Policy States - List Query Results For Policy Set Definition

Referência

Service:: Policy

API Version:: 2019-10-01

Consulta os estados da política para a definição do conjunto de políticas ao nível da subscrição.

POST https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}/providers/Microsoft.PolicyInsights/policyStates/{policyStatesResource}/queryResults?api-version=2019-10-01

With optional parameters:

POST https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}/providers/Microsoft.PolicyInsights/policyStates/{policyStatesResource}/queryResults?api-version=2019-10-01&$top={$top}&$orderby={$orderby}&$select={$select}&$from={$from}&$to={$to}&$filter={$filter}&$apply={$apply}&$skiptoken={$skiptoken}

Parâmetros do URI

Name	Em	Necessário	Tipo	Description
authorizationNamespace	path	True	AuthorizationNamespaceType	O espaço de nomes do fornecedor de recursos de Autorização da Microsoft; só é permitido "Microsoft.Authorization".
policySetDefinitionName	path	True	string	Nome da definição do conjunto de políticas.
policyStatesResource	path	True	PolicyStatesResource	O recurso virtual em PolicyStates tipo de recurso. Num determinado intervalo de tempo, "mais recente" representa os estados da política mais recentes, enquanto "predefinição" representa todos os estados da política.
subscriptionId	path	True	string	ID da subscrição do Microsoft Azure.
api-version	query	True	string	Versão da API do Cliente.
$apply	query		string	OData aplica expressão para agregações.
$filter	query		string	Expressão de filtro OData.
$from	query		string date-time	IsO 8601 formatado carimbo de data/hora especificando a hora de início do intervalo a consultar. Quando não for especificado, o serviço utiliza ($to - 1 dia).
$orderby	query		string	Expressão de ordenação com notação OData. Um ou mais nomes de coluna separados por vírgulas com um "desc" opcional (a predefinição) ou "asc", por exemplo, "$orderby=PolicyAssignmentId, ResourceId asc".
$select	query		string	Selecione expressão com a notação OData. Limita as colunas em cada registo apenas às pedidas, por exemplo, "$select=PolicyAssignmentId, ResourceId".
$skiptoken	query		string	O skiptoken só é fornecido se uma resposta anterior devolver um resultado parcial como parte do elemento nextLink.
$to	query		string date-time	IsO 8601 formatado carimbo de data/hora especificando a hora de fim do intervalo para consulta. Quando não for especificado, o serviço utiliza o tempo de pedido.
$top	query		integer int32	Número máximo de registos a devolver.

Respostas

Name	Tipo	Description
200 OK	PolicyStatesQueryResults	Resultados da consulta.
Other Status Codes	QueryFailure	Resposta de erro que descreve o motivo pela qual a operação falhou.

Segurança

azure_auth

Fluxo OAuth2 do Azure Active Directory

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name	Description
user_impersonation	representar a sua conta de utilizador

Exemplos

Query latest at subscription level policy set definition scope

Query latest at subscription level policy set definition scope with next link

Query latest at subscription level policy set definition scope

Sample Request

POST https://management.azure.com/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/Microsoft.Authorization/policySetDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e338c/providers/Microsoft.PolicyInsights/policyStates/latest/queryResults?api-version=2019-10-01

import com.azure.core.util.Context;
import com.azure.resourcemanager.policyinsights.models.PolicyStatesResource;

/** Samples for PolicyStates ListQueryResultsForPolicySetDefinition. */
public final class Main {
    /*
     * x-ms-original-file: specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2019-10-01/examples/PolicyStates_QuerySubscriptionLevelPolicySetDefinitionScope.json
     */
    /**
     * Sample code: Query latest at subscription level policy set definition scope.
     *
     * @param manager Entry point to PolicyInsightsManager.
     */
    public static void queryLatestAtSubscriptionLevelPolicySetDefinitionScope(
        com.azure.resourcemanager.policyinsights.PolicyInsightsManager manager) {
        manager
            .policyStates()
            .listQueryResultsForPolicySetDefinition(
                PolicyStatesResource.LATEST,
                "fffedd8f-ffff-fffd-fffd-fffed2f84852",
                "3e3807c1-65c9-49e0-a406-82d8ae3e338c",
                null,
                null,
                null,
                null,
                null,
                null,
                null,
                null,
                Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

from azure.identity import DefaultAzureCredential
from azure.mgmt.policyinsights import PolicyInsightsClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-policyinsights
# USAGE
    python policy_states_query_subscription_level_policy_set_definition_scope.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = PolicyInsightsClient(
        credential=DefaultAzureCredential(),
        subscription_id="fffedd8f-ffff-fffd-fffd-fffed2f84852",
    )

    response = client.policy_states.list_query_results_for_policy_set_definition(
        policy_states_resource="latest",
        subscription_id="fffedd8f-ffff-fffd-fffd-fffed2f84852",
        policy_set_definition_name="3e3807c1-65c9-49e0-a406-82d8ae3e338c",
    )
    for item in response:
        print(item)


