检索策略分配。
此操作检索单个策略分配,给定其名称和创建范围。
GET https://management.azure.com/{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}?api-version=2023-04-01
具有可选参数:
GET https://management.azure.com/{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}?$expand={$expand}&api-version=2023-04-01
URI 参数
| 名称 |
在 |
必需 |
类型 |
说明 |
|
policyAssignmentName
|
path |
True
|
string
pattern: ^[^<>*%&:\?.+/]*[^<>*%&:\?.+/ ]+$
|
要获取的策略分配的名称。
|
|
scope
|
path |
True
|
string
|
策略分配的范围。 有效范围包括:管理组(格式:'/providers/Microsoft.Management/managementGroups/{managementGroup}')、订阅(格式:'/subscriptions/{subscriptionId}')、资源组(格式:'/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', 或资源(格式:'/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
|
|
api-version
|
query |
True
|
string
minLength: 1
|
用于此操作的 API 版本。
|
|
$expand
|
query |
|
string
|
要包含在响应中的其他属性的逗号分隔列表。 支持的值为“LatestDefinitionVersion, EffectiveDefinitionVersion”。
|
响应
安全性
azure_auth
Azure Active Directory OAuth2 Flow。
类型:
oauth2
流向:
implicit
授权 URL:
https://login.microsoftonline.com/common/oauth2/authorize
作用域
| 名称 |
说明 |
|
user_impersonation
|
模拟用户帐户
|
示例
Retrieve a policy assignment
示例请求
GET https://management.azure.com/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming?api-version=2023-04-01
/**
* Samples for PolicyAssignments Get.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/getPolicyAssignment.
* json
*/
/**
* Sample code: Retrieve a policy assignment.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void retrieveAPolicyAssignment(com.azure.resourcemanager.AzureResourceManager azure) {
azure.genericResources().manager().policyClient().getPolicyAssignments().getWithResponse(
"subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "EnforceNaming", null,
com.azure.core.util.Context.NONE);
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armpolicy_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/219b2e3ef270f18149774eb2793b48baacde982f/specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/getPolicyAssignment.json
func ExampleAssignmentsClient_Get_retrieveAPolicyAssignment() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAssignmentsClient().Get(ctx, "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "EnforceNaming", &armpolicy.AssignmentsClientGetOptions{Expand: nil})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Assignment = armpolicy.Assignment{
// Name: to.Ptr("EnforceNaming"),
// Type: to.Ptr("Microsoft.Authorization/policyAssignments"),
// ID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming"),
// Properties: &armpolicy.AssignmentProperties{
// Description: to.Ptr("Force resource names to begin with given DeptA and end with -LC"),
// DefinitionVersion: to.Ptr("1.*.*"),
// DisplayName: to.Ptr("Enforce resource naming rules"),
// EnforcementMode: to.Ptr(armpolicy.EnforcementModeDefault),
// Metadata: map[string]any{
// "assignedBy": "Special Someone",
// },
// NotScopes: []*string{
// },
// Parameters: map[string]*armpolicy.ParameterValuesValue{
// "prefix": &armpolicy.ParameterValuesValue{
// Value: "DeptA",
// },
// "suffix": &armpolicy.ParameterValuesValue{
// Value: "-LC",
// },
// },
// PolicyDefinitionID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
// Scope: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { PolicyClient } = require("@azure/arm-policy");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to This operation retrieves a single policy assignment, given its name and the scope it was created at.
*
* @summary This operation retrieves a single policy assignment, given its name and the scope it was created at.
* x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/getPolicyAssignment.json
*/
async function retrieveAPolicyAssignment() {
const scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2";
const policyAssignmentName = "EnforceNaming";
const credential = new DefaultAzureCredential();
const client = new PolicyClient(credential);
const result = await client.policyAssignments.get(scope, policyAssignmentName);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
示例响应
{
"properties": {
"displayName": "Enforce resource naming rules",
"description": "Force resource names to begin with given DeptA and end with -LC",
"metadata": {
"assignedBy": "Special Someone"
},
"policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
"definitionVersion": "1.*.*",
"notScopes": [],
"parameters": {
"prefix": {
"value": "DeptA"
},
"suffix": {
"value": "-LC"
}
},
"enforcementMode": "Default",
"scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"
},
"id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming",
"type": "Microsoft.Authorization/policyAssignments",
"name": "EnforceNaming"
}
Retrieve a policy assignment with a system assigned identity
示例请求
GET https://management.azure.com/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming?api-version=2023-04-01
/**
* Samples for PolicyAssignments Get.
