Policy Set Definitions - Create Or Update

Referens

Tjänst:: Policy

API-version:: 2023-04-01

Den här åtgärden skapar eller uppdaterar en principuppsättningsdefinition i den angivna prenumerationen med det angivna namnet.

PUT https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}?api-version=2023-04-01

URI-parametrar

Name	I	Obligatorisk	Typ	Description
policySetDefinitionName	path	True	string pattern: ^[^<>%&:\?.+/][^<>*%&:\?.+/ ]+$	Namnet på den principuppsättningsdefinition som ska skapas.
subscriptionId	path	True	string (uuid)	ID för målprenumerationen. Värdet måste vara ett UUID.
api-version	query	True	string minLength: 1	DEN API-version som ska användas för den här åtgärden.

Begärandetext

Name	Obligatorisk	Typ	Description
properties.policyDefinitions	True	PolicyDefinitionReference[]	En matris med principdefinitionsreferenser.
properties.description		string	Definitionsbeskrivningen för principuppsättningen.
properties.displayName		string	Visningsnamnet för principuppsättningsdefinitionen.
properties.metadata		object	Definitionsmetadata för principuppsättningen. Metadata är ett öppet slutobjekt och är vanligtvis en samling nyckelvärdepar.
properties.parameters		<string, ParameterDefinitionsValue>	Definitionsparametrar för principuppsättningar som kan användas i principdefinitionsreferenser.
properties.policyDefinitionGroups		PolicyDefinitionGroup[]	Metadata som beskriver grupper av principdefinitionsreferenser i principuppsättningsdefinitionen.
properties.policyType		policyType	Typ av principuppsättningsdefinition. Möjliga värden är NotSpecified, BuiltIn, Custom och Static.
properties.version		string	Principuppsättningens definitionsversion i #.#.#-format.
properties.versions		string[]	En lista över tillgängliga versioner för den här principuppsättningsdefinitionen.

Svar

Name	Typ	Description
200 OK	PolicySetDefinition	OK – Returnerar information om principuppsättningsdefinitionen.
201 Created	PolicySetDefinition	Skapad – Returnerar information om principuppsättningsdefinitionen.
Other Status Codes	CloudError	Felsvar som beskriver varför åtgärden misslyckades.

Säkerhet

azure_auth

Azure Active Directory OAuth2 Flow.

Typ: oauth2
Flow: implicit
Auktoriseringswebbadress: https://login.microsoftonline.com/common/oauth2/authorize

Omfattningar

Name	Description
user_impersonation	personifiera ditt användarkonto

Exempel

Create or update a policy set definition

Create or update a policy set definition with groups

Create or update a policy set definition

Exempelbegäran

PUT https://management.azure.com/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement?api-version=2023-04-01

{
  "properties": {
    "displayName": "Cost Management",
    "description": "Policies to enforce low cost storage SKUs",
    "metadata": {
      "category": "Cost Management"
    },
    "parameters": {
      "namePrefix": {
        "type": "String",
        "defaultValue": "myPrefix",
        "metadata": {
          "displayName": "Prefix to enforce on resource names"
        }
      }
    },
    "policyDefinitions": [
      {
        "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1",
        "policyDefinitionReferenceId": "Limit_Skus",
        "parameters": {
          "listOfAllowedSKUs": {
            "value": [
              "Standard_GRS",
              "Standard_LRS"
            ]
          }
        }
      },
      {
        "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
        "policyDefinitionReferenceId": "Resource_Naming",
        "parameters": {
          "prefix": {
            "value": "[parameters('namePrefix')]"
          },
          "suffix": {
            "value": "-LC"
          }
        }
      }
    ]
  }
}


import com.azure.core.management.serializer.SerializerFactory;
import com.azure.core.util.serializer.SerializerEncoding;
import com.azure.resourcemanager.resources.fluent.models.PolicySetDefinitionInner;
import com.azure.resourcemanager.resources.models.ParameterDefinitionsValue;
import com.azure.resourcemanager.resources.models.ParameterDefinitionsValueMetadata;
import com.azure.resourcemanager.resources.models.ParameterType;
import com.azure.resourcemanager.resources.models.ParameterValuesValue;
import com.azure.resourcemanager.resources.models.PolicyDefinitionReference;
import java.io.IOException;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;

