From cb66cfe4019f9997099b9d486a53cff05ce9768c Mon Sep 17 00:00:00 2001 From: Samarth Lakhotia Date: Wed, 18 Jan 2023 12:24:34 -0500 Subject: [PATCH 1/7] Added cmdlets for policy attestations --- .../EnvSetup/EnvironmentSetup.ps1 | 71 + .../EnvSetup/ManualPolicyRGDefinition.json | 9 + .../ManualPolicyResourceDefinition.json | 9 + .../EnvSetup/ManualPolicySubDefinition.json | 9 + .../PolicyInsights.Test.csproj | 2 +- .../ScenarioTests/AttestationTests.cs | 68 + .../ScenarioTests/AttestationTests.ps1 | 829 +++++++++ .../ScenarioTests/Common.ps1 | 288 ++- .../AttestationErrorHandling.json | 140 ++ .../AttestationGetCollection.json | 932 ++++++++++ .../ErrorHandling.json | 140 ++ .../ResourceGroupScopeCrud.json | 1562 +++++++++++++++++ .../ResourceScopeCrud.json | 1562 +++++++++++++++++ .../SubscriptionScopeCrud.json | 1562 +++++++++++++++++ .../PolicyInsights/Az.PolicyInsights.psd1 | 4 +- .../PolicyInsights/ChangeLog.md | 1 + .../GetAzureRmPolicyAttestation.cs | 105 ++ .../NewAzureRmPolicyAttestation.cs | 127 ++ .../Attestations/RemoveAzureRmAttestation.cs | 82 + .../SetAzureRmPolicyAttestation.cs | 155 ++ .../Common/AttestationCmdletBase.cs | 118 ++ .../Common/ParameterHelpMessages.cs | 10 +- .../Models/Attestations/PSAttestation.cs | 148 ++ .../Attestations/PSAttestationEvidence.cs | 53 + .../Attestations/PSAttestationMetadata.cs | 32 + .../PolicyInsights/PolicyInsights.csproj | 4 +- .../Properties/Resources.Designer.cs | 56 +- .../PolicyInsights/Properties/Resources.resx | 18 + .../PolicyInsights/help/Az.PolicyInsights.md | 12 + .../help/Az.PolicyInsightsCmdlet.Design.md | 1283 ++++++++++++++ .../help/Get-AzPolicyAttestation.md | 219 +++ .../PolicyInsights/help/Get-AzPolicyState.md | 2 +- .../help/New-AzPolicyAttestation.md | 376 ++++ .../help/Remove-AzPolicyAttestation.md | 220 +++ .../help/Set-AzPolicyAttestation.md | 379 ++++ .../help/Start-AzPolicyRemediation.md | 4 + 36 files changed, 10583 insertions(+), 8 deletions(-) create mode 100644 src/PolicyInsights/PolicyInsights.Test/EnvSetup/ManualPolicyRGDefinition.json create mode 100644 src/PolicyInsights/PolicyInsights.Test/EnvSetup/ManualPolicyResourceDefinition.json create mode 100644 src/PolicyInsights/PolicyInsights.Test/EnvSetup/ManualPolicySubDefinition.json create mode 100644 src/PolicyInsights/PolicyInsights.Test/ScenarioTests/AttestationTests.cs create mode 100644 src/PolicyInsights/PolicyInsights.Test/ScenarioTests/AttestationTests.ps1 create mode 100644 src/PolicyInsights/PolicyInsights.Test/SessionRecords/Microsoft.Azure.Commands.PolicyInsights.Test.ScenarioTests.AttestationTests/AttestationErrorHandling.json create mode 100644 src/PolicyInsights/PolicyInsights.Test/SessionRecords/Microsoft.Azure.Commands.PolicyInsights.Test.ScenarioTests.AttestationTests/AttestationGetCollection.json create mode 100644 src/PolicyInsights/PolicyInsights.Test/SessionRecords/Microsoft.Azure.Commands.PolicyInsights.Test.ScenarioTests.AttestationTests/ErrorHandling.json create mode 100644 src/PolicyInsights/PolicyInsights.Test/SessionRecords/Microsoft.Azure.Commands.PolicyInsights.Test.ScenarioTests.AttestationTests/ResourceGroupScopeCrud.json create mode 100644 src/PolicyInsights/PolicyInsights.Test/SessionRecords/Microsoft.Azure.Commands.PolicyInsights.Test.ScenarioTests.AttestationTests/ResourceScopeCrud.json create mode 100644 src/PolicyInsights/PolicyInsights.Test/SessionRecords/Microsoft.Azure.Commands.PolicyInsights.Test.ScenarioTests.AttestationTests/SubscriptionScopeCrud.json create mode 100644 src/PolicyInsights/PolicyInsights/Cmdlets/Attestations/GetAzureRmPolicyAttestation.cs create mode 100644 src/PolicyInsights/PolicyInsights/Cmdlets/Attestations/NewAzureRmPolicyAttestation.cs create mode 100644 src/PolicyInsights/PolicyInsights/Cmdlets/Attestations/RemoveAzureRmAttestation.cs create mode 100644 src/PolicyInsights/PolicyInsights/Cmdlets/Attestations/SetAzureRmPolicyAttestation.cs create mode 100644 src/PolicyInsights/PolicyInsights/Common/AttestationCmdletBase.cs create mode 100644 src/PolicyInsights/PolicyInsights/Models/Attestations/PSAttestation.cs create mode 100644 src/PolicyInsights/PolicyInsights/Models/Attestations/PSAttestationEvidence.cs create mode 100644 src/PolicyInsights/PolicyInsights/Models/Attestations/PSAttestationMetadata.cs create mode 100644 src/PolicyInsights/PolicyInsights/help/Az.PolicyInsightsCmdlet.Design.md create mode 100644 src/PolicyInsights/PolicyInsights/help/Get-AzPolicyAttestation.md create mode 100644 src/PolicyInsights/PolicyInsights/help/New-AzPolicyAttestation.md create mode 100644 src/PolicyInsights/PolicyInsights/help/Remove-AzPolicyAttestation.md create mode 100644 src/PolicyInsights/PolicyInsights/help/Set-AzPolicyAttestation.md diff --git a/src/PolicyInsights/PolicyInsights.Test/EnvSetup/EnvironmentSetup.ps1 b/src/PolicyInsights/PolicyInsights.Test/EnvSetup/EnvironmentSetup.ps1 index ad8520aa8d21..6b715ff8a155 100644 --- a/src/PolicyInsights/PolicyInsights.Test/EnvSetup/EnvironmentSetup.ps1 +++ b/src/PolicyInsights/PolicyInsights.Test/EnvSetup/EnvironmentSetup.ps1 @@ -91,3 +91,74 @@ Start-TestSleep -Seconds 60 foreach ($resourceGroupName in @($resourceGroup1, $resourceGroup2)) { New-AzResourceGroupDeployment -ResourceGroupName $resourceGroupName -TemplateFile "$PSScriptRoot/CreateNSGsTemplate.json" -resourceCount 510 -resourceNamePrefix $(Get-TestResourceNamePrefix) } + +#region Attestation Tests Setup +$resourceGroup3 = $(Get-PSAttestationTestRGName) + +# Create the required RG(s) for attestations. +foreach ($resourceGroupName in @($resourceGroup3)) { + Get-AzResourceGroup -Name $resourceGroupName -ErrorVariable rgNotPresent -ErrorAction SilentlyContinue + if ($rgNotPresent) { + New-AzResourceGroup -Name $resourceGroupName -Location "northcentralus" + } +} + +# Create Subscription targetting manual policy +$manualPolicySubcriptionDefinition = New-AzPolicyDefinition -Name $(Get-TestManualPolicyDefinitonNameSub) -Policy "$PSScriptRoot/ManualPolicySubDefinition.json" -DisplayName "PS cmdlet tests: Subscription Manual Policy" -Mode All + +# Create RG targetting manual policy +$manualPolicyRGDefinition = New-AzPolicyDefinition -Name $(Get-TestManualPolicyDefinitonNameRG) -Policy "$PSScriptRoot/ManualPolicyRGDefinition.json" -DisplayName "PS cmdlet tests: RG Manual Policy" -Mode All + +# Create Resource targetting manual policy +$manualPolicyResourceDefinition = New-AzPolicyDefinition -Name $(Get-TestManualPolicyDefinitonNameResource) -Policy "$PSScriptRoot/ManualPolicyResourceDefinition.json" -DisplayName "PS cmdlet tests: Resource Manual Policy" -Mode All + +# Create a network security group for testing resource level attestations. +New-AzResourceGroupDeployment -ResourceGroupName $resourceGroup3 -TemplateFile "$PSScriptRoot/CreateNSGsTemplate.json" -resourceCount 1 -resourceNamePrefix $(Get-TestResourceNamePrefix) + +# Assign the manual policies targetting each of Subscription, Resource Groups and Resource Types to the subscription +$manualPolicySubAssignment = New-AzPolicyAssignment -Name $(Get-TestAttestationSubscriptionPolicyAssignmentName) -Scope "/subscriptions/$subscriptionId" -DisplayName "PS cmdlet tests: Subscription Manual Policy" -PolicyDefinition $manualPolicySubcriptionDefinition + +$manualPolicyRGAssignment = New-AzPolicyAssignment -Name $(Get-TestAttestationRGPolicyAssignmentName) -Scope "/subscriptions/$subscriptionId" -DisplayName "PS cmdlet tests: RG Manual Policy" -PolicyDefinition $manualPolicyRGDefinition + +$manualPolicyResourceAssignment = New-AzPolicyAssignment -Name $(Get-TestAttestationResourcePolicyAssignmentName) -Scope "/subscriptions/$subscriptionId" -DisplayName "PS cmdlet tests: Resource Manual Policy" -PolicyDefinition $manualPolicyResourceDefinition + +# Define Policy Initiatives +$manualpolicyDefinitionsSubscription = @" +[ + { + "policyDefinitionId":"$($manualPolicySubcriptionDefinition.ResourceId)", + "policyDefinitionReferenceId": "$(Get-TestManualPolicyDefinitonNameSub)_1" + } +] +"@ + +$manualpolicyDefinitionsRG = @" +[ + { + "policyDefinitionId":"$($manualPolicyRGDefinition.ResourceId)", + "policyDefinitionReferenceId": "$(Get-TestManualPolicyDefinitonNameRG)_1" + } +] +"@ + +$manualpolicyDefinitionsResource = @" +[ + { + "policyDefinitionId":"$($manualPolicyResourceDefinition.ResourceId)", + "policyDefinitionReferenceId": "$(Get-TestManualPolicyDefinitonNameResource)_1" + } +] +"@ + +$policySetDefinitionSub = New-AzPolicySetDefinition -Name $(Get-TestManualPolicyInitiativeNameSub) -DisplayName "PS cmdlet tests: Attestation initiative SUB" -PolicyDefinition $manualpolicyDefinitionsSubscription -SubscriptionId $subscriptionId +$policySetDefinitionRG = New-AzPolicySetDefinition -Name $(Get-TestManualPolicyInitiativeNameRG) -DisplayName "PS cmdlet tests: Attestation initiative RG" -PolicyDefinition $manualpolicyDefinitionsRG -SubscriptionId $subscriptionId +$policySetDefinitionResource = New-AzPolicySetDefinition -Name $(Get-TestManualPolicyInitiativeNameResource) -DisplayName "PS cmdlet tests: Attestation initiative Resource" -PolicyDefinition $manualpolicyDefinitionsResource -SubscriptionId $subscriptionId + +# Assign the initiatives to the subscription +New-AzPolicyAssignment -Name $(Get-TestInitiativeAttestationSubPolicyAssignmentName) -Scope "/subscriptions/$subscriptionId" -DisplayName "PS cmdlet tests: Attestation initiative SUB" -PolicySetDefinition $policySetDefinitionSub + +New-AzPolicyAssignment -Name $(Get-TestInitiativeAttestationRGPolicyAssignmentName) -Scope "/subscriptions/$subscriptionId" -DisplayName "PS cmdlet tests: Attestation initiative RG" -PolicySetDefinition $policySetDefinitionRG + +New-AzPolicyAssignment -Name $(Get-TestAttestationInitiativeResourcePolicyAssignmentName) -Scope "/subscriptions/$subscriptionId" -DisplayName "PS cmdlet tests: Attestation initiative Resource" -PolicySetDefinition $policySetDefinitionResource + +#endregion \ No newline at end of file diff --git a/src/PolicyInsights/PolicyInsights.Test/EnvSetup/ManualPolicyRGDefinition.json b/src/PolicyInsights/PolicyInsights.Test/EnvSetup/ManualPolicyRGDefinition.json new file mode 100644 index 000000000000..ec3080821f6b --- /dev/null +++ b/src/PolicyInsights/PolicyInsights.Test/EnvSetup/ManualPolicyRGDefinition.json @@ -0,0 +1,9 @@ +{ + "if": { + "field": "type", + "equals": "microsoft.resources/subscriptions/resourcegroups" + }, + "then": { + "effect": "manual" + } +} \ No newline at end of file diff --git a/src/PolicyInsights/PolicyInsights.Test/EnvSetup/ManualPolicyResourceDefinition.json b/src/PolicyInsights/PolicyInsights.Test/EnvSetup/ManualPolicyResourceDefinition.json new file mode 100644 index 000000000000..d0868e6afd67 --- /dev/null +++ b/src/PolicyInsights/PolicyInsights.Test/EnvSetup/ManualPolicyResourceDefinition.json @@ -0,0 +1,9 @@ +{ + "if": { + "field": "type", + "equals": "Microsoft.Network/networkSecurityGroups" + }, + "then": { + "effect": "manual" + } +} \ No newline at end of file diff --git a/src/PolicyInsights/PolicyInsights.Test/EnvSetup/ManualPolicySubDefinition.json b/src/PolicyInsights/PolicyInsights.Test/EnvSetup/ManualPolicySubDefinition.json new file mode 100644 index 000000000000..328ecc624531 --- /dev/null +++ b/src/PolicyInsights/PolicyInsights.Test/EnvSetup/ManualPolicySubDefinition.json @@ -0,0 +1,9 @@ +{ + "if": { + "field": "type", + "equals": "microsoft.resources/subscriptions" + }, + "then": { + "effect": "manual" + } +} \ No newline at end of file diff --git a/src/PolicyInsights/PolicyInsights.Test/PolicyInsights.Test.csproj b/src/PolicyInsights/PolicyInsights.Test/PolicyInsights.Test.csproj index 051d24e152ad..90d6bc1949fc 100644 --- a/src/PolicyInsights/PolicyInsights.Test/PolicyInsights.Test.csproj +++ b/src/PolicyInsights/PolicyInsights.Test/PolicyInsights.Test.csproj @@ -11,7 +11,7 @@ - + \ No newline at end of file diff --git a/src/PolicyInsights/PolicyInsights.Test/ScenarioTests/AttestationTests.cs b/src/PolicyInsights/PolicyInsights.Test/ScenarioTests/AttestationTests.cs new file mode 100644 index 000000000000..6c5aacf8e78d --- /dev/null +++ b/src/PolicyInsights/PolicyInsights.Test/ScenarioTests/AttestationTests.cs @@ -0,0 +1,68 @@ +// ---------------------------------------------------------------------------------- +// +// Copyright Microsoft Corporation +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// ---------------------------------------------------------------------------------- + +using Microsoft.WindowsAzure.Commands.ScenarioTest; +using System; +using System.Collections.Generic; +using System.Text; +using Xunit; +using Xunit.Abstractions; + +namespace Microsoft.Azure.Commands.PolicyInsights.Test.ScenarioTests +{ + public class AttestationTests : PolicyInsightsTestRunner + + { + public AttestationTests(Xunit.Abstractions.ITestOutputHelper output) : base(output) + { + } + + [Fact] + [Trait(Category.AcceptanceType, Category.CheckIn)] + public void SubscriptionScopeCrud() + { + TestRunner.RunTestScript("Attestation-SubscriptionScope-Crud"); + } + + [Fact] + [Trait(Category.AcceptanceType, Category.CheckIn)] + public void ResourceGroupScopeCrud() + { + TestRunner.RunTestScript("Attestation-ResourceGroupScope-Crud"); + } + + + [Fact] + [Trait(Category.AcceptanceType, Category.CheckIn)] + public void ResourceScopeCrud() + { + TestRunner.RunTestScript("Attestation-ResourceScope-Crud"); + } + + [Fact] + [Trait(Category.AcceptanceType, Category.CheckIn)] + public void AttestationGetCollection() + { + TestRunner.RunTestScript("Attestation-GetCollection"); + } + + [Fact] + [Trait(Category.AcceptanceType, Category.CheckIn)] + public void AttestationErrorHandling() + { + TestRunner.RunTestScript("Attestation-Error-Handling"); + } + + } +} diff --git a/src/PolicyInsights/PolicyInsights.Test/ScenarioTests/AttestationTests.ps1 b/src/PolicyInsights/PolicyInsights.Test/ScenarioTests/AttestationTests.ps1 new file mode 100644 index 000000000000..e37db912c012 --- /dev/null +++ b/src/PolicyInsights/PolicyInsights.Test/ScenarioTests/AttestationTests.ps1 @@ -0,0 +1,829 @@ +# ---------------------------------------------------------------------------------- +# +# Copyright Microsoft Corporation +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ---------------------------------------------------------------------------------- +. ".\Common.ps1" +$Compliant = "Compliant" +$NonCompliant = "NonCompliant" +<# +.SYNOPSIS +Perform attestation CRUD operations at subscription scope +#> +function Attestation-SubscriptionScope-Crud { + # Import-Module "C:\One\azure-powershell\artifacts\Debug\Az.PolicyInsights\Az.PolicyInsights.psm1" + #region Minimal Attestation CRUD + # Create a new attestation with minimal properties + $policyAssignmentId = Get-TestAttestationSubscriptionPolicyAssignmentId + $attestationName = "Attestation-SubscriptionScope-Crud" + + $minimalAttestation = New-AzPolicyAttestation -PolicyAssignmentId $policyAssignmentId -Name $attestationName -ComplianceState $Compliant + + Validate-Attestation $minimalAttestation + Validate-AttestationProperties ` + -attestation $minimalAttestation ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyAssignmentId ` + -expectedComplianceState $Compliant + + # Get the attestation + $attestation = Get-AzPolicyAttestation -Name $attestationName + Validate-Attestation $attestation + Validate-AttestationProperties ` + -attestation $attestation ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyAssignmentId ` + -expectedComplianceState $Compliant + + # Update an existing attestation by resource name + $updatedMinimalAttestation = Set-AzPolicyAttestation -Name $attestationName -ComplianceState $NonCompliant + Validate-Attestation $updatedMinimalAttestation + Validate-AttestationProperties ` + -attestation $updatedMinimalAttestation ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyAssignmentId ` + -expectedComplianceState $NonCompliant + + # Update an existing attestation by input object + $comment = "Test Comment" + $updatedMinimalAttestation2 = $updatedMinimalAttestation | Set-AzPolicyAttestation -Comment $comment + Validate-Attestation $updatedMinimalAttestation2 + Validate-AttestationProperties ` + -attestation $updatedMinimalAttestation2 ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyAssignmentId ` + -expectedComplianceState $NonCompliant ` + -expectedComment $comment + + # Update an existing attestation by resource ID + $expiresOn = [System.DateTime]::new(2050,01,01,00,00,00) + $updatedMinimalAttestation3 = Set-AzPolicyAttestation -PolicyAssignmentId $policyAssignmentId -Id $updatedMinimalAttestation2.Id -ComplianceState $NonCompliant -Comment $comment -ExpiresOn $expiresOn + Validate-Attestation $updatedMinimalAttestation3 + Validate-AttestationProperties ` + -attestation $updatedMinimalAttestation3 ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyAssignmentId ` + -expectedComplianceState $NonCompliant ` + -expectedComment $comment ` + -expectedExpiresOn $expiresOn + #endregion + + #region Attestations All Properties CRUD + $attestationName = "Attestation-Sub-Full" + $policyInitiativeAssignmentId = Get-TestInitiativeAttestationSubPolicyAssignmentId + $policyDefinitionReferenceId = Get-TestInitiativeAttestationSubPolicyRefId + + $description = "This is a test description" + $sourceURI = "https://contoso.org/test.pdf" + $owner = "Test Owner" + $evidence = @{ + "Description"=$description + "SourceUri"=$sourceURI + } + $policyEvidence = @($evidence) + + $metadata = '{"TestKey":"TestValue"}' + + $fullAttestation = New-AzPolicyAttestation ` + -Name $attestationName ` + -PolicyAssignmentId $policyInitiativeAssignmentId ` + -PolicyDefinitionReferenceId $policyDefinitionReferenceId ` + -ComplianceState $Compliant ` + -Comment $comment ` + -Evidence $policyEvidence ` + -ExpiresOn $expiresOn ` + -AssessmentDate $expiresOn.AddDays(-2) ` + -Owner $owner ` + -Metadata $metadata + + Validate-Attestation($fullAttestation) + Validate-AttestationProperties ` + -attestation $fullAttestation ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyInitiativeAssignmentId ` + -expectedPolicyDefinitionReferenceId $policyDefinitionReferenceId ` + -expectedComplianceState $Compliant ` + -expectedComment $comment ` + -expectedExpiresOn $expiresOn ` + -expectedMetadata $metadata ` + -expectedOwner $owner ` + -expectedAssessmentDate $expiresOn.AddDays(-2) + + # Get the attestation + $attestation = Get-AzPolicyAttestation -Name $attestationName + Validate-Attestation $attestation + Validate-AttestationProperties ` + -attestation $attestation ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyInitiativeAssignmentId ` + -expectedComplianceState $Compliant + + # Update the existing attestation by resource name + $comment = "This is an updated comment" + $updatedFullAttestation = Set-AzPolicyAttestation ` + -Name $attestationName ` + -PolicyAssignmentId $policyInitiativeAssignmentId ` + -PolicyDefinitionReferenceId $policyDefinitionReferenceId ` + -ComplianceState $Compliant ` + -Comment $comment ` + -Evidence $policyEvidence ` + -ExpiresOn $expiresOn ` + -AssessmentDate $expiresOn.AddDays(-2) ` + -Owner $owner ` + -Metadata $metadata + + Validate-Attestation($updatedFullAttestation) + Validate-AttestationProperties ` + -attestation $updatedFullAttestation ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyInitiativeAssignmentId ` + -expectedPolicyDefinitionReferenceId $policyDefinitionReferenceId ` + -expectedComplianceState $Compliant ` + -expectedComment $comment ` + -expectedExpiresOn $expiresOn ` + -expectedMetadata $metadata ` + -expectedOwner $owner ` + -expectedAssessmentDate $expiresOn.AddDays(-2) + + # Update the existing attestation by resource id + $description = "This is a test description" + $sourceURI = "https://contoso.org/test.pdf" + $owner = "Test Owner" + $evidence = @{ + "Description"=$description + "SourceUri"=$sourceURI + } + + $description2 = "Found new evidence to make the resource non-compliant" + $sourceURI2 = "https://contoso.org/testnewevidence.pdf" + $evidence2 = @{ + "Description"=$description2 + "SourceUri"=$sourceURI2 + } + + $policyEvidence = @( ` + $evidence, + $evidence2 + ) + + $updatedFullAttestation2 = Set-AzPolicyAttestation ` + -Id $updatedFullAttestation.Id ` + -PolicyAssignmentId $policyInitiativeAssignmentId ` + -PolicyDefinitionReferenceId $policyDefinitionReferenceId ` + -ComplianceState $NonCompliant ` + -Comment $comment ` + -Evidence $policyEvidence ` + -ExpiresOn $expiresOn ` + -AssessmentDate $expiresOn.AddDays(-2) ` + -Owner $owner ` + -Metadata $metadata + + Validate-Attestation($updatedFullAttestation2) + Validate-AttestationProperties ` + -attestation $updatedFullAttestation2 ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyInitiativeAssignmentId ` + -expectedPolicyDefinitionReferenceId $policyDefinitionReferenceId ` + -expectedComplianceState $NonCompliant ` + -expectedComment $comment ` + -expectedExpiresOn $expiresOn ` + -expectedMetadata $metadata ` + -expectedOwner $owner ` + -expectedAssessmentDate $expiresOn.AddDays(-2) + + # Update attestation by input object + $newOwner = "Test Owner 2" + $updatedFullAttestation3 = $updatedFullAttestation2 | Set-AzPolicyAttestation -Owner $newOwner + + Validate-Attestation($updatedFullAttestation3) + Validate-AttestationProperties ` + -attestation $updatedFullAttestation3 ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyInitiativeAssignmentId ` + -expectedPolicyDefinitionReferenceId $policyDefinitionReferenceId ` + -expectedComplianceState $NonCompliant ` + -expectedComment $comment ` + -expectedExpiresOn $expiresOn ` + -expectedMetadata $metadata ` + -expectedOwner $newOwner ` + -expectedAssessmentDate $expiresOn.AddDays(-2) + + # Get all attestations at the scope + $attestations = Get-AzPolicyAttestation + Assert-NotNullorEmpty $attestations + Assert-AreEqual 2 $attestations.Count + + # Delete one attestation + $result = ($minimalAttestation | Remove-AzPolicyAttestation -PassThru) + Assert-AreEqual $true $result + + # Get all attestations at the scope + $attestations = Get-AzPolicyAttestation + Assert-NotNullorEmpty $attestations + Assert-AreEqual 1 $attestations.Count + + $result = ($fullAttestation | Remove-AzPolicyAttestation -PassThru) + Assert-AreEqual $true $result + + # Get all attestations at the scope + $attestations = Get-AzPolicyAttestation + Assert-AreEqual 0 $attestations.Count + + #endregion + } + +function Attestation-ResourceGroupScope-Crud { + # Import-Module "C:\One\azure-powershell\artifacts\Debug\Az.PolicyInsights\Az.PolicyInsights.psm1" + #region Minimal Attestation CRUD + # Create a new attestation with minimal properties + $policyAssignmentId = Get-TestAttestationRGPolicyAssignmentId + $attestationName = "Attestation-RGScope-Crud" + $RGName = Get-PSAttestationTestRGName + + $minimalAttestation = New-AzPolicyAttestation -ResourceGroupName $RGName -PolicyAssignmentId $policyAssignmentId -Name $attestationName -ComplianceState $Compliant + + Validate-Attestation $minimalAttestation + Validate-AttestationProperties ` + -attestation $minimalAttestation ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyAssignmentId ` + -expectedComplianceState $Compliant + + # Get the attestation + $attestation = Get-AzPolicyAttestation -ResourceGroupName $RGName -Name $attestationName + Validate-Attestation $attestation + Validate-AttestationProperties ` + -attestation $attestation ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyAssignmentId ` + -expectedComplianceState $Compliant + + # Update an existing attestation by resource name + $updatedMinimalAttestation = Set-AzPolicyAttestation -ResourceGroupName $RGName -Name $attestationName -ComplianceState $NonCompliant + Validate-Attestation $updatedMinimalAttestation + Validate-AttestationProperties ` + -attestation $updatedMinimalAttestation ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyAssignmentId ` + -expectedComplianceState $NonCompliant + + # Update an existing attestation by input object + $comment = "Test Comment" + $updatedMinimalAttestation2 = $updatedMinimalAttestation | Set-AzPolicyAttestation -Comment $comment + Validate-Attestation $updatedMinimalAttestation2 + Validate-AttestationProperties ` + -attestation $updatedMinimalAttestation2 ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyAssignmentId ` + -expectedComplianceState $NonCompliant ` + -expectedComment $comment + + # Update an existing attestation by resource ID + $expiresOn = [System.DateTime]::new(2050,01,01,00,00,00) + $updatedMinimalAttestation3 = Set-AzPolicyAttestation -Id $updatedMinimalAttestation2.Id -ComplianceState $NonCompliant -Comment $comment -ExpiresOn $expiresOn + Validate-Attestation $updatedMinimalAttestation3 + Validate-AttestationProperties ` + -attestation $updatedMinimalAttestation3 ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyAssignmentId ` + -expectedComplianceState $NonCompliant ` + -expectedComment $comment ` + -expectedExpiresOn $expiresOn + #endregion + + #region Attestations All Properties CRUD + $attestationName = "Attestation-RG-Full" + $policyInitiativeAssignmentId = Get-TestInitiativeAttestationRGPolicyAssignmentId + $policyDefinitionReferenceId = Get-TestInitiativeAttestationRGPolicyRefId + + $description = "This is a test description" + $sourceURI = "https://contoso.org/test.pdf" + $owner = "Test Owner" + $evidence = @{ + "Description"=$description + "SourceUri"=$sourceURI + } + $policyEvidence = @($evidence) + + $metadata = + '{ + "TestKey":"TestValue" + }' + + + $fullAttestation = New-AzPolicyAttestation ` + -Name $attestationName ` + -ResourceGroupName $RGName ` + -PolicyAssignmentId $policyInitiativeAssignmentId ` + -PolicyDefinitionReferenceId $policyDefinitionReferenceId ` + -ComplianceState $Compliant ` + -Comment $comment ` + -Evidence $policyEvidence ` + -ExpiresOn $expiresOn ` + -AssessmentDate $expiresOn.AddDays(-2) ` + -Owner $owner ` + -Metadata $metadata + + Validate-Attestation($fullAttestation) + Validate-AttestationProperties ` + -attestation $fullAttestation ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyInitiativeAssignmentId ` + -expectedPolicyDefinitionReferenceId $policyDefinitionReferenceId ` + -expectedComplianceState $Compliant ` + -expectedComment $comment ` + -expectedExpiresOn $expiresOn ` + -expectedMetadata $metadata ` + -expectedOwner $owner ` + -expectedAssessmentDate $expiresOn.AddDays(-2) + + # Get the attestation + $attestation = Get-AzPolicyAttestation -Name $attestationName -ResourceGroupName $RGName + Validate-Attestation $attestation + Validate-AttestationProperties ` + -attestation $attestation ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyInitiativeAssignmentId ` + -expectedComplianceState $Compliant + + # Update the existing attestation by resource name + $comment = "This is an updated comment" + $updatedFullAttestation = Set-AzPolicyAttestation ` + -Name $attestationName ` + -ResourceGroupName $RGName ` + -PolicyAssignmentId $policyInitiativeAssignmentId ` + -PolicyDefinitionReferenceId $policyDefinitionReferenceId ` + -ComplianceState $Compliant ` + -Comment $comment ` + -Evidence $policyEvidence ` + -ExpiresOn $expiresOn ` + -AssessmentDate $expiresOn.AddDays(-2) ` + -Owner $owner ` + -Metadata $metadata + + Validate-Attestation($updatedFullAttestation) + Validate-AttestationProperties ` + -attestation $updatedFullAttestation ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyInitiativeAssignmentId ` + -expectedPolicyDefinitionReferenceId $policyDefinitionReferenceId ` + -expectedComplianceState $Compliant ` + -expectedComment $comment ` + -expectedExpiresOn $expiresOn ` + -expectedMetadata $metadata ` + -expectedOwner $owner ` + -expectedAssessmentDate $expiresOn.AddDays(-2) + + # Update the existing attestation by resource id + $description = "This is a test description" + $sourceURI = "https://contoso.org/test.pdf" + $owner = "Test Owner" + $evidence = @{ + "Description"=$description + "SourceUri"=$sourceURI + } + + $description2 = "Found new evidence to make the resource non-compliant" + $sourceURI2 = "https://contoso.org/testnewevidence.pdf" + $evidence2 = [Microsoft.Azure.Management.PolicyInsights.Models.AttestationEvidence]::new($description2, $sourceURI2) + + $policyEvidence = @( ` + $evidence, + $evidence2 + ) + + $updatedFullAttestation2 = Set-AzPolicyAttestation ` + -Id $updatedFullAttestation.Id ` + -PolicyAssignmentId $policyInitiativeAssignmentId ` + -PolicyDefinitionReferenceId $policyDefinitionReferenceId ` + -ComplianceState $NonCompliant ` + -Comment $comment ` + -Evidence $policyEvidence ` + -ExpiresOn $expiresOn ` + -AssessmentDate $expiresOn.AddDays(-2) ` + -Owner $owner ` + -Metadata $metadata + + Validate-Attestation($updatedFullAttestation2) + Validate-AttestationProperties ` + -attestation $updatedFullAttestation2 ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyInitiativeAssignmentId ` + -expectedPolicyDefinitionReferenceId $policyDefinitionReferenceId ` + -expectedComplianceState $NonCompliant ` + -expectedComment $comment ` + -expectedExpiresOn $expiresOn ` + -expectedMetadata $metadata ` + -expectedOwner $owner ` + -expectedAssessmentDate $expiresOn.AddDays(-2) + + # Update attestation by input object + $newOwner = "Test Owner 2" + $updatedFullAttestation3 = $updatedFullAttestation2 | Set-AzPolicyAttestation -Owner $newOwner + + Validate-Attestation($updatedFullAttestation3) + Validate-AttestationProperties ` + -attestation $updatedFullAttestation3 ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyInitiativeAssignmentId ` + -expectedPolicyDefinitionReferenceId $policyDefinitionReferenceId ` + -expectedComplianceState $NonCompliant ` + -expectedComment $comment ` + -expectedExpiresOn $expiresOn ` + -expectedMetadata $metadata ` + -expectedOwner $newOwner ` + -expectedAssessmentDate $expiresOn.AddDays(-2) + + # Get all attestations at the scope + $attestations = Get-AzPolicyAttestation -ResourceGroupName $RGName + Assert-NotNullorEmpty $attestations + Assert-AreEqual 2 $attestations.Count + + # Delete one attestation + $result = ($minimalAttestation | Remove-AzPolicyAttestation -PassThru) + Assert-AreEqual $true $result + + # Get all attestations at the scope + $attestations = Get-AzPolicyAttestation -ResourceGroupName $RGName + Assert-NotNullorEmpty $attestations + Assert-AreEqual 1 $attestations.Count + + # Delete the second attestation + $result = ($fullAttestation | Remove-AzPolicyAttestation -PassThru) + Assert-AreEqual $true $result + + # Get all attestations at the scope + $attestations = Get-AzPolicyAttestation -ResourceGroupName $RGName + Assert-AreEqual 0 $attestations.Count + + #endregion +} + +function Attestation-ResourceScope-Crud { + # Import-Module "C:\One\azure-powershell\artifacts\Debug\Az.PolicyInsights\Az.PolicyInsights.psm1" + #region Minimal Attestation CRUD + # Create a new attestation with minimal properties + $policyAssignmentId = Get-TestAttestationResourcePolicyAssignmentId + $attestationName = "Attestation-ResourceScope-Crud" + $scope = Get-PSAttestationTestResourceId + + $minimalAttestation = New-AzPolicyAttestation ` + -PolicyAssignmentId $policyAssignmentId ` + -Name $attestationName ` + -Scope $scope ` + -ComplianceState $Compliant + + Validate-Attestation $minimalAttestation + Validate-AttestationProperties ` + -attestation $minimalAttestation ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyAssignmentId ` + -expectedComplianceState $Compliant + + # Get the attestation + $attestation = Get-AzPolicyAttestation -Name $attestationName -Scope $scope + Validate-Attestation $attestation + Validate-AttestationProperties ` + -attestation $attestation ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyAssignmentId ` + -expectedComplianceState $Compliant + + # Update an existing attestation by resource name + $updatedMinimalAttestation = Set-AzPolicyAttestation -Scope $scope -Name $attestationName -ComplianceState $NonCompliant + Validate-Attestation $updatedMinimalAttestation + Validate-AttestationProperties ` + -attestation $updatedMinimalAttestation ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyAssignmentId ` + -expectedComplianceState $NonCompliant + + # Update an existing attestation by input object + $comment = "Test Comment" + $updatedMinimalAttestation2 = $updatedMinimalAttestation | Set-AzPolicyAttestation -Comment $comment + Validate-Attestation $updatedMinimalAttestation2 + Validate-AttestationProperties ` + -attestation $updatedMinimalAttestation2 ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyAssignmentId ` + -expectedComplianceState $NonCompliant ` + -expectedComment $comment + + # Update an existing attestation by resource ID + $expiresOn = [System.DateTime]::new(2050,01,01,00,00,00) + $updatedMinimalAttestation3 = Set-AzPolicyAttestation -PolicyAssignmentId $policyAssignmentId -Id $updatedMinimalAttestation2.Id -ComplianceState $NonCompliant -Comment $comment -ExpiresOn $expiresOn + Validate-Attestation $updatedMinimalAttestation3 + Validate-AttestationProperties ` + -attestation $updatedMinimalAttestation3 ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyAssignmentId ` + -expectedComplianceState $NonCompliant ` + -expectedComment $comment ` + -expectedExpiresOn $expiresOn + #endregion + + #region Attestations All Properties CRUD + $attestationName = "Attestation-Resource-Full" + $policyInitiativeAssignmentId = Get-TestAttestationInitiativeResourcePolicyAssignmentId + $policyDefinitionReferenceId = Get-TestAttestationInitiativeResourcePolicyRefId + + $description = "This is a test description" + $sourceURI = "https://contoso.org/test.pdf" + $owner = "Test Owner" + $evidence = @{ + "Description"=$description + "SourceUri"=$sourceURI + } + $policyEvidence = @($evidence) + + $metadata = '{"TestKey":"TestValue"}' + + + $fullAttestation = New-AzPolicyAttestation ` + -Name $attestationName ` + -Scope $scope ` + -PolicyAssignmentId $policyInitiativeAssignmentId ` + -PolicyDefinitionReferenceId $policyDefinitionReferenceId ` + -ComplianceState $Compliant ` + -Comment $comment ` + -Evidence $policyEvidence ` + -ExpiresOn $expiresOn ` + -AssessmentDate $expiresOn.AddDays(-2) ` + -Owner $owner ` + -Metadata $metadata + + Validate-Attestation($fullAttestation) + Validate-AttestationProperties ` + -attestation $fullAttestation ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyInitiativeAssignmentId ` + -expectedPolicyDefinitionReferenceId $policyDefinitionReferenceId ` + -expectedComplianceState $Compliant ` + -expectedComment $comment ` + -expectedExpiresOn $expiresOn ` + -expectedMetadata $metadata ` + -expectedOwner $owner ` + -expectedAssessmentDate $expiresOn.AddDays(-2) + + # Get the attestation + $attestation = Get-AzPolicyAttestation -Name $attestationName -Scope $scope + Validate-Attestation $attestation + Validate-AttestationProperties ` + -attestation $attestation ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyInitiativeAssignmentId ` + -expectedComplianceState $Compliant + + # Update the existing attestation by resource name + $comment = "This is an updated comment" + $updatedFullAttestation = Set-AzPolicyAttestation ` + -Name $attestationName ` + -Scope $scope ` + -PolicyAssignmentId $policyInitiativeAssignmentId ` + -PolicyDefinitionReferenceId $policyDefinitionReferenceId ` + -ComplianceState $Compliant ` + -Comment $comment ` + -Evidence $policyEvidence ` + -ExpiresOn $expiresOn ` + -AssessmentDate $expiresOn.AddDays(-2) ` + -Owner $owner ` + -Metadata $metadata + + Validate-Attestation($updatedFullAttestation) + Validate-AttestationProperties ` + -attestation $updatedFullAttestation ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyInitiativeAssignmentId ` + -expectedPolicyDefinitionReferenceId $policyDefinitionReferenceId ` + -expectedComplianceState $Compliant ` + -expectedComment $comment ` + -expectedExpiresOn $expiresOn ` + -expectedMetadata $metadata ` + -expectedOwner $owner ` + -expectedAssessmentDate $expiresOn.AddDays(-2) + + # Update the existing attestation by resource id + $description2 = "Found new evidence to make the resource non-compliant" + $sourceURI2 = "https://contoso.org/testnewevidence.pdf" + $evidence2 = [Microsoft.Azure.Management.PolicyInsights.Models.AttestationEvidence]::new($description2, $sourceURI2) + + $policyEvidence = @( ` + $evidence, + $evidence2 + ) + + $updatedFullAttestation2 = Set-AzPolicyAttestation ` + -Id $updatedFullAttestation.Id ` + -PolicyAssignmentId $policyInitiativeAssignmentId ` + -PolicyDefinitionReferenceId $policyDefinitionReferenceId ` + -ComplianceState $NonCompliant ` + -Comment $comment ` + -Evidence $policyEvidence ` + -ExpiresOn $expiresOn ` + -AssessmentDate $expiresOn.AddDays(-2) ` + -Owner $owner ` + -Metadata $metadata + + Validate-Attestation($updatedFullAttestation2) + Validate-AttestationProperties ` + -attestation $updatedFullAttestation2 ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyInitiativeAssignmentId ` + -expectedPolicyDefinitionReferenceId $policyDefinitionReferenceId ` + -expectedComplianceState $NonCompliant ` + -expectedComment $comment ` + -expectedExpiresOn $expiresOn ` + -expectedMetadata $metadata ` + -expectedOwner $owner ` + -expectedAssessmentDate $expiresOn.AddDays(-2) + + # Update attestation by input object + $newOwner = "Test Owner 2" + $updatedFullAttestation3 = $updatedFullAttestation2 | Set-AzPolicyAttestation -Owner $newOwner + + Validate-Attestation($updatedFullAttestation3) + Validate-AttestationProperties ` + -attestation $updatedFullAttestation3 ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyInitiativeAssignmentId ` + -expectedPolicyDefinitionReferenceId $policyDefinitionReferenceId ` + -expectedComplianceState $NonCompliant ` + -expectedComment $comment ` + -expectedExpiresOn $expiresOn ` + -expectedMetadata $metadata ` + -expectedOwner $newOwner ` + -expectedAssessmentDate $expiresOn.AddDays(-2) + + # Get all attestations at the scope + $attestations = Get-AzPolicyAttestation -Scope $scope + Assert-NotNullorEmpty $attestations + Assert-AreEqual 2 $attestations.Count + + # Delete one attestation + $result = ($minimalAttestation | Remove-AzPolicyAttestation -PassThru) + Assert-AreEqual $true $result + + # Get all attestations at the scope + $attestations = Get-AzPolicyAttestation -Scope $scope + Assert-NotNullorEmpty $attestations + Assert-AreEqual 1 $attestations.Count + + $result = ($fullAttestation | Remove-AzPolicyAttestation -PassThru) + Assert-AreEqual $true $result + + # Get all attestations at the scope + $attestations = Get-AzPolicyAttestation -Scope $scope + Assert-AreEqual 0 $attestations.Count + + #endregion +} + +function Attestation-GetCollection { + # First Attestation + $policyAssignmentId = Get-TestAttestationSubscriptionPolicyAssignmentId + $attestationName = "Attestation-SubscriptionScope-Crud" + $minimalAttestation = New-AzPolicyAttestation -PolicyAssignmentId $policyAssignmentId -Name $attestationName -ComplianceState $Compliant + + Validate-Attestation $minimalAttestation + Validate-AttestationProperties ` + -attestation $minimalAttestation ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyAssignmentId ` + -expectedComplianceState $Compliant + + # Second Attestation + $attestationName = "Attestation-RG-Full" + $RGName = Get-PSAttestationTestRGName + $policyInitiativeAssignmentId = Get-TestInitiativeAttestationRGPolicyAssignmentId + $policyDefinitionReferenceId = Get-TestInitiativeAttestationRGPolicyRefId + $comment = "Test Comment" + $description = "This is a test description" + $sourceURI = "https://contoso.org/test.pdf" + $owner = "Test Owner" + $evidence = @{ + "Description"=$description + "SourceUri"=$sourceURI + } + $policyEvidence = @($evidence) + $expiresOn = [System.DateTime]::new(2050,01,01,00,00,00) + $metadata = '{"TestKey":"TestValue"}' + + + $fullAttestation = New-AzPolicyAttestation ` + -Name $attestationName ` + -ResourceGroupName $RGName ` + -PolicyAssignmentId $policyInitiativeAssignmentId ` + -PolicyDefinitionReferenceId $policyDefinitionReferenceId ` + -ComplianceState $Compliant ` + -Comment $comment ` + -Evidence $policyEvidence ` + -ExpiresOn $expiresOn ` + -AssessmentDate $expiresOn.AddDays(-2) ` + -Owner $owner ` + -Metadata $metadata + + Validate-Attestation($fullAttestation) + Validate-AttestationProperties ` + -attestation $fullAttestation ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyInitiativeAssignmentId ` + -expectedPolicyDefinitionReferenceId $policyDefinitionReferenceId ` + -expectedComplianceState $Compliant ` + -expectedComment $comment ` + -expectedExpiresOn $expiresOn ` + -expectedMetadata $metadata ` + -expectedOwner $owner ` + -expectedAssessmentDate $expiresOn.AddDays(-2) + + # Third Attestation + $policyAssignmentId = Get-TestAttestationResourcePolicyAssignmentId + $attestationName = "Attestation-ResourceScope-Crud" + $scope = Get-PSAttestationTestResourceId + + $minimalAttestation = New-AzPolicyAttestation ` + -PolicyAssignmentId $policyAssignmentId ` + -Name $attestationName ` + -Scope $scope ` + -ComplianceState $Compliant + + Validate-Attestation $minimalAttestation + Validate-AttestationProperties ` + -attestation $minimalAttestation ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyAssignmentId ` + -expectedComplianceState $Compliant + + $attestations1 = Get-AzPolicyAttestation + Assert-AreEqual 3 $attestations1.Count + + $attestationsTop = Get-AzPolicyAttestation -Top 2 + Assert-AreEqual 2 $attestationsTop.Count + + $attestationsFilter = Get-AzPolicyAttestation -Filter "PolicyAssignmentId eq '$(Get-TestAttestationSubscriptionPolicyAssignmentId)'" + Assert-AreEqual 1 $attestationsFilter.Count + + $attestations2 = Get-AzPolicyAttestation -ResourceGroupName $RGName + Assert-AreEqual 2 $attestations2.Count + + $attestations3 = Get-AzPolicyAttestation -Scope $scope + Assert-AreEqual 1 $attestations3.Count + + $result = $attestations1 | Remove-AzPolicyAttestation -PassThru + Assert-AreEqual $true $result +} + +function Attestation-Error-Handling { + #region Attestation CRUD Error No Compliance Results + # Create a new attestation with minimal properties + $policyAssignmentId = Get-TestAttestationSubscriptionPolicyAssignmentId + $attestationName = "Attestation-Error-Crud" + $RGName = Get-PSAttestationTestRGName + + Assert-ThrowsContains ` + { + New-AzPolicyAttestation -ResourceGroupName $RGName -PolicyAssignmentId $policyAssignmentId -Name $attestationName -ComplianceState $Compliant + } ` + "InvalidCreateAttestationRequest: Unable to create attestation '$attestationName'. No compliance data was found for resource '/subscriptions/$(Get-TestSubscriptionId)/resourceGroups/$RGName' against policy assignment '$policyAssignmentId'" + #endregion +} \ No newline at end of file diff --git a/src/PolicyInsights/PolicyInsights.Test/ScenarioTests/Common.ps1 b/src/PolicyInsights/PolicyInsights.Test/ScenarioTests/Common.ps1 index 1dc8174dcc06..a3a470bff717 100644 --- a/src/PolicyInsights/PolicyInsights.Test/ScenarioTests/Common.ps1 +++ b/src/PolicyInsights/PolicyInsights.Test/ScenarioTests/Common.ps1 @@ -27,7 +27,7 @@ Gets test subscription ID. #> function Get-TestSubscriptionId { # Reminder: The subscription ID in the test context (created via PS command or by creating an env variable) should be the same as this subscription ID. - "086aecf4-23d6-4dfd-99a8-a5c6299f0322" + "086aecf4-23d6-4dfd-99a8-a5c6299f0322" # This is the Azure Governance Perf 21 subscription } <# @@ -403,3 +403,289 @@ function Assert-NotNullOrEmpty { Assert-False { [string]::IsNullOrEmpty($value) } } + +<# +.SYNOPSIS +Gets test manual policy definition name targetted at subcriptions. +#> +function Get-TestManualPolicyDefinitonNameSub{ + "PSTestAttestationSub" +} + +<# +.SYNOPSIS +Gets test manual policy definition name targetted at resource groups. +#> +function Get-TestManualPolicyDefinitonNameRG{ + "PSTestAttestationRG" +} + +<# +.SYNOPSIS +Gets test manual policy definition name targetted at resources. +#> +function Get-TestManualPolicyDefinitonNameResource{ + "PSTestAttestationResource" +} + +<# +.SYNOPSIS +Gets test manual policy initiative name targetted at subcriptions. +#> +function Get-TestManualPolicyInitiativeNameSub{ + "PSTestAttestationInitiativeSub" +} + +<# +.SYNOPSIS +Gets test manual policy initiative name targetted at resource groups. +#> +function Get-TestManualPolicyInitiativeNameRG{ + "PSTestAttestationInitiativeRG" +} + +<# +.SYNOPSIS +Gets test manual policy initiative name targetted at resource. +#> +function Get-TestManualPolicyInitiativeNameResource{ + "PSTestAttestationInitiativeResource" +} + +#region Attestation Subsciption Scope + +<# +.SYNOPSIS +Get the name of the policy assignment at the subscription scope. +#> +function Get-TestAttestationSubscriptionPolicyAssignmentName { + "PSAttestationSubAssignment" +} + +<# +.SYNOPSIS +Get the name of the policy assignment at the subscription scope for a policy initiative. +#> +function Get-TestInitiativeAttestationSubPolicyAssignmentName { + "PSAttestationInitiativeSubAssignment" +} + +<# +.SYNOPSIS +Gets the resource id of policy assignment used for attestation tests at subscription scope. +#> +function Get-TestAttestationSubscriptionPolicyAssignmentId { + "/subscriptions/$(Get-TestSubscriptionId)/providers/Microsoft.Authorization/policyAssignments/$(Get-TestAttestationSubscriptionPolicyAssignmentName)" +} + +<# +.SYNOPSIS +Gets the policy assignment id used for attestation tests at subscription scope. +#> +function Get-TestInitiativeAttestationSubPolicyAssignmentId { + "/subscriptions/$(Get-TestSubscriptionId)/providers/Microsoft.Authorization/policyAssignments/$(Get-TestInitiativeAttestationSubPolicyAssignmentName)" +} + +<# +.SYNOPSIS +Gets the policy definition reference id of the initiative used for attestation tests at subscription scope. +#> +function Get-TestInitiativeAttestationSubPolicyRefId { + "$(Get-TestManualPolicyDefinitonNameSub)_1" +} + +#endregion + +#region Attestation Resource Group Scope +<# +.SYNOPSIS +Gets the name of the resource group used for attestation tests at resource group scope. +#> +function Get-PSAttestationTestRGName { + "ps-attestation-test-rg" +} + +<# +.SYNOPSIS +Gets the name of the policy assignment for an initiative used for attestation tests at resource group scope. +#> +function Get-TestInitiativeAttestationRGPolicyAssignmentName { + "PSAttestationInitiativeRGAssignment" +} + +<# +.SYNOPSIS +Gets the name of the policy assignment for attestation tests at resource group scope. +#> +function Get-TestAttestationRGPolicyAssignmentName { + "PSAttestationRGAssignment" +} + +<# +.SYNOPSIS +Gets the policy assignment id for attestation tests at resource group scope. +#> +function Get-TestAttestationRGPolicyAssignmentId { + "/subscriptions/$(Get-TestSubscriptionId)/providers/Microsoft.Authorization/policyAssignments/$(Get-TestAttestationRGPolicyAssignmentName)" +} + +<# +.SYNOPSIS +Gets the policy initiative's assignment id for attestation tests at resource group scope. +#> +function Get-TestInitiativeAttestationRGPolicyAssignmentId { + "/subscriptions/$(Get-TestSubscriptionId)/providers/Microsoft.Authorization/policyAssignments/$(Get-TestInitiativeAttestationRGPolicyAssignmentName)" +} + +<# +.SYNOPSIS +Gets the policy definition reference id for attestation tests at resource group scope. +#> +function Get-TestInitiativeAttestationRGPolicyRefId { + "$(Get-TestManualPolicyDefinitonNameRG)_1" +} + +#endregion + +#region Attestation Resource Scope +<# +.SYNOPSIS +Gets the name of the resource used in attestation tests at resource scope. +#> +function Get-PSAttestationTestResourceName { + "$(Get-TestResourceNamePrefix)0" +} + +<# +.SYNOPSIS +Gets the resource id of the resource used in attestation tests at resource scope. +#> +function Get-PSAttestationTestResourceId { + "/subscriptions/$(Get-TestSubscriptionId)/resourceGroups/$(Get-PSAttestationTestRGName)/providers/Microsoft.Network/networkSecurityGroups/$(Get-PSAttestationTestResourceName)" +} + +<# +.SYNOPSIS +Gets the name of the policy assignment used for attestation tests at resource scope. +#> +function Get-TestAttestationResourcePolicyAssignmentName { + "PSAttestationResourceAssignment" +} + +<# +.SYNOPSIS +Gets the resource id of the policy assignment used for attestation tests at resource scope. +#> +function Get-TestAttestationResourcePolicyAssignmentId { + "/subscriptions/$(Get-TestSubscriptionId)/providers/Microsoft.Authorization/policyAssignments/$(Get-TestAttestationResourcePolicyAssignmentName)" +} + +<# +.SYNOPSIS +Gets the name of the policy assignment for an initiative used for attestation tests at resource scope. +#> +function Get-TestAttestationInitiativeResourcePolicyAssignmentName { + "PSAttestationInitiativeResourceAssignment" +} + +<# +.SYNOPSIS +Gets the resource id of the policy assignment for an initiative used for attestation tests at resource scope. +#> +function Get-TestAttestationInitiativeResourcePolicyAssignmentId { + "/subscriptions/$(Get-TestSubscriptionId)/providers/Microsoft.Authorization/policyAssignments/$(Get-TestAttestationInitiativeResourcePolicyAssignmentName)" +} + +<# +.SYNOPSIS +Gets the policy definition reference id used in attestation tests at resource scope. +#> +function Get-TestAttestationInitiativeResourcePolicyRefId { + "$(Get-TestManualPolicyDefinitonNameResource)_1" +} +#endregion + +<# +.SYNOPSIS +Validates an attestation +#> +function Validate-Attestation { + param([Microsoft.Azure.Commands.PolicyInsights.Models.Attestations.PSAttestation]$attestation) + + Assert-NotNull $attestation + Assert-NotNull $attestation.LastComplianceStateChangeAt + Assert-True { $attestation.Id -like "*/providers/microsoft.policyinsights/attestations/*" } + Assert-AreEqual "Microsoft.PolicyInsights/attestations" $attestation.Type + Assert-NotNullOrEmpty $attestation.Name + Assert-NotNullOrEmpty $attestation.PolicyAssignmentId + Assert-NotNullOrEmpty $attestation.ProvisioningState +} + +<# +.SYNOPSIS +Validates the properties of an attestation. +#> +function Validate-AttestationProperties { + param( + [Parameter(Mandatory = $true)]$attestation, + [Parameter(Mandatory = $false)]$expectedName = $null, + [Parameter(Mandatory = $false)]$expectedProvisioningState = $null, + [Parameter(Mandatory = $false)]$expectedPolicyAssignmentId = $null, + [Parameter(Mandatory = $false)]$expectedPolicyDefinitionReferenceId = $null, + [Parameter(Mandatory = $false)]$expectedComplianceState = $null, + [Parameter(Mandatory = $false)]$expectedComment = $null, + [Parameter(Mandatory = $false)]$expectedExpiresOn = $null, + [Parameter(Mandatory = $false)]$expectedMetadata = $null, + [Parameter(Mandatory = $false)]$expectedEvidence = $null, + [Parameter(Mandatory = $false)]$expectedOwner = $null, + [Parameter(Mandatory = $false)]$expectedAssessmentDate = $null + ) + if ($null -ne $expectedName) { + Assert-AreEqual $expectedName $attestation.Name + } + if ($null -ne $expectedProvisioningState) { + Assert-AreEqual $expectedProvisioningState $attestation.ProvisioningState + } + if ($null -ne $expectedPolicyAssignmentId) { + Assert-AreEqual $expectedPolicyAssignmentId $attestation.PolicyAssignmentId + } + if ($null -ne $expectedPolicyDefinitionReferenceId) { + Assert-AreEqual $expectedPolicyDefinitionReferenceId $attestation.PolicyDefinitionReferenceId + } + if ($null -ne $expectedComplianceState) { + Assert-AreEqual $expectedComplianceState $attestation.ComplianceState + } + if ($null -ne $expectedExpiresOn) { + Assert-AreEqual $expectedExpiresOn $attestation.ExpiresOn + } + if ($null -ne $expectedMetadata) { + $expectedMetadataJson = [Newtonsoft.Json.Linq.JObject]::Parse($expectedMetadata) + Assert-AreEqual $expectedMetadataJson.ToString() $attestation.metadata.ToString() + } + if ($null -ne $expectedEvidence) { + Validate-PolicyAttestationEvidence($attestation.Evidence, $expectedEvidence) + } + if ($null -ne $expectedOwner) { + Assert-AreEqual $expectedOwner $attestation.Owner + } + if ($null -ne $expectedComment) { + Assert-AreEqual $expectedComment $attestation.Comment + } + if ($null -ne $expectedAssessmentDate) { + Assert-AreEqual $expectedAssessmentDate $attestation.AssessmentDate + } +} + +<# +.SYNOPSIS +Validates an attestation evidence. +#> +function Validate-AttestationEvidence { + param($actualEvidence, $expectedEvidence) + + Assert-NotNullOrEmpty $actualEvidence + for ($i = 0; $i -lt $actualEvidence.Count; $i++) { + Assert-AreEqual $expectedEvidence[$i].Description $actualEvidence[$i].Description + Assert-AreEqual $expectedEvidence[$i].SourceUri $actualEvidence[$i].SourceUri + } +} \ No newline at end of file diff --git a/src/PolicyInsights/PolicyInsights.Test/SessionRecords/Microsoft.Azure.Commands.PolicyInsights.Test.ScenarioTests.AttestationTests/AttestationErrorHandling.json b/src/PolicyInsights/PolicyInsights.Test/SessionRecords/Microsoft.Azure.Commands.PolicyInsights.Test.ScenarioTests.AttestationTests/AttestationErrorHandling.json new file mode 100644 index 000000000000..279ab7ae72b6 --- /dev/null +++ b/src/PolicyInsights/PolicyInsights.Test/SessionRecords/Microsoft.Azure.Commands.PolicyInsights.Test.ScenarioTests.AttestationTests/AttestationErrorHandling.json @@ -0,0 +1,140 @@ +{ + "Entries": [ + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourceGroups/ps-attestation-test-rg/providers/Microsoft.PolicyInsights/attestations/Attestation-Error-Crud?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9yZXNvdXJjZUdyb3Vwcy9wcy1hdHRlc3RhdGlvbi10ZXN0LXJnL3Byb3ZpZGVycy9NaWNyb3NvZnQuUG9saWN5SW5zaWdodHMvYXR0ZXN0YXRpb25zL0F0dGVzdGF0aW9uLUVycm9yLUNydWQ/YXBpLXZlcnNpb249MjAyMi0wOS0wMQ==", + "RequestMethod": "GET", + "RequestHeaders": { + "x-ms-client-request-id": [ + "8eab0041-e6f0-4c3e-b86c-c236a836d48b" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ] + }, + "RequestBody": "", + "ResponseHeaders": { + "Cache-Control": [ + "no-store, no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11999" + ], + "Server": [ + "Kestrel" + ], + "x-ms-request-id": [ + "1d846e6e-c58c-4649-ac37-23c1d20f178b" + ], + "x-ms-correlation-request-id": [ + "1d846e6e-c58c-4649-ac37-23c1d20f178b" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165710Z:1d846e6e-c58c-4649-ac37-23c1d20f178b" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:57:10 GMT" + ], + "Content-Length": [ + "119" + ], + "Content-Type": [ + "application/json" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"AttestationNotFound\",\r\n \"message\": \"The attestation with name 'Attestation-Error-Crud' does not exist.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourceGroups/ps-attestation-test-rg/providers/Microsoft.PolicyInsights/attestations/Attestation-Error-Crud?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9yZXNvdXJjZUdyb3Vwcy9wcy1hdHRlc3RhdGlvbi10ZXN0LXJnL3Byb3ZpZGVycy9NaWNyb3NvZnQuUG9saWN5SW5zaWdodHMvYXR0ZXN0YXRpb25zL0F0dGVzdGF0aW9uLUVycm9yLUNydWQ/YXBpLXZlcnNpb249MjAyMi0wOS0wMQ==", + "RequestMethod": "PUT", + "RequestHeaders": { + "x-ms-client-request-id": [ + "8eab0041-e6f0-4c3e-b86c-c236a836d48b" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Content-Length": [ + "225" + ] + }, + "RequestBody": "{\r\n \"properties\": {\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/Microsoft.Authorization/policyAssignments/PSAttestationSubAssignment\",\r\n \"complianceState\": \"Compliant\"\r\n }\r\n}", + "ResponseHeaders": { + "Cache-Control": [ + "no-store, no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-ratelimit-remaining-subscription-writes": [ + "1199" + ], + "Server": [ + "Kestrel" + ], + "x-ms-request-id": [ + "b8c46715-9ccf-4515-a922-8ce62d3578f5" + ], + "x-ms-correlation-request-id": [ + "b8c46715-9ccf-4515-a922-8ce62d3578f5" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165711Z:b8c46715-9ccf-4515-a922-8ce62d3578f5" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:57:11 GMT" + ], + "Content-Length": [ + "551" + ], + "Content-Type": [ + "application/json" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"InvalidCreateAttestationRequest\",\r\n \"message\": \"Unable to create attestation 'Attestation-Error-Crud'. No compliance data was found for resource '/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourceGroups/ps-attestation-test-rg' against policy assignment '/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/Microsoft.Authorization/policyAssignments/PSAttestationSubAssignment' and policy definition reference ID ''. If this is a new resource or policy assignment please trigger a compliance scan or try again later.\"\r\n }\r\n}", + "StatusCode": 400 + } + ], + "Names": {}, + "Variables": { + "SubscriptionId": "086aecf4-23d6-4dfd-99a8-a5c6299f0322" + } +} \ No newline at end of file diff --git a/src/PolicyInsights/PolicyInsights.Test/SessionRecords/Microsoft.Azure.Commands.PolicyInsights.Test.ScenarioTests.AttestationTests/AttestationGetCollection.json b/src/PolicyInsights/PolicyInsights.Test/SessionRecords/Microsoft.Azure.Commands.PolicyInsights.Test.ScenarioTests.AttestationTests/AttestationGetCollection.json new file mode 100644 index 000000000000..0163be630e0a --- /dev/null +++ b/src/PolicyInsights/PolicyInsights.Test/SessionRecords/Microsoft.Azure.Commands.PolicyInsights.Test.ScenarioTests.AttestationTests/AttestationGetCollection.json @@ -0,0 +1,932 @@ +{ + "Entries": [ + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/Microsoft.PolicyInsights/attestations/Attestation-SubscriptionScope-Crud?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9wcm92aWRlcnMvTWljcm9zb2Z0LlBvbGljeUluc2lnaHRzL2F0dGVzdGF0aW9ucy9BdHRlc3RhdGlvbi1TdWJzY3JpcHRpb25TY29wZS1DcnVkP2FwaS12ZXJzaW9uPTIwMjItMDktMDE=", + "RequestMethod": "GET", + "RequestHeaders": { + "x-ms-client-request-id": [ + "c281c9bd-5491-45e2-91ae-0158cf4b8c22" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ] + }, + "RequestBody": "", + "ResponseHeaders": { + "Cache-Control": [ + "no-store, no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11999" + ], + "Server": [ + "Kestrel" + ], + "x-ms-request-id": [ + "2ec7c107-ee22-48e0-8e91-1c4978990206" + ], + "x-ms-correlation-request-id": [ + "2ec7c107-ee22-48e0-8e91-1c4978990206" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165739Z:2ec7c107-ee22-48e0-8e91-1c4978990206" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:57:38 GMT" + ], + "Content-Length": [ + "131" + ], + "Content-Type": [ + "application/json" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"AttestationNotFound\",\r\n \"message\": \"The attestation with name 'Attestation-SubscriptionScope-Crud' does not exist.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/Microsoft.PolicyInsights/attestations/Attestation-SubscriptionScope-Crud?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9wcm92aWRlcnMvTWljcm9zb2Z0LlBvbGljeUluc2lnaHRzL2F0dGVzdGF0aW9ucy9BdHRlc3RhdGlvbi1TdWJzY3JpcHRpb25TY29wZS1DcnVkP2FwaS12ZXJzaW9uPTIwMjItMDktMDE=", + "RequestMethod": "PUT", + "RequestHeaders": { + "x-ms-client-request-id": [ + "c281c9bd-5491-45e2-91ae-0158cf4b8c22" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Content-Length": [ + "225" + ] + }, + "RequestBody": "{\r\n \"properties\": {\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/Microsoft.Authorization/policyAssignments/PSAttestationSubAssignment\",\r\n \"complianceState\": \"Compliant\"\r\n }\r\n}", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "142" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-writes": [ + "1199" + ], + "x-ms-request-id": [ + "1bd9cbd0-2729-411d-a978-2f7f97ea579d" + ], + "x-ms-correlation-request-id": [ + "1bd9cbd0-2729-411d-a978-2f7f97ea579d" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165739Z:1bd9cbd0-2729-411d-a978-2f7f97ea579d" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:57:38 GMT" + ], + "Content-Length": [ + "804" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationsubassignment\",\r\n \"complianceState\": \"Compliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:57:39.6151068Z\"\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.policyinsights/attestations/attestation-subscriptionscope-crud\",\r\n \"name\": \"Attestation-SubscriptionScope-Crud\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:57:39.6151068Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:57:39.6151068Z\"\r\n }\r\n}", + "StatusCode": 201 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourceGroups/ps-attestation-test-rg/providers/Microsoft.PolicyInsights/attestations/Attestation-RG-Full?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9yZXNvdXJjZUdyb3Vwcy9wcy1hdHRlc3RhdGlvbi10ZXN0LXJnL3Byb3ZpZGVycy9NaWNyb3NvZnQuUG9saWN5SW5zaWdodHMvYXR0ZXN0YXRpb25zL0F0dGVzdGF0aW9uLVJHLUZ1bGw/YXBpLXZlcnNpb249MjAyMi0wOS0wMQ==", + "RequestMethod": "GET", + "RequestHeaders": { + "x-ms-client-request-id": [ + "8d89d539-1186-4021-9ad9-4e48d7fdc510" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ] + }, + "RequestBody": "", + "ResponseHeaders": { + "Cache-Control": [ + "no-store, no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11999" + ], + "Server": [ + "Kestrel" + ], + "x-ms-request-id": [ + "02cc20e6-0160-4590-9a35-b9107bc7445c" + ], + "x-ms-correlation-request-id": [ + "02cc20e6-0160-4590-9a35-b9107bc7445c" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165740Z:02cc20e6-0160-4590-9a35-b9107bc7445c" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:57:39 GMT" + ], + "Content-Length": [ + "116" + ], + "Content-Type": [ + "application/json" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"AttestationNotFound\",\r\n \"message\": \"The attestation with name 'Attestation-RG-Full' does not exist.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourceGroups/ps-attestation-test-rg/providers/Microsoft.PolicyInsights/attestations/Attestation-RG-Full?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9yZXNvdXJjZUdyb3Vwcy9wcy1hdHRlc3RhdGlvbi10ZXN0LXJnL3Byb3ZpZGVycy9NaWNyb3NvZnQuUG9saWN5SW5zaWdodHMvYXR0ZXN0YXRpb25zL0F0dGVzdGF0aW9uLVJHLUZ1bGw/YXBpLXZlcnNpb249MjAyMi0wOS0wMQ==", + "RequestMethod": "PUT", + "RequestHeaders": { + "x-ms-client-request-id": [ + "8d89d539-1186-4021-9ad9-4e48d7fdc510" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Content-Length": [ + "654" + ] + }, + "RequestBody": "{\r\n \"properties\": {\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/Microsoft.Authorization/policyAssignments/PSAttestationInitiativeRGAssignment\",\r\n \"policyDefinitionReferenceId\": \"PSTestAttestationRG_1\",\r\n \"complianceState\": \"Compliant\",\r\n \"expiresOn\": \"2050-01-01T00:00:00Z\",\r\n \"owner\": \"Test Owner\",\r\n \"comments\": \"Test Comment\",\r\n \"evidence\": [\r\n {\r\n \"description\": \"This is a test description\",\r\n \"sourceUri\": \"https://contoso.org/test.pdf\"\r\n }\r\n ],\r\n \"assessmentDate\": \"2049-12-30T00:00:00Z\",\r\n \"metadata\": {\r\n \"TestKey\": \"TestValue\"\r\n }\r\n }\r\n}", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "136" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-writes": [ + "1199" + ], + "x-ms-request-id": [ + "b495f519-67ff-4343-a7ef-29b4cc65b8b4" + ], + "x-ms-correlation-request-id": [ + "b495f519-67ff-4343-a7ef-29b4cc65b8b4" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165742Z:b495f519-67ff-4343-a7ef-29b4cc65b8b4" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:57:41 GMT" + ], + "Content-Length": [ + "1133" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationinitiativergassignment\",\r\n \"policyDefinitionReferenceId\": \"pstestattestationrg_1\",\r\n \"complianceState\": \"Compliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:57:41.1952356Z\",\r\n \"expiresOn\": \"2050-01-01T00:00:00Z\",\r\n \"owner\": \"Test Owner\",\r\n \"comments\": \"Test Comment\",\r\n \"evidence\": [\r\n {\r\n \"description\": \"This is a test description\",\r\n \"sourceUri\": \"https://contoso.org/test.pdf\"\r\n }\r\n ],\r\n \"assessmentDate\": \"2049-12-30T00:00:00Z\",\r\n \"metadata\": {\r\n \"TestKey\": \"TestValue\"\r\n }\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg/providers/microsoft.policyinsights/attestations/attestation-rg-full\",\r\n \"name\": \"Attestation-RG-Full\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:57:41.1952356Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:57:41.1952356Z\"\r\n }\r\n}", + "StatusCode": 201 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourceGroups/ps-attestation-test-rg/providers/Microsoft.Network/networkSecurityGroups/pstests0/providers/Microsoft.PolicyInsights/attestations/Attestation-ResourceScope-Crud?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9yZXNvdXJjZUdyb3Vwcy9wcy1hdHRlc3RhdGlvbi10ZXN0LXJnL3Byb3ZpZGVycy9NaWNyb3NvZnQuTmV0d29yay9uZXR3b3JrU2VjdXJpdHlHcm91cHMvcHN0ZXN0czAvcHJvdmlkZXJzL01pY3Jvc29mdC5Qb2xpY3lJbnNpZ2h0cy9hdHRlc3RhdGlvbnMvQXR0ZXN0YXRpb24tUmVzb3VyY2VTY29wZS1DcnVkP2FwaS12ZXJzaW9uPTIwMjItMDktMDE=", + "RequestMethod": "GET", + "RequestHeaders": { + "x-ms-client-request-id": [ + "9e38b4a4-0d5e-4d7b-9db0-63606ffb7dd1" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ] + }, + "RequestBody": "", + "ResponseHeaders": { + "Cache-Control": [ + "no-store, no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11998" + ], + "Server": [ + "Kestrel" + ], + "x-ms-request-id": [ + "a924bb29-a184-4369-98dd-afd5369cdf52" + ], + "x-ms-correlation-request-id": [ + "a924bb29-a184-4369-98dd-afd5369cdf52" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165742Z:a924bb29-a184-4369-98dd-afd5369cdf52" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:57:41 GMT" + ], + "Content-Length": [ + "127" + ], + "Content-Type": [ + "application/json" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"AttestationNotFound\",\r\n \"message\": \"The attestation with name 'Attestation-ResourceScope-Crud' does not exist.