Azure Native v2.89.3, Mar 20 25

This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.

Azure Native v2.89.3 published on Thursday, Mar 20, 2025 by Pulumi

pulumi/pulumi-azure-native

azure-native.authorization.getPolicyAssignment

Explore with Pulumi AI

This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.

Azure Native v2.89.3 published on Thursday, Mar 20, 2025 by Pulumi

pulumi/pulumi-azure-native

Using getPolicyAssignment

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getPolicyAssignment(args: GetPolicyAssignmentArgs, opts?: InvokeOptions): Promise<GetPolicyAssignmentResult>
function getPolicyAssignmentOutput(args: GetPolicyAssignmentOutputArgs, opts?: InvokeOptions): Output<GetPolicyAssignmentResult>

def get_policy_assignment(policy_assignment_name: Optional[str] = None,
                          scope: Optional[str] = None,
                          opts: Optional[InvokeOptions] = None) -> GetPolicyAssignmentResult
def get_policy_assignment_output(policy_assignment_name: Optional[pulumi.Input[str]] = None,
                          scope: Optional[pulumi.Input[str]] = None,
                          opts: Optional[InvokeOptions] = None) -> Output[GetPolicyAssignmentResult]

func LookupPolicyAssignment(ctx *Context, args *LookupPolicyAssignmentArgs, opts ...InvokeOption) (*LookupPolicyAssignmentResult, error)
func LookupPolicyAssignmentOutput(ctx *Context, args *LookupPolicyAssignmentOutputArgs, opts ...InvokeOption) LookupPolicyAssignmentResultOutput

> Note: This function is named LookupPolicyAssignment in the Go SDK.

public static class GetPolicyAssignment 
{
    public static Task<GetPolicyAssignmentResult> InvokeAsync(GetPolicyAssignmentArgs args, InvokeOptions? opts = null)
    public static Output<GetPolicyAssignmentResult> Invoke(GetPolicyAssignmentInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetPolicyAssignmentResult> getPolicyAssignment(GetPolicyAssignmentArgs args, InvokeOptions options)
public static Output<GetPolicyAssignmentResult> getPolicyAssignment(GetPolicyAssignmentArgs args, InvokeOptions options)

fn::invoke:
  function: azure-native:authorization:getPolicyAssignment
  arguments:
    # arguments dictionary

The following arguments are supported:

PolicyAssignmentName string: The name of the policy assignment to get.
Scope string: The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'

PolicyAssignmentName string: The name of the policy assignment to get.
Scope string: The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'

policyAssignmentName String: The name of the policy assignment to get.
scope String: The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'

policyAssignmentName string: The name of the policy assignment to get.
scope string: The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'

policy_assignment_name str: The name of the policy assignment to get.
scope str: The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'

policyAssignmentName String: The name of the policy assignment to get.
scope String: The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'

getPolicyAssignment Result

The following output properties are available:

Id string: The ID of the policy assignment.
Name string: The name of the policy assignment.
Scope string: The scope for the policy assignment.
SystemData Pulumi.AzureNative.Authorization.Outputs.SystemDataResponse: The system metadata relating to this resource.
Type string: The type of the policy assignment.
Description string: This message will be part of response in case of policy violation.
DisplayName string: The display name of the policy assignment.
EnforcementMode string: The policy assignment enforcement mode. Possible values are Default and DoNotEnforce.
Identity Pulumi.AzureNative.Authorization.Outputs.IdentityResponse: The managed identity associated with the policy assignment.
Location string: The location of the policy assignment. Only required when utilizing managed identity.
Metadata object: The policy assignment metadata. Metadata is an open ended object and is typically a collection of key value pairs.
NonComplianceMessages List<Pulumi.AzureNative.Authorization.Outputs.NonComplianceMessageResponse>: The messages that describe why a resource is non-compliant with the policy.
NotScopes List<string>: The policy's excluded scopes.
Overrides List<Pulumi.AzureNative.Authorization.Outputs.OverrideResponse>: The policy property value override.
Parameters Dictionary<string, Pulumi.AzureNative.Authorization.Outputs.ParameterValuesValueResponse>: The parameter values for the assigned policy rule. The keys are the parameter names.
PolicyDefinitionId string: The ID of the policy definition or policy set definition being assigned.
ResourceSelectors List<Pulumi.AzureNative.Authorization.Outputs.ResourceSelectorResponse>: The resource selector list to filter policies by resource properties.