# x-ms-original-file: specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2019-10-01/examples/PolicyStates_QuerySubscriptionLevelPolicySetDefinitionScope.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armpolicyinsights_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/policyinsights/armpolicyinsights"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/05a9cdab363b8ec824094ee73950c04594325172/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2019-10-01/examples/PolicyStates_QuerySubscriptionLevelPolicySetDefinitionScope.json
func ExamplePolicyStatesClient_NewListQueryResultsForPolicySetDefinitionPager_queryLatestAtSubscriptionLevelPolicySetDefinitionScope() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicyinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	pager := clientFactory.NewPolicyStatesClient().NewListQueryResultsForPolicySetDefinitionPager(armpolicyinsights.PolicyStatesResourceLatest, "fffedd8f-ffff-fffd-fffd-fffed2f84852", "3e3807c1-65c9-49e0-a406-82d8ae3e338c", &armpolicyinsights.QueryOptions{Top: nil,
		Filter:    nil,
		OrderBy:   nil,
		Select:    nil,
		From:      nil,
		To:        nil,
		Apply:     nil,
		SkipToken: nil,
		Expand:    nil,
	}, nil)
	for pager.More() {
		page, err := pager.NextPage(ctx)
		if err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		for _, v := range page.Value {
			// You could use page here. We use blank identifier for just demo purposes.
			_ = v
		}
		// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
		// page.PolicyStatesQueryResults = armpolicyinsights.PolicyStatesQueryResults{
		// 	ODataContext: to.Ptr("https://management.azure.com/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/Microsoft.Authorization/policySetDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e338c/providers/Microsoft.PolicyInsights/policyStates/$metadata#latest"),
		// 	ODataCount: to.Ptr[int32](2),
		// 	Value: []*armpolicyinsights.PolicyState{
		// 		{
		// 			ODataContext: to.Ptr("https://management.azure.com/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/Microsoft.Authorization/policySetDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e338c/providers/Microsoft.PolicyInsights/policyStates/$metadata#latest/$entity"),
		// 			ComplianceState: to.Ptr("NonCompliant"),
		// 			IsCompliant: to.Ptr(false),
		// 			ManagementGroupIDs: to.Ptr("mymg,fff988bf-fff1-ffff-fffb-fffcd011db47"),
		// 			PolicyAssignmentID: to.Ptr("/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/Microsoft.Authorization/policyAssignments/3f3c4330183b4e218fe6fd29"),
		// 			PolicyAssignmentName: to.Ptr("3f3c4330183b4e218fe6fd29"),
		// 			PolicyAssignmentOwner: to.Ptr("tbd"),
		// 			PolicyAssignmentParameters: to.Ptr("{}"),
		// 			PolicyAssignmentScope: to.Ptr("/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852"),
		// 			PolicyAssignmentVersion: to.Ptr("1.0.0"),
		// 			PolicyDefinitionAction: to.Ptr("audit"),
		// 			PolicyDefinitionCategory: to.Ptr("tbd"),
		// 			PolicyDefinitionGroupNames: []*string{
		// 				to.Ptr("myGroup")},
		// 				PolicyDefinitionID: to.Ptr("/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/Microsoft.Authorization/policyDefinitions/24813039-7534-408a-9842-eb99f45721b1"),
		// 				PolicyDefinitionName: to.Ptr("24813039-7534-408a-9842-eb99f45721b1"),
		// 				PolicyDefinitionVersion: to.Ptr("1.0.0-preview"),
		// 				PolicySetDefinitionID: to.Ptr("/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/Microsoft.Authorization/policySetDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e338c"),
		// 				PolicySetDefinitionName: to.Ptr("3e3807c1-65c9-49e0-a406-82d8ae3e338c"),
		// 				PolicySetDefinitionVersion: to.Ptr("2.0.1"),
		// 				ResourceGroup: to.Ptr("myResourceGroup"),
		// 				ResourceID: to.Ptr("/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourceGroups/myResourceGroup/providers/Microsoft.Web/sites/mySite"),
		// 				ResourceLocation: to.Ptr("centralus"),
		// 				ResourceTags: to.Ptr("tbd"),
		// 				ResourceType: to.Ptr("/Microsoft.Web/sites"),
		// 				SubscriptionID: to.Ptr("fffedd8f-ffff-fffd-fffd-fffed2f84852"),
		// 				Timestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-10-13T00:54:58.000Z"); return t}()),
		// 			},
		// 			{
		// 				ODataContext: to.Ptr("https://management.azure.com/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/Microsoft.Authorization/policySetDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e338c/providers/Microsoft.PolicyInsights/policyStates/$metadata#latest/$entity"),
		// 				ComplianceState: to.Ptr("Compliant"),
		// 				IsCompliant: to.Ptr(true),
		// 				ManagementGroupIDs: to.Ptr("mymg,fff988bf-fff1-ffff-fffb-fffcd011db47"),
		// 				PolicyAssignmentID: to.Ptr("/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/Microsoft.Authorization/policyAssignments/3f3c4330183b4e218fe6fd29"),
		// 				PolicyAssignmentName: to.Ptr("3f3c4330183b4e218fe6fd29"),
		// 				PolicyAssignmentOwner: to.Ptr("tbd"),
		// 				PolicyAssignmentParameters: to.Ptr("{}"),
		// 				PolicyAssignmentScope: to.Ptr("/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852"),
		// 				PolicyAssignmentVersion: to.Ptr("1.0.0"),
		// 				PolicyDefinitionAction: to.Ptr("Audit"),
		// 				PolicyDefinitionCategory: to.Ptr("tbd"),
		// 				PolicyDefinitionGroupNames: []*string{
		// 					to.Ptr("myGroup")},
		// 					PolicyDefinitionID: to.Ptr("/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/Microsoft.Authorization/policyDefinitions/LocationAuditDefinition"),
		// 					PolicyDefinitionName: to.Ptr("LocationAuditDefinition"),
		// 					PolicyDefinitionVersion: to.Ptr("1.0.0-preview"),
		// 					PolicySetDefinitionID: to.Ptr("/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/Microsoft.Authorization/policySetDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e338c"),
		// 					PolicySetDefinitionName: to.Ptr("3e3807c1-65c9-49e0-a406-82d8ae3e338c"),
		// 					PolicySetDefinitionVersion: to.Ptr("2.0.1"),
		// 					ResourceGroup: to.Ptr("myResourceGroup"),
		// 					ResourceID: to.Ptr("/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourceGroups/myResourceGroup/providers/Microsoft.Web/sites/mySite"),
		// 					ResourceLocation: to.Ptr("centralus"),
		// 					ResourceTags: to.Ptr("tbd"),
		// 					ResourceType: to.Ptr("/Microsoft.Web/sites"),
		// 					SubscriptionID: to.Ptr("fffedd8f-ffff-fffd-fffd-fffed2f84852"),
		// 					Timestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-10-13T00:54:58.000Z"); return t}()),
		// 			}},
		// 		}
	}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { PolicyInsightsClient } = require("@azure/arm-policyinsights");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Queries policy states for the subscription level policy set definition.
 *
 * @summary Queries policy states for the subscription level policy set definition.
 * x-ms-original-file: specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2019-10-01/examples/PolicyStates_QuerySubscriptionLevelPolicySetDefinitionScope.json
 */
async function queryLatestAtSubscriptionLevelPolicySetDefinitionScope() {
  const subscriptionId =
    process.env["POLICYINSIGHTS_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
  const policyStatesResource = "latest";
  const policySetDefinitionName = "3e3807c1-65c9-49e0-a406-82d8ae3e338c";
  const credential = new DefaultAzureCredential();
  const client = new PolicyInsightsClient(credential, subscriptionId);
  const resArray = new Array();
  for await (let item of client.policyStates.listQueryResultsForPolicySetDefinition(
    policyStatesResource,
    subscriptionId,
    policySetDefinitionName
  )) {
    resArray.push(item);
  }
  console.log(resArray);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:: 200

