Component Policy States - List Query Results For Policy Definition

Reference

Service:: Policy

API Version:: 2022-04-01

Queries component policy states for the subscription level policy definition.

POST https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}/providers/Microsoft.PolicyInsights/componentPolicyStates/latest/queryResults?api-version=2022-04-01

With optional parameters:

POST https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}/providers/Microsoft.PolicyInsights/componentPolicyStates/latest/queryResults?api-version=2022-04-01&$top={$top}&$orderby={$orderby}&$select={$select}&$from={$from}&$to={$to}&$filter={$filter}&$apply={$apply}

URI Parameters

Name	In	Required	Type	Description
authorizationNamespace	path	True	AuthorizationNamespaceType	The namespace for Microsoft Authorization resource provider; only "Microsoft.Authorization" is allowed.
componentPolicyStatesResource	path	True	ComponentPolicyStatesResource	The virtual resource under ComponentPolicyStates resource type. In a given time range, 'latest' represents the latest component policy state(s).
policyDefinitionName	path	True	string	Policy definition name. Regex pattern: `^[^<>%&:\\?/#]*$`
subscriptionId	path	True	string	Microsoft Azure subscription ID.
api-version	query	True	string	Client Api Version.
$apply	query		string	OData apply expression for aggregations.
$filter	query		string	OData filter expression.
$from	query		string date-time	ISO 8601 formatted timestamp specifying the start time of the interval to query. When not specified, the service uses ($to - 1-day).
$orderby	query		string	Ordering expression using OData notation. One or more comma-separated column names with an optional "desc" (the default) or "asc", e.g. "$orderby=PolicyAssignmentId, ResourceId asc".
$select	query		string	Select expression using OData notation. Limits the columns on each record to just those requested, e.g. "$select=PolicyAssignmentId, ResourceId".
$to	query		string date-time	ISO 8601 formatted timestamp specifying the end time of the interval to query. When not specified, the service uses request time.
$top	query		integer int32	Maximum number of records to return.

Responses

Name	Type	Description
200 OK	ComponentPolicyStatesQueryResults	Query results.
Other Status Codes	ErrorResponse	Error response describing why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name	Description
user_impersonation	impersonate your user account

Examples

Query latest component policy states at subscription level policy definition scope

Sample request

POST https://management.azure.com/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/Microsoft.Authorization/policyDefinitions/24813039-7534-408a-9842-eb99f45721b1/providers/Microsoft.PolicyInsights/componentPolicyStates/latest/queryResults?api-version=2022-04-01

from azure.identity import DefaultAzureCredential
from azure.mgmt.policyinsights import PolicyInsightsClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-policyinsights
# USAGE
    python component_policy_states_query_subscription_level_policy_definition_scope.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = PolicyInsightsClient(
        credential=DefaultAzureCredential(),
        subscription_id="fffedd8f-ffff-fffd-fffd-fffed2f84852",
    )

    response = client.component_policy_states.list_query_results_for_policy_definition(
        subscription_id="fffedd8f-ffff-fffd-fffd-fffed2f84852",
        policy_definition_name="24813039-7534-408a-9842-eb99f45721b1",
        component_policy_states_resource="latest",
    )
    print(response)


# x-ms-original-file: specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2022-04-01/examples/ComponentPolicyStates_QuerySubscriptionLevelPolicyDefinitionScope.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { PolicyInsightsClient } = require("@azure/arm-policyinsights");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Queries component policy states for the subscription level policy definition.
 *
 * @summary Queries component policy states for the subscription level policy definition.
 * x-ms-original-file: specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2022-04-01/examples/ComponentPolicyStates_QuerySubscriptionLevelPolicyDefinitionScope.json
 */
async function queryLatestComponentPolicyStatesAtSubscriptionLevelPolicyDefinitionScope() {
  const subscriptionId =
    process.env["POLICYINSIGHTS_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
  const policyDefinitionName = "24813039-7534-408a-9842-eb99f45721b1";
  const componentPolicyStatesResource = "latest";
  const credential = new DefaultAzureCredential();
  const client = new PolicyInsightsClient(credential, subscriptionId);
  const result = await client.componentPolicyStates.listQueryResultsForPolicyDefinition(
    subscriptionId,
    policyDefinitionName,
    componentPolicyStatesResource
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample response

