Functions/Get-AHPolicyRSOP.ps1
|
function Get-AHPolicyRSOP { <# .SYNOPSIS Gets all Azure Policies applied to a specific resource - This code has not yet been written and doesn't work .DESCRIPTION Gets all Azure Policies applied to a specific resource ID .EXAMPLE Get-AHPolicyRSOP -ResourceID xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Get a list of all Azure Policies applied to the resource with resource ID xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx .EXAMPLE .INPUTS String .OUTPUTS .NOTES Author: Paul Harrison #> [CmdletBinding()] param( [Parameter(ParameterSetName = "ResourceId", Mandatory = $true, ValueFromPipeline = $true)] [string] $ResourceID ) Begin { $beginningSub = (Get-AzContext).Subscription.Id } Process { $resource = Get-AzResource -ResourceId $ResourceId If (!$?) { throw "Invalid ResourceId" } #get rg,sub,management groups $resourceRG = $resource.ResourceGroupName $resourceSub = $resource.ResourceId.Split('/')[2] #this is faster than querying context, if this doesn't work at somepoint then replace with (Get-AzContext).Subscription.Id $currentSub = (Get-AzContext).Subscription.Id If ($resourceSub -ne $currentSub) { Set-AzContext $resourceSub If (!$?) { throw "Invalid resourceID or you do not have access to the subscription" } } $resourceMGs = Get-AzManagementGroup #@() not sure yet how to pull the management groups yet... #get every policy assignment #Check assignment scope, if it matches a resource,rg,sub,or management group then check exclusions, if it does not match any exclusions then add it to list of applied policies, otherwise add it to the list of filtered policies } End { Set-AzContext $beginningSub } } |