Creates or updates a governance rule over a given scope
PUT https://management.azure.com/{scope}/providers/Microsoft.Security/governanceRules/{ruleId}?api-version=2022-01-01-preview
URI Parameters
| Name |
In |
Required |
Type |
Description |
|
ruleId
|
path |
True
|
string
|
The governance rule key - unique key for the standard governance rule (GUID)
|
|
scope
|
path |
True
|
string
|
The scope of the Governance rules. Valid scopes are: management group (format: 'providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: 'subscriptions/{subscriptionId}'), or security connector (format: 'subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/securityConnectors/{securityConnectorName})'
|
|
api-version
|
query |
True
|
string
|
API version for the operation
|
Request Body
| Name |
Required |
Type |
Description |
|
properties.conditionSets
|
True
|
Condition[]
|
The governance rule conditionSets - see examples
|
|
properties.displayName
|
True
|
string
|
Display name of the governance rule
|
|
properties.ownerSource
|
True
|
GovernanceRuleOwnerSource
|
The owner source for the governance rule - e.g. Manually by user@contoso.com - see example
|
|
properties.rulePriority
|
True
|
integer
|
The governance rule priority, priority to the lower number. Rules with the same priority on the same scope will not be allowed
|
|
properties.ruleType
|
True
|
GovernanceRuleType
|
The rule type of the governance rule, defines the source of the rule e.g. Integrated
|
|
properties.sourceResourceType
|
True
|
GovernanceRuleSourceResourceType
|
The governance rule source, what the rule affects, e.g. Assessments
|
|
properties.description
|
|
string
|
Description of the governance rule
|
|
properties.excludedScopes
|
|
string[]
|
Excluded scopes, filter out the descendants of the scope (on management scopes)
|
|
properties.governanceEmailNotification
|
|
GovernanceRuleEmailNotification
|
The email notifications settings for the governance rule, states whether to disable notifications for mangers and owners
|
|
properties.includeMemberScopes
|
|
boolean
|
Defines whether the rule is management scope rule (master connector as a single scope or management scope)
|
|
properties.isDisabled
|
|
boolean
|
Defines whether the rule is active/inactive
|
|
properties.isGracePeriod
|
|
boolean
|
Defines whether there is a grace period on the governance rule
|
|
properties.metadata
|
|
GovernanceRuleMetadata
|
The governance rule metadata
|
|
properties.remediationTimeframe
|
|
string
|
Governance rule remediation timeframe - this is the time that will affect on the grace-period duration e.g. 7.00:00:00 - means 7 days
|
Responses
Security
azure_auth
Azure Active Directory OAuth2 Flow
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
| Name |
Description |
|
user_impersonation
|
impersonate your user account
|
Examples
Create or update governance rule over management group scope
Sample request
PUT https://management.azure.com/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8?api-version=2022-01-01-preview
{
"properties": {
"displayName": "Management group rule",
"description": "A rule for a management group",
"remediationTimeframe": "7.00:00:00",
"isGracePeriod": true,
"rulePriority": 200,
"isDisabled": false,
"ruleType": "Integrated",
"sourceResourceType": "Assessments",
"conditionSets": [
{
"conditions": [
{
"property": "$.AssessmentKey",
"value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
"operator": "In"
}
]
}
],
"ownerSource": {
"type": "Manually",
"value": "user@contoso.com"
},
"governanceEmailNotification": {
"disableManagerEmailNotification": true,
"disableOwnerEmailNotification": false
},
"excludedScopes": [
"/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23"
]
}
}
import com.azure.core.management.serializer.SerializerFactory;
import com.azure.core.util.serializer.SerializerEncoding;
import com.azure.resourcemanager.security.models.GovernanceRuleEmailNotification;
import com.azure.resourcemanager.security.models.GovernanceRuleOwnerSource;
import com.azure.resourcemanager.security.models.GovernanceRuleOwnerSourceType;
import com.azure.resourcemanager.security.models.GovernanceRuleSourceResourceType;
import com.azure.resourcemanager.security.models.GovernanceRuleType;
import java.io.IOException;
import java.util.Arrays;
/**
* Samples for GovernanceRules CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/
* PutManagementGroupGovernanceRule_example.json
*/
/**
* Sample code: Create or update governance rule over management group scope.