{
  "@odata.nextLink": null,
  "@odata.context": "https://management.azure.com/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/Microsoft.Authorization/policySetDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e338c/providers/Microsoft.PolicyInsights/policyStates/$metadata#latest",
  "@odata.count": 2,
  "value": [
    {
      "@odata.id": null,
      "@odata.context": "https://management.azure.com/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/Microsoft.Authorization/policySetDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e338c/providers/Microsoft.PolicyInsights/policyStates/$metadata#latest/$entity",
      "timestamp": "2019-10-13T00:54:58Z",
      "resourceId": "/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourceGroups/myResourceGroup/providers/Microsoft.Web/sites/mySite",
      "policyAssignmentId": "/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/Microsoft.Authorization/policyAssignments/3f3c4330183b4e218fe6fd29",
      "policyDefinitionId": "/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/Microsoft.Authorization/policyDefinitions/24813039-7534-408a-9842-eb99f45721b1",
      "effectiveParameters": null,
      "isCompliant": false,
      "subscriptionId": "fffedd8f-ffff-fffd-fffd-fffed2f84852",
      "resourceType": "/Microsoft.Web/sites",
      "resourceLocation": "centralus",
      "resourceGroup": "myResourceGroup",
      "resourceTags": "tbd",
      "policyAssignmentName": "3f3c4330183b4e218fe6fd29",
      "policyAssignmentOwner": "tbd",
      "policyAssignmentParameters": "{}",
      "policyAssignmentScope": "/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852",
      "policyDefinitionName": "24813039-7534-408a-9842-eb99f45721b1",
      "policyDefinitionAction": "audit",
      "policyDefinitionCategory": "tbd",
      "policySetDefinitionId": "/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/Microsoft.Authorization/policySetDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e338c",
      "policySetDefinitionName": "3e3807c1-65c9-49e0-a406-82d8ae3e338c",
      "policySetDefinitionOwner": null,
      "policySetDefinitionCategory": null,
      "policySetDefinitionParameters": null,
      "managementGroupIds": "mymg,fff988bf-fff1-ffff-fffb-fffcd011db47",
      "policyDefinitionReferenceId": null,
      "complianceState": "NonCompliant",
      "policyDefinitionGroupNames": [
        "myGroup"
      ],
      "policyDefinitionVersion": "1.0.0-preview",
      "policySetDefinitionVersion": "2.0.1",
      "policyAssignmentVersion": "1.0.0"
    },
    {
      "@odata.id": null,
      "@odata.context": "https://management.azure.com/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/Microsoft.Authorization/policySetDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e338c/providers/Microsoft.PolicyInsights/policyStates/$metadata#latest/$entity",
      "timestamp": "2019-10-13T00:54:58Z",
      "resourceId": "/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourceGroups/myResourceGroup/providers/Microsoft.Web/sites/mySite",
      "policyAssignmentId": "/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/Microsoft.Authorization/policyAssignments/3f3c4330183b4e218fe6fd29",
      "policyDefinitionId": "/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/Microsoft.Authorization/policyDefinitions/LocationAuditDefinition",
      "effectiveParameters": null,
      "isCompliant": true,
      "subscriptionId": "fffedd8f-ffff-fffd-fffd-fffed2f84852",
      "resourceType": "/Microsoft.Web/sites",
      "resourceLocation": "centralus",
      "resourceGroup": "myResourceGroup",
      "resourceTags": "tbd",
      "policyAssignmentName": "3f3c4330183b4e218fe6fd29",
      "policyAssignmentOwner": "tbd",
      "policyAssignmentParameters": "{}",
      "policyAssignmentScope": "/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852",
      "policyDefinitionName": "LocationAuditDefinition",
      "policyDefinitionAction": "Audit",
      "policyDefinitionCategory": "tbd",
      "policySetDefinitionId": "/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/Microsoft.Authorization/policySetDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e338c",
      "policySetDefinitionName": "3e3807c1-65c9-49e0-a406-82d8ae3e338c",
      "policySetDefinitionOwner": null,
      "policySetDefinitionCategory": null,
      "policySetDefinitionParameters": null,
      "managementGroupIds": "mymg,fff988bf-fff1-ffff-fffb-fffcd011db47",
      "policyDefinitionReferenceId": null,
      "complianceState": "Compliant",
      "policyDefinitionGroupNames": [
        "myGroup"
      ],
      "policyDefinitionVersion": "1.0.0-preview",
      "policySetDefinitionVersion": "2.0.1",
      "policyAssignmentVersion": "1.0.0"
    }
  ]
}

