diff --git a/.gitignore b/.gitignore
index 9c6b9c0edd0..1022e9474ad 100644
--- a/.gitignore
+++ b/.gitignore
@@ -122,3 +122,4 @@ cmd_coverage/*
# Ignore test results
test_results.xml
+/e11
diff --git a/.vscode/launch.json b/.vscode/launch.json
index c2a47d74891..db109729bac 100644
--- a/.vscode/launch.json
+++ b/.vscode/launch.json
@@ -3,7 +3,7 @@
"configurations": [
{
"name": "Azure CLI Debug (Integrated Console)",
- "type": "python",
+ "type": "debugpy",
"request": "launch",
"python": "${command:python.interpreterPath}",
"program": "${workspaceRoot}/src/azure-cli/azure/cli/__main__.py",
@@ -12,16 +12,11 @@
"--help"
],
"console": "integratedTerminal",
- "debugOptions": [
- "WaitOnAbnormalExit",
- "WaitOnNormalExit",
- "RedirectOutput"
- ],
"justMyCode": false
},
{
"name": "Azure CLI Debug (External Console)",
- "type": "python",
+ "type": "debugpy",
"request": "launch",
"stopOnEntry": true,
"python": "${command:python.interpreterPath}",
@@ -30,15 +25,24 @@
"args": [
"--help"
],
- "console": "externalTerminal",
- "debugOptions": [
- "WaitOnAbnormalExit",
- "WaitOnNormalExit"
- ]
+ "console": "externalTerminal"
+ },
+ {
+ "name": "Azure CLI Debug interactive",
+ "type": "debugpy",
+ "request": "launch",
+ "stopOnEntry": true,
+ "python": "${command:python.interpreterPath}",
+ "program": "${workspaceRoot}/src/azure-cli/azure/cli/__main__.py",
+ "cwd": "${workspaceRoot}",
+ "args": [
+ "interactive"
+ ],
+ "console": "externalTerminal"
},
{
"name": "Azdev Scripts",
- "type": "python",
+ "type": "debugpy",
"request": "launch",
"python": "${command:python.interpreterPath}",
"program": "${workspaceRoot}/tools/automation/__main__.py",
@@ -46,12 +50,18 @@
"args": [
"--help"
],
- "console": "integratedTerminal",
- "debugOptions": [
- "WaitOnAbnormalExit",
- "WaitOnNormalExit",
- "RedirectOutput"
- ]
+ "console": "integratedTerminal"
+ },
+ {
+ "name": "Python test debug",
+ "type": "debugpy",
+ "request": "launch",
+ "stopOnEntry": true,
+ "python": "${command:python.interpreterPath}",
+ "purpose": ["debug-test"],
+ "cwd": "${workspaceRoot}",
+ "console": "externalTerminal",
+ "justMyCode": false
}
]
}
diff --git a/azure-cli.pyproj b/azure-cli.pyproj
index 687601ef6dd..599eede7da2 100644
--- a/azure-cli.pyproj
+++ b/azure-cli.pyproj
@@ -3,19 +3,18 @@
Debug
2.0
- {938454f7-93bd-41a7-84b2-3c89d64b969d}
- src\
- azure-cli\azure\cli\__main__.py
- .
-
-
+ {1f900175-4fc3-4cbb-8b60-2e5ad889d3b2}
+
+ src\azure-cli\azure\cli\__main__.py
+
+ .
.
{888888a0-9f3d-457c-b088-3a5042f75d52}
Standard Python launcher
- MSBuild|{2151c13d-4041-4c88-bb0b-54ce1a741de6}|$(MSBuildProjectFullPath)
+ Global|VisualStudio|env
+ interactive
False
-
-
+ Pytest
@@ -23,1320 +22,7085 @@
10.0
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Code
-
-
-
-
-
- Code
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Code
-
-
-
-
-
-
- Code
-
-
- Code
-
-
-
- Code
-
-
- Code
-
-
- Code
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Code
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Code
-
-
-
-
-
-
-
-
-
- Code
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Code
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Code
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Code
-
-
-
- Code
-
-
-
-
-
-
-
-
- Code
-
-
-
- Code
-
-
-
-
-
-
-
-
-
-
- Code
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Code
-
-
- Code
-
-
-
-
-
-
-
-
-
-
- Code
-
-
- Code
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Code
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Code
-
-
- Code
-
-
-
-
-
-
- Code
-
-
- Code
-
-
-
-
-
- Code
-
-
-
-
-
-
- Code
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Code
-
-
-
-
-
-
-
- Code
-
-
- Code
-
-
-
- Code
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-
- {f0ce7f81-ab4f-4088-b037-81002e6ddc44}
- 2.7
- env2 (Python 2.7)
+
+
+
+
+ e11
+ e11 (Python 3.11 (64-bit))
Scripts\python.exe
Scripts\pythonw.exe
- Lib\
+ 3.11
+ X64
PYTHONPATH
- X86
-
- {2151c13d-4041-4c88-bb0b-54ce1a741de6}
- 3.5
- env3 (Python 3.6)
+
+ env
+ env (Python 3.12 (64-bit))
Scripts\python.exe
Scripts\pythonw.exe
- Lib\
+ 0.0
+ X64
PYTHONPATH
- Amd64
diff --git a/azure-cli.sln b/azure-cli.sln
index d5e43555508..1ca2702d86e 100644
--- a/azure-cli.sln
+++ b/azure-cli.sln
@@ -1,9 +1,9 @@

Microsoft Visual Studio Solution File, Format Version 12.00
-# Visual Studio 14
-VisualStudioVersion = 14.0.25420.1
+# Visual Studio Version 17
+VisualStudioVersion = 17.12.35707.178 d17.12
MinimumVisualStudioVersion = 10.0.40219.1
-Project("{888888A0-9F3D-457C-B088-3A5042F75D52}") = "azure-cli", "azure-cli.pyproj", "{938454F7-93BD-41A7-84B2-3C89D64B969D}"
+Project("{888888A0-9F3D-457C-B088-3A5042F75D52}") = "azure-cli", "azure-cli.pyproj", "{1F900175-4FC3-4CBB-8B60-2E5AD889D3B2}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
@@ -11,8 +11,8 @@ Global
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
- {938454F7-93BD-41A7-84B2-3C89D64B969D}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
- {938454F7-93BD-41A7-84B2-3C89D64B969D}.Release|Any CPU.ActiveCfg = Release|Any CPU
+ {1F900175-4FC3-4CBB-8B60-2E5AD889D3B2}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+ {1F900175-4FC3-4CBB-8B60-2E5AD889D3B2}.Release|Any CPU.ActiveCfg = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
diff --git a/azure-cliOld.pyproj b/azure-cliOld.pyproj
new file mode 100644
index 00000000000..2671abd71f7
--- /dev/null
+++ b/azure-cliOld.pyproj
@@ -0,0 +1,1050 @@
+
+
+
+ Debug
+ 2.0
+ {938454f7-93bd-41a7-84b2-3c89d64b969d}
+ .\
+ .;src\azure-cli\azure\cli
+ .
+ .
+ {888888a0-9f3d-457c-b088-3a5042f75d52}
+ Standard Python launcher
+ Global|VisualStudio|env
+ False
+ interactive
+ Pytest
+
+
+ D:\source\git\repos\azure-cli\env\Scripts\python.exe
+ src\azure-cli\azure\cli\__main__.py
+
+
+
+
+ 10.0
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/azure-cliOld.sln b/azure-cliOld.sln
new file mode 100644
index 00000000000..d5e43555508
--- /dev/null
+++ b/azure-cliOld.sln
@@ -0,0 +1,20 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio 14
+VisualStudioVersion = 14.0.25420.1
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{888888A0-9F3D-457C-B088-3A5042F75D52}") = "azure-cli", "azure-cli.pyproj", "{938454F7-93BD-41A7-84B2-3C89D64B969D}"
+EndProject
+Global
+ GlobalSection(SolutionConfigurationPlatforms) = preSolution
+ Debug|Any CPU = Debug|Any CPU
+ Release|Any CPU = Release|Any CPU
+ EndGlobalSection
+ GlobalSection(ProjectConfigurationPlatforms) = postSolution
+ {938454F7-93BD-41A7-84B2-3C89D64B969D}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+ {938454F7-93BD-41A7-84B2-3C89D64B969D}.Release|Any CPU.ActiveCfg = Release|Any CPU
+ EndGlobalSection
+ GlobalSection(SolutionProperties) = preSolution
+ HideSolutionNode = FALSE
+ EndGlobalSection
+EndGlobal
diff --git a/src/azure-cli/azure/cli/command_modules/policyinsights/_params.py b/src/azure-cli/azure/cli/command_modules/policyinsights/_params.py
index ca855bb6a0e..8f889954b58 100644
--- a/src/azure-cli/azure/cli/command_modules/policyinsights/_params.py
+++ b/src/azure-cli/azure/cli/command_modules/policyinsights/_params.py
@@ -7,8 +7,9 @@
resource_group_name_type, get_enum_type)
from azure.cli.command_modules.resource._completers import (
- get_policy_set_completion_list, get_policy_completion_list,
- get_policy_assignment_completion_list, get_providers_completion_list, get_resource_types_completion_list)
+ # get_policy_set_completion_list, get_policy_completion_list,
+ # get_policy_assignment_completion_list,
+ get_providers_completion_list, get_resource_types_completion_list)
from ._validators import (validate_resource, validate_expand)
from azure.cli.command_modules.resource._validators import validate_metadata
@@ -59,19 +60,19 @@ def load_arguments(self, _):
c.argument(
'policy_set_definition_name',
options_list=['--policy-set-definition', '-s'],
- completer=get_policy_set_completion_list,
+ #completer=get_policy_set_completion_list,
arg_group='Scope',
help='Name of policy set definition.')
c.argument(
'policy_definition_name',
options_list=['--policy-definition', '-d'],
- completer=get_policy_completion_list,
+ #completer=get_policy_completion_list,
arg_group='Scope',
help='Name of policy definition.')
c.argument(
'policy_assignment_name',
options_list=['--policy-assignment', '-a'],
- completer=get_policy_assignment_completion_list,
+ #completer=get_policy_assignment_completion_list,
arg_group='Scope',
help='Name of policy assignment.')
c.argument(
@@ -141,7 +142,7 @@ def load_arguments(self, _):
c.argument(
'policy_assignment',
options_list=['--policy-assignment', '-a'],
- completer=get_policy_assignment_completion_list,
+ #completer=get_policy_assignment_completion_list,
help='Name or resource ID of the policy assignment.')
c.argument(
'definition_reference_id',
@@ -187,7 +188,7 @@ def load_arguments(self, _):
options_list=['--policy-assignment-id',
'--policy-assignment', '-a'],
arg_group="Properties",
- completer=get_policy_assignment_completion_list,
+ #completer=get_policy_assignment_completion_list,
help="The resource ID of the policy assignment that the attestation is setting the state for."
)
c.argument(
diff --git a/src/azure-cli/azure/cli/command_modules/resource/_client_factory.py b/src/azure-cli/azure/cli/command_modules/resource/_client_factory.py
index 322e088826d..10bf4d0d9bc 100644
--- a/src/azure-cli/azure/cli/command_modules/resource/_client_factory.py
+++ b/src/azure-cli/azure/cli/command_modules/resource/_client_factory.py
@@ -16,10 +16,10 @@ def _resource_feature_client_factory(cli_ctx, **_):
return get_mgmt_service_client(cli_ctx, ResourceType.MGMT_RESOURCE_FEATURES)
-def _resource_policy_client_factory(cli_ctx, **_):
- from azure.cli.core.commands.client_factory import get_mgmt_service_client
- from azure.cli.core.profiles import ResourceType
- return get_mgmt_service_client(cli_ctx, ResourceType.MGMT_RESOURCE_POLICY)
+# def _resource_policy_client_factory(cli_ctx, **_):
+# from azure.cli.core.commands.client_factory import get_mgmt_service_client
+# from azure.cli.core.profiles import ResourceType
+# return get_mgmt_service_client(cli_ctx, ResourceType.MGMT_RESOURCE_POLICY)
def _resource_lock_client_factory(cli_ctx, **_):
@@ -108,16 +108,16 @@ def cf_feature_registrations(cli_ctx, _):
return _resource_feature_client_factory(cli_ctx).subscription_feature_registrations
-def cf_policy_definitions(cli_ctx, _):
- return _resource_policy_client_factory(cli_ctx).policy_definitions
+# def cf_policy_definitions(cli_ctx, _):
+# return _resource_policy_client_factory(cli_ctx).policy_definitions
-def cf_policy_set_definitions(cli_ctx, _):
- return _resource_policy_client_factory(cli_ctx).policy_set_definitions
+# def cf_policy_set_definitions(cli_ctx, _):
+# return _resource_policy_client_factory(cli_ctx).policy_set_definitions
-def cf_policy_exemptions(cli_ctx, _):
- return _resource_policy_client_factory(cli_ctx).policy_exemptions
+# def cf_policy_exemptions(cli_ctx, _):
+# return _resource_policy_client_factory(cli_ctx).policy_exemptions
def cf_management_locks(cli_ctx, _):
diff --git a/src/azure-cli/azure/cli/command_modules/resource/_completers.py b/src/azure-cli/azure/cli/command_modules/resource/_completers.py
index 584fbbf6201..e0027f68a14 100644
--- a/src/azure-cli/azure/cli/command_modules/resource/_completers.py
+++ b/src/azure-cli/azure/cli/command_modules/resource/_completers.py
@@ -6,35 +6,36 @@
from azure.cli.core.decorators import Completer
from azure.cli.command_modules.resource._client_factory import (
- _resource_policy_client_factory, _resource_client_factory)
+ #_resource_policy_client_factory,
+ _resource_client_factory)
-@Completer
-def get_policy_completion_list(cmd, prefix, namespace, **kwargs): # pylint: disable=unused-argument
- policy_client = _resource_policy_client_factory(cmd.cli_ctx)
- result = policy_client.policy_definitions.list()
- return [i.name for i in result]
+# @Completer
+# def get_policy_completion_list(cmd, prefix, namespace, **kwargs): # pylint: disable=unused-argument
+# policy_client = _resource_policy_client_factory(cmd.cli_ctx)
+# result = policy_client.policy_definitions.list()
+# return [i.name for i in result]
-@Completer
-def get_policy_set_completion_list(cmd, prefix, namespace, **kwargs): # pylint: disable=unused-argument
- policy_client = _resource_policy_client_factory(cmd.cli_ctx)
- result = policy_client.policy_set_definitions.list()
- return [i.name for i in result]
+# @Completer
+# def get_policy_set_completion_list(cmd, prefix, namespace, **kwargs): # pylint: disable=unused-argument
+# policy_client = _resource_policy_client_factory(cmd.cli_ctx)
+# result = policy_client.policy_set_definitions.list()
+# return [i.name for i in result]
-@Completer
-def get_policy_assignment_completion_list(cmd, prefix, namespace, **kwargs): # pylint: disable=unused-argument
- policy_client = _resource_policy_client_factory(cmd.cli_ctx)
- result = policy_client.policy_assignments.list()
- return [i.name for i in result]
+# @Completer
+# def get_policy_assignment_completion_list(cmd, prefix, namespace, **kwargs): # pylint: disable=unused-argument
+# policy_client = _resource_policy_client_factory(cmd.cli_ctx)
+# result = policy_client.policy_assignments.list()
+# return [i.name for i in result]
-@Completer
-def get_policy_exemption_completion_list(cmd, prefix, namespace, **kwargs): # pylint: disable=unused-argument
- policy_client = _resource_policy_client_factory(cmd.cli_ctx)
- result = policy_client.policy_exemptions.list()
- return [i.name for i in result]
+# @Completer
+# def get_policy_exemption_completion_list(cmd, prefix, namespace, **kwargs): # pylint: disable=unused-argument
+# policy_client = _resource_policy_client_factory(cmd.cli_ctx)
+# result = policy_client.policy_exemptions.list()
+# return [i.name for i in result]
@Completer
diff --git a/src/azure-cli/azure/cli/command_modules/resource/_help.py b/src/azure-cli/azure/cli/command_modules/resource/_help.py
index 248374e1144..cf3b9aeca5c 100644
--- a/src/azure-cli/azure/cli/command_modules/resource/_help.py
+++ b/src/azure-cli/azure/cli/command_modules/resource/_help.py
@@ -1701,414 +1701,414 @@
crafted: true
"""
-helps['policy'] = """
-type: group
-short-summary: Manage resource policies.
-"""
-
-helps['policy assignment'] = """
-type: group
-short-summary: Manage resource policy assignments.
-"""
-
-helps['policy assignment create'] = """
-type: command
-short-summary: Create a resource policy assignment.
-parameters:
- - name: --scope
- type: string
- short-summary: Scope to which this policy assignment applies.
-examples:
- - name: Create a resource policy assignment at scope
- text: |
- Valid scopes are management group, subscription, resource group, and resource, for example
- management group: /providers/Microsoft.Management/managementGroups/MyManagementGroup
- subscription: /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333
- resource group: /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup
- resource: /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM
- az policy assignment create --scope \\
- "/providers/Microsoft.Management/managementGroups/MyManagementGroup" \\
- --policy {PolicyName} -p "{ \\"allowedLocations\\": \\
- { \\"value\\": [ \\"australiaeast\\", \\"eastus\\", \\"japaneast\\" ] } }"
- - name: Create a resource policy assignment and provide rule parameter values.
- text: |
- az policy assignment create --policy {PolicyName} -p "{ \\"allowedLocations\\": \\
- { \\"value\\": [ \\"australiaeast\\", \\"eastus\\", \\"japaneast\\" ] } }"
- - name: Create a resource policy assignment with a system assigned identity.
- text: >
- az policy assignment create --name myPolicy --policy {PolicyName} --mi-system-assigned --location eastus
- - name: Create a resource policy assignment with a system assigned identity. The identity will have 'Contributor' role access to the subscription.
- text: >
- az policy assignment create --name myPolicy --policy {PolicyName} --mi-system-assigned --identity-scope /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx --role Contributor --location eastus
- - name: Create a resource policy assignment with a user assigned identity.
- text: >
- az policy assignment create --name myPolicy --policy {PolicyName} -g MyResourceGroup --mi-user-assigned myAssignedId --location westus
- - name: Create a resource policy assignment with an enforcement mode. It indicates whether a policy effect will be enforced or not during assignment creation and update. Please visit https://aka.ms/azure-policyAssignment-enforcement-mode for more information.
- text: >
- az policy assignment create --name myPolicy --policy {PolicyName} --enforcement-mode 'DoNotEnforce'
-"""
-
-helps['policy assignment update'] = """
-type: command
-short-summary: Update a resource policy assignment.
-examples:
- - name: Update a resource policy assignment's description.
- text: |
- az policy assignment update --name myPolicy --description 'My policy description'
-"""
-
-helps['policy assignment delete'] = """
-type: command
-short-summary: Delete a resource policy assignment.
-examples:
- - name: Delete a resource policy assignment. (autogenerated)
- text: |
- az policy assignment delete --name MyPolicyAssignment
- crafted: true
-"""
-
-helps['policy assignment identity'] = """
-type: group
-short-summary: Manage a policy assignment's managed identity.
-"""
-
-helps['policy assignment identity assign'] = """
-type: command
-short-summary: Add a system assigned identity or a user assigned identity to a policy assignment.
-examples:
- - name: Add a system assigned managed identity to a policy assignment.
- text: >
- az policy assignment identity assign --system-assigned -g MyResourceGroup -n MyPolicyAssignment
- - name: Add a system assigned managed identity to a policy assignment and grant it the 'Contributor' role for the current resource group.
- text: >
- az policy assignment identity assign --system-assigned -g MyResourceGroup -n MyPolicyAssignment --role Contributor --identity-scope /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/MyResourceGroup
- - name: Add a user assigned managed identity to a policy assignment.
- text: >
- az policy assignment identity assign --user-assigned MyAssignedId -g MyResourceGroup -n MyPolicyAssignment
-"""
-
-helps['policy assignment identity remove'] = """
-type: command
-short-summary: Remove a managed identity from a policy assignment.
-"""
-
-helps['policy assignment identity show'] = """
-type: command
-short-summary: Show a policy assignment's managed identity.
-examples:
- - name: Show a policy assignment's managed identity. (autogenerated)
- text: |
- az policy assignment identity show --name MyPolicyAssignment --scope '/providers/Microsoft.Management/managementGroups/MyManagementGroup'
- crafted: true
-"""
-
-helps['policy assignment non-compliance-message'] = """
-type: group
-short-summary: Manage a policy assignment's non-compliance messages.
-"""
-
-helps['policy assignment non-compliance-message create'] = """
-type: command
-short-summary: Add a non-compliance message to a policy assignment.
-examples:
- - name: Add a non-compliance message to a policy assignment.
- text: >
- az policy assignment non-compliance-message create -g MyResourceGroup -n MyPolicyAssignment -m 'Resources must follow naming standards'
- - name: Add a non-compliance message for a specific policy in an assigned policy set definition.
- text: >
- az policy assignment non-compliance-message create -g MyResourceGroup -n MyPolicySetAssignment -m 'Resources must use allowed SKUs' --policy-definition-reference-id SkuPolicyRefId
-"""
-
-helps['policy assignment non-compliance-message list'] = """
-type: command
-short-summary: List the non-compliance messages for a policy assignment.
-examples:
- - name: List the non-compliance messages for a policy assignment.
- text: >
- az policy assignment non-compliance-message list -g MyResourceGroup -n MyPolicyAssignment
-"""
-
-helps['policy assignment non-compliance-message delete'] = """
-type: command
-short-summary: Remove one or more non-compliance messages from a policy assignment.
-examples:
- - name: Remove non-compliance messages from a policy assignment that contain a specific message and no policy definition reference ID.
- text: >
- az policy assignment non-compliance-message delete -g MyResourceGroup -n MyPolicyAssignment -m 'Resources must follow naming standards'
- - name: Remove non-compliance messages from a policy assignment that contain a specific message and a specific policy definition reference ID.
- text: >
- az policy assignment non-compliance-message delete -g MyResourceGroup -n MyPolicySetAssignment -m 'Resources must use allowed SKUs' --policy-definition-reference-id SkuPolicyRefId
-"""
-
-helps['policy assignment list'] = """
-type: command
-short-summary: List resource policy assignments.
-"""
-
-helps['policy assignment show'] = """
-type: command
-short-summary: Show a resource policy assignment.
-examples:
- - name: Show a resource policy assignment. (autogenerated)
- text: |
- az policy assignment show --name MyPolicyAssignment
- crafted: true
-"""
-
-helps['policy definition'] = """
-type: group
-short-summary: Manage resource policy definitions.
-"""
-
-helps['policy definition create'] = """
-type: command
-short-summary: Create a policy definition.
-parameters:
- - name: --rules
- type: string
- short-summary: Policy rules in JSON format, or a path to a file containing JSON rules.
- - name: --management-group
- type: string
- short-summary: Name of the management group the new policy definition can be assigned in.
- - name: --subscription
- type: string
- short-summary: Name or id of the subscription the new policy definition can be assigned in.
-examples:
- - name: Create a read-only policy.
- text: |
- az policy definition create --name readOnlyStorage --rules "{ \\"if\\": \\
- { \\"field\\": \\"type\\", \\"equals\\": \\"Microsoft.Storage/storageAccounts/write\\" }, \\
- \\"then\\": { \\"effect\\": \\"deny\\" } }"
- - name: Create a policy parameter definition.
- text: |
- az policy definition create --name allowedLocations \\
- --rules "{ \\"if\\": { \\"allOf\\": [ \\
- { \\"field\\": \\"location\\",\\"notIn\\": \\"[parameters('listOfAllowedLocations')]\\" }, \\
- { \\"field\\": \\"location\\", \\"notEquals\\": \\"global\\" }, \\
- { \\"field\\": \\"type\\", \\"notEquals\\": \\
- \\"Microsoft.AzureActiveDirectory/b2cDirectories\\"} \\
- ] }, \\"then\\": { \\"effect\\": \\"deny\\" } }" \\
- --params "{ \\"allowedLocations\\": { \\
- \\"type\\": \\"array\\", \\"metadata\\": { \\"description\\": \\
- \\"The list of locations that can be specified when deploying resources\\", \\
- \\"strongType\\": \\"location\\", \\"displayName\\": \\"Allowed locations\\" } } }"
- - name: Create a read-only policy that can be applied within a management group.
- text: |
- az policy definition create -n readOnlyStorage --management-group "MyManagementGroup" \\
- --rules "{ \\"if\\": { \\"field\\": \\"type\\", \\
- \\"equals\\": \\"Microsoft.Storage/storageAccounts/write\\" }, \\
- \\"then\\": { \\"effect\\": \\"deny\\" } }"
- - name: Create a policy definition with mode. The mode 'Indexed' indicates the policy should be evaluated only for resource types that support tags and location.
- text: |
- az policy definition create --name TagsPolicyDefinition --subscription "MySubscription" \\
- --mode Indexed --rules "{ \\"if\\": { \\"field\\": \\"tags\\", \\"exists\\": \\"false\\" }, \\
- \\"then\\": { \\"effect\\": \\"deny\\" } }"
-"""
-
-helps['policy definition delete'] = """
-type: command
-short-summary: Delete a policy definition.
-examples:
- - name: Delete a policy definition. (autogenerated)
- text: |
- az policy definition delete --name MyPolicyDefinition
- crafted: true
-"""
-
-helps['policy definition list'] = """
-type: command
-short-summary: List policy definitions.
-"""
-
-helps['policy definition show'] = """
-type: command
-short-summary: Show a policy definition.
-examples:
- - name: Show a policy definition. (autogenerated)
- text: |
- az policy definition show --name MyPolicyDefinition
- crafted: true
-"""
-
-helps['policy definition update'] = """
-type: command
-short-summary: Update a policy definition.
-examples:
- - name: Update a policy definition. (autogenerated)
- text: |
- az policy definition update --name MyPolicyDefinition
- crafted: true
-"""
-
-helps['policy set-definition'] = """
-type: group
-short-summary: Manage resource policy set definitions.
-"""
-
-helps['policy set-definition create'] = """
-type: command
-short-summary: Create a policy set definition.
-parameters:
- - name: --definitions
- type: string
- short-summary: Policy definitions in JSON format, or a path to a file or URI containing JSON rules.
- - name: --management-group
- type: string
- short-summary: Name of management group the new policy set definition can be assigned in.
- - name: --subscription
- type: string
- short-summary: Name or id of the subscription the new policy set definition can be assigned in.
-examples:
- - name: Create a policy set definition.
- text: |
- az policy set-definition create -n readOnlyStorage \\
- --definitions '[ { \\"policyDefinitionId\\": \\"/subscriptions/mySubId/providers/ \\
- Microsoft.Authorization/policyDefinitions/storagePolicy\\" } ]'
- - name: Create a policy set definition with parameters.
- text: |
- az policy set-definition create -n readOnlyStorage \\
- --definitions "[ { \\"policyDefinitionId\\": \\"/subscriptions/mySubId/providers/ \\
- Microsoft.Authorization/policyDefinitions/storagePolicy\\", \\"parameters\\": \\
- { \\"storageSku\\": { \\"value\\": \\"[parameters(\\\\"requiredSku\\\\")]\\" } } }]" \\
- --params "{ \\"requiredSku\\": { \\"type\\": \\"String\\" } }"
- - name: Create a policy set definition in a subscription.
- text: |
- az policy set-definition create -n readOnlyStorage \\
- --subscription '0b1f6471-1bf0-4dda-aec3-111122223333' \\
- --definitions '[ { \\"policyDefinitionId\\": \\"/subscriptions/ \\
- 0b1f6471-1bf0-4dda-aec3-111122223333/providers/Microsoft.Authorization/ \\
- policyDefinitions/storagePolicy\\" } ]'
- - name: Create a policy set definition with policy definition groups.
- text: |
- az policy set-definition create -n computeRequirements \\
- --definitions "[ { \\"policyDefinitionId \\": \\"/subscriptions/mySubId/providers/ \\
- Microsoft.Authorization/policyDefinitions/storagePolicy\\", \\"groupNames\\": \\
- [ \\"CostSaving\\", \\"Organizational\\" ] }, { \\"policyDefinitionId\\": \\
- \\"/subscriptions/mySubId/providers/Microsoft.Authorization/ \\
- policyDefinitions/tagPolicy\\", \\"groupNames\\": [ \\
- \\"Organizational\\" ] } ]" \\
- --definition-groups "[{ \\"name\\": \\"CostSaving\\" }, { \\"name\\": \\"Organizational\\" } ]"
-"""
-
-helps['policy set-definition delete'] = """
-type: command
-short-summary: Delete a policy set definition.
-examples:
- - name: Delete a policy set definition. (autogenerated)
- text: |
- az policy set-definition delete --management-group myMg --name MyPolicySetDefinition
- crafted: true
-"""
-
-helps['policy set-definition list'] = """
-type: command
-short-summary: List policy set definitions.
-"""
-
-helps['policy set-definition show'] = """
-type: command
-short-summary: Show a policy set definition.
-examples:
- - name: Show a policy set definition. If the policy set is scoped to a management group, then you must include the `--management-group` parameter and value.
- text: |
- az policy set-definition show --name MyPolicySetDefinition --management-group MyManagementGroup
- crafted: true
-"""
-
-helps['policy set-definition update'] = """
-type: command
-short-summary: Update a policy set definition.
-examples:
- - name: Update a policy set definition.
- text: |-
- az policy set-definition update \\
- --definitions '[ { \\"policyDefinitionId\\": \\"/subscriptions/mySubId/providers/ \\
- Microsoft.Authorization/policyDefinitions/storagePolicy\\" } ]' \\
- --name MyPolicySetDefinition
- - name: Update the groups and definitions within a policy set definition.
- text: |
- az policy set-definition update -n computeRequirements \\
- --definitions "[ { \\"policyDefinitionId\\": \\"/subscriptions/mySubId/providers/ \\
- Microsoft.Authorization/policyDefinitions/storagePolicy\\", \\"groupNames\\": [ \\
- \\"CostSaving\\", \\"Organizational\\" ] }, { \\"policyDefinitionId\\": \\
- \\"/subscriptions/mySubId/providers/Microsoft.Authorization/ \\
- policyDefinitions/tagPolicy\\", \\
- \\"groupNames\\": [ \\"Organizational\\" ] } ]" \\
- --definition-groups "[{ \\"name\\": \\"CostSaving\\" }, { \\"name\\": \\"Organizational\\" } ]"
-"""
-
-helps['policy exemption'] = """
-type: group
-short-summary: Manage resource policy exemptions.
-"""
-
-helps['policy exemption create'] = """
-type: command
-short-summary: Create a policy exemption.
-examples:
- - name: Create a policy exemption in default subscription.
- text: |
- az policy exemption create -n exemptTestVM \\
- --policy-assignment "/subscriptions/mySubId/providers/Microsoft.Authorization/policyAssignments/limitVMSku" \\
- --exemption-category "Waiver"
- - name: Create a policy exemption in the resource group.
- text: |
- az policy exemption create -n exemptTestVM \\
- --policy-assignment "/subscriptions/mySubId/providers/Microsoft.Authorization/policyAssignments/limitVMSku" \\
- --exemption-category "Waiver" \\
- --resource-group "myResourceGroup"
- - name: Create a policy exemption in a management group.
- text: |
- az policy exemption create -n exemptTestVM \\
- --policy-assignment "/providers/Microsoft.Management/managementGroups/myMG/providers/Microsoft.Authorization/policyAssignments/limitVMSku" \\
- --exemption-category "Waiver" \\
- --scope "/providers/Microsoft.Management/managementGroups/myMG"
-"""
-
-helps['policy exemption delete'] = """
-type: command
-short-summary: Delete a policy exemption.
-examples:
- - name: Delete a policy exemption.
- text: |
- az policy exemption delete --name MyPolicyExemption --resource-group "myResourceGroup"
- crafted: true
-"""
-
-helps['policy exemption list'] = """
-type: command
-short-summary: List policy exemptions.
-"""
-
-helps['policy exemption show'] = """
-type: command
-short-summary: Show a policy exemption.
-examples:
- - name: Show a policy exemption.
- text: |
- az policy exemption show --name MyPolicyExemption --resource-group "myResourceGroup"
- crafted: true
-"""
-
-helps['policy exemption update'] = """
-type: command
-short-summary: Update a policy exemption.
-examples:
- - name: Update a policy exemption.
- text: |
- az policy exemption update -n exemptTestVM \\
- --exemption-category "Mitigated"
- - name: Update a policy exemption in the resource group.
- text: |
- az policy exemption update -n exemptTestVM \\
- --exemption-category "Mitigated" \\
- --resource-group "myResourceGroup"
- - name: Update a policy exemption in a management group.
- text: |
- az policy exemption update -n exemptTestVM \\
- --exemption-category "Mitigated" \\
- --scope "/providers/Microsoft.Management/managementGroups/myMG"
-"""
+# helps['policy'] = """
+# type: group
+# short-summary: Manage resource policies.
+# """
+
+# helps['policy assignment'] = """
+# type: group
+# short-summary: Manage resource policy assignments.
+# """
+
+# helps['policy assignment create'] = """
+# type: command
+# short-summary: Create a resource policy assignment.
+# parameters:
+# - name: --scope
+# type: string
+# short-summary: Scope to which this policy assignment applies.
+# examples:
+# - name: Create a resource policy assignment at scope
+# text: |
+# Valid scopes are management group, subscription, resource group, and resource, for example
+# management group: /providers/Microsoft.Management/managementGroups/MyManagementGroup
+# subscription: /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333
+# resource group: /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup
+# resource: /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM
+# az policy assignment create --scope \\
+# "/providers/Microsoft.Management/managementGroups/MyManagementGroup" \\
+# --policy {PolicyName} -p "{ \\"allowedLocations\\": \\
+# { \\"value\\": [ \\"australiaeast\\", \\"eastus\\", \\"japaneast\\" ] } }"
+# - name: Create a resource policy assignment and provide rule parameter values.
+# text: |
+# az policy assignment create --policy {PolicyName} -p "{ \\"allowedLocations\\": \\
+# { \\"value\\": [ \\"australiaeast\\", \\"eastus\\", \\"japaneast\\" ] } }"
+# - name: Create a resource policy assignment with a system assigned identity.
+# text: >
+# az policy assignment create --name myPolicy --policy {PolicyName} --mi-system-assigned --location eastus
+# - name: Create a resource policy assignment with a system assigned identity. The identity will have 'Contributor' role access to the subscription.
+# text: >
+# az policy assignment create --name myPolicy --policy {PolicyName} --mi-system-assigned --identity-scope /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx --role Contributor --location eastus
+# - name: Create a resource policy assignment with a user assigned identity.
+# text: >
+# az policy assignment create --name myPolicy --policy {PolicyName} -g MyResourceGroup --mi-user-assigned myAssignedId --location westus
+# - name: Create a resource policy assignment with an enforcement mode. It indicates whether a policy effect will be enforced or not during assignment creation and update. Please visit https://aka.ms/azure-policyAssignment-enforcement-mode for more information.
+# text: >
+# az policy assignment create --name myPolicy --policy {PolicyName} --enforcement-mode 'DoNotEnforce'
+# """
+
+# helps['policy assignment update'] = """
+# type: command
+# short-summary: Update a resource policy assignment.
+# examples:
+# - name: Update a resource policy assignment's description.
+# text: |
+# az policy assignment update --name myPolicy --description 'My policy description'
+# """
+
+# helps['policy assignment delete'] = """
+# type: command
+# short-summary: Delete a resource policy assignment.
+# examples:
+# - name: Delete a resource policy assignment. (autogenerated)
+# text: |
+# az policy assignment delete --name MyPolicyAssignment
+# crafted: true
+# """
+
+# helps['policy assignment identity'] = """
+# type: group
+# short-summary: Manage a policy assignment's managed identity.
+# """
+
+# helps['policy assignment identity assign'] = """
+# type: command
+# short-summary: Add a system assigned identity or a user assigned identity to a policy assignment.
+# examples:
+# - name: Add a system assigned managed identity to a policy assignment.
+# text: >
+# az policy assignment identity assign --system-assigned -g MyResourceGroup -n MyPolicyAssignment
+# - name: Add a system assigned managed identity to a policy assignment and grant it the 'Contributor' role for the current resource group.
+# text: >
+# az policy assignment identity assign --system-assigned -g MyResourceGroup -n MyPolicyAssignment --role Contributor --identity-scope /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/MyResourceGroup
+# - name: Add a user assigned managed identity to a policy assignment.
+# text: >
+# az policy assignment identity assign --user-assigned MyAssignedId -g MyResourceGroup -n MyPolicyAssignment
+# """
+
+# helps['policy assignment identity remove'] = """
+# type: command
+# short-summary: Remove a managed identity from a policy assignment.
+# """
+
+# helps['policy assignment identity show'] = """
+# type: command
+# short-summary: Show a policy assignment's managed identity.
+# examples:
+# - name: Show a policy assignment's managed identity. (autogenerated)
+# text: |
+# az policy assignment identity show --name MyPolicyAssignment --scope '/providers/Microsoft.Management/managementGroups/MyManagementGroup'
+# crafted: true
+# """
+
+# helps['policy assignment non-compliance-message'] = """
+# type: group
+# short-summary: Manage a policy assignment's non-compliance messages.
+# """
+
+# helps['policy assignment non-compliance-message create'] = """
+# type: command
+# short-summary: Add a non-compliance message to a policy assignment.
+# examples:
+# - name: Add a non-compliance message to a policy assignment.
+# text: >
+# az policy assignment non-compliance-message create -g MyResourceGroup -n MyPolicyAssignment -m 'Resources must follow naming standards'
+# - name: Add a non-compliance message for a specific policy in an assigned policy set definition.
+# text: >
+# az policy assignment non-compliance-message create -g MyResourceGroup -n MyPolicySetAssignment -m 'Resources must use allowed SKUs' --policy-definition-reference-id SkuPolicyRefId
+# """
+
+# helps['policy assignment non-compliance-message list'] = """
+# type: command
+# short-summary: List the non-compliance messages for a policy assignment.
+# examples:
+# - name: List the non-compliance messages for a policy assignment.
+# text: >
+# az policy assignment non-compliance-message list -g MyResourceGroup -n MyPolicyAssignment
+# """
+
+# helps['policy assignment non-compliance-message delete'] = """
+# type: command
+# short-summary: Remove one or more non-compliance messages from a policy assignment.
+# examples:
+# - name: Remove non-compliance messages from a policy assignment that contain a specific message and no policy definition reference ID.
+# text: >
+# az policy assignment non-compliance-message delete -g MyResourceGroup -n MyPolicyAssignment -m 'Resources must follow naming standards'
+# - name: Remove non-compliance messages from a policy assignment that contain a specific message and a specific policy definition reference ID.
+# text: >
+# az policy assignment non-compliance-message delete -g MyResourceGroup -n MyPolicySetAssignment -m 'Resources must use allowed SKUs' --policy-definition-reference-id SkuPolicyRefId
+# """
+
+# helps['policy assignment list'] = """
+# type: command
+# short-summary: List resource policy assignments.
+# """
+
+# helps['policy assignment show'] = """
+# type: command
+# short-summary: Show a resource policy assignment.
+# examples:
+# - name: Show a resource policy assignment. (autogenerated)
+# text: |
+# az policy assignment show --name MyPolicyAssignment
+# crafted: true
+# """
+
+# helps['policy definition'] = """
+# type: group
+# short-summary: Manage resource policy definitions.
+# """
+
+# helps['policy definition create'] = """
+# type: command
+# short-summary: Create a policy definition.
+# parameters:
+# - name: --rules
+# type: string
+# short-summary: Policy rules in JSON format, or a path to a file containing JSON rules.
+# - name: --management-group
+# type: string
+# short-summary: Name of the management group the new policy definition can be assigned in.
+# - name: --subscription
+# type: string
+# short-summary: Name or id of the subscription the new policy definition can be assigned in.
+# examples:
+# - name: Create a read-only policy.
+# text: |
+# az policy definition create --name readOnlyStorage --rules "{ \\"if\\": \\
+# { \\"field\\": \\"type\\", \\"equals\\": \\"Microsoft.Storage/storageAccounts/write\\" }, \\
+# \\"then\\": { \\"effect\\": \\"deny\\" } }"
+# - name: Create a policy parameter definition.
+# text: |
+# az policy definition create --name allowedLocations \\
+# --rules "{ \\"if\\": { \\"allOf\\": [ \\
+# { \\"field\\": \\"location\\",\\"notIn\\": \\"[parameters('listOfAllowedLocations')]\\" }, \\
+# { \\"field\\": \\"location\\", \\"notEquals\\": \\"global\\" }, \\
+# { \\"field\\": \\"type\\", \\"notEquals\\": \\
+# \\"Microsoft.AzureActiveDirectory/b2cDirectories\\"} \\
+# ] }, \\"then\\": { \\"effect\\": \\"deny\\" } }" \\
+# --params "{ \\"allowedLocations\\": { \\
+# \\"type\\": \\"array\\", \\"metadata\\": { \\"description\\": \\
+# \\"The list of locations that can be specified when deploying resources\\", \\
+# \\"strongType\\": \\"location\\", \\"displayName\\": \\"Allowed locations\\" } } }"
+# - name: Create a read-only policy that can be applied within a management group.
+# text: |
+# az policy definition create -n readOnlyStorage --management-group "MyManagementGroup" \\
+# --rules "{ \\"if\\": { \\"field\\": \\"type\\", \\
+# \\"equals\\": \\"Microsoft.Storage/storageAccounts/write\\" }, \\
+# \\"then\\": { \\"effect\\": \\"deny\\" } }"
+# - name: Create a policy definition with mode. The mode 'Indexed' indicates the policy should be evaluated only for resource types that support tags and location.
+# text: |
+# az policy definition create --name TagsPolicyDefinition --subscription "MySubscription" \\
+# --mode Indexed --rules "{ \\"if\\": { \\"field\\": \\"tags\\", \\"exists\\": \\"false\\" }, \\
+# \\"then\\": { \\"effect\\": \\"deny\\" } }"
+# """
+
+# helps['policy definition delete'] = """
+# type: command
+# short-summary: Delete a policy definition.
+# examples:
+# - name: Delete a policy definition. (autogenerated)
+# text: |
+# az policy definition delete --name MyPolicyDefinition
+# crafted: true
+# """
+
+# helps['policy definition list'] = """
+# type: command
+# short-summary: List policy definitions.
+# """
+
+# helps['policy definition show'] = """
+# type: command
+# short-summary: Show a policy definition.
+# examples:
+# - name: Show a policy definition. (autogenerated)
+# text: |
+# az policy definition show --name MyPolicyDefinition
+# crafted: true
+# """
+
+# helps['policy definition update'] = """
+# type: command
+# short-summary: Update a policy definition.
+# examples:
+# - name: Update a policy definition. (autogenerated)
+# text: |
+# az policy definition update --name MyPolicyDefinition
+# crafted: true
+# """
+
+# helps['policy set-definition'] = """
+# type: group
+# short-summary: Manage resource policy set definitions.
+# """
+
+# helps['policy set-definition create'] = """
+# type: command
+# short-summary: Create a policy set definition.
+# parameters:
+# - name: --definitions
+# type: string
+# short-summary: Policy definitions in JSON format, or a path to a file or URI containing JSON rules.
+# - name: --management-group
+# type: string
+# short-summary: Name of management group the new policy set definition can be assigned in.
+# - name: --subscription
+# type: string
+# short-summary: Name or id of the subscription the new policy set definition can be assigned in.
+# examples:
+# - name: Create a policy set definition.
+# text: |
+# az policy set-definition create -n readOnlyStorage \\
+# --definitions '[ { \\"policyDefinitionId\\": \\"/subscriptions/mySubId/providers/ \\
+# Microsoft.Authorization/policyDefinitions/storagePolicy\\" } ]'
+# - name: Create a policy set definition with parameters.
+# text: |
+# az policy set-definition create -n readOnlyStorage \\
+# --definitions "[ { \\"policyDefinitionId\\": \\"/subscriptions/mySubId/providers/ \\
+# Microsoft.Authorization/policyDefinitions/storagePolicy\\", \\"parameters\\": \\
+# { \\"storageSku\\": { \\"value\\": \\"[parameters(\\\\"requiredSku\\\\")]\\" } } }]" \\
+# --params "{ \\"requiredSku\\": { \\"type\\": \\"String\\" } }"
+# - name: Create a policy set definition in a subscription.
+# text: |
+# az policy set-definition create -n readOnlyStorage \\
+# --subscription '0b1f6471-1bf0-4dda-aec3-111122223333' \\
+# --definitions '[ { \\"policyDefinitionId\\": \\"/subscriptions/ \\
+# 0b1f6471-1bf0-4dda-aec3-111122223333/providers/Microsoft.Authorization/ \\
+# policyDefinitions/storagePolicy\\" } ]'
+# - name: Create a policy set definition with policy definition groups.
+# text: |
+# az policy set-definition create -n computeRequirements \\
+# --definitions "[ { \\"policyDefinitionId \\": \\"/subscriptions/mySubId/providers/ \\
+# Microsoft.Authorization/policyDefinitions/storagePolicy\\", \\"groupNames\\": \\
+# [ \\"CostSaving\\", \\"Organizational\\" ] }, { \\"policyDefinitionId\\": \\
+# \\"/subscriptions/mySubId/providers/Microsoft.Authorization/ \\
+# policyDefinitions/tagPolicy\\", \\"groupNames\\": [ \\
+# \\"Organizational\\" ] } ]" \\
+# --definition-groups "[{ \\"name\\": \\"CostSaving\\" }, { \\"name\\": \\"Organizational\\" } ]"
+# """
+
+# helps['policy set-definition delete'] = """
+# type: command
+# short-summary: Delete a policy set definition.
+# examples:
+# - name: Delete a policy set definition. (autogenerated)
+# text: |
+# az policy set-definition delete --management-group myMg --name MyPolicySetDefinition
+# crafted: true
+# """
+
+# helps['policy set-definition list'] = """
+# type: command
+# short-summary: List policy set definitions.
+# """
+
+# helps['policy set-definition show'] = """
+# type: command
+# short-summary: Show a policy set definition.
+# examples:
+# - name: Show a policy set definition. If the policy set is scoped to a management group, then you must include the `--management-group` parameter and value.
+# text: |
+# az policy set-definition show --name MyPolicySetDefinition --management-group MyManagementGroup
+# crafted: true
+# """
+
+# helps['policy set-definition update'] = """
+# type: command
+# short-summary: Update a policy set definition.
+# examples:
+# - name: Update a policy set definition.
+# text: |-
+# az policy set-definition update \\
+# --definitions '[ { \\"policyDefinitionId\\": \\"/subscriptions/mySubId/providers/ \\
+# Microsoft.Authorization/policyDefinitions/storagePolicy\\" } ]' \\
+# --name MyPolicySetDefinition
+# - name: Update the groups and definitions within a policy set definition.
+# text: |
+# az policy set-definition update -n computeRequirements \\
+# --definitions "[ { \\"policyDefinitionId\\": \\"/subscriptions/mySubId/providers/ \\
+# Microsoft.Authorization/policyDefinitions/storagePolicy\\", \\"groupNames\\": [ \\
+# \\"CostSaving\\", \\"Organizational\\" ] }, { \\"policyDefinitionId\\": \\
+# \\"/subscriptions/mySubId/providers/Microsoft.Authorization/ \\
+# policyDefinitions/tagPolicy\\", \\
+# \\"groupNames\\": [ \\"Organizational\\" ] } ]" \\
+# --definition-groups "[{ \\"name\\": \\"CostSaving\\" }, { \\"name\\": \\"Organizational\\" } ]"
+# """
+
+# helps['policy exemption'] = """
+# type: group
+# short-summary: Manage resource policy exemptions.
+# """
+
+# helps['policy exemption create'] = """
+# type: command
+# short-summary: Create a policy exemption.
+# examples:
+# - name: Create a policy exemption in default subscription.
+# text: |
+# az policy exemption create -n exemptTestVM \\
+# --policy-assignment "/subscriptions/mySubId/providers/Microsoft.Authorization/policyAssignments/limitVMSku" \\
+# --exemption-category "Waiver"
+# - name: Create a policy exemption in the resource group.
+# text: |
+# az policy exemption create -n exemptTestVM \\
+# --policy-assignment "/subscriptions/mySubId/providers/Microsoft.Authorization/policyAssignments/limitVMSku" \\
+# --exemption-category "Waiver" \\
+# --resource-group "myResourceGroup"
+# - name: Create a policy exemption in a management group.
+# text: |
+# az policy exemption create -n exemptTestVM \\
+# --policy-assignment "/providers/Microsoft.Management/managementGroups/myMG/providers/Microsoft.Authorization/policyAssignments/limitVMSku" \\
+# --exemption-category "Waiver" \\
+# --scope "/providers/Microsoft.Management/managementGroups/myMG"
+# """
+
+# helps['policy exemption delete'] = """
+# type: command
+# short-summary: Delete a policy exemption.
+# examples:
+# - name: Delete a policy exemption.
+# text: |
+# az policy exemption delete --name MyPolicyExemption --resource-group "myResourceGroup"
+# crafted: true
+# """
+
+# helps['policy exemption list'] = """
+# type: command
+# short-summary: List policy exemptions.
+# """
+
+# helps['policy exemption show'] = """
+# type: command
+# short-summary: Show a policy exemption.
+# examples:
+# - name: Show a policy exemption.
+# text: |
+# az policy exemption show --name MyPolicyExemption --resource-group "myResourceGroup"
+# crafted: true
+# """
+
+# helps['policy exemption update'] = """
+# type: command
+# short-summary: Update a policy exemption.
+# examples:
+# - name: Update a policy exemption.
+# text: |
+# az policy exemption update -n exemptTestVM \\
+# --exemption-category "Mitigated"
+# - name: Update a policy exemption in the resource group.
+# text: |
+# az policy exemption update -n exemptTestVM \\
+# --exemption-category "Mitigated" \\
+# --resource-group "myResourceGroup"
+# - name: Update a policy exemption in a management group.
+# text: |
+# az policy exemption update -n exemptTestVM \\
+# --exemption-category "Mitigated" \\
+# --scope "/providers/Microsoft.Management/managementGroups/myMG"
+# """
helps['provider'] = """
type: group
diff --git a/src/azure-cli/azure/cli/command_modules/resource/_params.py b/src/azure-cli/azure/cli/command_modules/resource/_params.py
index b481519c2d7..fa49a9e9459 100644
--- a/src/azure-cli/azure/cli/command_modules/resource/_params.py
+++ b/src/azure-cli/azure/cli/command_modules/resource/_params.py
@@ -11,7 +11,7 @@ def load_arguments(self, _):
from azure.mgmt.resource.locks.models import LockLevel
from azure.mgmt.resource.managedapplications.models import ApplicationLockLevel
- from azure.mgmt.resource.policy.models import EnforcementMode
+ #from azure.mgmt.resource.policy.models import EnforcementMode
from azure.mgmt.resource.deploymentstacks.models import DenySettingsMode
from azure.cli.core.commands.validators import get_default_location_from_resource_group
@@ -25,14 +25,14 @@ def load_arguments(self, _):
from knack.arguments import ignore_type, CLIArgumentType
from azure.cli.command_modules.resource._completers import (
- get_policy_completion_list, get_policy_set_completion_list, get_policy_assignment_completion_list, get_policy_exemption_completion_list,
+ #get_policy_completion_list, get_policy_set_completion_list, get_policy_assignment_completion_list, get_policy_exemption_completion_list,
get_resource_types_completion_list, get_providers_completion_list)
from azure.cli.command_modules.resource._validators import (
validate_lock_parameters, validate_resource_lock, validate_group_lock, validate_subscription_lock, validate_metadata, RollbackAction)
from azure.cli.command_modules.resource.parameters import TagUpdateOperation, StacksActionOnUnmanage
- ExemptionCategory = self.get_models('ExemptionCategory', resource_type=ResourceType.MGMT_RESOURCE_POLICY,
- operation_group='policy_exemptions')
+ # ExemptionCategory = self.get_models('ExemptionCategory', resource_type=ResourceType.MGMT_RESOURCE_POLICY,
+ # operation_group='policy_exemptions')
DeploymentMode, WhatIfResultFormat, ChangeType = self.get_models('DeploymentMode', 'WhatIfResultFormat', 'ChangeType')
# BASIC PARAMETER CONFIGURATION
@@ -41,10 +41,10 @@ def load_arguments(self, _):
resource_type_type = CLIArgumentType(help="The resource type (Ex: 'resC'). Can also accept namespace/type format (Ex: 'Microsoft.Provider/resC')")
resource_namespace_type = CLIArgumentType(options_list='--namespace', completer=get_providers_completion_list, help="Provider namespace (Ex: 'Microsoft.Provider')")
resource_parent_type = CLIArgumentType(required=False, options_list=['--parent'], help="The parent path (Ex: 'resA/myA/resB/myB')")
- existing_policy_definition_name_type = CLIArgumentType(options_list=['--name', '-n'], completer=get_policy_completion_list, help='The policy definition name.')
- existing_policy_set_definition_name_type = CLIArgumentType(options_list=['--name', '-n'], completer=get_policy_set_completion_list, help='The policy set definition name.')
+ # existing_policy_definition_name_type = CLIArgumentType(options_list=['--name', '-n'], completer=get_policy_completion_list, help='The policy definition name.')
+ # existing_policy_set_definition_name_type = CLIArgumentType(options_list=['--name', '-n'], completer=get_policy_set_completion_list, help='The policy set definition name.')
subscription_type = CLIArgumentType(options_list='--subscription', FilesCompleter=get_subscription_id_list, help='The subscription id of the policy [set] definition.')
- management_group_name_type = CLIArgumentType(options_list='--management-group', help='The name of the management group of the policy [set] definition. This parameter is required if your policy set is scoped to a management group.')
+ # management_group_name_type = CLIArgumentType(options_list='--management-group', help='The name of the management group of the policy [set] definition. This parameter is required if your policy set is scoped to a management group.')
identity_scope_type = CLIArgumentType(help="Scope that the system assigned identity can access")
identity_role_type = CLIArgumentType(options_list=['--role'], help="Role name or id that will be assigned to the managed identity")
extended_json_format_type = CLIArgumentType(options_list=['--handle-extended-json-format', '-j'], action='store_true',
@@ -213,94 +213,94 @@ def load_arguments(self, _):
with self.argument_context('feature registration list') as c:
c.argument('resource_provider_namespace', options_list='--namespace', required=False, help=_PROVIDER_HELP_TEXT)
- with self.argument_context('policy') as c:
- c.argument('resource_group_name', arg_type=resource_group_name_type, help='the resource group where the policy will be applied')
+ # with self.argument_context('policy') as c:
+ # c.argument('resource_group_name', arg_type=resource_group_name_type, help='the resource group where the policy will be applied')
with self.argument_context('policy definition', resource_type=ResourceType.MGMT_RESOURCE_POLICY) as c:
- c.argument('policy_definition_name', arg_type=existing_policy_definition_name_type)
- c.argument('rules', help='JSON formatted string or a path to a file with such content', type=file_type, completer=FilesCompleter())
- c.argument('display_name', help='Display name of policy definition.')
- c.argument('description', help='Description of policy definition.')
- c.argument('params', help='JSON formatted string or a path to a file or uri with parameter definitions.', type=file_type, completer=FilesCompleter(), min_api='2016-12-01')
+ # c.argument('policy_definition_name', arg_type=existing_policy_definition_name_type)
+ # c.argument('rules', help='JSON formatted string or a path to a file with such content', type=file_type, completer=FilesCompleter())
+ # c.argument('display_name', help='Display name of policy definition.')
+ # c.argument('description', help='Description of policy definition.')
+ # c.argument('params', help='JSON formatted string or a path to a file or uri with parameter definitions.', type=file_type, completer=FilesCompleter(), min_api='2016-12-01')
c.argument('metadata', min_api='2017-06-01-preview', nargs='+', validator=validate_metadata, help='Metadata in space-separated key=value pairs.')
- c.argument('management_group', arg_type=management_group_name_type)
- c.argument('mode', options_list=['--mode', '-m'], help='Mode of the policy definition, e.g. All, Indexed. Please visit https://aka.ms/azure-policy-mode for more information.', min_api='2016-12-01')
- c.argument('subscription', arg_type=subscription_type)
- c.ignore('_subscription') # disable global subscription
-
- with self.argument_context('policy definition create', resource_type=ResourceType.MGMT_RESOURCE_POLICY) as c:
- c.argument('name', options_list=['--name', '-n'], help='Name of the new policy definition.')
-
- with self.argument_context('policy assignment', resource_type=ResourceType.MGMT_RESOURCE_POLICY) as c:
- c.argument('name', options_list=['--name', '-n'], completer=get_policy_assignment_completion_list, help='Name of the policy assignment.')
- c.argument('scope', help='Scope at which this policy assignment subcommand applies. Defaults to current context subscription.')
- c.argument('disable_scope_strict_match', action='store_true', help='Include policy assignments either inherited from parent scope or at child scope.')
- c.argument('display_name', help='Display name of the policy assignment.')
- c.argument('description', help='Description of the policy assignment.', min_api='2016-12-01')
- c.argument('policy', help='Name or id of the policy definition. If not provided, a policy set definition parameter must be provided.', completer=get_policy_completion_list)
- c.argument('params', options_list=['--params', '-p'], help='JSON formatted string or a path to a file or uri with parameter values of the policy rule.', type=file_type, completer=FilesCompleter(), min_api='2016-12-01')
-
- with self.argument_context('policy assignment', resource_type=ResourceType.MGMT_RESOURCE_POLICY, min_api='2017-06-01-preview') as c:
- c.argument('policy_set_definition', options_list=['--policy-set-definition', '-d'], help='Name or id of the policy set definition. If not provided, a policy definition parameter must be provided.')
- c.argument('sku', options_list=['--sku', '-s'], help='policy sku.', arg_type=get_enum_type(['free', 'standard']), deprecate_info=c.deprecate(hide=True))
- c.argument('notscopes', options_list='--not-scopes', nargs='+')
-
- with self.argument_context('policy assignment', resource_type=ResourceType.MGMT_RESOURCE_POLICY, arg_group='Managed Identity', min_api='2018-05-01') as c:
- c.argument('assign_identity', nargs='*', help="Assigns a system assigned identity to the policy assignment. This argument will be deprecated, please use --mi-system-assigned instead", deprecate_info=c.deprecate(hide=True))
- c.argument('mi_system_assigned', action='store_true', help='Provide this flag to use system assigned identity for policy assignment. Check out help for more examples')
- c.argument('mi_user_assigned', min_api='2021-06-01', help='UserAssigned Identity Id to be used for policy assignment. Check out help for more examples')
- c.argument('identity_scope', arg_type=identity_scope_type)
- c.argument('identity_role', arg_type=identity_role_type)
-
- with self.argument_context('policy assignment', resource_type=ResourceType.MGMT_RESOURCE_POLICY, min_api='2019-06-01') as c:
- c.argument('enforcement_mode', options_list=['--enforcement-mode', '-e'], help='Enforcement mode of the policy assignment, e.g. Default, DoNotEnforce. Please visit https://aka.ms/azure-policyAssignment-enforcement-mode for more information.', arg_type=get_enum_type(EnforcementMode))
-
- with self.argument_context('policy assignment create', resource_type=ResourceType.MGMT_RESOURCE_POLICY) as c:
- c.argument('name', options_list=['--name', '-n'], help='Name of the new policy assignment.')
-
- with self.argument_context('policy assignment create', resource_type=ResourceType.MGMT_RESOURCE_POLICY, min_api='2018-05-01') as c:
- c.argument('location', arg_type=get_location_type(self.cli_ctx), help='The location of the policy assignment. Only required when utilizing managed identity.')
-
- with self.argument_context('policy assignment identity', resource_type=ResourceType.MGMT_RESOURCE_POLICY, min_api='2018-05-01') as c:
- c.argument('mi_system_assigned', action='store_true', options_list=['--system-assigned'], help='Provide this flag to use system assigned identity for policy assignment. Check out help for more examples')
- c.argument('mi_user_assigned', options_list=['--user-assigned'], min_api='2021-06-01', help='UserAssigned Identity Id to be used for policy assignment. Check out help for more examples')
- c.argument('identity_scope', arg_type=identity_scope_type)
- c.argument('identity_role', arg_type=identity_role_type)
-
- with self.argument_context('policy assignment non-compliance-message', resource_type=ResourceType.MGMT_RESOURCE_POLICY, min_api='2020-09-01') as c:
- c.argument('message', options_list=['--message', '-m'], help='Message that will be shown when a resource is denied by policy or evaluation details are inspected.')
- c.argument('policy_definition_reference_id', options_list=['--policy-definition-reference-id', '-r'], help='Policy definition reference ID within the assigned initiative (policy set) that the message applies to.')
+ # c.argument('management_group', arg_type=management_group_name_type)
+ # c.argument('mode', options_list=['--mode', '-m'], help='Mode of the policy definition, e.g. All, Indexed. Please visit https://aka.ms/azure-policy-mode for more information.', min_api='2016-12-01')
+ # c.argument('subscription', arg_type=subscription_type)
+ # c.ignore('_subscription') # disable global subscription
+
+ # with self.argument_context('policy definition create', resource_type=ResourceType.MGMT_RESOURCE_POLICY) as c:
+ # c.argument('name', options_list=['--name', '-n'], help='Name of the new policy definition.')
+
+ # with self.argument_context('policy assignment', resource_type=ResourceType.MGMT_RESOURCE_POLICY) as c:
+ # c.argument('name', options_list=['--name', '-n'], completer=get_policy_assignment_completion_list, help='Name of the policy assignment.')
+ # c.argument('scope', help='Scope at which this policy assignment subcommand applies. Defaults to current context subscription.')
+ # c.argument('disable_scope_strict_match', action='store_true', help='Include policy assignments either inherited from parent scope or at child scope.')
+ # c.argument('display_name', help='Display name of the policy assignment.')
+ # c.argument('description', help='Description of the policy assignment.', min_api='2016-12-01')
+ # c.argument('policy', help='Name or id of the policy definition. If not provided, a policy set definition parameter must be provided.', completer=get_policy_completion_list)
+ # c.argument('params', options_list=['--params', '-p'], help='JSON formatted string or a path to a file or uri with parameter values of the policy rule.', type=file_type, completer=FilesCompleter(), min_api='2016-12-01')
+
+ # with self.argument_context('policy assignment', resource_type=ResourceType.MGMT_RESOURCE_POLICY, min_api='2017-06-01-preview') as c:
+ # c.argument('policy_set_definition', options_list=['--policy-set-definition', '-d'], help='Name or id of the policy set definition. If not provided, a policy definition parameter must be provided.')
+ # c.argument('sku', options_list=['--sku', '-s'], help='policy sku.', arg_type=get_enum_type(['free', 'standard']), deprecate_info=c.deprecate(hide=True))
+ # c.argument('notscopes', options_list='--not-scopes', nargs='+')
+
+ # with self.argument_context('policy assignment', resource_type=ResourceType.MGMT_RESOURCE_POLICY, arg_group='Managed Identity', min_api='2018-05-01') as c:
+ # c.argument('assign_identity', nargs='*', help="Assigns a system assigned identity to the policy assignment. This argument will be deprecated, please use --mi-system-assigned instead", deprecate_info=c.deprecate(hide=True))
+ # c.argument('mi_system_assigned', action='store_true', help='Provide this flag to use system assigned identity for policy assignment. Check out help for more examples')
+ # c.argument('mi_user_assigned', min_api='2021-06-01', help='UserAssigned Identity Id to be used for policy assignment. Check out help for more examples')
+ # c.argument('identity_scope', arg_type=identity_scope_type)
+ # c.argument('identity_role', arg_type=identity_role_type)
+
+ # with self.argument_context('policy assignment', resource_type=ResourceType.MGMT_RESOURCE_POLICY, min_api='2019-06-01') as c:
+ # c.argument('enforcement_mode', options_list=['--enforcement-mode', '-e'], help='Enforcement mode of the policy assignment, e.g. Default, DoNotEnforce. Please visit https://aka.ms/azure-policyAssignment-enforcement-mode for more information.', arg_type=get_enum_type(EnforcementMode))
+
+ # with self.argument_context('policy assignment create', resource_type=ResourceType.MGMT_RESOURCE_POLICY) as c:
+ # c.argument('name', options_list=['--name', '-n'], help='Name of the new policy assignment.')
+
+ # with self.argument_context('policy assignment create', resource_type=ResourceType.MGMT_RESOURCE_POLICY, min_api='2018-05-01') as c:
+ # c.argument('location', arg_type=get_location_type(self.cli_ctx), help='The location of the policy assignment. Only required when utilizing managed identity.')
+
+ # with self.argument_context('policy assignment identity', resource_type=ResourceType.MGMT_RESOURCE_POLICY, min_api='2018-05-01') as c:
+ # c.argument('mi_system_assigned', action='store_true', options_list=['--system-assigned'], help='Provide this flag to use system assigned identity for policy assignment. Check out help for more examples')
+ # c.argument('mi_user_assigned', options_list=['--user-assigned'], min_api='2021-06-01', help='UserAssigned Identity Id to be used for policy assignment. Check out help for more examples')
+ # c.argument('identity_scope', arg_type=identity_scope_type)
+ # c.argument('identity_role', arg_type=identity_role_type)
+
+ # with self.argument_context('policy assignment non-compliance-message', resource_type=ResourceType.MGMT_RESOURCE_POLICY, min_api='2020-09-01') as c:
+ # c.argument('message', options_list=['--message', '-m'], help='Message that will be shown when a resource is denied by policy or evaluation details are inspected.')
+ # c.argument('policy_definition_reference_id', options_list=['--policy-definition-reference-id', '-r'], help='Policy definition reference ID within the assigned initiative (policy set) that the message applies to.')
with self.argument_context('policy set-definition', min_api='2017-06-01-preview', resource_type=ResourceType.MGMT_RESOURCE_POLICY) as c:
- c.argument('policy_set_definition_name', arg_type=existing_policy_set_definition_name_type)
- c.argument('display_name', help='Display name of policy set definition.')
- c.argument('description', help='Description of policy set definition.')
- c.argument('params', help='JSON formatted string or a path to a file or uri with parameter definitions.', type=file_type, completer=FilesCompleter())
- c.argument('definitions', help='JSON formatted string or a path to a file or uri containing definitions.', type=file_type, completer=FilesCompleter())
- c.argument('definition_groups', min_api='2019-09-01', help='JSON formatted string or a path to a file or uri containing policy definition groups. Groups are used to organize policy definitions within a policy set.', type=file_type, completer=FilesCompleter())
+ # c.argument('policy_set_definition_name', arg_type=existing_policy_set_definition_name_type)
+ # c.argument('display_name', help='Display name of policy set definition.')
+ # c.argument('description', help='Description of policy set definition.')
+ # c.argument('params', help='JSON formatted string or a path to a file or uri with parameter definitions.', type=file_type, completer=FilesCompleter())
+ # c.argument('definitions', help='JSON formatted string or a path to a file or uri containing definitions.', type=file_type, completer=FilesCompleter())
+ # c.argument('definition_groups', min_api='2019-09-01', help='JSON formatted string or a path to a file or uri containing policy definition groups. Groups are used to organize policy definitions within a policy set.', type=file_type, completer=FilesCompleter())
c.argument('metadata', nargs='+', validator=validate_metadata, help='Metadata in space-separated key=value pairs.')
- c.argument('management_group', arg_type=management_group_name_type)
- c.argument('subscription', arg_type=subscription_type)
- c.ignore('_subscription') # disable global subscription
+ # c.argument('management_group', arg_type=management_group_name_type)
+ # c.argument('subscription', arg_type=subscription_type)
+ # c.ignore('_subscription') # disable global subscription
- with self.argument_context('policy set-definition create', min_api='2017-06-01-preview', resource_type=ResourceType.MGMT_RESOURCE_POLICY) as c:
- c.argument('name', options_list=['--name', '-n'], help='Name of the new policy set definition.')
+ # with self.argument_context('policy set-definition create', min_api='2017-06-01-preview', resource_type=ResourceType.MGMT_RESOURCE_POLICY) as c:
+ # c.argument('name', options_list=['--name', '-n'], help='Name of the new policy set definition.')
with self.argument_context('policy exemption', min_api='2020-09-01', resource_type=ResourceType.MGMT_RESOURCE_POLICY) as c:
- c.ignore('_subscription')
- c.argument('name', options_list=['--name', '-n'], completer=get_policy_exemption_completion_list, help='Name of the policy exemption.')
- c.argument('scope', help='Scope to which this policy exemption applies.')
- c.argument('disable_scope_strict_match', options_list=['--disable-scope-strict-match', '-i'], action='store_true', help='Include policy exemptions either inherited from parent scope or at child scope.')
- c.argument('display_name', help='Display name of the policy exemption.')
- c.argument('description', help='Description of policy exemption.')
- c.argument('exemption_category', options_list=['--exemption-category', '-e'], help='The policy exemption category of the policy exemption', arg_type=get_enum_type(ExemptionCategory))
- c.argument('policy_definition_reference_ids', nargs='+', options_list=['--policy-definition-reference-ids', '-r'], help='The policy definition reference ids to exempt in the initiative (policy set).')
- c.argument('expires_on', help='The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption.')
+ # c.ignore('_subscription')
+ # c.argument('name', options_list=['--name', '-n'], completer=get_policy_exemption_completion_list, help='Name of the policy exemption.')
+ # c.argument('scope', help='Scope to which this policy exemption applies.')
+ # c.argument('disable_scope_strict_match', options_list=['--disable-scope-strict-match', '-i'], action='store_true', help='Include policy exemptions either inherited from parent scope or at child scope.')
+ # c.argument('display_name', help='Display name of the policy exemption.')
+ # c.argument('description', help='Description of policy exemption.')
+ # c.argument('exemption_category', options_list=['--exemption-category', '-e'], help='The policy exemption category of the policy exemption', arg_type=get_enum_type(ExemptionCategory))
+ # c.argument('policy_definition_reference_ids', nargs='+', options_list=['--policy-definition-reference-ids', '-r'], help='The policy definition reference ids to exempt in the initiative (policy set).')
+ # c.argument('expires_on', help='The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption.')
c.argument('metadata', nargs='+', validator=validate_metadata, help='Metadata in space-separated key=value pairs.')
- with self.argument_context('policy exemption create', min_api='2020-09-01', resource_type=ResourceType.MGMT_RESOURCE_POLICY) as c:
- c.argument('name', options_list=['--name', '-n'], help='Name of the new policy exemption.')
- c.argument('policy_assignment', options_list=['--policy-assignment', '-a'], help='The referenced policy assignment Id for the policy exemption.')
+ # with self.argument_context('policy exemption create', min_api='2020-09-01', resource_type=ResourceType.MGMT_RESOURCE_POLICY) as c:
+ # c.argument('name', options_list=['--name', '-n'], help='Name of the new policy exemption.')
+ # c.argument('policy_assignment', options_list=['--policy-assignment', '-a'], help='The referenced policy assignment Id for the policy exemption.')
with self.argument_context('group') as c:
c.argument('tag', tag_type)
diff --git a/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/account/_list_locations.py b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/account/_list_locations.py
index 7411f97276e..5254de18aa2 100644
--- a/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/account/_list_locations.py
+++ b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/account/_list_locations.py
@@ -19,9 +19,9 @@ class ListLocations(AAZCommand):
"""
_aaz_info = {
- "version": "2022-12-01",
+ "version": "2016-06-01",
"resources": [
- ["mgmt-plane", "/subscriptions/{}/locations", "2022-12-01"],
+ ["mgmt-plane", "/subscriptions/{}/locations", "2016-06-01"],
]
}
@@ -39,12 +39,6 @@ def _build_arguments_schema(cls, *args, **kwargs):
cls._args_schema = super()._build_arguments_schema(*args, **kwargs)
# define Arg Group ""
-
- _args_schema = cls._args_schema
- _args_schema.include_extended_locations = AAZBoolArg(
- options=["--include-extended-locations"],
- help="Whether to include extended locations.",
- )
return cls._args_schema
def _execute_operations(self):
@@ -104,10 +98,7 @@ def url_parameters(self):
def query_parameters(self):
parameters = {
**self.serialize_query_param(
- "includeExtendedLocations", self.ctx.args.include_extended_locations,
- ),
- **self.serialize_query_param(
- "api-version", "2022-12-01",
+ "api-version", "2016-06-01",
required=True,
),
}
@@ -146,9 +137,6 @@ def _build_schema_on_200(cls):
value.Element = AAZObjectType()
_element = cls._schema_on_200.value.Element
- _element.availability_zone_mappings = AAZListType(
- serialized_name="availabilityZoneMappings",
- )
_element.display_name = AAZStrType(
serialized_name="displayName",
flags={"read_only": True},
@@ -156,74 +144,10 @@ def _build_schema_on_200(cls):
_element.id = AAZStrType(
flags={"read_only": True},
)
- _element.metadata = AAZObjectType()
- _element.name = AAZStrType(
- flags={"read_only": True},
- )
- _element.regional_display_name = AAZStrType(
- serialized_name="regionalDisplayName",
- flags={"read_only": True},
- )
- _element.subscription_id = AAZStrType(
- serialized_name="subscriptionId",
- flags={"read_only": True},
- )
- _element.type = AAZStrType(
- flags={"read_only": True},
- )
-
- availability_zone_mappings = cls._schema_on_200.value.Element.availability_zone_mappings
- availability_zone_mappings.Element = AAZObjectType()
-
- _element = cls._schema_on_200.value.Element.availability_zone_mappings.Element
- _element.logical_zone = AAZStrType(
- serialized_name="logicalZone",
- flags={"read_only": True},
- )
- _element.physical_zone = AAZStrType(
- serialized_name="physicalZone",
- flags={"read_only": True},
- )
-
- metadata = cls._schema_on_200.value.Element.metadata
- metadata.geography = AAZStrType(
- flags={"read_only": True},
- )
- metadata.geography_group = AAZStrType(
- serialized_name="geographyGroup",
- flags={"read_only": True},
- )
- metadata.home_location = AAZStrType(
- serialized_name="homeLocation",
- flags={"read_only": True},
- )
- metadata.latitude = AAZStrType(
- flags={"read_only": True},
- )
- metadata.longitude = AAZStrType(
+ _element.latitude = AAZStrType(
flags={"read_only": True},
)
- metadata.paired_region = AAZListType(
- serialized_name="pairedRegion",
- )
- metadata.physical_location = AAZStrType(
- serialized_name="physicalLocation",
- flags={"read_only": True},
- )
- metadata.region_category = AAZStrType(
- serialized_name="regionCategory",
- flags={"read_only": True},
- )
- metadata.region_type = AAZStrType(
- serialized_name="regionType",
- flags={"read_only": True},
- )
-
- paired_region = cls._schema_on_200.value.Element.metadata.paired_region
- paired_region.Element = AAZObjectType()
-
- _element = cls._schema_on_200.value.Element.metadata.paired_region.Element
- _element.id = AAZStrType(
+ _element.longitude = AAZStrType(
flags={"read_only": True},
)
_element.name = AAZStrType(
diff --git a/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/__cmd_group.py b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/__cmd_group.py
new file mode 100644
index 00000000000..fcdb3750847
--- /dev/null
+++ b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/__cmd_group.py
@@ -0,0 +1,22 @@
+# --------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for license information.
