tessl/pypi-azure-mgmt-policyinsights
Microsoft Azure Policy Insights Client Library for Python providing comprehensive Azure Policy services management.
- Workspace
- tessl
- Visibility
- Public
- Created
- Last updated
'%3e%3cpath%20d='M3.389%209.069c0-.009.043-.033.029-.044L.029%207.77l3.287-1.197L6.574%207.77l.106.083.005%204-3.297%201.185V9.068ZM13.582%209.32V2.74l3.405%201.238v4.104L13.583%209.32ZM10.253%2014.66l-3.476%201.268v-4.027l3.476-1.313v4.072ZM10.253%2010.558l-3.476%201.239V7.784l3.476-1.268v4.042ZM10.253%2014.719v3.968L6.777%2020v-3.998l3.476-1.283ZM17%208.139v4.042l-3.418%201.239V9.378L17%208.138ZM3.3%2017.168%200%2015.943v-4.027l3.3%201.224v4.028ZM6.69%2011.916v4.027l-3.302%201.225v-4.072l3.301-1.18ZM6.69%203.743v4.012l-3.33-1.21V2.564l3.33%201.18Z'/%3e%3cpath%20d='M3.3%2013.066%200%2011.842V7.844l3.3%201.224v3.998ZM13.524%209.334l-.175.088.175-.014v4.027l-3.152%201.183-.06-.032v-3.983l1.986-.767-.111.006-1.876.657V6.531l3.213-1.224v4.027Zm-.263.133c-.065.008-.198.023-.233.088.065-.008.198-.023.233-.088Zm-.321.118c-.065.008-.198.023-.233.088.065-.009.198-.023.233-.088Zm-.321.118c-.066.008-.199.023-.234.088.065-.008.199-.023.234-.088ZM13.524%201.266v3.968l-3.213%201.195V2.46l3.213-1.194ZM10.253%202.475v3.968L6.777%207.726V3.743l3.476-1.268ZM8.2%204.458c-.304.064-.627.5-.708.79-.27.963.636%201.081%201.091.364.277-.437.354-1.308-.383-1.154ZM13.524%2013.51v3.983l-3.17%201.177c-.011%200-.043-.067-.043-.07v-3.895l3.213-1.195Zm-.884%201.63c-.495.085-1.068%201.015-.676%201.435.483.517%201.502-.636%201.147-1.246-.098-.169-.286-.221-.47-.19ZM10.165%202.387l-.037.065-3.395%201.249-3.345-1.212L6.88%201.21l3.285%201.178ZM13.437%201.177l-.088.073-3.057%201.127-3.034-1.082-.277-.133L10.151%200l3.286%201.177Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h17v20H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
To install, run
npx @tessl/cli install tessl/pypi-azure-mgmt-policyinsights@1.0.0index.mddocs/
Azure Policy Insights Client Library
Overview
The Azure Policy Insights Client Library provides comprehensive programmatic access to Azure Policy services, enabling developers to query policy compliance states, policy events, policy metadata, remediations, tracked resources, and policy restrictions. This library supports both synchronous and asynchronous operations and integrates seamlessly with Azure authentication and management workflows.
Package Information
- Package Name: azure-mgmt-policyinsights
- Language: Python
- Installation:
pip install azure-mgmt-policyinsights - Version: 1.0.0
- License: MIT
Core Imports
# Main synchronous client
from azure.mgmt.policyinsights import PolicyInsightsClient
# Asynchronous client
from azure.mgmt.policyinsights.aio import PolicyInsightsClient as AsyncPolicyInsightsClient
# Models and data types
from azure.mgmt.policyinsights.models import (
PolicyEvent,
PolicyState,
Remediation,
PolicyMetadata,
CheckRestrictionsRequest,
FieldRestrictionResult,
PolicyStatesResource,
ResourceDiscoveryMode
)Basic Usage
Client Authentication and Initialization
from azure.identity import DefaultAzureCredential
from azure.mgmt.policyinsights import PolicyInsightsClient
# Initialize client with Azure credentials
credential = DefaultAzureCredential()
subscription_id = "your-subscription-id"
client = PolicyInsightsClient(credential, subscription_id)
# Context manager usage for automatic cleanup
with PolicyInsightsClient(credential, subscription_id) as client:
# Use client operations
passAsynchronous Client Usage
from azure.identity.aio import DefaultAzureCredential
from azure.mgmt.policyinsights.aio import PolicyInsightsClient
async def async_example():
credential = DefaultAzureCredential()
async with PolicyInsightsClient(credential, subscription_id) as client:
# Use async client operations
passCore Capabilities
Policy States Management
Query and summarize policy compliance states across different Azure scopes (management groups, subscriptions, resource groups, and individual resources). Supports filtering, triggering evaluations, and comprehensive compliance reporting.
