exec.azurerm.resource.policy

Azure Resource Manager (ARM) Resource Policy Execution Module

New in version 1.0.0.

Changed in version 2.3.2,: 4.0.0

maintainer:

<devops@eitr.tech>
configuration:

This module requires Azure Resource Manager credentials to be passed as keyword arguments to every function or via acct in order to work properly.

Required provider parameters:

if using username and password:
  • subscription_id
  • username
  • password
if using a service principal:
  • subscription_id
  • tenant
  • client_id
  • secret

Optional provider parameters:

cloud_environment: Used to point the cloud driver to different API endpoints, such as Azure GovCloud. Possible values:

  • AZURE_PUBLIC_CLOUD (default)
  • AZURE_CHINA_CLOUD
  • AZURE_US_GOV_CLOUD
  • AZURE_GERMAN_CLOUD
idem_azurerm.exec.azurerm.resource.policy.assignment_create(hub, ctx, name, scope, definition_name, **kwargs)

New in version 1.0.0.

Changed in version 2.3.2.

Create a policy assignment.

Parameters:
  • name – The name of the policy assignment to create.
  • scope – The scope of the policy assignment.
  • definition_name – The name of the policy definition to assign.

CLI Example:

azurerm.resource.policy.assignment_create testassign "/subscriptions/bc75htn-a0fhsi-349b-56gh-4fghti-f84852"
                                          testdefn
idem_azurerm.exec.azurerm.resource.policy.assignment_delete(hub, ctx, name, scope, **kwargs)

New in version 1.0.0.

Delete a policy assignment.

Parameters:
  • name – The name of the policy assignment to delete.
  • scope – The scope of the policy assignment.

CLI Example:

azurerm.resource.policy.assignment_delete testassign "/subscriptions/bc75htn-a0fhsi-349b-56gh-4fghti-f84852"
idem_azurerm.exec.azurerm.resource.policy.assignment_get(hub, ctx, name, scope, **kwargs)

New in version 1.0.0.

Get details about a specific policy assignment.

Parameters:
  • name – The name of the policy assignment to query.
  • scope – The scope of the policy assignment.

CLI Example:

azurerm.resource.policy.assignment_get testassign "/subscriptions/bc75htn-a0fhsi-349b-56gh-4fghti-f84852"
idem_azurerm.exec.azurerm.resource.policy.assignments_list(hub, ctx, resource_group=None, assign_filter=None, **kwargs)

New in version 1.0.0.

Changed in version 4.0.0.

List all policy assignments for a subscription.

Parameters:
  • resource_group – (Optional) The name of the resource group to limit the results.
  • assign_filter – (Optional) The filter to apply on the operation. If a filter is not provided, no filtering is performed.

CLI Example:

azurerm.resource.policy.assignments_list
idem_azurerm.exec.azurerm.resource.policy.definition_create_or_update(hub, ctx, name, policy_rule, **kwargs)

New in version 1.0.0.

Create or update a policy definition.

Parameters:
  • name – The name of the policy definition to create or update.
  • policy_rule – A dictionary defining the policy rule.

CLI Example:

azurerm.resource.policy.definition_create_or_update testpolicy '{...rule definition..}'
idem_azurerm.exec.azurerm.resource.policy.definition_delete(hub, ctx, name, **kwargs)

New in version 1.0.0.

Delete a policy definition.

Parameters:name – The name of the policy definition to delete.

CLI Example:

azurerm.resource.policy.definition_delete testpolicy
idem_azurerm.exec.azurerm.resource.policy.definition_get(hub, ctx, name, policy_type=None, **kwargs)

New in version 1.0.0.

Changed in version 2.3.2.

Get details about a specific policy definition.

Parameters:
  • name – The name of the policy definition to query.
  • policy_type – Set to “BuiltIn” to get a built-in policy definition.

CLI Example:

azurerm.resource.policy.definition_get testpolicy
idem_azurerm.exec.azurerm.resource.policy.definitions_list(hub, ctx, hide_builtin=False, **kwargs)

New in version 1.0.0.

List all policy definitions for a subscription.

Parameters:hide_builtin – Boolean which will filter out BuiltIn policy definitions from the result.

CLI Example:

azurerm.resource.policy.definitions_list