Azure · VeryEarly · Mar 8, 2024 · Mar 6, 2024
diff --git a/src/Resources/Policy.Autorest/Az.Policy.psd1 b/src/Resources/Policy.Autorest/Az.Policy.psd1
@@ -1,7 +1,7 @@
 @{
   GUID = '54d436a4-6f2e-4977-b339-2b40665fd8c4'
   RootModule = './Az.Policy.psm1'
-  ModuleVersion = '0.1.0'
+  ModuleVersion = '0.1.1'
   CompatiblePSEditions = 'Core', 'Desktop'
   Author = 'Microsoft Corporation'
   CompanyName = 'Microsoft Corporation'
@@ -12,8 +12,8 @@
   RequiredAssemblies = './bin/Az.Policy.private.dll'
   FormatsToProcess = './Az.Policy.format.ps1xml'
   ScriptsToProcess = @('./custom/Helpers.ps1')
-  FunctionsToExport = 'Get-AzPolicyAssignment', 'Get-AzPolicyDefinition', 'Get-AzPolicyExemption', 'Get-AzPolicySetDefinition', 'New-AzPolicyAssignment', 'New-AzPolicyDefinition', 'New-AzPolicyExemption', 'New-AzPolicySetDefinition', 'Remove-AzPolicyAssignment', 'Remove-AzPolicyDefinition', 'Remove-AzPolicyExemption', 'Remove-AzPolicySetDefinition', 'Update-AzPolicyAssignment', 'Update-AzPolicyDefinition', 'Update-AzPolicyExemption', 'Update-AzPolicySetDefinition', '*'
-  AliasesToExport = 'Set-AzPolicyAssignment', 'Set-AzPolicyDefinition', 'Set-AzPolicyExemption', 'Set-AzPolicySetDefinition', '*'
+  FunctionsToExport = 'Get-AzPolicyAssignment', 'Get-AzPolicyDefinition', 'Get-AzPolicyExemption', 'Get-AzPolicySetDefinition', 'LocationCompleter', 'New-AzPolicyAssignment', 'New-AzPolicyDefinition', 'New-AzPolicyExemption', 'New-AzPolicySetDefinition', 'Remove-AzPolicyAssignment', 'Remove-AzPolicyDefinition', 'Remove-AzPolicyExemption', 'Remove-AzPolicySetDefinition', 'Update-AzPolicyAssignment', 'Update-AzPolicyDefinition', 'Update-AzPolicyExemption', 'Update-AzPolicySetDefinition'
+  AliasesToExport = 'Set-AzPolicyAssignment', 'Set-AzPolicyDefinition', 'Set-AzPolicyExemption', 'Set-AzPolicySetDefinition'
   PrivateData = @{
     PSData = @{
       Tags = 'Azure', 'ResourceManager', 'ARM', 'PSModule', 'Policy'

diff --git a/src/Resources/Policy.Autorest/README.md b/src/Resources/Policy.Autorest/README.md
@@ -31,21 +31,24 @@ For information on how to develop for `Az.Policy`, see [how-to.md](how-to.md).
 
 ``` yaml
 # Please specify the commit id that includes your features to make sure generated codes stable.
-commit: 1cb05f075f2d061686fa8a9e45c72d1fafff9e3f
+commit: 33da947dfea91e16a4e62c663a13de4f0fa72251
 require:
 # readme.azure.noprofile.md is the common configuration file
   - $(this-folder)/../../readme.azure.noprofile.md
 input-file:
