Azure · Juliehzl · Jan 31, 2020 · Dec 13, 2019 · Jan 11, 2020 · Jan 11, 2020
diff --git a/src/azure-cli/HISTORY.rst b/src/azure-cli/HISTORY.rst
@@ -26,6 +26,7 @@ Release History
 * Azure Stack: surface commands under the profile of 2019-03-01-hybrid
 
 **ARM**
+
 * Fix issue #10246: `az resource tag` crashes when the parameter `--ids` passed in is resource group ID
 * Fix issue #11658: `az group export` command does not support `--query` and `--output` parameters
 * Fix issue #10279: The exit code of `az group deployment validate` is 0 when the verification fails
@@ -68,6 +69,11 @@ Release History
 
 * Fix #2092: az network dns record-set add/remove: add warning when record-set is not found. In the future, an extra argument will be supported to confirm this auto creation.
 
+**Policy**
+
+* Add new command `az policy metadata` to retrieve rich policy metadata resources
+* `az policy remediation create`: Specify whether compliance should be re-evaluated prior to remediation with the `--resource-discovery-mode` parameter
+
 **Profile**
 
 * `az account get-access-token`: Add `--tenant` parameter to acquire token for the tenant directly, needless to specify a subscription
@@ -274,7 +280,7 @@ Release History
 
 **Policy**
 
-* Support for Policy API version 2019-09-01.
+* Support for Policy API version 2019-09-01
 * az policy set-definition: Support grouping within policy set definitions with `--definition-groups` parameter
 
 **Redis**

@@ -27,3 +27,7 @@ def policy_states_operations(cli_ctx, _):
 
 def policy_remediations_operations(cli_ctx, _):
     return cf_policy_insights(cli_ctx).remediations
+
+
+def policy_metadata_operations(cli_ctx, _):
+    return cf_policy_insights(cli_ctx).policy_metadata
@@ -23,3 +23,13 @@ def get_policy_remediation_completion_list(cmd, prefix, namespace, **kwargs):  #
         result = client.remediations.list_for_subscription(subscription_id=sub)
 
     return [i.name for i in result]
+
+
+@Completer
+def get_policy_metadata_completion_list(cmd, prefix, namespace, **kwargs):  # pylint: disable=unused-argument
+    client = cf_policy_insights(cmd.cli_ctx).policy_metadata
+
+    from azure.mgmt.policyinsights.models import QueryOptions
+    query_options = QueryOptions(top=2000)
+
+    return [metadata.name for metadata in client.list(query_options) if metadata.name.startswith(prefix)]
@@ -98,6 +98,9 @@
   - name: Create a remediation for a specific resource using the resource ID
     text: >
         az policy remediation create --resource "/subscriptions/fff10b27-fff3-fff5-fff8-fffbe01e86a5/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachines/myVm" -n myRemediation --policy-assignment eeb18edc813c42d0ad5a9eab
+  - name: Create a remediation that will re-evaluate compliance before remediating
+    text: >
+        az policy remediation create -g myRg -n myRemediation --policy-assignment eeb18edc813c42d0ad5a9eab --resource-discovery-mode ReEvaluateCompliance
 """
 
 helps['policy remediation delete'] = """
@@ -237,3 +240,29 @@
     text: >
         az policy state summarize --filter "(policyDefinitionAction eq 'deny' or policyDefinitionAction eq 'audit') and resourceLocation ne 'eastus'"
 """
+
+helps['policy metadata'] = """
+type: group
+short-summary: Get policy metadata resources.
+"""
+
+helps['policy metadata list'] = """
+type: command
+short-summary: List policy metadata resources.
+examples:
+  - name: Get all policy metadata resources.
+    text: >
+        az policy metadata list
+  - name: Get policy metadata resources, limit the output to 5 resources.
+    text: >
+        az policy metadata list --top 5
+"""
+
+helps['policy metadata show'] = """
+type: command
+short-summary: Get a single policy metadata resource.
+examples:
+  - name: Get the policy metadata resource with the name 'ACF1000'.
+    text: >
+        az policy metadata show --name ACF1000
+"""
@@ -3,15 +3,15 @@
 # Licensed under the MIT License. See License.txt in the project root for license information.
 # --------------------------------------------------------------------------------------------
 
-from azure.cli.core.commands.parameters import resource_group_name_type
+from azure.cli.core.commands.parameters import (resource_group_name_type, get_enum_type)
 
 from azure.cli.command_modules.resource._completers import (
     get_policy_set_completion_list, get_policy_completion_list,
     get_policy_assignment_completion_list, get_providers_completion_list, get_resource_types_completion_list)
 
 from ._validators import (validate_resource, validate_expand)
 
