Tessl Tile for pypi/azure-mgmt-resource@24.0.0

or run

npx @tessl/cli init

Version

Tile

Overview

Evals

Files

docs

index.md policy-governance.md resource-management.md resource-protection.md subscription-features.md

policy-governance.mddocs/

0
# Policy and Governance
1

2
Azure Policy management for implementing governance, compliance, and security standards across Azure resources. The PolicyClient enables policy definitions, assignments, compliance monitoring, and remediation across subscriptions, resource groups, and individual resources.
3

4
## Capabilities
5

6
### Policy Assignments
7

8
Assign policies to specific scopes (subscriptions, resource groups, or resources) to enforce governance rules.
9

10
```python { .api }
11
class PolicyAssignmentsOperations:
12
    def create(
13
        self,
14
        scope: str,
15
        policy_assignment_name: str,
16
        parameters: PolicyAssignment,
17
        **kwargs
18
    ) -> PolicyAssignment:
19
        """
20
        Create or update a policy assignment.
21
        
22
        Args:
23
            scope (str): Assignment scope (subscription, resource group, or resource)
24
            policy_assignment_name (str): Assignment name
25
            parameters (PolicyAssignment): Assignment parameters
26
            
27
        Returns:
28
            PolicyAssignment: The created assignment
29
        """
30

31
    def get(
32
        self,
33
        scope: str,
34
        policy_assignment_name: str,
35
        **kwargs
36
    ) -> PolicyAssignment:
37
        """
38
        Get a policy assignment.
39
        
40
        Args:
41
            scope (str): Assignment scope
42
            policy_assignment_name (str): Assignment name
43
            
44
        Returns:
45
            PolicyAssignment: Assignment details
46
        """
47

48
    def delete(
49
        self,
50
        scope: str,
51
        policy_assignment_name: str,
52
        **kwargs
53
    ) -> PolicyAssignment:
54
        """Delete a policy assignment."""
55

56
    def list(self, **kwargs) -> Iterable[PolicyAssignment]:
57
        """
58
        List all policy assignments in subscription.
59
        
60
        Returns:
61
            Iterable[PolicyAssignment]: Iterator of assignments
62
        """
63

64
    def list_for_resource_group(
65
        self,
66
        resource_group_name: str,
67
        **kwargs
68
    ) -> Iterable[PolicyAssignment]:
69
        """
70
        List policy assignments for a resource group.
71
        
72
        Args:
73
            resource_group_name (str): Resource group name
74
            
75
        Returns:
76
            Iterable[PolicyAssignment]: Iterator of assignments
77
        """
78

79
    def list_for_resource(
80
        self,
81
        resource_group_name: str,
82
        resource_provider_namespace: str,
83
        parent_resource_path: str,
84
        resource_type: str,
85
        resource_name: str,
86
        **kwargs
87
    ) -> Iterable[PolicyAssignment]:
88
        """List policy assignments for a specific resource."""
89
```
90

91
### Policy Definitions
92

93
Manage policy definitions that specify the governance rules and compliance requirements.
94

95
```python { .api }
96
class PolicyDefinitionsOperations:
97
    def create_or_update(
98
        self,
99
        policy_definition_name: str,
100
        parameters: PolicyDefinition,
101
        **kwargs
102
    ) -> PolicyDefinition:
103
        """
104
        Create or update a policy definition.
105
        
106
        Args:
107
            policy_definition_name (str): Definition name
108
            parameters (PolicyDefinition): Definition parameters
109
            
110
        Returns:
111
            PolicyDefinition: The created definition
112
        """
113

114
    def get(
115
        self,
116
        policy_definition_name: str,
117
        **kwargs
118
    ) -> PolicyDefinition:
119
        """
120
        Get a policy definition.
121
        
122
        Args:
123
            policy_definition_name (str): Definition name
124
            
125
        Returns:
126
            PolicyDefinition: Definition details
127
        """
128

129
    def delete(self, policy_definition_name: str, **kwargs) -> None:
130
        """Delete a policy definition."""
131

132
    def list(self, **kwargs) -> Iterable[PolicyDefinition]:
133
        """
134
        List policy definitions.
135
        
136
        Returns:
137
            Iterable[PolicyDefinition]: Iterator of definitions
138
        """
139

140
    def get_built_in(
141
        self,
142
        policy_definition_name: str,
143
        **kwargs
144
    ) -> PolicyDefinition:
145
        """
146
        Get a built-in policy definition.
147
        
148
        Args:
149
            policy_definition_name (str): Built-in definition name
150
            
151
        Returns:
152
            PolicyDefinition: Built-in definition details
153
        """
154

155
    def list_built_in(self, **kwargs) -> Iterable[PolicyDefinition]:
156
        """
157
        List built-in policy definitions.
158
        
159
        Returns:
160
            Iterable[PolicyDefinition]: Iterator of built-in definitions
161
        """
162
```
163

