Policy Events - List Query Results For Resource Group Level Policy Assignment

Referencia

Service:: Policy

API Version:: 2019-10-01

Consulta eventos de directiva para la asignación de directiva de nivel de grupo de recursos.

POST https://management.azure.com/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}/providers/Microsoft.PolicyInsights/policyEvents/default/queryResults?api-version=2019-10-01

With optional parameters:

POST https://management.azure.com/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}/providers/Microsoft.PolicyInsights/policyEvents/default/queryResults?api-version=2019-10-01&$top={$top}&$orderby={$orderby}&$select={$select}&$from={$from}&$to={$to}&$filter={$filter}&$apply={$apply}&$skiptoken={$skiptoken}

Parámetros de identificador URI

Nombre	En	Requerido	Tipo	Description
authorizationNamespace	path	True	AuthorizationNamespaceType	Espacio de nombres para el proveedor de recursos de autorización de Microsoft; solo se permite "Microsoft.Authorization".
policyAssignmentName	path	True	string	Nombre de asignación de directiva.
policyEventsResource	path	True	PolicyEventsResourceType	Nombre del recurso virtual en El tipo de recurso PolicyEvents; solo se permite "default".
resourceGroupName	path	True	string	Nombre del grupo de recursos.
subscriptionId	path	True	string	Identificador de suscripción de Microsoft Azure.
api-version	query	True	string	Versión de api de cliente.
$apply	query		string	OData aplica expresión para agregaciones.
$filter	query		string	Expresión de filtro de OData.
$from	query		string date-time	Marca de tiempo con formato ISO 8601 que especifica la hora de inicio del intervalo que se va a consultar. Cuando no se especifica, el servicio usa ($to - 1 día).
$orderby	query		string	Expresión de ordenación mediante notación OData. Uno o varios nombres de columna separados por comas con un "desc" opcional (el valor predeterminado) o "asc", por ejemplo, "$orderby=PolicyAssignmentId, ResourceId asc".
$select	query		string	Seleccione expresión mediante notación OData. Limita las columnas de cada registro a solo las solicitadas, por ejemplo, "$select=PolicyAssignmentId, ResourceId".
$skiptoken	query		string	Skiptoken solo se proporciona si una respuesta anterior devolvió un resultado parcial como parte del elemento nextLink.
$to	query		string date-time	Marca de tiempo con formato ISO 8601 que especifica la hora de finalización del intervalo que se va a consultar. Cuando no se especifica, el servicio usa el tiempo de solicitud.
$top	query		integer int32	Número máximo de registros que se van a devolver.

Respuestas

Nombre	Tipo	Description
200 OK	PolicyEventsQueryResults	Resultados de la consulta.
Other Status Codes	QueryFailure	Respuesta de error que describe el motivo del error de la operación.

Seguridad

azure_auth

Flujo OAuth2 de Azure Active Directory

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Nombre	Description
user_impersonation	suplantación de su cuenta de usuario

Ejemplos

Query at resource group level policy assignment scope

Query at resource group level policy assignment scope with next link

Query at resource group level policy assignment scope

Sample Request

POST https://management.azure.com/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup/providers/Microsoft.Authorization/policyAssignments/myPolicyAssignment/providers/Microsoft.PolicyInsights/policyEvents/default/queryResults?api-version=2019-10-01

import com.azure.core.util.Context;
import com.azure.resourcemanager.policyinsights.models.PolicyEventsResourceType;

/** Samples for PolicyEvents ListQueryResultsForResourceGroupLevelPolicyAssignment. */
public final class Main {
    /*
     * x-ms-original-file: specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2019-10-01/examples/PolicyEvents_QueryResourceGroupLevelPolicyAssignmentScope.json
     */
    /**
     * Sample code: Query at resource group level policy assignment scope.
     *
     * @param manager Entry point to PolicyInsightsManager.
     */
    public static void queryAtResourceGroupLevelPolicyAssignmentScope(
        com.azure.resourcemanager.policyinsights.PolicyInsightsManager manager) {
        manager
            .policyEvents()
            .listQueryResultsForResourceGroupLevelPolicyAssignment(
                PolicyEventsResourceType.DEFAULT,
                "fffedd8f-ffff-fffd-fffd-fffed2f84852",
                "myResourceGroup",
                "myPolicyAssignment",
                null,
                null,
                null,
                null,
                null,
                null,
                null,
                null,
                Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

from azure.identity import DefaultAzureCredential
from azure.mgmt.policyinsights import PolicyInsightsClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-policyinsights
# USAGE
    python policy_events_query_resource_group_level_policy_assignment_scope.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = PolicyInsightsClient(
        credential=DefaultAzureCredential(),
        subscription_id="fffedd8f-ffff-fffd-fffd-fffed2f84852",
    )

    response = client.policy_events.list_query_results_for_resource_group_level_policy_assignment(
        policy_events_resource="default",
        subscription_id="fffedd8f-ffff-fffd-fffd-fffed2f84852",
        resource_group_name="myResourceGroup",
        policy_assignment_name="myPolicyAssignment",
    )
    for item in response:
        print(item)


