Retrieves a policy assignment.
This operation retrieves a single policy assignment, given its name and the scope it was created at.
GET https://management.azure.com/{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}?api-version=2023-04-01
With optional parameters:
GET https://management.azure.com/{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}?$expand={$expand}&api-version=2023-04-01
URI Parameters
| Name |
In |
Required |
Type |
Description |
|
policyAssignmentName
|
path |
True
|
string
pattern: ^[^<>*%&:\?.+/]*[^<>*%&:\?.+/ ]+$
|
The name of the policy assignment to get.
|
|
scope
|
path |
True
|
string
|
The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
|
|
api-version
|
query |
True
|
string
minLength: 1
|
The API version to use for this operation.
|
|
$expand
|
query |
|
string
|
Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'.
|
Responses
| Name |
Type |
Description |
|
200 OK
|
PolicyAssignment
|
OK - Returns information about the policy assignment.
|
|
Other Status Codes
|
CloudError
|
Error response describing why the operation failed.
|
Security
azure_auth
Azure Active Directory OAuth2 Flow.
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
| Name |
Description |
|
user_impersonation
|
impersonate your user account
|
Examples
Retrieve a policy assignment
Sample request
GET https://management.azure.com/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming?api-version=2023-04-01
/**
* Samples for PolicyAssignments Get.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/getPolicyAssignment.
* json
*/
/**
* Sample code: Retrieve a policy assignment.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void retrieveAPolicyAssignment(com.azure.resourcemanager.AzureResourceManager azure) {
azure.genericResources().manager().policyClient().getPolicyAssignments().getWithResponse(
"subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "EnforceNaming", null,
com.azure.core.util.Context.NONE);
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armpolicy_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/219b2e3ef270f18149774eb2793b48baacde982f/specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/getPolicyAssignment.json
func ExampleAssignmentsClient_Get_retrieveAPolicyAssignment() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAssignmentsClient().Get(ctx, "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "EnforceNaming", &armpolicy.AssignmentsClientGetOptions{Expand: nil})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Assignment = armpolicy.Assignment{
// Name: to.Ptr("EnforceNaming"),
// Type: to.Ptr("Microsoft.Authorization/policyAssignments"),
// ID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming"),
// Properties: &armpolicy.AssignmentProperties{
// Description: to.Ptr("Force resource names to begin with given DeptA and end with -LC"),
// DefinitionVersion: to.Ptr("1.*.*"),
// DisplayName: to.Ptr("Enforce resource naming rules"),
// EnforcementMode: to.Ptr(armpolicy.EnforcementModeDefault),
// Metadata: map[string]any{
// "assignedBy": "Special Someone",
// },
// NotScopes: []*string{
// },
// Parameters: map[string]*armpolicy.ParameterValuesValue{
// "prefix": &armpolicy.ParameterValuesValue{
// Value: "DeptA",
// },
// "suffix": &armpolicy.ParameterValuesValue{
// Value: "-LC",
// },
// },
// PolicyDefinitionID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
// Scope: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { PolicyClient } = require("@azure/arm-policy");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to This operation retrieves a single policy assignment, given its name and the scope it was created at.
*
* @summary This operation retrieves a single policy assignment, given its name and the scope it was created at.
* x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/getPolicyAssignment.json
*/
async function retrieveAPolicyAssignment() {
const scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2";
const policyAssignmentName = "EnforceNaming";
const credential = new DefaultAzureCredential();
const client = new PolicyClient(credential);
const result = await client.policyAssignments.get(scope, policyAssignmentName);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample response
{
"properties": {
"displayName": "Enforce resource naming rules",
"description": "Force resource names to begin with given DeptA and end with -LC",
"metadata": {
"assignedBy": "Special Someone"
},
"policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
"definitionVersion": "1.*.*",
"notScopes": [],
"parameters": {
"prefix": {
"value": "DeptA"
},
"suffix": {
"value": "-LC"
}
},
"enforcementMode": "Default",
"scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"
},
"id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming",
"type": "Microsoft.Authorization/policyAssignments",
"name": "EnforceNaming"
}
Retrieve a policy assignment with a system assigned identity
Sample request
GET https://management.azure.com/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming?api-version=2023-04-01
/**
* Samples for PolicyAssignments Get.