Query latest at subscription level policy set definition scope with next link

Sample Request

POST https://management.azure.com/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/Microsoft.Authorization/policySetDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e338c/providers/Microsoft.PolicyInsights/policyStates/latest/queryResults?api-version=2019-10-01&$skiptoken=WpmWfBSvPhkAK6QD

import com.azure.core.util.Context;
import com.azure.resourcemanager.policyinsights.models.PolicyStatesResource;

/** Samples for PolicyStates ListQueryResultsForPolicySetDefinition. */
public final class Main {
    /*
     * x-ms-original-file: specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2019-10-01/examples/PolicyStates_QuerySubscriptionLevelPolicySetDefinitionScopeNextLink.json
     */
    /**
     * Sample code: Query latest at subscription level policy set definition scope with next link.
     *
     * @param manager Entry point to PolicyInsightsManager.
     */
    public static void queryLatestAtSubscriptionLevelPolicySetDefinitionScopeWithNextLink(
        com.azure.resourcemanager.policyinsights.PolicyInsightsManager manager) {
        manager
            .policyStates()
            .listQueryResultsForPolicySetDefinition(
                PolicyStatesResource.LATEST,
                "fffedd8f-ffff-fffd-fffd-fffed2f84852",
                "3e3807c1-65c9-49e0-a406-82d8ae3e338c",
                null,
                null,
                null,
                null,
                null,
                null,
                null,
                "WpmWfBSvPhkAK6QD",
                Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

from azure.identity import DefaultAzureCredential
from azure.mgmt.policyinsights import PolicyInsightsClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-policyinsights
# USAGE
    python policy_states_query_subscription_level_policy_set_definition_scope_next_link.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = PolicyInsightsClient(
        credential=DefaultAzureCredential(),
        subscription_id="fffedd8f-ffff-fffd-fffd-fffed2f84852",
    )

    response = client.policy_states.list_query_results_for_policy_set_definition(
        policy_states_resource="latest",
        subscription_id="fffedd8f-ffff-fffd-fffd-fffed2f84852",
        policy_set_definition_name="3e3807c1-65c9-49e0-a406-82d8ae3e338c",
    )
    for item in response:
        print(item)


