Azure Native v3.0.1, Apr 7 25

This is the latest version of Azure Native. Use the Azure Native v2 docs if using the v2 version of this package.

Azure Native v3.0.1 published on Monday, Apr 7, 2025 by Pulumi

azure-native.authorization.PolicyDefinitionAtManagementGroup

Explore with Pulumi AI

This is the latest version of Azure Native. Use the Azure Native v2 docs if using the v2 version of this package.

Azure Native v3.0.1 published on Monday, Apr 7, 2025 by Pulumi

pulumi/pulumi-azure-native

Create or update a policy definition at management group level

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;

return await Deployment.RunAsync(() => 
{
    var policyDefinitionAtManagementGroup = new AzureNative.Authorization.PolicyDefinitionAtManagementGroup("policyDefinitionAtManagementGroup", new()
    {
        Description = "Force resource names to begin with given 'prefix' and/or end with given 'suffix'",
        DisplayName = "Enforce resource naming convention",
        ManagementGroupId = "MyManagementGroup",
        Metadata = new Dictionary<string, object?>
        {
            ["category"] = "Naming",
        },
        Mode = "All",
        Parameters = 
        {
            { "prefix", new AzureNative.Authorization.Inputs.ParameterDefinitionsValueArgs
            {
                Metadata = new AzureNative.Authorization.Inputs.ParameterDefinitionsValueMetadataArgs
                {
                    Description = "Resource name prefix",
                    DisplayName = "Prefix",
                },
                Type = AzureNative.Authorization.ParameterType.String,
            } },
            { "suffix", new AzureNative.Authorization.Inputs.ParameterDefinitionsValueArgs
            {
                Metadata = new AzureNative.Authorization.Inputs.ParameterDefinitionsValueMetadataArgs
                {
                    Description = "Resource name suffix",
                    DisplayName = "Suffix",
                },
                Type = AzureNative.Authorization.ParameterType.String,
            } },
        },
        PolicyDefinitionName = "ResourceNaming",
        PolicyRule = new Dictionary<string, object?>
        {
            ["if"] = new Dictionary<string, object?>
            {
                ["not"] = new Dictionary<string, object?>
                {
                    ["field"] = "name",
                    ["like"] = "[concat(parameters('prefix'), '*', parameters('suffix'))]",
                },
            },
            ["then"] = new Dictionary<string, object?>
            {
                ["effect"] = "deny",
            },
        },
    });

});

package main

import (
	authorization "github.com/pulumi/pulumi-azure-native-sdk/authorization/v2"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := authorization.NewPolicyDefinitionAtManagementGroup(ctx, "policyDefinitionAtManagementGroup", &authorization.PolicyDefinitionAtManagementGroupArgs{
			Description:       pulumi.String("Force resource names to begin with given 'prefix' and/or end with given 'suffix'"),
			DisplayName:       pulumi.String("Enforce resource naming convention"),
			ManagementGroupId: pulumi.String("MyManagementGroup"),
			Metadata: pulumi.Any(map[string]interface{}{
				"category": "Naming",
			}),
			Mode: pulumi.String("All"),
			Parameters: authorization.ParameterDefinitionsValueMap{
				"prefix": &authorization.ParameterDefinitionsValueArgs{
					Metadata: &authorization.ParameterDefinitionsValueMetadataArgs{
						Description: pulumi.String("Resource name prefix"),
						DisplayName: pulumi.String("Prefix"),
					},
					Type: pulumi.String(authorization.ParameterTypeString),
				},
				"suffix": &authorization.ParameterDefinitionsValueArgs{
					Metadata: &authorization.ParameterDefinitionsValueMetadataArgs{
						Description: pulumi.String("Resource name suffix"),
						DisplayName: pulumi.String("Suffix"),
					},
					Type: pulumi.String(authorization.ParameterTypeString),
				},
			},
			PolicyDefinitionName: pulumi.String("ResourceNaming"),
			PolicyRule: pulumi.Any(map[string]interface{}{
				"if": map[string]interface{}{
					"not": map[string]interface{}{
						"field": "name",
						"like":  "[concat(parameters('prefix'), '*', parameters('suffix'))]",
					},
				},
				"then": map[string]interface{}{
					"effect": "deny",
				},
			}),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.authorization.PolicyDefinitionAtManagementGroup;
import com.pulumi.azurenative.authorization.PolicyDefinitionAtManagementGroupArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var policyDefinitionAtManagementGroup = new PolicyDefinitionAtManagementGroup("policyDefinitionAtManagementGroup", PolicyDefinitionAtManagementGroupArgs.builder()
            .description("Force resource names to begin with given 'prefix' and/or end with given 'suffix'")
            .displayName("Enforce resource naming convention")
            .managementGroupId("MyManagementGroup")
            .metadata(Map.of("category", "Naming"))
            .mode("All")
            .parameters(Map.ofEntries(
                Map.entry("prefix", Map.ofEntries(
                    Map.entry("metadata", Map.ofEntries(
                        Map.entry("description", "Resource name prefix"),
                        Map.entry("displayName", "Prefix")
                    )),
                    Map.entry("type", "String")
                )),
                Map.entry("suffix", Map.ofEntries(
                    Map.entry("metadata", Map.ofEntries(
                        Map.entry("description", "Resource name suffix"),
                        Map.entry("displayName", "Suffix")
                    )),
                    Map.entry("type", "String")
                ))
            ))
            .policyDefinitionName("ResourceNaming")
            .policyRule(Map.ofEntries(
                Map.entry("if", Map.of("not", Map.ofEntries(
                    Map.entry("field", "name"),
                    Map.entry("like", "[concat(parameters('prefix'), '*', parameters('suffix'))]")
                ))),
                Map.entry("then", Map.of("effect", "deny"))
            ))
            .build());

