此作業會建立或更新具有指定範圍和名稱的原則豁免。 原則豁免適用於其範圍內所包含的所有資源。 例如,當您在相同或更高層級的原則指派資源群組範圍建立原則豁免時,豁免會豁免資源群組中的所有適用資源。
PUT https://management.azure.com/{scope}/providers/Microsoft.Authorization/policyExemptions/{policyExemptionName}?api-version=2022-07-01-preview
URI 參數
| 名稱 |
位於 |
必要 |
類型 |
Description |
|
policyExemptionName
|
path |
True
|
string
|
要刪除的原則豁免名稱。
|
|
scope
|
path |
True
|
string
|
原則豁免的範圍。 有效範圍包括:管理群組(格式:'/providers/Microsoft.Management/managementGroups/{managementGroup}'),訂用帳戶(格式:'/subscriptions/{subscriptionId}'),資源群組(格式: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', 或資源 (格式: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'
|
|
api-version
|
query |
True
|
string
|
要用於作業的 API 版本。
|
要求本文
| 名稱 |
必要 |
類型 |
Description |
|
properties.exemptionCategory
|
True
|
exemptionCategory
|
原則豁免類別。 可能的值為「豁免」和「緩和」。
|
|
properties.policyAssignmentId
|
True
|
string
|
要豁免的原則指派標識碼。
|
|
properties.assignmentScopeValidation
|
|
AssignmentScopeValidation
|
驗證豁免的選項位於指派範圍或指派範圍內。
|
|
properties.description
|
|
string
|
原則豁免的描述。
|
|
properties.displayName
|
|
string
|
原則豁免的顯示名稱。
|
|
properties.expiresOn
|
|
string
(date-time)
|
原則豁免的到期日期和時間 (UTC ISO 8601 格式 yyyy-MM-ddTHH:mm:ssZ)。
|
|
properties.metadata
|
|
object
|
原則豁免元數據。 元數據是開放式物件,通常是索引鍵值組的集合。
|
|
properties.policyDefinitionReferenceIds
|
|
string[]
|
當相關聯的原則指派是原則集定義的指派時,原則定義參考標識符清單。
|
|
properties.resourceSelectors
|
|
ResourceSelector[]
|
依資源屬性篩選原則的資源選取器清單。
|
回應
安全性
azure_auth
Azure Active Directory OAuth2 Flow。
類型:
oauth2
Flow:
implicit
授權 URL:
https://login.microsoftonline.com/common/oauth2/authorize
範圍
| 名稱 |
Description |
|
user_impersonation
|
模擬您的用戶帳戶
|
範例
Create or update a policy exemption
範例要求
PUT https://management.azure.com/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster/providers/Microsoft.Authorization/policyExemptions/DemoExpensiveVM?api-version=2022-07-01-preview
{
"properties": {
"policyAssignmentId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement",
"policyDefinitionReferenceIds": [
"Limit_Skus"
],
"exemptionCategory": "Waiver",
"displayName": "Exempt demo cluster",
"description": "Exempt demo cluster from limit sku",
"metadata": {
"reason": "Temporary exemption for a expensive VM demo"
}
}
}
import com.azure.core.management.serializer.SerializerFactory;
import com.azure.core.util.serializer.SerializerEncoding;
import com.azure.resourcemanager.resources.fluent.models.PolicyExemptionInner;
import com.azure.resourcemanager.resources.models.ExemptionCategory;
import java.io.IOException;
import java.util.Arrays;
/**
* Samples for PolicyExemptions CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/
* createOrUpdatePolicyExemption.json
*/
/**
* Sample code: Create or update a policy exemption.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void createOrUpdateAPolicyExemption(com.azure.resourcemanager.AzureResourceManager azure)
throws IOException {
azure.genericResources().manager().policyClient().getPolicyExemptions().createOrUpdateWithResponse(
"subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster", "DemoExpensiveVM",
new PolicyExemptionInner().withPolicyAssignmentId(
"/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement")
.withPolicyDefinitionReferenceIds(Arrays.asList("Limit_Skus"))
.withExemptionCategory(ExemptionCategory.WAIVER).withDisplayName("Exempt demo cluster")