Id string: The ID of the policy assignment.
Name string: The name of the policy assignment.
Scope string: The scope for the policy assignment.
SystemData SystemDataResponse: The system metadata relating to this resource.
Type string: The type of the policy assignment.
Description string: This message will be part of response in case of policy violation.
DisplayName string: The display name of the policy assignment.
EnforcementMode string: The policy assignment enforcement mode. Possible values are Default and DoNotEnforce.
Identity IdentityResponse: The managed identity associated with the policy assignment.
Location string: The location of the policy assignment. Only required when utilizing managed identity.
Metadata interface{}: The policy assignment metadata. Metadata is an open ended object and is typically a collection of key value pairs.
NonComplianceMessages []NonComplianceMessageResponse: The messages that describe why a resource is non-compliant with the policy.
NotScopes []string: The policy's excluded scopes.
Overrides []OverrideResponse: The policy property value override.
Parameters map[string]ParameterValuesValueResponse: The parameter values for the assigned policy rule. The keys are the parameter names.
PolicyDefinitionId string: The ID of the policy definition or policy set definition being assigned.
ResourceSelectors []ResourceSelectorResponse: The resource selector list to filter policies by resource properties.

id String: The ID of the policy assignment.
name String: The name of the policy assignment.
scope String: The scope for the policy assignment.
systemData SystemDataResponse: The system metadata relating to this resource.
type String: The type of the policy assignment.
description String: This message will be part of response in case of policy violation.
displayName String: The display name of the policy assignment.
enforcementMode String: The policy assignment enforcement mode. Possible values are Default and DoNotEnforce.
identity IdentityResponse: The managed identity associated with the policy assignment.
location String: The location of the policy assignment. Only required when utilizing managed identity.
metadata Object: The policy assignment metadata. Metadata is an open ended object and is typically a collection of key value pairs.
nonComplianceMessages List<NonComplianceMessageResponse>: The messages that describe why a resource is non-compliant with the policy.
notScopes List<String>: The policy's excluded scopes.
overrides List<OverrideResponse>: The policy property value override.
parameters Map<String,ParameterValuesValueResponse>: The parameter values for the assigned policy rule. The keys are the parameter names.
policyDefinitionId String: The ID of the policy definition or policy set definition being assigned.
resourceSelectors List<ResourceSelectorResponse>: The resource selector list to filter policies by resource properties.

id string: The ID of the policy assignment.
name string: The name of the policy assignment.
scope string: The scope for the policy assignment.
systemData SystemDataResponse: The system metadata relating to this resource.
type string: The type of the policy assignment.
description string: This message will be part of response in case of policy violation.
displayName string: The display name of the policy assignment.
enforcementMode string: The policy assignment enforcement mode. Possible values are Default and DoNotEnforce.
identity IdentityResponse: The managed identity associated with the policy assignment.
location string: The location of the policy assignment. Only required when utilizing managed identity.
metadata any: The policy assignment metadata. Metadata is an open ended object and is typically a collection of key value pairs.
nonComplianceMessages NonComplianceMessageResponse[]: The messages that describe why a resource is non-compliant with the policy.
notScopes string[]: The policy's excluded scopes.
overrides OverrideResponse[]: The policy property value override.
parameters {[key: string]: ParameterValuesValueResponse}: The parameter values for the assigned policy rule. The keys are the parameter names.
policyDefinitionId string: The ID of the policy definition or policy set definition being assigned.
resourceSelectors ResourceSelectorResponse[]: The resource selector list to filter policies by resource properties.

id str: The ID of the policy assignment.
name str: The name of the policy assignment.
scope str: The scope for the policy assignment.
system_data SystemDataResponse: The system metadata relating to this resource.
type str: The type of the policy assignment.
description str: This message will be part of response in case of policy violation.
display_name str: The display name of the policy assignment.
enforcement_mode str: The policy assignment enforcement mode. Possible values are Default and DoNotEnforce.
identity IdentityResponse: The managed identity associated with the policy assignment.
location str: The location of the policy assignment. Only required when utilizing managed identity.
metadata Any: The policy assignment metadata. Metadata is an open ended object and is typically a collection of key value pairs.
non_compliance_messages Sequence[NonComplianceMessageResponse]: The messages that describe why a resource is non-compliant with the policy.
not_scopes Sequence[str]: The policy's excluded scopes.
overrides Sequence[OverrideResponse]: The policy property value override.
parameters Mapping[str, ParameterValuesValueResponse]: The parameter values for the assigned policy rule. The keys are the parameter names.
policy_definition_id str: The ID of the policy definition or policy set definition being assigned.
resource_selectors Sequence[ResourceSelectorResponse]: The resource selector list to filter policies by resource properties.