    }
}

import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";

const policyDefinitionAtManagementGroup = new azure_native.authorization.PolicyDefinitionAtManagementGroup("policyDefinitionAtManagementGroup", {
    description: "Force resource names to begin with given 'prefix' and/or end with given 'suffix'",
    displayName: "Enforce resource naming convention",
    managementGroupId: "MyManagementGroup",
    metadata: {
        category: "Naming",
    },
    mode: "All",
    parameters: {
        prefix: {
            metadata: {
                description: "Resource name prefix",
                displayName: "Prefix",
            },
            type: azure_native.authorization.ParameterType.String,
        },
        suffix: {
            metadata: {
                description: "Resource name suffix",
                displayName: "Suffix",
            },
            type: azure_native.authorization.ParameterType.String,
        },
    },
    policyDefinitionName: "ResourceNaming",
    policyRule: {
        "if": {
            not: {
                field: "name",
                like: "[concat(parameters('prefix'), '*', parameters('suffix'))]",
            },
        },
        then: {
            effect: "deny",
        },
    },
});

import pulumi
import pulumi_azure_native as azure_native

policy_definition_at_management_group = azure_native.authorization.PolicyDefinitionAtManagementGroup("policyDefinitionAtManagementGroup",
    description="Force resource names to begin with given 'prefix' and/or end with given 'suffix'",
    display_name="Enforce resource naming convention",
    management_group_id="MyManagementGroup",
    metadata={
        "category": "Naming",
    },
    mode="All",
    parameters={
        "prefix": {
            "metadata": {
                "description": "Resource name prefix",
                "display_name": "Prefix",
            },
            "type": azure_native.authorization.ParameterType.STRING,
        },
        "suffix": {
            "metadata": {
                "description": "Resource name suffix",
                "display_name": "Suffix",
            },
            "type": azure_native.authorization.ParameterType.STRING,
        },
    },
    policy_definition_name="ResourceNaming",
    policy_rule={
        "if": {
            "not": {
                "field": "name",
                "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]",
            },
        },
        "then": {
            "effect": "deny",
        },
    })

resources:
  policyDefinitionAtManagementGroup:
    type: azure-native:authorization:PolicyDefinitionAtManagementGroup
    properties:
      description: Force resource names to begin with given 'prefix' and/or end with given 'suffix'
      displayName: Enforce resource naming convention
      managementGroupId: MyManagementGroup
      metadata:
        category: Naming
      mode: All
      parameters:
        prefix:
          metadata:
            description: Resource name prefix
            displayName: Prefix
          type: String
        suffix:
          metadata:
            description: Resource name suffix
            displayName: Suffix
          type: String
      policyDefinitionName: ResourceNaming
      policyRule:
        if:
          not:
            field: name
            like: '[concat(parameters(''prefix''), ''*'', parameters(''suffix''))]'
        then:
          effect: deny

Create PolicyDefinitionAtManagementGroup Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

TypeScript
Python
Go
C#
Java
YAML

new PolicyDefinitionAtManagementGroup(name: string, args: PolicyDefinitionAtManagementGroupArgs, opts?: CustomResourceOptions);

@overload
def PolicyDefinitionAtManagementGroup(resource_name: str,
                                      args: PolicyDefinitionAtManagementGroupArgs,
                                      opts: Optional[ResourceOptions] = None)

