Component Policy States - List Query Results For Resource Group
Queries component policy states under resource group scope.
POST https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.PolicyInsights/componentPolicyStates/latest/queryResults?api-version=2022-04-01
POST https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.PolicyInsights/componentPolicyStates/latest/queryResults?api-version=2022-04-01&$top={$top}&$orderby={$orderby}&$select={$select}&$from={$from}&$to={$to}&$filter={$filter}&$apply={$apply}
URI Parameters
Name | In | Required | Type | Description |
---|---|---|---|---|
component
|
path | True |
The virtual resource under ComponentPolicyStates resource type. In a given time range, 'latest' represents the latest component policy state(s). |
|
resource
|
path | True |
string |
Resource group name. |
subscription
|
path | True |
string |
Microsoft Azure subscription ID. |
api-version
|
query | True |
string |
Client Api Version. |
$apply
|
query |
string |
OData apply expression for aggregations. |
|
$filter
|
query |
string |
OData filter expression. |
|
$from
|
query |
string date-time |
ISO 8601 formatted timestamp specifying the start time of the interval to query. When not specified, the service uses ($to - 1-day). |
|
$orderby
|
query |
string |
Ordering expression using OData notation. One or more comma-separated column names with an optional "desc" (the default) or "asc", e.g. "$orderby=PolicyAssignmentId, ResourceId asc". |
|
$select
|
query |
string |
Select expression using OData notation. Limits the columns on each record to just those requested, e.g. "$select=PolicyAssignmentId, ResourceId". |
|
$to
|
query |
string date-time |
ISO 8601 formatted timestamp specifying the end time of the interval to query. When not specified, the service uses request time. |
|
$top
|
query |
integer int32 |
Maximum number of records to return. |
Responses
Name | Type | Description |
---|---|---|
200 OK |
Query results. |
|
Other Status Codes |
Error response describing why the operation failed. |
Security
azure_auth
Azure Active Directory OAuth2 Flow
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
Name | Description |
---|---|
user_impersonation | impersonate your user account |
Examples
Query latest component policy compliance state count grouped by component type at resource group scope filtered by given assignment. |
Query latest component policy states at resource group scope |
Query latest component policy compliance state count grouped by component type at resource group scope filtered by given assignment.
Sample request
POST https://management.azure.com/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourceGroups/myResourceGroup/providers/Microsoft.PolicyInsights/componentPolicyStates/latest/queryResults?api-version=2022-04-01&$filter=policyAssignmentId eq '/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/microsoft.authorization/policyassignments/560050f83dbb4a24974323f8'&$apply=groupby((type,complianceState),aggregate($count as count))
Sample response
{
"@odata.context": "https://management.azure.com/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup/providers/Microsoft.KeyVault/Vaults/myKVName/providers/Microsoft.PolicyInsights/componentPolicyStates/$metadata#latest",
"@odata.count": 2,
"value": [
{
"componentType": "Certificate",
"complianceState": "NonCompliant",
"count": 26
},
{
"componentType": "Certificate",
"complianceState": "Compliant",
"count": 10
}
]
}
Query latest component policy states at resource group scope
Sample request
POST https://management.azure.com/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourceGroups/myResourceGroup/providers/Microsoft.PolicyInsights/componentPolicyStates/latest/queryResults?api-version=2022-04-01
Sample response
{
"@odata.context": "https://management.azure.com/subscriptions/fff10b27-fff3-fff5-fff8-fffbe01e86a5/resourcegroups/myResourceGroup/providers/Microsoft.PolicyInsights/componentPolicyStates/$metadata#latest",
"@odata.count": 2,
"value": [
{
"@odata.id": null,