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourceGroups/ps-attestation-test-rg/providers/Microsoft.Network/networkSecurityGroups/pstests0/providers/Microsoft.PolicyInsights/attestations/Attestation-ResourceScope-Crud?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9yZXNvdXJjZUdyb3Vwcy9wcy1hdHRlc3RhdGlvbi10ZXN0LXJnL3Byb3ZpZGVycy9NaWNyb3NvZnQuTmV0d29yay9uZXR3b3JrU2VjdXJpdHlHcm91cHMvcHN0ZXN0czAvcHJvdmlkZXJzL01pY3Jvc29mdC5Qb2xpY3lJbnNpZ2h0cy9hdHRlc3RhdGlvbnMvQXR0ZXN0YXRpb24tUmVzb3VyY2VTY29wZS1DcnVkP2FwaS12ZXJzaW9uPTIwMjItMDktMDE=", + "RequestMethod": "PUT", + "RequestHeaders": { + "x-ms-client-request-id": [ + "9e38b4a4-0d5e-4d7b-9db0-63606ffb7dd1" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Content-Length": [ + "230" + ] + }, + "RequestBody": "{\r\n \"properties\": {\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/Microsoft.Authorization/policyAssignments/PSAttestationResourceAssignment\",\r\n \"complianceState\": \"Compliant\"\r\n }\r\n}", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "142" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-writes": [ + "1198" + ], + "x-ms-request-id": [ + "3e3a4a40-7adb-42a6-85d8-b2b931680b81" + ], + "x-ms-correlation-request-id": [ + "3e3a4a40-7adb-42a6-85d8-b2b931680b81" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165743Z:3e3a4a40-7adb-42a6-85d8-b2b931680b81" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:57:42 GMT" + ], + "Content-Length": [ + "898" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationresourceassignment\",\r\n \"complianceState\": \"Compliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:57:43.2561956Z\"\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg/providers/microsoft.network/networksecuritygroups/pstests0/providers/microsoft.policyinsights/attestations/attestation-resourcescope-crud\",\r\n \"name\": \"Attestation-ResourceScope-Crud\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:57:43.2561956Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:57:43.2561956Z\"\r\n }\r\n}", + "StatusCode": 201 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/Microsoft.PolicyInsights/attestations?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9wcm92aWRlcnMvTWljcm9zb2Z0LlBvbGljeUluc2lnaHRzL2F0dGVzdGF0aW9ucz9hcGktdmVyc2lvbj0yMDIyLTA5LTAx", + "RequestMethod": "GET", + "RequestHeaders": { + "x-ms-client-request-id": [ + "1a0c054d-4990-491d-aa60-b6a3be9137dc" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ] + }, + "RequestBody": "", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "149" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11998" + ], + "x-ms-request-id": [ + "2125bb8a-38c3-43d9-ba9f-dd30f82fb259" + ], + "x-ms-correlation-request-id": [ + "2125bb8a-38c3-43d9-ba9f-dd30f82fb259" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165743Z:2125bb8a-38c3-43d9-ba9f-dd30f82fb259" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:57:43 GMT" + ], + "Content-Length": [ + "2849" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationsubassignment\",\r\n \"complianceState\": \"Compliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:57:39.6151068Z\"\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.policyinsights/attestations/attestation-subscriptionscope-crud\",\r\n \"name\": \"Attestation-SubscriptionScope-Crud\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:57:39.6151068Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:57:39.6151068Z\"\r\n }\r\n },\r\n {\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationinitiativergassignment\",\r\n \"policyDefinitionReferenceId\": \"pstestattestationrg_1\",\r\n \"complianceState\": \"Compliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:57:41.1952356Z\",\r\n \"expiresOn\": \"2050-01-01T00:00:00Z\",\r\n \"owner\": \"Test Owner\",\r\n \"comments\": \"Test Comment\",\r\n \"evidence\": [\r\n {\r\n \"description\": \"This is a test description\",\r\n \"sourceUri\": \"https://contoso.org/test.pdf\"\r\n }\r\n ],\r\n \"assessmentDate\": \"2049-12-30T00:00:00Z\",\r\n \"metadata\": {\r\n \"TestKey\": \"TestValue\"\r\n }\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg/providers/microsoft.policyinsights/attestations/attestation-rg-full\",\r\n \"name\": \"Attestation-RG-Full\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:57:41.1952356Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:57:41.1952356Z\"\r\n }\r\n },\r\n {\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationresourceassignment\",\r\n \"complianceState\": \"Compliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:57:43.2561956Z\"\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg/providers/microsoft.network/networksecuritygroups/pstests0/providers/microsoft.policyinsights/attestations/attestation-resourcescope-crud\",\r\n \"name\": \"Attestation-ResourceScope-Crud\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:57:43.2561956Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:57:43.2561956Z\"\r\n }\r\n }\r\n ]\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/Microsoft.PolicyInsights/attestations?api-version=2022-09-01&$top=2", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9wcm92aWRlcnMvTWljcm9zb2Z0LlBvbGljeUluc2lnaHRzL2F0dGVzdGF0aW9ucz9hcGktdmVyc2lvbj0yMDIyLTA5LTAxJiR0b3A9Mg==", + "RequestMethod": "GET", + "RequestHeaders": { + "x-ms-client-request-id": [ + "0272217b-0e2e-4024-8463-8fee34a94091" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ] + }, + "RequestBody": "", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "143" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11998" + ], + "x-ms-request-id": [ + "652161b8-bf05-4b48-8509-d728662e4153" + ], + "x-ms-correlation-request-id": [ + "652161b8-bf05-4b48-8509-d728662e4153" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165744Z:652161b8-bf05-4b48-8509-d728662e4153" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:57:43 GMT" + ], + "Content-Length": [ + "1950" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationsubassignment\",\r\n \"complianceState\": \"Compliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:57:39.6151068Z\"\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.policyinsights/attestations/attestation-subscriptionscope-crud\",\r\n \"name\": \"Attestation-SubscriptionScope-Crud\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:57:39.6151068Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:57:39.6151068Z\"\r\n }\r\n },\r\n {\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationinitiativergassignment\",\r\n \"policyDefinitionReferenceId\": \"pstestattestationrg_1\",\r\n \"complianceState\": \"Compliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:57:41.1952356Z\",\r\n \"expiresOn\": \"2050-01-01T00:00:00Z\",\r\n \"owner\": \"Test Owner\",\r\n \"comments\": \"Test Comment\",\r\n \"evidence\": [\r\n {\r\n \"description\": \"This is a test description\",\r\n \"sourceUri\": \"https://contoso.org/test.pdf\"\r\n }\r\n ],\r\n \"assessmentDate\": \"2049-12-30T00:00:00Z\",\r\n \"metadata\": {\r\n \"TestKey\": \"TestValue\"\r\n }\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg/providers/microsoft.policyinsights/attestations/attestation-rg-full\",\r\n \"name\": \"Attestation-RG-Full\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:57:41.1952356Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:57:41.1952356Z\"\r\n }\r\n }\r\n ]\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/Microsoft.PolicyInsights/attestations?api-version=2022-09-01&$filter=PolicyAssignmentId%20eq%20%27%2Fsubscriptions%2F086aecf4-23d6-4dfd-99a8-a5c6299f0322%2Fproviders%2FMicrosoft.Authorization%2FpolicyAssignments%2FPSAttestationSubAssignment%27", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9wcm92aWRlcnMvTWljcm9zb2Z0LlBvbGljeUluc2lnaHRzL2F0dGVzdGF0aW9ucz9hcGktdmVyc2lvbj0yMDIyLTA5LTAxJiRmaWx0ZXI9UG9saWN5QXNzaWdubWVudElkJTIwZXElMjAlMjclMkZzdWJzY3JpcHRpb25zJTJGMDg2YWVjZjQtMjNkNi00ZGZkLTk5YTgtYTVjNjI5OWYwMzIyJTJGcHJvdmlkZXJzJTJGTWljcm9zb2Z0LkF1dGhvcml6YXRpb24lMkZwb2xpY3lBc3NpZ25tZW50cyUyRlBTQXR0ZXN0YXRpb25TdWJBc3NpZ25tZW50JTI3", + "RequestMethod": "GET", + "RequestHeaders": { + "x-ms-client-request-id": [ + "774f949e-4359-426c-84db-d0bc25df2b22" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ] + }, + "RequestBody": "", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "140" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11999" + ], + "x-ms-request-id": [ + "b11545a4-7fae-4096-951b-74abf157ef6d" + ], + "x-ms-correlation-request-id": [ + "b11545a4-7fae-4096-951b-74abf157ef6d" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165744Z:b11545a4-7fae-4096-951b-74abf157ef6d" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:57:44 GMT" + ], + "Content-Length": [ + "816" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationsubassignment\",\r\n \"complianceState\": \"Compliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:57:39.6151068Z\"\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.policyinsights/attestations/attestation-subscriptionscope-crud\",\r\n \"name\": \"Attestation-SubscriptionScope-Crud\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:57:39.6151068Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:57:39.6151068Z\"\r\n }\r\n }\r\n ]\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourceGroups/ps-attestation-test-rg/providers/Microsoft.PolicyInsights/attestations?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9yZXNvdXJjZUdyb3Vwcy9wcy1hdHRlc3RhdGlvbi10ZXN0LXJnL3Byb3ZpZGVycy9NaWNyb3NvZnQuUG9saWN5SW5zaWdodHMvYXR0ZXN0YXRpb25zP2FwaS12ZXJzaW9uPTIwMjItMDktMDE=", + "RequestMethod": "GET", + "RequestHeaders": { + "x-ms-client-request-id": [ + "c1ff651f-019e-4b0a-ac52-859d3edb1257" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ] + }, + "RequestBody": "", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "145" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11998" + ], + "x-ms-request-id": [ + "712ac5d3-5e89-4ed0-83f1-bd2194309133" + ], + "x-ms-correlation-request-id": [ + "712ac5d3-5e89-4ed0-83f1-bd2194309133" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165744Z:712ac5d3-5e89-4ed0-83f1-bd2194309133" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:57:44 GMT" + ], + "Content-Length": [ + "2044" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationinitiativergassignment\",\r\n \"policyDefinitionReferenceId\": \"pstestattestationrg_1\",\r\n \"complianceState\": \"Compliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:57:41.1952356Z\",\r\n \"expiresOn\": \"2050-01-01T00:00:00Z\",\r\n \"owner\": \"Test Owner\",\r\n \"comments\": \"Test Comment\",\r\n \"evidence\": [\r\n {\r\n \"description\": \"This is a test description\",\r\n \"sourceUri\": \"https://contoso.org/test.pdf\"\r\n }\r\n ],\r\n \"assessmentDate\": \"2049-12-30T00:00:00Z\",\r\n \"metadata\": {\r\n \"TestKey\": \"TestValue\"\r\n }\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg/providers/microsoft.policyinsights/attestations/attestation-rg-full\",\r\n \"name\": \"Attestation-RG-Full\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:57:41.1952356Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:57:41.1952356Z\"\r\n }\r\n },\r\n {\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationresourceassignment\",\r\n \"complianceState\": \"Compliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:57:43.2561956Z\"\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg/providers/microsoft.network/networksecuritygroups/pstests0/providers/microsoft.policyinsights/attestations/attestation-resourcescope-crud\",\r\n \"name\": \"Attestation-ResourceScope-Crud\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:57:43.2561956Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:57:43.2561956Z\"\r\n }\r\n }\r\n ]\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourceGroups/ps-attestation-test-rg/providers/Microsoft.Network/networkSecurityGroups/pstests0/providers/Microsoft.PolicyInsights/attestations?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9yZXNvdXJjZUdyb3Vwcy9wcy1hdHRlc3RhdGlvbi10ZXN0LXJnL3Byb3ZpZGVycy9NaWNyb3NvZnQuTmV0d29yay9uZXR3b3JrU2VjdXJpdHlHcm91cHMvcHN0ZXN0czAvcHJvdmlkZXJzL01pY3Jvc29mdC5Qb2xpY3lJbnNpZ2h0cy9hdHRlc3RhdGlvbnM/YXBpLXZlcnNpb249MjAyMi0wOS0wMQ==", + "RequestMethod": "GET", + "RequestHeaders": { + "x-ms-client-request-id": [ + "29279df1-cfbb-4cd5-8ce6-4fd6a286eb1d" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ] + }, + "RequestBody": "", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "142" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11999" + ], + "x-ms-request-id": [ + "064e93cd-b545-4caa-bac5-84d83c072938" + ], + "x-ms-correlation-request-id": [ + "064e93cd-b545-4caa-bac5-84d83c072938" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165745Z:064e93cd-b545-4caa-bac5-84d83c072938" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:57:45 GMT" + ], + "Content-Length": [ + "910" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationresourceassignment\",\r\n \"complianceState\": \"Compliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:57:43.2561956Z\"\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg/providers/microsoft.network/networksecuritygroups/pstests0/providers/microsoft.policyinsights/attestations/attestation-resourcescope-crud\",\r\n \"name\": \"Attestation-ResourceScope-Crud\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:57:43.2561956Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:57:43.2561956Z\"\r\n }\r\n }\r\n ]\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322//providers/Microsoft.PolicyInsights/attestations/Attestation-SubscriptionScope-Crud?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi8vcHJvdmlkZXJzL01pY3Jvc29mdC5Qb2xpY3lJbnNpZ2h0cy9hdHRlc3RhdGlvbnMvQXR0ZXN0YXRpb24tU3Vic2NyaXB0aW9uU2NvcGUtQ3J1ZD9hcGktdmVyc2lvbj0yMDIyLTA5LTAx", + "RequestMethod": "DELETE", + "RequestHeaders": { + "x-ms-client-request-id": [ + "6c47fa6d-ec54-498d-831a-ecf620bf74c7" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ] + }, + "RequestBody": "", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "146" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-deletes": [ + "14998" + ], + "x-ms-request-id": [ + "515ac467-243f-43f9-adf3-3df80140f92e" + ], + "x-ms-correlation-request-id": [ + "515ac467-243f-43f9-adf3-3df80140f92e" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165745Z:515ac467-243f-43f9-adf3-3df80140f92e" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:57:45 GMT" + ], + "Expires": [ + "-1" + ], + "Content-Length": [ + "0" + ] + }, + "ResponseBody": "", + "StatusCode": 200 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg//providers/Microsoft.PolicyInsights/attestations/Attestation-RG-Full?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9yZXNvdXJjZWdyb3Vwcy9wcy1hdHRlc3RhdGlvbi10ZXN0LXJnLy9wcm92aWRlcnMvTWljcm9zb2Z0LlBvbGljeUluc2lnaHRzL2F0dGVzdGF0aW9ucy9BdHRlc3RhdGlvbi1SRy1GdWxsP2FwaS12ZXJzaW9uPTIwMjItMDktMDE=", + "RequestMethod": "DELETE", + "RequestHeaders": { + "x-ms-client-request-id": [ + "6c47fa6d-ec54-498d-831a-ecf620bf74c7" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ] + }, + "RequestBody": "", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "145" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-deletes": [ + "14997" + ], + "x-ms-request-id": [ + "c2d21d4e-7a0b-44a5-9b0f-e0252cff2684" + ], + "x-ms-correlation-request-id": [ + "c2d21d4e-7a0b-44a5-9b0f-e0252cff2684" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165746Z:c2d21d4e-7a0b-44a5-9b0f-e0252cff2684" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:57:46 GMT" + ], + "Expires": [ + "-1" + ], + "Content-Length": [ + "0" + ] + }, + "ResponseBody": "", + "StatusCode": 200 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg/providers/microsoft.network/networksecuritygroups/pstests0//providers/Microsoft.PolicyInsights/attestations/Attestation-ResourceScope-Crud?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9yZXNvdXJjZWdyb3Vwcy9wcy1hdHRlc3RhdGlvbi10ZXN0LXJnL3Byb3ZpZGVycy9taWNyb3NvZnQubmV0d29yay9uZXR3b3Jrc2VjdXJpdHlncm91cHMvcHN0ZXN0czAvL3Byb3ZpZGVycy9NaWNyb3NvZnQuUG9saWN5SW5zaWdodHMvYXR0ZXN0YXRpb25zL0F0dGVzdGF0aW9uLVJlc291cmNlU2NvcGUtQ3J1ZD9hcGktdmVyc2lvbj0yMDIyLTA5LTAx", + "RequestMethod": "DELETE", + "RequestHeaders": { + "x-ms-client-request-id": [ + "6c47fa6d-ec54-498d-831a-ecf620bf74c7" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ] + }, + "RequestBody": "", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "144" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-deletes": [ + "14996" + ], + "x-ms-request-id": [ + "110964fd-08ba-444b-b8a6-c095670e27be" + ], + "x-ms-correlation-request-id": [ + "110964fd-08ba-444b-b8a6-c095670e27be" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165746Z:110964fd-08ba-444b-b8a6-c095670e27be" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:57:46 GMT" + ], + "Expires": [ + "-1" + ], + "Content-Length": [ + "0" + ] + }, + "ResponseBody": "", + "StatusCode": 200 + } + ], + "Names": {}, + "Variables": { + "SubscriptionId": "086aecf4-23d6-4dfd-99a8-a5c6299f0322" + } +} \ No newline at end of file diff --git a/src/PolicyInsights/PolicyInsights.Test/SessionRecords/Microsoft.Azure.Commands.PolicyInsights.Test.ScenarioTests.AttestationTests/ErrorHandling.json b/src/PolicyInsights/PolicyInsights.Test/SessionRecords/Microsoft.Azure.Commands.PolicyInsights.Test.ScenarioTests.AttestationTests/ErrorHandling.json new file mode 100644 index 000000000000..0bd6e1352da2 --- /dev/null +++ b/src/PolicyInsights/PolicyInsights.Test/SessionRecords/Microsoft.Azure.Commands.PolicyInsights.Test.ScenarioTests.AttestationTests/ErrorHandling.json @@ -0,0 +1,140 @@ +{ + "Entries": [ + { + "RequestUri": "//subscriptions/49c37404-cef8-46b2-ba72-fa8419c82ed5/resourceGroups/ps-test-rg/providers/Microsoft.PolicyInsights/attestations/Attestation-Error-Crud?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzQ5YzM3NDA0LWNlZjgtNDZiMi1iYTcyLWZhODQxOWM4MmVkNS9yZXNvdXJjZUdyb3Vwcy9wcy10ZXN0LXJnL3Byb3ZpZGVycy9NaWNyb3NvZnQuUG9saWN5SW5zaWdodHMvYXR0ZXN0YXRpb25zL0F0dGVzdGF0aW9uLUVycm9yLUNydWQ/YXBpLXZlcnNpb249MjAyMi0wOS0wMQ==", + "RequestMethod": "GET", + "RequestHeaders": { + "x-ms-client-request-id": [ + "73121ebb-9a30-4c90-96f9-0492d4d22698" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.51102", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ] + }, + "RequestBody": "", + "ResponseHeaders": { + "Cache-Control": [ + "no-store, no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11999" + ], + "Server": [ + "Kestrel" + ], + "x-ms-request-id": [ + "d8097dea-7edc-47aa-99d2-a8601c92fb2a" + ], + "x-ms-correlation-request-id": [ + "d8097dea-7edc-47aa-99d2-a8601c92fb2a" + ], + "x-ms-routing-request-id": [ + "CANADAEAST:20221205T191554Z:d8097dea-7edc-47aa-99d2-a8601c92fb2a" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Mon, 05 Dec 2022 19:15:53 GMT" + ], + "Content-Length": [ + "119" + ], + "Content-Type": [ + "application/json" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"AttestationNotFound\",\r\n \"message\": \"The attestation with name 'Attestation-Error-Crud' does not exist.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "//subscriptions/49c37404-cef8-46b2-ba72-fa8419c82ed5/resourceGroups/ps-test-rg/providers/Microsoft.PolicyInsights/attestations/Attestation-Error-Crud?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzQ5YzM3NDA0LWNlZjgtNDZiMi1iYTcyLWZhODQxOWM4MmVkNS9yZXNvdXJjZUdyb3Vwcy9wcy10ZXN0LXJnL3Byb3ZpZGVycy9NaWNyb3NvZnQuUG9saWN5SW5zaWdodHMvYXR0ZXN0YXRpb25zL0F0dGVzdGF0aW9uLUVycm9yLUNydWQ/YXBpLXZlcnNpb249MjAyMi0wOS0wMQ==", + "RequestMethod": "PUT", + "RequestHeaders": { + "x-ms-client-request-id": [ + "73121ebb-9a30-4c90-96f9-0492d4d22698" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.51102", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Content-Length": [ + "223" + ] + }, + "RequestBody": "{\r\n \"properties\": {\r\n \"policyAssignmentId\": \"/subscriptions/49c37404-cef8-46b2-ba72-fa8419c82ed5/providers/Microsoft.Authorization/policyAssignments/0774f87b3af94c1399d3ee52\",\r\n \"complianceState\": \"Compliant\"\r\n }\r\n}", + "ResponseHeaders": { + "Cache-Control": [ + "no-store, no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-ratelimit-remaining-subscription-writes": [ + "1199" + ], + "Server": [ + "Kestrel" + ], + "x-ms-request-id": [ + "aed78160-7e1e-4352-90b6-b25f2eb88505" + ], + "x-ms-correlation-request-id": [ + "aed78160-7e1e-4352-90b6-b25f2eb88505" + ], + "x-ms-routing-request-id": [ + "CANADAEAST:20221205T191555Z:aed78160-7e1e-4352-90b6-b25f2eb88505" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Mon, 05 Dec 2022 19:15:54 GMT" + ], + "Content-Length": [ + "537" + ], + "Content-Type": [ + "application/json" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"InvalidCreateAttestationRequest\",\r\n \"message\": \"Unable to create attestation 'Attestation-Error-Crud'. No compliance data was found for resource '/subscriptions/49c37404-cef8-46b2-ba72-fa8419c82ed5/resourceGroups/ps-test-rg' against policy assignment '/subscriptions/49c37404-cef8-46b2-ba72-fa8419c82ed5/providers/Microsoft.Authorization/policyAssignments/0774f87b3af94c1399d3ee52' and policy definition reference ID ''. If this is a new resource or policy assignment please trigger a compliance scan or try again later.\"\r\n }\r\n}", + "StatusCode": 400 + } + ], + "Names": {}, + "Variables": { + "SubscriptionId": "49c37404-cef8-46b2-ba72-fa8419c82ed5" + } +} \ No newline at end of file diff --git a/src/PolicyInsights/PolicyInsights.Test/SessionRecords/Microsoft.Azure.Commands.PolicyInsights.Test.ScenarioTests.AttestationTests/ResourceGroupScopeCrud.json b/src/PolicyInsights/PolicyInsights.Test/SessionRecords/Microsoft.Azure.Commands.PolicyInsights.Test.ScenarioTests.AttestationTests/ResourceGroupScopeCrud.json new file mode 100644 index 000000000000..c6adb33abebf --- /dev/null +++ b/src/PolicyInsights/PolicyInsights.Test/SessionRecords/Microsoft.Azure.Commands.PolicyInsights.Test.ScenarioTests.AttestationTests/ResourceGroupScopeCrud.json @@ -0,0 +1,1562 @@ +{ + "Entries": [ + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourceGroups/ps-attestation-test-rg/providers/Microsoft.PolicyInsights/attestations/Attestation-RGScope-Crud?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9yZXNvdXJjZUdyb3Vwcy9wcy1hdHRlc3RhdGlvbi10ZXN0LXJnL3Byb3ZpZGVycy9NaWNyb3NvZnQuUG9saWN5SW5zaWdodHMvYXR0ZXN0YXRpb25zL0F0dGVzdGF0aW9uLVJHU2NvcGUtQ3J1ZD9hcGktdmVyc2lvbj0yMDIyLTA5LTAx", + "RequestMethod": "GET", + "RequestHeaders": { + "x-ms-client-request-id": [ + "b6f7896b-3160-4edf-affb-f52fa65785bf" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ] + }, + "RequestBody": "", + "ResponseHeaders": { + "Cache-Control": [ + "no-store, no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11998" + ], + "Server": [ + "Kestrel" + ], + "x-ms-request-id": [ + "8637f866-a672-4ae5-9e78-987a5245ed4c" + ], + "x-ms-correlation-request-id": [ + "8637f866-a672-4ae5-9e78-987a5245ed4c" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165639Z:8637f866-a672-4ae5-9e78-987a5245ed4c" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:56:39 GMT" + ], + "Content-Length": [ + "121" + ], + "Content-Type": [ + "application/json" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"AttestationNotFound\",\r\n \"message\": \"The attestation with name 'Attestation-RGScope-Crud' does not exist.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourceGroups/ps-attestation-test-rg/providers/Microsoft.PolicyInsights/attestations/Attestation-RGScope-Crud?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9yZXNvdXJjZUdyb3Vwcy9wcy1hdHRlc3RhdGlvbi10ZXN0LXJnL3Byb3ZpZGVycy9NaWNyb3NvZnQuUG9saWN5SW5zaWdodHMvYXR0ZXN0YXRpb25zL0F0dGVzdGF0aW9uLVJHU2NvcGUtQ3J1ZD9hcGktdmVyc2lvbj0yMDIyLTA5LTAx", + "RequestMethod": "GET", + "RequestHeaders": { + "x-ms-client-request-id": [ + "b9c399fe-24ab-4733-a41a-a34f0eb3ed65" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ] + }, + "RequestBody": "", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "149" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11998" + ], + "x-ms-request-id": [ + "1a26434c-0035-45d4-be64-c3ab6ee6abb9" + ], + "x-ms-correlation-request-id": [ + "1a26434c-0035-45d4-be64-c3ab6ee6abb9" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165640Z:1a26434c-0035-45d4-be64-c3ab6ee6abb9" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:56:39 GMT" + ], + "Content-Length": [ + "821" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationrgassignment\",\r\n \"complianceState\": \"Compliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:56:39.6920257Z\"\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg/providers/microsoft.policyinsights/attestations/attestation-rgscope-crud\",\r\n \"name\": \"Attestation-RGScope-Crud\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:56:39.6920257Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:56:39.6920257Z\"\r\n }\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourceGroups/ps-attestation-test-rg/providers/Microsoft.PolicyInsights/attestations/Attestation-RGScope-Crud?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9yZXNvdXJjZUdyb3Vwcy9wcy1hdHRlc3RhdGlvbi10ZXN0LXJnL3Byb3ZpZGVycy9NaWNyb3NvZnQuUG9saWN5SW5zaWdodHMvYXR0ZXN0YXRpb25zL0F0dGVzdGF0aW9uLVJHU2NvcGUtQ3J1ZD9hcGktdmVyc2lvbj0yMDIyLTA5LTAx", + "RequestMethod": "GET", + "RequestHeaders": { + "x-ms-client-request-id": [ + "bd44eda6-65c2-413a-acd3-8043a8dff73c" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ] + }, + "RequestBody": "", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "149" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11999" + ], + "x-ms-request-id": [ + "45504978-2f8a-4b35-b215-5a82540e68d4" + ], + "x-ms-correlation-request-id": [ + "45504978-2f8a-4b35-b215-5a82540e68d4" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165640Z:45504978-2f8a-4b35-b215-5a82540e68d4" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:56:39 GMT" + ], + "Content-Length": [ + "821" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationrgassignment\",\r\n \"complianceState\": \"Compliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:56:39.6920257Z\"\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg/providers/microsoft.policyinsights/attestations/attestation-rgscope-crud\",\r\n \"name\": \"Attestation-RGScope-Crud\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:56:39.6920257Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:56:39.6920257Z\"\r\n }\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourceGroups/ps-attestation-test-rg/providers/Microsoft.PolicyInsights/attestations/Attestation-RGScope-Crud?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9yZXNvdXJjZUdyb3Vwcy9wcy1hdHRlc3RhdGlvbi10ZXN0LXJnL3Byb3ZpZGVycy9NaWNyb3NvZnQuUG9saWN5SW5zaWdodHMvYXR0ZXN0YXRpb25zL0F0dGVzdGF0aW9uLVJHU2NvcGUtQ3J1ZD9hcGktdmVyc2lvbj0yMDIyLTA5LTAx", + "RequestMethod": "PUT", + "RequestHeaders": { + "x-ms-client-request-id": [ + "b6f7896b-3160-4edf-affb-f52fa65785bf" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Content-Length": [ + "224" + ] + }, + "RequestBody": "{\r\n \"properties\": {\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/Microsoft.Authorization/policyAssignments/PSAttestationRGAssignment\",\r\n \"complianceState\": \"Compliant\"\r\n }\r\n}", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "148" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-writes": [ + "1198" + ], + "x-ms-request-id": [ + "575fd8ef-e0c0-4537-aeec-f9c1bd0de11d" + ], + "x-ms-correlation-request-id": [ + "575fd8ef-e0c0-4537-aeec-f9c1bd0de11d" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165639Z:575fd8ef-e0c0-4537-aeec-f9c1bd0de11d" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:56:39 GMT" + ], + "Content-Length": [ + "821" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationrgassignment\",\r\n \"complianceState\": \"Compliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:56:39.6920257Z\"\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg/providers/microsoft.policyinsights/attestations/attestation-rgscope-crud\",\r\n \"name\": \"Attestation-RGScope-Crud\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:56:39.6920257Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:56:39.6920257Z\"\r\n }\r\n}", + "StatusCode": 201 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourceGroups/ps-attestation-test-rg/providers/Microsoft.PolicyInsights/attestations/Attestation-RGScope-Crud?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9yZXNvdXJjZUdyb3Vwcy9wcy1hdHRlc3RhdGlvbi10ZXN0LXJnL3Byb3ZpZGVycy9NaWNyb3NvZnQuUG9saWN5SW5zaWdodHMvYXR0ZXN0YXRpb25zL0F0dGVzdGF0aW9uLVJHU2NvcGUtQ3J1ZD9hcGktdmVyc2lvbj0yMDIyLTA5LTAx", + "RequestMethod": "PUT", + "RequestHeaders": { + "x-ms-client-request-id": [ + "bd44eda6-65c2-413a-acd3-8043a8dff73c" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Content-Length": [ + "227" + ] + }, + "RequestBody": "{\r\n \"properties\": {\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationrgassignment\",\r\n \"complianceState\": \"NonCompliant\"\r\n }\r\n}", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "148" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-writes": [ + "1199" + ], + "x-ms-request-id": [ + "420b0c37-46d6-40aa-969a-c92329687dc7" + ], + "x-ms-correlation-request-id": [ + "420b0c37-46d6-40aa-969a-c92329687dc7" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165641Z:420b0c37-46d6-40aa-969a-c92329687dc7" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:56:40 GMT" + ], + "Content-Length": [ + "824" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationrgassignment\",\r\n \"complianceState\": \"NonCompliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:56:40.9706258Z\"\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg/providers/microsoft.policyinsights/attestations/attestation-rgscope-crud\",\r\n \"name\": \"Attestation-RGScope-Crud\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:56:39.6920257Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:56:40.9706258Z\"\r\n }\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg//providers/Microsoft.PolicyInsights/attestations/attestation-rgscope-crud?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9yZXNvdXJjZWdyb3Vwcy9wcy1hdHRlc3RhdGlvbi10ZXN0LXJnLy9wcm92aWRlcnMvTWljcm9zb2Z0LlBvbGljeUluc2lnaHRzL2F0dGVzdGF0aW9ucy9hdHRlc3RhdGlvbi1yZ3Njb3BlLWNydWQ/YXBpLXZlcnNpb249MjAyMi0wOS0wMQ==", + "RequestMethod": "GET", + "RequestHeaders": { + "x-ms-client-request-id": [ + "022ce78d-9a5b-4ca1-9118-d3809f02fc17" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ] + }, + "RequestBody": "", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "147" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11999" + ], + "x-ms-request-id": [ + "5f56246a-9ff6-49ac-b57d-f29dbd2845ad" + ], + "x-ms-correlation-request-id": [ + "5f56246a-9ff6-49ac-b57d-f29dbd2845ad" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165641Z:5f56246a-9ff6-49ac-b57d-f29dbd2845ad" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:56:40 GMT" + ], + "Content-Length": [ + "824" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationrgassignment\",\r\n \"complianceState\": \"NonCompliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:56:40.9706258Z\"\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg/providers/microsoft.policyinsights/attestations/attestation-rgscope-crud\",\r\n \"name\": \"Attestation-RGScope-Crud\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:56:39.6920257Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:56:40.9706258Z\"\r\n }\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg//providers/Microsoft.PolicyInsights/attestations/attestation-rgscope-crud?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9yZXNvdXJjZWdyb3Vwcy9wcy1hdHRlc3RhdGlvbi10ZXN0LXJnLy9wcm92aWRlcnMvTWljcm9zb2Z0LlBvbGljeUluc2lnaHRzL2F0dGVzdGF0aW9ucy9hdHRlc3RhdGlvbi1yZ3Njb3BlLWNydWQ/YXBpLXZlcnNpb249MjAyMi0wOS0wMQ==", + "RequestMethod": "GET", + "RequestHeaders": { + "x-ms-client-request-id": [ + "4c95ffc8-5379-42e4-ba72-22fa9639bcbf" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ] + }, + "RequestBody": "", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "147" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11999" + ], + "x-ms-request-id": [ + "e162c516-a520-4b2a-885e-37e95c999f6e" + ], + "x-ms-correlation-request-id": [ + "e162c516-a520-4b2a-885e-37e95c999f6e" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165642Z:e162c516-a520-4b2a-885e-37e95c999f6e" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:56:41 GMT" + ], + "Content-Length": [ + "850" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationrgassignment\",\r\n \"complianceState\": \"NonCompliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:56:40.9706258Z\",\r\n \"comments\": \"Test Comment\"\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg/providers/microsoft.policyinsights/attestations/attestation-rgscope-crud\",\r\n \"name\": \"attestation-rgscope-crud\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:56:39.6920257Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:56:41.7485065Z\"\r\n }\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg//providers/Microsoft.PolicyInsights/attestations/attestation-rgscope-crud?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9yZXNvdXJjZWdyb3Vwcy9wcy1hdHRlc3RhdGlvbi10ZXN0LXJnLy9wcm92aWRlcnMvTWljcm9zb2Z0LlBvbGljeUluc2lnaHRzL2F0dGVzdGF0aW9ucy9hdHRlc3RhdGlvbi1yZ3Njb3BlLWNydWQ/YXBpLXZlcnNpb249MjAyMi0wOS0wMQ==", + "RequestMethod": "PUT", + "RequestHeaders": { + "x-ms-client-request-id": [ + "022ce78d-9a5b-4ca1-9118-d3809f02fc17" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Content-Length": [ + "260" + ] + }, + "RequestBody": "{\r\n \"properties\": {\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationrgassignment\",\r\n \"complianceState\": \"NonCompliant\",\r\n \"comments\": \"Test Comment\"\r\n }\r\n}", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "146" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-writes": [ + "1199" + ], + "x-ms-request-id": [ + "fe275765-67aa-4146-9201-9e22dffe3188" + ], + "x-ms-correlation-request-id": [ + "fe275765-67aa-4146-9201-9e22dffe3188" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165642Z:fe275765-67aa-4146-9201-9e22dffe3188" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:56:42 GMT" + ], + "Content-Length": [ + "850" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationrgassignment\",\r\n \"complianceState\": \"NonCompliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:56:40.9706258Z\",\r\n \"comments\": \"Test Comment\"\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg/providers/microsoft.policyinsights/attestations/attestation-rgscope-crud\",\r\n \"name\": \"attestation-rgscope-crud\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:56:39.6920257Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:56:41.7485065Z\"\r\n }\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg//providers/Microsoft.PolicyInsights/attestations/attestation-rgscope-crud?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9yZXNvdXJjZWdyb3Vwcy9wcy1hdHRlc3RhdGlvbi10ZXN0LXJnLy9wcm92aWRlcnMvTWljcm9zb2Z0LlBvbGljeUluc2lnaHRzL2F0dGVzdGF0aW9ucy9hdHRlc3RhdGlvbi1yZ3Njb3BlLWNydWQ/YXBpLXZlcnNpb249MjAyMi0wOS0wMQ==", + "RequestMethod": "PUT", + "RequestHeaders": { + "x-ms-client-request-id": [ + "4c95ffc8-5379-42e4-ba72-22fa9639bcbf" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Content-Length": [ + "302" + ] + }, + "RequestBody": "{\r\n \"properties\": {\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationrgassignment\",\r\n \"complianceState\": \"NonCompliant\",\r\n \"expiresOn\": \"2050-01-01T00:00:00Z\",\r\n \"comments\": \"Test Comment\"\r\n }\r\n}", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "146" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-writes": [ + "1199" + ], + "x-ms-request-id": [ + "58ea8f3b-13ec-4eab-819a-1f88e1365522" + ], + "x-ms-correlation-request-id": [ + "58ea8f3b-13ec-4eab-819a-1f88e1365522" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165643Z:58ea8f3b-13ec-4eab-819a-1f88e1365522" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:56:42 GMT" + ], + "Content-Length": [ + "885" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationrgassignment\",\r\n \"complianceState\": \"NonCompliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:56:40.9706258Z\",\r\n \"expiresOn\": \"2050-01-01T00:00:00Z\",\r\n \"comments\": \"Test Comment\"\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg/providers/microsoft.policyinsights/attestations/attestation-rgscope-crud\",\r\n \"name\": \"attestation-rgscope-crud\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:56:39.6920257Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:56:42.8651657Z\"\r\n }\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourceGroups/ps-attestation-test-rg/providers/Microsoft.PolicyInsights/attestations/Attestation-RG-Full?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9yZXNvdXJjZUdyb3Vwcy9wcy1hdHRlc3RhdGlvbi10ZXN0LXJnL3Byb3ZpZGVycy9NaWNyb3NvZnQuUG9saWN5SW5zaWdodHMvYXR0ZXN0YXRpb25zL0F0dGVzdGF0aW9uLVJHLUZ1bGw/YXBpLXZlcnNpb249MjAyMi0wOS0wMQ==", + "RequestMethod": "GET", + "RequestHeaders": { + "x-ms-client-request-id": [ + "7cd68bdb-ccd0-4311-b3b7-fdb73c23dd68" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ] + }, + "RequestBody": "", + "ResponseHeaders": { + "Cache-Control": [ + "no-store, no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11999" + ], + "Server": [ + "Kestrel" + ], + "x-ms-request-id": [ + "9ac645ba-1b64-4dfc-bedb-a8077dde253e" + ], + "x-ms-correlation-request-id": [ + "9ac645ba-1b64-4dfc-bedb-a8077dde253e" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165643Z:9ac645ba-1b64-4dfc-bedb-a8077dde253e" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:56:42 GMT" + ], + "Content-Length": [ + "116" + ], + "Content-Type": [ + "application/json" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"AttestationNotFound\",\r\n \"message\": \"The attestation with name 'Attestation-RG-Full' does not exist.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourceGroups/ps-attestation-test-rg/providers/Microsoft.PolicyInsights/attestations/Attestation-RG-Full?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9yZXNvdXJjZUdyb3Vwcy9wcy1hdHRlc3RhdGlvbi10ZXN0LXJnL3Byb3ZpZGVycy9NaWNyb3NvZnQuUG9saWN5SW5zaWdodHMvYXR0ZXN0YXRpb25zL0F0dGVzdGF0aW9uLVJHLUZ1bGw/YXBpLXZlcnNpb249MjAyMi0wOS0wMQ==", + "RequestMethod": "GET", + "RequestHeaders": { + "x-ms-client-request-id": [ + "afba51dc-2c73-44ff-b773-f39e08df46b6" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ] + }, + "RequestBody": "", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "149" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11998" + ], + "x-ms-request-id": [ + "a5cf8f79-bc0e-4f84-9f00-fd326b53053c" + ], + "x-ms-correlation-request-id": [ + "a5cf8f79-bc0e-4f84-9f00-fd326b53053c" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165644Z:a5cf8f79-bc0e-4f84-9f00-fd326b53053c" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:56:43 GMT" + ], + "Content-Length": [ + "1133" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationinitiativergassignment\",\r\n \"policyDefinitionReferenceId\": \"pstestattestationrg_1\",\r\n \"complianceState\": \"Compliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:56:43.5744615Z\",\r\n \"expiresOn\": \"2050-01-01T00:00:00Z\",\r\n \"owner\": \"Test Owner\",\r\n \"comments\": \"Test Comment\",\r\n \"evidence\": [\r\n {\r\n \"description\": \"This is a test description\",\r\n \"sourceUri\": \"https://contoso.org/test.pdf\"\r\n }\r\n ],\r\n \"assessmentDate\": \"2049-12-30T00:00:00Z\",\r\n \"metadata\": {\r\n \"TestKey\": \"TestValue\"\r\n }\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg/providers/microsoft.policyinsights/attestations/attestation-rg-full\",\r\n \"name\": \"Attestation-RG-Full\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:56:43.5744615Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:56:43.5744615Z\"\r\n }\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourceGroups/ps-attestation-test-rg/providers/Microsoft.PolicyInsights/attestations/Attestation-RG-Full?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9yZXNvdXJjZUdyb3Vwcy9wcy1hdHRlc3RhdGlvbi10ZXN0LXJnL3Byb3ZpZGVycy9NaWNyb3NvZnQuUG9saWN5SW5zaWdodHMvYXR0ZXN0YXRpb25zL0F0dGVzdGF0aW9uLVJHLUZ1bGw/YXBpLXZlcnNpb249MjAyMi0wOS0wMQ==", + "RequestMethod": "GET", + "RequestHeaders": { + "x-ms-client-request-id": [ + "e635ed2c-1b51-484c-aa35-5437dd616b07" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ] + }, + "RequestBody": "", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "148" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11999" + ], + "x-ms-request-id": [ + "d09a1d62-f09f-4a15-8f87-44f82684556a" + ], + "x-ms-correlation-request-id": [ + "d09a1d62-f09f-4a15-8f87-44f82684556a" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165644Z:d09a1d62-f09f-4a15-8f87-44f82684556a" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:56:43 GMT" + ], + "Content-Length": [ + "1133" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationinitiativergassignment\",\r\n \"policyDefinitionReferenceId\": \"pstestattestationrg_1\",\r\n \"complianceState\": \"Compliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:56:43.5744615Z\",\r\n \"expiresOn\": \"2050-01-01T00:00:00Z\",\r\n \"owner\": \"Test Owner\",\r\n \"comments\": \"Test Comment\",\r\n \"evidence\": [\r\n {\r\n \"description\": \"This is a test description\",\r\n \"sourceUri\": \"https://contoso.org/test.pdf\"\r\n }\r\n ],\r\n \"assessmentDate\": \"2049-12-30T00:00:00Z\",\r\n \"metadata\": {\r\n \"TestKey\": \"TestValue\"\r\n }\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg/providers/microsoft.policyinsights/attestations/attestation-rg-full\",\r\n \"name\": \"Attestation-RG-Full\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:56:43.5744615Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:56:43.5744615Z\"\r\n }\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourceGroups/ps-attestation-test-rg/providers/Microsoft.PolicyInsights/attestations/Attestation-RG-Full?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9yZXNvdXJjZUdyb3Vwcy9wcy1hdHRlc3RhdGlvbi10ZXN0LXJnL3Byb3ZpZGVycy9NaWNyb3NvZnQuUG9saWN5SW5zaWdodHMvYXR0ZXN0YXRpb25zL0F0dGVzdGF0aW9uLVJHLUZ1bGw/YXBpLXZlcnNpb249MjAyMi0wOS0wMQ==", + "RequestMethod": "PUT", + "RequestHeaders": { + "x-ms-client-request-id": [ + "7cd68bdb-ccd0-4311-b3b7-fdb73c23dd68" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Content-Length": [ + "654" + ] + }, + "RequestBody": "{\r\n \"properties\": {\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/Microsoft.Authorization/policyAssignments/PSAttestationInitiativeRGAssignment\",\r\n \"policyDefinitionReferenceId\": \"PSTestAttestationRG_1\",\r\n \"complianceState\": \"Compliant\",\r\n \"expiresOn\": \"2050-01-01T00:00:00Z\",\r\n \"owner\": \"Test Owner\",\r\n \"comments\": \"Test Comment\",\r\n \"evidence\": [\r\n {\r\n \"description\": \"This is a test description\",\r\n \"sourceUri\": \"https://contoso.org/test.pdf\"\r\n }\r\n ],\r\n \"assessmentDate\": \"2049-12-30T00:00:00Z\",\r\n \"metadata\": {\r\n \"TestKey\": \"TestValue\"\r\n }\r\n }\r\n}", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "146" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-writes": [ + "1199" + ], + "x-ms-request-id": [ + "6c9950f3-7d8b-4ca0-8bed-d76a5e4cc726" + ], + "x-ms-correlation-request-id": [ + "6c9950f3-7d8b-4ca0-8bed-d76a5e4cc726" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165643Z:6c9950f3-7d8b-4ca0-8bed-d76a5e4cc726" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:56:43 GMT" + ], + "Content-Length": [ + "1133" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationinitiativergassignment\",\r\n \"policyDefinitionReferenceId\": \"pstestattestationrg_1\",\r\n \"complianceState\": \"Compliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:56:43.5744615Z\",\r\n \"expiresOn\": \"2050-01-01T00:00:00Z\",\r\n \"owner\": \"Test Owner\",\r\n \"comments\": \"Test Comment\",\r\n \"evidence\": [\r\n {\r\n \"description\": \"This is a test description\",\r\n \"sourceUri\": \"https://contoso.org/test.pdf\"\r\n }\r\n ],\r\n \"assessmentDate\": \"2049-12-30T00:00:00Z\",\r\n \"metadata\": {\r\n \"TestKey\": \"TestValue\"\r\n }\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg/providers/microsoft.policyinsights/attestations/attestation-rg-full\",\r\n \"name\": \"Attestation-RG-Full\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:56:43.5744615Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:56:43.5744615Z\"\r\n }\r\n}", + "StatusCode": 201 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourceGroups/ps-attestation-test-rg/providers/Microsoft.PolicyInsights/attestations/Attestation-RG-Full?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9yZXNvdXJjZUdyb3Vwcy9wcy1hdHRlc3RhdGlvbi10ZXN0LXJnL3Byb3ZpZGVycy9NaWNyb3NvZnQuUG9saWN5SW5zaWdodHMvYXR0ZXN0YXRpb25zL0F0dGVzdGF0aW9uLVJHLUZ1bGw/YXBpLXZlcnNpb249MjAyMi0wOS0wMQ==", + "RequestMethod": "PUT", + "RequestHeaders": { + "x-ms-client-request-id": [ + "e635ed2c-1b51-484c-aa35-5437dd616b07" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Content-Length": [ + "668" + ] + }, + "RequestBody": "{\r\n \"properties\": {\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/Microsoft.Authorization/policyAssignments/PSAttestationInitiativeRGAssignment\",\r\n \"policyDefinitionReferenceId\": \"PSTestAttestationRG_1\",\r\n \"complianceState\": \"Compliant\",\r\n \"expiresOn\": \"2050-01-01T00:00:00Z\",\r\n \"owner\": \"Test Owner\",\r\n \"comments\": \"This is an updated comment\",\r\n \"evidence\": [\r\n {\r\n \"description\": \"This is a test description\",\r\n \"sourceUri\": \"https://contoso.org/test.pdf\"\r\n }\r\n ],\r\n \"assessmentDate\": \"2049-12-30T00:00:00Z\",\r\n \"metadata\": {\r\n \"TestKey\": \"TestValue\"\r\n }\r\n }\r\n}", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "147" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-writes": [ + "1199" + ], + "x-ms-request-id": [ + "09910d0e-7380-4abb-8c64-f80d49b91969" + ], + "x-ms-correlation-request-id": [ + "09910d0e-7380-4abb-8c64-f80d49b91969" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165644Z:09910d0e-7380-4abb-8c64-f80d49b91969" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:56:44 GMT" + ], + "Content-Length": [ + "1147" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationinitiativergassignment\",\r\n \"policyDefinitionReferenceId\": \"pstestattestationrg_1\",\r\n \"complianceState\": \"Compliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:56:43.5744615Z\",\r\n \"expiresOn\": \"2050-01-01T00:00:00Z\",\r\n \"owner\": \"Test Owner\",\r\n \"comments\": \"This is an updated comment\",\r\n \"evidence\": [\r\n {\r\n \"description\": \"This is a test description\",\r\n \"sourceUri\": \"https://contoso.org/test.pdf\"\r\n }\r\n ],\r\n \"assessmentDate\": \"2049-12-30T00:00:00Z\",\r\n \"metadata\": {\r\n \"TestKey\": \"TestValue\"\r\n }\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg/providers/microsoft.policyinsights/attestations/attestation-rg-full\",\r\n \"name\": \"Attestation-RG-Full\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:56:43.5744615Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:56:44.7365106Z\"\r\n }\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg//providers/Microsoft.PolicyInsights/attestations/attestation-rg-full?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9yZXNvdXJjZWdyb3Vwcy9wcy1hdHRlc3RhdGlvbi10ZXN0LXJnLy9wcm92aWRlcnMvTWljcm9zb2Z0LlBvbGljeUluc2lnaHRzL2F0dGVzdGF0aW9ucy9hdHRlc3RhdGlvbi1yZy1mdWxsP2FwaS12ZXJzaW9uPTIwMjItMDktMDE=", + "RequestMethod": "GET", + "RequestHeaders": { + "x-ms-client-request-id": [ + "183568ea-2dfe-4601-af8a-fdf7568cd5e5" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ] + }, + "RequestBody": "", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "149" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11999" + ], + "x-ms-request-id": [ + "1c8bcd18-b497-4e47-971c-6dd4cd6c1b85" + ], + "x-ms-correlation-request-id": [ + "1c8bcd18-b497-4e47-971c-6dd4cd6c1b85" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165645Z:1c8bcd18-b497-4e47-971c-6dd4cd6c1b85" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:56:44 GMT" + ], + "Content-Length": [ + "1147" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationinitiativergassignment\",\r\n \"policyDefinitionReferenceId\": \"pstestattestationrg_1\",\r\n \"complianceState\": \"Compliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:56:43.5744615Z\",\r\n \"expiresOn\": \"2050-01-01T00:00:00Z\",\r\n \"owner\": \"Test Owner\",\r\n \"comments\": \"This is an updated comment\",\r\n \"evidence\": [\r\n {\r\n \"description\": \"This is a test description\",\r\n \"sourceUri\": \"https://contoso.org/test.pdf\"\r\n }\r\n ],\r\n \"assessmentDate\": \"2049-12-30T00:00:00Z\",\r\n \"metadata\": {\r\n \"TestKey\": \"TestValue\"\r\n }\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg/providers/microsoft.policyinsights/attestations/attestation-rg-full\",\r\n \"name\": \"Attestation-RG-Full\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:56:43.5744615Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:56:44.7365106Z\"\r\n }\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg//providers/Microsoft.PolicyInsights/attestations/attestation-rg-full?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9yZXNvdXJjZWdyb3Vwcy9wcy1hdHRlc3RhdGlvbi10ZXN0LXJnLy9wcm92aWRlcnMvTWljcm9zb2Z0LlBvbGljeUluc2lnaHRzL2F0dGVzdGF0aW9ucy9hdHRlc3RhdGlvbi1yZy1mdWxsP2FwaS12ZXJzaW9uPTIwMjItMDktMDE=", + "RequestMethod": "GET", + "RequestHeaders": { + "x-ms-client-request-id": [ + "cc624371-6c48-4b5f-8683-11786eaa0646" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ] + }, + "RequestBody": "", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "149" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11999" + ], + "x-ms-request-id": [ + "1ed28cba-ae3b-47d5-a115-6dda101eb2e4" + ], + "x-ms-correlation-request-id": [ + "1ed28cba-ae3b-47d5-a115-6dda101eb2e4" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165646Z:1ed28cba-ae3b-47d5-a115-6dda101eb2e4" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:56:45 GMT" + ], + "Content-Length": [ + "1276" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationinitiativergassignment\",\r\n \"policyDefinitionReferenceId\": \"pstestattestationrg_1\",\r\n \"complianceState\": \"NonCompliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:56:45.5260448Z\",\r\n \"expiresOn\": \"2050-01-01T00:00:00Z\",\r\n \"owner\": \"Test Owner\",\r\n \"comments\": \"This is an updated comment\",\r\n \"evidence\": [\r\n {\r\n \"description\": \"This is a test description\",\r\n \"sourceUri\": \"https://contoso.org/test.pdf\"\r\n },\r\n {\r\n \"description\": \"Found new evidence to make the resource non-compliant\",\r\n \"sourceUri\": \"https://contoso.org/testnewevidence.pdf\"\r\n }\r\n ],\r\n \"assessmentDate\": \"2049-12-30T00:00:00Z\",\r\n \"metadata\": {\r\n \"TestKey\": \"TestValue\"\r\n }\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg/providers/microsoft.policyinsights/attestations/attestation-rg-full\",\r\n \"name\": \"attestation-rg-full\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:56:43.5744615Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:56:45.5260448Z\"\r\n }\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg//providers/Microsoft.PolicyInsights/attestations/attestation-rg-full?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9yZXNvdXJjZWdyb3Vwcy9wcy1hdHRlc3RhdGlvbi10ZXN0LXJnLy9wcm92aWRlcnMvTWljcm9zb2Z0LlBvbGljeUluc2lnaHRzL2F0dGVzdGF0aW9ucy9hdHRlc3RhdGlvbi1yZy1mdWxsP2FwaS12ZXJzaW9uPTIwMjItMDktMDE=", + "RequestMethod": "PUT", + "RequestHeaders": { + "x-ms-client-request-id": [ + "183568ea-2dfe-4601-af8a-fdf7568cd5e5" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Content-Length": [ + "835" + ] + }, + "RequestBody": "{\r\n \"properties\": {\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/Microsoft.Authorization/policyAssignments/PSAttestationInitiativeRGAssignment\",\r\n \"policyDefinitionReferenceId\": \"PSTestAttestationRG_1\",\r\n \"complianceState\": \"NonCompliant\",\r\n \"expiresOn\": \"2050-01-01T00:00:00Z\",\r\n \"owner\": \"Test Owner\",\r\n \"comments\": \"This is an updated comment\",\r\n \"evidence\": [\r\n {\r\n \"description\": \"This is a test description\",\r\n \"sourceUri\": \"https://contoso.org/test.pdf\"\r\n },\r\n {\r\n \"description\": \"Found new evidence to make the resource non-compliant\",\r\n \"sourceUri\": \"https://contoso.org/testnewevidence.pdf\"\r\n }\r\n ],\r\n \"assessmentDate\": \"2049-12-30T00:00:00Z\",\r\n \"metadata\": {\r\n \"TestKey\": \"TestValue\"\r\n }\r\n }\r\n}", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "148" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-writes": [ + "1199" + ], + "x-ms-request-id": [ + "8269b0b5-facf-4282-9c07-fe7e8b6ac34c" + ], + "x-ms-correlation-request-id": [ + "8269b0b5-facf-4282-9c07-fe7e8b6ac34c" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165645Z:8269b0b5-facf-4282-9c07-fe7e8b6ac34c" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:56:45 GMT" + ], + "Content-Length": [ + "1276" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationinitiativergassignment\",\r\n \"policyDefinitionReferenceId\": \"pstestattestationrg_1\",\r\n \"complianceState\": \"NonCompliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:56:45.5260448Z\",\r\n \"expiresOn\": \"2050-01-01T00:00:00Z\",\r\n \"owner\": \"Test Owner\",\r\n \"comments\": \"This is an updated comment\",\r\n \"evidence\": [\r\n {\r\n \"description\": \"This is a test description\",\r\n \"sourceUri\": \"https://contoso.org/test.pdf\"\r\n },\r\n {\r\n \"description\": \"Found new evidence to make the resource non-compliant\",\r\n \"sourceUri\": \"https://contoso.org/testnewevidence.pdf\"\r\n }\r\n ],\r\n \"assessmentDate\": \"2049-12-30T00:00:00Z\",\r\n \"metadata\": {\r\n \"TestKey\": \"TestValue\"\r\n }\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg/providers/microsoft.policyinsights/attestations/attestation-rg-full\",\r\n \"name\": \"attestation-rg-full\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:56:43.5744615Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:56:45.5260448Z\"\r\n }\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg//providers/Microsoft.PolicyInsights/attestations/attestation-rg-full?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9yZXNvdXJjZWdyb3Vwcy9wcy1hdHRlc3RhdGlvbi10ZXN0LXJnLy9wcm92aWRlcnMvTWljcm9zb2Z0LlBvbGljeUluc2lnaHRzL2F0dGVzdGF0aW9ucy9hdHRlc3RhdGlvbi1yZy1mdWxsP2FwaS12ZXJzaW9uPTIwMjItMDktMDE=", + "RequestMethod": "PUT", + "RequestHeaders": { + "x-ms-client-request-id": [ + "cc624371-6c48-4b5f-8683-11786eaa0646" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Content-Length": [ + "837" + ] + }, + "RequestBody": "{\r\n \"properties\": {\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationinitiativergassignment\",\r\n \"policyDefinitionReferenceId\": \"pstestattestationrg_1\",\r\n \"complianceState\": \"NonCompliant\",\r\n \"expiresOn\": \"2050-01-01T00:00:00Z\",\r\n \"owner\": \"Test Owner 2\",\r\n \"comments\": \"This is an updated comment\",\r\n \"evidence\": [\r\n {\r\n \"description\": \"This is a test description\",\r\n \"sourceUri\": \"https://contoso.org/test.pdf\"\r\n },\r\n {\r\n \"description\": \"Found new evidence to make the resource non-compliant\",\r\n \"sourceUri\": \"https://contoso.org/testnewevidence.pdf\"\r\n }\r\n ],\r\n \"assessmentDate\": \"2049-12-30T00:00:00Z\",\r\n \"metadata\": {\r\n \"TestKey\": \"TestValue\"\r\n }\r\n }\r\n}", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "148" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-writes": [ + "1199" + ], + "x-ms-request-id": [ + "6270481b-87bd-4c14-be51-9553a9c08ff4" + ], + "x-ms-correlation-request-id": [ + "6270481b-87bd-4c14-be51-9553a9c08ff4" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165646Z:6270481b-87bd-4c14-be51-9553a9c08ff4" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:56:46 GMT" + ], + "Content-Length": [ + "1278" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationinitiativergassignment\",\r\n \"policyDefinitionReferenceId\": \"pstestattestationrg_1\",\r\n \"complianceState\": \"NonCompliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:56:45.5260448Z\",\r\n \"expiresOn\": \"2050-01-01T00:00:00Z\",\r\n \"owner\": \"Test Owner 2\",\r\n \"comments\": \"This is an updated comment\",\r\n \"evidence\": [\r\n {\r\n \"description\": \"This is a test description\",\r\n \"sourceUri\": \"https://contoso.org/test.pdf\"\r\n },\r\n {\r\n \"description\": \"Found new evidence to make the resource non-compliant\",\r\n \"sourceUri\": \"https://contoso.org/testnewevidence.pdf\"\r\n }\r\n ],\r\n \"assessmentDate\": \"2049-12-30T00:00:00Z\",\r\n \"metadata\": {\r\n \"TestKey\": \"TestValue\"\r\n }\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg/providers/microsoft.policyinsights/attestations/attestation-rg-full\",\r\n \"name\": \"attestation-rg-full\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:56:43.5744615Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:56:46.4874305Z\"\r\n }\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourceGroups/ps-attestation-test-rg/providers/Microsoft.PolicyInsights/attestations?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9yZXNvdXJjZUdyb3Vwcy9wcy1hdHRlc3RhdGlvbi10ZXN0LXJnL3Byb3ZpZGVycy9NaWNyb3NvZnQuUG9saWN5SW5zaWdodHMvYXR0ZXN0YXRpb25zP2FwaS12ZXJzaW9uPTIwMjItMDktMDE=", + "RequestMethod": "GET", + "RequestHeaders": { + "x-ms-client-request-id": [ + "004dbb9d-460f-4890-9487-887cea57a423" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ] + }, + "RequestBody": "", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "147" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11999" + ], + "x-ms-request-id": [ + "980fa66b-86e3-4c54-96a9-18c77eef9b8b" + ], + "x-ms-correlation-request-id": [ + "980fa66b-86e3-4c54-96a9-18c77eef9b8b" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165647Z:980fa66b-86e3-4c54-96a9-18c77eef9b8b" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:56:46 GMT" + ], + "Content-Length": [ + "2176" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationrgassignment\",\r\n \"complianceState\": \"NonCompliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:56:40.9706258Z\",\r\n \"expiresOn\": \"2050-01-01T00:00:00Z\",\r\n \"comments\": \"Test Comment\"\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg/providers/microsoft.policyinsights/attestations/attestation-rgscope-crud\",\r\n \"name\": \"attestation-rgscope-crud\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:56:39.6920257Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:56:42.8651657Z\"\r\n }\r\n },\r\n {\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationinitiativergassignment\",\r\n \"policyDefinitionReferenceId\": \"pstestattestationrg_1\",\r\n \"complianceState\": \"NonCompliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:56:45.5260448Z\",\r\n \"expiresOn\": \"2050-01-01T00:00:00Z\",\r\n \"owner\": \"Test Owner 2\",\r\n \"comments\": \"This is an updated comment\",\r\n \"evidence\": [\r\n {\r\n \"description\": \"This is a test description\",\r\n \"sourceUri\": \"https://contoso.org/test.pdf\"\r\n },\r\n {\r\n \"description\": \"Found new evidence to make the resource non-compliant\",\r\n \"sourceUri\": \"https://contoso.org/testnewevidence.pdf\"\r\n }\r\n ],\r\n \"assessmentDate\": \"2049-12-30T00:00:00Z\",\r\n \"metadata\": {\r\n \"TestKey\": \"TestValue\"\r\n }\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg/providers/microsoft.policyinsights/attestations/attestation-rg-full\",\r\n \"name\": \"attestation-rg-full\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:56:43.5744615Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:56:46.4874305Z\"\r\n }\r\n }\r\n ]\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourceGroups/ps-attestation-test-rg/providers/Microsoft.PolicyInsights/attestations?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9yZXNvdXJjZUdyb3Vwcy9wcy1hdHRlc3RhdGlvbi10ZXN0LXJnL3Byb3ZpZGVycy9NaWNyb3NvZnQuUG9saWN5SW5zaWdodHMvYXR0ZXN0YXRpb25zP2FwaS12ZXJzaW9uPTIwMjItMDktMDE=", + "RequestMethod": "GET", + "RequestHeaders": { + "x-ms-client-request-id": [ + "b3c82f26-cf68-48a0-adfc-71d507984a88" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ] + }, + "RequestBody": "", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "149" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11999" + ], + "x-ms-request-id": [ + "3c154bad-8ebe-4912-9dda-9e710b5c1668" + ], + "x-ms-correlation-request-id": [ + "3c154bad-8ebe-4912-9dda-9e710b5c1668" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165648Z:3c154bad-8ebe-4912-9dda-9e710b5c1668" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:56:48 GMT" + ], + "Content-Length": [ + "1290" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationinitiativergassignment\",\r\n \"policyDefinitionReferenceId\": \"pstestattestationrg_1\",\r\n \"complianceState\": \"NonCompliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:56:45.5260448Z\",\r\n \"expiresOn\": \"2050-01-01T00:00:00Z\",\r\n \"owner\": \"Test Owner 2\",\r\n \"comments\": \"This is an updated comment\",\r\n \"evidence\": [\r\n {\r\n \"description\": \"This is a test description\",\r\n \"sourceUri\": \"https://contoso.org/test.pdf\"\r\n },\r\n {\r\n \"description\": \"Found new evidence to make the resource non-compliant\",\r\n \"sourceUri\": \"https://contoso.org/testnewevidence.pdf\"\r\n }\r\n ],\r\n \"assessmentDate\": \"2049-12-30T00:00:00Z\",\r\n \"metadata\": {\r\n \"TestKey\": \"TestValue\"\r\n }\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg/providers/microsoft.policyinsights/attestations/attestation-rg-full\",\r\n \"name\": \"attestation-rg-full\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:56:43.5744615Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:56:46.4874305Z\"\r\n }\r\n }\r\n ]\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourceGroups/ps-attestation-test-rg/providers/Microsoft.PolicyInsights/attestations?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9yZXNvdXJjZUdyb3Vwcy9wcy1hdHRlc3RhdGlvbi10ZXN0LXJnL3Byb3ZpZGVycy9NaWNyb3NvZnQuUG9saWN5SW5zaWdodHMvYXR0ZXN0YXRpb25zP2FwaS12ZXJzaW9uPTIwMjItMDktMDE=", + "RequestMethod": "GET", + "RequestHeaders": { + "x-ms-client-request-id": [ + "d16252d4-43f8-4d73-a48b-aa0b98cd89af" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ] + }, + "RequestBody": "", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "147" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11998" + ], + "x-ms-request-id": [ + "e6a1697f-c81f-408d-afb8-58c98a1d624d" + ], + "x-ms-correlation-request-id": [ + "e6a1697f-c81f-408d-afb8-58c98a1d624d" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165649Z:e6a1697f-c81f-408d-afb8-58c98a1d624d" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:56:49 GMT" + ], + "Content-Length": [ + "12" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"value\": []\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg//providers/Microsoft.PolicyInsights/attestations/Attestation-RGScope-Crud?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9yZXNvdXJjZWdyb3Vwcy9wcy1hdHRlc3RhdGlvbi10ZXN0LXJnLy9wcm92aWRlcnMvTWljcm9zb2Z0LlBvbGljeUluc2lnaHRzL2F0dGVzdGF0aW9ucy9BdHRlc3RhdGlvbi1SR1Njb3BlLUNydWQ/YXBpLXZlcnNpb249MjAyMi0wOS0wMQ==", + "RequestMethod": "DELETE", + "RequestHeaders": { + "x-ms-client-request-id": [ + "1ddda594-c865-4927-b1f6-3a62c96e4198" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ] + }, + "RequestBody": "", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "145" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-deletes": [ + "14999" + ], + "x-ms-request-id": [ + "bcf182a9-409a-4ed3-a8ac-86896f8003d8" + ], + "x-ms-correlation-request-id": [ + "bcf182a9-409a-4ed3-a8ac-86896f8003d8" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165648Z:bcf182a9-409a-4ed3-a8ac-86896f8003d8" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:56:47 GMT" + ], + "Expires": [ + "-1" + ], + "Content-Length": [ + "0" + ] + }, + "ResponseBody": "", + "StatusCode": 200 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg//providers/Microsoft.PolicyInsights/attestations/Attestation-RG-Full?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9yZXNvdXJjZWdyb3Vwcy9wcy1hdHRlc3RhdGlvbi10ZXN0LXJnLy9wcm92aWRlcnMvTWljcm9zb2Z0LlBvbGljeUluc2lnaHRzL2F0dGVzdGF0aW9ucy9BdHRlc3RhdGlvbi1SRy1GdWxsP2FwaS12ZXJzaW9uPTIwMjItMDktMDE=", + "RequestMethod": "DELETE", + "RequestHeaders": { + "x-ms-client-request-id": [ + "944df4c5-f210-4f27-ae8e-044083acc03f" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ] + }, + "RequestBody": "", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "145" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-deletes": [ + "14999" + ], + "x-ms-request-id": [ + "b5399fe3-ab50-43eb-b2a4-36085f13a20a" + ], + "x-ms-correlation-request-id": [ + "b5399fe3-ab50-43eb-b2a4-36085f13a20a" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165649Z:b5399fe3-ab50-43eb-b2a4-36085f13a20a" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:56:48 GMT" + ], + "Expires": [ + "-1" + ], + "Content-Length": [ + "0" + ] + }, + "ResponseBody": "", + "StatusCode": 200 + } + ], + "Names": {}, + "Variables": { + "SubscriptionId": "086aecf4-23d6-4dfd-99a8-a5c6299f0322" + } +} \ No newline at end of file diff --git a/src/PolicyInsights/PolicyInsights.Test/SessionRecords/Microsoft.Azure.Commands.PolicyInsights.Test.ScenarioTests.AttestationTests/ResourceScopeCrud.json b/src/PolicyInsights/PolicyInsights.Test/SessionRecords/Microsoft.Azure.Commands.PolicyInsights.Test.ScenarioTests.AttestationTests/ResourceScopeCrud.json new file mode 100644 index 000000000000..9a14fe249a60 --- /dev/null +++ b/src/PolicyInsights/PolicyInsights.Test/SessionRecords/Microsoft.Azure.Commands.PolicyInsights.Test.ScenarioTests.AttestationTests/ResourceScopeCrud.json @@ -0,0 +1,1562 @@ +{ + "Entries": [ + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourceGroups/ps-attestation-test-rg/providers/Microsoft.Network/networkSecurityGroups/pstests0/providers/Microsoft.PolicyInsights/attestations/Attestation-ResourceScope-Crud?