.withDescription("Exempt demo cluster from limit sku")
.withMetadata(SerializerFactory.createDefaultManagementSerializerAdapter().deserialize(
"{\"reason\":\"Temporary exemption for a expensive VM demo\"}", Object.class,
SerializerEncoding.JSON)),
com.azure.core.util.Context.NONE);
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armpolicy_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/219b2e3ef270f18149774eb2793b48baacde982f/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/createOrUpdatePolicyExemption.json
func ExampleExemptionsClient_CreateOrUpdate_createOrUpdateAPolicyExemption() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewExemptionsClient().CreateOrUpdate(ctx, "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster", "DemoExpensiveVM", armpolicy.Exemption{
Properties: &armpolicy.ExemptionProperties{
Description: to.Ptr("Exempt demo cluster from limit sku"),
DisplayName: to.Ptr("Exempt demo cluster"),
ExemptionCategory: to.Ptr(armpolicy.ExemptionCategoryWaiver),
Metadata: map[string]any{
"reason": "Temporary exemption for a expensive VM demo",
},
PolicyAssignmentID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement"),
PolicyDefinitionReferenceIDs: []*string{
to.Ptr("Limit_Skus")},
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Exemption = armpolicy.Exemption{
// Name: to.Ptr("DemoExpensiveVM"),
// Type: to.Ptr("Microsoft.Authorization/policyExemptions"),
// ID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster/providers/Microsoft.Authorization/policyExemptions/DemoExpensiveVM"),
// Properties: &armpolicy.ExemptionProperties{
// Description: to.Ptr("Exempt demo cluster from limit sku"),
// DisplayName: to.Ptr("Exempt demo cluster"),
// ExemptionCategory: to.Ptr(armpolicy.ExemptionCategoryWaiver),
// Metadata: map[string]any{
// "reason": "Temporary exemption for a expensive VM demo",
// },
// PolicyAssignmentID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement"),
// PolicyDefinitionReferenceIDs: []*string{
// to.Ptr("Limit_Skus")},
// },
// SystemData: &armpolicy.SystemData{
// CreatedAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-07-01T01:01:01.107Z"); return t}()),
// CreatedBy: to.Ptr("string"),
// CreatedByType: to.Ptr(armpolicy.CreatedByTypeUser),
// LastModifiedAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-07-01T02:01:01.107Z"); return t}()),
// LastModifiedBy: to.Ptr("string"),
// LastModifiedByType: to.Ptr(armpolicy.CreatedByTypeUser),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { PolicyClient } = require("@azure/arm-policy");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to This operation creates or updates a policy exemption with the given scope and name. Policy exemptions apply to all resources contained within their scope. For example, when you create a policy exemption at resource group scope for a policy assignment at the same or above level, the exemption exempts to all applicable resources in the resource group.
*
* @summary This operation creates or updates a policy exemption with the given scope and name. Policy exemptions apply to all resources contained within their scope. For example, when you create a policy exemption at resource group scope for a policy assignment at the same or above level, the exemption exempts to all applicable resources in the resource group.