# x-ms-original-file: specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2019-10-01/examples/PolicyEvents_QueryResourceGroupLevelPolicyAssignmentScope.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armpolicyinsights_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/policyinsights/armpolicyinsights"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/05a9cdab363b8ec824094ee73950c04594325172/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2019-10-01/examples/PolicyEvents_QueryResourceGroupLevelPolicyAssignmentScope.json
func ExamplePolicyEventsClient_NewListQueryResultsForResourceGroupLevelPolicyAssignmentPager_queryAtResourceGroupLevelPolicyAssignmentScope() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicyinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	pager := clientFactory.NewPolicyEventsClient().NewListQueryResultsForResourceGroupLevelPolicyAssignmentPager(armpolicyinsights.PolicyEventsResourceTypeDefault, "fffedd8f-ffff-fffd-fffd-fffed2f84852", "myResourceGroup", "myPolicyAssignment", &armpolicyinsights.QueryOptions{Top: nil,
		Filter:    nil,
		OrderBy:   nil,
		Select:    nil,
		From:      nil,
		To:        nil,
		Apply:     nil,
		SkipToken: nil,
		Expand:    nil,
	}, nil)
	for pager.More() {
		page, err := pager.NextPage(ctx)
		if err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		for _, v := range page.Value {
			// You could use page here. We use blank identifier for just demo purposes.
			_ = v
		}
		// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
		// page.PolicyEventsQueryResults = armpolicyinsights.PolicyEventsQueryResults{
		// 	ODataContext: to.Ptr("https://management.azure.com/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup/providers/Microsoft.Authorization/policyAssignments/myPolicyAssignment/providers/Microsoft.PolicyInsights/policyEvents/$metadata#default"),
		// 	ODataCount: to.Ptr[int32](2),
		// 	Value: []*armpolicyinsights.PolicyEvent{
		// 		{
		// 			ODataContext: to.Ptr("https://management.azure.com/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup/providers/Microsoft.Authorization/policyAssignments/myPolicyAssignment/providers/Microsoft.PolicyInsights/policyEvents/$metadata#default/$entity"),
		// 			ComplianceState: to.Ptr("NonCompliant"),
		// 			IsCompliant: to.Ptr(false),
		// 			ManagementGroupIDs: to.Ptr("mymg,fff988bf-fff1-ffff-fffb-fffcd011db47"),
		// 			PolicyAssignmentID: to.Ptr("/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup/providers/Microsoft.Authorization/policyAssignments/myPolicyAssignment"),
		// 			PolicyAssignmentName: to.Ptr("myPolicyAssignment"),
		// 			PolicyAssignmentOwner: to.Ptr("tbd"),
		// 			PolicyAssignmentScope: to.Ptr("/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup"),
		// 			PolicyDefinitionAction: to.Ptr("deny"),
		// 			PolicyDefinitionCategory: to.Ptr("tbd"),
		// 			PolicyDefinitionID: to.Ptr("/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/microsoft.authorization/policyDefinitions/myPolicyDefinition"),
		// 			PolicyDefinitionName: to.Ptr("myPolicyAssignment"),
		// 			PrincipalOid: to.Ptr("fff2f355-fff2-fffc-fffb-fff1639dff94"),
		// 			ResourceGroup: to.Ptr("myResourceGroup"),
		// 			ResourceID: to.Ptr("/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup/providers/microsoft.operationalinsights/workspaces/defaultworkspace-fffedd8f-ffff-fffd-fffd-fffed2f84852-eus"),
		// 			ResourceLocation: to.Ptr("eastus"),
		// 			ResourceTags: to.Ptr("tbd"),
		// 			ResourceType: to.Ptr("/microsoft.operationalinsights/workspaces"),
		// 			SubscriptionID: to.Ptr("fffedd8f-ffff-fffd-fffd-fffed2f84852"),
		// 			TenantID: to.Ptr("fff988bf-fff1-ffff-fffb-fffcd011db47"),
		// 			Timestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2018-02-08T00:07:16.280Z"); return t}()),
		// 		},
		// 		{
		// 			ODataContext: to.Ptr("https://management.azure.com/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup/providers/Microsoft.Authorization/policyAssignments/myPolicyAssignment/providers/Microsoft.PolicyInsights/policyEvents/$metadata#default/$entity"),
		// 			ComplianceState: to.Ptr("NonCompliant"),
		// 			IsCompliant: to.Ptr(false),
		// 			ManagementGroupIDs: to.Ptr("mymg,fff988bf-fff1-ffff-fffb-fffcd011db47"),
		// 			PolicyAssignmentID: to.Ptr("/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup/providers/Microsoft.Authorization/policyAssignments/myPolicyAssignment"),
		// 			PolicyAssignmentName: to.Ptr("myPolicyAssignment"),
		// 			PolicyAssignmentOwner: to.Ptr("tbd"),
		// 			PolicyAssignmentScope: to.Ptr("/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup"),
		// 			PolicyDefinitionAction: to.Ptr("deny"),
		// 			PolicyDefinitionCategory: to.Ptr("tbd"),
		// 			PolicyDefinitionID: to.Ptr("/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/microsoft.authorization/policyDefinitions/myPolicyDefinition"),
		// 			PolicyDefinitionName: to.Ptr("myPolicyAssignment"),
		// 			PrincipalOid: to.Ptr("fff2f355-fff2-fffc-fffb-fff1639dff94"),
		// 			ResourceGroup: to.Ptr("myResourceGroup"),
		// 			ResourceID: to.Ptr("/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup/providers/microsoft.operationalinsights/workspaces/defaultworkspace-fffedd8f-ffff-fffd-fffd-fffed2f84852-eus"),
		// 			ResourceLocation: to.Ptr("eastus"),
		// 			ResourceTags: to.Ptr("tbd"),
		// 			ResourceType: to.Ptr("/microsoft.operationalinsights/workspaces"),
		// 			SubscriptionID: to.Ptr("fffedd8f-ffff-fffd-fffd-fffed2f84852"),
		// 			TenantID: to.Ptr("fff988bf-fff1-ffff-fffb-fffcd011db47"),
		// 			Timestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2018-02-08T00:06:08.430Z"); return t}()),
		// 	}},
		// }
	}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { PolicyInsightsClient } = require("@azure/arm-policyinsights");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Queries policy events for the resource group level policy assignment.
 *
 * @summary Queries policy events for the resource group level policy assignment.
 * x-ms-original-file: specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2019-10-01/examples/PolicyEvents_QueryResourceGroupLevelPolicyAssignmentScope.json
 */
async function queryAtResourceGroupLevelPolicyAssignmentScope() {
  const subscriptionId =
    process.env["POLICYINSIGHTS_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
  const policyEventsResource = "default";
  const resourceGroupName = process.env["POLICYINSIGHTS_RESOURCE_GROUP"] || "myResourceGroup";
  const policyAssignmentName = "myPolicyAssignment";
  const credential = new DefaultAzureCredential();
  const client = new PolicyInsightsClient(credential, subscriptionId);
  const resArray = new Array();
  for await (let item of client.policyEvents.listQueryResultsForResourceGroupLevelPolicyAssignment(
    policyEventsResource,
    subscriptionId,
    resourceGroupName,
    policyAssignmentName
  )) {
    resArray.push(item);
  }
  console.log(resArray);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:: 200