164
### Policy Set Definitions (Initiatives)
165

166
Manage policy set definitions (initiatives) that group multiple policy definitions together.
167

168
```python { .api }
169
class PolicySetDefinitionsOperations:
170
    def create_or_update(
171
        self,
172
        policy_set_definition_name: str,
173
        parameters: PolicySetDefinition,
174
        **kwargs
175
    ) -> PolicySetDefinition:
176
        """
177
        Create or update a policy set definition.
178
        
179
        Args:
180
            policy_set_definition_name (str): Set definition name
181
            parameters (PolicySetDefinition): Set definition parameters
182
            
183
        Returns:
184
            PolicySetDefinition: The created set definition
185
        """
186

187
    def get(
188
        self,
189
        policy_set_definition_name: str,
190
        **kwargs
191
    ) -> PolicySetDefinition:
192
        """
193
        Get a policy set definition.
194
        
195
        Returns:
196
            PolicySetDefinition: Set definition details
197
        """
198

199
    def delete(self, policy_set_definition_name: str, **kwargs) -> None:
200
        """Delete a policy set definition."""
201

202
    def list(self, **kwargs) -> Iterable[PolicySetDefinition]:
203
        """
204
        List policy set definitions.
205
        
206
        Returns:
207
            Iterable[PolicySetDefinition]: Iterator of set definitions
208
        """
209

210
    def get_built_in(
211
        self,
212
        policy_set_definition_name: str,
213
        **kwargs
214
    ) -> PolicySetDefinition:
215
        """Get a built-in policy set definition."""
216

217
    def list_built_in(self, **kwargs) -> Iterable[PolicySetDefinition]:
218
        """List built-in policy set definitions."""
219
```
220

221
### Policy Exemptions
222

223
Manage policy exemptions to exclude specific resources from policy enforcement.
224

225
```python { .api }
226
class PolicyExemptionsOperations:
227
    def create_or_update(
228
        self,
229
        scope: str,
230
        policy_exemption_name: str,
231
        parameters: PolicyExemption,
232
        **kwargs
233
    ) -> PolicyExemption:
234
        """
235
        Create or update a policy exemption.
236
        
237
        Args:
238
            scope (str): Exemption scope
239
            policy_exemption_name (str): Exemption name
240
            parameters (PolicyExemption): Exemption parameters
241
            
242
        Returns:
243
            PolicyExemption: The created exemption
244
        """
245

246
    def get(
247
        self,
248
        scope: str,
249
        policy_exemption_name: str,
250
        **kwargs
251
    ) -> PolicyExemption:
252
        """Get a policy exemption."""
253

254
    def delete(
255
        self,
256
        scope: str,
257
        policy_exemption_name: str,
258
        **kwargs
259
    ) -> None:
260
        """Delete a policy exemption."""
261

262
    def list(self, **kwargs) -> Iterable[PolicyExemption]:
263
        """List policy exemptions."""
264
```
265

266
### Data Policy Manifests
267

268
Access policy metadata and manifests for policy authoring and compliance tracking.
269

270
```python { .api }
271
class DataPolicyManifestsOperations:
272
    def get_by_policy_mode(
273
        self,
274
        policy_mode: str,
275
        **kwargs
276
    ) -> DataPolicyManifest:
277
        """
278
        Get data policy manifest by policy mode.
279
        
280
        Args:
281
            policy_mode (str): Policy mode
282
            
283
        Returns:
284
            DataPolicyManifest: Policy manifest details
285
        """
286

287
    def list(self, **kwargs) -> Iterable[DataPolicyManifest]:
288
        """
289
        List data policy manifests.
290
        
291
        Returns:
292
            Iterable[DataPolicyManifest]: Iterator of manifests
293
        """
294
```
295