+#
+# Code generated by aaz-dev-tools
+# --------------------------------------------------------------------------------------------
+
+# pylint: skip-file
+# flake8: noqa
+
+from azure.cli.core.aaz import *
+
+
+class __CMDGroup(AAZCommandGroup):
+ """Manage resources defined and used by the Azure Policy service.
+
+ Azure Policy is an Azure service that offers APIs to manage Azure resources in a rule-based declarative way. The policy command group provides create, update, show and list commands for managing policy definitions, policy set definitions (also called policy initiatives), policy assignments, and policy exemptions.
+ """
+ pass
+
+
+__all__ = ["__CMDGroup"]
diff --git a/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/__init__.py b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/__init__.py
new file mode 100644
index 00000000000..5a9d61963d6
--- /dev/null
+++ b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/__init__.py
@@ -0,0 +1,11 @@
+# --------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for license information.
+#
+# Code generated by aaz-dev-tools
+# --------------------------------------------------------------------------------------------
+
+# pylint: skip-file
+# flake8: noqa
+
+from .__cmd_group import *
diff --git a/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/assignment/__cmd_group.py b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/assignment/__cmd_group.py
new file mode 100644
index 00000000000..991cd4ecf19
--- /dev/null
+++ b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/assignment/__cmd_group.py
@@ -0,0 +1,22 @@
+# --------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for license information.
+#
+# Code generated by aaz-dev-tools
+# --------------------------------------------------------------------------------------------
+
+# pylint: skip-file
+# flake8: noqa
+
+from azure.cli.core.aaz import *
+
+
+class __CMDGroup(AAZCommandGroup):
+ """Manage policy assignments.
+
+ Manage policy assignments, which are used to apply a policy definition or policy set definition to a given resource scope.
+ """
+ pass
+
+
+__all__ = ["__CMDGroup"]
diff --git a/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/assignment/__init__.py b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/assignment/__init__.py
new file mode 100644
index 00000000000..9752cfd8cf3
--- /dev/null
+++ b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/assignment/__init__.py
@@ -0,0 +1,17 @@
+# --------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for license information.
+#
+# Code generated by aaz-dev-tools
+# --------------------------------------------------------------------------------------------
+
+# pylint: skip-file
+# flake8: noqa
+
+from .__cmd_group import *
+from ._create import *
+from ._delete import *
+from ._list import *
+from ._list_untitled1 import *
+from ._show import *
+from ._update import *
diff --git a/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/assignment/_create.py b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/assignment/_create.py
new file mode 100644
index 00000000000..77b4fdb7fdb
--- /dev/null
+++ b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/assignment/_create.py
@@ -0,0 +1,657 @@
+# --------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for license information.
+#
+# Code generated by aaz-dev-tools
+# --------------------------------------------------------------------------------------------
+
+# pylint: skip-file
+# flake8: noqa
+
+from azure.cli.core.aaz import *
+
+
+class Create(AAZCommand):
+ """Create This operation creates or updates a policy assignment with the given scope and name. Policy assignments apply to all resources contained within their scope. For example, when you assign a policy at resource group scope, that policy applies to all resources in the group.
+ """
+
+ _aaz_info = {
+ "version": "2024-05-01",
+ "resources": [
+ ["mgmt-plane", "/{scope}/providers/microsoft.authorization/policyassignments/{}", "2024-05-01"],
+ ]
+ }
+
+ def _handler(self, command_args):
+ super()._handler(command_args)
+ self._execute_operations()
+ return self._output()
+
+ _args_schema = None
+
+ @classmethod
+ def _build_arguments_schema(cls, *args, **kwargs):
+ if cls._args_schema is not None:
+ return cls._args_schema
+ cls._args_schema = super()._build_arguments_schema(*args, **kwargs)
+
+ # define Arg Group ""
+
+ _args_schema = cls._args_schema
+ _args_schema.name = AAZStrArg(
+ options=["-n", "--name"],
+ help="The name of the policy assignment.",
+ required=True,
+ fmt=AAZStrArgFormat(
+ pattern="^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$",
+ ),
+ )
+ _args_schema.scope = AAZStrArg(
+ options=["--scope"],
+ help="The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'",
+ required=True,
+ )
+
+ # define Arg Group "Identity"
+
+ _args_schema = cls._args_schema
+ _args_schema.mi_system_assigned = AAZStrArg(
+ options=["--system-assigned", "--mi-system-assigned"],
+ arg_group="Identity",
+ help="Set the system managed identity.",
+ blank="True",
+ )
+ _args_schema.mi_user_assigned = AAZListArg(
+ options=["--user-assigned", "--mi-user-assigned"],
+ arg_group="Identity",
+ help="Set the user managed identities.",
+ blank=[],
+ )
+
+ mi_user_assigned = cls._args_schema.mi_user_assigned
+ mi_user_assigned.Element = AAZStrArg()
+
+ # define Arg Group "Parameters"
+
+ _args_schema = cls._args_schema
+ _args_schema.location = AAZResourceLocationArg(
+ arg_group="Parameters",
+ help="The location of the policy assignment. Only required when utilizing managed identity.",
+ )
+
+ # define Arg Group "Properties"
+
+ _args_schema = cls._args_schema
+ _args_schema.assignment_type = AAZStrArg(
+ options=["--assignment-type"],
+ arg_group="Properties",
+ help="The type of policy assignment. Possible values are NotSpecified, System, SystemHidden, and Custom. Immutable.",
+ enum={"Custom": "Custom", "NotSpecified": "NotSpecified", "System": "System", "SystemHidden": "SystemHidden"},
+ )
+ _args_schema.definition_version = AAZStrArg(
+ options=["--definition-version"],
+ arg_group="Properties",
+ help="The version of the policy definition to use.",
+ )
+ _args_schema.description = AAZStrArg(
+ options=["--description"],
+ arg_group="Properties",
+ help="This message will be part of response in case of policy violation.",
+ )
+ _args_schema.display_name = AAZStrArg(
+ options=["--display-name"],
+ arg_group="Properties",
+ help="The display name of the policy assignment.",
+ )
+ _args_schema.enforcement_mode = AAZStrArg(
+ options=["-e", "--enforcement-mode"],
+ arg_group="Properties",
+ help="The policy assignment enforcement mode. Possible values are Default and DoNotEnforce.",
+ default="Default",
+ enum={"Default": "Default", "DoNotEnforce": "DoNotEnforce"},
+ )
+ _args_schema.metadata = AAZDictArg(
+ options=["--metadata"],
+ arg_group="Properties",
+ help="The policy assignment metadata. Metadata is an open ended object and is typically a collection of key value pairs.",
+ )
+ _args_schema.non_compliance_messages = AAZListArg(
+ options=["--non-compliance-messages"],
+ arg_group="Properties",
+ help="The messages that describe why a resource is non-compliant with the policy.",
+ )
+ _args_schema.not_scopes = AAZListArg(
+ options=["--not-scopes"],
+ arg_group="Properties",
+ help="The policy's excluded scopes.",
+ )
+ _args_schema.overrides = AAZListArg(
+ options=["--overrides"],
+ arg_group="Properties",
+ help="The policy property value override.",
+ )
+ _args_schema.params = AAZDictArg(
+ options=["-p", "--params"],
+ arg_group="Properties",
+ help="The parameter values for the assigned policy rule. The keys are the parameter names.",
+ )
+ _args_schema.policy_set_definition = AAZStrArg(
+ options=["-d", "--policy", "--policy-set-definition"],
+ arg_group="Properties",
+ help="The ID of the policy definition or policy set definition being assigned.",
+ )
+ _args_schema.resource_selectors = AAZListArg(
+ options=["--resource-selectors"],
+ arg_group="Properties",
+ help="The resource selector list to filter policies by resource properties.",
+ )
+
+ metadata = cls._args_schema.metadata
+ metadata.Element = AAZAnyTypeArg()
+
+ non_compliance_messages = cls._args_schema.non_compliance_messages
+ non_compliance_messages.Element = AAZObjectArg()
+
+ _element = cls._args_schema.non_compliance_messages.Element
+ _element.message = AAZStrArg(
+ options=["message"],
+ help="A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results.",
+ required=True,
+ )
+ _element.policy_definition_reference_id = AAZStrArg(
+ options=["policy-definition-reference-id"],
+ help="The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment.",
+ )
+
+ not_scopes = cls._args_schema.not_scopes
+ not_scopes.Element = AAZStrArg()
+
+ overrides = cls._args_schema.overrides
+ overrides.Element = AAZObjectArg()
+
+ _element = cls._args_schema.overrides.Element
+ _element.kind = AAZStrArg(
+ options=["kind"],
+ help="The override kind.",
+ enum={"definitionVersion": "definitionVersion", "policyEffect": "policyEffect"},
+ )
+ _element.selectors = AAZListArg(
+ options=["selectors"],
+ help="The list of the selector expressions.",
+ )
+ _element.value = AAZStrArg(
+ options=["value"],
+ help="The value to override the policy property.",
+ )
+
+ selectors = cls._args_schema.overrides.Element.selectors
+ selectors.Element = AAZObjectArg()
+ cls._build_args_selector_create(selectors.Element)
+
+ params = cls._args_schema.params
+ params.Element = AAZObjectArg()
+
+ _element = cls._args_schema.params.Element
+ _element.value = AAZDictArg(
+ options=["value"],
+ help="The value of the parameter.",
+ )
+
+ value = cls._args_schema.params.Element.value
+ value.Element = AAZAnyTypeArg()
+
+ resource_selectors = cls._args_schema.resource_selectors
+ resource_selectors.Element = AAZObjectArg()
+
+ _element = cls._args_schema.resource_selectors.Element
+ _element.name = AAZStrArg(
+ options=["name"],
+ help="The name of the resource selector.",
+ )
+ _element.selectors = AAZListArg(
+ options=["selectors"],
+ help="The list of the selector expressions.",
+ )
+
+ selectors = cls._args_schema.resource_selectors.Element.selectors
+ selectors.Element = AAZObjectArg()
+ cls._build_args_selector_create(selectors.Element)
+ return cls._args_schema
+
+ _args_selector_create = None
+
+ @classmethod
+ def _build_args_selector_create(cls, _schema):
+ if cls._args_selector_create is not None:
+ _schema.in_ = cls._args_selector_create.in_
+ _schema.kind = cls._args_selector_create.kind
+ _schema.not_in = cls._args_selector_create.not_in
+ return
+
+ cls._args_selector_create = AAZObjectArg()
+
+ selector_create = cls._args_selector_create
+ selector_create.in_ = AAZListArg(
+ options=["in"],
+ help="The list of values to filter in.",
+ )
+ selector_create.kind = AAZStrArg(
+ options=["kind"],
+ help="The selector kind.",
+ enum={"policyDefinitionReferenceId": "policyDefinitionReferenceId", "resourceLocation": "resourceLocation", "resourceType": "resourceType", "resourceWithoutLocation": "resourceWithoutLocation"},
+ )
+ selector_create.not_in = AAZListArg(
+ options=["not-in"],
+ help="The list of values to filter out.",
+ )
+
+ in_ = cls._args_selector_create.in_
+ in_.Element = AAZStrArg()
+
+ not_in = cls._args_selector_create.not_in
+ not_in.Element = AAZStrArg()
+
+ _schema.in_ = cls._args_selector_create.in_
+ _schema.kind = cls._args_selector_create.kind
+ _schema.not_in = cls._args_selector_create.not_in
+
+ def _execute_operations(self):
+ self.pre_operations()
+ self.PolicyAssignmentsCreate(ctx=self.ctx)()
+ self.post_operations()
+
+ @register_callback
+ def pre_operations(self):
+ pass
+
+ @register_callback
+ def post_operations(self):
+ pass
+
+ def _output(self, *args, **kwargs):
+ result = self.deserialize_output(self.ctx.vars.instance, client_flatten=True)
+ return result
+
+ class PolicyAssignmentsCreate(AAZHttpOperation):
+ CLIENT_TYPE = "MgmtClient"
+
+ def __call__(self, *args, **kwargs):
+ request = self.make_request()
+ session = self.client.send_request(request=request, stream=False, **kwargs)
+ if session.http_response.status_code in [201]:
+ return self.on_201(session)
+
+ return self.on_error(session.http_response)
+
+ @property
+ def url(self):
+ return self.client.format_url(
+ "/{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}",
+ **self.url_parameters
+ )
+
+ @property
+ def method(self):
+ return "PUT"
+
+ @property
+ def error_format(self):
+ return "MgmtErrorFormat"
+
+ @property
+ def url_parameters(self):
+ parameters = {
+ **self.serialize_url_param(
+ "policyAssignmentName", self.ctx.args.name,
+ required=True,
+ ),
+ **self.serialize_url_param(
+ "scope", self.ctx.args.scope,
+ skip_quote=True,
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def query_parameters(self):
+ parameters = {
+ **self.serialize_query_param(
+ "api-version", "2024-05-01",
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def header_parameters(self):
+ parameters = {
+ **self.serialize_header_param(
+ "Content-Type", "application/json",
+ ),
+ **self.serialize_header_param(
+ "Accept", "application/json",
+ ),
+ }
+ return parameters
+
+ @property
+ def content(self):
+ _content_value, _builder = self.new_content_builder(
+ self.ctx.args,
+ typ=AAZObjectType,
+ typ_kwargs={"flags": {"required": True, "client_flatten": True}}
+ )
+ _builder.set_prop("identity", AAZIdentityObjectType)
+ _builder.set_prop("location", AAZStrType, ".location")
+ _builder.set_prop("properties", AAZObjectType, typ_kwargs={"flags": {"client_flatten": True}})
+
+ identity = _builder.get(".identity")
+ if identity is not None:
+ identity.set_prop("userAssigned", AAZListType, ".mi_user_assigned", typ_kwargs={"flags": {"action": "create"}})
+ identity.set_prop("systemAssigned", AAZStrType, ".mi_system_assigned", typ_kwargs={"flags": {"action": "create"}})
+
+ user_assigned = _builder.get(".identity.userAssigned")
+ if user_assigned is not None:
+ user_assigned.set_elements(AAZStrType, ".")
+
+ properties = _builder.get(".properties")
+ if properties is not None:
+ properties.set_prop("assignmentType", AAZStrType, ".assignment_type")
+ properties.set_prop("definitionVersion", AAZStrType, ".definition_version")
+ properties.set_prop("description", AAZStrType, ".description")
+ properties.set_prop("displayName", AAZStrType, ".display_name")
+ properties.set_prop("enforcementMode", AAZStrType, ".enforcement_mode")
+ properties.set_prop("metadata", AAZDictType, ".metadata")
+ properties.set_prop("nonComplianceMessages", AAZListType, ".non_compliance_messages")
+ properties.set_prop("notScopes", AAZListType, ".not_scopes")
+ properties.set_prop("overrides", AAZListType, ".overrides")
+ properties.set_prop("parameters", AAZDictType, ".params")
+ properties.set_prop("policyDefinitionId", AAZStrType, ".policy_set_definition")
+ properties.set_prop("resourceSelectors", AAZListType, ".resource_selectors")
+
+ metadata = _builder.get(".properties.metadata")
+ if metadata is not None:
+ metadata.set_elements(AAZAnyType, ".")
+
+ non_compliance_messages = _builder.get(".properties.nonComplianceMessages")
+ if non_compliance_messages is not None:
+ non_compliance_messages.set_elements(AAZObjectType, ".")
+
+ _elements = _builder.get(".properties.nonComplianceMessages[]")
+ if _elements is not None:
+ _elements.set_prop("message", AAZStrType, ".message", typ_kwargs={"flags": {"required": True}})
+ _elements.set_prop("policyDefinitionReferenceId", AAZStrType, ".policy_definition_reference_id")
+
+ not_scopes = _builder.get(".properties.notScopes")
+ if not_scopes is not None:
+ not_scopes.set_elements(AAZStrType, ".")
+
+ overrides = _builder.get(".properties.overrides")
+ if overrides is not None:
+ overrides.set_elements(AAZObjectType, ".")
+
+ _elements = _builder.get(".properties.overrides[]")
+ if _elements is not None:
+ _elements.set_prop("kind", AAZStrType, ".kind")
+ _elements.set_prop("selectors", AAZListType, ".selectors")
+ _elements.set_prop("value", AAZStrType, ".value")
+
+ selectors = _builder.get(".properties.overrides[].selectors")
+ if selectors is not None:
+ _CreateHelper._build_schema_selector_create(selectors.set_elements(AAZObjectType, "."))
+
+ parameters = _builder.get(".properties.parameters")
+ if parameters is not None:
+ parameters.set_elements(AAZObjectType, ".")
+
+ _elements = _builder.get(".properties.parameters{}")
+ if _elements is not None:
+ _elements.set_prop("value", AAZDictType, ".value")
+
+ value = _builder.get(".properties.parameters{}.value")
+ if value is not None:
+ value.set_elements(AAZAnyType, ".")
+
+ resource_selectors = _builder.get(".properties.resourceSelectors")
+ if resource_selectors is not None:
+ resource_selectors.set_elements(AAZObjectType, ".")
+
+ _elements = _builder.get(".properties.resourceSelectors[]")
+ if _elements is not None:
+ _elements.set_prop("name", AAZStrType, ".name")
+ _elements.set_prop("selectors", AAZListType, ".selectors")
+
+ selectors = _builder.get(".properties.resourceSelectors[].selectors")
+ if selectors is not None:
+ _CreateHelper._build_schema_selector_create(selectors.set_elements(AAZObjectType, "."))
+
+ return self.serialize_content(_content_value)
+
+ def on_201(self, session):
+ data = self.deserialize_http_content(session)
+ self.ctx.set_var(
+ "instance",
+ data,
+ schema_builder=self._build_schema_on_201
+ )
+
+ _schema_on_201 = None
+
+ @classmethod
+ def _build_schema_on_201(cls):
+ if cls._schema_on_201 is not None:
+ return cls._schema_on_201
+
+ cls._schema_on_201 = AAZObjectType()
+
+ _schema_on_201 = cls._schema_on_201
+ _schema_on_201.id = AAZStrType(
+ flags={"read_only": True},
+ )
+ _schema_on_201.identity = AAZIdentityObjectType()
+ _schema_on_201.location = AAZStrType()
+ _schema_on_201.name = AAZStrType(
+ flags={"read_only": True},
+ )
+ _schema_on_201.properties = AAZObjectType(
+ flags={"client_flatten": True},
+ )
+ _schema_on_201.system_data = AAZObjectType(
+ serialized_name="systemData",
+ flags={"read_only": True},
+ )
+ _schema_on_201.type = AAZStrType(
+ flags={"read_only": True},
+ )
+
+ identity = cls._schema_on_201.identity
+ identity.principal_id = AAZStrType(
+ serialized_name="principalId",
+ flags={"read_only": True},
+ )
+ identity.tenant_id = AAZStrType(
+ serialized_name="tenantId",
+ flags={"read_only": True},
+ )
+ identity.type = AAZStrType()
+ identity.user_assigned_identities = AAZDictType(
+ serialized_name="userAssignedIdentities",
+ )
+
+ user_assigned_identities = cls._schema_on_201.identity.user_assigned_identities
+ user_assigned_identities.Element = AAZObjectType()
+
+ _element = cls._schema_on_201.identity.user_assigned_identities.Element
+ _element.client_id = AAZStrType(
+ serialized_name="clientId",
+ flags={"read_only": True},
+ )
+ _element.principal_id = AAZStrType(
+ serialized_name="principalId",
+ flags={"read_only": True},
+ )
+
+ properties = cls._schema_on_201.properties
+ properties.assignment_type = AAZStrType(
+ serialized_name="assignmentType",
+ )
+ properties.definition_version = AAZStrType(
+ serialized_name="definitionVersion",
+ )
+ properties.description = AAZStrType()
+ properties.display_name = AAZStrType(
+ serialized_name="displayName",
+ )
+ properties.effective_definition_version = AAZStrType(
+ serialized_name="effectiveDefinitionVersion",
+ flags={"read_only": True},
+ )
+ properties.enforcement_mode = AAZStrType(
+ serialized_name="enforcementMode",
+ )
+ properties.latest_definition_version = AAZStrType(
+ serialized_name="latestDefinitionVersion",
+ flags={"read_only": True},
+ )
+ properties.metadata = AAZDictType()
+ properties.non_compliance_messages = AAZListType(
+ serialized_name="nonComplianceMessages",
+ )
+ properties.not_scopes = AAZListType(
+ serialized_name="notScopes",
+ )
+ properties.overrides = AAZListType()
+ properties.parameters = AAZDictType()
+ properties.policy_definition_id = AAZStrType(
+ serialized_name="policyDefinitionId",
+ )
+ properties.resource_selectors = AAZListType(
+ serialized_name="resourceSelectors",
+ )
+ properties.scope = AAZStrType(
+ flags={"read_only": True},
+ )
+
+ metadata = cls._schema_on_201.properties.metadata
+ metadata.Element = AAZAnyType()
+
+ non_compliance_messages = cls._schema_on_201.properties.non_compliance_messages
+ non_compliance_messages.Element = AAZObjectType()
+
+ _element = cls._schema_on_201.properties.non_compliance_messages.Element
+ _element.message = AAZStrType(
+ flags={"required": True},
+ )
+ _element.policy_definition_reference_id = AAZStrType(
+ serialized_name="policyDefinitionReferenceId",
+ )
+
+ not_scopes = cls._schema_on_201.properties.not_scopes
+ not_scopes.Element = AAZStrType()
+
+ overrides = cls._schema_on_201.properties.overrides
+ overrides.Element = AAZObjectType()
+
+ _element = cls._schema_on_201.properties.overrides.Element
+ _element.kind = AAZStrType()
+ _element.selectors = AAZListType()
+ _element.value = AAZStrType()
+
+ selectors = cls._schema_on_201.properties.overrides.Element.selectors
+ selectors.Element = AAZObjectType()
+ _CreateHelper._build_schema_selector_read(selectors.Element)
+
+ parameters = cls._schema_on_201.properties.parameters
+ parameters.Element = AAZObjectType()
+
+ _element = cls._schema_on_201.properties.parameters.Element
+ _element.value = AAZDictType()
+
+ value = cls._schema_on_201.properties.parameters.Element.value
+ value.Element = AAZAnyType()
+
+ resource_selectors = cls._schema_on_201.properties.resource_selectors
+ resource_selectors.Element = AAZObjectType()
+
+ _element = cls._schema_on_201.properties.resource_selectors.Element
+ _element.name = AAZStrType()
+ _element.selectors = AAZListType()
+
+ selectors = cls._schema_on_201.properties.resource_selectors.Element.selectors
+ selectors.Element = AAZObjectType()
+ _CreateHelper._build_schema_selector_read(selectors.Element)
+
+ system_data = cls._schema_on_201.system_data
+ system_data.created_at = AAZStrType(
+ serialized_name="createdAt",
+ )
+ system_data.created_by = AAZStrType(
+ serialized_name="createdBy",
+ )
+ system_data.created_by_type = AAZStrType(
+ serialized_name="createdByType",
+ )
+ system_data.last_modified_at = AAZStrType(
+ serialized_name="lastModifiedAt",
+ )
+ system_data.last_modified_by = AAZStrType(
+ serialized_name="lastModifiedBy",
+ )
+ system_data.last_modified_by_type = AAZStrType(
+ serialized_name="lastModifiedByType",
+ )
+
+ return cls._schema_on_201
+
+
+class _CreateHelper:
+ """Helper class for Create"""
+
+ @classmethod
+ def _build_schema_selector_create(cls, _builder):
+ if _builder is None:
+ return
+ _builder.set_prop("in", AAZListType, ".in_")
+ _builder.set_prop("kind", AAZStrType, ".kind")
+ _builder.set_prop("notIn", AAZListType, ".not_in")
+
+ in_ = _builder.get(".in")
+ if in_ is not None:
+ in_.set_elements(AAZStrType, ".")
+
+ not_in = _builder.get(".notIn")
+ if not_in is not None:
+ not_in.set_elements(AAZStrType, ".")
+
+ _schema_selector_read = None
+
+ @classmethod
+ def _build_schema_selector_read(cls, _schema):
+ if cls._schema_selector_read is not None:
+ _schema["in"] = cls._schema_selector_read["in"]
+ _schema.kind = cls._schema_selector_read.kind
+ _schema.not_in = cls._schema_selector_read.not_in
+ return
+
+ cls._schema_selector_read = _schema_selector_read = AAZObjectType()
+
+ selector_read = _schema_selector_read
+ selector_read["in"] = AAZListType()
+ selector_read.kind = AAZStrType()
+ selector_read.not_in = AAZListType(
+ serialized_name="notIn",
+ )
+
+ in_ = _schema_selector_read["in"]
+ in_.Element = AAZStrType()
+
+ not_in = _schema_selector_read.not_in
+ not_in.Element = AAZStrType()
+
+ _schema["in"] = cls._schema_selector_read["in"]
+ _schema.kind = cls._schema_selector_read.kind
+ _schema.not_in = cls._schema_selector_read.not_in
+
+
+__all__ = ["Create"]
diff --git a/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/assignment/_delete.py b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/assignment/_delete.py
new file mode 100644
index 00000000000..0d346cf77b8
--- /dev/null
+++ b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/assignment/_delete.py
@@ -0,0 +1,344 @@
+# --------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for license information.
+#
+# Code generated by aaz-dev-tools
+# --------------------------------------------------------------------------------------------
+
+# pylint: skip-file
+# flake8: noqa
+
+from azure.cli.core.aaz import *
+
+
+class Delete(AAZCommand):
+ """Delete operation deletes a policy assignment, given its name and the scope it was created in. The scope of a policy assignment is the part of its ID preceding '/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'.
+ """
+
+ _aaz_info = {
+ "version": "2024-05-01",
+ "resources": [
+ ["mgmt-plane", "/{scope}/providers/microsoft.authorization/policyassignments/{}", "2024-05-01"],
+ ]
+ }
+
+ def _handler(self, command_args):
+ super()._handler(command_args)
+ self._execute_operations()
+ return None
+
+ _args_schema = None
+
+ @classmethod
+ def _build_arguments_schema(cls, *args, **kwargs):
+ if cls._args_schema is not None:
+ return cls._args_schema
+ cls._args_schema = super()._build_arguments_schema(*args, **kwargs)
+
+ # define Arg Group ""
+
+ _args_schema = cls._args_schema
+ _args_schema.name = AAZStrArg(
+ options=["-n", "--name"],
+ help="The name of the policy assignment.",
+ required=True,
+ fmt=AAZStrArgFormat(
+ pattern="^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$",
+ ),
+ )
+ _args_schema.scope = AAZStrArg(
+ options=["--scope"],
+ help="The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'",
+ required=True,
+ )
+ return cls._args_schema
+
+ def _execute_operations(self):
+ self.pre_operations()
+ self.PolicyAssignmentsDelete(ctx=self.ctx)()
+ self.post_operations()
+
+ @register_callback
+ def pre_operations(self):
+ pass
+
+ @register_callback
+ def post_operations(self):
+ pass
+
+ class PolicyAssignmentsDelete(AAZHttpOperation):
+ CLIENT_TYPE = "MgmtClient"
+
+ def __call__(self, *args, **kwargs):
+ request = self.make_request()
+ session = self.client.send_request(request=request, stream=False, **kwargs)
+ if session.http_response.status_code in [200]:
+ return self.on_200(session)
+ if session.http_response.status_code in [204]:
+ return self.on_204(session)
+
+ return self.on_error(session.http_response)
+
+ @property
+ def url(self):
+ return self.client.format_url(
+ "/{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}",
+ **self.url_parameters
+ )
+
+ @property
+ def method(self):
+ return "DELETE"
+
+ @property
+ def error_format(self):
+ return "MgmtErrorFormat"
+
+ @property
+ def url_parameters(self):
+ parameters = {
+ **self.serialize_url_param(
+ "policyAssignmentName", self.ctx.args.name,
+ required=True,
+ ),
+ **self.serialize_url_param(
+ "scope", self.ctx.args.scope,
+ skip_quote=True,
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def query_parameters(self):
+ parameters = {
+ **self.serialize_query_param(
+ "api-version", "2024-05-01",
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def header_parameters(self):
+ parameters = {
+ **self.serialize_header_param(
+ "Accept", "application/json",
+ ),
+ }
+ return parameters
+
+ def on_200(self, session):
+ data = self.deserialize_http_content(session)
+ self.ctx.set_var(
+ "instance",
+ data,
+ schema_builder=self._build_schema_on_200
+ )
+
+ _schema_on_200 = None
+
+ @classmethod
+ def _build_schema_on_200(cls):
+ if cls._schema_on_200 is not None:
+ return cls._schema_on_200
+
+ cls._schema_on_200 = AAZObjectType()
+
+ _schema_on_200 = cls._schema_on_200
+ _schema_on_200.id = AAZStrType(
+ flags={"read_only": True},
+ )
+ _schema_on_200.identity = AAZIdentityObjectType()
+ _schema_on_200.location = AAZStrType()
+ _schema_on_200.name = AAZStrType(
+ flags={"read_only": True},
+ )
+ _schema_on_200.properties = AAZObjectType(
+ flags={"client_flatten": True},
+ )
+ _schema_on_200.system_data = AAZObjectType(
+ serialized_name="systemData",
+ flags={"read_only": True},
+ )
+ _schema_on_200.type = AAZStrType(
+ flags={"read_only": True},
+ )
+
+ identity = cls._schema_on_200.identity
+ identity.principal_id = AAZStrType(
+ serialized_name="principalId",
+ flags={"read_only": True},
+ )
+ identity.tenant_id = AAZStrType(
+ serialized_name="tenantId",
+ flags={"read_only": True},
+ )
+ identity.type = AAZStrType()
+ identity.user_assigned_identities = AAZDictType(
+ serialized_name="userAssignedIdentities",
+ )
+
+ user_assigned_identities = cls._schema_on_200.identity.user_assigned_identities
+ user_assigned_identities.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.identity.user_assigned_identities.Element
+ _element.client_id = AAZStrType(
+ serialized_name="clientId",
+ flags={"read_only": True},
+ )
+ _element.principal_id = AAZStrType(
+ serialized_name="principalId",
+ flags={"read_only": True},
+ )
+
+ properties = cls._schema_on_200.properties
+ properties.assignment_type = AAZStrType(
+ serialized_name="assignmentType",
+ )
+ properties.definition_version = AAZStrType(
+ serialized_name="definitionVersion",
+ )
+ properties.description = AAZStrType()
+ properties.display_name = AAZStrType(
+ serialized_name="displayName",
+ )
+ properties.effective_definition_version = AAZStrType(
+ serialized_name="effectiveDefinitionVersion",
+ flags={"read_only": True},
+ )
+ properties.enforcement_mode = AAZStrType(
+ serialized_name="enforcementMode",
+ )
+ properties.latest_definition_version = AAZStrType(
+ serialized_name="latestDefinitionVersion",
+ flags={"read_only": True},
+ )
+ properties.metadata = AAZDictType()
+ properties.non_compliance_messages = AAZListType(
+ serialized_name="nonComplianceMessages",
+ )
+ properties.not_scopes = AAZListType(
+ serialized_name="notScopes",
+ )
+ properties.overrides = AAZListType()
+ properties.parameters = AAZDictType()
+ properties.policy_definition_id = AAZStrType(
+ serialized_name="policyDefinitionId",
+ )
+ properties.resource_selectors = AAZListType(
+ serialized_name="resourceSelectors",
+ )
+ properties.scope = AAZStrType(
+ flags={"read_only": True},
+ )
+
+ metadata = cls._schema_on_200.properties.metadata
+ metadata.Element = AAZAnyType()
+
+ non_compliance_messages = cls._schema_on_200.properties.non_compliance_messages
+ non_compliance_messages.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.properties.non_compliance_messages.Element
+ _element.message = AAZStrType(
+ flags={"required": True},
+ )
+ _element.policy_definition_reference_id = AAZStrType(
+ serialized_name="policyDefinitionReferenceId",
+ )
+
+ not_scopes = cls._schema_on_200.properties.not_scopes
+ not_scopes.Element = AAZStrType()
+
+ overrides = cls._schema_on_200.properties.overrides
+ overrides.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.properties.overrides.Element
+ _element.kind = AAZStrType()
+ _element.selectors = AAZListType()
+ _element.value = AAZStrType()
+
+ selectors = cls._schema_on_200.properties.overrides.Element.selectors
+ selectors.Element = AAZObjectType()
+ _DeleteHelper._build_schema_selector_read(selectors.Element)
+
+ parameters = cls._schema_on_200.properties.parameters
+ parameters.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.properties.parameters.Element
+ _element.value = AAZDictType()
+
+ value = cls._schema_on_200.properties.parameters.Element.value
+ value.Element = AAZAnyType()
+
+ resource_selectors = cls._schema_on_200.properties.resource_selectors
+ resource_selectors.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.properties.resource_selectors.Element
+ _element.name = AAZStrType()
+ _element.selectors = AAZListType()
+
+ selectors = cls._schema_on_200.properties.resource_selectors.Element.selectors
+ selectors.Element = AAZObjectType()
+ _DeleteHelper._build_schema_selector_read(selectors.Element)
+
+ system_data = cls._schema_on_200.system_data
+ system_data.created_at = AAZStrType(
+ serialized_name="createdAt",
+ )
+ system_data.created_by = AAZStrType(
+ serialized_name="createdBy",
+ )
+ system_data.created_by_type = AAZStrType(
+ serialized_name="createdByType",
+ )
+ system_data.last_modified_at = AAZStrType(
+ serialized_name="lastModifiedAt",
+ )
+ system_data.last_modified_by = AAZStrType(
+ serialized_name="lastModifiedBy",
+ )
+ system_data.last_modified_by_type = AAZStrType(
+ serialized_name="lastModifiedByType",
+ )
+
+ return cls._schema_on_200
+
+ def on_204(self, session):
+ pass
+
+
+class _DeleteHelper:
+ """Helper class for Delete"""
+
+ _schema_selector_read = None
+
+ @classmethod
+ def _build_schema_selector_read(cls, _schema):
+ if cls._schema_selector_read is not None:
+ _schema["in"] = cls._schema_selector_read["in"]
+ _schema.kind = cls._schema_selector_read.kind
+ _schema.not_in = cls._schema_selector_read.not_in
+ return
+
+ cls._schema_selector_read = _schema_selector_read = AAZObjectType()
+
+ selector_read = _schema_selector_read
+ selector_read["in"] = AAZListType()
+ selector_read.kind = AAZStrType()
+ selector_read.not_in = AAZListType(
+ serialized_name="notIn",
+ )
+
+ in_ = _schema_selector_read["in"]
+ in_.Element = AAZStrType()
+
+ not_in = _schema_selector_read.not_in
+ not_in.Element = AAZStrType()
+
+ _schema["in"] = cls._schema_selector_read["in"]
+ _schema.kind = cls._schema_selector_read.kind
+ _schema.not_in = cls._schema_selector_read.not_in
+
+
+__all__ = ["Delete"]
diff --git a/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/assignment/_list.py b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/assignment/_list.py
new file mode 100644
index 00000000000..e4181fb962b
--- /dev/null
+++ b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/assignment/_list.py
@@ -0,0 +1,861 @@
+# --------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for license information.
+#
+# Code generated by aaz-dev-tools
+# --------------------------------------------------------------------------------------------
+
+# pylint: skip-file
+# flake8: noqa
+
+from azure.cli.core.aaz import *
+
+
+class List(AAZCommand):
+ """List operation retrieves the list of all policy assignments applicable to the management group that match the given $filter. Valid values for $filter are: 'atScope()', 'atExactScope()' or 'policyDefinitionId eq '{value}''. If $filter=atScope() is provided, the returned list includes all policy assignments that are assigned to the management group or the management group's ancestors. If $filter=atExactScope() is provided, the returned list only includes all policy assignments that at the management group. If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value} that apply to the management group.
+ """
+
+ _aaz_info = {
+ "version": "2024-05-01",
+ "resources": [
+ ["mgmt-plane", "/providers/microsoft.management/managementgroups/{}/providers/microsoft.authorization/policyassignments", "2024-05-01"],
+ ["mgmt-plane", "/subscriptions/{}/providers/microsoft.authorization/policyassignments", "2024-05-01"],
+ ["mgmt-plane", "/subscriptions/{}/resourcegroups/{}/providers/microsoft.authorization/policyassignments", "2024-05-01"],
+ ]
+ }
+
+ AZ_SUPPORT_PAGINATION = True
+
+ def _handler(self, command_args):
+ super()._handler(command_args)
+ return self.build_paging(self._execute_operations, self._output)
+
+ _args_schema = None
+
+ @classmethod
+ def _build_arguments_schema(cls, *args, **kwargs):
+ if cls._args_schema is not None:
+ return cls._args_schema
+ cls._args_schema = super()._build_arguments_schema(*args, **kwargs)
+
+ # define Arg Group ""
+
+ _args_schema = cls._args_schema
+ _args_schema.management_group = AAZStrArg(
+ options=["--management-group"],
+ help="The ID of the management group.",
+ )
+ _args_schema.resource_group = AAZResourceGroupNameArg()
+ _args_schema.expand = AAZStrArg(
+ options=["--expand"],
+ help="Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'.",
+ )
+ _args_schema.filter = AAZStrArg(
+ options=["--filter"],
+ help="The filter to apply on the operation. Valid values for $filter are: 'atScope()', 'atExactScope()' or 'policyDefinitionId eq '{value}''. If $filter is not provided, no filtering is performed. If $filter=atScope() is provided, the returned list only includes all policy assignments that apply to the scope, which is everything in the unfiltered list except those applied to sub scopes contained within the given scope. If $filter=atExactScope() is provided, the returned list only includes all policy assignments that at the given scope. If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value}.",
+ )
+ return cls._args_schema
+
+ def _execute_operations(self):
+ self.pre_operations()
+ condition_0 = has_value(self.ctx.args.management_group)
+ condition_1 = has_value(self.ctx.subscription_id) and has_value(self.ctx.args.resource_group) is not True
+ condition_2 = has_value(self.ctx.args.resource_group) and has_value(self.ctx.subscription_id)
+ if condition_0:
+ self.PolicyAssignmentsListForManagementGroup(ctx=self.ctx)()
+ if condition_1:
+ self.PolicyAssignmentsList(ctx=self.ctx)()
+ if condition_2:
+ self.PolicyAssignmentsListForResourceGroup(ctx=self.ctx)()
+ self.post_operations()
+
+ @register_callback
+ def pre_operations(self):
+ pass
+
+ @register_callback
+ def post_operations(self):
+ pass
+
+ def _output(self, *args, **kwargs):
+ result = self.deserialize_output(self.ctx.vars.instance.value, client_flatten=True)
+ next_link = self.deserialize_output(self.ctx.vars.instance.next_link)
+ return result, next_link
+
+ class PolicyAssignmentsListForManagementGroup(AAZHttpOperation):
+ CLIENT_TYPE = "MgmtClient"
+
+ def __call__(self, *args, **kwargs):
+ request = self.make_request()
+ session = self.client.send_request(request=request, stream=False, **kwargs)
+ if session.http_response.status_code in [200]:
+ return self.on_200(session)
+
+ return self.on_error(session.http_response)
+
+ @property
+ def url(self):
+ return self.client.format_url(
+ "/providers/Microsoft.Management/managementGroups/{managementGroupId}/providers/Microsoft.Authorization/policyAssignments",
+ **self.url_parameters
+ )
+
+ @property
+ def method(self):
+ return "GET"
+
+ @property
+ def error_format(self):
+ return "MgmtErrorFormat"
+
+ @property
+ def url_parameters(self):
+ parameters = {
+ **self.serialize_url_param(
+ "managementGroupId", self.ctx.args.management_group,
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def query_parameters(self):
+ parameters = {
+ **self.serialize_query_param(
+ "$expand", self.ctx.args.expand,
+ ),
+ **self.serialize_query_param(
+ "$filter", self.ctx.args.filter,
+ ),
+ **self.serialize_query_param(
+ "api-version", "2024-05-01",
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def header_parameters(self):
+ parameters = {
+ **self.serialize_header_param(
+ "Accept", "application/json",
+ ),
+ }
+ return parameters
+
+ def on_200(self, session):
+ data = self.deserialize_http_content(session)
+ self.ctx.set_var(
+ "instance",
+ data,
+ schema_builder=self._build_schema_on_200
+ )
+
+ _schema_on_200 = None
+
+ @classmethod
+ def _build_schema_on_200(cls):
+ if cls._schema_on_200 is not None:
+ return cls._schema_on_200
+
+ cls._schema_on_200 = AAZObjectType()
+
+ _schema_on_200 = cls._schema_on_200
+ _schema_on_200.next_link = AAZStrType(
+ serialized_name="nextLink",
+ )
+ _schema_on_200.value = AAZListType()
+
+ value = cls._schema_on_200.value
+ value.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.value.Element
+ _element.id = AAZStrType(
+ flags={"read_only": True},
+ )
+ _element.identity = AAZIdentityObjectType()
+ _element.location = AAZStrType()
+ _element.name = AAZStrType(
+ flags={"read_only": True},
+ )
+ _element.properties = AAZObjectType(
+ flags={"client_flatten": True},
+ )
+ _element.system_data = AAZObjectType(
+ serialized_name="systemData",
+ flags={"read_only": True},
+ )
+ _element.type = AAZStrType(
+ flags={"read_only": True},
+ )
+
+ identity = cls._schema_on_200.value.Element.identity
+ identity.principal_id = AAZStrType(
+ serialized_name="principalId",
+ flags={"read_only": True},
+ )
+ identity.tenant_id = AAZStrType(
+ serialized_name="tenantId",
+ flags={"read_only": True},
+ )
+ identity.type = AAZStrType()
+ identity.user_assigned_identities = AAZDictType(
+ serialized_name="userAssignedIdentities",
+ )
+
+ user_assigned_identities = cls._schema_on_200.value.Element.identity.user_assigned_identities
+ user_assigned_identities.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.value.Element.identity.user_assigned_identities.Element
+ _element.client_id = AAZStrType(
+ serialized_name="clientId",
+ flags={"read_only": True},
+ )
+ _element.principal_id = AAZStrType(
+ serialized_name="principalId",
+ flags={"read_only": True},
+ )
+
+ properties = cls._schema_on_200.value.Element.properties
+ properties.assignment_type = AAZStrType(
+ serialized_name="assignmentType",
+ )
+ properties.definition_version = AAZStrType(
+ serialized_name="definitionVersion",
+ )
+ properties.description = AAZStrType()
+ properties.display_name = AAZStrType(
+ serialized_name="displayName",
+ )
+ properties.effective_definition_version = AAZStrType(
+ serialized_name="effectiveDefinitionVersion",
+ flags={"read_only": True},
+ )
+ properties.enforcement_mode = AAZStrType(
+ serialized_name="enforcementMode",
+ )
+ properties.latest_definition_version = AAZStrType(
+ serialized_name="latestDefinitionVersion",
+ flags={"read_only": True},
+ )
+ properties.metadata = AAZDictType()
+ properties.non_compliance_messages = AAZListType(
+ serialized_name="nonComplianceMessages",
+ )
+ properties.not_scopes = AAZListType(
+ serialized_name="notScopes",
+ )
+ properties.overrides = AAZListType()
+ properties.parameters = AAZDictType()
+ properties.policy_definition_id = AAZStrType(
+ serialized_name="policyDefinitionId",
+ )
+ properties.resource_selectors = AAZListType(
+ serialized_name="resourceSelectors",
+ )
+ properties.scope = AAZStrType(
+ flags={"read_only": True},
+ )
+
+ metadata = cls._schema_on_200.value.Element.properties.metadata
+ metadata.Element = AAZAnyType()
+
+ non_compliance_messages = cls._schema_on_200.value.Element.properties.non_compliance_messages
+ non_compliance_messages.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.value.Element.properties.non_compliance_messages.Element
+ _element.message = AAZStrType(
+ flags={"required": True},
+ )
+ _element.policy_definition_reference_id = AAZStrType(
+ serialized_name="policyDefinitionReferenceId",
+ )
+
+ not_scopes = cls._schema_on_200.value.Element.properties.not_scopes
+ not_scopes.Element = AAZStrType()
+
+ overrides = cls._schema_on_200.value.Element.properties.overrides
+ overrides.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.value.Element.properties.overrides.Element
+ _element.kind = AAZStrType()
+ _element.selectors = AAZListType()
+ _element.value = AAZStrType()
+
+ selectors = cls._schema_on_200.value.Element.properties.overrides.Element.selectors
+ selectors.Element = AAZObjectType()
+ _ListHelper._build_schema_selector_read(selectors.Element)
+
+ parameters = cls._schema_on_200.value.Element.properties.parameters
+ parameters.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.value.Element.properties.parameters.Element
+ _element.value = AAZDictType()
+
+ value = cls._schema_on_200.value.Element.properties.parameters.Element.value
+ value.Element = AAZAnyType()
+
+ resource_selectors = cls._schema_on_200.value.Element.properties.resource_selectors
+ resource_selectors.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.value.Element.properties.resource_selectors.Element
+ _element.name = AAZStrType()
+ _element.selectors = AAZListType()
+
+ selectors = cls._schema_on_200.value.Element.properties.resource_selectors.Element.selectors
+ selectors.Element = AAZObjectType()
+ _ListHelper._build_schema_selector_read(selectors.Element)
+
+ system_data = cls._schema_on_200.value.Element.system_data
+ system_data.created_at = AAZStrType(
+ serialized_name="createdAt",
+ )
+ system_data.created_by = AAZStrType(
+ serialized_name="createdBy",
+ )
+ system_data.created_by_type = AAZStrType(
+ serialized_name="createdByType",
+ )
+ system_data.last_modified_at = AAZStrType(
+ serialized_name="lastModifiedAt",
+ )
+ system_data.last_modified_by = AAZStrType(
+ serialized_name="lastModifiedBy",
+ )
+ system_data.last_modified_by_type = AAZStrType(
+ serialized_name="lastModifiedByType",
+ )
+
+ return cls._schema_on_200
+
+ class PolicyAssignmentsList(AAZHttpOperation):
+ CLIENT_TYPE = "MgmtClient"
+
+ def __call__(self, *args, **kwargs):
+ request = self.make_request()
+ session = self.client.send_request(request=request, stream=False, **kwargs)
+ if session.http_response.status_code in [200]:
+ return self.on_200(session)
+
+ return self.on_error(session.http_response)
+
+ @property
+ def url(self):
+ return self.client.format_url(
+ "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyAssignments",
+ **self.url_parameters
+ )
+
+ @property
+ def method(self):
+ return "GET"
+
+ @property
+ def error_format(self):
+ return "MgmtErrorFormat"
+
+ @property
+ def url_parameters(self):
+ parameters = {
+ **self.serialize_url_param(
+ "subscriptionId", self.ctx.subscription_id,
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def query_parameters(self):
+ parameters = {
+ **self.serialize_query_param(
+ "$expand", self.ctx.args.expand,
+ ),
+ **self.serialize_query_param(
+ "$filter", self.ctx.args.filter,
+ ),
+ **self.serialize_query_param(
+ "api-version", "2024-05-01",
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def header_parameters(self):
+ parameters = {
+ **self.serialize_header_param(
+ "Accept", "application/json",
+ ),
+ }
+ return parameters
+
+ def on_200(self, session):
+ data = self.deserialize_http_content(session)
+ self.ctx.set_var(
+ "instance",
+ data,
+ schema_builder=self._build_schema_on_200
+ )
+
+ _schema_on_200 = None
+
+ @classmethod
+ def _build_schema_on_200(cls):
+ if cls._schema_on_200 is not None:
+ return cls._schema_on_200
+
+ cls._schema_on_200 = AAZObjectType()
+
+ _schema_on_200 = cls._schema_on_200
+ _schema_on_200.next_link = AAZStrType(
+ serialized_name="nextLink",
+ )
+ _schema_on_200.value = AAZListType()
+
+ value = cls._schema_on_200.value
+ value.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.value.Element
+ _element.id = AAZStrType(
+ flags={"read_only": True},
+ )
+ _element.identity = AAZIdentityObjectType()
+ _element.location = AAZStrType()
+ _element.name = AAZStrType(
+ flags={"read_only": True},
+ )
+ _element.properties = AAZObjectType(
+ flags={"client_flatten": True},
+ )
+ _element.system_data = AAZObjectType(
+ serialized_name="systemData",
+ flags={"read_only": True},
+ )
+ _element.type = AAZStrType(
+ flags={"read_only": True},
+ )
+
+ identity = cls._schema_on_200.value.Element.identity
+ identity.principal_id = AAZStrType(
+ serialized_name="principalId",
+ flags={"read_only": True},
+ )
+ identity.tenant_id = AAZStrType(
+ serialized_name="tenantId",
+ flags={"read_only": True},
+ )
+ identity.type = AAZStrType()
+ identity.user_assigned_identities = AAZDictType(
+ serialized_name="userAssignedIdentities",
+ )
+
+ user_assigned_identities = cls._schema_on_200.value.Element.identity.user_assigned_identities
+ user_assigned_identities.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.value.Element.identity.user_assigned_identities.Element
+ _element.client_id = AAZStrType(
+ serialized_name="clientId",
+ flags={"read_only": True},
+ )
+ _element.principal_id = AAZStrType(
+ serialized_name="principalId",
+ flags={"read_only": True},
+ )
+
+ properties = cls._schema_on_200.value.Element.properties
+ properties.assignment_type = AAZStrType(
+ serialized_name="assignmentType",
+ )
+ properties.definition_version = AAZStrType(
+ serialized_name="definitionVersion",
+ )
+ properties.description = AAZStrType()
+ properties.display_name = AAZStrType(
+ serialized_name="displayName",
+ )
+ properties.effective_definition_version = AAZStrType(
+ serialized_name="effectiveDefinitionVersion",
+ flags={"read_only": True},
+ )
+ properties.enforcement_mode = AAZStrType(
+ serialized_name="enforcementMode",
+ )
+ properties.latest_definition_version = AAZStrType(
+ serialized_name="latestDefinitionVersion",
+ flags={"read_only": True},
+ )
+ properties.metadata = AAZDictType()
+ properties.non_compliance_messages = AAZListType(
+ serialized_name="nonComplianceMessages",
+ )
+ properties.not_scopes = AAZListType(
+ serialized_name="notScopes",
+ )
+ properties.overrides = AAZListType()
+ properties.parameters = AAZDictType()
+ properties.policy_definition_id = AAZStrType(
+ serialized_name="policyDefinitionId",
+ )
+ properties.resource_selectors = AAZListType(
+ serialized_name="resourceSelectors",
+ )
+ properties.scope = AAZStrType(
+ flags={"read_only": True},
+ )
+
+ metadata = cls._schema_on_200.value.Element.properties.metadata
+ metadata.Element = AAZAnyType()
+
+ non_compliance_messages = cls._schema_on_200.value.Element.properties.non_compliance_messages
+ non_compliance_messages.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.value.Element.properties.non_compliance_messages.Element
+ _element.message = AAZStrType(
+ flags={"required": True},
+ )
+ _element.policy_definition_reference_id = AAZStrType(
+ serialized_name="policyDefinitionReferenceId",
+ )
+
+ not_scopes = cls._schema_on_200.value.Element.properties.not_scopes
+ not_scopes.Element = AAZStrType()
+
+ overrides = cls._schema_on_200.value.Element.properties.overrides
+ overrides.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.value.Element.properties.overrides.Element
+ _element.kind = AAZStrType()
+ _element.selectors = AAZListType()
+ _element.value = AAZStrType()
+
+ selectors = cls._schema_on_200.value.Element.properties.overrides.Element.selectors
+ selectors.Element = AAZObjectType()
+ _ListHelper._build_schema_selector_read(selectors.Element)
+
+ parameters = cls._schema_on_200.value.Element.properties.parameters
+ parameters.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.value.Element.properties.parameters.Element
+ _element.value = AAZDictType()
+
+ value = cls._schema_on_200.value.Element.properties.parameters.Element.value
+ value.Element = AAZAnyType()
+
+ resource_selectors = cls._schema_on_200.value.Element.properties.resource_selectors
+ resource_selectors.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.value.Element.properties.resource_selectors.Element
+ _element.name = AAZStrType()
+ _element.selectors = AAZListType()
+
+ selectors = cls._schema_on_200.value.Element.properties.resource_selectors.Element.selectors
+ selectors.Element = AAZObjectType()
+ _ListHelper._build_schema_selector_read(selectors.Element)
+
+ system_data = cls._schema_on_200.value.Element.system_data
+ system_data.created_at = AAZStrType(
+ serialized_name="createdAt",
+ )
+ system_data.created_by = AAZStrType(
+ serialized_name="createdBy",
+ )
+ system_data.created_by_type = AAZStrType(
+ serialized_name="createdByType",
+ )
+ system_data.last_modified_at = AAZStrType(
+ serialized_name="lastModifiedAt",
+ )
+ system_data.last_modified_by = AAZStrType(
+ serialized_name="lastModifiedBy",
+ )
+ system_data.last_modified_by_type = AAZStrType(
+ serialized_name="lastModifiedByType",
+ )
+
+ return cls._schema_on_200
+
+ class PolicyAssignmentsListForResourceGroup(AAZHttpOperation):
+ CLIENT_TYPE = "MgmtClient"
+
+ def __call__(self, *args, **kwargs):
+ request = self.make_request()
+ session = self.client.send_request(request=request, stream=False, **kwargs)
+ if session.http_response.status_code in [200]:
+ return self.on_200(session)
+
+ return self.on_error(session.http_response)
+
+ @property
+ def url(self):
+ return self.client.format_url(
+ "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Authorization/policyAssignments",
+ **self.url_parameters
+ )
+
+ @property
+ def method(self):
+ return "GET"
+
+ @property
+ def error_format(self):
+ return "MgmtErrorFormat"
+
+ @property
+ def url_parameters(self):
+ parameters = {
+ **self.serialize_url_param(
+ "resourceGroupName", self.ctx.args.resource_group,
+ required=True,
+ ),
+ **self.serialize_url_param(
+ "subscriptionId", self.ctx.subscription_id,
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def query_parameters(self):
+ parameters = {
+ **self.serialize_query_param(
+ "$expand", self.ctx.args.expand,
+ ),
+ **self.serialize_query_param(
+ "$filter", self.ctx.args.filter,
+ ),
+ **self.serialize_query_param(
+ "api-version", "2024-05-01",
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def header_parameters(self):
+ parameters = {
+ **self.serialize_header_param(
+ "Accept", "application/json",
+ ),
+ }
+ return parameters
+
+ def on_200(self, session):
+ data = self.deserialize_http_content(session)
+ self.ctx.set_var(
+ "instance",
+ data,
+ schema_builder=self._build_schema_on_200
+ )
+
+ _schema_on_200 = None
+
+ @classmethod
+ def _build_schema_on_200(cls):
+ if cls._schema_on_200 is not None:
+ return cls._schema_on_200
+
+ cls._schema_on_200 = AAZObjectType()
+
+ _schema_on_200 = cls._schema_on_200
+ _schema_on_200.next_link = AAZStrType(
+ serialized_name="nextLink",
+ )
+ _schema_on_200.value = AAZListType()
+
+ value = cls._schema_on_200.value
+ value.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.value.Element
+ _element.id = AAZStrType(
+ flags={"read_only": True},
+ )
+ _element.identity = AAZIdentityObjectType()
+ _element.location = AAZStrType()
+ _element.name = AAZStrType(
+ flags={"read_only": True},
+ )
+ _element.properties = AAZObjectType(
+ flags={"client_flatten": True},
+ )
+ _element.system_data = AAZObjectType(
+ serialized_name="systemData",
+ flags={"read_only": True},
+ )
+ _element.type = AAZStrType(
+ flags={"read_only": True},
+ )
+
+ identity = cls._schema_on_200.value.Element.identity
+ identity.principal_id = AAZStrType(
+ serialized_name="principalId",
+ flags={"read_only": True},
+ )
+ identity.tenant_id = AAZStrType(
+ serialized_name="tenantId",
+ flags={"read_only": True},
+ )
+ identity.type = AAZStrType()
+ identity.user_assigned_identities = AAZDictType(
+ serialized_name="userAssignedIdentities",
+ )
+
+ user_assigned_identities = cls._schema_on_200.value.Element.identity.user_assigned_identities
+ user_assigned_identities.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.value.Element.identity.user_assigned_identities.Element
+ _element.client_id = AAZStrType(
+ serialized_name="clientId",
+ flags={"read_only": True},
+ )
+ _element.principal_id = AAZStrType(
+ serialized_name="principalId",
+ flags={"read_only": True},
+ )
+
+ properties = cls._schema_on_200.value.Element.properties
+ properties.assignment_type = AAZStrType(
+ serialized_name="assignmentType",
+ )
+ properties.definition_version = AAZStrType(
+ serialized_name="definitionVersion",
+ )
+ properties.description = AAZStrType()
+ properties.display_name = AAZStrType(
+ serialized_name="displayName",
+ )
+ properties.effective_definition_version = AAZStrType(
+ serialized_name="effectiveDefinitionVersion",
+ flags={"read_only": True},
+ )
+ properties.enforcement_mode = AAZStrType(
+ serialized_name="enforcementMode",
+ )
+ properties.latest_definition_version = AAZStrType(
+ serialized_name="latestDefinitionVersion",
+ flags={"read_only": True},
+ )
+ properties.metadata = AAZDictType()
+ properties.non_compliance_messages = AAZListType(
+ serialized_name="nonComplianceMessages",
+ )
+ properties.not_scopes = AAZListType(
+ serialized_name="notScopes",
+ )
+ properties.overrides = AAZListType()
+ properties.parameters = AAZDictType()
+ properties.policy_definition_id = AAZStrType(
+ serialized_name="policyDefinitionId",
+ )
+ properties.resource_selectors = AAZListType(
+ serialized_name="resourceSelectors",
+ )
+ properties.scope = AAZStrType(
+ flags={"read_only": True},
+ )
+
+ metadata = cls._schema_on_200.value.Element.properties.metadata
+ metadata.Element = AAZAnyType()
+
+ non_compliance_messages = cls._schema_on_200.value.Element.properties.non_compliance_messages
+ non_compliance_messages.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.value.Element.properties.non_compliance_messages.Element
+ _element.message = AAZStrType(
+ flags={"required": True},
+ )
+ _element.policy_definition_reference_id = AAZStrType(
+ serialized_name="policyDefinitionReferenceId",
+ )
+
+ not_scopes = cls._schema_on_200.value.Element.properties.not_scopes
+ not_scopes.Element = AAZStrType()
+
+ overrides = cls._schema_on_200.value.Element.properties.overrides
+ overrides.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.value.Element.properties.overrides.Element
+ _element.kind = AAZStrType()
+ _element.selectors = AAZListType()
+ _element.value = AAZStrType()
+
+ selectors = cls._schema_on_200.value.Element.properties.overrides.Element.selectors
+ selectors.Element = AAZObjectType()
+ _ListHelper._build_schema_selector_read(selectors.Element)
+
+ parameters = cls._schema_on_200.value.Element.properties.parameters
+ parameters.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.value.Element.properties.parameters.Element
+ _element.value = AAZDictType()
+
+ value = cls._schema_on_200.value.Element.properties.parameters.Element.value
+ value.Element = AAZAnyType()
+
+ resource_selectors = cls._schema_on_200.value.Element.properties.resource_selectors
+ resource_selectors.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.value.Element.properties.resource_selectors.Element
+ _element.name = AAZStrType()
+ _element.selectors = AAZListType()
+
+ selectors = cls._schema_on_200.value.Element.properties.resource_selectors.Element.selectors
+ selectors.Element = AAZObjectType()
+ _ListHelper._build_schema_selector_read(selectors.Element)
+
+ system_data = cls._schema_on_200.value.Element.system_data
+ system_data.created_at = AAZStrType(
+ serialized_name="createdAt",
+ )
+ system_data.created_by = AAZStrType(
+ serialized_name="createdBy",
+ )
+ system_data.created_by_type = AAZStrType(
+ serialized_name="createdByType",
+ )
+ system_data.last_modified_at = AAZStrType(
+ serialized_name="lastModifiedAt",
+ )
+ system_data.last_modified_by = AAZStrType(
+ serialized_name="lastModifiedBy",
+ )
+ system_data.last_modified_by_type = AAZStrType(
+ serialized_name="lastModifiedByType",
+ )
+
+ return cls._schema_on_200
+
+
+class _ListHelper:
+ """Helper class for List"""
+
+ _schema_selector_read = None
+
+ @classmethod
+ def _build_schema_selector_read(cls, _schema):
+ if cls._schema_selector_read is not None:
+ _schema["in"] = cls._schema_selector_read["in"]
+ _schema.kind = cls._schema_selector_read.kind
+ _schema.not_in = cls._schema_selector_read.not_in
+ return
+
+ cls._schema_selector_read = _schema_selector_read = AAZObjectType()
+
+ selector_read = _schema_selector_read
+ selector_read["in"] = AAZListType()
+ selector_read.kind = AAZStrType()
+ selector_read.not_in = AAZListType(
+ serialized_name="notIn",
+ )
+
+ in_ = _schema_selector_read["in"]
+ in_.Element = AAZStrType()
+
+ not_in = _schema_selector_read.not_in
+ not_in.Element = AAZStrType()
+
+ _schema["in"] = cls._schema_selector_read["in"]
+ _schema.kind = cls._schema_selector_read.kind
+ _schema.not_in = cls._schema_selector_read.not_in
+
+
+__all__ = ["List"]
diff --git a/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/assignment/_list_untitled1.py b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/assignment/_list_untitled1.py
new file mode 100644
index 00000000000..2e57871289d
--- /dev/null
+++ b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/assignment/_list_untitled1.py
@@ -0,0 +1,398 @@
+# --------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for license information.
+#
+# Code generated by aaz-dev-tools
+# --------------------------------------------------------------------------------------------
+
+# pylint: skip-file
+# flake8: noqa
+
+from azure.cli.core.aaz import *
+
+
+class ListUntitled1(AAZCommand):
+ """List operation retrieves the list of all policy assignments associated with the specified resource in the given resource group and subscription that match the optional given $filter. Valid values for $filter are: 'atScope()', 'atExactScope()' or 'policyDefinitionId eq '{value}''. If $filter is not provided, the unfiltered list includes all policy assignments associated with the resource, including those that apply directly or from all containing scopes, as well as any applied to resources contained within the resource. If $filter=atScope() is provided, the returned list includes all policy assignments that apply to the resource, which is everything in the unfiltered list except those applied to resources contained within the resource. If $filter=atExactScope() is provided, the returned list only includes all policy assignments that at the resource level. If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value} that apply to the resource. Three parameters plus the resource name are used to identify a specific resource. If the resource is not part of a parent resource (the more common case), the parent resource path should not be provided (or provided as ''). For example a web app could be specified as ({resourceProviderNamespace} == 'Microsoft.Web', {parentResourcePath} == '', {resourceType} == 'sites', {resourceName} == 'MyWebApp'). If the resource is part of a parent resource, then all parameters should be provided. For example a virtual machine DNS name could be specified as ({resourceProviderNamespace} == 'Microsoft.Compute', {parentResourcePath} == 'virtualMachines/MyVirtualMachine', {resourceType} == 'domainNames', {resourceName} == 'MyComputerName'). A convenient alternative to providing the namespace and type name separately is to provide both in the {resourceType} parameter, format: ({resourceProviderNamespace} == '', {parentResourcePath} == '', {resourceType} == 'Microsoft.Web/sites', {resourceName} == 'MyWebApp').
+ """
+
+ _aaz_info = {
+ "version": "2024-05-01",
+ "resources": [
+ ["mgmt-plane", "/subscriptions/{}/resourcegroups/{}/providers/{}/{}/{}/{}/providers/microsoft.authorization/policyassignments", "2024-05-01"],
+ ]
+ }
+
+ AZ_SUPPORT_PAGINATION = True
+
+ def _handler(self, command_args):
+ super()._handler(command_args)
+ return self.build_paging(self._execute_operations, self._output)
+
+ _args_schema = None
+
+ @classmethod
+ def _build_arguments_schema(cls, *args, **kwargs):
+ if cls._args_schema is not None:
+ return cls._args_schema
+ cls._args_schema = super()._build_arguments_schema(*args, **kwargs)
+
+ # define Arg Group ""
+
+ _args_schema = cls._args_schema
+ _args_schema.parent_resource_path = AAZStrArg(
+ options=["--parent-resource-path"],
+ help="The parent resource path. Use empty string if there is none.",
+ required=True,
+ )
+ _args_schema.resource_group = AAZResourceGroupNameArg(
+ required=True,
+ )
+ _args_schema.resource_name = AAZStrArg(
+ options=["--resource-name"],
+ help="The name of the resource.",
+ required=True,
+ fmt=AAZStrArgFormat(
+ pattern="^.+$",
+ ),
+ )
+ _args_schema.resource_provider_namespace = AAZStrArg(
+ options=["--resource-provider-namespace"],
+ help="The namespace of the resource provider. For example, the namespace of a virtual machine is Microsoft.Compute (from Microsoft.Compute/virtualMachines)",
+ required=True,
+ )
+ _args_schema.resource_type = AAZStrArg(
+ options=["--resource-type"],
+ help="The resource type name. For example the type name of a web app is 'sites' (from Microsoft.Web/sites).",
+ required=True,
+ )
+ _args_schema.expand = AAZStrArg(
+ options=["--expand"],
+ help="Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'.",
+ )
+ _args_schema.filter = AAZStrArg(
+ options=["--filter"],
+ help="The filter to apply on the operation. Valid values for $filter are: 'atScope()', 'atExactScope()' or 'policyDefinitionId eq '{value}''. If $filter is not provided, no filtering is performed. If $filter=atScope() is provided, the returned list only includes all policy assignments that apply to the scope, which is everything in the unfiltered list except those applied to sub scopes contained within the given scope. If $filter=atExactScope() is provided, the returned list only includes all policy assignments that at the given scope. If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value}.",
+ )
+ return cls._args_schema
+
+ def _execute_operations(self):
+ self.pre_operations()
+ self.PolicyAssignmentsListForResource(ctx=self.ctx)()
+ self.post_operations()
+
+ @register_callback
+ def pre_operations(self):
+ pass
+
+ @register_callback
+ def post_operations(self):
+ pass
+
+ def _output(self, *args, **kwargs):
+ result = self.deserialize_output(self.ctx.vars.instance.value, client_flatten=True)
+ next_link = self.deserialize_output(self.ctx.vars.instance.next_link)
+ return result, next_link
+
+ class PolicyAssignmentsListForResource(AAZHttpOperation):
+ CLIENT_TYPE = "MgmtClient"
+
+ def __call__(self, *args, **kwargs):
+ request = self.make_request()
+ session = self.client.send_request(request=request, stream=False, **kwargs)
+ if session.http_response.status_code in [200]:
+ return self.on_200(session)
+
+ return self.on_error(session.http_response)
+
+ @property
+ def url(self):
+ return self.client.format_url(
+ "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{parentResourcePath}/{resourceType}/{resourceName}/providers/Microsoft.Authorization/policyAssignments",
+ **self.url_parameters
+ )
+
+ @property
+ def method(self):
+ return "GET"
+
+ @property
+ def error_format(self):
+ return "MgmtErrorFormat"
+
+ @property
+ def url_parameters(self):
+ parameters = {
+ **self.serialize_url_param(
+ "parentResourcePath", self.ctx.args.parent_resource_path,
+ skip_quote=True,
+ required=True,
+ ),
+ **self.serialize_url_param(
+ "resourceGroupName", self.ctx.args.resource_group,
+ required=True,
+ ),
+ **self.serialize_url_param(
+ "resourceName", self.ctx.args.resource_name,
+ required=True,
+ ),
+ **self.serialize_url_param(
+ "resourceProviderNamespace", self.ctx.args.resource_provider_namespace,
+ required=True,
+ ),
+ **self.serialize_url_param(
+ "resourceType", self.ctx.args.resource_type,
+ skip_quote=True,
+ required=True,
+ ),
+ **self.serialize_url_param(
+ "subscriptionId", self.ctx.subscription_id,
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def query_parameters(self):
+ parameters = {
+ **self.serialize_query_param(
+ "$expand", self.ctx.args.expand,
+ ),
+ **self.serialize_query_param(
+ "$filter", self.ctx.args.filter,
+ ),
+ **self.serialize_query_param(
+ "api-version", "2024-05-01",
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def header_parameters(self):
+ parameters = {
+ **self.serialize_header_param(
+ "Accept", "application/json",
+ ),
+ }
+ return parameters
+
+ def on_200(self, session):
+ data = self.deserialize_http_content(session)
+ self.ctx.set_var(
+ "instance",
+ data,
+ schema_builder=self._build_schema_on_200
+ )
+
+ _schema_on_200 = None
+
+ @classmethod
+ def _build_schema_on_200(cls):
+ if cls._schema_on_200 is not None:
+ return cls._schema_on_200
+
+ cls._schema_on_200 = AAZObjectType()
+
+ _schema_on_200 = cls._schema_on_200
+ _schema_on_200.next_link = AAZStrType(
+ serialized_name="nextLink",
+ )
+ _schema_on_200.value = AAZListType()
+
+ value = cls._schema_on_200.value
+ value.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.value.Element
+ _element.id = AAZStrType(
+ flags={"read_only": True},
+ )
+ _element.identity = AAZIdentityObjectType()
+ _element.location = AAZStrType()
+ _element.name = AAZStrType(
+ flags={"read_only": True},
+ )
+ _element.properties = AAZObjectType(
+ flags={"client_flatten": True},
+ )
+ _element.system_data = AAZObjectType(
+ serialized_name="systemData",
+ flags={"read_only": True},
+ )
+ _element.type = AAZStrType(
+ flags={"read_only": True},
+ )
+
+ identity = cls._schema_on_200.value.Element.identity
+ identity.principal_id = AAZStrType(
+ serialized_name="principalId",
+ flags={"read_only": True},
+ )
+ identity.tenant_id = AAZStrType(
+ serialized_name="tenantId",
+ flags={"read_only": True},
+ )
+ identity.type = AAZStrType()
+ identity.user_assigned_identities = AAZDictType(
+ serialized_name="userAssignedIdentities",
+ )
+
+ user_assigned_identities = cls._schema_on_200.value.Element.identity.user_assigned_identities
+ user_assigned_identities.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.value.Element.identity.user_assigned_identities.Element
+ _element.client_id = AAZStrType(
+ serialized_name="clientId",
+ flags={"read_only": True},
+ )
+ _element.principal_id = AAZStrType(
+ serialized_name="principalId",
+ flags={"read_only": True},
+ )
+
+ properties = cls._schema_on_200.value.Element.properties
+ properties.assignment_type = AAZStrType(
+ serialized_name="assignmentType",
+ )
+ properties.definition_version = AAZStrType(
+ serialized_name="definitionVersion",
+ )
+ properties.description = AAZStrType()
+ properties.display_name = AAZStrType(
+ serialized_name="displayName",
+ )
+ properties.effective_definition_version = AAZStrType(
+ serialized_name="effectiveDefinitionVersion",
+ flags={"read_only": True},
+ )
+ properties.enforcement_mode = AAZStrType(
+ serialized_name="enforcementMode",
+ )
+ properties.latest_definition_version = AAZStrType(
+ serialized_name="latestDefinitionVersion",
+ flags={"read_only": True},
+ )
+ properties.metadata = AAZDictType()
+ properties.non_compliance_messages = AAZListType(
+ serialized_name="nonComplianceMessages",
+ )
+ properties.not_scopes = AAZListType(
+ serialized_name="notScopes",
+ )
+ properties.overrides = AAZListType()
+ properties.parameters = AAZDictType()
+ properties.policy_definition_id = AAZStrType(
+ serialized_name="policyDefinitionId",
+ )
+ properties.resource_selectors = AAZListType(
+ serialized_name="resourceSelectors",
+ )
+ properties.scope = AAZStrType(
+ flags={"read_only": True},
+ )
+
+ metadata = cls._schema_on_200.value.Element.properties.metadata
+ metadata.Element = AAZAnyType()
+
+ non_compliance_messages = cls._schema_on_200.value.Element.properties.non_compliance_messages
+ non_compliance_messages.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.value.Element.properties.non_compliance_messages.Element
+ _element.message = AAZStrType(
+ flags={"required": True},
+ )
+ _element.policy_definition_reference_id = AAZStrType(
+ serialized_name="policyDefinitionReferenceId",
+ )
+
+ not_scopes = cls._schema_on_200.value.Element.properties.not_scopes
+ not_scopes.Element = AAZStrType()
+
+ overrides = cls._schema_on_200.value.Element.properties.overrides
+ overrides.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.value.Element.properties.overrides.Element
+ _element.kind = AAZStrType()
+ _element.selectors = AAZListType()
+ _element.value = AAZStrType()
+
+ selectors = cls._schema_on_200.value.Element.properties.overrides.Element.selectors
+ selectors.Element = AAZObjectType()
+ _ListUntitled1Helper._build_schema_selector_read(selectors.Element)
+
+ parameters = cls._schema_on_200.value.Element.properties.parameters
+ parameters.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.value.Element.properties.parameters.Element
+ _element.value = AAZDictType()
+
+ value = cls._schema_on_200.value.Element.properties.parameters.Element.value
+ value.Element = AAZAnyType()
+
+ resource_selectors = cls._schema_on_200.value.Element.properties.resource_selectors
+ resource_selectors.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.value.Element.properties.resource_selectors.Element
+ _element.name = AAZStrType()
+ _element.selectors = AAZListType()
+
+ selectors = cls._schema_on_200.value.Element.properties.resource_selectors.Element.selectors
+ selectors.Element = AAZObjectType()
+ _ListUntitled1Helper._build_schema_selector_read(selectors.Element)
+
+ system_data = cls._schema_on_200.value.Element.system_data
+ system_data.created_at = AAZStrType(
+ serialized_name="createdAt",
+ )
+ system_data.created_by = AAZStrType(
+ serialized_name="createdBy",
+ )
+ system_data.created_by_type = AAZStrType(
+ serialized_name="createdByType",
+ )
+ system_data.last_modified_at = AAZStrType(
+ serialized_name="lastModifiedAt",
+ )
+ system_data.last_modified_by = AAZStrType(
+ serialized_name="lastModifiedBy",
+ )
+ system_data.last_modified_by_type = AAZStrType(
+ serialized_name="lastModifiedByType",
+ )
+
+ return cls._schema_on_200
+
+
+class _ListUntitled1Helper:
+ """Helper class for ListUntitled1"""
+
+ _schema_selector_read = None
+
+ @classmethod
+ def _build_schema_selector_read(cls, _schema):
+ if cls._schema_selector_read is not None:
+ _schema["in"] = cls._schema_selector_read["in"]
+ _schema.kind = cls._schema_selector_read.kind
+ _schema.not_in = cls._schema_selector_read.not_in
+ return
+
+ cls._schema_selector_read = _schema_selector_read = AAZObjectType()
+
+ selector_read = _schema_selector_read
+ selector_read["in"] = AAZListType()
+ selector_read.kind = AAZStrType()
+ selector_read.not_in = AAZListType(
+ serialized_name="notIn",
+ )
+
+ in_ = _schema_selector_read["in"]
+ in_.Element = AAZStrType()
+
+ not_in = _schema_selector_read.not_in
+ not_in.Element = AAZStrType()
+
+ _schema["in"] = cls._schema_selector_read["in"]
+ _schema.kind = cls._schema_selector_read.kind
+ _schema.not_in = cls._schema_selector_read.not_in
+
+
+__all__ = ["ListUntitled1"]
diff --git a/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/assignment/_show.py b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/assignment/_show.py
new file mode 100644
index 00000000000..e5ca3d4f75a
--- /dev/null
+++ b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/assignment/_show.py
@@ -0,0 +1,350 @@
+# --------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for license information.