{
  "@odata.nextLink": null,
  "@odata.context": "https://management.azure.com/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup/providers/Microsoft.Authorization/policyAssignments/myPolicyAssignment/providers/Microsoft.PolicyInsights/policyEvents/$metadata#default",
  "@odata.count": 2,
  "value": [
    {
      "@odata.id": null,
      "@odata.context": "https://management.azure.com/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup/providers/Microsoft.Authorization/policyAssignments/myPolicyAssignment/providers/Microsoft.PolicyInsights/policyEvents/$metadata#default/$entity",
      "timestamp": "2018-02-08T00:07:16.2804863Z",
      "resourceId": "/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup/providers/microsoft.operationalinsights/workspaces/defaultworkspace-fffedd8f-ffff-fffd-fffd-fffed2f84852-eus",
      "policyAssignmentId": "/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup/providers/Microsoft.Authorization/policyAssignments/myPolicyAssignment",
      "policyDefinitionId": "/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/microsoft.authorization/policyDefinitions/myPolicyDefinition",
      "effectiveParameters": null,
      "isCompliant": false,
      "subscriptionId": "fffedd8f-ffff-fffd-fffd-fffed2f84852",
      "resourceType": "/microsoft.operationalinsights/workspaces",
      "resourceLocation": "eastus",
      "resourceGroup": "myResourceGroup",
      "resourceTags": "tbd",
      "policyAssignmentName": "myPolicyAssignment",
      "policyAssignmentOwner": "tbd",
      "policyAssignmentParameters": null,
      "policyAssignmentScope": "/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup",
      "policyDefinitionName": "myPolicyAssignment",
      "policyDefinitionAction": "deny",
      "policyDefinitionCategory": "tbd",
      "policySetDefinitionId": null,
      "policySetDefinitionName": null,
      "policySetDefinitionOwner": null,
      "policySetDefinitionCategory": null,
      "policySetDefinitionParameters": null,
      "managementGroupIds": "mymg,fff988bf-fff1-ffff-fffb-fffcd011db47",
      "policyDefinitionReferenceId": null,
      "tenantId": "fff988bf-fff1-ffff-fffb-fffcd011db47",
      "principalOid": "fff2f355-fff2-fffc-fffb-fff1639dff94",
      "complianceState": "NonCompliant"
    },
    {
      "@odata.id": null,
      "@odata.context": "https://management.azure.com/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup/providers/Microsoft.Authorization/policyAssignments/myPolicyAssignment/providers/Microsoft.PolicyInsights/policyEvents/$metadata#default/$entity",
      "timestamp": "2018-02-08T00:06:08.4302267Z",
      "resourceId": "/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup/providers/microsoft.operationalinsights/workspaces/defaultworkspace-fffedd8f-ffff-fffd-fffd-fffed2f84852-eus",
      "policyAssignmentId": "/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup/providers/Microsoft.Authorization/policyAssignments/myPolicyAssignment",
      "policyDefinitionId": "/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/microsoft.authorization/policyDefinitions/myPolicyDefinition",
      "effectiveParameters": null,
      "isCompliant": false,
      "subscriptionId": "fffedd8f-ffff-fffd-fffd-fffed2f84852",
      "resourceType": "/microsoft.operationalinsights/workspaces",
      "resourceLocation": "eastus",
      "resourceGroup": "myResourceGroup",
      "resourceTags": "tbd",
      "policyAssignmentName": "myPolicyAssignment",
      "policyAssignmentOwner": "tbd",
      "policyAssignmentParameters": null,
      "policyAssignmentScope": "/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup",
      "policyDefinitionName": "myPolicyAssignment",
      "policyDefinitionAction": "deny",
      "policyDefinitionCategory": "tbd",
      "policySetDefinitionId": null,
      "policySetDefinitionName": null,
      "policySetDefinitionOwner": null,
      "policySetDefinitionCategory": null,
      "policySetDefinitionParameters": null,
      "managementGroupIds": "mymg,fff988bf-fff1-ffff-fffb-fffcd011db47",
      "policyDefinitionReferenceId": null,
      "tenantId": "fff988bf-fff1-ffff-fffb-fffcd011db47",
      "principalOid": "fff2f355-fff2-fffc-fffb-fff1639dff94",
      "complianceState": "NonCompliant"
    }
  ]
}