*/
public final class Main {
/*
* x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/
* getPolicyAssignmentWithIdentity.json
*/
/**
* Sample code: Retrieve a policy assignment with a system assigned identity.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
retrieveAPolicyAssignmentWithASystemAssignedIdentity(com.azure.resourcemanager.AzureResourceManager azure) {
azure.genericResources().manager().policyClient().getPolicyAssignments().getWithResponse(
"subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "EnforceNaming", null,
com.azure.core.util.Context.NONE);
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armpolicy_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/219b2e3ef270f18149774eb2793b48baacde982f/specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/getPolicyAssignmentWithIdentity.json
func ExampleAssignmentsClient_Get_retrieveAPolicyAssignmentWithASystemAssignedIdentity() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAssignmentsClient().Get(ctx, "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "EnforceNaming", &armpolicy.AssignmentsClientGetOptions{Expand: nil})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Assignment = armpolicy.Assignment{
// Name: to.Ptr("EnforceNaming"),
// Type: to.Ptr("Microsoft.Authorization/policyAssignments"),
// ID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming"),
// Identity: &armpolicy.Identity{
// Type: to.Ptr(armpolicy.ResourceIdentityTypeSystemAssigned),
// PrincipalID: to.Ptr("e6d23f8d-af97-4fbc-bda6-00604e4e3d0a"),
// TenantID: to.Ptr("4bee2b8a-1bee-47c2-90e9-404241551135"),
// },
// Location: to.Ptr("westus"),
// Properties: &armpolicy.AssignmentProperties{
// Description: to.Ptr("Force resource names to begin with given DeptA and end with -LC"),
// DefinitionVersion: to.Ptr("1.*.*"),
// DisplayName: to.Ptr("Enforce resource naming rules"),
// EnforcementMode: to.Ptr(armpolicy.EnforcementModeDefault),
// Metadata: map[string]any{
// "assignedBy": "Special Someone",
// },
// NotScopes: []*string{
// },
// Parameters: map[string]*armpolicy.ParameterValuesValue{
// "prefix": &armpolicy.ParameterValuesValue{
// Value: "DeptA",
// },
// "suffix": &armpolicy.ParameterValuesValue{
// Value: "-LC",
// },
// },
// PolicyDefinitionID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
// Scope: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { PolicyClient } = require("@azure/arm-policy");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to This operation retrieves a single policy assignment, given its name and the scope it was created at.
*
* @summary This operation retrieves a single policy assignment, given its name and the scope it was created at.
* x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/getPolicyAssignmentWithIdentity.json
*/
async function retrieveAPolicyAssignmentWithASystemAssignedIdentity() {
const scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2";
const policyAssignmentName = "EnforceNaming";
const credential = new DefaultAzureCredential();
const client = new PolicyClient(credential);
const result = await client.policyAssignments.get(scope, policyAssignmentName);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample response
{
"properties": {
"displayName": "Enforce resource naming rules",
"description": "Force resource names to begin with given DeptA and end with -LC",
"metadata": {
"assignedBy": "Special Someone"
},
"policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
"definitionVersion": "1.*.*",
"notScopes": [],
"parameters": {
"prefix": {
"value": "DeptA"
},
"suffix": {
"value": "-LC"
}
},
"enforcementMode": "Default",
"scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"
},
"identity": {
"type": "SystemAssigned",
"principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a",
"tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135"
},
"location": "westus",
"id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming",
"type": "Microsoft.Authorization/policyAssignments",
"name": "EnforceNaming"
}
Retrieve a policy assignment with a user assigned identity
Sample request
GET https://management.azure.com/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming?api-version=2023-04-01
/**
* Samples for PolicyAssignments Get.