# x-ms-original-file: specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2019-10-01/examples/PolicyStates_QuerySubscriptionLevelPolicySetDefinitionScopeNextLink.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armpolicyinsights_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/policyinsights/armpolicyinsights"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/05a9cdab363b8ec824094ee73950c04594325172/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2019-10-01/examples/PolicyStates_QuerySubscriptionLevelPolicySetDefinitionScopeNextLink.json
func ExamplePolicyStatesClient_NewListQueryResultsForPolicySetDefinitionPager_queryLatestAtSubscriptionLevelPolicySetDefinitionScopeWithNextLink() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicyinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	pager := clientFactory.NewPolicyStatesClient().NewListQueryResultsForPolicySetDefinitionPager(armpolicyinsights.PolicyStatesResourceLatest, "fffedd8f-ffff-fffd-fffd-fffed2f84852", "3e3807c1-65c9-49e0-a406-82d8ae3e338c", &armpolicyinsights.QueryOptions{Top: nil,
		Filter:    nil,
		OrderBy:   nil,
		Select:    nil,
		From:      nil,
		To:        nil,
		Apply:     nil,
		SkipToken: to.Ptr("WpmWfBSvPhkAK6QD"),
		Expand:    nil,
	}, nil)
	for pager.More() {
		page, err := pager.NextPage(ctx)
		if err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		for _, v := range page.Value {
			// You could use page here. We use blank identifier for just demo purposes.
			_ = v
		}
		// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
		// page.PolicyStatesQueryResults = armpolicyinsights.PolicyStatesQueryResults{
		// 	ODataContext: to.Ptr("https://management.azure.com/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/Microsoft.Authorization/policySetDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e338c/providers/Microsoft.PolicyInsights/policyStates/$metadata#latest"),
		// 	ODataCount: to.Ptr[int32](2),
		// 	Value: []*armpolicyinsights.PolicyState{
		// 		{
		// 			ODataContext: to.Ptr("https://management.azure.com/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/Microsoft.Authorization/policySetDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e338c/providers/Microsoft.PolicyInsights/policyStates/$metadata#latest/$entity"),
		// 			ComplianceState: to.Ptr("NonCompliant"),
		// 			IsCompliant: to.Ptr(false),
		// 			ManagementGroupIDs: to.Ptr("mymg,fff988bf-fff1-ffff-fffb-fffcd011db47"),
		// 			PolicyAssignmentID: to.Ptr("/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/Microsoft.Authorization/policyAssignments/3f3c4330183b4e218fe6fd29"),
		// 			PolicyAssignmentName: to.Ptr("3f3c4330183b4e218fe6fd29"),
		// 			PolicyAssignmentOwner: to.Ptr("tbd"),
		// 			PolicyAssignmentParameters: to.Ptr("{}"),
		// 			PolicyAssignmentScope: to.Ptr("/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852"),
		// 			PolicyDefinitionAction: to.Ptr("audit"),
		// 			PolicyDefinitionCategory: to.Ptr("tbd"),
		// 			PolicyDefinitionGroupNames: []*string{
		// 				to.Ptr("myGroup")},
		// 				PolicyDefinitionID: to.Ptr("/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/Microsoft.Authorization/policyDefinitions/24813039-7534-408a-9842-eb99f45721b1"),
		// 				PolicyDefinitionName: to.Ptr("24813039-7534-408a-9842-eb99f45721b1"),
		// 				PolicySetDefinitionID: to.Ptr("/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/Microsoft.Authorization/policySetDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e338c"),
		// 				PolicySetDefinitionName: to.Ptr("3e3807c1-65c9-49e0-a406-82d8ae3e338c"),
		// 				ResourceGroup: to.Ptr("myResourceGroup"),
		// 				ResourceID: to.Ptr("/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourceGroups/myResourceGroup/providers/Microsoft.Web/sites/mySite"),
		// 				ResourceLocation: to.Ptr("centralus"),
		// 				ResourceTags: to.Ptr("tbd"),
		// 				ResourceType: to.Ptr("/Microsoft.Web/sites"),
		// 				SubscriptionID: to.Ptr("fffedd8f-ffff-fffd-fffd-fffed2f84852"),
		// 				Timestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-10-13T00:54:58.000Z"); return t}()),
		// 			},
		// 			{
		// 				ODataContext: to.Ptr("https://management.azure.com/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/Microsoft.Authorization/policySetDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e338c/providers/Microsoft.PolicyInsights/policyStates/$metadata#latest/$entity"),
		// 				ComplianceState: to.Ptr("Compliant"),
		// 				IsCompliant: to.Ptr(true),
		// 				ManagementGroupIDs: to.Ptr("mymg,fff988bf-fff1-ffff-fffb-fffcd011db47"),
		// 				PolicyAssignmentID: to.Ptr("/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/Microsoft.Authorization/policyAssignments/3f3c4330183b4e218fe6fd29"),
		// 				PolicyAssignmentName: to.Ptr("3f3c4330183b4e218fe6fd29"),
		// 				PolicyAssignmentOwner: to.Ptr("tbd"),
		// 				PolicyAssignmentParameters: to.Ptr("{}"),
		// 				PolicyAssignmentScope: to.Ptr("/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852"),
		// 				PolicyDefinitionAction: to.Ptr("Audit"),
		// 				PolicyDefinitionCategory: to.Ptr("tbd"),
		// 				PolicyDefinitionGroupNames: []*string{
		// 					to.Ptr("myGroup")},
		// 					PolicyDefinitionID: to.Ptr("/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/Microsoft.Authorization/policyDefinitions/LocationAuditDefinition"),
		// 					PolicyDefinitionName: to.Ptr("LocationAuditDefinition"),
		// 					PolicySetDefinitionID: to.Ptr("/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/Microsoft.Authorization/policySetDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e338c"),
		// 					PolicySetDefinitionName: to.Ptr("3e3807c1-65c9-49e0-a406-82d8ae3e338c"),
		// 					ResourceGroup: to.Ptr("myResourceGroup"),
		// 					ResourceID: to.Ptr("/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourceGroups/myResourceGroup/providers/Microsoft.Web/sites/mySite"),
		// 					ResourceLocation: to.Ptr("centralus"),
		// 					ResourceTags: to.Ptr("tbd"),
		// 					ResourceType: to.Ptr("/Microsoft.Web/sites"),
		// 					SubscriptionID: to.Ptr("fffedd8f-ffff-fffd-fffd-fffed2f84852"),
		// 					Timestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-10-13T00:54:58.000Z"); return t}()),
		// 			}},
		// 		}
	}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { PolicyInsightsClient } = require("@azure/arm-policyinsights");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Queries policy states for the subscription level policy set definition.
 *
 * @summary Queries policy states for the subscription level policy set definition.
 * x-ms-original-file: specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2019-10-01/examples/PolicyStates_QuerySubscriptionLevelPolicySetDefinitionScopeNextLink.json
 */
async function queryLatestAtSubscriptionLevelPolicySetDefinitionScopeWithNextLink() {
  const subscriptionId =
    process.env["POLICYINSIGHTS_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
  const policyStatesResource = "latest";
  const policySetDefinitionName = "3e3807c1-65c9-49e0-a406-82d8ae3e338c";
  const skipToken = "WpmWfBSvPhkAK6QD";
  const options = {
    queryOptions: { skipToken: skipToken },
  };
  const credential = new DefaultAzureCredential();
  const client = new PolicyInsightsClient(credential, subscriptionId);
  const resArray = new Array();
  for await (let item of client.policyStates.listQueryResultsForPolicySetDefinition(
    policyStatesResource,
    subscriptionId,
    policySetDefinitionName,
    options
  )) {
    resArray.push(item);
  }
  console.log(resArray);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:: 200