Query at resource group level policy assignment scope with next link

Sample Request

POST https://management.azure.com/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup/providers/Microsoft.Authorization/policyAssignments/myPolicyAssignment/providers/Microsoft.PolicyInsights/policyEvents/default/queryResults?api-version=2019-10-01&$skiptoken=WpmWfBSvPhkAK6QD

import com.azure.core.util.Context;
import com.azure.resourcemanager.policyinsights.models.PolicyEventsResourceType;

/** Samples for PolicyEvents ListQueryResultsForResourceGroupLevelPolicyAssignment. */
public final class Main {
    /*
     * x-ms-original-file: specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2019-10-01/examples/PolicyEvents_QueryResourceGroupLevelPolicyAssignmentScopeNextLink.json
     */
    /**
     * Sample code: Query at resource group level policy assignment scope with next link.
     *
     * @param manager Entry point to PolicyInsightsManager.
     */
    public static void queryAtResourceGroupLevelPolicyAssignmentScopeWithNextLink(
        com.azure.resourcemanager.policyinsights.PolicyInsightsManager manager) {
        manager
            .policyEvents()
            .listQueryResultsForResourceGroupLevelPolicyAssignment(
                PolicyEventsResourceType.DEFAULT,
                "fffedd8f-ffff-fffd-fffd-fffed2f84852",
                "myResourceGroup",
                "myPolicyAssignment",
                null,
                null,
                null,
                null,
                null,
                null,
                null,
                "WpmWfBSvPhkAK6QD",
                Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

from azure.identity import DefaultAzureCredential
from azure.mgmt.policyinsights import PolicyInsightsClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-policyinsights
# USAGE
    python policy_events_query_resource_group_level_policy_assignment_scope_next_link.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = PolicyInsightsClient(
        credential=DefaultAzureCredential(),
        subscription_id="fffedd8f-ffff-fffd-fffd-fffed2f84852",
    )

    response = client.policy_events.list_query_results_for_resource_group_level_policy_assignment(
        policy_events_resource="default",
        subscription_id="fffedd8f-ffff-fffd-fffd-fffed2f84852",
        resource_group_name="myResourceGroup",
        policy_assignment_name="myPolicyAssignment",
    )
    for item in response:
        print(item)