-from ._completers import get_policy_remediation_completion_list
+from ._completers import get_policy_remediation_completion_list, get_policy_metadata_completion_list
 
 
 def load_arguments(self, _):
@@ -139,3 +139,21 @@ def load_arguments(self, _):
             'definition_reference_id',
             options_list=['--definition-reference-id'],
             help='Policy definition reference ID inside the policy set definition. Only required when the policy assignment is assigning a policy set definition.')  # pylint: disable=line-too-long
+        c.argument(
+            'resource_discovery_mode',
+            arg_type=get_enum_type(['ExistingNonCompliant', 'ReEvaluateCompliance']),
+            help='The way resources to remediate are discovered. Defaults to ExistingNonCompliant if not specified.')
+
+    with self.argument_context('policy metadata show') as c:
+        c.argument(
+            'resource_name',
+            options_list=['--name', '-n'],
+            completer=get_policy_metadata_completion_list,
+            help='The name of the metadata resource.')
+
+    with self.argument_context('policy metadata list') as c:
+        c.argument(
+            'top_value',
+            options_list=['--top'],
+            type=int,
+            help='Maximum number of records to return.')
@@ -4,7 +4,8 @@
 # --------------------------------------------------------------------------------------------
 
 from azure.cli.core.commands import CliCommandType
-from ._client_factory import (policy_events_operations, policy_states_operations, policy_remediations_operations)
+from ._client_factory import (
+    policy_events_operations, policy_states_operations, policy_remediations_operations, policy_metadata_operations)
 from ._exception_handler import policy_insights_exception_handler
 
 
@@ -24,17 +25,20 @@ def load_command_table(self, _):
         exception_handler=policy_insights_exception_handler
     )
 
-    with self.command_group('policy event', policy_events_sdk, client_factory=policy_events_operations,
-                            is_preview=True) as g:
+    policy_metadata_sdk = CliCommandType(
+        operations_tmpl='azure.mgmt.policyinsights.operations#PolicyMetadataOperations.{}',
+        exception_handler=policy_insights_exception_handler
+    )
+
+    with self.command_group('policy event', policy_events_sdk, client_factory=policy_events_operations) as g:
         g.custom_command('list', 'list_policy_events')
 
-    with self.command_group('policy state', policy_states_sdk, client_factory=policy_states_operations,
-                            is_preview=True) as g:
+    with self.command_group('policy state', policy_states_sdk, client_factory=policy_states_operations) as g:
         g.custom_command('list', 'list_policy_states')
         g.custom_command('summarize', 'summarize_policy_states')
 
     with self.command_group('policy remediation', policy_remediations_sdk,
-                            client_factory=policy_remediations_operations, is_preview=True) as g:
+                            client_factory=policy_remediations_operations) as g:
         g.custom_show_command('show', 'get_policy_remediation')
         g.custom_command('list', 'list_policy_remediations')
         g.custom_command('delete', 'delete_policy_remediation')
@@ -44,3 +48,7 @@ def load_command_table(self, _):
     with self.command_group('policy remediation deployment', policy_remediations_sdk,
                             client_factory=policy_remediations_operations) as g:
         g.custom_command('list', 'list_policy_remediation_deployments')
+
+    with self.command_group('policy metadata', policy_metadata_sdk, client_factory=policy_metadata_operations) as g:
+        g.custom_command('list', 'list_policy_metadata')
+        g.custom_command('show', 'show_policy_metadata')
@@ -404,7 +404,8 @@ def create_policy_remediation(
         resource=None,
         namespace=None,
         resource_type_parent=None,
-        resource_type=None):
+        resource_type=None,
+        resource_discovery_mode=None):
 
     subscription_id = get_subscription_id(cmd.cli_ctx)
     scope = _build_remediation_scope(
@@ -442,12 +443,36 @@ def create_policy_remediation(
         from azure.mgmt.policyinsights.models import RemediationFilters
         remediation.filters = RemediationFilters(locations=locations_list)
 
+    if resource_discovery_mode:
+        remediation.resource_discovery_mode = resource_discovery_mode
+
     return client.create_or_update_at_resource(
         resource_id=_remove_leading_and_trailing_slash(scope),
         remediation_name=remediation_name,
         parameters=remediation)
 
 
+def show_policy_metadata(cmd, client, resource_name):   # pylint: disable=unused-argument
+    return client.get_resource(resource_name=resource_name)
+
+
+def list_policy_metadata(cmd, client, top_value=None):   # pylint: disable=unused-argument
+    if top_value is not None:
+        from azure.mgmt.policyinsights.models import QueryOptions
+        page_iter = client.list(QueryOptions(top=top_value))
+        results = []
+
+        while len(results) < top_value:
+            try:
+                results.extend(list(page_iter.advance_page()))
+            except StopIteration:
+                break
+
+        return results[:top_value]
+
+    return list(client.list())
+
+
 def _execute_remediation_operation(
         cmd,
         client,