policyAssignments.get(scope, policyAssignmentName);
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

応答のサンプル

状態コード:: 200

{
  "properties": {
    "displayName": "Enforce resource naming rules",
    "description": "Force resource names to begin with given DeptA and end with -LC",
    "metadata": {
      "assignedBy": "Special Someone"
    },
    "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
    "definitionVersion": "1.*.*",
    "notScopes": [],
    "parameters": {
      "prefix": {
        "value": "DeptA"
      },
      "suffix": {
        "value": "-LC"
      }
    },
    "enforcementMode": "Default",
    "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"
  },
  "identity": {
    "type": "UserAssigned",
    "userAssignedIdentities": {
      "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-identity": {
        "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a",
        "clientId": "4bee2b8a-1bee-47c2-90e9-404241551135"
      }
    }
  },
  "location": "westus",
  "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming",
  "type": "Microsoft.Authorization/policyAssignments",
  "name": "EnforceNaming"
}

Retrieve a policy assignment with overrides

要求のサンプル

GET https://management.azure.com/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement?api-version=2023-04-01


/**
 * Samples for PolicyAssignments Get.
 */
public final class Main {
    /*
     * x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/
     * getPolicyAssignmentWithOverrides.json
     */
    /**
     * Sample code: Retrieve a policy assignment with overrides.
     * 
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void retrieveAPolicyAssignmentWithOverrides(com.azure.resourcemanager.AzureResourceManager azure) {
        azure.genericResources().manager().policyClient().getPolicyAssignments().getWithResponse(
            "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "CostManagement", null,
            com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armpolicy_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/219b2e3ef270f18149774eb2793b48baacde982f/specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/getPolicyAssignmentWithOverrides.json
func ExampleAssignmentsClient_Get_retrieveAPolicyAssignmentWithOverrides() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewAssignmentsClient().Get(ctx, "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "CostManagement", &armpolicy.AssignmentsClientGetOptions{Expand: nil})
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.Assignment = armpolicy.Assignment{
	// 	Name: to.Ptr("CostManagement"),
	// 	Type: to.Ptr("Microsoft.Authorization/policyAssignments"),
	// 	ID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement"),
	// 	Properties: &armpolicy.AssignmentProperties{
	// 		Description: to.Ptr("Limit the resource location and resource SKU"),
	// 		DefinitionVersion: to.Ptr("1.*.*"),
	// 		DisplayName: to.Ptr("Limit the resource location and resource SKU"),
	// 		EnforcementMode: to.Ptr(armpolicy.EnforcementModeDefault),
	// 		Metadata: map[string]any{
	// 			"assignedBy": "Special Someone",
	// 		},
	// 		NotScopes: []*string{
	// 		},
	// 		Overrides: []*armpolicy.Override{
	// 			{
	// 				Kind: to.Ptr(armpolicy.OverrideKindPolicyEffect),
	// 				Selectors: []*armpolicy.Selector{
	// 					{
	// 						In: []*string{
	// 							to.Ptr("Limit_Skus"),
	// 							to.Ptr("Limit_Locations")},
	// 							Kind: to.Ptr(armpolicy.SelectorKindPolicyDefinitionReferenceID),
	// 					}},
	// 					Value: to.Ptr("Audit"),
	// 			}},
	// 			PolicyDefinitionID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement"),
	// 			Scope: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"),
	// 		},
	// 	}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { PolicyClient } = require("@azure/arm-policy");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");

/**
 * This sample demonstrates how to This operation retrieves a single policy assignment, given its name and the scope it was created at.
 *
 * @summary This operation retrieves a single policy assignment, given its name and the scope it was created at.
 * x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/getPolicyAssignmentWithOverrides.json
 */
async function retrieveAPolicyAssignmentWithOverrides() {
  const scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2";
  const policyAssignmentName = "CostManagement";
  const credential = new DefaultAzureCredential();
  const client = new PolicyClient(credential);
  const result = await client.policyAssignments.get(scope, policyAssignmentName);
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

応答のサンプル

状態コード:: 200

{
  "properties": {
    "displayName": "Limit the resource location and resource SKU",
    "description": "Limit the resource location and resource SKU",
    "metadata": {
      "assignedBy": "Special Someone"
    },
    "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement",
    "definitionVersion": "1.*.*",
    "notScopes": [],
    "enforcementMode": "Default",
    "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
    "overrides": [
      {
        "kind": "policyEffect",
        "value": "Audit",
        "selectors": [
          {
            "kind": "policyDefinitionReferenceId",
            "in": [
              "Limit_Skus",
              "Limit_Locations"
            ]
          }
        ]
      }
    ]
  },
  "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement",
  "type": "Microsoft.Authorization/policyAssignments",
  "name": "CostManagement"
}