{
  "@odata.nextLink": null,
  "@odata.context": "https://management.azure.com/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/Microsoft.Authorization/policySetDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e338c/providers/Microsoft.PolicyInsights/policyStates/$metadata#latest",
  "@odata.count": 2,
  "value": [
    {
      "@odata.id": null,
      "@odata.context": "https://management.azure.com/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/Microsoft.Authorization/policySetDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e338c/providers/Microsoft.PolicyInsights/policyStates/$metadata#latest/$entity",
      "timestamp": "2019-10-13T00:54:58Z",
      "resourceId": "/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourceGroups/myResourceGroup/providers/Microsoft.Web/sites/mySite",
      "policyAssignmentId": "/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/Microsoft.Authorization/policyAssignments/3f3c4330183b4e218fe6fd29",
      "policyDefinitionId": "/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/Microsoft.Authorization/policyDefinitions/24813039-7534-408a-9842-eb99f45721b1",
      "effectiveParameters": null,
      "isCompliant": false,
      "subscriptionId": "fffedd8f-ffff-fffd-fffd-fffed2f84852",
      "resourceType": "/Microsoft.Web/sites",
      "resourceLocation": "centralus",
      "resourceGroup": "myResourceGroup",
      "resourceTags": "tbd",
      "policyAssignmentName": "3f3c4330183b4e218fe6fd29",
      "policyAssignmentOwner": "tbd",
      "policyAssignmentParameters": "{}",
      "policyAssignmentScope": "/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852",
      "policyDefinitionName": "24813039-7534-408a-9842-eb99f45721b1",
      "policyDefinitionAction": "audit",
      "policyDefinitionCategory": "tbd",
      "policySetDefinitionId": "/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/Microsoft.Authorization/policySetDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e338c",
      "policySetDefinitionName": "3e3807c1-65c9-49e0-a406-82d8ae3e338c",
      "policySetDefinitionOwner": null,
      "policySetDefinitionCategory": null,
      "policySetDefinitionParameters": null,
      "managementGroupIds": "mymg,fff988bf-fff1-ffff-fffb-fffcd011db47",
      "policyDefinitionReferenceId": null,
      "complianceState": "NonCompliant",
      "policyDefinitionGroupNames": [
        "myGroup"
      ]
    },
    {
      "@odata.id": null,
      "@odata.context": "https://management.azure.com/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/Microsoft.Authorization/policySetDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e338c/providers/Microsoft.PolicyInsights/policyStates/$metadata#latest/$entity",
      "timestamp": "2019-10-13T00:54:58Z",
      "resourceId": "/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourceGroups/myResourceGroup/providers/Microsoft.Web/sites/mySite",
      "policyAssignmentId": "/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/Microsoft.Authorization/policyAssignments/3f3c4330183b4e218fe6fd29",
      "policyDefinitionId": "/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/Microsoft.Authorization/policyDefinitions/LocationAuditDefinition",
      "effectiveParameters": null,
      "isCompliant": true,
      "subscriptionId": "fffedd8f-ffff-fffd-fffd-fffed2f84852",
      "resourceType": "/Microsoft.Web/sites",
      "resourceLocation": "centralus",
      "resourceGroup": "myResourceGroup",
      "resourceTags": "tbd",
      "policyAssignmentName": "3f3c4330183b4e218fe6fd29",
      "policyAssignmentOwner": "tbd",
      "policyAssignmentParameters": "{}",
      "policyAssignmentScope": "/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852",
      "policyDefinitionName": "LocationAuditDefinition",
      "policyDefinitionAction": "Audit",
      "policyDefinitionCategory": "tbd",
      "policySetDefinitionId": "/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/Microsoft.Authorization/policySetDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e338c",
      "policySetDefinitionName": "3e3807c1-65c9-49e0-a406-82d8ae3e338c",
      "policySetDefinitionOwner": null,
      "policySetDefinitionCategory": null,
      "policySetDefinitionParameters": null,
      "managementGroupIds": "mymg,fff988bf-fff1-ffff-fffb-fffcd011db47",
      "policyDefinitionReferenceId": null,
      "complianceState": "Compliant",
      "policyDefinitionGroupNames": [
        "myGroup"
      ]
    }
  ]
}