*
* @param manager Entry point to SecurityManager.
*/
public static void createOrUpdateGovernanceRuleOverManagementGroupScope(
com.azure.resourcemanager.security.SecurityManager manager) throws IOException {
manager.governanceRules().define("ad9a8e26-29d9-4829-bb30-e597a58cdbb8")
.withExistingScope("providers/Microsoft.Management/managementGroups/contoso")
.withDisplayName("Management group rule").withDescription("A rule for a management group")
.withRemediationTimeframe("7.00:00:00").withIsGracePeriod(true).withRulePriority(200).withIsDisabled(false)
.withRuleType(GovernanceRuleType.INTEGRATED)
.withSourceResourceType(GovernanceRuleSourceResourceType.ASSESSMENTS)
.withExcludedScopes(Arrays.asList("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23"))
.withConditionSets(Arrays.asList(SerializerFactory.createDefaultManagementSerializerAdapter().deserialize(
"{\"conditions\":[{\"operator\":\"In\",\"property\":\"$.AssessmentKey\",\"value\":\"[\\\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\\\", \\\"fe83f80b-073d-4ccf-93d9-6797eb870201\\\"]\"}]}",
Object.class, SerializerEncoding.JSON)))
.withOwnerSource(new GovernanceRuleOwnerSource().withType(GovernanceRuleOwnerSourceType.MANUALLY)
.withValue("user@contoso.com"))
.withGovernanceEmailNotification(new GovernanceRuleEmailNotification()
.withDisableManagerEmailNotification(true).withDisableOwnerEmailNotification(false))
.create();
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armsecurity_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/PutManagementGroupGovernanceRule_example.json
func ExampleGovernanceRulesClient_CreateOrUpdate_createOrUpdateGovernanceRuleOverManagementGroupScope() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewGovernanceRulesClient().CreateOrUpdate(ctx, "providers/Microsoft.Management/managementGroups/contoso", "ad9a8e26-29d9-4829-bb30-e597a58cdbb8", armsecurity.GovernanceRule{
Properties: &armsecurity.GovernanceRuleProperties{
Description: to.Ptr("A rule for a management group"),
ConditionSets: []any{
map[string]any{
"conditions": []any{
map[string]any{
"operator": "In",
"property": "$.AssessmentKey",
"value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
},
},
}},
DisplayName: to.Ptr("Management group rule"),
ExcludedScopes: []*string{
to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23")},
GovernanceEmailNotification: &armsecurity.GovernanceRuleEmailNotification{
DisableManagerEmailNotification: to.Ptr(true),
DisableOwnerEmailNotification: to.Ptr(false),
},
IsDisabled: to.Ptr(false),
IsGracePeriod: to.Ptr(true),
OwnerSource: &armsecurity.GovernanceRuleOwnerSource{
Type: to.Ptr(armsecurity.GovernanceRuleOwnerSourceTypeManually),
Value: to.Ptr("user@contoso.com"),
},
RemediationTimeframe: to.Ptr("7.00:00:00"),
RulePriority: to.Ptr[int32](200),
RuleType: to.Ptr(armsecurity.GovernanceRuleTypeIntegrated),
SourceResourceType: to.Ptr(armsecurity.GovernanceRuleSourceResourceTypeAssessments),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.GovernanceRule = armsecurity.GovernanceRule{
// Name: to.Ptr("ad9a8e26-29d9-4829-bb30-e597a58cdbb8"),
// Type: to.Ptr("Microsoft.Security/governanceRules"),
// ID: to.Ptr("providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8"),
// Properties: &armsecurity.GovernanceRuleProperties{
// Description: to.Ptr("A rule for a management group"),
// ConditionSets: []any{
// map[string]any{
// "conditions":[]any{
// map[string]any{
// "operator": "In",
// "property": "$.AssessmentKey",
// "value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
// },
// },
// }},
// DisplayName: to.Ptr("Management group rule"),
// ExcludedScopes: []*string{
// to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23")},
// GovernanceEmailNotification: &armsecurity.GovernanceRuleEmailNotification{
// DisableManagerEmailNotification: to.Ptr(true),
// DisableOwnerEmailNotification: to.Ptr(false),
// },
// IncludeMemberScopes: to.Ptr(false),
// IsDisabled: to.Ptr(false),
// IsGracePeriod: to.Ptr(true),
// Metadata: &armsecurity.GovernanceRuleMetadata{
// CreatedBy: to.Ptr("c23b5354-ff0a-4b2a-9f92-6f144effd936"),
