CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl/pypi-azure-mgmt-policyinsights

Microsoft Azure Policy Insights Client Library for Python providing comprehensive Azure Policy services management.

Pending

Quality

Pending

Does it follow best practices?

Impact

Pending

No eval scenarios have been run

Overview
Eval results
Files

policy-tracked-resources.mddocs/

Policy Tracked Resources Operations

Overview

Policy Tracked Resources operations enable querying resources that are tracked by Azure Policy to understand which resources are being monitored for compliance across different scopes.

Core Functionality

Query Operations

list_query_results_for_management_group

def list_query_results_for_management_group(
    management_group_name: str,
    query_options: Optional[QueryOptions] = None,
    **kwargs
) -> ItemPaged[PolicyTrackedResource]

{ .api }

Query tracked resources for a management group.

Parameters:

  • management_group_name: Management group name
  • query_options: Optional query parameters (top, filter, orderby, select)

Returns: Paginated collection of PolicyTrackedResource objects

list_query_results_for_subscription

def list_query_results_for_subscription(
    subscription_id: str,
    query_options: Optional[QueryOptions] = None,
    **kwargs
) -> ItemPaged[PolicyTrackedResource]

{ .api }

Query tracked resources for a subscription.

Parameters:

  • subscription_id: Azure subscription ID
  • query_options: Optional query parameters

Returns: Paginated collection of PolicyTrackedResource objects

list_query_results_for_resource_group

def list_query_results_for_resource_group(
    subscription_id: str,
    resource_group_name: str,
    query_options: Optional[QueryOptions] = None,
    **kwargs
) -> ItemPaged[PolicyTrackedResource]

{ .api }

Query tracked resources for a resource group.

Parameters:

  • subscription_id: Azure subscription ID
  • resource_group_name: Resource group name
  • query_options: Optional query parameters

Returns: Paginated collection of PolicyTrackedResource objects

list_query_results_for_resource

def list_query_results_for_resource(
    resource_id: str,
    query_options: Optional[QueryOptions] = None,
    **kwargs
) -> ItemPaged[PolicyTrackedResource]

{ .api }

Query tracked resources for a specific resource.

Parameters:

  • resource_id: Full Azure resource ID
  • query_options: Optional query parameters

Returns: Paginated collection of PolicyTrackedResource objects

Related Types

PolicyTrackedResource

class PolicyTrackedResource:
    tracked_resource_id: Optional[str]
    policy_details: Optional[PolicyDetails]
    tracked_resource_type: Optional[str]
    last_update_utc: Optional[datetime.datetime]
    tracked_resource_modification_details: Optional[TrackedResourceModificationDetails]

{ .api }

PolicyDetails

class PolicyDetails:
    policy_definition_id: Optional[str]
    policy_assignment_id: Optional[str]
    policy_assignment_name: Optional[str]
    policy_assignment_owner: Optional[str]
    policy_assignment_scope: Optional[str]
    policy_set_definition_id: Optional[str]
    policy_definition_reference_id: Optional[str]

{ .api }

TrackedResourceModificationDetails

class TrackedResourceModificationDetails:
    policy_details: Optional[PolicyDetails]
    deployment_id: Optional[str]
    deployment_time: Optional[datetime.datetime]

{ .api }

PolicyTrackedResourcesQueryResults

class PolicyTrackedResourcesQueryResults:
    odata_context: Optional[str]
    odata_count: Optional[int]
    odata_next_link: Optional[str]
    value: Optional[List[PolicyTrackedResource]]

{ .api }

Usage Examples

Query All Tracked Resources for Subscription

# Query all resources tracked by policies in a subscription
tracked_resources = client.policy_tracked_resources.list_query_results_for_subscription(
    subscription_id=subscription_id
)

for resource in tracked_resources:
    print(f"Resource ID: {resource.tracked_resource_id}")
    print(f"Resource Type: {resource.tracked_resource_type}")
    print(f"Last Updated: {resource.last_update_utc}")
    
    if resource.policy_details:
        policy = resource.policy_details
        print(f"Policy Assignment: {policy.policy_assignment_name}")
        print(f"Policy Definition: {policy.policy_definition_id}")
    
    print("---")