/**
 * Samples for PolicySetDefinitions CreateOrUpdate.
 */
public final class Main {
    /*
     * x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/
     * createOrUpdatePolicySetDefinition.json
     */
    /**
     * Sample code: Create or update a policy set definition.
     * 
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void createOrUpdateAPolicySetDefinition(com.azure.resourcemanager.AzureResourceManager azure)
        throws IOException {
        azure.genericResources().manager().policyClient().getPolicySetDefinitions()
            .createOrUpdateWithResponse("CostManagement", new PolicySetDefinitionInner()
                .withDisplayName("Cost Management").withDescription("Policies to enforce low cost storage SKUs")
                .withMetadata(SerializerFactory.createDefaultManagementSerializerAdapter()
                    .deserialize("{\"category\":\"Cost Management\"}", Object.class, SerializerEncoding.JSON))
                .withParameters(mapOf("namePrefix",
                    new ParameterDefinitionsValue().withType(ParameterType.STRING).withDefaultValue("myPrefix")
                        .withMetadata(new ParameterDefinitionsValueMetadata()
                            .withDisplayName("Prefix to enforce on resource names").withAdditionalProperties(mapOf()))))
                .withPolicyDefinitions(Arrays.asList(new PolicyDefinitionReference().withPolicyDefinitionId(
                    "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1")
                    .withParameters(mapOf("listOfAllowedSKUs",
                        new ParameterValuesValue()
                            .withValue(SerializerFactory.createDefaultManagementSerializerAdapter().deserialize(
                                "[\"Standard_GRS\",\"Standard_LRS\"]", Object.class, SerializerEncoding.JSON))))
                    .withPolicyDefinitionReferenceId("Limit_Skus"),
                    new PolicyDefinitionReference().withPolicyDefinitionId(
                        "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming")
                        .withParameters(
                            mapOf("prefix", new ParameterValuesValue().withValue("[parameters('namePrefix')]"),
                                "suffix", new ParameterValuesValue().withValue("-LC")))
                        .withPolicyDefinitionReferenceId("Resource_Naming"))),
                com.azure.core.util.Context.NONE);
    }

    // Use "Map.of" if available
    @SuppressWarnings("unchecked")
    private static <T> Map<String, T> mapOf(Object... inputs) {
        Map<String, T> map = new HashMap<>();
        for (int i = 0; i < inputs.length; i += 2) {
            String key = (String) inputs[i];
            T value = (T) inputs[i + 1];
            map.put(key, value);
        }
        return map;
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

from azure.identity import DefaultAzureCredential

from azure.mgmt.resource import PolicyClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-resource
# USAGE
    python create_or_update_policy_set_definition.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = PolicyClient(
        credential=DefaultAzureCredential(),
        subscription_id="ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
    )

    response = client.policy_set_definitions.create_or_update(
        policy_set_definition_name="CostManagement",
        parameters={
            "properties": {
                "description": "Policies to enforce low cost storage SKUs",
                "displayName": "Cost Management",
                "metadata": {"category": "Cost Management"},
                "parameters": {
                    "namePrefix": {
                        "defaultValue": "myPrefix",
                        "metadata": {"displayName": "Prefix to enforce on resource names"},
                        "type": "String",
                    }
                },
                "policyDefinitions": [
                    {
                        "parameters": {"listOfAllowedSKUs": {"value": ["Standard_GRS", "Standard_LRS"]}},
                        "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1",
                        "policyDefinitionReferenceId": "Limit_Skus",
                    },
                    {
                        "parameters": {"prefix": {"value": "[parameters('namePrefix')]"}, "suffix": {"value": "-LC"}},
                        "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
                        "policyDefinitionReferenceId": "Resource_Naming",
                    },
                ],
            }
        },
    )
    print(response)