* x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/createOrUpdatePolicyExemption.json
*/
async function createOrUpdateAPolicyExemption() {
const scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster";
const policyExemptionName = "DemoExpensiveVM";
const parameters = {
description: "Exempt demo cluster from limit sku",
displayName: "Exempt demo cluster",
exemptionCategory: "Waiver",
metadata: { reason: "Temporary exemption for a expensive VM demo" },
policyAssignmentId:
"/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement",
policyDefinitionReferenceIds: ["Limit_Skus"],
};
const credential = new DefaultAzureCredential();
const client = new PolicyClient(credential);
const result = await client.policyExemptions.createOrUpdate(
scope,
policyExemptionName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
範例回覆
{
"properties": {
"policyAssignmentId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement",
"policyDefinitionReferenceIds": [
"Limit_Skus"
],
"exemptionCategory": "Waiver",
"displayName": "Exempt demo cluster",
"description": "Exempt demo cluster from limit sku",
"metadata": {
"reason": "Temporary exemption for a expensive VM demo"
}
},
"systemData": {
"createdBy": "string",
"createdByType": "User",
"createdAt": "2020-07-01T01:01:01.1075056Z",
"lastModifiedBy": "string",
"lastModifiedByType": "User",
"lastModifiedAt": "2020-07-01T01:01:01.1075056Z"
},
"id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster/providers/Microsoft.Authorization/policyExemptions/DemoExpensiveVM",
"type": "Microsoft.Authorization/policyExemptions",
"name": "DemoExpensiveVM"
}
{
"properties": {
"policyAssignmentId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement",
"policyDefinitionReferenceIds": [
"Limit_Skus"
],
"exemptionCategory": "Waiver",
"displayName": "Exempt demo cluster",
"description": "Exempt demo cluster from limit sku",
"metadata": {
"reason": "Temporary exemption for a expensive VM demo"
}
},
"systemData": {
"createdBy": "string",
"createdByType": "User",
"createdAt": "2020-07-01T01:01:01.1075056Z",
"lastModifiedBy": "string",
"lastModifiedByType": "User",
"lastModifiedAt": "2020-07-01T02:01:01.1075056Z"
},
"id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster/providers/Microsoft.Authorization/policyExemptions/DemoExpensiveVM",
"type": "Microsoft.Authorization/policyExemptions",
"name": "DemoExpensiveVM"
}
Create or update a policy exemption with resource selectors
範例要求
PUT https://management.azure.com/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster/providers/Microsoft.Authorization/policyExemptions/DemoExpensiveVM?api-version=2022-07-01-preview
{
"properties": {
"policyAssignmentId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement",
"policyDefinitionReferenceIds": [
"Limit_Skus"
],
"exemptionCategory": "Waiver",
"displayName": "Exempt demo cluster",
"description": "Exempt demo cluster from limit sku",
"metadata": {
"reason": "Temporary exemption for a expensive VM demo"
},
"assignmentScopeValidation": "Default",
"resourceSelectors": [
{
"name": "SDPRegions",
"selectors": [
{
"kind": "resourceLocation",
"in": [
"eastus2euap",
"centraluseuap"
]
}
]
}
]
}
}
import com.azure.core.management.serializer.SerializerFactory;
import com.azure.core.util.serializer.SerializerEncoding;
import com.azure.resourcemanager.resources.fluent.models.PolicyExemptionInner;
import com.azure.resourcemanager.resources.models.AssignmentScopeValidation;
import com.azure.resourcemanager.resources.models.ExemptionCategory;
import com.azure.resourcemanager.resources.models.ResourceSelector;
import com.azure.resourcemanager.resources.models.Selector;
import com.azure.resourcemanager.resources.models.SelectorKind;
import java.io.IOException;
import java.util.Arrays;
/**
* Samples for PolicyExemptions CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/
* createOrUpdatePolicyExemptionWithResourceSelectors.json
*/
/**
* Sample code: Create or update a policy exemption with resource selectors.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void createOrUpdateAPolicyExemptionWithResourceSelectors(
com.azure.resourcemanager.AzureResourceManager azure) throws IOException {
azure.genericResources().manager().policyClient().getPolicyExemptions().createOrUpdateWithResponse(
"subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster", "DemoExpensiveVM",