# x-ms-original-file: specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2019-10-01/examples/PolicyEvents_QueryResourceGroupLevelPolicyAssignmentScopeNextLink.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armpolicyinsights_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/policyinsights/armpolicyinsights"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/05a9cdab363b8ec824094ee73950c04594325172/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2019-10-01/examples/PolicyEvents_QueryResourceGroupLevelPolicyAssignmentScopeNextLink.json
func ExamplePolicyEventsClient_NewListQueryResultsForResourceGroupLevelPolicyAssignmentPager_queryAtResourceGroupLevelPolicyAssignmentScopeWithNextLink() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicyinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	pager := clientFactory.NewPolicyEventsClient().NewListQueryResultsForResourceGroupLevelPolicyAssignmentPager(armpolicyinsights.PolicyEventsResourceTypeDefault, "fffedd8f-ffff-fffd-fffd-fffed2f84852", "myResourceGroup", "myPolicyAssignment", &armpolicyinsights.QueryOptions{Top: nil,
		Filter:    nil,
		OrderBy:   nil,
		Select:    nil,
		From:      nil,
		To:        nil,
		Apply:     nil,
		SkipToken: to.Ptr("WpmWfBSvPhkAK6QD"),
		Expand:    nil,
	}, nil)
	for pager.More() {
		page, err := pager.NextPage(ctx)
		if err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		for _, v := range page.Value {
			// You could use page here. We use blank identifier for just demo purposes.
			_ = v
		}
		// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
		// page.PolicyEventsQueryResults = armpolicyinsights.PolicyEventsQueryResults{
		// 	ODataContext: to.Ptr("https://management.azure.com/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup/providers/Microsoft.Authorization/policyAssignments/myPolicyAssignment/providers/Microsoft.PolicyInsights/policyEvents/$metadata#default"),
		// 	ODataCount: to.Ptr[int32](2),
		// 	Value: []*armpolicyinsights.PolicyEvent{
		// 		{
		// 			ODataContext: to.Ptr("https://management.azure.com/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup/providers/Microsoft.Authorization/policyAssignments/myPolicyAssignment/providers/Microsoft.PolicyInsights/policyEvents/$metadata#default/$entity"),
		// 			ComplianceState: to.Ptr("NonCompliant"),
		// 			IsCompliant: to.Ptr(false),
		// 			ManagementGroupIDs: to.Ptr("mymg,fff988bf-fff1-ffff-fffb-fffcd011db47"),
		// 			PolicyAssignmentID: to.Ptr("/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup/providers/Microsoft.Authorization/policyAssignments/myPolicyAssignment"),
		// 			PolicyAssignmentName: to.Ptr("myPolicyAssignment"),
		// 			PolicyAssignmentOwner: to.Ptr("tbd"),
		// 			PolicyAssignmentScope: to.Ptr("/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup"),
		// 			PolicyDefinitionAction: to.Ptr("deny"),
		// 			PolicyDefinitionCategory: to.Ptr("tbd"),
		// 			PolicyDefinitionID: to.Ptr("/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/microsoft.authorization/policyDefinitions/myPolicyDefinition"),
		// 			PolicyDefinitionName: to.Ptr("myPolicyAssignment"),
		// 			PrincipalOid: to.Ptr("fff2f355-fff2-fffc-fffb-fff1639dff94"),
		// 			ResourceGroup: to.Ptr("myResourceGroup"),
		// 			ResourceID: to.Ptr("/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup/providers/microsoft.operationalinsights/workspaces/defaultworkspace-fffedd8f-ffff-fffd-fffd-fffed2f84852-eus"),
		// 			ResourceLocation: to.Ptr("eastus"),
		// 			ResourceTags: to.Ptr("tbd"),
		// 			ResourceType: to.Ptr("/microsoft.operationalinsights/workspaces"),
		// 			SubscriptionID: to.Ptr("fffedd8f-ffff-fffd-fffd-fffed2f84852"),
		// 			TenantID: to.Ptr("fff988bf-fff1-ffff-fffb-fffcd011db47"),
		// 			Timestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2018-02-08T00:07:16.280Z"); return t}()),
		// 		},
		// 		{
		// 			ODataContext: to.Ptr("https://management.azure.com/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup/providers/Microsoft.Authorization/policyAssignments/myPolicyAssignment/providers/Microsoft.PolicyInsights/policyEvents/$metadata#default/$entity"),
		// 			ComplianceState: to.Ptr("NonCompliant"),
		// 			IsCompliant: to.Ptr(false),
		// 			ManagementGroupIDs: to.Ptr("mymg,fff988bf-fff1-ffff-fffb-fffcd011db47"),
		// 			PolicyAssignmentID: to.Ptr("/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup/providers/Microsoft.Authorization/policyAssignments/myPolicyAssignment"),
		// 			PolicyAssignmentName: to.Ptr("myPolicyAssignment"),
		// 			PolicyAssignmentOwner: to.Ptr("tbd"),
		// 			PolicyAssignmentScope: to.Ptr("/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup"),
		// 			PolicyDefinitionAction: to.Ptr("deny"),
		// 			PolicyDefinitionCategory: to.Ptr("tbd"),
		// 			PolicyDefinitionID: to.Ptr("/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/microsoft.authorization/policyDefinitions/myPolicyDefinition"),
		// 			PolicyDefinitionName: to.Ptr("myPolicyAssignment"),
		// 			PrincipalOid: to.Ptr("fff2f355-fff2-fffc-fffb-fff1639dff94"),
		// 			ResourceGroup: to.Ptr("myResourceGroup"),
		// 			ResourceID: to.Ptr("/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup/providers/microsoft.operationalinsights/workspaces/defaultworkspace-fffedd8f-ffff-fffd-fffd-fffed2f84852-eus"),
		// 			ResourceLocation: to.Ptr("eastus"),
		// 			ResourceTags: to.Ptr("tbd"),
		// 			ResourceType: to.Ptr("/microsoft.operationalinsights/workspaces"),
		// 			SubscriptionID: to.Ptr("fffedd8f-ffff-fffd-fffd-fffed2f84852"),
		// 			TenantID: to.Ptr("fff988bf-fff1-ffff-fffb-fffcd011db47"),
		// 			Timestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2018-02-08T00:06:08.430Z"); return t}()),
		// 	}},
		// }
	}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { PolicyInsightsClient } = require("@azure/arm-policyinsights");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Queries policy events for the resource group level policy assignment.
 *
 * @summary Queries policy events for the resource group level policy assignment.
 * x-ms-original-file: specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2019-10-01/examples/PolicyEvents_QueryResourceGroupLevelPolicyAssignmentScopeNextLink.json
 */
async function queryAtResourceGroupLevelPolicyAssignmentScopeWithNextLink() {
  const subscriptionId =
    process.env["POLICYINSIGHTS_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
  const policyEventsResource = "default";
  const resourceGroupName = process.env["POLICYINSIGHTS_RESOURCE_GROUP"] || "myResourceGroup";
  const policyAssignmentName = "myPolicyAssignment";
  const skipToken = "WpmWfBSvPhkAK6QD";
  const options = {
    queryOptions: { skipToken: skipToken },
  };
  const credential = new DefaultAzureCredential();
  const client = new PolicyInsightsClient(credential, subscriptionId);
  const resArray = new Array();
  for await (let item of client.policyEvents.listQueryResultsForResourceGroupLevelPolicyAssignment(
    policyEventsResource,
    subscriptionId,
    resourceGroupName,
    policyAssignmentName,
    options
  )) {
    resArray.push(item);
  }
  console.log(resArray);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:: 200