id String: The ID of the policy assignment.
name String: The name of the policy assignment.
scope String: The scope for the policy assignment.
systemData Property Map: The system metadata relating to this resource.
type String: The type of the policy assignment.
description String: This message will be part of response in case of policy violation.
displayName String: The display name of the policy assignment.
enforcementMode String: The policy assignment enforcement mode. Possible values are Default and DoNotEnforce.
identity Property Map: The managed identity associated with the policy assignment.
location String: The location of the policy assignment. Only required when utilizing managed identity.
metadata Any: The policy assignment metadata. Metadata is an open ended object and is typically a collection of key value pairs.
nonComplianceMessages List<Property Map>: The messages that describe why a resource is non-compliant with the policy.
notScopes List<String>: The policy's excluded scopes.
overrides List<Property Map>: The policy property value override.
parameters Map<Property Map>: The parameter values for the assigned policy rule. The keys are the parameter names.
policyDefinitionId String: The ID of the policy definition or policy set definition being assigned.
resourceSelectors List<Property Map>: The resource selector list to filter policies by resource properties.

Supporting Types

IdentityResponse

PrincipalId string: The principal ID of the resource identity. This property will only be provided for a system assigned identity
TenantId string: The tenant ID of the resource identity. This property will only be provided for a system assigned identity
Type string: The identity type. This is the only required field when adding a system or user assigned identity to a resource.
UserAssignedIdentities Dictionary<string, Pulumi.AzureNative.Authorization.Inputs.IdentityResponseUserAssignedIdentities>: The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.

PrincipalId string: The principal ID of the resource identity. This property will only be provided for a system assigned identity
TenantId string: The tenant ID of the resource identity. This property will only be provided for a system assigned identity
Type string: The identity type. This is the only required field when adding a system or user assigned identity to a resource.
UserAssignedIdentities map[string]IdentityResponseUserAssignedIdentities: The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.

principalId String: The principal ID of the resource identity. This property will only be provided for a system assigned identity
tenantId String: The tenant ID of the resource identity. This property will only be provided for a system assigned identity
type String: The identity type. This is the only required field when adding a system or user assigned identity to a resource.
userAssignedIdentities Map<String,IdentityResponseUserAssignedIdentities>: The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.

principalId string: The principal ID of the resource identity. This property will only be provided for a system assigned identity
tenantId string: The tenant ID of the resource identity. This property will only be provided for a system assigned identity
type string: The identity type. This is the only required field when adding a system or user assigned identity to a resource.
userAssignedIdentities {[key: string]: IdentityResponseUserAssignedIdentities}: The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.

principal_id str: The principal ID of the resource identity. This property will only be provided for a system assigned identity
tenant_id str: The tenant ID of the resource identity. This property will only be provided for a system assigned identity
type str: The identity type. This is the only required field when adding a system or user assigned identity to a resource.
user_assigned_identities Mapping[str, IdentityResponseUserAssignedIdentities]: The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.

principalId String: The principal ID of the resource identity. This property will only be provided for a system assigned identity
tenantId String: The tenant ID of the resource identity. This property will only be provided for a system assigned identity
type String: The identity type. This is the only required field when adding a system or user assigned identity to a resource.
userAssignedIdentities Map<Property Map>: The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.

IdentityResponseUserAssignedIdentities

ClientId string: The client id of user assigned identity.
PrincipalId string: The principal id of user assigned identity.

ClientId string: The client id of user assigned identity.
PrincipalId string: The principal id of user assigned identity.

clientId String: The client id of user assigned identity.
principalId String: The principal id of user assigned identity.

clientId string: The client id of user assigned identity.
principalId string: The principal id of user assigned identity.

client_id str: The client id of user assigned identity.
principal_id str: The principal id of user assigned identity.

clientId String: The client id of user assigned identity.
principalId String: The principal id of user assigned identity.

NonComplianceMessageResponse

Message string: A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results.
PolicyDefinitionReferenceId string: The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment.

Message string: A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results.
PolicyDefinitionReferenceId string: The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment.

message String: A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results.
policyDefinitionReferenceId String: The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment.

message string: A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results.
policyDefinitionReferenceId string: The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment.

message str: A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results.
policy_definition_reference_id str: The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment.

message String: A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results.
policyDefinitionReferenceId String: The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment.

OverrideResponse

Kind string: The override kind.
Selectors List<Pulumi.AzureNative.Authorization.Inputs.SelectorResponse>: The list of the selector expressions.
Value string: The value to override the policy property.