# x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/createOrUpdatePolicySetDefinition.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armpolicy_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/219b2e3ef270f18149774eb2793b48baacde982f/specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/createOrUpdatePolicySetDefinition.json
func ExampleSetDefinitionsClient_CreateOrUpdate_createOrUpdateAPolicySetDefinition() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewSetDefinitionsClient().CreateOrUpdate(ctx, "CostManagement", armpolicy.SetDefinition{
		Properties: &armpolicy.SetDefinitionProperties{
			Description: to.Ptr("Policies to enforce low cost storage SKUs"),
			DisplayName: to.Ptr("Cost Management"),
			Metadata: map[string]any{
				"category": "Cost Management",
			},
			Parameters: map[string]*armpolicy.ParameterDefinitionsValue{
				"namePrefix": {
					Type:         to.Ptr(armpolicy.ParameterTypeString),
					DefaultValue: "myPrefix",
					Metadata: &armpolicy.ParameterDefinitionsValueMetadata{
						DisplayName: to.Ptr("Prefix to enforce on resource names"),
					},
				},
			},
			PolicyDefinitions: []*armpolicy.DefinitionReference{
				{
					Parameters: map[string]*armpolicy.ParameterValuesValue{
						"listOfAllowedSKUs": {
							Value: []any{
								"Standard_GRS",
								"Standard_LRS",
							},
						},
					},
					PolicyDefinitionID:          to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1"),
					PolicyDefinitionReferenceID: to.Ptr("Limit_Skus"),
				},
				{
					Parameters: map[string]*armpolicy.ParameterValuesValue{
						"prefix": {
							Value: "[parameters('namePrefix')]",
						},
						"suffix": {
							Value: "-LC",
						},
					},
					PolicyDefinitionID:          to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
					PolicyDefinitionReferenceID: to.Ptr("Resource_Naming"),
				}},
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.SetDefinition = armpolicy.SetDefinition{
	// 	Name: to.Ptr("CostManagement"),
	// 	Type: to.Ptr("Microsoft.Authorization/policySetDefinitions"),
	// 	ID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement"),
	// 	Properties: &armpolicy.SetDefinitionProperties{
	// 		Description: to.Ptr("Policies to enforce low cost storage SKUs"),
	// 		DisplayName: to.Ptr("Cost Management"),
	// 		Metadata: map[string]any{
	// 			"category": "Cost Management",
	// 		},
	// 		Parameters: map[string]*armpolicy.ParameterDefinitionsValue{
	// 			"namePrefix": &armpolicy.ParameterDefinitionsValue{
	// 				Type: to.Ptr(armpolicy.ParameterTypeString),
	// 				DefaultValue: "myPrefix",
	// 				Metadata: &armpolicy.ParameterDefinitionsValueMetadata{
	// 					DisplayName: to.Ptr("Prefix to enforce on resource names"),
	// 				},
	// 			},
	// 		},
	// 		PolicyDefinitions: []*armpolicy.DefinitionReference{
	// 			{
	// 				Parameters: map[string]*armpolicy.ParameterValuesValue{
	// 					"listOfAllowedSKUs": &armpolicy.ParameterValuesValue{
	// 						Value: []any{
	// 							"Standard_GRS",
	// 							"Standard_LRS",
	// 						},
	// 					},
	// 				},
	// 				PolicyDefinitionID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1"),
	// 				PolicyDefinitionReferenceID: to.Ptr("Limit_Skus"),
	// 			},
	// 			{
	// 				Parameters: map[string]*armpolicy.ParameterValuesValue{
	// 					"prefix": &armpolicy.ParameterValuesValue{
	// 						Value: "[parameters('namePrefix')]",
	// 					},
	// 					"suffix": &armpolicy.ParameterValuesValue{
	// 						Value: "-LC",
	// 					},
	// 				},
	// 				PolicyDefinitionID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
	// 				PolicyDefinitionReferenceID: to.Ptr("Resource_Naming"),
	// 		}},
	// 	},
	// }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { PolicyClient } = require("@azure/arm-policy");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");

/**
 * This sample demonstrates how to This operation creates or updates a policy set definition in the given subscription with the given name.
 *
 * @summary This operation creates or updates a policy set definition in the given subscription with the given name.
 * x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/createOrUpdatePolicySetDefinition.json
 */
async function createOrUpdateAPolicySetDefinition() {
  const subscriptionId =
    process.env["POLICY_SUBSCRIPTION_ID"] || "ae640e6b-ba3e-4256-9d62-2993eecfa6f2";
  const policySetDefinitionName = "CostManagement";
  const parameters = {
    description: "Policies to enforce low cost storage SKUs",
    displayName: "Cost Management",
    metadata: { category: "Cost Management" },
    parameters: {
      namePrefix: {
        type: "String",
        defaultValue: "myPrefix",
        metadata: { displayName: "Prefix to enforce on resource names" },
      },
    },
    policyDefinitions: [
      {
        parameters: {
          listOfAllowedSKUs: { value: ["Standard_GRS", "Standard_LRS"] },
        },
        policyDefinitionId:
          "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1",
        policyDefinitionReferenceId: "Limit_Skus",
      },
      {
        parameters: {
          prefix: { value: "[parameters('namePrefix')]" },
          suffix: { value: "-LC" },
        },
        policyDefinitionId:
          "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
        policyDefinitionReferenceId: "Resource_Naming",
      },
    ],
  };
  const credential = new DefaultAzureCredential();
  const client = new PolicyClient(credential, subscriptionId);
  const result = await client.policySetDefinitions.createOrUpdate(
    policySetDefinitionName,
    parameters,
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Exempelsvar