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9yZXNvdXJjZUdyb3Vwcy9wcy1hdHRlc3RhdGlvbi10ZXN0LXJnL3Byb3ZpZGVycy9NaWNyb3NvZnQuTmV0d29yay9uZXR3b3JrU2VjdXJpdHlHcm91cHMvcHN0ZXN0czAvcHJvdmlkZXJzL01pY3Jvc29mdC5Qb2xpY3lJbnNpZ2h0cy9hdHRlc3RhdGlvbnMvQXR0ZXN0YXRpb24tUmVzb3VyY2VTY29wZS1DcnVkP2FwaS12ZXJzaW9uPTIwMjItMDktMDE=", + "RequestMethod": "GET", + "RequestHeaders": { + "x-ms-client-request-id": [ + "e44f6f3d-5ff0-4e37-86b5-734de5f80f15" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ] + }, + "RequestBody": "", + "ResponseHeaders": { + "Cache-Control": [ + "no-store, no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11999" + ], + "Server": [ + "Kestrel" + ], + "x-ms-request-id": [ + "6d508369-646b-485d-aedf-a821eb4258dc" + ], + "x-ms-correlation-request-id": [ + "6d508369-646b-485d-aedf-a821eb4258dc" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165714Z:6d508369-646b-485d-aedf-a821eb4258dc" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:57:14 GMT" + ], + "Content-Length": [ + "127" + ], + "Content-Type": [ + "application/json" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"AttestationNotFound\",\r\n \"message\": \"The attestation with name 'Attestation-ResourceScope-Crud' does not exist.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourceGroups/ps-attestation-test-rg/providers/Microsoft.Network/networkSecurityGroups/pstests0/providers/Microsoft.PolicyInsights/attestations/Attestation-ResourceScope-Crud?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9yZXNvdXJjZUdyb3Vwcy9wcy1hdHRlc3RhdGlvbi10ZXN0LXJnL3Byb3ZpZGVycy9NaWNyb3NvZnQuTmV0d29yay9uZXR3b3JrU2VjdXJpdHlHcm91cHMvcHN0ZXN0czAvcHJvdmlkZXJzL01pY3Jvc29mdC5Qb2xpY3lJbnNpZ2h0cy9hdHRlc3RhdGlvbnMvQXR0ZXN0YXRpb24tUmVzb3VyY2VTY29wZS1DcnVkP2FwaS12ZXJzaW9uPTIwMjItMDktMDE=", + "RequestMethod": "GET", + "RequestHeaders": { + "x-ms-client-request-id": [ + "98ed02ad-2b23-4290-a6cd-9b82ac579dbe" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ] + }, + "RequestBody": "", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "147" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11999" + ], + "x-ms-request-id": [ + "f07819b9-1ed1-4d85-8982-9e6dcb6688ea" + ], + "x-ms-correlation-request-id": [ + "f07819b9-1ed1-4d85-8982-9e6dcb6688ea" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165716Z:f07819b9-1ed1-4d85-8982-9e6dcb6688ea" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:57:16 GMT" + ], + "Content-Length": [ + "898" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationresourceassignment\",\r\n \"complianceState\": \"Compliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:57:15.2663963Z\"\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg/providers/microsoft.network/networksecuritygroups/pstests0/providers/microsoft.policyinsights/attestations/attestation-resourcescope-crud\",\r\n \"name\": \"Attestation-ResourceScope-Crud\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:57:15.2663963Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:57:15.2663963Z\"\r\n }\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourceGroups/ps-attestation-test-rg/providers/Microsoft.Network/networkSecurityGroups/pstests0/providers/Microsoft.PolicyInsights/attestations/Attestation-ResourceScope-Crud?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9yZXNvdXJjZUdyb3Vwcy9wcy1hdHRlc3RhdGlvbi10ZXN0LXJnL3Byb3ZpZGVycy9NaWNyb3NvZnQuTmV0d29yay9uZXR3b3JrU2VjdXJpdHlHcm91cHMvcHN0ZXN0czAvcHJvdmlkZXJzL01pY3Jvc29mdC5Qb2xpY3lJbnNpZ2h0cy9hdHRlc3RhdGlvbnMvQXR0ZXN0YXRpb24tUmVzb3VyY2VTY29wZS1DcnVkP2FwaS12ZXJzaW9uPTIwMjItMDktMDE=", + "RequestMethod": "GET", + "RequestHeaders": { + "x-ms-client-request-id": [ + "c2ffbbbb-139a-4b5a-8919-9e32f44c9fc4" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ] + }, + "RequestBody": "", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "141" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11999" + ], + "x-ms-request-id": [ + "ad7bf5d9-02e4-41c5-a9c1-5e0337a3ec7e" + ], + "x-ms-correlation-request-id": [ + "ad7bf5d9-02e4-41c5-a9c1-5e0337a3ec7e" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165716Z:ad7bf5d9-02e4-41c5-a9c1-5e0337a3ec7e" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:57:16 GMT" + ], + "Content-Length": [ + "898" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationresourceassignment\",\r\n \"complianceState\": \"Compliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:57:15.2663963Z\"\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg/providers/microsoft.network/networksecuritygroups/pstests0/providers/microsoft.policyinsights/attestations/attestation-resourcescope-crud\",\r\n \"name\": \"Attestation-ResourceScope-Crud\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:57:15.2663963Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:57:15.2663963Z\"\r\n }\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourceGroups/ps-attestation-test-rg/providers/Microsoft.Network/networkSecurityGroups/pstests0/providers/Microsoft.PolicyInsights/attestations/Attestation-ResourceScope-Crud?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9yZXNvdXJjZUdyb3Vwcy9wcy1hdHRlc3RhdGlvbi10ZXN0LXJnL3Byb3ZpZGVycy9NaWNyb3NvZnQuTmV0d29yay9uZXR3b3JrU2VjdXJpdHlHcm91cHMvcHN0ZXN0czAvcHJvdmlkZXJzL01pY3Jvc29mdC5Qb2xpY3lJbnNpZ2h0cy9hdHRlc3RhdGlvbnMvQXR0ZXN0YXRpb24tUmVzb3VyY2VTY29wZS1DcnVkP2FwaS12ZXJzaW9uPTIwMjItMDktMDE=", + "RequestMethod": "PUT", + "RequestHeaders": { + "x-ms-client-request-id": [ + "e44f6f3d-5ff0-4e37-86b5-734de5f80f15" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Content-Length": [ + "230" + ] + }, + "RequestBody": "{\r\n \"properties\": {\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/Microsoft.Authorization/policyAssignments/PSAttestationResourceAssignment\",\r\n \"complianceState\": \"Compliant\"\r\n }\r\n}", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "142" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-writes": [ + "1199" + ], + "x-ms-request-id": [ + "dcbf1fc0-0c9d-4554-add4-3caf23638b3b" + ], + "x-ms-correlation-request-id": [ + "dcbf1fc0-0c9d-4554-add4-3caf23638b3b" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165715Z:dcbf1fc0-0c9d-4554-add4-3caf23638b3b" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:57:15 GMT" + ], + "Content-Length": [ + "898" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationresourceassignment\",\r\n \"complianceState\": \"Compliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:57:15.2663963Z\"\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg/providers/microsoft.network/networksecuritygroups/pstests0/providers/microsoft.policyinsights/attestations/attestation-resourcescope-crud\",\r\n \"name\": \"Attestation-ResourceScope-Crud\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:57:15.2663963Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:57:15.2663963Z\"\r\n }\r\n}", + "StatusCode": 201 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourceGroups/ps-attestation-test-rg/providers/Microsoft.Network/networkSecurityGroups/pstests0/providers/Microsoft.PolicyInsights/attestations/Attestation-ResourceScope-Crud?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9yZXNvdXJjZUdyb3Vwcy9wcy1hdHRlc3RhdGlvbi10ZXN0LXJnL3Byb3ZpZGVycy9NaWNyb3NvZnQuTmV0d29yay9uZXR3b3JrU2VjdXJpdHlHcm91cHMvcHN0ZXN0czAvcHJvdmlkZXJzL01pY3Jvc29mdC5Qb2xpY3lJbnNpZ2h0cy9hdHRlc3RhdGlvbnMvQXR0ZXN0YXRpb24tUmVzb3VyY2VTY29wZS1DcnVkP2FwaS12ZXJzaW9uPTIwMjItMDktMDE=", + "RequestMethod": "PUT", + "RequestHeaders": { + "x-ms-client-request-id": [ + "c2ffbbbb-139a-4b5a-8919-9e32f44c9fc4" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Content-Length": [ + "233" + ] + }, + "RequestBody": "{\r\n \"properties\": {\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationresourceassignment\",\r\n \"complianceState\": \"NonCompliant\"\r\n }\r\n}", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "140" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-writes": [ + "1199" + ], + "x-ms-request-id": [ + "f3e7a86a-2408-42a7-888f-de2d201f486c" + ], + "x-ms-correlation-request-id": [ + "f3e7a86a-2408-42a7-888f-de2d201f486c" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165717Z:f3e7a86a-2408-42a7-888f-de2d201f486c" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:57:16 GMT" + ], + "Content-Length": [ + "901" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationresourceassignment\",\r\n \"complianceState\": \"NonCompliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:57:16.8228846Z\"\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg/providers/microsoft.network/networksecuritygroups/pstests0/providers/microsoft.policyinsights/attestations/attestation-resourcescope-crud\",\r\n \"name\": \"Attestation-ResourceScope-Crud\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:57:15.2663963Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:57:16.8228846Z\"\r\n }\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg/providers/microsoft.network/networksecuritygroups/pstests0//providers/Microsoft.PolicyInsights/attestations/attestation-resourcescope-crud?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9yZXNvdXJjZWdyb3Vwcy9wcy1hdHRlc3RhdGlvbi10ZXN0LXJnL3Byb3ZpZGVycy9taWNyb3NvZnQubmV0d29yay9uZXR3b3Jrc2VjdXJpdHlncm91cHMvcHN0ZXN0czAvL3Byb3ZpZGVycy9NaWNyb3NvZnQuUG9saWN5SW5zaWdodHMvYXR0ZXN0YXRpb25zL2F0dGVzdGF0aW9uLXJlc291cmNlc2NvcGUtY3J1ZD9hcGktdmVyc2lvbj0yMDIyLTA5LTAx", + "RequestMethod": "GET", + "RequestHeaders": { + "x-ms-client-request-id": [ + "a3a537fb-534b-43ab-979f-33ae3a07136c" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ] + }, + "RequestBody": "", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "144" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11999" + ], + "x-ms-request-id": [ + "c0dfd796-f2f9-42ac-a728-ccf173d37fd7" + ], + "x-ms-correlation-request-id": [ + "c0dfd796-f2f9-42ac-a728-ccf173d37fd7" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165717Z:c0dfd796-f2f9-42ac-a728-ccf173d37fd7" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:57:17 GMT" + ], + "Content-Length": [ + "901" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationresourceassignment\",\r\n \"complianceState\": \"NonCompliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:57:16.8228846Z\"\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg/providers/microsoft.network/networksecuritygroups/pstests0/providers/microsoft.policyinsights/attestations/attestation-resourcescope-crud\",\r\n \"name\": \"Attestation-ResourceScope-Crud\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:57:15.2663963Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:57:16.8228846Z\"\r\n }\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg/providers/microsoft.network/networksecuritygroups/pstests0//providers/Microsoft.PolicyInsights/attestations/attestation-resourcescope-crud?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9yZXNvdXJjZWdyb3Vwcy9wcy1hdHRlc3RhdGlvbi10ZXN0LXJnL3Byb3ZpZGVycy9taWNyb3NvZnQubmV0d29yay9uZXR3b3Jrc2VjdXJpdHlncm91cHMvcHN0ZXN0czAvL3Byb3ZpZGVycy9NaWNyb3NvZnQuUG9saWN5SW5zaWdodHMvYXR0ZXN0YXRpb25zL2F0dGVzdGF0aW9uLXJlc291cmNlc2NvcGUtY3J1ZD9hcGktdmVyc2lvbj0yMDIyLTA5LTAx", + "RequestMethod": "GET", + "RequestHeaders": { + "x-ms-client-request-id": [ + "9991ab89-9ae8-4069-ae91-6508dc90cb6b" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ] + }, + "RequestBody": "", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "142" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11998" + ], + "x-ms-request-id": [ + "9c51435d-9bb3-41f5-9f3a-3ee832e802ed" + ], + "x-ms-correlation-request-id": [ + "9c51435d-9bb3-41f5-9f3a-3ee832e802ed" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165720Z:9c51435d-9bb3-41f5-9f3a-3ee832e802ed" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:57:19 GMT" + ], + "Content-Length": [ + "927" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationresourceassignment\",\r\n \"complianceState\": \"NonCompliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:57:16.8228846Z\",\r\n \"comments\": \"Test Comment\"\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg/providers/microsoft.network/networksecuritygroups/pstests0/providers/microsoft.policyinsights/attestations/attestation-resourcescope-crud\",\r\n \"name\": \"attestation-resourcescope-crud\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:57:15.2663963Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:57:18.2025014Z\"\r\n }\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg/providers/microsoft.network/networksecuritygroups/pstests0//providers/Microsoft.PolicyInsights/attestations/attestation-resourcescope-crud?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9yZXNvdXJjZWdyb3Vwcy9wcy1hdHRlc3RhdGlvbi10ZXN0LXJnL3Byb3ZpZGVycy9taWNyb3NvZnQubmV0d29yay9uZXR3b3Jrc2VjdXJpdHlncm91cHMvcHN0ZXN0czAvL3Byb3ZpZGVycy9NaWNyb3NvZnQuUG9saWN5SW5zaWdodHMvYXR0ZXN0YXRpb25zL2F0dGVzdGF0aW9uLXJlc291cmNlc2NvcGUtY3J1ZD9hcGktdmVyc2lvbj0yMDIyLTA5LTAx", + "RequestMethod": "PUT", + "RequestHeaders": { + "x-ms-client-request-id": [ + "a3a537fb-534b-43ab-979f-33ae3a07136c" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Content-Length": [ + "266" + ] + }, + "RequestBody": "{\r\n \"properties\": {\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationresourceassignment\",\r\n \"complianceState\": \"NonCompliant\",\r\n \"comments\": \"Test Comment\"\r\n }\r\n}", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "143" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-writes": [ + "1199" + ], + "x-ms-request-id": [ + "9f3515e8-959b-42de-b91f-14025463f96e" + ], + "x-ms-correlation-request-id": [ + "9f3515e8-959b-42de-b91f-14025463f96e" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165719Z:9f3515e8-959b-42de-b91f-14025463f96e" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:57:18 GMT" + ], + "Content-Length": [ + "927" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationresourceassignment\",\r\n \"complianceState\": \"NonCompliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:57:16.8228846Z\",\r\n \"comments\": \"Test Comment\"\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg/providers/microsoft.network/networksecuritygroups/pstests0/providers/microsoft.policyinsights/attestations/attestation-resourcescope-crud\",\r\n \"name\": \"attestation-resourcescope-crud\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:57:15.2663963Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:57:18.2025014Z\"\r\n }\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg/providers/microsoft.network/networksecuritygroups/pstests0//providers/Microsoft.PolicyInsights/attestations/attestation-resourcescope-crud?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9yZXNvdXJjZWdyb3Vwcy9wcy1hdHRlc3RhdGlvbi10ZXN0LXJnL3Byb3ZpZGVycy9taWNyb3NvZnQubmV0d29yay9uZXR3b3Jrc2VjdXJpdHlncm91cHMvcHN0ZXN0czAvL3Byb3ZpZGVycy9NaWNyb3NvZnQuUG9saWN5SW5zaWdodHMvYXR0ZXN0YXRpb25zL2F0dGVzdGF0aW9uLXJlc291cmNlc2NvcGUtY3J1ZD9hcGktdmVyc2lvbj0yMDIyLTA5LTAx", + "RequestMethod": "PUT", + "RequestHeaders": { + "x-ms-client-request-id": [ + "9991ab89-9ae8-4069-ae91-6508dc90cb6b" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Content-Length": [ + "308" + ] + }, + "RequestBody": "{\r\n \"properties\": {\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/Microsoft.Authorization/policyAssignments/PSAttestationResourceAssignment\",\r\n \"complianceState\": \"NonCompliant\",\r\n \"expiresOn\": \"2050-01-01T00:00:00Z\",\r\n \"comments\": \"Test Comment\"\r\n }\r\n}", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "141" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-writes": [ + "1198" + ], + "x-ms-request-id": [ + "ab3490b5-e8a2-4d7a-8126-9ea37c6e1a5e" + ], + "x-ms-correlation-request-id": [ + "ab3490b5-e8a2-4d7a-8126-9ea37c6e1a5e" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165722Z:ab3490b5-e8a2-4d7a-8126-9ea37c6e1a5e" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:57:22 GMT" + ], + "Content-Length": [ + "962" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationresourceassignment\",\r\n \"complianceState\": \"NonCompliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:57:16.8228846Z\",\r\n \"expiresOn\": \"2050-01-01T00:00:00Z\",\r\n \"comments\": \"Test Comment\"\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg/providers/microsoft.network/networksecuritygroups/pstests0/providers/microsoft.policyinsights/attestations/attestation-resourcescope-crud\",\r\n \"name\": \"attestation-resourcescope-crud\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:57:15.2663963Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:57:20.3539086Z\"\r\n }\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourceGroups/ps-attestation-test-rg/providers/Microsoft.Network/networkSecurityGroups/pstests0/providers/Microsoft.PolicyInsights/attestations/Attestation-Resource-Full?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9yZXNvdXJjZUdyb3Vwcy9wcy1hdHRlc3RhdGlvbi10ZXN0LXJnL3Byb3ZpZGVycy9NaWNyb3NvZnQuTmV0d29yay9uZXR3b3JrU2VjdXJpdHlHcm91cHMvcHN0ZXN0czAvcHJvdmlkZXJzL01pY3Jvc29mdC5Qb2xpY3lJbnNpZ2h0cy9hdHRlc3RhdGlvbnMvQXR0ZXN0YXRpb24tUmVzb3VyY2UtRnVsbD9hcGktdmVyc2lvbj0yMDIyLTA5LTAx", + "RequestMethod": "GET", + "RequestHeaders": { + "x-ms-client-request-id": [ + "c748534d-c529-487c-8792-566a8992a8a5" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ] + }, + "RequestBody": "", + "ResponseHeaders": { + "Cache-Control": [ + "no-store, no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11998" + ], + "Server": [ + "Kestrel" + ], + "x-ms-request-id": [ + "f3d6ceee-8b06-4af6-a4e7-233b59e9fa57" + ], + "x-ms-correlation-request-id": [ + "f3d6ceee-8b06-4af6-a4e7-233b59e9fa57" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165723Z:f3d6ceee-8b06-4af6-a4e7-233b59e9fa57" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:57:22 GMT" + ], + "Content-Length": [ + "122" + ], + "Content-Type": [ + "application/json" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"AttestationNotFound\",\r\n \"message\": \"The attestation with name 'Attestation-Resource-Full' does not exist.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourceGroups/ps-attestation-test-rg/providers/Microsoft.Network/networkSecurityGroups/pstests0/providers/Microsoft.PolicyInsights/attestations/Attestation-Resource-Full?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9yZXNvdXJjZUdyb3Vwcy9wcy1hdHRlc3RhdGlvbi10ZXN0LXJnL3Byb3ZpZGVycy9NaWNyb3NvZnQuTmV0d29yay9uZXR3b3JrU2VjdXJpdHlHcm91cHMvcHN0ZXN0czAvcHJvdmlkZXJzL01pY3Jvc29mdC5Qb2xpY3lJbnNpZ2h0cy9hdHRlc3RhdGlvbnMvQXR0ZXN0YXRpb24tUmVzb3VyY2UtRnVsbD9hcGktdmVyc2lvbj0yMDIyLTA5LTAx", + "RequestMethod": "GET", + "RequestHeaders": { + "x-ms-client-request-id": [ + "679a0ed7-6606-433d-84fa-b712a9108a36" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ] + }, + "RequestBody": "", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "145" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11998" + ], + "x-ms-request-id": [ + "98eb7e73-bcd5-43c0-8793-58d0bb80b30a" + ], + "x-ms-correlation-request-id": [ + "98eb7e73-bcd5-43c0-8793-58d0bb80b30a" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165725Z:98eb7e73-bcd5-43c0-8793-58d0bb80b30a" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:57:24 GMT" + ], + "Content-Length": [ + "1216" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationinitiativeresourceassignment\",\r\n \"policyDefinitionReferenceId\": \"pstestattestationresource_1\",\r\n \"complianceState\": \"Compliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:57:24.0757851Z\",\r\n \"expiresOn\": \"2050-01-01T00:00:00Z\",\r\n \"owner\": \"Test Owner\",\r\n \"comments\": \"Test Comment\",\r\n \"evidence\": [\r\n {\r\n \"description\": \"This is a test description\",\r\n \"sourceUri\": \"https://contoso.org/test.pdf\"\r\n }\r\n ],\r\n \"assessmentDate\": \"2049-12-30T00:00:00Z\",\r\n \"metadata\": {\r\n \"TestKey\": \"TestValue\"\r\n }\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg/providers/microsoft.network/networksecuritygroups/pstests0/providers/microsoft.policyinsights/attestations/attestation-resource-full\",\r\n \"name\": \"Attestation-Resource-Full\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:57:24.0757851Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:57:24.0757851Z\"\r\n }\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourceGroups/ps-attestation-test-rg/providers/Microsoft.Network/networkSecurityGroups/pstests0/providers/Microsoft.PolicyInsights/attestations/Attestation-Resource-Full?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9yZXNvdXJjZUdyb3Vwcy9wcy1hdHRlc3RhdGlvbi10ZXN0LXJnL3Byb3ZpZGVycy9NaWNyb3NvZnQuTmV0d29yay9uZXR3b3JrU2VjdXJpdHlHcm91cHMvcHN0ZXN0czAvcHJvdmlkZXJzL01pY3Jvc29mdC5Qb2xpY3lJbnNpZ2h0cy9hdHRlc3RhdGlvbnMvQXR0ZXN0YXRpb24tUmVzb3VyY2UtRnVsbD9hcGktdmVyc2lvbj0yMDIyLTA5LTAx", + "RequestMethod": "GET", + "RequestHeaders": { + "x-ms-client-request-id": [ + "72f5445f-4e5f-44f9-9fb6-d81b8a39838b" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ] + }, + "RequestBody": "", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "145" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11998" + ], + "x-ms-request-id": [ + "d92214fb-7921-45e5-ba6e-00bf9fbd808c" + ], + "x-ms-correlation-request-id": [ + "d92214fb-7921-45e5-ba6e-00bf9fbd808c" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165725Z:d92214fb-7921-45e5-ba6e-00bf9fbd808c" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:57:25 GMT" + ], + "Content-Length": [ + "1216" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationinitiativeresourceassignment\",\r\n \"policyDefinitionReferenceId\": \"pstestattestationresource_1\",\r\n \"complianceState\": \"Compliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:57:24.0757851Z\",\r\n \"expiresOn\": \"2050-01-01T00:00:00Z\",\r\n \"owner\": \"Test Owner\",\r\n \"comments\": \"Test Comment\",\r\n \"evidence\": [\r\n {\r\n \"description\": \"This is a test description\",\r\n \"sourceUri\": \"https://contoso.org/test.pdf\"\r\n }\r\n ],\r\n \"assessmentDate\": \"2049-12-30T00:00:00Z\",\r\n \"metadata\": {\r\n \"TestKey\": \"TestValue\"\r\n }\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg/providers/microsoft.network/networksecuritygroups/pstests0/providers/microsoft.policyinsights/attestations/attestation-resource-full\",\r\n \"name\": \"Attestation-Resource-Full\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:57:24.0757851Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:57:24.0757851Z\"\r\n }\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourceGroups/ps-attestation-test-rg/providers/Microsoft.Network/networkSecurityGroups/pstests0/providers/Microsoft.PolicyInsights/attestations/Attestation-Resource-Full?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9yZXNvdXJjZUdyb3Vwcy9wcy1hdHRlc3RhdGlvbi10ZXN0LXJnL3Byb3ZpZGVycy9NaWNyb3NvZnQuTmV0d29yay9uZXR3b3JrU2VjdXJpdHlHcm91cHMvcHN0ZXN0czAvcHJvdmlkZXJzL01pY3Jvc29mdC5Qb2xpY3lJbnNpZ2h0cy9hdHRlc3RhdGlvbnMvQXR0ZXN0YXRpb24tUmVzb3VyY2UtRnVsbD9hcGktdmVyc2lvbj0yMDIyLTA5LTAx", + "RequestMethod": "PUT", + "RequestHeaders": { + "x-ms-client-request-id": [ + "c748534d-c529-487c-8792-566a8992a8a5" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Content-Length": [ + "666" + ] + }, + "RequestBody": "{\r\n \"properties\": {\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/Microsoft.Authorization/policyAssignments/PSAttestationInitiativeResourceAssignment\",\r\n \"policyDefinitionReferenceId\": \"PSTestAttestationResource_1\",\r\n \"complianceState\": \"Compliant\",\r\n \"expiresOn\": \"2050-01-01T00:00:00Z\",\r\n \"owner\": \"Test Owner\",\r\n \"comments\": \"Test Comment\",\r\n \"evidence\": [\r\n {\r\n \"description\": \"This is a test description\",\r\n \"sourceUri\": \"https://contoso.org/test.pdf\"\r\n }\r\n ],\r\n \"assessmentDate\": \"2049-12-30T00:00:00Z\",\r\n \"metadata\": {\r\n \"TestKey\": \"TestValue\"\r\n }\r\n }\r\n}", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "145" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-writes": [ + "1198" + ], + "x-ms-request-id": [ + "8f4cf310-de2b-428f-991c-0a859f16e0c8" + ], + "x-ms-correlation-request-id": [ + "8f4cf310-de2b-428f-991c-0a859f16e0c8" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165724Z:8f4cf310-de2b-428f-991c-0a859f16e0c8" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:57:24 GMT" + ], + "Content-Length": [ + "1216" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationinitiativeresourceassignment\",\r\n \"policyDefinitionReferenceId\": \"pstestattestationresource_1\",\r\n \"complianceState\": \"Compliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:57:24.0757851Z\",\r\n \"expiresOn\": \"2050-01-01T00:00:00Z\",\r\n \"owner\": \"Test Owner\",\r\n \"comments\": \"Test Comment\",\r\n \"evidence\": [\r\n {\r\n \"description\": \"This is a test description\",\r\n \"sourceUri\": \"https://contoso.org/test.pdf\"\r\n }\r\n ],\r\n \"assessmentDate\": \"2049-12-30T00:00:00Z\",\r\n \"metadata\": {\r\n \"TestKey\": \"TestValue\"\r\n }\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg/providers/microsoft.network/networksecuritygroups/pstests0/providers/microsoft.policyinsights/attestations/attestation-resource-full\",\r\n \"name\": \"Attestation-Resource-Full\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:57:24.0757851Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:57:24.0757851Z\"\r\n }\r\n}", + "StatusCode": 201 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourceGroups/ps-attestation-test-rg/providers/Microsoft.Network/networkSecurityGroups/pstests0/providers/Microsoft.PolicyInsights/attestations/Attestation-Resource-Full?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9yZXNvdXJjZUdyb3Vwcy9wcy1hdHRlc3RhdGlvbi10ZXN0LXJnL3Byb3ZpZGVycy9NaWNyb3NvZnQuTmV0d29yay9uZXR3b3JrU2VjdXJpdHlHcm91cHMvcHN0ZXN0czAvcHJvdmlkZXJzL01pY3Jvc29mdC5Qb2xpY3lJbnNpZ2h0cy9hdHRlc3RhdGlvbnMvQXR0ZXN0YXRpb24tUmVzb3VyY2UtRnVsbD9hcGktdmVyc2lvbj0yMDIyLTA5LTAx", + "RequestMethod": "PUT", + "RequestHeaders": { + "x-ms-client-request-id": [ + "72f5445f-4e5f-44f9-9fb6-d81b8a39838b" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Content-Length": [ + "680" + ] + }, + "RequestBody": "{\r\n \"properties\": {\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/Microsoft.Authorization/policyAssignments/PSAttestationInitiativeResourceAssignment\",\r\n \"policyDefinitionReferenceId\": \"PSTestAttestationResource_1\",\r\n \"complianceState\": \"Compliant\",\r\n \"expiresOn\": \"2050-01-01T00:00:00Z\",\r\n \"owner\": \"Test Owner\",\r\n \"comments\": \"This is an updated comment\",\r\n \"evidence\": [\r\n {\r\n \"description\": \"This is a test description\",\r\n \"sourceUri\": \"https://contoso.org/test.pdf\"\r\n }\r\n ],\r\n \"assessmentDate\": \"2049-12-30T00:00:00Z\",\r\n \"metadata\": {\r\n \"TestKey\": \"TestValue\"\r\n }\r\n }\r\n}", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "144" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-writes": [ + "1198" + ], + "x-ms-request-id": [ + "e1019746-b76e-495f-8d27-1b356ef96ae6" + ], + "x-ms-correlation-request-id": [ + "e1019746-b76e-495f-8d27-1b356ef96ae6" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165726Z:e1019746-b76e-495f-8d27-1b356ef96ae6" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:57:26 GMT" + ], + "Content-Length": [ + "1230" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationinitiativeresourceassignment\",\r\n \"policyDefinitionReferenceId\": \"pstestattestationresource_1\",\r\n \"complianceState\": \"Compliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:57:24.0757851Z\",\r\n \"expiresOn\": \"2050-01-01T00:00:00Z\",\r\n \"owner\": \"Test Owner\",\r\n \"comments\": \"This is an updated comment\",\r\n \"evidence\": [\r\n {\r\n \"description\": \"This is a test description\",\r\n \"sourceUri\": \"https://contoso.org/test.pdf\"\r\n }\r\n ],\r\n \"assessmentDate\": \"2049-12-30T00:00:00Z\",\r\n \"metadata\": {\r\n \"TestKey\": \"TestValue\"\r\n }\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg/providers/microsoft.network/networksecuritygroups/pstests0/providers/microsoft.policyinsights/attestations/attestation-resource-full\",\r\n \"name\": \"Attestation-Resource-Full\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:57:24.0757851Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:57:26.5765512Z\"\r\n }\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg/providers/microsoft.network/networksecuritygroups/pstests0//providers/Microsoft.PolicyInsights/attestations/attestation-resource-full?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9yZXNvdXJjZWdyb3Vwcy9wcy1hdHRlc3RhdGlvbi10ZXN0LXJnL3Byb3ZpZGVycy9taWNyb3NvZnQubmV0d29yay9uZXR3b3Jrc2VjdXJpdHlncm91cHMvcHN0ZXN0czAvL3Byb3ZpZGVycy9NaWNyb3NvZnQuUG9saWN5SW5zaWdodHMvYXR0ZXN0YXRpb25zL2F0dGVzdGF0aW9uLXJlc291cmNlLWZ1bGw/YXBpLXZlcnNpb249MjAyMi0wOS0wMQ==", + "RequestMethod": "GET", + "RequestHeaders": { + "x-ms-client-request-id": [ + "9b809b05-bcb3-4165-9473-a078805bece1" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ] + }, + "RequestBody": "", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "142" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11998" + ], + "x-ms-request-id": [ + "c4bd1a52-6cb9-4faa-a63e-76eefb5ec775" + ], + "x-ms-correlation-request-id": [ + "c4bd1a52-6cb9-4faa-a63e-76eefb5ec775" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165727Z:c4bd1a52-6cb9-4faa-a63e-76eefb5ec775" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:57:26 GMT" + ], + "Content-Length": [ + "1230" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationinitiativeresourceassignment\",\r\n \"policyDefinitionReferenceId\": \"pstestattestationresource_1\",\r\n \"complianceState\": \"Compliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:57:24.0757851Z\",\r\n \"expiresOn\": \"2050-01-01T00:00:00Z\",\r\n \"owner\": \"Test Owner\",\r\n \"comments\": \"This is an updated comment\",\r\n \"evidence\": [\r\n {\r\n \"description\": \"This is a test description\",\r\n \"sourceUri\": \"https://contoso.org/test.pdf\"\r\n }\r\n ],\r\n \"assessmentDate\": \"2049-12-30T00:00:00Z\",\r\n \"metadata\": {\r\n \"TestKey\": \"TestValue\"\r\n }\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg/providers/microsoft.network/networksecuritygroups/pstests0/providers/microsoft.policyinsights/attestations/attestation-resource-full\",\r\n \"name\": \"Attestation-Resource-Full\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:57:24.0757851Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:57:26.5765512Z\"\r\n }\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg/providers/microsoft.network/networksecuritygroups/pstests0//providers/Microsoft.PolicyInsights/attestations/attestation-resource-full?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9yZXNvdXJjZWdyb3Vwcy9wcy1hdHRlc3RhdGlvbi10ZXN0LXJnL3Byb3ZpZGVycy9taWNyb3NvZnQubmV0d29yay9uZXR3b3Jrc2VjdXJpdHlncm91cHMvcHN0ZXN0czAvL3Byb3ZpZGVycy9NaWNyb3NvZnQuUG9saWN5SW5zaWdodHMvYXR0ZXN0YXRpb25zL2F0dGVzdGF0aW9uLXJlc291cmNlLWZ1bGw/YXBpLXZlcnNpb249MjAyMi0wOS0wMQ==", + "RequestMethod": "GET", + "RequestHeaders": { + "x-ms-client-request-id": [ + "905b28b0-3c65-43a4-8fa6-e0f1acac37ce" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ] + }, + "RequestBody": "", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "145" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11998" + ], + "x-ms-request-id": [ + "063b5e31-b8e8-4167-a427-eb933e528560" + ], + "x-ms-correlation-request-id": [ + "063b5e31-b8e8-4167-a427-eb933e528560" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165728Z:063b5e31-b8e8-4167-a427-eb933e528560" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:57:28 GMT" + ], + "Content-Length": [ + "1359" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationinitiativeresourceassignment\",\r\n \"policyDefinitionReferenceId\": \"pstestattestationresource_1\",\r\n \"complianceState\": \"NonCompliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:57:28.1857694Z\",\r\n \"expiresOn\": \"2050-01-01T00:00:00Z\",\r\n \"owner\": \"Test Owner\",\r\n \"comments\": \"This is an updated comment\",\r\n \"evidence\": [\r\n {\r\n \"description\": \"This is a test description\",\r\n \"sourceUri\": \"https://contoso.org/test.pdf\"\r\n },\r\n {\r\n \"description\": \"Found new evidence to make the resource non-compliant\",\r\n \"sourceUri\": \"https://contoso.org/testnewevidence.pdf\"\r\n }\r\n ],\r\n \"assessmentDate\": \"2049-12-30T00:00:00Z\",\r\n \"metadata\": {\r\n \"TestKey\": \"TestValue\"\r\n }\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg/providers/microsoft.network/networksecuritygroups/pstests0/providers/microsoft.policyinsights/attestations/attestation-resource-full\",\r\n \"name\": \"attestation-resource-full\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:57:24.0757851Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:57:28.1857694Z\"\r\n }\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg/providers/microsoft.network/networksecuritygroups/pstests0//providers/Microsoft.PolicyInsights/attestations/attestation-resource-full?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9yZXNvdXJjZWdyb3Vwcy9wcy1hdHRlc3RhdGlvbi10ZXN0LXJnL3Byb3ZpZGVycy9taWNyb3NvZnQubmV0d29yay9uZXR3b3Jrc2VjdXJpdHlncm91cHMvcHN0ZXN0czAvL3Byb3ZpZGVycy9NaWNyb3NvZnQuUG9saWN5SW5zaWdodHMvYXR0ZXN0YXRpb25zL2F0dGVzdGF0aW9uLXJlc291cmNlLWZ1bGw/YXBpLXZlcnNpb249MjAyMi0wOS0wMQ==", + "RequestMethod": "PUT", + "RequestHeaders": { + "x-ms-client-request-id": [ + "9b809b05-bcb3-4165-9473-a078805bece1" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Content-Length": [ + "847" + ] + }, + "RequestBody": "{\r\n \"properties\": {\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/Microsoft.Authorization/policyAssignments/PSAttestationInitiativeResourceAssignment\",\r\n \"policyDefinitionReferenceId\": \"PSTestAttestationResource_1\",\r\n \"complianceState\": \"NonCompliant\",\r\n \"expiresOn\": \"2050-01-01T00:00:00Z\",\r\n \"owner\": \"Test Owner\",\r\n \"comments\": \"This is an updated comment\",\r\n \"evidence\": [\r\n {\r\n \"description\": \"This is a test description\",\r\n \"sourceUri\": \"https://contoso.org/test.pdf\"\r\n },\r\n {\r\n \"description\": \"Found new evidence to make the resource non-compliant\",\r\n \"sourceUri\": \"https://contoso.org/testnewevidence.pdf\"\r\n }\r\n ],\r\n \"assessmentDate\": \"2049-12-30T00:00:00Z\",\r\n \"metadata\": {\r\n \"TestKey\": \"TestValue\"\r\n }\r\n }\r\n}", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "141" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-writes": [ + "1199" + ], + "x-ms-request-id": [ + "f9868ca0-9713-40a2-b682-dd8a4c96b794" + ], + "x-ms-correlation-request-id": [ + "f9868ca0-9713-40a2-b682-dd8a4c96b794" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165728Z:f9868ca0-9713-40a2-b682-dd8a4c96b794" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:57:27 GMT" + ], + "Content-Length": [ + "1359" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationinitiativeresourceassignment\",\r\n \"policyDefinitionReferenceId\": \"pstestattestationresource_1\",\r\n \"complianceState\": \"NonCompliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:57:28.1857694Z\",\r\n \"expiresOn\": \"2050-01-01T00:00:00Z\",\r\n \"owner\": \"Test Owner\",\r\n \"comments\": \"This is an updated comment\",\r\n \"evidence\": [\r\n {\r\n \"description\": \"This is a test description\",\r\n \"sourceUri\": \"https://contoso.org/test.pdf\"\r\n },\r\n {\r\n \"description\": \"Found new evidence to make the resource non-compliant\",\r\n \"sourceUri\": \"https://contoso.org/testnewevidence.pdf\"\r\n }\r\n ],\r\n \"assessmentDate\": \"2049-12-30T00:00:00Z\",\r\n \"metadata\": {\r\n \"TestKey\": \"TestValue\"\r\n }\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg/providers/microsoft.network/networksecuritygroups/pstests0/providers/microsoft.policyinsights/attestations/attestation-resource-full\",\r\n \"name\": \"attestation-resource-full\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:57:24.0757851Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:57:28.1857694Z\"\r\n }\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg/providers/microsoft.network/networksecuritygroups/pstests0//providers/Microsoft.PolicyInsights/attestations/attestation-resource-full?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9yZXNvdXJjZWdyb3Vwcy9wcy1hdHRlc3RhdGlvbi10ZXN0LXJnL3Byb3ZpZGVycy9taWNyb3NvZnQubmV0d29yay9uZXR3b3Jrc2VjdXJpdHlncm91cHMvcHN0ZXN0czAvL3Byb3ZpZGVycy9NaWNyb3NvZnQuUG9saWN5SW5zaWdodHMvYXR0ZXN0YXRpb25zL2F0dGVzdGF0aW9uLXJlc291cmNlLWZ1bGw/YXBpLXZlcnNpb249MjAyMi0wOS0wMQ==", + "RequestMethod": "PUT", + "RequestHeaders": { + "x-ms-client-request-id": [ + "905b28b0-3c65-43a4-8fa6-e0f1acac37ce" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Content-Length": [ + "849" + ] + }, + "RequestBody": "{\r\n \"properties\": {\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationinitiativeresourceassignment\",\r\n \"policyDefinitionReferenceId\": \"pstestattestationresource_1\",\r\n \"complianceState\": \"NonCompliant\",\r\n \"expiresOn\": \"2050-01-01T00:00:00Z\",\r\n \"owner\": \"Test Owner 2\",\r\n \"comments\": \"This is an updated comment\",\r\n \"evidence\": [\r\n {\r\n \"description\": \"This is a test description\",\r\n \"sourceUri\": \"https://contoso.org/test.pdf\"\r\n },\r\n {\r\n \"description\": \"Found new evidence to make the resource non-compliant\",\r\n \"sourceUri\": \"https://contoso.org/testnewevidence.pdf\"\r\n }\r\n ],\r\n \"assessmentDate\": \"2049-12-30T00:00:00Z\",\r\n \"metadata\": {\r\n \"TestKey\": \"TestValue\"\r\n }\r\n }\r\n}", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "144" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-writes": [ + "1198" + ], + "x-ms-request-id": [ + "8ee81d3d-ae09-4f02-9fd9-fe5c3fb64029" + ], + "x-ms-correlation-request-id": [ + "8ee81d3d-ae09-4f02-9fd9-fe5c3fb64029" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165730Z:8ee81d3d-ae09-4f02-9fd9-fe5c3fb64029" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:57:29 GMT" + ], + "Content-Length": [ + "1361" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationinitiativeresourceassignment\",\r\n \"policyDefinitionReferenceId\": \"pstestattestationresource_1\",\r\n \"complianceState\": \"NonCompliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:57:28.1857694Z\",\r\n \"expiresOn\": \"2050-01-01T00:00:00Z\",\r\n \"owner\": \"Test Owner 2\",\r\n \"comments\": \"This is an updated comment\",\r\n \"evidence\": [\r\n {\r\n \"description\": \"This is a test description\",\r\n \"sourceUri\": \"https://contoso.org/test.pdf\"\r\n },\r\n {\r\n \"description\": \"Found new evidence to make the resource non-compliant\",\r\n \"sourceUri\": \"https://contoso.org/testnewevidence.pdf\"\r\n }\r\n ],\r\n \"assessmentDate\": \"2049-12-30T00:00:00Z\",\r\n \"metadata\": {\r\n \"TestKey\": \"TestValue\"\r\n }\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg/providers/microsoft.network/networksecuritygroups/pstests0/providers/microsoft.policyinsights/attestations/attestation-resource-full\",\r\n \"name\": \"attestation-resource-full\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:57:24.0757851Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:57:29.6021338Z\"\r\n }\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourceGroups/ps-attestation-test-rg/providers/Microsoft.Network/networkSecurityGroups/pstests0/providers/Microsoft.PolicyInsights/attestations?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9yZXNvdXJjZUdyb3Vwcy9wcy1hdHRlc3RhdGlvbi10ZXN0LXJnL3Byb3ZpZGVycy9NaWNyb3NvZnQuTmV0d29yay9uZXR3b3JrU2VjdXJpdHlHcm91cHMvcHN0ZXN0czAvcHJvdmlkZXJzL01pY3Jvc29mdC5Qb2xpY3lJbnNpZ2h0cy9hdHRlc3RhdGlvbnM/YXBpLXZlcnNpb249MjAyMi0wOS0wMQ==", + "RequestMethod": "GET", + "RequestHeaders": { + "x-ms-client-request-id": [ + "a184f251-64bf-4d69-9acc-e5a6fe7a98e0" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ] + }, + "RequestBody": "", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "144" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11997" + ], + "x-ms-request-id": [ + "9baf2c66-3748-40bc-b15a-d9061b945a4f" + ], + "x-ms-correlation-request-id": [ + "9baf2c66-3748-40bc-b15a-d9061b945a4f" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165730Z:9baf2c66-3748-40bc-b15a-d9061b945a4f" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:57:30 GMT" + ], + "Content-Length": [ + "2336" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationresourceassignment\",\r\n \"complianceState\": \"NonCompliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:57:16.8228846Z\",\r\n \"expiresOn\": \"2050-01-01T00:00:00Z\",\r\n \"comments\": \"Test Comment\"\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg/providers/microsoft.network/networksecuritygroups/pstests0/providers/microsoft.policyinsights/attestations/attestation-resourcescope-crud\",\r\n \"name\": \"attestation-resourcescope-crud\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:57:15.2663963Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:57:20.3539086Z\"\r\n }\r\n },\r\n {\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationinitiativeresourceassignment\",\r\n \"policyDefinitionReferenceId\": \"pstestattestationresource_1\",\r\n \"complianceState\": \"NonCompliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:57:28.1857694Z\",\r\n \"expiresOn\": \"2050-01-01T00:00:00Z\",\r\n \"owner\": \"Test Owner 2\",\r\n \"comments\": \"This is an updated comment\",\r\n \"evidence\": [\r\n {\r\n \"description\": \"This is a test description\",\r\n \"sourceUri\": \"https://contoso.org/test.pdf\"\r\n },\r\n {\r\n \"description\": \"Found new evidence to make the resource non-compliant\",\r\n \"sourceUri\": \"https://contoso.org/testnewevidence.pdf\"\r\n }\r\n ],\r\n \"assessmentDate\": \"2049-12-30T00:00:00Z\",\r\n \"metadata\": {\r\n \"TestKey\": \"TestValue\"\r\n }\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg/providers/microsoft.network/networksecuritygroups/pstests0/providers/microsoft.policyinsights/attestations/attestation-resource-full\",\r\n \"name\": \"attestation-resource-full\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:57:24.0757851Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:57:29.6021338Z\"\r\n }\r\n }\r\n ]\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourceGroups/ps-attestation-test-rg/providers/Microsoft.Network/networkSecurityGroups/pstests0/providers/Microsoft.PolicyInsights/attestations?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9yZXNvdXJjZUdyb3Vwcy9wcy1hdHRlc3RhdGlvbi10ZXN0LXJnL3Byb3ZpZGVycy9NaWNyb3NvZnQuTmV0d29yay9uZXR3b3JrU2VjdXJpdHlHcm91cHMvcHN0ZXN0czAvcHJvdmlkZXJzL01pY3Jvc29mdC5Qb2xpY3lJbnNpZ2h0cy9hdHRlc3RhdGlvbnM/YXBpLXZlcnNpb249MjAyMi0wOS0wMQ==", + "RequestMethod": "GET", + "RequestHeaders": { + "x-ms-client-request-id": [ + "db3c8914-bc4b-4bbe-b190-b378437aa778" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ] + }, + "RequestBody": "", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "143" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11999" + ], + "x-ms-request-id": [ + "30dba721-17ba-454d-8332-43f33bccac6a" + ], + "x-ms-correlation-request-id": [ + "30dba721-17ba-454d-8332-43f33bccac6a" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165732Z:30dba721-17ba-454d-8332-43f33bccac6a" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:57:31 GMT" + ], + "Content-Length": [ + "1373" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationinitiativeresourceassignment\",\r\n \"policyDefinitionReferenceId\": \"pstestattestationresource_1\",\r\n \"complianceState\": \"NonCompliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:57:28.1857694Z\",\r\n \"expiresOn\": \"2050-01-01T00:00:00Z\",\r\n \"owner\": \"Test Owner 2\",\r\n \"comments\": \"This is an updated comment\",\r\n \"evidence\": [\r\n {\r\n \"description\": \"This is a test description\",\r\n \"sourceUri\": \"https://contoso.org/test.pdf\"\r\n },\r\n {\r\n \"description\": \"Found new evidence to make the resource non-compliant\",\r\n \"sourceUri\": \"https://contoso.org/testnewevidence.pdf\"\r\n }\r\n ],\r\n \"assessmentDate\": \"2049-12-30T00:00:00Z\",\r\n \"metadata\": {\r\n \"TestKey\": \"TestValue\"\r\n }\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg/providers/microsoft.network/networksecuritygroups/pstests0/providers/microsoft.policyinsights/attestations/attestation-resource-full\",\r\n \"name\": \"attestation-resource-full\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:57:24.0757851Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:57:29.6021338Z\"\r\n }\r\n }\r\n ]\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourceGroups/ps-attestation-test-rg/providers/Microsoft.Network/networkSecurityGroups/pstests0/providers/Microsoft.PolicyInsights/attestations?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9yZXNvdXJjZUdyb3Vwcy9wcy1hdHRlc3RhdGlvbi10ZXN0LXJnL3Byb3ZpZGVycy9NaWNyb3NvZnQuTmV0d29yay9uZXR3b3JrU2VjdXJpdHlHcm91cHMvcHN0ZXN0czAvcHJvdmlkZXJzL01pY3Jvc29mdC5Qb2xpY3lJbnNpZ2h0cy9hdHRlc3RhdGlvbnM/YXBpLXZlcnNpb249MjAyMi0wOS0wMQ==", + "RequestMethod": "GET", + "RequestHeaders": { + "x-ms-client-request-id": [ + "d24f715b-7abf-4251-b860-34fa4aa00baa" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ] + }, + "RequestBody": "", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "138" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11999" + ], + "x-ms-request-id": [ + "765b12fa-866f-476f-8401-63322604e840" + ], + "x-ms-correlation-request-id": [ + "765b12fa-866f-476f-8401-63322604e840" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165733Z:765b12fa-866f-476f-8401-63322604e840" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:57:32 GMT" + ], + "Content-Length": [ + "12" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"value\": []\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg/providers/microsoft.network/networksecuritygroups/pstests0//providers/Microsoft.PolicyInsights/attestations/Attestation-ResourceScope-Crud?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9yZXNvdXJjZWdyb3Vwcy9wcy1hdHRlc3RhdGlvbi10ZXN0LXJnL3Byb3ZpZGVycy9taWNyb3NvZnQubmV0d29yay9uZXR3b3Jrc2VjdXJpdHlncm91cHMvcHN0ZXN0czAvL3Byb3ZpZGVycy9NaWNyb3NvZnQuUG9saWN5SW5zaWdodHMvYXR0ZXN0YXRpb25zL0F0dGVzdGF0aW9uLVJlc291cmNlU2NvcGUtQ3J1ZD9hcGktdmVyc2lvbj0yMDIyLTA5LTAx", + "RequestMethod": "DELETE", + "RequestHeaders": { + "x-ms-client-request-id": [ + "3ce78348-ff72-4eda-b30f-1c677586018b" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ] + }, + "RequestBody": "", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "141" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-deletes": [ + "14999" + ], + "x-ms-request-id": [ + "195e7e1d-db66-4ec2-88e0-480e7b869b07" + ], + "x-ms-correlation-request-id": [ + "195e7e1d-db66-4ec2-88e0-480e7b869b07" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165731Z:195e7e1d-db66-4ec2-88e0-480e7b869b07" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:57:31 GMT" + ], + "Expires": [ + "-1" + ], + "Content-Length": [ + "0" + ] + }, + "ResponseBody": "", + "StatusCode": 200 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/resourcegroups/ps-attestation-test-rg/providers/microsoft.network/networksecuritygroups/pstests0//providers/Microsoft.PolicyInsights/attestations/Attestation-Resource-Full?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9yZXNvdXJjZWdyb3Vwcy9wcy1hdHRlc3RhdGlvbi10ZXN0LXJnL3Byb3ZpZGVycy9taWNyb3NvZnQubmV0d29yay9uZXR3b3Jrc2VjdXJpdHlncm91cHMvcHN0ZXN0czAvL3Byb3ZpZGVycy9NaWNyb3NvZnQuUG9saWN5SW5zaWdodHMvYXR0ZXN0YXRpb25zL0F0dGVzdGF0aW9uLVJlc291cmNlLUZ1bGw/YXBpLXZlcnNpb249MjAyMi0wOS0wMQ==", + "RequestMethod": "DELETE", + "RequestHeaders": { + "x-ms-client-request-id": [ + "1445fea4-9582-4eeb-956d-b784a980cf20" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ] + }, + "RequestBody": "", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "139" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-deletes": [ + "14999" + ], + "x-ms-request-id": [ + "7ab1eb69-93bb-49c4-a926-5a0672d7251d" + ], + "x-ms-correlation-request-id": [ + "7ab1eb69-93bb-49c4-a926-5a0672d7251d" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165733Z:7ab1eb69-93bb-49c4-a926-5a0672d7251d" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:57:32 GMT" + ], + "Expires": [ + "-1" + ], + "Content-Length": [ + "0" + ] + }, + "ResponseBody": "", + "StatusCode": 200 + } + ], + "Names": {}, + "Variables": { + "SubscriptionId": "086aecf4-23d6-4dfd-99a8-a5c6299f0322" + } +} \ No newline at end of file diff --git a/src/PolicyInsights/PolicyInsights.Test/SessionRecords/Microsoft.Azure.Commands.PolicyInsights.Test.ScenarioTests.AttestationTests/SubscriptionScopeCrud.json b/src/PolicyInsights/PolicyInsights.Test/SessionRecords/Microsoft.Azure.Commands.PolicyInsights.Test.ScenarioTests.AttestationTests/SubscriptionScopeCrud.json new file mode 100644 index 000000000000..dd0da5b79731 --- /dev/null +++ b/src/PolicyInsights/PolicyInsights.Test/SessionRecords/Microsoft.Azure.Commands.PolicyInsights.Test.ScenarioTests.AttestationTests/SubscriptionScopeCrud.json @@ -0,0 +1,1562 @@ +{ + "Entries": [ + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/Microsoft.PolicyInsights/attestations/Attestation-SubscriptionScope-Crud?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9wcm92aWRlcnMvTWljcm9zb2Z0LlBvbGljeUluc2lnaHRzL2F0dGVzdGF0aW9ucy9BdHRlc3RhdGlvbi1TdWJzY3JpcHRpb25TY29wZS1DcnVkP2FwaS12ZXJzaW9uPTIwMjItMDktMDE=", + "RequestMethod": "GET", + "RequestHeaders": { + "x-ms-client-request-id": [ + "ce9e9528-3c9c-401e-9744-5ad0917d4f50" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ] + }, + "RequestBody": "", + "ResponseHeaders": { + "Cache-Control": [ + "no-store, no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11998" + ], + "Server": [ + "Kestrel" + ], + "x-ms-request-id": [ + "ef88d04b-6389-4f45-88aa-97a0c305603f" + ], + "x-ms-correlation-request-id": [ + "ef88d04b-6389-4f45-88aa-97a0c305603f" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165654Z:ef88d04b-6389-4f45-88aa-97a0c305603f" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:56:54 GMT" + ], + "Content-Length": [ + "131" + ], + "Content-Type": [ + "application/json" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"AttestationNotFound\",\r\n \"message\": \"The attestation with name 'Attestation-SubscriptionScope-Crud' does not exist.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/Microsoft.PolicyInsights/attestations/Attestation-SubscriptionScope-Crud?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9wcm92aWRlcnMvTWljcm9zb2Z0LlBvbGljeUluc2lnaHRzL2F0dGVzdGF0aW9ucy9BdHRlc3RhdGlvbi1TdWJzY3JpcHRpb25TY29wZS1DcnVkP2FwaS12ZXJzaW9uPTIwMjItMDktMDE=", + "RequestMethod": "GET", + "RequestHeaders": { + "x-ms-client-request-id": [ + "09aec14e-b66c-4f2d-b51f-0239aed835d0" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ] + }, + "RequestBody": "", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "144" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11998" + ], + "x-ms-request-id": [ + "5c4f9faf-b285-483e-9fcf-6f929521b877" + ], + "x-ms-correlation-request-id": [ + "5c4f9faf-b285-483e-9fcf-6f929521b877" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165655Z:5c4f9faf-b285-483e-9fcf-6f929521b877" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:56:55 GMT" + ], + "Content-Length": [ + "804" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationsubassignment\",\r\n \"complianceState\": \"Compliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:56:55.2562525Z\"\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.policyinsights/attestations/attestation-subscriptionscope-crud\",\r\n \"name\": \"Attestation-SubscriptionScope-Crud\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:56:55.2562525Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:56:55.2562525Z\"\r\n }\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/Microsoft.PolicyInsights/attestations/Attestation-SubscriptionScope-Crud?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9wcm92aWRlcnMvTWljcm9zb2Z0LlBvbGljeUluc2lnaHRzL2F0dGVzdGF0aW9ucy9BdHRlc3RhdGlvbi1TdWJzY3JpcHRpb25TY29wZS1DcnVkP2FwaS12ZXJzaW9uPTIwMjItMDktMDE=", + "RequestMethod": "GET", + "RequestHeaders": { + "x-ms-client-request-id": [ + "8c5f3247-62a7-4062-9f49-954694dff2d1" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ] + }, + "RequestBody": "", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "148" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11999" + ], + "x-ms-request-id": [ + "3d93428b-67ed-4084-a33d-219ab0941d18" + ], + "x-ms-correlation-request-id": [ + "3d93428b-67ed-4084-a33d-219ab0941d18" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165656Z:3d93428b-67ed-4084-a33d-219ab0941d18" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:56:55 GMT" + ], + "Content-Length": [ + "804" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationsubassignment\",\r\n \"complianceState\": \"Compliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:56:55.2562525Z\"\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.policyinsights/attestations/attestation-subscriptionscope-crud\",\r\n \"name\": \"Attestation-SubscriptionScope-Crud\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:56:55.2562525Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:56:55.2562525Z\"\r\n }\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/Microsoft.PolicyInsights/attestations/Attestation-SubscriptionScope-Crud?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9wcm92aWRlcnMvTWljcm9zb2Z0LlBvbGljeUluc2lnaHRzL2F0dGVzdGF0aW9ucy9BdHRlc3RhdGlvbi1TdWJzY3JpcHRpb25TY29wZS1DcnVkP2FwaS12ZXJzaW9uPTIwMjItMDktMDE=", + "RequestMethod": "PUT", + "RequestHeaders": { + "x-ms-client-request-id": [ + "ce9e9528-3c9c-401e-9744-5ad0917d4f50" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Content-Length": [ + "225" + ] + }, + "RequestBody": "{\r\n \"properties\": {\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/Microsoft.Authorization/policyAssignments/PSAttestationSubAssignment\",\r\n \"complianceState\": \"Compliant\"\r\n }\r\n}", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "147" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-writes": [ + "1198" + ], + "x-ms-request-id": [ + "d2c9bc30-5e4b-43b4-9a01-702da3e6fe66" + ], + "x-ms-correlation-request-id": [ + "d2c9bc30-5e4b-43b4-9a01-702da3e6fe66" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165655Z:d2c9bc30-5e4b-43b4-9a01-702da3e6fe66" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:56:54 GMT" + ], + "Content-Length": [ + "804" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationsubassignment\",\r\n \"complianceState\": \"Compliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:56:55.2562525Z\"\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.policyinsights/attestations/attestation-subscriptionscope-crud\",\r\n \"name\": \"Attestation-SubscriptionScope-Crud\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:56:55.2562525Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:56:55.2562525Z\"\r\n }\r\n}", + "StatusCode": 201 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/Microsoft.PolicyInsights/attestations/Attestation-SubscriptionScope-Crud?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9wcm92aWRlcnMvTWljcm9zb2Z0LlBvbGljeUluc2lnaHRzL2F0dGVzdGF0aW9ucy9BdHRlc3RhdGlvbi1TdWJzY3JpcHRpb25TY29wZS1DcnVkP2FwaS12ZXJzaW9uPTIwMjItMDktMDE=", + "RequestMethod": "PUT", + "RequestHeaders": { + "x-ms-client-request-id": [ + "8c5f3247-62a7-4062-9f49-954694dff2d1" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Content-Length": [ + "228" + ] + }, + "RequestBody": "{\r\n \"properties\": {\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationsubassignment\",\r\n \"complianceState\": \"NonCompliant\"\r\n }\r\n}", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "147" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-writes": [ + "1199" + ], + "x-ms-request-id": [ + "e20aa83b-f891-4ffb-ad29-ad185f933e3e" + ], + "x-ms-correlation-request-id": [ + "e20aa83b-f891-4ffb-ad29-ad185f933e3e" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165656Z:e20aa83b-f891-4ffb-ad29-ad185f933e3e" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:56:55 GMT" + ], + "Content-Length": [ + "807" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationsubassignment\",\r\n \"complianceState\": \"NonCompliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:56:56.5572694Z\"\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.policyinsights/attestations/attestation-subscriptionscope-crud\",\r\n \"name\": \"Attestation-SubscriptionScope-Crud\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:56:55.2562525Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:56:56.5572694Z\"\r\n }\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322//providers/Microsoft.PolicyInsights/attestations/attestation-subscriptionscope-crud?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi8vcHJvdmlkZXJzL01pY3Jvc29mdC5Qb2xpY3lJbnNpZ2h0cy9hdHRlc3RhdGlvbnMvYXR0ZXN0YXRpb24tc3Vic2NyaXB0aW9uc2NvcGUtY3J1ZD9hcGktdmVyc2lvbj0yMDIyLTA5LTAx", + "RequestMethod": "GET", + "RequestHeaders": { + "x-ms-client-request-id": [ + "2c3a6934-7411-4076-8b73-c404bb21e6b6" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ] + }, + "RequestBody": "", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "146" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11999" + ], + "x-ms-request-id": [ + "2d01db53-9223-4612-aae2-60c68146618b" + ], + "x-ms-correlation-request-id": [ + "2d01db53-9223-4612-aae2-60c68146618b" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165657Z:2d01db53-9223-4612-aae2-60c68146618b" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:56:56 GMT" + ], + "Content-Length": [ + "807" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationsubassignment\",\r\n \"complianceState\": \"NonCompliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:56:56.5572694Z\"\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.policyinsights/attestations/attestation-subscriptionscope-crud\",\r\n \"name\": \"Attestation-SubscriptionScope-Crud\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:56:55.2562525Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:56:56.5572694Z\"\r\n }\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322//providers/Microsoft.PolicyInsights/attestations/attestation-subscriptionscope-crud?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi8vcHJvdmlkZXJzL01pY3Jvc29mdC5Qb2xpY3lJbnNpZ2h0cy9hdHRlc3RhdGlvbnMvYXR0ZXN0YXRpb24tc3Vic2NyaXB0aW9uc2NvcGUtY3J1ZD9hcGktdmVyc2lvbj0yMDIyLTA5LTAx", + "RequestMethod": "GET", + "RequestHeaders": { + "x-ms-client-request-id": [ + "a4cf8277-1aa8-4d37-b481-ea1123dc54c2" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ] + }, + "RequestBody": "", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "146" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11999" + ], + "x-ms-request-id": [ + "a047c39a-a1f4-4d5c-a5f8-6da211480ecf" + ], + "x-ms-correlation-request-id": [ + "a047c39a-a1f4-4d5c-a5f8-6da211480ecf" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165657Z:a047c39a-a1f4-4d5c-a5f8-6da211480ecf" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:56:57 GMT" + ], + "Content-Length": [ + "832" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationsubassignment\",\r\n \"complianceState\": \"NonCompliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:56:56.5572694Z\",\r\n \"comments\": \"Test Comment\"\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.policyinsights/attestations/attestation-subscriptionscope-crud\",\r\n \"name\": \"attestation-subscriptionscope-crud\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:56:55.2562525Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:56:57.480133Z\"\r\n }\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322//providers/Microsoft.PolicyInsights/attestations/attestation-subscriptionscope-crud?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi8vcHJvdmlkZXJzL01pY3Jvc29mdC5Qb2xpY3lJbnNpZ2h0cy9hdHRlc3RhdGlvbnMvYXR0ZXN0YXRpb24tc3Vic2NyaXB0aW9uc2NvcGUtY3J1ZD9hcGktdmVyc2lvbj0yMDIyLTA5LTAx", + "RequestMethod": "PUT", + "RequestHeaders": { + "x-ms-client-request-id": [ + "2c3a6934-7411-4076-8b73-c404bb21e6b6" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Content-Length": [ + "261" + ] + }, + "RequestBody": "{\r\n \"properties\": {\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationsubassignment\",\r\n \"complianceState\": \"NonCompliant\",\r\n \"comments\": \"Test Comment\"\r\n }\r\n}", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "145" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-writes": [ + "1199" + ], + "x-ms-request-id": [ + "adce3ed2-9914-4885-81d4-b81b9a2a0a15" + ], + "x-ms-correlation-request-id": [ + "adce3ed2-9914-4885-81d4-b81b9a2a0a15" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165657Z:adce3ed2-9914-4885-81d4-b81b9a2a0a15" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:56:56 GMT" + ], + "Content-Length": [ + "832" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationsubassignment\",\r\n \"complianceState\": \"NonCompliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:56:56.5572694Z\",\r\n \"comments\": \"Test Comment\"\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.policyinsights/attestations/attestation-subscriptionscope-crud\",\r\n \"name\": \"attestation-subscriptionscope-crud\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:56:55.2562525Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:56:57.480133Z\"\r\n }\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322//providers/Microsoft.PolicyInsights/attestations/attestation-subscriptionscope-crud?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi8vcHJvdmlkZXJzL01pY3Jvc29mdC5Qb2xpY3lJbnNpZ2h0cy9hdHRlc3RhdGlvbnMvYXR0ZXN0YXRpb24tc3Vic2NyaXB0aW9uc2NvcGUtY3J1ZD9hcGktdmVyc2lvbj0yMDIyLTA5LTAx", + "RequestMethod": "PUT", + "RequestHeaders": { + "x-ms-client-request-id": [ + "a4cf8277-1aa8-4d37-b481-ea1123dc54c2" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Content-Length": [ + "303" + ] + }, + "RequestBody": "{\r\n \"properties\": {\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/Microsoft.Authorization/policyAssignments/PSAttestationSubAssignment\",\r\n \"complianceState\": \"NonCompliant\",\r\n \"expiresOn\": \"2050-01-01T00:00:00Z\",\r\n \"comments\": \"Test Comment\"\r\n }\r\n}", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "145" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-writes": [ + "1199" + ], + "x-ms-request-id": [ + "69dabd7e-44e2-4e40-b4d7-b7e680c57df2" + ], + "x-ms-correlation-request-id": [ + "69dabd7e-44e2-4e40-b4d7-b7e680c57df2" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165658Z:69dabd7e-44e2-4e40-b4d7-b7e680c57df2" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:56:57 GMT" + ], + "Content-Length": [ + "868" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationsubassignment\",\r\n \"complianceState\": \"NonCompliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:56:56.5572694Z\",\r\n \"expiresOn\": \"2050-01-01T00:00:00Z\",\r\n \"comments\": \"Test Comment\"\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.policyinsights/attestations/attestation-subscriptionscope-crud\",\r\n \"name\": \"attestation-subscriptionscope-crud\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:56:55.2562525Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:56:58.3903334Z\"\r\n }\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/Microsoft.PolicyInsights/attestations/Attestation-Sub-Full?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9wcm92aWRlcnMvTWljcm9zb2Z0LlBvbGljeUluc2lnaHRzL2F0dGVzdGF0aW9ucy9BdHRlc3RhdGlvbi1TdWItRnVsbD9hcGktdmVyc2lvbj0yMDIyLTA5LTAx", + "RequestMethod": "GET", + "RequestHeaders": { + "x-ms-client-request-id": [ + "9f19d5be-2ccf-44e0-8349-3f2315b0ac0a" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ] + }, + "RequestBody": "", + "ResponseHeaders": { + "Cache-Control": [ + "no-store, no-cache" + ], + "Pragma": [ + "no-cache" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11999" + ], + "Server": [ + "Kestrel" + ], + "x-ms-request-id": [ + "90a305f8-5bd7-479b-9f3f-edb1d339282d" + ], + "x-ms-correlation-request-id": [ + "90a305f8-5bd7-479b-9f3f-edb1d339282d" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165658Z:90a305f8-5bd7-479b-9f3f-edb1d339282d" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:56:58 GMT" + ], + "Content-Length": [ + "117" + ], + "Content-Type": [ + "application/json" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"error\": {\r\n \"code\": \"AttestationNotFound\",\r\n \"message\": \"The attestation with name 'Attestation-Sub-Full' does not exist.\"\r\n }\r\n}", + "StatusCode": 404 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/Microsoft.PolicyInsights/attestations/Attestation-Sub-Full?