+#
+# Code generated by aaz-dev-tools
+# --------------------------------------------------------------------------------------------
+
+# pylint: skip-file
+# flake8: noqa
+
+from azure.cli.core.aaz import *
+
+
+class Show(AAZCommand):
+ """Get operation retrieves a single policy assignment, given its name and the scope it was created at.
+ """
+
+ _aaz_info = {
+ "version": "2024-05-01",
+ "resources": [
+ ["mgmt-plane", "/{scope}/providers/microsoft.authorization/policyassignments/{}", "2024-05-01"],
+ ]
+ }
+
+ def _handler(self, command_args):
+ super()._handler(command_args)
+ self._execute_operations()
+ return self._output()
+
+ _args_schema = None
+
+ @classmethod
+ def _build_arguments_schema(cls, *args, **kwargs):
+ if cls._args_schema is not None:
+ return cls._args_schema
+ cls._args_schema = super()._build_arguments_schema(*args, **kwargs)
+
+ # define Arg Group ""
+
+ _args_schema = cls._args_schema
+ _args_schema.name = AAZStrArg(
+ options=["-n", "--name"],
+ help="The name of the policy assignment.",
+ required=True,
+ fmt=AAZStrArgFormat(
+ pattern="^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$",
+ ),
+ )
+ _args_schema.scope = AAZStrArg(
+ options=["--scope"],
+ help="The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'",
+ required=True,
+ )
+ _args_schema.expand = AAZStrArg(
+ options=["--expand"],
+ help="Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'.",
+ )
+ return cls._args_schema
+
+ def _execute_operations(self):
+ self.pre_operations()
+ self.PolicyAssignmentsGet(ctx=self.ctx)()
+ self.post_operations()
+
+ @register_callback
+ def pre_operations(self):
+ pass
+
+ @register_callback
+ def post_operations(self):
+ pass
+
+ def _output(self, *args, **kwargs):
+ result = self.deserialize_output(self.ctx.vars.instance, client_flatten=True)
+ return result
+
+ class PolicyAssignmentsGet(AAZHttpOperation):
+ CLIENT_TYPE = "MgmtClient"
+
+ def __call__(self, *args, **kwargs):
+ request = self.make_request()
+ session = self.client.send_request(request=request, stream=False, **kwargs)
+ if session.http_response.status_code in [200]:
+ return self.on_200(session)
+
+ return self.on_error(session.http_response)
+
+ @property
+ def url(self):
+ return self.client.format_url(
+ "/{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}",
+ **self.url_parameters
+ )
+
+ @property
+ def method(self):
+ return "GET"
+
+ @property
+ def error_format(self):
+ return "MgmtErrorFormat"
+
+ @property
+ def url_parameters(self):
+ parameters = {
+ **self.serialize_url_param(
+ "policyAssignmentName", self.ctx.args.name,
+ required=True,
+ ),
+ **self.serialize_url_param(
+ "scope", self.ctx.args.scope,
+ skip_quote=True,
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def query_parameters(self):
+ parameters = {
+ **self.serialize_query_param(
+ "$expand", self.ctx.args.expand,
+ ),
+ **self.serialize_query_param(
+ "api-version", "2024-05-01",
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def header_parameters(self):
+ parameters = {
+ **self.serialize_header_param(
+ "Accept", "application/json",
+ ),
+ }
+ return parameters
+
+ def on_200(self, session):
+ data = self.deserialize_http_content(session)
+ self.ctx.set_var(
+ "instance",
+ data,
+ schema_builder=self._build_schema_on_200
+ )
+
+ _schema_on_200 = None
+
+ @classmethod
+ def _build_schema_on_200(cls):
+ if cls._schema_on_200 is not None:
+ return cls._schema_on_200
+
+ cls._schema_on_200 = AAZObjectType()
+
+ _schema_on_200 = cls._schema_on_200
+ _schema_on_200.id = AAZStrType(
+ flags={"read_only": True},
+ )
+ _schema_on_200.identity = AAZIdentityObjectType()
+ _schema_on_200.location = AAZStrType()
+ _schema_on_200.name = AAZStrType(
+ flags={"read_only": True},
+ )
+ _schema_on_200.properties = AAZObjectType(
+ flags={"client_flatten": True},
+ )
+ _schema_on_200.system_data = AAZObjectType(
+ serialized_name="systemData",
+ flags={"read_only": True},
+ )
+ _schema_on_200.type = AAZStrType(
+ flags={"read_only": True},
+ )
+
+ identity = cls._schema_on_200.identity
+ identity.principal_id = AAZStrType(
+ serialized_name="principalId",
+ flags={"read_only": True},
+ )
+ identity.tenant_id = AAZStrType(
+ serialized_name="tenantId",
+ flags={"read_only": True},
+ )
+ identity.type = AAZStrType()
+ identity.user_assigned_identities = AAZDictType(
+ serialized_name="userAssignedIdentities",
+ )
+
+ user_assigned_identities = cls._schema_on_200.identity.user_assigned_identities
+ user_assigned_identities.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.identity.user_assigned_identities.Element
+ _element.client_id = AAZStrType(
+ serialized_name="clientId",
+ flags={"read_only": True},
+ )
+ _element.principal_id = AAZStrType(
+ serialized_name="principalId",
+ flags={"read_only": True},
+ )
+
+ properties = cls._schema_on_200.properties
+ properties.assignment_type = AAZStrType(
+ serialized_name="assignmentType",
+ )
+ properties.definition_version = AAZStrType(
+ serialized_name="definitionVersion",
+ )
+ properties.description = AAZStrType()
+ properties.display_name = AAZStrType(
+ serialized_name="displayName",
+ )
+ properties.effective_definition_version = AAZStrType(
+ serialized_name="effectiveDefinitionVersion",
+ flags={"read_only": True},
+ )
+ properties.enforcement_mode = AAZStrType(
+ serialized_name="enforcementMode",
+ )
+ properties.latest_definition_version = AAZStrType(
+ serialized_name="latestDefinitionVersion",
+ flags={"read_only": True},
+ )
+ properties.metadata = AAZDictType()
+ properties.non_compliance_messages = AAZListType(
+ serialized_name="nonComplianceMessages",
+ )
+ properties.not_scopes = AAZListType(
+ serialized_name="notScopes",
+ )
+ properties.overrides = AAZListType()
+ properties.parameters = AAZDictType()
+ properties.policy_definition_id = AAZStrType(
+ serialized_name="policyDefinitionId",
+ )
+ properties.resource_selectors = AAZListType(
+ serialized_name="resourceSelectors",
+ )
+ properties.scope = AAZStrType(
+ flags={"read_only": True},
+ )
+
+ metadata = cls._schema_on_200.properties.metadata
+ metadata.Element = AAZAnyType()
+
+ non_compliance_messages = cls._schema_on_200.properties.non_compliance_messages
+ non_compliance_messages.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.properties.non_compliance_messages.Element
+ _element.message = AAZStrType(
+ flags={"required": True},
+ )
+ _element.policy_definition_reference_id = AAZStrType(
+ serialized_name="policyDefinitionReferenceId",
+ )
+
+ not_scopes = cls._schema_on_200.properties.not_scopes
+ not_scopes.Element = AAZStrType()
+
+ overrides = cls._schema_on_200.properties.overrides
+ overrides.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.properties.overrides.Element
+ _element.kind = AAZStrType()
+ _element.selectors = AAZListType()
+ _element.value = AAZStrType()
+
+ selectors = cls._schema_on_200.properties.overrides.Element.selectors
+ selectors.Element = AAZObjectType()
+ _ShowHelper._build_schema_selector_read(selectors.Element)
+
+ parameters = cls._schema_on_200.properties.parameters
+ parameters.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.properties.parameters.Element
+ _element.value = AAZDictType()
+
+ value = cls._schema_on_200.properties.parameters.Element.value
+ value.Element = AAZAnyType()
+
+ resource_selectors = cls._schema_on_200.properties.resource_selectors
+ resource_selectors.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.properties.resource_selectors.Element
+ _element.name = AAZStrType()
+ _element.selectors = AAZListType()
+
+ selectors = cls._schema_on_200.properties.resource_selectors.Element.selectors
+ selectors.Element = AAZObjectType()
+ _ShowHelper._build_schema_selector_read(selectors.Element)
+
+ system_data = cls._schema_on_200.system_data
+ system_data.created_at = AAZStrType(
+ serialized_name="createdAt",
+ )
+ system_data.created_by = AAZStrType(
+ serialized_name="createdBy",
+ )
+ system_data.created_by_type = AAZStrType(
+ serialized_name="createdByType",
+ )
+ system_data.last_modified_at = AAZStrType(
+ serialized_name="lastModifiedAt",
+ )
+ system_data.last_modified_by = AAZStrType(
+ serialized_name="lastModifiedBy",
+ )
+ system_data.last_modified_by_type = AAZStrType(
+ serialized_name="lastModifiedByType",
+ )
+
+ return cls._schema_on_200
+
+
+class _ShowHelper:
+ """Helper class for Show"""
+
+ _schema_selector_read = None
+
+ @classmethod
+ def _build_schema_selector_read(cls, _schema):
+ if cls._schema_selector_read is not None:
+ _schema["in"] = cls._schema_selector_read["in"]
+ _schema.kind = cls._schema_selector_read.kind
+ _schema.not_in = cls._schema_selector_read.not_in
+ return
+
+ cls._schema_selector_read = _schema_selector_read = AAZObjectType()
+
+ selector_read = _schema_selector_read
+ selector_read["in"] = AAZListType()
+ selector_read.kind = AAZStrType()
+ selector_read.not_in = AAZListType(
+ serialized_name="notIn",
+ )
+
+ in_ = _schema_selector_read["in"]
+ in_.Element = AAZStrType()
+
+ not_in = _schema_selector_read.not_in
+ not_in.Element = AAZStrType()
+
+ _schema["in"] = cls._schema_selector_read["in"]
+ _schema.kind = cls._schema_selector_read.kind
+ _schema.not_in = cls._schema_selector_read.not_in
+
+
+__all__ = ["Show"]
diff --git a/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/assignment/_update.py b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/assignment/_update.py
new file mode 100644
index 00000000000..121c59c796c
--- /dev/null
+++ b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/assignment/_update.py
@@ -0,0 +1,817 @@
+# --------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for license information.
+#
+# Code generated by aaz-dev-tools
+# --------------------------------------------------------------------------------------------
+
+# pylint: skip-file
+# flake8: noqa
+
+from azure.cli.core.aaz import *
+
+
+class Update(AAZCommand):
+ """Update This operation creates or updates a policy assignment with the given scope and name. Policy assignments apply to all resources contained within their scope. For example, when you assign a policy at resource group scope, that policy applies to all resources in the group.
+ """
+
+ _aaz_info = {
+ "version": "2024-05-01",
+ "resources": [
+ ["mgmt-plane", "/{scope}/providers/microsoft.authorization/policyassignments/{}", "2024-05-01"],
+ ]
+ }
+
+ AZ_SUPPORT_GENERIC_UPDATE = True
+
+ def _handler(self, command_args):
+ super()._handler(command_args)
+ self._execute_operations()
+ return self._output()
+
+ _args_schema = None
+
+ @classmethod
+ def _build_arguments_schema(cls, *args, **kwargs):
+ if cls._args_schema is not None:
+ return cls._args_schema
+ cls._args_schema = super()._build_arguments_schema(*args, **kwargs)
+
+ # define Arg Group ""
+
+ _args_schema = cls._args_schema
+ _args_schema.name = AAZStrArg(
+ options=["-n", "--name"],
+ help="The name of the policy assignment.",
+ required=True,
+ fmt=AAZStrArgFormat(
+ pattern="^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$",
+ ),
+ )
+ _args_schema.scope = AAZStrArg(
+ options=["--scope"],
+ help="The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'",
+ required=True,
+ )
+
+ # define Arg Group "Identity"
+
+ # define Arg Group "Parameters"
+
+ _args_schema = cls._args_schema
+ _args_schema.location = AAZResourceLocationArg(
+ arg_group="Parameters",
+ help="The location of the policy assignment. Only required when utilizing managed identity.",
+ nullable=True,
+ )
+
+ # define Arg Group "Properties"
+
+ _args_schema = cls._args_schema
+ _args_schema.assignment_type = AAZStrArg(
+ options=["--assignment-type"],
+ arg_group="Properties",
+ help="The type of policy assignment. Possible values are NotSpecified, System, SystemHidden, and Custom. Immutable.",
+ nullable=True,
+ enum={"Custom": "Custom", "NotSpecified": "NotSpecified", "System": "System", "SystemHidden": "SystemHidden"},
+ )
+ _args_schema.definition_version = AAZStrArg(
+ options=["--definition-version"],
+ arg_group="Properties",
+ help="The version of the policy definition to use.",
+ nullable=True,
+ )
+ _args_schema.description = AAZStrArg(
+ options=["--description"],
+ arg_group="Properties",
+ help="This message will be part of response in case of policy violation.",
+ nullable=True,
+ )
+ _args_schema.display_name = AAZStrArg(
+ options=["--display-name"],
+ arg_group="Properties",
+ help="The display name of the policy assignment.",
+ nullable=True,
+ )
+ _args_schema.enforcement_mode = AAZStrArg(
+ options=["-e", "--enforcement-mode"],
+ arg_group="Properties",
+ help="The policy assignment enforcement mode. Possible values are Default and DoNotEnforce.",
+ nullable=True,
+ enum={"Default": "Default", "DoNotEnforce": "DoNotEnforce"},
+ )
+ _args_schema.metadata = AAZDictArg(
+ options=["--metadata"],
+ arg_group="Properties",
+ help="The policy assignment metadata. Metadata is an open ended object and is typically a collection of key value pairs.",
+ nullable=True,
+ )
+ _args_schema.non_compliance_messages = AAZListArg(
+ options=["--non-compliance-messages"],
+ arg_group="Properties",
+ help="The messages that describe why a resource is non-compliant with the policy.",
+ nullable=True,
+ )
+ _args_schema.not_scopes = AAZListArg(
+ options=["--not-scopes"],
+ arg_group="Properties",
+ help="The policy's excluded scopes.",
+ nullable=True,
+ )
+ _args_schema.overrides = AAZListArg(
+ options=["--overrides"],
+ arg_group="Properties",
+ help="The policy property value override.",
+ nullable=True,
+ )
+ _args_schema.params = AAZDictArg(
+ options=["-p", "--params"],
+ arg_group="Properties",
+ help="The parameter values for the assigned policy rule. The keys are the parameter names.",
+ nullable=True,
+ )
+ _args_schema.policy_set_definition = AAZStrArg(
+ options=["-d", "--policy", "--policy-set-definition"],
+ arg_group="Properties",
+ help="The ID of the policy definition or policy set definition being assigned.",
+ nullable=True,
+ )
+ _args_schema.resource_selectors = AAZListArg(
+ options=["--resource-selectors"],
+ arg_group="Properties",
+ help="The resource selector list to filter policies by resource properties.",
+ nullable=True,
+ )
+
+ metadata = cls._args_schema.metadata
+ metadata.Element = AAZAnyTypeArg(
+ nullable=True,
+ )
+
+ non_compliance_messages = cls._args_schema.non_compliance_messages
+ non_compliance_messages.Element = AAZObjectArg(
+ nullable=True,
+ )
+
+ _element = cls._args_schema.non_compliance_messages.Element
+ _element.message = AAZStrArg(
+ options=["message"],
+ help="A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results.",
+ )
+ _element.policy_definition_reference_id = AAZStrArg(
+ options=["policy-definition-reference-id"],
+ help="The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment.",
+ nullable=True,
+ )
+
+ not_scopes = cls._args_schema.not_scopes
+ not_scopes.Element = AAZStrArg(
+ nullable=True,
+ )
+
+ overrides = cls._args_schema.overrides
+ overrides.Element = AAZObjectArg(
+ nullable=True,
+ )
+
+ _element = cls._args_schema.overrides.Element
+ _element.kind = AAZStrArg(
+ options=["kind"],
+ help="The override kind.",
+ nullable=True,
+ enum={"definitionVersion": "definitionVersion", "policyEffect": "policyEffect"},
+ )
+ _element.selectors = AAZListArg(
+ options=["selectors"],
+ help="The list of the selector expressions.",
+ nullable=True,
+ )
+ _element.value = AAZStrArg(
+ options=["value"],
+ help="The value to override the policy property.",
+ nullable=True,
+ )
+
+ selectors = cls._args_schema.overrides.Element.selectors
+ selectors.Element = AAZObjectArg(
+ nullable=True,
+ )
+ cls._build_args_selector_update(selectors.Element)
+
+ params = cls._args_schema.params
+ params.Element = AAZObjectArg(
+ nullable=True,
+ )
+
+ _element = cls._args_schema.params.Element
+ _element.value = AAZDictArg(
+ options=["value"],
+ help="The value of the parameter.",
+ nullable=True,
+ )
+
+ value = cls._args_schema.params.Element.value
+ value.Element = AAZAnyTypeArg(
+ nullable=True,
+ )
+
+ resource_selectors = cls._args_schema.resource_selectors
+ resource_selectors.Element = AAZObjectArg(
+ nullable=True,
+ )
+
+ _element = cls._args_schema.resource_selectors.Element
+ _element.name = AAZStrArg(
+ options=["name"],
+ help="The name of the resource selector.",
+ nullable=True,
+ )
+ _element.selectors = AAZListArg(
+ options=["selectors"],
+ help="The list of the selector expressions.",
+ nullable=True,
+ )
+
+ selectors = cls._args_schema.resource_selectors.Element.selectors
+ selectors.Element = AAZObjectArg(
+ nullable=True,
+ )
+ cls._build_args_selector_update(selectors.Element)
+ return cls._args_schema
+
+ _args_selector_update = None
+
+ @classmethod
+ def _build_args_selector_update(cls, _schema):
+ if cls._args_selector_update is not None:
+ _schema.in_ = cls._args_selector_update.in_
+ _schema.kind = cls._args_selector_update.kind
+ _schema.not_in = cls._args_selector_update.not_in
+ return
+
+ cls._args_selector_update = AAZObjectArg(
+ nullable=True,
+ )
+
+ selector_update = cls._args_selector_update
+ selector_update.in_ = AAZListArg(
+ options=["in"],
+ help="The list of values to filter in.",
+ nullable=True,
+ )
+ selector_update.kind = AAZStrArg(
+ options=["kind"],
+ help="The selector kind.",
+ nullable=True,
+ enum={"policyDefinitionReferenceId": "policyDefinitionReferenceId", "resourceLocation": "resourceLocation", "resourceType": "resourceType", "resourceWithoutLocation": "resourceWithoutLocation"},
+ )
+ selector_update.not_in = AAZListArg(
+ options=["not-in"],
+ help="The list of values to filter out.",
+ nullable=True,
+ )
+
+ in_ = cls._args_selector_update.in_
+ in_.Element = AAZStrArg(
+ nullable=True,
+ )
+
+ not_in = cls._args_selector_update.not_in
+ not_in.Element = AAZStrArg(
+ nullable=True,
+ )
+
+ _schema.in_ = cls._args_selector_update.in_
+ _schema.kind = cls._args_selector_update.kind
+ _schema.not_in = cls._args_selector_update.not_in
+
+ def _execute_operations(self):
+ self.pre_operations()
+ self.PolicyAssignmentsGet(ctx=self.ctx)()
+ self.pre_instance_update(self.ctx.vars.instance)
+ self.InstanceUpdateByJson(ctx=self.ctx)()
+ self.InstanceUpdateByGeneric(ctx=self.ctx)()
+ self.post_instance_update(self.ctx.vars.instance)
+ self.PolicyAssignmentsCreate(ctx=self.ctx)()
+ self.post_operations()
+
+ @register_callback
+ def pre_operations(self):
+ pass
+
+ @register_callback
+ def post_operations(self):
+ pass
+
+ @register_callback
+ def pre_instance_update(self, instance):
+ pass
+
+ @register_callback
+ def post_instance_update(self, instance):
+ pass
+
+ def _output(self, *args, **kwargs):
+ result = self.deserialize_output(self.ctx.vars.instance, client_flatten=True)
+ return result
+
+ class PolicyAssignmentsGet(AAZHttpOperation):
+ CLIENT_TYPE = "MgmtClient"
+
+ def __call__(self, *args, **kwargs):
+ request = self.make_request()
+ session = self.client.send_request(request=request, stream=False, **kwargs)
+ if session.http_response.status_code in [200]:
+ return self.on_200(session)
+
+ return self.on_error(session.http_response)
+
+ @property
+ def url(self):
+ return self.client.format_url(
+ "/{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}",
+ **self.url_parameters
+ )
+
+ @property
+ def method(self):
+ return "GET"
+
+ @property
+ def error_format(self):
+ return "MgmtErrorFormat"
+
+ @property
+ def url_parameters(self):
+ parameters = {
+ **self.serialize_url_param(
+ "policyAssignmentName", self.ctx.args.name,
+ required=True,
+ ),
+ **self.serialize_url_param(
+ "scope", self.ctx.args.scope,
+ skip_quote=True,
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def query_parameters(self):
+ parameters = {
+ **self.serialize_query_param(
+ "api-version", "2024-05-01",
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def header_parameters(self):
+ parameters = {
+ **self.serialize_header_param(
+ "Accept", "application/json",
+ ),
+ }
+ return parameters
+
+ def on_200(self, session):
+ data = self.deserialize_http_content(session)
+ self.ctx.set_var(
+ "instance",
+ data,
+ schema_builder=self._build_schema_on_200
+ )
+
+ _schema_on_200 = None
+
+ @classmethod
+ def _build_schema_on_200(cls):
+ if cls._schema_on_200 is not None:
+ return cls._schema_on_200
+
+ cls._schema_on_200 = AAZObjectType()
+ _UpdateHelper._build_schema_policy_assignment_read(cls._schema_on_200)
+
+ return cls._schema_on_200
+
+ class PolicyAssignmentsCreate(AAZHttpOperation):
+ CLIENT_TYPE = "MgmtClient"
+
+ def __call__(self, *args, **kwargs):
+ request = self.make_request()
+ session = self.client.send_request(request=request, stream=False, **kwargs)
+ if session.http_response.status_code in [201]:
+ return self.on_201(session)
+
+ return self.on_error(session.http_response)
+
+ @property
+ def url(self):
+ return self.client.format_url(
+ "/{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}",
+ **self.url_parameters
+ )
+
+ @property
+ def method(self):
+ return "PUT"
+
+ @property
+ def error_format(self):
+ return "MgmtErrorFormat"
+
+ @property
+ def url_parameters(self):
+ parameters = {
+ **self.serialize_url_param(
+ "policyAssignmentName", self.ctx.args.name,
+ required=True,
+ ),
+ **self.serialize_url_param(
+ "scope", self.ctx.args.scope,
+ skip_quote=True,
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def query_parameters(self):
+ parameters = {
+ **self.serialize_query_param(
+ "api-version", "2024-05-01",
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def header_parameters(self):
+ parameters = {
+ **self.serialize_header_param(
+ "Content-Type", "application/json",
+ ),
+ **self.serialize_header_param(
+ "Accept", "application/json",
+ ),
+ }
+ return parameters
+
+ @property
+ def content(self):
+ _content_value, _builder = self.new_content_builder(
+ self.ctx.args,
+ value=self.ctx.vars.instance,
+ )
+
+ return self.serialize_content(_content_value)
+
+ def on_201(self, session):
+ data = self.deserialize_http_content(session)
+ self.ctx.set_var(
+ "instance",
+ data,
+ schema_builder=self._build_schema_on_201
+ )
+
+ _schema_on_201 = None
+
+ @classmethod
+ def _build_schema_on_201(cls):
+ if cls._schema_on_201 is not None:
+ return cls._schema_on_201
+
+ cls._schema_on_201 = AAZObjectType()
+ _UpdateHelper._build_schema_policy_assignment_read(cls._schema_on_201)
+
+ return cls._schema_on_201
+
+ class InstanceUpdateByJson(AAZJsonInstanceUpdateOperation):
+
+ def __call__(self, *args, **kwargs):
+ self._update_instance(self.ctx.vars.instance)
+
+ def _update_instance(self, instance):
+ _instance_value, _builder = self.new_content_builder(
+ self.ctx.args,
+ value=instance,
+ typ=AAZObjectType
+ )
+ _builder.set_prop("identity", AAZIdentityObjectType)
+ _builder.set_prop("location", AAZStrType, ".location")
+ _builder.set_prop("properties", AAZObjectType, typ_kwargs={"flags": {"client_flatten": True}})
+
+ properties = _builder.get(".properties")
+ if properties is not None:
+ properties.set_prop("assignmentType", AAZStrType, ".assignment_type")
+ properties.set_prop("definitionVersion", AAZStrType, ".definition_version")
+ properties.set_prop("description", AAZStrType, ".description")
+ properties.set_prop("displayName", AAZStrType, ".display_name")
+ properties.set_prop("enforcementMode", AAZStrType, ".enforcement_mode")
+ properties.set_prop("metadata", AAZDictType, ".metadata")
+ properties.set_prop("nonComplianceMessages", AAZListType, ".non_compliance_messages")
+ properties.set_prop("notScopes", AAZListType, ".not_scopes")
+ properties.set_prop("overrides", AAZListType, ".overrides")
+ properties.set_prop("parameters", AAZDictType, ".params")
+ properties.set_prop("policyDefinitionId", AAZStrType, ".policy_set_definition")
+ properties.set_prop("resourceSelectors", AAZListType, ".resource_selectors")
+
+ metadata = _builder.get(".properties.metadata")
+ if metadata is not None:
+ metadata.set_elements(AAZAnyType, ".")
+
+ non_compliance_messages = _builder.get(".properties.nonComplianceMessages")
+ if non_compliance_messages is not None:
+ non_compliance_messages.set_elements(AAZObjectType, ".")
+
+ _elements = _builder.get(".properties.nonComplianceMessages[]")
+ if _elements is not None:
+ _elements.set_prop("message", AAZStrType, ".message", typ_kwargs={"flags": {"required": True}})
+ _elements.set_prop("policyDefinitionReferenceId", AAZStrType, ".policy_definition_reference_id")
+
+ not_scopes = _builder.get(".properties.notScopes")
+ if not_scopes is not None:
+ not_scopes.set_elements(AAZStrType, ".")
+
+ overrides = _builder.get(".properties.overrides")
+ if overrides is not None:
+ overrides.set_elements(AAZObjectType, ".")
+
+ _elements = _builder.get(".properties.overrides[]")
+ if _elements is not None:
+ _elements.set_prop("kind", AAZStrType, ".kind")
+ _elements.set_prop("selectors", AAZListType, ".selectors")
+ _elements.set_prop("value", AAZStrType, ".value")
+
+ selectors = _builder.get(".properties.overrides[].selectors")
+ if selectors is not None:
+ _UpdateHelper._build_schema_selector_update(selectors.set_elements(AAZObjectType, "."))
+
+ parameters = _builder.get(".properties.parameters")
+ if parameters is not None:
+ parameters.set_elements(AAZObjectType, ".")
+
+ _elements = _builder.get(".properties.parameters{}")
+ if _elements is not None:
+ _elements.set_prop("value", AAZDictType, ".value")
+
+ value = _builder.get(".properties.parameters{}.value")
+ if value is not None:
+ value.set_elements(AAZAnyType, ".")
+
+ resource_selectors = _builder.get(".properties.resourceSelectors")
+ if resource_selectors is not None:
+ resource_selectors.set_elements(AAZObjectType, ".")
+
+ _elements = _builder.get(".properties.resourceSelectors[]")
+ if _elements is not None:
+ _elements.set_prop("name", AAZStrType, ".name")
+ _elements.set_prop("selectors", AAZListType, ".selectors")
+
+ selectors = _builder.get(".properties.resourceSelectors[].selectors")
+ if selectors is not None:
+ _UpdateHelper._build_schema_selector_update(selectors.set_elements(AAZObjectType, "."))
+
+ return _instance_value
+
+ class InstanceUpdateByGeneric(AAZGenericInstanceUpdateOperation):
+
+ def __call__(self, *args, **kwargs):
+ self._update_instance_by_generic(
+ self.ctx.vars.instance,
+ self.ctx.generic_update_args
+ )
+
+
+class _UpdateHelper:
+ """Helper class for Update"""
+
+ @classmethod
+ def _build_schema_selector_update(cls, _builder):
+ if _builder is None:
+ return
+ _builder.set_prop("in", AAZListType, ".in_")
+ _builder.set_prop("kind", AAZStrType, ".kind")
+ _builder.set_prop("notIn", AAZListType, ".not_in")
+
+ in_ = _builder.get(".in")
+ if in_ is not None:
+ in_.set_elements(AAZStrType, ".")
+
+ not_in = _builder.get(".notIn")
+ if not_in is not None:
+ not_in.set_elements(AAZStrType, ".")
+
+ _schema_policy_assignment_read = None
+
+ @classmethod
+ def _build_schema_policy_assignment_read(cls, _schema):
+ if cls._schema_policy_assignment_read is not None:
+ _schema.id = cls._schema_policy_assignment_read.id
+ _schema.identity = cls._schema_policy_assignment_read.identity
+ _schema.location = cls._schema_policy_assignment_read.location
+ _schema.name = cls._schema_policy_assignment_read.name
+ _schema.properties = cls._schema_policy_assignment_read.properties
+ _schema.system_data = cls._schema_policy_assignment_read.system_data
+ _schema.type = cls._schema_policy_assignment_read.type
+ return
+
+ cls._schema_policy_assignment_read = _schema_policy_assignment_read = AAZObjectType()
+
+ policy_assignment_read = _schema_policy_assignment_read
+ policy_assignment_read.id = AAZStrType(
+ flags={"read_only": True},
+ )
+ policy_assignment_read.identity = AAZIdentityObjectType()
+ policy_assignment_read.location = AAZStrType()
+ policy_assignment_read.name = AAZStrType(
+ flags={"read_only": True},
+ )
+ policy_assignment_read.properties = AAZObjectType(
+ flags={"client_flatten": True},
+ )
+ policy_assignment_read.system_data = AAZObjectType(
+ serialized_name="systemData",
+ flags={"read_only": True},
+ )
+ policy_assignment_read.type = AAZStrType(
+ flags={"read_only": True},
+ )
+
+ identity = _schema_policy_assignment_read.identity
+ identity.principal_id = AAZStrType(
+ serialized_name="principalId",
+ flags={"read_only": True},
+ )
+ identity.tenant_id = AAZStrType(
+ serialized_name="tenantId",
+ flags={"read_only": True},
+ )
+ identity.type = AAZStrType()
+ identity.user_assigned_identities = AAZDictType(
+ serialized_name="userAssignedIdentities",
+ )
+
+ user_assigned_identities = _schema_policy_assignment_read.identity.user_assigned_identities
+ user_assigned_identities.Element = AAZObjectType()
+
+ _element = _schema_policy_assignment_read.identity.user_assigned_identities.Element
+ _element.client_id = AAZStrType(
+ serialized_name="clientId",
+ flags={"read_only": True},
+ )
+ _element.principal_id = AAZStrType(
+ serialized_name="principalId",
+ flags={"read_only": True},
+ )
+
+ properties = _schema_policy_assignment_read.properties
+ properties.assignment_type = AAZStrType(
+ serialized_name="assignmentType",
+ )
+ properties.definition_version = AAZStrType(
+ serialized_name="definitionVersion",
+ )
+ properties.description = AAZStrType()
+ properties.display_name = AAZStrType(
+ serialized_name="displayName",
+ )
+ properties.effective_definition_version = AAZStrType(
+ serialized_name="effectiveDefinitionVersion",
+ flags={"read_only": True},
+ )
+ properties.enforcement_mode = AAZStrType(
+ serialized_name="enforcementMode",
+ )
+ properties.latest_definition_version = AAZStrType(
+ serialized_name="latestDefinitionVersion",
+ flags={"read_only": True},
+ )
+ properties.metadata = AAZDictType()
+ properties.non_compliance_messages = AAZListType(
+ serialized_name="nonComplianceMessages",
+ )
+ properties.not_scopes = AAZListType(
+ serialized_name="notScopes",
+ )
+ properties.overrides = AAZListType()
+ properties.parameters = AAZDictType()
+ properties.policy_definition_id = AAZStrType(
+ serialized_name="policyDefinitionId",
+ )
+ properties.resource_selectors = AAZListType(
+ serialized_name="resourceSelectors",
+ )
+ properties.scope = AAZStrType(
+ flags={"read_only": True},
+ )
+
+ metadata = _schema_policy_assignment_read.properties.metadata
+ metadata.Element = AAZAnyType()
+
+ non_compliance_messages = _schema_policy_assignment_read.properties.non_compliance_messages
+ non_compliance_messages.Element = AAZObjectType()
+
+ _element = _schema_policy_assignment_read.properties.non_compliance_messages.Element
+ _element.message = AAZStrType(
+ flags={"required": True},
+ )
+ _element.policy_definition_reference_id = AAZStrType(
+ serialized_name="policyDefinitionReferenceId",
+ )
+
+ not_scopes = _schema_policy_assignment_read.properties.not_scopes
+ not_scopes.Element = AAZStrType()
+
+ overrides = _schema_policy_assignment_read.properties.overrides
+ overrides.Element = AAZObjectType()
+
+ _element = _schema_policy_assignment_read.properties.overrides.Element
+ _element.kind = AAZStrType()
+ _element.selectors = AAZListType()
+ _element.value = AAZStrType()
+
+ selectors = _schema_policy_assignment_read.properties.overrides.Element.selectors
+ selectors.Element = AAZObjectType()
+ cls._build_schema_selector_read(selectors.Element)
+
+ parameters = _schema_policy_assignment_read.properties.parameters
+ parameters.Element = AAZObjectType()
+
+ _element = _schema_policy_assignment_read.properties.parameters.Element
+ _element.value = AAZDictType()
+
+ value = _schema_policy_assignment_read.properties.parameters.Element.value
+ value.Element = AAZAnyType()
+
+ resource_selectors = _schema_policy_assignment_read.properties.resource_selectors
+ resource_selectors.Element = AAZObjectType()
+
+ _element = _schema_policy_assignment_read.properties.resource_selectors.Element
+ _element.name = AAZStrType()
+ _element.selectors = AAZListType()
+
+ selectors = _schema_policy_assignment_read.properties.resource_selectors.Element.selectors
+ selectors.Element = AAZObjectType()
+ cls._build_schema_selector_read(selectors.Element)
+
+ system_data = _schema_policy_assignment_read.system_data
+ system_data.created_at = AAZStrType(
+ serialized_name="createdAt",
+ )
+ system_data.created_by = AAZStrType(
+ serialized_name="createdBy",
+ )
+ system_data.created_by_type = AAZStrType(
+ serialized_name="createdByType",
+ )
+ system_data.last_modified_at = AAZStrType(
+ serialized_name="lastModifiedAt",
+ )
+ system_data.last_modified_by = AAZStrType(
+ serialized_name="lastModifiedBy",
+ )
+ system_data.last_modified_by_type = AAZStrType(
+ serialized_name="lastModifiedByType",
+ )
+
+ _schema.id = cls._schema_policy_assignment_read.id
+ _schema.identity = cls._schema_policy_assignment_read.identity
+ _schema.location = cls._schema_policy_assignment_read.location
+ _schema.name = cls._schema_policy_assignment_read.name
+ _schema.properties = cls._schema_policy_assignment_read.properties
+ _schema.system_data = cls._schema_policy_assignment_read.system_data
+ _schema.type = cls._schema_policy_assignment_read.type
+
+ _schema_selector_read = None
+
+ @classmethod
+ def _build_schema_selector_read(cls, _schema):
+ if cls._schema_selector_read is not None:
+ _schema["in"] = cls._schema_selector_read["in"]
+ _schema.kind = cls._schema_selector_read.kind
+ _schema.not_in = cls._schema_selector_read.not_in
+ return
+
+ cls._schema_selector_read = _schema_selector_read = AAZObjectType()
+
+ selector_read = _schema_selector_read
+ selector_read["in"] = AAZListType()
+ selector_read.kind = AAZStrType()
+ selector_read.not_in = AAZListType(
+ serialized_name="notIn",
+ )
+
+ in_ = _schema_selector_read["in"]
+ in_.Element = AAZStrType()
+
+ not_in = _schema_selector_read.not_in
+ not_in.Element = AAZStrType()
+
+ _schema["in"] = cls._schema_selector_read["in"]
+ _schema.kind = cls._schema_selector_read.kind
+ _schema.not_in = cls._schema_selector_read.not_in
+
+
+__all__ = ["Update"]
diff --git a/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/assignment/identity/__cmd_group.py b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/assignment/identity/__cmd_group.py
new file mode 100644
index 00000000000..14643371b3d
--- /dev/null
+++ b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/assignment/identity/__cmd_group.py
@@ -0,0 +1,20 @@
+# --------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for license information.
+#
+# Code generated by aaz-dev-tools
+# --------------------------------------------------------------------------------------------
+
+# pylint: skip-file
+# flake8: noqa
+
+from azure.cli.core.aaz import *
+
+
+class __CMDGroup(AAZCommandGroup):
+ """The identity used by the enclosing policy assignment for remediation tasks.
+ """
+ pass
+
+
+__all__ = ["__CMDGroup"]
diff --git a/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/assignment/identity/__init__.py b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/assignment/identity/__init__.py
new file mode 100644
index 00000000000..6e361c3c498
--- /dev/null
+++ b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/assignment/identity/__init__.py
@@ -0,0 +1,14 @@
+# --------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for license information.
+#
+# Code generated by aaz-dev-tools
+# --------------------------------------------------------------------------------------------
+
+# pylint: skip-file
+# flake8: noqa
+
+from .__cmd_group import *
+from ._assign import *
+from ._remove import *
+from ._show import *
diff --git a/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/assignment/identity/_assign.py b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/assignment/identity/_assign.py
new file mode 100644
index 00000000000..8ec16b0415d
--- /dev/null
+++ b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/assignment/identity/_assign.py
@@ -0,0 +1,523 @@
+# --------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for license information.
+#
+# Code generated by aaz-dev-tools
+# --------------------------------------------------------------------------------------------
+
+# pylint: skip-file
+# flake8: noqa
+
+from azure.cli.core.aaz import *
+
+
+class Assign(AAZCommand):
+ """Assign the user or system managed identities.
+ """
+
+ _aaz_info = {
+ "version": "2024-05-01",
+ "resources": [
+ ["mgmt-plane", "/{scope}/providers/microsoft.authorization/policyassignments/{}", "2024-05-01", "identity"],
+ ]
+ }
+
+ def _handler(self, command_args):
+ super()._handler(command_args)
+ self.SubresourceSelector(ctx=self.ctx, name="subresource")
+ self._execute_operations()
+ return self._output()
+
+ _args_schema = None
+
+ @classmethod
+ def _build_arguments_schema(cls, *args, **kwargs):
+ if cls._args_schema is not None:
+ return cls._args_schema
+ cls._args_schema = super()._build_arguments_schema(*args, **kwargs)
+
+ # define Arg Group ""
+
+ _args_schema = cls._args_schema
+ _args_schema.name = AAZStrArg(
+ options=["-n", "--name"],
+ help="The name of the policy assignment.",
+ required=True,
+ fmt=AAZStrArgFormat(
+ pattern="^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$",
+ ),
+ )
+ _args_schema.scope = AAZStrArg(
+ options=["--scope"],
+ help="The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'",
+ required=True,
+ )
+
+ # define Arg Group "Parameters.identity"
+
+ _args_schema = cls._args_schema
+ _args_schema.mi_system_assigned = AAZStrArg(
+ options=["--system-assigned", "--mi-system-assigned"],
+ arg_group="Parameters.identity",
+ help="Set the system managed identity.",
+ blank="True",
+ )
+ _args_schema.mi_user_assigned = AAZListArg(
+ options=["--user-assigned", "--mi-user-assigned"],
+ arg_group="Parameters.identity",
+ help="Set the user managed identities.",
+ blank=[],
+ )
+
+ mi_user_assigned = cls._args_schema.mi_user_assigned
+ mi_user_assigned.Element = AAZStrArg()
+ return cls._args_schema
+
+ def _execute_operations(self):
+ self.pre_operations()
+ self.PolicyAssignmentsGet(ctx=self.ctx)()
+ self.pre_instance_update(self.ctx.selectors.subresource.required())
+ self.InstanceUpdateByJson(ctx=self.ctx)()
+ self.post_instance_update(self.ctx.selectors.subresource.required())
+ self.PolicyAssignmentsCreate(ctx=self.ctx)()
+ self.post_operations()
+
+ @register_callback
+ def pre_operations(self):
+ pass
+
+ @register_callback
+ def post_operations(self):
+ pass
+
+ @register_callback
+ def pre_instance_update(self, instance):
+ pass
+
+ @register_callback
+ def post_instance_update(self, instance):
+ pass
+
+ def _output(self, *args, **kwargs):
+ result = self.deserialize_output(self.ctx.selectors.subresource.required(), client_flatten=True)
+ return result
+
+ class SubresourceSelector(AAZJsonSelector):
+
+ def _get(self):
+ result = self.ctx.vars.instance
+ return result.identity
+
+ def _set(self, value):
+ result = self.ctx.vars.instance
+ result.identity = value
+ return
+
+ class PolicyAssignmentsGet(AAZHttpOperation):
+ CLIENT_TYPE = "MgmtClient"
+
+ def __call__(self, *args, **kwargs):
+ request = self.make_request()
+ session = self.client.send_request(request=request, stream=False, **kwargs)
+ if session.http_response.status_code in [200]:
+ return self.on_200(session)
+
+ return self.on_error(session.http_response)
+
+ @property
+ def url(self):
+ return self.client.format_url(
+ "/{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}",
+ **self.url_parameters
+ )
+
+ @property
+ def method(self):
+ return "GET"
+
+ @property
+ def error_format(self):
+ return "MgmtErrorFormat"
+
+ @property
+ def url_parameters(self):
+ parameters = {
+ **self.serialize_url_param(
+ "policyAssignmentName", self.ctx.args.name,
+ required=True,
+ ),
+ **self.serialize_url_param(
+ "scope", self.ctx.args.scope,
+ skip_quote=True,
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def query_parameters(self):
+ parameters = {
+ **self.serialize_query_param(
+ "api-version", "2024-05-01",
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def header_parameters(self):
+ parameters = {
+ **self.serialize_header_param(
+ "Accept", "application/json",
+ ),
+ }
+ return parameters
+
+ def on_200(self, session):
+ data = self.deserialize_http_content(session)
+ self.ctx.set_var(
+ "instance",
+ data,
+ schema_builder=self._build_schema_on_200
+ )
+
+ _schema_on_200 = None
+
+ @classmethod
+ def _build_schema_on_200(cls):
+ if cls._schema_on_200 is not None:
+ return cls._schema_on_200
+
+ cls._schema_on_200 = AAZObjectType()
+ _AssignHelper._build_schema_policy_assignment_read(cls._schema_on_200)
+
+ return cls._schema_on_200
+
+ class PolicyAssignmentsCreate(AAZHttpOperation):
+ CLIENT_TYPE = "MgmtClient"
+
+ def __call__(self, *args, **kwargs):
+ request = self.make_request()
+ session = self.client.send_request(request=request, stream=False, **kwargs)
+ if session.http_response.status_code in [201]:
+ return self.on_201(session)
+
+ return self.on_error(session.http_response)
+
+ @property
+ def url(self):
+ return self.client.format_url(
+ "/{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}",
+ **self.url_parameters
+ )
+
+ @property
+ def method(self):
+ return "PUT"
+
+ @property
+ def error_format(self):
+ return "MgmtErrorFormat"
+
+ @property
+ def url_parameters(self):
+ parameters = {
+ **self.serialize_url_param(
+ "policyAssignmentName", self.ctx.args.name,
+ required=True,
+ ),
+ **self.serialize_url_param(
+ "scope", self.ctx.args.scope,
+ skip_quote=True,
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def query_parameters(self):
+ parameters = {
+ **self.serialize_query_param(
+ "api-version", "2024-05-01",
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def header_parameters(self):
+ parameters = {
+ **self.serialize_header_param(
+ "Content-Type", "application/json",
+ ),
+ **self.serialize_header_param(
+ "Accept", "application/json",
+ ),
+ }
+ return parameters
+
+ @property
+ def content(self):
+ _content_value, _builder = self.new_content_builder(
+ self.ctx.args,
+ value=self.ctx.vars.instance,
+ )
+
+ return self.serialize_content(_content_value)
+
+ def on_201(self, session):
+ data = self.deserialize_http_content(session)
+ self.ctx.set_var(
+ "instance",
+ data,
+ schema_builder=self._build_schema_on_201
+ )
+
+ _schema_on_201 = None
+
+ @classmethod
+ def _build_schema_on_201(cls):
+ if cls._schema_on_201 is not None:
+ return cls._schema_on_201
+
+ cls._schema_on_201 = AAZObjectType()
+ _AssignHelper._build_schema_policy_assignment_read(cls._schema_on_201)
+
+ return cls._schema_on_201
+
+ class InstanceUpdateByJson(AAZJsonInstanceUpdateOperation):
+
+ def __call__(self, *args, **kwargs):
+ self._update_instance(self.ctx.selectors.subresource.required())
+
+ def _update_instance(self, instance):
+ _instance_value, _builder = self.new_content_builder(
+ self.ctx.args,
+ value=instance,
+ typ=AAZIdentityObjectType
+ )
+ _builder.set_prop("userAssigned", AAZListType, ".mi_user_assigned", typ_kwargs={"flags": {"action": "assign"}})
+ _builder.set_prop("systemAssigned", AAZStrType, ".mi_system_assigned", typ_kwargs={"flags": {"action": "assign"}})
+
+ user_assigned = _builder.get(".userAssigned")
+ if user_assigned is not None:
+ user_assigned.set_elements(AAZStrType, ".")
+
+ return _instance_value
+
+
+class _AssignHelper:
+ """Helper class for Assign"""
+
+ _schema_policy_assignment_read = None
+
+ @classmethod
+ def _build_schema_policy_assignment_read(cls, _schema):
+ if cls._schema_policy_assignment_read is not None:
+ _schema.id = cls._schema_policy_assignment_read.id
+ _schema.identity = cls._schema_policy_assignment_read.identity
+ _schema.location = cls._schema_policy_assignment_read.location
+ _schema.name = cls._schema_policy_assignment_read.name
+ _schema.properties = cls._schema_policy_assignment_read.properties
+ _schema.system_data = cls._schema_policy_assignment_read.system_data
+ _schema.type = cls._schema_policy_assignment_read.type
+ return
+
+ cls._schema_policy_assignment_read = _schema_policy_assignment_read = AAZObjectType()
+
+ policy_assignment_read = _schema_policy_assignment_read
+ policy_assignment_read.id = AAZStrType(
+ flags={"read_only": True},
+ )
+ policy_assignment_read.identity = AAZIdentityObjectType()
+ policy_assignment_read.location = AAZStrType()
+ policy_assignment_read.name = AAZStrType(
+ flags={"read_only": True},
+ )
+ policy_assignment_read.properties = AAZObjectType(
+ flags={"client_flatten": True},
+ )
+ policy_assignment_read.system_data = AAZObjectType(
+ serialized_name="systemData",
+ flags={"read_only": True},
+ )
+ policy_assignment_read.type = AAZStrType(
+ flags={"read_only": True},
+ )
+
+ identity = _schema_policy_assignment_read.identity
+ identity.principal_id = AAZStrType(
+ serialized_name="principalId",
+ flags={"read_only": True},
+ )
+ identity.tenant_id = AAZStrType(
+ serialized_name="tenantId",
+ flags={"read_only": True},
+ )
+ identity.type = AAZStrType()
+ identity.user_assigned_identities = AAZDictType(
+ serialized_name="userAssignedIdentities",
+ )
+
+ user_assigned_identities = _schema_policy_assignment_read.identity.user_assigned_identities
+ user_assigned_identities.Element = AAZObjectType()
+
+ _element = _schema_policy_assignment_read.identity.user_assigned_identities.Element
+ _element.client_id = AAZStrType(
+ serialized_name="clientId",
+ flags={"read_only": True},
+ )
+ _element.principal_id = AAZStrType(
+ serialized_name="principalId",
+ flags={"read_only": True},
+ )
+
+ properties = _schema_policy_assignment_read.properties
+ properties.assignment_type = AAZStrType(
+ serialized_name="assignmentType",
+ )
+ properties.definition_version = AAZStrType(
+ serialized_name="definitionVersion",
+ )
+ properties.description = AAZStrType()
+ properties.display_name = AAZStrType(
+ serialized_name="displayName",
+ )
+ properties.effective_definition_version = AAZStrType(
+ serialized_name="effectiveDefinitionVersion",
+ flags={"read_only": True},
+ )
+ properties.enforcement_mode = AAZStrType(
+ serialized_name="enforcementMode",
+ )
+ properties.latest_definition_version = AAZStrType(
+ serialized_name="latestDefinitionVersion",
+ flags={"read_only": True},
+ )
+ properties.metadata = AAZDictType()
+ properties.non_compliance_messages = AAZListType(
+ serialized_name="nonComplianceMessages",
+ )
+ properties.not_scopes = AAZListType(
+ serialized_name="notScopes",
+ )
+ properties.overrides = AAZListType()
+ properties.parameters = AAZDictType()
+ properties.policy_definition_id = AAZStrType(
+ serialized_name="policyDefinitionId",
+ )
+ properties.resource_selectors = AAZListType(
+ serialized_name="resourceSelectors",
+ )
+ properties.scope = AAZStrType(
+ flags={"read_only": True},
+ )
+
+ metadata = _schema_policy_assignment_read.properties.metadata
+ metadata.Element = AAZAnyType()
+
+ non_compliance_messages = _schema_policy_assignment_read.properties.non_compliance_messages
+ non_compliance_messages.Element = AAZObjectType()
+
+ _element = _schema_policy_assignment_read.properties.non_compliance_messages.Element
+ _element.message = AAZStrType(
+ flags={"required": True},
+ )
+ _element.policy_definition_reference_id = AAZStrType(
+ serialized_name="policyDefinitionReferenceId",
+ )
+
+ not_scopes = _schema_policy_assignment_read.properties.not_scopes
+ not_scopes.Element = AAZStrType()
+
+ overrides = _schema_policy_assignment_read.properties.overrides
+ overrides.Element = AAZObjectType()
+
+ _element = _schema_policy_assignment_read.properties.overrides.Element
+ _element.kind = AAZStrType()
+ _element.selectors = AAZListType()
+ _element.value = AAZStrType()
+
+ selectors = _schema_policy_assignment_read.properties.overrides.Element.selectors
+ selectors.Element = AAZObjectType()
+ cls._build_schema_selector_read(selectors.Element)
+
+ parameters = _schema_policy_assignment_read.properties.parameters
+ parameters.Element = AAZObjectType()
+
+ _element = _schema_policy_assignment_read.properties.parameters.Element
+ _element.value = AAZDictType()
+
+ value = _schema_policy_assignment_read.properties.parameters.Element.value
+ value.Element = AAZAnyType()
+
+ resource_selectors = _schema_policy_assignment_read.properties.resource_selectors
+ resource_selectors.Element = AAZObjectType()
+
+ _element = _schema_policy_assignment_read.properties.resource_selectors.Element
+ _element.name = AAZStrType()
+ _element.selectors = AAZListType()
+
+ selectors = _schema_policy_assignment_read.properties.resource_selectors.Element.selectors
+ selectors.Element = AAZObjectType()
+ cls._build_schema_selector_read(selectors.Element)
+
+ system_data = _schema_policy_assignment_read.system_data
+ system_data.created_at = AAZStrType(
+ serialized_name="createdAt",
+ )
+ system_data.created_by = AAZStrType(
+ serialized_name="createdBy",
+ )
+ system_data.created_by_type = AAZStrType(
+ serialized_name="createdByType",
+ )
+ system_data.last_modified_at = AAZStrType(
+ serialized_name="lastModifiedAt",
+ )
+ system_data.last_modified_by = AAZStrType(
+ serialized_name="lastModifiedBy",
+ )
+ system_data.last_modified_by_type = AAZStrType(
+ serialized_name="lastModifiedByType",
+ )
+
+ _schema.id = cls._schema_policy_assignment_read.id
+ _schema.identity = cls._schema_policy_assignment_read.identity
+ _schema.location = cls._schema_policy_assignment_read.location
+ _schema.name = cls._schema_policy_assignment_read.name
+ _schema.properties = cls._schema_policy_assignment_read.properties
+ _schema.system_data = cls._schema_policy_assignment_read.system_data
+ _schema.type = cls._schema_policy_assignment_read.type
+
+ _schema_selector_read = None
+
+ @classmethod
+ def _build_schema_selector_read(cls, _schema):
+ if cls._schema_selector_read is not None:
+ _schema["in"] = cls._schema_selector_read["in"]
+ _schema.kind = cls._schema_selector_read.kind
+ _schema.not_in = cls._schema_selector_read.not_in
+ return
+
+ cls._schema_selector_read = _schema_selector_read = AAZObjectType()
+
+ selector_read = _schema_selector_read
+ selector_read["in"] = AAZListType()
+ selector_read.kind = AAZStrType()
+ selector_read.not_in = AAZListType(
+ serialized_name="notIn",
+ )
+
+ in_ = _schema_selector_read["in"]
+ in_.Element = AAZStrType()
+
+ not_in = _schema_selector_read.not_in
+ not_in.Element = AAZStrType()
+
+ _schema["in"] = cls._schema_selector_read["in"]
+ _schema.kind = cls._schema_selector_read.kind
+ _schema.not_in = cls._schema_selector_read.not_in
+
+
+__all__ = ["Assign"]
diff --git a/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/assignment/identity/_remove.py b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/assignment/identity/_remove.py
new file mode 100644
index 00000000000..469926930bb
--- /dev/null
+++ b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/assignment/identity/_remove.py
@@ -0,0 +1,523 @@
+# --------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for license information.
+#
+# Code generated by aaz-dev-tools
+# --------------------------------------------------------------------------------------------
+
+# pylint: skip-file
+# flake8: noqa
+
+from azure.cli.core.aaz import *
+
+
+class Remove(AAZCommand):
+ """Remove the user or system managed identities.
+ """
+
+ _aaz_info = {
+ "version": "2024-05-01",
+ "resources": [
+ ["mgmt-plane", "/{scope}/providers/microsoft.authorization/policyassignments/{}", "2024-05-01", "identity"],
+ ]
+ }
+
+ def _handler(self, command_args):
+ super()._handler(command_args)
+ self.SubresourceSelector(ctx=self.ctx, name="subresource")
+ self._execute_operations()
+ return self._output()
+
+ _args_schema = None
+
+ @classmethod
+ def _build_arguments_schema(cls, *args, **kwargs):
+ if cls._args_schema is not None:
+ return cls._args_schema
+ cls._args_schema = super()._build_arguments_schema(*args, **kwargs)
+
+ # define Arg Group ""
+
+ _args_schema = cls._args_schema
+ _args_schema.name = AAZStrArg(
+ options=["-n", "--name"],
+ help="The name of the policy assignment.",
+ required=True,
+ fmt=AAZStrArgFormat(
+ pattern="^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$",
+ ),
+ )
+ _args_schema.scope = AAZStrArg(
+ options=["--scope"],
+ help="The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'",
+ required=True,
+ )
+
+ # define Arg Group "Parameters.identity"
+
+ _args_schema = cls._args_schema
+ _args_schema.mi_system_assigned = AAZStrArg(
+ options=["--system-assigned", "--mi-system-assigned"],
+ arg_group="Parameters.identity",
+ help="Set the system managed identity.",
+ blank="True",
+ )
+ _args_schema.mi_user_assigned = AAZListArg(
+ options=["--user-assigned", "--mi-user-assigned"],
+ arg_group="Parameters.identity",
+ help="Set the user managed identities.",
+ blank=[],
+ )
+
+ mi_user_assigned = cls._args_schema.mi_user_assigned
+ mi_user_assigned.Element = AAZStrArg()
+ return cls._args_schema
+
+ def _execute_operations(self):
+ self.pre_operations()
+ self.PolicyAssignmentsGet(ctx=self.ctx)()
+ self.pre_instance_update(self.ctx.selectors.subresource.required())
+ self.InstanceUpdateByJson(ctx=self.ctx)()
+ self.post_instance_update(self.ctx.selectors.subresource.required())
+ self.PolicyAssignmentsCreate(ctx=self.ctx)()
+ self.post_operations()
+
+ @register_callback
+ def pre_operations(self):
+ pass
+
+ @register_callback
+ def post_operations(self):
+ pass
+
+ @register_callback
+ def pre_instance_update(self, instance):
+ pass
+
+ @register_callback
+ def post_instance_update(self, instance):
+ pass
+
+ def _output(self, *args, **kwargs):
+ result = self.deserialize_output(self.ctx.selectors.subresource.required(), client_flatten=True)
+ return result
+
+ class SubresourceSelector(AAZJsonSelector):
+
+ def _get(self):
+ result = self.ctx.vars.instance
+ return result.identity
+
+ def _set(self, value):
+ result = self.ctx.vars.instance
+ result.identity = value
+ return
+
+ class PolicyAssignmentsGet(AAZHttpOperation):
+ CLIENT_TYPE = "MgmtClient"
+
+ def __call__(self, *args, **kwargs):
+ request = self.make_request()
+ session = self.client.send_request(request=request, stream=False, **kwargs)
+ if session.http_response.status_code in [200]:
+ return self.on_200(session)
+
+ return self.on_error(session.http_response)
+
+ @property
+ def url(self):
+ return self.client.format_url(
+ "/{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}",
+ **self.url_parameters
+ )
+
+ @property
+ def method(self):
+ return "GET"
+
+ @property
+ def error_format(self):
+ return "MgmtErrorFormat"
+
+ @property
+ def url_parameters(self):
+ parameters = {
+ **self.serialize_url_param(
+ "policyAssignmentName", self.ctx.args.name,
+ required=True,
+ ),
+ **self.serialize_url_param(
+ "scope", self.ctx.args.scope,
+ skip_quote=True,
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def query_parameters(self):
+ parameters = {
+ **self.serialize_query_param(
+ "api-version", "2024-05-01",
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def header_parameters(self):
+ parameters = {
+ **self.serialize_header_param(
+ "Accept", "application/json",
+ ),
+ }
+ return parameters
+
+ def on_200(self, session):
+ data = self.deserialize_http_content(session)
+ self.ctx.set_var(
+ "instance",
+ data,
+ schema_builder=self._build_schema_on_200
+ )
+
+ _schema_on_200 = None
+
+ @classmethod
+ def _build_schema_on_200(cls):
+ if cls._schema_on_200 is not None:
+ return cls._schema_on_200
+
+ cls._schema_on_200 = AAZObjectType()
+ _RemoveHelper._build_schema_policy_assignment_read(cls._schema_on_200)
+
+ return cls._schema_on_200
+
+ class PolicyAssignmentsCreate(AAZHttpOperation):
+ CLIENT_TYPE = "MgmtClient"
+
+ def __call__(self, *args, **kwargs):
+ request = self.make_request()
+ session = self.client.send_request(request=request, stream=False, **kwargs)
+ if session.http_response.status_code in [201]:
+ return self.on_201(session)
+
+ return self.on_error(session.http_response)
+
+ @property
+ def url(self):
+ return self.client.format_url(
+ "/{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}",
+ **self.url_parameters
+ )
+
+ @property
+ def method(self):
+ return "PUT"
+
+ @property
+ def error_format(self):
+ return "MgmtErrorFormat"
+
+ @property
+ def url_parameters(self):
+ parameters = {
+ **self.serialize_url_param(
+ "policyAssignmentName", self.ctx.args.name,
+ required=True,
+ ),
+ **self.serialize_url_param(
+ "scope", self.ctx.args.scope,
+ skip_quote=True,
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def query_parameters(self):
+ parameters = {
+ **self.serialize_query_param(
+ "api-version", "2024-05-01",
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def header_parameters(self):
+ parameters = {
+ **self.serialize_header_param(
+ "Content-Type", "application/json",
+ ),
+ **self.serialize_header_param(
+ "Accept", "application/json",
+ ),
+ }
+ return parameters
+
+ @property
+ def content(self):
+ _content_value, _builder = self.new_content_builder(
+ self.ctx.args,
+ value=self.ctx.vars.instance,
+ )
+
+ return self.serialize_content(_content_value)
+
+ def on_201(self, session):
+ data = self.deserialize_http_content(session)
+ self.ctx.set_var(
+ "instance",
+ data,
+ schema_builder=self._build_schema_on_201
+ )
+
+ _schema_on_201 = None
+
+ @classmethod
+ def _build_schema_on_201(cls):
+ if cls._schema_on_201 is not None:
+ return cls._schema_on_201
+
+ cls._schema_on_201 = AAZObjectType()
+ _RemoveHelper._build_schema_policy_assignment_read(cls._schema_on_201)
+
+ return cls._schema_on_201
+
+ class InstanceUpdateByJson(AAZJsonInstanceUpdateOperation):
+
+ def __call__(self, *args, **kwargs):
+ self._update_instance(self.ctx.selectors.subresource.required())
+
+ def _update_instance(self, instance):
+ _instance_value, _builder = self.new_content_builder(
+ self.ctx.args,
+ value=instance,
+ typ=AAZIdentityObjectType
+ )
+ _builder.set_prop("userAssigned", AAZListType, ".mi_user_assigned", typ_kwargs={"flags": {"action": "remove"}})
+ _builder.set_prop("systemAssigned", AAZStrType, ".mi_system_assigned", typ_kwargs={"flags": {"action": "remove"}})
+
+ user_assigned = _builder.get(".userAssigned")
+ if user_assigned is not None:
+ user_assigned.set_elements(AAZStrType, ".")
+
+ return _instance_value
+
+
+class _RemoveHelper:
+ """Helper class for Remove"""
+
+ _schema_policy_assignment_read = None
+
+ @classmethod
+ def _build_schema_policy_assignment_read(cls, _schema):
+ if cls._schema_policy_assignment_read is not None:
+ _schema.id = cls._schema_policy_assignment_read.id
+ _schema.identity = cls._schema_policy_assignment_read.identity
+ _schema.location = cls._schema_policy_assignment_read.location
+ _schema.name = cls._schema_policy_assignment_read.name
+ _schema.properties = cls._schema_policy_assignment_read.properties
+ _schema.system_data = cls._schema_policy_assignment_read.system_data
+ _schema.type = cls._schema_policy_assignment_read.type
+ return
+
+ cls._schema_policy_assignment_read = _schema_policy_assignment_read = AAZObjectType()
+
+ policy_assignment_read = _schema_policy_assignment_read
+ policy_assignment_read.id = AAZStrType(
+ flags={"read_only": True},
+ )
+ policy_assignment_read.identity = AAZIdentityObjectType()
+ policy_assignment_read.location = AAZStrType()
+ policy_assignment_read.name = AAZStrType(
+ flags={"read_only": True},
+ )
+ policy_assignment_read.properties = AAZObjectType(
+ flags={"client_flatten": True},
+ )
+ policy_assignment_read.system_data = AAZObjectType(
+ serialized_name="systemData",
+ flags={"read_only": True},
+ )
+ policy_assignment_read.type = AAZStrType(
+ flags={"read_only": True},
+ )
+
+ identity = _schema_policy_assignment_read.identity
+ identity.principal_id = AAZStrType(
+ serialized_name="principalId",
+ flags={"read_only": True},
+ )
+ identity.tenant_id = AAZStrType(
+ serialized_name="tenantId",
+ flags={"read_only": True},
+ )
+ identity.type = AAZStrType()
+ identity.user_assigned_identities = AAZDictType(
+ serialized_name="userAssignedIdentities",
+ )
+
+ user_assigned_identities = _schema_policy_assignment_read.identity.user_assigned_identities
+ user_assigned_identities.Element = AAZObjectType()
+
+ _element = _schema_policy_assignment_read.identity.user_assigned_identities.Element
+ _element.client_id = AAZStrType(
+ serialized_name="clientId",
+ flags={"read_only": True},
+ )
+ _element.principal_id = AAZStrType(
+ serialized_name="principalId",
+ flags={"read_only": True},
+ )
+
+ properties = _schema_policy_assignment_read.properties
+ properties.assignment_type = AAZStrType(
+ serialized_name="assignmentType",
+ )
+ properties.definition_version = AAZStrType(
+ serialized_name="definitionVersion",
+ )
+ properties.description = AAZStrType()
+ properties.display_name = AAZStrType(
+ serialized_name="displayName",
+ )
+ properties.effective_definition_version = AAZStrType(
+ serialized_name="effectiveDefinitionVersion",
+ flags={"read_only": True},
+ )
+ properties.enforcement_mode = AAZStrType(
+ serialized_name="enforcementMode",
+ )
+ properties.latest_definition_version = AAZStrType(
+ serialized_name="latestDefinitionVersion",
+ flags={"read_only": True},
+ )
+ properties.metadata = AAZDictType()
+ properties.non_compliance_messages = AAZListType(
+ serialized_name="nonComplianceMessages",
+ )
+ properties.not_scopes = AAZListType(
+ serialized_name="notScopes",
+ )
+ properties.overrides = AAZListType()
+ properties.parameters = AAZDictType()
+ properties.policy_definition_id = AAZStrType(
+ serialized_name="policyDefinitionId",
+ )
+ properties.resource_selectors = AAZListType(
+ serialized_name="resourceSelectors",
+ )
+ properties.scope = AAZStrType(
+ flags={"read_only": True},
+ )
+
+ metadata = _schema_policy_assignment_read.properties.metadata
+ metadata.Element = AAZAnyType()
+
+ non_compliance_messages = _schema_policy_assignment_read.properties.non_compliance_messages
+ non_compliance_messages.Element = AAZObjectType()
+
+ _element = _schema_policy_assignment_read.properties.non_compliance_messages.Element
+ _element.message = AAZStrType(
+ flags={"required": True},
+ )
+ _element.policy_definition_reference_id = AAZStrType(
+ serialized_name="policyDefinitionReferenceId",
+ )
+
+ not_scopes = _schema_policy_assignment_read.properties.not_scopes
+ not_scopes.Element = AAZStrType()
+
+ overrides = _schema_policy_assignment_read.properties.overrides
+ overrides.Element = AAZObjectType()
+
+ _element = _schema_policy_assignment_read.properties.overrides.Element
+ _element.kind = AAZStrType()
+ _element.selectors = AAZListType()
+ _element.value = AAZStrType()
+
+ selectors = _schema_policy_assignment_read.properties.overrides.Element.selectors
+ selectors.Element = AAZObjectType()
+ cls._build_schema_selector_read(selectors.Element)
+
+ parameters = _schema_policy_assignment_read.properties.parameters
+ parameters.Element = AAZObjectType()
+
+ _element = _schema_policy_assignment_read.properties.parameters.Element
+ _element.value = AAZDictType()
+
+ value = _schema_policy_assignment_read.properties.parameters.Element.value
+ value.Element = AAZAnyType()
+
+ resource_selectors = _schema_policy_assignment_read.properties.resource_selectors
+ resource_selectors.Element = AAZObjectType()
+
+ _element = _schema_policy_assignment_read.properties.resource_selectors.Element
+ _element.name = AAZStrType()
+ _element.selectors = AAZListType()
+
+ selectors = _schema_policy_assignment_read.properties.resource_selectors.Element.selectors
+ selectors.Element = AAZObjectType()
+ cls._build_schema_selector_read(selectors.Element)
+
+ system_data = _schema_policy_assignment_read.system_data
+ system_data.created_at = AAZStrType(
+ serialized_name="createdAt",
+ )
+ system_data.created_by = AAZStrType(
+ serialized_name="createdBy",
+ )
+ system_data.created_by_type = AAZStrType(
+ serialized_name="createdByType",
+ )
+ system_data.last_modified_at = AAZStrType(
+ serialized_name="lastModifiedAt",
+ )
+ system_data.last_modified_by = AAZStrType(
+ serialized_name="lastModifiedBy",
+ )
+ system_data.last_modified_by_type = AAZStrType(
+ serialized_name="lastModifiedByType",
+ )
+
+ _schema.id = cls._schema_policy_assignment_read.id
+ _schema.identity = cls._schema_policy_assignment_read.identity
+ _schema.location = cls._schema_policy_assignment_read.location
+ _schema.name = cls._schema_policy_assignment_read.name
+ _schema.properties = cls._schema_policy_assignment_read.properties
+ _schema.system_data = cls._schema_policy_assignment_read.system_data
+ _schema.type = cls._schema_policy_assignment_read.type
+
+ _schema_selector_read = None
+
+ @classmethod
+ def _build_schema_selector_read(cls, _schema):
+ if cls._schema_selector_read is not None:
+ _schema["in"] = cls._schema_selector_read["in"]
+ _schema.kind = cls._schema_selector_read.kind
+ _schema.not_in = cls._schema_selector_read.not_in
+ return
+
+ cls._schema_selector_read = _schema_selector_read = AAZObjectType()
+
+ selector_read = _schema_selector_read
+ selector_read["in"] = AAZListType()
+ selector_read.kind = AAZStrType()
+ selector_read.not_in = AAZListType(
+ serialized_name="notIn",
+ )
+
+ in_ = _schema_selector_read["in"]
+ in_.Element = AAZStrType()
+
+ not_in = _schema_selector_read.not_in
+ not_in.Element = AAZStrType()
+
+ _schema["in"] = cls._schema_selector_read["in"]
+ _schema.kind = cls._schema_selector_read.kind
+ _schema.not_in = cls._schema_selector_read.not_in
+
+
+__all__ = ["Remove"]
diff --git a/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/assignment/identity/_show.py b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/assignment/identity/_show.py
new file mode 100644
index 00000000000..57b03f01aff
--- /dev/null
+++ b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/assignment/identity/_show.py
@@ -0,0 +1,380 @@
+# --------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for license information.
+#
+# Code generated by aaz-dev-tools
+# --------------------------------------------------------------------------------------------
+
+# pylint: skip-file
+# flake8: noqa
+
+from azure.cli.core.aaz import *
+
+
+class Show(AAZCommand):
+ """Show the details of managed identities.