@overload
def PolicyDefinitionAtManagementGroup(resource_name: str,
                                      opts: Optional[ResourceOptions] = None,
                                      management_group_id: Optional[str] = None,
                                      description: Optional[str] = None,
                                      display_name: Optional[str] = None,
                                      metadata: Optional[Any] = None,
                                      mode: Optional[str] = None,
                                      parameters: Optional[Mapping[str, ParameterDefinitionsValueArgs]] = None,
                                      policy_definition_name: Optional[str] = None,
                                      policy_rule: Optional[Any] = None,
                                      policy_type: Optional[Union[str, PolicyType]] = None,
                                      version: Optional[str] = None,
                                      versions: Optional[Sequence[str]] = None)

func NewPolicyDefinitionAtManagementGroup(ctx *Context, name string, args PolicyDefinitionAtManagementGroupArgs, opts ...ResourceOption) (*PolicyDefinitionAtManagementGroup, error)

public PolicyDefinitionAtManagementGroup(string name, PolicyDefinitionAtManagementGroupArgs args, CustomResourceOptions? opts = null)

public PolicyDefinitionAtManagementGroup(String name, PolicyDefinitionAtManagementGroupArgs args)
public PolicyDefinitionAtManagementGroup(String name, PolicyDefinitionAtManagementGroupArgs args, CustomResourceOptions options)

type: azure-native:authorization:PolicyDefinitionAtManagementGroup
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args PolicyDefinitionAtManagementGroupArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args PolicyDefinitionAtManagementGroupArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args PolicyDefinitionAtManagementGroupArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args PolicyDefinitionAtManagementGroupArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args PolicyDefinitionAtManagementGroupArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

TypeScript
Python
Go
C#
Java
YAML

var policyDefinitionAtManagementGroupResource = new AzureNative.Authorization.PolicyDefinitionAtManagementGroup("policyDefinitionAtManagementGroupResource", new()
{
    ManagementGroupId = "string",
    Description = "string",
    DisplayName = "string",
    Metadata = "any",
    Mode = "string",
    Parameters = 
    {
        { "string", new AzureNative.Authorization.Inputs.ParameterDefinitionsValueArgs
        {
            AllowedValues = new[]
            {
                "any",
            },
            DefaultValue = "any",
            Metadata = new AzureNative.Authorization.Inputs.ParameterDefinitionsValueMetadataArgs
            {
                AssignPermissions = false,
                Description = "string",
                DisplayName = "string",
                StrongType = "string",
            },
            Schema = "any",
            Type = "string",
        } },
    },
    PolicyDefinitionName = "string",
    PolicyRule = "any",
    PolicyType = "string",
    Version = "string",
    Versions = new[]
    {
        "string",
    },
});

example, err := authorization.NewPolicyDefinitionAtManagementGroup(ctx, "policyDefinitionAtManagementGroupResource", &authorization.PolicyDefinitionAtManagementGroupArgs{
	ManagementGroupId: pulumi.String("string"),
	Description:       pulumi.String("string"),
	DisplayName:       pulumi.String("string"),
	Metadata:          pulumi.Any("any"),
	Mode:              pulumi.String("string"),
	Parameters: authorization.ParameterDefinitionsValueMap{
		"string": &authorization.ParameterDefinitionsValueArgs{
			AllowedValues: pulumi.Array{
				pulumi.Any("any"),
			},
			DefaultValue: pulumi.Any("any"),
			Metadata: &authorization.ParameterDefinitionsValueMetadataArgs{
				AssignPermissions: pulumi.Bool(false),
				Description:       pulumi.String("string"),
				DisplayName:       pulumi.String("string"),
				StrongType:        pulumi.String("string"),
			},
			Schema: pulumi.Any("any"),
			Type:   pulumi.String("string"),
		},
	},
	PolicyDefinitionName: pulumi.String("string"),
	PolicyRule:           pulumi.Any("any"),
	PolicyType:           pulumi.String("string"),
	Version:              pulumi.String("string"),
	Versions: pulumi.StringArray{
		pulumi.String("string"),
	},
})

var policyDefinitionAtManagementGroupResource = new PolicyDefinitionAtManagementGroup("policyDefinitionAtManagementGroupResource", PolicyDefinitionAtManagementGroupArgs.builder()
    .managementGroupId("string")
    .description("string")
    .displayName("string")
    .metadata("any")
    .mode("string")
    .parameters(Map.of("string", Map.ofEntries(
        Map.entry("allowedValues", "any"),
        Map.entry("defaultValue", "any"),
        Map.entry("metadata", Map.ofEntries(
            Map.entry("assignPermissions", false),
            Map.entry("description", "string"),
            Map.entry("displayName", "string"),
            Map.entry("strongType", "string")
        )),
        Map.entry("schema", "any"),
        Map.entry("type", "string")
    )))
    .policyDefinitionName("string")
    .policyRule("any")
    .policyType("string")
    .version("string")
    .versions("string")
    .build());