 # You need to specify your swagger files here.
-  - $(repo)/specification/resources/resource-manager/Microsoft.Authorization/stable/2021-06-01/policyDefinitions.json
-  - $(repo)/specification/resources/resource-manager/Microsoft.Authorization/stable/2021-06-01/policySetDefinitions.json
-  - $(repo)/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/policyAssignments.json
+  - $(repo)/specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/policyDefinitions.json
+  - $(repo)/specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/policySetDefinitions.json
+  - $(repo)/specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/policyDefinitionVersions.json
+  - $(repo)/specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/policySetDefinitionVersions.json
+  - $(repo)/specification/resources/resource-manager/Microsoft.Authorization/stable/2023-04-01/policyAssignments.json
   - $(repo)/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/policyExemptions.json
 # If the swagger has not been put in the repo, you may uncomment the following line and refer to it locally
-# - (this-folder)/relative-path-to-your-swagger 
+#  - ..\..\..\..\azure-rest-api-specs\specification\resources\resource-manager\Microsoft.Authorization\stable\2023-04-01\policyDefinitionVersions.json
+#  - ..\..\..\..\azure-rest-api-specs\specification\resources\resource-manager\Microsoft.Authorization\stable\2023-04-01\policySetDefinitionVersions.json
 
-# For new RP, the version is 0.1.0
-module-version: 0.1.0
+# For new RP, the version is 0.1.1
+module-version: 0.1.1
 # Normally, title is the service name
 root-module-name: $(prefix).Resources
 title: Policy
@@ -56,23 +59,32 @@ subject-prefix: Policy
 # identity-correction-for-post: true
 
 # For new modules, please avoid setting 3.x using the use-extension method and instead, use 4.x as the default option
-use-extension:
-  "@autorest/powershell": "3.x"
+#use-extension:
+#  "@autorest/powershell": "3.x"
+azure: true
+resourcegroup-append: false
+identity-correction-for-post: false
+export-properties-for-dict: false
+nested-object-to-string: false
 
 directive:
   # Following is two common directive which are normally required in all the RPs
   # 1. Remove the unexpanded parameter set
   # 2. For New-* cmdlets, ViaIdentity is not required, so CreateViaIdentityExpanded is removed as well
   - where:
-      variant: ^Create$|^CreateViaIdentity$|^CreateViaIdentityExpanded$|^Update$|^UpdateViaIdentity$
+      variant: ^Create$|^CreateViaIdentity.*$|^CreateViaIdentityExpanded$|^Update$|^UpdateViaIdentity$
     remove: true
   # Remove the set-* cmdlet
   - where:
       verb: Set
     remove: true
   - where:
       verb: New|Update
-      variant: ^(?!.*?Expanded)
+      variant: ^(Create|Update)(?!.*?Expanded)
+    remove: true
+  # Remove ManagementGroupInputObject parameter for all cmdlets, since it's not supported
+  - where:
+      variant: ^(Get|Delete|Update)ViaIdentityManagementGroup(Expanded)?$
     remove: true
 
   # Hide separate cmdlets generated for tenant-level GETs. These are used by Get-AzPolicy*
@@ -85,7 +97,6 @@ directive:
   # They are provide in the new policy module for compatibility with current SDK module.
   # Since neither definitions nor set definitions generate Update-* cmdlets, both
   # Set-* and Update-* cmdlets are implemented by wrapping the generated New-* cmdlets.
-  # TODO: move Set-* aliases to Update-* cmdlets
   - where:
       verb: Update
       subject: PolicyAssignment
@@ -122,42 +133,12 @@ directive:
         script: '{ "" }'
     hide: true
 
-  # Rename and hide Name and SubscriptionId parameters on Get-AzPolicyDefinition.
-  # This is needed for control over parameter type/binding, since the types of
-  # some parameters need to be changed from what is generated by autorest for
-  # compatibility with current SDK cmdlets.
