policy_definitions#

State module for managing Policy Definition.

async idem_azure.states.azure.policy.policy_definitions.present(hub, ctx, name: str, policy_definition_name: str, policy_type: str, mode: str, subscription_id: str = None, display_name: str = None, description: str = None, policy_rule: Dict = None, metadata: Dict = None, parameters: Dict = None, resource_id: str = None) Dict[source]#

Create or update Policy Definitions.

Parameters:

  • name (str) – The identifier for this state.

  • policy_definition_name (str) – The name of the policy Definition.

  • policy_type (str) – The policy type. Possible values are BuiltIn, Custom and NotSpecified.

  • mode (str) – The policy mode that allows you to specify which resource types will be evaluated. Some examples are All, Indexed, Microsoft.KeyVault.Data.

  • subscription_id (str, Optional) – Subscription Unique id.

  • display_name (str) – The display name of the policy definition.

  • description (str, Optional) – The description of the policy definition.

  • policy_rule (dict, Optional) – The policy rule for the policy definition.

  • metadata (dict, Optional) – The metadata for the policy definition.

  • parameters (dict, Optional) – Parameters for the policy definition.

  • resource_id (str, Optional) – Policy Definition resource id on Azure

Returns:

Dict

Examples

policy_definition_is_present:
  azure.policy.policy_definitions.present:
    - name: value
    - policy_definition_name: value
    - subscription_id: value
    - policy_type: value
    - mode: value
    - display_name: value
    - description: value
    - metadata:
            version: 1.0.0
            category: RoleDefinitions
    - parameters:
        roleDefinitionIds:
            type: Array
            metadata:
                displayName: Approved Role Definitions
                description: The list of role definition Ids.
                strongType: roleDefinitionIds
    - policy_rule:
            if:
              allOf:
                - field: type
                  equals: Microsoft.Authorization/roleAssignments
                - not:
                    field: Microsoft.Authorization/roleAssignments/roleDefinitionId
                    in: "[parameters('roleDefinitionIds')]"
            then:
          effect: deny
async idem_azure.states.azure.policy.policy_definitions.absent(hub, ctx, name: str, policy_definition_name: str, subscription_id: str = None) Dict[source]#

Delete Policy Definition.

Parameters:

  • name (str) – The identifier for this state.

  • policy_definition_name (str) – The name of the policy definition to delete.

  • subscription_id (str, Optional) – Subscription Unique id.

Returns:

Dict

Examples

resource_is_absent:
  azure.policy.policy_definitions.absent:
    - name: value
    - policy_definition_name: value
    - subscription_id: value
async idem_azure.states.azure.policy.policy_definitions.describe(hub, ctx) Dict[str, Dict[str, Any]][source]#

Describe the resource in a way that can be recreated/managed with the corresponding “present” function.

Lists all Policy Definitions under the same subscription.

Returns:

Dict[str, Any]

Examples

$ idem describe azure.policy.policy_definitions