tessl/pypi-azure-mgmt-resource
Microsoft Azure Resource Management Client Library for Python providing comprehensive Azure resource lifecycle, governance, and deployment capabilities.
—
Pending
Quality
Pending
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
policy-governance.mddocs/
Policy and Governance
Azure Policy management for implementing governance, compliance, and security standards across Azure resources. The PolicyClient enables policy definitions, assignments, compliance monitoring, and remediation across subscriptions, resource groups, and individual resources.
Capabilities
Policy Assignments
Assign policies to specific scopes (subscriptions, resource groups, or resources) to enforce governance rules.
class PolicyAssignmentsOperations:
def create(
self,
scope: str,
policy_assignment_name: str,
parameters: PolicyAssignment,
**kwargs
) -> PolicyAssignment:
"""
Create or update a policy assignment.
Args:
scope (str): Assignment scope (subscription, resource group, or resource)
policy_assignment_name (str): Assignment name
parameters (PolicyAssignment): Assignment parameters
Returns:
PolicyAssignment: The created assignment
"""
def get(
self,
scope: str,
policy_assignment_name: str,
**kwargs
) -> PolicyAssignment:
"""
Get a policy assignment.
Args:
scope (str): Assignment scope
policy_assignment_name (str): Assignment name
Returns:
PolicyAssignment: Assignment details
"""
def delete(
self,
scope: str,
policy_assignment_name: str,
**kwargs
) -> PolicyAssignment:
"""Delete a policy assignment."""
def list(self, **kwargs) -> Iterable[PolicyAssignment]:
"""
List all policy assignments in subscription.
Returns:
Iterable[PolicyAssignment]: Iterator of assignments
"""
def list_for_resource_group(
self,
resource_group_name: str,
**kwargs
) -> Iterable[PolicyAssignment]:
"""
List policy assignments for a resource group.
Args:
resource_group_name (str): Resource group name
Returns:
Iterable[PolicyAssignment]: Iterator of assignments
"""
def list_for_resource(
self,
resource_group_name: str,
resource_provider_namespace: str,
parent_resource_path: str,
resource_type: str,
resource_name: str,
**kwargs
) -> Iterable[PolicyAssignment]:
"""List policy assignments for a specific resource."""Policy Definitions
Manage policy definitions that specify the governance rules and compliance requirements.
class PolicyDefinitionsOperations:
def create_or_update(
self,
policy_definition_name: str,
parameters: PolicyDefinition,
**kwargs
) -> PolicyDefinition:
"""
Create or update a policy definition.
Args:
policy_definition_name (str): Definition name
parameters (PolicyDefinition): Definition parameters
Returns:
PolicyDefinition: The created definition
"""
def get(
self,
policy_definition_name: str,
**kwargs
) -> PolicyDefinition:
"""
Get a policy definition.
Args:
policy_definition_name (str): Definition name
Returns:
PolicyDefinition: Definition details
"""
def delete(self, policy_definition_name: str, **kwargs) -> None:
"""Delete a policy definition."""
def list(self, **kwargs) -> Iterable[PolicyDefinition]:
"""
List policy definitions.
Returns:
Iterable[PolicyDefinition]: Iterator of definitions
"""
def get_built_in(
self,
policy_definition_name: str,
**kwargs
) -> PolicyDefinition:
"""
Get a built-in policy definition.
Args:
policy_definition_name (str): Built-in definition name
Returns:
PolicyDefinition: Built-in definition details
"""
def list_built_in(self, **kwargs) -> Iterable[PolicyDefinition]:
"""
List built-in policy definitions.
Returns:
Iterable[PolicyDefinition]: Iterator of built-in definitions
"""Policy Set Definitions (Initiatives)
Manage policy set definitions (initiatives) that group multiple policy definitions together.
class PolicySetDefinitionsOperations:
def create_or_update(
self,
policy_set_definition_name: str,
parameters: PolicySetDefinition,
**kwargs
) -> PolicySetDefinition:
"""
Create or update a policy set definition.
Args:
policy_set_definition_name (str): Set definition name
parameters (PolicySetDefinition): Set definition parameters
Returns:
PolicySetDefinition: The created set definition
"""
def get(
self,
policy_set_definition_name: str,
**kwargs
) -> PolicySetDefinition:
"""
Get a policy set definition.
Returns:
PolicySetDefinition: Set definition details
"""
def delete(self, policy_set_definition_name: str, **kwargs) -> None:
"""Delete a policy set definition."""
def list(self, **kwargs) -> Iterable[PolicySetDefinition]:
"""
List policy set definitions.
Returns:
Iterable[PolicySetDefinition]: Iterator of set definitions
"""
def get_built_in(
self,
policy_set_definition_name: str,
**kwargs
) -> PolicySetDefinition:
"""Get a built-in policy set definition."""
def list_built_in(self, **kwargs) -> Iterable[PolicySetDefinition]:
"""List built-in policy set definitions."""Policy Exemptions
Manage policy exemptions to exclude specific resources from policy enforcement.
class PolicyExemptionsOperations:
def create_or_update(
self,
scope: str,
policy_exemption_name: str,
parameters: PolicyExemption,
**kwargs
) -> PolicyExemption:
"""
Create or update a policy exemption.