# Query policy states for subscription
policy_states = client.policy_states.list_query_results_for_subscription(
subscription_id=subscription_id,
policy_states_resource="latest"
)
# Summarize compliance for resource group
summary = client.policy_states.summarize_for_resource_group(
resource_group_name="my-rg",
subscription_id=subscription_id
)Details: Policy States Operations
Policy Events Monitoring
Query policy evaluation events to track when policies are evaluated and what results are produced. Essential for compliance monitoring and auditing workflows.
# Query policy events for subscription
events = client.policy_events.list_query_results_for_subscription(
subscription_id=subscription_id
)
# Query events for specific resource
resource_events = client.policy_events.list_query_results_for_resource(
resource_id="/subscriptions/{subscription-id}/resourceGroups/{rg}/providers/{provider}/{resource}"
)Details: Policy Events Operations
Remediation Management
Create, manage, and monitor policy remediations to automatically fix non-compliant resources. Supports management group, subscription, resource group, and individual resource scopes.
# Create remediation at subscription level
remediation = client.remediations.create_or_update_at_subscription(
subscription_id=subscription_id,
remediation_name="fix-non-compliant-resources",
parameters={
"properties": {
"policyAssignmentId": "/subscriptions/{sub}/providers/Microsoft.Authorization/policyAssignments/{assignment}",
"resourceDiscoveryMode": "ExistingNonCompliant"
}
}
)
# List remediation deployments
deployments = client.remediations.list_deployments_at_subscription(
subscription_id=subscription_id,
remediation_name="fix-non-compliant-resources"
)Details: Remediations Operations
Policy Metadata Discovery
Access policy metadata including built-in policy definitions, categories, and detailed policy information for governance and compliance workflows.
# List all policy metadata
metadata_list = client.policy_metadata.list()
# Get specific policy metadata
metadata = client.policy_metadata.get_resource(
resource_name="policy-metadata-name"
)Details: Policy Metadata Operations
Policy Tracked Resources
Query resources that are tracked by Azure Policy to understand which resources are being monitored for compliance.
# Query tracked resources for subscription
tracked_resources = client.policy_tracked_resources.list_query_results_for_subscription(
subscription_id=subscription_id
)Details: Policy Tracked Resources Operations
Policy Restrictions Validation
Check what policy restrictions would apply to resource operations before attempting to perform them, enabling proactive compliance validation.
from azure.mgmt.policyinsights.models import CheckRestrictionsRequest
# Check restrictions for subscription scope
request = CheckRestrictionsRequest(
resource_details={
"resource_content": {"location": "eastus", "kind": "web"},
"api_version": "2021-01-01"
}
)
restrictions = client.policy_restrictions.check_at_subscription_scope(
subscription_id=subscription_id,
parameters=request
)Details: Policy Restrictions Operations
Operations Discovery
Query available operations and capabilities provided by the Policy Insights service for programmatic discovery of supported API functionality.
# List all available operations
operations = client.operations.list()Usage example:
# Discover available operations
operations_list = client.operations.list()
for operation in operations_list:
print(f"Operation: {operation.name}")
print(f"Display Name: {operation.display.operation}")
print(f"Description: {operation.display.description}")Architecture
The Azure Policy Insights Client Library follows the Azure SDK design patterns:
- Client Class:
PolicyInsightsClientserves as the main entry point with operation groups as properties - Operation Groups: Seven specialized operation classes handle different policy aspects:
policy_states: Policy compliance state queries and summariespolicy_events: Policy evaluation event queriesremediations: Policy remediation managementpolicy_metadata: Policy metadata and definition discoverypolicy_tracked_resources: Tracked resource queriespolicy_restrictions: Policy restriction validationoperations: API operation discovery
- Models: Comprehensive data models for all API interactions
- Authentication: Integrates with Azure Identity for credential management
- Async Support: Full async/await support through the
aiomodule - Error Handling: Consistent error handling with Azure-specific exception types
Error Handling
The library uses standard Azure SDK exceptions:
from azure.core.exceptions import HttpResponseError, ClientAuthenticationError
try:
policy_states = client.policy_states.list_query_results_for_subscription(
subscription_id=subscription_id,
policy_states_resource="latest"
)
except ClientAuthenticationError:
# Handle authentication issues
pass
except HttpResponseError as e:
# Handle HTTP errors (4xx, 5xx)
print(f"HTTP error: {e.status_code} - {e.message}")