policy_definition_at_management_group_resource = azure_native.authorization.PolicyDefinitionAtManagementGroup("policyDefinitionAtManagementGroupResource",
    management_group_id="string",
    description="string",
    display_name="string",
    metadata="any",
    mode="string",
    parameters={
        "string": {
            "allowed_values": ["any"],
            "default_value": "any",
            "metadata": {
                "assign_permissions": False,
                "description": "string",
                "display_name": "string",
                "strong_type": "string",
            },
            "schema": "any",
            "type": "string",
        },
    },
    policy_definition_name="string",
    policy_rule="any",
    policy_type="string",
    version="string",
    versions=["string"])

const policyDefinitionAtManagementGroupResource = new azure_native.authorization.PolicyDefinitionAtManagementGroup("policyDefinitionAtManagementGroupResource", {
    managementGroupId: "string",
    description: "string",
    displayName: "string",
    metadata: "any",
    mode: "string",
    parameters: {
        string: {
            allowedValues: ["any"],
            defaultValue: "any",
            metadata: {
                assignPermissions: false,
                description: "string",
                displayName: "string",
                strongType: "string",
            },
            schema: "any",
            type: "string",
        },
    },
    policyDefinitionName: "string",
    policyRule: "any",
    policyType: "string",
    version: "string",
    versions: ["string"],
});

type: azure-native:authorization:PolicyDefinitionAtManagementGroup
properties:
    description: string
    displayName: string
    managementGroupId: string
    metadata: any
    mode: string
    parameters:
        string:
            allowedValues:
                - any
            defaultValue: any
            metadata:
                assignPermissions: false
                description: string
                displayName: string
                strongType: string
            schema: any
            type: string
    policyDefinitionName: string
    policyRule: any
    policyType: string
    version: string
    versions:
        - string

PolicyDefinitionAtManagementGroup Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The PolicyDefinitionAtManagementGroup resource accepts the following input properties:

ManagementGroupId string: The ID of the management group.
Description string: The policy definition description.
DisplayName string: The display name of the policy definition.
Metadata object: The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs.
Mode string: The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data.
Parameters Dictionary<string, Pulumi.AzureNative.Authorization.Inputs.ParameterDefinitionsValueArgs>: The parameter definitions for parameters used in the policy rule. The keys are the parameter names.
PolicyDefinitionName string: The name of the policy definition to create.
PolicyRule object: The policy rule.
PolicyType string | Pulumi.AzureNative.Authorization.PolicyType: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static.
Version string: The policy definition version in #.#.# format.
Versions List<string>: A list of available versions for this policy definition.

ManagementGroupId string: The ID of the management group.
Description string: The policy definition description.
DisplayName string: The display name of the policy definition.
Metadata interface{}: The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs.
Mode string: The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data.
Parameters map[string]ParameterDefinitionsValueArgs: The parameter definitions for parameters used in the policy rule. The keys are the parameter names.
PolicyDefinitionName string: The name of the policy definition to create.
PolicyRule interface{}: The policy rule.
PolicyType string | PolicyType: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static.
Version string: The policy definition version in #.#.# format.
Versions []string: A list of available versions for this policy definition.

managementGroupId String: The ID of the management group.
description String: The policy definition description.
displayName String: The display name of the policy definition.
metadata Object: The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs.
mode String: The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data.
parameters Map<String,ParameterDefinitionsValueArgs>: The parameter definitions for parameters used in the policy rule. The keys are the parameter names.
policyDefinitionName String: The name of the policy definition to create.
policyRule Object: The policy rule.
policyType String | PolicyType: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static.
version String: The policy definition version in #.#.# format.
versions List<String>: A list of available versions for this policy definition.

managementGroupId string: The ID of the management group.
description string: The policy definition description.
displayName string: The display name of the policy definition.
metadata any: The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs.
mode string: The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data.
parameters {[key: string]: ParameterDefinitionsValueArgs}: The parameter definitions for parameters used in the policy rule. The keys are the parameter names.
policyDefinitionName string: The name of the policy definition to create.
policyRule any: The policy rule.
policyType string | PolicyType: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static.
version string: The policy definition version in #.#.# format.
versions string[]: A list of available versions for this policy definition.

