functions/Get-AzExemptions.ps1
|
function Get-AzExemptions { <# Retrieves Policy Exemptions from an EPAC environment and saves them to files. Defines which Policy as Code (PAC) environment we are using, if omitted, the script prompts for a value. The values are read from `$DefinitionsRootFolder/global-settings.jsonc. Definitions folder path. Defaults to environment variable `$env:PAC_DEFINITIONS_FOLDER or './Definitions'. Output Folder. Defaults to environment variable `$env:PAC_OUTPUT_FOLDER or './Outputs'. Set to false if used non-interactive File extension type for the output files. Valid values are json and jsonc. Defaults to json. .\Get-AzExemptions.ps1 -PacEnvironmentSelector "dev" -DefinitionsRootFolder "C:\Src\Definitions" -OutputFolder "C:\Src\Outputs" -Interactive $true -FileExtension "jsonc" Retrieves Policy Exemptions from an EPAC environment and saves them to files. .\Get-AzExemptions.ps1 -Interactive $true Retrieves Policy Exemptions from an EPAC environment and saves them to files. The script prompts for the PAC environment and uses the default definitions and output folders. https://azure.github.io/enterprise-azure-policy-as-code/policy-exemptions/ #> [CmdletBinding()] param( [parameter(Mandatory = $false, HelpMessage = "Defines which Policy as Code (PAC) environment we are using, if omitted, the script prompts for a value. The values are read from `$DefinitionsRootFolder/global-settings.jsonc.", Position = 0)] [string] $PacEnvironmentSelector, [Parameter(Mandatory = $false, HelpMessage = "Definitions folder path. Defaults to environment variable `$env:PAC_DEFINITIONS_FOLDER or './Definitions'.")] [string]$DefinitionsRootFolder, [Parameter(Mandatory = $false, HelpMessage = "Output Folder. Defaults to environment variable `$env:PAC_OUTPUT_FOLDER or './Outputs'.")] [string] $OutputFolder, [Parameter(Mandatory = $false, HelpMessage = "Set to false if used non-interactive")] [bool] $Interactive = $true, [ValidateSet("json", "jsonc")] [Parameter(Mandatory = $false, HelpMessage = "File extension type for the output files. Defaults to '.jsonc'.")] [string] $FileExtension = "json" ) # Dot Source Helper Scripts $InformationPreference = "Continue" $pacEnvironment = Select-PacEnvironment $PacEnvironmentSelector -DefinitionsRootFolder $DefinitionsRootFolder -OutputFolder $OutputFolder -Interactive $Interactive Set-AzCloudTenantSubscription -Cloud $pacEnvironment.cloud -TenantId $pacEnvironment.tenantId -Interactive $pacEnvironment.interactive $policyExemptionsFolder = "$($pacEnvironment.outputFolder)/policyExemptions" $scopeTable = Get-AzScopeTree -PacEnvironment $pacEnvironment $deployedPolicyResources = Get-AzPolicyResources -PacEnvironment $pacEnvironment -ScopeTable $scopeTable -SkipRoleAssignments $exemptions = $deployedPolicyResources.policyExemptions.managed $assignments = $deployedPolicyResources.policyassignments.managed Out-PolicyExemptions ` -Exemptions $exemptions ` -Assignments $assignments ` -PolicyExemptionsFolder $policyExemptionsFolder ` -OutputJson ` -OutputCsv ` -ExemptionOutputType "*" ` -FileExtension $FileExtension } |