+ """
+
+ _aaz_info = {
+ "version": "2024-05-01",
+ "resources": [
+ ["mgmt-plane", "/{scope}/providers/microsoft.authorization/policyassignments/{}", "2024-05-01", "identity"],
+ ]
+ }
+
+ def _handler(self, command_args):
+ super()._handler(command_args)
+ self.SubresourceSelector(ctx=self.ctx, name="subresource")
+ self._execute_operations()
+ return self._output()
+
+ _args_schema = None
+
+ @classmethod
+ def _build_arguments_schema(cls, *args, **kwargs):
+ if cls._args_schema is not None:
+ return cls._args_schema
+ cls._args_schema = super()._build_arguments_schema(*args, **kwargs)
+
+ # define Arg Group ""
+
+ _args_schema = cls._args_schema
+ _args_schema.name = AAZStrArg(
+ options=["-n", "--name"],
+ help="The name of the policy assignment.",
+ required=True,
+ fmt=AAZStrArgFormat(
+ pattern="^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$",
+ ),
+ )
+ _args_schema.scope = AAZStrArg(
+ options=["--scope"],
+ help="The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'",
+ required=True,
+ )
+ return cls._args_schema
+
+ def _execute_operations(self):
+ self.pre_operations()
+ self.PolicyAssignmentsGet(ctx=self.ctx)()
+ self.post_operations()
+
+ @register_callback
+ def pre_operations(self):
+ pass
+
+ @register_callback
+ def post_operations(self):
+ pass
+
+ def _output(self, *args, **kwargs):
+ result = self.deserialize_output(self.ctx.selectors.subresource.required(), client_flatten=True)
+ return result
+
+ class SubresourceSelector(AAZJsonSelector):
+
+ def _get(self):
+ result = self.ctx.vars.instance
+ return result.identity
+
+ def _set(self, value):
+ result = self.ctx.vars.instance
+ result.identity = value
+ return
+
+ class PolicyAssignmentsGet(AAZHttpOperation):
+ CLIENT_TYPE = "MgmtClient"
+
+ def __call__(self, *args, **kwargs):
+ request = self.make_request()
+ session = self.client.send_request(request=request, stream=False, **kwargs)
+ if session.http_response.status_code in [200]:
+ return self.on_200(session)
+
+ return self.on_error(session.http_response)
+
+ @property
+ def url(self):
+ return self.client.format_url(
+ "/{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}",
+ **self.url_parameters
+ )
+
+ @property
+ def method(self):
+ return "GET"
+
+ @property
+ def error_format(self):
+ return "MgmtErrorFormat"
+
+ @property
+ def url_parameters(self):
+ parameters = {
+ **self.serialize_url_param(
+ "policyAssignmentName", self.ctx.args.name,
+ required=True,
+ ),
+ **self.serialize_url_param(
+ "scope", self.ctx.args.scope,
+ skip_quote=True,
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def query_parameters(self):
+ parameters = {
+ **self.serialize_query_param(
+ "api-version", "2024-05-01",
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def header_parameters(self):
+ parameters = {
+ **self.serialize_header_param(
+ "Accept", "application/json",
+ ),
+ }
+ return parameters
+
+ def on_200(self, session):
+ data = self.deserialize_http_content(session)
+ self.ctx.set_var(
+ "instance",
+ data,
+ schema_builder=self._build_schema_on_200
+ )
+
+ _schema_on_200 = None
+
+ @classmethod
+ def _build_schema_on_200(cls):
+ if cls._schema_on_200 is not None:
+ return cls._schema_on_200
+
+ cls._schema_on_200 = AAZObjectType()
+ _ShowHelper._build_schema_policy_assignment_read(cls._schema_on_200)
+
+ return cls._schema_on_200
+
+
+class _ShowHelper:
+ """Helper class for Show"""
+
+ _schema_policy_assignment_read = None
+
+ @classmethod
+ def _build_schema_policy_assignment_read(cls, _schema):
+ if cls._schema_policy_assignment_read is not None:
+ _schema.id = cls._schema_policy_assignment_read.id
+ _schema.identity = cls._schema_policy_assignment_read.identity
+ _schema.location = cls._schema_policy_assignment_read.location
+ _schema.name = cls._schema_policy_assignment_read.name
+ _schema.properties = cls._schema_policy_assignment_read.properties
+ _schema.system_data = cls._schema_policy_assignment_read.system_data
+ _schema.type = cls._schema_policy_assignment_read.type
+ return
+
+ cls._schema_policy_assignment_read = _schema_policy_assignment_read = AAZObjectType()
+
+ policy_assignment_read = _schema_policy_assignment_read
+ policy_assignment_read.id = AAZStrType(
+ flags={"read_only": True},
+ )
+ policy_assignment_read.identity = AAZIdentityObjectType()
+ policy_assignment_read.location = AAZStrType()
+ policy_assignment_read.name = AAZStrType(
+ flags={"read_only": True},
+ )
+ policy_assignment_read.properties = AAZObjectType(
+ flags={"client_flatten": True},
+ )
+ policy_assignment_read.system_data = AAZObjectType(
+ serialized_name="systemData",
+ flags={"read_only": True},
+ )
+ policy_assignment_read.type = AAZStrType(
+ flags={"read_only": True},
+ )
+
+ identity = _schema_policy_assignment_read.identity
+ identity.principal_id = AAZStrType(
+ serialized_name="principalId",
+ flags={"read_only": True},
+ )
+ identity.tenant_id = AAZStrType(
+ serialized_name="tenantId",
+ flags={"read_only": True},
+ )
+ identity.type = AAZStrType()
+ identity.user_assigned_identities = AAZDictType(
+ serialized_name="userAssignedIdentities",
+ )
+
+ user_assigned_identities = _schema_policy_assignment_read.identity.user_assigned_identities
+ user_assigned_identities.Element = AAZObjectType()
+
+ _element = _schema_policy_assignment_read.identity.user_assigned_identities.Element
+ _element.client_id = AAZStrType(
+ serialized_name="clientId",
+ flags={"read_only": True},
+ )
+ _element.principal_id = AAZStrType(
+ serialized_name="principalId",
+ flags={"read_only": True},
+ )
+
+ properties = _schema_policy_assignment_read.properties
+ properties.assignment_type = AAZStrType(
+ serialized_name="assignmentType",
+ )
+ properties.definition_version = AAZStrType(
+ serialized_name="definitionVersion",
+ )
+ properties.description = AAZStrType()
+ properties.display_name = AAZStrType(
+ serialized_name="displayName",
+ )
+ properties.effective_definition_version = AAZStrType(
+ serialized_name="effectiveDefinitionVersion",
+ flags={"read_only": True},
+ )
+ properties.enforcement_mode = AAZStrType(
+ serialized_name="enforcementMode",
+ )
+ properties.latest_definition_version = AAZStrType(
+ serialized_name="latestDefinitionVersion",
+ flags={"read_only": True},
+ )
+ properties.metadata = AAZDictType()
+ properties.non_compliance_messages = AAZListType(
+ serialized_name="nonComplianceMessages",
+ )
+ properties.not_scopes = AAZListType(
+ serialized_name="notScopes",
+ )
+ properties.overrides = AAZListType()
+ properties.parameters = AAZDictType()
+ properties.policy_definition_id = AAZStrType(
+ serialized_name="policyDefinitionId",
+ )
+ properties.resource_selectors = AAZListType(
+ serialized_name="resourceSelectors",
+ )
+ properties.scope = AAZStrType(
+ flags={"read_only": True},
+ )
+
+ metadata = _schema_policy_assignment_read.properties.metadata
+ metadata.Element = AAZAnyType()
+
+ non_compliance_messages = _schema_policy_assignment_read.properties.non_compliance_messages
+ non_compliance_messages.Element = AAZObjectType()
+
+ _element = _schema_policy_assignment_read.properties.non_compliance_messages.Element
+ _element.message = AAZStrType(
+ flags={"required": True},
+ )
+ _element.policy_definition_reference_id = AAZStrType(
+ serialized_name="policyDefinitionReferenceId",
+ )
+
+ not_scopes = _schema_policy_assignment_read.properties.not_scopes
+ not_scopes.Element = AAZStrType()
+
+ overrides = _schema_policy_assignment_read.properties.overrides
+ overrides.Element = AAZObjectType()
+
+ _element = _schema_policy_assignment_read.properties.overrides.Element
+ _element.kind = AAZStrType()
+ _element.selectors = AAZListType()
+ _element.value = AAZStrType()
+
+ selectors = _schema_policy_assignment_read.properties.overrides.Element.selectors
+ selectors.Element = AAZObjectType()
+ cls._build_schema_selector_read(selectors.Element)
+
+ parameters = _schema_policy_assignment_read.properties.parameters
+ parameters.Element = AAZObjectType()
+
+ _element = _schema_policy_assignment_read.properties.parameters.Element
+ _element.value = AAZDictType()
+
+ value = _schema_policy_assignment_read.properties.parameters.Element.value
+ value.Element = AAZAnyType()
+
+ resource_selectors = _schema_policy_assignment_read.properties.resource_selectors
+ resource_selectors.Element = AAZObjectType()
+
+ _element = _schema_policy_assignment_read.properties.resource_selectors.Element
+ _element.name = AAZStrType()
+ _element.selectors = AAZListType()
+
+ selectors = _schema_policy_assignment_read.properties.resource_selectors.Element.selectors
+ selectors.Element = AAZObjectType()
+ cls._build_schema_selector_read(selectors.Element)
+
+ system_data = _schema_policy_assignment_read.system_data
+ system_data.created_at = AAZStrType(
+ serialized_name="createdAt",
+ )
+ system_data.created_by = AAZStrType(
+ serialized_name="createdBy",
+ )
+ system_data.created_by_type = AAZStrType(
+ serialized_name="createdByType",
+ )
+ system_data.last_modified_at = AAZStrType(
+ serialized_name="lastModifiedAt",
+ )
+ system_data.last_modified_by = AAZStrType(
+ serialized_name="lastModifiedBy",
+ )
+ system_data.last_modified_by_type = AAZStrType(
+ serialized_name="lastModifiedByType",
+ )
+
+ _schema.id = cls._schema_policy_assignment_read.id
+ _schema.identity = cls._schema_policy_assignment_read.identity
+ _schema.location = cls._schema_policy_assignment_read.location
+ _schema.name = cls._schema_policy_assignment_read.name
+ _schema.properties = cls._schema_policy_assignment_read.properties
+ _schema.system_data = cls._schema_policy_assignment_read.system_data
+ _schema.type = cls._schema_policy_assignment_read.type
+
+ _schema_selector_read = None
+
+ @classmethod
+ def _build_schema_selector_read(cls, _schema):
+ if cls._schema_selector_read is not None:
+ _schema["in"] = cls._schema_selector_read["in"]
+ _schema.kind = cls._schema_selector_read.kind
+ _schema.not_in = cls._schema_selector_read.not_in
+ return
+
+ cls._schema_selector_read = _schema_selector_read = AAZObjectType()
+
+ selector_read = _schema_selector_read
+ selector_read["in"] = AAZListType()
+ selector_read.kind = AAZStrType()
+ selector_read.not_in = AAZListType(
+ serialized_name="notIn",
+ )
+
+ in_ = _schema_selector_read["in"]
+ in_.Element = AAZStrType()
+
+ not_in = _schema_selector_read.not_in
+ not_in.Element = AAZStrType()
+
+ _schema["in"] = cls._schema_selector_read["in"]
+ _schema.kind = cls._schema_selector_read.kind
+ _schema.not_in = cls._schema_selector_read.not_in
+
+
+__all__ = ["Show"]
diff --git a/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/definition/__cmd_group.py b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/definition/__cmd_group.py
new file mode 100644
index 00000000000..373b728b1e4
--- /dev/null
+++ b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/definition/__cmd_group.py
@@ -0,0 +1,22 @@
+# --------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for license information.
+#
+# Code generated by aaz-dev-tools
+# --------------------------------------------------------------------------------------------
+
+# pylint: skip-file
+# flake8: noqa
+
+from azure.cli.core.aaz import *
+
+
+class __CMDGroup(AAZCommandGroup):
+ """Manage policy definitions.
+
+ Manage policy definitions, which are rules that specify allowed or disallowed resource configurations.
+ """
+ pass
+
+
+__all__ = ["__CMDGroup"]
diff --git a/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/definition/__init__.py b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/definition/__init__.py
new file mode 100644
index 00000000000..97725175fae
--- /dev/null
+++ b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/definition/__init__.py
@@ -0,0 +1,17 @@
+# --------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for license information.
+#
+# Code generated by aaz-dev-tools
+# --------------------------------------------------------------------------------------------
+
+# pylint: skip-file
+# flake8: noqa
+
+from .__cmd_group import *
+from ._create import *
+from ._delete import *
+from ._list import *
+from ._show import *
+from ._show_untitled1 import *
+from ._update import *
diff --git a/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/definition/_create.py b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/definition/_create.py
new file mode 100644
index 00000000000..a0451efe1fd
--- /dev/null
+++ b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/definition/_create.py
@@ -0,0 +1,649 @@
+# --------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for license information.
+#
+# Code generated by aaz-dev-tools
+# --------------------------------------------------------------------------------------------
+
+# pylint: skip-file
+# flake8: noqa
+
+from azure.cli.core.aaz import *
+
+
+class Create(AAZCommand):
+ """Create operation creates or updates a policy definition in the given management group with the given name.
+ """
+
+ _aaz_info = {
+ "version": "2024-05-01",
+ "resources": [
+ ["mgmt-plane", "/providers/microsoft.management/managementgroups/{}/providers/microsoft.authorization/policydefinitions/{}", "2024-05-01"],
+ ["mgmt-plane", "/subscriptions/{}/providers/microsoft.authorization/policydefinitions/{}", "2024-05-01"],
+ ]
+ }
+
+ def _handler(self, command_args):
+ super()._handler(command_args)
+ self._execute_operations()
+ return self._output()
+
+ _args_schema = None
+
+ @classmethod
+ def _build_arguments_schema(cls, *args, **kwargs):
+ if cls._args_schema is not None:
+ return cls._args_schema
+ cls._args_schema = super()._build_arguments_schema(*args, **kwargs)
+
+ # define Arg Group ""
+
+ _args_schema = cls._args_schema
+ _args_schema.management_group = AAZStrArg(
+ options=["--management-group"],
+ help="The ID of the management group.",
+ )
+ _args_schema.name = AAZStrArg(
+ options=["-n", "--name"],
+ help="The name of the policy definition to create.",
+ required=True,
+ fmt=AAZStrArgFormat(
+ pattern="^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$",
+ ),
+ )
+
+ # define Arg Group "Properties"
+
+ _args_schema = cls._args_schema
+ _args_schema.description = AAZStrArg(
+ options=["--description"],
+ arg_group="Properties",
+ help="The policy definition description.",
+ )
+ _args_schema.display_name = AAZStrArg(
+ options=["--display-name"],
+ arg_group="Properties",
+ help="The display name of the policy definition.",
+ )
+ _args_schema.metadata = AAZDictArg(
+ options=["--metadata"],
+ arg_group="Properties",
+ help="The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs.",
+ )
+ _args_schema.mode = AAZStrArg(
+ options=["-m", "--mode"],
+ arg_group="Properties",
+ help="The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data.",
+ default="Indexed",
+ )
+ _args_schema.params = AAZDictArg(
+ options=["-p", "--params"],
+ arg_group="Properties",
+ help="The parameter definitions for parameters used in the policy rule. The keys are the parameter names.",
+ )
+ _args_schema.rules = AAZDictArg(
+ options=["--rule", "--rules"],
+ arg_group="Properties",
+ help="The policy rule.",
+ )
+ _args_schema.version = AAZStrArg(
+ options=["--version"],
+ arg_group="Properties",
+ help="The policy definition version in #.#.# format.",
+ )
+ _args_schema.versions = AAZListArg(
+ options=["--versions"],
+ arg_group="Properties",
+ help="A list of available versions for this policy definition.",
+ )
+
+ metadata = cls._args_schema.metadata
+ metadata.Element = AAZAnyTypeArg()
+
+ params = cls._args_schema.params
+ params.Element = AAZObjectArg()
+
+ _element = cls._args_schema.params.Element
+ _element.allowed_values = AAZListArg(
+ options=["allowed-values"],
+ help="The allowed values for the parameter.",
+ )
+ _element.default_value = AAZDictArg(
+ options=["default-value"],
+ help="The default value for the parameter if no value is provided.",
+ )
+ _element.metadata = AAZFreeFormDictArg(
+ options=["metadata"],
+ help="General metadata for the parameter.",
+ )
+ _element.schema = AAZDictArg(
+ options=["schema"],
+ help="Provides validation of parameter inputs during assignment using a self-defined JSON schema. This property is only supported for object-type parameters and follows the Json.NET Schema 2019-09 implementation. You can learn more about using schemas at https://json-schema.org/ and test draft schemas at https://www.jsonschemavalidator.net/.",
+ )
+ _element.type = AAZStrArg(
+ options=["type"],
+ help="The data type of the parameter.",
+ enum={"Array": "Array", "Boolean": "Boolean", "DateTime": "DateTime", "Float": "Float", "Integer": "Integer", "Object": "Object", "String": "String"},
+ )
+
+ allowed_values = cls._args_schema.params.Element.allowed_values
+ allowed_values.Element = AAZDictArg()
+
+ _element = cls._args_schema.params.Element.allowed_values.Element
+ _element.Element = AAZAnyTypeArg()
+
+ default_value = cls._args_schema.params.Element.default_value
+ default_value.Element = AAZAnyTypeArg()
+
+ schema = cls._args_schema.params.Element.schema
+ schema.Element = AAZAnyTypeArg()
+
+ rules = cls._args_schema.rules
+ rules.Element = AAZAnyTypeArg()
+
+ versions = cls._args_schema.versions
+ versions.Element = AAZStrArg()
+ return cls._args_schema
+
+ def _execute_operations(self):
+ self.pre_operations()
+ condition_0 = has_value(self.ctx.args.management_group) and has_value(self.ctx.args.name)
+ condition_1 = has_value(self.ctx.args.name) and has_value(self.ctx.subscription_id)
+ if condition_0:
+ self.PolicyDefinitionsCreateOrUpdateAtManagementGroup(ctx=self.ctx)()
+ if condition_1:
+ self.PolicyDefinitionsCreateOrUpdate(ctx=self.ctx)()
+ self.post_operations()
+
+ @register_callback
+ def pre_operations(self):
+ pass
+
+ @register_callback
+ def post_operations(self):
+ pass
+
+ def _output(self, *args, **kwargs):
+ result = self.deserialize_output(self.ctx.vars.instance, client_flatten=True)
+ return result
+
+ class PolicyDefinitionsCreateOrUpdateAtManagementGroup(AAZHttpOperation):
+ CLIENT_TYPE = "MgmtClient"
+
+ def __call__(self, *args, **kwargs):
+ request = self.make_request()
+ session = self.client.send_request(request=request, stream=False, **kwargs)
+ if session.http_response.status_code in [201]:
+ return self.on_201(session)
+
+ return self.on_error(session.http_response)
+
+ @property
+ def url(self):
+ return self.client.format_url(
+ "/providers/Microsoft.Management/managementGroups/{managementGroupId}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}",
+ **self.url_parameters
+ )
+
+ @property
+ def method(self):
+ return "PUT"
+
+ @property
+ def error_format(self):
+ return "MgmtErrorFormat"
+
+ @property
+ def url_parameters(self):
+ parameters = {
+ **self.serialize_url_param(
+ "managementGroupId", self.ctx.args.management_group,
+ required=True,
+ ),
+ **self.serialize_url_param(
+ "policyDefinitionName", self.ctx.args.name,
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def query_parameters(self):
+ parameters = {
+ **self.serialize_query_param(
+ "api-version", "2024-05-01",
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def header_parameters(self):
+ parameters = {
+ **self.serialize_header_param(
+ "Content-Type", "application/json",
+ ),
+ **self.serialize_header_param(
+ "Accept", "application/json",
+ ),
+ }
+ return parameters
+
+ @property
+ def content(self):
+ _content_value, _builder = self.new_content_builder(
+ self.ctx.args,
+ typ=AAZObjectType,
+ typ_kwargs={"flags": {"required": True, "client_flatten": True}}
+ )
+ _builder.set_prop("properties", AAZObjectType, typ_kwargs={"flags": {"client_flatten": True}})
+
+ properties = _builder.get(".properties")
+ if properties is not None:
+ properties.set_prop("description", AAZStrType, ".description")
+ properties.set_prop("displayName", AAZStrType, ".display_name")
+ properties.set_prop("metadata", AAZDictType, ".metadata")
+ properties.set_prop("mode", AAZStrType, ".mode")
+ properties.set_prop("parameters", AAZDictType, ".params")
+ properties.set_prop("policyRule", AAZDictType, ".rules")
+ properties.set_prop("version", AAZStrType, ".version")
+ properties.set_prop("versions", AAZListType, ".versions")
+
+ metadata = _builder.get(".properties.metadata")
+ if metadata is not None:
+ metadata.set_elements(AAZAnyType, ".")
+
+ parameters = _builder.get(".properties.parameters")
+ if parameters is not None:
+ parameters.set_elements(AAZObjectType, ".")
+
+ _elements = _builder.get(".properties.parameters{}")
+ if _elements is not None:
+ _elements.set_prop("allowedValues", AAZListType, ".allowed_values")
+ _elements.set_prop("defaultValue", AAZDictType, ".default_value")
+ _elements.set_prop("metadata", AAZFreeFormDictType, ".metadata")
+ _elements.set_prop("schema", AAZDictType, ".schema")
+ _elements.set_prop("type", AAZStrType, ".type")
+
+ allowed_values = _builder.get(".properties.parameters{}.allowedValues")
+ if allowed_values is not None:
+ allowed_values.set_elements(AAZDictType, ".")
+
+ _elements = _builder.get(".properties.parameters{}.allowedValues[]")
+ if _elements is not None:
+ _elements.set_elements(AAZAnyType, ".")
+
+ default_value = _builder.get(".properties.parameters{}.defaultValue")
+ if default_value is not None:
+ default_value.set_elements(AAZAnyType, ".")
+
+ metadata = _builder.get(".properties.parameters{}.metadata")
+ if metadata is not None:
+ metadata.set_anytype_elements(".")
+
+ schema = _builder.get(".properties.parameters{}.schema")
+ if schema is not None:
+ schema.set_elements(AAZAnyType, ".")
+
+ policy_rule = _builder.get(".properties.policyRule")
+ if policy_rule is not None:
+ policy_rule.set_elements(AAZAnyType, ".")
+
+ versions = _builder.get(".properties.versions")
+ if versions is not None:
+ versions.set_elements(AAZStrType, ".")
+
+ return self.serialize_content(_content_value)
+
+ def on_201(self, session):
+ data = self.deserialize_http_content(session)
+ self.ctx.set_var(
+ "instance",
+ data,
+ schema_builder=self._build_schema_on_201
+ )
+
+ _schema_on_201 = None
+
+ @classmethod
+ def _build_schema_on_201(cls):
+ if cls._schema_on_201 is not None:
+ return cls._schema_on_201
+
+ cls._schema_on_201 = AAZObjectType()
+
+ _schema_on_201 = cls._schema_on_201
+ _schema_on_201.id = AAZStrType(
+ flags={"read_only": True},
+ )
+ _schema_on_201.name = AAZStrType(
+ flags={"read_only": True},
+ )
+ _schema_on_201.properties = AAZObjectType(
+ flags={"client_flatten": True},
+ )
+ _schema_on_201.system_data = AAZObjectType(
+ serialized_name="systemData",
+ flags={"read_only": True},
+ )
+ _schema_on_201.type = AAZStrType(
+ flags={"read_only": True},
+ )
+
+ properties = cls._schema_on_201.properties
+ properties.description = AAZStrType()
+ properties.display_name = AAZStrType(
+ serialized_name="displayName",
+ )
+ properties.metadata = AAZDictType()
+ properties.mode = AAZStrType()
+ properties.parameters = AAZDictType()
+ properties.policy_rule = AAZDictType(
+ serialized_name="policyRule",
+ )
+ properties.policy_type = AAZStrType(
+ serialized_name="policyType",
+ )
+ properties.version = AAZStrType()
+ properties.versions = AAZListType()
+
+ metadata = cls._schema_on_201.properties.metadata
+ metadata.Element = AAZAnyType()
+
+ parameters = cls._schema_on_201.properties.parameters
+ parameters.Element = AAZObjectType()
+
+ _element = cls._schema_on_201.properties.parameters.Element
+ _element.allowed_values = AAZListType(
+ serialized_name="allowedValues",
+ )
+ _element.default_value = AAZDictType(
+ serialized_name="defaultValue",
+ )
+ _element.metadata = AAZFreeFormDictType()
+ _element.schema = AAZDictType()
+ _element.type = AAZStrType()
+
+ allowed_values = cls._schema_on_201.properties.parameters.Element.allowed_values
+ allowed_values.Element = AAZDictType()
+
+ _element = cls._schema_on_201.properties.parameters.Element.allowed_values.Element
+ _element.Element = AAZAnyType()
+
+ default_value = cls._schema_on_201.properties.parameters.Element.default_value
+ default_value.Element = AAZAnyType()
+
+ schema = cls._schema_on_201.properties.parameters.Element.schema
+ schema.Element = AAZAnyType()
+
+ policy_rule = cls._schema_on_201.properties.policy_rule
+ policy_rule.Element = AAZAnyType()
+
+ versions = cls._schema_on_201.properties.versions
+ versions.Element = AAZStrType()
+
+ system_data = cls._schema_on_201.system_data
+ system_data.created_at = AAZStrType(
+ serialized_name="createdAt",
+ )
+ system_data.created_by = AAZStrType(
+ serialized_name="createdBy",
+ )
+ system_data.created_by_type = AAZStrType(
+ serialized_name="createdByType",
+ )
+ system_data.last_modified_at = AAZStrType(
+ serialized_name="lastModifiedAt",
+ )
+ system_data.last_modified_by = AAZStrType(
+ serialized_name="lastModifiedBy",
+ )
+ system_data.last_modified_by_type = AAZStrType(
+ serialized_name="lastModifiedByType",
+ )
+
+ return cls._schema_on_201
+
+ class PolicyDefinitionsCreateOrUpdate(AAZHttpOperation):
+ CLIENT_TYPE = "MgmtClient"
+
+ def __call__(self, *args, **kwargs):
+ request = self.make_request()
+ session = self.client.send_request(request=request, stream=False, **kwargs)
+ if session.http_response.status_code in [201]:
+ return self.on_201(session)
+
+ return self.on_error(session.http_response)
+
+ @property
+ def url(self):
+ return self.client.format_url(
+ "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}",
+ **self.url_parameters
+ )
+
+ @property
+ def method(self):
+ return "PUT"
+
+ @property
+ def error_format(self):
+ return "MgmtErrorFormat"
+
+ @property
+ def url_parameters(self):
+ parameters = {
+ **self.serialize_url_param(
+ "policyDefinitionName", self.ctx.args.name,
+ required=True,
+ ),
+ **self.serialize_url_param(
+ "subscriptionId", self.ctx.subscription_id,
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def query_parameters(self):
+ parameters = {
+ **self.serialize_query_param(
+ "api-version", "2024-05-01",
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def header_parameters(self):
+ parameters = {
+ **self.serialize_header_param(
+ "Content-Type", "application/json",
+ ),
+ **self.serialize_header_param(
+ "Accept", "application/json",
+ ),
+ }
+ return parameters
+
+ @property
+ def content(self):
+ _content_value, _builder = self.new_content_builder(
+ self.ctx.args,
+ typ=AAZObjectType,
+ typ_kwargs={"flags": {"required": True, "client_flatten": True}}
+ )
+ _builder.set_prop("properties", AAZObjectType, typ_kwargs={"flags": {"client_flatten": True}})
+
+ properties = _builder.get(".properties")
+ if properties is not None:
+ properties.set_prop("description", AAZStrType, ".description")
+ properties.set_prop("displayName", AAZStrType, ".display_name")
+ properties.set_prop("metadata", AAZDictType, ".metadata")
+ properties.set_prop("mode", AAZStrType, ".mode")
+ properties.set_prop("parameters", AAZDictType, ".params")
+ properties.set_prop("policyRule", AAZDictType, ".rules")
+ properties.set_prop("version", AAZStrType, ".version")
+ properties.set_prop("versions", AAZListType, ".versions")
+
+ metadata = _builder.get(".properties.metadata")
+ if metadata is not None:
+ metadata.set_elements(AAZAnyType, ".")
+
+ parameters = _builder.get(".properties.parameters")
+ if parameters is not None:
+ parameters.set_elements(AAZObjectType, ".")
+
+ _elements = _builder.get(".properties.parameters{}")
+ if _elements is not None:
+ _elements.set_prop("allowedValues", AAZListType, ".allowed_values")
+ _elements.set_prop("defaultValue", AAZDictType, ".default_value")
+ _elements.set_prop("metadata", AAZFreeFormDictType, ".metadata")
+ _elements.set_prop("schema", AAZDictType, ".schema")
+ _elements.set_prop("type", AAZStrType, ".type")
+
+ allowed_values = _builder.get(".properties.parameters{}.allowedValues")
+ if allowed_values is not None:
+ allowed_values.set_elements(AAZDictType, ".")
+
+ _elements = _builder.get(".properties.parameters{}.allowedValues[]")
+ if _elements is not None:
+ _elements.set_elements(AAZAnyType, ".")
+
+ default_value = _builder.get(".properties.parameters{}.defaultValue")
+ if default_value is not None:
+ default_value.set_elements(AAZAnyType, ".")
+
+ metadata = _builder.get(".properties.parameters{}.metadata")
+ if metadata is not None:
+ metadata.set_anytype_elements(".")
+
+ schema = _builder.get(".properties.parameters{}.schema")
+ if schema is not None:
+ schema.set_elements(AAZAnyType, ".")
+
+ policy_rule = _builder.get(".properties.policyRule")
+ if policy_rule is not None:
+ policy_rule.set_elements(AAZAnyType, ".")
+
+ versions = _builder.get(".properties.versions")
+ if versions is not None:
+ versions.set_elements(AAZStrType, ".")
+
+ return self.serialize_content(_content_value)
+
+ def on_201(self, session):
+ data = self.deserialize_http_content(session)
+ self.ctx.set_var(
+ "instance",
+ data,
+ schema_builder=self._build_schema_on_201
+ )
+
+ _schema_on_201 = None
+
+ @classmethod
+ def _build_schema_on_201(cls):
+ if cls._schema_on_201 is not None:
+ return cls._schema_on_201
+
+ cls._schema_on_201 = AAZObjectType()
+
+ _schema_on_201 = cls._schema_on_201
+ _schema_on_201.id = AAZStrType(
+ flags={"read_only": True},
+ )
+ _schema_on_201.name = AAZStrType(
+ flags={"read_only": True},
+ )
+ _schema_on_201.properties = AAZObjectType(
+ flags={"client_flatten": True},
+ )
+ _schema_on_201.system_data = AAZObjectType(
+ serialized_name="systemData",
+ flags={"read_only": True},
+ )
+ _schema_on_201.type = AAZStrType(
+ flags={"read_only": True},
+ )
+
+ properties = cls._schema_on_201.properties
+ properties.description = AAZStrType()
+ properties.display_name = AAZStrType(
+ serialized_name="displayName",
+ )
+ properties.metadata = AAZDictType()
+ properties.mode = AAZStrType()
+ properties.parameters = AAZDictType()
+ properties.policy_rule = AAZDictType(
+ serialized_name="policyRule",
+ )
+ properties.policy_type = AAZStrType(
+ serialized_name="policyType",
+ )
+ properties.version = AAZStrType()
+ properties.versions = AAZListType()
+
+ metadata = cls._schema_on_201.properties.metadata
+ metadata.Element = AAZAnyType()
+
+ parameters = cls._schema_on_201.properties.parameters
+ parameters.Element = AAZObjectType()
+
+ _element = cls._schema_on_201.properties.parameters.Element
+ _element.allowed_values = AAZListType(
+ serialized_name="allowedValues",
+ )
+ _element.default_value = AAZDictType(
+ serialized_name="defaultValue",
+ )
+ _element.metadata = AAZFreeFormDictType()
+ _element.schema = AAZDictType()
+ _element.type = AAZStrType()
+
+ allowed_values = cls._schema_on_201.properties.parameters.Element.allowed_values
+ allowed_values.Element = AAZDictType()
+
+ _element = cls._schema_on_201.properties.parameters.Element.allowed_values.Element
+ _element.Element = AAZAnyType()
+
+ default_value = cls._schema_on_201.properties.parameters.Element.default_value
+ default_value.Element = AAZAnyType()
+
+ schema = cls._schema_on_201.properties.parameters.Element.schema
+ schema.Element = AAZAnyType()
+
+ policy_rule = cls._schema_on_201.properties.policy_rule
+ policy_rule.Element = AAZAnyType()
+
+ versions = cls._schema_on_201.properties.versions
+ versions.Element = AAZStrType()
+
+ system_data = cls._schema_on_201.system_data
+ system_data.created_at = AAZStrType(
+ serialized_name="createdAt",
+ )
+ system_data.created_by = AAZStrType(
+ serialized_name="createdBy",
+ )
+ system_data.created_by_type = AAZStrType(
+ serialized_name="createdByType",
+ )
+ system_data.last_modified_at = AAZStrType(
+ serialized_name="lastModifiedAt",
+ )
+ system_data.last_modified_by = AAZStrType(
+ serialized_name="lastModifiedBy",
+ )
+ system_data.last_modified_by_type = AAZStrType(
+ serialized_name="lastModifiedByType",
+ )
+
+ return cls._schema_on_201
+
+
+class _CreateHelper:
+ """Helper class for Create"""
+
+
+__all__ = ["Create"]
diff --git a/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/definition/_delete.py b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/definition/_delete.py
new file mode 100644
index 00000000000..b96e22098bf
--- /dev/null
+++ b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/definition/_delete.py
@@ -0,0 +1,195 @@
+# --------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for license information.
+#
+# Code generated by aaz-dev-tools
+# --------------------------------------------------------------------------------------------
+
+# pylint: skip-file
+# flake8: noqa
+
+from azure.cli.core.aaz import *
+
+
+class Delete(AAZCommand):
+ """Delete operation deletes the policy definition in the given management group with the given name.
+ """
+
+ _aaz_info = {
+ "version": "2024-05-01",
+ "resources": [
+ ["mgmt-plane", "/providers/microsoft.management/managementgroups/{}/providers/microsoft.authorization/policydefinitions/{}", "2024-05-01"],
+ ["mgmt-plane", "/subscriptions/{}/providers/microsoft.authorization/policydefinitions/{}", "2024-05-01"],
+ ]
+ }
+
+ def _handler(self, command_args):
+ super()._handler(command_args)
+ self._execute_operations()
+ return None
+
+ _args_schema = None
+
+ @classmethod
+ def _build_arguments_schema(cls, *args, **kwargs):
+ if cls._args_schema is not None:
+ return cls._args_schema
+ cls._args_schema = super()._build_arguments_schema(*args, **kwargs)
+
+ # define Arg Group ""
+
+ _args_schema = cls._args_schema
+ _args_schema.management_group = AAZStrArg(
+ options=["--management-group"],
+ help="The ID of the management group.",
+ )
+ _args_schema.name = AAZStrArg(
+ options=["-n", "--name"],
+ help="The name of the policy definition to create.",
+ required=True,
+ fmt=AAZStrArgFormat(
+ pattern="^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$",
+ ),
+ )
+ return cls._args_schema
+
+ def _execute_operations(self):
+ self.pre_operations()
+ condition_0 = has_value(self.ctx.args.management_group) and has_value(self.ctx.args.name)
+ condition_1 = has_value(self.ctx.args.name) and has_value(self.ctx.subscription_id)
+ if condition_0:
+ self.PolicyDefinitionsDeleteAtManagementGroup(ctx=self.ctx)()
+ if condition_1:
+ self.PolicyDefinitionsDelete(ctx=self.ctx)()
+ self.post_operations()
+
+ @register_callback
+ def pre_operations(self):
+ pass
+
+ @register_callback
+ def post_operations(self):
+ pass
+
+ class PolicyDefinitionsDeleteAtManagementGroup(AAZHttpOperation):
+ CLIENT_TYPE = "MgmtClient"
+
+ def __call__(self, *args, **kwargs):
+ request = self.make_request()
+ session = self.client.send_request(request=request, stream=False, **kwargs)
+ if session.http_response.status_code in [200]:
+ return self.on_200(session)
+ if session.http_response.status_code in [204]:
+ return self.on_204(session)
+
+ return self.on_error(session.http_response)
+
+ @property
+ def url(self):
+ return self.client.format_url(
+ "/providers/Microsoft.Management/managementGroups/{managementGroupId}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}",
+ **self.url_parameters
+ )
+
+ @property
+ def method(self):
+ return "DELETE"
+
+ @property
+ def error_format(self):
+ return "MgmtErrorFormat"
+
+ @property
+ def url_parameters(self):
+ parameters = {
+ **self.serialize_url_param(
+ "managementGroupId", self.ctx.args.management_group,
+ required=True,
+ ),
+ **self.serialize_url_param(
+ "policyDefinitionName", self.ctx.args.name,
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def query_parameters(self):
+ parameters = {
+ **self.serialize_query_param(
+ "api-version", "2024-05-01",
+ required=True,
+ ),
+ }
+ return parameters
+
+ def on_200(self, session):
+ pass
+
+ def on_204(self, session):
+ pass
+
+ class PolicyDefinitionsDelete(AAZHttpOperation):
+ CLIENT_TYPE = "MgmtClient"
+
+ def __call__(self, *args, **kwargs):
+ request = self.make_request()
+ session = self.client.send_request(request=request, stream=False, **kwargs)
+ if session.http_response.status_code in [200]:
+ return self.on_200(session)
+ if session.http_response.status_code in [204]:
+ return self.on_204(session)
+
+ return self.on_error(session.http_response)
+
+ @property
+ def url(self):
+ return self.client.format_url(
+ "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}",
+ **self.url_parameters
+ )
+
+ @property
+ def method(self):
+ return "DELETE"
+
+ @property
+ def error_format(self):
+ return "MgmtErrorFormat"
+
+ @property
+ def url_parameters(self):
+ parameters = {
+ **self.serialize_url_param(
+ "policyDefinitionName", self.ctx.args.name,
+ required=True,
+ ),
+ **self.serialize_url_param(
+ "subscriptionId", self.ctx.subscription_id,
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def query_parameters(self):
+ parameters = {
+ **self.serialize_query_param(
+ "api-version", "2024-05-01",
+ required=True,
+ ),
+ }
+ return parameters
+
+ def on_200(self, session):
+ pass
+
+ def on_204(self, session):
+ pass
+
+
+class _DeleteHelper:
+ """Helper class for Delete"""
+
+
+__all__ = ["Delete"]
diff --git a/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/definition/_list.py b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/definition/_list.py
new file mode 100644
index 00000000000..5204a3821a5
--- /dev/null
+++ b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/definition/_list.py
@@ -0,0 +1,603 @@
+# --------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for license information.
+#
+# Code generated by aaz-dev-tools
+# --------------------------------------------------------------------------------------------
+
+# pylint: skip-file
+# flake8: noqa
+
+from azure.cli.core.aaz import *
+
+
+class List(AAZCommand):
+ """List operation retrieves a list of all the built-in policy definitions that match the optional given $filter. If $filter='policyType -eq {value}' is provided, the returned list only includes all built-in policy definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all built-in policy definitions whose category match the {value}.
+ """
+
+ _aaz_info = {
+ "version": "2024-05-01",
+ "resources": [
+ ["mgmt-plane", "/providers/microsoft.authorization/policydefinitions", "2024-05-01"],
+ ["mgmt-plane", "/providers/microsoft.management/managementgroups/{}/providers/microsoft.authorization/policydefinitions", "2024-05-01"],
+ ["mgmt-plane", "/subscriptions/{}/providers/microsoft.authorization/policydefinitions", "2024-05-01"],
+ ]
+ }
+
+ AZ_SUPPORT_PAGINATION = True
+
+ def _handler(self, command_args):
+ super()._handler(command_args)
+ return self.build_paging(self._execute_operations, self._output)
+
+ _args_schema = None
+
+ @classmethod
+ def _build_arguments_schema(cls, *args, **kwargs):
+ if cls._args_schema is not None:
+ return cls._args_schema
+ cls._args_schema = super()._build_arguments_schema(*args, **kwargs)
+
+ # define Arg Group ""
+
+ _args_schema = cls._args_schema
+ _args_schema.management_group = AAZStrArg(
+ options=["--management-group"],
+ help="The ID of the management group.",
+ )
+ _args_schema.filter = AAZStrArg(
+ options=["--filter"],
+ help="The filter to apply on the operation. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, no filtering is performed. If $filter=atExactScope() is provided, the returned list only includes all policy definitions that at the given scope. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all policy definitions whose category match the {value}.",
+ )
+ return cls._args_schema
+
+ def _execute_operations(self):
+ self.pre_operations()
+ condition_0 = has_value(self.ctx.args.management_group) is not True and has_value(self.ctx.subscription_id) is not True
+ condition_1 = has_value(self.ctx.args.management_group)
+ condition_2 = has_value(self.ctx.subscription_id)
+ if condition_0:
+ self.PolicyDefinitionsListBuiltIn(ctx=self.ctx)()
+ if condition_1:
+ self.PolicyDefinitionsListByManagementGroup(ctx=self.ctx)()
+ if condition_2:
+ self.PolicyDefinitionsList(ctx=self.ctx)()
+ self.post_operations()
+
+ @register_callback
+ def pre_operations(self):
+ pass
+
+ @register_callback
+ def post_operations(self):
+ pass
+
+ def _output(self, *args, **kwargs):
+ result = self.deserialize_output(self.ctx.vars.instance.value, client_flatten=True)
+ next_link = self.deserialize_output(self.ctx.vars.instance.next_link)
+ return result, next_link
+
+ class PolicyDefinitionsListBuiltIn(AAZHttpOperation):
+ CLIENT_TYPE = "MgmtClient"
+
+ def __call__(self, *args, **kwargs):
+ request = self.make_request()
+ session = self.client.send_request(request=request, stream=False, **kwargs)
+ if session.http_response.status_code in [200]:
+ return self.on_200(session)
+
+ return self.on_error(session.http_response)
+
+ @property
+ def url(self):
+ return self.client.format_url(
+ "/providers/Microsoft.Authorization/policyDefinitions",
+ **self.url_parameters
+ )
+
+ @property
+ def method(self):
+ return "GET"
+
+ @property
+ def error_format(self):
+ return "MgmtErrorFormat"
+
+ @property
+ def query_parameters(self):
+ parameters = {
+ **self.serialize_query_param(
+ "$filter", self.ctx.args.filter,
+ ),
+ **self.serialize_query_param(
+ "api-version", "2024-05-01",
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def header_parameters(self):
+ parameters = {
+ **self.serialize_header_param(
+ "Accept", "application/json",
+ ),
+ }
+ return parameters
+
+ def on_200(self, session):
+ data = self.deserialize_http_content(session)
+ self.ctx.set_var(
+ "instance",
+ data,
+ schema_builder=self._build_schema_on_200
+ )
+
+ _schema_on_200 = None
+
+ @classmethod
+ def _build_schema_on_200(cls):
+ if cls._schema_on_200 is not None:
+ return cls._schema_on_200
+
+ cls._schema_on_200 = AAZObjectType()
+
+ _schema_on_200 = cls._schema_on_200
+ _schema_on_200.next_link = AAZStrType(
+ serialized_name="nextLink",
+ )
+ _schema_on_200.value = AAZListType()
+
+ value = cls._schema_on_200.value
+ value.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.value.Element
+ _element.id = AAZStrType(
+ flags={"read_only": True},
+ )
+ _element.name = AAZStrType(
+ flags={"read_only": True},
+ )
+ _element.properties = AAZObjectType(
+ flags={"client_flatten": True},
+ )
+ _element.system_data = AAZObjectType(
+ serialized_name="systemData",
+ flags={"read_only": True},
+ )
+ _element.type = AAZStrType(
+ flags={"read_only": True},
+ )
+
+ properties = cls._schema_on_200.value.Element.properties
+ properties.description = AAZStrType()
+ properties.display_name = AAZStrType(
+ serialized_name="displayName",
+ )
+ properties.metadata = AAZDictType()
+ properties.mode = AAZStrType()
+ properties.parameters = AAZDictType()
+ properties.policy_rule = AAZDictType(
+ serialized_name="policyRule",
+ )
+ properties.policy_type = AAZStrType(
+ serialized_name="policyType",
+ )
+ properties.version = AAZStrType()
+ properties.versions = AAZListType()
+
+ metadata = cls._schema_on_200.value.Element.properties.metadata
+ metadata.Element = AAZAnyType()
+
+ parameters = cls._schema_on_200.value.Element.properties.parameters
+ parameters.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.value.Element.properties.parameters.Element
+ _element.allowed_values = AAZListType(
+ serialized_name="allowedValues",
+ )
+ _element.default_value = AAZDictType(
+ serialized_name="defaultValue",
+ )
+ _element.metadata = AAZFreeFormDictType()
+ _element.schema = AAZDictType()
+ _element.type = AAZStrType()
+
+ allowed_values = cls._schema_on_200.value.Element.properties.parameters.Element.allowed_values
+ allowed_values.Element = AAZDictType()
+
+ _element = cls._schema_on_200.value.Element.properties.parameters.Element.allowed_values.Element
+ _element.Element = AAZAnyType()
+
+ default_value = cls._schema_on_200.value.Element.properties.parameters.Element.default_value
+ default_value.Element = AAZAnyType()
+
+ schema = cls._schema_on_200.value.Element.properties.parameters.Element.schema
+ schema.Element = AAZAnyType()
+
+ policy_rule = cls._schema_on_200.value.Element.properties.policy_rule
+ policy_rule.Element = AAZAnyType()
+
+ versions = cls._schema_on_200.value.Element.properties.versions
+ versions.Element = AAZStrType()
+
+ system_data = cls._schema_on_200.value.Element.system_data
+ system_data.created_at = AAZStrType(
+ serialized_name="createdAt",
+ )
+ system_data.created_by = AAZStrType(
+ serialized_name="createdBy",
+ )
+ system_data.created_by_type = AAZStrType(
+ serialized_name="createdByType",
+ )
+ system_data.last_modified_at = AAZStrType(
+ serialized_name="lastModifiedAt",
+ )
+ system_data.last_modified_by = AAZStrType(
+ serialized_name="lastModifiedBy",
+ )
+ system_data.last_modified_by_type = AAZStrType(
+ serialized_name="lastModifiedByType",
+ )
+
+ return cls._schema_on_200
+
+ class PolicyDefinitionsListByManagementGroup(AAZHttpOperation):
+ CLIENT_TYPE = "MgmtClient"
+
+ def __call__(self, *args, **kwargs):
+ request = self.make_request()
+ session = self.client.send_request(request=request, stream=False, **kwargs)
+ if session.http_response.status_code in [200]:
+ return self.on_200(session)
+
+ return self.on_error(session.http_response)
+
+ @property
+ def url(self):
+ return self.client.format_url(
+ "/providers/Microsoft.Management/managementGroups/{managementGroupId}/providers/Microsoft.Authorization/policyDefinitions",
+ **self.url_parameters
+ )
+
+ @property
+ def method(self):
+ return "GET"
+
+ @property
+ def error_format(self):
+ return "MgmtErrorFormat"
+
+ @property
+ def url_parameters(self):
+ parameters = {
+ **self.serialize_url_param(
+ "managementGroupId", self.ctx.args.management_group,
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def query_parameters(self):
+ parameters = {
+ **self.serialize_query_param(
+ "$filter", self.ctx.args.filter,
+ ),
+ **self.serialize_query_param(
+ "api-version", "2024-05-01",
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def header_parameters(self):
+ parameters = {
+ **self.serialize_header_param(
+ "Accept", "application/json",
+ ),
+ }
+ return parameters
+
+ def on_200(self, session):
+ data = self.deserialize_http_content(session)
+ self.ctx.set_var(
+ "instance",
+ data,
+ schema_builder=self._build_schema_on_200
+ )
+
+ _schema_on_200 = None
+
+ @classmethod
+ def _build_schema_on_200(cls):
+ if cls._schema_on_200 is not None:
+ return cls._schema_on_200
+
+ cls._schema_on_200 = AAZObjectType()
+
+ _schema_on_200 = cls._schema_on_200
+ _schema_on_200.next_link = AAZStrType(
+ serialized_name="nextLink",
+ )
+ _schema_on_200.value = AAZListType()
+
+ value = cls._schema_on_200.value
+ value.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.value.Element
+ _element.id = AAZStrType(
+ flags={"read_only": True},
+ )
+ _element.name = AAZStrType(
+ flags={"read_only": True},
+ )
+ _element.properties = AAZObjectType(
+ flags={"client_flatten": True},
+ )
+ _element.system_data = AAZObjectType(
+ serialized_name="systemData",
+ flags={"read_only": True},
+ )
+ _element.type = AAZStrType(
+ flags={"read_only": True},
+ )
+
+ properties = cls._schema_on_200.value.Element.properties
+ properties.description = AAZStrType()
+ properties.display_name = AAZStrType(
+ serialized_name="displayName",
+ )
+ properties.metadata = AAZDictType()
+ properties.mode = AAZStrType()
+ properties.parameters = AAZDictType()
+ properties.policy_rule = AAZDictType(
+ serialized_name="policyRule",
+ )
+ properties.policy_type = AAZStrType(
+ serialized_name="policyType",
+ )
+ properties.version = AAZStrType()
+ properties.versions = AAZListType()
+
+ metadata = cls._schema_on_200.value.Element.properties.metadata
+ metadata.Element = AAZAnyType()
+
+ parameters = cls._schema_on_200.value.Element.properties.parameters
+ parameters.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.value.Element.properties.parameters.Element
+ _element.allowed_values = AAZListType(
+ serialized_name="allowedValues",
+ )
+ _element.default_value = AAZDictType(
+ serialized_name="defaultValue",
+ )
+ _element.metadata = AAZFreeFormDictType()
+ _element.schema = AAZDictType()
+ _element.type = AAZStrType()
+
+ allowed_values = cls._schema_on_200.value.Element.properties.parameters.Element.allowed_values
+ allowed_values.Element = AAZDictType()
+
+ _element = cls._schema_on_200.value.Element.properties.parameters.Element.allowed_values.Element
+ _element.Element = AAZAnyType()
+
+ default_value = cls._schema_on_200.value.Element.properties.parameters.Element.default_value
+ default_value.Element = AAZAnyType()
+
+ schema = cls._schema_on_200.value.Element.properties.parameters.Element.schema
+ schema.Element = AAZAnyType()
+
+ policy_rule = cls._schema_on_200.value.Element.properties.policy_rule
+ policy_rule.Element = AAZAnyType()
+
+ versions = cls._schema_on_200.value.Element.properties.versions
+ versions.Element = AAZStrType()
+
+ system_data = cls._schema_on_200.value.Element.system_data
+ system_data.created_at = AAZStrType(
+ serialized_name="createdAt",
+ )
+ system_data.created_by = AAZStrType(
+ serialized_name="createdBy",
+ )
+ system_data.created_by_type = AAZStrType(
+ serialized_name="createdByType",
+ )
+ system_data.last_modified_at = AAZStrType(
+ serialized_name="lastModifiedAt",
+ )
+ system_data.last_modified_by = AAZStrType(
+ serialized_name="lastModifiedBy",
+ )
+ system_data.last_modified_by_type = AAZStrType(
+ serialized_name="lastModifiedByType",
+ )
+
+ return cls._schema_on_200
+
+ class PolicyDefinitionsList(AAZHttpOperation):
+ CLIENT_TYPE = "MgmtClient"
+
+ def __call__(self, *args, **kwargs):
+ request = self.make_request()
+ session = self.client.send_request(request=request, stream=False, **kwargs)
+ if session.http_response.status_code in [200]:
+ return self.on_200(session)
+
+ return self.on_error(session.http_response)
+
+ @property
+ def url(self):
+ return self.client.format_url(
+ "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyDefinitions",
+ **self.url_parameters
+ )
+
+ @property
+ def method(self):
+ return "GET"
+
+ @property
+ def error_format(self):
+ return "MgmtErrorFormat"
+
+ @property
+ def url_parameters(self):
+ parameters = {
+ **self.serialize_url_param(
+ "subscriptionId", self.ctx.subscription_id,
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def query_parameters(self):
+ parameters = {
+ **self.serialize_query_param(
+ "$filter", self.ctx.args.filter,
+ ),
+ **self.serialize_query_param(
+ "api-version", "2024-05-01",
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def header_parameters(self):
+ parameters = {
+ **self.serialize_header_param(
+ "Accept", "application/json",
+ ),
+ }
+ return parameters
+
+ def on_200(self, session):
+ data = self.deserialize_http_content(session)
+ self.ctx.set_var(
+ "instance",
+ data,
+ schema_builder=self._build_schema_on_200
+ )
+
+ _schema_on_200 = None
+
+ @classmethod
+ def _build_schema_on_200(cls):
+ if cls._schema_on_200 is not None:
+ return cls._schema_on_200
+
+ cls._schema_on_200 = AAZObjectType()
+
+ _schema_on_200 = cls._schema_on_200
+ _schema_on_200.next_link = AAZStrType(
+ serialized_name="nextLink",
+ )
+ _schema_on_200.value = AAZListType()
+
+ value = cls._schema_on_200.value
+ value.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.value.Element
+ _element.id = AAZStrType(
+ flags={"read_only": True},
+ )
+ _element.name = AAZStrType(
+ flags={"read_only": True},
+ )
+ _element.properties = AAZObjectType(
+ flags={"client_flatten": True},
+ )
+ _element.system_data = AAZObjectType(
+ serialized_name="systemData",
+ flags={"read_only": True},
+ )
+ _element.type = AAZStrType(
+ flags={"read_only": True},
+ )
+
+ properties = cls._schema_on_200.value.Element.properties
+ properties.description = AAZStrType()
+ properties.display_name = AAZStrType(
+ serialized_name="displayName",
+ )
+ properties.metadata = AAZDictType()
+ properties.mode = AAZStrType()
+ properties.parameters = AAZDictType()
+ properties.policy_rule = AAZDictType(
+ serialized_name="policyRule",
+ )
+ properties.policy_type = AAZStrType(
+ serialized_name="policyType",
+ )
+ properties.version = AAZStrType()
+ properties.versions = AAZListType()
+
+ metadata = cls._schema_on_200.value.Element.properties.metadata
+ metadata.Element = AAZAnyType()
+
+ parameters = cls._schema_on_200.value.Element.properties.parameters
+ parameters.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.value.Element.properties.parameters.Element
+ _element.allowed_values = AAZListType(
+ serialized_name="allowedValues",
+ )
+ _element.default_value = AAZDictType(
+ serialized_name="defaultValue",
+ )
+ _element.metadata = AAZFreeFormDictType()
+ _element.schema = AAZDictType()
+ _element.type = AAZStrType()
+
+ allowed_values = cls._schema_on_200.value.Element.properties.parameters.Element.allowed_values
+ allowed_values.Element = AAZDictType()
+
+ _element = cls._schema_on_200.value.Element.properties.parameters.Element.allowed_values.Element
+ _element.Element = AAZAnyType()
+
+ default_value = cls._schema_on_200.value.Element.properties.parameters.Element.default_value
+ default_value.Element = AAZAnyType()
+
+ schema = cls._schema_on_200.value.Element.properties.parameters.Element.schema
+ schema.Element = AAZAnyType()
+
+ policy_rule = cls._schema_on_200.value.Element.properties.policy_rule
+ policy_rule.Element = AAZAnyType()
+
+ versions = cls._schema_on_200.value.Element.properties.versions
+ versions.Element = AAZStrType()
+
+ system_data = cls._schema_on_200.value.Element.system_data
+ system_data.created_at = AAZStrType(
+ serialized_name="createdAt",
+ )
+ system_data.created_by = AAZStrType(
+ serialized_name="createdBy",
+ )
+ system_data.created_by_type = AAZStrType(
+ serialized_name="createdByType",
+ )
+ system_data.last_modified_at = AAZStrType(
+ serialized_name="lastModifiedAt",
+ )
+ system_data.last_modified_by = AAZStrType(
+ serialized_name="lastModifiedBy",
+ )
+ system_data.last_modified_by_type = AAZStrType(
+ serialized_name="lastModifiedByType",
+ )
+
+ return cls._schema_on_200
+
+
+class _ListHelper:
+ """Helper class for List"""
+
+
+__all__ = ["List"]
diff --git a/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/definition/_show.py b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/definition/_show.py
new file mode 100644
index 00000000000..1ce4fd4a279
--- /dev/null
+++ b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/definition/_show.py
@@ -0,0 +1,419 @@
+# --------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for license information.
+#
+# Code generated by aaz-dev-tools
+# --------------------------------------------------------------------------------------------
+
+# pylint: skip-file
+# flake8: noqa
+
+from azure.cli.core.aaz import *
+
+
+class Show(AAZCommand):
+ """Get operation retrieves the policy definition in the given management group with the given name.
+ """
+
+ _aaz_info = {
+ "version": "2024-05-01",
+ "resources": [
+ ["mgmt-plane", "/providers/microsoft.management/managementgroups/{}/providers/microsoft.authorization/policydefinitions/{}", "2024-05-01"],
+ ["mgmt-plane", "/subscriptions/{}/providers/microsoft.authorization/policydefinitions/{}", "2024-05-01"],
+ ]
+ }
+
+ def _handler(self, command_args):
+ super()._handler(command_args)
+ self._execute_operations()
+ return self._output()
+
+ _args_schema = None
+
+ @classmethod
+ def _build_arguments_schema(cls, *args, **kwargs):
+ if cls._args_schema is not None:
+ return cls._args_schema
+ cls._args_schema = super()._build_arguments_schema(*args, **kwargs)
+
+ # define Arg Group ""
+
+ _args_schema = cls._args_schema
+ _args_schema.management_group = AAZStrArg(
+ options=["--management-group"],
+ help="The ID of the management group.",
+ )
+ _args_schema.name = AAZStrArg(
+ options=["-n", "--name"],
+ help="The name of the policy definition to create.",
+ required=True,
+ fmt=AAZStrArgFormat(
+ pattern="^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$",
+ ),
+ )
+ return cls._args_schema
+
+ def _execute_operations(self):
+ self.pre_operations()
+ condition_0 = has_value(self.ctx.args.management_group) and has_value(self.ctx.args.name)
+ condition_1 = has_value(self.ctx.args.name) and has_value(self.ctx.subscription_id)
+ if condition_0:
+ self.PolicyDefinitionsGetAtManagementGroup(ctx=self.ctx)()
+ if condition_1:
+ self.PolicyDefinitionsGet(ctx=self.ctx)()
+ self.post_operations()
+
+ @register_callback
+ def pre_operations(self):
+ pass
+
+ @register_callback
+ def post_operations(self):
+ pass
+
+ def _output(self, *args, **kwargs):
+ result = self.deserialize_output(self.ctx.vars.instance, client_flatten=True)
+ return result
+
+ class PolicyDefinitionsGetAtManagementGroup(AAZHttpOperation):
+ CLIENT_TYPE = "MgmtClient"
+
+ def __call__(self, *args, **kwargs):
+ request = self.make_request()
+ session = self.client.send_request(request=request, stream=False, **kwargs)
+ if session.http_response.status_code in [200]:
+ return self.on_200(session)
+
+ return self.on_error(session.http_response)
+
+ @property
+ def url(self):
+ return self.client.format_url(
+ "/providers/Microsoft.Management/managementGroups/{managementGroupId}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}",
+ **self.url_parameters
+ )
+
+ @property
+ def method(self):
+ return "GET"
+
+ @property
+ def error_format(self):
+ return "MgmtErrorFormat"
+
+ @property
+ def url_parameters(self):
+ parameters = {
+ **self.serialize_url_param(
+ "managementGroupId", self.ctx.args.management_group,
+ required=True,
+ ),
+ **self.serialize_url_param(
+ "policyDefinitionName", self.ctx.args.name,
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def query_parameters(self):
+ parameters = {
+ **self.serialize_query_param(
+ "api-version", "2024-05-01",
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def header_parameters(self):
+ parameters = {
+ **self.serialize_header_param(
+ "Accept", "application/json",
+ ),
+ }
+ return parameters
+
+ def on_200(self, session):
+ data = self.deserialize_http_content(session)
+ self.ctx.set_var(
+ "instance",
+ data,
+ schema_builder=self._build_schema_on_200
+ )
+
+ _schema_on_200 = None
+
+ @classmethod
+ def _build_schema_on_200(cls):
+ if cls._schema_on_200 is not None:
+ return cls._schema_on_200
+
+ cls._schema_on_200 = AAZObjectType()
+
+ _schema_on_200 = cls._schema_on_200
+ _schema_on_200.id = AAZStrType(
+ flags={"read_only": True},
+ )
+ _schema_on_200.name = AAZStrType(
+ flags={"read_only": True},
+ )
+ _schema_on_200.properties = AAZObjectType(
+ flags={"client_flatten": True},
+ )
+ _schema_on_200.system_data = AAZObjectType(
+ serialized_name="systemData",
+ flags={"read_only": True},
+ )
+ _schema_on_200.type = AAZStrType(
+ flags={"read_only": True},
+ )
+
+ properties = cls._schema_on_200.properties
+ properties.description = AAZStrType()
+ properties.display_name = AAZStrType(
+ serialized_name="displayName",
+ )
+ properties.metadata = AAZDictType()
+ properties.mode = AAZStrType()
+ properties.parameters = AAZDictType()
+ properties.policy_rule = AAZDictType(
+ serialized_name="policyRule",
+ )
+ properties.policy_type = AAZStrType(
+ serialized_name="policyType",
+ )
+ properties.version = AAZStrType()
+ properties.versions = AAZListType()
+
+ metadata = cls._schema_on_200.properties.metadata
+ metadata.Element = AAZAnyType()
+
+ parameters = cls._schema_on_200.properties.parameters
+ parameters.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.properties.parameters.Element
+ _element.allowed_values = AAZListType(
+ serialized_name="allowedValues",
+ )
+ _element.default_value = AAZDictType(
+ serialized_name="defaultValue",
+ )
+ _element.metadata = AAZFreeFormDictType()
+ _element.schema = AAZDictType()
+ _element.type = AAZStrType()
+
+ allowed_values = cls._schema_on_200.properties.parameters.Element.allowed_values
+ allowed_values.Element = AAZDictType()
+
+ _element = cls._schema_on_200.properties.parameters.Element.allowed_values.Element
+ _element.Element = AAZAnyType()
+
+ default_value = cls._schema_on_200.properties.parameters.Element.default_value
+ default_value.Element = AAZAnyType()
+
+ schema = cls._schema_on_200.properties.parameters.Element.schema
+ schema.Element = AAZAnyType()
+
+ policy_rule = cls._schema_on_200.properties.policy_rule
+ policy_rule.Element = AAZAnyType()
+
+ versions = cls._schema_on_200.properties.versions
+ versions.Element = AAZStrType()
+
+ system_data = cls._schema_on_200.system_data
+ system_data.created_at = AAZStrType(
+ serialized_name="createdAt",
+ )
+ system_data.created_by = AAZStrType(
+ serialized_name="createdBy",
+ )
+ system_data.created_by_type = AAZStrType(
+ serialized_name="createdByType",
+ )
+ system_data.last_modified_at = AAZStrType(
+ serialized_name="lastModifiedAt",
+ )
+ system_data.last_modified_by = AAZStrType(
+ serialized_name="lastModifiedBy",
+ )
+ system_data.last_modified_by_type = AAZStrType(
+ serialized_name="lastModifiedByType",
+ )
+
+ return cls._schema_on_200
+
+ class PolicyDefinitionsGet(AAZHttpOperation):
+ CLIENT_TYPE = "MgmtClient"
+
+ def __call__(self, *args, **kwargs):
+ request = self.make_request()
+ session = self.client.send_request(request=request, stream=False, **kwargs)
+ if session.http_response.status_code in [200]:
+ return self.on_200(session)
+
+ return self.on_error(session.http_response)
+
+ @property
+ def url(self):
+ return self.client.format_url(
+ "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}",
+ **self.url_parameters
+ )
+
+ @property
+ def method(self):
+ return "GET"
+
+ @property
+ def error_format(self):
+ return "MgmtErrorFormat"
+
+ @property
+ def url_parameters(self):
+ parameters = {
+ **self.serialize_url_param(
+ "policyDefinitionName", self.ctx.args.name,
+ required=True,
+ ),
+ **self.serialize_url_param(
+ "subscriptionId", self.ctx.subscription_id,
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def query_parameters(self):
+ parameters = {
+ **self.serialize_query_param(
+ "api-version", "2024-05-01",
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def header_parameters(self):
+ parameters = {
+ **self.serialize_header_param(
+ "Accept", "application/json",
+ ),
+ }
+ return parameters
+
+ def on_200(self, session):
+ data = self.deserialize_http_content(session)
+ self.ctx.set_var(
+ "instance",
+ data,
+ schema_builder=self._build_schema_on_200
+ )
+
+ _schema_on_200 = None
+
+ @classmethod
+ def _build_schema_on_200(cls):
+ if cls._schema_on_200 is not None:
+ return cls._schema_on_200
+
+ cls._schema_on_200 = AAZObjectType()
+
+ _schema_on_200 = cls._schema_on_200
+ _schema_on_200.id = AAZStrType(
+ flags={"read_only": True},
+ )
+ _schema_on_200.name = AAZStrType(
+ flags={"read_only": True},
+ )
+ _schema_on_200.properties = AAZObjectType(
+ flags={"client_flatten": True},
+ )
+ _schema_on_200.system_data = AAZObjectType(
+ serialized_name="systemData",
+ flags={"read_only": True},
+ )
+ _schema_on_200.type = AAZStrType(
+ flags={"read_only": True},
+ )
+
+ properties = cls._schema_on_200.properties
+ properties.description = AAZStrType()
+ properties.display_name = AAZStrType(
+ serialized_name="displayName",
+ )
+ properties.metadata = AAZDictType()
+ properties.mode = AAZStrType()
+ properties.parameters = AAZDictType()
+ properties.policy_rule = AAZDictType(
+ serialized_name="policyRule",
+ )
+ properties.policy_type = AAZStrType(
+ serialized_name="policyType",
+ )
+ properties.version = AAZStrType()
+ properties.versions = AAZListType()
+
+ metadata = cls._schema_on_200.properties.metadata
+ metadata.Element = AAZAnyType()
+
+ parameters = cls._schema_on_200.properties.parameters
+ parameters.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.properties.parameters.Element
+ _element.allowed_values = AAZListType(
+ serialized_name="allowedValues",
+ )
+ _element.default_value = AAZDictType(
+ serialized_name="defaultValue",
+ )
+ _element.metadata = AAZFreeFormDictType()
+ _element.schema = AAZDictType()
+ _element.type = AAZStrType()
+
+ allowed_values = cls._schema_on_200.properties.parameters.Element.allowed_values
+ allowed_values.Element = AAZDictType()
+
+ _element = cls._schema_on_200.properties.parameters.Element.allowed_values.Element
+ _element.Element = AAZAnyType()
+
+ default_value = cls._schema_on_200.properties.parameters.Element.default_value
+ default_value.Element = AAZAnyType()
+
+ schema = cls._schema_on_200.properties.parameters.Element.schema
+ schema.Element = AAZAnyType()
+
+ policy_rule = cls._schema_on_200.properties.policy_rule
+ policy_rule.Element = AAZAnyType()
+
+ versions = cls._schema_on_200.properties.versions
+ versions.Element = AAZStrType()
+
+ system_data = cls._schema_on_200.system_data
+ system_data.created_at = AAZStrType(
+ serialized_name="createdAt",
+ )
+ system_data.created_by = AAZStrType(
+ serialized_name="createdBy",
+ )
+ system_data.created_by_type = AAZStrType(
+ serialized_name="createdByType",
+ )
+ system_data.last_modified_at = AAZStrType(
+ serialized_name="lastModifiedAt",
+ )
+ system_data.last_modified_by = AAZStrType(
+ serialized_name="lastModifiedBy",
+ )
+ system_data.last_modified_by_type = AAZStrType(
+ serialized_name="lastModifiedByType",
+ )
+
+ return cls._schema_on_200
+
+
+class _ShowHelper:
+ """Helper class for Show"""
+
+
+__all__ = ["Show"]
diff --git a/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/definition/_show_untitled1.py b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/definition/_show_untitled1.py
new file mode 100644
index 00000000000..50b14314fae
--- /dev/null
+++ b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/definition/_show_untitled1.py
@@ -0,0 +1,237 @@
+# --------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for license information.
+#
+# Code generated by aaz-dev-tools
+# --------------------------------------------------------------------------------------------
+
+# pylint: skip-file
+# flake8: noqa
+
+from azure.cli.core.aaz import *
+
+
+class ShowUntitled1(AAZCommand):
+ """Get operation retrieves the built-in policy definition with the given name.
+ """
+
+ _aaz_info = {
+ "version": "2024-05-01",
+ "resources": [
+ ["mgmt-plane", "/providers/microsoft.authorization/policydefinitions/{}", "2024-05-01"],
+ ]
+ }
+
+ def _handler(self, command_args):
+ super()._handler(command_args)
+ self._execute_operations()
+ return self._output()
+
+ _args_schema = None
+
+ @classmethod
+ def _build_arguments_schema(cls, *args, **kwargs):
+ if cls._args_schema is not None:
+ return cls._args_schema
+ cls._args_schema = super()._build_arguments_schema(*args, **kwargs)
+
+ # define Arg Group ""
+
+ _args_schema = cls._args_schema
+ _args_schema.name = AAZStrArg(
+ options=["-n", "--name"],
+ help="The name of the policy definition to create.",
+ required=True,
+ fmt=AAZStrArgFormat(
+ pattern="^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$",
+ ),
+ )
+ return cls._args_schema
+
+ def _execute_operations(self):
+ self.pre_operations()
+ self.PolicyDefinitionsGetBuiltIn(ctx=self.ctx)()
+ self.post_operations()
+
+ @register_callback
+ def pre_operations(self):
+ pass
+
+ @register_callback
+ def post_operations(self):
+ pass
+
+ def _output(self, *args, **kwargs):
+ result = self.deserialize_output(self.ctx.vars.instance, client_flatten=True)
+ return result
+
+ class PolicyDefinitionsGetBuiltIn(AAZHttpOperation):
+ CLIENT_TYPE = "MgmtClient"
+
+ def __call__(self, *args, **kwargs):
+ request = self.make_request()
+ session = self.client.send_request(request=request, stream=False, **kwargs)
+ if session.http_response.status_code in [200]:
+ return self.on_200(session)
+
+ return self.on_error(session.http_response)
+
+ @property
+ def url(self):
+ return self.client.format_url(
+ "/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}",
+ **self.url_parameters
+ )
+
+ @property
+ def method(self):
+ return "GET"
+
+ @property
+ def error_format(self):
+ return "MgmtErrorFormat"
+
+ @property
+ def url_parameters(self):
+ parameters = {
+ **self.serialize_url_param(
+ "policyDefinitionName", self.ctx.args.name,
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def query_parameters(self):
+ parameters = {
+ **self.serialize_query_param(
+ "api-version", "2024-05-01",
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def header_parameters(self):
+ parameters = {
+ **self.serialize_header_param(
+ "Accept", "application/json",
+ ),
+ }
+ return parameters
+
+ def on_200(self, session):
+ data = self.deserialize_http_content(session)
+ self.ctx.set_var(
+ "instance",
+ data,
+ schema_builder=self._build_schema_on_200
+ )
+
+ _schema_on_200 = None
+
+ @classmethod
+ def _build_schema_on_200(cls):
+ if cls._schema_on_200 is not None:
+ return cls._schema_on_200
+
+ cls._schema_on_200 = AAZObjectType()
+
+ _schema_on_200 = cls._schema_on_200
+ _schema_on_200.id = AAZStrType(
+ flags={"read_only": True},
+ )
+ _schema_on_200.name = AAZStrType(
+ flags={"read_only": True},
+ )
+ _schema_on_200.properties = AAZObjectType(
+ flags={"client_flatten": True},
+ )
+ _schema_on_200.system_data = AAZObjectType(
+ serialized_name="systemData",
+ flags={"read_only": True},
+ )
+ _schema_on_200.type = AAZStrType(
+ flags={"read_only": True},
+ )
+
+ properties = cls._schema_on_200.properties
+ properties.description = AAZStrType()
+ properties.display_name = AAZStrType(
+ serialized_name="displayName",
+ )
+ properties.metadata = AAZDictType()
+ properties.mode = AAZStrType()
+ properties.parameters = AAZDictType()
+ properties.policy_rule = AAZDictType(
+ serialized_name="policyRule",
+ )
+ properties.policy_type = AAZStrType(
+ serialized_name="policyType",
+ )
+ properties.version = AAZStrType()
+ properties.versions = AAZListType()
+
+ metadata = cls._schema_on_200.properties.metadata
+ metadata.Element = AAZAnyType()
+
+ parameters = cls._schema_on_200.properties.parameters
+ parameters.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.properties.parameters.Element
+ _element.allowed_values = AAZListType(
+ serialized_name="allowedValues",
+ )
+ _element.default_value = AAZDictType(
+ serialized_name="defaultValue",
+ )
+ _element.metadata = AAZFreeFormDictType()
+ _element.schema = AAZDictType()
+ _element.type = AAZStrType()
+
+ allowed_values = cls._schema_on_200.properties.parameters.Element.allowed_values
+ allowed_values.Element = AAZDictType()
+
+ _element = cls._schema_on_200.properties.parameters.Element.allowed_values.Element
+ _element.Element = AAZAnyType()
+
+ default_value = cls._schema_on_200.properties.parameters.Element.default_value
+ default_value.Element = AAZAnyType()
+
+ schema = cls._schema_on_200.properties.parameters.Element.schema
+ schema.Element = AAZAnyType()
+
+ policy_rule = cls._schema_on_200.properties.policy_rule
+ policy_rule.Element = AAZAnyType()
+
+ versions = cls._schema_on_200.properties.versions
+ versions.Element = AAZStrType()
+
+ system_data = cls._schema_on_200.system_data
+ system_data.created_at = AAZStrType(
+ serialized_name="createdAt",
+ )
+ system_data.created_by = AAZStrType(
+ serialized_name="createdBy",
+ )
+ system_data.created_by_type = AAZStrType(
+ serialized_name="createdByType",
+ )
+ system_data.last_modified_at = AAZStrType(
+ serialized_name="lastModifiedAt",
+ )
+ system_data.last_modified_by = AAZStrType(
+ serialized_name="lastModifiedBy",
+ )
+ system_data.last_modified_by_type = AAZStrType(
+ serialized_name="lastModifiedByType",
+ )
+
+ return cls._schema_on_200
+
+
+class _ShowUntitled1Helper:
+ """Helper class for ShowUntitled1"""
+
+
+__all__ = ["ShowUntitled1"]
diff --git a/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/definition/_update.py b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/definition/_update.py
new file mode 100644
index 00000000000..e4834ff032d
--- /dev/null
+++ b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/definition/_update.py
@@ -0,0 +1,751 @@
+# --------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for license information.
+#
+# Code generated by aaz-dev-tools
+# --------------------------------------------------------------------------------------------
+
+# pylint: skip-file
+# flake8: noqa
+
+from azure.cli.core.aaz import *
+
+
+class Update(AAZCommand):
+ """Update operation creates or updates a policy definition in the given management group with the given name.