management_group_id str: The ID of the management group.
description str: The policy definition description.
display_name str: The display name of the policy definition.
metadata Any: The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs.
mode str: The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data.
parameters Mapping[str, ParameterDefinitionsValueArgs]: The parameter definitions for parameters used in the policy rule. The keys are the parameter names.
policy_definition_name str: The name of the policy definition to create.
policy_rule Any: The policy rule.
policy_type str | PolicyType: The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static.
version str: The policy definition version in #.#.# format.
versions Sequence[str]: A list of available versions for this policy definition.

managementGroupId String: The ID of the management group.
description String: The policy definition description.
displayName String: The display name of the policy definition.
metadata Any: The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs.
mode String: The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data.
parameters Map<Property Map>: The parameter definitions for parameters used in the policy rule. The keys are the parameter names.
policyDefinitionName String: The name of the policy definition to create.
policyRule Any: The policy rule.
policyType String | "NotSpecified" | "BuiltIn" | "Custom" | "Static": The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static.
version String: The policy definition version in #.#.# format.
versions List<String>: A list of available versions for this policy definition.

Outputs

All input properties are implicitly available as output properties. Additionally, the PolicyDefinitionAtManagementGroup resource produces the following output properties:

AzureApiVersion string: The Azure API version of the resource.
Id string: The provider-assigned unique ID for this managed resource.
Name string: The name of the policy definition.
SystemData Pulumi.AzureNative.Authorization.Outputs.SystemDataResponse: The system metadata relating to this resource.
Type string: The type of the resource (Microsoft.Authorization/policyDefinitions).

AzureApiVersion string: The Azure API version of the resource.
Id string: The provider-assigned unique ID for this managed resource.
Name string: The name of the policy definition.
SystemData SystemDataResponse: The system metadata relating to this resource.
Type string: The type of the resource (Microsoft.Authorization/policyDefinitions).

azureApiVersion String: The Azure API version of the resource.
id String: The provider-assigned unique ID for this managed resource.
name String: The name of the policy definition.
systemData SystemDataResponse: The system metadata relating to this resource.
type String: The type of the resource (Microsoft.Authorization/policyDefinitions).

azureApiVersion string: The Azure API version of the resource.
id string: The provider-assigned unique ID for this managed resource.
name string: The name of the policy definition.
systemData SystemDataResponse: The system metadata relating to this resource.
type string: The type of the resource (Microsoft.Authorization/policyDefinitions).

azure_api_version str: The Azure API version of the resource.
id str: The provider-assigned unique ID for this managed resource.
name str: The name of the policy definition.
system_data SystemDataResponse: The system metadata relating to this resource.
type str: The type of the resource (Microsoft.Authorization/policyDefinitions).

azureApiVersion String: The Azure API version of the resource.
id String: The provider-assigned unique ID for this managed resource.
name String: The name of the policy definition.
systemData Property Map: The system metadata relating to this resource.
type String: The type of the resource (Microsoft.Authorization/policyDefinitions).

Supporting Types

ParameterDefinitionsValue
, ParameterDefinitionsValueArgs

AllowedValues List<object>: The allowed values for the parameter.
DefaultValue object: The default value for the parameter if no value is provided.
Metadata Pulumi.AzureNative.Authorization.Inputs.ParameterDefinitionsValueMetadata: General metadata for the parameter.
Schema object: Provides validation of parameter inputs during assignment using a self-defined JSON schema. This property is only supported for object-type parameters and follows the Json.NET Schema 2019-09 implementation. You can learn more about using schemas at https://json-schema.org/ and test draft schemas at https://www.jsonschemavalidator.net/.
Type string | Pulumi.AzureNative.Authorization.ParameterType: The data type of the parameter.

AllowedValues []interface{}: The allowed values for the parameter.
DefaultValue interface{}: The default value for the parameter if no value is provided.
Metadata ParameterDefinitionsValueMetadata: General metadata for the parameter.
Schema interface{}: Provides validation of parameter inputs during assignment using a self-defined JSON schema. This property is only supported for object-type parameters and follows the Json.NET Schema 2019-09 implementation. You can learn more about using schemas at https://json-schema.org/ and test draft schemas at https://www.jsonschemavalidator.net/.
Type string | ParameterType: The data type of the parameter.