Filter Tracked Resources by Type

from azure.mgmt.policyinsights.models import QueryOptions

# Query only storage account resources being tracked
query_options = QueryOptions(
    filter="trackedResourceType eq 'Microsoft.Storage/storageAccounts'",
    top=50,
    orderby="lastUpdateUtc desc"
)

storage_tracked = client.policy_tracked_resources.list_query_results_for_subscription(
    subscription_id=subscription_id,
    query_options=query_options
)

print("Tracked Storage Accounts:")
for resource in storage_tracked:
    print(f"- {resource.tracked_resource_id}")
    print(f"  Last Modified: {resource.last_update_utc}")
    
    if resource.tracked_resource_modification_details:
        mod_details = resource.tracked_resource_modification_details
        print(f"  Modified by deployment: {mod_details.deployment_id}")
        print(f"  Deployment time: {mod_details.deployment_time}")

Query Recently Modified Tracked Resources

from datetime import datetime, timedelta

# Query resources modified in the last 7 days
week_ago = datetime.utcnow() - timedelta(days=7)
query_options = QueryOptions(
    filter=f"lastUpdateUtc ge {week_ago.isoformat()}Z",
    orderby="lastUpdateUtc desc",
    top=100
)

recent_tracked = client.policy_tracked_resources.list_query_results_for_subscription(
    subscription_id=subscription_id,
    query_options=query_options
)

print("Recently modified tracked resources:")
for resource in recent_tracked:
    print(f"Resource: {resource.tracked_resource_id}")
    print(f"Type: {resource.tracked_resource_type}")
    print(f"Modified: {resource.last_update_utc}")
    
    # Check if resource was modified by a remediation
    if resource.tracked_resource_modification_details:
        mod_details = resource.tracked_resource_modification_details
        if mod_details.deployment_id:
            print(f"  -> Modified by remediation deployment: {mod_details.deployment_id}")
    print()

Query Tracked Resources for Specific Policy

# Query resources tracked by a specific policy assignment
policy_assignment_id = "/subscriptions/{subscription-id}/providers/Microsoft.Authorization/policyAssignments/my-policy"

query_options = QueryOptions(
    filter=f"policyDetails/policyAssignmentId eq '{policy_assignment_id}'"
)

policy_tracked = client.policy_tracked_resources.list_query_results_for_subscription(
    subscription_id=subscription_id,
    query_options=query_options
)

print(f"Resources tracked by policy assignment:")
for resource in policy_tracked:
    print(f"- {resource.tracked_resource_id}")
    print(f"  Type: {resource.tracked_resource_type}")
    if resource.policy_details:
        print(f"  Assignment: {resource.policy_details.policy_assignment_name}")

Monitor Resource Group Tracked Resources

# Monitor tracked resources in a specific resource group
tracked_in_rg = client.policy_tracked_resources.list_query_results_for_resource_group(
    subscription_id=subscription_id,
    resource_group_name="production-rg",
    query_options=QueryOptions(orderby="trackedResourceType,trackedResourceId")
)

# Group by resource type
by_type = {}
for resource in tracked_in_rg:
    resource_type = resource.tracked_resource_type or "Unknown"
    if resource_type not in by_type:
        by_type[resource_type] = []
    by_type[resource_type].append(resource)

print("Tracked resources by type:")
for resource_type, resources in by_type.items():
    print(f"\n{resource_type} ({len(resources)} resources):")
    for resource in resources:
        print(f"  - {resource.tracked_resource_id}")
        if resource.policy_details:
            print(f"    Policy: {resource.policy_details.policy_assignment_name}")

Check Individual Resource Tracking

# Check if a specific resource is being tracked
resource_id = "/subscriptions/{subscription-id}/resourceGroups/{rg}/providers/Microsoft.Storage/storageAccounts/{name}"

tracked_resource = client.policy_tracked_resources.list_query_results_for_resource(
    resource_id=resource_id
)

tracked_list = list(tracked_resource)
if tracked_list:
    print(f"Resource {resource_id} is being tracked by {len(tracked_list)} policies:")
    for tracked in tracked_list:
        if tracked.policy_details:
            policy = tracked.policy_details
            print(f"- Policy Assignment: {policy.policy_assignment_name}")
            print(f"  Policy Definition: {policy.policy_definition_id}")
            print(f"  Last Updated: {tracked.last_update_utc}")
else:
    print(f"Resource {resource_id} is not currently being tracked by any policies")

Install with Tessl CLI

npx tessl i tessl/pypi-azure-mgmt-policyinsights

docs

index.md

policy-events.md

policy-metadata.md

policy-restrictions.md

policy-states.md

policy-tracked-resources.md

remediations.md

tile.json