{
  "@odata.nextLink": null,
  "@odata.context": "https://management.azure.com/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup/providers/Microsoft.Authorization/policyAssignments/myPolicyAssignment/providers/Microsoft.PolicyInsights/policyEvents/$metadata#default",
  "@odata.count": 2,
  "value": [
    {
      "@odata.id": null,
      "@odata.context": "https://management.azure.com/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup/providers/Microsoft.Authorization/policyAssignments/myPolicyAssignment/providers/Microsoft.PolicyInsights/policyEvents/$metadata#default/$entity",
      "timestamp": "2018-02-08T00:07:16.2804863Z",
      "resourceId": "/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup/providers/microsoft.operationalinsights/workspaces/defaultworkspace-fffedd8f-ffff-fffd-fffd-fffed2f84852-eus",
      "policyAssignmentId": "/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup/providers/Microsoft.Authorization/policyAssignments/myPolicyAssignment",
      "policyDefinitionId": "/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/microsoft.authorization/policyDefinitions/myPolicyDefinition",
      "effectiveParameters": null,
      "isCompliant": false,
      "subscriptionId": "fffedd8f-ffff-fffd-fffd-fffed2f84852",
      "resourceType": "/microsoft.operationalinsights/workspaces",
      "resourceLocation": "eastus",
      "resourceGroup": "myResourceGroup",
      "resourceTags": "tbd",
      "policyAssignmentName": "myPolicyAssignment",
      "policyAssignmentOwner": "tbd",
      "policyAssignmentParameters": null,
      "policyAssignmentScope": "/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup",
      "policyDefinitionName": "myPolicyAssignment",
      "policyDefinitionAction": "deny",
      "policyDefinitionCategory": "tbd",
      "policySetDefinitionId": null,
      "policySetDefinitionName": null,
      "policySetDefinitionOwner": null,
      "policySetDefinitionCategory": null,
      "policySetDefinitionParameters": null,
      "managementGroupIds": "mymg,fff988bf-fff1-ffff-fffb-fffcd011db47",
      "policyDefinitionReferenceId": null,
      "tenantId": "fff988bf-fff1-ffff-fffb-fffcd011db47",
      "principalOid": "fff2f355-fff2-fffc-fffb-fff1639dff94",
      "complianceState": "NonCompliant"
    },
    {
      "@odata.id": null,
      "@odata.context": "https://management.azure.com/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup/providers/Microsoft.Authorization/policyAssignments/myPolicyAssignment/providers/Microsoft.PolicyInsights/policyEvents/$metadata#default/$entity",
      "timestamp": "2018-02-08T00:06:08.4302267Z",
      "resourceId": "/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup/providers/microsoft.operationalinsights/workspaces/defaultworkspace-fffedd8f-ffff-fffd-fffd-fffed2f84852-eus",
      "policyAssignmentId": "/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup/providers/Microsoft.Authorization/policyAssignments/myPolicyAssignment",
      "policyDefinitionId": "/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/microsoft.authorization/policyDefinitions/myPolicyDefinition",
      "effectiveParameters": null,
      "isCompliant": false,
      "subscriptionId": "fffedd8f-ffff-fffd-fffd-fffed2f84852",
      "resourceType": "/microsoft.operationalinsights/workspaces",
      "resourceLocation": "eastus",
      "resourceGroup": "myResourceGroup",
      "resourceTags": "tbd",
      "policyAssignmentName": "myPolicyAssignment",
      "policyAssignmentOwner": "tbd",
      "policyAssignmentParameters": null,
      "policyAssignmentScope": "/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/resourcegroups/myResourceGroup",
      "policyDefinitionName": "myPolicyAssignment",
      "policyDefinitionAction": "deny",
      "policyDefinitionCategory": "tbd",
      "policySetDefinitionId": null,
      "policySetDefinitionName": null,
      "policySetDefinitionOwner": null,
      "policySetDefinitionCategory": null,
      "policySetDefinitionParameters": null,
      "managementGroupIds": "mymg,fff988bf-fff1-ffff-fffb-fffcd011db47",
      "policyDefinitionReferenceId": null,
      "tenantId": "fff988bf-fff1-ffff-fffb-fffcd011db47",
      "principalOid": "fff2f355-fff2-fffc-fffb-fff1639dff94",
      "complianceState": "NonCompliant"
    }
  ]
}