296
## Model Classes
297

298
```python { .api }
299
class PolicyAssignment:
300
    """Policy assignment model."""
301
    id: str
302
    type: str
303
    name: str
304
    display_name: str
305
    policy_definition_id: str
306
    scope: str
307
    not_scopes: List[str]
308
    parameters: Dict[str, ParameterValuesValue]
309
    description: str
310
    metadata: Any
311
    enforcement_mode: EnforcementMode
312
    identity: Identity
313
    location: str
314

315
class PolicyDefinition:
316
    """Policy definition model."""
317
    id: str
318
    type: str
319
    name: str
320
    display_name: str
321
    description: str
322
    policy_type: PolicyType
323
    mode: str
324
    metadata: Any
325
    parameters: Dict[str, ParameterDefinitionsValue]
326
    policy_rule: Any
327
    version: str
328

329
class PolicySetDefinition:
330
    """Policy set definition model."""
331
    id: str
332
    type: str
333
    name: str
334
    display_name: str
335
    description: str
336
    policy_type: PolicyType
337
    metadata: Any
338
    parameters: Dict[str, ParameterDefinitionsValue]
339
    policy_definitions: List[PolicyDefinitionReference]
340
    policy_definition_groups: List[PolicyDefinitionGroup]
341
    version: str
342

343
class PolicyExemption:
344
    """Policy exemption model."""
345
    id: str
346
    type: str
347
    name: str
348
    display_name: str
349
    description: str
350
    metadata: Any
351
    exemption_category: ExemptionCategory
352
    expires_on: datetime
353
    policy_assignment_id: str
354
    policy_definition_reference_ids: List[str]
355
    resource_selectors: List[ResourceSelector]
356
    assignment_scope_validation: AssignmentScopeValidation
357

358
class ParameterDefinitionsValue:
359
    """Policy parameter definition."""
360
    type: ParameterType
361
    allowed_values: List[Any]
362
    default_value: Any
363
    metadata: ParameterDefinitionsValueMetadata
364

365
class ParameterValuesValue:
366
    """Policy parameter value."""
367
    value: Any
368

369
class PolicyDefinitionReference:
370
    """Reference to a policy definition within a set."""
371
    policy_definition_id: str
372
    parameters: Dict[str, ParameterValuesValue]
373
    policy_definition_reference_id: str
374
    group_names: List[str]
375

376
class NonComplianceMessage:
377
    """Non-compliance message configuration."""
378
    message: str
379
    policy_definition_reference_id: str
380

381
class Override:
382
    """Policy assignment override."""
383
    kind: OverrideKind
384
    value: str
385
    selectors: List[Selector]
386

387
class ResourceSelector:
388
    """Resource selector for targeting specific resources."""
389
    name: str
390
    selectors: List[Selector]
391

392
class Selector:
393
    """Selector for policy targeting."""
394
    kind: SelectorKind
395
    in_: List[str]
396
    not_in: List[str]
397
```
398

399
## Enums
400

401
```python { .api }
402
class EnforcementMode(str, Enum):
403
    """Policy enforcement modes."""
404
    DEFAULT = "Default"
405
    DO_NOT_ENFORCE = "DoNotEnforce"
406

407
class PolicyType(str, Enum):
408
    """Policy definition types."""
409
    NOT_SPECIFIED = "NotSpecified"
410
    BUILT_IN = "BuiltIn"
411
    CUSTOM = "Custom"
412
    STATIC = "Static"
413

414
class ParameterType(str, Enum):
415
    """Policy parameter types."""
416
    STRING = "String"
417
    ARRAY = "Array"
418
    OBJECT = "Object"
419
    BOOLEAN = "Boolean"
420
    INTEGER = "Integer"
421
    FLOAT = "Float"
422
    DATE_TIME = "DateTime"
423

424
class ExemptionCategory(str, Enum):
425
    """Policy exemption categories."""
426
    WAIVER = "Waiver"
427
    MITIGATED = "Mitigated"
428

429
class OverrideKind(str, Enum):
430
    """Policy override kinds."""
431
    POLICY_EFFECT = "policyEffect"
432

433
class SelectorKind(str, Enum):
434
    """Selector kinds."""
435
    RESOURCE_LOCATION = "resourceLocation"
436
    RESOURCE_TYPE = "resourceType"
437
    RESOURCE_WITHOUT_LOCATION = "resourceWithoutLocation"
438
    POLICY_DEFINITION_REFERENCE_ID = "policyDefinitionReferenceId"
439
```
440

441
## Usage Examples
442

443
**Creating and Assigning a Custom Policy:**
444

445
```python
446
from azure.mgmt.resource.policy.models import (
447
    PolicyDefinition, 
448
    PolicyAssignment,
449
    PolicyType,
450
    EnforcementMode
451
)
452

453
# Create a custom policy definition
454
policy_rule = {
455
    "if": {
456
        "field": "tags['Environment']",
457
        "exists": "false"
458
    },
459
    "then": {
460
        "effect": "deny"
461
    }
462
}
463

464
policy_def = PolicyDefinition(
465
    display_name="Require Environment Tag",
466
    description="Requires all resources to have an Environment tag",
467
    policy_type=PolicyType.CUSTOM,
468
    mode="All",
469
    policy_rule=policy_rule
470
)
471

472
# Create the policy definition
473
created_policy = client.policy_definitions.create_or_update(
474
    policy_definition_name="require-environment-tag",
475
    parameters=policy_def
476
)
477

478
# Assign the policy to a resource group
479
assignment = PolicyAssignment(
480
    display_name="Require Environment Tag on RG",
481
    policy_definition_id=created_policy.id,
482
    enforcement_mode=EnforcementMode.DEFAULT,
483
    description="Enforce environment tagging on all resources in this RG"
484
)
485

486
client.policy_assignments.create(
487
    scope="/subscriptions/{subscription-id}/resourceGroups/my-rg",
488
    policy_assignment_name="require-env-tag-assignment",
489
    parameters=assignment
490
)
491
```

Version

Tile

Files

policy-governance.md.css-3qkkll{font-size:var(--chakra-font-sizes-sm);font-weight:var(--chakra-font-weights-normal);color:var(--chakra-colors-gray-300);}docs/

policy-governance.mddocs/