allowedValues List<Object>: The allowed values for the parameter.
defaultValue Object: The default value for the parameter if no value is provided.
metadata ParameterDefinitionsValueMetadata: General metadata for the parameter.
schema Object: Provides validation of parameter inputs during assignment using a self-defined JSON schema. This property is only supported for object-type parameters and follows the Json.NET Schema 2019-09 implementation. You can learn more about using schemas at https://json-schema.org/ and test draft schemas at https://www.jsonschemavalidator.net/.
type String | ParameterType: The data type of the parameter.

allowedValues any[]: The allowed values for the parameter.
defaultValue any: The default value for the parameter if no value is provided.
metadata ParameterDefinitionsValueMetadata: General metadata for the parameter.
schema any: Provides validation of parameter inputs during assignment using a self-defined JSON schema. This property is only supported for object-type parameters and follows the Json.NET Schema 2019-09 implementation. You can learn more about using schemas at https://json-schema.org/ and test draft schemas at https://www.jsonschemavalidator.net/.
type string | ParameterType: The data type of the parameter.

allowed_values Sequence[Any]: The allowed values for the parameter.
default_value Any: The default value for the parameter if no value is provided.
metadata ParameterDefinitionsValueMetadata: General metadata for the parameter.
schema Any: Provides validation of parameter inputs during assignment using a self-defined JSON schema. This property is only supported for object-type parameters and follows the Json.NET Schema 2019-09 implementation. You can learn more about using schemas at https://json-schema.org/ and test draft schemas at https://www.jsonschemavalidator.net/.
type str | ParameterType: The data type of the parameter.

allowedValues List<Any>: The allowed values for the parameter.
defaultValue Any: The default value for the parameter if no value is provided.
metadata Property Map: General metadata for the parameter.
schema Any: Provides validation of parameter inputs during assignment using a self-defined JSON schema. This property is only supported for object-type parameters and follows the Json.NET Schema 2019-09 implementation. You can learn more about using schemas at https://json-schema.org/ and test draft schemas at https://www.jsonschemavalidator.net/.
type String | "String" | "Array" | "Object" | "Boolean" | "Integer" | "Float" | "DateTime": The data type of the parameter.

ParameterDefinitionsValueMetadata
, ParameterDefinitionsValueMetadataArgs

AssignPermissions bool: Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope.
Description string: The description of the parameter.
DisplayName string: The display name for the parameter.
StrongType string: Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from.

AssignPermissions bool: Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope.
Description string: The description of the parameter.
DisplayName string: The display name for the parameter.
StrongType string: Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from.

assignPermissions Boolean: Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope.
description String: The description of the parameter.
displayName String: The display name for the parameter.
strongType String: Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from.

assignPermissions boolean: Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope.
description string: The description of the parameter.
displayName string: The display name for the parameter.
strongType string: Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from.

assign_permissions bool: Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope.
description str: The description of the parameter.
display_name str: The display name for the parameter.
strong_type str: Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from.

assignPermissions Boolean: Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope.
description String: The description of the parameter.
displayName String: The display name for the parameter.
strongType String: Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from.

ParameterDefinitionsValueResponse
, ParameterDefinitionsValueResponseArgs

AllowedValues List<object>: The allowed values for the parameter.
DefaultValue object: The default value for the parameter if no value is provided.
Metadata Pulumi.AzureNative.Authorization.Inputs.ParameterDefinitionsValueResponseMetadata: General metadata for the parameter.
Schema object: Provides validation of parameter inputs during assignment using a self-defined JSON schema. This property is only supported for object-type parameters and follows the Json.NET Schema 2019-09 implementation. You can learn more about using schemas at https://json-schema.org/ and test draft schemas at https://www.jsonschemavalidator.net/.
Type string: The data type of the parameter.

AllowedValues []interface{}: The allowed values for the parameter.
DefaultValue interface{}: The default value for the parameter if no value is provided.
Metadata ParameterDefinitionsValueResponseMetadata: General metadata for the parameter.
Schema interface{}: Provides validation of parameter inputs during assignment using a self-defined JSON schema. This property is only supported for object-type parameters and follows the Json.NET Schema 2019-09 implementation. You can learn more about using schemas at https://json-schema.org/ and test draft schemas at https://www.jsonschemavalidator.net/.
Type string: The data type of the parameter.

allowedValues List<Object>: The allowed values for the parameter.
defaultValue Object: The default value for the parameter if no value is provided.
metadata ParameterDefinitionsValueResponseMetadata: General metadata for the parameter.
schema Object: Provides validation of parameter inputs during assignment using a self-defined JSON schema. This property is only supported for object-type parameters and follows the Json.NET Schema 2019-09 implementation. You can learn more about using schemas at https://json-schema.org/ and test draft schemas at https://www.jsonschemavalidator.net/.
type String: The data type of the parameter.