// CreatedOn: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-11-10T08:31:26.799Z"); return t}()),
// UpdatedBy: to.Ptr("c23b5354-ff0a-4b2a-9f92-6f144effd936"),
// UpdatedOn: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-11-10T08:31:26.799Z"); return t}()),
// },
// OwnerSource: &armsecurity.GovernanceRuleOwnerSource{
// Type: to.Ptr(armsecurity.GovernanceRuleOwnerSourceTypeManually),
// Value: to.Ptr("user@contoso.com"),
// },
// RemediationTimeframe: to.Ptr("7.00:00:00"),
// RulePriority: to.Ptr[int32](200),
// RuleType: to.Ptr(armsecurity.GovernanceRuleTypeIntegrated),
// SourceResourceType: to.Ptr(armsecurity.GovernanceRuleSourceResourceTypeAssessments),
// TenantID: to.Ptr("f0b6d37b-e4bc-4719-9291-c066c3194f23"),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Creates or updates a governance rule over a given scope
*
* @summary Creates or updates a governance rule over a given scope
* x-ms-original-file: specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/PutManagementGroupGovernanceRule_example.json
*/
async function createOrUpdateGovernanceRuleOverManagementGroupScope() {
const scope = "providers/Microsoft.Management/managementGroups/contoso";
const ruleId = "ad9a8e26-29d9-4829-bb30-e597a58cdbb8";
const governanceRule = {
description: "A rule for a management group",
conditionSets: [
{
conditions: [
{
operator: "In",
property: "$.AssessmentKey",
value:
'["b1cd27e0-4ecc-4246-939f-49c426d9d72f", "fe83f80b-073d-4ccf-93d9-6797eb870201"]',
},
],
},
],
displayName: "Management group rule",
excludedScopes: ["/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23"],
governanceEmailNotification: {
disableManagerEmailNotification: true,
disableOwnerEmailNotification: false,
},
isDisabled: false,
isGracePeriod: true,
ownerSource: { type: "Manually", value: "user@contoso.com" },
remediationTimeframe: "7.00:00:00",
rulePriority: 200,
ruleType: "Integrated",
sourceResourceType: "Assessments",
};
const credential = new DefaultAzureCredential();
const client = new SecurityCenter(credential);
const result = await client.governanceRules.createOrUpdate(scope, ruleId, governanceRule);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using System;
using System.Collections.Generic;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.SecurityCenter;
using Azure.ResourceManager.SecurityCenter.Models;
// Generated from example definition: specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/PutManagementGroupGovernanceRule_example.json
// this example is just showing the usage of "GovernanceRules_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this GovernanceRuleResource created on azure
// for more information of creating GovernanceRuleResource, please refer to the document of GovernanceRuleResource
string scope = "providers/Microsoft.Management/managementGroups/contoso";
string ruleId = "ad9a8e26-29d9-4829-bb30-e597a58cdbb8";
ResourceIdentifier governanceRuleResourceId = GovernanceRuleResource.CreateResourceIdentifier(scope, ruleId);
GovernanceRuleResource governanceRule = client.GetGovernanceRuleResource(governanceRuleResourceId);
// invoke the operation
GovernanceRuleData data = new GovernanceRuleData()
{
DisplayName = "Management group rule",
Description = "A rule for a management group",
RemediationTimeframe = "7.00:00:00",
IsGracePeriod = true,
RulePriority = 200,
IsDisabled = false,
RuleType = GovernanceRuleType.Integrated,
SourceResourceType = GovernanceRuleSourceResourceType.Assessments,
ExcludedScopes =
{
"/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23"
},
ConditionSets =
{
BinaryData.FromObjectAsJson(new Dictionary<string, object>()
{
["conditions"] = new object[] { new Dictionary<string, object>()
{
["operator"] = "In",
["property"] = "$.AssessmentKey",
["value"] = "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]"} }})
},
OwnerSource = new GovernanceRuleOwnerSource()
{
SourceType = GovernanceRuleOwnerSourceType.Manually,
Value = "user@contoso.com",
},
GovernanceEmailNotification = new GovernanceRuleEmailNotification()
{
IsManagerEmailNotificationDisabled = true,
IsOwnerEmailNotificationDisabled = false,
},
};
ArmOperation<GovernanceRuleResource> lro = await governanceRule.UpdateAsync(WaitUntil.Completed, data);
GovernanceRuleResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
GovernanceRuleData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample response
{
"id": "providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
"name": "ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
"type": "Microsoft.Security/governanceRules",
"properties": {
"tenantId": "f0b6d37b-e4bc-4719-9291-c066c3194f23",
"displayName": "Management group rule",
"description": "A rule for a management group",
"remediationTimeframe": "7.00:00:00",
"isGracePeriod": true,
"rulePriority": 200,
"isDisabled": false,
"ruleType": "Integrated",
"sourceResourceType": "Assessments",
"conditionSets": [
{
"conditions": [
{
"property": "$.AssessmentKey",
"value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
"operator": "In"
}
]
}
],
"ownerSource": {
"type": "Manually",
"value": "user@contoso.com"
},
"governanceEmailNotification": {
"disableManagerEmailNotification": true,
"disableOwnerEmailNotification": false
},
"excludedScopes": [
"/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23"
],
"includeMemberScopes": false,
"metadata": {
"createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"createdOn": "2022-11-10T08:31:26.7993124Z",
"updatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"updatedOn": "2022-11-10T08:31:26.7993124Z"
}
}
}
{
"id": "providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
"name": "ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
"type": "Microsoft.Security/governanceRules",
"properties": {
"tenantId": "f0b6d37b-e4bc-4719-9291-c066c3194f23",
"displayName": "Management group rule",
"description": "A rule for a management group",
"remediationTimeframe": "7.00:00:00",
"isGracePeriod": true,
"rulePriority": 200,
"isDisabled": false,
"ruleType": "Integrated",
"sourceResourceType": "Assessments",
"conditionSets": [
{
"conditions": [
{
"property": "$.AssessmentKey",
"value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
"operator": "In"
}
]
}
],
"ownerSource": {
"type": "Manually",
"value": "user@contoso.com"
},
"governanceEmailNotification": {
"disableManagerEmailNotification": true,
"disableOwnerEmailNotification": false
},
"excludedScopes": [
"/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23"
],
"includeMemberScopes": false,
"metadata": {
"createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"createdOn": "2022-11-10T08:31:26.7993124Z",
"updatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"updatedOn": "2022-11-10T08:31:26.7993124Z"
}
}
}
Create or update governance rule over security connector scope
Sample request
PUT https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8?api-version=2022-01-01-preview
{
"properties": {
"displayName": "GCP Admin's rule",
"description": "A rule on critical GCP recommendations",
"remediationTimeframe": "7.00:00:00",
"isGracePeriod": true,
"rulePriority": 200,
"isDisabled": false,
"ruleType": "Integrated",
"sourceResourceType": "Assessments",
"conditionSets": [
{
"conditions": [
{
"property": "$.AssessmentKey",
"value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
"operator": "In"
}
]
}
],
"ownerSource": {
"type": "Manually",
"value": "user@contoso.com"
},
"governanceEmailNotification": {
"disableManagerEmailNotification": true,
"disableOwnerEmailNotification": false
}
}
}
import com.azure.core.management.serializer.SerializerFactory;
import com.azure.core.util.serializer.SerializerEncoding;
import com.azure.resourcemanager.security.models.GovernanceRuleEmailNotification;
import com.azure.resourcemanager.security.models.GovernanceRuleOwnerSource;
import com.azure.resourcemanager.security.models.GovernanceRuleOwnerSourceType;
import com.azure.resourcemanager.security.models.GovernanceRuleSourceResourceType;
import com.azure.resourcemanager.security.models.GovernanceRuleType;
import java.io.IOException;
import java.util.Arrays;
/**
* Samples for GovernanceRules CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/
* PutSecurityConnectorGovernanceRule_example.json
*/
/**
* Sample code: Create or update governance rule over security connector scope.