Retrieve a policy assignment with resource selectors

要求のサンプル

GET https://management.azure.com/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement?api-version=2023-04-01


/**
 * Samples for PolicyAssignments Get.
 */
public final class Main {
    /*
     * x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/
     * getPolicyAssignmentWithResourceSelectors.json
     */
    /**
     * Sample code: Retrieve a policy assignment with resource selectors.
     * 
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void
        retrieveAPolicyAssignmentWithResourceSelectors(com.azure.resourcemanager.AzureResourceManager azure) {
        azure.genericResources().manager().policyClient().getPolicyAssignments().getWithResponse(
            "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "CostManagement", null,
            com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armpolicy_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/219b2e3ef270f18149774eb2793b48baacde982f/specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/getPolicyAssignmentWithResourceSelectors.json
func ExampleAssignmentsClient_Get_retrieveAPolicyAssignmentWithResourceSelectors() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewAssignmentsClient().Get(ctx, "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "CostManagement", &armpolicy.AssignmentsClientGetOptions{Expand: nil})
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.Assignment = armpolicy.Assignment{
	// 	Name: to.Ptr("CostManagement"),
	// 	Type: to.Ptr("Microsoft.Authorization/policyAssignments"),
	// 	ID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement"),
	// 	Properties: &armpolicy.AssignmentProperties{
	// 		Description: to.Ptr("Limit the resource location and resource SKU"),
	// 		DefinitionVersion: to.Ptr("1.*.*"),
	// 		DisplayName: to.Ptr("Limit the resource location and resource SKU"),
	// 		EnforcementMode: to.Ptr(armpolicy.EnforcementModeDefault),
	// 		Metadata: map[string]any{
	// 			"assignedBy": "Special Someone",
	// 		},
	// 		NotScopes: []*string{
	// 		},
	// 		PolicyDefinitionID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement"),
	// 		ResourceSelectors: []*armpolicy.ResourceSelector{
	// 			{
	// 				Name: to.Ptr("SDPRegions"),
	// 				Selectors: []*armpolicy.Selector{
	// 					{
	// 						In: []*string{
	// 							to.Ptr("eastus2euap"),
	// 							to.Ptr("centraluseuap")},
	// 							Kind: to.Ptr(armpolicy.SelectorKindResourceLocation),
	// 					}},
	// 			}},
	// 			Scope: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"),
	// 		},
	// 	}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { PolicyClient } = require("@azure/arm-policy");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");

/**
 * This sample demonstrates how to This operation retrieves a single policy assignment, given its name and the scope it was created at.
 *
 * @summary This operation retrieves a single policy assignment, given its name and the scope it was created at.
 * x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/getPolicyAssignmentWithResourceSelectors.json
 */
async function retrieveAPolicyAssignmentWithResourceSelectors() {
  const scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2";
  const policyAssignmentName = "CostManagement";
  const credential = new DefaultAzureCredential();
  const client = new PolicyClient(credential);
  const result = await client.policyAssignments.get(scope, policyAssignmentName);
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

応答のサンプル

状態コード:: 200

{
  "properties": {
    "displayName": "Limit the resource location and resource SKU",
    "description": "Limit the resource location and resource SKU",
    "metadata": {
      "assignedBy": "Special Someone"
    },
    "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement",
    "definitionVersion": "1.*.*",
    "notScopes": [],
    "enforcementMode": "Default",
    "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
    "resourceSelectors": [
      {
        "name": "SDPRegions",
        "selectors": [
          {
            "kind": "resourceLocation",
            "in": [
              "eastus2euap",
              "centraluseuap"
            ]
          }
        ]
      }
    ]
  },
  "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement",
  "type": "Microsoft.Authorization/policyAssignments",
  "name": "CostManagement"
}