Definiciones

Nombre	Description
AuthorizationNamespaceType	Espacio de nombres para el proveedor de recursos de autorización de Microsoft; solo se permite "Microsoft.Authorization".
ComponentEventDetails	Detalles del evento de componente.
Error	Definición de error.
PolicyEvent	Registro de eventos de directiva.
PolicyEventsQueryResults	Resultados de la consulta.
PolicyEventsResourceType	Nombre del recurso virtual en El tipo de recurso PolicyEvents; solo se permite "default".
QueryFailure	Respuesta de error.

AuthorizationNamespaceType

Espacio de nombres para el proveedor de recursos de autorización de Microsoft; solo se permite "Microsoft.Authorization".

Nombre	Tipo	Description
Microsoft.Authorization	string

ComponentEventDetails

Detalles del evento de componente.

Nombre	Tipo	Description
id	string	Id. de componente.
name	string	component_name
policyDefinitionAction	string	Acción de definición de directiva, es decir, efecto.
principalOid	string	Identificador de objeto de entidad de seguridad para el usuario que inició la operación del componente de recursos que desencadenó el evento de directiva.
tenantId	string	Identificador de inquilino para el registro de eventos de directiva.
timestamp	string	Marca de tiempo para el registro de eventos de directiva de componentes.
type	string	Tipo de componente.