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9wcm92aWRlcnMvTWljcm9zb2Z0LlBvbGljeUluc2lnaHRzL2F0dGVzdGF0aW9ucy9BdHRlc3RhdGlvbi1TdWItRnVsbD9hcGktdmVyc2lvbj0yMDIyLTA5LTAx", + "RequestMethod": "GET", + "RequestHeaders": { + "x-ms-client-request-id": [ + "be3a7310-c223-4297-aa2d-d7c8d3e3c064" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ] + }, + "RequestBody": "", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "143" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11999" + ], + "x-ms-request-id": [ + "e332cb27-2b7d-4e7a-bf15-8f09c846bda2" + ], + "x-ms-correlation-request-id": [ + "e332cb27-2b7d-4e7a-bf15-8f09c846bda2" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165700Z:e332cb27-2b7d-4e7a-bf15-8f09c846bda2" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:56:59 GMT" + ], + "Content-Length": [ + "1099" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationinitiativesubassignment\",\r\n \"policyDefinitionReferenceId\": \"pstestattestationsub_1\",\r\n \"complianceState\": \"Compliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:56:59.5819537Z\",\r\n \"expiresOn\": \"2050-01-01T00:00:00Z\",\r\n \"owner\": \"Test Owner\",\r\n \"comments\": \"Test Comment\",\r\n \"evidence\": [\r\n {\r\n \"description\": \"This is a test description\",\r\n \"sourceUri\": \"https://contoso.org/test.pdf\"\r\n }\r\n ],\r\n \"assessmentDate\": \"2049-12-30T00:00:00Z\",\r\n \"metadata\": {\r\n \"TestKey\": \"TestValue\"\r\n }\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.policyinsights/attestations/attestation-sub-full\",\r\n \"name\": \"Attestation-Sub-Full\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:56:59.5819537Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:56:59.5819537Z\"\r\n }\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/Microsoft.PolicyInsights/attestations/Attestation-Sub-Full?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9wcm92aWRlcnMvTWljcm9zb2Z0LlBvbGljeUluc2lnaHRzL2F0dGVzdGF0aW9ucy9BdHRlc3RhdGlvbi1TdWItRnVsbD9hcGktdmVyc2lvbj0yMDIyLTA5LTAx", + "RequestMethod": "GET", + "RequestHeaders": { + "x-ms-client-request-id": [ + "94135dc5-3795-4f51-8b52-b62c05d8b0c0" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ] + }, + "RequestBody": "", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "144" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11999" + ], + "x-ms-request-id": [ + "3a707512-ae9b-44cb-b5fb-4010b47adcdf" + ], + "x-ms-correlation-request-id": [ + "3a707512-ae9b-44cb-b5fb-4010b47adcdf" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165700Z:3a707512-ae9b-44cb-b5fb-4010b47adcdf" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:57:00 GMT" + ], + "Content-Length": [ + "1099" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationinitiativesubassignment\",\r\n \"policyDefinitionReferenceId\": \"pstestattestationsub_1\",\r\n \"complianceState\": \"Compliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:56:59.5819537Z\",\r\n \"expiresOn\": \"2050-01-01T00:00:00Z\",\r\n \"owner\": \"Test Owner\",\r\n \"comments\": \"Test Comment\",\r\n \"evidence\": [\r\n {\r\n \"description\": \"This is a test description\",\r\n \"sourceUri\": \"https://contoso.org/test.pdf\"\r\n }\r\n ],\r\n \"assessmentDate\": \"2049-12-30T00:00:00Z\",\r\n \"metadata\": {\r\n \"TestKey\": \"TestValue\"\r\n }\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.policyinsights/attestations/attestation-sub-full\",\r\n \"name\": \"Attestation-Sub-Full\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:56:59.5819537Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:56:59.5819537Z\"\r\n }\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/Microsoft.PolicyInsights/attestations/Attestation-Sub-Full?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9wcm92aWRlcnMvTWljcm9zb2Z0LlBvbGljeUluc2lnaHRzL2F0dGVzdGF0aW9ucy9BdHRlc3RhdGlvbi1TdWItRnVsbD9hcGktdmVyc2lvbj0yMDIyLTA5LTAx", + "RequestMethod": "PUT", + "RequestHeaders": { + "x-ms-client-request-id": [ + "9f19d5be-2ccf-44e0-8349-3f2315b0ac0a" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Content-Length": [ + "656" + ] + }, + "RequestBody": "{\r\n \"properties\": {\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/Microsoft.Authorization/policyAssignments/PSAttestationInitiativeSubAssignment\",\r\n \"policyDefinitionReferenceId\": \"PSTestAttestationSub_1\",\r\n \"complianceState\": \"Compliant\",\r\n \"expiresOn\": \"2050-01-01T00:00:00Z\",\r\n \"owner\": \"Test Owner\",\r\n \"comments\": \"Test Comment\",\r\n \"evidence\": [\r\n {\r\n \"description\": \"This is a test description\",\r\n \"sourceUri\": \"https://contoso.org/test.pdf\"\r\n }\r\n ],\r\n \"assessmentDate\": \"2049-12-30T00:00:00Z\",\r\n \"metadata\": {\r\n \"TestKey\": \"TestValue\"\r\n }\r\n }\r\n}", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "145" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-writes": [ + "1199" + ], + "x-ms-request-id": [ + "04657aa3-fb19-4fd9-9910-7b5a768fd0ca" + ], + "x-ms-correlation-request-id": [ + "04657aa3-fb19-4fd9-9910-7b5a768fd0ca" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165659Z:04657aa3-fb19-4fd9-9910-7b5a768fd0ca" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:56:59 GMT" + ], + "Content-Length": [ + "1099" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationinitiativesubassignment\",\r\n \"policyDefinitionReferenceId\": \"pstestattestationsub_1\",\r\n \"complianceState\": \"Compliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:56:59.5819537Z\",\r\n \"expiresOn\": \"2050-01-01T00:00:00Z\",\r\n \"owner\": \"Test Owner\",\r\n \"comments\": \"Test Comment\",\r\n \"evidence\": [\r\n {\r\n \"description\": \"This is a test description\",\r\n \"sourceUri\": \"https://contoso.org/test.pdf\"\r\n }\r\n ],\r\n \"assessmentDate\": \"2049-12-30T00:00:00Z\",\r\n \"metadata\": {\r\n \"TestKey\": \"TestValue\"\r\n }\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.policyinsights/attestations/attestation-sub-full\",\r\n \"name\": \"Attestation-Sub-Full\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:56:59.5819537Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:56:59.5819537Z\"\r\n }\r\n}", + "StatusCode": 201 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/Microsoft.PolicyInsights/attestations/Attestation-Sub-Full?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9wcm92aWRlcnMvTWljcm9zb2Z0LlBvbGljeUluc2lnaHRzL2F0dGVzdGF0aW9ucy9BdHRlc3RhdGlvbi1TdWItRnVsbD9hcGktdmVyc2lvbj0yMDIyLTA5LTAx", + "RequestMethod": "PUT", + "RequestHeaders": { + "x-ms-client-request-id": [ + "94135dc5-3795-4f51-8b52-b62c05d8b0c0" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Content-Length": [ + "670" + ] + }, + "RequestBody": "{\r\n \"properties\": {\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/Microsoft.Authorization/policyAssignments/PSAttestationInitiativeSubAssignment\",\r\n \"policyDefinitionReferenceId\": \"PSTestAttestationSub_1\",\r\n \"complianceState\": \"Compliant\",\r\n \"expiresOn\": \"2050-01-01T00:00:00Z\",\r\n \"owner\": \"Test Owner\",\r\n \"comments\": \"This is an updated comment\",\r\n \"evidence\": [\r\n {\r\n \"description\": \"This is a test description\",\r\n \"sourceUri\": \"https://contoso.org/test.pdf\"\r\n }\r\n ],\r\n \"assessmentDate\": \"2049-12-30T00:00:00Z\",\r\n \"metadata\": {\r\n \"TestKey\": \"TestValue\"\r\n }\r\n }\r\n}", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "143" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-writes": [ + "1199" + ], + "x-ms-request-id": [ + "3e859533-38ae-41f6-bdd8-e1ea76b746f7" + ], + "x-ms-correlation-request-id": [ + "3e859533-38ae-41f6-bdd8-e1ea76b746f7" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165701Z:3e859533-38ae-41f6-bdd8-e1ea76b746f7" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:57:00 GMT" + ], + "Content-Length": [ + "1113" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationinitiativesubassignment\",\r\n \"policyDefinitionReferenceId\": \"pstestattestationsub_1\",\r\n \"complianceState\": \"Compliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:56:59.5819537Z\",\r\n \"expiresOn\": \"2050-01-01T00:00:00Z\",\r\n \"owner\": \"Test Owner\",\r\n \"comments\": \"This is an updated comment\",\r\n \"evidence\": [\r\n {\r\n \"description\": \"This is a test description\",\r\n \"sourceUri\": \"https://contoso.org/test.pdf\"\r\n }\r\n ],\r\n \"assessmentDate\": \"2049-12-30T00:00:00Z\",\r\n \"metadata\": {\r\n \"TestKey\": \"TestValue\"\r\n }\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.policyinsights/attestations/attestation-sub-full\",\r\n \"name\": \"Attestation-Sub-Full\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:56:59.5819537Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:57:00.9808975Z\"\r\n }\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322//providers/Microsoft.PolicyInsights/attestations/attestation-sub-full?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi8vcHJvdmlkZXJzL01pY3Jvc29mdC5Qb2xpY3lJbnNpZ2h0cy9hdHRlc3RhdGlvbnMvYXR0ZXN0YXRpb24tc3ViLWZ1bGw/YXBpLXZlcnNpb249MjAyMi0wOS0wMQ==", + "RequestMethod": "GET", + "RequestHeaders": { + "x-ms-client-request-id": [ + "8844b9e9-6bdb-46e7-8fd0-2bfdcd768772" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ] + }, + "RequestBody": "", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "144" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11999" + ], + "x-ms-request-id": [ + "fd74b947-d92e-474a-a6be-739cb3ecf45d" + ], + "x-ms-correlation-request-id": [ + "fd74b947-d92e-474a-a6be-739cb3ecf45d" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165701Z:fd74b947-d92e-474a-a6be-739cb3ecf45d" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:57:00 GMT" + ], + "Content-Length": [ + "1113" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationinitiativesubassignment\",\r\n \"policyDefinitionReferenceId\": \"pstestattestationsub_1\",\r\n \"complianceState\": \"Compliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:56:59.5819537Z\",\r\n \"expiresOn\": \"2050-01-01T00:00:00Z\",\r\n \"owner\": \"Test Owner\",\r\n \"comments\": \"This is an updated comment\",\r\n \"evidence\": [\r\n {\r\n \"description\": \"This is a test description\",\r\n \"sourceUri\": \"https://contoso.org/test.pdf\"\r\n }\r\n ],\r\n \"assessmentDate\": \"2049-12-30T00:00:00Z\",\r\n \"metadata\": {\r\n \"TestKey\": \"TestValue\"\r\n }\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.policyinsights/attestations/attestation-sub-full\",\r\n \"name\": \"Attestation-Sub-Full\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:56:59.5819537Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:57:00.9808975Z\"\r\n }\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322//providers/Microsoft.PolicyInsights/attestations/attestation-sub-full?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi8vcHJvdmlkZXJzL01pY3Jvc29mdC5Qb2xpY3lJbnNpZ2h0cy9hdHRlc3RhdGlvbnMvYXR0ZXN0YXRpb24tc3ViLWZ1bGw/YXBpLXZlcnNpb249MjAyMi0wOS0wMQ==", + "RequestMethod": "GET", + "RequestHeaders": { + "x-ms-client-request-id": [ + "446666f6-740d-4e6e-8478-e040a893913c" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ] + }, + "RequestBody": "", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "144" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11999" + ], + "x-ms-request-id": [ + "e219ec88-3e95-4d43-9ef8-ae31bf2b6ac9" + ], + "x-ms-correlation-request-id": [ + "e219ec88-3e95-4d43-9ef8-ae31bf2b6ac9" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165702Z:e219ec88-3e95-4d43-9ef8-ae31bf2b6ac9" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:57:02 GMT" + ], + "Content-Length": [ + "1242" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationinitiativesubassignment\",\r\n \"policyDefinitionReferenceId\": \"pstestattestationsub_1\",\r\n \"complianceState\": \"NonCompliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:57:01.9819638Z\",\r\n \"expiresOn\": \"2050-01-01T00:00:00Z\",\r\n \"owner\": \"Test Owner\",\r\n \"comments\": \"This is an updated comment\",\r\n \"evidence\": [\r\n {\r\n \"description\": \"This is a test description\",\r\n \"sourceUri\": \"https://contoso.org/test.pdf\"\r\n },\r\n {\r\n \"description\": \"Found new evidence to make the resource non-compliant\",\r\n \"sourceUri\": \"https://contoso.org/testnewevidence.pdf\"\r\n }\r\n ],\r\n \"assessmentDate\": \"2049-12-30T00:00:00Z\",\r\n \"metadata\": {\r\n \"TestKey\": \"TestValue\"\r\n }\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.policyinsights/attestations/attestation-sub-full\",\r\n \"name\": \"attestation-sub-full\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:56:59.5819537Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:57:01.9819638Z\"\r\n }\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322//providers/Microsoft.PolicyInsights/attestations/attestation-sub-full?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi8vcHJvdmlkZXJzL01pY3Jvc29mdC5Qb2xpY3lJbnNpZ2h0cy9hdHRlc3RhdGlvbnMvYXR0ZXN0YXRpb24tc3ViLWZ1bGw/YXBpLXZlcnNpb249MjAyMi0wOS0wMQ==", + "RequestMethod": "PUT", + "RequestHeaders": { + "x-ms-client-request-id": [ + "8844b9e9-6bdb-46e7-8fd0-2bfdcd768772" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Content-Length": [ + "837" + ] + }, + "RequestBody": "{\r\n \"properties\": {\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/Microsoft.Authorization/policyAssignments/PSAttestationInitiativeSubAssignment\",\r\n \"policyDefinitionReferenceId\": \"PSTestAttestationSub_1\",\r\n \"complianceState\": \"NonCompliant\",\r\n \"expiresOn\": \"2050-01-01T00:00:00Z\",\r\n \"owner\": \"Test Owner\",\r\n \"comments\": \"This is an updated comment\",\r\n \"evidence\": [\r\n {\r\n \"description\": \"This is a test description\",\r\n \"sourceUri\": \"https://contoso.org/test.pdf\"\r\n },\r\n {\r\n \"description\": \"Found new evidence to make the resource non-compliant\",\r\n \"sourceUri\": \"https://contoso.org/testnewevidence.pdf\"\r\n }\r\n ],\r\n \"assessmentDate\": \"2049-12-30T00:00:00Z\",\r\n \"metadata\": {\r\n \"TestKey\": \"TestValue\"\r\n }\r\n }\r\n}", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "143" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-writes": [ + "1199" + ], + "x-ms-request-id": [ + "5047bfa2-6d66-4803-93fd-ad5c54f9b9d7" + ], + "x-ms-correlation-request-id": [ + "5047bfa2-6d66-4803-93fd-ad5c54f9b9d7" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165702Z:5047bfa2-6d66-4803-93fd-ad5c54f9b9d7" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:57:01 GMT" + ], + "Content-Length": [ + "1242" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationinitiativesubassignment\",\r\n \"policyDefinitionReferenceId\": \"pstestattestationsub_1\",\r\n \"complianceState\": \"NonCompliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:57:01.9819638Z\",\r\n \"expiresOn\": \"2050-01-01T00:00:00Z\",\r\n \"owner\": \"Test Owner\",\r\n \"comments\": \"This is an updated comment\",\r\n \"evidence\": [\r\n {\r\n \"description\": \"This is a test description\",\r\n \"sourceUri\": \"https://contoso.org/test.pdf\"\r\n },\r\n {\r\n \"description\": \"Found new evidence to make the resource non-compliant\",\r\n \"sourceUri\": \"https://contoso.org/testnewevidence.pdf\"\r\n }\r\n ],\r\n \"assessmentDate\": \"2049-12-30T00:00:00Z\",\r\n \"metadata\": {\r\n \"TestKey\": \"TestValue\"\r\n }\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.policyinsights/attestations/attestation-sub-full\",\r\n \"name\": \"attestation-sub-full\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:56:59.5819537Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:57:01.9819638Z\"\r\n }\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322//providers/Microsoft.PolicyInsights/attestations/attestation-sub-full?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi8vcHJvdmlkZXJzL01pY3Jvc29mdC5Qb2xpY3lJbnNpZ2h0cy9hdHRlc3RhdGlvbnMvYXR0ZXN0YXRpb24tc3ViLWZ1bGw/YXBpLXZlcnNpb249MjAyMi0wOS0wMQ==", + "RequestMethod": "PUT", + "RequestHeaders": { + "x-ms-client-request-id": [ + "446666f6-740d-4e6e-8478-e040a893913c" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Content-Length": [ + "839" + ] + }, + "RequestBody": "{\r\n \"properties\": {\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationinitiativesubassignment\",\r\n \"policyDefinitionReferenceId\": \"pstestattestationsub_1\",\r\n \"complianceState\": \"NonCompliant\",\r\n \"expiresOn\": \"2050-01-01T00:00:00Z\",\r\n \"owner\": \"Test Owner 2\",\r\n \"comments\": \"This is an updated comment\",\r\n \"evidence\": [\r\n {\r\n \"description\": \"This is a test description\",\r\n \"sourceUri\": \"https://contoso.org/test.pdf\"\r\n },\r\n {\r\n \"description\": \"Found new evidence to make the resource non-compliant\",\r\n \"sourceUri\": \"https://contoso.org/testnewevidence.pdf\"\r\n }\r\n ],\r\n \"assessmentDate\": \"2049-12-30T00:00:00Z\",\r\n \"metadata\": {\r\n \"TestKey\": \"TestValue\"\r\n }\r\n }\r\n}", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "143" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-writes": [ + "1199" + ], + "x-ms-request-id": [ + "fcedfc97-826c-4765-8019-3fd818a59503" + ], + "x-ms-correlation-request-id": [ + "fcedfc97-826c-4765-8019-3fd818a59503" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165704Z:fcedfc97-826c-4765-8019-3fd818a59503" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:57:04 GMT" + ], + "Content-Length": [ + "1244" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationinitiativesubassignment\",\r\n \"policyDefinitionReferenceId\": \"pstestattestationsub_1\",\r\n \"complianceState\": \"NonCompliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:57:01.9819638Z\",\r\n \"expiresOn\": \"2050-01-01T00:00:00Z\",\r\n \"owner\": \"Test Owner 2\",\r\n \"comments\": \"This is an updated comment\",\r\n \"evidence\": [\r\n {\r\n \"description\": \"This is a test description\",\r\n \"sourceUri\": \"https://contoso.org/test.pdf\"\r\n },\r\n {\r\n \"description\": \"Found new evidence to make the resource non-compliant\",\r\n \"sourceUri\": \"https://contoso.org/testnewevidence.pdf\"\r\n }\r\n ],\r\n \"assessmentDate\": \"2049-12-30T00:00:00Z\",\r\n \"metadata\": {\r\n \"TestKey\": \"TestValue\"\r\n }\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.policyinsights/attestations/attestation-sub-full\",\r\n \"name\": \"attestation-sub-full\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:56:59.5819537Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:57:03.3039954Z\"\r\n }\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/Microsoft.PolicyInsights/attestations?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9wcm92aWRlcnMvTWljcm9zb2Z0LlBvbGljeUluc2lnaHRzL2F0dGVzdGF0aW9ucz9hcGktdmVyc2lvbj0yMDIyLTA5LTAx", + "RequestMethod": "GET", + "RequestHeaders": { + "x-ms-client-request-id": [ + "d166ac25-73b8-495b-bbd4-6cd43eac9b74" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ] + }, + "RequestBody": "", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "142" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11999" + ], + "x-ms-request-id": [ + "a82acda7-74b6-4312-98a9-d026a5bc5525" + ], + "x-ms-correlation-request-id": [ + "a82acda7-74b6-4312-98a9-d026a5bc5525" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165705Z:a82acda7-74b6-4312-98a9-d026a5bc5525" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:57:04 GMT" + ], + "Content-Length": [ + "2125" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationsubassignment\",\r\n \"complianceState\": \"NonCompliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:56:56.5572694Z\",\r\n \"expiresOn\": \"2050-01-01T00:00:00Z\",\r\n \"comments\": \"Test Comment\"\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.policyinsights/attestations/attestation-subscriptionscope-crud\",\r\n \"name\": \"attestation-subscriptionscope-crud\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:56:55.2562525Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:56:58.3903334Z\"\r\n }\r\n },\r\n {\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationinitiativesubassignment\",\r\n \"policyDefinitionReferenceId\": \"pstestattestationsub_1\",\r\n \"complianceState\": \"NonCompliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:57:01.9819638Z\",\r\n \"expiresOn\": \"2050-01-01T00:00:00Z\",\r\n \"owner\": \"Test Owner 2\",\r\n \"comments\": \"This is an updated comment\",\r\n \"evidence\": [\r\n {\r\n \"description\": \"This is a test description\",\r\n \"sourceUri\": \"https://contoso.org/test.pdf\"\r\n },\r\n {\r\n \"description\": \"Found new evidence to make the resource non-compliant\",\r\n \"sourceUri\": \"https://contoso.org/testnewevidence.pdf\"\r\n }\r\n ],\r\n \"assessmentDate\": \"2049-12-30T00:00:00Z\",\r\n \"metadata\": {\r\n \"TestKey\": \"TestValue\"\r\n }\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.policyinsights/attestations/attestation-sub-full\",\r\n \"name\": \"attestation-sub-full\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:56:59.5819537Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:57:03.3039954Z\"\r\n }\r\n }\r\n ]\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/Microsoft.PolicyInsights/attestations?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9wcm92aWRlcnMvTWljcm9zb2Z0LlBvbGljeUluc2lnaHRzL2F0dGVzdGF0aW9ucz9hcGktdmVyc2lvbj0yMDIyLTA5LTAx", + "RequestMethod": "GET", + "RequestHeaders": { + "x-ms-client-request-id": [ + "0cdb27de-08d9-4cf7-ac76-8d97d30f4d1f" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ] + }, + "RequestBody": "", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "147" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11999" + ], + "x-ms-request-id": [ + "25e92c5a-09e3-49f4-9607-20a0c716d069" + ], + "x-ms-correlation-request-id": [ + "25e92c5a-09e3-49f4-9607-20a0c716d069" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165706Z:25e92c5a-09e3-49f4-9607-20a0c716d069" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:57:06 GMT" + ], + "Content-Length": [ + "1256" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"policyAssignmentId\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.authorization/policyassignments/psattestationinitiativesubassignment\",\r\n \"policyDefinitionReferenceId\": \"pstestattestationsub_1\",\r\n \"complianceState\": \"NonCompliant\",\r\n \"lastComplianceStateChangeAt\": \"2023-01-18T16:57:01.9819638Z\",\r\n \"expiresOn\": \"2050-01-01T00:00:00Z\",\r\n \"owner\": \"Test Owner 2\",\r\n \"comments\": \"This is an updated comment\",\r\n \"evidence\": [\r\n {\r\n \"description\": \"This is a test description\",\r\n \"sourceUri\": \"https://contoso.org/test.pdf\"\r\n },\r\n {\r\n \"description\": \"Found new evidence to make the resource non-compliant\",\r\n \"sourceUri\": \"https://contoso.org/testnewevidence.pdf\"\r\n }\r\n ],\r\n \"assessmentDate\": \"2049-12-30T00:00:00Z\",\r\n \"metadata\": {\r\n \"TestKey\": \"TestValue\"\r\n }\r\n },\r\n \"id\": \"/subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/microsoft.policyinsights/attestations/attestation-sub-full\",\r\n \"name\": \"attestation-sub-full\",\r\n \"type\": \"Microsoft.PolicyInsights/attestations\",\r\n \"systemData\": {\r\n \"createdBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"createdByType\": \"Application\",\r\n \"createdAt\": \"2023-01-18T16:56:59.5819537Z\",\r\n \"lastModifiedBy\": \"d07e75b8-92b9-46c6-9ae1-d52dcc33f873\",\r\n \"lastModifiedByType\": \"Application\",\r\n \"lastModifiedAt\": \"2023-01-18T16:57:03.3039954Z\"\r\n }\r\n }\r\n ]\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322/providers/Microsoft.PolicyInsights/attestations?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi9wcm92aWRlcnMvTWljcm9zb2Z0LlBvbGljeUluc2lnaHRzL2F0dGVzdGF0aW9ucz9hcGktdmVyc2lvbj0yMDIyLTA5LTAx", + "RequestMethod": "GET", + "RequestHeaders": { + "x-ms-client-request-id": [ + "c7173970-1f0e-49e8-ab48-d4f58b5dc39c" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ] + }, + "RequestBody": "", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "146" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-reads": [ + "11999" + ], + "x-ms-request-id": [ + "4e034c02-eae3-47b5-9efe-2124bdf3ce29" + ], + "x-ms-correlation-request-id": [ + "4e034c02-eae3-47b5-9efe-2124bdf3ce29" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165707Z:4e034c02-eae3-47b5-9efe-2124bdf3ce29" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:57:06 GMT" + ], + "Content-Length": [ + "12" + ], + "Content-Type": [ + "application/json; charset=utf-8" + ], + "Expires": [ + "-1" + ] + }, + "ResponseBody": "{\r\n \"value\": []\r\n}", + "StatusCode": 200 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322//providers/Microsoft.PolicyInsights/attestations/Attestation-SubscriptionScope-Crud?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi8vcHJvdmlkZXJzL01pY3Jvc29mdC5Qb2xpY3lJbnNpZ2h0cy9hdHRlc3RhdGlvbnMvQXR0ZXN0YXRpb24tU3Vic2NyaXB0aW9uU2NvcGUtQ3J1ZD9hcGktdmVyc2lvbj0yMDIyLTA5LTAx", + "RequestMethod": "DELETE", + "RequestHeaders": { + "x-ms-client-request-id": [ + "eab9d96e-f642-460a-a09f-7532ecd83e81" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ] + }, + "RequestBody": "", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "147" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-deletes": [ + "14999" + ], + "x-ms-request-id": [ + "78fe0855-c367-41fd-a21b-eae621d144ff" + ], + "x-ms-correlation-request-id": [ + "78fe0855-c367-41fd-a21b-eae621d144ff" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165706Z:78fe0855-c367-41fd-a21b-eae621d144ff" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:57:06 GMT" + ], + "Expires": [ + "-1" + ], + "Content-Length": [ + "0" + ] + }, + "ResponseBody": "", + "StatusCode": 200 + }, + { + "RequestUri": "//subscriptions/086aecf4-23d6-4dfd-99a8-a5c6299f0322//providers/Microsoft.PolicyInsights/attestations/Attestation-Sub-Full?api-version=2022-09-01", + "EncodedRequestUri": "Ly9zdWJzY3JpcHRpb25zLzA4NmFlY2Y0LTIzZDYtNGRmZC05OWE4LWE1YzYyOTlmMDMyMi8vcHJvdmlkZXJzL01pY3Jvc29mdC5Qb2xpY3lJbnNpZ2h0cy9hdHRlc3RhdGlvbnMvQXR0ZXN0YXRpb24tU3ViLUZ1bGw/YXBpLXZlcnNpb249MjAyMi0wOS0wMQ==", + "RequestMethod": "DELETE", + "RequestHeaders": { + "x-ms-client-request-id": [ + "e194a037-ccf0-4e56-8046-a594a90b3a26" + ], + "Accept-Language": [ + "en-US" + ], + "User-Agent": [ + "FxVersion/4.700.22.55902", + "OSName/Windows", + "OSVersion/Microsoft.Windows.10.0.22621", + "Microsoft.Azure.Management.PolicyInsights.PolicyInsightsClient/5.1.0.0" + ] + }, + "RequestBody": "", + "ResponseHeaders": { + "Cache-Control": [ + "no-cache" + ], + "Pragma": [ + "no-cache" + ], + "Strict-Transport-Security": [ + "max-age=31536000; includeSubDomains" + ], + "x-ms-ratelimit-remaining-policy-insights-requests": [ + "144" + ], + "Server": [ + "Kestrel" + ], + "x-ms-ratelimit-remaining-subscription-deletes": [ + "14999" + ], + "x-ms-request-id": [ + "15838cca-4c15-4e12-a0d4-09697c16e729" + ], + "x-ms-correlation-request-id": [ + "15838cca-4c15-4e12-a0d4-09697c16e729" + ], + "x-ms-routing-request-id": [ + "CANADACENTRAL:20230118T165707Z:15838cca-4c15-4e12-a0d4-09697c16e729" + ], + "X-Content-Type-Options": [ + "nosniff" + ], + "Date": [ + "Wed, 18 Jan 2023 16:57:06 GMT" + ], + "Expires": [ + "-1" + ], + "Content-Length": [ + "0" + ] + }, + "ResponseBody": "", + "StatusCode": 200 + } + ], + "Names": {}, + "Variables": { + "SubscriptionId": "086aecf4-23d6-4dfd-99a8-a5c6299f0322" + } +} \ No newline at end of file diff --git a/src/PolicyInsights/PolicyInsights/Az.PolicyInsights.psd1 b/src/PolicyInsights/PolicyInsights/Az.PolicyInsights.psd1 index 2de2136b0f7d..cf39f7c9aa71 100644 --- a/src/PolicyInsights/PolicyInsights/Az.PolicyInsights.psd1 +++ b/src/PolicyInsights/PolicyInsights/Az.PolicyInsights.psd1 @@ -77,7 +77,9 @@ FunctionsToExport = @() CmdletsToExport = 'Get-AzPolicyEvent', 'Get-AzPolicyState', 'Get-AzPolicyStateSummary', 'Get-AzPolicyRemediation', 'Remove-AzPolicyRemediation', 'Start-AzPolicyRemediation', 'Stop-AzPolicyRemediation', - 'Get-AzPolicyMetadata', 'Start-AzPolicyComplianceScan' + 'Get-AzPolicyMetadata', 'Start-AzPolicyComplianceScan', + 'New-AzPolicyAttestation', 'Get-AzPolicyAttestation', + 'Set-AzPolicyAttestation', 'Remove-AzPolicyAttestation' # Variables to export from this module # VariablesToExport = @() diff --git a/src/PolicyInsights/PolicyInsights/ChangeLog.md b/src/PolicyInsights/PolicyInsights/ChangeLog.md index 65e170435374..53428f8dd1fe 100644 --- a/src/PolicyInsights/PolicyInsights/ChangeLog.md +++ b/src/PolicyInsights/PolicyInsights/ChangeLog.md @@ -18,6 +18,7 @@ - Additional information about change #1 --> ## Upcoming Release +* Added support for policy attestations. ## Version 1.5.1 * Updated parameter documentation for Get-AzPolicyState diff --git a/src/PolicyInsights/PolicyInsights/Cmdlets/Attestations/GetAzureRmPolicyAttestation.cs b/src/PolicyInsights/PolicyInsights/Cmdlets/Attestations/GetAzureRmPolicyAttestation.cs new file mode 100644 index 000000000000..313fe5b0c5e7 --- /dev/null +++ b/src/PolicyInsights/PolicyInsights/Cmdlets/Attestations/GetAzureRmPolicyAttestation.cs @@ -0,0 +1,105 @@ +// ---------------------------------------------------------------------------------- +// +// Copyright Microsoft Corporation +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// ---------------------------------------------------------------------------------- + +using Microsoft.Azure.Commands.PolicyInsights.Common; +using Microsoft.Azure.Commands.PolicyInsights.Models.Remediation; +using Microsoft.Azure.Commands.ResourceManager.Common; +using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters; +using Microsoft.Azure.Management.Internal.Resources.Models; +using Microsoft.Azure.Management.PolicyInsights.Models; +using Microsoft.Azure.Management.PolicyInsights; +using Microsoft.WindowsAzure.Commands.Utilities.Common; +using System; +using System.Collections.Generic; +using System.Management.Automation; +using System.Text; +using Microsoft.Azure.Commands.PolicyInsights.Properties; +using Microsoft.Azure.Commands.PolicyInsights.Models; +using System.Linq; +using Microsoft.Azure.Commands.PolicyInsights.Models.Attestations; + +namespace Microsoft.Azure.Commands.PolicyInsights.Cmdlets.Attestations +{ + /// + /// Gets policy attestations. + /// + [Cmdlet(VerbsCommon.Get, AzureRMConstants.AzureRMPrefix + "PolicyAttestation", DefaultParameterSetName = ParameterSetNames.SubscriptionScope), OutputType(typeof(PSAttestation))] + public class GetAzureRmPolicyAttestation : AttestationCmdletBase + { + [Parameter(ParameterSetName = ParameterSetNames.ByName, Mandatory = true, ValueFromPipelineByPropertyName = true, HelpMessage = ParameterHelpMessages.Name)] + [ValidateNotNullOrEmpty] + public string Name { get; set; } + + [Parameter(ParameterSetName = ParameterSetNames.ByName, Mandatory = false, ValueFromPipelineByPropertyName = true, HelpMessage = ParameterHelpMessages.Scope)] + [Parameter(ParameterSetName = ParameterSetNames.GenericScope, Mandatory = true, ValueFromPipelineByPropertyName = true, HelpMessage = ParameterHelpMessages.Scope)] + [ValidateNotNullOrEmpty] + public string Scope { get; set; } + + [Parameter(ParameterSetName = ParameterSetNames.ByName, Mandatory = false, ValueFromPipelineByPropertyName = true, HelpMessage = ParameterHelpMessages.ResourceGroupName)] + [Parameter(ParameterSetName = ParameterSetNames.ResourceGroupScope, Mandatory = true, ValueFromPipelineByPropertyName = true, HelpMessage = ParameterHelpMessages.ResourceGroupName)] + [ResourceGroupCompleter] + [ValidateNotNullOrEmpty] + public string ResourceGroupName { get; set; } + + [Alias("Id")] + [Parameter(ParameterSetName = ParameterSetNames.ByResourceId, Mandatory = true, ValueFromPipelineByPropertyName = true, HelpMessage = ParameterHelpMessages.ResourceId)] + [ValidateNotNullOrEmpty] + public string ResourceId { get; set; } + + [Parameter(ParameterSetName = ParameterSetNames.SubscriptionScope, Mandatory = false, HelpMessage = ParameterHelpMessages.Top)] + [Parameter(ParameterSetName = ParameterSetNames.ResourceGroupScope, Mandatory = false, HelpMessage = ParameterHelpMessages.Top)] + [Parameter(ParameterSetName = ParameterSetNames.GenericScope, Mandatory = false, HelpMessage = ParameterHelpMessages.Top)] + public int Top { get; set; } + + [Parameter(ParameterSetName = ParameterSetNames.SubscriptionScope, Mandatory = false, HelpMessage = ParameterHelpMessages.Filter)] + [Parameter(ParameterSetName = ParameterSetNames.ResourceGroupScope, Mandatory = false, HelpMessage = ParameterHelpMessages.Filter)] + [Parameter(ParameterSetName = ParameterSetNames.GenericScope, Mandatory = false, HelpMessage = ParameterHelpMessages.Filter)] + [ValidateNotNullOrEmpty] + public string Filter { get; set; } + + public override void Execute() + { + var queryOptions = new QueryOptions + { + Top = this.IsParameterBound(c => c.Top) ? (int?)Top : null, + Filter = Filter + }; + + if (!string.IsNullOrEmpty(this.Name) && new[] { this.Scope, this.ResourceGroupName }.Count(s => s != null) > 1) + { + throw new PSArgumentException(Resources.Error_TooManyScopes); + } + + // Determine the scope of the request and whether this is an individual GET or a list + var rootScope = this.GetRootScope(scope: this.Scope, resourceId: this.ResourceId, resourceGroupName: this.ResourceGroupName); + var attestationName = this.GetAttestationName(name: this.Name, resourceId: this.ResourceId); + + if (!string.IsNullOrEmpty(attestationName)) + { + var rawAttestation = this.PolicyInsightsClient.Attestations.GetAtResource(resourceId: rootScope, attestationName: attestationName); + + WriteObject(new PSAttestation(attestation: rawAttestation)); + } + else + { + PaginationHelper.ForEach( + getFirstPage: () => this.PolicyInsightsClient.Attestations.ListForResource(resourceId: rootScope, queryOptions: queryOptions), + getNextPage: nextLink => this.PolicyInsightsClient.Attestations.ListForResourceNext(nextPageLink: nextLink), + action: resources => this.WriteObject(sendToPipeline: resources.Select(r => new PSAttestation(r)), enumerateCollection: true), + numberOfResults: int.MaxValue, + cancellationToken: this.CancellationToken); + } + } + } +} diff --git a/src/PolicyInsights/PolicyInsights/Cmdlets/Attestations/NewAzureRmPolicyAttestation.cs b/src/PolicyInsights/PolicyInsights/Cmdlets/Attestations/NewAzureRmPolicyAttestation.cs new file mode 100644 index 000000000000..02a2b2cdd059 --- /dev/null +++ b/src/PolicyInsights/PolicyInsights/Cmdlets/Attestations/NewAzureRmPolicyAttestation.cs @@ -0,0 +1,127 @@ +// ---------------------------------------------------------------------------------- +// +// Copyright Microsoft Corporation +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// ---------------------------------------------------------------------------------- + +using Microsoft.Azure.Commands.PolicyInsights.Common; +using Microsoft.Azure.Commands.PolicyInsights.Models; +using Microsoft.Azure.Commands.PolicyInsights.Models.Attestations; +using Microsoft.Azure.Commands.PolicyInsights.Properties; +using Microsoft.Azure.Commands.ResourceManager.Common; +using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters; +using Microsoft.Azure.Management.PolicyInsights; +using Microsoft.Azure.Management.PolicyInsights.Models; +using Newtonsoft.Json.Linq; +using System; +using System.Collections.Generic; +using System.Globalization; +using System.Linq; +using System.Management.Automation; +using System.Text; + +namespace Microsoft.Azure.Commands.PolicyInsights.Cmdlets.Attestations +{ + /// + /// Creates a new Policy Attestation + /// + [Cmdlet(VerbsCommon.New, AzureRMConstants.AzureRMPrefix + "PolicyAttestation", DefaultParameterSetName = ParameterSetNames.ByName, SupportsShouldProcess = true), OutputType(typeof(PSAttestation))] + public class NewAzureRmPolicyAttestation : AttestationCmdletBase + { + [Parameter(ParameterSetName = ParameterSetNames.ByName, Mandatory = true, ValueFromPipelineByPropertyName = true, HelpMessage = ParameterHelpMessages.Name)] + [ValidateNotNullOrEmpty] + public string Name { get; set; } + + [Parameter(ParameterSetName = ParameterSetNames.ByName, Mandatory = false, ValueFromPipelineByPropertyName = true, HelpMessage = ParameterHelpMessages.Scope)] + public string Scope { get; set; } + + [Parameter(ParameterSetName = ParameterSetNames.ByName, Mandatory = false, ValueFromPipelineByPropertyName = true, HelpMessage = ParameterHelpMessages.ResourceGroupName)] + [ResourceGroupCompleter] + public string ResourceGroupName { get; set; } + + [Alias("Id")] + [Parameter(ParameterSetName = ParameterSetNames.ByResourceId, Mandatory = true, ValueFromPipelineByPropertyName = true, HelpMessage = ParameterHelpMessages.ResourceId)] + [ValidateNotNullOrEmpty] + public string ResourceId { get; set; } + + [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, HelpMessage = ParameterHelpMessages.PolicyAssignmentId)] + [ValidateNotNullOrEmpty] + public string PolicyAssignmentId { get; set; } + + [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, HelpMessage = ParameterHelpMessages.ComplianceState)] + [PSArgumentCompleter("Compliant", "NonCompliant", "Unknown")] + public string ComplianceState { get; set; } + + [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, HelpMessage = ParameterHelpMessages.PolicyDefinitionReferenceId)] + public string PolicyDefinitionReferenceId { get; set; } + + [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, HelpMessage = ParameterHelpMessages.ExpiresOn)] + public DateTime? ExpiresOn { get; set; } + + [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, HelpMessage = ParameterHelpMessages.Owner)] + public string Owner { get; set; } + + [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, HelpMessage = ParameterHelpMessages.Comment)] + public string Comment { get; set; } + + [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, HelpMessage = ParameterHelpMessages.Evidence)] + public PSAttestationEvidence[] Evidence { get; set; } + + [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, HelpMessage = ParameterHelpMessages.AssessmentDate)] + public DateTime? AssessmentDate { get; set; } + + [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, HelpMessage = ParameterHelpMessages.AttestationMetadata)] + public object Metadata { get; set; } + + public override void Execute() + { + if (!string.IsNullOrEmpty(this.Name) && new[] { this.Scope, this.ResourceGroupName }.Count(s => s != null) > 1) + { + throw new PSArgumentException(Resources.Error_TooManyScopes); + } + Attestation existingAttestation = null; + var rootScope = this.GetRootScope(scope: this.Scope, resourceId: this.ResourceId, resourceGroupName: this.ResourceGroupName); + var attestationName = this.GetAttestationName(name: this.Name, resourceId: this.ResourceId); + try + { + existingAttestation = this.PolicyInsightsClient.Attestations.GetAtResource(rootScope, attestationName); + } + catch + { + existingAttestation = null; + } + + if (existingAttestation != null) + { + throw new PSArgumentException(string.Format(CultureInfo.InvariantCulture, Resources.Error_AttestationAlreadyExists, attestationName, rootScope)); + } + + var attestation = new Attestation( + policyAssignmentId: this.PolicyAssignmentId, + policyDefinitionReferenceId: this.PolicyDefinitionReferenceId, + complianceState: ComplianceState, + expiresOn: ExpiresOn, + owner: Owner, + evidence: Evidence?.Select(e => e.ToModel()).ToList(), + comments: Comment, + assessmentDate: AssessmentDate, + metadata: this.Metadata != null ? AttestationCmdletBase.ConvertToMetadataJObject(this.Metadata) : null + ); + + if (this.ShouldProcess(target: attestationName, action: String.Format(CultureInfo.InvariantCulture, Resources.CreatingAttestation, rootScope, attestationName))) + { + var result = this.PolicyInsightsClient.Attestations.CreateOrUpdateAtResource(resourceId: rootScope, attestationName: attestationName, parameters: attestation); + + WriteObject(new PSAttestation(result)); + } + } + } +} diff --git a/src/PolicyInsights/PolicyInsights/Cmdlets/Attestations/RemoveAzureRmAttestation.cs b/src/PolicyInsights/PolicyInsights/Cmdlets/Attestations/RemoveAzureRmAttestation.cs new file mode 100644 index 000000000000..f2f095e70199 --- /dev/null +++ b/src/PolicyInsights/PolicyInsights/Cmdlets/Attestations/RemoveAzureRmAttestation.cs @@ -0,0 +1,82 @@ +// ---------------------------------------------------------------------------------- +// +// Copyright Microsoft Corporation +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// ---------------------------------------------------------------------------------- + +using Microsoft.Azure.Commands.PolicyInsights.Common; +using Microsoft.Azure.Commands.PolicyInsights.Models.Attestations; +using Microsoft.Azure.Commands.PolicyInsights.Models.Remediation; +using Microsoft.Azure.Commands.PolicyInsights.Properties; +using Microsoft.Azure.Commands.ResourceManager.Common; +using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters; +using Microsoft.Azure.Management.PolicyInsights; +using System; +using System.Collections.Generic; +using System.Globalization; +using System.Linq; +using System.Management.Automation; +using System.Text; + +namespace Microsoft.Azure.Commands.PolicyInsights.Cmdlets.Attestations +{ + /// + /// Removes a policy attestation. + /// + [Cmdlet(VerbsCommon.Remove, AzureRMConstants.AzureRMPrefix + "PolicyAttestation", DefaultParameterSetName = ParameterSetNames.ByName, SupportsShouldProcess = true), OutputType(typeof(bool))] + public class RemoveAzureRmAttestation: AttestationCmdletBase + { + [Parameter(ParameterSetName = ParameterSetNames.ByName, Mandatory = true, ValueFromPipelineByPropertyName = true, HelpMessage = ParameterHelpMessages.Name)] + [ValidateNotNullOrEmpty] + public string Name { get; set; } + + [Parameter(ParameterSetName = ParameterSetNames.ByName, Mandatory = false, ValueFromPipelineByPropertyName = true, HelpMessage = ParameterHelpMessages.Scope)] + [ValidateNotNullOrEmpty] + public string Scope { get; set; } + + [Parameter(ParameterSetName = ParameterSetNames.ByName, Mandatory = false, ValueFromPipelineByPropertyName = true, HelpMessage = ParameterHelpMessages.ResourceGroupName)] + [ResourceGroupCompleter] + [ValidateNotNullOrEmpty] + public string ResourceGroupName { get; set; } + + [Alias("Id")] + [Parameter(ParameterSetName = ParameterSetNames.ByResourceId, Mandatory = true, ValueFromPipelineByPropertyName = true, HelpMessage = ParameterHelpMessages.ResourceId)] + [ValidateNotNullOrEmpty] + public string ResourceId { get; set; } + + [Parameter(ParameterSetName = ParameterSetNames.ByInputObject, Mandatory = true, ValueFromPipeline = true, HelpMessage = ParameterHelpMessages.AttestationObject)] + [ValidateNotNull] + public PSAttestation InputObject { get; set; } + + [Parameter(Mandatory = false, HelpMessage = ParameterHelpMessages.PassThru)] + public SwitchParameter PassThru { get; set; } + + public override void Execute() + { + if (!string.IsNullOrEmpty(this.Name) && new[] { this.Scope, this.ResourceGroupName }.Count(s => s != null) > 1) + { + throw new PSArgumentException(Resources.Error_TooManyScopes); + } + + var rootScope = this.GetRootScope(scope: this.Scope, resourceId: this.ResourceId, resourceGroupName: this.ResourceGroupName, inputObject: this.InputObject); + var attestationName = this.GetAttestationName(name: this.Name, resourceId: this.ResourceId, inputObject: this.InputObject); + + if (this.ShouldProcess(target: attestationName, action: string.Format(CultureInfo.InvariantCulture, Resources.DeletingAttestation, attestationName, rootScope))) + { + this.PolicyInsightsClient.Attestations.DeleteAtResource(resourceId: rootScope, attestationName: attestationName); + if (this.PassThru.IsPresent) + { + WriteObject(true); + } + } + } + } +} diff --git a/src/PolicyInsights/PolicyInsights/Cmdlets/Attestations/SetAzureRmPolicyAttestation.cs b/src/PolicyInsights/PolicyInsights/Cmdlets/Attestations/SetAzureRmPolicyAttestation.cs new file mode 100644 index 000000000000..1d247e9213ea --- /dev/null +++ b/src/PolicyInsights/PolicyInsights/Cmdlets/Attestations/SetAzureRmPolicyAttestation.cs @@ -0,0 +1,155 @@ +// ---------------------------------------------------------------------------------- +// +// Copyright Microsoft Corporation +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// ---------------------------------------------------------------------------------- + +using Azure.Core; +using Microsoft.Azure.Commands.PolicyInsights.Common; +using Microsoft.Azure.Commands.PolicyInsights.Models.Attestations; +using Microsoft.Azure.Commands.PolicyInsights.Properties; +using Microsoft.Azure.Commands.ResourceManager.Common; +using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters; +using Microsoft.Azure.Management.PolicyInsights; +using Microsoft.Azure.Management.PolicyInsights.Models; +using Microsoft.WindowsAzure.Commands.Utilities.Common; +using System; +using System.Collections.Generic; +using System.Globalization; +using System.Linq; +using System.Management.Automation; +using System.Text; + +namespace Microsoft.Azure.Commands.PolicyInsights.Cmdlets.Attestations +{ + /// + /// Updates a policy attestation. + /// + [Cmdlet(verbName: VerbsCommon.Set, AzureRMConstants.AzureRMPrefix + "PolicyAttestation", DefaultParameterSetName = ParameterSetNames.ByName, SupportsShouldProcess = true), OutputType(typeof(PSAttestation))] + public class SetAzureRmPolicyAttestation : AttestationCmdletBase + { + [Parameter(ParameterSetName = ParameterSetNames.ByName, Mandatory = true, ValueFromPipelineByPropertyName = true, HelpMessage = ParameterHelpMessages.Name)] + [ValidateNotNullOrEmpty] + public string Name { get; set; } + + [Parameter(ParameterSetName = ParameterSetNames.ByName, Mandatory = false, HelpMessage = ParameterHelpMessages.Scope)] + [ValidateNotNullOrEmpty] + public string Scope { get; set; } + + [Parameter(ParameterSetName = ParameterSetNames.ByName, Mandatory = false, ValueFromPipelineByPropertyName = true, HelpMessage = ParameterHelpMessages.ResourceGroupName)] + [ResourceGroupCompleter] + [ValidateNotNullOrEmpty] + public string ResourceGroupName { get; set; } + + [Alias("Id")] + [Parameter(ParameterSetName = ParameterSetNames.ByResourceId, Mandatory = true, ValueFromPipelineByPropertyName = true, HelpMessage = ParameterHelpMessages.ResourceId)] + [ValidateNotNullOrEmpty] + public string ResourceId { get; set; } + + [Parameter(ParameterSetName = ParameterSetNames.ByInputObject, Mandatory = true, ValueFromPipeline = true, HelpMessage = ParameterHelpMessages.AttestationObject)] + [ValidateNotNull] + public PSAttestation InputObject { get; set; } + + [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, HelpMessage = ParameterHelpMessages.PolicyAssignmentId)] + public string PolicyAssignmentId { get; set; } + + [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, HelpMessage = ParameterHelpMessages.ComplianceState)] + [PSArgumentCompleter("Compliant", "NonCompliant", "Unknown")] + public string ComplianceState { get; set; } + + [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, HelpMessage = ParameterHelpMessages.PolicyDefinitionReferenceId)] + public string PolicyDefinitionReferenceId { get; set; } + + [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, HelpMessage = ParameterHelpMessages.ExpiresOn)] + public DateTime? ExpiresOn { get; set; } + + [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, HelpMessage = ParameterHelpMessages.Owner)] + public string Owner { get; set; } + + [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, HelpMessage = ParameterHelpMessages.Comment)] + public string Comment { get; set; } + + [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, HelpMessage = ParameterHelpMessages.Evidence)] + public PSAttestationEvidence[] Evidence { get; set; } + + [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, HelpMessage = ParameterHelpMessages.AssessmentDate)] + public DateTime? AssessmentDate { get; set; } + + [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, HelpMessage = ParameterHelpMessages.AttestationMetadata)] + public object Metadata { get; set; } + + public override void Execute() + { + if (!string.IsNullOrEmpty(this.Name) && new[] { this.Scope, this.ResourceGroupName }.Count(s => s != null) > 1) + { + throw new PSArgumentException(Resources.Error_TooManyScopes); + } + if (this.IsParameterBound(c => c.InputObject)) + { + this.ResourceId = this.InputObject.Id; + var resourceIdentifier = new ResourceIdentifier(this.ResourceId); + this.ResourceGroupName = resourceIdentifier.ResourceGroupName; + this.Name = resourceIdentifier.Name; + this.PolicyAssignmentId = this.IsParameterBound(c => c.PolicyAssignmentId) ? this.PolicyAssignmentId : this.InputObject?.PolicyAssignmentId; + this.PolicyDefinitionReferenceId = this.IsParameterBound(c => c.PolicyDefinitionReferenceId) ? this.PolicyDefinitionReferenceId : this.InputObject?.PolicyDefinitionReferenceId; + this.ComplianceState = this.IsParameterBound(c => c.ComplianceState) ? this.ComplianceState : this.InputObject?.ComplianceState; + this.ExpiresOn = this.IsParameterBound(c => c.ExpiresOn) ? this.ExpiresOn : this.InputObject?.ExpiresOn; + this.Owner = this.IsParameterBound(c => c.Owner) ? this.Owner : this.InputObject?.Owner; + this.Comment = this.IsParameterBound(c => c.Comment) ? this.Comment : this.InputObject?.Comment; + this.Evidence = this.IsParameterBound(c => c.Evidence) ? this.Evidence : this.InputObject?.Evidence; + this.AssessmentDate = this.IsParameterBound(c => c.AssessmentDate) ? this.AssessmentDate : this.InputObject?.AssessmentDate; + this.Metadata = this.IsParameterBound(c => c.Metadata) ? ConvertToMetadataJObject(this.Metadata) : this.InputObject?.Metadata; + } + + if (this.IsParameterBound(c => c.ResourceId)) + { + var resourceIdentifier = new ResourceIdentifier(this.ResourceId); + this.ResourceGroupName = resourceIdentifier.ResourceGroupName; + this.Name = resourceIdentifier.Name; + } + + Attestation existingAttestation = null; + var rootScope = this.GetRootScope(scope: this.Scope, resourceId: this.ResourceId, resourceGroupName: this.ResourceGroupName, inputObject: InputObject); + var attestationName = this.GetAttestationName(name: this.Name, resourceId: this.ResourceId, inputObject: this.InputObject); + try + { + existingAttestation = this.PolicyInsightsClient.Attestations.GetAtResource(rootScope, attestationName); + } + catch + { + existingAttestation = null; + } + + if (existingAttestation == null) + { + throw new PSArgumentException(string.Format(CultureInfo.InvariantCulture, Resources.Error_AttestationDoesNotExists, attestationName, rootScope)); + } + + existingAttestation.PolicyAssignmentId = this.PolicyAssignmentId ?? existingAttestation.PolicyAssignmentId; + existingAttestation.PolicyDefinitionReferenceId = this.PolicyDefinitionReferenceId; + existingAttestation.ComplianceState = this.ComplianceState; + existingAttestation.ExpiresOn = this.ExpiresOn; + existingAttestation.Comments = this.Comment; + existingAttestation.Evidence = this.Evidence?.Select((e) => e.ToModel()).ToList(); + existingAttestation.Owner = this.Owner; + existingAttestation.AssessmentDate = this.AssessmentDate; + existingAttestation.Metadata = this.Metadata != null ? AttestationCmdletBase.ConvertToMetadataJObject(this.Metadata) : null; + + if (this.ShouldProcess(target: attestationName, action: String.Format(CultureInfo.InvariantCulture, Resources.UpdatingAttestation, rootScope, attestationName))) + { + var result = this.PolicyInsightsClient.Attestations.CreateOrUpdateAtResource(resourceId: rootScope, attestationName: attestationName, parameters: existingAttestation); + + WriteObject(new PSAttestation(result)); + } + + } + } +} diff --git a/src/PolicyInsights/PolicyInsights/Common/AttestationCmdletBase.cs b/src/PolicyInsights/PolicyInsights/Common/AttestationCmdletBase.cs new file mode 100644 index 000000000000..e0436c9cfa0a --- /dev/null +++ b/src/PolicyInsights/PolicyInsights/Common/AttestationCmdletBase.cs @@ -0,0 +1,118 @@ +// ---------------------------------------------------------------------------------- +// +// Copyright Microsoft Corporation +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// ---------------------------------------------------------------------------------- + +using Microsoft.Azure.Commands.PolicyInsights.Models.Attestations; +using Microsoft.Azure.Commands.PolicyInsights.Properties; +using Newtonsoft.Json.Linq; +using System; +using System.Collections.Generic; +using System.Globalization; +using System.Management.Automation; +using System.Text; + +namespace Microsoft.Azure.Commands.PolicyInsights.Common +{ + public abstract class AttestationCmdletBase : PolicyInsightsCmdletBase + { + /// + /// The fully qualified resource type of the attestations resource. + /// + protected const string AttestationsFullyQualifiedResourceType = "Microsoft.PolicyInsights/attestations"; + + /// + /// Gets the root scope of the attestation that is being acted upon. + /// + /// The full scope + /// The full resource ID of the attestation resource + /// The resource group name + /// The attestation input object + protected string GetRootScope(string scope = null, string resourceId = null, string resourceGroupName = null, PSAttestation inputObject = null) + { + string rootScope = null; + if (!string.IsNullOrEmpty(resourceId)) + { + rootScope = ResourceIdHelper.GetRootScope(resourceId: resourceId, fullyQualifiedResourceType: AttestationCmdletBase.AttestationsFullyQualifiedResourceType); + if (rootScope == null) + { + throw new PSArgumentException(string.Format(CultureInfo.InvariantCulture, Resources.Error_InvalidResourceId, AttestationCmdletBase.AttestationsFullyQualifiedResourceType), paramName: "ResourceId"); + } + } + else if (!string.IsNullOrEmpty(scope)) + { + rootScope = scope.TrimEnd('/'); + } + else if (!string.IsNullOrEmpty(resourceGroupName)) + { + rootScope = ResourceIdHelper.GetResourceGroupScope(subscriptionId: this.DefaultContext.Subscription.Id, resourceGroupName: resourceGroupName); + } + else if (inputObject != null) + { + rootScope = ResourceIdHelper.GetRootScope(resourceId: inputObject.Id, fullyQualifiedResourceType: AttestationCmdletBase.AttestationsFullyQualifiedResourceType); + } + else + { + // Subscription based retrieval is the default, pulls the subscription ID from context + rootScope = ResourceIdHelper.GetSubscriptionScope(subscriptionId: this.DefaultContext.Subscription.Id); + } + + return rootScope; + } + + + /// + /// Gets the name of the attestation that is being acted upon. + /// + /// The provided attestation name + /// The full resource ID of the attestation resource + /// The attestation input object + protected string GetAttestationName(string name = null, string resourceId = null, PSAttestation inputObject = null) + { + string attestationName = null; + if (!string.IsNullOrEmpty(name)) + { + attestationName = name; + } + else if (!string.IsNullOrEmpty(resourceId)) + { + attestationName = ResourceIdHelper.GetResourceName(resourceId: resourceId); + if (attestationName == null) + { + throw new PSArgumentException(string.Format(CultureInfo.InvariantCulture, Resources.Error_InvalidResourceId, AttestationCmdletBase.AttestationsFullyQualifiedResourceType), paramName: "ResourceId"); + } + } + else if (inputObject != null) + { + attestationName = inputObject.Name; + } + + return attestationName; + } + + protected static JObject ConvertToMetadataJObject(object metadata) + { + if (metadata != null) + { + try + { + return JObject.Parse(metadata.ToString()); + } + catch + { + throw new PSArgumentException(string.Format(CultureInfo.InvariantCulture, Resources.Error_InvalidMetadata, metadata.ToString())); + } + } + return null; + } + } +} diff --git a/src/PolicyInsights/PolicyInsights/Common/ParameterHelpMessages.cs b/src/PolicyInsights/PolicyInsights/Common/ParameterHelpMessages.cs index 3e65eb5507fd..c5044d7cd672 100644 --- a/src/PolicyInsights/PolicyInsights/Common/ParameterHelpMessages.cs +++ b/src/PolicyInsights/PolicyInsights/Common/ParameterHelpMessages.cs @@ -29,7 +29,7 @@ public static class ParameterHelpMessages public const string PolicyDefinitionName = "Policy definition name. This policy definition must exist in the subscription being queried. It cannot be a management group scope policy definition."; public const string PolicyAssignmentName = "Policy assignment name. This policy assignment must have exactly the same scope as the parameter set. e.g. if `-SubscriptionId` and `ResourceGroupName` are specified, the policy assignment must be assigned to that resource group. If only `-SubscriptionId` is specified, then the policy assignment must be assigned to that subscription."; public const string PolicyAssignmentId = "Policy assignment ID. E.g. '/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyAssignments/{assignmentName}'."; - public const string PolicyDefinitionReferenceId = "The policy definition reference ID of the individual definition that is being remediated. Required when the policy assignment assigns a policy set definition."; + public const string PolicyDefinitionReferenceId = "The policy definition reference ID of the individual definition. Required when the policy assignment assigns a policy set definition."; public const string ResourceDiscoveryMode = "Describes how the remediation task will discover resources that need to be remediated. ReEvaluateCompliance is not supported when remediating management group scopes."; public const string RemediationResourceCount = "Maximum number of non-compliant resources that will be remediated. If not provided, the default resource count is used."; public const string RemediationFailureThreshold = "Number between 0.0 to 1.0 representing the percentage failure threshold. The remediation will fail if the percentage of failed remediation operations (i.e. failed deployments) exceeds this threshold."; @@ -51,5 +51,13 @@ public static class ParameterHelpMessages public const string AllowRemediationStop = "Allow the remediation to be canceled if it is in-progress."; public const string PassThru = "Return True if the command completes successfully."; public const string TopPolicyMetadata = "Maximum number of policy metadata resources to return."; + public const string ComplianceState = "The Compliance State of the resource. E.g. 