*/
public final class Main {
/*
* x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/
* getPolicyAssignmentWithIdentity.json
*/
/**
* Sample code: Retrieve a policy assignment with a system assigned identity.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
retrieveAPolicyAssignmentWithASystemAssignedIdentity(com.azure.resourcemanager.AzureResourceManager azure) {
azure.genericResources().manager().policyClient().getPolicyAssignments().getWithResponse(
"subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "EnforceNaming", null,
com.azure.core.util.Context.NONE);
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armpolicy_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/219b2e3ef270f18149774eb2793b48baacde982f/specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/getPolicyAssignmentWithIdentity.json
func ExampleAssignmentsClient_Get_retrieveAPolicyAssignmentWithASystemAssignedIdentity() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAssignmentsClient().Get(ctx, "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "EnforceNaming", &armpolicy.AssignmentsClientGetOptions{Expand: nil})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Assignment = armpolicy.Assignment{
// Name: to.Ptr("EnforceNaming"),
// Type: to.Ptr("Microsoft.Authorization/policyAssignments"),
// ID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming"),
// Identity: &armpolicy.Identity{
// Type: to.Ptr(armpolicy.ResourceIdentityTypeSystemAssigned),
// PrincipalID: to.Ptr("e6d23f8d-af97-4fbc-bda6-00604e4e3d0a"),
// TenantID: to.Ptr("4bee2b8a-1bee-47c2-90e9-404241551135"),
// },
// Location: to.Ptr("westus"),
// Properties: &armpolicy.AssignmentProperties{
// Description: to.Ptr("Force resource names to begin with given DeptA and end with -LC"),
// DefinitionVersion: to.Ptr("1.*.*"),
// DisplayName: to.Ptr("Enforce resource naming rules"),
// EnforcementMode: to.Ptr(armpolicy.EnforcementModeDefault),
// Metadata: map[string]any{
// "assignedBy": "Special Someone",
// },
// NotScopes: []*string{
// },
// Parameters: map[string]*armpolicy.ParameterValuesValue{
// "prefix": &armpolicy.ParameterValuesValue{
// Value: "DeptA",
// },
// "suffix": &armpolicy.ParameterValuesValue{
// Value: "-LC",
// },
// },
// PolicyDefinitionID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
// Scope: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { PolicyClient } = require("@azure/arm-policy");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to This operation retrieves a single policy assignment, given its name and the scope it was created at.
*
* @summary This operation retrieves a single policy assignment, given its name and the scope it was created at.
* x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/getPolicyAssignmentWithIdentity.json
*/
async function retrieveAPolicyAssignmentWithASystemAssignedIdentity() {
const scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2";
const policyAssignmentName = "EnforceNaming";
const credential = new DefaultAzureCredential();
const client = new PolicyClient(credential);
const result = await client.policyAssignments.get(scope, policyAssignmentName);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
示例响应
{
"properties": {
"displayName": "Enforce resource naming rules",
"description": "Force resource names to begin with given DeptA and end with -LC",
"metadata": {
"assignedBy": "Special Someone"
},
"policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
"definitionVersion": "1.*.*",
"notScopes": [],
"parameters": {
"prefix": {
"value": "DeptA"
},
"suffix": {
"value": "-LC"
}
},
"enforcementMode": "Default",
"scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"
},
"identity": {
"type": "SystemAssigned",
"principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a",
"tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135"
},
"___location": "westus",
"id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming",
"type": "Microsoft.Authorization/policyAssignments",
"name": "EnforceNaming"
}
Retrieve a policy assignment with a user assigned identity
示例请求
GET https://management.azure.com/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming?api-version=2023-04-01
/**
* Samples for PolicyAssignments Get.