Definições

Name	Description
AuthorizationNamespaceType	O espaço de nomes do fornecedor de recursos de Autorização da Microsoft; só é permitido "Microsoft.Authorization".
ComponentStateDetails	Detalhes do estado do componente.
Error	Definição de erro.
ExpressionEvaluationDetails	Detalhes de avaliação das expressões de linguagem de política.
IfNotExistsEvaluationDetails	Detalhes da avaliação do efeito IfNotExists.
PolicyEvaluationDetails	Detalhes da avaliação da política.
PolicyState	Registo de estado da política.
PolicyStatesQueryResults	Resultados da consulta.
PolicyStatesResource	O recurso virtual em PolicyStates tipo de recurso. Num determinado intervalo de tempo, "mais recente" representa os estados da política mais recentes, enquanto "predefinição" representa todos os estados da política.
QueryFailure	Resposta de erro.

AuthorizationNamespaceType

O espaço de nomes do fornecedor de recursos de Autorização da Microsoft; só é permitido "Microsoft.Authorization".

Name	Tipo	Description
Microsoft.Authorization	string

ComponentStateDetails

Detalhes do estado do componente.

Name	Tipo	Description
complianceState	string	Estado de conformidade do componente.
id	string	ID do componente.
name	string	Nome do componente.
timestamp	string	Carimbo de data/hora da avaliação de conformidade do componente.
type	string	Tipo de componente.

Error

Definição de erro.

Name	Tipo	Description
code	string	Código de erro específico do serviço que serve como subestado para o código de erro HTTP.
message	string	Descrição do erro.

ExpressionEvaluationDetails

Detalhes de avaliação das expressões de linguagem de política.

Name	Tipo	Description
expression	string	Expressão avaliada.
expressionKind	string	O tipo de expressão que foi avaliada.
expressionValue	object	Valor da expressão.
operator	string	Operador para comparar o valor da expressão e o valor de destino.
path	string	Caminho da propriedade se a expressão for um campo ou um alias.
result	string	Resultado da avaliação.
targetValue	object	Valor de destino a ser comparado com o valor da expressão.

IfNotExistsEvaluationDetails

Detalhes da avaliação do efeito IfNotExists.

Name	Tipo	Description
resourceId	string	ID do último recurso avaliado para o efeito IfNotExists.
totalResources	integer	Número total de recursos a que a condição de existência é aplicável.