*/
public final class Main {
/*
* x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/
* getPolicyAssignmentWithUserAssignedIdentity.json
*/
/**
* Sample code: Retrieve a policy assignment with a user assigned identity.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
retrieveAPolicyAssignmentWithAUserAssignedIdentity(com.azure.resourcemanager.AzureResourceManager azure) {
azure.genericResources().manager().policyClient().getPolicyAssignments().getWithResponse(
"subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "EnforceNaming", null,
com.azure.core.util.Context.NONE);
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armpolicy_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/219b2e3ef270f18149774eb2793b48baacde982f/specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/getPolicyAssignmentWithUserAssignedIdentity.json
func ExampleAssignmentsClient_Get_retrieveAPolicyAssignmentWithAUserAssignedIdentity() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAssignmentsClient().Get(ctx, "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "EnforceNaming", &armpolicy.AssignmentsClientGetOptions{Expand: nil})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Assignment = armpolicy.Assignment{
// Name: to.Ptr("EnforceNaming"),
// Type: to.Ptr("Microsoft.Authorization/policyAssignments"),
// ID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming"),
// Identity: &armpolicy.Identity{
// Type: to.Ptr(armpolicy.ResourceIdentityTypeUserAssigned),
// UserAssignedIdentities: map[string]*armpolicy.UserAssignedIdentitiesValue{
// "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-identity": &armpolicy.UserAssignedIdentitiesValue{
// ClientID: to.Ptr("4bee2b8a-1bee-47c2-90e9-404241551135"),
// PrincipalID: to.Ptr("e6d23f8d-af97-4fbc-bda6-00604e4e3d0a"),
// },
// },
// },
// Location: to.Ptr("westus"),
// Properties: &armpolicy.AssignmentProperties{
// Description: to.Ptr("Force resource names to begin with given DeptA and end with -LC"),
// DefinitionVersion: to.Ptr("1.*.*"),
// DisplayName: to.Ptr("Enforce resource naming rules"),
// EnforcementMode: to.Ptr(armpolicy.EnforcementModeDefault),
// Metadata: map[string]any{
// "assignedBy": "Special Someone",
// },
// NotScopes: []*string{
// },
// Parameters: map[string]*armpolicy.ParameterValuesValue{
// "prefix": &armpolicy.ParameterValuesValue{
// Value: "DeptA",
// },
// "suffix": &armpolicy.ParameterValuesValue{
// Value: "-LC",
// },
// },
// PolicyDefinitionID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
// Scope: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { PolicyClient } = require("@azure/arm-policy");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to This operation retrieves a single policy assignment, given its name and the scope it was created at.
*
* @summary This operation retrieves a single policy assignment, given its name and the scope it was created at.
* x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/getPolicyAssignmentWithUserAssignedIdentity.json
*/
async function retrieveAPolicyAssignmentWithAUserAssignedIdentity() {
const scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2";
const policyAssignmentName = "EnforceNaming";
const credential = new DefaultAzureCredential();
const client = new PolicyClient(credential);
const result = await client.policyAssignments.get(scope, policyAssignmentName);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample response
{
"properties": {
"displayName": "Enforce resource naming rules",
"description": "Force resource names to begin with given DeptA and end with -LC",
"metadata": {
"assignedBy": "Special Someone"
},
"policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
"definitionVersion": "1.*.*",
"notScopes": [],
"parameters": {
"prefix": {
"value": "DeptA"
},
"suffix": {
"value": "-LC"
}
},
"enforcementMode": "Default",
"scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"
},
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-identity": {
"principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a",
"clientId": "4bee2b8a-1bee-47c2-90e9-404241551135"
}
}
},
"location": "westus",
"id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming",
"type": "Microsoft.Authorization/policyAssignments",
"name": "EnforceNaming"
}
Retrieve a policy assignment with overrides
Sample request
GET https://management.azure.com/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement?api-version=2023-04-01
/**
* Samples for PolicyAssignments Get.
*/
public final class Main {
/*
* x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/
* getPolicyAssignmentWithOverrides.json
*/
/**
* Sample code: Retrieve a policy assignment with overrides.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void retrieveAPolicyAssignmentWithOverrides(com.azure.resourcemanager.AzureResourceManager azure) {
azure.genericResources().manager().policyClient().getPolicyAssignments().getWithResponse(
"subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "CostManagement", null,
com.azure.core.util.Context.NONE);
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armpolicy_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/219b2e3ef270f18149774eb2793b48baacde982f/specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/getPolicyAssignmentWithOverrides.json
func ExampleAssignmentsClient_Get_retrieveAPolicyAssignmentWithOverrides() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAssignmentsClient().Get(ctx, "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "CostManagement", &armpolicy.AssignmentsClientGetOptions{Expand: nil})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Assignment = armpolicy.Assignment{
// Name: to.Ptr("CostManagement"),
// Type: to.Ptr("Microsoft.Authorization/policyAssignments"),
// ID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement"),
// Properties: &armpolicy.AssignmentProperties{
// Description: to.Ptr("Limit the resource location and resource SKU"),
// DefinitionVersion: to.Ptr("1.*.*"),
// DisplayName: to.Ptr("Limit the resource location and resource SKU"),
// EnforcementMode: to.Ptr(armpolicy.EnforcementModeDefault),
// Metadata: map[string]any{
// "assignedBy": "Special Someone",
// },
// NotScopes: []*string{
// },
// Overrides: []*armpolicy.Override{
// {
// Kind: to.Ptr(armpolicy.OverrideKindPolicyEffect),
// Selectors: []*armpolicy.Selector{
// {
// In: []*string{
// to.Ptr("Limit_Skus"),
// to.Ptr("Limit_Locations")},
// Kind: to.Ptr(armpolicy.SelectorKindPolicyDefinitionReferenceID),
// }},
// Value: to.Ptr("Audit"),
// }},
// PolicyDefinitionID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement"),
// Scope: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { PolicyClient } = require("@azure/arm-policy");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to This operation retrieves a single policy assignment, given its name and the scope it was created at.