+ """
+
+ _aaz_info = {
+ "version": "2024-05-01",
+ "resources": [
+ ["mgmt-plane", "/providers/microsoft.management/managementgroups/{}/providers/microsoft.authorization/policydefinitions/{}", "2024-05-01"],
+ ["mgmt-plane", "/subscriptions/{}/providers/microsoft.authorization/policydefinitions/{}", "2024-05-01"],
+ ]
+ }
+
+ AZ_SUPPORT_GENERIC_UPDATE = True
+
+ def _handler(self, command_args):
+ super()._handler(command_args)
+ self._execute_operations()
+ return self._output()
+
+ _args_schema = None
+
+ @classmethod
+ def _build_arguments_schema(cls, *args, **kwargs):
+ if cls._args_schema is not None:
+ return cls._args_schema
+ cls._args_schema = super()._build_arguments_schema(*args, **kwargs)
+
+ # define Arg Group ""
+
+ _args_schema = cls._args_schema
+ _args_schema.management_group = AAZStrArg(
+ options=["--management-group"],
+ help="The ID of the management group.",
+ )
+ _args_schema.name = AAZStrArg(
+ options=["-n", "--name"],
+ help="The name of the policy definition to create.",
+ required=True,
+ fmt=AAZStrArgFormat(
+ pattern="^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$",
+ ),
+ )
+
+ # define Arg Group "Properties"
+
+ _args_schema = cls._args_schema
+ _args_schema.description = AAZStrArg(
+ options=["--description"],
+ arg_group="Properties",
+ help="The policy definition description.",
+ nullable=True,
+ )
+ _args_schema.display_name = AAZStrArg(
+ options=["--display-name"],
+ arg_group="Properties",
+ help="The display name of the policy definition.",
+ nullable=True,
+ )
+ _args_schema.metadata = AAZDictArg(
+ options=["--metadata"],
+ arg_group="Properties",
+ help="The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs.",
+ nullable=True,
+ )
+ _args_schema.mode = AAZStrArg(
+ options=["-m", "--mode"],
+ arg_group="Properties",
+ help="The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data.",
+ nullable=True,
+ )
+ _args_schema.params = AAZDictArg(
+ options=["-p", "--params"],
+ arg_group="Properties",
+ help="The parameter definitions for parameters used in the policy rule. The keys are the parameter names.",
+ nullable=True,
+ )
+ _args_schema.rules = AAZDictArg(
+ options=["--rule", "--rules"],
+ arg_group="Properties",
+ help="The policy rule.",
+ nullable=True,
+ )
+ _args_schema.version = AAZStrArg(
+ options=["--version"],
+ arg_group="Properties",
+ help="The policy definition version in #.#.# format.",
+ nullable=True,
+ )
+ _args_schema.versions = AAZListArg(
+ options=["--versions"],
+ arg_group="Properties",
+ help="A list of available versions for this policy definition.",
+ nullable=True,
+ )
+
+ metadata = cls._args_schema.metadata
+ metadata.Element = AAZAnyTypeArg(
+ nullable=True,
+ )
+
+ params = cls._args_schema.params
+ params.Element = AAZObjectArg(
+ nullable=True,
+ )
+
+ _element = cls._args_schema.params.Element
+ _element.allowed_values = AAZListArg(
+ options=["allowed-values"],
+ help="The allowed values for the parameter.",
+ nullable=True,
+ )
+ _element.default_value = AAZDictArg(
+ options=["default-value"],
+ help="The default value for the parameter if no value is provided.",
+ nullable=True,
+ )
+ _element.metadata = AAZFreeFormDictArg(
+ options=["metadata"],
+ help="General metadata for the parameter.",
+ nullable=True,
+ )
+ _element.schema = AAZDictArg(
+ options=["schema"],
+ help="Provides validation of parameter inputs during assignment using a self-defined JSON schema. This property is only supported for object-type parameters and follows the Json.NET Schema 2019-09 implementation. You can learn more about using schemas at https://json-schema.org/ and test draft schemas at https://www.jsonschemavalidator.net/.",
+ nullable=True,
+ )
+ _element.type = AAZStrArg(
+ options=["type"],
+ help="The data type of the parameter.",
+ nullable=True,
+ enum={"Array": "Array", "Boolean": "Boolean", "DateTime": "DateTime", "Float": "Float", "Integer": "Integer", "Object": "Object", "String": "String"},
+ )
+
+ allowed_values = cls._args_schema.params.Element.allowed_values
+ allowed_values.Element = AAZDictArg(
+ nullable=True,
+ )
+
+ _element = cls._args_schema.params.Element.allowed_values.Element
+ _element.Element = AAZAnyTypeArg(
+ nullable=True,
+ )
+
+ default_value = cls._args_schema.params.Element.default_value
+ default_value.Element = AAZAnyTypeArg(
+ nullable=True,
+ )
+
+ schema = cls._args_schema.params.Element.schema
+ schema.Element = AAZAnyTypeArg(
+ nullable=True,
+ )
+
+ rules = cls._args_schema.rules
+ rules.Element = AAZAnyTypeArg(
+ nullable=True,
+ )
+
+ versions = cls._args_schema.versions
+ versions.Element = AAZStrArg(
+ nullable=True,
+ )
+ return cls._args_schema
+
+ def _execute_operations(self):
+ self.pre_operations()
+ condition_0 = has_value(self.ctx.args.management_group) and has_value(self.ctx.args.name)
+ condition_1 = has_value(self.ctx.args.name) and has_value(self.ctx.subscription_id)
+ condition_2 = has_value(self.ctx.args.management_group) and has_value(self.ctx.args.name)
+ condition_3 = has_value(self.ctx.args.name) and has_value(self.ctx.subscription_id)
+ if condition_0:
+ self.PolicyDefinitionsGetAtManagementGroup(ctx=self.ctx)()
+ if condition_1:
+ self.PolicyDefinitionsGet(ctx=self.ctx)()
+ self.pre_instance_update(self.ctx.vars.instance)
+ self.InstanceUpdateByJson(ctx=self.ctx)()
+ self.InstanceUpdateByGeneric(ctx=self.ctx)()
+ self.post_instance_update(self.ctx.vars.instance)
+ if condition_2:
+ self.PolicyDefinitionsCreateOrUpdateAtManagementGroup(ctx=self.ctx)()
+ if condition_3:
+ self.PolicyDefinitionsCreateOrUpdate(ctx=self.ctx)()
+ self.post_operations()
+
+ @register_callback
+ def pre_operations(self):
+ pass
+
+ @register_callback
+ def post_operations(self):
+ pass
+
+ @register_callback
+ def pre_instance_update(self, instance):
+ pass
+
+ @register_callback
+ def post_instance_update(self, instance):
+ pass
+
+ def _output(self, *args, **kwargs):
+ result = self.deserialize_output(self.ctx.vars.instance, client_flatten=True)
+ return result
+
+ class PolicyDefinitionsGetAtManagementGroup(AAZHttpOperation):
+ CLIENT_TYPE = "MgmtClient"
+
+ def __call__(self, *args, **kwargs):
+ request = self.make_request()
+ session = self.client.send_request(request=request, stream=False, **kwargs)
+ if session.http_response.status_code in [200]:
+ return self.on_200(session)
+
+ return self.on_error(session.http_response)
+
+ @property
+ def url(self):
+ return self.client.format_url(
+ "/providers/Microsoft.Management/managementGroups/{managementGroupId}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}",
+ **self.url_parameters
+ )
+
+ @property
+ def method(self):
+ return "GET"
+
+ @property
+ def error_format(self):
+ return "MgmtErrorFormat"
+
+ @property
+ def url_parameters(self):
+ parameters = {
+ **self.serialize_url_param(
+ "managementGroupId", self.ctx.args.management_group,
+ required=True,
+ ),
+ **self.serialize_url_param(
+ "policyDefinitionName", self.ctx.args.name,
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def query_parameters(self):
+ parameters = {
+ **self.serialize_query_param(
+ "api-version", "2024-05-01",
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def header_parameters(self):
+ parameters = {
+ **self.serialize_header_param(
+ "Accept", "application/json",
+ ),
+ }
+ return parameters
+
+ def on_200(self, session):
+ data = self.deserialize_http_content(session)
+ self.ctx.set_var(
+ "instance",
+ data,
+ schema_builder=self._build_schema_on_200
+ )
+
+ _schema_on_200 = None
+
+ @classmethod
+ def _build_schema_on_200(cls):
+ if cls._schema_on_200 is not None:
+ return cls._schema_on_200
+
+ cls._schema_on_200 = AAZObjectType()
+ _UpdateHelper._build_schema_policy_definition_read(cls._schema_on_200)
+
+ return cls._schema_on_200
+
+ class PolicyDefinitionsGet(AAZHttpOperation):
+ CLIENT_TYPE = "MgmtClient"
+
+ def __call__(self, *args, **kwargs):
+ request = self.make_request()
+ session = self.client.send_request(request=request, stream=False, **kwargs)
+ if session.http_response.status_code in [200]:
+ return self.on_200(session)
+
+ return self.on_error(session.http_response)
+
+ @property
+ def url(self):
+ return self.client.format_url(
+ "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}",
+ **self.url_parameters
+ )
+
+ @property
+ def method(self):
+ return "GET"
+
+ @property
+ def error_format(self):
+ return "MgmtErrorFormat"
+
+ @property
+ def url_parameters(self):
+ parameters = {
+ **self.serialize_url_param(
+ "policyDefinitionName", self.ctx.args.name,
+ required=True,
+ ),
+ **self.serialize_url_param(
+ "subscriptionId", self.ctx.subscription_id,
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def query_parameters(self):
+ parameters = {
+ **self.serialize_query_param(
+ "api-version", "2024-05-01",
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def header_parameters(self):
+ parameters = {
+ **self.serialize_header_param(
+ "Accept", "application/json",
+ ),
+ }
+ return parameters
+
+ def on_200(self, session):
+ data = self.deserialize_http_content(session)
+ self.ctx.set_var(
+ "instance",
+ data,
+ schema_builder=self._build_schema_on_200
+ )
+
+ _schema_on_200 = None
+
+ @classmethod
+ def _build_schema_on_200(cls):
+ if cls._schema_on_200 is not None:
+ return cls._schema_on_200
+
+ cls._schema_on_200 = AAZObjectType()
+ _UpdateHelper._build_schema_policy_definition_read(cls._schema_on_200)
+
+ return cls._schema_on_200
+
+ class PolicyDefinitionsCreateOrUpdateAtManagementGroup(AAZHttpOperation):
+ CLIENT_TYPE = "MgmtClient"
+
+ def __call__(self, *args, **kwargs):
+ request = self.make_request()
+ session = self.client.send_request(request=request, stream=False, **kwargs)
+ if session.http_response.status_code in [201]:
+ return self.on_201(session)
+
+ return self.on_error(session.http_response)
+
+ @property
+ def url(self):
+ return self.client.format_url(
+ "/providers/Microsoft.Management/managementGroups/{managementGroupId}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}",
+ **self.url_parameters
+ )
+
+ @property
+ def method(self):
+ return "PUT"
+
+ @property
+ def error_format(self):
+ return "MgmtErrorFormat"
+
+ @property
+ def url_parameters(self):
+ parameters = {
+ **self.serialize_url_param(
+ "managementGroupId", self.ctx.args.management_group,
+ required=True,
+ ),
+ **self.serialize_url_param(
+ "policyDefinitionName", self.ctx.args.name,
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def query_parameters(self):
+ parameters = {
+ **self.serialize_query_param(
+ "api-version", "2024-05-01",
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def header_parameters(self):
+ parameters = {
+ **self.serialize_header_param(
+ "Content-Type", "application/json",
+ ),
+ **self.serialize_header_param(
+ "Accept", "application/json",
+ ),
+ }
+ return parameters
+
+ @property
+ def content(self):
+ _content_value, _builder = self.new_content_builder(
+ self.ctx.args,
+ value=self.ctx.vars.instance,
+ )
+
+ return self.serialize_content(_content_value)
+
+ def on_201(self, session):
+ data = self.deserialize_http_content(session)
+ self.ctx.set_var(
+ "instance",
+ data,
+ schema_builder=self._build_schema_on_201
+ )
+
+ _schema_on_201 = None
+
+ @classmethod
+ def _build_schema_on_201(cls):
+ if cls._schema_on_201 is not None:
+ return cls._schema_on_201
+
+ cls._schema_on_201 = AAZObjectType()
+ _UpdateHelper._build_schema_policy_definition_read(cls._schema_on_201)
+
+ return cls._schema_on_201
+
+ class PolicyDefinitionsCreateOrUpdate(AAZHttpOperation):
+ CLIENT_TYPE = "MgmtClient"
+
+ def __call__(self, *args, **kwargs):
+ request = self.make_request()
+ session = self.client.send_request(request=request, stream=False, **kwargs)
+ if session.http_response.status_code in [201]:
+ return self.on_201(session)
+
+ return self.on_error(session.http_response)
+
+ @property
+ def url(self):
+ return self.client.format_url(
+ "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}",
+ **self.url_parameters
+ )
+
+ @property
+ def method(self):
+ return "PUT"
+
+ @property
+ def error_format(self):
+ return "MgmtErrorFormat"
+
+ @property
+ def url_parameters(self):
+ parameters = {
+ **self.serialize_url_param(
+ "policyDefinitionName", self.ctx.args.name,
+ required=True,
+ ),
+ **self.serialize_url_param(
+ "subscriptionId", self.ctx.subscription_id,
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def query_parameters(self):
+ parameters = {
+ **self.serialize_query_param(
+ "api-version", "2024-05-01",
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def header_parameters(self):
+ parameters = {
+ **self.serialize_header_param(
+ "Content-Type", "application/json",
+ ),
+ **self.serialize_header_param(
+ "Accept", "application/json",
+ ),
+ }
+ return parameters
+
+ @property
+ def content(self):
+ _content_value, _builder = self.new_content_builder(
+ self.ctx.args,
+ value=self.ctx.vars.instance,
+ )
+
+ return self.serialize_content(_content_value)
+
+ def on_201(self, session):
+ data = self.deserialize_http_content(session)
+ self.ctx.set_var(
+ "instance",
+ data,
+ schema_builder=self._build_schema_on_201
+ )
+
+ _schema_on_201 = None
+
+ @classmethod
+ def _build_schema_on_201(cls):
+ if cls._schema_on_201 is not None:
+ return cls._schema_on_201
+
+ cls._schema_on_201 = AAZObjectType()
+ _UpdateHelper._build_schema_policy_definition_read(cls._schema_on_201)
+
+ return cls._schema_on_201
+
+ class InstanceUpdateByJson(AAZJsonInstanceUpdateOperation):
+
+ def __call__(self, *args, **kwargs):
+ self._update_instance(self.ctx.vars.instance)
+
+ def _update_instance(self, instance):
+ _instance_value, _builder = self.new_content_builder(
+ self.ctx.args,
+ value=instance,
+ typ=AAZObjectType
+ )
+ _builder.set_prop("properties", AAZObjectType, typ_kwargs={"flags": {"client_flatten": True}})
+
+ properties = _builder.get(".properties")
+ if properties is not None:
+ properties.set_prop("description", AAZStrType, ".description")
+ properties.set_prop("displayName", AAZStrType, ".display_name")
+ properties.set_prop("metadata", AAZDictType, ".metadata")
+ properties.set_prop("mode", AAZStrType, ".mode")
+ properties.set_prop("parameters", AAZDictType, ".params")
+ properties.set_prop("policyRule", AAZDictType, ".rules")
+ properties.set_prop("version", AAZStrType, ".version")
+ properties.set_prop("versions", AAZListType, ".versions")
+
+ metadata = _builder.get(".properties.metadata")
+ if metadata is not None:
+ metadata.set_elements(AAZAnyType, ".")
+
+ parameters = _builder.get(".properties.parameters")
+ if parameters is not None:
+ parameters.set_elements(AAZObjectType, ".")
+
+ _elements = _builder.get(".properties.parameters{}")
+ if _elements is not None:
+ _elements.set_prop("allowedValues", AAZListType, ".allowed_values")
+ _elements.set_prop("defaultValue", AAZDictType, ".default_value")
+ _elements.set_prop("metadata", AAZFreeFormDictType, ".metadata")
+ _elements.set_prop("schema", AAZDictType, ".schema")
+ _elements.set_prop("type", AAZStrType, ".type")
+
+ allowed_values = _builder.get(".properties.parameters{}.allowedValues")
+ if allowed_values is not None:
+ allowed_values.set_elements(AAZDictType, ".")
+
+ _elements = _builder.get(".properties.parameters{}.allowedValues[]")
+ if _elements is not None:
+ _elements.set_elements(AAZAnyType, ".")
+
+ default_value = _builder.get(".properties.parameters{}.defaultValue")
+ if default_value is not None:
+ default_value.set_elements(AAZAnyType, ".")
+
+ metadata = _builder.get(".properties.parameters{}.metadata")
+ if metadata is not None:
+ metadata.set_anytype_elements(".")
+
+ schema = _builder.get(".properties.parameters{}.schema")
+ if schema is not None:
+ schema.set_elements(AAZAnyType, ".")
+
+ policy_rule = _builder.get(".properties.policyRule")
+ if policy_rule is not None:
+ policy_rule.set_elements(AAZAnyType, ".")
+
+ versions = _builder.get(".properties.versions")
+ if versions is not None:
+ versions.set_elements(AAZStrType, ".")
+
+ return _instance_value
+
+ class InstanceUpdateByGeneric(AAZGenericInstanceUpdateOperation):
+
+ def __call__(self, *args, **kwargs):
+ self._update_instance_by_generic(
+ self.ctx.vars.instance,
+ self.ctx.generic_update_args
+ )
+
+
+class _UpdateHelper:
+ """Helper class for Update"""
+
+ _schema_policy_definition_read = None
+
+ @classmethod
+ def _build_schema_policy_definition_read(cls, _schema):
+ if cls._schema_policy_definition_read is not None:
+ _schema.id = cls._schema_policy_definition_read.id
+ _schema.name = cls._schema_policy_definition_read.name
+ _schema.properties = cls._schema_policy_definition_read.properties
+ _schema.system_data = cls._schema_policy_definition_read.system_data
+ _schema.type = cls._schema_policy_definition_read.type
+ return
+
+ cls._schema_policy_definition_read = _schema_policy_definition_read = AAZObjectType()
+
+ policy_definition_read = _schema_policy_definition_read
+ policy_definition_read.id = AAZStrType(
+ flags={"read_only": True},
+ )
+ policy_definition_read.name = AAZStrType(
+ flags={"read_only": True},
+ )
+ policy_definition_read.properties = AAZObjectType(
+ flags={"client_flatten": True},
+ )
+ policy_definition_read.system_data = AAZObjectType(
+ serialized_name="systemData",
+ flags={"read_only": True},
+ )
+ policy_definition_read.type = AAZStrType(
+ flags={"read_only": True},
+ )
+
+ properties = _schema_policy_definition_read.properties
+ properties.description = AAZStrType()
+ properties.display_name = AAZStrType(
+ serialized_name="displayName",
+ )
+ properties.metadata = AAZDictType()
+ properties.mode = AAZStrType()
+ properties.parameters = AAZDictType()
+ properties.policy_rule = AAZDictType(
+ serialized_name="policyRule",
+ )
+ properties.policy_type = AAZStrType(
+ serialized_name="policyType",
+ )
+ properties.version = AAZStrType()
+ properties.versions = AAZListType()
+
+ metadata = _schema_policy_definition_read.properties.metadata
+ metadata.Element = AAZAnyType()
+
+ parameters = _schema_policy_definition_read.properties.parameters
+ parameters.Element = AAZObjectType()
+
+ _element = _schema_policy_definition_read.properties.parameters.Element
+ _element.allowed_values = AAZListType(
+ serialized_name="allowedValues",
+ )
+ _element.default_value = AAZDictType(
+ serialized_name="defaultValue",
+ )
+ _element.metadata = AAZFreeFormDictType()
+ _element.schema = AAZDictType()
+ _element.type = AAZStrType()
+
+ allowed_values = _schema_policy_definition_read.properties.parameters.Element.allowed_values
+ allowed_values.Element = AAZDictType()
+
+ _element = _schema_policy_definition_read.properties.parameters.Element.allowed_values.Element
+ _element.Element = AAZAnyType()
+
+ default_value = _schema_policy_definition_read.properties.parameters.Element.default_value
+ default_value.Element = AAZAnyType()
+
+ schema = _schema_policy_definition_read.properties.parameters.Element.schema
+ schema.Element = AAZAnyType()
+
+ policy_rule = _schema_policy_definition_read.properties.policy_rule
+ policy_rule.Element = AAZAnyType()
+
+ versions = _schema_policy_definition_read.properties.versions
+ versions.Element = AAZStrType()
+
+ system_data = _schema_policy_definition_read.system_data
+ system_data.created_at = AAZStrType(
+ serialized_name="createdAt",
+ )
+ system_data.created_by = AAZStrType(
+ serialized_name="createdBy",
+ )
+ system_data.created_by_type = AAZStrType(
+ serialized_name="createdByType",
+ )
+ system_data.last_modified_at = AAZStrType(
+ serialized_name="lastModifiedAt",
+ )
+ system_data.last_modified_by = AAZStrType(
+ serialized_name="lastModifiedBy",
+ )
+ system_data.last_modified_by_type = AAZStrType(
+ serialized_name="lastModifiedByType",
+ )
+
+ _schema.id = cls._schema_policy_definition_read.id
+ _schema.name = cls._schema_policy_definition_read.name
+ _schema.properties = cls._schema_policy_definition_read.properties
+ _schema.system_data = cls._schema_policy_definition_read.system_data
+ _schema.type = cls._schema_policy_definition_read.type
+
+
+__all__ = ["Update"]
diff --git a/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/exemption/__cmd_group.py b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/exemption/__cmd_group.py
new file mode 100644
index 00000000000..54283a71ce8
--- /dev/null
+++ b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/exemption/__cmd_group.py
@@ -0,0 +1,22 @@
+# --------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for license information.
+#
+# Code generated by aaz-dev-tools
+# --------------------------------------------------------------------------------------------
+
+# pylint: skip-file
+# flake8: noqa
+
+from azure.cli.core.aaz import *
+
+
+class __CMDGroup(AAZCommandGroup):
+ """Manage policy exemptions.
+
+ Manage policy exemptions, which specify resources that a policy assignment does not apply to.
+ """
+ pass
+
+
+__all__ = ["__CMDGroup"]
diff --git a/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/exemption/__init__.py b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/exemption/__init__.py
new file mode 100644
index 00000000000..9752cfd8cf3
--- /dev/null
+++ b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/exemption/__init__.py
@@ -0,0 +1,17 @@
+# --------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for license information.
+#
+# Code generated by aaz-dev-tools
+# --------------------------------------------------------------------------------------------
+
+# pylint: skip-file
+# flake8: noqa
+
+from .__cmd_group import *
+from ._create import *
+from ._delete import *
+from ._list import *
+from ._list_untitled1 import *
+from ._show import *
+from ._update import *
diff --git a/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/exemption/_create.py b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/exemption/_create.py
new file mode 100644
index 00000000000..a5d9b8a473e
--- /dev/null
+++ b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/exemption/_create.py
@@ -0,0 +1,406 @@
+# --------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for license information.
+#
+# Code generated by aaz-dev-tools
+# --------------------------------------------------------------------------------------------
+
+# pylint: skip-file
+# flake8: noqa
+
+from azure.cli.core.aaz import *
+
+
+class Create(AAZCommand):
+ """Create This operation creates or updates a policy exemption with the given scope and name. Policy exemptions apply to all resources contained within their scope. For example, when you create a policy exemption at resource group scope for a policy assignment at the same or above level, the exemption exempts to all applicable resources in the resource group.
+ """
+
+ _aaz_info = {
+ "version": "2022-07-01-preview",
+ "resources": [
+ ["mgmt-plane", "/{scope}/providers/microsoft.authorization/policyexemptions/{}", "2022-07-01-preview"],
+ ]
+ }
+
+ def _handler(self, command_args):
+ super()._handler(command_args)
+ self._execute_operations()
+ return self._output()
+
+ _args_schema = None
+
+ @classmethod
+ def _build_arguments_schema(cls, *args, **kwargs):
+ if cls._args_schema is not None:
+ return cls._args_schema
+ cls._args_schema = super()._build_arguments_schema(*args, **kwargs)
+
+ # define Arg Group ""
+
+ _args_schema = cls._args_schema
+ _args_schema.name = AAZStrArg(
+ options=["-n", "--name"],
+ help="The name of the policy exemption to delete.",
+ required=True,
+ )
+ _args_schema.scope = AAZStrArg(
+ options=["--scope"],
+ help="The scope of the policy exemption. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'",
+ required=True,
+ )
+
+ # define Arg Group "Properties"
+
+ _args_schema = cls._args_schema
+ _args_schema.assignment_scope_validation = AAZStrArg(
+ options=["--assignment-scope-validation"],
+ arg_group="Properties",
+ help="The option whether validate the exemption is at or under the assignment scope.",
+ default="Default",
+ enum={"Default": "Default", "DoNotValidate": "DoNotValidate"},
+ )
+ _args_schema.description = AAZStrArg(
+ options=["--description"],
+ arg_group="Properties",
+ help="The description of the policy exemption.",
+ )
+ _args_schema.display_name = AAZStrArg(
+ options=["--display-name"],
+ arg_group="Properties",
+ help="The display name of the policy exemption.",
+ )
+ _args_schema.exemption_category = AAZStrArg(
+ options=["-e", "--exemption-category"],
+ arg_group="Properties",
+ help="The policy exemption category. Possible values are Waiver and Mitigated.",
+ required=True,
+ enum={"Mitigated": "Mitigated", "Waiver": "Waiver"},
+ )
+ _args_schema.expires_on = AAZDateTimeArg(
+ options=["--expires-on"],
+ arg_group="Properties",
+ help="The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption.",
+ )
+ _args_schema.metadata = AAZDictArg(
+ options=["--metadata"],
+ arg_group="Properties",
+ help="The policy exemption metadata. Metadata is an open ended object and is typically a collection of key value pairs.",
+ )
+ _args_schema.policy_assignment = AAZStrArg(
+ options=["-a", "--policy-assignment"],
+ arg_group="Properties",
+ help="The ID of the policy assignment that is being exempted.",
+ required=True,
+ )
+ _args_schema.policy_definition_reference_ids = AAZListArg(
+ options=["-r", "--policy-definition-reference-ids"],
+ arg_group="Properties",
+ help="The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition.",
+ )
+ _args_schema.resource_selectors = AAZListArg(
+ options=["--resource-selectors"],
+ arg_group="Properties",
+ help="The resource selector list to filter policies by resource properties.",
+ )
+
+ metadata = cls._args_schema.metadata
+ metadata.Element = AAZAnyTypeArg()
+
+ policy_definition_reference_ids = cls._args_schema.policy_definition_reference_ids
+ policy_definition_reference_ids.Element = AAZStrArg()
+
+ resource_selectors = cls._args_schema.resource_selectors
+ resource_selectors.Element = AAZObjectArg()
+
+ _element = cls._args_schema.resource_selectors.Element
+ _element.name = AAZStrArg(
+ options=["name"],
+ help="The name of the resource selector.",
+ )
+ _element.selectors = AAZListArg(
+ options=["selectors"],
+ help="The list of the selector expressions.",
+ )
+
+ selectors = cls._args_schema.resource_selectors.Element.selectors
+ selectors.Element = AAZObjectArg()
+
+ _element = cls._args_schema.resource_selectors.Element.selectors.Element
+ _element.in_ = AAZListArg(
+ options=["in"],
+ help="The list of values to filter in.",
+ )
+ _element.kind = AAZStrArg(
+ options=["kind"],
+ help="The selector kind.",
+ enum={"policyDefinitionReferenceId": "policyDefinitionReferenceId", "resourceLocation": "resourceLocation", "resourceType": "resourceType", "resourceWithoutLocation": "resourceWithoutLocation"},
+ )
+ _element.not_in = AAZListArg(
+ options=["not-in"],
+ help="The list of values to filter out.",
+ )
+
+ in_ = cls._args_schema.resource_selectors.Element.selectors.Element.in_
+ in_.Element = AAZStrArg()
+
+ not_in = cls._args_schema.resource_selectors.Element.selectors.Element.not_in
+ not_in.Element = AAZStrArg()
+ return cls._args_schema
+
+ def _execute_operations(self):
+ self.pre_operations()
+ self.PolicyExemptionsCreateOrUpdate(ctx=self.ctx)()
+ self.post_operations()
+
+ @register_callback
+ def pre_operations(self):
+ pass
+
+ @register_callback
+ def post_operations(self):
+ pass
+
+ def _output(self, *args, **kwargs):
+ result = self.deserialize_output(self.ctx.vars.instance, client_flatten=True)
+ return result
+
+ class PolicyExemptionsCreateOrUpdate(AAZHttpOperation):
+ CLIENT_TYPE = "MgmtClient"
+
+ def __call__(self, *args, **kwargs):
+ request = self.make_request()
+ session = self.client.send_request(request=request, stream=False, **kwargs)
+ if session.http_response.status_code in [200, 201]:
+ return self.on_200_201(session)
+
+ return self.on_error(session.http_response)
+
+ @property
+ def url(self):
+ return self.client.format_url(
+ "/{scope}/providers/Microsoft.Authorization/policyExemptions/{policyExemptionName}",
+ **self.url_parameters
+ )
+
+ @property
+ def method(self):
+ return "PUT"
+
+ @property
+ def error_format(self):
+ return "MgmtErrorFormat"
+
+ @property
+ def url_parameters(self):
+ parameters = {
+ **self.serialize_url_param(
+ "policyExemptionName", self.ctx.args.name,
+ required=True,
+ ),
+ **self.serialize_url_param(
+ "scope", self.ctx.args.scope,
+ skip_quote=True,
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def query_parameters(self):
+ parameters = {
+ **self.serialize_query_param(
+ "api-version", "2022-07-01-preview",
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def header_parameters(self):
+ parameters = {
+ **self.serialize_header_param(
+ "Content-Type", "application/json",
+ ),
+ **self.serialize_header_param(
+ "Accept", "application/json",
+ ),
+ }
+ return parameters
+
+ @property
+ def content(self):
+ _content_value, _builder = self.new_content_builder(
+ self.ctx.args,
+ typ=AAZObjectType,
+ typ_kwargs={"flags": {"required": True, "client_flatten": True}}
+ )
+ _builder.set_prop("properties", AAZObjectType, ".", typ_kwargs={"flags": {"required": True, "client_flatten": True}})
+
+ properties = _builder.get(".properties")
+ if properties is not None:
+ properties.set_prop("assignmentScopeValidation", AAZStrType, ".assignment_scope_validation")
+ properties.set_prop("description", AAZStrType, ".description")
+ properties.set_prop("displayName", AAZStrType, ".display_name")
+ properties.set_prop("exemptionCategory", AAZStrType, ".exemption_category", typ_kwargs={"flags": {"required": True}})
+ properties.set_prop("expiresOn", AAZStrType, ".expires_on")
+ properties.set_prop("metadata", AAZDictType, ".metadata")
+ properties.set_prop("policyAssignmentId", AAZStrType, ".policy_assignment", typ_kwargs={"flags": {"required": True}})
+ properties.set_prop("policyDefinitionReferenceIds", AAZListType, ".policy_definition_reference_ids")
+ properties.set_prop("resourceSelectors", AAZListType, ".resource_selectors")
+
+ metadata = _builder.get(".properties.metadata")
+ if metadata is not None:
+ metadata.set_elements(AAZAnyType, ".")
+
+ policy_definition_reference_ids = _builder.get(".properties.policyDefinitionReferenceIds")
+ if policy_definition_reference_ids is not None:
+ policy_definition_reference_ids.set_elements(AAZStrType, ".")
+
+ resource_selectors = _builder.get(".properties.resourceSelectors")
+ if resource_selectors is not None:
+ resource_selectors.set_elements(AAZObjectType, ".")
+
+ _elements = _builder.get(".properties.resourceSelectors[]")
+ if _elements is not None:
+ _elements.set_prop("name", AAZStrType, ".name")
+ _elements.set_prop("selectors", AAZListType, ".selectors")
+
+ selectors = _builder.get(".properties.resourceSelectors[].selectors")
+ if selectors is not None:
+ selectors.set_elements(AAZObjectType, ".")
+
+ _elements = _builder.get(".properties.resourceSelectors[].selectors[]")
+ if _elements is not None:
+ _elements.set_prop("in", AAZListType, ".in_")
+ _elements.set_prop("kind", AAZStrType, ".kind")
+ _elements.set_prop("notIn", AAZListType, ".not_in")
+
+ in_ = _builder.get(".properties.resourceSelectors[].selectors[].in")
+ if in_ is not None:
+ in_.set_elements(AAZStrType, ".")
+
+ not_in = _builder.get(".properties.resourceSelectors[].selectors[].notIn")
+ if not_in is not None:
+ not_in.set_elements(AAZStrType, ".")
+
+ return self.serialize_content(_content_value)
+
+ def on_200_201(self, session):
+ data = self.deserialize_http_content(session)
+ self.ctx.set_var(
+ "instance",
+ data,
+ schema_builder=self._build_schema_on_200_201
+ )
+
+ _schema_on_200_201 = None
+
+ @classmethod
+ def _build_schema_on_200_201(cls):
+ if cls._schema_on_200_201 is not None:
+ return cls._schema_on_200_201
+
+ cls._schema_on_200_201 = AAZObjectType()
+
+ _schema_on_200_201 = cls._schema_on_200_201
+ _schema_on_200_201.id = AAZStrType(
+ flags={"read_only": True},
+ )
+ _schema_on_200_201.name = AAZStrType(
+ flags={"read_only": True},
+ )
+ _schema_on_200_201.properties = AAZObjectType(
+ flags={"required": True, "client_flatten": True},
+ )
+ _schema_on_200_201.system_data = AAZObjectType(
+ serialized_name="systemData",
+ flags={"read_only": True},
+ )
+ _schema_on_200_201.type = AAZStrType(
+ flags={"read_only": True},
+ )
+
+ properties = cls._schema_on_200_201.properties
+ properties.assignment_scope_validation = AAZStrType(
+ serialized_name="assignmentScopeValidation",
+ )
+ properties.description = AAZStrType()
+ properties.display_name = AAZStrType(
+ serialized_name="displayName",
+ )
+ properties.exemption_category = AAZStrType(
+ serialized_name="exemptionCategory",
+ flags={"required": True},
+ )
+ properties.expires_on = AAZStrType(
+ serialized_name="expiresOn",
+ )
+ properties.metadata = AAZDictType()
+ properties.policy_assignment_id = AAZStrType(
+ serialized_name="policyAssignmentId",
+ flags={"required": True},
+ )
+ properties.policy_definition_reference_ids = AAZListType(
+ serialized_name="policyDefinitionReferenceIds",
+ )
+ properties.resource_selectors = AAZListType(
+ serialized_name="resourceSelectors",
+ )
+
+ metadata = cls._schema_on_200_201.properties.metadata
+ metadata.Element = AAZAnyType()
+
+ policy_definition_reference_ids = cls._schema_on_200_201.properties.policy_definition_reference_ids
+ policy_definition_reference_ids.Element = AAZStrType()
+
+ resource_selectors = cls._schema_on_200_201.properties.resource_selectors
+ resource_selectors.Element = AAZObjectType()
+
+ _element = cls._schema_on_200_201.properties.resource_selectors.Element
+ _element.name = AAZStrType()
+ _element.selectors = AAZListType()
+
+ selectors = cls._schema_on_200_201.properties.resource_selectors.Element.selectors
+ selectors.Element = AAZObjectType()
+
+ _element = cls._schema_on_200_201.properties.resource_selectors.Element.selectors.Element
+ _element["in"] = AAZListType()
+ _element.kind = AAZStrType()
+ _element.not_in = AAZListType(
+ serialized_name="notIn",
+ )
+
+ in_ = cls._schema_on_200_201.properties.resource_selectors.Element.selectors.Element["in"]
+ in_.Element = AAZStrType()
+
+ not_in = cls._schema_on_200_201.properties.resource_selectors.Element.selectors.Element.not_in
+ not_in.Element = AAZStrType()
+
+ system_data = cls._schema_on_200_201.system_data
+ system_data.created_at = AAZStrType(
+ serialized_name="createdAt",
+ )
+ system_data.created_by = AAZStrType(
+ serialized_name="createdBy",
+ )
+ system_data.created_by_type = AAZStrType(
+ serialized_name="createdByType",
+ )
+ system_data.last_modified_at = AAZStrType(
+ serialized_name="lastModifiedAt",
+ )
+ system_data.last_modified_by = AAZStrType(
+ serialized_name="lastModifiedBy",
+ )
+ system_data.last_modified_by_type = AAZStrType(
+ serialized_name="lastModifiedByType",
+ )
+
+ return cls._schema_on_200_201
+
+
+class _CreateHelper:
+ """Helper class for Create"""
+
+
+__all__ = ["Create"]
diff --git a/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/exemption/_delete.py b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/exemption/_delete.py
new file mode 100644
index 00000000000..2ba36f0b6dd
--- /dev/null
+++ b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/exemption/_delete.py
@@ -0,0 +1,130 @@
+# --------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for license information.
+#
+# Code generated by aaz-dev-tools
+# --------------------------------------------------------------------------------------------
+
+# pylint: skip-file
+# flake8: noqa
+
+from azure.cli.core.aaz import *
+
+
+class Delete(AAZCommand):
+ """Delete operation deletes a policy exemption, given its name and the scope it was created in. The scope of a policy exemption is the part of its ID preceding '/providers/Microsoft.Authorization/policyExemptions/{policyExemptionName}'.
+ """
+
+ _aaz_info = {
+ "version": "2022-07-01-preview",
+ "resources": [
+ ["mgmt-plane", "/{scope}/providers/microsoft.authorization/policyexemptions/{}", "2022-07-01-preview"],
+ ]
+ }
+
+ def _handler(self, command_args):
+ super()._handler(command_args)
+ self._execute_operations()
+ return None
+
+ _args_schema = None
+
+ @classmethod
+ def _build_arguments_schema(cls, *args, **kwargs):
+ if cls._args_schema is not None:
+ return cls._args_schema
+ cls._args_schema = super()._build_arguments_schema(*args, **kwargs)
+
+ # define Arg Group ""
+
+ _args_schema = cls._args_schema
+ _args_schema.name = AAZStrArg(
+ options=["-n", "--name"],
+ help="The name of the policy exemption to delete.",
+ required=True,
+ )
+ _args_schema.scope = AAZStrArg(
+ options=["--scope"],
+ help="The scope of the policy exemption. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'",
+ required=True,
+ )
+ return cls._args_schema
+
+ def _execute_operations(self):
+ self.pre_operations()
+ self.PolicyExemptionsDelete(ctx=self.ctx)()
+ self.post_operations()
+
+ @register_callback
+ def pre_operations(self):
+ pass
+
+ @register_callback
+ def post_operations(self):
+ pass
+
+ class PolicyExemptionsDelete(AAZHttpOperation):
+ CLIENT_TYPE = "MgmtClient"
+
+ def __call__(self, *args, **kwargs):
+ request = self.make_request()
+ session = self.client.send_request(request=request, stream=False, **kwargs)
+ if session.http_response.status_code in [200]:
+ return self.on_200(session)
+ if session.http_response.status_code in [204]:
+ return self.on_204(session)
+
+ return self.on_error(session.http_response)
+
+ @property
+ def url(self):
+ return self.client.format_url(
+ "/{scope}/providers/Microsoft.Authorization/policyExemptions/{policyExemptionName}",
+ **self.url_parameters
+ )
+
+ @property
+ def method(self):
+ return "DELETE"
+
+ @property
+ def error_format(self):
+ return "MgmtErrorFormat"
+
+ @property
+ def url_parameters(self):
+ parameters = {
+ **self.serialize_url_param(
+ "policyExemptionName", self.ctx.args.name,
+ required=True,
+ ),
+ **self.serialize_url_param(
+ "scope", self.ctx.args.scope,
+ skip_quote=True,
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def query_parameters(self):
+ parameters = {
+ **self.serialize_query_param(
+ "api-version", "2022-07-01-preview",
+ required=True,
+ ),
+ }
+ return parameters
+
+ def on_200(self, session):
+ pass
+
+ def on_204(self, session):
+ pass
+
+
+class _DeleteHelper:
+ """Helper class for Delete"""
+
+
+__all__ = ["Delete"]
diff --git a/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/exemption/_list.py b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/exemption/_list.py
new file mode 100644
index 00000000000..1ecc7c580a5
--- /dev/null
+++ b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/exemption/_list.py
@@ -0,0 +1,633 @@
+# --------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for license information.
+#
+# Code generated by aaz-dev-tools
+# --------------------------------------------------------------------------------------------
+
+# pylint: skip-file
+# flake8: noqa
+
+from azure.cli.core.aaz import *
+
+
+class List(AAZCommand):
+ """List operation retrieves the list of all policy exemptions applicable to the management group that match the given $filter. Valid values for $filter are: 'atScope()', 'atExactScope()', 'excludeExpired()' or 'policyAssignmentId eq '{value}''. If $filter=atScope() is provided, the returned list includes all policy exemptions that are assigned to the management group or the management group's ancestors.
+ """
+
+ _aaz_info = {
+ "version": "2022-07-01-preview",
+ "resources": [
+ ["mgmt-plane", "/providers/microsoft.management/managementgroups/{}/providers/microsoft.authorization/policyexemptions", "2022-07-01-preview"],
+ ["mgmt-plane", "/subscriptions/{}/providers/microsoft.authorization/policyexemptions", "2022-07-01-preview"],
+ ["mgmt-plane", "/subscriptions/{}/resourcegroups/{}/providers/microsoft.authorization/policyexemptions", "2022-07-01-preview"],
+ ]
+ }
+
+ AZ_SUPPORT_PAGINATION = True
+
+ def _handler(self, command_args):
+ super()._handler(command_args)
+ return self.build_paging(self._execute_operations, self._output)
+
+ _args_schema = None
+
+ @classmethod
+ def _build_arguments_schema(cls, *args, **kwargs):
+ if cls._args_schema is not None:
+ return cls._args_schema
+ cls._args_schema = super()._build_arguments_schema(*args, **kwargs)
+
+ # define Arg Group ""
+
+ _args_schema = cls._args_schema
+ _args_schema.management_group = AAZStrArg(
+ options=["--management-group"],
+ help="The ID of the management group.",
+ )
+ _args_schema.resource_group = AAZResourceGroupNameArg()
+ _args_schema.filter = AAZStrArg(
+ options=["--filter"],
+ help="The filter to apply on the operation. Valid values for $filter are: 'atScope()', 'atExactScope()', 'excludeExpired()' or 'policyAssignmentId eq '{value}''. If $filter is not provided, no filtering is performed. If $filter is not provided, the unfiltered list includes all policy exemptions associated with the scope, including those that apply directly or apply from containing scopes. If $filter=atScope() is provided, the returned list only includes all policy exemptions that apply to the scope, which is everything in the unfiltered list except those applied to sub scopes contained within the given scope. If $filter=atExactScope() is provided, the returned list only includes all policy exemptions that at the given scope. If $filter=excludeExpired() is provided, the returned list only includes all policy exemptions that either haven't expired or didn't set expiration date. If $filter=policyAssignmentId eq '{value}' is provided. the returned list only includes all policy exemptions that are associated with the give policyAssignmentId.",
+ )
+ return cls._args_schema
+
+ def _execute_operations(self):
+ self.pre_operations()
+ condition_0 = has_value(self.ctx.args.management_group)
+ condition_1 = has_value(self.ctx.subscription_id) and has_value(self.ctx.args.resource_group) is not True
+ condition_2 = has_value(self.ctx.args.resource_group) and has_value(self.ctx.subscription_id)
+ if condition_0:
+ self.PolicyExemptionsListForManagementGroup(ctx=self.ctx)()
+ if condition_1:
+ self.PolicyExemptionsList(ctx=self.ctx)()
+ if condition_2:
+ self.PolicyExemptionsListForResourceGroup(ctx=self.ctx)()
+ self.post_operations()
+
+ @register_callback
+ def pre_operations(self):
+ pass
+
+ @register_callback
+ def post_operations(self):
+ pass
+
+ def _output(self, *args, **kwargs):
+ result = self.deserialize_output(self.ctx.vars.instance.value, client_flatten=True)
+ next_link = self.deserialize_output(self.ctx.vars.instance.next_link)
+ return result, next_link
+
+ class PolicyExemptionsListForManagementGroup(AAZHttpOperation):
+ CLIENT_TYPE = "MgmtClient"
+
+ def __call__(self, *args, **kwargs):
+ request = self.make_request()
+ session = self.client.send_request(request=request, stream=False, **kwargs)
+ if session.http_response.status_code in [200]:
+ return self.on_200(session)
+
+ return self.on_error(session.http_response)
+
+ @property
+ def url(self):
+ return self.client.format_url(
+ "/providers/Microsoft.Management/managementGroups/{managementGroupId}/providers/Microsoft.Authorization/policyExemptions",
+ **self.url_parameters
+ )
+
+ @property
+ def method(self):
+ return "GET"
+
+ @property
+ def error_format(self):
+ return "MgmtErrorFormat"
+
+ @property
+ def url_parameters(self):
+ parameters = {
+ **self.serialize_url_param(
+ "managementGroupId", self.ctx.args.management_group,
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def query_parameters(self):
+ parameters = {
+ **self.serialize_query_param(
+ "$filter", self.ctx.args.filter,
+ ),
+ **self.serialize_query_param(
+ "api-version", "2022-07-01-preview",
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def header_parameters(self):
+ parameters = {
+ **self.serialize_header_param(
+ "Accept", "application/json",
+ ),
+ }
+ return parameters
+
+ def on_200(self, session):
+ data = self.deserialize_http_content(session)
+ self.ctx.set_var(
+ "instance",
+ data,
+ schema_builder=self._build_schema_on_200
+ )
+
+ _schema_on_200 = None
+
+ @classmethod
+ def _build_schema_on_200(cls):
+ if cls._schema_on_200 is not None:
+ return cls._schema_on_200
+
+ cls._schema_on_200 = AAZObjectType()
+
+ _schema_on_200 = cls._schema_on_200
+ _schema_on_200.next_link = AAZStrType(
+ serialized_name="nextLink",
+ flags={"read_only": True},
+ )
+ _schema_on_200.value = AAZListType()
+
+ value = cls._schema_on_200.value
+ value.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.value.Element
+ _element.id = AAZStrType(
+ flags={"read_only": True},
+ )
+ _element.name = AAZStrType(
+ flags={"read_only": True},
+ )
+ _element.properties = AAZObjectType(
+ flags={"required": True, "client_flatten": True},
+ )
+ _element.system_data = AAZObjectType(
+ serialized_name="systemData",
+ flags={"read_only": True},
+ )
+ _element.type = AAZStrType(
+ flags={"read_only": True},
+ )
+
+ properties = cls._schema_on_200.value.Element.properties
+ properties.assignment_scope_validation = AAZStrType(
+ serialized_name="assignmentScopeValidation",
+ )
+ properties.description = AAZStrType()
+ properties.display_name = AAZStrType(
+ serialized_name="displayName",
+ )
+ properties.exemption_category = AAZStrType(
+ serialized_name="exemptionCategory",
+ flags={"required": True},
+ )
+ properties.expires_on = AAZStrType(
+ serialized_name="expiresOn",
+ )
+ properties.metadata = AAZDictType()
+ properties.policy_assignment_id = AAZStrType(
+ serialized_name="policyAssignmentId",
+ flags={"required": True},
+ )
+ properties.policy_definition_reference_ids = AAZListType(
+ serialized_name="policyDefinitionReferenceIds",
+ )
+ properties.resource_selectors = AAZListType(
+ serialized_name="resourceSelectors",
+ )
+
+ metadata = cls._schema_on_200.value.Element.properties.metadata
+ metadata.Element = AAZAnyType()
+
+ policy_definition_reference_ids = cls._schema_on_200.value.Element.properties.policy_definition_reference_ids
+ policy_definition_reference_ids.Element = AAZStrType()
+
+ resource_selectors = cls._schema_on_200.value.Element.properties.resource_selectors
+ resource_selectors.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.value.Element.properties.resource_selectors.Element
+ _element.name = AAZStrType()
+ _element.selectors = AAZListType()
+
+ selectors = cls._schema_on_200.value.Element.properties.resource_selectors.Element.selectors
+ selectors.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.value.Element.properties.resource_selectors.Element.selectors.Element
+ _element["in"] = AAZListType()
+ _element.kind = AAZStrType()
+ _element.not_in = AAZListType(
+ serialized_name="notIn",
+ )
+
+ in_ = cls._schema_on_200.value.Element.properties.resource_selectors.Element.selectors.Element["in"]
+ in_.Element = AAZStrType()
+
+ not_in = cls._schema_on_200.value.Element.properties.resource_selectors.Element.selectors.Element.not_in
+ not_in.Element = AAZStrType()
+
+ system_data = cls._schema_on_200.value.Element.system_data
+ system_data.created_at = AAZStrType(
+ serialized_name="createdAt",
+ )
+ system_data.created_by = AAZStrType(
+ serialized_name="createdBy",
+ )
+ system_data.created_by_type = AAZStrType(
+ serialized_name="createdByType",
+ )
+ system_data.last_modified_at = AAZStrType(
+ serialized_name="lastModifiedAt",
+ )
+ system_data.last_modified_by = AAZStrType(
+ serialized_name="lastModifiedBy",
+ )
+ system_data.last_modified_by_type = AAZStrType(
+ serialized_name="lastModifiedByType",
+ )
+
+ return cls._schema_on_200
+
+ class PolicyExemptionsList(AAZHttpOperation):
+ CLIENT_TYPE = "MgmtClient"
+
+ def __call__(self, *args, **kwargs):
+ request = self.make_request()
+ session = self.client.send_request(request=request, stream=False, **kwargs)
+ if session.http_response.status_code in [200]:
+ return self.on_200(session)
+
+ return self.on_error(session.http_response)
+
+ @property
+ def url(self):
+ return self.client.format_url(
+ "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyExemptions",
+ **self.url_parameters
+ )
+
+ @property
+ def method(self):
+ return "GET"
+
+ @property
+ def error_format(self):
+ return "MgmtErrorFormat"
+
+ @property
+ def url_parameters(self):
+ parameters = {
+ **self.serialize_url_param(
+ "subscriptionId", self.ctx.subscription_id,
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def query_parameters(self):
+ parameters = {
+ **self.serialize_query_param(
+ "$filter", self.ctx.args.filter,
+ ),
+ **self.serialize_query_param(
+ "api-version", "2022-07-01-preview",
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def header_parameters(self):
+ parameters = {
+ **self.serialize_header_param(
+ "Accept", "application/json",
+ ),
+ }
+ return parameters
+
+ def on_200(self, session):
+ data = self.deserialize_http_content(session)
+ self.ctx.set_var(
+ "instance",
+ data,
+ schema_builder=self._build_schema_on_200
+ )
+
+ _schema_on_200 = None
+
+ @classmethod
+ def _build_schema_on_200(cls):
+ if cls._schema_on_200 is not None:
+ return cls._schema_on_200
+
+ cls._schema_on_200 = AAZObjectType()
+
+ _schema_on_200 = cls._schema_on_200
+ _schema_on_200.next_link = AAZStrType(
+ serialized_name="nextLink",
+ flags={"read_only": True},
+ )
+ _schema_on_200.value = AAZListType()
+
+ value = cls._schema_on_200.value
+ value.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.value.Element
+ _element.id = AAZStrType(
+ flags={"read_only": True},
+ )
+ _element.name = AAZStrType(
+ flags={"read_only": True},
+ )
+ _element.properties = AAZObjectType(
+ flags={"required": True, "client_flatten": True},
+ )
+ _element.system_data = AAZObjectType(
+ serialized_name="systemData",
+ flags={"read_only": True},
+ )
+ _element.type = AAZStrType(
+ flags={"read_only": True},
+ )
+
+ properties = cls._schema_on_200.value.Element.properties
+ properties.assignment_scope_validation = AAZStrType(
+ serialized_name="assignmentScopeValidation",
+ )
+ properties.description = AAZStrType()
+ properties.display_name = AAZStrType(
+ serialized_name="displayName",
+ )
+ properties.exemption_category = AAZStrType(
+ serialized_name="exemptionCategory",
+ flags={"required": True},
+ )
+ properties.expires_on = AAZStrType(
+ serialized_name="expiresOn",
+ )
+ properties.metadata = AAZDictType()
+ properties.policy_assignment_id = AAZStrType(
+ serialized_name="policyAssignmentId",
+ flags={"required": True},
+ )
+ properties.policy_definition_reference_ids = AAZListType(
+ serialized_name="policyDefinitionReferenceIds",
+ )
+ properties.resource_selectors = AAZListType(
+ serialized_name="resourceSelectors",
+ )
+
+ metadata = cls._schema_on_200.value.Element.properties.metadata
+ metadata.Element = AAZAnyType()
+
+ policy_definition_reference_ids = cls._schema_on_200.value.Element.properties.policy_definition_reference_ids
+ policy_definition_reference_ids.Element = AAZStrType()
+
+ resource_selectors = cls._schema_on_200.value.Element.properties.resource_selectors
+ resource_selectors.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.value.Element.properties.resource_selectors.Element
+ _element.name = AAZStrType()
+ _element.selectors = AAZListType()
+
+ selectors = cls._schema_on_200.value.Element.properties.resource_selectors.Element.selectors
+ selectors.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.value.Element.properties.resource_selectors.Element.selectors.Element
+ _element["in"] = AAZListType()
+ _element.kind = AAZStrType()
+ _element.not_in = AAZListType(
+ serialized_name="notIn",
+ )
+
+ in_ = cls._schema_on_200.value.Element.properties.resource_selectors.Element.selectors.Element["in"]
+ in_.Element = AAZStrType()
+
+ not_in = cls._schema_on_200.value.Element.properties.resource_selectors.Element.selectors.Element.not_in
+ not_in.Element = AAZStrType()
+
+ system_data = cls._schema_on_200.value.Element.system_data
+ system_data.created_at = AAZStrType(
+ serialized_name="createdAt",
+ )
+ system_data.created_by = AAZStrType(
+ serialized_name="createdBy",
+ )
+ system_data.created_by_type = AAZStrType(
+ serialized_name="createdByType",
+ )
+ system_data.last_modified_at = AAZStrType(
+ serialized_name="lastModifiedAt",
+ )
+ system_data.last_modified_by = AAZStrType(
+ serialized_name="lastModifiedBy",
+ )
+ system_data.last_modified_by_type = AAZStrType(
+ serialized_name="lastModifiedByType",
+ )
+
+ return cls._schema_on_200
+
+ class PolicyExemptionsListForResourceGroup(AAZHttpOperation):
+ CLIENT_TYPE = "MgmtClient"
+
+ def __call__(self, *args, **kwargs):
+ request = self.make_request()
+ session = self.client.send_request(request=request, stream=False, **kwargs)
+ if session.http_response.status_code in [200]:
+ return self.on_200(session)
+
+ return self.on_error(session.http_response)
+
+ @property
+ def url(self):
+ return self.client.format_url(
+ "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Authorization/policyExemptions",
+ **self.url_parameters
+ )
+
+ @property
+ def method(self):
+ return "GET"
+
+ @property
+ def error_format(self):
+ return "MgmtErrorFormat"
+
+ @property
+ def url_parameters(self):
+ parameters = {
+ **self.serialize_url_param(
+ "resourceGroupName", self.ctx.args.resource_group,
+ required=True,
+ ),
+ **self.serialize_url_param(
+ "subscriptionId", self.ctx.subscription_id,
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def query_parameters(self):
+ parameters = {
+ **self.serialize_query_param(
+ "$filter", self.ctx.args.filter,
+ ),
+ **self.serialize_query_param(
+ "api-version", "2022-07-01-preview",
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def header_parameters(self):
+ parameters = {
+ **self.serialize_header_param(
+ "Accept", "application/json",
+ ),
+ }
+ return parameters
+
+ def on_200(self, session):
+ data = self.deserialize_http_content(session)
+ self.ctx.set_var(
+ "instance",
+ data,
+ schema_builder=self._build_schema_on_200
+ )
+
+ _schema_on_200 = None
+
+ @classmethod
+ def _build_schema_on_200(cls):
+ if cls._schema_on_200 is not None:
+ return cls._schema_on_200
+
+ cls._schema_on_200 = AAZObjectType()
+
+ _schema_on_200 = cls._schema_on_200
+ _schema_on_200.next_link = AAZStrType(
+ serialized_name="nextLink",
+ flags={"read_only": True},
+ )
+ _schema_on_200.value = AAZListType()
+
+ value = cls._schema_on_200.value
+ value.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.value.Element
+ _element.id = AAZStrType(
+ flags={"read_only": True},
+ )
+ _element.name = AAZStrType(
+ flags={"read_only": True},
+ )
+ _element.properties = AAZObjectType(
+ flags={"required": True, "client_flatten": True},
+ )
+ _element.system_data = AAZObjectType(
+ serialized_name="systemData",
+ flags={"read_only": True},
+ )
+ _element.type = AAZStrType(
+ flags={"read_only": True},
+ )
+
+ properties = cls._schema_on_200.value.Element.properties
+ properties.assignment_scope_validation = AAZStrType(
+ serialized_name="assignmentScopeValidation",
+ )
+ properties.description = AAZStrType()
+ properties.display_name = AAZStrType(
+ serialized_name="displayName",
+ )
+ properties.exemption_category = AAZStrType(
+ serialized_name="exemptionCategory",
+ flags={"required": True},
+ )
+ properties.expires_on = AAZStrType(
+ serialized_name="expiresOn",
+ )
+ properties.metadata = AAZDictType()
+ properties.policy_assignment_id = AAZStrType(
+ serialized_name="policyAssignmentId",
+ flags={"required": True},
+ )
+ properties.policy_definition_reference_ids = AAZListType(
+ serialized_name="policyDefinitionReferenceIds",
+ )
+ properties.resource_selectors = AAZListType(
+ serialized_name="resourceSelectors",
+ )
+
+ metadata = cls._schema_on_200.value.Element.properties.metadata
+ metadata.Element = AAZAnyType()
+
+ policy_definition_reference_ids = cls._schema_on_200.value.Element.properties.policy_definition_reference_ids
+ policy_definition_reference_ids.Element = AAZStrType()
+
+ resource_selectors = cls._schema_on_200.value.Element.properties.resource_selectors
+ resource_selectors.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.value.Element.properties.resource_selectors.Element
+ _element.name = AAZStrType()
+ _element.selectors = AAZListType()
+
+ selectors = cls._schema_on_200.value.Element.properties.resource_selectors.Element.selectors
+ selectors.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.value.Element.properties.resource_selectors.Element.selectors.Element
+ _element["in"] = AAZListType()
+ _element.kind = AAZStrType()
+ _element.not_in = AAZListType(
+ serialized_name="notIn",
+ )
+
+ in_ = cls._schema_on_200.value.Element.properties.resource_selectors.Element.selectors.Element["in"]
+ in_.Element = AAZStrType()
+
+ not_in = cls._schema_on_200.value.Element.properties.resource_selectors.Element.selectors.Element.not_in
+ not_in.Element = AAZStrType()
+
+ system_data = cls._schema_on_200.value.Element.system_data
+ system_data.created_at = AAZStrType(
+ serialized_name="createdAt",
+ )
+ system_data.created_by = AAZStrType(
+ serialized_name="createdBy",
+ )
+ system_data.created_by_type = AAZStrType(
+ serialized_name="createdByType",
+ )
+ system_data.last_modified_at = AAZStrType(
+ serialized_name="lastModifiedAt",
+ )
+ system_data.last_modified_by = AAZStrType(
+ serialized_name="lastModifiedBy",
+ )
+ system_data.last_modified_by_type = AAZStrType(
+ serialized_name="lastModifiedByType",
+ )
+
+ return cls._schema_on_200
+
+
+class _ListHelper:
+ """Helper class for List"""
+
+
+__all__ = ["List"]
diff --git a/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/exemption/_list_untitled1.py b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/exemption/_list_untitled1.py
new file mode 100644
index 00000000000..98dd4203e73
--- /dev/null
+++ b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/exemption/_list_untitled1.py
@@ -0,0 +1,297 @@
+# --------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for license information.
+#
+# Code generated by aaz-dev-tools
+# --------------------------------------------------------------------------------------------
+
+# pylint: skip-file
+# flake8: noqa
+
+from azure.cli.core.aaz import *
+
+
+class ListUntitled1(AAZCommand):
+ """List operation retrieves the list of all policy exemptions associated with the specified resource in the given resource group and subscription that match the optional given $filter. Valid values for $filter are: 'atScope()', 'atExactScope()', 'excludeExpired()' or 'policyAssignmentId eq '{value}''. If $filter is not provided, the unfiltered list includes all policy exemptions associated with the resource, including those that apply directly or from all containing scopes, as well as any applied to resources contained within the resource. Three parameters plus the resource name are used to identify a specific resource. If the resource is not part of a parent resource (the more common case), the parent resource path should not be provided (or provided as ''). For example a web app could be specified as ({resourceProviderNamespace} == 'Microsoft.Web', {parentResourcePath} == '', {resourceType} == 'sites', {resourceName} == 'MyWebApp'). If the resource is part of a parent resource, then all parameters should be provided. For example a virtual machine DNS name could be specified as ({resourceProviderNamespace} == 'Microsoft.Compute', {parentResourcePath} == 'virtualMachines/MyVirtualMachine', {resourceType} == 'domainNames', {resourceName} == 'MyComputerName'). A convenient alternative to providing the namespace and type name separately is to provide both in the {resourceType} parameter, format: ({resourceProviderNamespace} == '', {parentResourcePath} == '', {resourceType} == 'Microsoft.Web/sites', {resourceName} == 'MyWebApp').
+ """
+
+ _aaz_info = {
+ "version": "2022-07-01-preview",
+ "resources": [
+ ["mgmt-plane", "/subscriptions/{}/resourcegroups/{}/providers/{}/{}/{}/{}/providers/microsoft.authorization/policyexemptions", "2022-07-01-preview"],
+ ]
+ }
+
+ AZ_SUPPORT_PAGINATION = True
+
+ def _handler(self, command_args):
+ super()._handler(command_args)
+ return self.build_paging(self._execute_operations, self._output)
+
+ _args_schema = None
+
+ @classmethod
+ def _build_arguments_schema(cls, *args, **kwargs):
+ if cls._args_schema is not None:
+ return cls._args_schema
+ cls._args_schema = super()._build_arguments_schema(*args, **kwargs)
+
+ # define Arg Group ""
+
+ _args_schema = cls._args_schema
+ _args_schema.parent_resource_path = AAZStrArg(
+ options=["--parent-resource-path"],
+ help="The parent resource path. Use empty string if there is none.",
+ required=True,
+ )
+ _args_schema.resource_group = AAZResourceGroupNameArg(
+ required=True,
+ )
+ _args_schema.resource_name = AAZStrArg(
+ options=["--resource-name"],
+ help="The name of the resource.",
+ required=True,
+ )
+ _args_schema.resource_provider_namespace = AAZStrArg(
+ options=["--resource-provider-namespace"],
+ help="The namespace of the resource provider. For example, the namespace of a virtual machine is Microsoft.Compute (from Microsoft.Compute/virtualMachines)",
+ required=True,
+ )
+ _args_schema.resource_type = AAZStrArg(
+ options=["--resource-type"],
+ help="The resource type name. For example the type name of a web app is 'sites' (from Microsoft.Web/sites).",
+ required=True,
+ )
+ _args_schema.filter = AAZStrArg(
+ options=["--filter"],
+ help="The filter to apply on the operation. Valid values for $filter are: 'atScope()', 'atExactScope()', 'excludeExpired()' or 'policyAssignmentId eq '{value}''. If $filter is not provided, no filtering is performed. If $filter is not provided, the unfiltered list includes all policy exemptions associated with the scope, including those that apply directly or apply from containing scopes. If $filter=atScope() is provided, the returned list only includes all policy exemptions that apply to the scope, which is everything in the unfiltered list except those applied to sub scopes contained within the given scope. If $filter=atExactScope() is provided, the returned list only includes all policy exemptions that at the given scope. If $filter=excludeExpired() is provided, the returned list only includes all policy exemptions that either haven't expired or didn't set expiration date. If $filter=policyAssignmentId eq '{value}' is provided. the returned list only includes all policy exemptions that are associated with the give policyAssignmentId.",
+ )
+ return cls._args_schema
+
+ def _execute_operations(self):
+ self.pre_operations()
+ self.PolicyExemptionsListForResource(ctx=self.ctx)()
+ self.post_operations()
+
+ @register_callback
+ def pre_operations(self):
+ pass
+
+ @register_callback
+ def post_operations(self):
+ pass
+
+ def _output(self, *args, **kwargs):
+ result = self.deserialize_output(self.ctx.vars.instance.value, client_flatten=True)
+ next_link = self.deserialize_output(self.ctx.vars.instance.next_link)
+ return result, next_link
+
+ class PolicyExemptionsListForResource(AAZHttpOperation):
+ CLIENT_TYPE = "MgmtClient"
+
+ def __call__(self, *args, **kwargs):
+ request = self.make_request()
+ session = self.client.send_request(request=request, stream=False, **kwargs)
+ if session.http_response.status_code in [200]:
+ return self.on_200(session)
+
+ return self.on_error(session.http_response)
+
+ @property
+ def url(self):
+ return self.client.format_url(
+ "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{parentResourcePath}/{resourceType}/{resourceName}/providers/Microsoft.Authorization/policyExemptions",
+ **self.url_parameters
+ )
+
+ @property
+ def method(self):
+ return "GET"
+
+ @property
+ def error_format(self):
+ return "MgmtErrorFormat"
+
+ @property
+ def url_parameters(self):
+ parameters = {
+ **self.serialize_url_param(
+ "parentResourcePath", self.ctx.args.parent_resource_path,
+ skip_quote=True,
+ required=True,
+ ),
+ **self.serialize_url_param(
+ "resourceGroupName", self.ctx.args.resource_group,
+ required=True,
+ ),
+ **self.serialize_url_param(
+ "resourceName", self.ctx.args.resource_name,
+ required=True,
+ ),
+ **self.serialize_url_param(
+ "resourceProviderNamespace", self.ctx.args.resource_provider_namespace,
+ required=True,
+ ),
+ **self.serialize_url_param(
+ "resourceType", self.ctx.args.resource_type,
+ skip_quote=True,
+ required=True,
+ ),
+ **self.serialize_url_param(
+ "subscriptionId", self.ctx.subscription_id,
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def query_parameters(self):
+ parameters = {
+ **self.serialize_query_param(
+ "$filter", self.ctx.args.filter,
+ ),
+ **self.serialize_query_param(
+ "api-version", "2022-07-01-preview",
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def header_parameters(self):
+ parameters = {
+ **self.serialize_header_param(
+ "Accept", "application/json",
+ ),
+ }
+ return parameters
+
+ def on_200(self, session):
+ data = self.deserialize_http_content(session)
+ self.ctx.set_var(
+ "instance",
+ data,
+ schema_builder=self._build_schema_on_200
+ )
+
+ _schema_on_200 = None
+
+ @classmethod
+ def _build_schema_on_200(cls):
+ if cls._schema_on_200 is not None:
+ return cls._schema_on_200
+
+ cls._schema_on_200 = AAZObjectType()
+
+ _schema_on_200 = cls._schema_on_200
+ _schema_on_200.next_link = AAZStrType(
+ serialized_name="nextLink",
+ flags={"read_only": True},
+ )
+ _schema_on_200.value = AAZListType()
+
+ value = cls._schema_on_200.value
+ value.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.value.Element
+ _element.id = AAZStrType(
+ flags={"read_only": True},
+ )
+ _element.name = AAZStrType(
+ flags={"read_only": True},
+ )
+ _element.properties = AAZObjectType(
+ flags={"required": True, "client_flatten": True},
+ )
+ _element.system_data = AAZObjectType(
+ serialized_name="systemData",
+ flags={"read_only": True},
+ )
+ _element.type = AAZStrType(
+ flags={"read_only": True},
+ )
+
+ properties = cls._schema_on_200.value.Element.properties
+ properties.assignment_scope_validation = AAZStrType(
+ serialized_name="assignmentScopeValidation",
+ )
+ properties.description = AAZStrType()
+ properties.display_name = AAZStrType(
+ serialized_name="displayName",
+ )
+ properties.exemption_category = AAZStrType(
+ serialized_name="exemptionCategory",
+ flags={"required": True},
+ )
+ properties.expires_on = AAZStrType(
+ serialized_name="expiresOn",
+ )
+ properties.metadata = AAZDictType()
+ properties.policy_assignment_id = AAZStrType(
+ serialized_name="policyAssignmentId",
+ flags={"required": True},
+ )
+ properties.policy_definition_reference_ids = AAZListType(
+ serialized_name="policyDefinitionReferenceIds",
+ )
+ properties.resource_selectors = AAZListType(
+ serialized_name="resourceSelectors",
+ )
+
+ metadata = cls._schema_on_200.value.Element.properties.metadata
+ metadata.Element = AAZAnyType()
+
+ policy_definition_reference_ids = cls._schema_on_200.value.Element.properties.policy_definition_reference_ids
+ policy_definition_reference_ids.Element = AAZStrType()
+
+ resource_selectors = cls._schema_on_200.value.Element.properties.resource_selectors
+ resource_selectors.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.value.Element.properties.resource_selectors.Element
+ _element.name = AAZStrType()
+ _element.selectors = AAZListType()
+
+ selectors = cls._schema_on_200.value.Element.properties.resource_selectors.Element.selectors
+ selectors.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.value.Element.properties.resource_selectors.Element.selectors.Element
+ _element["in"] = AAZListType()
+ _element.kind = AAZStrType()
+ _element.not_in = AAZListType(
+ serialized_name="notIn",
+ )
+
+ in_ = cls._schema_on_200.value.Element.properties.resource_selectors.Element.selectors.Element["in"]
+ in_.Element = AAZStrType()
+
+ not_in = cls._schema_on_200.value.Element.properties.resource_selectors.Element.selectors.Element.not_in
+ not_in.Element = AAZStrType()
+
+ system_data = cls._schema_on_200.value.Element.system_data
+ system_data.created_at = AAZStrType(
+ serialized_name="createdAt",
+ )
+ system_data.created_by = AAZStrType(
+ serialized_name="createdBy",
+ )
+ system_data.created_by_type = AAZStrType(
+ serialized_name="createdByType",
+ )
+ system_data.last_modified_at = AAZStrType(
+ serialized_name="lastModifiedAt",
+ )
+ system_data.last_modified_by = AAZStrType(
+ serialized_name="lastModifiedBy",
+ )
+ system_data.last_modified_by_type = AAZStrType(
+ serialized_name="lastModifiedByType",
+ )
+
+ return cls._schema_on_200
+
+
+class _ListUntitled1Helper:
+ """Helper class for ListUntitled1"""
+
+
+__all__ = ["ListUntitled1"]
diff --git a/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/exemption/_show.py b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/exemption/_show.py
new file mode 100644
index 00000000000..f03ff83a705
--- /dev/null
+++ b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/exemption/_show.py
@@ -0,0 +1,248 @@
+# --------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for license information.
+#
+# Code generated by aaz-dev-tools
+# --------------------------------------------------------------------------------------------
+
+# pylint: skip-file
+# flake8: noqa
+
+from azure.cli.core.aaz import *
+
+
+class Show(AAZCommand):
+ """Get operation retrieves a single policy exemption, given its name and the scope it was created at.
+ """
+
+ _aaz_info = {
+ "version": "2022-07-01-preview",
+ "resources": [
+ ["mgmt-plane", "/{scope}/providers/microsoft.authorization/policyexemptions/{}", "2022-07-01-preview"],
+ ]
+ }
+
+ def _handler(self, command_args):
+ super()._handler(command_args)
+ self._execute_operations()
+ return self._output()
+
+ _args_schema = None
+
+ @classmethod
+ def _build_arguments_schema(cls, *args, **kwargs):
+ if cls._args_schema is not None:
+ return cls._args_schema
+ cls._args_schema = super()._build_arguments_schema(*args, **kwargs)
+
+ # define Arg Group ""
+
+ _args_schema = cls._args_schema
+ _args_schema.name = AAZStrArg(
+ options=["-n", "--name"],
+ help="The name of the policy exemption to delete.",
+ required=True,
+ )
+ _args_schema.scope = AAZStrArg(
+ options=["--scope"],
+ help="The scope of the policy exemption. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'",
+ required=True,
+ )
+ return cls._args_schema
+
+ def _execute_operations(self):
+ self.pre_operations()
+ self.PolicyExemptionsGet(ctx=self.ctx)()
+ self.post_operations()
+
+ @register_callback
+ def pre_operations(self):
+ pass
+
+ @register_callback
+ def post_operations(self):
+ pass
+
+ def _output(self, *args, **kwargs):
+ result = self.deserialize_output(self.ctx.vars.instance, client_flatten=True)
+ return result
+
+ class PolicyExemptionsGet(AAZHttpOperation):
+ CLIENT_TYPE = "MgmtClient"
+
+ def __call__(self, *args, **kwargs):
+ request = self.make_request()
+ session = self.client.send_request(request=request, stream=False, **kwargs)
+ if session.http_response.status_code in [200]:
+ return self.on_200(session)
+
+ return self.on_error(session.http_response)
+
+ @property
+ def url(self):
+ return self.client.format_url(
+ "/{scope}/providers/Microsoft.Authorization/policyExemptions/{policyExemptionName}",
+ **self.url_parameters
+ )
+
+ @property
+ def method(self):
+ return "GET"
+
+ @property
+ def error_format(self):
+ return "MgmtErrorFormat"
+
+ @property
+ def url_parameters(self):
+ parameters = {
+ **self.serialize_url_param(
+ "policyExemptionName", self.ctx.args.name,
+ required=True,
+ ),
+ **self.serialize_url_param(
+ "scope", self.ctx.args.scope,
+ skip_quote=True,
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def query_parameters(self):
+ parameters = {
+ **self.serialize_query_param(
+ "api-version", "2022-07-01-preview",
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def header_parameters(self):
+ parameters = {
+ **self.serialize_header_param(
+ "Accept", "application/json",
+ ),
+ }
+ return parameters
+
+ def on_200(self, session):
+ data = self.deserialize_http_content(session)
+ self.ctx.set_var(
+ "instance",
+ data,
+ schema_builder=self._build_schema_on_200
+ )
+
+ _schema_on_200 = None
+
+ @classmethod
+ def _build_schema_on_200(cls):
+ if cls._schema_on_200 is not None:
+ return cls._schema_on_200
+
+ cls._schema_on_200 = AAZObjectType()
+
+ _schema_on_200 = cls._schema_on_200
+ _schema_on_200.id = AAZStrType(
+ flags={"read_only": True},
+ )
+ _schema_on_200.name = AAZStrType(
+ flags={"read_only": True},
+ )
+ _schema_on_200.properties = AAZObjectType(
+ flags={"required": True, "client_flatten": True},
+ )
+ _schema_on_200.system_data = AAZObjectType(
+ serialized_name="systemData",
+ flags={"read_only": True},
+ )
+ _schema_on_200.type = AAZStrType(
+ flags={"read_only": True},
+ )
+
+ properties = cls._schema_on_200.properties
+ properties.assignment_scope_validation = AAZStrType(
+ serialized_name="assignmentScopeValidation",
+ )
+ properties.description = AAZStrType()
+ properties.display_name = AAZStrType(
+ serialized_name="displayName",
+ )
+ properties.exemption_category = AAZStrType(
+ serialized_name="exemptionCategory",
+ flags={"required": True},
+ )
+ properties.expires_on = AAZStrType(
+ serialized_name="expiresOn",
+ )
+ properties.metadata = AAZDictType()
+ properties.policy_assignment_id = AAZStrType(
+ serialized_name="policyAssignmentId",
+ flags={"required": True},
+ )
+ properties.policy_definition_reference_ids = AAZListType(
+ serialized_name="policyDefinitionReferenceIds",
+ )
+ properties.resource_selectors = AAZListType(
+ serialized_name="resourceSelectors",
+ )
+
+ metadata = cls._schema_on_200.properties.metadata
+ metadata.Element = AAZAnyType()
+
+ policy_definition_reference_ids = cls._schema_on_200.properties.policy_definition_reference_ids
+ policy_definition_reference_ids.Element = AAZStrType()
+
+ resource_selectors = cls._schema_on_200.properties.resource_selectors
+ resource_selectors.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.properties.resource_selectors.Element
+ _element.name = AAZStrType()
+ _element.selectors = AAZListType()
+
+ selectors = cls._schema_on_200.properties.resource_selectors.Element.selectors
+ selectors.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.properties.resource_selectors.Element.selectors.Element
+ _element["in"] = AAZListType()
+ _element.kind = AAZStrType()
+ _element.not_in = AAZListType(
+ serialized_name="notIn",
+ )
+
+ in_ = cls._schema_on_200.properties.resource_selectors.Element.selectors.Element["in"]
+ in_.Element = AAZStrType()
+
+ not_in = cls._schema_on_200.properties.resource_selectors.Element.selectors.Element.not_in
+ not_in.Element = AAZStrType()
+
+ system_data = cls._schema_on_200.system_data
+ system_data.created_at = AAZStrType(
+ serialized_name="createdAt",
+ )
+ system_data.created_by = AAZStrType(
+ serialized_name="createdBy",
+ )
+ system_data.created_by_type = AAZStrType(
+ serialized_name="createdByType",
+ )
+ system_data.last_modified_at = AAZStrType(
+ serialized_name="lastModifiedAt",
+ )
+ system_data.last_modified_by = AAZStrType(
+ serialized_name="lastModifiedBy",
+ )
+ system_data.last_modified_by_type = AAZStrType(
+ serialized_name="lastModifiedByType",
+ )
+
+ return cls._schema_on_200
+
+
+class _ShowHelper:
+ """Helper class for Show"""
+
+
+__all__ = ["Show"]
diff --git a/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/exemption/_update.py b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/exemption/_update.py
new file mode 100644
index 00000000000..3f141d22038
--- /dev/null
+++ b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/exemption/_update.py
@@ -0,0 +1,564 @@
+# --------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for license information.
+#
+# Code generated by aaz-dev-tools
+# --------------------------------------------------------------------------------------------
+
+# pylint: skip-file
+# flake8: noqa
+
+from azure.cli.core.aaz import *
+
+
+class Update(AAZCommand):
+ """Update This operation creates or updates a policy exemption with the given scope and name. Policy exemptions apply to all resources contained within their scope. For example, when you create a policy exemption at resource group scope for a policy assignment at the same or above level, the exemption exempts to all applicable resources in the resource group.