new PolicyExemptionInner().withPolicyAssignmentId(
"/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement")
.withPolicyDefinitionReferenceIds(Arrays.asList("Limit_Skus"))
.withExemptionCategory(ExemptionCategory.WAIVER).withDisplayName("Exempt demo cluster")
.withDescription("Exempt demo cluster from limit sku")
.withMetadata(SerializerFactory.createDefaultManagementSerializerAdapter().deserialize(
"{\"reason\":\"Temporary exemption for a expensive VM demo\"}", Object.class,
SerializerEncoding.JSON))
.withResourceSelectors(Arrays.asList(new ResourceSelector().withName("SDPRegions")
.withSelectors(Arrays.asList(new Selector().withKind(SelectorKind.RESOURCE_LOCATION)
.withIn(Arrays.asList("eastus2euap", "centraluseuap"))))))
.withAssignmentScopeValidation(AssignmentScopeValidation.DEFAULT),
com.azure.core.util.Context.NONE);
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armpolicy_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armpolicy"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/219b2e3ef270f18149774eb2793b48baacde982f/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/createOrUpdatePolicyExemptionWithResourceSelectors.json
func ExampleExemptionsClient_CreateOrUpdate_createOrUpdateAPolicyExemptionWithResourceSelectors() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armpolicy.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewExemptionsClient().CreateOrUpdate(ctx, "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster", "DemoExpensiveVM", armpolicy.Exemption{
Properties: &armpolicy.ExemptionProperties{
Description: to.Ptr("Exempt demo cluster from limit sku"),
AssignmentScopeValidation: to.Ptr(armpolicy.AssignmentScopeValidationDefault),
DisplayName: to.Ptr("Exempt demo cluster"),
ExemptionCategory: to.Ptr(armpolicy.ExemptionCategoryWaiver),
Metadata: map[string]any{
"reason": "Temporary exemption for a expensive VM demo",
},
PolicyAssignmentID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement"),
PolicyDefinitionReferenceIDs: []*string{
to.Ptr("Limit_Skus")},
ResourceSelectors: []*armpolicy.ResourceSelector{
{
Name: to.Ptr("SDPRegions"),
Selectors: []*armpolicy.Selector{
{
In: []*string{
to.Ptr("eastus2euap"),
to.Ptr("centraluseuap")},
Kind: to.Ptr(armpolicy.SelectorKindResourceLocation),
}},
}},
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Exemption = armpolicy.Exemption{
// Name: to.Ptr("DemoExpensiveVM"),
// Type: to.Ptr("Microsoft.Authorization/policyExemptions"),
// ID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster/providers/Microsoft.Authorization/policyExemptions/DemoExpensiveVM"),
// Properties: &armpolicy.ExemptionProperties{
// Description: to.Ptr("Exempt demo cluster from limit sku"),
// AssignmentScopeValidation: to.Ptr(armpolicy.AssignmentScopeValidationDefault),
// DisplayName: to.Ptr("Exempt demo cluster"),
// ExemptionCategory: to.Ptr(armpolicy.ExemptionCategoryWaiver),
// Metadata: map[string]any{
// "reason": "Temporary exemption for a expensive VM demo",
// },
// PolicyAssignmentID: to.Ptr("/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement"),
// PolicyDefinitionReferenceIDs: []*string{
// to.Ptr("Limit_Skus")},
// ResourceSelectors: []*armpolicy.ResourceSelector{
// {
// Name: to.Ptr("SDPRegions"),
// Selectors: []*armpolicy.Selector{
// {
// In: []*string{
// to.Ptr("eastus2euap"),
// to.Ptr("centraluseuap")},
// Kind: to.Ptr(armpolicy.SelectorKindResourceLocation),
// }},
// }},
// },
// SystemData: &armpolicy.SystemData{
// CreatedAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-07-01T01:01:01.107Z"); return t}()),
// CreatedBy: to.Ptr("string"),
// CreatedByType: to.Ptr(armpolicy.CreatedByTypeUser),
// LastModifiedAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-07-01T02:01:01.107Z"); return t}()),
// LastModifiedBy: to.Ptr("string"),
// LastModifiedByType: to.Ptr(armpolicy.CreatedByTypeUser),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { PolicyClient } = require("@azure/arm-policy");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to This operation creates or updates a policy exemption with the given scope and name. Policy exemptions apply to all resources contained within their scope. For example, when you create a policy exemption at resource group scope for a policy assignment at the same or above level, the exemption exempts to all applicable resources in the resource group.