*/
public final class Main {
/*
* x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/
* getPolicyAssignmentWithUserAssignedIdentity.json
*/
/**
* Sample code: Retrieve a policy assignment with a user assigned identity.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
retrieveAPolicyAssignmentWithAUserAssignedIdentity(com.azure.resourcemanager.AzureResourceManager azure) {
azure.genericResources().manager().policyClient().getPolicyAssignments().getWithResponse(
"subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "EnforceNaming", null,
com.azure.core.util.Context.NONE);
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armpolicy_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/219b2e3ef270f18149774eb2793b48baacde982f/specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/getPolicyAssignmentWithUserAssignedIdentity.json
func ExampleAssignmentsClient_Get_retrieveAPolicyAssignmentWithAUserAssignedIdentity() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAssignmentsClient().Get(ctx, "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "EnforceNaming", &armpolicy.AssignmentsClientGetOptions{Expand: nil})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Assignment = armpolicy.Assignment{
// Name: to.Ptr("EnforceNaming"),
// Type: to.Ptr("Microsoft.Authorization/policyAssignments"),
// ID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming"),
// Identity: &armpolicy.Identity{
// Type: to.Ptr(armpolicy.ResourceIdentityTypeUserAssigned),
// UserAssignedIdentities: map[string]*armpolicy.UserAssignedIdentitiesValue{
// "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-identity": &armpolicy.UserAssignedIdentitiesValue{
// ClientID: to.Ptr("4bee2b8a-1bee-47c2-90e9-404241551135"),
// PrincipalID: to.Ptr("e6d23f8d-af97-4fbc-bda6-00604e4e3d0a"),
// },
// },
// },
// Location: to.Ptr("westus"),
// Properties: &armpolicy.AssignmentProperties{
// Description: to.Ptr("Force resource names to begin with given DeptA and end with -LC"),
// DefinitionVersion: to.Ptr("1.*.*"),
// DisplayName: to.Ptr("Enforce resource naming rules"),
// EnforcementMode: to.Ptr(armpolicy.EnforcementModeDefault),
// Metadata: map[string]any{
// "assignedBy": "Special Someone",
// },
// NotScopes: []*string{
// },
// Parameters: map[string]*armpolicy.ParameterValuesValue{
// "prefix": &armpolicy.ParameterValuesValue{
// Value: "DeptA",
// },
// "suffix": &armpolicy.ParameterValuesValue{
// Value: "-LC",
// },
// },
// PolicyDefinitionID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
// Scope: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { PolicyClient } = require("@azure/arm-policy");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to This operation retrieves a single policy assignment, given its name and the scope it was created at.
*
* @summary This operation retrieves a single policy assignment, given its name and the scope it was created at.
* x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/getPolicyAssignmentWithUserAssignedIdentity.json
*/
async function retrieveAPolicyAssignmentWithAUserAssignedIdentity() {
const scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2";
const policyAssignmentName = "EnforceNaming";
const credential = new DefaultAzureCredential();
const client = new PolicyClient(credential);
const result = await client.policyAssignments.get(scope, policyAssignmentName);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
示例响应
{
"properties": {
"displayName": "Enforce resource naming rules",
"description": "Force resource names to begin with given DeptA and end with -LC",
"metadata": {
"assignedBy": "Special Someone"
},
"policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
"definitionVersion": "1.*.*",
"notScopes": [],
"parameters": {
"prefix": {
"value": "DeptA"
},
"suffix": {
"value": "-LC"
}
},
"enforcementMode": "Default",
"scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"
},
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-identity": {
"principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a",
"clientId": "4bee2b8a-1bee-47c2-90e9-404241551135"
}
}
},
"___location": "westus",
"id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming",
"type": "Microsoft.Authorization/policyAssignments",
"name": "EnforceNaming"
}
Retrieve a policy assignment with overrides
示例请求
GET https://management.azure.com/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement?api-version=2023-04-01
/**
* Samples for PolicyAssignments Get.
