**Autogenerated function**
Delete Policy Definition
Args:
name(str): The identifier for this state.
policy_definition_name(str): The name of the policy definition to delete.
subscription_id(str, optional): Subscription Unique id.
Returns:
Dict
Examples:
.. code-block:: sls
resource_is_absent:
azure.policy.policy_definitions.absent:
- name: value
- policy_definition_name: value
- subscription_id: value
**Autogenerated function**
Describe the resource in a way that can be recreated/managed with the corresponding "present" function
List all Policy Definitions under the same subscription
Returns:
Dict[str, Any]
Examples:
.. code-block:: bash
$ idem describe azure.policy.policy_definitions
**Autogenerated function**
Create or update Policy Definitions
Args:
name(str): The identifier for this state.
policy_definition_name(str): The name of the policy Definition.
policy_type(str): The policy type. Possible values are BuiltIn, Custom and NotSpecified.
mode(str): The policy mode that allows you to specify which resource types will be evaluated.
Some examples are All, Indexed, Microsoft.KeyVault.Data.
subscription_id(str, optional): Subscription Unique id.
display_name(str): The display name of the policy definition.
description(str, optional): The description of the policy definition.
policy_rule(dict, optional): The policy rule for the policy definition.
metadata(dict, optional): The metadata for the policy definition.
parameters(dict, optional): Parameters for the policy definition.
resource_id(str, optional): Policy Definition resource id on Azure
Returns:
Dict
Examples:
.. code-block:: sls
policy_definition_is_present:
azure.policy.policy_definitions.present:
- name: value
- policy_definition_name: value
- subscription_id: value
- policy_type: value
- mode: value
- display_name: value
- description: value
- metadata:
version: 1.0.0
category: RoleDefinitions
- parameters:
roleDefinitionIds:
type: Array
metadata:
displayName: Approved Role Definitions
description: The list of role definition Ids.
strongType: roleDefinitionIds
- policy_rule:
if:
allOf:
- field: type
equals: Microsoft.Authorization/roleAssignments
- not:
field: Microsoft.Authorization/roleAssignments/roleDefinitionId
in: "[parameters('roleDefinitionIds')]"
then:
effect: deny