*
* @summary This operation creates or updates a policy exemption with the given scope and name. Policy exemptions apply to all resources contained within their scope. For example, when you create a policy exemption at resource group scope for a policy assignment at the same or above level, the exemption exempts to all applicable resources in the resource group.
* x-ms-original-file: specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/createOrUpdatePolicyExemptionWithResourceSelectors.json
*/
async function createOrUpdateAPolicyExemptionWithResourceSelectors() {
const scope = "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster";
const policyExemptionName = "DemoExpensiveVM";
const parameters = {
description: "Exempt demo cluster from limit sku",
assignmentScopeValidation: "Default",
displayName: "Exempt demo cluster",
exemptionCategory: "Waiver",
metadata: { reason: "Temporary exemption for a expensive VM demo" },
policyAssignmentId:
"/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement",
policyDefinitionReferenceIds: ["Limit_Skus"],
resourceSelectors: [
{
name: "SDPRegions",
selectors: [{ in: ["eastus2euap", "centraluseuap"], kind: "resourceLocation" }],
},
],
};
const credential = new DefaultAzureCredential();
const client = new PolicyClient(credential);
const result = await client.policyExemptions.createOrUpdate(
scope,
policyExemptionName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
範例回覆
{
"properties": {
"policyAssignmentId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement",
"policyDefinitionReferenceIds": [
"Limit_Skus"
],
"exemptionCategory": "Waiver",
"displayName": "Exempt demo cluster",
"description": "Exempt demo cluster from limit sku",
"metadata": {
"reason": "Temporary exemption for a expensive VM demo"
},
"assignmentScopeValidation": "Default",
"resourceSelectors": [
{
"name": "SDPRegions",
"selectors": [
{
"kind": "resourceLocation",
"in": [
"eastus2euap",
"centraluseuap"
]
}
]
}
]
},
"systemData": {
"createdBy": "string",
"createdByType": "User",
"createdAt": "2020-07-01T01:01:01.1075056Z",
"lastModifiedBy": "string",
"lastModifiedByType": "User",
"lastModifiedAt": "2020-07-01T01:01:01.1075056Z"
},
"id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster/providers/Microsoft.Authorization/policyExemptions/DemoExpensiveVM",
"type": "Microsoft.Authorization/policyExemptions",
"name": "DemoExpensiveVM"
}
{
"properties": {
"policyAssignmentId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement",
"policyDefinitionReferenceIds": [
"Limit_Skus"
],
"exemptionCategory": "Waiver",
"displayName": "Exempt demo cluster",
"description": "Exempt demo cluster from limit sku",
"metadata": {
"reason": "Temporary exemption for a expensive VM demo"
},
"assignmentScopeValidation": "Default",
"resourceSelectors": [
{
"name": "SDPRegions",
"selectors": [
{
"kind": "resourceLocation",
"in": [
"eastus2euap",
"centraluseuap"
]
}
]
}
]
},
"systemData": {