Status code:: 200

{
  "@odata.context": "https://management.azure.com/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/Microsoft.Authorization/policyDefinitions/24813039-7534-408a-9842-eb99f45721b1/providers/Microsoft.PolicyInsights/componentPolicyStates/$metadata#latest",
  "@odata.count": 2,
  "value": [
    {
      "@odata.id": null,
      "@odata.context": "https://management.azure.com/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/Microsoft.Authorization/policyDefinitions/24813039-7534-408a-9842-eb99f45721b1/providers/Microsoft.PolicyInsights/componentPolicyStates/$metadata#latest/$entity",
      "timestamp": "2022-04-09T16:04:31Z",
      "componentId": "cert-RSA-cert-3",
      "componentType": "Certificate",
      "componentName": "cert-RSA-cert-3",
      "resourceId": "/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVault",
      "policyAssignmentId": "/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/Microsoft.Authorization/policyAssignments/d9da7e80af6344ab9d342aa7",
      "policyDefinitionId": "/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/Microsoft.Authorization/policyDefinitions/24813039-7534-408a-9842-eb99f45721b1",
      "subscriptionId": "fffedd8f-ffff-fffd-fffd-fffed2f84852",
      "resourceType": "/Microsoft.KeyVault/vaults",
      "resourceLocation": "eastus",
      "resourceGroup": "myResourceGroup",
      "policyAssignmentName": "d9da7e80af6344ab9d342aa7",
      "policyAssignmentOwner": "tbd",
      "policyAssignmentParameters": null,
      "policyAssignmentScope": "/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852",
      "policyDefinitionName": "24813039-7534-408a-9842-eb99f45721b1",
      "policyDefinitionAction": "audit",
      "policyDefinitionCategory": "tbd",
      "policySetDefinitionId": null,
      "policySetDefinitionName": null,
      "policySetDefinitionOwner": null,
      "policySetDefinitionCategory": null,
      "policySetDefinitionParameters": null,
      "policyDefinitionReferenceId": null,
      "complianceState": "NonCompliant",
      "policyDefinitionGroupNames": [
        "myGroup"
      ],
      "policyDefinitionVersion": "1.0.0-preview",
      "policySetDefinitionVersion": null,
      "policyAssignmentVersion": "1.0.0"
    },
    {
      "@odata.id": null,
      "@odata.context": "https://management.azure.com/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/Microsoft.Authorization/policyDefinitions/24813039-7534-408a-9842-eb99f45721b1/providers/Microsoft.PolicyInsights/componentPolicyStates/$metadata#latest/$entity",
      "timestamp": "2022-04-09T16:04:31Z",
      "resourceId": "/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myVault",
      "policyAssignmentId": "/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/Microsoft.Authorization/policyAssignments/d9da7e80af6344ab9d342aa7",
      "policyDefinitionId": "/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/Microsoft.Authorization/policyDefinitions/24813039-7534-408a-9842-eb99f45721b1",
      "subscriptionId": "fffedd8f-ffff-fffd-fffd-fffed2f84852",
      "resourceType": "/Microsoft.KeyVault/vaults",
      "resourceLocation": "eastus",
      "resourceGroup": "myResourceGroup",
      "policyAssignmentName": "d9da7e80af6344ab9d342aa7",
      "policyAssignmentOwner": "tbd",
      "policyAssignmentParameters": null,
      "policyAssignmentScope": "/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852",
      "policyDefinitionName": "24813039-7534-408a-9842-eb99f45721b1",
      "policyDefinitionAction": "audit",
      "policyDefinitionCategory": "tbd",
      "policySetDefinitionId": null,
      "policySetDefinitionName": null,
      "policySetDefinitionOwner": null,
      "policySetDefinitionCategory": null,
      "policySetDefinitionParameters": null,
      "policyDefinitionReferenceId": null,
      "complianceState": "Compliant",
      "policyDefinitionGroupNames": [
        "myGroup"
      ],
      "policyDefinitionVersion": "1.0.0-preview",
      "policySetDefinitionVersion": null,
      "policyAssignmentVersion": "1.0.0"
    }
  ]
}

Definitions

Name	Description
AuthorizationNamespaceType	The namespace for Microsoft Authorization resource provider; only "Microsoft.Authorization" is allowed.
ComponentExpressionEvaluationDetails	Evaluation details of policy language expressions.
ComponentPolicyEvaluationDetails	Policy evaluation details.
ComponentPolicyState	Component Policy State record.
ComponentPolicyStatesQueryResults	Query results.
ComponentPolicyStatesResource	The virtual resource under ComponentPolicyStates resource type. In a given time range, 'latest' represents the latest component policy state(s).
ErrorDefinition	Error definition.
ErrorResponse	Error response.
TypedErrorInfo	Scenario specific error details.

AuthorizationNamespaceType

The namespace for Microsoft Authorization resource provider; only "Microsoft.Authorization" is allowed.

Name	Type	Description
Microsoft.Authorization	string

ComponentExpressionEvaluationDetails

Evaluation details of policy language expressions.

Name	Type	Description
expression	string	Expression evaluated.
expressionKind	string	The kind of expression that was evaluated.
expressionValue	object	Value of the expression.
operator	string	Operator to compare the expression value and the target value.
path	string	Property path if the expression is a field or an alias.
result	string	Evaluation result.
targetValue	object	Target value to be compared with the expression value.

ComponentPolicyEvaluationDetails

Policy evaluation details.

Name	Type	Description
evaluatedExpressions	ComponentExpressionEvaluationDetails[]	Details of the evaluated expressions.
reason	string	Additional textual reason for the evaluation outcome.