allowedValues any[]: The allowed values for the parameter.
defaultValue any: The default value for the parameter if no value is provided.
metadata ParameterDefinitionsValueResponseMetadata: General metadata for the parameter.
schema any: Provides validation of parameter inputs during assignment using a self-defined JSON schema. This property is only supported for object-type parameters and follows the Json.NET Schema 2019-09 implementation. You can learn more about using schemas at https://json-schema.org/ and test draft schemas at https://www.jsonschemavalidator.net/.
type string: The data type of the parameter.

allowed_values Sequence[Any]: The allowed values for the parameter.
default_value Any: The default value for the parameter if no value is provided.
metadata ParameterDefinitionsValueResponseMetadata: General metadata for the parameter.
schema Any: Provides validation of parameter inputs during assignment using a self-defined JSON schema. This property is only supported for object-type parameters and follows the Json.NET Schema 2019-09 implementation. You can learn more about using schemas at https://json-schema.org/ and test draft schemas at https://www.jsonschemavalidator.net/.
type str: The data type of the parameter.

allowedValues List<Any>: The allowed values for the parameter.
defaultValue Any: The default value for the parameter if no value is provided.
metadata Property Map: General metadata for the parameter.
schema Any: Provides validation of parameter inputs during assignment using a self-defined JSON schema. This property is only supported for object-type parameters and follows the Json.NET Schema 2019-09 implementation. You can learn more about using schemas at https://json-schema.org/ and test draft schemas at https://www.jsonschemavalidator.net/.
type String: The data type of the parameter.

ParameterDefinitionsValueResponseMetadata
, ParameterDefinitionsValueResponseMetadataArgs

AssignPermissions bool: Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope.
Description string: The description of the parameter.
DisplayName string: The display name for the parameter.
StrongType string: Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from.

AssignPermissions bool: Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope.
Description string: The description of the parameter.
DisplayName string: The display name for the parameter.
StrongType string: Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from.

assignPermissions Boolean: Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope.
description String: The description of the parameter.
displayName String: The display name for the parameter.
strongType String: Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from.

assignPermissions boolean: Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope.
description string: The description of the parameter.
displayName string: The display name for the parameter.
strongType string: Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from.

assign_permissions bool: Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope.
description str: The description of the parameter.
display_name str: The display name for the parameter.
strong_type str: Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from.

assignPermissions Boolean: Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope.
description String: The description of the parameter.
displayName String: The display name for the parameter.
strongType String: Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from.

ParameterType
, ParameterTypeArgs

String: String
Array: Array
Object: Object
Boolean: Boolean
Integer: Integer
Float: Float
DateTime: DateTime

ParameterTypeString: String
ParameterTypeArray: Array
ParameterTypeObject: Object
ParameterTypeBoolean: Boolean
ParameterTypeInteger: Integer
ParameterTypeFloat: Float
ParameterTypeDateTime: DateTime

String: String
Array: Array
Object: Object
Boolean: Boolean
Integer: Integer
Float: Float
DateTime: DateTime

String: String
Array: Array
Object: Object
Boolean: Boolean
Integer: Integer
Float: Float
DateTime: DateTime

STRING: String
ARRAY: Array
OBJECT: Object
BOOLEAN: Boolean
INTEGER: Integer
FLOAT: Float
DATE_TIME: DateTime

"String": String
"Array": Array
"Object": Object
"Boolean": Boolean
"Integer": Integer
"Float": Float
"DateTime": DateTime

PolicyType
, PolicyTypeArgs

NotSpecified: NotSpecified
BuiltIn: BuiltIn
Custom: Custom
Static: Static

PolicyTypeNotSpecified: NotSpecified
PolicyTypeBuiltIn: BuiltIn
PolicyTypeCustom: Custom
PolicyTypeStatic: Static

NotSpecified: NotSpecified
BuiltIn: BuiltIn
Custom: Custom
Static: Static

NotSpecified: NotSpecified
BuiltIn: BuiltIn
Custom: Custom
Static: Static

NOT_SPECIFIED: NotSpecified
BUILT_IN: BuiltIn
CUSTOM: Custom
STATIC: Static

"NotSpecified": NotSpecified
"BuiltIn": BuiltIn
"Custom": Custom
"Static": Static

SystemDataResponse
, SystemDataResponseArgs

CreatedAt string: The timestamp of resource creation (UTC).
CreatedBy string: The identity that created the resource.
CreatedByType string: The type of identity that created the resource.
LastModifiedAt string: The timestamp of resource last modification (UTC)
LastModifiedBy string: The identity that last modified the resource.
LastModifiedByType string: The type of identity that last modified the resource.