Args:
scope (str): Exemption scope
policy_exemption_name (str): Exemption name
parameters (PolicyExemption): Exemption parameters
Returns:
PolicyExemption: The created exemption
"""
def get(
self,
scope: str,
policy_exemption_name: str,
**kwargs
) -> PolicyExemption:
"""Get a policy exemption."""
def delete(
self,
scope: str,
policy_exemption_name: str,
**kwargs
) -> None:
"""Delete a policy exemption."""
def list(self, **kwargs) -> Iterable[PolicyExemption]:
"""List policy exemptions."""Data Policy Manifests
Access policy metadata and manifests for policy authoring and compliance tracking.
class DataPolicyManifestsOperations:
def get_by_policy_mode(
self,
policy_mode: str,
**kwargs
) -> DataPolicyManifest:
"""
Get data policy manifest by policy mode.
Args:
policy_mode (str): Policy mode
Returns:
DataPolicyManifest: Policy manifest details
"""
def list(self, **kwargs) -> Iterable[DataPolicyManifest]:
"""
List data policy manifests.
Returns:
Iterable[DataPolicyManifest]: Iterator of manifests
"""Model Classes
class PolicyAssignment:
"""Policy assignment model."""
id: str
type: str
name: str
display_name: str
policy_definition_id: str
scope: str
not_scopes: List[str]
parameters: Dict[str, ParameterValuesValue]
description: str
metadata: Any
enforcement_mode: EnforcementMode
identity: Identity
location: str
class PolicyDefinition:
"""Policy definition model."""
id: str
type: str
name: str
display_name: str
description: str
policy_type: PolicyType
mode: str
metadata: Any
parameters: Dict[str, ParameterDefinitionsValue]
policy_rule: Any
version: str
class PolicySetDefinition:
"""Policy set definition model."""
id: str
type: str
name: str
display_name: str
description: str
policy_type: PolicyType
metadata: Any
parameters: Dict[str, ParameterDefinitionsValue]
policy_definitions: List[PolicyDefinitionReference]
policy_definition_groups: List[PolicyDefinitionGroup]
version: str
class PolicyExemption:
"""Policy exemption model."""
id: str
type: str
name: str
display_name: str
description: str
metadata: Any
exemption_category: ExemptionCategory
expires_on: datetime
policy_assignment_id: str
policy_definition_reference_ids: List[str]
resource_selectors: List[ResourceSelector]
assignment_scope_validation: AssignmentScopeValidation
class ParameterDefinitionsValue:
"""Policy parameter definition."""
type: ParameterType
allowed_values: List[Any]
default_value: Any
metadata: ParameterDefinitionsValueMetadata
class ParameterValuesValue:
"""Policy parameter value."""
value: Any
class PolicyDefinitionReference:
"""Reference to a policy definition within a set."""
policy_definition_id: str
parameters: Dict[str, ParameterValuesValue]
policy_definition_reference_id: str
group_names: List[str]
class NonComplianceMessage:
"""Non-compliance message configuration."""
message: str
policy_definition_reference_id: str
class Override:
"""Policy assignment override."""
kind: OverrideKind
value: str
selectors: List[Selector]
class ResourceSelector:
"""Resource selector for targeting specific resources."""
name: str
selectors: List[Selector]
class Selector:
"""Selector for policy targeting."""
kind: SelectorKind
in_: List[str]
not_in: List[str]Enums
class EnforcementMode(str, Enum):
"""Policy enforcement modes."""
DEFAULT = "Default"
DO_NOT_ENFORCE = "DoNotEnforce"
class PolicyType(str, Enum):
"""Policy definition types."""
NOT_SPECIFIED = "NotSpecified"
BUILT_IN = "BuiltIn"
CUSTOM = "Custom"
STATIC = "Static"
class ParameterType(str, Enum):
"""Policy parameter types."""
STRING = "String"
ARRAY = "Array"
OBJECT = "Object"
BOOLEAN = "Boolean"
INTEGER = "Integer"
FLOAT = "Float"
DATE_TIME = "DateTime"
class ExemptionCategory(str, Enum):
"""Policy exemption categories."""
WAIVER = "Waiver"
MITIGATED = "Mitigated"
class OverrideKind(str, Enum):
"""Policy override kinds."""
POLICY_EFFECT = "policyEffect"
class SelectorKind(str, Enum):
"""Selector kinds."""
RESOURCE_LOCATION = "resourceLocation"
RESOURCE_TYPE = "resourceType"
RESOURCE_WITHOUT_LOCATION = "resourceWithoutLocation"
POLICY_DEFINITION_REFERENCE_ID = "policyDefinitionReferenceId"Usage Examples
Creating and Assigning a Custom Policy:
from azure.mgmt.resource.policy.models import (
PolicyDefinition,
PolicyAssignment,
PolicyType,
EnforcementMode
)
# Create a custom policy definition
policy_rule = {
"if": {
"field": "tags['Environment']",
"exists": "false"
},
"then": {
"effect": "deny"
}
}
policy_def = PolicyDefinition(
display_name="Require Environment Tag",
description="Requires all resources to have an Environment tag",
policy_type=PolicyType.CUSTOM,
mode="All",
policy_rule=policy_rule
)
# Create the policy definition
created_policy = client.policy_definitions.create_or_update(
policy_definition_name="require-environment-tag",
parameters=policy_def
)
# Assign the policy to a resource group
assignment = PolicyAssignment(
display_name="Require Environment Tag on RG",
policy_definition_id=created_policy.id,
enforcement_mode=EnforcementMode.DEFAULT,
description="Enforce environment tagging on all resources in this RG"
)
client.policy_assignments.create(
scope="/subscriptions/{subscription-id}/resourceGroups/my-rg",
policy_assignment_name="require-env-tag-assignment",
parameters=assignment
)Install with Tessl CLI
npx tessl i tessl/pypi-azure-mgmt-resource