"createdBy": "string",
"createdByType": "User",
"createdAt": "2020-07-01T01:01:01.1075056Z",
"lastModifiedBy": "string",
"lastModifiedByType": "User",
"lastModifiedAt": "2020-07-01T02:01:01.1075056Z"
},
"id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster/providers/Microsoft.Authorization/policyExemptions/DemoExpensiveVM",
"type": "Microsoft.Authorization/policyExemptions",
"name": "DemoExpensiveVM"
}
定義
AssignmentScopeValidation
列舉型別
驗證豁免的選項位於指派範圍或指派範圍內。
| 值 |
Description |
|
Default
|
此選項會驗證豁免位於指派範圍或指派範圍內。
|
|
DoNotValidate
|
此選項會略過豁免範圍位於原則指派範圍或下方的驗證。
|
CloudError
Object
原則作業的錯誤回應。
| 名稱 |
類型 |
Description |
|
error
|
ErrorResponse
|
錯誤回應
所有 Azure Resource Manager API 的常見錯誤回應,以傳回失敗作業的錯誤詳細數據。 (這也遵循 OData 錯誤回應格式。)
|
createdByType
列舉型別
建立資源的身分識別類型。
| 值 |
Description |
|
Application
|
|
|
Key
|
|
|
ManagedIdentity
|
|
|
User
|
|
ErrorAdditionalInfo
Object
資源管理錯誤其他資訊。
| 名稱 |
類型 |
Description |
|
info
|
object
|
其他資訊。
|
|
type
|
string
|
其他信息類型。
|
ErrorResponse
Object
錯誤回應
exemptionCategory
列舉型別
原則豁免類別。 可能的值為「豁免」和「緩和」。
| 值 |
Description |
|
Mitigated
|
此類別的豁免通常表示風險降低動作已套用至範圍。
|
|
Waiver
|
此類別的豁免通常表示範圍不適用於原則。
|
PolicyExemption
Object
原則豁免。
| 名稱 |
類型 |
預設值 |
Description |
|
id
|
string
|
|
原則豁免的標識碼。
|
|
name
|
string
|
|
原則豁免的名稱。
|
|
properties.assignmentScopeValidation
|
AssignmentScopeValidation
|
Default
|
驗證豁免的選項位於指派範圍或指派範圍內。
|
|
properties.description
|
string
|
|
原則豁免的描述。
|
|
properties.displayName
|
string
|
|
原則豁免的顯示名稱。
|
|
properties.exemptionCategory
|
exemptionCategory
|
|
原則豁免類別。 可能的值為「豁免」和「緩和」。
|
|
properties.expiresOn
|
string
(date-time)
|
|
原則豁免的到期日期和時間 (UTC ISO 8601 格式 yyyy-MM-ddTHH:mm:ssZ)。
|
|
properties.metadata
|
object
|
|
原則豁免元數據。 元數據是開放式物件,通常是索引鍵值組的集合。
|
|
properties.policyAssignmentId
|
string
|
|
要豁免的原則指派標識碼。
|
|
properties.policyDefinitionReferenceIds
|
string[]
|
|
當相關聯的原則指派是原則集定義的指派時,原則定義參考標識符清單。
|
|
properties.resourceSelectors
|
ResourceSelector[]
|
|
依資源屬性篩選原則的資源選取器清單。
|
|
systemData
|
systemData
|
|
包含 createdBy 和 modifiedBy 資訊的 Azure Resource Manager 元數據。
|
|
type
|
string
|
|
資源的類型(Microsoft.Authorization/policyExemptions)。
|
ResourceSelector
Object
依資源屬性篩選原則的資源選取器。
| 名稱 |
類型 |
Description |
|
name
|
string
|
資源選取器的名稱。
|
|
selectors
|
Selector[]
|
選取器表達式的清單。
|
Selector
Object
選取器表達式。
| 名稱 |
類型 |
Description |
|
in
|
string[]
|
要篩選的值清單。
|
|
kind
|
SelectorKind
|
選取器種類。
|
|
notIn
|
string[]
|
要篩選掉的值清單。
|
SelectorKind
列舉型別
選取器種類。
| 值 |
Description |
|
policyDefinitionReferenceId
|
依原則定義參考標識元篩選原則的選取器種類。
|
|
resourceLocation
|
依資源位置篩選原則的選取器種類。
|
|
resourceType
|
依資源類型篩選原則的選取器種類。
|
|
resourceWithoutLocation
|
依沒有位置的資源篩選原則的選取器種類。
|
systemData
Object
與建立和上次修改資源相關的元數據。
| 名稱 |
類型 |
Description |
|
createdAt
|
string
(date-time)
|
資源建立的時間戳(UTC)。
|
|
createdBy
|
string
|
建立資源的身分識別。
|
|
createdByType
|
createdByType
|
建立資源的身分識別類型。
|
|
lastModifiedAt
|
string
(date-time)
|
上次修改的資源時間戳 (UTC)
|
|
lastModifiedBy
|
string
|
上次修改資源的身分識別。
|
|
lastModifiedByType
|
createdByType
|
上次修改資源的身分識別類型。
|