enterprise-azure-policy-as-code
enterprise-azure-policy-as-code copied to clipboard
Azure
Definitions not exported
Describe the bug In my global-settings.jsonc file, I've specified a management group to target, let's call this ManagementGroupExample. This should include all policies from the child subscriptions or management groups. I'm able to get all the policy assignments just fine, but for the definitions, only the ones set on ManagementGroupExample are exported. If I take a copy of an existing policy definition that is scoped to a subscription, and then I scope this copy to ManagementGroupExample, then the export will include the definition. The definition is a custom one by the way.
I've looked at the functions in this module and it seems like the function New-EPACPolicyDefinition is the one used to generate the json. However, both this function and the function script (New-EPACPolicyDefinition.ps1) don't seem to be called by anything else.
Furthermore, under the RawDefinitions folder (found under export folder), I can see that the definitions I'm looking for are in there, but just not exported out into .jsonc format into the policyDefinitions folder.
To Reproduce Just run Export-AzPolicyResources or Export-AzPolicyResources -DefinitionsRootFolder .\Definitions -OutputFolder Output
Expected behavior All definitions starting at the target scope level, including the ones in the child subs and management group, should be exported
EPAC Version 10.1.9
Here's the output of my Powershell run:
===================================================================================================
Get scope tree for EPAC environment 'epac-prd' at root scope /managementGroups/mg-redacted
===================================================================================================
Retrieved 285 Resource Groups
Processing 285 Resource Groups...
Scope tree for EPAC environment 'epac-prd' at root scope /managementGroups/mg-redacted complete.
Management groups = 12
Subscriptions = 23
Resource groups = 285
===================================================================================================
Get Policy Resources for EPAC environment 'epac-prd' at root scope /managementGroups/mg-redacted
===================================================================================================
Retrieved 1000 Policy definitions
Retrieved 2000 Policy definitions
Retrieved 3000 Policy definitions
Retrieved 3533 Policy definitions
Retrieved 130 Policy Set definitions
Retrieved 109 Policy Assignments
Retrieved 19 Role Assignments
Retrieved 548 Role Definitions
Retrieved 392 Policy Exemptions
Processing Exemptions for orphaned assignments
===================================================================================================
Policy Resources found for EPAC environment 'epac-prd' at root scope /managementGroups/mg-redacted
===================================================================================================
Policy counts:
BuiltIn = 3518
Managed (4) by:
This PaC = 0
Other PaC = 0
Unknown = 4
Inherited = 0
Excluded = 0
Policy Set counts:
BuiltIn = 130
Managed (0) by:
This PaC = 0
Other PaC = 0
Unknown = 0
Inherited = 0
Excluded = 0
Policy Assignment counts:
Managed (98) by:
This PaC = 0
Other PaC = 0
Unknown = 60
DfC Security Policies = 0
DfC Defender Plans = 38
With identity = 15
Excluded = 0
Policy Exemptions:
Managed (384) by:
This PaC = 0
Other PaC = 0
Unknown = 384
Orphaned = 0
Expired = 8
Excluded = 0
Role Assignments:
Principal Ids = 7
With Role Assignments = 7
Role Assignments = 19
===================================================================================================
Processing 4 Policies from EPAC environment 'epac-prd'
===================================================================================================
===================================================================================================
Processing 0 Policy Sets from EPAC environment 'epac-prd'
===================================================================================================
===================================================================================================
Collating 98 Policy Assignments from EPAC environment 'epac-prd'
===================================================================================================
===================================================================================================
Output Exemption list (384)
===================================================================================================
===================================================================================================
Output 384 active (not expired or orphaned) Exemptions for epac environment 'epac-prd'
===================================================================================================
===================================================================================================
Optimizing 22 Policy Assignment trees
===================================================================================================
===================================================================================================
Creating 22 Policy Assignment files
===================================================================================================
===================================================================================================
Creating Ownership CSV file
===================================================================================================