+ """
+
+ _aaz_info = {
+ "version": "2022-07-01-preview",
+ "resources": [
+ ["mgmt-plane", "/{scope}/providers/microsoft.authorization/policyexemptions/{}", "2022-07-01-preview"],
+ ]
+ }
+
+ AZ_SUPPORT_GENERIC_UPDATE = True
+
+ def _handler(self, command_args):
+ super()._handler(command_args)
+ self._execute_operations()
+ return self._output()
+
+ _args_schema = None
+
+ @classmethod
+ def _build_arguments_schema(cls, *args, **kwargs):
+ if cls._args_schema is not None:
+ return cls._args_schema
+ cls._args_schema = super()._build_arguments_schema(*args, **kwargs)
+
+ # define Arg Group ""
+
+ _args_schema = cls._args_schema
+ _args_schema.name = AAZStrArg(
+ options=["-n", "--name"],
+ help="The name of the policy exemption to delete.",
+ required=True,
+ )
+ _args_schema.scope = AAZStrArg(
+ options=["--scope"],
+ help="The scope of the policy exemption. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'",
+ required=True,
+ )
+
+ # define Arg Group "Properties"
+
+ _args_schema = cls._args_schema
+ _args_schema.assignment_scope_validation = AAZStrArg(
+ options=["--assignment-scope-validation"],
+ arg_group="Properties",
+ help="The option whether validate the exemption is at or under the assignment scope.",
+ nullable=True,
+ enum={"Default": "Default", "DoNotValidate": "DoNotValidate"},
+ )
+ _args_schema.description = AAZStrArg(
+ options=["--description"],
+ arg_group="Properties",
+ help="The description of the policy exemption.",
+ nullable=True,
+ )
+ _args_schema.display_name = AAZStrArg(
+ options=["--display-name"],
+ arg_group="Properties",
+ help="The display name of the policy exemption.",
+ nullable=True,
+ )
+ _args_schema.exemption_category = AAZStrArg(
+ options=["-e", "--exemption-category"],
+ arg_group="Properties",
+ help="The policy exemption category. Possible values are Waiver and Mitigated.",
+ enum={"Mitigated": "Mitigated", "Waiver": "Waiver"},
+ )
+ _args_schema.expires_on = AAZDateTimeArg(
+ options=["--expires-on"],
+ arg_group="Properties",
+ help="The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption.",
+ nullable=True,
+ )
+ _args_schema.metadata = AAZDictArg(
+ options=["--metadata"],
+ arg_group="Properties",
+ help="The policy exemption metadata. Metadata is an open ended object and is typically a collection of key value pairs.",
+ nullable=True,
+ )
+ _args_schema.policy_assignment = AAZStrArg(
+ options=["-a", "--policy-assignment"],
+ arg_group="Properties",
+ help="The ID of the policy assignment that is being exempted.",
+ )
+ _args_schema.policy_definition_reference_ids = AAZListArg(
+ options=["-r", "--policy-definition-reference-ids"],
+ arg_group="Properties",
+ help="The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition.",
+ nullable=True,
+ )
+ _args_schema.resource_selectors = AAZListArg(
+ options=["--resource-selectors"],
+ arg_group="Properties",
+ help="The resource selector list to filter policies by resource properties.",
+ nullable=True,
+ )
+
+ metadata = cls._args_schema.metadata
+ metadata.Element = AAZAnyTypeArg(
+ nullable=True,
+ )
+
+ policy_definition_reference_ids = cls._args_schema.policy_definition_reference_ids
+ policy_definition_reference_ids.Element = AAZStrArg(
+ nullable=True,
+ )
+
+ resource_selectors = cls._args_schema.resource_selectors
+ resource_selectors.Element = AAZObjectArg(
+ nullable=True,
+ )
+
+ _element = cls._args_schema.resource_selectors.Element
+ _element.name = AAZStrArg(
+ options=["name"],
+ help="The name of the resource selector.",
+ nullable=True,
+ )
+ _element.selectors = AAZListArg(
+ options=["selectors"],
+ help="The list of the selector expressions.",
+ nullable=True,
+ )
+
+ selectors = cls._args_schema.resource_selectors.Element.selectors
+ selectors.Element = AAZObjectArg(
+ nullable=True,
+ )
+
+ _element = cls._args_schema.resource_selectors.Element.selectors.Element
+ _element.in_ = AAZListArg(
+ options=["in"],
+ help="The list of values to filter in.",
+ nullable=True,
+ )
+ _element.kind = AAZStrArg(
+ options=["kind"],
+ help="The selector kind.",
+ nullable=True,
+ enum={"policyDefinitionReferenceId": "policyDefinitionReferenceId", "resourceLocation": "resourceLocation", "resourceType": "resourceType", "resourceWithoutLocation": "resourceWithoutLocation"},
+ )
+ _element.not_in = AAZListArg(
+ options=["not-in"],
+ help="The list of values to filter out.",
+ nullable=True,
+ )
+
+ in_ = cls._args_schema.resource_selectors.Element.selectors.Element.in_
+ in_.Element = AAZStrArg(
+ nullable=True,
+ )
+
+ not_in = cls._args_schema.resource_selectors.Element.selectors.Element.not_in
+ not_in.Element = AAZStrArg(
+ nullable=True,
+ )
+ return cls._args_schema
+
+ def _execute_operations(self):
+ self.pre_operations()
+ self.PolicyExemptionsGet(ctx=self.ctx)()
+ self.pre_instance_update(self.ctx.vars.instance)
+ self.InstanceUpdateByJson(ctx=self.ctx)()
+ self.InstanceUpdateByGeneric(ctx=self.ctx)()
+ self.post_instance_update(self.ctx.vars.instance)
+ self.PolicyExemptionsCreateOrUpdate(ctx=self.ctx)()
+ self.post_operations()
+
+ @register_callback
+ def pre_operations(self):
+ pass
+
+ @register_callback
+ def post_operations(self):
+ pass
+
+ @register_callback
+ def pre_instance_update(self, instance):
+ pass
+
+ @register_callback
+ def post_instance_update(self, instance):
+ pass
+
+ def _output(self, *args, **kwargs):
+ result = self.deserialize_output(self.ctx.vars.instance, client_flatten=True)
+ return result
+
+ class PolicyExemptionsGet(AAZHttpOperation):
+ CLIENT_TYPE = "MgmtClient"
+
+ def __call__(self, *args, **kwargs):
+ request = self.make_request()
+ session = self.client.send_request(request=request, stream=False, **kwargs)
+ if session.http_response.status_code in [200]:
+ return self.on_200(session)
+
+ return self.on_error(session.http_response)
+
+ @property
+ def url(self):
+ return self.client.format_url(
+ "/{scope}/providers/Microsoft.Authorization/policyExemptions/{policyExemptionName}",
+ **self.url_parameters
+ )
+
+ @property
+ def method(self):
+ return "GET"
+
+ @property
+ def error_format(self):
+ return "MgmtErrorFormat"
+
+ @property
+ def url_parameters(self):
+ parameters = {
+ **self.serialize_url_param(
+ "policyExemptionName", self.ctx.args.name,
+ required=True,
+ ),
+ **self.serialize_url_param(
+ "scope", self.ctx.args.scope,
+ skip_quote=True,
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def query_parameters(self):
+ parameters = {
+ **self.serialize_query_param(
+ "api-version", "2022-07-01-preview",
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def header_parameters(self):
+ parameters = {
+ **self.serialize_header_param(
+ "Accept", "application/json",
+ ),
+ }
+ return parameters
+
+ def on_200(self, session):
+ data = self.deserialize_http_content(session)
+ self.ctx.set_var(
+ "instance",
+ data,
+ schema_builder=self._build_schema_on_200
+ )
+
+ _schema_on_200 = None
+
+ @classmethod
+ def _build_schema_on_200(cls):
+ if cls._schema_on_200 is not None:
+ return cls._schema_on_200
+
+ cls._schema_on_200 = AAZObjectType()
+ _UpdateHelper._build_schema_policy_exemption_read(cls._schema_on_200)
+
+ return cls._schema_on_200
+
+ class PolicyExemptionsCreateOrUpdate(AAZHttpOperation):
+ CLIENT_TYPE = "MgmtClient"
+
+ def __call__(self, *args, **kwargs):
+ request = self.make_request()
+ session = self.client.send_request(request=request, stream=False, **kwargs)
+ if session.http_response.status_code in [200, 201]:
+ return self.on_200_201(session)
+
+ return self.on_error(session.http_response)
+
+ @property
+ def url(self):
+ return self.client.format_url(
+ "/{scope}/providers/Microsoft.Authorization/policyExemptions/{policyExemptionName}",
+ **self.url_parameters
+ )
+
+ @property
+ def method(self):
+ return "PUT"
+
+ @property
+ def error_format(self):
+ return "MgmtErrorFormat"
+
+ @property
+ def url_parameters(self):
+ parameters = {
+ **self.serialize_url_param(
+ "policyExemptionName", self.ctx.args.name,
+ required=True,
+ ),
+ **self.serialize_url_param(
+ "scope", self.ctx.args.scope,
+ skip_quote=True,
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def query_parameters(self):
+ parameters = {
+ **self.serialize_query_param(
+ "api-version", "2022-07-01-preview",
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def header_parameters(self):
+ parameters = {
+ **self.serialize_header_param(
+ "Content-Type", "application/json",
+ ),
+ **self.serialize_header_param(
+ "Accept", "application/json",
+ ),
+ }
+ return parameters
+
+ @property
+ def content(self):
+ _content_value, _builder = self.new_content_builder(
+ self.ctx.args,
+ value=self.ctx.vars.instance,
+ )
+
+ return self.serialize_content(_content_value)
+
+ def on_200_201(self, session):
+ data = self.deserialize_http_content(session)
+ self.ctx.set_var(
+ "instance",
+ data,
+ schema_builder=self._build_schema_on_200_201
+ )
+
+ _schema_on_200_201 = None
+
+ @classmethod
+ def _build_schema_on_200_201(cls):
+ if cls._schema_on_200_201 is not None:
+ return cls._schema_on_200_201
+
+ cls._schema_on_200_201 = AAZObjectType()
+ _UpdateHelper._build_schema_policy_exemption_read(cls._schema_on_200_201)
+
+ return cls._schema_on_200_201
+
+ class InstanceUpdateByJson(AAZJsonInstanceUpdateOperation):
+
+ def __call__(self, *args, **kwargs):
+ self._update_instance(self.ctx.vars.instance)
+
+ def _update_instance(self, instance):
+ _instance_value, _builder = self.new_content_builder(
+ self.ctx.args,
+ value=instance,
+ typ=AAZObjectType
+ )
+ _builder.set_prop("properties", AAZObjectType, ".", typ_kwargs={"flags": {"required": True, "client_flatten": True}})
+
+ properties = _builder.get(".properties")
+ if properties is not None:
+ properties.set_prop("assignmentScopeValidation", AAZStrType, ".assignment_scope_validation")
+ properties.set_prop("description", AAZStrType, ".description")
+ properties.set_prop("displayName", AAZStrType, ".display_name")
+ properties.set_prop("exemptionCategory", AAZStrType, ".exemption_category", typ_kwargs={"flags": {"required": True}})
+ properties.set_prop("expiresOn", AAZStrType, ".expires_on")
+ properties.set_prop("metadata", AAZDictType, ".metadata")
+ properties.set_prop("policyAssignmentId", AAZStrType, ".policy_assignment", typ_kwargs={"flags": {"required": True}})
+ properties.set_prop("policyDefinitionReferenceIds", AAZListType, ".policy_definition_reference_ids")
+ properties.set_prop("resourceSelectors", AAZListType, ".resource_selectors")
+
+ metadata = _builder.get(".properties.metadata")
+ if metadata is not None:
+ metadata.set_elements(AAZAnyType, ".")
+
+ policy_definition_reference_ids = _builder.get(".properties.policyDefinitionReferenceIds")
+ if policy_definition_reference_ids is not None:
+ policy_definition_reference_ids.set_elements(AAZStrType, ".")
+
+ resource_selectors = _builder.get(".properties.resourceSelectors")
+ if resource_selectors is not None:
+ resource_selectors.set_elements(AAZObjectType, ".")
+
+ _elements = _builder.get(".properties.resourceSelectors[]")
+ if _elements is not None:
+ _elements.set_prop("name", AAZStrType, ".name")
+ _elements.set_prop("selectors", AAZListType, ".selectors")
+
+ selectors = _builder.get(".properties.resourceSelectors[].selectors")
+ if selectors is not None:
+ selectors.set_elements(AAZObjectType, ".")
+
+ _elements = _builder.get(".properties.resourceSelectors[].selectors[]")
+ if _elements is not None:
+ _elements.set_prop("in", AAZListType, ".in_")
+ _elements.set_prop("kind", AAZStrType, ".kind")
+ _elements.set_prop("notIn", AAZListType, ".not_in")
+
+ in_ = _builder.get(".properties.resourceSelectors[].selectors[].in")
+ if in_ is not None:
+ in_.set_elements(AAZStrType, ".")
+
+ not_in = _builder.get(".properties.resourceSelectors[].selectors[].notIn")
+ if not_in is not None:
+ not_in.set_elements(AAZStrType, ".")
+
+ return _instance_value
+
+ class InstanceUpdateByGeneric(AAZGenericInstanceUpdateOperation):
+
+ def __call__(self, *args, **kwargs):
+ self._update_instance_by_generic(
+ self.ctx.vars.instance,
+ self.ctx.generic_update_args
+ )
+
+
+class _UpdateHelper:
+ """Helper class for Update"""
+
+ _schema_policy_exemption_read = None
+
+ @classmethod
+ def _build_schema_policy_exemption_read(cls, _schema):
+ if cls._schema_policy_exemption_read is not None:
+ _schema.id = cls._schema_policy_exemption_read.id
+ _schema.name = cls._schema_policy_exemption_read.name
+ _schema.properties = cls._schema_policy_exemption_read.properties
+ _schema.system_data = cls._schema_policy_exemption_read.system_data
+ _schema.type = cls._schema_policy_exemption_read.type
+ return
+
+ cls._schema_policy_exemption_read = _schema_policy_exemption_read = AAZObjectType()
+
+ policy_exemption_read = _schema_policy_exemption_read
+ policy_exemption_read.id = AAZStrType(
+ flags={"read_only": True},
+ )
+ policy_exemption_read.name = AAZStrType(
+ flags={"read_only": True},
+ )
+ policy_exemption_read.properties = AAZObjectType(
+ flags={"required": True, "client_flatten": True},
+ )
+ policy_exemption_read.system_data = AAZObjectType(
+ serialized_name="systemData",
+ flags={"read_only": True},
+ )
+ policy_exemption_read.type = AAZStrType(
+ flags={"read_only": True},
+ )
+
+ properties = _schema_policy_exemption_read.properties
+ properties.assignment_scope_validation = AAZStrType(
+ serialized_name="assignmentScopeValidation",
+ )
+ properties.description = AAZStrType()
+ properties.display_name = AAZStrType(
+ serialized_name="displayName",
+ )
+ properties.exemption_category = AAZStrType(
+ serialized_name="exemptionCategory",
+ flags={"required": True},
+ )
+ properties.expires_on = AAZStrType(
+ serialized_name="expiresOn",
+ )
+ properties.metadata = AAZDictType()
+ properties.policy_assignment_id = AAZStrType(
+ serialized_name="policyAssignmentId",
+ flags={"required": True},
+ )
+ properties.policy_definition_reference_ids = AAZListType(
+ serialized_name="policyDefinitionReferenceIds",
+ )
+ properties.resource_selectors = AAZListType(
+ serialized_name="resourceSelectors",
+ )
+
+ metadata = _schema_policy_exemption_read.properties.metadata
+ metadata.Element = AAZAnyType()
+
+ policy_definition_reference_ids = _schema_policy_exemption_read.properties.policy_definition_reference_ids
+ policy_definition_reference_ids.Element = AAZStrType()
+
+ resource_selectors = _schema_policy_exemption_read.properties.resource_selectors
+ resource_selectors.Element = AAZObjectType()
+
+ _element = _schema_policy_exemption_read.properties.resource_selectors.Element
+ _element.name = AAZStrType()
+ _element.selectors = AAZListType()
+
+ selectors = _schema_policy_exemption_read.properties.resource_selectors.Element.selectors
+ selectors.Element = AAZObjectType()
+
+ _element = _schema_policy_exemption_read.properties.resource_selectors.Element.selectors.Element
+ _element["in"] = AAZListType()
+ _element.kind = AAZStrType()
+ _element.not_in = AAZListType(
+ serialized_name="notIn",
+ )
+
+ in_ = _schema_policy_exemption_read.properties.resource_selectors.Element.selectors.Element["in"]
+ in_.Element = AAZStrType()
+
+ not_in = _schema_policy_exemption_read.properties.resource_selectors.Element.selectors.Element.not_in
+ not_in.Element = AAZStrType()
+
+ system_data = _schema_policy_exemption_read.system_data
+ system_data.created_at = AAZStrType(
+ serialized_name="createdAt",
+ )
+ system_data.created_by = AAZStrType(
+ serialized_name="createdBy",
+ )
+ system_data.created_by_type = AAZStrType(
+ serialized_name="createdByType",
+ )
+ system_data.last_modified_at = AAZStrType(
+ serialized_name="lastModifiedAt",
+ )
+ system_data.last_modified_by = AAZStrType(
+ serialized_name="lastModifiedBy",
+ )
+ system_data.last_modified_by_type = AAZStrType(
+ serialized_name="lastModifiedByType",
+ )
+
+ _schema.id = cls._schema_policy_exemption_read.id
+ _schema.name = cls._schema_policy_exemption_read.name
+ _schema.properties = cls._schema_policy_exemption_read.properties
+ _schema.system_data = cls._schema_policy_exemption_read.system_data
+ _schema.type = cls._schema_policy_exemption_read.type
+
+
+__all__ = ["Update"]
diff --git a/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/set_definition/__cmd_group.py b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/set_definition/__cmd_group.py
new file mode 100644
index 00000000000..a8c260b2fa9
--- /dev/null
+++ b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/set_definition/__cmd_group.py
@@ -0,0 +1,22 @@
+# --------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for license information.
+#
+# Code generated by aaz-dev-tools
+# --------------------------------------------------------------------------------------------
+
+# pylint: skip-file
+# flake8: noqa
+
+from azure.cli.core.aaz import *
+
+
+class __CMDGroup(AAZCommandGroup):
+ """Manage policy set definitions.
+
+ Manage policy set definitions, which are collections of policy definitions.
+ """
+ pass
+
+
+__all__ = ["__CMDGroup"]
diff --git a/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/set_definition/__init__.py b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/set_definition/__init__.py
new file mode 100644
index 00000000000..97725175fae
--- /dev/null
+++ b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/set_definition/__init__.py
@@ -0,0 +1,17 @@
+# --------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for license information.
+#
+# Code generated by aaz-dev-tools
+# --------------------------------------------------------------------------------------------
+
+# pylint: skip-file
+# flake8: noqa
+
+from .__cmd_group import *
+from ._create import *
+from ._delete import *
+from ._list import *
+from ._show import *
+from ._show_untitled1 import *
+from ._update import *
diff --git a/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/set_definition/_create.py b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/set_definition/_create.py
new file mode 100644
index 00000000000..f0a1c796a7e
--- /dev/null
+++ b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/set_definition/_create.py
@@ -0,0 +1,898 @@
+# --------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for license information.
+#
+# Code generated by aaz-dev-tools
+# --------------------------------------------------------------------------------------------
+
+# pylint: skip-file
+# flake8: noqa
+
+from azure.cli.core.aaz import *
+
+
+class Create(AAZCommand):
+ """Create operation creates or updates a policy set definition in the given management group with the given name.
+ """
+
+ _aaz_info = {
+ "version": "2024-05-01",
+ "resources": [
+ ["mgmt-plane", "/providers/microsoft.management/managementgroups/{}/providers/microsoft.authorization/policysetdefinitions/{}", "2024-05-01"],
+ ["mgmt-plane", "/subscriptions/{}/providers/microsoft.authorization/policysetdefinitions/{}", "2024-05-01"],
+ ]
+ }
+
+ def _handler(self, command_args):
+ super()._handler(command_args)
+ self._execute_operations()
+ return self._output()
+
+ _args_schema = None
+
+ @classmethod
+ def _build_arguments_schema(cls, *args, **kwargs):
+ if cls._args_schema is not None:
+ return cls._args_schema
+ cls._args_schema = super()._build_arguments_schema(*args, **kwargs)
+
+ # define Arg Group ""
+
+ _args_schema = cls._args_schema
+ _args_schema.management_group = AAZStrArg(
+ options=["--management-group"],
+ help="The ID of the management group.",
+ )
+ _args_schema.name = AAZStrArg(
+ options=["-n", "--name"],
+ help="The name of the policy set definition to create.",
+ required=True,
+ fmt=AAZStrArgFormat(
+ pattern="^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$",
+ ),
+ )
+ _args_schema.expand = AAZStrArg(
+ options=["--expand"],
+ help="Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'.",
+ )
+
+ # define Arg Group "Properties"
+
+ _args_schema = cls._args_schema
+ _args_schema.description = AAZStrArg(
+ options=["--description"],
+ arg_group="Properties",
+ help="The policy set definition description.",
+ )
+ _args_schema.display_name = AAZStrArg(
+ options=["--display-name"],
+ arg_group="Properties",
+ help="The display name of the policy set definition.",
+ )
+ _args_schema.metadata = AAZDictArg(
+ options=["--metadata"],
+ arg_group="Properties",
+ help="The policy set definition metadata. Metadata is an open ended object and is typically a collection of key value pairs.",
+ )
+ _args_schema.params = AAZDictArg(
+ options=["-p", "--params"],
+ arg_group="Properties",
+ help="The parameter definitions for parameters used in the policy rule. The keys are the parameter names.",
+ )
+ _args_schema.definition_groups = AAZListArg(
+ options=["--definition-groups"],
+ arg_group="Properties",
+ help="The metadata describing groups of policy definition references within the policy set definition.",
+ )
+ _args_schema.definitions = AAZListArg(
+ options=["--definitions"],
+ arg_group="Properties",
+ help="An array of policy definition references.",
+ )
+ _args_schema.version = AAZStrArg(
+ options=["--version"],
+ arg_group="Properties",
+ help="The policy set definition version in #.#.# format.",
+ )
+ _args_schema.versions = AAZListArg(
+ options=["--versions"],
+ arg_group="Properties",
+ help="A list of available versions for this policy set definition.",
+ )
+
+ metadata = cls._args_schema.metadata
+ metadata.Element = AAZAnyTypeArg()
+
+ params = cls._args_schema.params
+ params.Element = AAZObjectArg()
+
+ _element = cls._args_schema.params.Element
+ _element.allowed_values = AAZListArg(
+ options=["allowed-values"],
+ help="The allowed values for the parameter.",
+ )
+ _element.default_value = AAZDictArg(
+ options=["default-value"],
+ help="The default value for the parameter if no value is provided.",
+ )
+ _element.metadata = AAZFreeFormDictArg(
+ options=["metadata"],
+ help="General metadata for the parameter.",
+ )
+ _element.schema = AAZDictArg(
+ options=["schema"],
+ help="Provides validation of parameter inputs during assignment using a self-defined JSON schema. This property is only supported for object-type parameters and follows the Json.NET Schema 2019-09 implementation. You can learn more about using schemas at https://json-schema.org/ and test draft schemas at https://www.jsonschemavalidator.net/.",
+ )
+ _element.type = AAZStrArg(
+ options=["type"],
+ help="The data type of the parameter.",
+ enum={"Array": "Array", "Boolean": "Boolean", "DateTime": "DateTime", "Float": "Float", "Integer": "Integer", "Object": "Object", "String": "String"},
+ )
+
+ allowed_values = cls._args_schema.params.Element.allowed_values
+ allowed_values.Element = AAZDictArg()
+
+ _element = cls._args_schema.params.Element.allowed_values.Element
+ _element.Element = AAZAnyTypeArg()
+
+ default_value = cls._args_schema.params.Element.default_value
+ default_value.Element = AAZAnyTypeArg()
+
+ schema = cls._args_schema.params.Element.schema
+ schema.Element = AAZAnyTypeArg()
+
+ definition_groups = cls._args_schema.definition_groups
+ definition_groups.Element = AAZObjectArg()
+
+ _element = cls._args_schema.definition_groups.Element
+ _element.additional_metadata_id = AAZStrArg(
+ options=["additional-metadata-id"],
+ help="A resource ID of a resource that contains additional metadata about the group.",
+ )
+ _element.category = AAZStrArg(
+ options=["category"],
+ help="The group's category.",
+ )
+ _element.description = AAZStrArg(
+ options=["description"],
+ help="The group's description.",
+ )
+ _element.display_name = AAZStrArg(
+ options=["display-name"],
+ help="The group's display name.",
+ )
+ _element.name = AAZStrArg(
+ options=["name"],
+ help="The name of the group.",
+ required=True,
+ )
+
+ definitions = cls._args_schema.definitions
+ definitions.Element = AAZObjectArg()
+
+ _element = cls._args_schema.definitions.Element
+ _element.definition_version = AAZStrArg(
+ options=["definition-version"],
+ help="The version of the policy definition to use.",
+ )
+ _element.group_names = AAZListArg(
+ options=["group-names"],
+ help="The name of the groups that this policy definition reference belongs to.",
+ )
+ _element.parameters = AAZDictArg(
+ options=["parameters"],
+ help="The parameter values for the referenced policy rule. The keys are the parameter names.",
+ )
+ _element.policy_definition_id = AAZStrArg(
+ options=["policy-definition-id"],
+ help="The ID of the policy definition or policy set definition.",
+ required=True,
+ )
+ _element.policy_definition_reference_id = AAZStrArg(
+ options=["policy-definition-reference-id"],
+ help="A unique id (within the policy set definition) for this policy definition reference.",
+ )
+
+ group_names = cls._args_schema.definitions.Element.group_names
+ group_names.Element = AAZStrArg()
+
+ parameters = cls._args_schema.definitions.Element.parameters
+ parameters.Element = AAZObjectArg()
+
+ _element = cls._args_schema.definitions.Element.parameters.Element
+ _element.value = AAZDictArg(
+ options=["value"],
+ help="The value of the parameter.",
+ )
+
+ value = cls._args_schema.definitions.Element.parameters.Element.value
+ value.Element = AAZAnyTypeArg()
+
+ versions = cls._args_schema.versions
+ versions.Element = AAZStrArg()
+ return cls._args_schema
+
+ def _execute_operations(self):
+ self.pre_operations()
+ condition_0 = has_value(self.ctx.args.management_group) and has_value(self.ctx.args.name)
+ condition_1 = has_value(self.ctx.args.name) and has_value(self.ctx.subscription_id)
+ if condition_0:
+ self.PolicySetDefinitionsCreateOrUpdateAtManagementGroup(ctx=self.ctx)()
+ if condition_1:
+ self.PolicySetDefinitionsCreateOrUpdate(ctx=self.ctx)()
+ self.post_operations()
+
+ @register_callback
+ def pre_operations(self):
+ pass
+
+ @register_callback
+ def post_operations(self):
+ pass
+
+ def _output(self, *args, **kwargs):
+ result = self.deserialize_output(self.ctx.vars.instance, client_flatten=True)
+ return result
+
+ class PolicySetDefinitionsCreateOrUpdateAtManagementGroup(AAZHttpOperation):
+ CLIENT_TYPE = "MgmtClient"
+
+ def __call__(self, *args, **kwargs):
+ request = self.make_request()
+ session = self.client.send_request(request=request, stream=False, **kwargs)
+ if session.http_response.status_code in [200, 201]:
+ return self.on_200_201(session)
+
+ return self.on_error(session.http_response)
+
+ @property
+ def url(self):
+ return self.client.format_url(
+ "/providers/Microsoft.Management/managementGroups/{managementGroupId}/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}",
+ **self.url_parameters
+ )
+
+ @property
+ def method(self):
+ return "PUT"
+
+ @property
+ def error_format(self):
+ return "MgmtErrorFormat"
+
+ @property
+ def url_parameters(self):
+ parameters = {
+ **self.serialize_url_param(
+ "managementGroupId", self.ctx.args.management_group,
+ required=True,
+ ),
+ **self.serialize_url_param(
+ "policySetDefinitionName", self.ctx.args.name,
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def query_parameters(self):
+ parameters = {
+ **self.serialize_query_param(
+ "api-version", "2024-05-01",
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def header_parameters(self):
+ parameters = {
+ **self.serialize_header_param(
+ "Content-Type", "application/json",
+ ),
+ **self.serialize_header_param(
+ "Accept", "application/json",
+ ),
+ }
+ return parameters
+
+ @property
+ def content(self):
+ _content_value, _builder = self.new_content_builder(
+ self.ctx.args,
+ typ=AAZObjectType,
+ typ_kwargs={"flags": {"required": True, "client_flatten": True}}
+ )
+ _builder.set_prop("properties", AAZObjectType, typ_kwargs={"flags": {"client_flatten": True}})
+
+ properties = _builder.get(".properties")
+ if properties is not None:
+ properties.set_prop("description", AAZStrType, ".description")
+ properties.set_prop("displayName", AAZStrType, ".display_name")
+ properties.set_prop("metadata", AAZDictType, ".metadata")
+ properties.set_prop("parameters", AAZDictType, ".params")
+ properties.set_prop("policyDefinitionGroups", AAZListType, ".definition_groups")
+ properties.set_prop("policyDefinitions", AAZListType, ".definitions", typ_kwargs={"flags": {"required": True}})
+ properties.set_prop("version", AAZStrType, ".version")
+ properties.set_prop("versions", AAZListType, ".versions")
+
+ metadata = _builder.get(".properties.metadata")
+ if metadata is not None:
+ metadata.set_elements(AAZAnyType, ".")
+
+ parameters = _builder.get(".properties.parameters")
+ if parameters is not None:
+ parameters.set_elements(AAZObjectType, ".")
+
+ _elements = _builder.get(".properties.parameters{}")
+ if _elements is not None:
+ _elements.set_prop("allowedValues", AAZListType, ".allowed_values")
+ _elements.set_prop("defaultValue", AAZDictType, ".default_value")
+ _elements.set_prop("metadata", AAZFreeFormDictType, ".metadata")
+ _elements.set_prop("schema", AAZDictType, ".schema")
+ _elements.set_prop("type", AAZStrType, ".type")
+
+ allowed_values = _builder.get(".properties.parameters{}.allowedValues")
+ if allowed_values is not None:
+ allowed_values.set_elements(AAZDictType, ".")
+
+ _elements = _builder.get(".properties.parameters{}.allowedValues[]")
+ if _elements is not None:
+ _elements.set_elements(AAZAnyType, ".")
+
+ default_value = _builder.get(".properties.parameters{}.defaultValue")
+ if default_value is not None:
+ default_value.set_elements(AAZAnyType, ".")
+
+ metadata = _builder.get(".properties.parameters{}.metadata")
+ if metadata is not None:
+ metadata.set_anytype_elements(".")
+
+ schema = _builder.get(".properties.parameters{}.schema")
+ if schema is not None:
+ schema.set_elements(AAZAnyType, ".")
+
+ policy_definition_groups = _builder.get(".properties.policyDefinitionGroups")
+ if policy_definition_groups is not None:
+ policy_definition_groups.set_elements(AAZObjectType, ".")
+
+ _elements = _builder.get(".properties.policyDefinitionGroups[]")
+ if _elements is not None:
+ _elements.set_prop("additionalMetadataId", AAZStrType, ".additional_metadata_id")
+ _elements.set_prop("category", AAZStrType, ".category")
+ _elements.set_prop("description", AAZStrType, ".description")
+ _elements.set_prop("displayName", AAZStrType, ".display_name")
+ _elements.set_prop("name", AAZStrType, ".name", typ_kwargs={"flags": {"required": True}})
+
+ policy_definitions = _builder.get(".properties.policyDefinitions")
+ if policy_definitions is not None:
+ policy_definitions.set_elements(AAZObjectType, ".")
+
+ _elements = _builder.get(".properties.policyDefinitions[]")
+ if _elements is not None:
+ _elements.set_prop("definitionVersion", AAZStrType, ".definition_version")
+ _elements.set_prop("groupNames", AAZListType, ".group_names")
+ _elements.set_prop("parameters", AAZDictType, ".parameters")
+ _elements.set_prop("policyDefinitionId", AAZStrType, ".policy_definition_id", typ_kwargs={"flags": {"required": True}})
+ _elements.set_prop("policyDefinitionReferenceId", AAZStrType, ".policy_definition_reference_id")
+
+ group_names = _builder.get(".properties.policyDefinitions[].groupNames")
+ if group_names is not None:
+ group_names.set_elements(AAZStrType, ".")
+
+ parameters = _builder.get(".properties.policyDefinitions[].parameters")
+ if parameters is not None:
+ parameters.set_elements(AAZObjectType, ".")
+
+ _elements = _builder.get(".properties.policyDefinitions[].parameters{}")
+ if _elements is not None:
+ _elements.set_prop("value", AAZDictType, ".value")
+
+ value = _builder.get(".properties.policyDefinitions[].parameters{}.value")
+ if value is not None:
+ value.set_elements(AAZAnyType, ".")
+
+ versions = _builder.get(".properties.versions")
+ if versions is not None:
+ versions.set_elements(AAZStrType, ".")
+
+ return self.serialize_content(_content_value)
+
+ def on_200_201(self, session):
+ data = self.deserialize_http_content(session)
+ self.ctx.set_var(
+ "instance",
+ data,
+ schema_builder=self._build_schema_on_200_201
+ )
+
+ _schema_on_200_201 = None
+
+ @classmethod
+ def _build_schema_on_200_201(cls):
+ if cls._schema_on_200_201 is not None:
+ return cls._schema_on_200_201
+
+ cls._schema_on_200_201 = AAZObjectType()
+
+ _schema_on_200_201 = cls._schema_on_200_201
+ _schema_on_200_201.id = AAZStrType(
+ flags={"read_only": True},
+ )
+ _schema_on_200_201.name = AAZStrType(
+ flags={"read_only": True},
+ )
+ _schema_on_200_201.properties = AAZObjectType(
+ flags={"client_flatten": True},
+ )
+ _schema_on_200_201.system_data = AAZObjectType(
+ serialized_name="systemData",
+ flags={"read_only": True},
+ )
+ _schema_on_200_201.type = AAZStrType(
+ flags={"read_only": True},
+ )
+
+ properties = cls._schema_on_200_201.properties
+ properties.description = AAZStrType()
+ properties.display_name = AAZStrType(
+ serialized_name="displayName",
+ )
+ properties.metadata = AAZDictType()
+ properties.parameters = AAZDictType()
+ properties.policy_definition_groups = AAZListType(
+ serialized_name="policyDefinitionGroups",
+ )
+ properties.policy_definitions = AAZListType(
+ serialized_name="policyDefinitions",
+ flags={"required": True},
+ )
+ properties.policy_type = AAZStrType(
+ serialized_name="policyType",
+ )
+ properties.version = AAZStrType()
+ properties.versions = AAZListType()
+
+ metadata = cls._schema_on_200_201.properties.metadata
+ metadata.Element = AAZAnyType()
+
+ parameters = cls._schema_on_200_201.properties.parameters
+ parameters.Element = AAZObjectType()
+
+ _element = cls._schema_on_200_201.properties.parameters.Element
+ _element.allowed_values = AAZListType(
+ serialized_name="allowedValues",
+ )
+ _element.default_value = AAZDictType(
+ serialized_name="defaultValue",
+ )
+ _element.metadata = AAZFreeFormDictType()
+ _element.schema = AAZDictType()
+ _element.type = AAZStrType()
+
+ allowed_values = cls._schema_on_200_201.properties.parameters.Element.allowed_values
+ allowed_values.Element = AAZDictType()
+
+ _element = cls._schema_on_200_201.properties.parameters.Element.allowed_values.Element
+ _element.Element = AAZAnyType()
+
+ default_value = cls._schema_on_200_201.properties.parameters.Element.default_value
+ default_value.Element = AAZAnyType()
+
+ schema = cls._schema_on_200_201.properties.parameters.Element.schema
+ schema.Element = AAZAnyType()
+
+ policy_definition_groups = cls._schema_on_200_201.properties.policy_definition_groups
+ policy_definition_groups.Element = AAZObjectType()
+
+ _element = cls._schema_on_200_201.properties.policy_definition_groups.Element
+ _element.additional_metadata_id = AAZStrType(
+ serialized_name="additionalMetadataId",
+ )
+ _element.category = AAZStrType()
+ _element.description = AAZStrType()
+ _element.display_name = AAZStrType(
+ serialized_name="displayName",
+ )
+ _element.name = AAZStrType(
+ flags={"required": True},
+ )
+
+ policy_definitions = cls._schema_on_200_201.properties.policy_definitions
+ policy_definitions.Element = AAZObjectType()
+
+ _element = cls._schema_on_200_201.properties.policy_definitions.Element
+ _element.definition_version = AAZStrType(
+ serialized_name="definitionVersion",
+ )
+ _element.effective_definition_version = AAZStrType(
+ serialized_name="effectiveDefinitionVersion",
+ flags={"read_only": True},
+ )
+ _element.group_names = AAZListType(
+ serialized_name="groupNames",
+ )
+ _element.latest_definition_version = AAZStrType(
+ serialized_name="latestDefinitionVersion",
+ flags={"read_only": True},
+ )
+ _element.parameters = AAZDictType()
+ _element.policy_definition_id = AAZStrType(
+ serialized_name="policyDefinitionId",
+ flags={"required": True},
+ )
+ _element.policy_definition_reference_id = AAZStrType(
+ serialized_name="policyDefinitionReferenceId",
+ )
+
+ group_names = cls._schema_on_200_201.properties.policy_definitions.Element.group_names
+ group_names.Element = AAZStrType()
+
+ parameters = cls._schema_on_200_201.properties.policy_definitions.Element.parameters
+ parameters.Element = AAZObjectType()
+
+ _element = cls._schema_on_200_201.properties.policy_definitions.Element.parameters.Element
+ _element.value = AAZDictType()
+
+ value = cls._schema_on_200_201.properties.policy_definitions.Element.parameters.Element.value
+ value.Element = AAZAnyType()
+
+ versions = cls._schema_on_200_201.properties.versions
+ versions.Element = AAZStrType()
+
+ system_data = cls._schema_on_200_201.system_data
+ system_data.created_at = AAZStrType(
+ serialized_name="createdAt",
+ )
+ system_data.created_by = AAZStrType(
+ serialized_name="createdBy",
+ )
+ system_data.created_by_type = AAZStrType(
+ serialized_name="createdByType",
+ )
+ system_data.last_modified_at = AAZStrType(
+ serialized_name="lastModifiedAt",
+ )
+ system_data.last_modified_by = AAZStrType(
+ serialized_name="lastModifiedBy",
+ )
+ system_data.last_modified_by_type = AAZStrType(
+ serialized_name="lastModifiedByType",
+ )
+
+ return cls._schema_on_200_201
+
+ class PolicySetDefinitionsCreateOrUpdate(AAZHttpOperation):
+ CLIENT_TYPE = "MgmtClient"
+
+ def __call__(self, *args, **kwargs):
+ request = self.make_request()
+ session = self.client.send_request(request=request, stream=False, **kwargs)
+ if session.http_response.status_code in [200, 201]:
+ return self.on_200_201(session)
+
+ return self.on_error(session.http_response)
+
+ @property
+ def url(self):
+ return self.client.format_url(
+ "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}",
+ **self.url_parameters
+ )
+
+ @property
+ def method(self):
+ return "PUT"
+
+ @property
+ def error_format(self):
+ return "MgmtErrorFormat"
+
+ @property
+ def url_parameters(self):
+ parameters = {
+ **self.serialize_url_param(
+ "policySetDefinitionName", self.ctx.args.name,
+ required=True,
+ ),
+ **self.serialize_url_param(
+ "subscriptionId", self.ctx.subscription_id,
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def query_parameters(self):
+ parameters = {
+ **self.serialize_query_param(
+ "api-version", "2024-05-01",
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def header_parameters(self):
+ parameters = {
+ **self.serialize_header_param(
+ "Content-Type", "application/json",
+ ),
+ **self.serialize_header_param(
+ "Accept", "application/json",
+ ),
+ }
+ return parameters
+
+ @property
+ def content(self):
+ _content_value, _builder = self.new_content_builder(
+ self.ctx.args,
+ typ=AAZObjectType,
+ typ_kwargs={"flags": {"required": True, "client_flatten": True}}
+ )
+ _builder.set_prop("properties", AAZObjectType, typ_kwargs={"flags": {"client_flatten": True}})
+
+ properties = _builder.get(".properties")
+ if properties is not None:
+ properties.set_prop("description", AAZStrType, ".description")
+ properties.set_prop("displayName", AAZStrType, ".display_name")
+ properties.set_prop("metadata", AAZDictType, ".metadata")
+ properties.set_prop("parameters", AAZDictType, ".params")
+ properties.set_prop("policyDefinitionGroups", AAZListType, ".definition_groups")
+ properties.set_prop("policyDefinitions", AAZListType, ".definitions", typ_kwargs={"flags": {"required": True}})
+ properties.set_prop("version", AAZStrType, ".version")
+ properties.set_prop("versions", AAZListType, ".versions")
+
+ metadata = _builder.get(".properties.metadata")
+ if metadata is not None:
+ metadata.set_elements(AAZAnyType, ".")
+
+ parameters = _builder.get(".properties.parameters")
+ if parameters is not None:
+ parameters.set_elements(AAZObjectType, ".")
+
+ _elements = _builder.get(".properties.parameters{}")
+ if _elements is not None:
+ _elements.set_prop("allowedValues", AAZListType, ".allowed_values")
+ _elements.set_prop("defaultValue", AAZDictType, ".default_value")
+ _elements.set_prop("metadata", AAZFreeFormDictType, ".metadata")
+ _elements.set_prop("schema", AAZDictType, ".schema")
+ _elements.set_prop("type", AAZStrType, ".type")
+
+ allowed_values = _builder.get(".properties.parameters{}.allowedValues")
+ if allowed_values is not None:
+ allowed_values.set_elements(AAZDictType, ".")
+
+ _elements = _builder.get(".properties.parameters{}.allowedValues[]")
+ if _elements is not None:
+ _elements.set_elements(AAZAnyType, ".")
+
+ default_value = _builder.get(".properties.parameters{}.defaultValue")
+ if default_value is not None:
+ default_value.set_elements(AAZAnyType, ".")
+
+ metadata = _builder.get(".properties.parameters{}.metadata")
+ if metadata is not None:
+ metadata.set_anytype_elements(".")
+
+ schema = _builder.get(".properties.parameters{}.schema")
+ if schema is not None:
+ schema.set_elements(AAZAnyType, ".")
+
+ policy_definition_groups = _builder.get(".properties.policyDefinitionGroups")
+ if policy_definition_groups is not None:
+ policy_definition_groups.set_elements(AAZObjectType, ".")
+
+ _elements = _builder.get(".properties.policyDefinitionGroups[]")
+ if _elements is not None:
+ _elements.set_prop("additionalMetadataId", AAZStrType, ".additional_metadata_id")
+ _elements.set_prop("category", AAZStrType, ".category")
+ _elements.set_prop("description", AAZStrType, ".description")
+ _elements.set_prop("displayName", AAZStrType, ".display_name")
+ _elements.set_prop("name", AAZStrType, ".name", typ_kwargs={"flags": {"required": True}})
+
+ policy_definitions = _builder.get(".properties.policyDefinitions")
+ if policy_definitions is not None:
+ policy_definitions.set_elements(AAZObjectType, ".")
+
+ _elements = _builder.get(".properties.policyDefinitions[]")
+ if _elements is not None:
+ _elements.set_prop("definitionVersion", AAZStrType, ".definition_version")
+ _elements.set_prop("groupNames", AAZListType, ".group_names")
+ _elements.set_prop("parameters", AAZDictType, ".parameters")
+ _elements.set_prop("policyDefinitionId", AAZStrType, ".policy_definition_id", typ_kwargs={"flags": {"required": True}})
+ _elements.set_prop("policyDefinitionReferenceId", AAZStrType, ".policy_definition_reference_id")
+
+ group_names = _builder.get(".properties.policyDefinitions[].groupNames")
+ if group_names is not None:
+ group_names.set_elements(AAZStrType, ".")
+
+ parameters = _builder.get(".properties.policyDefinitions[].parameters")
+ if parameters is not None:
+ parameters.set_elements(AAZObjectType, ".")
+
+ _elements = _builder.get(".properties.policyDefinitions[].parameters{}")
+ if _elements is not None:
+ _elements.set_prop("value", AAZDictType, ".value")
+
+ value = _builder.get(".properties.policyDefinitions[].parameters{}.value")
+ if value is not None:
+ value.set_elements(AAZAnyType, ".")
+
+ versions = _builder.get(".properties.versions")
+ if versions is not None:
+ versions.set_elements(AAZStrType, ".")
+
+ return self.serialize_content(_content_value)
+
+ def on_200_201(self, session):
+ data = self.deserialize_http_content(session)
+ self.ctx.set_var(
+ "instance",
+ data,
+ schema_builder=self._build_schema_on_200_201
+ )
+
+ _schema_on_200_201 = None
+
+ @classmethod
+ def _build_schema_on_200_201(cls):
+ if cls._schema_on_200_201 is not None:
+ return cls._schema_on_200_201
+
+ cls._schema_on_200_201 = AAZObjectType()
+
+ _schema_on_200_201 = cls._schema_on_200_201
+ _schema_on_200_201.id = AAZStrType(
+ flags={"read_only": True},
+ )
+ _schema_on_200_201.name = AAZStrType(
+ flags={"read_only": True},
+ )
+ _schema_on_200_201.properties = AAZObjectType(
+ flags={"client_flatten": True},
+ )
+ _schema_on_200_201.system_data = AAZObjectType(
+ serialized_name="systemData",
+ flags={"read_only": True},
+ )
+ _schema_on_200_201.type = AAZStrType(
+ flags={"read_only": True},
+ )
+
+ properties = cls._schema_on_200_201.properties
+ properties.description = AAZStrType()
+ properties.display_name = AAZStrType(
+ serialized_name="displayName",
+ )
+ properties.metadata = AAZDictType()
+ properties.parameters = AAZDictType()
+ properties.policy_definition_groups = AAZListType(
+ serialized_name="policyDefinitionGroups",
+ )
+ properties.policy_definitions = AAZListType(
+ serialized_name="policyDefinitions",
+ flags={"required": True},
+ )
+ properties.policy_type = AAZStrType(
+ serialized_name="policyType",
+ )
+ properties.version = AAZStrType()
+ properties.versions = AAZListType()
+
+ metadata = cls._schema_on_200_201.properties.metadata
+ metadata.Element = AAZAnyType()
+
+ parameters = cls._schema_on_200_201.properties.parameters
+ parameters.Element = AAZObjectType()
+
+ _element = cls._schema_on_200_201.properties.parameters.Element
+ _element.allowed_values = AAZListType(
+ serialized_name="allowedValues",
+ )
+ _element.default_value = AAZDictType(
+ serialized_name="defaultValue",
+ )
+ _element.metadata = AAZFreeFormDictType()
+ _element.schema = AAZDictType()
+ _element.type = AAZStrType()
+
+ allowed_values = cls._schema_on_200_201.properties.parameters.Element.allowed_values
+ allowed_values.Element = AAZDictType()
+
+ _element = cls._schema_on_200_201.properties.parameters.Element.allowed_values.Element
+ _element.Element = AAZAnyType()
+
+ default_value = cls._schema_on_200_201.properties.parameters.Element.default_value
+ default_value.Element = AAZAnyType()
+
+ schema = cls._schema_on_200_201.properties.parameters.Element.schema
+ schema.Element = AAZAnyType()
+
+ policy_definition_groups = cls._schema_on_200_201.properties.policy_definition_groups
+ policy_definition_groups.Element = AAZObjectType()
+
+ _element = cls._schema_on_200_201.properties.policy_definition_groups.Element
+ _element.additional_metadata_id = AAZStrType(
+ serialized_name="additionalMetadataId",
+ )
+ _element.category = AAZStrType()
+ _element.description = AAZStrType()
+ _element.display_name = AAZStrType(
+ serialized_name="displayName",
+ )
+ _element.name = AAZStrType(
+ flags={"required": True},
+ )
+
+ policy_definitions = cls._schema_on_200_201.properties.policy_definitions
+ policy_definitions.Element = AAZObjectType()
+
+ _element = cls._schema_on_200_201.properties.policy_definitions.Element
+ _element.definition_version = AAZStrType(
+ serialized_name="definitionVersion",
+ )
+ _element.effective_definition_version = AAZStrType(
+ serialized_name="effectiveDefinitionVersion",
+ flags={"read_only": True},
+ )
+ _element.group_names = AAZListType(
+ serialized_name="groupNames",
+ )
+ _element.latest_definition_version = AAZStrType(
+ serialized_name="latestDefinitionVersion",
+ flags={"read_only": True},
+ )
+ _element.parameters = AAZDictType()
+ _element.policy_definition_id = AAZStrType(
+ serialized_name="policyDefinitionId",
+ flags={"required": True},
+ )
+ _element.policy_definition_reference_id = AAZStrType(
+ serialized_name="policyDefinitionReferenceId",
+ )
+
+ group_names = cls._schema_on_200_201.properties.policy_definitions.Element.group_names
+ group_names.Element = AAZStrType()
+
+ parameters = cls._schema_on_200_201.properties.policy_definitions.Element.parameters
+ parameters.Element = AAZObjectType()
+
+ _element = cls._schema_on_200_201.properties.policy_definitions.Element.parameters.Element
+ _element.value = AAZDictType()
+
+ value = cls._schema_on_200_201.properties.policy_definitions.Element.parameters.Element.value
+ value.Element = AAZAnyType()
+
+ versions = cls._schema_on_200_201.properties.versions
+ versions.Element = AAZStrType()
+
+ system_data = cls._schema_on_200_201.system_data
+ system_data.created_at = AAZStrType(
+ serialized_name="createdAt",
+ )
+ system_data.created_by = AAZStrType(
+ serialized_name="createdBy",
+ )
+ system_data.created_by_type = AAZStrType(
+ serialized_name="createdByType",
+ )
+ system_data.last_modified_at = AAZStrType(
+ serialized_name="lastModifiedAt",
+ )
+ system_data.last_modified_by = AAZStrType(
+ serialized_name="lastModifiedBy",
+ )
+ system_data.last_modified_by_type = AAZStrType(
+ serialized_name="lastModifiedByType",
+ )
+
+ return cls._schema_on_200_201
+
+
+class _CreateHelper:
+ """Helper class for Create"""
+
+
+__all__ = ["Create"]
diff --git a/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/set_definition/_delete.py b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/set_definition/_delete.py
new file mode 100644
index 00000000000..bfc1a980b84
--- /dev/null
+++ b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/set_definition/_delete.py
@@ -0,0 +1,199 @@
+# --------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for license information.
+#
+# Code generated by aaz-dev-tools
+# --------------------------------------------------------------------------------------------
+
+# pylint: skip-file
+# flake8: noqa
+
+from azure.cli.core.aaz import *
+
+
+class Delete(AAZCommand):
+ """Delete operation deletes the policy set definition in the given management group with the given name.
+ """
+
+ _aaz_info = {
+ "version": "2024-05-01",
+ "resources": [
+ ["mgmt-plane", "/providers/microsoft.management/managementgroups/{}/providers/microsoft.authorization/policysetdefinitions/{}", "2024-05-01"],
+ ["mgmt-plane", "/subscriptions/{}/providers/microsoft.authorization/policysetdefinitions/{}", "2024-05-01"],
+ ]
+ }
+
+ def _handler(self, command_args):
+ super()._handler(command_args)
+ self._execute_operations()
+ return None
+
+ _args_schema = None
+
+ @classmethod
+ def _build_arguments_schema(cls, *args, **kwargs):
+ if cls._args_schema is not None:
+ return cls._args_schema
+ cls._args_schema = super()._build_arguments_schema(*args, **kwargs)
+
+ # define Arg Group ""
+
+ _args_schema = cls._args_schema
+ _args_schema.management_group = AAZStrArg(
+ options=["--management-group"],
+ help="The ID of the management group.",
+ )
+ _args_schema.name = AAZStrArg(
+ options=["-n", "--name"],
+ help="The name of the policy set definition to create.",
+ required=True,
+ fmt=AAZStrArgFormat(
+ pattern="^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$",
+ ),
+ )
+ _args_schema.expand = AAZStrArg(
+ options=["--expand"],
+ help="Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'.",
+ )
+ return cls._args_schema
+
+ def _execute_operations(self):
+ self.pre_operations()
+ condition_0 = has_value(self.ctx.args.management_group) and has_value(self.ctx.args.name)
+ condition_1 = has_value(self.ctx.args.name) and has_value(self.ctx.subscription_id)
+ if condition_0:
+ self.PolicySetDefinitionsDeleteAtManagementGroup(ctx=self.ctx)()
+ if condition_1:
+ self.PolicySetDefinitionsDelete(ctx=self.ctx)()
+ self.post_operations()
+
+ @register_callback
+ def pre_operations(self):
+ pass
+
+ @register_callback
+ def post_operations(self):
+ pass
+
+ class PolicySetDefinitionsDeleteAtManagementGroup(AAZHttpOperation):
+ CLIENT_TYPE = "MgmtClient"
+
+ def __call__(self, *args, **kwargs):
+ request = self.make_request()
+ session = self.client.send_request(request=request, stream=False, **kwargs)
+ if session.http_response.status_code in [200]:
+ return self.on_200(session)
+ if session.http_response.status_code in [204]:
+ return self.on_204(session)
+
+ return self.on_error(session.http_response)
+
+ @property
+ def url(self):
+ return self.client.format_url(
+ "/providers/Microsoft.Management/managementGroups/{managementGroupId}/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}",
+ **self.url_parameters
+ )
+
+ @property
+ def method(self):
+ return "DELETE"
+
+ @property
+ def error_format(self):
+ return "MgmtErrorFormat"
+
+ @property
+ def url_parameters(self):
+ parameters = {
+ **self.serialize_url_param(
+ "managementGroupId", self.ctx.args.management_group,
+ required=True,
+ ),
+ **self.serialize_url_param(
+ "policySetDefinitionName", self.ctx.args.name,
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def query_parameters(self):
+ parameters = {
+ **self.serialize_query_param(
+ "api-version", "2024-05-01",
+ required=True,
+ ),
+ }
+ return parameters
+
+ def on_200(self, session):
+ pass
+
+ def on_204(self, session):
+ pass
+
+ class PolicySetDefinitionsDelete(AAZHttpOperation):
+ CLIENT_TYPE = "MgmtClient"
+
+ def __call__(self, *args, **kwargs):
+ request = self.make_request()
+ session = self.client.send_request(request=request, stream=False, **kwargs)
+ if session.http_response.status_code in [200]:
+ return self.on_200(session)
+ if session.http_response.status_code in [204]:
+ return self.on_204(session)
+
+ return self.on_error(session.http_response)
+
+ @property
+ def url(self):
+ return self.client.format_url(
+ "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}",
+ **self.url_parameters
+ )
+
+ @property
+ def method(self):
+ return "DELETE"
+
+ @property
+ def error_format(self):
+ return "MgmtErrorFormat"
+
+ @property
+ def url_parameters(self):
+ parameters = {
+ **self.serialize_url_param(
+ "policySetDefinitionName", self.ctx.args.name,
+ required=True,
+ ),
+ **self.serialize_url_param(
+ "subscriptionId", self.ctx.subscription_id,
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def query_parameters(self):
+ parameters = {
+ **self.serialize_query_param(
+ "api-version", "2024-05-01",
+ required=True,
+ ),
+ }
+ return parameters
+
+ def on_200(self, session):
+ pass
+
+ def on_204(self, session):
+ pass
+
+
+class _DeleteHelper:
+ """Helper class for Delete"""
+
+
+__all__ = ["Delete"]
diff --git a/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/set_definition/_list.py b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/set_definition/_list.py
new file mode 100644
index 00000000000..77939c4bb1a
--- /dev/null
+++ b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/set_definition/_list.py
@@ -0,0 +1,781 @@
+# --------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for license information.
+#
+# Code generated by aaz-dev-tools
+# --------------------------------------------------------------------------------------------
+
+# pylint: skip-file
+# flake8: noqa
+
+from azure.cli.core.aaz import *
+
+
+class List(AAZCommand):
+ """List operation retrieves a list of all the built-in policy set definitions that match the optional given $filter. If $filter='category -eq {value}' is provided, the returned list only includes all built-in policy set definitions whose category match the {value}.
+ """
+
+ _aaz_info = {
+ "version": "2024-05-01",
+ "resources": [
+ ["mgmt-plane", "/providers/microsoft.authorization/policysetdefinitions", "2024-05-01"],
+ ["mgmt-plane", "/providers/microsoft.management/managementgroups/{}/providers/microsoft.authorization/policysetdefinitions", "2024-05-01"],
+ ["mgmt-plane", "/subscriptions/{}/providers/microsoft.authorization/policysetdefinitions", "2024-05-01"],
+ ]
+ }
+
+ AZ_SUPPORT_PAGINATION = True
+
+ def _handler(self, command_args):
+ super()._handler(command_args)
+ return self.build_paging(self._execute_operations, self._output)
+
+ _args_schema = None
+
+ @classmethod
+ def _build_arguments_schema(cls, *args, **kwargs):
+ if cls._args_schema is not None:
+ return cls._args_schema
+ cls._args_schema = super()._build_arguments_schema(*args, **kwargs)
+
+ # define Arg Group ""
+
+ _args_schema = cls._args_schema
+ _args_schema.management_group = AAZStrArg(
+ options=["--management-group"],
+ help="The ID of the management group.",
+ )
+ _args_schema.expand = AAZStrArg(
+ options=["--expand"],
+ help="Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'.",
+ )
+ _args_schema.filter = AAZStrArg(
+ options=["--filter"],
+ help="The filter to apply on the operation. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, no filtering is performed. If $filter=atExactScope() is provided, the returned list only includes all policy set definitions that at the given scope. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy set definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all policy set definitions whose category match the {value}.",
+ )
+ return cls._args_schema
+
+ def _execute_operations(self):
+ self.pre_operations()
+ condition_0 = has_value(self.ctx.args.management_group) is not True and has_value(self.ctx.subscription_id) is not True
+ condition_1 = has_value(self.ctx.args.management_group)
+ condition_2 = has_value(self.ctx.subscription_id)
+ if condition_0:
+ self.PolicySetDefinitionsListBuiltIn(ctx=self.ctx)()
+ if condition_1:
+ self.PolicySetDefinitionsListByManagementGroup(ctx=self.ctx)()
+ if condition_2:
+ self.PolicySetDefinitionsList(ctx=self.ctx)()
+ self.post_operations()
+
+ @register_callback
+ def pre_operations(self):
+ pass
+
+ @register_callback
+ def post_operations(self):
+ pass
+
+ def _output(self, *args, **kwargs):
+ result = self.deserialize_output(self.ctx.vars.instance.value, client_flatten=True)
+ next_link = self.deserialize_output(self.ctx.vars.instance.next_link)
+ return result, next_link
+
+ class PolicySetDefinitionsListBuiltIn(AAZHttpOperation):
+ CLIENT_TYPE = "MgmtClient"
+
+ def __call__(self, *args, **kwargs):
+ request = self.make_request()
+ session = self.client.send_request(request=request, stream=False, **kwargs)
+ if session.http_response.status_code in [200]:
+ return self.on_200(session)
+
+ return self.on_error(session.http_response)
+
+ @property
+ def url(self):
+ return self.client.format_url(
+ "/providers/Microsoft.Authorization/policySetDefinitions",
+ **self.url_parameters
+ )
+
+ @property
+ def method(self):
+ return "GET"
+
+ @property
+ def error_format(self):
+ return "MgmtErrorFormat"
+
+ @property
+ def query_parameters(self):
+ parameters = {
+ **self.serialize_query_param(
+ "$expand", self.ctx.args.expand,
+ ),
+ **self.serialize_query_param(
+ "$filter", self.ctx.args.filter,
+ ),
+ **self.serialize_query_param(
+ "api-version", "2024-05-01",
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def header_parameters(self):
+ parameters = {
+ **self.serialize_header_param(
+ "Accept", "application/json",
+ ),
+ }
+ return parameters
+
+ def on_200(self, session):
+ data = self.deserialize_http_content(session)
+ self.ctx.set_var(
+ "instance",
+ data,
+ schema_builder=self._build_schema_on_200
+ )
+
+ _schema_on_200 = None
+
+ @classmethod
+ def _build_schema_on_200(cls):
+ if cls._schema_on_200 is not None:
+ return cls._schema_on_200
+
+ cls._schema_on_200 = AAZObjectType()
+
+ _schema_on_200 = cls._schema_on_200
+ _schema_on_200.next_link = AAZStrType(
+ serialized_name="nextLink",
+ )
+ _schema_on_200.value = AAZListType()
+
+ value = cls._schema_on_200.value
+ value.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.value.Element
+ _element.id = AAZStrType(
+ flags={"read_only": True},
+ )
+ _element.name = AAZStrType(
+ flags={"read_only": True},
+ )
+ _element.properties = AAZObjectType(
+ flags={"client_flatten": True},
+ )
+ _element.system_data = AAZObjectType(
+ serialized_name="systemData",
+ flags={"read_only": True},
+ )
+ _element.type = AAZStrType(
+ flags={"read_only": True},
+ )
+
+ properties = cls._schema_on_200.value.Element.properties
+ properties.description = AAZStrType()
+ properties.display_name = AAZStrType(
+ serialized_name="displayName",
+ )
+ properties.metadata = AAZDictType()
+ properties.parameters = AAZDictType()
+ properties.policy_definition_groups = AAZListType(
+ serialized_name="policyDefinitionGroups",
+ )
+ properties.policy_definitions = AAZListType(
+ serialized_name="policyDefinitions",
+ flags={"required": True},
+ )
+ properties.policy_type = AAZStrType(
+ serialized_name="policyType",
+ )
+ properties.version = AAZStrType()
+ properties.versions = AAZListType()
+
+ metadata = cls._schema_on_200.value.Element.properties.metadata
+ metadata.Element = AAZAnyType()
+
+ parameters = cls._schema_on_200.value.Element.properties.parameters
+ parameters.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.value.Element.properties.parameters.Element
+ _element.allowed_values = AAZListType(
+ serialized_name="allowedValues",
+ )
+ _element.default_value = AAZDictType(
+ serialized_name="defaultValue",
+ )
+ _element.metadata = AAZFreeFormDictType()
+ _element.schema = AAZDictType()
+ _element.type = AAZStrType()
+
+ allowed_values = cls._schema_on_200.value.Element.properties.parameters.Element.allowed_values
+ allowed_values.Element = AAZDictType()
+
+ _element = cls._schema_on_200.value.Element.properties.parameters.Element.allowed_values.Element
+ _element.Element = AAZAnyType()
+
+ default_value = cls._schema_on_200.value.Element.properties.parameters.Element.default_value
+ default_value.Element = AAZAnyType()
+
+ schema = cls._schema_on_200.value.Element.properties.parameters.Element.schema
+ schema.Element = AAZAnyType()
+
+ policy_definition_groups = cls._schema_on_200.value.Element.properties.policy_definition_groups
+ policy_definition_groups.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.value.Element.properties.policy_definition_groups.Element
+ _element.additional_metadata_id = AAZStrType(
+ serialized_name="additionalMetadataId",
+ )
+ _element.category = AAZStrType()
+ _element.description = AAZStrType()
+ _element.display_name = AAZStrType(
+ serialized_name="displayName",
+ )
+ _element.name = AAZStrType(
+ flags={"required": True},
+ )
+
+ policy_definitions = cls._schema_on_200.value.Element.properties.policy_definitions
+ policy_definitions.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.value.Element.properties.policy_definitions.Element
+ _element.definition_version = AAZStrType(
+ serialized_name="definitionVersion",
+ )
+ _element.effective_definition_version = AAZStrType(
+ serialized_name="effectiveDefinitionVersion",
+ flags={"read_only": True},
+ )
+ _element.group_names = AAZListType(
+ serialized_name="groupNames",
+ )
+ _element.latest_definition_version = AAZStrType(
+ serialized_name="latestDefinitionVersion",
+ flags={"read_only": True},
+ )
+ _element.parameters = AAZDictType()
+ _element.policy_definition_id = AAZStrType(
+ serialized_name="policyDefinitionId",
+ flags={"required": True},
+ )
+ _element.policy_definition_reference_id = AAZStrType(
+ serialized_name="policyDefinitionReferenceId",
+ )
+
+ group_names = cls._schema_on_200.value.Element.properties.policy_definitions.Element.group_names
+ group_names.Element = AAZStrType()
+
+ parameters = cls._schema_on_200.value.Element.properties.policy_definitions.Element.parameters
+ parameters.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.value.Element.properties.policy_definitions.Element.parameters.Element
+ _element.value = AAZDictType()
+
+ value = cls._schema_on_200.value.Element.properties.policy_definitions.Element.parameters.Element.value
+ value.Element = AAZAnyType()
+
+ versions = cls._schema_on_200.value.Element.properties.versions
+ versions.Element = AAZStrType()
+
+ system_data = cls._schema_on_200.value.Element.system_data
+ system_data.created_at = AAZStrType(
+ serialized_name="createdAt",
+ )
+ system_data.created_by = AAZStrType(
+ serialized_name="createdBy",
+ )
+ system_data.created_by_type = AAZStrType(
+ serialized_name="createdByType",
+ )
+ system_data.last_modified_at = AAZStrType(
+ serialized_name="lastModifiedAt",
+ )
+ system_data.last_modified_by = AAZStrType(
+ serialized_name="lastModifiedBy",
+ )
+ system_data.last_modified_by_type = AAZStrType(
+ serialized_name="lastModifiedByType",
+ )
+
+ return cls._schema_on_200
+
+ class PolicySetDefinitionsListByManagementGroup(AAZHttpOperation):
+ CLIENT_TYPE = "MgmtClient"
+
+ def __call__(self, *args, **kwargs):
+ request = self.make_request()
+ session = self.client.send_request(request=request, stream=False, **kwargs)
+ if session.http_response.status_code in [200]:
+ return self.on_200(session)
+
+ return self.on_error(session.http_response)
+
+ @property
+ def url(self):
+ return self.client.format_url(
+ "/providers/Microsoft.Management/managementGroups/{managementGroupId}/providers/Microsoft.Authorization/policySetDefinitions",
+ **self.url_parameters
+ )
+
+ @property
+ def method(self):
+ return "GET"
+
+ @property
+ def error_format(self):
+ return "MgmtErrorFormat"
+
+ @property
+ def url_parameters(self):
+ parameters = {
+ **self.serialize_url_param(
+ "managementGroupId", self.ctx.args.management_group,
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def query_parameters(self):
+ parameters = {
+ **self.serialize_query_param(
+ "$expand", self.ctx.args.expand,
+ ),
+ **self.serialize_query_param(
+ "$filter", self.ctx.args.filter,
+ ),
+ **self.serialize_query_param(
+ "api-version", "2024-05-01",
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def header_parameters(self):
+ parameters = {
+ **self.serialize_header_param(
+ "Accept", "application/json",
+ ),
+ }
+ return parameters
+
+ def on_200(self, session):
+ data = self.deserialize_http_content(session)
+ self.ctx.set_var(
+ "instance",
+ data,
+ schema_builder=self._build_schema_on_200
+ )
+
+ _schema_on_200 = None
+
+ @classmethod
+ def _build_schema_on_200(cls):
+ if cls._schema_on_200 is not None:
+ return cls._schema_on_200
+
+ cls._schema_on_200 = AAZObjectType()
+
+ _schema_on_200 = cls._schema_on_200
+ _schema_on_200.next_link = AAZStrType(
+ serialized_name="nextLink",
+ )
+ _schema_on_200.value = AAZListType()
+
+ value = cls._schema_on_200.value
+ value.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.value.Element
+ _element.id = AAZStrType(
+ flags={"read_only": True},
+ )
+ _element.name = AAZStrType(
+ flags={"read_only": True},
+ )
+ _element.properties = AAZObjectType(
+ flags={"client_flatten": True},
+ )
+ _element.system_data = AAZObjectType(
+ serialized_name="systemData",
+ flags={"read_only": True},
+ )
+ _element.type = AAZStrType(
+ flags={"read_only": True},
+ )
+
+ properties = cls._schema_on_200.value.Element.properties
+ properties.description = AAZStrType()
+ properties.display_name = AAZStrType(
+ serialized_name="displayName",
+ )
+ properties.metadata = AAZDictType()
+ properties.parameters = AAZDictType()
+ properties.policy_definition_groups = AAZListType(
+ serialized_name="policyDefinitionGroups",
+ )
+ properties.policy_definitions = AAZListType(
+ serialized_name="policyDefinitions",
+ flags={"required": True},
+ )
+ properties.policy_type = AAZStrType(
+ serialized_name="policyType",
+ )
+ properties.version = AAZStrType()
+ properties.versions = AAZListType()
+
+ metadata = cls._schema_on_200.value.Element.properties.metadata
+ metadata.Element = AAZAnyType()
+
+ parameters = cls._schema_on_200.value.Element.properties.parameters
+ parameters.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.value.Element.properties.parameters.Element
+ _element.allowed_values = AAZListType(
+ serialized_name="allowedValues",
+ )
+ _element.default_value = AAZDictType(
+ serialized_name="defaultValue",
+ )
+ _element.metadata = AAZFreeFormDictType()
+ _element.schema = AAZDictType()
+ _element.type = AAZStrType()
+
+ allowed_values = cls._schema_on_200.value.Element.properties.parameters.Element.allowed_values
+ allowed_values.Element = AAZDictType()
+
+ _element = cls._schema_on_200.value.Element.properties.parameters.Element.allowed_values.Element
+ _element.Element = AAZAnyType()
+
+ default_value = cls._schema_on_200.value.Element.properties.parameters.Element.default_value
+ default_value.Element = AAZAnyType()
+
+ schema = cls._schema_on_200.value.Element.properties.parameters.Element.schema
+ schema.Element = AAZAnyType()
+
+ policy_definition_groups = cls._schema_on_200.value.Element.properties.policy_definition_groups
+ policy_definition_groups.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.value.Element.properties.policy_definition_groups.Element
+ _element.additional_metadata_id = AAZStrType(
+ serialized_name="additionalMetadataId",
+ )
+ _element.category = AAZStrType()
+ _element.description = AAZStrType()
+ _element.display_name = AAZStrType(
+ serialized_name="displayName",
+ )
+ _element.name = AAZStrType(
+ flags={"required": True},
+ )
+
+ policy_definitions = cls._schema_on_200.value.Element.properties.policy_definitions
+ policy_definitions.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.value.Element.properties.policy_definitions.Element
+ _element.definition_version = AAZStrType(
+ serialized_name="definitionVersion",
+ )
+ _element.effective_definition_version = AAZStrType(
+ serialized_name="effectiveDefinitionVersion",
+ flags={"read_only": True},
+ )
+ _element.group_names = AAZListType(
+ serialized_name="groupNames",
+ )
+ _element.latest_definition_version = AAZStrType(
+ serialized_name="latestDefinitionVersion",
+ flags={"read_only": True},
+ )
+ _element.parameters = AAZDictType()
+ _element.policy_definition_id = AAZStrType(
+ serialized_name="policyDefinitionId",
+ flags={"required": True},
+ )
+ _element.policy_definition_reference_id = AAZStrType(
+ serialized_name="policyDefinitionReferenceId",
+ )
+
+ group_names = cls._schema_on_200.value.Element.properties.policy_definitions.Element.group_names
+ group_names.Element = AAZStrType()
+
+ parameters = cls._schema_on_200.value.Element.properties.policy_definitions.Element.parameters
+ parameters.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.value.Element.properties.policy_definitions.Element.parameters.Element
+ _element.value = AAZDictType()
+
+ value = cls._schema_on_200.value.Element.properties.policy_definitions.Element.parameters.Element.value
+ value.Element = AAZAnyType()
+
+ versions = cls._schema_on_200.value.Element.properties.versions
+ versions.Element = AAZStrType()
+
+ system_data = cls._schema_on_200.value.Element.system_data
+ system_data.created_at = AAZStrType(
+ serialized_name="createdAt",
+ )
+ system_data.created_by = AAZStrType(
+ serialized_name="createdBy",
+ )
+ system_data.created_by_type = AAZStrType(
+ serialized_name="createdByType",
+ )
+ system_data.last_modified_at = AAZStrType(
+ serialized_name="lastModifiedAt",
+ )
+ system_data.last_modified_by = AAZStrType(
+ serialized_name="lastModifiedBy",
+ )
+ system_data.last_modified_by_type = AAZStrType(
+ serialized_name="lastModifiedByType",
+ )
+
+ return cls._schema_on_200
+
+ class PolicySetDefinitionsList(AAZHttpOperation):
+ CLIENT_TYPE = "MgmtClient"
+
+ def __call__(self, *args, **kwargs):
+ request = self.make_request()
+ session = self.client.send_request(request=request, stream=False, **kwargs)
+ if session.http_response.status_code in [200]:
+ return self.on_200(session)
+
+ return self.on_error(session.http_response)
+
+ @property
+ def url(self):
+ return self.client.format_url(
+ "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policySetDefinitions",
+ **self.url_parameters
+ )
+
+ @property
+ def method(self):
+ return "GET"
+
+ @property
+ def error_format(self):
+ return "MgmtErrorFormat"
+
+ @property
+ def url_parameters(self):
+ parameters = {
+ **self.serialize_url_param(
+ "subscriptionId", self.ctx.subscription_id,
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def query_parameters(self):
+ parameters = {
+ **self.serialize_query_param(
+ "$expand", self.ctx.args.expand,
+ ),
+ **self.serialize_query_param(
+ "$filter", self.ctx.args.filter,
+ ),
+ **self.serialize_query_param(
+ "api-version", "2024-05-01",
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def header_parameters(self):
+ parameters = {
+ **self.serialize_header_param(
+ "Accept", "application/json",
+ ),
+ }
+ return parameters
+
+ def on_200(self, session):
+ data = self.deserialize_http_content(session)
+ self.ctx.set_var(
+ "instance",
+ data,
+ schema_builder=self._build_schema_on_200
+ )
+
+ _schema_on_200 = None
+
+ @classmethod
+ def _build_schema_on_200(cls):
+ if cls._schema_on_200 is not None:
+ return cls._schema_on_200
+
+ cls._schema_on_200 = AAZObjectType()
+
+ _schema_on_200 = cls._schema_on_200
+ _schema_on_200.next_link = AAZStrType(
+ serialized_name="nextLink",
+ )
+ _schema_on_200.value = AAZListType()
+
+ value = cls._schema_on_200.value
+ value.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.value.Element
+ _element.id = AAZStrType(
+ flags={"read_only": True},
+ )
+ _element.name = AAZStrType(
+ flags={"read_only": True},
+ )
+ _element.properties = AAZObjectType(
+ flags={"client_flatten": True},
+ )
+ _element.system_data = AAZObjectType(
+ serialized_name="systemData",
+ flags={"read_only": True},
+ )
+ _element.type = AAZStrType(
+ flags={"read_only": True},
+ )
+
+ properties = cls._schema_on_200.value.Element.properties
+ properties.description = AAZStrType()
+ properties.display_name = AAZStrType(
+ serialized_name="displayName",
+ )
+ properties.metadata = AAZDictType()
+ properties.parameters = AAZDictType()
+ properties.policy_definition_groups = AAZListType(
+ serialized_name="policyDefinitionGroups",
+ )
+ properties.policy_definitions = AAZListType(
+ serialized_name="policyDefinitions",
+ flags={"required": True},
+ )
+ properties.policy_type = AAZStrType(
+ serialized_name="policyType",
+ )
+ properties.version = AAZStrType()
+ properties.versions = AAZListType()
+
+ metadata = cls._schema_on_200.value.Element.properties.metadata
+ metadata.Element = AAZAnyType()
+
+ parameters = cls._schema_on_200.value.Element.properties.parameters
+ parameters.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.value.Element.properties.parameters.Element
+ _element.allowed_values = AAZListType(
+ serialized_name="allowedValues",
+ )
+ _element.default_value = AAZDictType(
+ serialized_name="defaultValue",
+ )
+ _element.metadata = AAZFreeFormDictType()
+ _element.schema = AAZDictType()
+ _element.type = AAZStrType()
+
+ allowed_values = cls._schema_on_200.value.Element.properties.parameters.Element.allowed_values
+ allowed_values.Element = AAZDictType()
+
+ _element = cls._schema_on_200.value.Element.properties.parameters.Element.allowed_values.Element
+ _element.Element = AAZAnyType()
+
+ default_value = cls._schema_on_200.value.Element.properties.parameters.Element.default_value
+ default_value.Element = AAZAnyType()
+
+ schema = cls._schema_on_200.value.Element.properties.parameters.Element.schema
+ schema.Element = AAZAnyType()
+
+ policy_definition_groups = cls._schema_on_200.value.Element.properties.policy_definition_groups
+ policy_definition_groups.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.value.Element.properties.policy_definition_groups.Element
+ _element.additional_metadata_id = AAZStrType(
+ serialized_name="additionalMetadataId",
+ )
+ _element.category = AAZStrType()
+ _element.description = AAZStrType()
+ _element.display_name = AAZStrType(
+ serialized_name="displayName",
+ )
+ _element.name = AAZStrType(
+ flags={"required": True},
+ )
+
+ policy_definitions = cls._schema_on_200.value.Element.properties.policy_definitions
+ policy_definitions.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.value.Element.properties.policy_definitions.Element
+ _element.definition_version = AAZStrType(
+ serialized_name="definitionVersion",
+ )
+ _element.effective_definition_version = AAZStrType(
+ serialized_name="effectiveDefinitionVersion",
+ flags={"read_only": True},
+ )
+ _element.group_names = AAZListType(
+ serialized_name="groupNames",
+ )
+ _element.latest_definition_version = AAZStrType(
+ serialized_name="latestDefinitionVersion",
+ flags={"read_only": True},
+ )
+ _element.parameters = AAZDictType()
+ _element.policy_definition_id = AAZStrType(
+ serialized_name="policyDefinitionId",
+ flags={"required": True},
+ )
+ _element.policy_definition_reference_id = AAZStrType(
+ serialized_name="policyDefinitionReferenceId",
+ )
+
+ group_names = cls._schema_on_200.value.Element.properties.policy_definitions.Element.group_names
+ group_names.Element = AAZStrType()
+
+ parameters = cls._schema_on_200.value.Element.properties.policy_definitions.Element.parameters
+ parameters.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.value.Element.properties.policy_definitions.Element.parameters.Element
+ _element.value = AAZDictType()
+
+ value = cls._schema_on_200.value.Element.properties.policy_definitions.Element.parameters.Element.value
+ value.Element = AAZAnyType()
+
+ versions = cls._schema_on_200.value.Element.properties.versions
+ versions.Element = AAZStrType()
+
+ system_data = cls._schema_on_200.value.Element.system_data
+ system_data.created_at = AAZStrType(
+ serialized_name="createdAt",
+ )
+ system_data.created_by = AAZStrType(
+ serialized_name="createdBy",
+ )
+ system_data.created_by_type = AAZStrType(
+ serialized_name="createdByType",
+ )
+ system_data.last_modified_at = AAZStrType(
+ serialized_name="lastModifiedAt",
+ )
+ system_data.last_modified_by = AAZStrType(
+ serialized_name="lastModifiedBy",
+ )
+ system_data.last_modified_by_type = AAZStrType(
+ serialized_name="lastModifiedByType",
+ )
+
+ return cls._schema_on_200
+
+
+class _ListHelper:
+ """Helper class for List"""
+
+
+__all__ = ["List"]
diff --git a/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/set_definition/_show.py b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/set_definition/_show.py
new file mode 100644
index 00000000000..4cb3e70c4d9
--- /dev/null
+++ b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/set_definition/_show.py
@@ -0,0 +1,539 @@
+# --------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for license information.