定義

名前	説明
CloudError	ポリシー操作からのエラー応答。
createdByType	リソースを作成した ID の種類。
enforcementMode	ポリシー割り当て適用モード。使用できる値は Default と DoNotEnforce です。
ErrorAdditionalInfo	リソース管理エラーの追加情報。
ErrorResponse	エラー応答
Identity	リソースの ID。ポリシー割り当てでは、最大 1 つの ID がサポートされます。これは、システム割り当て ID または単一ユーザー割り当て ID のいずれかです。
NonComplianceMessage	リソースがポリシーに準拠していない理由を説明するメッセージ。これは、"拒否" エラーメッセージと、リソースの準拠していないコンプライアンスの結果に表示されます。
Override	ポリシープロパティ値のオーバーライド。
OverrideKind	オーバーライドの種類。
ParameterValuesValue	パラメーターの値。
PolicyAssignment	ポリシーの割り当て。
ResourceIdentityType	ID の種類。これは、システム割り当て ID またはユーザー割り当て ID をリソースに追加するときに必要な唯一のフィールドです。
ResourceSelector	リソースプロパティでポリシーをフィルター処理するリソースセレクター。
Selector	セレクター式。
SelectorKind	セレクターの種類。
systemData	リソースの作成と最後の変更に関連するメタデータ。
UserAssignedIdentities	ポリシーに関連付けられているユーザー ID。ユーザー ID ディクショナリのキー参照は、'/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}' という形式の ARM リソース ID になります。

CloudError

Object

ポリシー操作からのエラー応答。

名前	型	説明
error	ErrorResponse	エラー応答失敗した操作のエラーの詳細を返す、すべての Azure Resource Manager API の一般的なエラー応答。 (これは、OData エラー応答形式にも従います)。

createdByType

列挙

リソースを作成した ID の種類。

値	説明
Application
Key
ManagedIdentity
User

enforcementMode

列挙

ポリシー割り当て適用モード。使用できる値は Default と DoNotEnforce です。

値	説明
Default	ポリシー効果は、リソースの作成または更新中に適用されます。
DoNotEnforce	ポリシー効果は、リソースの作成時または更新中には適用されません。

ErrorAdditionalInfo

Object

リソース管理エラーの追加情報。

名前	型	説明
info	object	追加情報。
type	string	追加情報の種類。

ErrorResponse

Object

エラー応答

名前	型	説明
additionalInfo	ErrorAdditionalInfo[]	エラーの追加情報。
code	string	エラーコード。
details	ErrorResponse[]	エラーの詳細。
message	string	エラーメッセージ。
target	string	エラーターゲット。

Identity

Object

リソースの ID。ポリシー割り当てでは、最大 1 つの ID がサポートされます。これは、システム割り当て ID または単一ユーザー割り当て ID のいずれかです。

名前	型	説明
principalId	string	リソース ID のプリンシパル ID。このプロパティは、システム割り当て ID に対してのみ提供されます
tenantId	string	リソース ID のテナント ID。このプロパティは、システム割り当て ID に対してのみ提供されます
type	ResourceIdentityType	ID の種類。これは、システム割り当て ID またはユーザー割り当て ID をリソースに追加するときに必要な唯一のフィールドです。
userAssignedIdentities	UserAssignedIdentities	ポリシーに関連付けられているユーザー ID。ユーザー ID ディクショナリのキー参照は、'/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}' という形式の ARM リソース ID になります。

NonComplianceMessage

Object

リソースがポリシーに準拠していない理由を説明するメッセージ。これは、"拒否" エラーメッセージと、リソースの準拠していないコンプライアンスの結果に表示されます。

名前	型	説明
message	string	リソースがポリシーに準拠していない理由を説明するメッセージ。これは、"拒否" エラーメッセージと、リソースの準拠していないコンプライアンスの結果に表示されます。
policyDefinitionReferenceId	string	メッセージの対象となるポリシーセット定義内のポリシー定義参照 ID。これは、ポリシー割り当てによってポリシーセット定義が割り当てられている場合にのみ適用されます。これが指定されていない場合、メッセージは、このポリシー割り当てによって割り当てられたすべてのポリシーに適用されます。

Override

Object

ポリシープロパティ値のオーバーライド。

名前	型	説明
kind	OverrideKind	オーバーライドの種類。
selectors	Selector[]	セレクター式の一覧。
value	string	ポリシープロパティをオーバーライドする値。

OverrideKind

列挙

オーバーライドの種類。

値	説明
policyEffect	ポリシー効果の種類がオーバーライドされます。

ParameterValuesValue

Object

パラメーターの値。

名前	型	説明
value	object	パラメーターの値。