*/
public final class Main {
/*
* x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/
* getPolicyAssignmentWithOverrides.json
*/
/**
* Sample code: Retrieve a policy assignment with overrides.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void retrieveAPolicyAssignmentWithOverrides(com.azure.resourcemanager.AzureResourceManager azure) {
azure.genericResources().manager().policyClient().getPolicyAssignments().getWithResponse(
"subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "CostManagement", null,
com.azure.core.util.Context.NONE);
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armpolicy_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/219b2e3ef270f18149774eb2793b48baacde982f/specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/getPolicyAssignmentWithOverrides.json
func ExampleAssignmentsClient_Get_retrieveAPolicyAssignmentWithOverrides() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAssignmentsClient().Get(ctx, "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "CostManagement", &armpolicy.AssignmentsClientGetOptions{Expand: nil})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Assignment = armpolicy.Assignment{
// Name: to.Ptr("CostManagement"),
// Type: to.Ptr("Microsoft.Authorization/policyAssignments"),
// ID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement"),
// Properties: &armpolicy.AssignmentProperties{
// Description: to.Ptr("Limit the resource ___location and resource SKU"),
// DefinitionVersion: to.Ptr("1.*.*"),
// DisplayName: to.Ptr("Limit the resource ___location and resource SKU"),
// EnforcementMode: to.Ptr(armpolicy.EnforcementModeDefault),
// Metadata: map[string]any{
// "assignedBy": "Special Someone",
// },
// NotScopes: []*string{
// },
// Overrides: []*armpolicy.Override{
// {
// Kind: to.Ptr(armpolicy.OverrideKindPolicyEffect),
// Selectors: []*armpolicy.Selector{
// {
// In: []*string{
// to.Ptr("Limit_Skus"),
// to.Ptr("Limit_Locations")},
// Kind: to.Ptr(armpolicy.SelectorKindPolicyDefinitionReferenceID),
// }},
// Value: to.Ptr("Audit"),
// }},
// PolicyDefinitionID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement"),
// Scope: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { PolicyClient } = require("@azure/arm-policy");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to This operation retrieves a single policy assignment, given its name and the scope it was created at.
*
* @summary This operation retrieves a single policy assignment, given its name and the scope it was created at.
* x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/getPolicyAssignmentWithOverrides.json
*/
async function retrieveAPolicyAssignmentWithOverrides() {
const scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2";
const policyAssignmentName = "CostManagement";
const credential = new DefaultAzureCredential();
const client = new PolicyClient(credential);
const result = await client.policyAssignments.get(scope, policyAssignmentName);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
示例响应
{
"properties": {
"displayName": "Limit the resource ___location and resource SKU",
"description": "Limit the resource ___location and resource SKU",
"metadata": {
"assignedBy": "Special Someone"
},
"policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement",
"definitionVersion": "1.*.*",
"notScopes": [],
"enforcementMode": "Default",
"scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
"overrides": [
{
"kind": "policyEffect",
"value": "Audit",
"selectors": [
{
"kind": "policyDefinitionReferenceId",
"in": [
"Limit_Skus",
"Limit_Locations"
]
}
]
}
]
},
"id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement",
"type": "Microsoft.Authorization/policyAssignments",
"name": "CostManagement"
}
Retrieve a policy assignment with resource selectors
示例请求
GET https://management.azure.com/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement?api-version=2023-04-01
/**
* Samples for PolicyAssignments Get.
*/
public final class Main {
/*
* x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/
* getPolicyAssignmentWithResourceSelectors.json
*/
/**
* Sample code: Retrieve a policy assignment with resource selectors.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
retrieveAPolicyAssignmentWithResourceSelectors(com.azure.resourcemanager.AzureResourceManager azure) {
azure.genericResources().manager().policyClient().getPolicyAssignments().getWithResponse(
"subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "CostManagement", null,
com.azure.core.util.Context.NONE);
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armpolicy_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/219b2e3ef270f18149774eb2793b48baacde982f/specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/getPolicyAssignmentWithResourceSelectors.json
func ExampleAssignmentsClient_Get_retrieveAPolicyAssignmentWithResourceSelectors() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAssignmentsClient().Get(ctx, "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "CostManagement", &armpolicy.AssignmentsClientGetOptions{Expand: nil})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Assignment = armpolicy.Assignment{
// Name: to.Ptr("CostManagement"),
// Type: to.Ptr("Microsoft.Authorization/policyAssignments"),
// ID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement"),
// Properties: &armpolicy.AssignmentProperties{
// Description: to.Ptr("Limit the resource ___location and resource SKU"),
// DefinitionVersion: to.Ptr("1.*.*"),
// DisplayName: to.Ptr("Limit the resource ___location and resource SKU"),
// EnforcementMode: to.Ptr(armpolicy.EnforcementModeDefault),
// Metadata: map[string]any{
// "assignedBy": "Special Someone",
// },
// NotScopes: []*string{
// },
// PolicyDefinitionID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement"),
// ResourceSelectors: []*armpolicy.ResourceSelector{
// {
// Name: to.Ptr("SDPRegions"),
// Selectors: []*armpolicy.Selector{
// {
// In: []*string{
// to.Ptr("eastus2euap"),
// to.Ptr("centraluseuap")},
// Kind: to.Ptr(armpolicy.SelectorKindResourceLocation),
// }},
// }},
// Scope: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2"),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { PolicyClient } = require("@azure/arm-policy");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to This operation retrieves a single policy assignment, given its name and the scope it was created at.