Statuskod:: 201

{
  "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement",
  "type": "Microsoft.Authorization/policySetDefinitions",
  "name": "CostManagement",
  "properties": {
    "displayName": "Cost Management",
    "description": "Policies to enforce low cost storage SKUs",
    "metadata": {
      "category": "Cost Management"
    },
    "version": "1.2.1",
    "versions": [
      "1.2.1",
      "1.0.0"
    ],
    "parameters": {
      "namePrefix": {
        "type": "String",
        "defaultValue": "myPrefix",
        "metadata": {
          "displayName": "Prefix to enforce on resource names"
        }
      }
    },
    "policyDefinitions": [
      {
        "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1",
        "definitionVersion": "1.*.*",
        "policyDefinitionReferenceId": "Limit_Skus",
        "parameters": {
          "listOfAllowedSKUs": {
            "value": [
              "Standard_GRS",
              "Standard_LRS"
            ]
          }
        }
      },
      {
        "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
        "definitionVersion": "1.*.*",
        "policyDefinitionReferenceId": "Resource_Naming",
        "parameters": {
          "prefix": {
            "value": "[parameters('namePrefix')]"
          },
          "suffix": {
            "value": "-LC"
          }
        }
      }
    ]
  }
}

Statuskod:: 200

{
  "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement",
  "type": "Microsoft.Authorization/policySetDefinitions",
  "name": "CostManagement",
  "properties": {
    "displayName": "Cost Management",
    "description": "Policies to enforce low cost storage SKUs",
    "metadata": {
      "category": "Cost Management"
    },
    "parameters": {
      "namePrefix": {
        "type": "String",
        "defaultValue": "myPrefix",
        "metadata": {
          "displayName": "Prefix to enforce on resource names"
        }
      }
    },
    "policyDefinitions": [
      {
        "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1",
        "policyDefinitionReferenceId": "Limit_Skus",
        "parameters": {
          "listOfAllowedSKUs": {
            "value": [
              "Standard_GRS",
              "Standard_LRS"
            ]
          }
        }
      },
      {
        "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
        "policyDefinitionReferenceId": "Resource_Naming",
        "parameters": {
          "prefix": {
            "value": "[parameters('namePrefix')]"
          },
          "suffix": {
            "value": "-LC"
          }
        }
      }
    ]
  }
}

Create or update a policy set definition with groups

Exempelbegäran

PUT https://management.azure.com/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement?api-version=2023-04-01

{
  "properties": {
    "displayName": "Cost Management",
    "description": "Policies to enforce low cost storage SKUs",
    "metadata": {
      "category": "Cost Management"
    },
    "policyDefinitionGroups": [
      {
        "name": "CostSaving",
        "displayName": "Cost Management Policies",
        "description": "Policies designed to control spend within a subscription."
      },
      {
        "name": "Organizational",
        "displayName": "Organizational Policies",
        "description": "Policies that help enforce resource organization standards within a subscription."
      }
    ],
    "policyDefinitions": [
      {
        "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1",
        "definitionVersion": "1.*.*",
        "policyDefinitionReferenceId": "Limit_Skus",
        "groupNames": [
          "CostSaving"
        ],
        "parameters": {
          "listOfAllowedSKUs": {
            "value": [
              "Standard_GRS",
              "Standard_LRS"
            ]
          }
        }
      },
      {
        "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
        "definitionVersion": "1.*.*",
        "policyDefinitionReferenceId": "Resource_Naming",
        "groupNames": [
          "Organizational"
        ],
        "parameters": {
          "prefix": {
            "value": "DeptA"
          },
          "suffix": {
            "value": "-LC"
          }
        }
      }
    ]
  }
}


import com.azure.core.management.serializer.SerializerFactory;
import com.azure.core.util.serializer.SerializerEncoding;
import com.azure.resourcemanager.resources.fluent.models.PolicySetDefinitionInner;
import com.azure.resourcemanager.resources.models.ParameterValuesValue;
import com.azure.resourcemanager.resources.models.PolicyDefinitionGroup;
import com.azure.resourcemanager.resources.models.PolicyDefinitionReference;
import java.io.IOException;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;