"@odata.context": "https://management.azure.com/subscriptions/fff10b27-fff3-fff5-fff8-fffbe01e86a5/resourcegroups/myResourceGroup/providers/Microsoft.PolicyInsights/componentPolicyStates/$metadata#latest/$entity",
"componentId": "cert-RSA-cert-3",
"componentType": "Certificate",
"componentName": "cert-RSA-cert-3",
"timestamp": "2022-04-09T16:04:31Z",
"resourceId": "/subscriptions/fff10b27-fff3-fff5-fff8-fffbe01e86a5/resourcegroups/myResourceGroup/providers/Microsoft.KeyVault/Vaults/myKVName",
"policyAssignmentId": "/subscriptions/fff10b27-fff3-fff5-fff8-fffbe01e86a5/providers/Microsoft.Authorization/policyAssignments/test",
"policyDefinitionId": "/subscriptions/fff10b27-fff3-fff5-fff8-fffbe01e86a5/providers/Microsoft.Authorization/policyDefinitions/ab108bc4-32df-4677-8b38-fa8b2905df56",
"subscriptionId": "fff10b27-fff3-fff5-fff8-fffbe01e86a5",
"resourceType": "/Microsoft.KeyVault/vaults",
"resourceLocation": "eastus",
"resourceGroup": "myResourceGroup",
"policyAssignmentName": "test",
"policyAssignmentOwner": "tbd",
"policyAssignmentParameters": null,
"policyAssignmentScope": "/subscriptions/fff10b27-fff3-fff5-fff8-fffbe01e86a5",
"policyDefinitionName": "ab108bc4-32df-4677-8b38-fa8b2905df56",
"policyDefinitionAction": "audit",
"policyDefinitionCategory": "tbd",
"policySetDefinitionId": null,
"policySetDefinitionName": null,
"policySetDefinitionOwner": null,
"policySetDefinitionCategory": null,
"policySetDefinitionParameters": null,
"policyDefinitionReferenceId": null,
"complianceState": "NonCompliant",
"complianceReasonCode": "tbd",
"policyDefinitionGroupNames": [
"myGroup"
],
"policyDefinitionVersion": "1.0.0-preview",
"policySetDefinitionVersion": null,
"policyAssignmentVersion": "1.0.0"
},
{
"@odata.id": null,
"@odata.context": "https://management.azure.com/subscriptions/fff10b27-fff3-fff5-fff8-fffbe01e86a5/resourcegroups/myResourceGroup/providers/Microsoft.PolicyInsights/componentPolicyStates/$metadata#latest/$entity",
"componentId": "cert-RSA-cert-2",
"componentType": "Certificate",
"componentName": "cert-RSA-cert-2",
"timestamp": "2022-04-09T16:04:31Z",
"resourceId": "/subscriptions/fff10b27-fff3-fff5-fff8-fffbe01e86a5/resourcegroups/myResourceGroup/providers/Microsoft.KeyVault/Vaults/myKVName",
"policyAssignmentId": "/subscriptions/fff10b27-fff3-fff5-fff8-fffbe01e86a5/providers/Microsoft.Authorization/policyAssignments/test",
"policyDefinitionId": "/subscriptions/fff10b27-fff3-fff5-fff8-fffbe01e86a5/providers/Microsoft.Authorization/policyDefinitions/ab108bc4-32df-4677-8b38-fa8b2905df59",
"subscriptionId": "fff10b27-fff3-fff5-fff8-fffbe01e86a5",
"resourceType": "/Microsoft.KeyVault/vaults",
"resourceLocation": "eastus",
"resourceGroup": "myResourceGroup",
"policyAssignmentName": "test",
"policyAssignmentOwner": "tbd",
"policyAssignmentParameters": null,
"policyAssignmentScope": "/subscriptions/fff10b27-fff3-fff5-fff8-fffbe01e86a5",
"policyDefinitionName": "ab108bc4-32df-4677-8b38-fa8b2905df59",
"policyDefinitionAction": "audit",
"policyDefinitionCategory": "tbd",
"policySetDefinitionId": null,
"policySetDefinitionName": null,
"policySetDefinitionOwner": null,
"policySetDefinitionCategory": null,
"policySetDefinitionParameters": null,
"policyDefinitionReferenceId": null,
"complianceState": "NonCompliant",
"complianceReasonCode": "tbd",
"policyDefinitionGroupNames": [
"myGroup"
],
"policyDefinitionVersion": "1.0.0-preview",
"policySetDefinitionVersion": null,
"policyAssignmentVersion": "1.0.0"
}
]
}
Definitions
Name | Description |
---|---|
Component |
Evaluation details of policy language expressions. |
Component |
Policy evaluation details. |
Component |
Component Policy State record. |
Component |
Query results. |
Component |
The virtual resource under ComponentPolicyStates resource type. In a given time range, 'latest' represents the latest component policy state(s). |
Error |
Error definition. |
Error |
Error response. |
Typed |
Scenario specific error details. |
ComponentExpressionEvaluationDetails
Evaluation details of policy language expressions.