PolicyEvaluationDetails

Detalhes da avaliação da política.

Name	Tipo	Description
evaluatedExpressions	ExpressionEvaluationDetails[]	Detalhes das expressões avaliadas.
ifNotExistsDetails	IfNotExistsEvaluationDetails	Detalhes da avaliação do efeito IfNotExists.

PolicyState

Registo de estado da política.

Name	Tipo	Description
@odata.context	string	Cadeia de contexto OData; utilizado pelos clientes OData para resolver informações de tipo com base em metadados.
@odata.id	string	ID da entidade OData; sempre definido como nulo, uma vez que os registos de estado de política não têm um ID de entidade.
complianceState	string	Estado de conformidade do recurso.
components	ComponentStateDetails[]	Os registos de conformidade de estado dos componentes são preenchidos apenas quando o URL contém a cláusula $expand=components.
effectiveParameters	string	Parâmetros eficazes para a atribuição de política.
isCompliant	boolean	Sinalizador que indica se o recurso está em conformidade com a atribuição de política em que foi avaliado. Esta propriedade foi preterida; em alternativa, utilize ComplianceState.
managementGroupIds	string	Lista separada por vírgulas de IDs de grupo de gestão, que representam a hierarquia dos grupos de gestão em que o recurso se encontra.
policyAssignmentId	string	ID de atribuição de política.
policyAssignmentName	string	Nome da atribuição de política.
policyAssignmentOwner	string	Proprietário da atribuição de política.
policyAssignmentParameters	string	Parâmetros de atribuição de políticas.
policyAssignmentScope	string	Âmbito de atribuição de políticas.
policyAssignmentVersion	string	Versão de atribuição de política avaliada.
policyDefinitionAction	string	Ação de definição de política, ou seja, efeito.
policyDefinitionCategory	string	Categoria de definição de política.
policyDefinitionGroupNames	string[]	Nomes de grupos de definição de política.
policyDefinitionId	string	ID de definição de política.
policyDefinitionName	string	Nome da definição de política.
policyDefinitionReferenceId	string	ID de referência para a definição de política dentro do conjunto de políticas, se a atribuição de política for para um conjunto de políticas.
policyDefinitionVersion	string	Versão de definição de política avaliada.
policyEvaluationDetails	PolicyEvaluationDetails	Detalhes da avaliação da política.
policySetDefinitionCategory	string	Categoria de definição do conjunto de políticas, se a atribuição de política for para um conjunto de políticas.
policySetDefinitionId	string	ID de definição do conjunto de políticas, se a atribuição de política for para um conjunto de políticas.
policySetDefinitionName	string	Nome da definição do conjunto de políticas, se a atribuição de política for para um conjunto de políticas.
policySetDefinitionOwner	string	Proprietário da definição do conjunto de políticas, se a atribuição de política for para um conjunto de políticas.
policySetDefinitionParameters	string	Parâmetros de definição de conjunto de políticas, se a atribuição de política for para um conjunto de políticas.
policySetDefinitionVersion	string	Versão de definição do conjunto de políticas avaliada.
resourceGroup	string	Nome do grupo de recursos.
resourceId	string	ID do Recurso.
resourceLocation	string	Localização do recurso.
resourceTags	string	Lista de etiquetas de recursos.
resourceType	string	Tipo de recurso.
subscriptionId	string	ID da Subscrição.
timestamp	string	Carimbo de data/hora do registo de estado da política.

PolicyStatesQueryResults

Resultados da consulta.

Name	Tipo	Description
@odata.context	string	Cadeia de contexto OData; utilizado pelos clientes OData para resolver informações de tipo com base em metadados.
@odata.count	integer	Contagem de entidades OData; representa o número de registos de estado de política devolvidos.
@odata.nextLink	string	Ligação seguinte de Odata; URL para obter o próximo conjunto de resultados.
value	PolicyState[]	Resultados da consulta.

PolicyStatesResource

O recurso virtual em PolicyStates tipo de recurso. Num determinado intervalo de tempo, "mais recente" representa os estados da política mais recentes, enquanto "predefinição" representa todos os estados da política.

Name	Tipo	Description
default	string
latest	string

QueryFailure

Resposta de erro.

Name	Tipo	Description
error	Error	Definição de erro.

Policy States - List Query Results For Policy Set Definition

Parâmetros do URI

Respostas

Segurança

azure_auth

Scopes

Exemplos

Query latest at subscription level policy set definition scope

Sample Request

Sample Response

Query latest at subscription level policy set definition scope with next link

Sample Request

Sample Response

Definições

AuthorizationNamespaceType

ComponentStateDetails

Error

ExpressionEvaluationDetails

IfNotExistsEvaluationDetails

PolicyEvaluationDetails

PolicyState

PolicyStatesQueryResults

PolicyStatesResource

QueryFailure

Recursos adicionais