Kind string: The override kind.
Selectors []SelectorResponse: The list of the selector expressions.
Value string: The value to override the policy property.

kind String: The override kind.
selectors List<SelectorResponse>: The list of the selector expressions.
value String: The value to override the policy property.

kind string: The override kind.
selectors SelectorResponse[]: The list of the selector expressions.
value string: The value to override the policy property.

kind str: The override kind.
selectors Sequence[SelectorResponse]: The list of the selector expressions.
value str: The value to override the policy property.

kind String: The override kind.
selectors List<Property Map>: The list of the selector expressions.
value String: The value to override the policy property.

ParameterValuesValueResponse

Value object: The value of the parameter.

Value interface{}: The value of the parameter.

value Object: The value of the parameter.

value any: The value of the parameter.

value Any: The value of the parameter.

value Any: The value of the parameter.

ResourceSelectorResponse

Name string: The name of the resource selector.
Selectors List<Pulumi.AzureNative.Authorization.Inputs.SelectorResponse>: The list of the selector expressions.

Name string: The name of the resource selector.
Selectors []SelectorResponse: The list of the selector expressions.

name String: The name of the resource selector.
selectors List<SelectorResponse>: The list of the selector expressions.

name string: The name of the resource selector.
selectors SelectorResponse[]: The list of the selector expressions.

name str: The name of the resource selector.
selectors Sequence[SelectorResponse]: The list of the selector expressions.

name String: The name of the resource selector.
selectors List<Property Map>: The list of the selector expressions.

SelectorResponse

In List<string>: The list of values to filter in.
Kind string: The selector kind.
NotIn List<string>: The list of values to filter out.

In []string: The list of values to filter in.
Kind string: The selector kind.
NotIn []string: The list of values to filter out.

in List<String>: The list of values to filter in.
kind String: The selector kind.
notIn List<String>: The list of values to filter out.

in string[]: The list of values to filter in.
kind string: The selector kind.
notIn string[]: The list of values to filter out.

in_ Sequence[str]: The list of values to filter in.
kind str: The selector kind.
not_in Sequence[str]: The list of values to filter out.

in List<String>: The list of values to filter in.
kind String: The selector kind.
notIn List<String>: The list of values to filter out.

SystemDataResponse

CreatedAt string: The timestamp of resource creation (UTC).
CreatedBy string: The identity that created the resource.
CreatedByType string: The type of identity that created the resource.
LastModifiedAt string: The timestamp of resource last modification (UTC)
LastModifiedBy string: The identity that last modified the resource.
LastModifiedByType string: The type of identity that last modified the resource.

CreatedAt string: The timestamp of resource creation (UTC).
CreatedBy string: The identity that created the resource.
CreatedByType string: The type of identity that created the resource.
LastModifiedAt string: The timestamp of resource last modification (UTC)
LastModifiedBy string: The identity that last modified the resource.
LastModifiedByType string: The type of identity that last modified the resource.

createdAt String: The timestamp of resource creation (UTC).
createdBy String: The identity that created the resource.
createdByType String: The type of identity that created the resource.
lastModifiedAt String: The timestamp of resource last modification (UTC)
lastModifiedBy String: The identity that last modified the resource.
lastModifiedByType String: The type of identity that last modified the resource.

createdAt string: The timestamp of resource creation (UTC).
createdBy string: The identity that created the resource.
createdByType string: The type of identity that created the resource.
lastModifiedAt string: The timestamp of resource last modification (UTC)
lastModifiedBy string: The identity that last modified the resource.
lastModifiedByType string: The type of identity that last modified the resource.

created_at str: The timestamp of resource creation (UTC).
created_by str: The identity that created the resource.
created_by_type str: The type of identity that created the resource.
last_modified_at str: The timestamp of resource last modification (UTC)
last_modified_by str: The identity that last modified the resource.
last_modified_by_type str: The type of identity that last modified the resource.

createdAt String: The timestamp of resource creation (UTC).
createdBy String: The identity that created the resource.
createdByType String: The type of identity that created the resource.
lastModifiedAt String: The timestamp of resource last modification (UTC)
lastModifiedBy String: The identity that last modified the resource.
lastModifiedByType String: The type of identity that last modified the resource.

Package Details

Repository: Azure Native pulumi/pulumi-azure-native
License: Apache-2.0

This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.

Azure Native v2.89.3 published on Thursday, Mar 20, 2025 by Pulumi

pulumi/pulumi-azure-native

azure-native.authorization.getPolicyAssignment

On this page

On this page

Using getPolicyAssignment

getPolicyAssignment Result

Supporting Types

IdentityResponse

IdentityResponseUserAssignedIdentities

NonComplianceMessageResponse

OverrideResponse

ParameterValuesValueResponse

ResourceSelectorResponse

SelectorResponse

SystemDataResponse

Package Details

On this page

On this page