CLI command model for Azure Policy CRUD commands

Commands/policy/assignment/_create.md

@@ -0,0 +1,43 @@
+# [Command] _policy assignment create_
+
+Create a policy assignment.
+
+Create a policy assignment with the given scope and name. Policy assignments apply to all resources contained within their scope. For example, when you assign a policy at resource group scope, that policy applies to all resources in the group.
+
+## Versions
+
+### [2024-05-01](/Resources/mgmt-plane/L3tzY29wZX0vcHJvdmlkZXJzL21pY3Jvc29mdC5hdXRob3JpemF0aW9uL3BvbGljeWFzc2lnbm1lbnRzL3t9/2024-05-01.xml) **Stable**
+
+<!-- mgmt-plane /{scope}/providers/microsoft.authorization/policyassignments/{} 2024-05-01 -->
+
+#### examples
+
+- Create a resource policy assignment at scope
+    ```bash
+        policy assignment create --scope "/providers/Microsoft.Management/managementGroups/{managementGroupName}" --policy {policyName} -p "{ 'allowedLocations': { 'value': [ 'australiaeast', 'eastus', 'japaneast' ] } }"
+    ```
+
+- Create a resource policy assignment and provide rule parameter values
+    ```bash
+        Create a resource policy assignment and provide rule parameter values policy assignment create --policy {policyName} -p "{ 'allowedLocations': { 'value': [ 'australiaeast', 'eastus', 'japaneast' ] } }"
+    ```
+
+- Create a resource policy assignment with a system assigned identity
+    ```bash
+        policy assignment create --name myPolicy --policy {policyName} --mi-system-assigned --location eastus
+    ```
+
+- Create a resource policy assignment with a system assigned identity with Contributor role access to the subscription
+    ```bash
+        policy assignment create --name myPolicy --policy {policyName} --mi-system-assigned --identity-scope /subscriptions/{subscriptionId} --role Contributor --location eastus
+    ```
+
+- Create a resource policy assignment with a user assigned identity
+    ```bash
+        policy assignment create --name myPolicy --policy {policyName} -g MyResourceGroup --mi-user-assigned myAssignedId --location westus
+    ```
+
+- Create a resource policy assignment with an enforcement mode
+    ```bash
+        policy assignment create --name myPolicy --policy {policyName} --enforcement-mode DoNotEnforce
+    ```

Commands/policy/assignment/_delete.md

@@ -0,0 +1,23 @@
+# [Command] _policy assignment delete_
+
+Delete a policy assignment.
+
+Delete the policy assignment with the given name and scope.
+
+## Versions
+
+### [2024-05-01](/Resources/mgmt-plane/L3tzY29wZX0vcHJvdmlkZXJzL21pY3Jvc29mdC5hdXRob3JpemF0aW9uL3BvbGljeWFzc2lnbm1lbnRzL3t9/2024-05-01.xml) **Stable**
+
+<!-- mgmt-plane /{scope}/providers/microsoft.authorization/policyassignments/{} 2024-05-01 -->
+
+#### examples
+
+- Delete a policy assignment at scope
+    ```bash
+        policy assignment delete --scope subscriptions/{subscriptionId} --name EnforceNaming
+    ```
+
+- Delete a policy assignment
+    ```bash
+        policy assignment delete --name MyPolicyAssignment
+    ```

Commands/policy/assignment/_list.md

@@ -0,0 +1,30 @@
+# [Command] _policy assignment list_
+
+Retrieve all applicable policy assignments.
+
+Retrieve the list of all policy assignments applicable to the given subscription or management group.
+
+## Versions
+
+### [2024-05-01](/Resources/mgmt-plane/L3Byb3ZpZGVycy9taWNyb3NvZnQubWFuYWdlbWVudC9tYW5hZ2VtZW50Z3JvdXBzL3t9L3Byb3ZpZGVycy9taWNyb3NvZnQuYXV0aG9yaXphdGlvbi9wb2xpY3lhc3NpZ25tZW50cw==/2024-05-01.xml) **Stable**
+
+<!-- mgmt-plane /providers/microsoft.management/managementgroups/{}/providers/microsoft.authorization/policyassignments 2024-05-01 -->
+<!-- mgmt-plane /subscriptions/{}/providers/microsoft.authorization/policyassignments 2024-05-01 -->
+<!-- mgmt-plane /subscriptions/{}/resourcegroups/{}/providers/microsoft.authorization/policyassignments 2024-05-01 -->
+
+#### examples
+
+- List policy assignments that apply to a resource group
+    ```bash
+        policy assignment list --resource-group TestResourceGroup --filter atScope() --expand LatestDefinitionVersion, EffectiveDefinitionVersion
+    ```
+
+- List policy assignments that apply to a management group
+    ```bash
+        policy assignment list --management-group TestManagementGroup --filter atScope()
+    ```
+
+- List policy assignments that apply to a subscription
+    ```bash
+        policy assignment list --filter atScope()
+    ```