*
* @summary This operation retrieves a single policy assignment, given its name and the scope it was created at.
* x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/getPolicyAssignmentWithResourceSelectors.json
*/
async function retrieveAPolicyAssignmentWithResourceSelectors() {
const scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2";
const policyAssignmentName = "CostManagement";
const credential = new DefaultAzureCredential();
const client = new PolicyClient(credential);
const result = await client.policyAssignments.get(scope, policyAssignmentName);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
示例响应
{
"properties": {
"displayName": "Limit the resource ___location and resource SKU",
"description": "Limit the resource ___location and resource SKU",
"metadata": {
"assignedBy": "Special Someone"
},
"policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement",
"definitionVersion": "1.*.*",
"notScopes": [],
"enforcementMode": "Default",
"scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
"resourceSelectors": [
{
"name": "SDPRegions",
"selectors": [
{
"kind": "resourceLocation",
"in": [
"eastus2euap",
"centraluseuap"
]
}
]
}
]
},
"id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement",
"type": "Microsoft.Authorization/policyAssignments",
"name": "CostManagement"
}
定义
CloudError
Object
策略操作的错误响应。
| 名称 |
类型 |
说明 |
|
error
|
ErrorResponse
|
错误响应
所有 Azure 资源管理器 API 的常见错误响应,以返回失败操作的错误详细信息。 (这也遵循 OData 错误响应格式。)
|
createdByType
枚举
创建资源的标识的类型。
| 值 |
说明 |
|
Application
|
|
|
Key
|
|
|
ManagedIdentity
|
|
|
User
|
|
enforcementMode
枚举
策略分配强制模式。 可能的值为 Default 和 DoNotEnforce。
| 值 |
说明 |
|
Default
|
在资源创建或更新期间强制实施策略效果。
|
|
DoNotEnforce
|
在资源创建或更新期间,不会强制实施策略效果。
|
ErrorAdditionalInfo
Object
资源管理错误附加信息。
| 名称 |
类型 |
说明 |
|
info
|
object
|
其他信息。
|
|
type
|
string
|
其他信息类型。
|
ErrorResponse
Object
错误响应
Identity
Object
资源的标识。 策略分配最多支持一个标识。 这是系统分配的标识或单个用户分配的标识。
| 名称 |
类型 |
说明 |
|
principalId
|
string
|
资源标识的主体 ID。 此属性仅针对系统分配的标识提供
|
|
tenantId
|
string
|
资源标识的租户 ID。 此属性仅针对系统分配的标识提供
|
|
type
|
ResourceIdentityType
|
标识类型。 这是将系统或用户分配的标识添加到资源时的唯一必填字段。
|
|
userAssignedIdentities
|
UserAssignedIdentities
|
与策略关联的用户标识。 用户标识字典密钥引用的格式为 ARM 资源 ID:“/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}”。
|
NonComplianceMessage
Object
描述资源不符合策略的原因的消息。 这会显示在“拒绝”错误消息中,以及资源的不符合符合性结果。
| 名称 |
类型 |
说明 |
|
message
|
string
|
描述资源不符合策略的原因的消息。 这会显示在“拒绝”错误消息中,以及资源的不符合符合性结果。
|
|
policyDefinitionReferenceId
|
string
|
消息适用于的策略集定义中的策略定义引用 ID。 这仅适用于策略分配分配策略集定义。 如果未提供此消息,则消息适用于此策略分配分配的所有策略。
|
Override
Object