*
* @summary This operation retrieves a single policy assignment, given its name and the scope it was created at.
* x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/getPolicyAssignmentWithOverrides.json
*/
async function retrieveAPolicyAssignmentWithOverrides() {
const scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2";
const policyAssignmentName = "CostManagement";
const credential = new DefaultAzureCredential();
const client = new PolicyClient(credential);
const result = await client.policyAssignments.get(scope, policyAssignmentName);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample response
{
"properties": {
"displayName": "Limit the resource location and resource SKU",
"description": "Limit the resource location and resource SKU",
"metadata": {
"assignedBy": "Special Someone"
},
"policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement",
"definitionVersion": "1.*.*",
"notScopes": [],
"enforcementMode": "Default",
"scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
"overrides": [
{
"kind": "policyEffect",
"value": "Audit",
"selectors": [
{
"kind": "policyDefinitionReferenceId",
"in": [
"Limit_Skus",
"Limit_Locations"
]
}
]
}
]
},
"id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement",
"type": "Microsoft.Authorization/policyAssignments",
"name": "CostManagement"
}
Retrieve a policy assignment with resource selectors
Sample request
GET https://management.azure.com/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement?api-version=2023-04-01
/**
* Samples for PolicyAssignments Get.
*/
public final class Main {
/*
* x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/
* getPolicyAssignmentWithResourceSelectors.json
*/
/**
* Sample code: Retrieve a policy assignment with resource selectors.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
retrieveAPolicyAssignmentWithResourceSelectors(com.azure.resourcemanager.AzureResourceManager azure) {
azure.genericResources().manager().policyClient().getPolicyAssignments().getWithResponse(
"subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "CostManagement", null,
com.azure.core.util.Context.NONE);
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armpolicy_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/219b2e3ef270f18149774eb2793b48baacde982f/specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/getPolicyAssignmentWithResourceSelectors.json
func ExampleAssignmentsClient_Get_retrieveAPolicyAssignmentWithResourceSelectors() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAssignmentsClient().Get(ctx, "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "CostManagement", &armpolicy.AssignmentsClientGetOptions{Expand: nil})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Assignment = armpolicy.Assignment{
// Name: to.Ptr("CostManagement"),
// Type: to.Ptr("Microsoft.Authorization/policyAssignments"),
// ID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement"),
// Properties: &armpolicy.AssignmentProperties{
// Description: to.Ptr("Limit the resource location and resource SKU"),
// DefinitionVersion: to.Ptr("1.*.*"),
// DisplayName: to.Ptr("Limit the resource location and resource SKU"),
// EnforcementMode: to.Ptr(armpolicy.EnforcementModeDefault),
// Metadata: map[string]any{
// "assignedBy": "Special Someone",
// },
// NotScopes: []*string{
// },
// PolicyDefinitionID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement"),
// ResourceSelectors: []*armpolicy.ResourceSelector{
// {
// Name: to.Ptr("SDPRegions"),
// Selectors: []*armpolicy.Selector{
// {
// In: []*string{
// to.Ptr("eastus2euap"),
// to.Ptr("centraluseuap")},
// Kind: to.Ptr(armpolicy.SelectorKindResourceLocation),
// }},
// }},
// Scope: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { PolicyClient } = require("@azure/arm-policy");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to This operation retrieves a single policy assignment, given its name and the scope it was created at.
*
* @summary This operation retrieves a single policy assignment, given its name and the scope it was created at.