Commands/policy/assignment/_show.md

@@ -0,0 +1,18 @@
+# [Command] _policy assignment show_
+
+Retrieve a policy assignment.
+
+Retrieve and show the details of a single policy assignment with the given name and scope.
+
+## Versions
+
+### [2024-05-01](/Resources/mgmt-plane/L3tzY29wZX0vcHJvdmlkZXJzL21pY3Jvc29mdC5hdXRob3JpemF0aW9uL3BvbGljeWFzc2lnbm1lbnRzL3t9/2024-05-01.xml) **Stable**
+
+<!-- mgmt-plane /{scope}/providers/microsoft.authorization/policyassignments/{} 2024-05-01 -->
+
+#### examples
+
+- Show a resource policy assignment
+    ```bash
+        policy assignment show --name MyPolicyAssignment
+    ```

Commands/policy/assignment/_update.md

@@ -0,0 +1,18 @@
+# [Command] _policy assignment update_
+
+Update a policy assignment.
+
+Update the policy assignment with the given name and scope by applying the given property values.
+
+## Versions
+
+### [2024-05-01](/Resources/mgmt-plane/L3tzY29wZX0vcHJvdmlkZXJzL21pY3Jvc29mdC5hdXRob3JpemF0aW9uL3BvbGljeWFzc2lnbm1lbnRzL3t9/2024-05-01.xml) **Stable**
+
+<!-- mgmt-plane /{scope}/providers/microsoft.authorization/policyassignments/{} 2024-05-01 -->
+
+#### examples
+
+- Update a resource policy assignment's description
+    ```bash
+        policy assignment update --name myPolicy --description 'My policy description'
+    ```

Commands/policy/assignment/identity/_assign.md

@@ -0,0 +1,28 @@
+# [Command] _policy assignment identity assign_
+
+Assign a managed identity.
+
+Assign the system or user assigned managed identity to the policy assignment matching the given name and scope.
+
+## Versions
+
+### [2024-05-01](/Resources/mgmt-plane/L3tzY29wZX0vcHJvdmlkZXJzL21pY3Jvc29mdC5hdXRob3JpemF0aW9uL3BvbGljeWFzc2lnbm1lbnRzL3t9/2024-05-01.xml) **Stable**
+
+<!-- mgmt-plane /{scope}/providers/microsoft.authorization/policyassignments/{} 2024-05-01 identity -->
+
+#### examples
+
+- Add a system assigned managed identity to a policy assignment
+    ```bash
+        policy assignment identity assign --system-assigned -g MyResourceGroup -n MyPolicyAssignment
+    ```
+
+- Add a system assigned managed identity to a policy assignment and grant it the Contributor role for a resource group
+    ```bash
+        policy assignment identity assign --system-assigned -g MyResourceGroup -n MyPolicyAssignment --role Contributor --identity-scope /subscriptions/{subscriptionId}/resourceGroups/MyResourceGroup
+    ```
+
+- Add a user assigned managed identity to a policy assignment
+    ```bash
+        policy assignment identity assign --user-assigned MyAssignedId -g MyResourceGroup -n MyPolicyAssignment
+    ```

Commands/policy/assignment/identity/_remove.md

@@ -0,0 +1,18 @@
+# [Command] _policy assignment identity remove_
+
+Remove the managed identity.
+
+Remove the system or user assigned managed identity from the policy assignment matching the given name and scope.
+
+## Versions
+
+### [2024-05-01](/Resources/mgmt-plane/L3tzY29wZX0vcHJvdmlkZXJzL21pY3Jvc29mdC5hdXRob3JpemF0aW9uL3BvbGljeWFzc2lnbm1lbnRzL3t9/2024-05-01.xml) **Stable**
+
+<!-- mgmt-plane /{scope}/providers/microsoft.authorization/policyassignments/{} 2024-05-01 identity -->
+
+#### examples
+
+- Remove user assigned managed identity from a policy assignment
+    ```bash
+        policy assignment identity remove --name MyPolicyAssignment --user-assigned
+    ```