CreatedAt string: The timestamp of resource creation (UTC).
CreatedBy string: The identity that created the resource.
CreatedByType string: The type of identity that created the resource.
LastModifiedAt string: The timestamp of resource last modification (UTC)
LastModifiedBy string: The identity that last modified the resource.
LastModifiedByType string: The type of identity that last modified the resource.

createdAt String: The timestamp of resource creation (UTC).
createdBy String: The identity that created the resource.
createdByType String: The type of identity that created the resource.
lastModifiedAt String: The timestamp of resource last modification (UTC)
lastModifiedBy String: The identity that last modified the resource.
lastModifiedByType String: The type of identity that last modified the resource.

createdAt string: The timestamp of resource creation (UTC).
createdBy string: The identity that created the resource.
createdByType string: The type of identity that created the resource.
lastModifiedAt string: The timestamp of resource last modification (UTC)
lastModifiedBy string: The identity that last modified the resource.
lastModifiedByType string: The type of identity that last modified the resource.

created_at str: The timestamp of resource creation (UTC).
created_by str: The identity that created the resource.
created_by_type str: The type of identity that created the resource.
last_modified_at str: The timestamp of resource last modification (UTC)
last_modified_by str: The identity that last modified the resource.
last_modified_by_type str: The type of identity that last modified the resource.

createdAt String: The timestamp of resource creation (UTC).
createdBy String: The identity that created the resource.
createdByType String: The type of identity that created the resource.
lastModifiedAt String: The timestamp of resource last modification (UTC)
lastModifiedBy String: The identity that last modified the resource.
lastModifiedByType String: The type of identity that last modified the resource.

Import

An existing resource can be imported using its type token, name, and identifier, e.g.

$ pulumi import azure-native:authorization:PolicyDefinitionAtManagementGroup ResourceNaming /providers/Microsoft.Management/managementGroups/{managementGroupId}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Azure Native pulumi/pulumi-azure-native
License: Apache-2.0

This is the latest version of Azure Native. Use the Azure Native v2 docs if using the v2 version of this package.

Azure Native v3.0.1 published on Monday, Apr 7, 2025 by Pulumi

pulumi/pulumi-azure-native

azure-native.authorization.PolicyDefinitionAtManagementGroup

On this page

On this page

Example Usage

Create or update a policy definition at management group level

Create PolicyDefinitionAtManagementGroup Resource

Constructor syntax

Parameters

Constructor example

PolicyDefinitionAtManagementGroup Resource Properties

Inputs

Outputs

Supporting Types

ParameterDefinitionsValue
, ParameterDefinitionsValueArgs

ParameterDefinitionsValueMetadata
, ParameterDefinitionsValueMetadataArgs

ParameterDefinitionsValueResponse
, ParameterDefinitionsValueResponseArgs

ParameterDefinitionsValueResponseMetadata
, ParameterDefinitionsValueResponseMetadataArgs

ParameterType
, ParameterTypeArgs

PolicyType
, PolicyTypeArgs

SystemDataResponse
, SystemDataResponseArgs

Import

Package Details

On this page

On this page

azure-native.authorization.PolicyDefinitionAtManagementGroup

On this page

On this page

Example Usage

Create or update a policy definition at management group level

Create PolicyDefinitionAtManagementGroup Resource

Constructor syntax

Parameters

Constructor example

PolicyDefinitionAtManagementGroup Resource Properties

Inputs

Outputs

Supporting Types

ParameterDefinitionsValue, ParameterDefinitionsValueArgs

ParameterDefinitionsValueMetadata, ParameterDefinitionsValueMetadataArgs

ParameterDefinitionsValueResponse, ParameterDefinitionsValueResponseArgs

ParameterDefinitionsValueResponseMetadata, ParameterDefinitionsValueResponseMetadataArgs

ParameterType, ParameterTypeArgs

PolicyType, PolicyTypeArgs

SystemDataResponse, SystemDataResponseArgs

Import

Package Details

On this page

On this page

ParameterDefinitionsValue
, ParameterDefinitionsValueArgs

ParameterDefinitionsValueMetadata
, ParameterDefinitionsValueMetadataArgs

ParameterDefinitionsValueResponse
, ParameterDefinitionsValueResponseArgs

ParameterDefinitionsValueResponseMetadata
, ParameterDefinitionsValueResponseMetadataArgs

ParameterType
, ParameterTypeArgs

PolicyType
, PolicyTypeArgs

SystemDataResponse
, SystemDataResponseArgs