-  - where:
-      verb: Get
-      subject: PolicyDefinition
-      parameter-name: Name
-      variant: Name
-    set:
-      parameter-name: NameInternal
-      default:
-        name: DefaultName
-        description: Need a placeholder to keep autorest happy
-        script: '"PlaceholderName"'
-    hide: true
-    clear-alias: true
-  - where:
-      verb: Get
-      subject: PolicyDefinition
-      parameter-name: SubscriptionId
-    set:
-      parameter-name: SubscriptionIdInternal
-      default:
-        name: DefaultSubscriptionId
-        description: Need a placeholder to keep autorest happy
-        script: '(Get-AzContext).Subscription.Id'
-    hide: true
-
   # Rename and hide Name and SubscriptionId parameters on Get-AzPolicySetDefinition
   # to allow customizing control over parameter bindings to match current SDK cmdlets
   - where:
       verb: Get
-      subject: PolicySetDefinition
+      subject: PolicyDefinition|PolicyDefinitionVersion|PolicySetDefinition|PolicySetDefinitionVersion
       parameter-name: Name
-      variant: Name
     set:
       parameter-name: NameInternal
       default:
@@ -168,7 +149,7 @@ directive:
     clear-alias: true
   - where:
       verb: Get
-      subject: PolicySetDefinition
+      subject: PolicyDefinition|PolicyDefinitionVersion|PolicySetDefinition|PolicySetDefinitionVersion
       parameter-name: SubscriptionId
     set:
       parameter-name: SubscriptionIdInternal
@@ -345,36 +326,32 @@ directive:
       parameter-name: NonComplianceMessageTable
     hide: true
 
-# Hide parameters that aren't (or aren't yet) supported.
+# Hide parameters that aren't supported.
 # For some reason these can't be hidden by hiding them in
 # the custom folder so we have to do it here.
   - where:
       verb: New
       subject: PolicyAssignment
-      parameter-name: PolicyDefinitionId
+      parameter-name: PolicyDefinitionId|ResourceSelector|Override
     hide: true
   - where:
       verb: New
       subject: PolicyDefinition
       parameter-name: PolicyRule
     hide: true
   - where:
-      verb: New
-      subject: PolicyExemption
-      parameter-name: ResourceSelector
-    hide: true
-  - where:
-      verb: Update
+      verb: New|Update
       subject: PolicyExemption
       parameter-name: ResourceSelector
     hide: true
 
+  # Hide cmdlets that are customized or not supported at all
   - where:
       verb: Get|Remove|Update
     hide: true
   - where:
-      verb: New
-      subject: Definition|Exemption|SetDefinition
+      verb: New|Remove|Update
+      subject: PolicyDefinitionVersion|PolicySetDefinitionVersion
     hide: true
 
 metadata:

diff --git a/src/Resources/Policy.Autorest/custom/Get-AzPolicyAssignment.ps1 b/src/Resources/Policy.Autorest/custom/Get-AzPolicyAssignment.ps1
@@ -30,7 +30,7 @@ Identify a policy assignment to get by name and scope or by ID.
 https://learn.microsoft.com/powershell/module/az.resources/get-azpolicyassignment
 #>
 function Get-AzPolicyAssignment {
-[OutputType([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.Api20220601.IPolicyAssignment])]
+[OutputType([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyAssignment])]
 [CmdletBinding(DefaultParameterSetName='Default')]
 param(
     [Parameter(ParameterSetName='Name', Mandatory, ValueFromPipelineByPropertyName)]

diff --git a/src/Resources/Policy.Autorest/custom/Get-AzPolicyDefinition.ps1 b/src/Resources/Policy.Autorest/custom/Get-AzPolicyDefinition.ps1
@@ -29,7 +29,7 @@ The **Get-AzPolicySetDefinition** cmdlet gets a collection of policy set definit
 https://learn.microsoft.com/powershell/module/az.resources/get-azpolicydefinition
 #>
 function Get-AzPolicyDefinition {
-[OutputType([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.Api20210601.IPolicyDefinition])]
+[OutputType([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyDefinition])]
 [CmdletBinding(DefaultParameterSetName='Name')]
 param(
     [Parameter(ParameterSetName='Name', ValueFromPipelineByPropertyName)]
@@ -93,6 +93,7 @@ param(
     # port to autorest: we will address this in the future and hide the parameter for now to avoid future backcompat complexity.