Name | Type | Description |
---|---|---|
expression |
string |
Expression evaluated. |
expressionKind |
string |
The kind of expression that was evaluated. |
expressionValue |
object |
Value of the expression. |
operator |
string |
Operator to compare the expression value and the target value. |
path |
string |
Property path if the expression is a field or an alias. |
result |
string |
Evaluation result. |
targetValue |
object |
Target value to be compared with the expression value. |
ComponentPolicyEvaluationDetails
Policy evaluation details.
Name | Type | Description |
---|---|---|
evaluatedExpressions |
Details of the evaluated expressions. |
|
reason |
string |
Additional textual reason for the evaluation outcome. |
ComponentPolicyState
Component Policy State record.
Name | Type | Description |
---|---|---|
@odata.context |
string |
OData context string; used by OData clients to resolve type information based on metadata. |
@odata.id |
string |
OData entity ID; always set to null since component policy state records do not have an entity ID. |
complianceState |
string |
Compliance state of the resource. |
componentId |
string |
Component Id. |
componentName |
string |
Component name. |
componentType |
string |
Component type. |
policyAssignmentId |
string |
Policy assignment ID. |
policyAssignmentName |
string |
Policy assignment name. |
policyAssignmentOwner |
string |
Policy assignment owner. |
policyAssignmentParameters |
string |
Policy assignment parameters. |
policyAssignmentScope |
string |
Policy assignment scope. |
policyAssignmentVersion |
string |
Evaluated policy assignment version. |
policyDefinitionAction |
string |
Policy definition action, i.e. effect. |
policyDefinitionCategory |
string |
Policy definition category. |
policyDefinitionGroupNames |
string[] |
Policy definition group names. |
policyDefinitionId |
string |
Policy definition ID. |
policyDefinitionName |
string |
Policy definition name. |
policyDefinitionReferenceId |
string |
Reference ID for the policy definition inside the policy set, if the policy assignment is for a policy set. |
policyDefinitionVersion |
string |
Evaluated policy definition version. |
policyEvaluationDetails |
Policy evaluation details. This is only included in the response if the request contains $expand=PolicyEvaluationDetails. |
|
policySetDefinitionCategory |
string |
Policy set definition category, if the policy assignment is for a policy set. |
policySetDefinitionId |
string |
Policy set definition ID, if the policy assignment is for a policy set. |
policySetDefinitionName |
string |
Policy set definition name, if the policy assignment is for a policy set. |
policySetDefinitionOwner |
string |
Policy set definition owner, if the policy assignment is for a policy set. |
policySetDefinitionParameters |
string |
Policy set definition parameters, if the policy assignment is for a policy set. |
policySetDefinitionVersion |
string |
Evaluated policy set definition version. |
resourceGroup |
string |
Resource group name. |
resourceId |
string |
Resource ID. |
resourceLocation |
string |
Resource location. |
resourceType |
string |
Resource type. |
subscriptionId |
string |
Subscription ID. |
timestamp |
string |
Timestamp for the component policy state record. |
ComponentPolicyStatesQueryResults
Query results.
Name | Type | Description |
---|---|---|
@odata.context |
string |
OData context string; used by OData clients to resolve type information based on metadata. |
@odata.count |
integer |
OData entity count; represents the number of policy state records returned. |
value |
Query results. |
ComponentPolicyStatesResource
The virtual resource under ComponentPolicyStates resource type. In a given time range, 'latest' represents the latest component policy state(s).
Name | Type | Description |
---|---|---|
latest |
string |
ErrorDefinition
Error definition.
Name | Type | Description |
---|---|---|
additionalInfo |
Additional scenario specific error details. |
|
code |
string |
Service specific error code which serves as the substatus for the HTTP error code. |
details |
Internal error details. |
|
message |
string |
Description of the error. |
target |
string |
The target of the error. |
ErrorResponse
Error response.
Name | Type | Description |
---|---|---|
error |
The error details. |
TypedErrorInfo
Scenario specific error details.
Name | Type | Description |
---|---|---|
info |
|
The scenario specific error details. |
type |
string |
The type of included error details. |