+#
+# Code generated by aaz-dev-tools
+# --------------------------------------------------------------------------------------------
+
+# pylint: skip-file
+# flake8: noqa
+
+from azure.cli.core.aaz import *
+
+
+class Show(AAZCommand):
+ """Get operation retrieves the policy set definition in the given management group with the given name.
+ """
+
+ _aaz_info = {
+ "version": "2024-05-01",
+ "resources": [
+ ["mgmt-plane", "/providers/microsoft.management/managementgroups/{}/providers/microsoft.authorization/policysetdefinitions/{}", "2024-05-01"],
+ ["mgmt-plane", "/subscriptions/{}/providers/microsoft.authorization/policysetdefinitions/{}", "2024-05-01"],
+ ]
+ }
+
+ def _handler(self, command_args):
+ super()._handler(command_args)
+ self._execute_operations()
+ return self._output()
+
+ _args_schema = None
+
+ @classmethod
+ def _build_arguments_schema(cls, *args, **kwargs):
+ if cls._args_schema is not None:
+ return cls._args_schema
+ cls._args_schema = super()._build_arguments_schema(*args, **kwargs)
+
+ # define Arg Group ""
+
+ _args_schema = cls._args_schema
+ _args_schema.management_group = AAZStrArg(
+ options=["--management-group"],
+ help="The ID of the management group.",
+ )
+ _args_schema.name = AAZStrArg(
+ options=["-n", "--name"],
+ help="The name of the policy set definition to create.",
+ required=True,
+ fmt=AAZStrArgFormat(
+ pattern="^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$",
+ ),
+ )
+ _args_schema.expand = AAZStrArg(
+ options=["--expand"],
+ help="Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'.",
+ )
+ return cls._args_schema
+
+ def _execute_operations(self):
+ self.pre_operations()
+ condition_0 = has_value(self.ctx.args.management_group) and has_value(self.ctx.args.name)
+ condition_1 = has_value(self.ctx.args.name) and has_value(self.ctx.subscription_id)
+ if condition_0:
+ self.PolicySetDefinitionsGetAtManagementGroup(ctx=self.ctx)()
+ if condition_1:
+ self.PolicySetDefinitionsGet(ctx=self.ctx)()
+ self.post_operations()
+
+ @register_callback
+ def pre_operations(self):
+ pass
+
+ @register_callback
+ def post_operations(self):
+ pass
+
+ def _output(self, *args, **kwargs):
+ result = self.deserialize_output(self.ctx.vars.instance, client_flatten=True)
+ return result
+
+ class PolicySetDefinitionsGetAtManagementGroup(AAZHttpOperation):
+ CLIENT_TYPE = "MgmtClient"
+
+ def __call__(self, *args, **kwargs):
+ request = self.make_request()
+ session = self.client.send_request(request=request, stream=False, **kwargs)
+ if session.http_response.status_code in [200]:
+ return self.on_200(session)
+
+ return self.on_error(session.http_response)
+
+ @property
+ def url(self):
+ return self.client.format_url(
+ "/providers/Microsoft.Management/managementGroups/{managementGroupId}/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}",
+ **self.url_parameters
+ )
+
+ @property
+ def method(self):
+ return "GET"
+
+ @property
+ def error_format(self):
+ return "MgmtErrorFormat"
+
+ @property
+ def url_parameters(self):
+ parameters = {
+ **self.serialize_url_param(
+ "managementGroupId", self.ctx.args.management_group,
+ required=True,
+ ),
+ **self.serialize_url_param(
+ "policySetDefinitionName", self.ctx.args.name,
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def query_parameters(self):
+ parameters = {
+ **self.serialize_query_param(
+ "$expand", self.ctx.args.expand,
+ ),
+ **self.serialize_query_param(
+ "api-version", "2024-05-01",
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def header_parameters(self):
+ parameters = {
+ **self.serialize_header_param(
+ "Accept", "application/json",
+ ),
+ }
+ return parameters
+
+ def on_200(self, session):
+ data = self.deserialize_http_content(session)
+ self.ctx.set_var(
+ "instance",
+ data,
+ schema_builder=self._build_schema_on_200
+ )
+
+ _schema_on_200 = None
+
+ @classmethod
+ def _build_schema_on_200(cls):
+ if cls._schema_on_200 is not None:
+ return cls._schema_on_200
+
+ cls._schema_on_200 = AAZObjectType()
+
+ _schema_on_200 = cls._schema_on_200
+ _schema_on_200.id = AAZStrType(
+ flags={"read_only": True},
+ )
+ _schema_on_200.name = AAZStrType(
+ flags={"read_only": True},
+ )
+ _schema_on_200.properties = AAZObjectType(
+ flags={"client_flatten": True},
+ )
+ _schema_on_200.system_data = AAZObjectType(
+ serialized_name="systemData",
+ flags={"read_only": True},
+ )
+ _schema_on_200.type = AAZStrType(
+ flags={"read_only": True},
+ )
+
+ properties = cls._schema_on_200.properties
+ properties.description = AAZStrType()
+ properties.display_name = AAZStrType(
+ serialized_name="displayName",
+ )
+ properties.metadata = AAZDictType()
+ properties.parameters = AAZDictType()
+ properties.policy_definition_groups = AAZListType(
+ serialized_name="policyDefinitionGroups",
+ )
+ properties.policy_definitions = AAZListType(
+ serialized_name="policyDefinitions",
+ flags={"required": True},
+ )
+ properties.policy_type = AAZStrType(
+ serialized_name="policyType",
+ )
+ properties.version = AAZStrType()
+ properties.versions = AAZListType()
+
+ metadata = cls._schema_on_200.properties.metadata
+ metadata.Element = AAZAnyType()
+
+ parameters = cls._schema_on_200.properties.parameters
+ parameters.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.properties.parameters.Element
+ _element.allowed_values = AAZListType(
+ serialized_name="allowedValues",
+ )
+ _element.default_value = AAZDictType(
+ serialized_name="defaultValue",
+ )
+ _element.metadata = AAZFreeFormDictType()
+ _element.schema = AAZDictType()
+ _element.type = AAZStrType()
+
+ allowed_values = cls._schema_on_200.properties.parameters.Element.allowed_values
+ allowed_values.Element = AAZDictType()
+
+ _element = cls._schema_on_200.properties.parameters.Element.allowed_values.Element
+ _element.Element = AAZAnyType()
+
+ default_value = cls._schema_on_200.properties.parameters.Element.default_value
+ default_value.Element = AAZAnyType()
+
+ schema = cls._schema_on_200.properties.parameters.Element.schema
+ schema.Element = AAZAnyType()
+
+ policy_definition_groups = cls._schema_on_200.properties.policy_definition_groups
+ policy_definition_groups.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.properties.policy_definition_groups.Element
+ _element.additional_metadata_id = AAZStrType(
+ serialized_name="additionalMetadataId",
+ )
+ _element.category = AAZStrType()
+ _element.description = AAZStrType()
+ _element.display_name = AAZStrType(
+ serialized_name="displayName",
+ )
+ _element.name = AAZStrType(
+ flags={"required": True},
+ )
+
+ policy_definitions = cls._schema_on_200.properties.policy_definitions
+ policy_definitions.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.properties.policy_definitions.Element
+ _element.definition_version = AAZStrType(
+ serialized_name="definitionVersion",
+ )
+ _element.effective_definition_version = AAZStrType(
+ serialized_name="effectiveDefinitionVersion",
+ flags={"read_only": True},
+ )
+ _element.group_names = AAZListType(
+ serialized_name="groupNames",
+ )
+ _element.latest_definition_version = AAZStrType(
+ serialized_name="latestDefinitionVersion",
+ flags={"read_only": True},
+ )
+ _element.parameters = AAZDictType()
+ _element.policy_definition_id = AAZStrType(
+ serialized_name="policyDefinitionId",
+ flags={"required": True},
+ )
+ _element.policy_definition_reference_id = AAZStrType(
+ serialized_name="policyDefinitionReferenceId",
+ )
+
+ group_names = cls._schema_on_200.properties.policy_definitions.Element.group_names
+ group_names.Element = AAZStrType()
+
+ parameters = cls._schema_on_200.properties.policy_definitions.Element.parameters
+ parameters.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.properties.policy_definitions.Element.parameters.Element
+ _element.value = AAZDictType()
+
+ value = cls._schema_on_200.properties.policy_definitions.Element.parameters.Element.value
+ value.Element = AAZAnyType()
+
+ versions = cls._schema_on_200.properties.versions
+ versions.Element = AAZStrType()
+
+ system_data = cls._schema_on_200.system_data
+ system_data.created_at = AAZStrType(
+ serialized_name="createdAt",
+ )
+ system_data.created_by = AAZStrType(
+ serialized_name="createdBy",
+ )
+ system_data.created_by_type = AAZStrType(
+ serialized_name="createdByType",
+ )
+ system_data.last_modified_at = AAZStrType(
+ serialized_name="lastModifiedAt",
+ )
+ system_data.last_modified_by = AAZStrType(
+ serialized_name="lastModifiedBy",
+ )
+ system_data.last_modified_by_type = AAZStrType(
+ serialized_name="lastModifiedByType",
+ )
+
+ return cls._schema_on_200
+
+ class PolicySetDefinitionsGet(AAZHttpOperation):
+ CLIENT_TYPE = "MgmtClient"
+
+ def __call__(self, *args, **kwargs):
+ request = self.make_request()
+ session = self.client.send_request(request=request, stream=False, **kwargs)
+ if session.http_response.status_code in [200]:
+ return self.on_200(session)
+
+ return self.on_error(session.http_response)
+
+ @property
+ def url(self):
+ return self.client.format_url(
+ "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}",
+ **self.url_parameters
+ )
+
+ @property
+ def method(self):
+ return "GET"
+
+ @property
+ def error_format(self):
+ return "MgmtErrorFormat"
+
+ @property
+ def url_parameters(self):
+ parameters = {
+ **self.serialize_url_param(
+ "policySetDefinitionName", self.ctx.args.name,
+ required=True,
+ ),
+ **self.serialize_url_param(
+ "subscriptionId", self.ctx.subscription_id,
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def query_parameters(self):
+ parameters = {
+ **self.serialize_query_param(
+ "$expand", self.ctx.args.expand,
+ ),
+ **self.serialize_query_param(
+ "api-version", "2024-05-01",
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def header_parameters(self):
+ parameters = {
+ **self.serialize_header_param(
+ "Accept", "application/json",
+ ),
+ }
+ return parameters
+
+ def on_200(self, session):
+ data = self.deserialize_http_content(session)
+ self.ctx.set_var(
+ "instance",
+ data,
+ schema_builder=self._build_schema_on_200
+ )
+
+ _schema_on_200 = None
+
+ @classmethod
+ def _build_schema_on_200(cls):
+ if cls._schema_on_200 is not None:
+ return cls._schema_on_200
+
+ cls._schema_on_200 = AAZObjectType()
+
+ _schema_on_200 = cls._schema_on_200
+ _schema_on_200.id = AAZStrType(
+ flags={"read_only": True},
+ )
+ _schema_on_200.name = AAZStrType(
+ flags={"read_only": True},
+ )
+ _schema_on_200.properties = AAZObjectType(
+ flags={"client_flatten": True},
+ )
+ _schema_on_200.system_data = AAZObjectType(
+ serialized_name="systemData",
+ flags={"read_only": True},
+ )
+ _schema_on_200.type = AAZStrType(
+ flags={"read_only": True},
+ )
+
+ properties = cls._schema_on_200.properties
+ properties.description = AAZStrType()
+ properties.display_name = AAZStrType(
+ serialized_name="displayName",
+ )
+ properties.metadata = AAZDictType()
+ properties.parameters = AAZDictType()
+ properties.policy_definition_groups = AAZListType(
+ serialized_name="policyDefinitionGroups",
+ )
+ properties.policy_definitions = AAZListType(
+ serialized_name="policyDefinitions",
+ flags={"required": True},
+ )
+ properties.policy_type = AAZStrType(
+ serialized_name="policyType",
+ )
+ properties.version = AAZStrType()
+ properties.versions = AAZListType()
+
+ metadata = cls._schema_on_200.properties.metadata
+ metadata.Element = AAZAnyType()
+
+ parameters = cls._schema_on_200.properties.parameters
+ parameters.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.properties.parameters.Element
+ _element.allowed_values = AAZListType(
+ serialized_name="allowedValues",
+ )
+ _element.default_value = AAZDictType(
+ serialized_name="defaultValue",
+ )
+ _element.metadata = AAZFreeFormDictType()
+ _element.schema = AAZDictType()
+ _element.type = AAZStrType()
+
+ allowed_values = cls._schema_on_200.properties.parameters.Element.allowed_values
+ allowed_values.Element = AAZDictType()
+
+ _element = cls._schema_on_200.properties.parameters.Element.allowed_values.Element
+ _element.Element = AAZAnyType()
+
+ default_value = cls._schema_on_200.properties.parameters.Element.default_value
+ default_value.Element = AAZAnyType()
+
+ schema = cls._schema_on_200.properties.parameters.Element.schema
+ schema.Element = AAZAnyType()
+
+ policy_definition_groups = cls._schema_on_200.properties.policy_definition_groups
+ policy_definition_groups.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.properties.policy_definition_groups.Element
+ _element.additional_metadata_id = AAZStrType(
+ serialized_name="additionalMetadataId",
+ )
+ _element.category = AAZStrType()
+ _element.description = AAZStrType()
+ _element.display_name = AAZStrType(
+ serialized_name="displayName",
+ )
+ _element.name = AAZStrType(
+ flags={"required": True},
+ )
+
+ policy_definitions = cls._schema_on_200.properties.policy_definitions
+ policy_definitions.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.properties.policy_definitions.Element
+ _element.definition_version = AAZStrType(
+ serialized_name="definitionVersion",
+ )
+ _element.effective_definition_version = AAZStrType(
+ serialized_name="effectiveDefinitionVersion",
+ flags={"read_only": True},
+ )
+ _element.group_names = AAZListType(
+ serialized_name="groupNames",
+ )
+ _element.latest_definition_version = AAZStrType(
+ serialized_name="latestDefinitionVersion",
+ flags={"read_only": True},
+ )
+ _element.parameters = AAZDictType()
+ _element.policy_definition_id = AAZStrType(
+ serialized_name="policyDefinitionId",
+ flags={"required": True},
+ )
+ _element.policy_definition_reference_id = AAZStrType(
+ serialized_name="policyDefinitionReferenceId",
+ )
+
+ group_names = cls._schema_on_200.properties.policy_definitions.Element.group_names
+ group_names.Element = AAZStrType()
+
+ parameters = cls._schema_on_200.properties.policy_definitions.Element.parameters
+ parameters.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.properties.policy_definitions.Element.parameters.Element
+ _element.value = AAZDictType()
+
+ value = cls._schema_on_200.properties.policy_definitions.Element.parameters.Element.value
+ value.Element = AAZAnyType()
+
+ versions = cls._schema_on_200.properties.versions
+ versions.Element = AAZStrType()
+
+ system_data = cls._schema_on_200.system_data
+ system_data.created_at = AAZStrType(
+ serialized_name="createdAt",
+ )
+ system_data.created_by = AAZStrType(
+ serialized_name="createdBy",
+ )
+ system_data.created_by_type = AAZStrType(
+ serialized_name="createdByType",
+ )
+ system_data.last_modified_at = AAZStrType(
+ serialized_name="lastModifiedAt",
+ )
+ system_data.last_modified_by = AAZStrType(
+ serialized_name="lastModifiedBy",
+ )
+ system_data.last_modified_by_type = AAZStrType(
+ serialized_name="lastModifiedByType",
+ )
+
+ return cls._schema_on_200
+
+
+class _ShowHelper:
+ """Helper class for Show"""
+
+
+__all__ = ["Show"]
diff --git a/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/set_definition/_show_untitled1.py b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/set_definition/_show_untitled1.py
new file mode 100644
index 00000000000..50fa1fc4545
--- /dev/null
+++ b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/set_definition/_show_untitled1.py
@@ -0,0 +1,299 @@
+# --------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for license information.
+#
+# Code generated by aaz-dev-tools
+# --------------------------------------------------------------------------------------------
+
+# pylint: skip-file
+# flake8: noqa
+
+from azure.cli.core.aaz import *
+
+
+class ShowUntitled1(AAZCommand):
+ """Get operation retrieves the built-in policy set definition with the given name.
+ """
+
+ _aaz_info = {
+ "version": "2024-05-01",
+ "resources": [
+ ["mgmt-plane", "/providers/microsoft.authorization/policysetdefinitions/{}", "2024-05-01"],
+ ]
+ }
+
+ def _handler(self, command_args):
+ super()._handler(command_args)
+ self._execute_operations()
+ return self._output()
+
+ _args_schema = None
+
+ @classmethod
+ def _build_arguments_schema(cls, *args, **kwargs):
+ if cls._args_schema is not None:
+ return cls._args_schema
+ cls._args_schema = super()._build_arguments_schema(*args, **kwargs)
+
+ # define Arg Group ""
+
+ _args_schema = cls._args_schema
+ _args_schema.name = AAZStrArg(
+ options=["-n", "--name"],
+ help="The name of the policy set definition to create.",
+ required=True,
+ fmt=AAZStrArgFormat(
+ pattern="^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$",
+ ),
+ )
+ _args_schema.expand = AAZStrArg(
+ options=["--expand"],
+ help="Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'.",
+ )
+ return cls._args_schema
+
+ def _execute_operations(self):
+ self.pre_operations()
+ self.PolicySetDefinitionsGetBuiltIn(ctx=self.ctx)()
+ self.post_operations()
+
+ @register_callback
+ def pre_operations(self):
+ pass
+
+ @register_callback
+ def post_operations(self):
+ pass
+
+ def _output(self, *args, **kwargs):
+ result = self.deserialize_output(self.ctx.vars.instance, client_flatten=True)
+ return result
+
+ class PolicySetDefinitionsGetBuiltIn(AAZHttpOperation):
+ CLIENT_TYPE = "MgmtClient"
+
+ def __call__(self, *args, **kwargs):
+ request = self.make_request()
+ session = self.client.send_request(request=request, stream=False, **kwargs)
+ if session.http_response.status_code in [200]:
+ return self.on_200(session)
+
+ return self.on_error(session.http_response)
+
+ @property
+ def url(self):
+ return self.client.format_url(
+ "/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}",
+ **self.url_parameters
+ )
+
+ @property
+ def method(self):
+ return "GET"
+
+ @property
+ def error_format(self):
+ return "MgmtErrorFormat"
+
+ @property
+ def url_parameters(self):
+ parameters = {
+ **self.serialize_url_param(
+ "policySetDefinitionName", self.ctx.args.name,
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def query_parameters(self):
+ parameters = {
+ **self.serialize_query_param(
+ "$expand", self.ctx.args.expand,
+ ),
+ **self.serialize_query_param(
+ "api-version", "2024-05-01",
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def header_parameters(self):
+ parameters = {
+ **self.serialize_header_param(
+ "Accept", "application/json",
+ ),
+ }
+ return parameters
+
+ def on_200(self, session):
+ data = self.deserialize_http_content(session)
+ self.ctx.set_var(
+ "instance",
+ data,
+ schema_builder=self._build_schema_on_200
+ )
+
+ _schema_on_200 = None
+
+ @classmethod
+ def _build_schema_on_200(cls):
+ if cls._schema_on_200 is not None:
+ return cls._schema_on_200
+
+ cls._schema_on_200 = AAZObjectType()
+
+ _schema_on_200 = cls._schema_on_200
+ _schema_on_200.id = AAZStrType(
+ flags={"read_only": True},
+ )
+ _schema_on_200.name = AAZStrType(
+ flags={"read_only": True},
+ )
+ _schema_on_200.properties = AAZObjectType(
+ flags={"client_flatten": True},
+ )
+ _schema_on_200.system_data = AAZObjectType(
+ serialized_name="systemData",
+ flags={"read_only": True},
+ )
+ _schema_on_200.type = AAZStrType(
+ flags={"read_only": True},
+ )
+
+ properties = cls._schema_on_200.properties
+ properties.description = AAZStrType()
+ properties.display_name = AAZStrType(
+ serialized_name="displayName",
+ )
+ properties.metadata = AAZDictType()
+ properties.parameters = AAZDictType()
+ properties.policy_definition_groups = AAZListType(
+ serialized_name="policyDefinitionGroups",
+ )
+ properties.policy_definitions = AAZListType(
+ serialized_name="policyDefinitions",
+ flags={"required": True},
+ )
+ properties.policy_type = AAZStrType(
+ serialized_name="policyType",
+ )
+ properties.version = AAZStrType()
+ properties.versions = AAZListType()
+
+ metadata = cls._schema_on_200.properties.metadata
+ metadata.Element = AAZAnyType()
+
+ parameters = cls._schema_on_200.properties.parameters
+ parameters.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.properties.parameters.Element
+ _element.allowed_values = AAZListType(
+ serialized_name="allowedValues",
+ )
+ _element.default_value = AAZDictType(
+ serialized_name="defaultValue",
+ )
+ _element.metadata = AAZFreeFormDictType()
+ _element.schema = AAZDictType()
+ _element.type = AAZStrType()
+
+ allowed_values = cls._schema_on_200.properties.parameters.Element.allowed_values
+ allowed_values.Element = AAZDictType()
+
+ _element = cls._schema_on_200.properties.parameters.Element.allowed_values.Element
+ _element.Element = AAZAnyType()
+
+ default_value = cls._schema_on_200.properties.parameters.Element.default_value
+ default_value.Element = AAZAnyType()
+
+ schema = cls._schema_on_200.properties.parameters.Element.schema
+ schema.Element = AAZAnyType()
+
+ policy_definition_groups = cls._schema_on_200.properties.policy_definition_groups
+ policy_definition_groups.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.properties.policy_definition_groups.Element
+ _element.additional_metadata_id = AAZStrType(
+ serialized_name="additionalMetadataId",
+ )
+ _element.category = AAZStrType()
+ _element.description = AAZStrType()
+ _element.display_name = AAZStrType(
+ serialized_name="displayName",
+ )
+ _element.name = AAZStrType(
+ flags={"required": True},
+ )
+
+ policy_definitions = cls._schema_on_200.properties.policy_definitions
+ policy_definitions.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.properties.policy_definitions.Element
+ _element.definition_version = AAZStrType(
+ serialized_name="definitionVersion",
+ )
+ _element.effective_definition_version = AAZStrType(
+ serialized_name="effectiveDefinitionVersion",
+ flags={"read_only": True},
+ )
+ _element.group_names = AAZListType(
+ serialized_name="groupNames",
+ )
+ _element.latest_definition_version = AAZStrType(
+ serialized_name="latestDefinitionVersion",
+ flags={"read_only": True},
+ )
+ _element.parameters = AAZDictType()
+ _element.policy_definition_id = AAZStrType(
+ serialized_name="policyDefinitionId",
+ flags={"required": True},
+ )
+ _element.policy_definition_reference_id = AAZStrType(
+ serialized_name="policyDefinitionReferenceId",
+ )
+
+ group_names = cls._schema_on_200.properties.policy_definitions.Element.group_names
+ group_names.Element = AAZStrType()
+
+ parameters = cls._schema_on_200.properties.policy_definitions.Element.parameters
+ parameters.Element = AAZObjectType()
+
+ _element = cls._schema_on_200.properties.policy_definitions.Element.parameters.Element
+ _element.value = AAZDictType()
+
+ value = cls._schema_on_200.properties.policy_definitions.Element.parameters.Element.value
+ value.Element = AAZAnyType()
+
+ versions = cls._schema_on_200.properties.versions
+ versions.Element = AAZStrType()
+
+ system_data = cls._schema_on_200.system_data
+ system_data.created_at = AAZStrType(
+ serialized_name="createdAt",
+ )
+ system_data.created_by = AAZStrType(
+ serialized_name="createdBy",
+ )
+ system_data.created_by_type = AAZStrType(
+ serialized_name="createdByType",
+ )
+ system_data.last_modified_at = AAZStrType(
+ serialized_name="lastModifiedAt",
+ )
+ system_data.last_modified_by = AAZStrType(
+ serialized_name="lastModifiedBy",
+ )
+ system_data.last_modified_by_type = AAZStrType(
+ serialized_name="lastModifiedByType",
+ )
+
+ return cls._schema_on_200
+
+
+class _ShowUntitled1Helper:
+ """Helper class for ShowUntitled1"""
+
+
+__all__ = ["ShowUntitled1"]
diff --git a/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/set_definition/_update.py b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/set_definition/_update.py
new file mode 100644
index 00000000000..9cb5a6d5fee
--- /dev/null
+++ b/src/azure-cli/azure/cli/command_modules/resource/aaz/latest/policy/set_definition/_update.py
@@ -0,0 +1,927 @@
+# --------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for license information.
+#
+# Code generated by aaz-dev-tools
+# --------------------------------------------------------------------------------------------
+
+# pylint: skip-file
+# flake8: noqa
+
+from azure.cli.core.aaz import *
+
+
+class Update(AAZCommand):
+ """Update operation creates or updates a policy set definition in the given management group with the given name.
+ """
+
+ _aaz_info = {
+ "version": "2024-05-01",
+ "resources": [
+ ["mgmt-plane", "/providers/microsoft.management/managementgroups/{}/providers/microsoft.authorization/policysetdefinitions/{}", "2024-05-01"],
+ ["mgmt-plane", "/subscriptions/{}/providers/microsoft.authorization/policysetdefinitions/{}", "2024-05-01"],
+ ]
+ }
+
+ AZ_SUPPORT_GENERIC_UPDATE = True
+
+ def _handler(self, command_args):
+ super()._handler(command_args)
+ self._execute_operations()
+ return self._output()
+
+ _args_schema = None
+
+ @classmethod
+ def _build_arguments_schema(cls, *args, **kwargs):
+ if cls._args_schema is not None:
+ return cls._args_schema
+ cls._args_schema = super()._build_arguments_schema(*args, **kwargs)
+
+ # define Arg Group ""
+
+ _args_schema = cls._args_schema
+ _args_schema.management_group = AAZStrArg(
+ options=["--management-group"],
+ help="The ID of the management group.",
+ )
+ _args_schema.name = AAZStrArg(
+ options=["-n", "--name"],
+ help="The name of the policy set definition to create.",
+ required=True,
+ fmt=AAZStrArgFormat(
+ pattern="^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$",
+ ),
+ )
+ _args_schema.expand = AAZStrArg(
+ options=["--expand"],
+ help="Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'.",
+ )
+
+ # define Arg Group "Properties"
+
+ _args_schema = cls._args_schema
+ _args_schema.description = AAZStrArg(
+ options=["--description"],
+ arg_group="Properties",
+ help="The policy set definition description.",
+ nullable=True,
+ )
+ _args_schema.display_name = AAZStrArg(
+ options=["--display-name"],
+ arg_group="Properties",
+ help="The display name of the policy set definition.",
+ nullable=True,
+ )
+ _args_schema.metadata = AAZDictArg(
+ options=["--metadata"],
+ arg_group="Properties",
+ help="The policy set definition metadata. Metadata is an open ended object and is typically a collection of key value pairs.",
+ nullable=True,
+ )
+ _args_schema.params = AAZDictArg(
+ options=["-p", "--params"],
+ arg_group="Properties",
+ help="The parameter definitions for parameters used in the policy rule. The keys are the parameter names.",
+ nullable=True,
+ )
+ _args_schema.definition_groups = AAZListArg(
+ options=["--definition-groups"],
+ arg_group="Properties",
+ help="The metadata describing groups of policy definition references within the policy set definition.",
+ nullable=True,
+ )
+ _args_schema.definitions = AAZListArg(
+ options=["--definitions"],
+ arg_group="Properties",
+ help="An array of policy definition references.",
+ )
+ _args_schema.version = AAZStrArg(
+ options=["--version"],
+ arg_group="Properties",
+ help="The policy set definition version in #.#.# format.",
+ nullable=True,
+ )
+ _args_schema.versions = AAZListArg(
+ options=["--versions"],
+ arg_group="Properties",
+ help="A list of available versions for this policy set definition.",
+ nullable=True,
+ )
+
+ metadata = cls._args_schema.metadata
+ metadata.Element = AAZAnyTypeArg(
+ nullable=True,
+ )
+
+ params = cls._args_schema.params
+ params.Element = AAZObjectArg(
+ nullable=True,
+ )
+
+ _element = cls._args_schema.params.Element
+ _element.allowed_values = AAZListArg(
+ options=["allowed-values"],
+ help="The allowed values for the parameter.",
+ nullable=True,
+ )
+ _element.default_value = AAZDictArg(
+ options=["default-value"],
+ help="The default value for the parameter if no value is provided.",
+ nullable=True,
+ )
+ _element.metadata = AAZFreeFormDictArg(
+ options=["metadata"],
+ help="General metadata for the parameter.",
+ nullable=True,
+ )
+ _element.schema = AAZDictArg(
+ options=["schema"],
+ help="Provides validation of parameter inputs during assignment using a self-defined JSON schema. This property is only supported for object-type parameters and follows the Json.NET Schema 2019-09 implementation. You can learn more about using schemas at https://json-schema.org/ and test draft schemas at https://www.jsonschemavalidator.net/.",
+ nullable=True,
+ )
+ _element.type = AAZStrArg(
+ options=["type"],
+ help="The data type of the parameter.",
+ nullable=True,
+ enum={"Array": "Array", "Boolean": "Boolean", "DateTime": "DateTime", "Float": "Float", "Integer": "Integer", "Object": "Object", "String": "String"},
+ )
+
+ allowed_values = cls._args_schema.params.Element.allowed_values
+ allowed_values.Element = AAZDictArg(
+ nullable=True,
+ )
+
+ _element = cls._args_schema.params.Element.allowed_values.Element
+ _element.Element = AAZAnyTypeArg(
+ nullable=True,
+ )
+
+ default_value = cls._args_schema.params.Element.default_value
+ default_value.Element = AAZAnyTypeArg(
+ nullable=True,
+ )
+
+ schema = cls._args_schema.params.Element.schema
+ schema.Element = AAZAnyTypeArg(
+ nullable=True,
+ )
+
+ definition_groups = cls._args_schema.definition_groups
+ definition_groups.Element = AAZObjectArg(
+ nullable=True,
+ )
+
+ _element = cls._args_schema.definition_groups.Element
+ _element.additional_metadata_id = AAZStrArg(
+ options=["additional-metadata-id"],
+ help="A resource ID of a resource that contains additional metadata about the group.",
+ nullable=True,
+ )
+ _element.category = AAZStrArg(
+ options=["category"],
+ help="The group's category.",
+ nullable=True,
+ )
+ _element.description = AAZStrArg(
+ options=["description"],
+ help="The group's description.",
+ nullable=True,
+ )
+ _element.display_name = AAZStrArg(
+ options=["display-name"],
+ help="The group's display name.",
+ nullable=True,
+ )
+ _element.name = AAZStrArg(
+ options=["name"],
+ help="The name of the group.",
+ )
+
+ definitions = cls._args_schema.definitions
+ definitions.Element = AAZObjectArg(
+ nullable=True,
+ )
+
+ _element = cls._args_schema.definitions.Element
+ _element.definition_version = AAZStrArg(
+ options=["definition-version"],
+ help="The version of the policy definition to use.",
+ nullable=True,
+ )
+ _element.group_names = AAZListArg(
+ options=["group-names"],
+ help="The name of the groups that this policy definition reference belongs to.",
+ nullable=True,
+ )
+ _element.parameters = AAZDictArg(
+ options=["parameters"],
+ help="The parameter values for the referenced policy rule. The keys are the parameter names.",
+ nullable=True,
+ )
+ _element.policy_definition_id = AAZStrArg(
+ options=["policy-definition-id"],
+ help="The ID of the policy definition or policy set definition.",
+ )
+ _element.policy_definition_reference_id = AAZStrArg(
+ options=["policy-definition-reference-id"],
+ help="A unique id (within the policy set definition) for this policy definition reference.",
+ nullable=True,
+ )
+
+ group_names = cls._args_schema.definitions.Element.group_names
+ group_names.Element = AAZStrArg(
+ nullable=True,
+ )
+
+ parameters = cls._args_schema.definitions.Element.parameters
+ parameters.Element = AAZObjectArg(
+ nullable=True,
+ )
+
+ _element = cls._args_schema.definitions.Element.parameters.Element
+ _element.value = AAZDictArg(
+ options=["value"],
+ help="The value of the parameter.",
+ nullable=True,
+ )
+
+ value = cls._args_schema.definitions.Element.parameters.Element.value
+ value.Element = AAZAnyTypeArg(
+ nullable=True,
+ )
+
+ versions = cls._args_schema.versions
+ versions.Element = AAZStrArg(
+ nullable=True,
+ )
+ return cls._args_schema
+
+ def _execute_operations(self):
+ self.pre_operations()
+ condition_0 = has_value(self.ctx.args.management_group) and has_value(self.ctx.args.name)
+ condition_1 = has_value(self.ctx.args.name) and has_value(self.ctx.subscription_id)
+ condition_2 = has_value(self.ctx.args.management_group) and has_value(self.ctx.args.name)
+ condition_3 = has_value(self.ctx.args.name) and has_value(self.ctx.subscription_id)
+ if condition_0:
+ self.PolicySetDefinitionsGetAtManagementGroup(ctx=self.ctx)()
+ if condition_1:
+ self.PolicySetDefinitionsGet(ctx=self.ctx)()
+ self.pre_instance_update(self.ctx.vars.instance)
+ self.InstanceUpdateByJson(ctx=self.ctx)()
+ self.InstanceUpdateByGeneric(ctx=self.ctx)()
+ self.post_instance_update(self.ctx.vars.instance)
+ if condition_2:
+ self.PolicySetDefinitionsCreateOrUpdateAtManagementGroup(ctx=self.ctx)()
+ if condition_3:
+ self.PolicySetDefinitionsCreateOrUpdate(ctx=self.ctx)()
+ self.post_operations()
+
+ @register_callback
+ def pre_operations(self):
+ pass
+
+ @register_callback
+ def post_operations(self):
+ pass
+
+ @register_callback
+ def pre_instance_update(self, instance):
+ pass
+
+ @register_callback
+ def post_instance_update(self, instance):
+ pass
+
+ def _output(self, *args, **kwargs):
+ result = self.deserialize_output(self.ctx.vars.instance, client_flatten=True)
+ return result
+
+ class PolicySetDefinitionsGetAtManagementGroup(AAZHttpOperation):
+ CLIENT_TYPE = "MgmtClient"
+
+ def __call__(self, *args, **kwargs):
+ request = self.make_request()
+ session = self.client.send_request(request=request, stream=False, **kwargs)
+ if session.http_response.status_code in [200]:
+ return self.on_200(session)
+
+ return self.on_error(session.http_response)
+
+ @property
+ def url(self):
+ return self.client.format_url(
+ "/providers/Microsoft.Management/managementGroups/{managementGroupId}/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}",
+ **self.url_parameters
+ )
+
+ @property
+ def method(self):
+ return "GET"
+
+ @property
+ def error_format(self):
+ return "MgmtErrorFormat"
+
+ @property
+ def url_parameters(self):
+ parameters = {
+ **self.serialize_url_param(
+ "managementGroupId", self.ctx.args.management_group,
+ required=True,
+ ),
+ **self.serialize_url_param(
+ "policySetDefinitionName", self.ctx.args.name,
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def query_parameters(self):
+ parameters = {
+ **self.serialize_query_param(
+ "api-version", "2024-05-01",
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def header_parameters(self):
+ parameters = {
+ **self.serialize_header_param(
+ "Accept", "application/json",
+ ),
+ }
+ return parameters
+
+ def on_200(self, session):
+ data = self.deserialize_http_content(session)
+ self.ctx.set_var(
+ "instance",
+ data,
+ schema_builder=self._build_schema_on_200
+ )
+
+ _schema_on_200 = None
+
+ @classmethod
+ def _build_schema_on_200(cls):
+ if cls._schema_on_200 is not None:
+ return cls._schema_on_200
+
+ cls._schema_on_200 = AAZObjectType()
+ _UpdateHelper._build_schema_policy_set_definition_read(cls._schema_on_200)
+
+ return cls._schema_on_200
+
+ class PolicySetDefinitionsGet(AAZHttpOperation):
+ CLIENT_TYPE = "MgmtClient"
+
+ def __call__(self, *args, **kwargs):
+ request = self.make_request()
+ session = self.client.send_request(request=request, stream=False, **kwargs)
+ if session.http_response.status_code in [200]:
+ return self.on_200(session)
+
+ return self.on_error(session.http_response)
+
+ @property
+ def url(self):
+ return self.client.format_url(
+ "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}",
+ **self.url_parameters
+ )
+
+ @property
+ def method(self):
+ return "GET"
+
+ @property
+ def error_format(self):
+ return "MgmtErrorFormat"
+
+ @property
+ def url_parameters(self):
+ parameters = {
+ **self.serialize_url_param(
+ "policySetDefinitionName", self.ctx.args.name,
+ required=True,
+ ),
+ **self.serialize_url_param(
+ "subscriptionId", self.ctx.subscription_id,
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def query_parameters(self):
+ parameters = {
+ **self.serialize_query_param(
+ "$expand", self.ctx.args.expand,
+ ),
+ **self.serialize_query_param(
+ "api-version", "2024-05-01",
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def header_parameters(self):
+ parameters = {
+ **self.serialize_header_param(
+ "Accept", "application/json",
+ ),
+ }
+ return parameters
+
+ def on_200(self, session):
+ data = self.deserialize_http_content(session)
+ self.ctx.set_var(
+ "instance",
+ data,
+ schema_builder=self._build_schema_on_200
+ )
+
+ _schema_on_200 = None
+
+ @classmethod
+ def _build_schema_on_200(cls):
+ if cls._schema_on_200 is not None:
+ return cls._schema_on_200
+
+ cls._schema_on_200 = AAZObjectType()
+ _UpdateHelper._build_schema_policy_set_definition_read(cls._schema_on_200)
+
+ return cls._schema_on_200
+
+ class PolicySetDefinitionsCreateOrUpdateAtManagementGroup(AAZHttpOperation):
+ CLIENT_TYPE = "MgmtClient"
+
+ def __call__(self, *args, **kwargs):
+ request = self.make_request()
+ session = self.client.send_request(request=request, stream=False, **kwargs)
+ if session.http_response.status_code in [200, 201]:
+ return self.on_200_201(session)
+
+ return self.on_error(session.http_response)
+
+ @property
+ def url(self):
+ return self.client.format_url(
+ "/providers/Microsoft.Management/managementGroups/{managementGroupId}/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}",
+ **self.url_parameters
+ )
+
+ @property
+ def method(self):
+ return "PUT"
+
+ @property
+ def error_format(self):
+ return "MgmtErrorFormat"
+
+ @property
+ def url_parameters(self):
+ parameters = {
+ **self.serialize_url_param(
+ "managementGroupId", self.ctx.args.management_group,
+ required=True,
+ ),
+ **self.serialize_url_param(
+ "policySetDefinitionName", self.ctx.args.name,
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def query_parameters(self):
+ parameters = {
+ **self.serialize_query_param(
+ "api-version", "2024-05-01",
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def header_parameters(self):
+ parameters = {
+ **self.serialize_header_param(
+ "Content-Type", "application/json",
+ ),
+ **self.serialize_header_param(
+ "Accept", "application/json",
+ ),
+ }
+ return parameters
+
+ @property
+ def content(self):
+ _content_value, _builder = self.new_content_builder(
+ self.ctx.args,
+ value=self.ctx.vars.instance,
+ )
+
+ return self.serialize_content(_content_value)
+
+ def on_200_201(self, session):
+ data = self.deserialize_http_content(session)
+ self.ctx.set_var(
+ "instance",
+ data,
+ schema_builder=self._build_schema_on_200_201
+ )
+
+ _schema_on_200_201 = None
+
+ @classmethod
+ def _build_schema_on_200_201(cls):
+ if cls._schema_on_200_201 is not None:
+ return cls._schema_on_200_201
+
+ cls._schema_on_200_201 = AAZObjectType()
+ _UpdateHelper._build_schema_policy_set_definition_read(cls._schema_on_200_201)
+
+ return cls._schema_on_200_201
+
+ class PolicySetDefinitionsCreateOrUpdate(AAZHttpOperation):
+ CLIENT_TYPE = "MgmtClient"
+
+ def __call__(self, *args, **kwargs):
+ request = self.make_request()
+ session = self.client.send_request(request=request, stream=False, **kwargs)
+ if session.http_response.status_code in [200, 201]:
+ return self.on_200_201(session)
+
+ return self.on_error(session.http_response)
+
+ @property
+ def url(self):
+ return self.client.format_url(
+ "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}",
+ **self.url_parameters
+ )
+
+ @property
+ def method(self):
+ return "PUT"
+
+ @property
+ def error_format(self):
+ return "MgmtErrorFormat"
+
+ @property
+ def url_parameters(self):
+ parameters = {
+ **self.serialize_url_param(
+ "policySetDefinitionName", self.ctx.args.name,
+ required=True,
+ ),
+ **self.serialize_url_param(
+ "subscriptionId", self.ctx.subscription_id,
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def query_parameters(self):
+ parameters = {
+ **self.serialize_query_param(
+ "api-version", "2024-05-01",
+ required=True,
+ ),
+ }
+ return parameters
+
+ @property
+ def header_parameters(self):
+ parameters = {
+ **self.serialize_header_param(
+ "Content-Type", "application/json",
+ ),
+ **self.serialize_header_param(
+ "Accept", "application/json",
+ ),
+ }
+ return parameters
+
+ @property
+ def content(self):
+ _content_value, _builder = self.new_content_builder(
+ self.ctx.args,
+ value=self.ctx.vars.instance,
+ )
+
+ return self.serialize_content(_content_value)
+
+ def on_200_201(self, session):
+ data = self.deserialize_http_content(session)
+ self.ctx.set_var(
+ "instance",
+ data,
+ schema_builder=self._build_schema_on_200_201
+ )
+
+ _schema_on_200_201 = None
+
+ @classmethod
+ def _build_schema_on_200_201(cls):
+ if cls._schema_on_200_201 is not None:
+ return cls._schema_on_200_201
+
+ cls._schema_on_200_201 = AAZObjectType()
+ _UpdateHelper._build_schema_policy_set_definition_read(cls._schema_on_200_201)
+
+ return cls._schema_on_200_201
+
+ class InstanceUpdateByJson(AAZJsonInstanceUpdateOperation):
+
+ def __call__(self, *args, **kwargs):
+ self._update_instance(self.ctx.vars.instance)
+
+ def _update_instance(self, instance):
+ _instance_value, _builder = self.new_content_builder(
+ self.ctx.args,
+ value=instance,
+ typ=AAZObjectType
+ )
+ _builder.set_prop("properties", AAZObjectType, typ_kwargs={"flags": {"client_flatten": True}})
+
+ properties = _builder.get(".properties")
+ if properties is not None:
+ properties.set_prop("description", AAZStrType, ".description")
+ properties.set_prop("displayName", AAZStrType, ".display_name")
+ properties.set_prop("metadata", AAZDictType, ".metadata")
+ properties.set_prop("parameters", AAZDictType, ".params")
+ properties.set_prop("policyDefinitionGroups", AAZListType, ".definition_groups")
+ properties.set_prop("policyDefinitions", AAZListType, ".definitions", typ_kwargs={"flags": {"required": True}})
+ properties.set_prop("version", AAZStrType, ".version")
+ properties.set_prop("versions", AAZListType, ".versions")
+
+ metadata = _builder.get(".properties.metadata")
+ if metadata is not None:
+ metadata.set_elements(AAZAnyType, ".")
+
+ parameters = _builder.get(".properties.parameters")
+ if parameters is not None:
+ parameters.set_elements(AAZObjectType, ".")
+
+ _elements = _builder.get(".properties.parameters{}")
+ if _elements is not None:
+ _elements.set_prop("allowedValues", AAZListType, ".allowed_values")
+ _elements.set_prop("defaultValue", AAZDictType, ".default_value")
+ _elements.set_prop("metadata", AAZFreeFormDictType, ".metadata")
+ _elements.set_prop("schema", AAZDictType, ".schema")
+ _elements.set_prop("type", AAZStrType, ".type")
+
+ allowed_values = _builder.get(".properties.parameters{}.allowedValues")
+ if allowed_values is not None:
+ allowed_values.set_elements(AAZDictType, ".")
+
+ _elements = _builder.get(".properties.parameters{}.allowedValues[]")
+ if _elements is not None:
+ _elements.set_elements(AAZAnyType, ".")
+
+ default_value = _builder.get(".properties.parameters{}.defaultValue")
+ if default_value is not None:
+ default_value.set_elements(AAZAnyType, ".")
+
+ metadata = _builder.get(".properties.parameters{}.metadata")
+ if metadata is not None:
+ metadata.set_anytype_elements(".")
+
+ schema = _builder.get(".properties.parameters{}.schema")
+ if schema is not None:
+ schema.set_elements(AAZAnyType, ".")
+
+ policy_definition_groups = _builder.get(".properties.policyDefinitionGroups")
+ if policy_definition_groups is not None:
+ policy_definition_groups.set_elements(AAZObjectType, ".")
+
+ _elements = _builder.get(".properties.policyDefinitionGroups[]")
+ if _elements is not None:
+ _elements.set_prop("additionalMetadataId", AAZStrType, ".additional_metadata_id")
+ _elements.set_prop("category", AAZStrType, ".category")
+ _elements.set_prop("description", AAZStrType, ".description")
+ _elements.set_prop("displayName", AAZStrType, ".display_name")
+ _elements.set_prop("name", AAZStrType, ".name", typ_kwargs={"flags": {"required": True}})
+
+ policy_definitions = _builder.get(".properties.policyDefinitions")
+ if policy_definitions is not None:
+ policy_definitions.set_elements(AAZObjectType, ".")
+
+ _elements = _builder.get(".properties.policyDefinitions[]")
+ if _elements is not None:
+ _elements.set_prop("definitionVersion", AAZStrType, ".definition_version")
+ _elements.set_prop("groupNames", AAZListType, ".group_names")
+ _elements.set_prop("parameters", AAZDictType, ".parameters")
+ _elements.set_prop("policyDefinitionId", AAZStrType, ".policy_definition_id", typ_kwargs={"flags": {"required": True}})
+ _elements.set_prop("policyDefinitionReferenceId", AAZStrType, ".policy_definition_reference_id")
+
+ group_names = _builder.get(".properties.policyDefinitions[].groupNames")
+ if group_names is not None:
+ group_names.set_elements(AAZStrType, ".")
+
+ parameters = _builder.get(".properties.policyDefinitions[].parameters")
+ if parameters is not None:
+ parameters.set_elements(AAZObjectType, ".")
+
+ _elements = _builder.get(".properties.policyDefinitions[].parameters{}")
+ if _elements is not None:
+ _elements.set_prop("value", AAZDictType, ".value")
+
+ value = _builder.get(".properties.policyDefinitions[].parameters{}.value")
+ if value is not None:
+ value.set_elements(AAZAnyType, ".")
+
+ versions = _builder.get(".properties.versions")
+ if versions is not None:
+ versions.set_elements(AAZStrType, ".")
+
+ return _instance_value
+
+ class InstanceUpdateByGeneric(AAZGenericInstanceUpdateOperation):
+
+ def __call__(self, *args, **kwargs):
+ self._update_instance_by_generic(
+ self.ctx.vars.instance,
+ self.ctx.generic_update_args
+ )
+
+
+class _UpdateHelper:
+ """Helper class for Update"""
+
+ _schema_policy_set_definition_read = None
+
+ @classmethod
+ def _build_schema_policy_set_definition_read(cls, _schema):
+ if cls._schema_policy_set_definition_read is not None:
+ _schema.id = cls._schema_policy_set_definition_read.id
+ _schema.name = cls._schema_policy_set_definition_read.name
+ _schema.properties = cls._schema_policy_set_definition_read.properties
+ _schema.system_data = cls._schema_policy_set_definition_read.system_data
+ _schema.type = cls._schema_policy_set_definition_read.type
+ return
+
+ cls._schema_policy_set_definition_read = _schema_policy_set_definition_read = AAZObjectType()
+
+ policy_set_definition_read = _schema_policy_set_definition_read
+ policy_set_definition_read.id = AAZStrType(
+ flags={"read_only": True},
+ )
+ policy_set_definition_read.name = AAZStrType(
+ flags={"read_only": True},
+ )
+ policy_set_definition_read.properties = AAZObjectType(
+ flags={"client_flatten": True},
+ )
+ policy_set_definition_read.system_data = AAZObjectType(
+ serialized_name="systemData",
+ flags={"read_only": True},
+ )
+ policy_set_definition_read.type = AAZStrType(
+ flags={"read_only": True},
+ )
+
+ properties = _schema_policy_set_definition_read.properties
+ properties.description = AAZStrType()
+ properties.display_name = AAZStrType(
+ serialized_name="displayName",
+ )
+ properties.metadata = AAZDictType()
+ properties.parameters = AAZDictType()
+ properties.policy_definition_groups = AAZListType(
+ serialized_name="policyDefinitionGroups",
+ )
+ properties.policy_definitions = AAZListType(
+ serialized_name="policyDefinitions",
+ flags={"required": True},
+ )
+ properties.policy_type = AAZStrType(
+ serialized_name="policyType",
+ )
+ properties.version = AAZStrType()
+ properties.versions = AAZListType()
+
+ metadata = _schema_policy_set_definition_read.properties.metadata
+ metadata.Element = AAZAnyType()
+
+ parameters = _schema_policy_set_definition_read.properties.parameters
+ parameters.Element = AAZObjectType()
+
+ _element = _schema_policy_set_definition_read.properties.parameters.Element
+ _element.allowed_values = AAZListType(
+ serialized_name="allowedValues",
+ )
+ _element.default_value = AAZDictType(
+ serialized_name="defaultValue",
+ )
+ _element.metadata = AAZFreeFormDictType()
+ _element.schema = AAZDictType()
+ _element.type = AAZStrType()
+
+ allowed_values = _schema_policy_set_definition_read.properties.parameters.Element.allowed_values
+ allowed_values.Element = AAZDictType()
+
+ _element = _schema_policy_set_definition_read.properties.parameters.Element.allowed_values.Element
+ _element.Element = AAZAnyType()
+
+ default_value = _schema_policy_set_definition_read.properties.parameters.Element.default_value
+ default_value.Element = AAZAnyType()
+
+ schema = _schema_policy_set_definition_read.properties.parameters.Element.schema
+ schema.Element = AAZAnyType()
+
+ policy_definition_groups = _schema_policy_set_definition_read.properties.policy_definition_groups
+ policy_definition_groups.Element = AAZObjectType()
+
+ _element = _schema_policy_set_definition_read.properties.policy_definition_groups.Element
+ _element.additional_metadata_id = AAZStrType(
+ serialized_name="additionalMetadataId",
+ )
+ _element.category = AAZStrType()
+ _element.description = AAZStrType()
+ _element.display_name = AAZStrType(
+ serialized_name="displayName",
+ )
+ _element.name = AAZStrType(
+ flags={"required": True},
+ )
+
+ policy_definitions = _schema_policy_set_definition_read.properties.policy_definitions
+ policy_definitions.Element = AAZObjectType()
+
+ _element = _schema_policy_set_definition_read.properties.policy_definitions.Element
+ _element.definition_version = AAZStrType(
+ serialized_name="definitionVersion",
+ )
+ _element.effective_definition_version = AAZStrType(
+ serialized_name="effectiveDefinitionVersion",
+ flags={"read_only": True},
+ )
+ _element.group_names = AAZListType(
+ serialized_name="groupNames",
+ )
+ _element.latest_definition_version = AAZStrType(
+ serialized_name="latestDefinitionVersion",
+ flags={"read_only": True},
+ )
+ _element.parameters = AAZDictType()
+ _element.policy_definition_id = AAZStrType(
+ serialized_name="policyDefinitionId",
+ flags={"required": True},
+ )
+ _element.policy_definition_reference_id = AAZStrType(
+ serialized_name="policyDefinitionReferenceId",
+ )
+
+ group_names = _schema_policy_set_definition_read.properties.policy_definitions.Element.group_names
+ group_names.Element = AAZStrType()
+
+ parameters = _schema_policy_set_definition_read.properties.policy_definitions.Element.parameters
+ parameters.Element = AAZObjectType()
+
+ _element = _schema_policy_set_definition_read.properties.policy_definitions.Element.parameters.Element
+ _element.value = AAZDictType()
+
+ value = _schema_policy_set_definition_read.properties.policy_definitions.Element.parameters.Element.value
+ value.Element = AAZAnyType()
+
+ versions = _schema_policy_set_definition_read.properties.versions
+ versions.Element = AAZStrType()
+
+ system_data = _schema_policy_set_definition_read.system_data
+ system_data.created_at = AAZStrType(
+ serialized_name="createdAt",
+ )
+ system_data.created_by = AAZStrType(
+ serialized_name="createdBy",
+ )
+ system_data.created_by_type = AAZStrType(
+ serialized_name="createdByType",
+ )
+ system_data.last_modified_at = AAZStrType(
+ serialized_name="lastModifiedAt",
+ )
+ system_data.last_modified_by = AAZStrType(
+ serialized_name="lastModifiedBy",
+ )
+ system_data.last_modified_by_type = AAZStrType(
+ serialized_name="lastModifiedByType",
+ )
+
+ _schema.id = cls._schema_policy_set_definition_read.id
+ _schema.name = cls._schema_policy_set_definition_read.name
+ _schema.properties = cls._schema_policy_set_definition_read.properties
+ _schema.system_data = cls._schema_policy_set_definition_read.system_data
+ _schema.type = cls._schema_policy_set_definition_read.type
+
+
+__all__ = ["Update"]
diff --git a/src/azure-cli/azure/cli/command_modules/resource/commands.py b/src/azure-cli/azure/cli/command_modules/resource/commands.py
index c190d24355b..4426decbdbc 100644
--- a/src/azure-cli/azure/cli/command_modules/resource/commands.py
+++ b/src/azure-cli/azure/cli/command_modules/resource/commands.py
@@ -15,7 +15,9 @@
from azure.cli.core.commands.arm import handle_template_based_exception
from azure.cli.command_modules.resource._client_factory import (
cf_resource_groups, cf_providers, cf_features, cf_feature_registrations, cf_tags, cf_deployments,
- cf_deployment_operations, cf_policy_definitions, cf_policy_set_definitions, cf_policy_exemptions, cf_resource_links, cf_resource_deploymentstacks,
+ cf_deployment_operations,
+ #cf_policy_definitions, cf_policy_set_definitions, cf_policy_exemptions,
+ cf_resource_links, cf_resource_deploymentstacks,
cf_resource_deploymentscripts, cf_resource_managedapplications, cf_resource_managedappdefinitions, cf_management_groups, cf_management_groups_mixin, cf_management_group_subscriptions, cf_management_group_entities, cf_hierarchy_settings, cf_resource_templatespecs, cf_resource_resourcemanagementprivatelinks, cf_resource_privatelinkassociations)
from azure.cli.command_modules.resource._validators import (
process_deployment_create_namespace, process_ts_create_or_update_namespace, _validate_template_spec, _validate_template_spec_out,
@@ -169,23 +171,43 @@ def load_command_table(self, _):
resource_type=ResourceType.MGMT_RESOURCE_RESOURCES
)
- resource_policy_definitions_sdk = CliCommandType(
- operations_tmpl='azure.mgmt.resource.policy.operations#PolicyDefinitionsOperations.{}',
- client_factory=cf_policy_definitions,
- resource_type=ResourceType.MGMT_RESOURCE_POLICY
- )
+ with self.command_group('policy definition'):
+ from .policy import PolicyDefinitionsCreate
+ self.command_table['policy definition create'] = PolicyDefinitionsCreate(loader=self)
- resource_policy_set_definitions_sdk = CliCommandType(
- operations_tmpl='azure.mgmt.resource.policy.operations#PolicySetDefinitionsOperations.{}',
- client_factory=cf_policy_set_definitions,
- resource_type=ResourceType.MGMT_RESOURCE_POLICY
- )
+ with self.command_group('policy definition'):
+ from .policy import PolicyDefinitionsDelete
+ self.command_table['policy definition delete'] = PolicyDefinitionsDelete(loader=self)
- resource_policy_exemptions_sdk = CliCommandType(
- operations_tmpl='azure.mgmt.resource.policy.operations#PolicyExemptionsOperations.{}',
- client_factory=cf_policy_exemptions,
- resource_type=ResourceType.MGMT_RESOURCE_POLICY
- )
+ with self.command_group('policy definition'):
+ from .policy import PolicyDefinitionsList
+ self.command_table['policy definition list'] = PolicyDefinitionsList(loader=self)
+
+ with self.command_group('policy definition'):
+ from .policy import PolicyDefinitionsShow
+ self.command_table['policy definition show'] = PolicyDefinitionsShow(loader=self)
+
+ with self.command_group('policy definition'):
+ from .policy import PolicyDefinitionsUpdate
+ self.command_table['policy definition update'] = PolicyDefinitionsUpdate(loader=self)
+
+ # resource_policy_definitions_sdk = CliCommandType(
+ # operations_tmpl='azure.mgmt.resource.policy.operations#PolicyDefinitionsOperations.{}',
+ # client_factory=cf_policy_definitions,
+ # resource_type=ResourceType.MGMT_RESOURCE_POLICY
+ # )
+
+ # resource_policy_set_definitions_sdk = CliCommandType(
+ # operations_tmpl='azure.mgmt.resource.policy.operations#PolicySetDefinitionsOperations.{}',
+ # client_factory=cf_policy_set_definitions,
+ # resource_type=ResourceType.MGMT_RESOURCE_POLICY
+ # )
+
+ # resource_policy_exemptions_sdk = CliCommandType(
+ # operations_tmpl='azure.mgmt.resource.policy.operations#PolicyExemptionsOperations.{}',
+ # client_factory=cf_policy_exemptions,
+ # resource_type=ResourceType.MGMT_RESOURCE_POLICY
+ # )
resource_lock_sdk = CliCommandType(
operations_tmpl='azure.mgmt.resource.locks.operations#ManagementLocksOperations.{}',
@@ -501,49 +523,49 @@ def load_command_table(self, _):
# in ResourceCommandsLoader, so the default "operation_group" cannot be specified in the commandsLoader,
# the "operation_group" needs to be explicitly specified for "MGMT_RESOURCE_POLICY".
- with self.command_group('policy assignment',
- operation_group='policy_assignments', resource_type=ResourceType.MGMT_RESOURCE_POLICY) as g:
- g.custom_command('create', 'create_policy_assignment', validator=process_assignment_create_namespace)
- g.custom_command('delete', 'delete_policy_assignment')
- g.custom_command('list', 'list_policy_assignment')
- g.custom_show_command('show', 'show_policy_assignment')
- g.custom_command('update', 'update_policy_assignment')
-
- with self.command_group('policy assignment identity',
- operation_group='policy_assignments', resource_type=ResourceType.MGMT_RESOURCE_POLICY, min_api='2018-05-01') as g:
- g.custom_command('assign', 'set_identity', validator=process_assign_identity_namespace, min_api='2021-06-01')
- g.custom_show_command('show', 'show_identity')
- g.custom_command('remove', 'remove_identity')
-
- with self.command_group('policy assignment non-compliance-message',
- operation_group='policy_assignments', resource_type=ResourceType.MGMT_RESOURCE_POLICY, min_api='2020-09-01') as g:
- g.custom_command('create', 'create_policy_non_compliance_message')
- g.custom_command('list', 'list_policy_non_compliance_message')
- g.custom_command('delete', 'delete_policy_non_compliance_message')
-
- with self.command_group('policy definition', resource_policy_definitions_sdk,
- operation_group='policy_definitions', resource_type=ResourceType.MGMT_RESOURCE_POLICY) as g:
- g.custom_command('create', 'create_policy_definition')
- g.custom_command('delete', 'delete_policy_definition')
- g.custom_command('list', 'list_policy_definition')
- g.custom_show_command('show', 'get_policy_definition')
- g.custom_command('update', 'update_policy_definition')
-
- with self.command_group('policy set-definition', resource_policy_set_definitions_sdk,
- operation_group='policy_set_definitions', resource_type=ResourceType.MGMT_RESOURCE_POLICY, min_api='2017-06-01-preview') as g:
- g.custom_command('create', 'create_policy_setdefinition')
- g.custom_command('delete', 'delete_policy_setdefinition')
- g.custom_command('list', 'list_policy_setdefinition')
- g.custom_show_command('show', 'get_policy_setdefinition')
- g.custom_command('update', 'update_policy_setdefinition')
-
- with self.command_group('policy exemption', resource_policy_exemptions_sdk, is_preview=True,
- operation_group='policy_exemptions', resource_type=ResourceType.MGMT_RESOURCE_POLICY, min_api='2020-07-01-preview') as g:
- g.custom_command('create', 'create_policy_exemption')
- g.custom_command('delete', 'delete_policy_exemption')
- g.custom_command('list', 'list_policy_exemption')
- g.custom_show_command('show', 'get_policy_exemption')
- g.custom_command('update', 'update_policy_exemption')
+ # with self.command_group('policy assignment',
+ # operation_group='policy_assignments', resource_type=ResourceType.MGMT_RESOURCE_POLICY) as g:
+ # g.custom_command('create', 'create_policy_assignment', validator=process_assignment_create_namespace)
+ # g.custom_command('delete', 'delete_policy_assignment')
+ # g.custom_command('list', 'list_policy_assignment')
+ # g.custom_show_command('show', 'show_policy_assignment')
+ # g.custom_command('update', 'update_policy_assignment')
+
+ # with self.command_group('policy assignment identity',
+ # operation_group='policy_assignments', resource_type=ResourceType.MGMT_RESOURCE_POLICY, min_api='2018-05-01') as g:
+ # g.custom_command('assign', 'set_identity', validator=process_assign_identity_namespace, min_api='2021-06-01')
+ # g.custom_show_command('show', 'show_identity')
+ # g.custom_command('remove', 'remove_identity')
+
+ # with self.command_group('policy assignment non-compliance-message',
+ # operation_group='policy_assignments', resource_type=ResourceType.MGMT_RESOURCE_POLICY, min_api='2020-09-01') as g:
+ # g.custom_command('create', 'create_policy_non_compliance_message')
+ # g.custom_command('list', 'list_policy_non_compliance_message')
+ # g.custom_command('delete', 'delete_policy_non_compliance_message')
+
+ # with self.command_group('policy definition', resource_policy_definitions_sdk,
+ # operation_group='policy_definitions', resource_type=ResourceType.MGMT_RESOURCE_POLICY) as g:
+ # g.custom_command('create', 'create_policy_definition')
+ # g.custom_command('delete', 'delete_policy_definition')
+ # g.custom_command('list', 'list_policy_definition')
+ # g.custom_show_command('show', 'get_policy_definition')
+ # g.custom_command('update', 'update_policy_definition')
+
+ # with self.command_group('policy set-definition', resource_policy_set_definitions_sdk,
+ # operation_group='policy_set_definitions', resource_type=ResourceType.MGMT_RESOURCE_POLICY, min_api='2017-06-01-preview') as g:
+ # g.custom_command('create', 'create_policy_setdefinition')
+ # g.custom_command('delete', 'delete_policy_setdefinition')
+ # g.custom_command('list', 'list_policy_setdefinition')
+ # g.custom_show_command('show', 'get_policy_setdefinition')
+ # g.custom_command('update', 'update_policy_setdefinition')
+
+ # with self.command_group('policy exemption', resource_policy_exemptions_sdk, is_preview=True,
+ # operation_group='policy_exemptions', resource_type=ResourceType.MGMT_RESOURCE_POLICY, min_api='2020-07-01-preview') as g:
+ # g.custom_command('create', 'create_policy_exemption')
+ # g.custom_command('delete', 'delete_policy_exemption')
+ # g.custom_command('list', 'list_policy_exemption')
+ # g.custom_show_command('show', 'get_policy_exemption')
+ # g.custom_command('update', 'update_policy_exemption')
with self.command_group('lock', resource_type=ResourceType.MGMT_RESOURCE_LOCKS) as g:
g.custom_command('create', 'create_lock')
diff --git a/src/azure-cli/azure/cli/command_modules/resource/custom.py b/src/azure-cli/azure/cli/command_modules/resource/custom.py
index f9fe478724e..44d24c89392 100644
--- a/src/azure-cli/azure/cli/command_modules/resource/custom.py
+++ b/src/azure-cli/azure/cli/command_modules/resource/custom.py
@@ -31,7 +31,9 @@
from azure.cli.core.profiles import ResourceType, get_sdk, get_api_version, AZURE_API_PROFILES
from azure.cli.command_modules.resource._client_factory import (
- _resource_client_factory, _resource_policy_client_factory, _resource_lock_client_factory,
+ _resource_client_factory,
+ #_resource_policy_client_factory,
+ _resource_lock_client_factory,
_resource_links_client_factory, _resource_deploymentscripts_client_factory, _resource_deploymentstacks_client_factory, _authorization_management_client, _resource_managedapps_client_factory, _resource_templatespecs_client_factory, _resource_privatelinks_client_factory)
from azure.cli.command_modules.resource._validators import _parse_lock_id
from azure.cli.command_modules.resource.parameters import StacksActionOnUnmanage
@@ -1487,7 +1489,7 @@ def _update_provider(cmd, namespace, registering, wait, properties=None, mg_id=N
msg_template = '%s is still on-going. You can monitor using \'az provider show -n %s\''
logger.warning(msg_template, action, namespace)
-
+# Policy helper functions
def _build_policy_scope(subscription_id, resource_group_name, scope):
subscription_scope = '/subscriptions/' + subscription_id
if scope:
@@ -1577,6 +1579,7 @@ def _load_file_string_or_uri(file_or_string_or_uri, name, required=True):
if os.path.exists(file_or_string_or_uri):
return get_file_json(file_or_string_or_uri)
return shell_safe_json_parse(file_or_string_or_uri)
+# end of Policy helper functions
def _call_subscription_get(cmd, lock_client, *args):
@@ -3191,65 +3194,65 @@ def delete_feature_registration(client, resource_provider_namespace, feature_nam
# pylint: disable=inconsistent-return-statements,too-many-locals
-def create_policy_assignment(cmd, policy=None, policy_set_definition=None,
- name=None, display_name=None, params=None,
- resource_group_name=None, scope=None, sku=None,
- not_scopes=None, location=None, assign_identity=None,
- mi_system_assigned=None, mi_user_assigned=None,
- identity_scope=None, identity_role='Contributor', enforcement_mode='Default',
- description=None):
- """Creates a policy assignment
- :param not_scopes: Space-separated scopes where the policy assignment does not apply.
- """
- if bool(policy) == bool(policy_set_definition):
- raise ArgumentUsageError('usage error: --policy NAME_OR_ID | '
- '--policy-set-definition NAME_OR_ID')
- policy_client = _resource_policy_client_factory(cmd.cli_ctx)
- subscription_id = get_subscription_id(cmd.cli_ctx)
- scope = _build_policy_scope(subscription_id, resource_group_name, scope)
- policy_id = _resolve_policy_id(cmd, policy, policy_set_definition, policy_client)
- params = _load_file_string_or_uri(params, 'params', False)
-
- PolicyAssignment = cmd.get_models('PolicyAssignment')
- assignment = PolicyAssignment(display_name=display_name, policy_definition_id=policy_id, scope=scope, enforcement_mode=enforcement_mode, description=description)
- assignment.parameters = params if params else None
-
- if cmd.supported_api_version(min_api='2017-06-01-preview'):
- if not_scopes:
- kwargs_list = []
- for id_arg in not_scopes.split(' '):
- id_parts = parse_resource_id(id_arg)
- if id_parts.get('subscription') or _is_management_group_scope(id_arg):
- kwargs_list.append(id_arg)
- else:
- raise InvalidArgumentValueError("Invalid resource ID value in --not-scopes: '%s'" % id_arg)
- assignment.not_scopes = kwargs_list
-
- identities = None
- if cmd.supported_api_version(min_api='2018-05-01'):
- if location:
- assignment.location = location
- if mi_system_assigned is not None or assign_identity is not None:
- identities = [MSI_LOCAL_ID]
- elif mi_user_assigned is not None:
- identities = [mi_user_assigned]
-
- identity = None
- if identities is not None:
- identity = _build_identities_info(cmd, identities, resource_group_name)
- assignment.identity = identity
-
- if name is None:
- name = (base64.urlsafe_b64encode(uuid.uuid4().bytes).decode())[:-2]
-
- createdAssignment = policy_client.policy_assignments.create(scope, name, assignment)
-
- # Create the identity's role assignment if requested
- if identities is not None and identity_scope:
- from azure.cli.core.commands.arm import assign_identity as _assign_identity_helper
- _assign_identity_helper(cmd.cli_ctx, lambda: createdAssignment, lambda resource: createdAssignment, identity_role, identity_scope)
-
- return createdAssignment
+# def create_policy_assignment(cmd, policy=None, policy_set_definition=None,
+# name=None, display_name=None, params=None,
+# resource_group_name=None, scope=None, sku=None,
+# not_scopes=None, location=None, assign_identity=None,
+# mi_system_assigned=None, mi_user_assigned=None,
+# identity_scope=None, identity_role='Contributor', enforcement_mode='Default',
+# description=None):
+# """Creates a policy assignment
+# :param not_scopes: Space-separated scopes where the policy assignment does not apply.
+# """
+# if bool(policy) == bool(policy_set_definition):
+# raise ArgumentUsageError('usage error: --policy NAME_OR_ID | '
+# '--policy-set-definition NAME_OR_ID')
+# policy_client = _resource_policy_client_factory(cmd.cli_ctx)
+# subscription_id = get_subscription_id(cmd.cli_ctx)
+# scope = _build_policy_scope(subscription_id, resource_group_name, scope)
+# policy_id = _resolve_policy_id(cmd, policy, policy_set_definition, policy_client)
+# params = _load_file_string_or_uri(params, 'params', False)
+
+# PolicyAssignment = cmd.get_models('PolicyAssignment')
+# assignment = PolicyAssignment(display_name=display_name, policy_definition_id=policy_id, scope=scope, enforcement_mode=enforcement_mode, description=description)
+# assignment.parameters = params if params else None
+
+# if cmd.supported_api_version(min_api='2017-06-01-preview'):
+# if not_scopes:
+# kwargs_list = []
+# for id_arg in not_scopes.split(' '):
+# id_parts = parse_resource_id(id_arg)
+# if id_parts.get('subscription') or _is_management_group_scope(id_arg):
+# kwargs_list.append(id_arg)
+# else:
+# raise InvalidArgumentValueError("Invalid resource ID value in --not-scopes: '%s'" % id_arg)
+# assignment.not_scopes = kwargs_list
+
+# identities = None
+# if cmd.supported_api_version(min_api='2018-05-01'):
+# if location:
+# assignment.location = location
+# if mi_system_assigned is not None or assign_identity is not None:
+# identities = [MSI_LOCAL_ID]
+# elif mi_user_assigned is not None:
+# identities = [mi_user_assigned]
+
+# identity = None
+# if identities is not None:
+# identity = _build_identities_info(cmd, identities, resource_group_name)
+# assignment.identity = identity
+
+# if name is None:
+# name = (base64.urlsafe_b64encode(uuid.uuid4().bytes).decode())[:-2]
+
+# createdAssignment = policy_client.policy_assignments.create(scope, name, assignment)
+
+# # Create the identity's role assignment if requested
+# if identities is not None and identity_scope:
+# from azure.cli.core.commands.arm import assign_identity as _assign_identity_helper
+# _assign_identity_helper(cmd.cli_ctx, lambda: createdAssignment, lambda resource: createdAssignment, identity_role, identity_scope)
+
+# return createdAssignment
def _get_resource_id(cli_ctx, val, resource_group, resource_type, resource_namespace):
@@ -3289,482 +3292,482 @@ def _build_identities_info(cmd, identities, resourceGroupName):
return ResourceIdentity(type=identity_type)
-def update_policy_assignment(cmd, name=None, display_name=None, params=None,
- resource_group_name=None, scope=None, sku=None,
- not_scopes=None, enforcement_mode=None, description=None):
- """Updates a policy assignment
- :param not_scopes: Space-separated scopes where the policy assignment does not apply.
