-
Notifications
You must be signed in to change notification settings - Fork 492
/
set-definition.yml
260 lines (260 loc) · 10.7 KB
/
set-definition.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
### YamlMime:AzureCLIGroup
uid: az_policy_set-definition
name: az policy set-definition
summary: |-
Manage resource policy set definitions.
status: GA
sourceType: Core
directCommands:
- uid: az_policy_set-definition_create
name: az policy set-definition create
summary: |-
Create a policy set definition.
status: GA
sourceType: Core
editLink: https://github.com/Azure/azure-cli/blob/dev/src/azure-cli/azure/cli/command_modules/resource/_help.py
syntax: >-
az policy set-definition create --definitions
--name
[--definition-groups]
[--description]
[--display-name]
[--management-group]
[--metadata]
[--params]
[--subscription]
examples:
- summary: |-
Create a policy set definition.
syntax: >-
az policy set-definition create -n readOnlyStorage \
--definitions '[ { \"policyDefinitionId\": \"/subscriptions/mySubId/providers/ \
Microsoft.Authorization/policyDefinitions/storagePolicy\" } ]'
- summary: |-
Create a policy set definition with parameters.
syntax: >-
az policy set-definition create -n readOnlyStorage \
--definitions "[ { \"policyDefinitionId\": \"/subscriptions/mySubId/providers/ \
Microsoft.Authorization/policyDefinitions/storagePolicy\", \"parameters\": \
{ \"storageSku\": { \"value\": \"[parameters(\\"requiredSku\\")]\" } } }]" \
--params "{ \"requiredSku\": { \"type\": \"String\" } }"
- summary: |-
Create a policy set definition in a subscription.
syntax: >-
az policy set-definition create -n readOnlyStorage \
--subscription '0b1f6471-1bf0-4dda-aec3-111122223333' \
--definitions '[ { \"policyDefinitionId\": \"/subscriptions/ \
0b1f6471-1bf0-4dda-aec3-111122223333/providers/Microsoft.Authorization/ \
policyDefinitions/storagePolicy\" } ]'
- summary: |-
Create a policy set definition with policy definition groups.
syntax: >-
az policy set-definition create -n computeRequirements \
--definitions "[ { \"policyDefinitionId \": \"/subscriptions/mySubId/providers/ \
Microsoft.Authorization/policyDefinitions/storagePolicy\", \"groupNames\": \
[ \"CostSaving\", \"Organizational\" ] }, { \"policyDefinitionId\": \
\"/subscriptions/mySubId/providers/Microsoft.Authorization/ \
policyDefinitions/tagPolicy\", \"groupNames\": [ \
\"Organizational\" ] } ]" \
--definition-groups "[{ \"name\": \"CostSaving\" }, { \"name\": \"Organizational\" } ]"
requiredParameters:
- isRequired: true
name: --definitions
summary: |-
Policy definitions in JSON format, or a path to a file or URI containing JSON rules.
- isRequired: true
name: --name -n
summary: |-
Name of the new policy set definition.
optionalParameters:
- name: --definition-groups
summary: |-
JSON formatted string or a path to a file or uri containing policy definition groups. Groups are used to organize policy definitions within a policy set.
- name: --description
summary: |-
Description of policy set definition.
- name: --display-name
summary: |-
Display name of policy set definition.
- name: --management-group
summary: |-
Name of management group the new policy set definition can be assigned in.
- name: --metadata
summary: |-
Metadata in space-separated key=value pairs.
- name: --params
summary: |-
JSON formatted string or a path to a file or uri with parameter definitions.
- name: --subscription
summary: |-
Name or id of the subscription the new policy set definition can be assigned in.
- uid: az_policy_set-definition_delete
name: az policy set-definition delete
summary: |-
Delete a policy set definition.
status: GA
sourceType: Core
editLink: https://github.com/Azure/azure-cli/blob/dev/src/azure-cli/azure/cli/command_modules/resource/_help.py
syntax: >-
az policy set-definition delete --name
[--management-group]
[--subscription]
examples:
- summary: |-
Delete a policy set definition. (autogenerated)
syntax: az policy set-definition delete --management-group myMg --name MyPolicySetDefinition
requiredParameters:
- isRequired: true
name: --name -n
summary: |-
The policy set definition name.
optionalParameters:
- name: --management-group
summary: |-
The name of the management group of the policy [set] definition. This parameter is required if your policy set is scoped to a management group.
- name: --subscription
summary: |-
The subscription id of the policy [set] definition.