* x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/getPolicyAssignmentWithResourceSelectors.json
*/
async function retrieveAPolicyAssignmentWithResourceSelectors() {
const scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2";
const policyAssignmentName = "CostManagement";
const credential = new DefaultAzureCredential();
const client = new PolicyClient(credential);
const result = await client.policyAssignments.get(scope, policyAssignmentName);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample response
{
"properties": {
"displayName": "Limit the resource location and resource SKU",
"description": "Limit the resource location and resource SKU",
"metadata": {
"assignedBy": "Special Someone"
},
"policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement",
"definitionVersion": "1.*.*",
"notScopes": [],
"enforcementMode": "Default",
"scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
"resourceSelectors": [
{
"name": "SDPRegions",
"selectors": [
{
"kind": "resourceLocation",
"in": [
"eastus2euap",
"centraluseuap"
]
}
]
}
]
},
"id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement",
"type": "Microsoft.Authorization/policyAssignments",
"name": "CostManagement"
}
Definitions
| Name |
Description |
|
CloudError
|
An error response from a policy operation.
|
|
createdByType
|
The type of identity that created the resource.
|
|
enforcementMode
|
The policy assignment enforcement mode. Possible values are Default and DoNotEnforce.
|
|
ErrorAdditionalInfo
|
The resource management error additional info.
|
|
ErrorResponse
|
Error Response
|
|
Identity
|
Identity for the resource. Policy assignments support a maximum of one identity. That is either a system assigned identity or a single user assigned identity.
|
|
NonComplianceMessage
|
A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results.
|
|
Override
|
The policy property value override.
|
|
OverrideKind
|
The override kind.
|
|
ParameterValuesValue
|
The value of a parameter.
|
|
PolicyAssignment
|
The policy assignment.
|
|
ResourceIdentityType
|
The identity type. This is the only required field when adding a system or user assigned identity to a resource.
|
|
ResourceSelector
|
The resource selector to filter policies by resource properties.
|
|
Selector
|
The selector expression.
|
|
SelectorKind
|
The selector kind.
|
|
systemData
|
Metadata pertaining to creation and last modification of the resource.
|
|
UserAssignedIdentities
|
The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
|
CloudError
Object
An error response from a policy operation.
| Name |
Type |
Description |
|
error
|
ErrorResponse
|
Error Response
Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.)
|
createdByType
Enumeration
The type of identity that created the resource.
| Value |
Description |
|
Application
|
|
|
Key
|
|
|
ManagedIdentity
|
|
|
User
|
|
enforcementMode
Enumeration
The policy assignment enforcement mode. Possible values are Default and DoNotEnforce.
| Value |
Description |
|
Default
|
The policy effect is enforced during resource creation or update.
|
|
DoNotEnforce
|
The policy effect is not enforced during resource creation or update.
|
ErrorAdditionalInfo
Object
The resource management error additional info.
| Name |
Type |
Description |
|
info
|
object
|
The additional info.
|
|
type
|
string
|
The additional info type.
|
ErrorResponse
Object
Error Response
| Name |
Type |
Description |
|
additionalInfo
|
ErrorAdditionalInfo[]
|
The error additional info.
|
|
code
|
string
|
The error code.
|
|
details
|
ErrorResponse[]
|
The error details.
|
|
message
|
string
|
The error message.
|
|
target
|
string
|
The error target.
|
Identity
Object
Identity for the resource. Policy assignments support a maximum of one identity. That is either a system assigned identity or a single user assigned identity.
| Name |
Type |
Description |
|
principalId
|
string
|
The principal ID of the resource identity. This property will only be provided for a system assigned identity
|
|
tenantId
|
string
|
The tenant ID of the resource identity. This property will only be provided for a system assigned identity
|
|
type
|
ResourceIdentityType
|
The identity type. This is the only required field when adding a system or user assigned identity to a resource.
|
|
userAssignedIdentities
|
UserAssignedIdentities
|
The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
|
NonComplianceMessage
Object
A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results.
| Name |
Type |
Description |
|
message
|
string
|
A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results.
|
|
policyDefinitionReferenceId
|
string
|
The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment.
|
Override
Object
The policy property value override.
| Name |
Type |
Description |
|
kind
|
OverrideKind
|
The override kind.
|
|
selectors
|
Selector[]
|
The list of the selector expressions.
|
|
value
|
string
|
The value to override the policy property.