/**
 * Samples for PolicySetDefinitions CreateOrUpdate.
 */
public final class Main {
    /*
     * x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/
     * createOrUpdatePolicySetDefinitionWithGroups.json
     */
    /**
     * Sample code: Create or update a policy set definition with groups.
     * 
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void createOrUpdateAPolicySetDefinitionWithGroups(
        com.azure.resourcemanager.AzureResourceManager azure) throws IOException {
        azure.genericResources().manager().policyClient().getPolicySetDefinitions()
            .createOrUpdateWithResponse("CostManagement", new PolicySetDefinitionInner()
                .withDisplayName("Cost Management").withDescription("Policies to enforce low cost storage SKUs")
                .withMetadata(SerializerFactory.createDefaultManagementSerializerAdapter()
                    .deserialize("{\"category\":\"Cost Management\"}", Object.class, SerializerEncoding.JSON))
                .withPolicyDefinitions(Arrays.asList(new PolicyDefinitionReference().withPolicyDefinitionId(
                    "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1")
                    .withDefinitionVersion("1.*.*")
                    .withParameters(mapOf("listOfAllowedSKUs",
                        new ParameterValuesValue()
                            .withValue(SerializerFactory.createDefaultManagementSerializerAdapter().deserialize(
                                "[\"Standard_GRS\",\"Standard_LRS\"]", Object.class, SerializerEncoding.JSON))))
                    .withPolicyDefinitionReferenceId("Limit_Skus").withGroupNames(Arrays.asList("CostSaving")),
                    new PolicyDefinitionReference().withPolicyDefinitionId(
                        "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming")
                        .withDefinitionVersion("1.*.*")
                        .withParameters(mapOf("prefix", new ParameterValuesValue().withValue("DeptA"), "suffix",
                            new ParameterValuesValue().withValue("-LC")))
                        .withPolicyDefinitionReferenceId("Resource_Naming")
                        .withGroupNames(Arrays.asList("Organizational"))))
                .withPolicyDefinitionGroups(Arrays.asList(
                    new PolicyDefinitionGroup().withName("CostSaving").withDisplayName("Cost Management Policies")
                        .withDescription("Policies designed to control spend within a subscription."),
                    new PolicyDefinitionGroup().withName("Organizational").withDisplayName("Organizational Policies")
                        .withDescription(
                            "Policies that help enforce resource organization standards within a subscription."))),
                com.azure.core.util.Context.NONE);
    }

    // Use "Map.of" if available
    @SuppressWarnings("unchecked")
    private static <T> Map<String, T> mapOf(Object... inputs) {
        Map<String, T> map = new HashMap<>();
        for (int i = 0; i < inputs.length; i += 2) {
            String key = (String) inputs[i];
            T value = (T) inputs[i + 1];
            map.put(key, value);
        }
        return map;
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

from azure.identity import DefaultAzureCredential

from azure.mgmt.resource import PolicyClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-resource
# USAGE
    python create_or_update_policy_set_definition_with_groups.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = PolicyClient(
        credential=DefaultAzureCredential(),
        subscription_id="ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
    )

    response = client.policy_set_definitions.create_or_update(
        policy_set_definition_name="CostManagement",
        parameters={
            "properties": {
                "description": "Policies to enforce low cost storage SKUs",
                "displayName": "Cost Management",
                "metadata": {"category": "Cost Management"},
                "policyDefinitionGroups": [
                    {
                        "description": "Policies designed to control spend within a subscription.",
                        "displayName": "Cost Management Policies",
                        "name": "CostSaving",
                    },
                    {
                        "description": "Policies that help enforce resource organization standards within a subscription.",
                        "displayName": "Organizational Policies",
                        "name": "Organizational",
                    },
                ],
                "policyDefinitions": [
                    {
                        "definitionVersion": "1.*.*",
                        "groupNames": ["CostSaving"],
                        "parameters": {"listOfAllowedSKUs": {"value": ["Standard_GRS", "Standard_LRS"]}},
                        "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1",
                        "policyDefinitionReferenceId": "Limit_Skus",
                    },
                    {
                        "definitionVersion": "1.*.*",
                        "groupNames": ["Organizational"],
                        "parameters": {"prefix": {"value": "DeptA"}, "suffix": {"value": "-LC"}},
                        "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
                        "policyDefinitionReferenceId": "Resource_Naming",
                    },
                ],
            }
        },
    )
    print(response)