Commands/policy/assignment/identity/_show.md

@@ -0,0 +1,18 @@
+# [Command] _policy assignment identity show_
+
+Retrieve the managed identity.
+
+Retrieve and show the details of the system or user assigned managed identity of the policy assignment matching the given name and scope.
+
+## Versions
+
+### [2024-05-01](/Resources/mgmt-plane/L3tzY29wZX0vcHJvdmlkZXJzL21pY3Jvc29mdC5hdXRob3JpemF0aW9uL3BvbGljeWFzc2lnbm1lbnRzL3t9/2024-05-01.xml) **Stable**
+
+<!-- mgmt-plane /{scope}/providers/microsoft.authorization/policyassignments/{} 2024-05-01 identity -->
+
+#### examples
+
+- Show a policy assignment's managed identity
+    ```bash
+        policy assignment identity show --name MyPolicyAssignment --scope '/providers/Microsoft.Management/managementGroups/{managementGroupName}'
+    ```

Commands/policy/assignment/identity/readme.md

@@ -0,0 +1,16 @@
+# [Group] _policy assignment identity_
+
+Managed identity of the policy assignment.
+
+The system or user assigned managed identity used by the enclosing policy assignment for remediation tasks.
+
+## Commands
+
+- [assign](/Commands/policy/assignment/identity/_assign.md)
+: Assign a managed identity.
+
+- [remove](/Commands/policy/assignment/identity/_remove.md)
+: Remove the managed identity.
+
+- [show](/Commands/policy/assignment/identity/_show.md)
+: Retrieve the managed identity.

Commands/policy/assignment/non-compliance-message/_create.md

@@ -0,0 +1,23 @@
+# [Command] _policy assignment non-compliance-message create_
+
+Create a non-compliance message.
+
+Create a customized message used to report non-compliance by the policy assignment matching the given name and scope.
+
+## Versions
+
+### [2024-05-01](/Resources/mgmt-plane/L3tzY29wZX0vcHJvdmlkZXJzL21pY3Jvc29mdC5hdXRob3JpemF0aW9uL3BvbGljeWFzc2lnbm1lbnRzL3t9/2024-05-01.xml) **Stable**
+
+<!-- mgmt-plane /{scope}/providers/microsoft.authorization/policyassignments/{} 2024-05-01 properties.nonComplianceMessages[] -->
+
+#### examples
+
+- Add a non-compliance message to a policy assignment
+    ```bash
+        policy assignment non-compliance-message create -g MyResourceGroup -n MyPolicyAssignment -m 'Resources must follow naming standards'
+    ```
+
+- Add a non-compliance message for a specific policy in an assigned policy set definition
+    ```bash
+        policy assignment non-compliance-message create -g MyResourceGroup -n MyPolicySetAssignment -m 'Resources must use allowed SKUs' --policy-definition-reference-id SkuPolicyRefId
+    ```

Commands/policy/assignment/non-compliance-message/_delete.md

@@ -0,0 +1,23 @@
+# [Command] _policy assignment non-compliance-message delete_
+
+Delete a non-compliance message.
+
+Delete a non-compliance message from the policy assignment matching the given name and scope.
+
+## Versions
+
+### [2024-05-01](/Resources/mgmt-plane/L3tzY29wZX0vcHJvdmlkZXJzL21pY3Jvc29mdC5hdXRob3JpemF0aW9uL3BvbGljeWFzc2lnbm1lbnRzL3t9/2024-05-01.xml) **Stable**
+
+<!-- mgmt-plane /{scope}/providers/microsoft.authorization/policyassignments/{} 2024-05-01 properties.nonComplianceMessages[] -->
+
+#### examples
+
+- Remove non-compliance messages from a policy assignment that contain a specific message and no policy definition reference ID
+    ```bash
+        policy assignment non-compliance-message delete -g MyResourceGroup -n MyPolicyAssignment -m 'Resources must follow naming standards'
+    ```
+
+- Remove non-compliance messages from a policy assignment that contain a specific message and a specific policy definition reference ID
+    ```bash
+        policy assignment non-compliance-message delete -g MyResourceGroup -n MyPolicySetAssignment -m 'Resources must use allowed SKUs' --policy-definition-reference-id SkuPolicyRefId
+    ```

Commands/policy/assignment/non-compliance-message/_list.md

@@ -0,0 +1,18 @@
+# [Command] _policy assignment non-compliance-message list_
+
+Retrieve non-compliance messages.
+
+Retrieve all non-compliance messages from the policy assignment matching the given name and scope.
+
+## Versions
+
+### [2024-05-01](/Resources/mgmt-plane/L3tzY29wZX0vcHJvdmlkZXJzL21pY3Jvc29mdC5hdXRob3JpemF0aW9uL3BvbGljeWFzc2lnbm1lbnRzL3t9/2024-05-01.xml) **Stable**
+
+<!-- mgmt-plane /{scope}/providers/microsoft.authorization/policyassignments/{} 2024-05-01 properties.nonComplianceMessages -->
+
+#### examples
+
+- List the non-compliance messages for a policy assignment
+    ```bash
+        policy assignment non-compliance-message list -g MyResourceGroup -n MyPolicyAssignment
+    ```