'Compliant', 'NonCompliant', 'Unknown'"; + public const string ExpiresOn = "The time the compliance state set in the attestation should expire."; + public const string Owner = "The person responsible for setting the state of the resource. This value is typically an Azure Active Directory object ID."; + public const string Comment = "Comments describing why this attestation was created."; + public const string Evidence = "The evidence supporting the compliance state set in this attestation."; + public const string AssessmentDate = "The time the evidence of an attestation was assessed."; + public const string AttestationMetadata = "Additional metadata for the attestation."; + public const string AttestationObject = "The Attestation object."; } } diff --git a/src/PolicyInsights/PolicyInsights/Models/Attestations/PSAttestation.cs b/src/PolicyInsights/PolicyInsights/Models/Attestations/PSAttestation.cs new file mode 100644 index 000000000000..43f4ca85efd1 --- /dev/null +++ b/src/PolicyInsights/PolicyInsights/Models/Attestations/PSAttestation.cs @@ -0,0 +1,148 @@ +// ---------------------------------------------------------------------------------- +// +// Copyright Microsoft Corporation +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// ---------------------------------------------------------------------------------- + +namespace Microsoft.Azure.Commands.PolicyInsights.Models.Attestations +{ + using System; + using System.Collections.Generic; + using System.Linq; + using Microsoft.Azure.Commands.PolicyInsights.Models.Attestations; + using Microsoft.Azure.Management.PolicyInsights.Models; + using Microsoft.WindowsAzure.Commands.Utilities.Common; + using Newtonsoft.Json; + + /// + /// + /// + public class PSAttestation{ + + /// + /// Gets fully qualified resource ID for the resource. Ex - + /// /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + /// + public string Id { get; private set; } + + /// + /// Gets the name of the resource + /// + public string Name { get; private set; } + + /// + /// Gets the type of the resource. E.g. + /// "Microsoft.Compute/virtualMachines" or + /// "Microsoft.Storage/storageAccounts" + /// + public string Type { get; private set; } + + /// + /// Gets or sets the resource ID of the policy assignment that the + /// attestation is setting the state for. + /// + public string PolicyAssignmentId { get; set; } + + /// + /// Gets or sets the policy definition reference ID from a policy set + /// definition that the attestation is setting the state for. If the + /// policy assignment assigns a policy set definition the attestation + /// can choose a definition within the set definition with this + /// property or omit this and set the state for the entire set + /// definition. + /// + public string PolicyDefinitionReferenceId { get; set; } + + /// + /// Gets or sets the compliance state that should be set on the + /// resource. Possible values include: 'Compliant', 'NonCompliant', + /// 'Unknown' + /// + public string ComplianceState { get; set; } + + /// + /// Gets or sets the time the compliance state should expire. + /// + public System.DateTime? ExpiresOn { get; set; } + + /// + /// Gets or sets the person responsible for setting the state of the + /// resource. This value is typically an Azure Active Directory object + /// ID. + /// + public string Owner { get; set; } + + /// + /// Gets or sets comments describing why this attestation was created. + /// + public string Comment { get; set; } + + /// + /// Gets or sets the evidence supporting the compliance state set in + /// this attestation. + /// + public PSAttestationEvidence[] Evidence { get; set; } + + /// + /// Gets the status of the attestation. + /// + public string ProvisioningState { get; private set; } + + /// + /// Gets the time the compliance state was last changed in this + /// attestation. + /// + public System.DateTime? LastComplianceStateChangeAt { get; private set; } + + /// + /// Gets or sets the time the evidence was assessed + /// + public System.DateTime? AssessmentDate { get; set; } + + /// + /// Gets or sets additional metadata for this attestation + /// + public object Metadata { get; set; } + + /// + /// Gets azure Resource Manager metadata containing createdBy and + /// modifiedBy information. + /// + public SystemData SystemData { get; private set; } + + /// + /// + /// + /// + public PSAttestation(Attestation attestation) + { + if(attestation == null) + { + return; + } + this.Id = attestation.Id; + this.Name = attestation.Name; + this.Type = attestation.Type; + this.ProvisioningState = attestation.ProvisioningState; + this.PolicyAssignmentId = attestation.PolicyAssignmentId; + this.PolicyDefinitionReferenceId = attestation.PolicyDefinitionReferenceId; + this.ComplianceState = attestation.ComplianceState; + this.ExpiresOn = attestation.ExpiresOn; + this.Owner = attestation.Owner; + this.Comment = attestation.Comments; + this.Metadata = attestation.Metadata; + this.LastComplianceStateChangeAt = attestation.LastComplianceStateChangeAt; + this.AssessmentDate = attestation.AssessmentDate; + this.Evidence = attestation.Evidence?.Select(evidence => new PSAttestationEvidence(evidence)).ToArray(); + } + } + +} \ No newline at end of file diff --git a/src/PolicyInsights/PolicyInsights/Models/Attestations/PSAttestationEvidence.cs b/src/PolicyInsights/PolicyInsights/Models/Attestations/PSAttestationEvidence.cs new file mode 100644 index 000000000000..50fa59e10eb8 --- /dev/null +++ b/src/PolicyInsights/PolicyInsights/Models/Attestations/PSAttestationEvidence.cs @@ -0,0 +1,53 @@ +// ---------------------------------------------------------------------------------- +// +// Copyright Microsoft Corporation +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// ---------------------------------------------------------------------------------- + +using Microsoft.Azure.Management.PolicyInsights.Models; +using Newtonsoft.Json; +using System; +using System.Collections.Generic; +using System.Text; + +namespace Microsoft.Azure.Commands.PolicyInsights.Models.Attestations +{ + public class PSAttestationEvidence + { + + /// + /// Gets or sets the description for this piece of evidence. + /// + public string Description { get; set; } + + /// + /// Gets or sets the URI location of the evidence. + /// + public string SourceUri { get; set; } + + public PSAttestationEvidence() { } + + public PSAttestationEvidence(AttestationEvidence attestationEvidence) + { + this.Description = attestationEvidence.Description; + this.SourceUri = attestationEvidence.SourceUri; + } + + public AttestationEvidence ToModel() + { + return new AttestationEvidence() + { + Description = this.Description, + SourceUri = this.SourceUri + }; + } + } +} diff --git a/src/PolicyInsights/PolicyInsights/Models/Attestations/PSAttestationMetadata.cs b/src/PolicyInsights/PolicyInsights/Models/Attestations/PSAttestationMetadata.cs new file mode 100644 index 000000000000..f9dd4fe1503b --- /dev/null +++ b/src/PolicyInsights/PolicyInsights/Models/Attestations/PSAttestationMetadata.cs @@ -0,0 +1,32 @@ +// ---------------------------------------------------------------------------------- +// +// Copyright Microsoft Corporation +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// ---------------------------------------------------------------------------------- + +using System; +using System.Collections.Generic; +using System.Management.Automation; + +namespace Microsoft.Azure.Commands.PolicyInsights.Models.Attestations +{ + public class PSAttestationMetadata + { + public object Metadata { get; set; } + + public PSAttestationMetadata() { } + + public PSAttestationMetadata(object metadata) + { + Metadata = metadata; + } + } +} diff --git a/src/PolicyInsights/PolicyInsights/PolicyInsights.csproj b/src/PolicyInsights/PolicyInsights/PolicyInsights.csproj index 9f9f38a0c4e7..53f428ccc9d0 100644 --- a/src/PolicyInsights/PolicyInsights/PolicyInsights.csproj +++ b/src/PolicyInsights/PolicyInsights/PolicyInsights.csproj @@ -1,4 +1,4 @@ - + PolicyInsights @@ -11,7 +11,7 @@ - + diff --git a/src/PolicyInsights/PolicyInsights/Properties/Resources.Designer.cs b/src/PolicyInsights/PolicyInsights/Properties/Resources.Designer.cs index f53b5e675e18..ed8e700be52a 100644 --- a/src/PolicyInsights/PolicyInsights/Properties/Resources.Designer.cs +++ b/src/PolicyInsights/PolicyInsights/Properties/Resources.Designer.cs @@ -19,7 +19,7 @@ namespace Microsoft.Azure.Commands.PolicyInsights.Properties { // class via a tool like ResGen or Visual Studio. // To add or remove a member, edit your .ResX file then rerun ResGen // with the /str option, or rebuild your VS project. - [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resources.Tools.StronglyTypedResourceBuilder", "16.0.0.0")] + [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resources.Tools.StronglyTypedResourceBuilder", "17.0.0.0")] [global::System.Diagnostics.DebuggerNonUserCodeAttribute()] [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()] internal class Resources { @@ -69,6 +69,15 @@ internal static string CancelingRemediation { } } + /// + /// Looks up a localized string similar to Creating a new attestation at scope '{0}' with name '{1}'.. + /// + internal static string CreatingAttestation { + get { + return ResourceManager.GetString("CreatingAttestation", resourceCulture); + } + } + /// /// Looks up a localized string similar to Creating a new remediation at scope '{0}' with name '{1}'.. /// @@ -78,6 +87,15 @@ internal static string CreatingRemediation { } } + /// + /// Looks up a localized string similar to Deleting attestation '{0}' from scope '{1}'. + /// + internal static string DeletingAttestation { + get { + return ResourceManager.GetString("DeletingAttestation", resourceCulture); + } + } + /// /// Looks up a localized string similar to Deleting remediation '{0}' from scope '{1}'.. /// @@ -87,6 +105,33 @@ internal static string DeletingRemediation { } } + /// + /// Looks up a localized string similar to "An attestion with name '{0}' in scope '{1}' already exists. Please use Set-AzAttestation to update an existing Attestation.". + /// + internal static string Error_AttestationAlreadyExists { + get { + return ResourceManager.GetString("Error_AttestationAlreadyExists", resourceCulture); + } + } + + /// + /// Looks up a localized string similar to "An attestion with name '{0}' in scope '{1}' does not exist. Please use New-AzAttestation to create a new Attestation with these properties.". + /// + internal static string Error_AttestationDoesNotExists { + get { + return ResourceManager.GetString("Error_AttestationDoesNotExists", resourceCulture); + } + } + + /// + /// Looks up a localized string similar to The given metadata '{0}' is invalid. + /// + internal static string Error_InvalidMetadata { + get { + return ResourceManager.GetString("Error_InvalidMetadata", resourceCulture); + } + } + /// /// Looks up a localized string similar to ResourceId must be a resource ID of a single '{0}' resource.. /// @@ -123,6 +168,15 @@ internal static string StartComplianceScan { } } + /// + /// Looks up a localized string similar to Updating an attestation with name '{0}' in scope '{1}'.. + /// + internal static string UpdatingAttestation { + get { + return ResourceManager.GetString("UpdatingAttestation", resourceCulture); + } + } + /// /// Looks up a localized string similar to Waiting for completion of remediation at scope '{0}' with name '{1}'.. /// diff --git a/src/PolicyInsights/PolicyInsights/Properties/Resources.resx b/src/PolicyInsights/PolicyInsights/Properties/Resources.resx index 5d72a1f9f954..c4616288b492 100644 --- a/src/PolicyInsights/PolicyInsights/Properties/Resources.resx +++ b/src/PolicyInsights/PolicyInsights/Properties/Resources.resx @@ -141,4 +141,22 @@ Waiting for completion of remediation at scope '{0}' with name '{1}'. + + Creating a new attestation at scope '{0}' with name '{1}'. + + + Updating an attestation with name '{0}' in scope '{1}'. + + + "An attestion with name '{0}' in scope '{1}' already exists. Please use Set-AzAttestation to update an existing Attestation." + + + "An attestion with name '{0}' in scope '{1}' does not exist. Please use New-AzAttestation to create a new Attestation with these properties." + + + The given metadata '{0}' is invalid + + + Deleting attestation '{0}' from scope '{1}' + \ No newline at end of file diff --git a/src/PolicyInsights/PolicyInsights/help/Az.PolicyInsights.md b/src/PolicyInsights/PolicyInsights/help/Az.PolicyInsights.md index fec9b98ba875..07570c3a1f26 100644 --- a/src/PolicyInsights/PolicyInsights/help/Az.PolicyInsights.md +++ b/src/PolicyInsights/PolicyInsights/help/Az.PolicyInsights.md @@ -11,6 +11,9 @@ Locale: en-US This topic displays help for the Azure Policy Insights cmdlets. ## Az.PolicyInsights Cmdlets +### [Get-AzPolicyAttestation](Get-AzPolicyAttestation.md) +Gets policy attestations. + ### [Get-AzPolicyEvent](Get-AzPolicyEvent.md) Gets policy evaluation events generated as resources are created or updated. @@ -26,9 +29,18 @@ Gets policy compliance states for resources. ### [Get-AzPolicyStateSummary](Get-AzPolicyStateSummary.md) Gets latest policy compliance states summary for resources. +### [New-AzPolicyAttestation](New-AzPolicyAttestation.md) +Creates a new policy attestation for a policy assignment. + +### [Remove-AzPolicyAttestation](Remove-AzPolicyAttestation.md) +Deletes a policy attestation. + ### [Remove-AzPolicyRemediation](Remove-AzPolicyRemediation.md) Deletes a policy remediation. +### [Set-AzPolicyAttestation](Set-AzPolicyAttestation.md) +Modifies a policy attestation. + ### [Start-AzPolicyComplianceScan](Start-AzPolicyComplianceScan.md) Triggers a policy compliance evaluation for all resources in a subscription or resource group. diff --git a/src/PolicyInsights/PolicyInsights/help/Az.PolicyInsightsCmdlet.Design.md b/src/PolicyInsights/PolicyInsights/help/Az.PolicyInsightsCmdlet.Design.md new file mode 100644 index 000000000000..3b749978be6f --- /dev/null +++ b/src/PolicyInsights/PolicyInsights/help/Az.PolicyInsightsCmdlet.Design.md @@ -0,0 +1,1283 @@ +#### New-AzPolicyAttestation + +#### SYNOPSIS +Creates a new policy attestation for a policy assignment. + +#### SYNTAX + ++ ByName (Default) +```powershell +New-AzPolicyAttestation -Name [-Scope ] [-ResourceGroupName ] + -PolicyAssignmentId [-ComplianceState ] [-PolicyDefinitionReferenceId ] + [-ExpiresOn ] [-Owner ] [-Comment ] [-Evidence ] + [-AssessmentDate ] [-Metadata ] [-DefaultProfile ] [-WhatIf] + [-Confirm] [] +``` + ++ ByResourceId +```powershell +New-AzPolicyAttestation -ResourceId -PolicyAssignmentId [-ComplianceState ] + [-PolicyDefinitionReferenceId ] [-ExpiresOn ] [-Owner ] [-Comment ] + [-Evidence ] [-AssessmentDate ] [-Metadata ] + [-DefaultProfile ] [-WhatIf] [-Confirm] [] +``` + +#### EXAMPLES + ++ Example 1: Create an attestation at subscription scope +```powershell +Set-AzContext -Subscription "My Subscription" +$policyAssignmentId = "/subscriptions/49c37404-cef8-46b2-ba72-fa8419c82ed5/providers/Microsoft.Authorization/policyAssignments/0774f87b3af94c1399d3ee52" +$attestationName = "attestation-subscription" +New-AzPolicyAttestation -PolicyAssignmentId $policyAssignmentId -Name $attestationName -ComplianceState "Compliant" +``` + +This command creates a new policy attestation at subscription 'My Subscription' for the given policy assignment. + +>**Note:** +>This command creates an attestation for the subscription and not the resources underneath it. For ease of management, manual policies should be designed to target the scope which defines the boundary of resources whose compliance state needs to be attested. In this case, the manual policy should be targeting `Microsoft.Resources/subscriptions`. For more information, go to https://learn.microsoft.com/en-us/azure/governance/policy/concepts/attestation-structure to understand the best practices for creating attestations. + ++ Example 2: Create an attestation at resource group +```powershell +$policyAssignmentId = "/subscriptions/49c37404-cef8-46b2-ba72-fa8419c82ed5/providers/Microsoft.Authorization/policyAssignments/0774f87b3af94c1399d3ee52" +$attestationName = "attestation-RG" +$rgName = "myRG" +New-AzPolicyAttestation -ResourceGroupName $RGName -PolicyAssignmentId $policyAssignmentId -Name $attestationName -ComplianceState "Compliant" +``` + +This command creates a new policy attestation at the resource group 'myRG' for the given policy assignment. + +>**Note:** +>This command creates an attestation for the resource group and not the resources underneath it. For ease of management, manual policies should be designed to target the scope which defines the boundary of resources whose compliance state needs to be attested. In this case, the manual policy should be targeting `Microsoft.Resources/subscriptions/resourceGroups`. For more information, go to https://learn.microsoft.com/en-us/azure/governance/policy/concepts/attestation-structure to understand the best practices for creating attestations. + ++ Example 3: Create an attestation at resource +```powershell +$policyAssignmentId = "/subscriptions/49c37404-cef8-46b2-ba72-fa8419c82ed5/providers/Microsoft.Authorization/policyAssignments/0774f87b3af94c1399d3ee52" +$attestationName = "attestation-resource" +$scope = "/subscriptions/49c37404-cef8-46b2-ba72-fa8419c82ed5/resourceGroups/myRG/providers/Microsoft.Network/virtualNetworks/Test-VN" +New-AzPolicyAttestation ` + -PolicyAssignmentId $policyAssignmentId ` + -Name $attestationName ` + -Scope $scope ` + -ComplianceState "NonCompliant" +``` + +This command creates an attestation for the resource 'Test-VN' for the given policy assignment. + ++ Example 4: Create an attestation with all properties at resource group +``` +$attestationName = "attestationRG" +$policyInitiativeAssignmentId = "/subscriptions/49c37404-cef8-46b2-ba72-fa8419c82ed5/resourceGroups/myRG/providers/Microsoft.Authorization/policyAssignments/74067f0991764e9882a046e0" +$policyDefinitionReferenceId = "PS: Manual Policy (RG)_1" + +$description = "This is a test description" +$sourceURI = "https://contoso.org/test.pdf" +$owner = "Test Owner" +$evidence = @{ + "Description"=$description + "SourceUri"=$sourceURI +} +$policyEvidence = @($evidence) +$metadata = '{"TestKey":"TestValue"}' +New-AzPolicyAttestation ` + -Name $attestationName ` + -ResourceGroupName $RGName ` + -PolicyAssignmentId $policyInitiativeAssignmentId ` + -PolicyDefinitionReferenceId $policyDefinitionReferenceId ` + -ComplianceState $Compliant ` + -Comments $comment ` + -Evidence $policyEvidence ` + -ExpiresOn $expiresOn ` + -AssessmentDate $expiresOn.AddDays(-2) ` + -Owner $owner ` + -Metadata $metadata +``` + + +#### Get-AzPolicyAttestation + +#### SYNOPSIS +Gets policy attestations. + +#### SYNTAX + ++ SubscriptionScope (Default) +```powershell +Get-AzPolicyAttestation [-Top ] [-Filter ] [-DefaultProfile ] + [] +``` + ++ ByName +```powershell +Get-AzPolicyAttestation -Name [-Scope ] [-ResourceGroupName ] + [-DefaultProfile ] [] +``` + ++ GenericScope +```powershell +Get-AzPolicyAttestation -Scope [-Top ] [-Filter ] + [-DefaultProfile ] [] +``` + ++ ResourceGroupScope +```powershell +Get-AzPolicyAttestation -ResourceGroupName [-Top ] [-Filter ] + [-DefaultProfile ] [] +``` + ++ ByResourceId +```powershell +Get-AzPolicyAttestation -ResourceId [-DefaultProfile ] [] +``` + +#### EXAMPLES + ++ Example 1: Get all policy attestations in the current subscription +```powershell +Set-AzContext -Subscription "MySubscription" +Get-AzPolicyAttestation +``` + +This command gets all the attestations created at or underneath a subscription named "My Subscription". + ++ Example 2: Get a specific policy attestation +```powershell +Get-AzPolicyAttestation -ResourceGroupName "myResourceGroup" -Name "attestation1" +``` + +This command gets the attestation named 'attestation1' at the resource group 'myResourceGroup'. + ++ Example 3: Get 5 policy attestations in a subscription with optional filters +```powershell +Set-AzContext -Subscription "MySubscription" +Get-PolicyAttestation -Top 5 -Filter "PolicyAssignmentId eq '/subscriptions/49c37404-cef8-46b2-ba72-fa8419c82ed5/providers/Microsoft.Authorization/policyAssignments/0774f87b3af94c1399d3ee52" +``` + +This command gets a max of 5 policy attestations underneath the subscription named 'My Subscription'. Only policy attestations for the given policy assignment will be retrieved. + + +#### Remove-AzPolicyAttestation + +#### SYNOPSIS +Deletes a policy attestation. + +#### SYNTAX + ++ ByName (Default) +```powershell +Remove-AzPolicyAttestation -Name [-Scope ] [-ResourceGroupName ] [-PassThru] + [-DefaultProfile ] [-WhatIf] [-Confirm] [] +``` + ++ ByResourceId +```powershell +Remove-AzPolicyAttestation -ResourceId [-PassThru] [-DefaultProfile ] + [-WhatIf] [-Confirm] [] +``` + ++ ByInputObject +```powershell +Remove-AzPolicyAttestation -InputObject [-PassThru] [-DefaultProfile ] + [-WhatIf] [-Confirm] [] +``` + +#### EXAMPLES + ++ Example 1: Delete a policy remediation by name at subscription scope. +```powershell +Set-AzContext -Subscription "My Subscription" +Remove-AzPolicyAttestation -Name "attestation1" +``` + +This command deletes the attestation named 'attestation1' in subscription "My Subscription" + ++ Example 2: Delete a policy remediation via piping at resource group. +```powershell +$rgName = "myRG" + +Get-PolicyAttestation -Name "attestation2" -ResourceGroupName $rgName | Remove-AzPolicyAttestation +``` + +This command deletes the attestation named 'attestation2' at resource group 'myRG' using input object given by the **Get-PolicyAttestation** cmdlet. + ++ Example 3: Delete a policy remediation using ResourceId. +```powershell +$scope = "/subscriptions/49c37404-cef8-46b2-ba72-fa8419c82ed5/resourceGroups/myRG/providers/Microsoft.Network/virtualNetworks/Test-VN" +$attestationToDelete = Get-AzPolicyAttestation -Name "attestation3" -Scope $scope +Remove-AzPolicyAttestation -Id $attestationToDelete.Id +``` + +The first command gets an attestation named 'attestation3' with a resource id supplied as scope. +The second command then deletes the attestation using the resource id of the stored attestation. + + +#### Set-AzPolicyAttestation + +#### SYNOPSIS +Modifies a policy attestation. + +#### SYNTAX + ++ ByName (Default) +```powershell +Set-AzPolicyAttestation -Name [-Scope ] [-ResourceGroupName ] + [-PolicyAssignmentId ] [-ComplianceState ] [-PolicyDefinitionReferenceId ] + [-ExpiresOn ] [-Owner ] [-Comment ] [-Evidence ] + [-AssessmentDate ] [-Metadata ] [-DefaultProfile ] [-WhatIf] + [-Confirm] [] +``` + ++ ByResourceId +```powershell +Set-AzPolicyAttestation -ResourceId [-PolicyAssignmentId ] [-ComplianceState ] + [-PolicyDefinitionReferenceId ] [-ExpiresOn ] [-Owner ] [-Comment ] + [-Evidence ] [-AssessmentDate ] [-Metadata ] + [-DefaultProfile ] [-WhatIf] [-Confirm] [] +``` + ++ ByInputObject +```powershell +Set-AzPolicyAttestation -InputObject [-PolicyAssignmentId ] [-ComplianceState ] + [-PolicyDefinitionReferenceId ] [-ExpiresOn ] [-Owner ] [-Comment ] + [-Evidence ] [-AssessmentDate ] [-Metadata ] + [-DefaultProfile ] [-WhatIf] [-Confirm] [] +``` + +#### EXAMPLES + ++ Example 1: Update an attestation by name +```powershell +Set-AzContext -Subscription "My Subscription" +#### Update the existing attestation by resource name at subscription scope (default) +$comment = "Setting the state to non compliant" +$attestationName = "attestation1" + +Set-AzPolicyAttestation -PolicyAssignmentId $policyAssignmentId -Name $attestationName -ComplianceState "NonCompliant" -Comment $comment +``` + +The command here sets the compliance state and adds a comment to an existing attestation with name 'attestation1' in the subscription named 'My Subscription' + ++ Example 2: Update an attestation by ResourceId +```powershell +#### Get an attestation +$rgName = "myRG" +$attestationName = "attestation2" +$attestation = Get-AzPolicyAttestation -ResourceGroupName $rgName -Name $attestationName + +#### Update the existing attestation by resource ID at RG +$expiresOn = [System.DateTime]::UtcNow.AddYears(1) +$updatedAttestation = Set-AzPolicyAttestation -Id $attestation.Id -ExpiresOn $expiresOn +``` + +The first command gets an existing attestation at the resource group 'myRG' with the name 'attestation2'. + +The final command updates the expiry time of the policy attestation by the **ResourceId** property of the existing attestation. + ++ Example 3: Update an attestation by input object +```powershell +#### Get an attestation +$attestationName = "attestation3" +$scope = "/subscriptions/49c37404-cef8-46b2-ba72-fa8419c82ed5/resourceGroups/myRG/providers/Microsoft.Network/virtualNetworks/Test-VN" +$attestation = Get-AzPolicyAttestation -Name $attestationName -Scope $scope + +#### Update attestation by input object +$newOwner = "Test Owner 2" +$attestation | Set-AzPolicyAttestation -Owner $newOwner +``` + +The first command gets an existing attestation with name 'attestation3' for the given resource using its resource id as the scope + +The final command updates the owner of the policy attestation by using piping. + + +#### Start-AzPolicyComplianceScan + +#### SYNOPSIS +Triggers a policy compliance evaluation for all resources in a subscription or resource group. + +#### SYNTAX + +```powershell +Start-AzPolicyComplianceScan [-ResourceGroupName ] [-AsJob] [-PassThru] + [-DefaultProfile ] [-WhatIf] [-Confirm] [] +``` + +#### EXAMPLES + ++ Example 1: Start a compliance scan at subscription scope +```powershell +Start-AzPolicyComplianceScan +``` + +This command starts a policy compliance evaluation for the active subscription. + ++ Example 2: Start a compliance scan at resource group scope +```powershell +Start-AzPolicyComplianceScan -ResourceGroupName "myRG" +``` + +This command starts a policy compliance evaluation for the "myRG" resource group in the active subscription. + ++ Example 3: Start a compliance scan and wait for it to complete in the background +```powershell +$job = Start-AzPolicyComplianceScan -AsJob +$job | Wait-Job +``` + +This command starts a policy compliance evaluation for the active subscription. It will wait for the scan to complete. + + +#### Get-AzPolicyEvent + +#### SYNOPSIS +Gets policy evaluation events generated as resources are created or updated. + +#### SYNTAX + ++ SubscriptionScope (Default) +```powershell +Get-AzPolicyEvent [-SubscriptionId ] [-Top ] [-OrderBy ] [-Select ] + [-From ] [-To ] [-Filter ] [-Apply ] + [-DefaultProfile ] [] +``` + ++ ManagementGroupScope +```powershell +Get-AzPolicyEvent -ManagementGroupName [-Top ] [-OrderBy ] [-Select ] + [-From ] [-To ] [-Filter ] [-Apply ] + [-DefaultProfile ] [] +``` + ++ ResourceGroupScope +```powershell +Get-AzPolicyEvent [-SubscriptionId ] -ResourceGroupName [-Top ] [-OrderBy ] + [-Select ] [-From ] [-To ] [-Filter ] [-Apply ] + [-DefaultProfile ] [] +``` + ++ PolicySetDefinitionScope +```powershell +Get-AzPolicyEvent [-SubscriptionId ] -PolicySetDefinitionName [-Top ] + [-OrderBy ] [-Select ] [-From ] [-To ] [-Filter ] + [-Apply ] [-DefaultProfile ] [] +``` + ++ PolicyDefinitionScope +```powershell +Get-AzPolicyEvent [-SubscriptionId ] -PolicyDefinitionName [-Top ] [-OrderBy ] + [-Select ] [-From ] [-To ] [-Filter ] [-Apply ] + [-DefaultProfile ] [] +``` + ++ SubscriptionLevelPolicyAssignmentScope +```powershell +Get-AzPolicyEvent [-SubscriptionId ] -PolicyAssignmentName [-Top ] [-OrderBy ] + [-Select ] [-From ] [-To ] [-Filter ] [-Apply ] + [-DefaultProfile ] [] +``` + ++ ResourceGroupLevelPolicyAssignmentScope +```powershell +Get-AzPolicyEvent [-SubscriptionId ] -ResourceGroupName -PolicyAssignmentName + [-Top ] [-OrderBy ] [-Select ] [-From ] [-To ] [-Filter ] + [-Apply ] [-DefaultProfile ] [] +``` + ++ ResourceScope +```powershell +Get-AzPolicyEvent -ResourceId [-Top ] [-OrderBy ] [-Select ] [-From ] + [-To ] [-Filter ] [-Apply ] [-DefaultProfile ] + [] +``` + +#### EXAMPLES + ++ Example 1: Get policy events in current subscription scope +```powershell +Get-AzPolicyEvent +``` + +Gets policy event records generated in the last day for all resources within the subscription in current session context. + ++ Example 2: Get policy events in the specified subscription scope +```powershell +Get-AzPolicyEvent -SubscriptionId "fff10b27-fff3-fff5-fff8-fffbe01e86a5" +``` + +Gets policy event records generated in the last day for all resources within the specified subscription. + ++ Example 3: Get policy events in management group scope +```powershell +Get-AzPolicyEvent -ManagementGroupName "myManagementGroup" +``` + +Gets policy event records generated in the last day for all resources within the specified management group. + ++ Example 4: Get policy events in resource group scope in current subscription +```powershell +Get-AzPolicyEvent -ResourceGroupName "myResourceGroup" +``` + +Gets policy event records generated in the last day for all resources within the specified resource group (in the subscription in current session context). + ++ Example 5: Get policy events in resource group scope in the specified subscription +```powershell +Get-AzPolicyEvent -SubscriptionId "fff10b27-fff3-fff5-fff8-fffbe01e86a5" -ResourceGroupName "myResourceGroup" +``` + +Gets policy event records generated in the last day for all resources within the specified resource group (in the specified subscription). + ++ Example 6: Get policy events for a resource +```powershell +Get-AzPolicyEvent -ResourceId "/subscriptions/fff10b27-fff3-fff5-fff8-fffbe01e86a5/resourceGroups/myResourceGroup/providers/Microsoft.EventHub/namespaces/myns1/eventhubs/eh1/consumergroups/cg1" +``` + +Gets policy event records generated in the last day for the specified resource. + ++ Example 7: Get policy events for a policy set definition in current subscription +```powershell +Get-AzPolicyEvent -PolicySetDefinitionName "fff58873-fff8-fff5-fffc-fffbe7c9d697" +``` + +Gets policy event records generated in the last day for all resources (within the tenant in current session context) effected by the specified policy set definition (that exists in the subscription in current session context). + ++ Example 8: Get policy events for a policy set definition in the specified subscription +```powershell +Get-AzPolicyEvent -SubscriptionId "fff10b27-fff3-fff5-fff8-fffbe01e86a5" -PolicySetDefinitionName "fff58873-fff8-fff5-fffc-fffbe7c9d697" +``` + +Gets policy event records generated in the last day for all resources (within the tenant in current session context) effected by the specified policy set definition (that exists in the specified subscription). + ++ Example 9: Get policy events for a policy definition in current subscription +```powershell +Get-AzPolicyEvent -PolicyDefinitionName "fff58873-fff8-fff5-fffc-fffbe7c9d697" +``` + +Gets policy event records generated in the last day for all resources (within the tenant in current session context) effected by the specified policy definition (that exists in the subscription in current session context). + ++ Example 10: Get policy events for a policy definition in the specified subscription +```powershell +Get-AzPolicyEvent -SubscriptionId "fff10b27-fff3-fff5-fff8-fffbe01e86a5" -PolicyDefinitionName "fff58873-fff8-fff5-fffc-fffbe7c9d697" +``` + +Gets policy event records generated in the last day for all resources (within the tenant in current session context) effected by the specified policy definition (that exists in the specified subscription). + ++ Example 11: Get policy events for a policy assignment in current subscription +```powershell +Get-AzPolicyEvent -PolicyAssignmentName "ddd8ef92e3714a5ea3d208c1" +``` + +Gets policy event records generated in the last day for all resources (within the tenant in current session context) effected by the specified policy assignment (that exists in the subscription in current session context). + ++ Example 12: Get policy events for a policy assignment in the specified subscription +```powershell +Get-AzPolicyEvent -SubscriptionId "fff10b27-fff3-fff5-fff8-fffbe01e86a5" -PolicyAssignmentName "ddd8ef92e3714a5ea3d208c1" +``` + +Gets policy event records generated in the last day for all resources (within the tenant in current session context) effected by the specified policy assignment (that exists in the specified subscription). + ++ Example 13: Get policy events for a policy assignment in the specified resource group in the current subscription +```powershell +Get-AzPolicyEvent -ResourceGroupName "myResourceGroup" -PolicyAssignmentName "ddd8ef92e3714a5ea3d208c1" +``` + +Gets policy event records generated in the last day for all resources (within the tenant in current session context) effected by the specified policy assignment (that exists in the resource group in the subscription in current session context). + ++ Example 14: Get policy events in current subscription scope, with OrderBy, Top and Select query options +```powershell +Get-AzPolicyEvent -OrderBy "Timestamp desc, PolicyAssignmentName asc" -Top 5 -Select "Timestamp, ResourceId, PolicyAssignmentId, PolicySetDefinitionId, PolicyDefinitionId" +``` + +Gets policy event records generated in the last day for all resources within the subscription in current session context. +The command orders the results by timestamp and policy assignment name properties, and takes only top 5 of those listed in that order. +It also selects to list only a subset of the columns for each record. + ++ Example 15: Get policy events in current subscription scope, with From and To query options +```powershell +Get-AzPolicyEvent -From "2018-03-08 00:00:00Z" -To "2018-03-15 00:00:00Z" +``` + +Gets policy event records generated within the date range specified for all resources within the subscription in current session context. + ++ Example 16: Get policy events in current subscription scope, with Filter query option +```powershell +Get-AzPolicyEvent -Filter "(PolicyDefinitionAction eq 'deny' or PolicyDefinitionAction eq 'audit') and ResourceLocation ne 'eastus'" +``` + +Gets policy event records generated in the last day for all resources within the subscription in current session context. +The command limits the results returned by filtering based on policy definition action (includes deny or audit actions) and resource location (excludes eastus location). + ++ Example 17: Get policy events in current subscription scope, with Apply specifying row count aggregation +```powershell +Get-AzPolicyEvent -Apply "aggregate(`$count as NumberOfRecords)" +``` + +Gets the number of policy event records generated in the last day for all resources within the subscription in current session context. +The command returns the count of the policy event records only, which is returned inside AdditionalProperties property. + ++ Example 18: Get policy events in current subscription scope, with Apply specifying grouping with aggregation +```powershell +Get-AzPolicyEvent -Filter "PolicyDefinitionAction eq 'audit' or PolicyDefinitionAction eq 'deny'" -Apply "groupby((PolicyAssignmentId, PolicyDefinitionId, PolicyDefinitionAction, ResourceId), aggregate(`$count as NumEvents))" -OrderBy "NumEvents desc" -Top 5 +``` + +Gets policy event records generated in the last day for all resources within the subscription in current session context. +The command limits the results returned by filtering based on policy definition action (includes only audit and deny events). +It groups the results based on policy assignment, policy definition, policy definition action, and resource id, and computes the number of records in each group, which is returned inside AdditionalProperties property. +It orders the results by the count aggregation in descending order, and takes only top 5 of those listed in that order. + ++ Example 19: Get policy events in current subscription scope, with Apply specifying grouping without aggregation +```powershell +Get-AzPolicyEvent -Filter "PolicyDefinitionAction eq 'audit' or PolicyDefinitionAction eq 'deny'" -Apply "groupby((ResourceId))" +``` + +Gets policy event records generated in the last day for all resources within the subscription in current session context. +The command limits the results returned by filtering based on policy definition action (includes only audit and deny events). +It groups the results based on resource id. +This generates the list of all resources within the subscription that generated a policy event for at least one audit or deny policy. + ++ Example 20: Get policy events in current subscription scope, with Apply specifying multiple groupings +```powershell +Get-AzPolicyEvent -Filter "PolicyDefinitionAction eq 'deny'" -Apply "groupby((PolicyAssignmentId, PolicyDefinitionId, ResourceId))/groupby((PolicyAssignmentId, PolicyDefinitionId), aggregate(`$count as NumDeniedResources))" -OrderBy "NumDeniedResources desc" -Top 5 +``` + +Gets policy event records generated in the last day for all resources within the subscription in current session context. +The command limits the results returned by filtering based on policy definition action (includes only deny events). +It groups the results first based on policy assignment, policy definition, and resource id. +Then, it further groups the results of this grouping with the same properties except for resource id, and computes the number of records in each of these groups, which is returned inside AdditionalProperties property. +It orders the results by the count aggregation in descending order, and takes only top 5 of those listed in that order. +This generates the top 5 deny policies with the most number of denied resources. + + +#### Get-AzPolicyMetadata + +#### SYNOPSIS +Gets Policy Metadata resources + +#### SYNTAX + +```powershell +Get-AzPolicyMetadata [-Name ] [-Top ] [-DefaultProfile ] + [] +``` + +#### EXAMPLES + ++ Example 1: Get all policy metadata resources +```powershell +Get-AzPolicyMetadata +``` + +This command gets all policy metadata resources + ++ Example 2: Get a collection of 10 policy metadata resources +```powershell +Get-AzPolicyMetadata -Top 10 +``` + +This command gets a collection of 10 policy metadata resources + ++ Example 3: Get a single policy metadata resource with the name 'ACF1348' +```powershell +Get-AzPolicyMetadata -Name ACF1348 +``` + +This command gets a single policy metadata resource with the name 'ACF1348' + + +#### Get-AzPolicyRemediation + +#### SYNOPSIS +Gets policy remediations. + +#### SYNTAX + ++ SubscriptionScope (Default) +```powershell +Get-AzPolicyRemediation [-Top ] [-Filter ] [-DefaultProfile ] + [] +``` + ++ ByName +```powershell +Get-AzPolicyRemediation -Name [-Scope ] [-ManagementGroupName ] + [-ResourceGroupName ] [-Top ] [-IncludeDetail] [-DefaultProfile ] + [] +``` + ++ GenericScope +```powershell +Get-AzPolicyRemediation -Scope [-Top ] [-Filter ] + [-DefaultProfile ] [] +``` + ++ ManagementGroupScope +```powershell +Get-AzPolicyRemediation -ManagementGroupName [-Top ] [-Filter ] + [-DefaultProfile ] [] +``` + ++ ResourceGroupScope +```powershell +Get-AzPolicyRemediation -ResourceGroupName [-Top ] [-Filter ] + [-DefaultProfile ] [] +``` + ++ ByResourceId +```powershell +Get-AzPolicyRemediation -ResourceId [-Top ] [-IncludeDetail] + [-DefaultProfile ] [] +``` + +#### EXAMPLES + ++ Example 1: Get all policy remediations in the current subscription +```powershell +Set-AzContext -Subscription "My Subscription" +Get-AzPolicyRemediation +``` + +This command gets all the remediations created at or underneath a subscription named 'My Subscription'. + ++ Example 2: Get a specific policy remediation and the deployment details +```powershell +Get-AzPolicyRemediation -ResourceGroupName "myResourceGroup" -Name "remediation1" -IncludeDetail +``` + +This command gets the remediation named 'remediation1' from resource group 'myResourceGroup'. The details of the resources being remediated will be included. + ++ Example 3: Get 10 policy remediations in a management group with optional filters +```powershell +Get-AzPolicyRemediation -ManagementGroupName "mg1" -Top 10 -Filter "PolicyAssignmentId eq '/providers/Microsoft.Management/managementGroups/mg1/providers/Microsoft.Authorization/policyAssignments/pa1'" +``` + +This command gets a max of 10 policy remediations from a management group named 'mg1'. Only policy remediations for the given policy assignment will be retrieved. + + +#### Remove-AzPolicyRemediation + +#### SYNOPSIS +Deletes a policy remediation. + +#### SYNTAX + ++ ByName (Default) +```powershell +Remove-AzPolicyRemediation -Name [-Scope ] [-ManagementGroupName ] + [-ResourceGroupName ] [-AllowStop] [-AsJob] [-PassThru] [-DefaultProfile ] + [-WhatIf] [-Confirm] [] +``` + ++ ByResourceId +```powershell +Remove-AzPolicyRemediation -ResourceId [-AllowStop] [-AsJob] [-PassThru] + [-DefaultProfile ] [-WhatIf] [-Confirm] [] +``` + ++ ByInputObject +```powershell +Remove-AzPolicyRemediation -InputObject [-AllowStop] [-AsJob] [-PassThru] + [-DefaultProfile ] [-WhatIf] [-Confirm] [] +``` + +#### EXAMPLES + ++ Example 1: Delete a policy remediation at resource group scope +```powershell +Remove-AzPolicyRemediation -ResourceGroupName "myRG" -Name "remediation1" +``` + +This command deletes the remediation named 'remediation1' in resource group 'myRG'. + ++ Example 2: Delete a management group remediation via piping +```powershell +$remediation = Get-AzPolicyRemediation -ManagementGroupName "mg1" -Name "remediation1" +$remediation | Remove-AzPolicyRemediation -Confirm +``` + +This command deletes the remediation named 'remediation1' from management group 'mg1'. A confirmation prompt will be presented before deleting the resource. + ++ Example 3: Cancel and delete a policy remediation +```powershell +Remove-AzPolicyRemediation -ResourceGroupName "myRG" -Name "remediation1" -AllowStop +``` + +This command deletes the remediation named 'remediation1' in resource group 'myRG'. If the remediation is in-progress it will be canceled before being deleted. + + +#### Start-AzPolicyRemediation + +#### SYNOPSIS +Creates and starts a policy remediation for a policy assignment. + +#### SYNTAX + ++ ByName (Default) +```powershell +Start-AzPolicyRemediation -Name [-Scope ] [-ManagementGroupName ] + [-ResourceGroupName ] -PolicyAssignmentId [-PolicyDefinitionReferenceId ] + [-LocationFilter ] [-ResourceDiscoveryMode ] [-ResourceCount ] + [-ParallelDeploymentCount ] [-FailureThreshold ] [-AsJob] + [-DefaultProfile ] [-WhatIf] [-Confirm] [] +``` + ++ ByResourceId +```powershell +Start-AzPolicyRemediation -ResourceId -PolicyAssignmentId + [-PolicyDefinitionReferenceId ] [-LocationFilter ] [-ResourceDiscoveryMode ] + [-ResourceCount ] [-ParallelDeploymentCount ] [-FailureThreshold ] [-AsJob] + [-DefaultProfile ] [-WhatIf] [-Confirm] [] +``` + +#### EXAMPLES + ++ Example 1: Start a remediation at subscription scope +```powershell +$policyAssignmentId = "/subscriptions/f0710c27-9663-4c05-19f8-1b4be01e86a5/providers/Microsoft.Authorization/policyAssignments/2deae24764b447c29af7c309" +Set-AzContext -Subscription "My Subscription" +Start-AzPolicyRemediation -PolicyAssignmentId $policyAssignmentId -Name "remediation1" +``` + +This command creates a new policy remediation in subscription 'My Subscription' for the given policy assignment. + ++ Example 2: Start a remediation at management group scope with optional filters +```powershell +$policyAssignmentId = "/providers/Microsoft.Management/managementGroups/mg1/providers/Microsoft.Authorization/policyAssignments/pa1" +Start-AzPolicyRemediation -ManagementGroupName "mg1" -PolicyAssignmentId $policyAssignmentId -Name "remediation1" -LocationFilter "westus","eastus" +``` + +This command creates a new policy remediation in management group 'mg1' for the given policy assignment. Only resources in the 'westus' or 'eastus' locations will be remediated. + ++ Example 3: Start a remediation at resource group scope for a policy set definition assignment +```powershell +$policyAssignmentId = "/subscriptions/f0710c27-9663-4c05-19f8-1b4be01e86a5/resourceGroups/myRG/providers/Microsoft.Authorization/policyAssignments/2deae24764b447c29af7c309" +Start-AzPolicyRemediation -ResourceGroupName "myRG" -PolicyAssignmentId $policyAssignmentId -PolicyDefinitionReferenceId "0349234412441" -Name "remediation1" +``` + +This command creates a new policy remediation in resource group 'myRG' for the given policy assignment. The policy assignment assigns a policy set definition (also known as an initiative). The policy definition reference ID indicates which policy within the initiative should be remediated. + ++ Example 4: Start a remediation and wait for it to complete in the background +```powershell +$policyAssignmentId = "/subscriptions/f0710c27-9663-4c05-19f8-1b4be01e86a5/providers/Microsoft.Authorization/policyAssignments/2deae24764b447c29af7c309" +Set-AzContext -Subscription f0710c27-9663-4c05-19f8-1b4be01e86a5 +$job = Start-AzPolicyRemediation -PolicyAssignmentId $policyAssignmentId -Name "remediation1" -AsJob +$job | Wait-Job +$remediation = $job | Receive-Job +``` + +This command starts a new policy remediation in subscription 'My Subscription' for the given policy assignment. It will wait for the remediation to complete before returning the final remediation status. + ++ Example 5: Start a remediation that will discover non-compliant resources before remediating +```powershell +$policyAssignmentId = "/subscriptions/f0710c27-9663-4c05-19f8-1b4be01e86a5/providers/Microsoft.Authorization/policyAssignments/2deae24764b447c29af7c309" +Set-AzContext -Subscription "My Subscription" +Start-AzPolicyRemediation -PolicyAssignmentId $policyAssignmentId -Name "remediation1" -ResourceDiscoveryMode ReEvaluateCompliance +``` + +This command creates a new policy remediation in subscription 'My Subscription' for the given policy assignment. The compliance state of resources in the subscription will be re-evaluated against the policy assignment and non-compliant resources will be remediated. + ++ Example 6: Start a remediation that will remediate up to 10,000 non-compliant resources +```powershell +$policyAssignmentId = "/subscriptions/f0710c27-9663-4c05-19f8-1b4be01e86a5/providers/Microsoft.Authorization/policyAssignments/2deae24764b447c29af7c309" +Set-AzContext -Subscription "My Subscription" +Start-AzPolicyRemediation -PolicyAssignmentId $policyAssignmentId -Name "remediation1" -ResourceCount 10000 +``` + ++ Example 7: Start a remediation that will remediate 30 resources in parallel +```powershell +$policyAssignmentId = "/subscriptions/f0710c27-9663-4c05-19f8-1b4be01e86a5/providers/Microsoft.Authorization/policyAssignments/2deae24764b447c29af7c309" +Set-AzContext -Subscription "My Subscription" +Start-AzPolicyRemediation -PolicyAssignmentId $policyAssignmentId -Name "remediation1" -ParallelDeploymentCount 30 +``` + ++ Example 8: Start a remediation that will terminate if more than half of the remediation deployments fail +```powershell +$policyAssignmentId = "/subscriptions/f0710c27-9663-4c05-19f8-1b4be01e86a5/providers/Microsoft.Authorization/policyAssignments/2deae24764b447c29af7c309" +Set-AzContext -Subscription "My Subscription" +Start-AzPolicyRemediation -PolicyAssignmentId $policyAssignmentId -Name "remediation1" -FailureThreshold 0.5 +``` + + +#### Stop-AzPolicyRemediation + +#### SYNOPSIS +Cancels an in-progress policy remediation. + +#### SYNTAX + ++ ByName (Default) +```powershell +Stop-AzPolicyRemediation -Name [-Scope ] [-ManagementGroupName ] + [-ResourceGroupName ] [-AsJob] [-PassThru] [-DefaultProfile ] [-WhatIf] + [-Confirm] [] +``` + ++ ByResourceId +```powershell +Stop-AzPolicyRemediation -ResourceId [-AsJob] [-PassThru] [-DefaultProfile ] + [-WhatIf] [-Confirm] [] +``` + ++ ByInputObject +```powershell +Stop-AzPolicyRemediation -InputObject [-AsJob] [-PassThru] + [-DefaultProfile ] [-WhatIf] [-Confirm] [] +``` + +#### EXAMPLES + ++ Example 1: Cancel a policy remediation at resource group scope +```powershell +Stop-AzPolicyRemediation -ResourceGroupName "myRG" -Name "remediation1" +``` + +This command cancels the remediation named 'remediation1' in resource group 'myRG'. + ++ Example 2: Cancel a management group remediation via piping +```powershell +$remediation = Get-AzPolicyRemediation -ManagementGroupName "mg1" -Name "remediation1" +$remediation | Stop-AzPolicyRemediation +``` + +This command cancels the remediation named 'remediation1' in management group 'mg1'. + + +#### Get-AzPolicyState + +#### SYNOPSIS +Gets policy compliance states for resources. + +#### SYNTAX + ++ SubscriptionScope (Default) +```powershell +Get-AzPolicyState [-All] [-SubscriptionId ] [-Top ] [-OrderBy ] [-Select ] + [-From ] [-To ] [-Filter ] [-Apply ] + [-DefaultProfile ] [] +``` + ++ ManagementGroupScope +```powershell +Get-AzPolicyState [-All] -ManagementGroupName [-Top ] [-OrderBy ] [-Select ] + [-From ] [-To ] [-Filter ] [-Apply ] + [-DefaultProfile ] [] +``` + ++ ResourceGroupScope +```powershell +Get-AzPolicyState [-All] [-SubscriptionId ] -ResourceGroupName [-Top ] + [-OrderBy ] [-Select ] [-From ] [-To ] [-Filter ] + [-Apply ] [-DefaultProfile ] [] +``` + ++ ResourceScope +```powershell +Get-AzPolicyState [-All] -ResourceId [-Top ] [-OrderBy ] [-Select ] + [-From ] [-To ] [-Filter ] [-Apply ] [-Expand ] + [-DefaultProfile ] [] +``` + ++ PolicySetDefinitionScope +```powershell +Get-AzPolicyState [-All] [-SubscriptionId ] -PolicySetDefinitionName [-Top ] + [-OrderBy ] [-Select ] [-From ] [-To ] [-Filter ] + [-Apply ] [-DefaultProfile ] [] +``` + ++ PolicyDefinitionScope +```powershell +Get-AzPolicyState [-All] [-SubscriptionId ] -PolicyDefinitionName [-Top ] + [-OrderBy ] [-Select ] [-From ] [-To ] [-Filter ] + [-Apply ] [-DefaultProfile ] [] +``` + ++ SubscriptionLevelPolicyAssignmentScope +```powershell +Get-AzPolicyState [-All] [-SubscriptionId ] -PolicyAssignmentName [-Top ] + [-OrderBy ] [-Select ] [-From ] [-To ] [-Filter ] + [-Apply ] [-DefaultProfile ] [] +``` + ++ ResourceGroupLevelPolicyAssignmentScope +```powershell +Get-AzPolicyState [-All] [-SubscriptionId ] -ResourceGroupName -PolicyAssignmentName + [-Top ] [-OrderBy ] [-Select ] [-From ] [-To ] [-Filter ] + [-Apply ] [-DefaultProfile ] [] +``` + +#### EXAMPLES + ++ Example 1: Get latest policy states in current subscription scope +```powershell +Get-AzPolicyState +``` + +Gets latest policy state records generated in the last day for all resources within the subscription in current session context. + ++ Example 2: Get latest policy states in the specified subscription scope +```powershell +Get-AzPolicyState -SubscriptionId "fff10b27-fff3-fff5-fff8-fffbe01e86a5" +``` + +Gets latest policy state records generated in the last day for all resources within the specified subscription. + ++ Example 3: Get all policy states in current subscription scope +```powershell +Get-AzPolicyState -All +``` + +Gets all historical policy state records (including latest) generated in the last day for all resources within the subscription in current session context. + ++ Example 4: Get latest policy states in management group scope +```powershell +Get-AzPolicyState -ManagementGroupName "myManagementGroup" +``` + +Gets latest policy state records generated in the last day for all resources within the specified management group. + ++ Example 5: Get latest policy states in resource group scope in current subscription +```powershell +Get-AzPolicyState -ResourceGroupName "myResourceGroup" +``` + +Gets latest policy state records generated in the last day for all resources within the specified resource group (in the subscription in current session context). + ++ Example 6: Get latest policy states in resource group scope in the specified subscription +```powershell +Get-AzPolicyState -SubscriptionId "fff10b27-fff3-fff5-fff8-fffbe01e86a5" -ResourceGroupName "myResourceGroup" +``` + +Gets latest policy state records generated in the last day for all resources within the specified resource group (in the specified subscription). + ++ Example 7: Get latest policy states for a resource +```powershell +Get-AzPolicyState -ResourceId "/subscriptions/fff10b27-fff3-fff5-fff8-fffbe01e86a5/resourceGroups/myResourceGroup/providers/Microsoft.EventHub/namespaces/myns1/eventhubs/eh1/consumergroups/cg1" +``` + +Gets latest policy state records generated in the last day for the specified resource. + ++ Example 8: Get latest policy states for a policy set definition in current subscription +```powershell +Get-AzPolicyState -PolicySetDefinitionName "fff58873-fff8-fff5-fffc-fffbe7c9d697" +``` + +Gets latest policy state records generated in the last day for all resources (within the tenant in current session context) effected by the specified policy set definition (that exists in the subscription in current session context). + ++ Example 9: Get latest policy states for a policy set definition in the specified subscription +```powershell +Get-AzPolicyState -SubscriptionId "fff10b27-fff3-fff5-fff8-fffbe01e86a5" -PolicySetDefinitionName "fff58873-fff8-fff5-fffc-fffbe7c9d697" +``` + +Gets latest policy state records generated in the last day for all resources (within the tenant in current session context) effected by the specified policy set definition (that exists in the specified subscription). + ++ Example 10: Get latest policy states for a policy definition in current subscription +```powershell +Get-AzPolicyState -PolicyDefinitionName "fff58873-fff8-fff5-fffc-fffbe7c9d697" +``` + +Gets latest policy state records generated in the last day for all resources (within the tenant in current session context) effected by the specified policy definition (that exists in the subscription in current session context). + ++ Example 11: Get latest policy states for a policy definition in the specified subscription +```powershell +Get-AzPolicyState -SubscriptionId "fff10b27-fff3-fff5-fff8-fffbe01e86a5" -PolicyDefinitionName "fff58873-fff8-fff5-fffc-fffbe7c9d697" +``` + +Gets latest policy state records generated in the last day for all resources (within the tenant in current session context) effected by the specified policy definition (that exists in the specified subscription). + ++ Example 12: Get latest policy states for a policy assignment in current subscription +```powershell +Get-AzPolicyState -PolicyAssignmentName "ddd8ef92e3714a5ea3d208c1" +``` + +Gets latest policy state records generated in the last day for all resources (within the tenant in current session context) effected by the specified policy assignment (that exists at subscription scope in the subscription in current session context). + ++ Example 13: Get latest policy states for a policy assignment with the same scope as the specified subscription +```powershell +Get-AzPolicyState -SubscriptionId "fff10b27-fff3-fff5-fff8-fffbe01e86a5" -PolicyAssignmentName "ddd8ef92e3714a5ea3d208c1" +``` + +Gets latest policy state records generated in the last day for all resources (within the tenant in current session context) effected by the specified policy assignment (that exists at subscription scope in the specified subscription). + ++ Example 14: Get latest policy states for a policy assignment in the specified resource group in the current subscription +```powershell +Get-AzPolicyState -ResourceGroupName "myResourceGroup" -PolicyAssignmentName "ddd8ef92e3714a5ea3d208c1" +``` + +Gets latest policy state records generated in the last day for all resources (within the tenant in current session context) effected by the specified policy assignment (that exists in the resource group in the subscription in current session context). + ++ Example 15: Get latest policy states in current subscription scope, with OrderBy, Top and Select query options +```powershell +Get-AzPolicyState -OrderBy "Timestamp desc, PolicyAssignmentName asc" -Top 5 -Select "Timestamp, ResourceId, PolicyAssignmentId, PolicySetDefinitionId, PolicyDefinitionId, IsCompliant" +``` + +Gets latest policy state records generated in the last day for all resources within the subscription in current session context. +The command orders the results by timestamp and policy assignment name properties, and takes only top 5 of those listed in that order. +It also selects to list only a subset of the columns for each record. + ++ Example 16: Get latest policy states in current subscription scope, with From and To query options +```powershell +Get-AzPolicyState -From "2018-03-08 00:00:00Z" -To "2018-03-15 00:00:00Z" +``` + +Gets latest policy state records generated within the date range specified for all resources within the subscription in current session context. + ++ Example 17: Get latest policy states in current subscription scope, with Filter query option +```powershell +Get-AzPolicyState -Filter "(PolicyDefinitionAction eq 'deny' or PolicyDefinitionAction eq 'audit') and ComplianceState eq 'NonCompliant' and ResourceLocation ne 'eastus'" +``` + +Gets latest policy state records generated in the last day for all resources within the subscription in current session context. +The command limits the results returned by filtering based on policy definition action (includes deny or audit actions), compliance status (includes only non-compliant status) and resource location (excludes eastus location). + ++ Example 18: Get latest policy states in current subscription scope, with Apply specifying row count aggregation +```powershell +Get-AzPolicyState -Apply "aggregate(`$count as NumberOfRecords)" +``` + +Gets the number of latest policy state records generated in the last day for all resources within the subscription in current session context. +The command returns the count of the policy state records only, which is returned inside AdditionalProperties property. + ++ Example 19: Get latest policy states in current subscription scope, with Apply specifying grouping with aggregation +```powershell +Get-AzPolicyState -Filter "ComplianceState eq 'NonCompliant'" -Apply "groupby((PolicyAssignmentId, PolicySetDefinitionId, PolicyDefinitionReferenceId, PolicyDefinitionId), aggregate(`$count as NumStates))" -OrderBy "NumStates desc" -Top 5 +``` + +Gets latest policy state records generated in the last day for all resources within the subscription in current session context. +The command limits the results returned by filtering based on compliance status (includes only non-compliant status). +It groups the results based on policy assignment, policy set definition, and policy definition, and computes the number of records in each group, which is returned inside AdditionalProperties property. +It orders the results by the count aggregation in descending order, and takes only top 5 of those listed in that order. + ++ Example 20: Get latest policy states in current subscription scope, with Apply specifying grouping without aggregation +```powershell +Get-AzPolicyState -Filter "ComplianceState eq 'NonCompliant'" -Apply "groupby((ResourceId))" +``` + +Gets latest policy state records generated in the last day for all resources within the subscription in current session context. +The command limits the results returned by filtering based on compliance status (includes only non-compliant status). +It groups the results based on resource id. +This generates the list of all resources within the subscription that are non-compliant for at least one policy. + ++ Example 21: Get latest policy states in current subscription scope, with Apply specifying multiple groupings +```powershell +Get-AzPolicyState -Filter "ComplianceState eq 'NonCompliant'" -Apply "groupby((PolicyAssignmentId, PolicySetDefinitionId, PolicyDefinitionReferenceId, PolicyDefinitionId, ResourceId))/groupby((PolicyAssignmentId, PolicySetDefinitionId, PolicyDefinitionReferenceId, PolicyDefinitionId), aggregate(`$count as NumNonCompliantResources))" -OrderBy "NumNonCompliantResources desc" -Top 5 +``` + +Gets latest policy state records generated in the last day for all resources within the subscription in current session context. +The command limits the results returned by filtering based on compliance status (includes only non-compliant status). +It groups the results first based on policy assignment, policy set definition, policy definition, and resource id. +Then, it further groups the results of this grouping with the same properties except for resource id, and computes the number of records in each of these groups, which is returned inside AdditionalProperties property. +It orders the results by the count aggregation in descending order, and takes only top 5 of those listed in that order. +This generates the top 5 policies with the most number of non-compliant resources. + ++ Example 22: Get latest policy states including policy evaluation details for a resource +```powershell +Get-AzPolicyState -ResourceId "/subscriptions/fff10b27-fff3-fff5-fff8-fffbe01e86a5/resourceGroups/myResourceGroup/providers/Microsoft.EventHub/namespaces/myns1/eventhubs/eh1/consumergroups/cg1" -Expand "PolicyEvaluationDetails" +``` + +Gets latest policy state records generated in the last day for the specified resource and expand policyEvaluationDetails. + ++ Example 23: Get latest component policy states for a resource (eg. vault) given a resource provider mode policy assignment +```powershell +Get-AzPolicyState -ResourceId "/subscriptions/fff10b27-fff3-fff5-fff8-fffbe01e86a5/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myvault" -Filter "policyAssignmentId eq '/subscriptions/fff10b27-fff3-fff5-fff8-fffbe01e86a5/providers/Microsoft.Authorization/policyAssignments/ddd8ef92e3714a5ea3d208c1'" -Expand "Components(`$filter=ComplianceState eq 'NonCompliant' or ComplianceState eq 'Compliant')" +``` + +Gets latest component policy state records generated in the last day for the specified resource, given a resource provider mode policy assignment that references a resource provider mode policy definition. + ++ Example 24: Get latest component policy states for a resource (eg. vault) given a policy initiative assignment that contains a resource provider mode policy definition +```powershell +Get-AzPolicyState -ResourceId "/subscriptions/fff10b27-fff3-fff5-fff8-fffbe01e86a5/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myvault" -Filter "policyAssignmentId eq '/subscriptions/fff10b27-fff3-fff5-fff8-fffbe01e86a5/providers/Microsoft.Authorization/policyAssignments/ddd8ef92e3714a5ea3d208c1' and policyDefinitionReferenceId eq 'myResourceProviderModeDefinitionReferenceId'" -Expand "Components(`$filter=ComplianceState eq 'NonCompliant' or ComplianceState eq 'Compliant')" +``` + +Gets latest component policy state records generated in the last day for the specified resource, given a resource provider mode policy assignment that references an initiative containing a resource provider mode policy definition. + ++ Example 25: Get latest component counts by compliance state for a resource (eg. vault) given a resource provider mode policy assignment +```powershell +Get-AzPolicyState -ResourceId "/subscriptions/fff10b27-fff3-fff5-fff8-fffbe01e86a5/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myvault" -Filter "policyAssignmentId eq '/subscriptions/fff10b27-fff3-fff5-fff8-fffbe01e86a5/providers/Microsoft.Authorization/policyAssignments/ddd8ef92e3714a5ea3d208c1'" -Expand "Components(`$filter=ComplianceState eq 'NonCompliant' or ComplianceState eq 'Compliant' or ComplianceState eq 'Conflict';`$apply=groupby((complianceState),aggregate(`$count as count)))" +``` + +Gets latest component counts generated in the last day grouped by compliance state for the specified resource, given a resource provider mode policy assignment. + ++ Example 26: Get policy states for a management group scope policy assignment +```powershell +Get-AzPolicyState -SubscriptionId "fff10b27-fff3-fff5-fff8-fffbe01e86a5" -Filter "policyAssignmentId eq '/providers/Microsoft.Management/managementGroups/myManagementGroup/providers/Microsoft.Authorization/policyAssignments/ddd8ef92e3714a5ea3d208c1'" +``` + +Gets latest policy state records generated in the last day for all resources (within the tenant in current session context) in the specified subscription affected by the specified policy assignment (which is assigned to a management group which is an ancestor of the specified subscription). + + +#### Get-AzPolicyStateSummary + +#### SYNOPSIS +Gets latest policy compliance states summary for resources. + +#### SYNTAX + ++ SubscriptionScope (Default) +```powershell +Get-AzPolicyStateSummary [-SubscriptionId ] [-Top ] [-From ] [-To ] + [-Filter ] [-DefaultProfile ] [] +``` + ++ ManagementGroupScope +```powershell +Get-AzPolicyStateSummary -ManagementGroupName [-Top ] [-From ] [-To ] + [-Filter ] [-DefaultProfile ] [] +``` + ++ ResourceGroupScope +```powershell +Get-AzPolicyStateSummary [-SubscriptionId ] -ResourceGroupName [-Top ] + [-From ] [-To ] [-Filter ] [-DefaultProfile ] + [] +``` + ++ PolicySetDefinitionScope +```powershell +Get-AzPolicyStateSummary [-SubscriptionId ] -PolicySetDefinitionName [-Top ] + [-From ] [-To ] [-Filter ] [-DefaultProfile ] + [] +``` + ++ PolicyDefinitionScope +```powershell +Get-AzPolicyStateSummary [-SubscriptionId ] -PolicyDefinitionName [-Top ] + [-From ] [-To ] [-Filter ] [-DefaultProfile ] + [] +``` + ++ SubscriptionLevelPolicyAssignmentScope +```powershell +Get-AzPolicyStateSummary [-SubscriptionId ] -PolicyAssignmentName [-Top ] + [-From ] [-To ] [-Filter ] [-DefaultProfile ] + [] +``` + ++ ResourceGroupLevelPolicyAssignmentScope +```powershell +Get-AzPolicyStateSummary [-SubscriptionId ] -ResourceGroupName -PolicyAssignmentName + [-Top ] [-From ] [-To ] [-Filter ] + [-DefaultProfile ] [] +``` + ++ ResourceScope +```powershell +Get-AzPolicyStateSummary -ResourceId [-Top ] [-From ] [-To ] + [-Filter ] [-DefaultProfile ] [] +``` + +#### EXAMPLES + ++ Example 1: Get latest non-compliant policy states summary in current subscription scope +```powershell +Get-AzPolicyStateSummary +``` + +Gets the summary view of latest policy compliance states generated in the last day for all resources within the subscription in current session context. + ++ Example 2: Get latest non-compliant policy states summary in the specified subscription scope +```powershell +Get-AzPolicyStateSummary -SubscriptionId "fff10b27-fff3-fff5-fff8-fffbe01e86a5" +``` + +Gets the summary view of latest policy compliance states generated in the last day for all resources within the specified subscription. + ++ Example 3: Get latest non-compliant policy states summary in management group scope +```powershell +Get-AzPolicyStateSummary -ManagementGroupName "myManagementGroup" +``` + +Gets the summary view of latest policy compliance states generated in the last day for all resources within the specified management group. + ++ Example 4: Get latest non-compliant policy states summary in resource group scope in current subscription +```powershell +Get-AzPolicyStateSummary -ResourceGroupName "myResourceGroup" +``` + +Gets the summary view of latest policy compliance states generated in the last day for all resources within the specified resource group (in the subscription in current session context). + ++ Example 5: Get latest non-compliant policy states summary in resource group scope in the specified subscription +```powershell +Get-AzPolicyStateSummary -SubscriptionId "fff10b27-fff3-fff5-fff8-fffbe01e86a5" -ResourceGroupName "myResourceGroup" +``` + +Gets the summary view of latest policy compliance states generated in the last day for all resources within the specified resource group (in the specified subscription). + ++ Example 6: Get latest non-compliant policy states summary for a resource +```powershell +Get-AzPolicyStateSummary -ResourceId "/subscriptions/fff10b27-fff3-fff5-fff8-fffbe01e86a5/resourceGroups/myResourceGroup/providers/Microsoft.EventHub/namespaces/myns1/eventhubs/eh1/consumergroups/cg1" +``` + +Gets the summary view of latest policy compliance states generated in the last day for the specified resource. + ++ Example 7: Get latest non-compliant policy states summary for a policy set definition in current subscription +```powershell +Get-AzPolicyStateSummary -PolicySetDefinitionName "fff58873-fff8-fff5-fffc-fffbe7c9d697" +``` + +Gets the summary view of latest policy compliance states generated in the last day for all resources (within the tenant in current session context) effected by the specified policy set definition (that exists in the subscription in current session context). + ++ Example 8: Get latest non-compliant policy states summary for a policy set definition in the specified subscription +```powershell +Get-AzPolicyStateSummary -SubscriptionId "fff10b27-fff3-fff5-fff8-fffbe01e86a5" -PolicySetDefinitionName "fff58873-fff8-fff5-fffc-fffbe7c9d697" +``` + +Gets the summary view of latest policy compliance states generated in the last day for all resources (within the tenant in current session context) effected by the specified policy set definition (that exists in the specified subscription). + ++ Example 9: Get latest non-compliant policy states summary for a policy definition in current subscription +```powershell +Get-AzPolicyStateSummary -PolicyDefinitionName "fff58873-fff8-fff5-fffc-fffbe7c9d697" +``` + +Gets the summary view of latest policy compliance states generated in the last day for all resources (within the tenant in current session context) effected by the specified policy definition (that exists in the subscription in current session context). + ++ Example 10: Get latest non-compliant policy states summary for a policy definition in the specified subscription +```powershell +Get-AzPolicyStateSummary -SubscriptionId "fff10b27-fff3-fff5-fff8-fffbe01e86a5" -PolicyDefinitionName "fff58873-fff8-fff5-fffc-fffbe7c9d697" +``` + +Gets the summary view of latest policy compliance states generated in the last day for all resources (within the tenant in current session context) effected by the specified policy definition (that exists in the specified subscription). + ++ Example 11: Get latest non-compliant policy states summary for a policy assignment in current subscription +```powershell +Get-AzPolicyStateSummary -PolicyAssignmentName "ddd8ef92e3714a5ea3d208c1" +``` + +Gets the summary view of latest policy compliance states generated in the last day for all resources (within the tenant in current session context) effected by the specified policy assignment (that exists in the subscription in current session context). + ++ Example 12: Get latest non-compliant policy states summary for a policy assignment in the specified subscription +```powershell +Get-AzPolicyStateSummary -SubscriptionId "fff10b27-fff3-fff5-fff8-fffbe01e86a5" -PolicyAssignmentName "ddd8ef92e3714a5ea3d208c1" +``` + +Gets the summary view of latest policy compliance states generated in the last day for all resources (within the tenant in current session context) effected by the specified policy assignment (that exists in the specified subscription). + ++ Example 13: Get latest non-compliant policy states summary for a policy assignment in the specified resource group in the current subscription +```powershell +Get-AzPolicyStateSummary -ResourceGroupName "myResourceGroup" -PolicyAssignmentName "ddd8ef92e3714a5ea3d208c1" +``` + +Gets the summary view of latest policy compliance states generated in the last day for all resources (within the tenant in current session context) effected by the specified policy assignment (that exists in the resource group in the subscription in current session context). + ++ Example 14: Get latest non-compliant policy states summary in current subscription scope, with Top query option +```powershell +Get-AzPolicyStateSummary -Top 5 +``` + +Gets the summary view of latest policy compliance states generated in the last day for all resources within the subscription in current session context. +The command orders the policy assignment summaries in the results by non-compliant resource counts in descending order, and takes only top 5 of those policy assignment summaries. + ++ Example 15: Get latest non-compliant policy states summary in current subscription scope, with From and To query options +```powershell +Get-AzPolicyStateSummary -From "2018-03-08 00:00:00Z" -To "2018-03-15 00:00:00Z" +``` + +Gets the summary view of latest policy compliance states generated within the date range specified for all resources within the subscription in current session context. + ++ Example 16: Get latest non-compliant policy states summary in current subscription scope, with Filter query option +```powershell +Get-AzPolicyStateSummary -Filter "(PolicyDefinitionAction eq 'deny' or PolicyDefinitionAction eq 'audit') and ResourceLocation ne 'eastus'" +``` + +Gets the summary view of latest policy compliance states generated in the last day for all resources within the subscription in current session context. +The command limits the results returned by filtering based on policy definition action (includes deny or audit actions), and resource location (excludes eastus location). + + diff --git a/src/PolicyInsights/PolicyInsights/help/Get-AzPolicyAttestation.md b/src/PolicyInsights/PolicyInsights/help/Get-AzPolicyAttestation.md new file mode 100644 index 000000000000..06a5da23c546 --- /dev/null +++ b/src/PolicyInsights/PolicyInsights/help/Get-AzPolicyAttestation.md @@ -0,0 +1,219 @@ +--- +external help file: Microsoft.Azure.PowerShell.Cmdlets.PolicyInsights.dll-Help.xml +Module Name: Az.PolicyInsights +online version: +schema: 2.0.0 +--- + +# Get-AzPolicyAttestation + +## SYNOPSIS +Gets policy attestations. + +## SYNTAX + +### SubscriptionScope (Default) +``` +Get-AzPolicyAttestation [-Top ] [-Filter ] [-DefaultProfile ] + [] +``` + +### ByName +``` +Get-AzPolicyAttestation -Name [-Scope ] [-ResourceGroupName ] + [-DefaultProfile ] [] +``` + +### GenericScope +``` +Get-AzPolicyAttestation -Scope [-Top ] [-Filter ] + [-DefaultProfile ] [] +``` + +### ResourceGroupScope +``` +Get-AzPolicyAttestation -ResourceGroupName [-Top ] [-Filter ] + [-DefaultProfile ] [] +``` + +### ByResourceId +``` +Get-AzPolicyAttestation -ResourceId [-DefaultProfile ] [] +``` + +## DESCRIPTION +The **Get-AzPolicyAttestation** cmdlet gets all policy attestations in a scope or a particular attestation. + +## EXAMPLES + +### Example 1: Get all policy attestations in the current subscription +```powershell +Set-AzContext -Subscription "MySubscription" +Get-AzPolicyAttestation +``` + +This command gets all the attestations created at or underneath a subscription named "My Subscription". + +### Example 2: Get a specific policy attestation +```powershell +Get-AzPolicyAttestation -ResourceGroupName "myResourceGroup" -Name "attestation1" +``` + +This command gets the attestation named 'attestation1' at the resource group 'myResourceGroup'. + +### Example 3: Get 5 policy attestations in a subscription with optional filters +```powershell +Set-AzContext -Subscription "MySubscription" +Get-PolicyAttestation -Top 5 -Filter "PolicyAssignmentId eq '/subscriptions/49c37404-cef8-46b2-ba72-fa8419c82ed5/providers/Microsoft.Authorization/policyAssignments/0774f87b3af94c1399d3ee52" +``` + +This command gets a max of 5 policy attestations underneath the subscription named 'My Subscription'. Only policy attestations for the given policy assignment will be retrieved. + +## PARAMETERS + +### -DefaultProfile +The credentials, account, tenant, and subscription used for communication with Azure. + +```yaml +Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer +Parameter Sets: (All) +Aliases: AzContext, AzureRmContext, AzureCredential + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Filter +Filter expression using OData notation. + +```yaml +Type: System.String +Parameter Sets: SubscriptionScope, GenericScope, ResourceGroupScope +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Name +Resource name. + +```yaml +Type: System.String +Parameter Sets: ByName +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ResourceGroupName +Resource group name. + +```yaml +Type: System.String +Parameter Sets: ByName +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +```yaml +Type: System.String +Parameter Sets: ResourceGroupScope +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ResourceId +Resource ID. + +```yaml +Type: System.String +Parameter Sets: ByResourceId +Aliases: Id + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Scope +Scope of the resource. +E.g. +'/subscriptions/{subscriptionId}/resourceGroups/{rgName}'. + +```yaml +Type: System.String +Parameter Sets: ByName +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +```yaml +Type: System.String +Parameter Sets: GenericScope +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Top +Maximum number of records to return. +If not provided, the maximum number of records returned is determined by the Azure Policy service (currently 1000). + +```yaml +Type: System.Int32 +Parameter Sets: SubscriptionScope, GenericScope, ResourceGroupScope +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String + +## OUTPUTS + +### Microsoft.Azure.Commands.PolicyInsights.Models.Attestations.PSAttestation + +## NOTES + +## RELATED LINKS diff --git a/src/PolicyInsights/PolicyInsights/help/Get-AzPolicyState.md b/src/PolicyInsights/PolicyInsights/help/Get-AzPolicyState.md index e49451fec176..a29298fe33d7 100644 --- a/src/PolicyInsights/PolicyInsights/help/Get-AzPolicyState.md +++ b/src/PolicyInsights/PolicyInsights/help/Get-AzPolicyState.md @@ -61,7 +61,7 @@ Get-AzPolicyState [-All] [-SubscriptionId ] -PolicyAssignmentName ] [-DefaultProfile ] [] ``` -### ResourceGroupscopePolicyAssignmentScope +### ResourceGroupLevelPolicyAssignmentScope ``` Get-AzPolicyState [-All] [-SubscriptionId ] -ResourceGroupName -PolicyAssignmentName [-Top ] [-OrderBy ] [-Select ] [-From ] [-To ] [-Filter ] diff --git a/src/PolicyInsights/PolicyInsights/help/New-AzPolicyAttestation.md b/src/PolicyInsights/PolicyInsights/help/New-AzPolicyAttestation.md new file mode 100644 index 000000000000..70445dd632ec --- /dev/null +++ b/src/PolicyInsights/PolicyInsights/help/New-AzPolicyAttestation.md @@ -0,0 +1,376 @@ +--- +external help file: Microsoft.Azure.PowerShell.Cmdlets.PolicyInsights.dll-Help.xml +Module Name: Az.PolicyInsights +online version: +schema: 2.0.0 +--- + +# New-AzPolicyAttestation + +## SYNOPSIS +Creates a new policy attestation for a policy assignment. + +## SYNTAX + +### ByName (Default) +``` +New-AzPolicyAttestation -Name [-Scope ] [-ResourceGroupName ] + -PolicyAssignmentId [-ComplianceState ] [-PolicyDefinitionReferenceId ] + [-ExpiresOn ] [-Owner ] [-Comment ] [-Evidence ] + [-AssessmentDate ] [-Metadata ] [-DefaultProfile ] [-WhatIf] + [-Confirm] [] +``` + +### ByResourceId +``` +New-AzPolicyAttestation -ResourceId -PolicyAssignmentId [-ComplianceState ] + [-PolicyDefinitionReferenceId ] [-ExpiresOn ] [-Owner ] [-Comment ] + [-Evidence ] [-AssessmentDate ] [-Metadata ] + [-DefaultProfile ] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **New-AzPolicyAttestation** cmdlet creates a policy attestation for a particular policy assignment. Attestations are used by Azure Policy to set compliance states of resources or scopes targeted by manual policies. They also allow users to provide additional metadata or link to evidence which accompanies the attested compliance state. + +## EXAMPLES + +### Example 1: Create an attestation at subscription scope +```powershell +Set-AzContext -Subscription "My Subscription" +$policyAssignmentId = "/subscriptions/49c37404-cef8-46b2-ba72-fa8419c82ed5/providers/Microsoft.Authorization/policyAssignments/0774f87b3af94c1399d3ee52" +$attestationName = "attestation-subscription" +New-AzPolicyAttestation -PolicyAssignmentId $policyAssignmentId -Name $attestationName -ComplianceState "Compliant" +``` + +This command creates a new policy attestation at subscription 'My Subscription' for the given policy assignment. + +>**Note:** +>This command creates an attestation for the subscription and not the resources underneath it. For ease of management, manual policies should be designed to target the scope which defines the boundary of resources whose compliance state needs to be attested. In this case, the manual policy should be targeting `Microsoft.Resources/subscriptions`. For more information, go to https://learn.microsoft.com/en-us/azure/governance/policy/concepts/attestation-structure to understand the best practices for creating attestations. + +### Example 2: Create an attestation at resource group +```powershell +$policyAssignmentId = "/subscriptions/49c37404-cef8-46b2-ba72-fa8419c82ed5/providers/Microsoft.Authorization/policyAssignments/0774f87b3af94c1399d3ee52" +$attestationName = "attestation-RG" +$rgName = "myRG" +New-AzPolicyAttestation -ResourceGroupName $RGName -PolicyAssignmentId $policyAssignmentId -Name $attestationName -ComplianceState "Compliant" +``` + +This command creates a new policy attestation at the resource group 'myRG' for the given policy assignment. + +>**Note:** +>This command creates an attestation for the resource group and not the resources underneath it. For ease of management, manual policies should be designed to target the scope which defines the boundary of resources whose compliance state needs to be attested. In this case, the manual policy should be targeting `Microsoft.Resources/subscriptions/resourceGroups`. For more information, go to https://learn.microsoft.com/en-us/azure/governance/policy/concepts/attestation-structure to understand the best practices for creating attestations. + +### Example 3: Create an attestation at resource +```powershell +$policyAssignmentId = "/subscriptions/49c37404-cef8-46b2-ba72-fa8419c82ed5/providers/Microsoft.Authorization/policyAssignments/0774f87b3af94c1399d3ee52" +$attestationName = "attestation-resource" +$scope = "/subscriptions/49c37404-cef8-46b2-ba72-fa8419c82ed5/resourceGroups/myRG/providers/Microsoft.Network/virtualNetworks/Test-VN" +New-AzPolicyAttestation ` + -PolicyAssignmentId $policyAssignmentId ` + -Name $attestationName ` + -Scope $scope ` + -ComplianceState "NonCompliant" +``` + +This command creates an attestation for the resource 'Test-VN' for the given policy assignment. + +### Example 4: Create an attestation with all properties at resource group +``` +$attestationName = "attestationRG" +$policyInitiativeAssignmentId = "/subscriptions/49c37404-cef8-46b2-ba72-fa8419c82ed5/resourceGroups/myRG/providers/Microsoft.Authorization/policyAssignments/74067f0991764e9882a046e0" +$policyDefinitionReferenceId = "PS: Manual Policy (RG)_1" + +$description = "This is a test description" +$sourceURI = "https://contoso.org/test.pdf" +$owner = "Test Owner" +$evidence = @{ + "Description"=$description + "SourceUri"=$sourceURI +} +$policyEvidence = @($evidence) +$metadata = '{"TestKey":"TestValue"}' +New-AzPolicyAttestation ` + -Name $attestationName ` + -ResourceGroupName $RGName ` + -PolicyAssignmentId $policyInitiativeAssignmentId ` + -PolicyDefinitionReferenceId $policyDefinitionReferenceId ` + -ComplianceState $Compliant ` + -Comment $comment ` + -Evidence $policyEvidence ` + -ExpiresOn $expiresOn ` + -AssessmentDate $expiresOn.AddDays(-2) ` + -Owner $owner ` + -Metadata $metadata +``` + +## PARAMETERS + +### -AssessmentDate +The time the evidence of an attestation was assessed. + +```yaml +Type: System.Nullable`1[System.DateTime] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Comment +Comments describing why this attestation was created. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ComplianceState +The Compliance State of the resource. +E.g. +'Compliant', 'NonCompliant', 'Unknown' + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -DefaultProfile +The credentials, account, tenant, and subscription used for communication with Azure. + +```yaml +Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer +Parameter Sets: (All) +Aliases: AzContext, AzureRmContext, AzureCredential + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Evidence +The evidence supporting the compliance state set in this attestation. + +```yaml +Type: Microsoft.Azure.Commands.PolicyInsights.Models.Attestations.PSAttestationEvidence[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ExpiresOn +The time the compliance state set in the attestation should expire. + +```yaml +Type: System.Nullable`1[System.DateTime] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Metadata +Additional metadata for the attestation. + +```yaml +Type: System.Object +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Name +Resource name. + +```yaml +Type: System.String +Parameter Sets: ByName +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Owner +The person responsible for setting the state of the resource. +This value is typically an Azure Active Directory object ID. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -PolicyAssignmentId +Policy assignment ID. +E.g. +'/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyAssignments/{assignmentName}'. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -PolicyDefinitionReferenceId +The policy definition reference ID of the individual definition. +Required when the policy assignment assigns a policy set definition. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ResourceGroupName +Resource group name. + +```yaml +Type: System.String +Parameter Sets: ByName +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ResourceId +Resource ID. + +```yaml +Type: System.String +Parameter Sets: ByResourceId +Aliases: Id + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Scope +Scope of the resource. +E.g. +'/subscriptions/{subscriptionId}/resourceGroups/{rgName}'. + +```yaml +Type: System.String +Parameter Sets: ByName +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String + +### System.Nullable`1[[System.DateTime, System.Private.CoreLib, Version=7.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]] + +### Microsoft.Azure.Commands.PolicyInsights.Models.Attestations.PSAttestationEvidence[] + +### System.Object + +## OUTPUTS + +### Microsoft.Azure.Commands.PolicyInsights.Models.Attestations.PSAttestation + +## NOTES + +## RELATED LINKS diff --git a/src/PolicyInsights/PolicyInsights/help/Remove-AzPolicyAttestation.md b/src/PolicyInsights/PolicyInsights/help/Remove-AzPolicyAttestation.md new file mode 100644 index 000000000000..b4b9362bc671 --- /dev/null +++ b/src/PolicyInsights/PolicyInsights/help/Remove-AzPolicyAttestation.md @@ -0,0 +1,220 @@ +--- +external help file: Microsoft.Azure.PowerShell.Cmdlets.PolicyInsights.dll-Help.xml +Module Name: Az.PolicyInsights +online version: +schema: 2.0.0 +--- + +# Remove-AzPolicyAttestation + +## SYNOPSIS +Deletes a policy attestation. + +## SYNTAX + +### ByName (Default) +``` +Remove-AzPolicyAttestation -Name [-Scope ] [-ResourceGroupName ] [-PassThru] + [-DefaultProfile ] [-WhatIf] [-Confirm] [] +``` + +### ByResourceId +``` +Remove-AzPolicyAttestation -ResourceId [-PassThru] [-DefaultProfile ] + [-WhatIf] [-Confirm] [] +``` + +### ByInputObject +``` +Remove-AzPolicyAttestation -InputObject [-PassThru] [-DefaultProfile ] + [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Remove-AzPolicyAttestation** cmdlet deletes a policy attestation. + +## EXAMPLES + +### Example 1: Delete a policy remediation by name at subscription scope. +```powershell +Set-AzContext -Subscription "My Subscription" +Remove-AzPolicyAttestation -Name "attestation1" +``` + +This command deletes the attestation named 'attestation1' in subscription "My Subscription" + +### Example 2: Delete a policy remediation via piping at resource group. +```powershell +$rgName = "myRG" + +Get-PolicyAttestation -Name "attestation2" -ResourceGroupName $rgName | Remove-AzPolicyAttestation +``` + +This command deletes the attestation named 'attestation2' at resource group 'myRG' using input object given by the **Get-PolicyAttestation** cmdlet. + +### Example 3: Delete a policy remediation using ResourceId. +```powershell +$scope = "/subscriptions/49c37404-cef8-46b2-ba72-fa8419c82ed5/resourceGroups/myRG/providers/Microsoft.Network/virtualNetworks/Test-VN" +$attestationToDelete = Get-AzPolicyAttestation -Name "attestation3" -Scope $scope +Remove-AzPolicyAttestation -Id $attestationToDelete.Id +``` + +The first command gets an attestation named 'attestation3' with a resource id supplied as scope. +The second command then deletes the attestation using the resource id of the stored attestation. + +## PARAMETERS + +### -DefaultProfile +The credentials, account, tenant, and subscription used for communication with Azure. + +```yaml +Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer +Parameter Sets: (All) +Aliases: AzContext, AzureRmContext, AzureCredential + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -InputObject +The Attestation object. + +```yaml +Type: Microsoft.Azure.Commands.PolicyInsights.Models.Attestations.PSAttestation +Parameter Sets: ByInputObject +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Name +Resource name. + +```yaml +Type: System.String +Parameter Sets: ByName +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -PassThru +Return True if the command completes successfully. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ResourceGroupName +Resource group name. + +```yaml +Type: System.String +Parameter Sets: ByName +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ResourceId +Resource ID. + +```yaml +Type: System.String +Parameter Sets: ByResourceId +Aliases: Id + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Scope +Scope of the resource. +E.g. +'/subscriptions/{subscriptionId}/resourceGroups/{rgName}'. + +```yaml +Type: System.String +Parameter Sets: ByName +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String + +### Microsoft.Azure.Commands.PolicyInsights.Models.Attestations.PSAttestation + +## OUTPUTS + +### System.Boolean + +## NOTES + +## RELATED LINKS diff --git a/src/PolicyInsights/PolicyInsights/help/Set-AzPolicyAttestation.md b/src/PolicyInsights/PolicyInsights/help/Set-AzPolicyAttestation.md new file mode 100644 index 000000000000..12ef34d78899 --- /dev/null +++ b/src/PolicyInsights/PolicyInsights/help/Set-AzPolicyAttestation.md @@ -0,0 +1,379 @@ +--- +external help file: Microsoft.Azure.PowerShell.Cmdlets.PolicyInsights.dll-Help.xml +Module Name: Az.PolicyInsights +online version: +schema: 2.0.0 +--- + +# Set-AzPolicyAttestation + +## SYNOPSIS +Modifies a policy attestation. + +## SYNTAX + +### ByName (Default) +``` +Set-AzPolicyAttestation -Name [-Scope ] [-ResourceGroupName ] + [-PolicyAssignmentId ] [-ComplianceState ] [-PolicyDefinitionReferenceId ] + [-ExpiresOn ] [-Owner ] [-Comment ] [-Evidence ] + [-AssessmentDate ] [-Metadata ] [-DefaultProfile ] [-WhatIf] + [-Confirm] [] +``` + +### ByResourceId +``` +Set-AzPolicyAttestation -ResourceId [-PolicyAssignmentId ] [-ComplianceState ] + [-PolicyDefinitionReferenceId ] [-ExpiresOn ] [-Owner ] [-Comment ] + [-Evidence ] [-AssessmentDate ] [-Metadata ] + [-DefaultProfile ] [-WhatIf] [-Confirm] [] +``` + +### ByInputObject +``` +Set-AzPolicyAttestation -InputObject [-PolicyAssignmentId ] [-ComplianceState ] + [-PolicyDefinitionReferenceId ] [-ExpiresOn ] [-Owner ] [-Comment ] + [-Evidence ] [-AssessmentDate ] [-Metadata ] + [-DefaultProfile ] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Set-AzPolicyAttestation** cmdlet modifies a policy attestation. Specify an attestation by Id or by Name and scope, or via piping. + +>**Note:** +>An existing policy attestation's `policyAssignmentId` or `policyDefinitionReferenceId` cannot be modified. + +## EXAMPLES + +### Example 1: Update an attestation by name +```powershell +Set-AzContext -Subscription "My Subscription" +# Update the existing attestation by resource name at subscription scope (default) +$comment = "Setting the state to non compliant" +$attestationName = "attestation1" + +Set-AzPolicyAttestation -PolicyAssignmentId $policyAssignmentId -Name $attestationName -ComplianceState "NonCompliant" -Comment $comment +``` + +The command here sets the compliance state and adds a comment to an existing attestation with name 'attestation1' in the subscription named 'My Subscription' + +### Example 2: Update an attestation by ResourceId +```powershell +# Get an attestation +$rgName = "myRG" +$attestationName = "attestation2" +$attestation = Get-AzPolicyAttestation -ResourceGroupName $rgName -Name $attestationName + +# Update the existing attestation by resource ID at RG +$expiresOn = [System.DateTime]::UtcNow.AddYears(1) +$updatedAttestation = Set-AzPolicyAttestation -Id $attestation.Id -ExpiresOn $expiresOn +``` + +The first command gets an existing attestation at the resource group 'myRG' with the name 'attestation2'. + +The final command updates the expiry time of the policy attestation by the **ResourceId** property of the existing attestation. + +### Example 3: Update an attestation by input object +```powershell +# Get an attestation +$attestationName = "attestation3" +$scope = "/subscriptions/49c37404-cef8-46b2-ba72-fa8419c82ed5/resourceGroups/myRG/providers/Microsoft.Network/virtualNetworks/Test-VN" +$attestation = Get-AzPolicyAttestation -Name $attestationName -Scope $scope + +# Update attestation by input object +$newOwner = "Test Owner 2" +$attestation | Set-AzPolicyAttestation -Owner $newOwner +``` + +The first command gets an existing attestation with name 'attestation3' for the given resource using its resource id as the scope + +The final command updates the owner of the policy attestation by using piping. + +## PARAMETERS + +### -AssessmentDate +The time the evidence of an attestation was assessed. + +```yaml +Type: System.Nullable`1[System.DateTime] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Comment +Comments describing why this attestation was created. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ComplianceState +The Compliance State of the resource. +E.g. +'Compliant', 'NonCompliant', 'Unknown' + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -DefaultProfile +The credentials, account, tenant, and subscription used for communication with Azure. + +```yaml +Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer +Parameter Sets: (All) +Aliases: AzContext, AzureRmContext, AzureCredential + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Evidence +The evidence supporting the compliance state set in this attestation. + +```yaml +Type: Microsoft.Azure.Commands.PolicyInsights.Models.Attestations.PSAttestationEvidence[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ExpiresOn +The time the compliance state set in the attestation should expire. + +```yaml +Type: System.Nullable`1[System.DateTime] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -InputObject +The Attestation object. + +```yaml +Type: Microsoft.Azure.Commands.PolicyInsights.Models.Attestations.PSAttestation +Parameter Sets: ByInputObject +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Metadata +Additional metadata for the attestation. + +```yaml +Type: System.Object +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Name +Resource name. + +```yaml +Type: System.String +Parameter Sets: ByName +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Owner +The person responsible for setting the state of the resource. +This value is typically an Azure Active Directory object ID. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -PolicyAssignmentId +Policy assignment ID. +E.g. +'/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyAssignments/{assignmentName}'. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -PolicyDefinitionReferenceId +The policy definition reference ID of the individual definition. +Required when the policy assignment assigns a policy set definition. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ResourceGroupName +Resource group name. + +```yaml +Type: System.String +Parameter Sets: ByName +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ResourceId +Resource ID. + +```yaml +Type: System.String +Parameter Sets: ByResourceId +Aliases: Id + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Scope +Scope of the resource. +E.g. +'/subscriptions/{subscriptionId}/resourceGroups/{rgName}'. + +```yaml +Type: System.String +Parameter Sets: ByName +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String + +### Microsoft.Azure.Commands.PolicyInsights.Models.Attestations.PSAttestation + +### System.Nullable`1[[System.DateTime, System.Private.CoreLib, Version=7.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]] + +### Microsoft.Azure.Commands.PolicyInsights.Models.Attestations.PSAttestationEvidence[] + +### System.Object + +## OUTPUTS + +### Microsoft.Azure.Commands.PolicyInsights.Models.Attestations.PSAttestation + +## NOTES + +## RELATED LINKS diff --git a/src/PolicyInsights/PolicyInsights/help/Start-AzPolicyRemediation.md b/src/PolicyInsights/PolicyInsights/help/Start-AzPolicyRemediation.md index 7014e706ae30..4307d6d04ffe 100644 --- a/src/PolicyInsights/PolicyInsights/help/Start-AzPolicyRemediation.md +++ b/src/PolicyInsights/PolicyInsights/help/Start-AzPolicyRemediation.md @@ -360,6 +360,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ### System.String[] +### System.Nullable`1[[System.Int32, System.Private.CoreLib, Version=7.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]] + +### System.Nullable`1[[System.Double, System.Private.CoreLib, Version=7.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]] + ## OUTPUTS ### Microsoft.Azure.Commands.PolicyInsights.Models.Remediation.PSRemediation From 32650651bb74e51ddcaf822f8cd7da5d5efe04de Mon Sep 17 00:00:00 2001 From: Samarth Lakhotia Date: Wed, 18 Jan 2023 13:02:21 -0500 Subject: [PATCH 2/7] Addressed pipeline errors --- .../PolicyInsights/help/Az.PolicyInsightsCmdlet.Design.md | 8 ++++---- .../PolicyInsights/help/Get-AzPolicyAttestation.md | 2 +- .../PolicyInsights/help/Remove-AzPolicyAttestation.md | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/src/PolicyInsights/PolicyInsights/help/Az.PolicyInsightsCmdlet.Design.md b/src/PolicyInsights/PolicyInsights/help/Az.PolicyInsightsCmdlet.Design.md index 3b749978be6f..e4df9085126e 100644 --- a/src/PolicyInsights/PolicyInsights/help/Az.PolicyInsightsCmdlet.Design.md +++ b/src/PolicyInsights/PolicyInsights/help/Az.PolicyInsightsCmdlet.Design.md @@ -85,7 +85,7 @@ New-AzPolicyAttestation ` -PolicyAssignmentId $policyInitiativeAssignmentId ` -PolicyDefinitionReferenceId $policyDefinitionReferenceId ` -ComplianceState $Compliant ` - -Comments $comment ` + -Comment $comment ` -Evidence $policyEvidence ` -ExpiresOn $expiresOn ` -AssessmentDate $expiresOn.AddDays(-2) ` @@ -150,7 +150,7 @@ This command gets the attestation named 'attestation1' at the resource group 'my + Example 3: Get 5 policy attestations in a subscription with optional filters ```powershell Set-AzContext -Subscription "MySubscription" -Get-PolicyAttestation -Top 5 -Filter "PolicyAssignmentId eq '/subscriptions/49c37404-cef8-46b2-ba72-fa8419c82ed5/providers/Microsoft.Authorization/policyAssignments/0774f87b3af94c1399d3ee52" +Get-AzPolicyAttestation -Top 5 -Filter "PolicyAssignmentId eq '/subscriptions/49c37404-cef8-46b2-ba72-fa8419c82ed5/providers/Microsoft.Authorization/policyAssignments/0774f87b3af94c1399d3ee52" ``` This command gets a max of 5 policy attestations underneath the subscription named 'My Subscription'. Only policy attestations for the given policy assignment will be retrieved. @@ -195,10 +195,10 @@ This command deletes the attestation named 'attestation1' in subscription "My Su ```powershell $rgName = "myRG" -Get-PolicyAttestation -Name "attestation2" -ResourceGroupName $rgName | Remove-AzPolicyAttestation +Get-AzPolicyAttestation -Name "attestation2" -ResourceGroupName $rgName | Remove-AzPolicyAttestation ``` -This command deletes the attestation named 'attestation2' at resource group 'myRG' using input object given by the **Get-PolicyAttestation** cmdlet. +This command deletes the attestation named 'attestation2' at resource group 'myRG' using input object given by the **Get-AzPolicyAttestation** cmdlet. + Example 3: Delete a policy remediation using ResourceId. ```powershell diff --git a/src/PolicyInsights/PolicyInsights/help/Get-AzPolicyAttestation.md b/src/PolicyInsights/PolicyInsights/help/Get-AzPolicyAttestation.md index 06a5da23c546..7690dcf100c6 100644 --- a/src/PolicyInsights/PolicyInsights/help/Get-AzPolicyAttestation.md +++ b/src/PolicyInsights/PolicyInsights/help/Get-AzPolicyAttestation.md @@ -64,7 +64,7 @@ This command gets the attestation named 'attestation1' at the resource group 'my ### Example 3: Get 5 policy attestations in a subscription with optional filters ```powershell Set-AzContext -Subscription "MySubscription" -Get-PolicyAttestation -Top 5 -Filter "PolicyAssignmentId eq '/subscriptions/49c37404-cef8-46b2-ba72-fa8419c82ed5/providers/Microsoft.Authorization/policyAssignments/0774f87b3af94c1399d3ee52" +Get-AzPolicyAttestation -Top 5 -Filter "PolicyAssignmentId eq '/subscriptions/49c37404-cef8-46b2-ba72-fa8419c82ed5/providers/Microsoft.Authorization/policyAssignments/0774f87b3af94c1399d3ee52" ``` This command gets a max of 5 policy attestations underneath the subscription named 'My Subscription'. Only policy attestations for the given policy assignment will be retrieved. diff --git a/src/PolicyInsights/PolicyInsights/help/Remove-AzPolicyAttestation.md b/src/PolicyInsights/PolicyInsights/help/Remove-AzPolicyAttestation.md index b4b9362bc671..7b8e92aecaf6 100644 --- a/src/PolicyInsights/PolicyInsights/help/Remove-AzPolicyAttestation.md +++ b/src/PolicyInsights/PolicyInsights/help/Remove-AzPolicyAttestation.md @@ -47,10 +47,10 @@ This command deletes the attestation named 'attestation1' in subscription "My Su ```powershell $rgName = "myRG" -Get-PolicyAttestation -Name "attestation2" -ResourceGroupName $rgName | Remove-AzPolicyAttestation +Get-AzPolicyAttestation -Name "attestation2" -ResourceGroupName $rgName | Remove-AzPolicyAttestation ``` -This command deletes the attestation named 'attestation2' at resource group 'myRG' using input object given by the **Get-PolicyAttestation** cmdlet. +This command deletes the attestation named 'attestation2' at resource group 'myRG' using input object given by the **Get-AzPolicyAttestation** cmdlet. ### Example 3: Delete a policy remediation using ResourceId. ```powershell From dda58834b23362259d49ba72fa05eac576a64f97 Mon Sep 17 00:00:00 2001 From: Samarth Lakhotia Date: Fri, 27 Jan 2023 11:38:34 -0500 Subject: [PATCH 3/7] Addressed PR comments --- .../ScenarioTests/AttestationTests.ps1 | 823 ++++++----- .../ScenarioTests/Common.ps1 | 14 +- .../NewAzureRmPolicyAttestation.cs | 2 +- .../SetAzureRmPolicyAttestation.cs | 4 +- .../Common/AttestationCmdletBase.cs | 4 +- .../Models/Attestations/PSAttestation.cs | 6 +- .../Attestations/PSAttestationEvidence.cs | 1 - .../help/Az.PolicyInsightsCmdlet.Design.md | 1283 ----------------- .../help/Get-AzPolicyAttestation.md | 130 +- .../help/New-AzPolicyAttestation.md | 121 +- .../help/Remove-AzPolicyAttestation.md | 22 +- .../help/Set-AzPolicyAttestation.md | 95 +- 12 files changed, 741 insertions(+), 1764 deletions(-) delete mode 100644 src/PolicyInsights/PolicyInsights/help/Az.PolicyInsightsCmdlet.Design.md diff --git a/src/PolicyInsights/PolicyInsights.Test/ScenarioTests/AttestationTests.ps1 b/src/PolicyInsights/PolicyInsights.Test/ScenarioTests/AttestationTests.ps1 index e37db912c012..43bfaca58bff 100644 --- a/src/PolicyInsights/PolicyInsights.Test/ScenarioTests/AttestationTests.ps1 +++ b/src/PolicyInsights/PolicyInsights.Test/ScenarioTests/AttestationTests.ps1 @@ -29,184 +29,184 @@ function Attestation-SubscriptionScope-Crud { Validate-Attestation $minimalAttestation Validate-AttestationProperties ` - -attestation $minimalAttestation ` - -expectedName $attestationName ` - -expectedProvisioningState "Succeeded" ` - -expectedPolicyAssignmentId $policyAssignmentId ` - -expectedComplianceState $Compliant + -attestation $minimalAttestation ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyAssignmentId ` + -expectedComplianceState $Compliant # Get the attestation $attestation = Get-AzPolicyAttestation -Name $attestationName Validate-Attestation $attestation Validate-AttestationProperties ` - -attestation $attestation ` - -expectedName $attestationName ` - -expectedProvisioningState "Succeeded" ` - -expectedPolicyAssignmentId $policyAssignmentId ` - -expectedComplianceState $Compliant + -attestation $attestation ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyAssignmentId ` + -expectedComplianceState $Compliant # Update an existing attestation by resource name $updatedMinimalAttestation = Set-AzPolicyAttestation -Name $attestationName -ComplianceState $NonCompliant Validate-Attestation $updatedMinimalAttestation Validate-AttestationProperties ` - -attestation $updatedMinimalAttestation ` - -expectedName $attestationName ` - -expectedProvisioningState "Succeeded" ` - -expectedPolicyAssignmentId $policyAssignmentId ` - -expectedComplianceState $NonCompliant + -attestation $updatedMinimalAttestation ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyAssignmentId ` + -expectedComplianceState $NonCompliant # Update an existing attestation by input object $comment = "Test Comment" $updatedMinimalAttestation2 = $updatedMinimalAttestation | Set-AzPolicyAttestation -Comment $comment Validate-Attestation $updatedMinimalAttestation2 Validate-AttestationProperties ` - -attestation $updatedMinimalAttestation2 ` - -expectedName $attestationName ` - -expectedProvisioningState "Succeeded" ` - -expectedPolicyAssignmentId $policyAssignmentId ` - -expectedComplianceState $NonCompliant ` - -expectedComment $comment + -attestation $updatedMinimalAttestation2 ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyAssignmentId ` + -expectedComplianceState $NonCompliant ` + -expectedComment $comment # Update an existing attestation by resource ID - $expiresOn = [System.DateTime]::new(2050,01,01,00,00,00) + $expiresOn = [System.DateTime]::new(2050, 01, 01, 00, 00, 00) $updatedMinimalAttestation3 = Set-AzPolicyAttestation -PolicyAssignmentId $policyAssignmentId -Id $updatedMinimalAttestation2.Id -ComplianceState $NonCompliant -Comment $comment -ExpiresOn $expiresOn Validate-Attestation $updatedMinimalAttestation3 Validate-AttestationProperties ` - -attestation $updatedMinimalAttestation3 ` - -expectedName $attestationName ` - -expectedProvisioningState "Succeeded" ` - -expectedPolicyAssignmentId $policyAssignmentId ` - -expectedComplianceState $NonCompliant ` - -expectedComment $comment ` - -expectedExpiresOn $expiresOn + -attestation $updatedMinimalAttestation3 ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyAssignmentId ` + -expectedComplianceState $NonCompliant ` + -expectedComment $comment ` + -expectedExpiresOn $expiresOn #endregion #region Attestations All Properties CRUD $attestationName = "Attestation-Sub-Full" $policyInitiativeAssignmentId = Get-TestInitiativeAttestationSubPolicyAssignmentId $policyDefinitionReferenceId = Get-TestInitiativeAttestationSubPolicyRefId - + $description = "This is a test description" $sourceURI = "https://contoso.org/test.pdf" $owner = "Test Owner" $evidence = @{ - "Description"=$description - "SourceUri"=$sourceURI + "Description" = $description + "SourceUri" = $sourceURI } $policyEvidence = @($evidence) $metadata = '{"TestKey":"TestValue"}' - + $fullAttestation = New-AzPolicyAttestation ` - -Name $attestationName ` - -PolicyAssignmentId $policyInitiativeAssignmentId ` - -PolicyDefinitionReferenceId $policyDefinitionReferenceId ` - -ComplianceState $Compliant ` - -Comment $comment ` - -Evidence $policyEvidence ` - -ExpiresOn $expiresOn ` - -AssessmentDate $expiresOn.AddDays(-2) ` - -Owner $owner ` - -Metadata $metadata + -Name $attestationName ` + -PolicyAssignmentId $policyInitiativeAssignmentId ` + -PolicyDefinitionReferenceId $policyDefinitionReferenceId ` + -ComplianceState $Compliant ` + -Comment $comment ` + -Evidence $policyEvidence ` + -ExpiresOn $expiresOn ` + -AssessmentDate $expiresOn.AddDays(-2) ` + -Owner $owner ` + -Metadata $metadata Validate-Attestation($fullAttestation) Validate-AttestationProperties ` - -attestation $fullAttestation ` - -expectedName $attestationName ` - -expectedProvisioningState "Succeeded" ` - -expectedPolicyAssignmentId $policyInitiativeAssignmentId ` - -expectedPolicyDefinitionReferenceId $policyDefinitionReferenceId ` - -expectedComplianceState $Compliant ` - -expectedComment $comment ` - -expectedExpiresOn $expiresOn ` - -expectedMetadata $metadata ` - -expectedOwner $owner ` - -expectedAssessmentDate $expiresOn.AddDays(-2) - + -attestation $fullAttestation ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyInitiativeAssignmentId ` + -expectedPolicyDefinitionReferenceId $policyDefinitionReferenceId ` + -expectedComplianceState $Compliant ` + -expectedComment $comment ` + -expectedExpiresOn $expiresOn ` + -expectedMetadata $metadata ` + -expectedOwner $owner ` + -expectedAssessmentDate $expiresOn.AddDays(-2) + # Get the attestation $attestation = Get-AzPolicyAttestation -Name $attestationName Validate-Attestation $attestation Validate-AttestationProperties ` - -attestation $attestation ` - -expectedName $attestationName ` - -expectedProvisioningState "Succeeded" ` - -expectedPolicyAssignmentId $policyInitiativeAssignmentId ` - -expectedComplianceState $Compliant + -attestation $attestation ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyInitiativeAssignmentId ` + -expectedComplianceState $Compliant - # Update the existing attestation by resource name + # Update the existing attestation by resource name $comment = "This is an updated comment" $updatedFullAttestation = Set-AzPolicyAttestation ` - -Name $attestationName ` - -PolicyAssignmentId $policyInitiativeAssignmentId ` - -PolicyDefinitionReferenceId $policyDefinitionReferenceId ` - -ComplianceState $Compliant ` - -Comment $comment ` - -Evidence $policyEvidence ` - -ExpiresOn $expiresOn ` - -AssessmentDate $expiresOn.AddDays(-2) ` - -Owner $owner ` - -Metadata $metadata + -Name $attestationName ` + -PolicyAssignmentId $policyInitiativeAssignmentId ` + -PolicyDefinitionReferenceId $policyDefinitionReferenceId ` + -ComplianceState $Compliant ` + -Comment $comment ` + -Evidence $policyEvidence ` + -ExpiresOn $expiresOn ` + -AssessmentDate $expiresOn.AddDays(-2) ` + -Owner $owner ` + -Metadata $metadata Validate-Attestation($updatedFullAttestation) Validate-AttestationProperties ` - -attestation $updatedFullAttestation ` - -expectedName $attestationName ` - -expectedProvisioningState "Succeeded" ` - -expectedPolicyAssignmentId $policyInitiativeAssignmentId ` - -expectedPolicyDefinitionReferenceId $policyDefinitionReferenceId ` - -expectedComplianceState $Compliant ` - -expectedComment $comment ` - -expectedExpiresOn $expiresOn ` - -expectedMetadata $metadata ` - -expectedOwner $owner ` - -expectedAssessmentDate $expiresOn.AddDays(-2) + -attestation $updatedFullAttestation ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyInitiativeAssignmentId ` + -expectedPolicyDefinitionReferenceId $policyDefinitionReferenceId ` + -expectedComplianceState $Compliant ` + -expectedComment $comment ` + -expectedExpiresOn $expiresOn ` + -expectedMetadata $metadata ` + -expectedOwner $owner ` + -expectedAssessmentDate $expiresOn.AddDays(-2) # Update the existing attestation by resource id $description = "This is a test description" $sourceURI = "https://contoso.org/test.pdf" $owner = "Test Owner" $evidence = @{ - "Description"=$description - "SourceUri"=$sourceURI + "Description" = $description + "SourceUri" = $sourceURI } $description2 = "Found new evidence to make the resource non-compliant" $sourceURI2 = "https://contoso.org/testnewevidence.pdf" $evidence2 = @{ - "Description"=$description2 - "SourceUri"=$sourceURI2 + "Description" = $description2 + "SourceUri" = $sourceURI2 } $policyEvidence = @( ` - $evidence, - $evidence2 + $evidence, + $evidence2 ) $updatedFullAttestation2 = Set-AzPolicyAttestation ` - -Id $updatedFullAttestation.Id ` - -PolicyAssignmentId $policyInitiativeAssignmentId ` - -PolicyDefinitionReferenceId $policyDefinitionReferenceId ` - -ComplianceState $NonCompliant ` - -Comment $comment ` - -Evidence $policyEvidence ` - -ExpiresOn $expiresOn ` - -AssessmentDate $expiresOn.AddDays(-2) ` - -Owner $owner ` - -Metadata $metadata + -Id $updatedFullAttestation.Id ` + -PolicyAssignmentId $policyInitiativeAssignmentId ` + -PolicyDefinitionReferenceId $policyDefinitionReferenceId ` + -ComplianceState $NonCompliant ` + -Comment $comment ` + -Evidence $policyEvidence ` + -ExpiresOn $expiresOn ` + -AssessmentDate $expiresOn.AddDays(-2) ` + -Owner $owner ` + -Metadata $metadata Validate-Attestation($updatedFullAttestation2) Validate-AttestationProperties ` - -attestation $updatedFullAttestation2 ` - -expectedName $attestationName ` - -expectedProvisioningState "Succeeded" ` - -expectedPolicyAssignmentId $policyInitiativeAssignmentId ` - -expectedPolicyDefinitionReferenceId $policyDefinitionReferenceId ` - -expectedComplianceState $NonCompliant ` - -expectedComment $comment ` - -expectedExpiresOn $expiresOn ` - -expectedMetadata $metadata ` - -expectedOwner $owner ` - -expectedAssessmentDate $expiresOn.AddDays(-2) + -attestation $updatedFullAttestation2 ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyInitiativeAssignmentId ` + -expectedPolicyDefinitionReferenceId $policyDefinitionReferenceId ` + -expectedComplianceState $NonCompliant ` + -expectedComment $comment ` + -expectedExpiresOn $expiresOn ` + -expectedMetadata $metadata ` + -expectedOwner $owner ` + -expectedAssessmentDate $expiresOn.AddDays(-2) # Update attestation by input object $newOwner = "Test Owner 2" @@ -214,17 +214,17 @@ function Attestation-SubscriptionScope-Crud { Validate-Attestation($updatedFullAttestation3) Validate-AttestationProperties ` - -attestation $updatedFullAttestation3 ` - -expectedName $attestationName ` - -expectedProvisioningState "Succeeded" ` - -expectedPolicyAssignmentId $policyInitiativeAssignmentId ` - -expectedPolicyDefinitionReferenceId $policyDefinitionReferenceId ` - -expectedComplianceState $NonCompliant ` - -expectedComment $comment ` - -expectedExpiresOn $expiresOn ` - -expectedMetadata $metadata ` - -expectedOwner $newOwner ` - -expectedAssessmentDate $expiresOn.AddDays(-2) + -attestation $updatedFullAttestation3 ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyInitiativeAssignmentId ` + -expectedPolicyDefinitionReferenceId $policyDefinitionReferenceId ` + -expectedComplianceState $NonCompliant ` + -expectedComment $comment ` + -expectedExpiresOn $expiresOn ` + -expectedMetadata $metadata ` + -expectedOwner $newOwner ` + -expectedAssessmentDate $expiresOn.AddDays(-2) # Get all attestations at the scope $attestations = Get-AzPolicyAttestation @@ -246,9 +246,9 @@ function Attestation-SubscriptionScope-Crud { # Get all attestations at the scope $attestations = Get-AzPolicyAttestation Assert-AreEqual 0 $attestations.Count - + #endregion - } +} function Attestation-ResourceGroupScope-Crud { # Import-Module "C:\One\azure-powershell\artifacts\Debug\Az.PolicyInsights\Az.PolicyInsights.psm1" @@ -262,151 +262,150 @@ function Attestation-ResourceGroupScope-Crud { Validate-Attestation $minimalAttestation Validate-AttestationProperties ` - -attestation $minimalAttestation ` - -expectedName $attestationName ` - -expectedProvisioningState "Succeeded" ` - -expectedPolicyAssignmentId $policyAssignmentId ` - -expectedComplianceState $Compliant + -attestation $minimalAttestation ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyAssignmentId ` + -expectedComplianceState $Compliant # Get the attestation $attestation = Get-AzPolicyAttestation -ResourceGroupName $RGName -Name $attestationName Validate-Attestation $attestation Validate-AttestationProperties ` - -attestation $attestation ` - -expectedName $attestationName ` - -expectedProvisioningState "Succeeded" ` - -expectedPolicyAssignmentId $policyAssignmentId ` - -expectedComplianceState $Compliant + -attestation $attestation ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyAssignmentId ` + -expectedComplianceState $Compliant # Update an existing attestation by resource name $updatedMinimalAttestation = Set-AzPolicyAttestation -ResourceGroupName $RGName -Name $attestationName -ComplianceState $NonCompliant Validate-Attestation $updatedMinimalAttestation Validate-AttestationProperties ` - -attestation $updatedMinimalAttestation ` - -expectedName $attestationName ` - -expectedProvisioningState "Succeeded" ` - -expectedPolicyAssignmentId $policyAssignmentId ` - -expectedComplianceState $NonCompliant + -attestation $updatedMinimalAttestation ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyAssignmentId ` + -expectedComplianceState $NonCompliant # Update an existing attestation by input object $comment = "Test Comment" $updatedMinimalAttestation2 = $updatedMinimalAttestation | Set-AzPolicyAttestation -Comment $comment Validate-Attestation $updatedMinimalAttestation2 Validate-AttestationProperties ` - -attestation $updatedMinimalAttestation2 ` - -expectedName $attestationName ` - -expectedProvisioningState "Succeeded" ` - -expectedPolicyAssignmentId $policyAssignmentId ` - -expectedComplianceState $NonCompliant ` - -expectedComment $comment + -attestation $updatedMinimalAttestation2 ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyAssignmentId ` + -expectedComplianceState $NonCompliant ` + -expectedComment $comment # Update an existing attestation by resource ID - $expiresOn = [System.DateTime]::new(2050,01,01,00,00,00) + $expiresOn = [System.DateTime]::new(2050, 01, 01, 00, 00, 00) $updatedMinimalAttestation3 = Set-AzPolicyAttestation -Id $updatedMinimalAttestation2.Id -ComplianceState $NonCompliant -Comment $comment -ExpiresOn $expiresOn Validate-Attestation $updatedMinimalAttestation3 Validate-AttestationProperties ` - -attestation $updatedMinimalAttestation3 ` - -expectedName $attestationName ` - -expectedProvisioningState "Succeeded" ` - -expectedPolicyAssignmentId $policyAssignmentId ` - -expectedComplianceState $NonCompliant ` - -expectedComment $comment ` - -expectedExpiresOn $expiresOn + -attestation $updatedMinimalAttestation3 ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyAssignmentId ` + -expectedComplianceState $NonCompliant ` + -expectedComment $comment ` + -expectedExpiresOn $expiresOn #endregion #region Attestations All Properties CRUD $attestationName = "Attestation-RG-Full" $policyInitiativeAssignmentId = Get-TestInitiativeAttestationRGPolicyAssignmentId $policyDefinitionReferenceId = Get-TestInitiativeAttestationRGPolicyRefId - + $description = "This is a test description" $sourceURI = "https://contoso.org/test.pdf" $owner = "Test Owner" $evidence = @{ - "Description"=$description - "SourceUri"=$sourceURI + "Description" = $description + "SourceUri" = $sourceURI } $policyEvidence = @($evidence) - $metadata = + $metadata = '{ "TestKey":"TestValue" }' - - + $fullAttestation = New-AzPolicyAttestation ` - -Name $attestationName ` - -ResourceGroupName $RGName ` - -PolicyAssignmentId $policyInitiativeAssignmentId ` - -PolicyDefinitionReferenceId $policyDefinitionReferenceId ` - -ComplianceState $Compliant ` - -Comment $comment ` - -Evidence $policyEvidence ` - -ExpiresOn $expiresOn ` - -AssessmentDate $expiresOn.AddDays(-2) ` - -Owner $owner ` - -Metadata $metadata + -Name $attestationName ` + -ResourceGroupName $RGName ` + -PolicyAssignmentId $policyInitiativeAssignmentId ` + -PolicyDefinitionReferenceId $policyDefinitionReferenceId ` + -ComplianceState $Compliant ` + -Comment $comment ` + -Evidence $policyEvidence ` + -ExpiresOn $expiresOn ` + -AssessmentDate $expiresOn.AddDays(-2) ` + -Owner $owner ` + -Metadata $metadata Validate-Attestation($fullAttestation) Validate-AttestationProperties ` - -attestation $fullAttestation ` - -expectedName $attestationName ` - -expectedProvisioningState "Succeeded" ` - -expectedPolicyAssignmentId $policyInitiativeAssignmentId ` - -expectedPolicyDefinitionReferenceId $policyDefinitionReferenceId ` - -expectedComplianceState $Compliant ` - -expectedComment $comment ` - -expectedExpiresOn $expiresOn ` - -expectedMetadata $metadata ` - -expectedOwner $owner ` - -expectedAssessmentDate $expiresOn.AddDays(-2) - + -attestation $fullAttestation ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyInitiativeAssignmentId ` + -expectedPolicyDefinitionReferenceId $policyDefinitionReferenceId ` + -expectedComplianceState $Compliant ` + -expectedComment $comment ` + -expectedExpiresOn $expiresOn ` + -expectedMetadata $metadata ` + -expectedOwner $owner ` + -expectedAssessmentDate $expiresOn.AddDays(-2) + # Get the attestation $attestation = Get-AzPolicyAttestation -Name $attestationName -ResourceGroupName $RGName Validate-Attestation $attestation Validate-AttestationProperties ` - -attestation $attestation ` - -expectedName $attestationName ` - -expectedProvisioningState "Succeeded" ` - -expectedPolicyAssignmentId $policyInitiativeAssignmentId ` - -expectedComplianceState $Compliant + -attestation $attestation ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyInitiativeAssignmentId ` + -expectedComplianceState $Compliant - # Update the existing attestation by resource name + # Update the existing attestation by resource name $comment = "This is an updated comment" $updatedFullAttestation = Set-AzPolicyAttestation ` - -Name $attestationName ` - -ResourceGroupName $RGName ` - -PolicyAssignmentId $policyInitiativeAssignmentId ` - -PolicyDefinitionReferenceId $policyDefinitionReferenceId ` - -ComplianceState $Compliant ` - -Comment $comment ` - -Evidence $policyEvidence ` - -ExpiresOn $expiresOn ` - -AssessmentDate $expiresOn.AddDays(-2) ` - -Owner $owner ` - -Metadata $metadata + -Name $attestationName ` + -ResourceGroupName $RGName ` + -PolicyAssignmentId $policyInitiativeAssignmentId ` + -PolicyDefinitionReferenceId $policyDefinitionReferenceId ` + -ComplianceState $Compliant ` + -Comment $comment ` + -Evidence $policyEvidence ` + -ExpiresOn $expiresOn ` + -AssessmentDate $expiresOn.AddDays(-2) ` + -Owner $owner ` + -Metadata $metadata Validate-Attestation($updatedFullAttestation) Validate-AttestationProperties ` - -attestation $updatedFullAttestation ` - -expectedName $attestationName ` - -expectedProvisioningState "Succeeded" ` - -expectedPolicyAssignmentId $policyInitiativeAssignmentId ` - -expectedPolicyDefinitionReferenceId $policyDefinitionReferenceId ` - -expectedComplianceState $Compliant ` - -expectedComment $comment ` - -expectedExpiresOn $expiresOn ` - -expectedMetadata $metadata ` - -expectedOwner $owner ` - -expectedAssessmentDate $expiresOn.AddDays(-2) + -attestation $updatedFullAttestation ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyInitiativeAssignmentId ` + -expectedPolicyDefinitionReferenceId $policyDefinitionReferenceId ` + -expectedComplianceState $Compliant ` + -expectedComment $comment ` + -expectedExpiresOn $expiresOn ` + -expectedMetadata $metadata ` + -expectedOwner $owner ` + -expectedAssessmentDate $expiresOn.AddDays(-2) # Update the existing attestation by resource id $description = "This is a test description" $sourceURI = "https://contoso.org/test.pdf" $owner = "Test Owner" $evidence = @{ - "Description"=$description - "SourceUri"=$sourceURI + "Description" = $description + "SourceUri" = $sourceURI } $description2 = "Found new evidence to make the resource non-compliant" @@ -414,35 +413,35 @@ function Attestation-ResourceGroupScope-Crud { $evidence2 = [Microsoft.Azure.Management.PolicyInsights.Models.AttestationEvidence]::new($description2, $sourceURI2) $policyEvidence = @( ` - $evidence, - $evidence2 + $evidence, + $evidence2 ) $updatedFullAttestation2 = Set-AzPolicyAttestation ` - -Id $updatedFullAttestation.Id ` - -PolicyAssignmentId $policyInitiativeAssignmentId ` - -PolicyDefinitionReferenceId $policyDefinitionReferenceId ` - -ComplianceState $NonCompliant ` - -Comment $comment ` - -Evidence $policyEvidence ` - -ExpiresOn $expiresOn ` - -AssessmentDate $expiresOn.AddDays(-2) ` - -Owner $owner ` - -Metadata $metadata + -Id $updatedFullAttestation.Id ` + -PolicyAssignmentId $policyInitiativeAssignmentId ` + -PolicyDefinitionReferenceId $policyDefinitionReferenceId ` + -ComplianceState $NonCompliant ` + -Comment $comment ` + -Evidence $policyEvidence ` + -ExpiresOn $expiresOn ` + -AssessmentDate $expiresOn.AddDays(-2) ` + -Owner $owner ` + -Metadata $metadata Validate-Attestation($updatedFullAttestation2) Validate-AttestationProperties ` - -attestation $updatedFullAttestation2 ` - -expectedName $attestationName ` - -expectedProvisioningState "Succeeded" ` - -expectedPolicyAssignmentId $policyInitiativeAssignmentId ` - -expectedPolicyDefinitionReferenceId $policyDefinitionReferenceId ` - -expectedComplianceState $NonCompliant ` - -expectedComment $comment ` - -expectedExpiresOn $expiresOn ` - -expectedMetadata $metadata ` - -expectedOwner $owner ` - -expectedAssessmentDate $expiresOn.AddDays(-2) + -attestation $updatedFullAttestation2 ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyInitiativeAssignmentId ` + -expectedPolicyDefinitionReferenceId $policyDefinitionReferenceId ` + -expectedComplianceState $NonCompliant ` + -expectedComment $comment ` + -expectedExpiresOn $expiresOn ` + -expectedMetadata $metadata ` + -expectedOwner $owner ` + -expectedAssessmentDate $expiresOn.AddDays(-2) # Update attestation by input object $newOwner = "Test Owner 2" @@ -450,17 +449,17 @@ function Attestation-ResourceGroupScope-Crud { Validate-Attestation($updatedFullAttestation3) Validate-AttestationProperties ` - -attestation $updatedFullAttestation3 ` - -expectedName $attestationName ` - -expectedProvisioningState "Succeeded" ` - -expectedPolicyAssignmentId $policyInitiativeAssignmentId ` - -expectedPolicyDefinitionReferenceId $policyDefinitionReferenceId ` - -expectedComplianceState $NonCompliant ` - -expectedComment $comment ` - -expectedExpiresOn $expiresOn ` - -expectedMetadata $metadata ` - -expectedOwner $newOwner ` - -expectedAssessmentDate $expiresOn.AddDays(-2) + -attestation $updatedFullAttestation3 ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyInitiativeAssignmentId ` + -expectedPolicyDefinitionReferenceId $policyDefinitionReferenceId ` + -expectedComplianceState $NonCompliant ` + -expectedComment $comment ` + -expectedExpiresOn $expiresOn ` + -expectedMetadata $metadata ` + -expectedOwner $newOwner ` + -expectedAssessmentDate $expiresOn.AddDays(-2) # Get all attestations at the scope $attestations = Get-AzPolicyAttestation -ResourceGroupName $RGName @@ -483,7 +482,7 @@ function Attestation-ResourceGroupScope-Crud { # Get all attestations at the scope $attestations = Get-AzPolicyAttestation -ResourceGroupName $RGName Assert-AreEqual 0 $attestations.Count - + #endregion } @@ -496,147 +495,147 @@ function Attestation-ResourceScope-Crud { $scope = Get-PSAttestationTestResourceId $minimalAttestation = New-AzPolicyAttestation ` - -PolicyAssignmentId $policyAssignmentId ` - -Name $attestationName ` - -Scope $scope ` - -ComplianceState $Compliant + -PolicyAssignmentId $policyAssignmentId ` + -Name $attestationName ` + -Scope $scope ` + -ComplianceState $Compliant Validate-Attestation $minimalAttestation Validate-AttestationProperties ` - -attestation $minimalAttestation ` - -expectedName $attestationName ` - -expectedProvisioningState "Succeeded" ` - -expectedPolicyAssignmentId $policyAssignmentId ` - -expectedComplianceState $Compliant + -attestation $minimalAttestation ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyAssignmentId ` + -expectedComplianceState $Compliant # Get the attestation $attestation = Get-AzPolicyAttestation -Name $attestationName -Scope $scope Validate-Attestation $attestation Validate-AttestationProperties ` - -attestation $attestation ` - -expectedName $attestationName ` - -expectedProvisioningState "Succeeded" ` - -expectedPolicyAssignmentId $policyAssignmentId ` - -expectedComplianceState $Compliant + -attestation $attestation ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyAssignmentId ` + -expectedComplianceState $Compliant # Update an existing attestation by resource name $updatedMinimalAttestation = Set-AzPolicyAttestation -Scope $scope -Name $attestationName -ComplianceState $NonCompliant Validate-Attestation $updatedMinimalAttestation Validate-AttestationProperties ` - -attestation $updatedMinimalAttestation ` - -expectedName $attestationName ` - -expectedProvisioningState "Succeeded" ` - -expectedPolicyAssignmentId $policyAssignmentId ` - -expectedComplianceState $NonCompliant + -attestation $updatedMinimalAttestation ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyAssignmentId ` + -expectedComplianceState $NonCompliant # Update an existing attestation by input object $comment = "Test Comment" $updatedMinimalAttestation2 = $updatedMinimalAttestation | Set-AzPolicyAttestation -Comment $comment Validate-Attestation $updatedMinimalAttestation2 Validate-AttestationProperties ` - -attestation $updatedMinimalAttestation2 ` - -expectedName $attestationName ` - -expectedProvisioningState "Succeeded" ` - -expectedPolicyAssignmentId $policyAssignmentId ` - -expectedComplianceState $NonCompliant ` - -expectedComment $comment + -attestation $updatedMinimalAttestation2 ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyAssignmentId ` + -expectedComplianceState $NonCompliant ` + -expectedComment $comment # Update an existing attestation by resource ID - $expiresOn = [System.DateTime]::new(2050,01,01,00,00,00) + $expiresOn = [System.DateTime]::new(2050, 01, 01, 00, 00, 00) $updatedMinimalAttestation3 = Set-AzPolicyAttestation -PolicyAssignmentId $policyAssignmentId -Id $updatedMinimalAttestation2.Id -ComplianceState $NonCompliant -Comment $comment -ExpiresOn $expiresOn Validate-Attestation $updatedMinimalAttestation3 Validate-AttestationProperties ` - -attestation $updatedMinimalAttestation3 ` - -expectedName $attestationName ` - -expectedProvisioningState "Succeeded" ` - -expectedPolicyAssignmentId $policyAssignmentId ` - -expectedComplianceState $NonCompliant ` - -expectedComment $comment ` - -expectedExpiresOn $expiresOn + -attestation $updatedMinimalAttestation3 ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyAssignmentId ` + -expectedComplianceState $NonCompliant ` + -expectedComment $comment ` + -expectedExpiresOn $expiresOn #endregion #region Attestations All Properties CRUD $attestationName = "Attestation-Resource-Full" $policyInitiativeAssignmentId = Get-TestAttestationInitiativeResourcePolicyAssignmentId $policyDefinitionReferenceId = Get-TestAttestationInitiativeResourcePolicyRefId - + $description = "This is a test description" $sourceURI = "https://contoso.org/test.pdf" $owner = "Test Owner" $evidence = @{ - "Description"=$description - "SourceUri"=$sourceURI + "Description" = $description + "SourceUri" = $sourceURI } $policyEvidence = @($evidence) $metadata = '{"TestKey":"TestValue"}' - - + + $fullAttestation = New-AzPolicyAttestation ` - -Name $attestationName ` - -Scope $scope ` - -PolicyAssignmentId $policyInitiativeAssignmentId ` - -PolicyDefinitionReferenceId $policyDefinitionReferenceId ` - -ComplianceState $Compliant ` - -Comment $comment ` - -Evidence $policyEvidence ` - -ExpiresOn $expiresOn ` - -AssessmentDate $expiresOn.AddDays(-2) ` - -Owner $owner ` - -Metadata $metadata + -Name $attestationName ` + -Scope $scope ` + -PolicyAssignmentId $policyInitiativeAssignmentId ` + -PolicyDefinitionReferenceId $policyDefinitionReferenceId ` + -ComplianceState $Compliant ` + -Comment $comment ` + -Evidence $policyEvidence ` + -ExpiresOn $expiresOn ` + -AssessmentDate $expiresOn.AddDays(-2) ` + -Owner $owner ` + -Metadata $metadata Validate-Attestation($fullAttestation) Validate-AttestationProperties ` - -attestation $fullAttestation ` - -expectedName $attestationName ` - -expectedProvisioningState "Succeeded" ` - -expectedPolicyAssignmentId $policyInitiativeAssignmentId ` - -expectedPolicyDefinitionReferenceId $policyDefinitionReferenceId ` - -expectedComplianceState $Compliant ` - -expectedComment $comment ` - -expectedExpiresOn $expiresOn ` - -expectedMetadata $metadata ` - -expectedOwner $owner ` - -expectedAssessmentDate $expiresOn.AddDays(-2) - + -attestation $fullAttestation ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyInitiativeAssignmentId ` + -expectedPolicyDefinitionReferenceId $policyDefinitionReferenceId ` + -expectedComplianceState $Compliant ` + -expectedComment $comment ` + -expectedExpiresOn $expiresOn ` + -expectedMetadata $metadata ` + -expectedOwner $owner ` + -expectedAssessmentDate $expiresOn.AddDays(-2) + # Get the attestation $attestation = Get-AzPolicyAttestation -Name $attestationName -Scope $scope Validate-Attestation $attestation Validate-AttestationProperties ` - -attestation $attestation ` - -expectedName $attestationName ` - -expectedProvisioningState "Succeeded" ` - -expectedPolicyAssignmentId $policyInitiativeAssignmentId ` - -expectedComplianceState $Compliant + -attestation $attestation ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyInitiativeAssignmentId ` + -expectedComplianceState $Compliant - # Update the existing attestation by resource name + # Update the existing attestation by resource name $comment = "This is an updated comment" $updatedFullAttestation = Set-AzPolicyAttestation ` - -Name $attestationName ` - -Scope $scope ` - -PolicyAssignmentId $policyInitiativeAssignmentId ` - -PolicyDefinitionReferenceId $policyDefinitionReferenceId ` - -ComplianceState $Compliant ` - -Comment $comment ` - -Evidence $policyEvidence ` - -ExpiresOn $expiresOn ` - -AssessmentDate $expiresOn.AddDays(-2) ` - -Owner $owner ` - -Metadata $metadata + -Name $attestationName ` + -Scope $scope ` + -PolicyAssignmentId $policyInitiativeAssignmentId ` + -PolicyDefinitionReferenceId $policyDefinitionReferenceId ` + -ComplianceState $Compliant ` + -Comment $comment ` + -Evidence $policyEvidence ` + -ExpiresOn $expiresOn ` + -AssessmentDate $expiresOn.AddDays(-2) ` + -Owner $owner ` + -Metadata $metadata Validate-Attestation($updatedFullAttestation) Validate-AttestationProperties ` - -attestation $updatedFullAttestation ` - -expectedName $attestationName ` - -expectedProvisioningState "Succeeded" ` - -expectedPolicyAssignmentId $policyInitiativeAssignmentId ` - -expectedPolicyDefinitionReferenceId $policyDefinitionReferenceId ` - -expectedComplianceState $Compliant ` - -expectedComment $comment ` - -expectedExpiresOn $expiresOn ` - -expectedMetadata $metadata ` - -expectedOwner $owner ` - -expectedAssessmentDate $expiresOn.AddDays(-2) + -attestation $updatedFullAttestation ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyInitiativeAssignmentId ` + -expectedPolicyDefinitionReferenceId $policyDefinitionReferenceId ` + -expectedComplianceState $Compliant ` + -expectedComment $comment ` + -expectedExpiresOn $expiresOn ` + -expectedMetadata $metadata ` + -expectedOwner $owner ` + -expectedAssessmentDate $expiresOn.AddDays(-2) # Update the existing attestation by resource id $description2 = "Found new evidence to make the resource non-compliant" @@ -644,35 +643,35 @@ function Attestation-ResourceScope-Crud { $evidence2 = [Microsoft.Azure.Management.PolicyInsights.Models.AttestationEvidence]::new($description2, $sourceURI2) $policyEvidence = @( ` - $evidence, - $evidence2 + $evidence, + $evidence2 ) $updatedFullAttestation2 = Set-AzPolicyAttestation ` - -Id $updatedFullAttestation.Id ` - -PolicyAssignmentId $policyInitiativeAssignmentId ` - -PolicyDefinitionReferenceId $policyDefinitionReferenceId ` - -ComplianceState $NonCompliant ` - -Comment $comment ` - -Evidence $policyEvidence ` - -ExpiresOn $expiresOn ` - -AssessmentDate $expiresOn.AddDays(-2) ` - -Owner $owner ` - -Metadata $metadata + -Id $updatedFullAttestation.Id ` + -PolicyAssignmentId $policyInitiativeAssignmentId ` + -PolicyDefinitionReferenceId $policyDefinitionReferenceId ` + -ComplianceState $NonCompliant ` + -Comment $comment ` + -Evidence $policyEvidence ` + -ExpiresOn $expiresOn ` + -AssessmentDate $expiresOn.AddDays(-2) ` + -Owner $owner ` + -Metadata $metadata Validate-Attestation($updatedFullAttestation2) Validate-AttestationProperties ` - -attestation $updatedFullAttestation2 ` - -expectedName $attestationName ` - -expectedProvisioningState "Succeeded" ` - -expectedPolicyAssignmentId $policyInitiativeAssignmentId ` - -expectedPolicyDefinitionReferenceId $policyDefinitionReferenceId ` - -expectedComplianceState $NonCompliant ` - -expectedComment $comment ` - -expectedExpiresOn $expiresOn ` - -expectedMetadata $metadata ` - -expectedOwner $owner ` - -expectedAssessmentDate $expiresOn.AddDays(-2) + -attestation $updatedFullAttestation2 ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyInitiativeAssignmentId ` + -expectedPolicyDefinitionReferenceId $policyDefinitionReferenceId ` + -expectedComplianceState $NonCompliant ` + -expectedComment $comment ` + -expectedExpiresOn $expiresOn ` + -expectedMetadata $metadata ` + -expectedOwner $owner ` + -expectedAssessmentDate $expiresOn.AddDays(-2) # Update attestation by input object $newOwner = "Test Owner 2" @@ -680,17 +679,17 @@ function Attestation-ResourceScope-Crud { Validate-Attestation($updatedFullAttestation3) Validate-AttestationProperties ` - -attestation $updatedFullAttestation3 ` - -expectedName $attestationName ` - -expectedProvisioningState "Succeeded" ` - -expectedPolicyAssignmentId $policyInitiativeAssignmentId ` - -expectedPolicyDefinitionReferenceId $policyDefinitionReferenceId ` - -expectedComplianceState $NonCompliant ` - -expectedComment $comment ` - -expectedExpiresOn $expiresOn ` - -expectedMetadata $metadata ` - -expectedOwner $newOwner ` - -expectedAssessmentDate $expiresOn.AddDays(-2) + -attestation $updatedFullAttestation3 ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyInitiativeAssignmentId ` + -expectedPolicyDefinitionReferenceId $policyDefinitionReferenceId ` + -expectedComplianceState $NonCompliant ` + -expectedComment $comment ` + -expectedExpiresOn $expiresOn ` + -expectedMetadata $metadata ` + -expectedOwner $newOwner ` + -expectedAssessmentDate $expiresOn.AddDays(-2) # Get all attestations at the scope $attestations = Get-AzPolicyAttestation -Scope $scope @@ -712,7 +711,7 @@ function Attestation-ResourceScope-Crud { # Get all attestations at the scope $attestations = Get-AzPolicyAttestation -Scope $scope Assert-AreEqual 0 $attestations.Count - + #endregion } @@ -724,11 +723,11 @@ function Attestation-GetCollection { Validate-Attestation $minimalAttestation Validate-AttestationProperties ` - -attestation $minimalAttestation ` - -expectedName $attestationName ` - -expectedProvisioningState "Succeeded" ` - -expectedPolicyAssignmentId $policyAssignmentId ` - -expectedComplianceState $Compliant + -attestation $minimalAttestation ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyAssignmentId ` + -expectedComplianceState $Compliant # Second Attestation $attestationName = "Attestation-RG-Full" @@ -740,40 +739,40 @@ function Attestation-GetCollection { $sourceURI = "https://contoso.org/test.pdf" $owner = "Test Owner" $evidence = @{ - "Description"=$description - "SourceUri"=$sourceURI + "Description" = $description + "SourceUri" = $sourceURI } $policyEvidence = @($evidence) - $expiresOn = [System.DateTime]::new(2050,01,01,00,00,00) + $expiresOn = [System.DateTime]::new(2050, 01, 01, 00, 00, 00) $metadata = '{"TestKey":"TestValue"}' - - + + $fullAttestation = New-AzPolicyAttestation ` - -Name $attestationName ` - -ResourceGroupName $RGName ` - -PolicyAssignmentId $policyInitiativeAssignmentId ` - -PolicyDefinitionReferenceId $policyDefinitionReferenceId ` - -ComplianceState $Compliant ` - -Comment $comment ` - -Evidence $policyEvidence ` - -ExpiresOn $expiresOn ` - -AssessmentDate $expiresOn.AddDays(-2) ` - -Owner $owner ` - -Metadata $metadata + -Name $attestationName ` + -ResourceGroupName $RGName ` + -PolicyAssignmentId $policyInitiativeAssignmentId ` + -PolicyDefinitionReferenceId $policyDefinitionReferenceId ` + -ComplianceState $Compliant ` + -Comment $comment ` + -Evidence $policyEvidence ` + -ExpiresOn $expiresOn ` + -AssessmentDate $expiresOn.AddDays(-2) ` + -Owner $owner ` + -Metadata $metadata Validate-Attestation($fullAttestation) Validate-AttestationProperties ` - -attestation $fullAttestation ` - -expectedName $attestationName ` - -expectedProvisioningState "Succeeded" ` - -expectedPolicyAssignmentId $policyInitiativeAssignmentId ` - -expectedPolicyDefinitionReferenceId $policyDefinitionReferenceId ` - -expectedComplianceState $Compliant ` - -expectedComment $comment ` - -expectedExpiresOn $expiresOn ` - -expectedMetadata $metadata ` - -expectedOwner $owner ` - -expectedAssessmentDate $expiresOn.AddDays(-2) + -attestation $fullAttestation ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyInitiativeAssignmentId ` + -expectedPolicyDefinitionReferenceId $policyDefinitionReferenceId ` + -expectedComplianceState $Compliant ` + -expectedComment $comment ` + -expectedExpiresOn $expiresOn ` + -expectedMetadata $metadata ` + -expectedOwner $owner ` + -expectedAssessmentDate $expiresOn.AddDays(-2) # Third Attestation $policyAssignmentId = Get-TestAttestationResourcePolicyAssignmentId @@ -781,18 +780,18 @@ function Attestation-GetCollection { $scope = Get-PSAttestationTestResourceId $minimalAttestation = New-AzPolicyAttestation ` - -PolicyAssignmentId $policyAssignmentId ` - -Name $attestationName ` - -Scope $scope ` - -ComplianceState $Compliant + -PolicyAssignmentId $policyAssignmentId ` + -Name $attestationName ` + -Scope $scope ` + -ComplianceState $Compliant Validate-Attestation $minimalAttestation Validate-AttestationProperties ` - -attestation $minimalAttestation ` - -expectedName $attestationName ` - -expectedProvisioningState "Succeeded" ` - -expectedPolicyAssignmentId $policyAssignmentId ` - -expectedComplianceState $Compliant + -attestation $minimalAttestation ` + -expectedName $attestationName ` + -expectedProvisioningState "Succeeded" ` + -expectedPolicyAssignmentId $policyAssignmentId ` + -expectedComplianceState $Compliant $attestations1 = Get-AzPolicyAttestation Assert-AreEqual 3 $attestations1.Count @@ -811,7 +810,7 @@ function Attestation-GetCollection { $result = $attestations1 | Remove-AzPolicyAttestation -PassThru Assert-AreEqual $true $result -} +} function Attestation-Error-Handling { #region Attestation CRUD Error No Compliance Results @@ -824,6 +823,6 @@ function Attestation-Error-Handling { { New-AzPolicyAttestation -ResourceGroupName $RGName -PolicyAssignmentId $policyAssignmentId -Name $attestationName -ComplianceState $Compliant } ` - "InvalidCreateAttestationRequest: Unable to create attestation '$attestationName'. No compliance data was found for resource '/subscriptions/$(Get-TestSubscriptionId)/resourceGroups/$RGName' against policy assignment '$policyAssignmentId'" + "InvalidCreateAttestationRequest: Unable to create attestation '$attestationName'. No compliance data was found for resource '/subscriptions/$(Get-TestSubscriptionId)/resourceGroups/$RGName' against policy assignment '$policyAssignmentId'" #endregion } \ No newline at end of file diff --git a/src/PolicyInsights/PolicyInsights.Test/ScenarioTests/Common.ps1 b/src/PolicyInsights/PolicyInsights.Test/ScenarioTests/Common.ps1 index a3a470bff717..a589dd686715 100644 --- a/src/PolicyInsights/PolicyInsights.Test/ScenarioTests/Common.ps1 +++ b/src/PolicyInsights/PolicyInsights.Test/ScenarioTests/Common.ps1 @@ -27,7 +27,7 @@ Gets test subscription ID. #> function Get-TestSubscriptionId { # Reminder: The subscription ID in the test context (created via PS command or by creating an env variable) should be the same as this subscription ID. - "086aecf4-23d6-4dfd-99a8-a5c6299f0322" # This is the Azure Governance Perf 21 subscription + "0b40be06-04e8-4f70-abde-a502b2646fe8" # This is the Azure Governance Perf 21 subscription } <# @@ -283,7 +283,7 @@ function Validate-PolicyStateSummary { Assert-NotNull $policyStateSummary.Results.NonCompliantPolicies Assert-NotNull $policyStateSummary.PolicyAssignments - Assert-True { $policyStateSummary.PolicyAssignments.Count -gt 0 } + Assert-True { $policyStateSummary.PolicyAssignments.Count -gt 0 } Foreach ($policyAssignmentSummary in $policyStateSummary.PolicyAssignments) { Assert-NotNull $policyAssignmentSummary @@ -321,7 +321,7 @@ function Validate-SummaryResults { param([Microsoft.Azure.Commands.PolicyInsights.Models.SummaryResults] $results, [switch]$nonCompliantPoliciesAssertNull = $true ) - + Assert-NotNull $results.NonCompliantResources if ($nonCompliantPoliciesAssertNull) { Assert-Null $results.NonCompliantPolicies @@ -641,10 +641,10 @@ function Validate-AttestationProperties { [Parameter(Mandatory = $false)]$expectedAssessmentDate = $null ) if ($null -ne $expectedName) { - Assert-AreEqual $expectedName $attestation.Name + Assert-AreEqual $expectedName $attestation.Name } if ($null -ne $expectedProvisioningState) { - Assert-AreEqual $expectedProvisioningState $attestation.ProvisioningState + Assert-AreEqual $expectedProvisioningState $attestation.ProvisioningState } if ($null -ne $expectedPolicyAssignmentId) { Assert-AreEqual $expectedPolicyAssignmentId $attestation.PolicyAssignmentId @@ -660,7 +660,7 @@ function Validate-AttestationProperties { } if ($null -ne $expectedMetadata) { $expectedMetadataJson = [Newtonsoft.Json.Linq.JObject]::Parse($expectedMetadata) - Assert-AreEqual $expectedMetadataJson.ToString() $attestation.metadata.ToString() + Assert-AreEqual $expectedMetadataJson.ToString() $attestation.metadata.metadata.ToString() } if ($null -ne $expectedEvidence) { Validate-PolicyAttestationEvidence($attestation.Evidence, $expectedEvidence) @@ -682,7 +682,7 @@ Validates an attestation evidence. #> function Validate-AttestationEvidence { param($actualEvidence, $expectedEvidence) - + Assert-NotNullOrEmpty $actualEvidence for ($i = 0; $i -lt $actualEvidence.Count; $i++) { Assert-AreEqual $expectedEvidence[$i].Description $actualEvidence[$i].Description diff --git a/src/PolicyInsights/PolicyInsights/Cmdlets/Attestations/NewAzureRmPolicyAttestation.cs b/src/PolicyInsights/PolicyInsights/Cmdlets/Attestations/NewAzureRmPolicyAttestation.cs index 02a2b2cdd059..ef4a2aab6762 100644 --- a/src/PolicyInsights/PolicyInsights/Cmdlets/Attestations/NewAzureRmPolicyAttestation.cs +++ b/src/PolicyInsights/PolicyInsights/Cmdlets/Attestations/NewAzureRmPolicyAttestation.cs @@ -79,7 +79,7 @@ public class NewAzureRmPolicyAttestation : AttestationCmdletBase public DateTime? AssessmentDate { get; set; } [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, HelpMessage = ParameterHelpMessages.AttestationMetadata)] - public object Metadata { get; set; } + public PSAttestationMetadata Metadata { get; set; } public override void Execute() { diff --git a/src/PolicyInsights/PolicyInsights/Cmdlets/Attestations/SetAzureRmPolicyAttestation.cs b/src/PolicyInsights/PolicyInsights/Cmdlets/Attestations/SetAzureRmPolicyAttestation.cs index 1d247e9213ea..04501c902a96 100644 --- a/src/PolicyInsights/PolicyInsights/Cmdlets/Attestations/SetAzureRmPolicyAttestation.cs +++ b/src/PolicyInsights/PolicyInsights/Cmdlets/Attestations/SetAzureRmPolicyAttestation.cs @@ -84,7 +84,7 @@ public class SetAzureRmPolicyAttestation : AttestationCmdletBase public DateTime? AssessmentDate { get; set; } [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, HelpMessage = ParameterHelpMessages.AttestationMetadata)] - public object Metadata { get; set; } + public PSAttestationMetadata Metadata { get; set; } public override void Execute() { @@ -106,7 +106,7 @@ public override void Execute() this.Comment = this.IsParameterBound(c => c.Comment) ? this.Comment : this.InputObject?.Comment; this.Evidence = this.IsParameterBound(c => c.Evidence) ? this.Evidence : this.InputObject?.Evidence; this.AssessmentDate = this.IsParameterBound(c => c.AssessmentDate) ? this.AssessmentDate : this.InputObject?.AssessmentDate; - this.Metadata = this.IsParameterBound(c => c.Metadata) ? ConvertToMetadataJObject(this.Metadata) : this.InputObject?.Metadata; + this.Metadata = this.IsParameterBound(c => c.Metadata) ? this.Metadata : this.InputObject?.Metadata; } if (this.IsParameterBound(c => c.ResourceId)) diff --git a/src/PolicyInsights/PolicyInsights/Common/AttestationCmdletBase.cs b/src/PolicyInsights/PolicyInsights/Common/AttestationCmdletBase.cs index e0436c9cfa0a..91e56843479f 100644 --- a/src/PolicyInsights/PolicyInsights/Common/AttestationCmdletBase.cs +++ b/src/PolicyInsights/PolicyInsights/Common/AttestationCmdletBase.cs @@ -99,13 +99,13 @@ protected string GetAttestationName(string name = null, string resourceId = null return attestationName; } - protected static JObject ConvertToMetadataJObject(object metadata) + protected static JObject ConvertToMetadataJObject(PSAttestationMetadata metadata) { if (metadata != null) { try { - return JObject.Parse(metadata.ToString()); + return JObject.Parse(metadata.Metadata.ToString()); } catch { diff --git a/src/PolicyInsights/PolicyInsights/Models/Attestations/PSAttestation.cs b/src/PolicyInsights/PolicyInsights/Models/Attestations/PSAttestation.cs index 43f4ca85efd1..d7e2eaba156f 100644 --- a/src/PolicyInsights/PolicyInsights/Models/Attestations/PSAttestation.cs +++ b/src/PolicyInsights/PolicyInsights/Models/Attestations/PSAttestation.cs @@ -23,7 +23,7 @@ namespace Microsoft.Azure.Commands.PolicyInsights.Models.Attestations using Newtonsoft.Json; /// - /// + /// /// public class PSAttestation{ @@ -110,7 +110,7 @@ public class PSAttestation{ /// /// Gets or sets additional metadata for this attestation /// - public object Metadata { get; set; } + public PSAttestationMetadata Metadata { get; set; } /// /// Gets azure Resource Manager metadata containing createdBy and @@ -138,7 +138,7 @@ public PSAttestation(Attestation attestation) this.ExpiresOn = attestation.ExpiresOn; this.Owner = attestation.Owner; this.Comment = attestation.Comments; - this.Metadata = attestation.Metadata; + this.Metadata = attestation.Metadata != null? new PSAttestationMetadata(attestation.Metadata): null; this.LastComplianceStateChangeAt = attestation.LastComplianceStateChangeAt; this.AssessmentDate = attestation.AssessmentDate; this.Evidence = attestation.Evidence?.Select(evidence => new PSAttestationEvidence(evidence)).ToArray(); diff --git a/src/PolicyInsights/PolicyInsights/Models/Attestations/PSAttestationEvidence.cs b/src/PolicyInsights/PolicyInsights/Models/Attestations/PSAttestationEvidence.cs index 50fa59e10eb8..14246d7829a1 100644 --- a/src/PolicyInsights/PolicyInsights/Models/Attestations/PSAttestationEvidence.cs +++ b/src/PolicyInsights/PolicyInsights/Models/Attestations/PSAttestationEvidence.cs @@ -22,7 +22,6 @@ namespace Microsoft.Azure.Commands.PolicyInsights.Models.Attestations { public class PSAttestationEvidence { - /// /// Gets or sets the description for this piece of evidence. /// diff --git a/src/PolicyInsights/PolicyInsights/help/Az.PolicyInsightsCmdlet.Design.md b/src/PolicyInsights/PolicyInsights/help/Az.PolicyInsightsCmdlet.Design.md deleted file mode 100644 index e4df9085126e..000000000000 --- a/src/PolicyInsights/PolicyInsights/help/Az.PolicyInsightsCmdlet.Design.md +++ /dev/null @@ -1,1283 +0,0 @@ -#### New-AzPolicyAttestation - -#### SYNOPSIS -Creates a new policy attestation for a policy assignment. - -#### SYNTAX - -+ ByName (Default) -```powershell -New-AzPolicyAttestation -Name [-Scope ] [-ResourceGroupName ] - -PolicyAssignmentId [-ComplianceState ] [-PolicyDefinitionReferenceId ] - [-ExpiresOn ] [-Owner ] [-Comment ] [-Evidence ] - [-AssessmentDate ] [-Metadata ] [-DefaultProfile ] [-WhatIf] - [-Confirm] [] -``` - -+ ByResourceId -```powershell -New-AzPolicyAttestation -ResourceId -PolicyAssignmentId [-ComplianceState ] - [-PolicyDefinitionReferenceId ] [-ExpiresOn ] [-Owner ] [-Comment ] - [-Evidence ] [-AssessmentDate ] [-Metadata ] - [-DefaultProfile ] [-WhatIf] [-Confirm] [] -``` - -#### EXAMPLES - -+ Example 1: Create an attestation at subscription scope -```powershell -Set-AzContext -Subscription "My Subscription" -$policyAssignmentId = "/subscriptions/49c37404-cef8-46b2-ba72-fa8419c82ed5/providers/Microsoft.Authorization/policyAssignments/0774f87b3af94c1399d3ee52" -$attestationName = "attestation-subscription" -New-AzPolicyAttestation -PolicyAssignmentId $policyAssignmentId -Name $attestationName -ComplianceState "Compliant" -``` - -This command creates a new policy attestation at subscription 'My Subscription' for the given policy assignment. - ->**Note:** ->This command creates an attestation for the subscription and not the resources underneath it. For ease of management, manual policies should be designed to target the scope which defines the boundary of resources whose compliance state needs to be attested. In this case, the manual policy should be targeting `Microsoft.Resources/subscriptions`. For more information, go to https://learn.microsoft.com/en-us/azure/governance/policy/concepts/attestation-structure to understand the best practices for creating attestations. - -+ Example 2: Create an attestation at resource group -```powershell -$policyAssignmentId = "/subscriptions/49c37404-cef8-46b2-ba72-fa8419c82ed5/providers/Microsoft.Authorization/policyAssignments/0774f87b3af94c1399d3ee52" -$attestationName = "attestation-RG" -$rgName = "myRG" -New-AzPolicyAttestation -ResourceGroupName $RGName -PolicyAssignmentId $policyAssignmentId -Name $attestationName -ComplianceState "Compliant" -``` - -This command creates a new policy attestation at the resource group 'myRG' for the given policy assignment. - ->**Note:** ->This command creates an attestation for the resource group and not the resources underneath it. For ease of management, manual policies should be designed to target the scope which defines the boundary of resources whose compliance state needs to be attested. In this case, the manual policy should be targeting `Microsoft.Resources/subscriptions/resourceGroups`. For more information, go to https://learn.microsoft.com/en-us/azure/governance/policy/concepts/attestation-structure to understand the best practices for creating attestations. - -+ Example 3: Create an attestation at resource -```powershell -$policyAssignmentId = "/subscriptions/49c37404-cef8-46b2-ba72-fa8419c82ed5/providers/Microsoft.Authorization/policyAssignments/0774f87b3af94c1399d3ee52" -$attestationName = "attestation-resource" -$scope = "/subscriptions/49c37404-cef8-46b2-ba72-fa8419c82ed5/resourceGroups/myRG/providers/Microsoft.Network/virtualNetworks/Test-VN" -New-AzPolicyAttestation ` - -PolicyAssignmentId $policyAssignmentId ` - -Name $attestationName ` - -Scope $scope ` - -ComplianceState "NonCompliant" -``` - -This command creates an attestation for the resource 'Test-VN' for the given policy assignment. - -+ Example 4: Create an attestation with all properties at resource group -``` -$attestationName = "attestationRG" -$policyInitiativeAssignmentId = "/subscriptions/49c37404-cef8-46b2-ba72-fa8419c82ed5/resourceGroups/myRG/providers/Microsoft.Authorization/policyAssignments/74067f0991764e9882a046e0" -$policyDefinitionReferenceId = "PS: Manual Policy (RG)_1" - -$description = "This is a test description" -$sourceURI = "https://contoso.org/test.pdf" -$owner = "Test Owner" -$evidence = @{ - "Description"=$description - "SourceUri"=$sourceURI -} -$policyEvidence = @($evidence) -$metadata = '{"TestKey":"TestValue"}' -New-AzPolicyAttestation ` - -Name $attestationName ` - -ResourceGroupName $RGName ` - -PolicyAssignmentId $policyInitiativeAssignmentId ` - -PolicyDefinitionReferenceId $policyDefinitionReferenceId ` - -ComplianceState $Compliant ` - -Comment $comment ` - -Evidence $policyEvidence ` - -ExpiresOn $expiresOn ` - -AssessmentDate $expiresOn.AddDays(-2) ` - -Owner $owner ` - -Metadata $metadata -``` - - -#### Get-AzPolicyAttestation - -#### SYNOPSIS -Gets policy attestations. - -#### SYNTAX - -+ SubscriptionScope (Default) -```powershell -Get-AzPolicyAttestation [-Top ] [-Filter ] [-DefaultProfile ] - [] -``` - -+ ByName -```powershell -Get-AzPolicyAttestation -Name [-Scope ] [-ResourceGroupName ] - [-DefaultProfile ] [] -``` - -+ GenericScope -```powershell -Get-AzPolicyAttestation -Scope [-Top ] [-Filter ] - [-DefaultProfile ] [] -``` - -+ ResourceGroupScope -```powershell -Get-AzPolicyAttestation -ResourceGroupName [-Top ] [-Filter ] - [-DefaultProfile ] [] -``` - -+ ByResourceId -```powershell -Get-AzPolicyAttestation -ResourceId [-DefaultProfile ] [] -``` - -#### EXAMPLES - -+ Example 1: Get all policy attestations in the current subscription -```powershell -Set-AzContext -Subscription "MySubscription" -Get-AzPolicyAttestation -``` - -This command gets all the attestations created at or underneath a subscription named "My Subscription". - -+ Example 2: Get a specific policy attestation -```powershell -Get-AzPolicyAttestation -ResourceGroupName "myResourceGroup" -Name "attestation1" -``` - -This command gets the attestation named 'attestation1' at the resource group 'myResourceGroup'. - -+ Example 3: Get 5 policy attestations in a subscription with optional filters -```powershell -Set-AzContext -Subscription "MySubscription" -Get-AzPolicyAttestation -Top 5 -Filter "PolicyAssignmentId eq '/subscriptions/49c37404-cef8-46b2-ba72-fa8419c82ed5/providers/Microsoft.Authorization/policyAssignments/0774f87b3af94c1399d3ee52" -``` - -This command gets a max of 5 policy attestations underneath the subscription named 'My Subscription'. Only policy attestations for the given policy assignment will be retrieved. - - -#### Remove-AzPolicyAttestation - -#### SYNOPSIS -Deletes a policy attestation. - -#### SYNTAX - -+ ByName (Default) -```powershell -Remove-AzPolicyAttestation -Name [-Scope ] [-ResourceGroupName ] [-PassThru] - [-DefaultProfile ] [-WhatIf] [-Confirm] [] -``` - -+ ByResourceId -```powershell -Remove-AzPolicyAttestation -ResourceId [-PassThru] [-DefaultProfile ] - [-WhatIf] [-Confirm] [] -``` - -+ ByInputObject -```powershell -Remove-AzPolicyAttestation -InputObject [-PassThru] [-DefaultProfile ] - [-WhatIf] [-Confirm] [] -``` - -#### EXAMPLES - -+ Example 1: Delete a policy remediation by name at subscription scope. -```powershell -Set-AzContext -Subscription "My Subscription" -Remove-AzPolicyAttestation -Name "attestation1" -``` - -This command deletes the attestation named 'attestation1' in subscription "My Subscription" - -+ Example 2: Delete a policy remediation via piping at resource group. -```powershell -$rgName = "myRG" - -Get-AzPolicyAttestation -Name "attestation2" -ResourceGroupName $rgName | Remove-AzPolicyAttestation -``` - -This command deletes the attestation named 'attestation2' at resource group 'myRG' using input object given by the **Get-AzPolicyAttestation** cmdlet. - -+ Example 3: Delete a policy remediation using ResourceId. -```powershell -$scope = "/subscriptions/49c37404-cef8-46b2-ba72-fa8419c82ed5/resourceGroups/myRG/providers/Microsoft.Network/virtualNetworks/Test-VN" -$attestationToDelete = Get-AzPolicyAttestation -Name "attestation3" -Scope $scope -Remove-AzPolicyAttestation -Id $attestationToDelete.Id -``` - -The first command gets an attestation named 'attestation3' with a resource id supplied as scope. -The second command then deletes the attestation using the resource id of the stored attestation. - - -#### Set-AzPolicyAttestation - -#### SYNOPSIS -Modifies a policy attestation. - -#### SYNTAX - -+ ByName (Default) -```powershell -Set-AzPolicyAttestation -Name [-Scope ] [-ResourceGroupName ] - [-PolicyAssignmentId ] [-ComplianceState ] [-PolicyDefinitionReferenceId ] - [-ExpiresOn ] [-Owner ] [-Comment ] [-Evidence ] - [-AssessmentDate ] [-Metadata ] [-DefaultProfile ] [-WhatIf] - [-Confirm] [] -``` - -+ ByResourceId -```powershell -Set-AzPolicyAttestation -ResourceId [-PolicyAssignmentId ] [-ComplianceState ] - [-PolicyDefinitionReferenceId ] [-ExpiresOn ] [-Owner ] [-Comment ] - [-Evidence ] [-AssessmentDate ] [-Metadata ] - [-DefaultProfile ] [-WhatIf] [-Confirm] [] -``` - -+ ByInputObject -```powershell -Set-AzPolicyAttestation -InputObject [-PolicyAssignmentId ] [-ComplianceState ] - [-PolicyDefinitionReferenceId ] [-ExpiresOn ] [-Owner ] [-Comment ] - [-Evidence ] [-AssessmentDate ] [-Metadata ] - [-DefaultProfile ] [-WhatIf] [-Confirm] [] -``` - -#### EXAMPLES - -+ Example 1: Update an attestation by name -```powershell -Set-AzContext -Subscription "My Subscription" -#### Update the existing attestation by resource name at subscription scope (default) -$comment = "Setting the state to non compliant" -$attestationName = "attestation1" - -Set-AzPolicyAttestation -PolicyAssignmentId $policyAssignmentId -Name $attestationName -ComplianceState "NonCompliant" -Comment $comment -``` - -The command here sets the compliance state and adds a comment to an existing attestation with name 'attestation1' in the subscription named 'My Subscription' - -+ Example 2: Update an attestation by ResourceId -```powershell -#### Get an attestation -$rgName = "myRG" -$attestationName = "attestation2" -$attestation = Get-AzPolicyAttestation -ResourceGroupName $rgName -Name $attestationName - -#### Update the existing attestation by resource ID at RG -$expiresOn = [System.DateTime]::UtcNow.AddYears(1) -$updatedAttestation = Set-AzPolicyAttestation -Id $attestation.Id -ExpiresOn $expiresOn -``` - -The first command gets an existing attestation at the resource group 'myRG' with the name 'attestation2'. - -The final command updates the expiry time of the policy attestation by the **ResourceId** property of the existing attestation. - -+ Example 3: Update an attestation by input object -```powershell -#### Get an attestation -$attestationName = "attestation3" -$scope = "/subscriptions/49c37404-cef8-46b2-ba72-fa8419c82ed5/resourceGroups/myRG/providers/Microsoft.Network/virtualNetworks/Test-VN" -$attestation = Get-AzPolicyAttestation -Name $attestationName -Scope $scope - -#### Update attestation by input object -$newOwner = "Test Owner 2" -$attestation | Set-AzPolicyAttestation -Owner $newOwner -``` - -The first command gets an existing attestation with name 'attestation3' for the given resource using its resource id as the scope - -The final command updates the owner of the policy attestation by using piping. - - -#### Start-AzPolicyComplianceScan - -#### SYNOPSIS -Triggers a policy compliance evaluation for all resources in a subscription or resource group. - -#### SYNTAX - -```powershell -Start-AzPolicyComplianceScan [-ResourceGroupName ] [-AsJob] [-PassThru] - [-DefaultProfile ] [-WhatIf] [-Confirm] [] -``` - -#### EXAMPLES - -+ Example 1: Start a compliance scan at subscription scope -```powershell -Start-AzPolicyComplianceScan -``` - -This command starts a policy compliance evaluation for the active subscription. - -+ Example 2: Start a compliance scan at resource group scope -```powershell -Start-AzPolicyComplianceScan -ResourceGroupName "myRG" -``` - -This command starts a policy compliance evaluation for the "myRG" resource group in the active subscription. - -+ Example 3: Start a compliance scan and wait for it to complete in the background -```powershell -$job = Start-AzPolicyComplianceScan -AsJob -$job | Wait-Job -``` - -This command starts a policy compliance evaluation for the active subscription. It will wait for the scan to complete. - - -#### Get-AzPolicyEvent - -#### SYNOPSIS -Gets policy evaluation events generated as resources are created or updated. - -#### SYNTAX - -+ SubscriptionScope (Default) -```powershell -Get-AzPolicyEvent [-SubscriptionId ] [-Top ] [-OrderBy ] [-Select ] - [-From ] [-To ] [-Filter ] [-Apply ] - [-DefaultProfile ] [] -``` - -+ ManagementGroupScope -```powershell -Get-AzPolicyEvent -ManagementGroupName [-Top ] [-OrderBy ] [-Select ] - [-From ] [-To ] [-Filter ] [-Apply ] - [-DefaultProfile ] [] -``` - -+ ResourceGroupScope -```powershell -Get-AzPolicyEvent [-SubscriptionId ] -ResourceGroupName [-Top ] [-OrderBy ] - [-Select ] [-From ] [-To ] [-Filter ] [-Apply ] - [-DefaultProfile ] [] -``` - -+ PolicySetDefinitionScope -```powershell -Get-AzPolicyEvent [-SubscriptionId ] -PolicySetDefinitionName [-Top ] - [-OrderBy ] [-Select ] [-From ] [-To ] [-Filter ] - [-Apply ] [-DefaultProfile ] [] -``` - -+ PolicyDefinitionScope -```powershell -Get-AzPolicyEvent [-SubscriptionId ] -PolicyDefinitionName [-Top ] [-OrderBy ] - [-Select ] [-From ] [-To ] [-Filter ] [-Apply ] - [-DefaultProfile ] [] -``` - -+ SubscriptionLevelPolicyAssignmentScope -```powershell -Get-AzPolicyEvent [-SubscriptionId ] -PolicyAssignmentName [-Top ] [-OrderBy ] - [-Select ] [-From ] [-To ] [-Filter ] [-Apply ] - [-DefaultProfile ] [] -``` - -+ ResourceGroupLevelPolicyAssignmentScope -```powershell -Get-AzPolicyEvent [-SubscriptionId ] -ResourceGroupName -PolicyAssignmentName - [-Top ] [-OrderBy ] [-Select ] [-From ] [-To ] [-Filter ] - [-Apply ] [-DefaultProfile ] [] -``` - -+ ResourceScope -```powershell -Get-AzPolicyEvent -ResourceId [-Top ] [-OrderBy ] [-Select ] [-From ] - [-To ] [-Filter ] [-Apply ] [-DefaultProfile ] - [] -``` - -#### EXAMPLES - -+ Example 1: Get policy events in current subscription scope -```powershell -Get-AzPolicyEvent -``` - -Gets policy event records generated in the last day for all resources within the subscription in current session context. - -+ Example 2: Get policy events in the specified subscription scope -```powershell -Get-AzPolicyEvent -SubscriptionId "fff10b27-fff3-fff5-fff8-fffbe01e86a5" -``` - -Gets policy event records generated in the last day for all resources within the specified subscription. - -+ Example 3: Get policy events in management group scope -```powershell -Get-AzPolicyEvent -ManagementGroupName "myManagementGroup" -``` - -Gets policy event records generated in the last day for all resources within the specified management group. - -+ Example 4: Get policy events in resource group scope in current subscription -```powershell -Get-AzPolicyEvent -ResourceGroupName "myResourceGroup" -``` - -Gets policy event records generated in the last day for all resources within the specified resource group (in the subscription in current session context). - -+ Example 5: Get policy events in resource group scope in the specified subscription -```powershell -Get-AzPolicyEvent -SubscriptionId "fff10b27-fff3-fff5-fff8-fffbe01e86a5" -ResourceGroupName "myResourceGroup" -``` - -Gets policy event records generated in the last day for all resources within the specified resource group (in the specified subscription). - -+ Example 6: Get policy events for a resource -```powershell -Get-AzPolicyEvent -ResourceId "/subscriptions/fff10b27-fff3-fff5-fff8-fffbe01e86a5/resourceGroups/myResourceGroup/providers/Microsoft.EventHub/namespaces/myns1/eventhubs/eh1/consumergroups/cg1" -``` - -Gets policy event records generated in the last day for the specified resource. - -+ Example 7: Get policy events for a policy set definition in current subscription -```powershell -Get-AzPolicyEvent -PolicySetDefinitionName "fff58873-fff8-fff5-fffc-fffbe7c9d697" -``` - -Gets policy event records generated in the last day for all resources (within the tenant in current session context) effected by the specified policy set definition (that exists in the subscription in current session context). - -+ Example 8: Get policy events for a policy set definition in the specified subscription -```powershell -Get-AzPolicyEvent -SubscriptionId "fff10b27-fff3-fff5-fff8-fffbe01e86a5" -PolicySetDefinitionName "fff58873-fff8-fff5-fffc-fffbe7c9d697" -``` - -Gets policy event records generated in the last day for all resources (within the tenant in current session context) effected by the specified policy set definition (that exists in the specified subscription). - -+ Example 9: Get policy events for a policy definition in current subscription -```powershell -Get-AzPolicyEvent -PolicyDefinitionName "fff58873-fff8-fff5-fffc-fffbe7c9d697" -``` - -Gets policy event records generated in the last day for all resources (within the tenant in current session context) effected by the specified policy definition (that exists in the subscription in current session context). - -+ Example 10: Get policy events for a policy definition in the specified subscription -```powershell -Get-AzPolicyEvent -SubscriptionId "fff10b27-fff3-fff5-fff8-fffbe01e86a5" -PolicyDefinitionName "fff58873-fff8-fff5-fffc-fffbe7c9d697" -``` - -Gets policy event records generated in the last day for all resources (within the tenant in current session context) effected by the specified policy definition (that exists in the specified subscription). - -+ Example 11: Get policy events for a policy assignment in current subscription -```powershell -Get-AzPolicyEvent -PolicyAssignmentName "ddd8ef92e3714a5ea3d208c1" -``` - -Gets policy event records generated in the last day for all resources (within the tenant in current session context) effected by the specified policy assignment (that exists in the subscription in current session context). - -+ Example 12: Get policy events for a policy assignment in the specified subscription -```powershell -Get-AzPolicyEvent -SubscriptionId "fff10b27-fff3-fff5-fff8-fffbe01e86a5" -PolicyAssignmentName "ddd8ef92e3714a5ea3d208c1" -``` - -Gets policy event records generated in the last day for all resources (within the tenant in current session context) effected by the specified policy assignment (that exists in the specified subscription). - -+ Example 13: Get policy events for a policy assignment in the specified resource group in the current subscription -```powershell -Get-AzPolicyEvent -ResourceGroupName "myResourceGroup" -PolicyAssignmentName "ddd8ef92e3714a5ea3d208c1" -``` - -Gets policy event records generated in the last day for all resources (within the tenant in current session context) effected by the specified policy assignment (that exists in the resource group in the subscription in current session context). - -+ Example 14: Get policy events in current subscription scope, with OrderBy, Top and Select query options -```powershell -Get-AzPolicyEvent -OrderBy "Timestamp desc, PolicyAssignmentName asc" -Top 5 -Select "Timestamp, ResourceId, PolicyAssignmentId, PolicySetDefinitionId, PolicyDefinitionId" -``` - -Gets policy event records generated in the last day for all resources within the subscription in current session context. -The command orders the results by timestamp and policy assignment name properties, and takes only top 5 of those listed in that order. -It also selects to list only a subset of the columns for each record. - -+ Example 15: Get policy events in current subscription scope, with From and To query options -```powershell -Get-AzPolicyEvent -From "2018-03-08 00:00:00Z" -To "2018-03-15 00:00:00Z" -``` - -Gets policy event records generated within the date range specified for all resources within the subscription in current session context. - -+ Example 16: Get policy events in current subscription scope, with Filter query option -```powershell -Get-AzPolicyEvent -Filter "(PolicyDefinitionAction eq 'deny' or PolicyDefinitionAction eq 'audit') and ResourceLocation ne 'eastus'" -``` - -Gets policy event records generated in the last day for all resources within the subscription in current session context. -The command limits the results returned by filtering based on policy definition action (includes deny or audit actions) and resource location (excludes eastus location). - -+ Example 17: Get policy events in current subscription scope, with Apply specifying row count aggregation -```powershell -Get-AzPolicyEvent -Apply "aggregate(`$count as NumberOfRecords)" -``` - -Gets the number of policy event records generated in the last day for all resources within the subscription in current session context. -The command returns the count of the policy event records only, which is returned inside AdditionalProperties property. - -+ Example 18: Get policy events in current subscription scope, with Apply specifying grouping with aggregation -```powershell -Get-AzPolicyEvent -Filter "PolicyDefinitionAction eq 'audit' or PolicyDefinitionAction eq 'deny'" -Apply "groupby((PolicyAssignmentId, PolicyDefinitionId, PolicyDefinitionAction, ResourceId), aggregate(`$count as NumEvents))" -OrderBy "NumEvents desc" -Top 5 -``` - -Gets policy event records generated in the last day for all resources within the subscription in current session context. -The command limits the results returned by filtering based on policy definition action (includes only audit and deny events). -It groups the results based on policy assignment, policy definition, policy definition action, and resource id, and computes the number of records in each group, which is returned inside AdditionalProperties property. -It orders the results by the count aggregation in descending order, and takes only top 5 of those listed in that order. - -+ Example 19: Get policy events in current subscription scope, with Apply specifying grouping without aggregation -```powershell -Get-AzPolicyEvent -Filter "PolicyDefinitionAction eq 'audit' or PolicyDefinitionAction eq 'deny'" -Apply "groupby((ResourceId))" -``` - -Gets policy event records generated in the last day for all resources within the subscription in current session context. -The command limits the results returned by filtering based on policy definition action (includes only audit and deny events). -It groups the results based on resource id. -This generates the list of all resources within the subscription that generated a policy event for at least one audit or deny policy. - -+ Example 20: Get policy events in current subscription scope, with Apply specifying multiple groupings -```powershell -Get-AzPolicyEvent -Filter "PolicyDefinitionAction eq 'deny'" -Apply "groupby((PolicyAssignmentId, PolicyDefinitionId, ResourceId))/groupby((PolicyAssignmentId, PolicyDefinitionId), aggregate(`$count as NumDeniedResources))" -OrderBy "NumDeniedResources desc" -Top 5 -``` - -Gets policy event records generated in the last day for all resources within the subscription in current session context. -The command limits the results returned by filtering based on policy definition action (includes only deny events). -It groups the results first based on policy assignment, policy definition, and resource id. -Then, it further groups the results of this grouping with the same properties except for resource id, and computes the number of records in each of these groups, which is returned inside AdditionalProperties property. -It orders the results by the count aggregation in descending order, and takes only top 5 of those listed in that order. -This generates the top 5 deny policies with the most number of denied resources. - - -#### Get-AzPolicyMetadata - -#### SYNOPSIS -Gets Policy Metadata resources - -#### SYNTAX - -```powershell -Get-AzPolicyMetadata [-Name ] [-Top ] [-DefaultProfile ] - [] -``` - -#### EXAMPLES - -+ Example 1: Get all policy metadata resources -```powershell -Get-AzPolicyMetadata -``` - -This command gets all policy metadata resources - -+ Example 2: Get a collection of 10 policy metadata resources -```powershell -Get-AzPolicyMetadata -Top 10 -``` - -This command gets a collection of 10 policy metadata resources - -+ Example 3: Get a single policy metadata resource with the name 'ACF1348' -```powershell -Get-AzPolicyMetadata -Name ACF1348 -``` - -This command gets a single policy metadata resource with the name 'ACF1348' - - -#### Get-AzPolicyRemediation - -#### SYNOPSIS -Gets policy remediations. - -#### SYNTAX - -+ SubscriptionScope (Default) -```powershell -Get-AzPolicyRemediation [-Top ] [-Filter ] [-DefaultProfile ] - [] -``` - -+ ByName -```powershell -Get-AzPolicyRemediation -Name [-Scope ] [-ManagementGroupName ] - [-ResourceGroupName ] [-Top ] [-IncludeDetail] [-DefaultProfile ] - [] -``` - -+ GenericScope -```powershell -Get-AzPolicyRemediation -Scope [-Top ] [-Filter ] - [-DefaultProfile ] [] -``` - -+ ManagementGroupScope -```powershell -Get-AzPolicyRemediation -ManagementGroupName [-Top ] [-Filter ] - [-DefaultProfile ] [] -``` - -+ ResourceGroupScope -```powershell -Get-AzPolicyRemediation -ResourceGroupName [-Top ] [-Filter ] - [-DefaultProfile ] [] -``` - -+ ByResourceId -```powershell -Get-AzPolicyRemediation -ResourceId [-Top ] [-IncludeDetail] - [-DefaultProfile ] [] -``` - -#### EXAMPLES - -+ Example 1: Get all policy remediations in the current subscription -```powershell -Set-AzContext -Subscription "My Subscription" -Get-AzPolicyRemediation -``` - -This command gets all the remediations created at or underneath a subscription named 'My Subscription'. - -+ Example 2: Get a specific policy remediation and the deployment details -```powershell -Get-AzPolicyRemediation -ResourceGroupName "myResourceGroup" -Name "remediation1" -IncludeDetail -``` - -This command gets the remediation named 'remediation1' from resource group 'myResourceGroup'. The details of the resources being remediated will be included. - -+ Example 3: Get 10 policy remediations in a management group with optional filters -```powershell -Get-AzPolicyRemediation -ManagementGroupName "mg1" -Top 10 -Filter "PolicyAssignmentId eq '/providers/Microsoft.Management/managementGroups/mg1/providers/Microsoft.Authorization/policyAssignments/pa1'" -``` - -This command gets a max of 10 policy remediations from a management group named 'mg1'. Only policy remediations for the given policy assignment will be retrieved. - - -#### Remove-AzPolicyRemediation - -#### SYNOPSIS -Deletes a policy remediation. - -#### SYNTAX - -+ ByName (Default) -```powershell -Remove-AzPolicyRemediation -Name [-Scope ] [-ManagementGroupName ] - [-ResourceGroupName ] [-AllowStop] [-AsJob] [-PassThru] [-DefaultProfile ] - [-WhatIf] [-Confirm] [] -``` - -+ ByResourceId -```powershell -Remove-AzPolicyRemediation -ResourceId [-AllowStop] [-AsJob] [-PassThru] - [-DefaultProfile ] [-WhatIf] [-Confirm] [] -``` - -+ ByInputObject -```powershell -Remove-AzPolicyRemediation -InputObject [-AllowStop] [-AsJob] [-PassThru] - [-DefaultProfile ] [-WhatIf] [-Confirm] [] -``` - -#### EXAMPLES - -+ Example 1: Delete a policy remediation at resource group scope -```powershell -Remove-AzPolicyRemediation -ResourceGroupName "myRG" -Name "remediation1" -``` - -This command deletes the remediation named 'remediation1' in resource group 'myRG'. - -+ Example 2: Delete a management group remediation via piping -```powershell -$remediation = Get-AzPolicyRemediation -ManagementGroupName "mg1" -Name "remediation1" -$remediation | Remove-AzPolicyRemediation -Confirm -``` - -This command deletes the remediation named 'remediation1' from management group 'mg1'. A confirmation prompt will be presented before deleting the resource. - -+ Example 3: Cancel and delete a policy remediation -```powershell -Remove-AzPolicyRemediation -ResourceGroupName "myRG" -Name "remediation1" -AllowStop -``` - -This command deletes the remediation named 'remediation1' in resource group 'myRG'. If the remediation is in-progress it will be canceled before being deleted. - - -#### Start-AzPolicyRemediation - -#### SYNOPSIS -Creates and starts a policy remediation for a policy assignment. - -#### SYNTAX - -+ ByName (Default) -```powershell -Start-AzPolicyRemediation -Name [-Scope ] [-ManagementGroupName ] - [-ResourceGroupName ] -PolicyAssignmentId [-PolicyDefinitionReferenceId ] - [-LocationFilter ] [-ResourceDiscoveryMode ] [-ResourceCount ] - [-ParallelDeploymentCount ] [-FailureThreshold ] [-AsJob] - [-DefaultProfile ] [-WhatIf] [-Confirm] [] -``` - -+ ByResourceId -```powershell -Start-AzPolicyRemediation -ResourceId -PolicyAssignmentId - [-PolicyDefinitionReferenceId ] [-LocationFilter ] [-ResourceDiscoveryMode ] - [-ResourceCount ] [-ParallelDeploymentCount ] [-FailureThreshold ] [-AsJob] - [-DefaultProfile ] [-WhatIf] [-Confirm] [] -``` - -#### EXAMPLES - -+ Example 1: Start a remediation at subscription scope -```powershell -$policyAssignmentId = "/subscriptions/f0710c27-9663-4c05-19f8-1b4be01e86a5/providers/Microsoft.Authorization/policyAssignments/2deae24764b447c29af7c309" -Set-AzContext -Subscription "My Subscription" -Start-AzPolicyRemediation -PolicyAssignmentId $policyAssignmentId -Name "remediation1" -``` - -This command creates a new policy remediation in subscription 'My Subscription' for the given policy assignment. - -+ Example 2: Start a remediation at management group scope with optional filters -```powershell -$policyAssignmentId = "/providers/Microsoft.Management/managementGroups/mg1/providers/Microsoft.Authorization/policyAssignments/pa1" -Start-AzPolicyRemediation -ManagementGroupName "mg1" -PolicyAssignmentId $policyAssignmentId -Name "remediation1" -LocationFilter "westus","eastus" -``` - -This command creates a new policy remediation in management group 'mg1' for the given policy assignment. Only resources in the 'westus' or 'eastus' locations will be remediated. - -+ Example 3: Start a remediation at resource group scope for a policy set definition assignment -```powershell -$policyAssignmentId = "/subscriptions/f0710c27-9663-4c05-19f8-1b4be01e86a5/resourceGroups/myRG/providers/Microsoft.Authorization/policyAssignments/2deae24764b447c29af7c309" -Start-AzPolicyRemediation -ResourceGroupName "myRG" -PolicyAssignmentId $policyAssignmentId -PolicyDefinitionReferenceId "0349234412441" -Name "remediation1" -``` - -This command creates a new policy remediation in resource group 'myRG' for the given policy assignment. The policy assignment assigns a policy set definition (also known as an initiative). The policy definition reference ID indicates which policy within the initiative should be remediated. - -+ Example 4: Start a remediation and wait for it to complete in the background -```powershell -$policyAssignmentId = "/subscriptions/f0710c27-9663-4c05-19f8-1b4be01e86a5/providers/Microsoft.Authorization/policyAssignments/2deae24764b447c29af7c309" -Set-AzContext -Subscription f0710c27-9663-4c05-19f8-1b4be01e86a5 -$job = Start-AzPolicyRemediation -PolicyAssignmentId $policyAssignmentId -Name "remediation1" -AsJob -$job | Wait-Job -$remediation = $job | Receive-Job -``` - -This command starts a new policy remediation in subscription 'My Subscription' for the given policy assignment. It will wait for the remediation to complete before returning the final remediation status. - -+ Example 5: Start a remediation that will discover non-compliant resources before remediating -```powershell -$policyAssignmentId = "/subscriptions/f0710c27-9663-4c05-19f8-1b4be01e86a5/providers/Microsoft.Authorization/policyAssignments/2deae24764b447c29af7c309" -Set-AzContext -Subscription "My Subscription" -Start-AzPolicyRemediation -PolicyAssignmentId $policyAssignmentId -Name "remediation1" -ResourceDiscoveryMode ReEvaluateCompliance -``` - -This command creates a new policy remediation in subscription 'My Subscription' for the given policy assignment. The compliance state of resources in the subscription will be re-evaluated against the policy assignment and non-compliant resources will be remediated. - -+ Example 6: Start a remediation that will remediate up to 10,000 non-compliant resources -```powershell -$policyAssignmentId = "/subscriptions/f0710c27-9663-4c05-19f8-1b4be01e86a5/providers/Microsoft.Authorization/policyAssignments/2deae24764b447c29af7c309" -Set-AzContext -Subscription "My Subscription" -Start-AzPolicyRemediation -PolicyAssignmentId $policyAssignmentId -Name "remediation1" -ResourceCount 10000 -``` - -+ Example 7: Start a remediation that will remediate 30 resources in parallel -```powershell -$policyAssignmentId = "/subscriptions/f0710c27-9663-4c05-19f8-1b4be01e86a5/providers/Microsoft.Authorization/policyAssignments/2deae24764b447c29af7c309" -Set-AzContext -Subscription "My Subscription" -Start-AzPolicyRemediation -PolicyAssignmentId $policyAssignmentId -Name "remediation1" -ParallelDeploymentCount 30 -``` - -+ Example 8: Start a remediation that will terminate if more than half of the remediation deployments fail -```powershell -$policyAssignmentId = "/subscriptions/f0710c27-9663-4c05-19f8-1b4be01e86a5/providers/Microsoft.Authorization/policyAssignments/2deae24764b447c29af7c309" -Set-AzContext -Subscription "My Subscription" -Start-AzPolicyRemediation -PolicyAssignmentId $policyAssignmentId -Name "remediation1" -FailureThreshold 0.5 -``` - - -#### Stop-AzPolicyRemediation - -#### SYNOPSIS -Cancels an in-progress policy remediation. - -#### SYNTAX - -+ ByName (Default) -```powershell -Stop-AzPolicyRemediation -Name [-Scope ] [-ManagementGroupName ] - [-ResourceGroupName ] [-AsJob] [-PassThru] [-DefaultProfile ] [-WhatIf] - [-Confirm] [] -``` - -+ ByResourceId -```powershell -Stop-AzPolicyRemediation -ResourceId [-AsJob] [-PassThru] [-DefaultProfile ] - [-WhatIf] [-Confirm] [] -``` - -+ ByInputObject -```powershell -Stop-AzPolicyRemediation -InputObject [-AsJob] [-PassThru] - [-DefaultProfile ] [-WhatIf] [-Confirm] [] -``` - -#### EXAMPLES - -+ Example 1: Cancel a policy remediation at resource group scope -```powershell -Stop-AzPolicyRemediation -ResourceGroupName "myRG" -Name "remediation1" -``` - -This command cancels the remediation named 'remediation1' in resource group 'myRG'. - -+ Example 2: Cancel a management group remediation via piping -```powershell -$remediation = Get-AzPolicyRemediation -ManagementGroupName "mg1" -Name "remediation1" -$remediation | Stop-AzPolicyRemediation -``` - -This command cancels the remediation named 'remediation1' in management group 'mg1'. - - -#### Get-AzPolicyState - -#### SYNOPSIS -Gets policy compliance states for resources. - -#### SYNTAX - -+ SubscriptionScope (Default) -```powershell -Get-AzPolicyState [-All] [-SubscriptionId ] [-Top ] [-OrderBy ] [-Select ] - [-From ] [-To ] [-Filter ] [-Apply ] - [-DefaultProfile ] [] -``` - -+ ManagementGroupScope -```powershell -Get-AzPolicyState [-All] -ManagementGroupName [-Top ] [-OrderBy ] [-Select ] - [-From ] [-To ] [-Filter ] [-Apply ] - [-DefaultProfile ] [] -``` - -+ ResourceGroupScope -```powershell -Get-AzPolicyState [-All] [-SubscriptionId ] -ResourceGroupName [-Top ] - [-OrderBy ] [-Select ] [-From ] [-To ] [-Filter ] - [-Apply ] [-DefaultProfile ] [] -``` - -+ ResourceScope -```powershell -Get-AzPolicyState [-All] -ResourceId [-Top ] [-OrderBy ] [-Select ] - [-From ] [-To ] [-Filter ] [-Apply ] [-Expand ] - [-DefaultProfile ] [] -``` - -+ PolicySetDefinitionScope -```powershell -Get-AzPolicyState [-All] [-SubscriptionId ] -PolicySetDefinitionName [-Top ] - [-OrderBy ] [-Select ] [-From ] [-To ] [-Filter ] - [-Apply ] [-DefaultProfile ] [] -``` - -+ PolicyDefinitionScope -```powershell -Get-AzPolicyState [-All] [-SubscriptionId ] -PolicyDefinitionName [-Top ] - [-OrderBy ] [-Select ] [-From ] [-To ] [-Filter ] - [-Apply ] [-DefaultProfile ] [] -``` - -+ SubscriptionLevelPolicyAssignmentScope -```powershell -Get-AzPolicyState [-All] [-SubscriptionId ] -PolicyAssignmentName [-Top ] - [-OrderBy ] [-Select ] [-From ] [-To ] [-Filter ] - [-Apply ] [-DefaultProfile ] [] -``` - -+ ResourceGroupLevelPolicyAssignmentScope -```powershell -Get-AzPolicyState [-All] [-SubscriptionId ] -ResourceGroupName -PolicyAssignmentName - [-Top ] [-OrderBy ] [-Select ] [-From ] [-To ] [-Filter ] - [-Apply ] [-DefaultProfile ] [] -``` - -#### EXAMPLES - -+ Example 1: Get latest policy states in current subscription scope -```powershell -Get-AzPolicyState -``` - -Gets latest policy state records generated in the last day for all resources within the subscription in current session context. - -+ Example 2: Get latest policy states in the specified subscription scope -```powershell -Get-AzPolicyState -SubscriptionId "fff10b27-fff3-fff5-fff8-fffbe01e86a5" -``` - -Gets latest policy state records generated in the last day for all resources within the specified subscription. - -+ Example 3: Get all policy states in current subscription scope -```powershell -Get-AzPolicyState -All -``` - -Gets all historical policy state records (including latest) generated in the last day for all resources within the subscription in current session context. - -+ Example 4: Get latest policy states in management group scope -```powershell -Get-AzPolicyState -ManagementGroupName "myManagementGroup" -``` - -Gets latest policy state records generated in the last day for all resources within the specified management group. - -+ Example 5: Get latest policy states in resource group scope in current subscription -```powershell -Get-AzPolicyState -ResourceGroupName "myResourceGroup" -``` - -Gets latest policy state records generated in the last day for all resources within the specified resource group (in the subscription in current session context). - -+ Example 6: Get latest policy states in resource group scope in the specified subscription -```powershell -Get-AzPolicyState -SubscriptionId "fff10b27-fff3-fff5-fff8-fffbe01e86a5" -ResourceGroupName "myResourceGroup" -``` - -Gets latest policy state records generated in the last day for all resources within the specified resource group (in the specified subscription). - -+ Example 7: Get latest policy states for a resource -```powershell -Get-AzPolicyState -ResourceId "/subscriptions/fff10b27-fff3-fff5-fff8-fffbe01e86a5/resourceGroups/myResourceGroup/providers/Microsoft.EventHub/namespaces/myns1/eventhubs/eh1/consumergroups/cg1" -``` - -Gets latest policy state records generated in the last day for the specified resource. - -+ Example 8: Get latest policy states for a policy set definition in current subscription -```powershell -Get-AzPolicyState -PolicySetDefinitionName "fff58873-fff8-fff5-fffc-fffbe7c9d697" -``` - -Gets latest policy state records generated in the last day for all resources (within the tenant in current session context) effected by the specified policy set definition (that exists in the subscription in current session context). - -+ Example 9: Get latest policy states for a policy set definition in the specified subscription -```powershell -Get-AzPolicyState -SubscriptionId "fff10b27-fff3-fff5-fff8-fffbe01e86a5" -PolicySetDefinitionName "fff58873-fff8-fff5-fffc-fffbe7c9d697" -``` - -Gets latest policy state records generated in the last day for all resources (within the tenant in current session context) effected by the specified policy set definition (that exists in the specified subscription). - -+ Example 10: Get latest policy states for a policy definition in current subscription -```powershell -Get-AzPolicyState -PolicyDefinitionName "fff58873-fff8-fff5-fffc-fffbe7c9d697" -``` - -Gets latest policy state records generated in the last day for all resources (within the tenant in current session context) effected by the specified policy definition (that exists in the subscription in current session context). - -+ Example 11: Get latest policy states for a policy definition in the specified subscription -```powershell -Get-AzPolicyState -SubscriptionId "fff10b27-fff3-fff5-fff8-fffbe01e86a5" -PolicyDefinitionName "fff58873-fff8-fff5-fffc-fffbe7c9d697" -``` - -Gets latest policy state records generated in the last day for all resources (within the tenant in current session context) effected by the specified policy definition (that exists in the specified subscription). - -+ Example 12: Get latest policy states for a policy assignment in current subscription -```powershell -Get-AzPolicyState -PolicyAssignmentName "ddd8ef92e3714a5ea3d208c1" -``` - -Gets latest policy state records generated in the last day for all resources (within the tenant in current session context) effected by the specified policy assignment (that exists at subscription scope in the subscription in current session context). - -+ Example 13: Get latest policy states for a policy assignment with the same scope as the specified subscription -```powershell -Get-AzPolicyState -SubscriptionId "fff10b27-fff3-fff5-fff8-fffbe01e86a5" -PolicyAssignmentName "ddd8ef92e3714a5ea3d208c1" -``` - -Gets latest policy state records generated in the last day for all resources (within the tenant in current session context) effected by the specified policy assignment (that exists at subscription scope in the specified subscription). - -+ Example 14: Get latest policy states for a policy assignment in the specified resource group in the current subscription -```powershell -Get-AzPolicyState -ResourceGroupName "myResourceGroup" -PolicyAssignmentName "ddd8ef92e3714a5ea3d208c1" -``` - -Gets latest policy state records generated in the last day for all resources (within the tenant in current session context) effected by the specified policy assignment (that exists in the resource group in the subscription in current session context). - -+ Example 15: Get latest policy states in current subscription scope, with OrderBy, Top and Select query options -```powershell -Get-AzPolicyState -OrderBy "Timestamp desc, PolicyAssignmentName asc" -Top 5 -Select "Timestamp, ResourceId, PolicyAssignmentId, PolicySetDefinitionId, PolicyDefinitionId, IsCompliant" -``` - -Gets latest policy state records generated in the last day for all resources within the subscription in current session context. -The command orders the results by timestamp and policy assignment name properties, and takes only top 5 of those listed in that order. -It also selects to list only a subset of the columns for each record. - -+ Example 16: Get latest policy states in current subscription scope, with From and To query options -```powershell -Get-AzPolicyState -From "2018-03-08 00:00:00Z" -To "2018-03-15 00:00:00Z" -``` - -Gets latest policy state records generated within the date range specified for all resources within the subscription in current session context. - -+ Example 17: Get latest policy states in current subscription scope, with Filter query option -```powershell -Get-AzPolicyState -Filter "(PolicyDefinitionAction eq 'deny' or PolicyDefinitionAction eq 'audit') and ComplianceState eq 'NonCompliant' and ResourceLocation ne 'eastus'" -``` - -Gets latest policy state records generated in the last day for all resources within the subscription in current session context. -The command limits the results returned by filtering based on policy definition action (includes deny or audit actions), compliance status (includes only non-compliant status) and resource location (excludes eastus location). - -+ Example 18: Get latest policy states in current subscription scope, with Apply specifying row count aggregation -```powershell -Get-AzPolicyState -Apply "aggregate(`$count as NumberOfRecords)" -``` - -Gets the number of latest policy state records generated in the last day for all resources within the subscription in current session context. -The command returns the count of the policy state records only, which is returned inside AdditionalProperties property. - -+ Example 19: Get latest policy states in current subscription scope, with Apply specifying grouping with aggregation -```powershell -Get-AzPolicyState -Filter "ComplianceState eq 'NonCompliant'" -Apply "groupby((PolicyAssignmentId, PolicySetDefinitionId, PolicyDefinitionReferenceId, PolicyDefinitionId), aggregate(`$count as NumStates))" -OrderBy "NumStates desc" -Top 5 -``` - -Gets latest policy state records generated in the last day for all resources within the subscription in current session context. -The command limits the results returned by filtering based on compliance status (includes only non-compliant status). -It groups the results based on policy assignment, policy set definition, and policy definition, and computes the number of records in each group, which is returned inside AdditionalProperties property. -It orders the results by the count aggregation in descending order, and takes only top 5 of those listed in that order. - -+ Example 20: Get latest policy states in current subscription scope, with Apply specifying grouping without aggregation -```powershell -Get-AzPolicyState -Filter "ComplianceState eq 'NonCompliant'" -Apply "groupby((ResourceId))" -``` - -Gets latest policy state records generated in the last day for all resources within the subscription in current session context. -The command limits the results returned by filtering based on compliance status (includes only non-compliant status). -It groups the results based on resource id. -This generates the list of all resources within the subscription that are non-compliant for at least one policy. - -+ Example 21: Get latest policy states in current subscription scope, with Apply specifying multiple groupings -```powershell -Get-AzPolicyState -Filter "ComplianceState eq 'NonCompliant'" -Apply "groupby((PolicyAssignmentId, PolicySetDefinitionId, PolicyDefinitionReferenceId, PolicyDefinitionId, ResourceId))/groupby((PolicyAssignmentId, PolicySetDefinitionId, PolicyDefinitionReferenceId, PolicyDefinitionId), aggregate(`$count as NumNonCompliantResources))" -OrderBy "NumNonCompliantResources desc" -Top 5 -``` - -Gets latest policy state records generated in the last day for all resources within the subscription in current session context. -The command limits the results returned by filtering based on compliance status (includes only non-compliant status). -It groups the results first based on policy assignment, policy set definition, policy definition, and resource id. -Then, it further groups the results of this grouping with the same properties except for resource id, and computes the number of records in each of these groups, which is returned inside AdditionalProperties property. -It orders the results by the count aggregation in descending order, and takes only top 5 of those listed in that order. -This generates the top 5 policies with the most number of non-compliant resources. - -+ Example 22: Get latest policy states including policy evaluation details for a resource -```powershell -Get-AzPolicyState -ResourceId "/subscriptions/fff10b27-fff3-fff5-fff8-fffbe01e86a5/resourceGroups/myResourceGroup/providers/Microsoft.EventHub/namespaces/myns1/eventhubs/eh1/consumergroups/cg1" -Expand "PolicyEvaluationDetails" -``` - -Gets latest policy state records generated in the last day for the specified resource and expand policyEvaluationDetails. - -+ Example 23: Get latest component policy states for a resource (eg. vault) given a resource provider mode policy assignment -```powershell -Get-AzPolicyState -ResourceId "/subscriptions/fff10b27-fff3-fff5-fff8-fffbe01e86a5/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myvault" -Filter "policyAssignmentId eq '/subscriptions/fff10b27-fff3-fff5-fff8-fffbe01e86a5/providers/Microsoft.Authorization/policyAssignments/ddd8ef92e3714a5ea3d208c1'" -Expand "Components(`$filter=ComplianceState eq 'NonCompliant' or ComplianceState eq 'Compliant')" -``` - -Gets latest component policy state records generated in the last day for the specified resource, given a resource provider mode policy assignment that references a resource provider mode policy definition. - -+ Example 24: Get latest component policy states for a resource (eg. vault) given a policy initiative assignment that contains a resource provider mode policy definition -```powershell -Get-AzPolicyState -ResourceId "/subscriptions/fff10b27-fff3-fff5-fff8-fffbe01e86a5/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myvault" -Filter "policyAssignmentId eq '/subscriptions/fff10b27-fff3-fff5-fff8-fffbe01e86a5/providers/Microsoft.Authorization/policyAssignments/ddd8ef92e3714a5ea3d208c1' and policyDefinitionReferenceId eq 'myResourceProviderModeDefinitionReferenceId'" -Expand "Components(`$filter=ComplianceState eq 'NonCompliant' or ComplianceState eq 'Compliant')" -``` - -Gets latest component policy state records generated in the last day for the specified resource, given a resource provider mode policy assignment that references an initiative containing a resource provider mode policy definition. - -+ Example 25: Get latest component counts by compliance state for a resource (eg. vault) given a resource provider mode policy assignment -```powershell -Get-AzPolicyState -ResourceId "/subscriptions/fff10b27-fff3-fff5-fff8-fffbe01e86a5/resourceGroups/myResourceGroup/providers/Microsoft.KeyVault/vaults/myvault" -Filter "policyAssignmentId eq '/subscriptions/fff10b27-fff3-fff5-fff8-fffbe01e86a5/providers/Microsoft.Authorization/policyAssignments/ddd8ef92e3714a5ea3d208c1'" -Expand "Components(`$filter=ComplianceState eq 'NonCompliant' or ComplianceState eq 'Compliant' or ComplianceState eq 'Conflict';`$apply=groupby((complianceState),aggregate(`$count as count)))" -``` - -Gets latest component counts generated in the last day grouped by compliance state for the specified resource, given a resource provider mode policy assignment. - -+ Example 26: Get policy states for a management group scope policy assignment -```powershell -Get-AzPolicyState -SubscriptionId "fff10b27-fff3-fff5-fff8-fffbe01e86a5" -Filter "policyAssignmentId eq '/providers/Microsoft.Management/managementGroups/myManagementGroup/providers/Microsoft.Authorization/policyAssignments/ddd8ef92e3714a5ea3d208c1'" -``` - -Gets latest policy state records generated in the last day for all resources (within the tenant in current session context) in the specified subscription affected by the specified policy assignment (which is assigned to a management group which is an ancestor of the specified subscription). - - -#### Get-AzPolicyStateSummary - -#### SYNOPSIS -Gets latest policy compliance states summary for resources. - -#### SYNTAX - -+ SubscriptionScope (Default) -```powershell -Get-AzPolicyStateSummary [-SubscriptionId ] [-Top ] [-From ] [-To ] - [-Filter ] [-DefaultProfile ] [] -``` - -+ ManagementGroupScope -```powershell -Get-AzPolicyStateSummary -ManagementGroupName [-Top ] [-From ] [-To ] - [-Filter ] [-DefaultProfile ] [] -``` - -+ ResourceGroupScope -```powershell -Get-AzPolicyStateSummary [-SubscriptionId ] -ResourceGroupName [-Top ] - [-From ] [-To ] [-Filter ] [-DefaultProfile ] - [] -``` - -+ PolicySetDefinitionScope -```powershell -Get-AzPolicyStateSummary [-SubscriptionId ] -PolicySetDefinitionName [-Top ] - [-From ] [-To ] [-Filter ] [-DefaultProfile ] - [] -``` - -+ PolicyDefinitionScope -```powershell -Get-AzPolicyStateSummary [-SubscriptionId ] -PolicyDefinitionName [-Top ] - [-From ] [-To ] [-Filter ] [-DefaultProfile ] - [] -``` - -+ SubscriptionLevelPolicyAssignmentScope -```powershell -Get-AzPolicyStateSummary [-SubscriptionId ] -PolicyAssignmentName [-Top ] - [-From ] [-To ] [-Filter ] [-DefaultProfile ] - [] -``` - -+ ResourceGroupLevelPolicyAssignmentScope -```powershell -Get-AzPolicyStateSummary [-SubscriptionId ] -ResourceGroupName -PolicyAssignmentName - [-Top ] [-From ] [-To ] [-Filter ] - [-DefaultProfile ] [] -``` - -+ ResourceScope -```powershell -Get-AzPolicyStateSummary -ResourceId [-Top ] [-From ] [-To ] - [-Filter ] [-DefaultProfile ] [] -``` - -#### EXAMPLES - -+ Example 1: Get latest non-compliant policy states summary in current subscription scope -```powershell -Get-AzPolicyStateSummary -``` - -Gets the summary view of latest policy compliance states generated in the last day for all resources within the subscription in current session context. - -+ Example 2: Get latest non-compliant policy states summary in the specified subscription scope -```powershell -Get-AzPolicyStateSummary -SubscriptionId "fff10b27-fff3-fff5-fff8-fffbe01e86a5" -``` - -Gets the summary view of latest policy compliance states generated in the last day for all resources within the specified subscription. - -+ Example 3: Get latest non-compliant policy states summary in management group scope -```powershell -Get-AzPolicyStateSummary -ManagementGroupName "myManagementGroup" -``` - -Gets the summary view of latest policy compliance states generated in the last day for all resources within the specified management group. - -+ Example 4: Get latest non-compliant policy states summary in resource group scope in current subscription -```powershell -Get-AzPolicyStateSummary -ResourceGroupName "myResourceGroup" -``` - -Gets the summary view of latest policy compliance states generated in the last day for all resources within the specified resource group (in the subscription in current session context). - -+ Example 5: Get latest non-compliant policy states summary in resource group scope in the specified subscription -```powershell -Get-AzPolicyStateSummary -SubscriptionId "fff10b27-fff3-fff5-fff8-fffbe01e86a5" -ResourceGroupName "myResourceGroup" -``` - -Gets the summary view of latest policy compliance states generated in the last day for all resources within the specified resource group (in the specified subscription). - -+ Example 6: Get latest non-compliant policy states summary for a resource -```powershell -Get-AzPolicyStateSummary -ResourceId "/subscriptions/fff10b27-fff3-fff5-fff8-fffbe01e86a5/resourceGroups/myResourceGroup/providers/Microsoft.EventHub/namespaces/myns1/eventhubs/eh1/consumergroups/cg1" -``` - -Gets the summary view of latest policy compliance states generated in the last day for the specified resource. - -+ Example 7: Get latest