# x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/createOrUpdatePolicySetDefinitionWithGroups.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armpolicy_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/219b2e3ef270f18149774eb2793b48baacde982f/specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/createOrUpdatePolicySetDefinitionWithGroups.json
func ExampleSetDefinitionsClient_CreateOrUpdate_createOrUpdateAPolicySetDefinitionWithGroups() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewSetDefinitionsClient().CreateOrUpdate(ctx, "CostManagement", armpolicy.SetDefinition{
		Properties: &armpolicy.SetDefinitionProperties{
			Description: to.Ptr("Policies to enforce low cost storage SKUs"),
			DisplayName: to.Ptr("Cost Management"),
			Metadata: map[string]any{
				"category": "Cost Management",
			},
			PolicyDefinitionGroups: []*armpolicy.DefinitionGroup{
				{
					Name:        to.Ptr("CostSaving"),
					Description: to.Ptr("Policies designed to control spend within a subscription."),
					DisplayName: to.Ptr("Cost Management Policies"),
				},
				{
					Name:        to.Ptr("Organizational"),
					Description: to.Ptr("Policies that help enforce resource organization standards within a subscription."),
					DisplayName: to.Ptr("Organizational Policies"),
				}},
			PolicyDefinitions: []*armpolicy.DefinitionReference{
				{
					DefinitionVersion: to.Ptr("1.*.*"),
					GroupNames: []*string{
						to.Ptr("CostSaving")},
					Parameters: map[string]*armpolicy.ParameterValuesValue{
						"listOfAllowedSKUs": {
							Value: []any{
								"Standard_GRS",
								"Standard_LRS",
							},
						},
					},
					PolicyDefinitionID:          to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1"),
					PolicyDefinitionReferenceID: to.Ptr("Limit_Skus"),
				},
				{
					DefinitionVersion: to.Ptr("1.*.*"),
					GroupNames: []*string{
						to.Ptr("Organizational")},
					Parameters: map[string]*armpolicy.ParameterValuesValue{
						"prefix": {
							Value: "DeptA",
						},
						"suffix": {
							Value: "-LC",
						},
					},
					PolicyDefinitionID:          to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
					PolicyDefinitionReferenceID: to.Ptr("Resource_Naming"),
				}},
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.SetDefinition = armpolicy.SetDefinition{
	// 	Name: to.Ptr("CostManagement"),
	// 	Type: to.Ptr("Microsoft.Authorization/policySetDefinitions"),
	// 	ID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement"),
	// 	Properties: &armpolicy.SetDefinitionProperties{
	// 		Description: to.Ptr("Policies to enforce low cost storage SKUs"),
	// 		DisplayName: to.Ptr("Cost Management"),
	// 		Metadata: map[string]any{
	// 			"category": "Cost Management",
	// 		},
	// 		PolicyDefinitionGroups: []*armpolicy.DefinitionGroup{
	// 			{
	// 				Name: to.Ptr("CostSaving"),
	// 				Description: to.Ptr("Policies designed to control spend within a subscription."),
	// 				DisplayName: to.Ptr("Cost Management Policies"),
	// 			},
	// 			{
	// 				Name: to.Ptr("Organizational"),
	// 				Description: to.Ptr("Policies that help enforce resource organization standards within a subscription."),
	// 				DisplayName: to.Ptr("Organizational Policies"),
	// 		}},
	// 		PolicyDefinitions: []*armpolicy.DefinitionReference{
	// 			{
	// 				DefinitionVersion: to.Ptr("1.*.*"),
	// 				GroupNames: []*string{
	// 					to.Ptr("CostSaving")},
	// 					Parameters: map[string]*armpolicy.ParameterValuesValue{
	// 						"listOfAllowedSKUs": &armpolicy.ParameterValuesValue{
	// 							Value: []any{
	// 								"Standard_GRS",
	// 								"Standard_LRS",
	// 							},
	// 						},
	// 					},
	// 					PolicyDefinitionID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1"),
	// 					PolicyDefinitionReferenceID: to.Ptr("Limit_Skus"),
	// 				},
	// 				{
	// 					DefinitionVersion: to.Ptr("1.*.*"),
	// 					GroupNames: []*string{
	// 						to.Ptr("Organizational")},
	// 						Parameters: map[string]*armpolicy.ParameterValuesValue{
	// 							"prefix": &armpolicy.ParameterValuesValue{
	// 								Value: "DeptA",
	// 							},
	// 							"suffix": &armpolicy.ParameterValuesValue{
	// 								Value: "-LC",
	// 							},
	// 						},
	// 						PolicyDefinitionID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming"),
	// 						PolicyDefinitionReferenceID: to.Ptr("Resource_Naming"),
	// 				}},
	// 				Version: to.Ptr("1.2.1"),
	// 				Versions: []*string{
	// 					to.Ptr("1.2.1"),
	// 					to.Ptr("1.0.0")},
	// 				},
	// 			}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { PolicyClient } = require("@azure/arm-policy");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");