策略属性值重写。
OverrideKind
枚举
重写类型。
| 值 |
说明 |
|
policyEffect
|
它将替代策略效果类型。
|
ParameterValuesValue
Object
参数的值。
| 名称 |
类型 |
说明 |
|
value
|
object
|
参数的值。
|
PolicyAssignment
Object
策略分配。
| 名称 |
类型 |
默认值 |
说明 |
|
id
|
string
|
|
策略分配的 ID。
|
|
identity
|
Identity
|
|
与策略分配关联的托管标识。
|
|
___location
|
string
|
|
策略分配的位置。 仅当使用托管标识时才需要。
|
|
name
|
string
|
|
策略分配的名称。
|
|
properties.definitionVersion
|
string
|
|
要使用的策略定义的版本。
|
|
properties.description
|
string
|
|
如果发生策略冲突,此消息将是响应的一部分。
|
|
properties.displayName
|
string
|
|
策略分配的显示名称。
|
|
properties.effectiveDefinitionVersion
|
string
|
|
正在使用的策略定义的有效版本。 仅当通过$expand查询参数请求时,才存在此参数。
|
|
properties.enforcementMode
|
enforcementMode
|
Default
|
策略分配强制模式。 可能的值为 Default 和 DoNotEnforce。
|
|
properties.latestDefinitionVersion
|
string
|
|
可用的策略定义的最新版本。 仅当通过$expand查询参数请求时,才存在此参数。
|
|
properties.metadata
|
object
|
|
策略分配元数据。 元数据是一个开放结束的对象,通常是键值对的集合。
|
|
properties.nonComplianceMessages
|
NonComplianceMessage[]
|
|
描述资源不符合策略的原因的消息。
|
|
properties.notScopes
|
string[]
|
|
策略的排除范围。
|
|
properties.overrides
|
Override[]
|
|
策略属性值重写。
|
|
properties.parameters
|
<string,
ParameterValuesValue>
|
|
分配的策略规则的参数值。 键是参数名称。
|
|
properties.policyDefinitionId
|
string
|
|
要分配的策略定义或策略集定义的 ID。
|
|
properties.resourceSelectors
|
ResourceSelector[]
|
|
按资源属性筛选策略的资源选择器列表。
|
|
properties.scope
|
string
|
|
策略分配的范围。
|
|
systemData
|
systemData
|
|
与此资源相关的系统元数据。
|
|
type
|
string
|
|
策略分配的类型。
|
ResourceIdentityType
枚举
标识类型。 这是将系统或用户分配的标识添加到资源时的唯一必填字段。
| 值 |
说明 |
|
None
|
指示没有与资源关联的标识或应删除现有标识。
|
|
SystemAssigned
|
指示系统分配的标识与资源相关联。
|
|
UserAssigned
|
指示系统分配的标识与资源相关联。
|
ResourceSelector
Object
按资源属性筛选策略的资源选择器。
| 名称 |
类型 |
说明 |
|
name
|
string
|
资源选择器的名称。
|
|
selectors
|
Selector[]
|
选择器表达式的列表。
|
Selector
Object
选择器表达式。
| 名称 |
类型 |
说明 |
|
in
|
string[]
|
要筛选的值列表。
|
|
kind
|
SelectorKind
|
选择器类型。
|
|
notIn
|
string[]
|
要筛选出的值列表。
|
SelectorKind
枚举
选择器类型。
| 值 |
说明 |
|
policyDefinitionReferenceId
|
按策略定义引用 ID 筛选策略的选择器类型。
|
|
resourceLocation
|
按资源位置筛选策略的选择器类型。
|
|
resourceType
|
按资源类型筛选策略的选择器类型。
|
|
resourceWithoutLocation
|
按没有位置的资源筛选策略的选择器类型。
|
systemData
Object
与创建和上次修改资源相关的元数据。
| 名称 |
类型 |
说明 |
|
createdAt
|
string
(date-time)
|
资源创建时间戳(UTC)。
|
|
createdBy
|
string
|
创建资源的标识。
|
|
createdByType
|
createdByType
|
创建资源的标识的类型。
|
|
lastModifiedAt
|
string
(date-time)
|
上次修改的资源时间戳(UTC)
|
|
lastModifiedBy
|
string
|
上次修改资源的标识。
|
|
lastModifiedByType
|
createdByType
|
上次修改资源的标识的类型。
|
UserAssignedIdentities
Object
与策略关联的用户标识。 用户标识字典密钥引用的格式为 ARM 资源 ID:“/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}”。