*
* @param manager Entry point to SecurityManager.
*/
public static void createOrUpdateGovernanceRuleOverSecurityConnectorScope(
com.azure.resourcemanager.security.SecurityManager manager) throws IOException {
manager.governanceRules().define("ad9a8e26-29d9-4829-bb30-e597a58cdbb8").withExistingScope(
"subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector")
.withDisplayName("GCP Admin's rule").withDescription("A rule on critical GCP recommendations")
.withRemediationTimeframe("7.00:00:00").withIsGracePeriod(true).withRulePriority(200).withIsDisabled(false)
.withRuleType(GovernanceRuleType.INTEGRATED)
.withSourceResourceType(GovernanceRuleSourceResourceType.ASSESSMENTS)
.withConditionSets(Arrays.asList(SerializerFactory.createDefaultManagementSerializerAdapter().deserialize(
"{\"conditions\":[{\"operator\":\"In\",\"property\":\"$.AssessmentKey\",\"value\":\"[\\\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\\\", \\\"fe83f80b-073d-4ccf-93d9-6797eb870201\\\"]\"}]}",
Object.class, SerializerEncoding.JSON)))
.withOwnerSource(new GovernanceRuleOwnerSource().withType(GovernanceRuleOwnerSourceType.MANUALLY)
.withValue("user@contoso.com"))
.withGovernanceEmailNotification(new GovernanceRuleEmailNotification()
.withDisableManagerEmailNotification(true).withDisableOwnerEmailNotification(false))
.create();
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armsecurity_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/PutSecurityConnectorGovernanceRule_example.json
func ExampleGovernanceRulesClient_CreateOrUpdate_createOrUpdateGovernanceRuleOverSecurityConnectorScope() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewGovernanceRulesClient().CreateOrUpdate(ctx, "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector", "ad9a8e26-29d9-4829-bb30-e597a58cdbb8", armsecurity.GovernanceRule{
Properties: &armsecurity.GovernanceRuleProperties{
Description: to.Ptr("A rule on critical GCP recommendations"),
ConditionSets: []any{
map[string]any{
"conditions": []any{
map[string]any{
"operator": "In",
"property": "$.AssessmentKey",
"value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
},
},
}},
DisplayName: to.Ptr("GCP Admin's rule"),
GovernanceEmailNotification: &armsecurity.GovernanceRuleEmailNotification{
DisableManagerEmailNotification: to.Ptr(true),
DisableOwnerEmailNotification: to.Ptr(false),
},
IsDisabled: to.Ptr(false),
IsGracePeriod: to.Ptr(true),
OwnerSource: &armsecurity.GovernanceRuleOwnerSource{
Type: to.Ptr(armsecurity.GovernanceRuleOwnerSourceTypeManually),
Value: to.Ptr("user@contoso.com"),
},
RemediationTimeframe: to.Ptr("7.00:00:00"),
RulePriority: to.Ptr[int32](200),
RuleType: to.Ptr(armsecurity.GovernanceRuleTypeIntegrated),
SourceResourceType: to.Ptr(armsecurity.GovernanceRuleSourceResourceTypeAssessments),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.GovernanceRule = armsecurity.GovernanceRule{
// Name: to.Ptr("ad9a8e26-29d9-4829-bb30-e597a58cdbb8"),
// Type: to.Ptr("Microsoft.Security/governanceRules"),
// ID: to.Ptr("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8"),
// Properties: &armsecurity.GovernanceRuleProperties{
// Description: to.Ptr("A rule on critical GCP recommendations"),
// ConditionSets: []any{
// map[string]any{
// "conditions":[]any{
// map[string]any{
// "operator": "In",
// "property": "$.AssessmentKey",