Commands/policy/assignment/non-compliance-message/_show.md

@@ -0,0 +1,18 @@
+# [Command] _policy assignment non-compliance-message show_
+
+Retrieve a non-compliance message.
+
+Retrieve and show the details of a non-compliance message belonging to the policy assignment matching the given name and scope.
+
+## Versions
+
+### [2024-05-01](/Resources/mgmt-plane/L3tzY29wZX0vcHJvdmlkZXJzL21pY3Jvc29mdC5hdXRob3JpemF0aW9uL3BvbGljeWFzc2lnbm1lbnRzL3t9/2024-05-01.xml) **Stable**
+
+<!-- mgmt-plane /{scope}/providers/microsoft.authorization/policyassignments/{} 2024-05-01 properties.nonComplianceMessages[] -->
+
+#### examples
+
+- Show the non-compliance message from a policy assignment that contains a specific message and policy definition reference ID
+    ```bash
+        policy assignment non-compliance-message show -g MyResourceGroup -n MyPolicySetAssignment -m 'Resources must use allowed SKUs' --policy-definition-reference-id SkuPolicyRefId
+    ```

Commands/policy/assignment/non-compliance-message/_update.md

@@ -0,0 +1,18 @@
+# [Command] _policy assignment non-compliance-message update_
+
+Update a non-compliance message.
+
+Update a non-compliance message belonging to the policy assignment matching the given name and scope.
+
+## Versions
+
+### [2024-05-01](/Resources/mgmt-plane/L3tzY29wZX0vcHJvdmlkZXJzL21pY3Jvc29mdC5hdXRob3JpemF0aW9uL3BvbGljeWFzc2lnbm1lbnRzL3t9/2024-05-01.xml) **Stable**
+
+<!-- mgmt-plane /{scope}/providers/microsoft.authorization/policyassignments/{} 2024-05-01 properties.nonComplianceMessages[] -->
+
+#### examples
+
+- Update the non-compliance message for a specific policy in an assigned policy set definition
+    ```bash
+        policy assignment non-compliance-message update -g MyResourceGroup -n MyPolicySetAssignment -m 'Resources may only use SKUs from [preferredSKU, anotherGoodSKU]' --policy-definition-reference-id SkuPolicyRefId
+    ```

Commands/policy/assignment/non-compliance-message/readme.md

@@ -0,0 +1,22 @@
+# [Group] _policy assignment non-compliance-message_
+
+Non-compliance message used by the policy assignment.
+
+Customized message used by the enclosing policy assignment to report non-compliance.
+
+## Commands
+
+- [create](/Commands/policy/assignment/non-compliance-message/_create.md)
+: Create a non-compliance message.
+
+- [delete](/Commands/policy/assignment/non-compliance-message/_delete.md)
+: Delete a non-compliance message.
+
+- [list](/Commands/policy/assignment/non-compliance-message/_list.md)
+: Retrieve non-compliance messages.
+
+- [show](/Commands/policy/assignment/non-compliance-message/_show.md)
+: Retrieve a non-compliance message.
+
+- [update](/Commands/policy/assignment/non-compliance-message/_update.md)
+: Update a non-compliance message.

Commands/policy/assignment/readme.md

@@ -0,0 +1,30 @@
+# [Group] _policy assignment_
+
+Manage policy assignments.
+
+Policy assignments are used to apply a policy definition or policy set definition to a given resource scope.
+
+## Subgroups
+
+- [identity](/Commands/policy/assignment/identity/readme.md)
+: Managed identity of the policy assignment.
+
+- [non-compliance-message](/Commands/policy/assignment/non-compliance-message/readme.md)
+: Non-compliance message used by the policy assignment.
+
+## Commands
+
+- [create](/Commands/policy/assignment/_create.md)
+: Create a policy assignment.
+
+- [delete](/Commands/policy/assignment/_delete.md)
+: Delete a policy assignment.
+
+- [list](/Commands/policy/assignment/_list.md)
+: Retrieve all applicable policy assignments.
+
+- [show](/Commands/policy/assignment/_show.md)
+: Retrieve a policy assignment.
+
+- [update](/Commands/policy/assignment/_update.md)
+: Update a policy assignment.