non-compliant policy states summary for a policy set definition in current subscription -```powershell -Get-AzPolicyStateSummary -PolicySetDefinitionName "fff58873-fff8-fff5-fffc-fffbe7c9d697" -``` - -Gets the summary view of latest policy compliance states generated in the last day for all resources (within the tenant in current session context) effected by the specified policy set definition (that exists in the subscription in current session context). - -+ Example 8: Get latest non-compliant policy states summary for a policy set definition in the specified subscription -```powershell -Get-AzPolicyStateSummary -SubscriptionId "fff10b27-fff3-fff5-fff8-fffbe01e86a5" -PolicySetDefinitionName "fff58873-fff8-fff5-fffc-fffbe7c9d697" -``` - -Gets the summary view of latest policy compliance states generated in the last day for all resources (within the tenant in current session context) effected by the specified policy set definition (that exists in the specified subscription). - -+ Example 9: Get latest non-compliant policy states summary for a policy definition in current subscription -```powershell -Get-AzPolicyStateSummary -PolicyDefinitionName "fff58873-fff8-fff5-fffc-fffbe7c9d697" -``` - -Gets the summary view of latest policy compliance states generated in the last day for all resources (within the tenant in current session context) effected by the specified policy definition (that exists in the subscription in current session context). - -+ Example 10: Get latest non-compliant policy states summary for a policy definition in the specified subscription -```powershell -Get-AzPolicyStateSummary -SubscriptionId "fff10b27-fff3-fff5-fff8-fffbe01e86a5" -PolicyDefinitionName "fff58873-fff8-fff5-fffc-fffbe7c9d697" -``` - -Gets the summary view of latest policy compliance states generated in the last day for all resources (within the tenant in current session context) effected by the specified policy definition (that exists in the specified subscription). - -+ Example 11: Get latest non-compliant policy states summary for a policy assignment in current subscription -```powershell -Get-AzPolicyStateSummary -PolicyAssignmentName "ddd8ef92e3714a5ea3d208c1" -``` - -Gets the summary view of latest policy compliance states generated in the last day for all resources (within the tenant in current session context) effected by the specified policy assignment (that exists in the subscription in current session context). - -+ Example 12: Get latest non-compliant policy states summary for a policy assignment in the specified subscription -```powershell -Get-AzPolicyStateSummary -SubscriptionId "fff10b27-fff3-fff5-fff8-fffbe01e86a5" -PolicyAssignmentName "ddd8ef92e3714a5ea3d208c1" -``` - -Gets the summary view of latest policy compliance states generated in the last day for all resources (within the tenant in current session context) effected by the specified policy assignment (that exists in the specified subscription). - -+ Example 13: Get latest non-compliant policy states summary for a policy assignment in the specified resource group in the current subscription -```powershell -Get-AzPolicyStateSummary -ResourceGroupName "myResourceGroup" -PolicyAssignmentName "ddd8ef92e3714a5ea3d208c1" -``` - -Gets the summary view of latest policy compliance states generated in the last day for all resources (within the tenant in current session context) effected by the specified policy assignment (that exists in the resource group in the subscription in current session context). - -+ Example 14: Get latest non-compliant policy states summary in current subscription scope, with Top query option -```powershell -Get-AzPolicyStateSummary -Top 5 -``` - -Gets the summary view of latest policy compliance states generated in the last day for all resources within the subscription in current session context. -The command orders the policy assignment summaries in the results by non-compliant resource counts in descending order, and takes only top 5 of those policy assignment summaries. - -+ Example 15: Get latest non-compliant policy states summary in current subscription scope, with From and To query options -```powershell -Get-AzPolicyStateSummary -From "2018-03-08 00:00:00Z" -To "2018-03-15 00:00:00Z" -``` - -Gets the summary view of latest policy compliance states generated within the date range specified for all resources within the subscription in current session context. - -+ Example 16: Get latest non-compliant policy states summary in current subscription scope, with Filter query option -```powershell -Get-AzPolicyStateSummary -Filter "(PolicyDefinitionAction eq 'deny' or PolicyDefinitionAction eq 'audit') and ResourceLocation ne 'eastus'" -``` - -Gets the summary view of latest policy compliance states generated in the last day for all resources within the subscription in current session context. -The command limits the results returned by filtering based on policy definition action (includes deny or audit actions), and resource location (excludes eastus location). - - diff --git a/src/PolicyInsights/PolicyInsights/help/Get-AzPolicyAttestation.md b/src/PolicyInsights/PolicyInsights/help/Get-AzPolicyAttestation.md index 7690dcf100c6..93a6591c02e5 100644 --- a/src/PolicyInsights/PolicyInsights/help/Get-AzPolicyAttestation.md +++ b/src/PolicyInsights/PolicyInsights/help/Get-AzPolicyAttestation.md @@ -48,26 +48,142 @@ The **Get-AzPolicyAttestation** cmdlet gets all policy attestations in a scope o ### Example 1: Get all policy attestations in the current subscription ```powershell -Set-AzContext -Subscription "MySubscription" +Set-AzContext -Subscription "d1acb22b-c876-44f7-b08e-3fcf9f6767f4" Get-AzPolicyAttestation ``` -This command gets all the attestations created at or underneath a subscription named "My Subscription". +```output +Id : /subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/providers/microsoft.policyinsights/attestations/ + attestation-subscription +Name : attestation-subscription +Type : Microsoft.PolicyInsights/attestations +PolicyAssignmentId : /subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/providers/microsoft.authorization/policyassignme + nts/psattestationsubassignment +PolicyDefinitionReferenceId : +ComplianceState : NonCompliant +ExpiresOn : +Owner : +Comment : Setting the state to non compliant +Evidence : +ProvisioningState : Succeeded +LastComplianceStateChangeAt : 1/27/2023 4:00:04 PM +AssessmentDate : +Metadata : +SystemData : + +Id : /subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/resourcegroups/ps-attestation-test-rg/providers/ + microsoft.policyinsights/attestations/attestation-rg +Name : attestation-rg +Type : Microsoft.PolicyInsights/attestations +PolicyAssignmentId : /subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/providers/microsoft.authorization/policyassignme + nts/psattestationrgassignment +PolicyDefinitionReferenceId : +ComplianceState : +ExpiresOn : 1/27/2024 4:04:24 PM +Owner : +Comment : +Evidence : +ProvisioningState : Succeeded +LastComplianceStateChangeAt : 1/27/2023 4:04:11 PM +AssessmentDate : +Metadata : +SystemData : + +Id : /subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/resourcegroups/ps-attestation-test-rg/providers/ + microsoft.network/networksecuritygroups/pstests0/providers/microsoft.policyinsights/attestations/att + estation-resource +Name : attestation-resource +Type : Microsoft.PolicyInsights/attestations +PolicyAssignmentId : /subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/providers/microsoft.authorization/policyassignme + nts/psattestationresourceassignment +PolicyDefinitionReferenceId : +ComplianceState : NonCompliant +ExpiresOn : +Owner : Test Owner 2 +Comment : +Evidence : +ProvisioningState : Succeeded +LastComplianceStateChangeAt : 1/27/2023 2:38:17 AM +AssessmentDate : +Metadata : +SystemData : + +Id : /subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/resourcegroups/ps-attestation-test-rg/providers/ + microsoft.policyinsights/attestations/attestationrgallprops +Name : attestationRGAllProps +Type : Microsoft.PolicyInsights/attestations +PolicyAssignmentId : /subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/providers/microsoft.authorization/policyassignme + nts/psattestationinitiativergassignment +PolicyDefinitionReferenceId : pstestattestationrg_1 +ComplianceState : +ExpiresOn : 1/27/2024 2:51:54 AM +Owner : Test Owner +Comment : +Evidence : {Microsoft.Azure.Commands.PolicyInsights.Models.Attestations.PSAttestationEvidence} +ProvisioningState : Succeeded +LastComplianceStateChangeAt : 1/27/2023 2:51:57 AM +AssessmentDate : 1/25/2024 2:51:54 AM +Metadata : Microsoft.Azure.Commands.PolicyInsights.Models.Attestations.PSAttestationMetadata +SystemData : +``` + +This command gets all the attestations created at or underneath a subscription with id d1acb22b-c876-44f7-b08e-3fcf9f6767f4. ### Example 2: Get a specific policy attestation ```powershell -Get-AzPolicyAttestation -ResourceGroupName "myResourceGroup" -Name "attestation1" +Get-AzPolicyAttestation -ResourceGroupName "ps-attestation-test-rg" -Name "attestation-RG" +``` + +```output +Id : /subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/resourcegroups/ps-attestation-test-rg/providers/ + microsoft.policyinsights/attestations/attestation-rg +Name : attestation-rg +Type : Microsoft.PolicyInsights/attestations +PolicyAssignmentId : /subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/providers/microsoft.authorization/policyassignme + nts/psattestationrgassignment +PolicyDefinitionReferenceId : +ComplianceState : +ExpiresOn : 1/27/2024 4:04:24 PM +Owner : +Comment : +Evidence : +ProvisioningState : Succeeded +LastComplianceStateChangeAt : 1/27/2023 4:04:11 PM +AssessmentDate : +Metadata : +SystemData : ``` -This command gets the attestation named 'attestation1' at the resource group 'myResourceGroup'. +This command gets the attestation named 'attestation-RG' at the resource group 'ps-attestation-test-rg'. ### Example 3: Get 5 policy attestations in a subscription with optional filters ```powershell -Set-AzContext -Subscription "MySubscription" -Get-AzPolicyAttestation -Top 5 -Filter "PolicyAssignmentId eq '/subscriptions/49c37404-cef8-46b2-ba72-fa8419c82ed5/providers/Microsoft.Authorization/policyAssignments/0774f87b3af94c1399d3ee52" +Set-AzContext -Subscription "d1acb22b-c876-44f7-b08e-3fcf9f6767f4" +Get-AzPolicyAttestation -Top 5 -Filter "PolicyAssignmentId eq '/subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/providers/microsoft.authorization/policyassignments/psattestationresourceassignment'" +``` + +```output +Id : /subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/resourcegroups/ps-attestation-test-rg/providers/ + microsoft.network/networksecuritygroups/pstests0/providers/microsoft.policyinsights/attestations/att + estation-resource +Name : attestation-resource +Type : Microsoft.PolicyInsights/attestations +PolicyAssignmentId : /subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/providers/microsoft.authorization/policyassignme + nts/psattestationresourceassignment +PolicyDefinitionReferenceId : +ComplianceState : NonCompliant +ExpiresOn : +Owner : Test Owner 2 +Comment : +Evidence : +ProvisioningState : Succeeded +LastComplianceStateChangeAt : 1/27/2023 2:38:17 AM +AssessmentDate : +Metadata : +SystemData : ``` -This command gets a max of 5 policy attestations underneath the subscription named 'My Subscription'. Only policy attestations for the given policy assignment will be retrieved. +This command gets a max of 5 policy attestations underneath the subscription with id d1acb22b-c876-44f7-b08e-3fcf9f6767f4. Only policy attestations for the given policy assignment will be retrieved. ## PARAMETERS diff --git a/src/PolicyInsights/PolicyInsights/help/New-AzPolicyAttestation.md b/src/PolicyInsights/PolicyInsights/help/New-AzPolicyAttestation.md index 70445dd632ec..0da5e0ec73fb 100644 --- a/src/PolicyInsights/PolicyInsights/help/New-AzPolicyAttestation.md +++ b/src/PolicyInsights/PolicyInsights/help/New-AzPolicyAttestation.md @@ -17,15 +17,15 @@ Creates a new policy attestation for a policy assignment. New-AzPolicyAttestation -Name [-Scope ] [-ResourceGroupName ] -PolicyAssignmentId [-ComplianceState ] [-PolicyDefinitionReferenceId ] [-ExpiresOn ] [-Owner ] [-Comment ] [-Evidence ] - [-AssessmentDate ] [-Metadata ] [-DefaultProfile ] [-WhatIf] - [-Confirm] [] + [-AssessmentDate ] [-Metadata ] [-DefaultProfile ] + [-WhatIf] [-Confirm] [] ``` ### ByResourceId ``` New-AzPolicyAttestation -ResourceId -PolicyAssignmentId [-ComplianceState ] [-PolicyDefinitionReferenceId ] [-ExpiresOn ] [-Owner ] [-Comment ] - [-Evidence ] [-AssessmentDate ] [-Metadata ] + [-Evidence ] [-AssessmentDate ] [-Metadata ] [-DefaultProfile ] [-WhatIf] [-Confirm] [] ``` @@ -36,35 +36,74 @@ The **New-AzPolicyAttestation** cmdlet creates a policy attestation for a partic ### Example 1: Create an attestation at subscription scope ```powershell -Set-AzContext -Subscription "My Subscription" -$policyAssignmentId = "/subscriptions/49c37404-cef8-46b2-ba72-fa8419c82ed5/providers/Microsoft.Authorization/policyAssignments/0774f87b3af94c1399d3ee52" +Set-AzContext -Subscription "d1acb22b-c876-44f7-b08e-3fcf9f6767f4" +$policyAssignmentId = "/subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/providers/microsoft.authorization/policyassignments/psattestationsubassignment" $attestationName = "attestation-subscription" New-AzPolicyAttestation -PolicyAssignmentId $policyAssignmentId -Name $attestationName -ComplianceState "Compliant" ``` -This command creates a new policy attestation at subscription 'My Subscription' for the given policy assignment. +```output +Id : /subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/providers/microsoft.policyinsights + /attestations/attestation-subscription +Name : attestation-subscription +Type : Microsoft.PolicyInsights/attestations +PolicyAssignmentId : /subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/providers/microsoft.authorization/ + policyassignments/psattestationsubassignment +PolicyDefinitionReferenceId : +ComplianceState : Compliant +ExpiresOn : +Owner : +Comment : +Evidence : +ProvisioningState : Succeeded +LastComplianceStateChangeAt : 1/27/2023 2:26:24 AM +AssessmentDate : +Metadata : +SystemData : +``` + +This command creates a new policy attestation at subscription 'd1acb22b-c876-44f7-b08e-3fcf9f6767f4' for the given policy assignment. >**Note:** >This command creates an attestation for the subscription and not the resources underneath it. For ease of management, manual policies should be designed to target the scope which defines the boundary of resources whose compliance state needs to be attested. In this case, the manual policy should be targeting `Microsoft.Resources/subscriptions`. For more information, go to https://learn.microsoft.com/en-us/azure/governance/policy/concepts/attestation-structure to understand the best practices for creating attestations. ### Example 2: Create an attestation at resource group ```powershell -$policyAssignmentId = "/subscriptions/49c37404-cef8-46b2-ba72-fa8419c82ed5/providers/Microsoft.Authorization/policyAssignments/0774f87b3af94c1399d3ee52" +$policyAssignmentId = "/subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/providers/microsoft.authorization/policyassignments/psattestationrgassignment" $attestationName = "attestation-RG" -$rgName = "myRG" +$rgName = "ps-attestation-test-rg" New-AzPolicyAttestation -ResourceGroupName $RGName -PolicyAssignmentId $policyAssignmentId -Name $attestationName -ComplianceState "Compliant" ``` -This command creates a new policy attestation at the resource group 'myRG' for the given policy assignment. +```output +Id : /subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/resourcegroups/ps-attestation-test + -rg/providers/microsoft.policyinsights/attestations/attestation-rg +Name : attestation-RG +Type : Microsoft.PolicyInsights/attestations +PolicyAssignmentId : /subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/providers/microsoft.authorization/ + policyassignments/psattestationrgassignment +PolicyDefinitionReferenceId : +ComplianceState : Compliant +ExpiresOn : +Owner : +Comment : +Evidence : +ProvisioningState : Succeeded +LastComplianceStateChangeAt : 1/27/2023 2:35:28 AM +AssessmentDate : +Metadata : +SystemData : +``` +This command creates a new policy attestation at the resource group 'ps-attestation-test-rg' for the given policy assignment. >**Note:** >This command creates an attestation for the resource group and not the resources underneath it. For ease of management, manual policies should be designed to target the scope which defines the boundary of resources whose compliance state needs to be attested. In this case, the manual policy should be targeting `Microsoft.Resources/subscriptions/resourceGroups`. For more information, go to https://learn.microsoft.com/en-us/azure/governance/policy/concepts/attestation-structure to understand the best practices for creating attestations. ### Example 3: Create an attestation at resource ```powershell -$policyAssignmentId = "/subscriptions/49c37404-cef8-46b2-ba72-fa8419c82ed5/providers/Microsoft.Authorization/policyAssignments/0774f87b3af94c1399d3ee52" +$policyAssignmentId = "/subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/providers/microsoft.authorization/policyassignments/psattestationresourceassignment" $attestationName = "attestation-resource" -$scope = "/subscriptions/49c37404-cef8-46b2-ba72-fa8419c82ed5/resourceGroups/myRG/providers/Microsoft.Network/virtualNetworks/Test-VN" +$scope = "/subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/resourceGroups/ps-attestation-test-rg/providers/Microsoft.Network/networkSecurityGroups/pstests0" New-AzPolicyAttestation ` -PolicyAssignmentId $policyAssignmentId ` -Name $attestationName ` @@ -72,23 +111,47 @@ New-AzPolicyAttestation ` -ComplianceState "NonCompliant" ``` -This command creates an attestation for the resource 'Test-VN' for the given policy assignment. +```output +Id : /subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/resourcegroups/ps-attestation-test + -rg/providers/microsoft.network/networksecuritygroups/pstests0/providers/microsoft.pol + icyinsights/attestations/attestation-resource +Name : attestation-resource +Type : Microsoft.PolicyInsights/attestations +PolicyAssignmentId : /subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/providers/microsoft.authorization/ + policyassignments/psattestationresourceassignment +PolicyDefinitionReferenceId : +ComplianceState : NonCompliant +ExpiresOn : +Owner : +Comment : +Evidence : +ProvisioningState : Succeeded +LastComplianceStateChangeAt : 1/27/2023 2:38:17 AM +AssessmentDate : +Metadata : +SystemData : +``` + +This command creates an attestation for the resource 'pstests0' for the given policy assignment. ### Example 4: Create an attestation with all properties at resource group -``` -$attestationName = "attestationRG" -$policyInitiativeAssignmentId = "/subscriptions/49c37404-cef8-46b2-ba72-fa8419c82ed5/resourceGroups/myRG/providers/Microsoft.Authorization/policyAssignments/74067f0991764e9882a046e0" -$policyDefinitionReferenceId = "PS: Manual Policy (RG)_1" +```powershell +$attestationName = "attestationRGAllProps" +$policyInitiativeAssignmentId = "/subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/providers/microsoft.authorization/policyassignments/psattestationinitiativergassignment" +$policyDefinitionReferenceId = "PSTestAttestationRG_1" +$RGName = "ps-attestation-test-rg" $description = "This is a test description" $sourceURI = "https://contoso.org/test.pdf" -$owner = "Test Owner" $evidence = @{ - "Description"=$description + "Description"=$description "SourceUri"=$sourceURI } $policyEvidence = @($evidence) +$owner = "Test Owner" +$expiresOn = [datetime]::UtcNow.AddYears(1) $metadata = '{"TestKey":"TestValue"}' + New-AzPolicyAttestation ` -Name $attestationName ` -ResourceGroupName $RGName ` @@ -103,6 +166,26 @@ New-AzPolicyAttestation ` -Metadata $metadata ``` +```output +Id : /subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/resourcegroups/ps-attestation-test + -rg/providers/microsoft.policyinsights/attestations/attestationrgallprops +Name : attestationRGAllProps +Type : Microsoft.PolicyInsights/attestations +PolicyAssignmentId : /subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/providers/microsoft.authorization/ + policyassignments/psattestationinitiativergassignment +PolicyDefinitionReferenceId : pstestattestationrg_1 +ComplianceState : +ExpiresOn : 1/27/2024 2:51:54 AM +Owner : Test Owner +Comment : +Evidence : {Microsoft.Azure.Commands.PolicyInsights.Models.Attestations.PSAttestationEvidence} +ProvisioningState : Succeeded +LastComplianceStateChangeAt : 1/27/2023 2:51:57 AM +AssessmentDate : 1/25/2024 2:51:54 AM +Metadata : Microsoft.Azure.Commands.PolicyInsights.Models.Attestations.PSAttestationMetadata +SystemData : + +``` ## PARAMETERS ### -AssessmentDate @@ -201,7 +284,7 @@ Accept wildcard characters: False Additional metadata for the attestation. ```yaml -Type: System.Object +Type: Microsoft.Azure.Commands.PolicyInsights.Models.Attestations.PSAttestationMetadata Parameter Sets: (All) Aliases: diff --git a/src/PolicyInsights/PolicyInsights/help/Remove-AzPolicyAttestation.md b/src/PolicyInsights/PolicyInsights/help/Remove-AzPolicyAttestation.md index 7b8e92aecaf6..711a0c9c6486 100644 --- a/src/PolicyInsights/PolicyInsights/help/Remove-AzPolicyAttestation.md +++ b/src/PolicyInsights/PolicyInsights/help/Remove-AzPolicyAttestation.md @@ -37,29 +37,31 @@ The **Remove-AzPolicyAttestation** cmdlet deletes a policy attestation. ### Example 1: Delete a policy remediation by name at subscription scope. ```powershell -Set-AzContext -Subscription "My Subscription" -Remove-AzPolicyAttestation -Name "attestation1" +Set-AzContext -Subscription "d1acb22b-c876-44f7-b08e-3fcf9f6767f4" +Remove-AzPolicyAttestation -Name "attestation-subscription" -PassThru ``` -This command deletes the attestation named 'attestation1' in subscription "My Subscription" +```output +True +``` +This command deletes the attestation named 'attestation-subscription' in subscription "d1acb22b-c876-44f7-b08e-3fcf9f6767f4". The `-PassThru` switch forces the cmdlet to return the status of the operation. ### Example 2: Delete a policy remediation via piping at resource group. ```powershell -$rgName = "myRG" - -Get-AzPolicyAttestation -Name "attestation2" -ResourceGroupName $rgName | Remove-AzPolicyAttestation +$rgName = "ps-attestation-test-rg" +Get-AzPolicyAttestation -Name "attestation-RG" -ResourceGroupName $rgName | Remove-AzPolicyAttestation ``` -This command deletes the attestation named 'attestation2' at resource group 'myRG' using input object given by the **Get-AzPolicyAttestation** cmdlet. +This command deletes the attestation named 'attestation-RG' at resource group 'ps-attestation-test-rg' using input object given by the **Get-AzPolicyAttestation** cmdlet. ### Example 3: Delete a policy remediation using ResourceId. ```powershell -$scope = "/subscriptions/49c37404-cef8-46b2-ba72-fa8419c82ed5/resourceGroups/myRG/providers/Microsoft.Network/virtualNetworks/Test-VN" -$attestationToDelete = Get-AzPolicyAttestation -Name "attestation3" -Scope $scope +$scope = "/subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/resourceGroups/ps-attestation-test-rg/providers/Microsoft.Network/networkSecurityGroups/pstests0" +$attestationToDelete = Get-AzPolicyAttestation -Name "attestation-resource" -Scope $scope Remove-AzPolicyAttestation -Id $attestationToDelete.Id ``` -The first command gets an attestation named 'attestation3' with a resource id supplied as scope. +The first command gets an attestation named 'attestation-resource' with a resource id supplied as scope. The second command then deletes the attestation using the resource id of the stored attestation. ## PARAMETERS diff --git a/src/PolicyInsights/PolicyInsights/help/Set-AzPolicyAttestation.md b/src/PolicyInsights/PolicyInsights/help/Set-AzPolicyAttestation.md index 12ef34d78899..cc8de85d4aba 100644 --- a/src/PolicyInsights/PolicyInsights/help/Set-AzPolicyAttestation.md +++ b/src/PolicyInsights/PolicyInsights/help/Set-AzPolicyAttestation.md @@ -17,15 +17,15 @@ Modifies a policy attestation. Set-AzPolicyAttestation -Name [-Scope ] [-ResourceGroupName ] [-PolicyAssignmentId ] [-ComplianceState ] [-PolicyDefinitionReferenceId ] [-ExpiresOn ] [-Owner ] [-Comment ] [-Evidence ] - [-AssessmentDate ] [-Metadata ] [-DefaultProfile ] [-WhatIf] - [-Confirm] [] + [-AssessmentDate ] [-Metadata ] [-DefaultProfile ] + [-WhatIf] [-Confirm] [] ``` ### ByResourceId ``` Set-AzPolicyAttestation -ResourceId [-PolicyAssignmentId ] [-ComplianceState ] [-PolicyDefinitionReferenceId ] [-ExpiresOn ] [-Owner ] [-Comment ] - [-Evidence ] [-AssessmentDate ] [-Metadata ] + [-Evidence ] [-AssessmentDate ] [-Metadata ] [-DefaultProfile ] [-WhatIf] [-Confirm] [] ``` @@ -33,7 +33,7 @@ Set-AzPolicyAttestation -ResourceId [-PolicyAssignmentId ] [-Co ``` Set-AzPolicyAttestation -InputObject [-PolicyAssignmentId ] [-ComplianceState ] [-PolicyDefinitionReferenceId ] [-ExpiresOn ] [-Owner ] [-Comment ] - [-Evidence ] [-AssessmentDate ] [-Metadata ] + [-Evidence ] [-AssessmentDate ] [-Metadata ] [-DefaultProfile ] [-WhatIf] [-Confirm] [] ``` @@ -47,37 +47,77 @@ The **Set-AzPolicyAttestation** cmdlet modifies a policy attestation. Specify an ### Example 1: Update an attestation by name ```powershell -Set-AzContext -Subscription "My Subscription" -# Update the existing attestation by resource name at subscription scope (default) +Set-AzContext -Subscription "d1acb22b-c876-44f7-b08e-3fcf9f6767f4" +# Update the existing attestation by resource name at subscription scope (default) $comment = "Setting the state to non compliant" -$attestationName = "attestation1" - +$attestationName = "attestation-subscription" +$policyAssignmentId = "/subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/providers/Microsoft.Authorization/policyAssignments/PSAttestationSubAssignment" Set-AzPolicyAttestation -PolicyAssignmentId $policyAssignmentId -Name $attestationName -ComplianceState "NonCompliant" -Comment $comment ``` -The command here sets the compliance state and adds a comment to an existing attestation with name 'attestation1' in the subscription named 'My Subscription' +```output +Id : /subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/providers/microsoft.policyinsights/attestations/ + attestation-subscription +Name : attestation-subscription +Type : Microsoft.PolicyInsights/attestations +PolicyAssignmentId : /subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/providers/microsoft.authorization/policyassignme + nts/psattestationsubassignment +PolicyDefinitionReferenceId : +ComplianceState : NonCompliant +ExpiresOn : +Owner : +Comment : Setting the state to non compliant +Evidence : +ProvisioningState : Succeeded +LastComplianceStateChangeAt : 1/27/2023 4:00:04 PM +AssessmentDate : +Metadata : +SystemData : +``` + +The command here sets the compliance state and adds a comment to an existing attestation with name 'attestation-subscription' in the subscription with id 'd1acb22b-c876-44f7-b08e-3fcf9f6767f4' ### Example 2: Update an attestation by ResourceId ```powershell # Get an attestation -$rgName = "myRG" -$attestationName = "attestation2" +$rgName = "ps-attestation-test-rg" +$attestationName = "attestation-RG" $attestation = Get-AzPolicyAttestation -ResourceGroupName $rgName -Name $attestationName # Update the existing attestation by resource ID at RG $expiresOn = [System.DateTime]::UtcNow.AddYears(1) -$updatedAttestation = Set-AzPolicyAttestation -Id $attestation.Id -ExpiresOn $expiresOn +Set-AzPolicyAttestation -Id $attestation.Id -ExpiresOn $expiresOn ``` -The first command gets an existing attestation at the resource group 'myRG' with the name 'attestation2'. +```output +Id : /subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/resourcegroups/ps-attestation-test-rg/providers/ + microsoft.policyinsights/attestations/attestation-rg +Name : attestation-rg +Type : Microsoft.PolicyInsights/attestations +PolicyAssignmentId : /subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/providers/microsoft.authorization/policyassignme + nts/psattestationrgassignment +PolicyDefinitionReferenceId : +ComplianceState : +ExpiresOn : 1/27/2024 4:04:24 PM +Owner : +Comment : +Evidence : +ProvisioningState : Succeeded +LastComplianceStateChangeAt : 1/27/2023 4:04:11 PM +AssessmentDate : +Metadata : +SystemData : +``` + +The first command gets an existing attestation at the resource group 'ps-attestation-test-rg' with the name 'attestation-RG'. The final command updates the expiry time of the policy attestation by the **ResourceId** property of the existing attestation. ### Example 3: Update an attestation by input object ```powershell # Get an attestation -$attestationName = "attestation3" -$scope = "/subscriptions/49c37404-cef8-46b2-ba72-fa8419c82ed5/resourceGroups/myRG/providers/Microsoft.Network/virtualNetworks/Test-VN" +$attestationName = "attestation-resource" +$scope = "/subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/resourceGroups/ps-attestation-test-rg/providers/Microsoft.Network/networkSecurityGroups/pstests0" $attestation = Get-AzPolicyAttestation -Name $attestationName -Scope $scope # Update attestation by input object @@ -85,7 +125,28 @@ $newOwner = "Test Owner 2" $attestation | Set-AzPolicyAttestation -Owner $newOwner ``` -The first command gets an existing attestation with name 'attestation3' for the given resource using its resource id as the scope +```output +Id : /subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/resourcegroups/ps-attestation-test-rg/providers/ + microsoft.network/networksecuritygroups/pstests0/providers/microsoft.policyinsights/attestations/att + estation-resource +Name : attestation-resource +Type : Microsoft.PolicyInsights/attestations +PolicyAssignmentId : /subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/providers/microsoft.authorization/policyassignme + nts/psattestationresourceassignment +PolicyDefinitionReferenceId : +ComplianceState : NonCompliant +ExpiresOn : +Owner : Test Owner 2 +Comment : +Evidence : +ProvisioningState : Succeeded +LastComplianceStateChangeAt : 1/27/2023 2:38:17 AM +AssessmentDate : +Metadata : +SystemData : +``` + +The first command gets an existing attestation with name 'attestation-resource' for the given resource using its resource id as the scope The final command updates the owner of the policy attestation by using piping. @@ -202,7 +263,7 @@ Accept wildcard characters: False Additional metadata for the attestation. ```yaml -Type: System.Object +Type: Microsoft.Azure.Commands.PolicyInsights.Models.Attestations.PSAttestationMetadata Parameter Sets: (All) Aliases: From e2c33aef9a618ef9f0952455e1fb3cec051ca0aa Mon Sep 17 00:00:00 2001 From: Samarth Lakhotia Date: Fri, 27 Jan 2023 15:52:41 -0500 Subject: [PATCH 4/7] Subscription ID Changed --- src/PolicyInsights/PolicyInsights.Test/ScenarioTests/Common.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/PolicyInsights/PolicyInsights.Test/ScenarioTests/Common.ps1 b/src/PolicyInsights/PolicyInsights.Test/ScenarioTests/Common.ps1 index a589dd686715..f2d248593b9d 100644 --- a/src/PolicyInsights/PolicyInsights.Test/ScenarioTests/Common.ps1 +++ b/src/PolicyInsights/PolicyInsights.Test/ScenarioTests/Common.ps1 @@ -27,7 +27,7 @@ Gets test subscription ID. #> function Get-TestSubscriptionId { # Reminder: The subscription ID in the test context (created via PS command or by creating an env variable) should be the same as this subscription ID. - "0b40be06-04e8-4f70-abde-a502b2646fe8" # This is the Azure Governance Perf 21 subscription + "086aecf4-23d6-4dfd-99a8-a5c6299f0322" # This is the Azure Governance Perf 21 subscription } <# From e2fe54cdbd055e5471c88a3704bd8867e1d8aff2 Mon Sep 17 00:00:00 2001 From: Samarth Lakhotia Date: Sun, 29 Jan 2023 23:42:12 -0500 Subject: [PATCH 5/7] PR Comments 2 --- .../ScenarioTests/Common.ps1 | 2 +- .../GetAzureRmPolicyAttestation.cs | 3 +- .../NewAzureRmPolicyAttestation.cs | 9 +-- .../Attestations/RemoveAzureRmAttestation.cs | 3 +- .../SetAzureRmPolicyAttestation.cs | 11 ++-- .../Common/AttestationCmdletBase.cs | 65 ++++++++++++++++--- .../Common/ParameterHelpMessages.cs | 2 +- .../Models/Attestations/PSAttestation.cs | 5 +- .../Properties/Resources.Designer.cs | 45 +++++++++++++ .../PolicyInsights/Properties/Resources.resx | 15 +++++ .../help/Get-AzPolicyAttestation.md | 3 +- .../help/New-AzPolicyAttestation.md | 14 ++-- .../help/Remove-AzPolicyAttestation.md | 4 +- .../help/Set-AzPolicyAttestation.md | 13 ++-- 14 files changed, 156 insertions(+), 38 deletions(-) diff --git a/src/PolicyInsights/PolicyInsights.Test/ScenarioTests/Common.ps1 b/src/PolicyInsights/PolicyInsights.Test/ScenarioTests/Common.ps1 index f2d248593b9d..823e06f27fe5 100644 --- a/src/PolicyInsights/PolicyInsights.Test/ScenarioTests/Common.ps1 +++ b/src/PolicyInsights/PolicyInsights.Test/ScenarioTests/Common.ps1 @@ -660,7 +660,7 @@ function Validate-AttestationProperties { } if ($null -ne $expectedMetadata) { $expectedMetadataJson = [Newtonsoft.Json.Linq.JObject]::Parse($expectedMetadata) - Assert-AreEqual $expectedMetadataJson.ToString() $attestation.metadata.metadata.ToString() + Assert-AreEqual $expectedMetadataJson.ToString() $attestation.metadata.ToString() } if ($null -ne $expectedEvidence) { Validate-PolicyAttestationEvidence($attestation.Evidence, $expectedEvidence) diff --git a/src/PolicyInsights/PolicyInsights/Cmdlets/Attestations/GetAzureRmPolicyAttestation.cs b/src/PolicyInsights/PolicyInsights/Cmdlets/Attestations/GetAzureRmPolicyAttestation.cs index 313fe5b0c5e7..8ada1d62dc80 100644 --- a/src/PolicyInsights/PolicyInsights/Cmdlets/Attestations/GetAzureRmPolicyAttestation.cs +++ b/src/PolicyInsights/PolicyInsights/Cmdlets/Attestations/GetAzureRmPolicyAttestation.cs @@ -28,6 +28,7 @@ using Microsoft.Azure.Commands.PolicyInsights.Models; using System.Linq; using Microsoft.Azure.Commands.PolicyInsights.Models.Attestations; +using Microsoft.Azure.Commands.Common.Exceptions; namespace Microsoft.Azure.Commands.PolicyInsights.Cmdlets.Attestations { @@ -78,7 +79,7 @@ public override void Execute() if (!string.IsNullOrEmpty(this.Name) && new[] { this.Scope, this.ResourceGroupName }.Count(s => s != null) > 1) { - throw new PSArgumentException(Resources.Error_TooManyScopes); + throw new AzPSArgumentException(Resources.Error_TooManyScopes, nameof(Scope)); } // Determine the scope of the request and whether this is an individual GET or a list diff --git a/src/PolicyInsights/PolicyInsights/Cmdlets/Attestations/NewAzureRmPolicyAttestation.cs b/src/PolicyInsights/PolicyInsights/Cmdlets/Attestations/NewAzureRmPolicyAttestation.cs index ef4a2aab6762..edd95ee249ea 100644 --- a/src/PolicyInsights/PolicyInsights/Cmdlets/Attestations/NewAzureRmPolicyAttestation.cs +++ b/src/PolicyInsights/PolicyInsights/Cmdlets/Attestations/NewAzureRmPolicyAttestation.cs @@ -12,6 +12,7 @@ // limitations under the License. // ---------------------------------------------------------------------------------- +using Microsoft.Azure.Commands.Common.Exceptions; using Microsoft.Azure.Commands.PolicyInsights.Common; using Microsoft.Azure.Commands.PolicyInsights.Models; using Microsoft.Azure.Commands.PolicyInsights.Models.Attestations; @@ -79,13 +80,13 @@ public class NewAzureRmPolicyAttestation : AttestationCmdletBase public DateTime? AssessmentDate { get; set; } [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, HelpMessage = ParameterHelpMessages.AttestationMetadata)] - public PSAttestationMetadata Metadata { get; set; } + public string Metadata { get; set; } public override void Execute() { if (!string.IsNullOrEmpty(this.Name) && new[] { this.Scope, this.ResourceGroupName }.Count(s => s != null) > 1) { - throw new PSArgumentException(Resources.Error_TooManyScopes); + throw new AzPSArgumentException(Resources.Error_TooManyScopes, nameof(this.Scope)); } Attestation existingAttestation = null; var rootScope = this.GetRootScope(scope: this.Scope, resourceId: this.ResourceId, resourceGroupName: this.ResourceGroupName); @@ -101,7 +102,7 @@ public override void Execute() if (existingAttestation != null) { - throw new PSArgumentException(string.Format(CultureInfo.InvariantCulture, Resources.Error_AttestationAlreadyExists, attestationName, rootScope)); + throw new AzPSArgumentException(string.Format(CultureInfo.InvariantCulture, Resources.Error_AttestationAlreadyExists, attestationName, rootScope), attestationName); } var attestation = new Attestation( @@ -113,7 +114,7 @@ public override void Execute() evidence: Evidence?.Select(e => e.ToModel()).ToList(), comments: Comment, assessmentDate: AssessmentDate, - metadata: this.Metadata != null ? AttestationCmdletBase.ConvertToMetadataJObject(this.Metadata) : null + metadata: this.Metadata == null ? null : this.ConvertToMetadataJObject(this.Metadata) ); if (this.ShouldProcess(target: attestationName, action: String.Format(CultureInfo.InvariantCulture, Resources.CreatingAttestation, rootScope, attestationName))) diff --git a/src/PolicyInsights/PolicyInsights/Cmdlets/Attestations/RemoveAzureRmAttestation.cs b/src/PolicyInsights/PolicyInsights/Cmdlets/Attestations/RemoveAzureRmAttestation.cs index f2f095e70199..322577c88f3a 100644 --- a/src/PolicyInsights/PolicyInsights/Cmdlets/Attestations/RemoveAzureRmAttestation.cs +++ b/src/PolicyInsights/PolicyInsights/Cmdlets/Attestations/RemoveAzureRmAttestation.cs @@ -12,6 +12,7 @@ // limitations under the License. // ---------------------------------------------------------------------------------- +using Microsoft.Azure.Commands.Common.Exceptions; using Microsoft.Azure.Commands.PolicyInsights.Common; using Microsoft.Azure.Commands.PolicyInsights.Models.Attestations; using Microsoft.Azure.Commands.PolicyInsights.Models.Remediation; @@ -63,7 +64,7 @@ public override void Execute() { if (!string.IsNullOrEmpty(this.Name) && new[] { this.Scope, this.ResourceGroupName }.Count(s => s != null) > 1) { - throw new PSArgumentException(Resources.Error_TooManyScopes); + throw new AzPSArgumentException(Resources.Error_TooManyScopes, nameof(this.Scope)); } var rootScope = this.GetRootScope(scope: this.Scope, resourceId: this.ResourceId, resourceGroupName: this.ResourceGroupName, inputObject: this.InputObject); diff --git a/src/PolicyInsights/PolicyInsights/Cmdlets/Attestations/SetAzureRmPolicyAttestation.cs b/src/PolicyInsights/PolicyInsights/Cmdlets/Attestations/SetAzureRmPolicyAttestation.cs index 04501c902a96..742e46a4832f 100644 --- a/src/PolicyInsights/PolicyInsights/Cmdlets/Attestations/SetAzureRmPolicyAttestation.cs +++ b/src/PolicyInsights/PolicyInsights/Cmdlets/Attestations/SetAzureRmPolicyAttestation.cs @@ -13,6 +13,7 @@ // ---------------------------------------------------------------------------------- using Azure.Core; +using Microsoft.Azure.Commands.Common.Exceptions; using Microsoft.Azure.Commands.PolicyInsights.Common; using Microsoft.Azure.Commands.PolicyInsights.Models.Attestations; using Microsoft.Azure.Commands.PolicyInsights.Properties; @@ -84,13 +85,13 @@ public class SetAzureRmPolicyAttestation : AttestationCmdletBase public DateTime? AssessmentDate { get; set; } [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, HelpMessage = ParameterHelpMessages.AttestationMetadata)] - public PSAttestationMetadata Metadata { get; set; } + public string Metadata { get; set; } public override void Execute() { if (!string.IsNullOrEmpty(this.Name) && new[] { this.Scope, this.ResourceGroupName }.Count(s => s != null) > 1) { - throw new PSArgumentException(Resources.Error_TooManyScopes); + throw new AzPSArgumentException(Resources.Error_TooManyScopes, nameof(Scope)); } if (this.IsParameterBound(c => c.InputObject)) { @@ -106,7 +107,7 @@ public override void Execute() this.Comment = this.IsParameterBound(c => c.Comment) ? this.Comment : this.InputObject?.Comment; this.Evidence = this.IsParameterBound(c => c.Evidence) ? this.Evidence : this.InputObject?.Evidence; this.AssessmentDate = this.IsParameterBound(c => c.AssessmentDate) ? this.AssessmentDate : this.InputObject?.AssessmentDate; - this.Metadata = this.IsParameterBound(c => c.Metadata) ? this.Metadata : this.InputObject?.Metadata; + this.Metadata = this.IsParameterBound(c => c.Metadata) ? this.Metadata : this.InputObject?.Metadata?.ToString(); } if (this.IsParameterBound(c => c.ResourceId)) @@ -130,7 +131,7 @@ public override void Execute() if (existingAttestation == null) { - throw new PSArgumentException(string.Format(CultureInfo.InvariantCulture, Resources.Error_AttestationDoesNotExists, attestationName, rootScope)); + throw new AzPSArgumentException(string.Format(CultureInfo.InvariantCulture, Resources.Error_AttestationDoesNotExists, attestationName, rootScope), attestationName); } existingAttestation.PolicyAssignmentId = this.PolicyAssignmentId ?? existingAttestation.PolicyAssignmentId; @@ -141,7 +142,7 @@ public override void Execute() existingAttestation.Evidence = this.Evidence?.Select((e) => e.ToModel()).ToList(); existingAttestation.Owner = this.Owner; existingAttestation.AssessmentDate = this.AssessmentDate; - existingAttestation.Metadata = this.Metadata != null ? AttestationCmdletBase.ConvertToMetadataJObject(this.Metadata) : null; + existingAttestation.Metadata = this.Metadata == null ? null : this.ConvertToMetadataJObject(this.Metadata); if (this.ShouldProcess(target: attestationName, action: String.Format(CultureInfo.InvariantCulture, Resources.UpdatingAttestation, rootScope, attestationName))) { diff --git a/src/PolicyInsights/PolicyInsights/Common/AttestationCmdletBase.cs b/src/PolicyInsights/PolicyInsights/Common/AttestationCmdletBase.cs index 91e56843479f..b847bfd76d23 100644 --- a/src/PolicyInsights/PolicyInsights/Common/AttestationCmdletBase.cs +++ b/src/PolicyInsights/PolicyInsights/Common/AttestationCmdletBase.cs @@ -12,12 +12,16 @@ // limitations under the License. // ---------------------------------------------------------------------------------- +using Microsoft.Azure.Commands.Common.Authentication.Abstractions; +using Microsoft.Azure.Commands.Common.Exceptions; using Microsoft.Azure.Commands.PolicyInsights.Models.Attestations; using Microsoft.Azure.Commands.PolicyInsights.Properties; +using Microsoft.WindowsAzure.Commands.Utilities.Common; using Newtonsoft.Json.Linq; using System; using System.Collections.Generic; using System.Globalization; +using System.IO; using System.Management.Automation; using System.Text; @@ -45,7 +49,7 @@ protected string GetRootScope(string scope = null, string resourceId = null, str rootScope = ResourceIdHelper.GetRootScope(resourceId: resourceId, fullyQualifiedResourceType: AttestationCmdletBase.AttestationsFullyQualifiedResourceType); if (rootScope == null) { - throw new PSArgumentException(string.Format(CultureInfo.InvariantCulture, Resources.Error_InvalidResourceId, AttestationCmdletBase.AttestationsFullyQualifiedResourceType), paramName: "ResourceId"); + throw new AzPSArgumentException(string.Format(CultureInfo.InvariantCulture, Resources.Error_InvalidResourceId, AttestationCmdletBase.AttestationsFullyQualifiedResourceType), paramName: "ResourceId"); } } else if (!string.IsNullOrEmpty(scope)) @@ -88,7 +92,7 @@ protected string GetAttestationName(string name = null, string resourceId = null attestationName = ResourceIdHelper.GetResourceName(resourceId: resourceId); if (attestationName == null) { - throw new PSArgumentException(string.Format(CultureInfo.InvariantCulture, Resources.Error_InvalidResourceId, AttestationCmdletBase.AttestationsFullyQualifiedResourceType), paramName: "ResourceId"); + throw new AzPSArgumentException(string.Format(CultureInfo.InvariantCulture, Resources.Error_InvalidResourceId, AttestationCmdletBase.AttestationsFullyQualifiedResourceType), paramName: "ResourceId"); } } else if (inputObject != null) @@ -99,20 +103,63 @@ protected string GetAttestationName(string name = null, string resourceId = null return attestationName; } - protected static JObject ConvertToMetadataJObject(PSAttestationMetadata metadata) + protected JObject ConvertToMetadataJObject(string metadata) { - if (metadata != null) + Uri outUri = null; + JObject result; + if (Uri.TryCreate(metadata, UriKind.Absolute, out outUri)) { - try + if (outUri.Scheme == Uri.UriSchemeFile) { - return JObject.Parse(metadata.Metadata.ToString()); + string filePath = this.TryResolvePath(metadata); + if (File.Exists(filePath)) + { + result = JToken.Parse(FileUtilities.DataStore.ReadFileAsText(filePath)) as JObject; + } + else + { + throw new AzPSInvalidOperationException(string.Format(Resources.InvalidFilePath, metadata)); + } } - catch + else if (outUri.Scheme != Uri.UriSchemeHttp && outUri.Scheme != Uri.UriSchemeHttps) { - throw new PSArgumentException(string.Format(CultureInfo.InvariantCulture, Resources.Error_InvalidMetadata, metadata.ToString())); + throw new AzPSInvalidOperationException(Resources.InvalidUriScheme); + } + else if (!Uri.IsWellFormedUriString(outUri.AbsoluteUri, UriKind.Absolute)) + { + throw new AzPSInvalidOperationException(string.Format(Resources.InvalidUriString, metadata)); + } + else + { + string contents = GeneralUtilities.DownloadFile(outUri.AbsoluteUri); + if (string.IsNullOrEmpty(contents)) + { + throw new AzPSInvalidOperationException(string.Format(Resources.InvalidUriContent, metadata)); + } + + result = JToken.Parse(contents) as JObject; + } + } + else + { + //for non absolute file paths + string path = this.TryResolvePath(metadata); + + if (File.Exists(path)) + { + result = JToken.Parse(FileUtilities.DataStore.ReadFileAsText(path)) as JObject; + } + else + { + result = JToken.Parse(metadata) as JObject; + } + + if (result == null) + { + throw new AzPSArgumentException(string.Format(Resources.JsonObjectExpected, nameof(metadata)), nameof(metadata)); } } - return null; + return result; } } } diff --git a/src/PolicyInsights/PolicyInsights/Common/ParameterHelpMessages.cs b/src/PolicyInsights/PolicyInsights/Common/ParameterHelpMessages.cs index c5044d7cd672..d4950169966c 100644 --- a/src/PolicyInsights/PolicyInsights/Common/ParameterHelpMessages.cs +++ b/src/PolicyInsights/PolicyInsights/Common/ParameterHelpMessages.cs @@ -57,7 +57,7 @@ public static class ParameterHelpMessages public const string Comment = "Comments describing why this attestation was created."; public const string Evidence = "The evidence supporting the compliance state set in this attestation."; public const string AssessmentDate = "The time the evidence of an attestation was assessed."; - public const string AttestationMetadata = "Additional metadata for the attestation."; + public const string AttestationMetadata = "Additional metadata for the attestation. This can either be a path to a file containing the metadata JSON, or the metadata as a JSON string."; public const string AttestationObject = "The Attestation object."; } } diff --git a/src/PolicyInsights/PolicyInsights/Models/Attestations/PSAttestation.cs b/src/PolicyInsights/PolicyInsights/Models/Attestations/PSAttestation.cs index d7e2eaba156f..32fbd7ae846a 100644 --- a/src/PolicyInsights/PolicyInsights/Models/Attestations/PSAttestation.cs +++ b/src/PolicyInsights/PolicyInsights/Models/Attestations/PSAttestation.cs @@ -21,6 +21,7 @@ namespace Microsoft.Azure.Commands.PolicyInsights.Models.Attestations using Microsoft.Azure.Management.PolicyInsights.Models; using Microsoft.WindowsAzure.Commands.Utilities.Common; using Newtonsoft.Json; + using Newtonsoft.Json.Linq; /// /// @@ -110,7 +111,7 @@ public class PSAttestation{ /// /// Gets or sets additional metadata for this attestation /// - public PSAttestationMetadata Metadata { get; set; } + public string Metadata { get; set; } /// /// Gets azure Resource Manager metadata containing createdBy and @@ -138,7 +139,7 @@ public PSAttestation(Attestation attestation) this.ExpiresOn = attestation.ExpiresOn; this.Owner = attestation.Owner; this.Comment = attestation.Comments; - this.Metadata = attestation.Metadata != null? new PSAttestationMetadata(attestation.Metadata): null; + this.Metadata = attestation.Metadata != null? attestation.Metadata.ToString(): null; this.LastComplianceStateChangeAt = attestation.LastComplianceStateChangeAt; this.AssessmentDate = attestation.AssessmentDate; this.Evidence = attestation.Evidence?.Select(evidence => new PSAttestationEvidence(evidence)).ToArray(); diff --git a/src/PolicyInsights/PolicyInsights/Properties/Resources.Designer.cs b/src/PolicyInsights/PolicyInsights/Properties/Resources.Designer.cs index ed8e700be52a..741268f63cb4 100644 --- a/src/PolicyInsights/PolicyInsights/Properties/Resources.Designer.cs +++ b/src/PolicyInsights/PolicyInsights/Properties/Resources.Designer.cs @@ -159,6 +159,51 @@ internal static string Error_TooManyScopes { } } + /// + /// Looks up a localized string similar to The provided file {0} doesn't exist. + /// + internal static string InvalidFilePath { + get { + return ResourceManager.GetString("InvalidFilePath", resourceCulture); + } + } + + /// + /// Looks up a localized string similar to The uri {0} is inaccessible, or the content is invalid.. + /// + internal static string InvalidUriContent { + get { + return ResourceManager.GetString("InvalidUriContent", resourceCulture); + } + } + + /// + /// Looks up a localized string similar to Please make sure the uri starts with http:// or https://.. + /// + internal static string InvalidUriScheme { + get { + return ResourceManager.GetString("InvalidUriScheme", resourceCulture); + } + } + + /// + /// Looks up a localized string similar to The specified uri string {0} is invalid.. + /// + internal static string InvalidUriString { + get { + return ResourceManager.GetString("InvalidUriString", resourceCulture); + } + } + + /// + /// Looks up a localized string similar to The provided value for parameter '{0}' is not a valid JSON object. + /// + internal static string JsonObjectExpected { + get { + return ResourceManager.GetString("JsonObjectExpected", resourceCulture); + } + } + /// /// Looks up a localized string similar to Triggering a policy compliance scan at scope '{0}'.. /// diff --git a/src/PolicyInsights/PolicyInsights/Properties/Resources.resx b/src/PolicyInsights/PolicyInsights/Properties/Resources.resx index c4616288b492..d42438ecb753 100644 --- a/src/PolicyInsights/PolicyInsights/Properties/Resources.resx +++ b/src/PolicyInsights/PolicyInsights/Properties/Resources.resx @@ -159,4 +159,19 @@ Deleting attestation '{0}' from scope '{1}' + + The provided file {0} doesn't exist + + + The uri {0} is inaccessible, or the content is invalid. + + + Please make sure the uri starts with http:// or https://. + + + The specified uri string {0} is invalid. + + + The provided value for parameter '{0}' is not a valid JSON object + \ No newline at end of file diff --git a/src/PolicyInsights/PolicyInsights/help/Get-AzPolicyAttestation.md b/src/PolicyInsights/PolicyInsights/help/Get-AzPolicyAttestation.md index 93a6591c02e5..abf27f0495d7 100644 --- a/src/PolicyInsights/PolicyInsights/help/Get-AzPolicyAttestation.md +++ b/src/PolicyInsights/PolicyInsights/help/Get-AzPolicyAttestation.md @@ -1,7 +1,7 @@ --- external help file: Microsoft.Azure.PowerShell.Cmdlets.PolicyInsights.dll-Help.xml Module Name: Az.PolicyInsights -online version: +online version: https://learn.microsoft.com/powershell/module/az.policyinsights/get-azpolicyattestation schema: 2.0.0 --- @@ -333,3 +333,4 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## NOTES ## RELATED LINKS +[Attestation Overview](https://learn.microsoft.com/en-us/azure/governance/policy/concepts/attestation-structure) \ No newline at end of file diff --git a/src/PolicyInsights/PolicyInsights/help/New-AzPolicyAttestation.md b/src/PolicyInsights/PolicyInsights/help/New-AzPolicyAttestation.md index 0da5e0ec73fb..d82575088a75 100644 --- a/src/PolicyInsights/PolicyInsights/help/New-AzPolicyAttestation.md +++ b/src/PolicyInsights/PolicyInsights/help/New-AzPolicyAttestation.md @@ -1,7 +1,7 @@ --- external help file: Microsoft.Azure.PowerShell.Cmdlets.PolicyInsights.dll-Help.xml Module Name: Az.PolicyInsights -online version: +online version: https://learn.microsoft.com/powershell/module/az.policyinsights/new-azpolicyattestation schema: 2.0.0 --- @@ -17,15 +17,15 @@ Creates a new policy attestation for a policy assignment. New-AzPolicyAttestation -Name [-Scope ] [-ResourceGroupName ] -PolicyAssignmentId [-ComplianceState ] [-PolicyDefinitionReferenceId ] [-ExpiresOn ] [-Owner ] [-Comment ] [-Evidence ] - [-AssessmentDate ] [-Metadata ] [-DefaultProfile ] - [-WhatIf] [-Confirm] [] + [-AssessmentDate ] [-Metadata ] [-DefaultProfile ] [-WhatIf] + [-Confirm] [] ``` ### ByResourceId ``` New-AzPolicyAttestation -ResourceId -PolicyAssignmentId [-ComplianceState ] [-PolicyDefinitionReferenceId ] [-ExpiresOn ] [-Owner ] [-Comment ] - [-Evidence ] [-AssessmentDate ] [-Metadata ] + [-Evidence ] [-AssessmentDate ] [-Metadata ] [-DefaultProfile ] [-WhatIf] [-Confirm] [] ``` @@ -94,6 +94,7 @@ AssessmentDate : Metadata : SystemData : ``` + This command creates a new policy attestation at the resource group 'ps-attestation-test-rg' for the given policy assignment. >**Note:** @@ -184,8 +185,8 @@ LastComplianceStateChangeAt : 1/27/2023 2:51:57 AM AssessmentDate : 1/25/2024 2:51:54 AM Metadata : Microsoft.Azure.Commands.PolicyInsights.Models.Attestations.PSAttestationMetadata SystemData : - ``` + ## PARAMETERS ### -AssessmentDate @@ -284,7 +285,7 @@ Accept wildcard characters: False Additional metadata for the attestation. ```yaml -Type: Microsoft.Azure.Commands.PolicyInsights.Models.Attestations.PSAttestationMetadata +Type: System.String Parameter Sets: (All) Aliases: @@ -457,3 +458,4 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## NOTES ## RELATED LINKS +[Attestation Overview](https://learn.microsoft.com/en-us/azure/governance/policy/concepts/attestation-structure) \ No newline at end of file diff --git a/src/PolicyInsights/PolicyInsights/help/Remove-AzPolicyAttestation.md b/src/PolicyInsights/PolicyInsights/help/Remove-AzPolicyAttestation.md index 711a0c9c6486..e5156a40bb85 100644 --- a/src/PolicyInsights/PolicyInsights/help/Remove-AzPolicyAttestation.md +++ b/src/PolicyInsights/PolicyInsights/help/Remove-AzPolicyAttestation.md @@ -1,7 +1,7 @@ --- external help file: Microsoft.Azure.PowerShell.Cmdlets.PolicyInsights.dll-Help.xml Module Name: Az.PolicyInsights -online version: +online version: https://learn.microsoft.com/powershell/module/az.policyinsights/remove-policyattestation schema: 2.0.0 --- @@ -44,6 +44,7 @@ Remove-AzPolicyAttestation -Name "attestation-subscription" -PassThru ```output True ``` + This command deletes the attestation named 'attestation-subscription' in subscription "d1acb22b-c876-44f7-b08e-3fcf9f6767f4". The `-PassThru` switch forces the cmdlet to return the status of the operation. ### Example 2: Delete a policy remediation via piping at resource group. @@ -220,3 +221,4 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## NOTES ## RELATED LINKS +[Attestation Overview](https://learn.microsoft.com/en-us/azure/governance/policy/concepts/attestation-structure) \ No newline at end of file diff --git a/src/PolicyInsights/PolicyInsights/help/Set-AzPolicyAttestation.md b/src/PolicyInsights/PolicyInsights/help/Set-AzPolicyAttestation.md index cc8de85d4aba..97b0a8a6444b 100644 --- a/src/PolicyInsights/PolicyInsights/help/Set-AzPolicyAttestation.md +++ b/src/PolicyInsights/PolicyInsights/help/Set-AzPolicyAttestation.md @@ -1,7 +1,7 @@ --- external help file: Microsoft.Azure.PowerShell.Cmdlets.PolicyInsights.dll-Help.xml Module Name: Az.PolicyInsights -online version: +online version: https://learn.microsoft.com/powershell/module/az.policyinsights/set-azpolicyattestation schema: 2.0.0 --- @@ -17,15 +17,15 @@ Modifies a policy attestation. Set-AzPolicyAttestation -Name [-Scope ] [-ResourceGroupName ] [-PolicyAssignmentId ] [-ComplianceState ] [-PolicyDefinitionReferenceId ] [-ExpiresOn ] [-Owner ] [-Comment ] [-Evidence ] - [-AssessmentDate ] [-Metadata ] [-DefaultProfile ] - [-WhatIf] [-Confirm] [] + [-AssessmentDate ] [-Metadata ] [-DefaultProfile ] [-WhatIf] + [-Confirm] [] ``` ### ByResourceId ``` Set-AzPolicyAttestation -ResourceId [-PolicyAssignmentId ] [-ComplianceState ] [-PolicyDefinitionReferenceId ] [-ExpiresOn ] [-Owner ] [-Comment ] - [-Evidence ] [-AssessmentDate ] [-Metadata ] + [-Evidence ] [-AssessmentDate ] [-Metadata ] [-DefaultProfile ] [-WhatIf] [-Confirm] [] ``` @@ -33,7 +33,7 @@ Set-AzPolicyAttestation -ResourceId [-PolicyAssignmentId ] [-Co ``` Set-AzPolicyAttestation -InputObject [-PolicyAssignmentId ] [-ComplianceState ] [-PolicyDefinitionReferenceId ] [-ExpiresOn ] [-Owner ] [-Comment ] - [-Evidence ] [-AssessmentDate ] [-Metadata ] + [-Evidence ] [-AssessmentDate ] [-Metadata ] [-DefaultProfile ] [-WhatIf] [-Confirm] [] ``` @@ -263,7 +263,7 @@ Accept wildcard characters: False Additional metadata for the attestation. ```yaml -Type: Microsoft.Azure.Commands.PolicyInsights.Models.Attestations.PSAttestationMetadata +Type: System.String Parameter Sets: (All) Aliases: @@ -438,3 +438,4 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## NOTES ## RELATED LINKS +[Attestation Overview](https://learn.microsoft.com/en-us/azure/governance/policy/concepts/attestation-structure) \ No newline at end of file From 1522f7dfa005c4232ca5ceb6335f3c91fd716e45 Mon Sep 17 00:00:00 2001 From: Samarth Lakhotia Date: Tue, 31 Jan 2023 11:36:17 -0500 Subject: [PATCH 6/7] Metadata Tests --- .../EnvSetup/AttestationMetadata.json | 1 + .../ScenarioTests/AttestationTests.ps1 | 17 +++++++++-------- 2 files changed, 10 insertions(+), 8 deletions(-) create mode 100644 src/PolicyInsights/PolicyInsights.Test/EnvSetup/AttestationMetadata.json diff --git a/src/PolicyInsights/PolicyInsights.Test/EnvSetup/AttestationMetadata.json b/src/PolicyInsights/PolicyInsights.Test/EnvSetup/AttestationMetadata.json new file mode 100644 index 000000000000..127504d6ba21 --- /dev/null +++ b/src/PolicyInsights/PolicyInsights.Test/EnvSetup/AttestationMetadata.json @@ -0,0 +1 @@ +{"TestKey": "TestValue"} \ No newline at end of file diff --git a/src/PolicyInsights/PolicyInsights.Test/ScenarioTests/AttestationTests.ps1 b/src/PolicyInsights/PolicyInsights.Test/ScenarioTests/AttestationTests.ps1 index 43bfaca58bff..9f8cb3e0b5d2 100644 --- a/src/PolicyInsights/PolicyInsights.Test/ScenarioTests/AttestationTests.ps1 +++ b/src/PolicyInsights/PolicyInsights.Test/ScenarioTests/AttestationTests.ps1 @@ -327,11 +327,10 @@ function Attestation-ResourceGroupScope-Crud { "SourceUri" = $sourceURI } $policyEvidence = @($evidence) + $fileContent = '{"TestKey": "TestValue"}' - $metadata = - '{ - "TestKey":"TestValue" - }' + Set-Content -Path ".\AttestationMetadata.json" -Value $fileContent + $metadata = Join-Path . "AttestationMetadata.json" $fullAttestation = New-AzPolicyAttestation ` -Name $attestationName ` @@ -356,7 +355,7 @@ function Attestation-ResourceGroupScope-Crud { -expectedComplianceState $Compliant ` -expectedComment $comment ` -expectedExpiresOn $expiresOn ` - -expectedMetadata $metadata ` + -expectedMetadata $fileContent ` -expectedOwner $owner ` -expectedAssessmentDate $expiresOn.AddDays(-2) @@ -395,7 +394,7 @@ function Attestation-ResourceGroupScope-Crud { -expectedComplianceState $Compliant ` -expectedComment $comment ` -expectedExpiresOn $expiresOn ` - -expectedMetadata $metadata ` + -expectedMetadata $fileContent ` -expectedOwner $owner ` -expectedAssessmentDate $expiresOn.AddDays(-2) @@ -439,7 +438,7 @@ function Attestation-ResourceGroupScope-Crud { -expectedComplianceState $NonCompliant ` -expectedComment $comment ` -expectedExpiresOn $expiresOn ` - -expectedMetadata $metadata ` + -expectedMetadata $fileContent ` -expectedOwner $owner ` -expectedAssessmentDate $expiresOn.AddDays(-2) @@ -457,7 +456,7 @@ function Attestation-ResourceGroupScope-Crud { -expectedComplianceState $NonCompliant ` -expectedComment $comment ` -expectedExpiresOn $expiresOn ` - -expectedMetadata $metadata ` + -expectedMetadata $fileContent ` -expectedOwner $newOwner ` -expectedAssessmentDate $expiresOn.AddDays(-2) @@ -484,6 +483,8 @@ function Attestation-ResourceGroupScope-Crud { Assert-AreEqual 0 $attestations.Count #endregion + + Remove-Item ".\AttestationMetadata.json" -Force } function Attestation-ResourceScope-Crud { From 9bc23151ec09a99ace02349b3017a6fd08da8d7f Mon Sep 17 00:00:00 2001 From: Samarth Lakhotia Date: Wed, 1 Feb 2023 11:10:14 -0500 Subject: [PATCH 7/7] PR Comments Updated Docs --- .../Attestations/PSAttestationMetadata.cs | 32 ------------------- .../help/Get-AzPolicyAttestation.md | 8 +++-- .../help/New-AzPolicyAttestation.md | 10 ++++-- .../help/Remove-AzPolicyAttestation.md | 2 +- .../help/Set-AzPolicyAttestation.md | 6 +++- 5 files changed, 20 insertions(+), 38 deletions(-) delete mode 100644 src/PolicyInsights/PolicyInsights/Models/Attestations/PSAttestationMetadata.cs diff --git a/src/PolicyInsights/PolicyInsights/Models/Attestations/PSAttestationMetadata.cs b/src/PolicyInsights/PolicyInsights/Models/Attestations/PSAttestationMetadata.cs deleted file mode 100644 index f9dd4fe1503b..000000000000 --- a/src/PolicyInsights/PolicyInsights/Models/Attestations/PSAttestationMetadata.cs +++ /dev/null @@ -1,32 +0,0 @@ -// ---------------------------------------------------------------------------------- -// -// Copyright Microsoft Corporation -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// http://www.apache.org/licenses/LICENSE-2.0 -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// ---------------------------------------------------------------------------------- - -using System; -using System.Collections.Generic; -using System.Management.Automation; - -namespace Microsoft.Azure.Commands.PolicyInsights.Models.Attestations -{ - public class PSAttestationMetadata - { - public object Metadata { get; set; } - - public PSAttestationMetadata() { } - - public PSAttestationMetadata(object metadata) - { - Metadata = metadata; - } - } -} diff --git a/src/PolicyInsights/PolicyInsights/help/Get-AzPolicyAttestation.md b/src/PolicyInsights/PolicyInsights/help/Get-AzPolicyAttestation.md index abf27f0495d7..e121c19c2ce9 100644 --- a/src/PolicyInsights/PolicyInsights/help/Get-AzPolicyAttestation.md +++ b/src/PolicyInsights/PolicyInsights/help/Get-AzPolicyAttestation.md @@ -123,7 +123,9 @@ Evidence : {Microsoft.Azure.Commands.PolicyInsights.Models.At ProvisioningState : Succeeded LastComplianceStateChangeAt : 1/27/2023 2:51:57 AM AssessmentDate : 1/25/2024 2:51:54 AM -Metadata : Microsoft.Azure.Commands.PolicyInsights.Models.Attestations.PSAttestationMetadata +Metadata : { + "TestKey": "TestValue" + } SystemData : ``` @@ -333,4 +335,6 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## NOTES ## RELATED LINKS -[Attestation Overview](https://learn.microsoft.com/en-us/azure/governance/policy/concepts/attestation-structure) \ No newline at end of file +[New-AzPolicyAttestation](./New-AzPolicyAttestation.md) + +[Remove-AzPolicyAttestation](./Remove-AzPolicyAttestation.md) \ No newline at end of file diff --git a/src/PolicyInsights/PolicyInsights/help/New-AzPolicyAttestation.md b/src/PolicyInsights/PolicyInsights/help/New-AzPolicyAttestation.md index d82575088a75..63a8b6b1d99c 100644 --- a/src/PolicyInsights/PolicyInsights/help/New-AzPolicyAttestation.md +++ b/src/PolicyInsights/PolicyInsights/help/New-AzPolicyAttestation.md @@ -183,7 +183,9 @@ Evidence : {Microsoft.Azure.Commands.PolicyInsights.Models.At ProvisioningState : Succeeded LastComplianceStateChangeAt : 1/27/2023 2:51:57 AM AssessmentDate : 1/25/2024 2:51:54 AM -Metadata : Microsoft.Azure.Commands.PolicyInsights.Models.Attestations.PSAttestationMetadata +Metadata : { + "TestKey": "TestValue" + } SystemData : ``` @@ -458,4 +460,8 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## NOTES ## RELATED LINKS -[Attestation Overview](https://learn.microsoft.com/en-us/azure/governance/policy/concepts/attestation-structure) \ No newline at end of file +[Get-AzPolicyAttestation](./Get-AzPolicyAttestation.md) + +[Set-AzPolicyAttestation](./Set-AzPolicyAttestation.md) + +[Remove-AzPolicyAttestation](./Remove-AzPolicyAttestation.md) \ No newline at end of file diff --git a/src/PolicyInsights/PolicyInsights/help/Remove-AzPolicyAttestation.md b/src/PolicyInsights/PolicyInsights/help/Remove-AzPolicyAttestation.md index e5156a40bb85..cc7e2c1b7bbc 100644 --- a/src/PolicyInsights/PolicyInsights/help/Remove-AzPolicyAttestation.md +++ b/src/PolicyInsights/PolicyInsights/help/Remove-AzPolicyAttestation.md @@ -221,4 +221,4 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## NOTES ## RELATED LINKS -[Attestation Overview](https://learn.microsoft.com/en-us/azure/governance/policy/concepts/attestation-structure) \ No newline at end of file +[Get-AzPolicyAttestation](./Get-AzPolicyAttestation.md) diff --git a/src/PolicyInsights/PolicyInsights/help/Set-AzPolicyAttestation.md b/src/PolicyInsights/PolicyInsights/help/Set-AzPolicyAttestation.md index 97b0a8a6444b..8d9078b0b53a 100644 --- a/src/PolicyInsights/PolicyInsights/help/Set-AzPolicyAttestation.md +++ b/src/PolicyInsights/PolicyInsights/help/Set-AzPolicyAttestation.md @@ -438,4 +438,8 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## NOTES ## RELATED LINKS -[Attestation Overview](https://learn.microsoft.com/en-us/azure/governance/policy/concepts/attestation-structure) \ No newline at end of file +[New-AzPolicyAttestation](./New-AzPolicyAttestation.md) + +[Remove-AzPolicyAttestation](./Remove-AzPolicyAttestation.md) + +[Get-AzPolicyAttestation](./Get-AzPolicyAttestation.md) \ No newline at end of file