- """
- policy_client = _resource_policy_client_factory(cmd.cli_ctx)
- subscription_id = get_subscription_id(cmd.cli_ctx)
- scope = _build_policy_scope(subscription_id, resource_group_name, scope)
- params = _load_file_string_or_uri(params, 'params', False)
-
- existing_assignment = policy_client.policy_assignments.get(scope, name)
- PolicyAssignment = cmd.get_models('PolicyAssignment')
- assignment = PolicyAssignment(
- display_name=display_name if display_name is not None else existing_assignment.display_name,
- policy_definition_id=existing_assignment.policy_definition_id,
- scope=existing_assignment.scope,
- enforcement_mode=enforcement_mode if enforcement_mode is not None else existing_assignment.enforcement_mode,
- metadata=existing_assignment.metadata,
- parameters=params if params is not None else existing_assignment.parameters,
- description=description if description is not None else existing_assignment.description)
-
- if cmd.supported_api_version(min_api='2017-06-01-preview'):
- kwargs_list = existing_assignment.not_scopes
- if not_scopes:
- kwargs_list = []
- for id_arg in not_scopes.split(' '):
- id_parts = parse_resource_id(id_arg)
- if id_parts.get('subscription') or _is_management_group_scope(id_arg):
- kwargs_list.append(id_arg)
- else:
- raise InvalidArgumentValueError("Invalid resource ID value in --not-scopes: '%s'" % id_arg)
- assignment.not_scopes = kwargs_list
-
- if cmd.supported_api_version(min_api='2018-05-01'):
- assignment.location = existing_assignment.location
- assignment.identity = existing_assignment.identity
-
- if cmd.supported_api_version(min_api='2020-09-01'):
- assignment.non_compliance_messages = existing_assignment.non_compliance_messages
-
- return policy_client.policy_assignments.create(scope, name, assignment)
-
-
-def delete_policy_assignment(cmd, name, resource_group_name=None, scope=None):
- policy_client = _resource_policy_client_factory(cmd.cli_ctx)
- subscription_id = get_subscription_id(cmd.cli_ctx)
- scope = _build_policy_scope(subscription_id, resource_group_name, scope)
- policy_client.policy_assignments.delete(scope, name)
-
-
-def show_policy_assignment(cmd, name, resource_group_name=None, scope=None):
- policy_client = _resource_policy_client_factory(cmd.cli_ctx)
- subscription_id = get_subscription_id(cmd.cli_ctx)
- scope = _build_policy_scope(subscription_id, resource_group_name, scope)
- return policy_client.policy_assignments.get(scope, name)
-
-
-def list_policy_assignment(cmd, disable_scope_strict_match=None, resource_group_name=None, scope=None):
- policy_client = _resource_policy_client_factory(cmd.cli_ctx)
- _scope = _build_policy_scope(get_subscription_id(cmd.cli_ctx),
- resource_group_name, scope)
- id_parts = parse_resource_id(_scope)
- subscription = id_parts.get('subscription')
- resource_group = id_parts.get('resource_group')
- resource_type = id_parts.get('child_type_1') or id_parts.get('type')
- resource_name = id_parts.get('child_name_1') or id_parts.get('name')
- management_group = _parse_management_group_id(scope)
-
- if management_group:
- result = policy_client.policy_assignments.list_for_management_group(management_group_id=management_group, filter='atScope()')
- elif all([resource_type, resource_group, subscription]):
- namespace = id_parts.get('namespace')
- parent_resource_path = '' if not id_parts.get('child_name_1') else (id_parts['type'] + '/' + id_parts['name'])
- result = policy_client.policy_assignments.list_for_resource(
- resource_group, namespace,
- parent_resource_path, resource_type, resource_name)
- elif resource_group:
- result = policy_client.policy_assignments.list_for_resource_group(resource_group)
- elif subscription:
- result = policy_client.policy_assignments.list()
- elif scope:
- raise InvalidArgumentValueError('usage error `--scope`: must be a fully qualified ARM ID.')
- else:
- raise ArgumentUsageError('usage error: --scope ARM_ID | --resource-group NAME')
-
- if not disable_scope_strict_match:
- result = [i for i in result if _scope.lower().strip('/') == i.scope.lower().strip('/')]
-
- return result
-
-
-def list_policy_non_compliance_message(cmd, name, scope=None, resource_group_name=None):
- policy_client = _resource_policy_client_factory(cmd.cli_ctx)
- subscription_id = get_subscription_id(cmd.cli_ctx)
- scope = _build_policy_scope(subscription_id, resource_group_name, scope)
- return policy_client.policy_assignments.get(scope, name).non_compliance_messages
-
-
-def create_policy_non_compliance_message(cmd, name, message, scope=None, resource_group_name=None,
- policy_definition_reference_id=None):
- policy_client = _resource_policy_client_factory(cmd.cli_ctx)
- subscription_id = get_subscription_id(cmd.cli_ctx)
- scope = _build_policy_scope(subscription_id, resource_group_name, scope)
-
- assignment = policy_client.policy_assignments.get(scope, name)
-
- NonComplianceMessage = cmd.get_models('NonComplianceMessage')
- created_message = NonComplianceMessage(message=message, policy_definition_reference_id=policy_definition_reference_id)
- if not assignment.non_compliance_messages:
- assignment.non_compliance_messages = []
- assignment.non_compliance_messages.append(created_message)
-
- return policy_client.policy_assignments.create(scope, name, assignment).non_compliance_messages
+# def update_policy_assignment(cmd, name=None, display_name=None, params=None,
+# resource_group_name=None, scope=None, sku=None,
+# not_scopes=None, enforcement_mode=None, description=None):
+# """Updates a policy assignment
+# :param not_scopes: Space-separated scopes where the policy assignment does not apply.
+# """
+# policy_client = _resource_policy_client_factory(cmd.cli_ctx)
+# subscription_id = get_subscription_id(cmd.cli_ctx)
+# scope = _build_policy_scope(subscription_id, resource_group_name, scope)
+# params = _load_file_string_or_uri(params, 'params', False)
+
+# existing_assignment = policy_client.policy_assignments.get(scope, name)
+# PolicyAssignment = cmd.get_models('PolicyAssignment')
+# assignment = PolicyAssignment(
+# display_name=display_name if display_name is not None else existing_assignment.display_name,
+# policy_definition_id=existing_assignment.policy_definition_id,
+# scope=existing_assignment.scope,
+# enforcement_mode=enforcement_mode if enforcement_mode is not None else existing_assignment.enforcement_mode,
+# metadata=existing_assignment.metadata,
+# parameters=params if params is not None else existing_assignment.parameters,
+# description=description if description is not None else existing_assignment.description)
+
+# if cmd.supported_api_version(min_api='2017-06-01-preview'):
+# kwargs_list = existing_assignment.not_scopes
+# if not_scopes:
+# kwargs_list = []
+# for id_arg in not_scopes.split(' '):
+# id_parts = parse_resource_id(id_arg)
+# if id_parts.get('subscription') or _is_management_group_scope(id_arg):
+# kwargs_list.append(id_arg)
+# else:
+# raise InvalidArgumentValueError("Invalid resource ID value in --not-scopes: '%s'" % id_arg)
+# assignment.not_scopes = kwargs_list
+
+# if cmd.supported_api_version(min_api='2018-05-01'):
+# assignment.location = existing_assignment.location
+# assignment.identity = existing_assignment.identity
+
+# if cmd.supported_api_version(min_api='2020-09-01'):
+# assignment.non_compliance_messages = existing_assignment.non_compliance_messages
+
+# return policy_client.policy_assignments.create(scope, name, assignment)
+
+
+# def delete_policy_assignment(cmd, name, resource_group_name=None, scope=None):
+# policy_client = _resource_policy_client_factory(cmd.cli_ctx)
+# subscription_id = get_subscription_id(cmd.cli_ctx)
+# scope = _build_policy_scope(subscription_id, resource_group_name, scope)
+# policy_client.policy_assignments.delete(scope, name)
+
+
+# def show_policy_assignment(cmd, name, resource_group_name=None, scope=None):
+# policy_client = _resource_policy_client_factory(cmd.cli_ctx)
+# subscription_id = get_subscription_id(cmd.cli_ctx)
+# scope = _build_policy_scope(subscription_id, resource_group_name, scope)
+# return policy_client.policy_assignments.get(scope, name)
+
+
+# def list_policy_assignment(cmd, disable_scope_strict_match=None, resource_group_name=None, scope=None):
+# policy_client = _resource_policy_client_factory(cmd.cli_ctx)
+# _scope = _build_policy_scope(get_subscription_id(cmd.cli_ctx),
+# resource_group_name, scope)
+# id_parts = parse_resource_id(_scope)
+# subscription = id_parts.get('subscription')
+# resource_group = id_parts.get('resource_group')
+# resource_type = id_parts.get('child_type_1') or id_parts.get('type')
+# resource_name = id_parts.get('child_name_1') or id_parts.get('name')
+# management_group = _parse_management_group_id(scope)
+
+# if management_group:
+# result = policy_client.policy_assignments.list_for_management_group(management_group_id=management_group, filter='atScope()')
+# elif all([resource_type, resource_group, subscription]):
+# namespace = id_parts.get('namespace')
+# parent_resource_path = '' if not id_parts.get('child_name_1') else (id_parts['type'] + '/' + id_parts['name'])
+# result = policy_client.policy_assignments.list_for_resource(
+# resource_group, namespace,
+# parent_resource_path, resource_type, resource_name)
+# elif resource_group:
+# result = policy_client.policy_assignments.list_for_resource_group(resource_group)
+# elif subscription:
+# result = policy_client.policy_assignments.list()
+# elif scope:
+# raise InvalidArgumentValueError('usage error `--scope`: must be a fully qualified ARM ID.')
+# else:
+# raise ArgumentUsageError('usage error: --scope ARM_ID | --resource-group NAME')
+
+# if not disable_scope_strict_match:
+# result = [i for i in result if _scope.lower().strip('/') == i.scope.lower().strip('/')]
+
+# return result
+
+
+# def list_policy_non_compliance_message(cmd, name, scope=None, resource_group_name=None):
+# policy_client = _resource_policy_client_factory(cmd.cli_ctx)
+# subscription_id = get_subscription_id(cmd.cli_ctx)
+# scope = _build_policy_scope(subscription_id, resource_group_name, scope)
+# return policy_client.policy_assignments.get(scope, name).non_compliance_messages
+
+
+# def create_policy_non_compliance_message(cmd, name, message, scope=None, resource_group_name=None,
+# policy_definition_reference_id=None):
+# policy_client = _resource_policy_client_factory(cmd.cli_ctx)
+# subscription_id = get_subscription_id(cmd.cli_ctx)
+# scope = _build_policy_scope(subscription_id, resource_group_name, scope)
+
+# assignment = policy_client.policy_assignments.get(scope, name)
+
+# NonComplianceMessage = cmd.get_models('NonComplianceMessage')
+# created_message = NonComplianceMessage(message=message, policy_definition_reference_id=policy_definition_reference_id)
+# if not assignment.non_compliance_messages:
+# assignment.non_compliance_messages = []
+# assignment.non_compliance_messages.append(created_message)
+
+# return policy_client.policy_assignments.create(scope, name, assignment).non_compliance_messages
+
+
+# def delete_policy_non_compliance_message(cmd, name, message, scope=None, resource_group_name=None,
+# policy_definition_reference_id=None):
+# policy_client = _resource_policy_client_factory(cmd.cli_ctx)
+# subscription_id = get_subscription_id(cmd.cli_ctx)
+# scope = _build_policy_scope(subscription_id, resource_group_name, scope)
+
+# assignment = policy_client.policy_assignments.get(scope, name)
+
+# NonComplianceMessage = cmd.get_models('NonComplianceMessage')
+# message_to_remove = NonComplianceMessage(message=message, policy_definition_reference_id=policy_definition_reference_id)
+# if assignment.non_compliance_messages:
+# assignment.non_compliance_messages = [existingMessage for existingMessage in assignment.non_compliance_messages if not _is_non_compliance_message_equivalent(existingMessage, message_to_remove)]
+
+# return policy_client.policy_assignments.create(scope, name, assignment).non_compliance_messages
+
+
+# def _is_non_compliance_message_equivalent(first, second):
+# first_message = '' if first.message is None else first.message
+# seccond_message = '' if second.message is None else second.message
+# first_reference_id = '' if first.policy_definition_reference_id is None else first.policy_definition_reference_id
+# second_reference_id = '' if second.policy_definition_reference_id is None else second.policy_definition_reference_id
+
+# return first_message.lower() == seccond_message.lower() and first_reference_id.lower() == second_reference_id.lower()
+
+
+# def set_identity(cmd, name, scope=None, resource_group_name=None,
+# mi_system_assigned=None, mi_user_assigned=None,
+# identity_role='Contributor', identity_scope=None):
+# policy_client = _resource_policy_client_factory(cmd.cli_ctx)
+# subscription_id = get_subscription_id(cmd.cli_ctx)
+# scope = _build_policy_scope(subscription_id, resource_group_name, scope)
+# # Backward compatibility that assign system assigned MSI when none specified.
+# identities = None
+# if mi_system_assigned is not None or mi_user_assigned is None:
+# identities = [MSI_LOCAL_ID]
+# else:
+# identities = [mi_user_assigned]
+
+# def getter():
+# return policy_client.policy_assignments.get(scope, name)
+
+# def setter(policyAssignment):
+# policyAssignment.identity = _build_identities_info(cmd, identities, resource_group_name)
+# return policy_client.policy_assignments.create(scope, name, policyAssignment)
+
+# from azure.cli.core.commands.arm import assign_identity as _assign_identity_helper
+# updatedAssignment = _assign_identity_helper(cmd.cli_ctx, getter, setter, identity_role, identity_scope)
+# return updatedAssignment.identity
+
+
+# def show_identity(cmd, name, scope=None, resource_group_name=None):
+# policy_client = _resource_policy_client_factory(cmd.cli_ctx)
+# subscription_id = get_subscription_id(cmd.cli_ctx)
+# scope = _build_policy_scope(subscription_id, resource_group_name, scope)
+# return policy_client.policy_assignments.get(scope, name).identity
+
+
+# def remove_identity(cmd, name, scope=None, resource_group_name=None):
+# policy_client = _resource_policy_client_factory(cmd.cli_ctx)
+# subscription_id = get_subscription_id(cmd.cli_ctx)
+# scope = _build_policy_scope(subscription_id, resource_group_name, scope)
+# policyAssignment = policy_client.policy_assignments.get(scope, name)
+
+# ResourceIdentityType = cmd.get_models('ResourceIdentityType')
+# ResourceIdentity = cmd.get_models('Identity')
+# policyAssignment.identity = ResourceIdentity(type=ResourceIdentityType.none)
+# policyAssignment = policy_client.policy_assignments.create(scope, name, policyAssignment)
+# return policyAssignment.identity
-def delete_policy_non_compliance_message(cmd, name, message, scope=None, resource_group_name=None,
- policy_definition_reference_id=None):
- policy_client = _resource_policy_client_factory(cmd.cli_ctx)
- subscription_id = get_subscription_id(cmd.cli_ctx)
- scope = _build_policy_scope(subscription_id, resource_group_name, scope)
+# def enforce_mutually_exclusive(subscription, management_group):
+# if subscription and management_group:
+# raise IncorrectUsageError('cannot provide both --subscription and --management-group')
- assignment = policy_client.policy_assignments.get(scope, name)
- NonComplianceMessage = cmd.get_models('NonComplianceMessage')
- message_to_remove = NonComplianceMessage(message=message, policy_definition_reference_id=policy_definition_reference_id)
- if assignment.non_compliance_messages:
- assignment.non_compliance_messages = [existingMessage for existingMessage in assignment.non_compliance_messages if not _is_non_compliance_message_equivalent(existingMessage, message_to_remove)]
-
- return policy_client.policy_assignments.create(scope, name, assignment).non_compliance_messages
-
-
-def _is_non_compliance_message_equivalent(first, second):
- first_message = '' if first.message is None else first.message
- seccond_message = '' if second.message is None else second.message
- first_reference_id = '' if first.policy_definition_reference_id is None else first.policy_definition_reference_id
- second_reference_id = '' if second.policy_definition_reference_id is None else second.policy_definition_reference_id
-
- return first_message.lower() == seccond_message.lower() and first_reference_id.lower() == second_reference_id.lower()
-
-
-def set_identity(cmd, name, scope=None, resource_group_name=None,
- mi_system_assigned=None, mi_user_assigned=None,
- identity_role='Contributor', identity_scope=None):
- policy_client = _resource_policy_client_factory(cmd.cli_ctx)
- subscription_id = get_subscription_id(cmd.cli_ctx)
- scope = _build_policy_scope(subscription_id, resource_group_name, scope)
- # Backward compatibility that assign system assigned MSI when none specified.
- identities = None
- if mi_system_assigned is not None or mi_user_assigned is None:
- identities = [MSI_LOCAL_ID]
- else:
- identities = [mi_user_assigned]
-
- def getter():
- return policy_client.policy_assignments.get(scope, name)
-
- def setter(policyAssignment):
- policyAssignment.identity = _build_identities_info(cmd, identities, resource_group_name)
- return policy_client.policy_assignments.create(scope, name, policyAssignment)
-
- from azure.cli.core.commands.arm import assign_identity as _assign_identity_helper
- updatedAssignment = _assign_identity_helper(cmd.cli_ctx, getter, setter, identity_role, identity_scope)
- return updatedAssignment.identity
-
-
-def show_identity(cmd, name, scope=None, resource_group_name=None):
- policy_client = _resource_policy_client_factory(cmd.cli_ctx)
- subscription_id = get_subscription_id(cmd.cli_ctx)
- scope = _build_policy_scope(subscription_id, resource_group_name, scope)
- return policy_client.policy_assignments.get(scope, name).identity
-
-
-def remove_identity(cmd, name, scope=None, resource_group_name=None):
- policy_client = _resource_policy_client_factory(cmd.cli_ctx)
- subscription_id = get_subscription_id(cmd.cli_ctx)
- scope = _build_policy_scope(subscription_id, resource_group_name, scope)
- policyAssignment = policy_client.policy_assignments.get(scope, name)
-
- ResourceIdentityType = cmd.get_models('ResourceIdentityType')
- ResourceIdentity = cmd.get_models('Identity')
- policyAssignment.identity = ResourceIdentity(type=ResourceIdentityType.none)
- policyAssignment = policy_client.policy_assignments.create(scope, name, policyAssignment)
- return policyAssignment.identity
-
-
-def enforce_mutually_exclusive(subscription, management_group):
- if subscription and management_group:
- raise IncorrectUsageError('cannot provide both --subscription and --management-group')
-
-
-def create_policy_definition(cmd, name, rules=None, params=None, display_name=None, description=None, mode=None,
- metadata=None, subscription=None, management_group=None):
- rules = _load_file_string_or_uri(rules, 'rules')
- params = _load_file_string_or_uri(params, 'params', False)
-
- PolicyDefinition = cmd.get_models('PolicyDefinition')
- parameters = PolicyDefinition(policy_rule=rules, parameters=params, description=description,
- display_name=display_name)
- if cmd.supported_api_version(min_api='2016-12-01'):
- parameters.mode = mode
- if cmd.supported_api_version(min_api='2017-06-01-preview'):
- parameters.metadata = metadata
- if cmd.supported_api_version(min_api='2018-03-01'):
- enforce_mutually_exclusive(subscription, management_group)
- if management_group:
- policy_client = _resource_policy_client_factory(cmd.cli_ctx)
- return policy_client.policy_definitions.create_or_update_at_management_group(name, management_group, parameters)
- if subscription:
- subscription_id = _get_subscription_id_from_subscription(cmd.cli_ctx, subscription)
- policy_client = get_mgmt_service_client(cmd.cli_ctx, ResourceType.MGMT_RESOURCE_POLICY,
- subscription_id=subscription_id)
- return policy_client.policy_definitions.create_or_update(name, parameters)
-
- policy_client = _resource_policy_client_factory(cmd.cli_ctx)
- return policy_client.policy_definitions.create_or_update(name, parameters)
-
-
-def create_policy_setdefinition(cmd, name, definitions, params=None, display_name=None, description=None,
- subscription=None, management_group=None, definition_groups=None, metadata=None):
-
- definitions = _load_file_string_or_uri(definitions, 'definitions')
- params = _load_file_string_or_uri(params, 'params', False)
- definition_groups = _load_file_string_or_uri(definition_groups, 'definition_groups', False)
-
- PolicySetDefinition = cmd.get_models('PolicySetDefinition')
- parameters = PolicySetDefinition(policy_definitions=definitions, parameters=params, description=description,
- display_name=display_name, policy_definition_groups=definition_groups)
-
- if cmd.supported_api_version(min_api='2017-06-01-preview'):
- parameters.metadata = metadata
- if cmd.supported_api_version(min_api='2018-03-01'):
- enforce_mutually_exclusive(subscription, management_group)
- if management_group:
- policy_client = _resource_policy_client_factory(cmd.cli_ctx)
- return policy_client.policy_set_definitions.create_or_update_at_management_group(name, management_group, parameters)
- if subscription:
- subscription_id = _get_subscription_id_from_subscription(cmd.cli_ctx, subscription)
- policy_client = get_mgmt_service_client(cmd.cli_ctx, ResourceType.MGMT_RESOURCE_POLICY,
- subscription_id=subscription_id)
- return policy_client.policy_set_definitions.create_or_update(name, parameters)
-
- policy_client = _resource_policy_client_factory(cmd.cli_ctx)
- return policy_client.policy_set_definitions.create_or_update(name, parameters)
-
-
-def get_policy_definition(cmd, policy_definition_name, subscription=None, management_group=None):
- policy_client = _resource_policy_client_factory(cmd.cli_ctx)
- return _get_custom_or_builtin_policy(cmd, policy_client, policy_definition_name, subscription, management_group)
-
-
-def get_policy_setdefinition(cmd, policy_set_definition_name, subscription=None, management_group=None):
- policy_client = _resource_policy_client_factory(cmd.cli_ctx)
- return _get_custom_or_builtin_policy(cmd, policy_client, policy_set_definition_name, subscription, management_group, True)
-
-
-def list_policy_definition(cmd, subscription=None, management_group=None):
-
- if cmd.supported_api_version(min_api='2018-03-01'):
- enforce_mutually_exclusive(subscription, management_group)
- if management_group:
- policy_client = _resource_policy_client_factory(cmd.cli_ctx)
- return policy_client.policy_definitions.list_by_management_group(management_group)
- if subscription:
- subscription_id = _get_subscription_id_from_subscription(cmd.cli_ctx, subscription)
- policy_client = get_mgmt_service_client(cmd.cli_ctx, ResourceType.MGMT_RESOURCE_POLICY,
- subscription_id=subscription_id)
- return policy_client.policy_definitions.list()
-
- policy_client = _resource_policy_client_factory(cmd.cli_ctx)
- return policy_client.policy_definitions.list()
-
-
-def list_policy_setdefinition(cmd, subscription=None, management_group=None):
- if cmd.supported_api_version(min_api='2018-03-01'):
- enforce_mutually_exclusive(subscription, management_group)
- if management_group:
- policy_client = _resource_policy_client_factory(cmd.cli_ctx)
- return policy_client.policy_set_definitions.list_by_management_group(management_group)
- if subscription:
- subscription_id = _get_subscription_id_from_subscription(cmd.cli_ctx, subscription)
- policy_client = get_mgmt_service_client(cmd.cli_ctx, ResourceType.MGMT_RESOURCE_POLICY,
- subscription_id=subscription_id)
- return policy_client.policy_set_definitions.list()
-
- policy_client = _resource_policy_client_factory(cmd.cli_ctx)
- return policy_client.policy_set_definitions.list()
-
-
-def delete_policy_definition(cmd, policy_definition_name, subscription=None, management_group=None):
- if cmd.supported_api_version(min_api='2018-03-01'):
- enforce_mutually_exclusive(subscription, management_group)
- if management_group:
- policy_client = _resource_policy_client_factory(cmd.cli_ctx)
- return policy_client.policy_definitions.delete_at_management_group(policy_definition_name, management_group)
- if subscription:
- subscription_id = _get_subscription_id_from_subscription(cmd.cli_ctx, subscription)
- policy_client = get_mgmt_service_client(cmd.cli_ctx, ResourceType.MGMT_RESOURCE_POLICY,
- subscription_id=subscription_id)
- return policy_client.policy_definitions.delete(policy_definition_name)
-
- policy_client = _resource_policy_client_factory(cmd.cli_ctx)
- return policy_client.policy_definitions.delete(policy_definition_name)
-
-
-def delete_policy_setdefinition(cmd, policy_set_definition_name, subscription=None, management_group=None):
- if cmd.supported_api_version(min_api='2018-03-01'):
- enforce_mutually_exclusive(subscription, management_group)
- if management_group:
- policy_client = _resource_policy_client_factory(cmd.cli_ctx)
- return policy_client.policy_set_definitions.delete_at_management_group(policy_set_definition_name,
- management_group)
- if subscription:
- subscription_id = _get_subscription_id_from_subscription(cmd.cli_ctx, subscription)
- policy_client = get_mgmt_service_client(cmd.cli_ctx, ResourceType.MGMT_RESOURCE_POLICY,
- subscription_id=subscription_id)
- return policy_client.policy_set_definitions.delete(policy_set_definition_name)
-
- policy_client = _resource_policy_client_factory(cmd.cli_ctx)
- return policy_client.policy_set_definitions.delete(policy_set_definition_name)
-
-
-def update_policy_definition(cmd, policy_definition_name, rules=None, params=None,
- display_name=None, description=None, metadata=None, mode=None,
- subscription=None, management_group=None):
-
- rules = _load_file_string_or_uri(rules, 'rules', False)
- params = _load_file_string_or_uri(params, 'params', False)
-
- policy_client = _resource_policy_client_factory(cmd.cli_ctx)
- definition = _get_custom_or_builtin_policy(cmd, policy_client, policy_definition_name, subscription, management_group)
- # pylint: disable=line-too-long,no-member
-
- PolicyDefinition = cmd.get_models('PolicyDefinition')
- parameters = PolicyDefinition(
- policy_rule=rules if rules is not None else definition.policy_rule,
- parameters=params if params is not None else definition.parameters,
- display_name=display_name if display_name is not None else definition.display_name,
- description=description if description is not None else definition.description,
- metadata=metadata if metadata is not None else definition.metadata)
-
- if cmd.supported_api_version(min_api='2016-12-01'):
- parameters.mode = mode
- if cmd.supported_api_version(min_api='2018-03-01'):
- enforce_mutually_exclusive(subscription, management_group)
- if management_group:
- return policy_client.policy_definitions.create_or_update_at_management_group(policy_definition_name, management_group, parameters)
- if subscription:
- subscription_id = _get_subscription_id_from_subscription(cmd.cli_ctx, subscription)
- policy_client = get_mgmt_service_client(cmd.cli_ctx, ResourceType.MGMT_RESOURCE_POLICY,
- subscription_id=subscription_id)
- return policy_client.policy_definitions.create_or_update(policy_definition_name, parameters)
-
- return policy_client.policy_definitions.create_or_update(policy_definition_name, parameters)
-
-
-def update_policy_setdefinition(cmd, policy_set_definition_name, definitions=None, params=None,
- display_name=None, description=None,
- subscription=None, management_group=None, definition_groups=None, metadata=None):
-
- definitions = _load_file_string_or_uri(definitions, 'definitions', False)
- params = _load_file_string_or_uri(params, 'params', False)
- definition_groups = _load_file_string_or_uri(definition_groups, 'definition_groups', False)
-
- policy_client = _resource_policy_client_factory(cmd.cli_ctx)
- definition = _get_custom_or_builtin_policy(cmd, policy_client, policy_set_definition_name, subscription, management_group, True)
- # pylint: disable=line-too-long,no-member
- PolicySetDefinition = cmd.get_models('PolicySetDefinition')
- parameters = PolicySetDefinition(
- policy_definitions=definitions if definitions is not None else definition.policy_definitions,
- description=description if description is not None else definition.description,
- display_name=display_name if display_name is not None else definition.display_name,
- parameters=params if params is not None else definition.parameters,
- policy_definition_groups=definition_groups if definition_groups is not None else definition.policy_definition_groups,
- metadata=metadata if metadata is not None else definition.metadata)
-
- if cmd.supported_api_version(min_api='2018-03-01'):
- enforce_mutually_exclusive(subscription, management_group)
- if management_group:
- return policy_client.policy_set_definitions.create_or_update_at_management_group(policy_set_definition_name, management_group, parameters)
- if subscription:
- subscription_id = _get_subscription_id_from_subscription(cmd.cli_ctx, subscription)
- policy_client = get_mgmt_service_client(cmd.cli_ctx, ResourceType.MGMT_RESOURCE_POLICY,
- subscription_id=subscription_id)
- return policy_client.policy_set_definitions.create_or_update(policy_set_definition_name, parameters)
-
- return policy_client.policy_set_definitions.create_or_update(policy_set_definition_name, parameters)
-
-
-def create_policy_exemption(cmd, name, policy_assignment=None, exemption_category=None,
- policy_definition_reference_ids=None, expires_on=None,
- display_name=None, description=None, resource_group_name=None, scope=None,
- metadata=None):
- if policy_assignment is None:
- raise RequiredArgumentMissingError('--policy_assignment is required')
- if exemption_category is None:
- raise RequiredArgumentMissingError('--exemption_category is required')
-
- policy_client = _resource_policy_client_factory(cmd.cli_ctx)
- subscription_id = get_subscription_id(cmd.cli_ctx)
- scope = _build_policy_scope(subscription_id, resource_group_name, scope)
- PolicyExemption = cmd.get_models('PolicyExemption')
- exemption = PolicyExemption(policy_assignment_id=policy_assignment, policy_definition_reference_ids=policy_definition_reference_ids,
- exemption_category=exemption_category, expires_on=expires_on,
- display_name=display_name, description=description, metadata=metadata)
- createdExemption = policy_client.policy_exemptions.create_or_update(scope, name, exemption)
- return createdExemption
-
-
-def update_policy_exemption(cmd, name, exemption_category=None,
- policy_definition_reference_ids=None, expires_on=None,
- display_name=None, description=None, resource_group_name=None, scope=None,
- metadata=None):
- policy_client = _resource_policy_client_factory(cmd.cli_ctx)
- subscription_id = get_subscription_id(cmd.cli_ctx)
- scope = _build_policy_scope(subscription_id, resource_group_name, scope)
- PolicyExemption = cmd.get_models('PolicyExemption')
- exemption = policy_client.policy_exemptions.get(scope, name)
- parameters = PolicyExemption(
- policy_assignment_id=exemption.policy_assignment_id,
- policy_definition_reference_ids=policy_definition_reference_ids if policy_definition_reference_ids is not None else exemption.policy_definition_reference_ids,
- exemption_category=exemption_category if exemption_category is not None else exemption.exemption_category,
- expires_on=expires_on if expires_on is not None else exemption.expires_on,
- display_name=display_name if display_name is not None else exemption.display_name,
- description=description if description is not None else exemption.description,
- metadata=metadata if metadata is not None else exemption.metadata)
- updatedExemption = policy_client.policy_exemptions.create_or_update(scope, name, parameters)
- return updatedExemption
-
-
-def delete_policy_exemption(cmd, name, resource_group_name=None, scope=None):
- policy_client = _resource_policy_client_factory(cmd.cli_ctx)
- subscription_id = get_subscription_id(cmd.cli_ctx)
- scope = _build_policy_scope(subscription_id, resource_group_name, scope)
- policy_client.policy_exemptions.delete(scope, name)
-
-
-def get_policy_exemption(cmd, name, resource_group_name=None, scope=None):
- policy_client = _resource_policy_client_factory(cmd.cli_ctx)
- subscription_id = get_subscription_id(cmd.cli_ctx)
- scope = _build_policy_scope(subscription_id, resource_group_name, scope)
- return policy_client.policy_exemptions.get(scope, name)
-
-
-def list_policy_exemption(cmd, disable_scope_strict_match=None, resource_group_name=None, scope=None):
- policy_client = _resource_policy_client_factory(cmd.cli_ctx)
- _scope = _build_policy_scope(get_subscription_id(cmd.cli_ctx),
- resource_group_name, scope)
- id_parts = parse_resource_id(_scope)
- subscription = id_parts.get('subscription')
- resource_group = id_parts.get('resource_group')
- resource_type = id_parts.get('child_type_1') or id_parts.get('type')
- resource_name = id_parts.get('child_name_1') or id_parts.get('name')
- management_group = _parse_management_group_id(scope)
-
- if management_group:
- result = policy_client.policy_exemptions.list_for_management_group(management_group_id=management_group, filter='atScope()')
- elif all([resource_type, resource_group, subscription]):
- namespace = id_parts.get('namespace')
- parent_resource_path = '' if not id_parts.get('child_name_1') else (id_parts['type'] + '/' + id_parts['name'])
- result = policy_client.policy_exemptions.list_for_resource(
- resource_group, namespace,
- parent_resource_path, resource_type, resource_name)
- elif resource_group:
- result = policy_client.policy_exemptions.list_for_resource_group(resource_group)
- elif subscription:
- result = policy_client.policy_exemptions.list()
- elif scope:
- raise InvalidArgumentValueError('usage error `--scope`: must be a fully qualified ARM ID.')
- else:
- raise ArgumentUsageError('usage error: --scope ARM_ID | --resource-group NAME')
-
- if not disable_scope_strict_match:
- result = [i for i in result if i.id.lower().strip('/').startswith(_scope.lower().strip('/') + "/providers/microsoft.authorization/policyexemptions")]
-
- return result
+# def create_policy_definition(cmd, name, rules=None, params=None, display_name=None, description=None, mode=None,
+# metadata=None, subscription=None, management_group=None):
+# rules = _load_file_string_or_uri(rules, 'rules')
+# params = _load_file_string_or_uri(params, 'params', False)
+
+# PolicyDefinition = cmd.get_models('PolicyDefinition')
+# parameters = PolicyDefinition(policy_rule=rules, parameters=params, description=description,
+# display_name=display_name)
+# if cmd.supported_api_version(min_api='2016-12-01'):
+# parameters.mode = mode
+# if cmd.supported_api_version(min_api='2017-06-01-preview'):
+# parameters.metadata = metadata
+# if cmd.supported_api_version(min_api='2018-03-01'):
+# enforce_mutually_exclusive(subscription, management_group)
+# if management_group:
+# policy_client = _resource_policy_client_factory(cmd.cli_ctx)
+# return policy_client.policy_definitions.create_or_update_at_management_group(name, management_group, parameters)
+# if subscription:
+# subscription_id = _get_subscription_id_from_subscription(cmd.cli_ctx, subscription)
+# policy_client = get_mgmt_service_client(cmd.cli_ctx, ResourceType.MGMT_RESOURCE_POLICY,
+# subscription_id=subscription_id)
+# return policy_client.policy_definitions.create_or_update(name, parameters)
+
+# policy_client = _resource_policy_client_factory(cmd.cli_ctx)
+# return policy_client.policy_definitions.create_or_update(name, parameters)
+
+
+# def create_policy_setdefinition(cmd, name, definitions, params=None, display_name=None, description=None,
+# subscription=None, management_group=None, definition_groups=None, metadata=None):
+
+# definitions = _load_file_string_or_uri(definitions, 'definitions')
+# params = _load_file_string_or_uri(params, 'params', False)
+# definition_groups = _load_file_string_or_uri(definition_groups, 'definition_groups', False)
+
+# PolicySetDefinition = cmd.get_models('PolicySetDefinition')
+# parameters = PolicySetDefinition(policy_definitions=definitions, parameters=params, description=description,
+# display_name=display_name, policy_definition_groups=definition_groups)
+
+# if cmd.supported_api_version(min_api='2017-06-01-preview'):
+# parameters.metadata = metadata
+# if cmd.supported_api_version(min_api='2018-03-01'):
+# enforce_mutually_exclusive(subscription, management_group)
+# if management_group:
+# policy_client = _resource_policy_client_factory(cmd.cli_ctx)
+# return policy_client.policy_set_definitions.create_or_update_at_management_group(name, management_group, parameters)
+# if subscription:
+# subscription_id = _get_subscription_id_from_subscription(cmd.cli_ctx, subscription)
+# policy_client = get_mgmt_service_client(cmd.cli_ctx, ResourceType.MGMT_RESOURCE_POLICY,
+# subscription_id=subscription_id)
+# return policy_client.policy_set_definitions.create_or_update(name, parameters)
+
+# policy_client = _resource_policy_client_factory(cmd.cli_ctx)
+# return policy_client.policy_set_definitions.create_or_update(name, parameters)
+
+
+# def get_policy_definition(cmd, policy_definition_name, subscription=None, management_group=None):
+# policy_client = _resource_policy_client_factory(cmd.cli_ctx)
+# return _get_custom_or_builtin_policy(cmd, policy_client, policy_definition_name, subscription, management_group)
+
+
+# def get_policy_setdefinition(cmd, policy_set_definition_name, subscription=None, management_group=None):
+# policy_client = _resource_policy_client_factory(cmd.cli_ctx)
+# return _get_custom_or_builtin_policy(cmd, policy_client, policy_set_definition_name, subscription, management_group, True)
+
+
+# def list_policy_definition(cmd, subscription=None, management_group=None):
+
+# if cmd.supported_api_version(min_api='2018-03-01'):
+# enforce_mutually_exclusive(subscription, management_group)
+# if management_group:
+# policy_client = _resource_policy_client_factory(cmd.cli_ctx)
+# return policy_client.policy_definitions.list_by_management_group(management_group)
+# if subscription:
+# subscription_id = _get_subscription_id_from_subscription(cmd.cli_ctx, subscription)
+# policy_client = get_mgmt_service_client(cmd.cli_ctx, ResourceType.MGMT_RESOURCE_POLICY,
+# subscription_id=subscription_id)
+# return policy_client.policy_definitions.list()
+
+# policy_client = _resource_policy_client_factory(cmd.cli_ctx)
+# return policy_client.policy_definitions.list()
+
+
+# def list_policy_setdefinition(cmd, subscription=None, management_group=None):
+# if cmd.supported_api_version(min_api='2018-03-01'):
+# enforce_mutually_exclusive(subscription, management_group)
+# if management_group:
+# policy_client = _resource_policy_client_factory(cmd.cli_ctx)
+# return policy_client.policy_set_definitions.list_by_management_group(management_group)
+# if subscription:
+# subscription_id = _get_subscription_id_from_subscription(cmd.cli_ctx, subscription)
+# policy_client = get_mgmt_service_client(cmd.cli_ctx, ResourceType.MGMT_RESOURCE_POLICY,
+# subscription_id=subscription_id)
+# return policy_client.policy_set_definitions.list()
+
+# policy_client = _resource_policy_client_factory(cmd.cli_ctx)
+# return policy_client.policy_set_definitions.list()
+
+
+# def delete_policy_definition(cmd, policy_definition_name, subscription=None, management_group=None):
+# if cmd.supported_api_version(min_api='2018-03-01'):
+# enforce_mutually_exclusive(subscription, management_group)
+# if management_group:
+# policy_client = _resource_policy_client_factory(cmd.cli_ctx)
+# return policy_client.policy_definitions.delete_at_management_group(policy_definition_name, management_group)
+# if subscription:
+# subscription_id = _get_subscription_id_from_subscription(cmd.cli_ctx, subscription)
+# policy_client = get_mgmt_service_client(cmd.cli_ctx, ResourceType.MGMT_RESOURCE_POLICY,
+# subscription_id=subscription_id)
+# return policy_client.policy_definitions.delete(policy_definition_name)
+
+# policy_client = _resource_policy_client_factory(cmd.cli_ctx)
+# return policy_client.policy_definitions.delete(policy_definition_name)
+
+
+# def delete_policy_setdefinition(cmd, policy_set_definition_name, subscription=None, management_group=None):
+# if cmd.supported_api_version(min_api='2018-03-01'):
+# enforce_mutually_exclusive(subscription, management_group)
+# if management_group:
+# policy_client = _resource_policy_client_factory(cmd.cli_ctx)
+# return policy_client.policy_set_definitions.delete_at_management_group(policy_set_definition_name,
+# management_group)
+# if subscription:
+# subscription_id = _get_subscription_id_from_subscription(cmd.cli_ctx, subscription)
+# policy_client = get_mgmt_service_client(cmd.cli_ctx, ResourceType.MGMT_RESOURCE_POLICY,
+# subscription_id=subscription_id)
+# return policy_client.policy_set_definitions.delete(policy_set_definition_name)
+
+# policy_client = _resource_policy_client_factory(cmd.cli_ctx)
+# return policy_client.policy_set_definitions.delete(policy_set_definition_name)
+
+
+# def update_policy_definition(cmd, policy_definition_name, rules=None, params=None,
+# display_name=None, description=None, metadata=None, mode=None,
+# subscription=None, management_group=None):
+
+# rules = _load_file_string_or_uri(rules, 'rules', False)
+# params = _load_file_string_or_uri(params, 'params', False)
+
+# policy_client = _resource_policy_client_factory(cmd.cli_ctx)
+# definition = _get_custom_or_builtin_policy(cmd, policy_client, policy_definition_name, subscription, management_group)
+# # pylint: disable=line-too-long,no-member
+
+# PolicyDefinition = cmd.get_models('PolicyDefinition')
+# parameters = PolicyDefinition(
+# policy_rule=rules if rules is not None else definition.policy_rule,
+# parameters=params if params is not None else definition.parameters,
+# display_name=display_name if display_name is not None else definition.display_name,
+# description=description if description is not None else definition.description,
+# metadata=metadata if metadata is not None else definition.metadata)
+
+# if cmd.supported_api_version(min_api='2016-12-01'):
+# parameters.mode = mode
+# if cmd.supported_api_version(min_api='2018-03-01'):
+# enforce_mutually_exclusive(subscription, management_group)
+# if management_group:
+# return policy_client.policy_definitions.create_or_update_at_management_group(policy_definition_name, management_group, parameters)
+# if subscription:
+# subscription_id = _get_subscription_id_from_subscription(cmd.cli_ctx, subscription)
+# policy_client = get_mgmt_service_client(cmd.cli_ctx, ResourceType.MGMT_RESOURCE_POLICY,
+# subscription_id=subscription_id)
+# return policy_client.policy_definitions.create_or_update(policy_definition_name, parameters)
+
+# return policy_client.policy_definitions.create_or_update(policy_definition_name, parameters)
+
+
+# def update_policy_setdefinition(cmd, policy_set_definition_name, definitions=None, params=None,
+# display_name=None, description=None,
+# subscription=None, management_group=None, definition_groups=None, metadata=None):
+
+# definitions = _load_file_string_or_uri(definitions, 'definitions', False)
+# params = _load_file_string_or_uri(params, 'params', False)
+# definition_groups = _load_file_string_or_uri(definition_groups, 'definition_groups', False)
+
+# policy_client = _resource_policy_client_factory(cmd.cli_ctx)
+# definition = _get_custom_or_builtin_policy(cmd, policy_client, policy_set_definition_name, subscription, management_group, True)
+# # pylint: disable=line-too-long,no-member
+# PolicySetDefinition = cmd.get_models('PolicySetDefinition')
+# parameters = PolicySetDefinition(
+# policy_definitions=definitions if definitions is not None else definition.policy_definitions,
+# description=description if description is not None else definition.description,
+# display_name=display_name if display_name is not None else definition.display_name,
+# parameters=params if params is not None else definition.parameters,
+# policy_definition_groups=definition_groups if definition_groups is not None else definition.policy_definition_groups,
+# metadata=metadata if metadata is not None else definition.metadata)
+
+# if cmd.supported_api_version(min_api='2018-03-01'):
+# enforce_mutually_exclusive(subscription, management_group)
+# if management_group:
+# return policy_client.policy_set_definitions.create_or_update_at_management_group(policy_set_definition_name, management_group, parameters)
+# if subscription:
+# subscription_id = _get_subscription_id_from_subscription(cmd.cli_ctx, subscription)
+# policy_client = get_mgmt_service_client(cmd.cli_ctx, ResourceType.MGMT_RESOURCE_POLICY,
+# subscription_id=subscription_id)
+# return policy_client.policy_set_definitions.create_or_update(policy_set_definition_name, parameters)
+
+# return policy_client.policy_set_definitions.create_or_update(policy_set_definition_name, parameters)
+
+
+# def create_policy_exemption(cmd, name, policy_assignment=None, exemption_category=None,
+# policy_definition_reference_ids=None, expires_on=None,
+# display_name=None, description=None, resource_group_name=None, scope=None,
+# metadata=None):
+# if policy_assignment is None:
+# raise RequiredArgumentMissingError('--policy_assignment is required')
+# if exemption_category is None:
+# raise RequiredArgumentMissingError('--exemption_category is required')
+
+# policy_client = _resource_policy_client_factory(cmd.cli_ctx)
+# subscription_id = get_subscription_id(cmd.cli_ctx)
+# scope = _build_policy_scope(subscription_id, resource_group_name, scope)
+# PolicyExemption = cmd.get_models('PolicyExemption')
+# exemption = PolicyExemption(policy_assignment_id=policy_assignment, policy_definition_reference_ids=policy_definition_reference_ids,
+# exemption_category=exemption_category, expires_on=expires_on,
+# display_name=display_name, description=description, metadata=metadata)
+# createdExemption = policy_client.policy_exemptions.create_or_update(scope, name, exemption)
+# return createdExemption
+
+
+# def update_policy_exemption(cmd, name, exemption_category=None,
+# policy_definition_reference_ids=None, expires_on=None,
+# display_name=None, description=None, resource_group_name=None, scope=None,
+# metadata=None):
+# policy_client = _resource_policy_client_factory(cmd.cli_ctx)
+# subscription_id = get_subscription_id(cmd.cli_ctx)
+# scope = _build_policy_scope(subscription_id, resource_group_name, scope)
+# PolicyExemption = cmd.get_models('PolicyExemption')
+# exemption = policy_client.policy_exemptions.get(scope, name)
+# parameters = PolicyExemption(
+# policy_assignment_id=exemption.policy_assignment_id,
+# policy_definition_reference_ids=policy_definition_reference_ids if policy_definition_reference_ids is not None else exemption.policy_definition_reference_ids,
+# exemption_category=exemption_category if exemption_category is not None else exemption.exemption_category,
+# expires_on=expires_on if expires_on is not None else exemption.expires_on,
+# display_name=display_name if display_name is not None else exemption.display_name,
+# description=description if description is not None else exemption.description,
+# metadata=metadata if metadata is not None else exemption.metadata)
+# updatedExemption = policy_client.policy_exemptions.create_or_update(scope, name, parameters)
+# return updatedExemption
+
+
+# def delete_policy_exemption(cmd, name, resource_group_name=None, scope=None):
+# policy_client = _resource_policy_client_factory(cmd.cli_ctx)
+# subscription_id = get_subscription_id(cmd.cli_ctx)
+# scope = _build_policy_scope(subscription_id, resource_group_name, scope)
+# policy_client.policy_exemptions.delete(scope, name)
+
+
+# def get_policy_exemption(cmd, name, resource_group_name=None, scope=None):
+# policy_client = _resource_policy_client_factory(cmd.cli_ctx)
+# subscription_id = get_subscription_id(cmd.cli_ctx)
+# scope = _build_policy_scope(subscription_id, resource_group_name, scope)
+# return policy_client.policy_exemptions.get(scope, name)
+
+
+# def list_policy_exemption(cmd, disable_scope_strict_match=None, resource_group_name=None, scope=None):
+# policy_client = _resource_policy_client_factory(cmd.cli_ctx)
+# _scope = _build_policy_scope(get_subscription_id(cmd.cli_ctx),
+# resource_group_name, scope)
+# id_parts = parse_resource_id(_scope)
+# subscription = id_parts.get('subscription')
+# resource_group = id_parts.get('resource_group')
+# resource_type = id_parts.get('child_type_1') or id_parts.get('type')
+# resource_name = id_parts.get('child_name_1') or id_parts.get('name')
+# management_group = _parse_management_group_id(scope)
+
+# if management_group:
+# result = policy_client.policy_exemptions.list_for_management_group(management_group_id=management_group, filter='atScope()')
+# elif all([resource_type, resource_group, subscription]):
+# namespace = id_parts.get('namespace')
+# parent_resource_path = '' if not id_parts.get('child_name_1') else (id_parts['type'] + '/' + id_parts['name'])
+# result = policy_client.policy_exemptions.list_for_resource(
+# resource_group, namespace,
+# parent_resource_path, resource_type, resource_name)
+# elif resource_group:
+# result = policy_client.policy_exemptions.list_for_resource_group(resource_group)
+# elif subscription:
+# result = policy_client.policy_exemptions.list()
+# elif scope:
+# raise InvalidArgumentValueError('usage error `--scope`: must be a fully qualified ARM ID.')
+# else:
+# raise ArgumentUsageError('usage error: --scope ARM_ID | --resource-group NAME')
+
+# if not disable_scope_strict_match:
+# result = [i for i in result if i.id.lower().strip('/').startswith(_scope.lower().strip('/') + "/providers/microsoft.authorization/policyexemptions")]
+
+# return result
def _register_rp(cli_ctx, subscription_id=None):
diff --git a/src/azure-cli/azure/cli/command_modules/resource/policy.py b/src/azure-cli/azure/cli/command_modules/resource/policy.py
new file mode 100644
index 00000000000..af465d66b36
--- /dev/null
+++ b/src/azure-cli/azure/cli/command_modules/resource/policy.py
@@ -0,0 +1,85 @@
+from azure.cli.command_modules.resource.aaz.latest.policy.definition._create import Create
+from azure.cli.command_modules.resource.aaz.latest.policy.definition._delete import Delete
+from azure.cli.command_modules.resource.aaz.latest.policy.definition._list import List
+from azure.cli.command_modules.resource.aaz.latest.policy.definition._show import Show
+from azure.cli.command_modules.resource.aaz.latest.policy.definition._update import Update
+
+class PolicyDefinitionsCreate(Create):
+ pass
+
+ # @classmethod
+ # def _build_arguments_schema(cls, *args, **kwargs):
+ # from azure.cli.core.aaz import AAZResourceIdArgFormat
+
+ # args_schema = super()._build_arguments_schema(*args, **kwargs)
+ # # args_schema.frontend_ip._fmt = AAZResourceIdArgFormat(
+ # # template="/subscriptions/{subscription}/resourceGroups/{resource_group}/providers/Microsoft.Network/applicationGateways/{gateway_name}/frontendIPConfigurations/{}"
+ # # )
+
+ # return args_schema
+
+class PolicyDefinitionsDelete(Delete):
+ pass
+
+class PolicyDefinitionsList(List):
+ pass
+
+class PolicyDefinitionCreate(Create):
+
+ def pre_operations(self):
+ from azure.cli.core.aaz import has_value
+ if not has_value(self.ctx.args.scope) and has_value(self.ctx.args.subscription):
+ self.ctx.args.scope = f"/subscriptions/{self.ctx.args.subscription}"
+
+class PolicyDefinitionsShow(Show):
+ # @classmethod
+ # def _build_arguments_schema(cls, *args, **kwargs):
+ # from azure.cli.core.aaz import AAZResourceIdArgFormat
+
+ # args_schema = super()._build_arguments_schema(*args, **kwargs)
+ # # args_schema.frontend_ip._fmt = AAZResourceIdArgFormat(
+ # # template="/subscriptions/{subscription}/resourceGroups/{resource_group}/providers/Microsoft.Network/applicationGateways/{gateway_name}/frontendIPConfigurations/{}"
+ # # )
+
+ # return args_schema
+
+ class PolicyDefinitionsGetBuiltIn(Show.PolicyDefinitionsGet):
+
+ def __init__(self, ctx):
+ super().__init__(ctx)
+
+ @property
+ def url(self):
+ return self.client.format_url(
+ "/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}",
+ **self.url_parameters
+ )
+
+ @property
+ def url_parameters(self):
+ parameters = {
+ **self.serialize_url_param(
+ "policyDefinitionName", self.ctx.args.name,
+ required=True,
+ )
+ }
+ return parameters
+
+ def pre_operations(self):
+ pass
+
+ def _execute_operations(self):
+ from azure.cli.core.aaz import has_value
+ if has_value(self.ctx.args.name) and not has_value(self.ctx.args.management_group) and not 'subscription_id' in self.ctx.args._data:
+ try:
+ return self.PolicyDefinitionsGetBuiltIn(ctx=self.ctx)()
+ except (Exception) as ex:
+ pass
+
+ return super()._execute_operations()
+
+ def post_operations(self):
+ pass
+
+class PolicyDefinitionsUpdate(Update):
+ pass
diff --git a/src/azure-cli/azure/cli/command_modules/resource/tests/testcert-chain.pem b/src/azure-cli/azure/cli/command_modules/resource/tests/testcert-chain.pem
new file mode 100644
index 00000000000..840b9e91c11
--- /dev/null
+++ b/src/azure-cli/azure/cli/command_modules/resource/tests/testcert-chain.pem
@@ -0,0 +1,35 @@
+-----BEGIN CERTIFICATE-----
+MIICsjCCAZqgAwIBAgIIXQ8818NcK08wDQYJKoZIhvcNAQELBQAwGTEXMBUGA1UE
+AwwOVEVTVENFUlQwMDAwMDEwHhcNMjUwMjI2MDE0NjIwWhcNMjUwMzAxMDE0NjIw
+WjAZMRcwFQYDVQQDDA5URVNUQ0VSVDAwMDAwMTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBANFg6w6o+HwdDN0dm7U3Wwsz2WNXfwkAS2fYeoeoh1wk3NPX
++5cCCa4CsxzH3IKydQDK29JbQ7PDgYT+Hs+zL5sBi7IDTM/qB52FTpIQfLgNxoSa
+E5bekhjtfSDADQylzcbLt+gBB+G9DVk9kWK6fjeg4FCSuzfHkDRxx7PWUZJZ3/nL
+Qmtgd8FhNlCZ1iljkuMD37zQ4Z0EZE2u/c5n2Yra+y6f5ng7qwjjxkdkRC66yolB
+lNsQZPwlgTa+8dAgs5e4LNFQFcwZxG4m9oBNZ1wd0XWFIbjzYE59hhfJr3h6oEz9
+1MRIhTI3V4EKiS1WNJYye8LaXGq31pDHtW9xKLcCAwEAATANBgkqhkiG9w0BAQsF
+AAOCAQEAC6GhyhgxhXDrpNQJsjQUnms1uUX28iu++vjrnfrseYKr1ATEE0h8nONz
+src92yg92Z/VUlfhIWXXImyMkdaUo4DE/Hr6MzTWNNFNAEDkCnSNv906ibj30rWS
+YYGkQzSdAthiD+Eo/Q+3cZO2gfy2dqu4GXJNAg3ZU633KWBAhOI74ohBjh8xksEk
+A8sKlHVj311i6YxP0hD/in0tPEhKmuBm3W7w+fFlBxCFKWAAeXEq0OCoaA2Fcduo
+8S1cMzErRCMn1cq+8fgaOJt81eqlVGo3rZ0915g+QLZBKsnAydAxVOnu9CN14xEH
+XxrevVcee3rsJgMV0fyjO30Nr415dA==
+-----END CERTIFICATE-----
+
+-----BEGIN CERTIFICATE-----
+MIICsjCCAZqgAwIBAgIIXQ8818NcK08wDQYJKoZIhvcNAQELBQAwGTEXMBUGA1UE
+AwwOVEVTVENFUlQwMDAwMDEwHhcNMjUwMjI2MDE0NjIwWhcNMjUwMzAxMDE0NjIw
+WjAZMRcwFQYDVQQDDA5URVNUQ0VSVDAwMDAwMTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBANFg6w6o+HwdDN0dm7U3Wwsz2WNXfwkAS2fYeoeoh1wk3NPX
++5cCCa4CsxzH3IKydQDK29JbQ7PDgYT+Hs+zL5sBi7IDTM/qB52FTpIQfLgNxoSa
+E5bekhjtfSDADQylzcbLt+gBB+G9DVk9kWK6fjeg4FCSuzfHkDRxx7PWUZJZ3/nL
+Qmtgd8FhNlCZ1iljkuMD37zQ4Z0EZE2u/c5n2Yra+y6f5ng7qwjjxkdkRC66yolB
+lNsQZPwlgTa+8dAgs5e4LNFQFcwZxG4m9oBNZ1wd0XWFIbjzYE59hhfJr3h6oEz9
+1MRIhTI3V4EKiS1WNJYye8LaXGq31pDHtW9xKLcCAwEAATANBgkqhkiG9w0BAQsF
+AAOCAQEAC6GhyhgxhXDrpNQJsjQUnms1uUX28iu++vjrnfrseYKr1ATEE0h8nONz
+src92yg92Z/VUlfhIWXXImyMkdaUo4DE/Hr6MzTWNNFNAEDkCnSNv906ibj30rWS
+YYGkQzSdAthiD+Eo/Q+3cZO2gfy2dqu4GXJNAg3ZU633KWBAhOI74ohBjh8xksEk
+A8sKlHVj311i6YxP0hD/in0tPEhKmuBm3W7w+fFlBxCFKWAAeXEq0OCoaA2Fcduo
+8S1cMzErRCMn1cq+8fgaOJt81eqlVGo3rZ0915g+QLZBKsnAydAxVOnu9CN14xEH
+XxrevVcee3rsJgMV0fyjO30Nr415dA==
+-----END CERTIFICATE-----
diff --git a/src/azure-cli/azure/cli/command_modules/resource/tests/testcert.cer b/src/azure-cli/azure/cli/command_modules/resource/tests/testcert.cer
new file mode 100644
index 00000000000..7a1df8b1976
--- /dev/null
+++ b/src/azure-cli/azure/cli/command_modules/resource/tests/testcert.cer
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICsjCCAZqgAwIBAgIIXQ8818NcK08wDQYJKoZIhvcNAQELBQAwGTEXMBUGA1UE
+AwwOVEVTVENFUlQwMDAwMDEwHhcNMjUwMjI2MDE0NjIwWhcNMjUwMzAxMDE0NjIw
+WjAZMRcwFQYDVQQDDA5URVNUQ0VSVDAwMDAwMTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBANFg6w6o+HwdDN0dm7U3Wwsz2WNXfwkAS2fYeoeoh1wk3NPX
++5cCCa4CsxzH3IKydQDK29JbQ7PDgYT+Hs+zL5sBi7IDTM/qB52FTpIQfLgNxoSa
+E5bekhjtfSDADQylzcbLt+gBB+G9DVk9kWK6fjeg4FCSuzfHkDRxx7PWUZJZ3/nL
+Qmtgd8FhNlCZ1iljkuMD37zQ4Z0EZE2u/c5n2Yra+y6f5ng7qwjjxkdkRC66yolB
+lNsQZPwlgTa+8dAgs5e4LNFQFcwZxG4m9oBNZ1wd0XWFIbjzYE59hhfJr3h6oEz9
+1MRIhTI3V4EKiS1WNJYye8LaXGq31pDHtW9xKLcCAwEAATANBgkqhkiG9w0BAQsF
+AAOCAQEAC6GhyhgxhXDrpNQJsjQUnms1uUX28iu++vjrnfrseYKr1ATEE0h8nONz
+src92yg92Z/VUlfhIWXXImyMkdaUo4DE/Hr6MzTWNNFNAEDkCnSNv906ibj30rWS
+YYGkQzSdAthiD+Eo/Q+3cZO2gfy2dqu4GXJNAg3ZU633KWBAhOI74ohBjh8xksEk
+A8sKlHVj311i6YxP0hD/in0tPEhKmuBm3W7w+fFlBxCFKWAAeXEq0OCoaA2Fcduo
+8S1cMzErRCMn1cq+8fgaOJt81eqlVGo3rZ0915g+QLZBKsnAydAxVOnu9CN14xEH
+XxrevVcee3rsJgMV0fyjO30Nr415dA==
+-----END CERTIFICATE-----
diff --git a/src/azure-cli/azure/cli/command_modules/resource/tests/testkey.pvk b/src/azure-cli/azure/cli/command_modules/resource/tests/testkey.pvk
new file mode 100644
index 00000000000..db391eb8037
--- /dev/null
+++ b/src/azure-cli/azure/cli/command_modules/resource/tests/testkey.pvk
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEA0WDrDqj4fB0M3R2btTdbCzPZY1d/CQBLZ9h6h6iHXCTc09f7
+lwIJrgKzHMfcgrJ1AMrb0ltDs8OBhP4ez7MvmwGLsgNMz+oHnYVOkhB8uA3GhJoT
+lt6SGO19IMANDKXNxsu36AEH4b0NWT2RYrp+N6DgUJK7N8eQNHHHs9ZRklnf+ctC
+a2B3wWE2UJnWKWOS4wPfvNDhnQRkTa79zmfZitr7Lp/meDurCOPGR2RELrrKiUGU
+2xBk/CWBNr7x0CCzl7gs0VAVzBnEbib2gE1nXB3RdYUhuPNgTn2GF8mveHqgTP3U
+xEiFMjdXgQqJLVY0ljJ7wtpcarfWkMe1b3EotwIDAQABAoIBACAN2jPb2sgcJcMs
+4bt2q98FWI4KBUjqUnZQS23noeq8OqcfRS/jSs++L7qZFGFZPcAEeRkgCgzZbO41
+00oRO26xErhgI0sfSnwrPjyZU+aqNo6dYfYHwU5vU+fcJFif15F20FhZ3rbd8Pm3
+tcFrc0rukPjKMJRDs917inW15WC7T6S2iUOXBjkJ83ScFWUkeVXzP21IxLA/fLyg
+sair8skfXuriJ1PNWCQ8wY0BkcLjq5xClBHaZnRTfrgnzoOLWTegDgJSOx/g1KUG
+u1t+NhikgckUdwe9eh9mjjMlxTd/AnEywdd/KEYegeVGa/N/J7XTGZ0p0zvuHS7o
+Eu9+aA0CgYEA9VV+HuL/vO8tyhwA0JmT7I60sHdRH06pNZGreA8wNHfEKMFz5Hag
+h7987SFxt8blnr8rmyyS6nfdwA7+1WkFGEVBTyXcEpOPJq58w4U1VkNRqOBlIiby
+Q6JA5dGWQF/WYZmr0OF+0ZVCh00hUUGJXprXbTbyCwkUpikUFvuN4z0CgYEA2ntA
+QiTJyjN08BNsKUx852drDyAjuuF00lcfnJ/5rXV0lwdXrSBSd5zqivDwwWxgTVkf
+3NRoIaHkZYAN4bm3pdf4iBcP+PGiqNwrLZZMS2LeyEbavP/u0ivIm/7GkDZxJ/2g
++cm/s4EFxaqNvF1vNMfOhQvDKElgT3YFnvLRawMCgYAkRDcYqcXUUCccsXcNXyaW
+2aGsVHcRgbdRy+7lGJmvp+S/gZl4NHEWoB//jeoZmLVo+imgDr7JGl8VfSH+uj+e
+jt5QrPATbuzCcxjObmqsDdeMd1975PX7OYkOcCUd7wzp8KWNg0gUA1SKW8SJFn8Q
+FSOzaWPubbE3vurRWu5moQKBgCsFhBTCO74GPeucV3sWZa4HbkxvLrn49VEJ+N6V
+ncurSkcHGhusNrD5BDJR2Yas+ZWhjCWm6c5dm6Tk/1bIhEIy8eySZgHGSxpnKFV0
+uBdMI8RaN25qEzPtjTYyiBUTs1qFlfI56PbG3EUdHYXO/DvvcFpAg7BmKoHbIqY2
++EfTAoGAKr5r6t1xeu5E3qHUHcbAUcN8y/LxEneSZNkvt5Eg5+YQLdc0kIuGPZNm
+EcmorLRsE4RhvdrJ0ixPe7cWC2lXDUXgR2PDrZv+o1b5n2QzcdaCyDRgfFnTd2ft
+otF9nhTiPa3pyIstMbxE9Z/XXeJoujexjAVkwnlzvIUtQgVy17M=
+-----END RSA PRIVATE KEY-----
diff --git a/testcert-chain.pem b/testcert-chain.pem
new file mode 100644
index 00000000000..6b2678c6192
--- /dev/null
+++ b/testcert-chain.pem
@@ -0,0 +1,35 @@
+-----BEGIN CERTIFICATE-----
+MIICsjCCAZqgAwIBAgIIdl8tQLRR8PYwDQYJKoZIhvcNAQELBQAwGTEXMBUGA1UE
+AwwOVEVTVENFUlQwMDAwMDEwHhcNMjUwMjI4MDIxNDQxWhcNMjUwMzAzMDIxNDQx
+WjAZMRcwFQYDVQQDDA5URVNUQ0VSVDAwMDAwMTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAMt2iwBgaUp6uUOjusfFg9Rk2CF25LkmQ4JGyLcxAoXWghBn
+ua+cWdxOeW0Nq/+6td4fKcXSwfLmVu3thpVLPQQC8n9RJjDNvM6xGAnA5yxncdV/
+O3AvVKUlj++k+5Fe1EchZPSrCIMPzFWP2lEwHv3EfgRFOlXbAFhTwdqqj228w3aV
+tEyB2pQuG6X9p/+9BYqmdbYKFeg4H04FEKJwekBFISGl4khQGvMDHnDg6HNJv7wj
+PAfKNsmEu5E/08nCNzA+8Fk7z8N8Oxx1OxWy6kbVwxieQZCHvclcz1ZUhPXQlb9w
+uyACEgubX3+uZSQ0/xxHxef6zf1fRMBoZYuvbmkCAwEAATANBgkqhkiG9w0BAQsF
+AAOCAQEAVDNSfGt80VHQKnevI+L9Un/3BmJaoTpT++CexNq8hz6oIAqiSvQWHIJ0
+2hFg9KLfc4BGwCBaifJt5faB4EzQd6lnRR+usT94JLMRBrrcsQJecTYl3zUDAvA7
+GPxuB9Kp+fzre+iIVY4PYcZBSQy0jVfzKJo7Fb95S92fNJE1YxedNq6HVvhouydt
+pPnKKrnvIPmMKUrv29TK064tshDQF/x5wKplUJyPEVjgpmnAmZpSvAaXkEzzDVlQ
+jNNNjo1/FVA2DCkfFPBdUO8byJYAim4Et0gyWQaDcMFANoNLXkJ1Z5aI11awN0B+
+YskMbm3LybrJXzBy0aBTaoGx2PsEBQ==
+-----END CERTIFICATE-----
+
+-----BEGIN CERTIFICATE-----
+MIICsjCCAZqgAwIBAgIIdl8tQLRR8PYwDQYJKoZIhvcNAQELBQAwGTEXMBUGA1UE
+AwwOVEVTVENFUlQwMDAwMDEwHhcNMjUwMjI4MDIxNDQxWhcNMjUwMzAzMDIxNDQx
+WjAZMRcwFQYDVQQDDA5URVNUQ0VSVDAwMDAwMTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAMt2iwBgaUp6uUOjusfFg9Rk2CF25LkmQ4JGyLcxAoXWghBn
+ua+cWdxOeW0Nq/+6td4fKcXSwfLmVu3thpVLPQQC8n9RJjDNvM6xGAnA5yxncdV/
+O3AvVKUlj++k+5Fe1EchZPSrCIMPzFWP2lEwHv3EfgRFOlXbAFhTwdqqj228w3aV
+tEyB2pQuG6X9p/+9BYqmdbYKFeg4H04FEKJwekBFISGl4khQGvMDHnDg6HNJv7wj
+PAfKNsmEu5E/08nCNzA+8Fk7z8N8Oxx1OxWy6kbVwxieQZCHvclcz1ZUhPXQlb9w
+uyACEgubX3+uZSQ0/xxHxef6zf1fRMBoZYuvbmkCAwEAATANBgkqhkiG9w0BAQsF
+AAOCAQEAVDNSfGt80VHQKnevI+L9Un/3BmJaoTpT++CexNq8hz6oIAqiSvQWHIJ0
+2hFg9KLfc4BGwCBaifJt5faB4EzQd6lnRR+usT94JLMRBrrcsQJecTYl3zUDAvA7
+GPxuB9Kp+fzre+iIVY4PYcZBSQy0jVfzKJo7Fb95S92fNJE1YxedNq6HVvhouydt
+pPnKKrnvIPmMKUrv29TK064tshDQF/x5wKplUJyPEVjgpmnAmZpSvAaXkEzzDVlQ
+jNNNjo1/FVA2DCkfFPBdUO8byJYAim4Et0gyWQaDcMFANoNLXkJ1Z5aI11awN0B+
+YskMbm3LybrJXzBy0aBTaoGx2PsEBQ==
+-----END CERTIFICATE-----
diff --git a/testcert.cer b/testcert.cer
new file mode 100644
index 00000000000..7179a0c3a14
--- /dev/null
+++ b/testcert.cer
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICsjCCAZqgAwIBAgIIdl8tQLRR8PYwDQYJKoZIhvcNAQELBQAwGTEXMBUGA1UE
+AwwOVEVTVENFUlQwMDAwMDEwHhcNMjUwMjI4MDIxNDQxWhcNMjUwMzAzMDIxNDQx
+WjAZMRcwFQYDVQQDDA5URVNUQ0VSVDAwMDAwMTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAMt2iwBgaUp6uUOjusfFg9Rk2CF25LkmQ4JGyLcxAoXWghBn
+ua+cWdxOeW0Nq/+6td4fKcXSwfLmVu3thpVLPQQC8n9RJjDNvM6xGAnA5yxncdV/
+O3AvVKUlj++k+5Fe1EchZPSrCIMPzFWP2lEwHv3EfgRFOlXbAFhTwdqqj228w3aV
+tEyB2pQuG6X9p/+9BYqmdbYKFeg4H04FEKJwekBFISGl4khQGvMDHnDg6HNJv7wj
+PAfKNsmEu5E/08nCNzA+8Fk7z8N8Oxx1OxWy6kbVwxieQZCHvclcz1ZUhPXQlb9w
+uyACEgubX3+uZSQ0/xxHxef6zf1fRMBoZYuvbmkCAwEAATANBgkqhkiG9w0BAQsF
+AAOCAQEAVDNSfGt80VHQKnevI+L9Un/3BmJaoTpT++CexNq8hz6oIAqiSvQWHIJ0
+2hFg9KLfc4BGwCBaifJt5faB4EzQd6lnRR+usT94JLMRBrrcsQJecTYl3zUDAvA7
+GPxuB9Kp+fzre+iIVY4PYcZBSQy0jVfzKJo7Fb95S92fNJE1YxedNq6HVvhouydt
+pPnKKrnvIPmMKUrv29TK064tshDQF/x5wKplUJyPEVjgpmnAmZpSvAaXkEzzDVlQ
+jNNNjo1/FVA2DCkfFPBdUO8byJYAim4Et0gyWQaDcMFANoNLXkJ1Z5aI11awN0B+
+YskMbm3LybrJXzBy0aBTaoGx2PsEBQ==
+-----END CERTIFICATE-----
diff --git a/testkey.pvk b/testkey.pvk
new file mode 100644
index 00000000000..b0622a3dc11
--- /dev/null
+++ b/testkey.pvk
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAy3aLAGBpSnq5Q6O6x8WD1GTYIXbkuSZDgkbItzEChdaCEGe5
+r5xZ3E55bQ2r/7q13h8pxdLB8uZW7e2GlUs9BALyf1EmMM28zrEYCcDnLGdx1X87
+cC9UpSWP76T7kV7URyFk9KsIgw/MVY/aUTAe/cR+BEU6VdsAWFPB2qqPbbzDdpW0
+TIHalC4bpf2n/70FiqZ1tgoV6DgfTgUQonB6QEUhIaXiSFAa8wMecODoc0m/vCM8
+B8o2yYS7kT/TycI3MD7wWTvPw3w7HHU7FbLqRtXDGJ5BkIe9yVzPVlSE9dCVv3C7
+IAISC5tff65lJDT/HEfF5/rN/V9EwGhli69uaQIDAQABAoIBAEJ1JYEJfMrZnDMG
+Q2emUeGp0NjZa2s4nttqQHxp0z+hKdmu7713LfjiXxIqYZCFzYrQlgXqSfSLnUBZ
+Edko+rSZO9kvSfCt+upueQISks/zuAB67xC9PQI2azXlJ1C7702OkFnEleKtYdpe
+wvo65ByStnCxphTOFGZFcW/5vyCh7wIIlYDE8QfjmfPz6M0/NLJNUBJPWsn0QAcj
+2BqMHaHkZLIOfGYoAsgNtc0vnr9McFBcKJHRErPwFiXIKqyBozzfTzwsrZH9YcHm
+zW3Gr8+kg7PiYfL3qYvvTk7TfkdqbilgxQyigaFxx0Ks+Xo158LdH5hKuIXAP0Jp
+T5TtlsMCgYEA5uUd5Ilbgw0/sdphiynMPDsD21BYaKcVHLMO0WceXC5G4rG7Wft3
+dqi1qL+ZEQ2x+217ZR68tjyQf72tpJO2czfy1I/YA5XSFVtg26yQY7Pz6oiZjZkz
+qA68A/vCLuACDokRrrjBdka2RnWJH1lLPTR9N5Um1LaRHpxSEtZW8bcCgYEA4ZXe
+KX+QccRhhr9V54VLia1enKBJuNzodY5vt6wFBY9stT6KkvW885PZteCrRnFmbb6a
+oCscyp5SLS2i6Nq2IuHclvhraZq8tHIHrJ3wOaM+gxGqKdwN/jwDnVDsUH1No6i8
+YhpA+FUOOnEOSqbYoeyEM6VDdSXoqvxGX9YkIN8CgYAyur4xmxg3F+8ZpXBvAfT0
+esbjJaj2/Va/Inwr9+sMt8ItRn1yTLS3pmObOtVnkMm9AxXsZq9xnqbk2gjPswCQ
+GgfJOf1s9DrfJF+IhEaJEV2S9wY9vR5DW1Fl0qecYu0wwl7XM5KV6P1dR6+j6puE
+TAcC8ktAywfhYNkLeHpLywKBgQCQk05I5lqarzOZ+nKB6SnaWOR0GT5mXh4ViW4M
+FxE42Qzgs+539UpeCXnUWOMsSG1PFINg94CCUylzjvYDqnhkrsCDeT7N9b/PHe3R
+MX/OUNM1iVK3dTL6p1fhsQVjKItjwjbJ4O2WulxeFCsGqRvZ2w13VAmBwQP24avw
+q/uHnQKBgCpGZiEo7NveYmvLsZ7IC7A5n1YVjjf+EQZ/uT7aLTLg0uqx+VJ3UmW5
+lZ+HVW0LJvbz7r7D31YGjjGvNREQ82eFY+AhQNnEFFzll0P4DmHB286Bjnxa9SvP
+b16ctYR4f7AxnaND+xTcjoN/iedrZF/WbWRlgbwNMLcGsZstTgwX
+-----END RSA PRIVATE KEY-----