/**
 * This sample demonstrates how to This operation creates or updates a policy set definition in the given subscription with the given name.
 *
 * @summary This operation creates or updates a policy set definition in the given subscription with the given name.
 * x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/examples/createOrUpdatePolicySetDefinitionWithGroups.json
 */
async function createOrUpdateAPolicySetDefinitionWithGroups() {
  const subscriptionId =
    process.env["POLICY_SUBSCRIPTION_ID"] || "ae640e6b-ba3e-4256-9d62-2993eecfa6f2";
  const policySetDefinitionName = "CostManagement";
  const parameters = {
    description: "Policies to enforce low cost storage SKUs",
    displayName: "Cost Management",
    metadata: { category: "Cost Management" },
    policyDefinitionGroups: [
      {
        name: "CostSaving",
        description: "Policies designed to control spend within a subscription.",
        displayName: "Cost Management Policies",
      },
      {
        name: "Organizational",
        description:
          "Policies that help enforce resource organization standards within a subscription.",
        displayName: "Organizational Policies",
      },
    ],
    policyDefinitions: [
      {
        definitionVersion: "1.*.*",
        groupNames: ["CostSaving"],
        parameters: {
          listOfAllowedSKUs: { value: ["Standard_GRS", "Standard_LRS"] },
        },
        policyDefinitionId:
          "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1",
        policyDefinitionReferenceId: "Limit_Skus",
      },
      {
        definitionVersion: "1.*.*",
        groupNames: ["Organizational"],
        parameters: { prefix: { value: "DeptA" }, suffix: { value: "-LC" } },
        policyDefinitionId:
          "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
        policyDefinitionReferenceId: "Resource_Naming",
      },
    ],
  };
  const credential = new DefaultAzureCredential();
  const client = new PolicyClient(credential, subscriptionId);
  const result = await client.policySetDefinitions.createOrUpdate(
    policySetDefinitionName,
    parameters,
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Exempelsvar

Statuskod:: 201

{
  "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement",
  "type": "Microsoft.Authorization/policySetDefinitions",
  "name": "CostManagement",
  "properties": {
    "displayName": "Cost Management",
    "description": "Policies to enforce low cost storage SKUs",
    "metadata": {
      "category": "Cost Management"
    },
    "version": "1.2.1",
    "versions": [
      "1.2.1",
      "1.0.0"
    ],
    "policyDefinitionGroups": [
      {
        "name": "CostSaving",
        "displayName": "Cost Management Policies",
        "description": "Policies designed to control spend within a subscription."
      },
      {
        "name": "Organizational",
        "displayName": "Organizational Policies",
        "description": "Policies that help enforce resource organization standards within a subscription."
      }
    ],
    "policyDefinitions": [
      {
        "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1",
        "definitionVersion": "1.*.*",
        "policyDefinitionReferenceId": "Limit_Skus",
        "groupNames": [
          "CostSaving"
        ],
        "parameters": {
          "listOfAllowedSKUs": {
            "value": [
              "Standard_GRS",
              "Standard_LRS"
            ]
          }
        }
      },
      {
        "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
        "definitionVersion": "1.*.*",
        "policyDefinitionReferenceId": "Resource_Naming",
        "groupNames": [
          "Organizational"
        ],
        "parameters": {
          "prefix": {
            "value": "DeptA"
          },
          "suffix": {
            "value": "-LC"
          }
        }
      }
    ]
  }
}

Statuskod:: 200

{
  "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement",
  "type": "Microsoft.Authorization/policySetDefinitions",
  "name": "CostManagement",
  "properties": {
    "displayName": "Cost Management",
    "description": "Policies to enforce low cost storage SKUs",
    "metadata": {
      "category": "Cost Management"
    },
    "version": "1.2.1",
    "versions": [
      "1.2.1",
      "1.0.0"
    ],
    "policyDefinitionGroups": [
      {
        "name": "CostSaving",
        "displayName": "Cost Management Policies",
        "description": "Policies designed to control spend within a subscription."
      },
      {
        "name": "Organizational",
        "displayName": "Organizational Policies",
        "description": "Policies that help enforce resource organization standards within a subscription."
      }
    ],
    "policyDefinitions": [
      {
        "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1",
        "definitionVersion": "1.*.*",
        "policyDefinitionReferenceId": "Limit_Skus",
        "groupNames": [
          "CostSaving"
        ],
        "parameters": {
          "listOfAllowedSKUs": {
            "value": [
              "Standard_GRS",
              "Standard_LRS"
            ]
          }
        }
      },
      {
        "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
        "definitionVersion": "1.*.*",
        "policyDefinitionReferenceId": "Resource_Naming",
        "groupNames": [
          "Organizational"
        ],
        "parameters": {
          "prefix": {
            "value": "DeptA"
          },
          "suffix": {
            "value": "-LC"
          }
        }
      }
    ]
  }
}