     [Parameter(ParameterSetName='Name', ValueFromPipelineByPropertyName)]
     [Parameter(ParameterSetName='SubscriptionId', ValueFromPipelineByPropertyName)]
+    [Parameter(ParameterSetName='ManagementGroupName', ValueFromPipelineByPropertyName)]
     [Parameter(ParameterSetName='BuiltIn', ValueFromPipelineByPropertyName)]
     [Parameter(ParameterSetName='Custom', ValueFromPipelineByPropertyName)]
     [Parameter(ParameterSetName='Static', ValueFromPipelineByPropertyName)]
@@ -203,21 +204,23 @@ process {
         Write-Host -ForegroundColor Cyan "process:Get-AzPolicyDefinition(" $PSBoundParameters ") - (ParameterSet: $($PSCmdlet.ParameterSetName))"
     }
 
+    # handle disallowed cases not handled by PS parameter attributes
+    if ($PSBoundParameters['SubscriptionId'] -and $PSBoundParameters['ManagementGroupName']) {
+        throw 'Only -ManagementGroupName or -SubscriptionId can be provided, not both.'
+    }
+
     # handle specific parameter sets
     $parameterSet = $PSCmdlet.ParameterSetName
     $calledParameterSet = 'List'
 
     switch ($parameterSet) {
         'BuiltIn' {
-            $null = $PSBoundParameters.Remove('BuiltIn')
             $PSBoundParameters.Add('Filter', "policyType eq 'BuiltIn'")
         }
         'Custom' {
-            $null = $PSBoundParameters.Remove('Custom')
             $PSBoundParameters.Add('Filter', "policyType eq 'Custom'")
         }
         'Static' {
-            $null = $PSBoundParameters.Remove('Static')
             $PSBoundParameters.Add('Filter', "policyType eq 'Static'")
         }
         'Id' {
@@ -281,6 +284,9 @@ process {
     $null = $PSBoundParameters.Remove('SubscriptionId')
     $null = $PSBoundParameters.Remove('ManagementGroupName')
     $null = $PSBoundParameters.Remove('Id')
+    $null = $PSBoundParameters.Remove('BuiltIn')
+    $null = $PSBoundParameters.Remove('Custom')
+    $null = $PSBoundParameters.Remove('Static')
 
     if ($writeln) {
         Write-Host -ForegroundColor Blue -> $mapping[$calledParameterSet]'(' $PSBoundParameters ')'

diff --git a/src/Resources/Policy.Autorest/custom/Get-AzPolicyExemption.ps1 b/src/Resources/Policy.Autorest/custom/Get-AzPolicyExemption.ps1
@@ -29,7 +29,7 @@ The **Get-AzPolicyExemption** cmdlet gets a collection of policy exemptions or a
 https://learn.microsoft.com/powershell/module/az.resources/get-azpolicyexemption
 #>
 function Get-AzPolicyExemption {
-[OutputType([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.Api20220701Preview.IPolicyExemption])]
+[OutputType([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicyExemption])]
 [CmdletBinding(DefaultParameterSetName='Name')]
 param(
     [Parameter(ParameterSetName='Name', ValueFromPipelineByPropertyName)]

diff --git a/src/Resources/Policy.Autorest/custom/Get-AzPolicySetDefinition.ps1 b/src/Resources/Policy.Autorest/custom/Get-AzPolicySetDefinition.ps1
@@ -29,7 +29,7 @@ The **Get-AzPolicySetDefinition** cmdlet gets a collection of policy set definit
 https://learn.microsoft.com/powershell/module/az.resources/get-azpolicysetdefinition
 #>
 function Get-AzPolicySetDefinition {
-[OutputType([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.Api20210601.IPolicySetDefinition])]
+[OutputType([Microsoft.Azure.PowerShell.Cmdlets.Policy.Models.IPolicySetDefinition])]
 [CmdletBinding(DefaultParameterSetName='Name')]
 param(
     [Parameter(ParameterSetName='Name', ValueFromPipelineByPropertyName)]
@@ -195,17 +195,20 @@ process {
         Write-Host -ForegroundColor Cyan "process:Get-AzPolicySetDefinition(" $PSBoundParameters ") - (ParameterSet: $($PSCmdlet.ParameterSetName))"
     }
 
+    # handle disallowed cases not handled by PS parameter attributes
+    if ($PSBoundParameters['SubscriptionId'] -and $PSBoundParameters['ManagementGroupName']) {
+        throw 'Only -ManagementGroupName or -SubscriptionId can be provided, not both.'
