search

Azure / enterprise-azure-policy-as-code

Enterprise-ready Azure Policy-as-Code (PaC) solution (includes Az DevOps pipeline)
https://azure.github.io/enterprise-azure-policy-as-code/
MIT License
410 stars 216 forks source link

Get-AzExemption.ps1 doesn't output any exemptions #612

Closed nikolaifa closed 4 months ago

nikolaifa commented 4 months ago

Describe the bug I'm running the script against our pacEnvironment with a few exemptions, the output files contain an empty JSON array of exemptions:

{
  "$schema": "https://raw.githubusercontent.com/Azure/enterprise-azure-policy-as-code/main/Schemas/policy-exemption-schema.json",
  "exemptions": []
}

To Reproduce

I'm running: Get-AzExemptions -pacEnvironment "production" against an existing pacEnvironment

I have verified that the script manages to retrieve all exemptions within the scope, the issue seems to be with the Helper function Output-PolicyExemptions

Expected behavior

My expectation is that the script will output a all exemptions in the scope of the pacEnvironment

Screenshots

===================================================================================================
Policy Resources found for EPAC environment 'production' at root scope /managementGroups/<GUID>
===================================================================================================

Policy counts:
    BuiltIn        = 3518
    Managed (30) by:
        This PaC   = 30
        Other PaC  = 0
        Unknown    = 0
    Inherited      = 0
    Excluded       = 0

Policy Set counts:
    BuiltIn        = 130
    Managed (12) by:
        This PaC   = 12
        Other PaC  = 0
        Unknown    = 0
    Inherited      = 0
    Excluded       = 0

Policy Assignment counts:
    Managed (72) by:
        This PaC              = 24
        Other PaC             = 0
        Unknown               = 0
        DfC Security Policies = 0
        DfC Defender Plans    = 48
    With identity             = 12
    Excluded                  = 3

Policy Exemptions:
    Managed (38) by:
        This PaC  = 37
        Other PaC = 0
        Unknown   = 1
    Expired       = 0
    Excluded      = 0

===================================================================================================
Output Exemption list (38)
===================================================================================================

===================================================================================================
Output 0 Exemptions (all) for epac environment 'production'
===================================================================================================

EPAC Version

Currently on v10.2.2, but couldn't get it working with v9.1.5 either

techlake commented 4 months ago

Pushed into v10.2.3

Thank you for your fix