Definitioner

Name	Description
CloudError	Ett felsvar från en principåtgärd.
createdByType	Den typ av identitet som skapade resursen.
ErrorAdditionalInfo	Ytterligare information om resurshanteringsfelet.
ErrorResponse	Felsvar
Metadata	Allmänna metadata för parametern.
ParameterDefinitionsValue	Definitionen av en parameter som kan anges för principen.
parameterType	Parameterns datatyp.
ParameterValuesValue	Värdet för en parameter.
PolicyDefinitionGroup	Principdefinitionsgruppen.
PolicyDefinitionReference	Referensen för principdefinitionen.
PolicySetDefinition	Principuppsättningsdefinitionen.
policyType	Typ av principuppsättningsdefinition. Möjliga värden är NotSpecified, BuiltIn, Custom och Static.
systemData	Metadata som rör skapande och senaste ändring av resursen.

CloudError

Objekt

Ett felsvar från en principåtgärd.

Name	Typ	Description
error	ErrorResponse	Felsvar Vanligt felsvar för alla Azure Resource Manager-API:er för att returnera felinformation för misslyckade åtgärder. (Detta följer även formatet för OData-felsvar.)

createdByType

Uppräkning

Den typ av identitet som skapade resursen.

Värde	Description
Application
Key
ManagedIdentity
User

ErrorAdditionalInfo

Objekt

Ytterligare information om resurshanteringsfelet.

Name	Typ	Description
info	object	Ytterligare information.
type	string	Ytterligare informationstyp.

ErrorResponse

Objekt

Felsvar

Name	Typ	Description
additionalInfo	ErrorAdditionalInfo[]	Ytterligare information om felet.
code	string	Felkoden.
details	ErrorResponse[]	Felinformationen.
message	string	Felmeddelandet.
target	string	Felmålet.

Metadata

Objekt

Allmänna metadata för parametern.

Name	Typ	Description
assignPermissions	boolean	Ställ in på true om du vill att Azure-portalen ska skapa rolltilldelningar på resurs-ID:t eller resursomfångsvärdet för den här parametern under principtilldelningen. Den här egenskapen är användbar om du vill tilldela behörigheter utanför tilldelningsomfånget.
description	string	Beskrivningen av parametern.
displayName	string	Visningsnamnet för parametern.
strongType	string	Används när du tilldelar principdefinitionen via portalen. Innehåller en sammanhangsmedveten lista över värden som användaren kan välja mellan.

ParameterDefinitionsValue

Objekt

Definitionen av en parameter som kan anges för principen.

Name	Typ	Description
allowedValues	object[]	De tillåtna värdena för parametern.
defaultValue	object	Standardvärdet för parametern om inget värde anges.
metadata	Metadata	Allmänna metadata för parametern.
schema	object	Tillhandahåller validering av parameterindata under tilldelningen med hjälp av ett självdefinierat JSON-schema. Den här egenskapen stöds endast för parametrar av objekttyp och följer implementeringen Json.NET Schema 2019-09. Du kan lära dig mer om att använda scheman på https://json-schema.org/ och testa utkastscheman på https://www.jsonschemavalidator.net/.
type	parameterType	Parameterns datatyp.

parameterType

Uppräkning

Parameterns datatyp.

Värde	Description
Array
Boolean
DateTime
Float
Integer
Object
String

ParameterValuesValue

Objekt

Värdet för en parameter.

Name	Typ	Description
value	object	Värdet för parametern.

PolicyDefinitionGroup

Objekt

Principdefinitionsgruppen.

Name	Typ	Description
additionalMetadataId	string	Ett resurs-ID för en resurs som innehåller ytterligare metadata om gruppen.
category	string	Gruppens kategori.
description	string	Gruppens beskrivning.
displayName	string	Gruppens visningsnamn.
name	string	Namnet på gruppen.

PolicyDefinitionReference

Objekt

Referensen för principdefinitionen.

Name	Typ	Description
definitionVersion	string	Den version av principdefinitionen som ska användas.
effectiveDefinitionVersion	string	Den effektiva versionen av principdefinitionen som används. Detta finns bara om det begärs via frågeparametern $expand.
groupNames	string[]	Namnet på de grupper som den här principdefinitionsreferensen tillhör.
latestDefinitionVersion	string	Den senaste versionen av den tillgängliga principdefinitionen. Detta finns bara om det begärs via frågeparametern $expand.
parameters	<string, ParameterValuesValue>	Parametervärdena för den refererade principregeln. Nycklarna är parameternamnen.
policyDefinitionId	string	ID:t för principdefinitionen eller principuppsättningsdefinitionen.
policyDefinitionReferenceId	string	Ett unikt ID (inom principuppsättningsdefinitionen) för den här principdefinitionsreferensen.