Error

Definición de error.

Nombre	Tipo	Description
code	string	Código de error específico del servicio que actúa como subestado para el código de error HTTP.
message	string	Descripción del error.

PolicyEvent

Registro de eventos de directiva.

Nombre	Tipo	Description
@odata.context	string	Cadena de contexto de OData; que usan los clientes de OData para resolver la información de tipos en función de los metadatos.
@odata.id	string	Id. de entidad de OData; siempre se establece en NULL, ya que los registros de eventos de directiva no tienen un identificador de entidad.
complianceState	string	Estado de cumplimiento del recurso.
components	ComponentEventDetails[]	Los eventos de componentes se rellenan solo cuando la dirección URL contiene $expand=la cláusula components.
effectiveParameters	string	Parámetros efectivos para la asignación de directivas.
isCompliant	boolean	Marca que indica si el recurso es compatible con la asignación de directiva con la que se evaluó.
managementGroupIds	string	Lista separada por comas de identificadores de grupo de administración, que representan la jerarquía de los grupos de administración en los que se encuentra el recurso.
policyAssignmentId	string	Identificador de asignación de directiva.
policyAssignmentName	string	Nombre de asignación de directiva.
policyAssignmentOwner	string	Propietario de la asignación de directiva.
policyAssignmentParameters	string	Parámetros de asignación de directivas.
policyAssignmentScope	string	Ámbito de asignación de directiva.
policyDefinitionAction	string	Acción de definición de directiva, es decir, efecto.
policyDefinitionCategory	string	Categoría de definición de directiva.
policyDefinitionId	string	Identificador de definición de directiva.
policyDefinitionName	string	Nombre de definición de directiva.
policyDefinitionReferenceId	string	Identificador de referencia de la definición de directiva dentro del conjunto de directivas, si la asignación de directiva es para un conjunto de directivas.
policySetDefinitionCategory	string	Categoría de definición del conjunto de directivas, si la asignación de directiva es para un conjunto de directivas.
policySetDefinitionId	string	Identificador de definición del conjunto de directivas, si la asignación de directiva es para un conjunto de directivas.
policySetDefinitionName	string	Nombre de definición del conjunto de directivas, si la asignación de directiva es para un conjunto de directivas.
policySetDefinitionOwner	string	Propietario de la definición del conjunto de directivas, si la asignación de directiva es para un conjunto de directivas.
policySetDefinitionParameters	string	Parámetros de definición del conjunto de directivas, si la asignación de directiva es para un conjunto de directivas.
principalOid	string	Identificador de objeto de entidad de seguridad para el usuario que inició la operación de recursos que desencadenó el evento de directiva.
resourceGroup	string	Nombre del grupo de recursos.
resourceId	string	Identificador del recurso.
resourceLocation	string	Ubicación del recurso
resourceTags	string	Lista de etiquetas de recursos.
resourceType	string	Tipo de recurso.
subscriptionId	string	Id. de suscripción.
tenantId	string	Identificador de inquilino para el registro de eventos de directiva.
timestamp	string	Marca de tiempo para el registro de eventos de directiva.

PolicyEventsQueryResults

Resultados de la consulta.

Nombre	Tipo	Description
@odata.context	string	Cadena de contexto de OData; que usan los clientes de OData para resolver la información de tipos en función de los metadatos.
@odata.count	integer	Recuento de entidades de OData; representa el número de registros de eventos de directiva devueltos.
@odata.nextLink	string	Vínculo siguiente de Odata; Dirección URL para obtener el siguiente conjunto de resultados.
value	PolicyEvent[]	Resultados de la consulta.

PolicyEventsResourceType

Nombre del recurso virtual en El tipo de recurso PolicyEvents; solo se permite "default".

Nombre	Tipo	Description
default	string

QueryFailure

Respuesta de error.

Nombre	Tipo	Description
error	Error	Definición de error.

Policy Events - List Query Results For Resource Group Level Policy Assignment

Parámetros de identificador URI

Respuestas

Seguridad

azure_auth

Scopes

Ejemplos

Query at resource group level policy assignment scope

Sample Request

Sample Response

Query at resource group level policy assignment scope with next link

Sample Request

Sample Response

Definiciones

AuthorizationNamespaceType

ComponentEventDetails

Error

PolicyEvent

PolicyEventsQueryResults

PolicyEventsResourceType

QueryFailure

Recursos adicionales