3

When applying the allowed resource type policy through the Azure portal, there is a drop down with hundreds of available resource types that can be selected as assignment parameters. Does anyone know how this list is generated or where can I query for the contents so that I can create new policies programmatically?

I have created a powershell block to query available azure resource providers and their resource types but the matching list is several hundred resource types shorter than the list that is displayed in the azure portal.

$resourceTypes = @()
$resourceProviders = Get-AzResourceProvider -ListAvailable
foreach ($resourceProvider in $resourceProviders) {
    foreach ($resourceType in $resourceProvider.resourceTypes) {
        $fullResourceTypeName = $resourceProvider.ProviderNamespace + "/" + $resourceType.ResourceTypeName
        $resourceTypes += $fullResourceTypeName
    }
}

I would like to be able to download the contents of the drop down list so I see all the available resource types available to white list.

Morgan Jones
  • 31
  • 2
  • there is no other way of querying resource providers, can you show an example of a missing resource provider? – 4c74356b41 Sep 26 '19 at 05:30

3 Answers3

0

To see the resource types for a resource provider, use:

(Get-AzResourceProvider -ProviderNamespace {Namespace}).ResourceTypes.ResourceTypeName

I got this from this link https://learn.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-supported-services

Brydenr
  • 798
  • 1
  • 19
  • 30
Kemley
  • 184
  • 5
  • This command provides resource provider for a particular subscription. I have a similar requirement to pull up all resource provider and types in the portal to programmatically allow resources in the policy – Kanna Jan 26 '23 at 09:03
0
az provider list --expand resourceTypes/aliases | jq '[ .[].namespace + "/" + .[].resourceTypes[].resourceType , .[].resourceTypes[].aliases[]?.name ] | unique | sort'

When adding resources via the portal, in the association, the parameters are in lowercase. e.g.

"parameters": {
  "listOfResourceTypesNotAllowed": {
    "value": [
      "dynatrace.observability/checknameavailability",
      "dynatrace.observability/locations",
      "dynatrace.observability/locations/operationstatuses",
      "dynatrace.observability/registeredsubscriptions",
      "dynatrace.observability/operations",
      "dynatrace.observability/monitors/singlesignonconfigurations",
      "dynatrace.observability/monitors/tagrules",
      "dynatrace.observability/monitors"
    ]
  }
}

But via that command, the parameters are returned in CamelCase

  "Dynatrace.Observability/checkAccess",
  "Dynatrace.Observability/checkAzureDataFactoryNameAvailability",
  "Dynatrace.Observability/checkBenefitScopes",
  "Dynatrace.Observability/checkDataFactoryNameAvailability",
  "Dynatrace.Observability/checkDomainAvailability",
  "Dynatrace.Observability/checkDomainNameAvailability",
  "Dynatrace.Observability/checkEndpointNameAvailability",
  "Dynatrace.Observability/checkFeedbackRequired",
  "Dynatrace.Observability/checkFrontdoorNameAvailability",
  "Dynatrace.Observability/checkMhsmNameAvailability",
  "Dynatrace.Observability/checkNameAvailability",
  "Dynatrace.Observability/checkNamespaceAvailability",
  "Dynatrace.Observability/checkOffers",
  "Dynatrace.Observability/checkPolicyCompliance",
  "Dynatrace.Observability/checkPolicyRestrictions",
  "Dynatrace.Observability/checkProvisioningServiceNameAvailability",
  "Dynatrace.Observability/checkPurchaseStatus",

I suspect it dosent make a difference.

Credit https://stackoverflow.com/a/55238793/6544539

WARNING: this command is going to give you like 750K items.

A Kingscote
  • 294
  • 4
  • 7
0

Call the api/invoke to get all the same Azure Resource Types listed by the Azure Portal:

$OutFileName = "resourcetypes.txt"
$output = @()   

$token = az account get-access-token --resource https://management.azure.com | ConvertFrom-Json | Select-Object -ExpandProperty accessToken
$headers = @{
"x-ms-path-query"='/providers?api-version=2022-06-01&$expand=resourceTypes/aliases'
"x-ms-command-name"="Microsoft_Azure_Policy."
"Accept"="application/json"
"Authorization"="Bearer $token"
}
$result = Invoke-WebRequest -UseBasicParsing -Uri "https://management.azure.com/api/invoke" -Headers $headers

$azproviders = $result.Content | ConvertFrom-Json | Select-Object -ExpandProperty value

foreach ($provider in $azproviders) { 
  foreach ($type in $provider.resourceTypes) 
  { 
    $output += $provider.namespace + "/" + $type.resourceType 
  } 
}
$output | Sort-Object -Unique | Out-File $OutFileName
Fbbc
  • 1
  • 1
  • As it’s currently written, your answer is unclear. Please [edit] to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Mar 25 '23 at 00:15