|
OverrideKind
Enumeration
The override kind.
| Value |
Description |
|
policyEffect
|
It will override the policy effect type.
|
ParameterValuesValue
Object
The value of a parameter.
| Name |
Type |
Description |
|
value
|
object
|
The value of the parameter.
|
PolicyAssignment
Object
The policy assignment.
| Name |
Type |
Default value |
Description |
|
id
|
string
|
|
The ID of the policy assignment.
|
|
identity
|
Identity
|
|
The managed identity associated with the policy assignment.
|
|
location
|
string
|
|
The location of the policy assignment. Only required when utilizing managed identity.
|
|
name
|
string
|
|
The name of the policy assignment.
|
|
properties.definitionVersion
|
string
|
|
The version of the policy definition to use.
|
|
properties.description
|
string
|
|
This message will be part of response in case of policy violation.
|
|
properties.displayName
|
string
|
|
The display name of the policy assignment.
|
|
properties.effectiveDefinitionVersion
|
string
|
|
The effective version of the policy definition in use. This is only present if requested via the $expand query parameter.
|
|
properties.enforcementMode
|
enforcementMode
|
Default
|
The policy assignment enforcement mode. Possible values are Default and DoNotEnforce.
|
|
properties.latestDefinitionVersion
|
string
|
|
The latest version of the policy definition available. This is only present if requested via the $expand query parameter.
|
|
properties.metadata
|
object
|
|
The policy assignment metadata. Metadata is an open ended object and is typically a collection of key value pairs.
|
|
properties.nonComplianceMessages
|
NonComplianceMessage[]
|
|
The messages that describe why a resource is non-compliant with the policy.
|
|
properties.notScopes
|
string[]
|
|
The policy's excluded scopes.
|
|
properties.overrides
|
Override[]
|
|
The policy property value override.
|
|
properties.parameters
|
<string,
ParameterValuesValue>
|
|
The parameter values for the assigned policy rule. The keys are the parameter names.
|
|
properties.policyDefinitionId
|
string
|
|
The ID of the policy definition or policy set definition being assigned.
|
|
properties.resourceSelectors
|
ResourceSelector[]
|
|
The resource selector list to filter policies by resource properties.
|
|
properties.scope
|
string
|
|
The scope for the policy assignment.
|
|
systemData
|
systemData
|
|
The system metadata relating to this resource.
|
|
type
|
string
|
|
The type of the policy assignment.
|
ResourceIdentityType
Enumeration
The identity type. This is the only required field when adding a system or user assigned identity to a resource.
| Value |
Description |
|
None
|
Indicates that no identity is associated with the resource or that the existing identity should be removed.
|
|
SystemAssigned
|
Indicates that a system assigned identity is associated with the resource.
|
|
UserAssigned
|
Indicates that a system assigned identity is associated with the resource.
|
ResourceSelector
Object
The resource selector to filter policies by resource properties.
| Name |
Type |
Description |
|
name
|
string
|
The name of the resource selector.
|
|
selectors
|
Selector[]
|
The list of the selector expressions.
|
Selector
Object
The selector expression.
| Name |
Type |
Description |
|
in
|
string[]
|
The list of values to filter in.
|
|
kind
|
SelectorKind
|
The selector kind.
|
|
notIn
|
string[]
|
The list of values to filter out.
|
SelectorKind
Enumeration
The selector kind.
| Value |
Description |
|
policyDefinitionReferenceId
|
The selector kind to filter policies by the policy definition reference ID.
|
|
resourceLocation
|
The selector kind to filter policies by the resource location.
|
|
resourceType
|
The selector kind to filter policies by the resource type.
|
|
resourceWithoutLocation
|
The selector kind to filter policies by the resource without location.
|
systemData
Object
Metadata pertaining to creation and last modification of the resource.
| Name |
Type |
Description |
|
createdAt
|
string
(date-time)
|
The timestamp of resource creation (UTC).
|
|
createdBy
|
string
|
The identity that created the resource.
|
|
createdByType
|
createdByType
|
The type of identity that created the resource.
|
|
lastModifiedAt
|
string
(date-time)
|
The timestamp of resource last modification (UTC)
|
|
lastModifiedBy
|
string
|
The identity that last modified the resource.
|
|
lastModifiedByType
|
createdByType
|
The type of identity that last modified the resource.
|
UserAssignedIdentities
Object
The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.