- uid: az_policy_set-definition_list
name: az policy set-definition list
summary: |-
List policy set definitions.
status: GA
sourceType: Core
editLink: https://github.com/Azure/azure-cli/blob/dev/src/azure-cli/azure/cli/command_modules/resource/_help.py
syntax: >-
az policy set-definition list [--management-group]
[--subscription]
optionalParameters:
- name: --management-group
summary: |-
The name of the management group of the policy [set] definition. This parameter is required if your policy set is scoped to a management group.
- name: --subscription
summary: |-
The subscription id of the policy [set] definition.
- uid: az_policy_set-definition_show
name: az policy set-definition show
summary: |-
Show a policy set definition.
status: GA
sourceType: Core
editLink: https://github.com/Azure/azure-cli/blob/dev/src/azure-cli/azure/cli/command_modules/resource/_help.py
syntax: >-
az policy set-definition show --name
[--management-group]
[--subscription]
examples:
- summary: |-
Show a policy set definition. If the policy set is scoped to a management group, then you must include the `--management-group` parameter and value.
syntax: az policy set-definition show --name MyPolicySetDefinition --management-group MyManagementGroup
requiredParameters:
- isRequired: true
name: --name -n
summary: |-
The policy set definition name.
optionalParameters:
- name: --management-group
summary: |-
The name of the management group of the policy [set] definition. This parameter is required if your policy set is scoped to a management group.
- name: --subscription
summary: |-
The subscription id of the policy [set] definition.
- uid: az_policy_set-definition_update
name: az policy set-definition update
summary: |-
Update a policy set definition.
status: GA
sourceType: Core
editLink: https://github.com/Azure/azure-cli/blob/dev/src/azure-cli/azure/cli/command_modules/resource/_help.py
syntax: >-
az policy set-definition update --name
[--definition-groups]
[--definitions]
[--description]
[--display-name]
[--management-group]
[--metadata]
[--params]
[--subscription]
examples:
- summary: |-
Update a policy set definition.
syntax: >-
az policy set-definition update \
--definitions '[ { \"policyDefinitionId\": \"/subscriptions/mySubId/providers/ \
Microsoft.Authorization/policyDefinitions/storagePolicy\" } ]' \
--name MyPolicySetDefinition
- summary: |-
Update the groups and definitions within a policy set definition.
syntax: >-
az policy set-definition update -n computeRequirements \
--definitions "[ { \"policyDefinitionId\": \"/subscriptions/mySubId/providers/ \
Microsoft.Authorization/policyDefinitions/storagePolicy\", \"groupNames\": [ \
\"CostSaving\", \"Organizational\" ] }, { \"policyDefinitionId\": \
\"/subscriptions/mySubId/providers/Microsoft.Authorization/ \
policyDefinitions/tagPolicy\", \
\"groupNames\": [ \"Organizational\" ] } ]" \
--definition-groups "[{ \"name\": \"CostSaving\" }, { \"name\": \"Organizational\" } ]"
requiredParameters:
- isRequired: true
name: --name -n
summary: |-
The policy set definition name.
optionalParameters:
- name: --definition-groups
summary: |-
JSON formatted string or a path to a file or uri containing policy definition groups. Groups are used to organize policy definitions within a policy set.
- name: --definitions
summary: |-
JSON formatted string or a path to a file or uri containing definitions.
- name: --description
summary: |-
Description of policy set definition.
- name: --display-name
summary: |-
Display name of policy set definition.
- name: --management-group
summary: |-
The name of the management group of the policy [set] definition. This parameter is required if your policy set is scoped to a management group.
- name: --metadata
summary: |-
Metadata in space-separated key=value pairs.
- name: --params
summary: |-
JSON formatted string or a path to a file or uri with parameter definitions.
- name: --subscription
summary: |-
The subscription id of the policy [set] definition.
commands:
- az_policy_set-definition_create
- az_policy_set-definition_delete
- az_policy_set-definition_list
- az_policy_set-definition_show
- az_policy_set-definition_update
globalParameters:
- name: --debug
summary: |-
Increase logging verbosity to show all debug logs.
- name: --help -h
summary: |-
Show this help message and exit.
- name: --only-show-errors
summary: |-
Only show errors, suppressing warnings.
- name: --output -o
defaultValue: "json"
parameterValueGroup: "json, jsonc, none, table, tsv, yaml, yamlc"
summary: |-
Output format.
- name: --query
summary: |-
JMESPath query string. See <a href="http://jmespath.org/">http://jmespath.org/</a> for more information and examples.
- name: --subscription
summary: |-
Name or ID of subscription. You can configure the default subscription using `az account set -s NAME_OR_ID`.
- name: --verbose
summary: |-
Increase logging verbosity. Use --debug for full debug logs.
metadata:
ms.date: 06/24/2024
description: Manage resource policy set definitions.