+    }
+
     # handle specific parameter sets
     $parameterSet = $PSCmdlet.ParameterSetName
     $calledParameterSet = 'List'
 
     switch ($parameterSet) {
         'BuiltIn' {
-            $null = $PSBoundParameters.Remove('BuiltIn')
             $PSBoundParameters.Add('Filter', "policyType eq 'BuiltIn'")
         }
         'Custom' {
-            $null = $PSBoundParameters.Remove('Custom')
             $PSBoundParameters.Add('Filter', "policyType eq 'Custom'")
         }
         'Id' {
@@ -269,6 +272,8 @@ process {
     $null = $PSBoundParameters.Remove('SubscriptionId')
     $null = $PSBoundParameters.Remove('ManagementGroupName')
     $null = $PSBoundParameters.Remove('Id')
+    $null = $PSBoundParameters.Remove('BuiltIn')
+    $null = $PSBoundParameters.Remove('Custom')
 
     if ($writeln) {
         Write-Host -ForegroundColor Blue -> $mapping[$calledParameterSet]'(' $PSBoundParameters ')'

diff --git a/src/Resources/Policy.Autorest/custom/Helpers.ps1 b/src/Resources/Policy.Autorest/custom/Helpers.ps1
@@ -28,6 +28,10 @@ function parsePolicyId {
     if (!$typeName) {
         # extract typename
         $temp = $resourceId -split '/providers/Microsoft.Authorization/'
+        if ($temp.Length -lt 2) {
+            throw 'parsePolicy(resourceId, typeName) argument error: resourceId is not a Microsoft.Authorization resource type'
+        }
+
         $typeName = ($temp[1] -split '/')[0]
     }
 
@@ -37,7 +41,11 @@ function parsePolicyId {
 
     $mark = "/providers/microsoft.authorization/$($typeName)/"
     $parts = $resourceId -split $mark
-    $name = $parts[1]
+    $name = ''
+    if ($parts.Length -gt 1) {
+        $name = $parts[1]
+    }
+
     $scope = $parts[0]
     $subId = ''
     $mgName = ''
@@ -496,4 +504,32 @@ function ResolvePolicyExemption {
     }
 
     resolvePolicyArtifact $null $null $null $resourceId 'policyExemptions'
-}
+}
+
+function LocationCompleter {
+    param (
+        [Parameter(Mandatory=$true)]
+        $commandName,
+        [Parameter(Mandatory=$true)]
+        $parameterName,
+        [Parameter(Mandatory=$true)]
+        $wordToComplete,
+        [Parameter(Mandatory=$true)]
+        $commandAst,
+        [Parameter(Mandatory=$true)]
+        $fakeBoundParameter
+    )
+
+    $currentLocations | Where-Object { $_ -like "$wordToComplete*" }
+}
+
+# register the location completer for New-AzPolicyAssignment
+Register-ArgumentCompleter -CommandName New-AzPolicyAssignment -ParameterName Location -ScriptBlock ${function:LocationCompleter}
+
+# cache Azure locations to be used by the location completer (Get-AzLocation is not available in this context, need to use REST)
+$subscriptionId = (Get-AzContext).Subscription.Id
+
+$response = Invoke-AzRestMethod -Uri "https://management.azure.com/subscriptions/$subscriptionId/locations?api-version=2022-12-01" -Method GET
+$currentLocations = ($response.Content | ConvertFrom-Json -Depth 100).value | Sort-Object -Property name | Select-Object -ExpandProperty name
+# If you see the following error, it means your context access has expired
+# The given key 'AzureAttestationServiceEndpointSuffix' was not present in the dictionary.