// "value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
// },
// },
// }},
// DisplayName: to.Ptr("GCP Admin's rule"),
// ExcludedScopes: []*string{
// },
// GovernanceEmailNotification: &armsecurity.GovernanceRuleEmailNotification{
// DisableManagerEmailNotification: to.Ptr(true),
// DisableOwnerEmailNotification: to.Ptr(false),
// },
// IncludeMemberScopes: to.Ptr(false),
// IsDisabled: to.Ptr(false),
// IsGracePeriod: to.Ptr(true),
// Metadata: &armsecurity.GovernanceRuleMetadata{
// CreatedBy: to.Ptr("c23b5354-ff0a-4b2a-9f92-6f144effd936"),
// CreatedOn: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-11-10T08:31:26.799Z"); return t}()),
// UpdatedBy: to.Ptr("c23b5354-ff0a-4b2a-9f92-6f144effd936"),
// UpdatedOn: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-11-10T08:31:26.799Z"); return t}()),
// },
// OwnerSource: &armsecurity.GovernanceRuleOwnerSource{
// Type: to.Ptr(armsecurity.GovernanceRuleOwnerSourceTypeManually),
// Value: to.Ptr("user@contoso.com"),
// },
// RemediationTimeframe: to.Ptr("7.00:00:00"),
// RulePriority: to.Ptr[int32](200),
// RuleType: to.Ptr(armsecurity.GovernanceRuleTypeIntegrated),
// SourceResourceType: to.Ptr(armsecurity.GovernanceRuleSourceResourceTypeAssessments),
// TenantID: to.Ptr("f0b6d37b-e4bc-4719-9291-c066c3194f23"),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Creates or updates a governance rule over a given scope
*
* @summary Creates or updates a governance rule over a given scope
* x-ms-original-file: specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/PutSecurityConnectorGovernanceRule_example.json
*/
async function createOrUpdateGovernanceRuleOverSecurityConnectorScope() {
const scope =
"subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector";
const ruleId = "ad9a8e26-29d9-4829-bb30-e597a58cdbb8";
const governanceRule = {
description: "A rule on critical GCP recommendations",
conditionSets: [
{
conditions: [
{
operator: "In",
property: "$.AssessmentKey",
value:
'["b1cd27e0-4ecc-4246-939f-49c426d9d72f", "fe83f80b-073d-4ccf-93d9-6797eb870201"]',
},
],
},
],
displayName: "GCP Admin's rule",
governanceEmailNotification: {
disableManagerEmailNotification: true,
disableOwnerEmailNotification: false,
},
isDisabled: false,
isGracePeriod: true,
ownerSource: { type: "Manually", value: "user@contoso.com" },
remediationTimeframe: "7.00:00:00",
rulePriority: 200,
ruleType: "Integrated",
sourceResourceType: "Assessments",
};
const credential = new DefaultAzureCredential();
const client = new SecurityCenter(credential);
const result = await client.governanceRules.createOrUpdate(scope, ruleId, governanceRule);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using System;
using System.Collections.Generic;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.SecurityCenter;
using Azure.ResourceManager.SecurityCenter.Models;
// Generated from example definition: specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/PutSecurityConnectorGovernanceRule_example.json
// this example is just showing the usage of "GovernanceRules_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this GovernanceRuleResource created on azure
// for more information of creating GovernanceRuleResource, please refer to the document of GovernanceRuleResource
string scope = "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector";
string ruleId = "ad9a8e26-29d9-4829-bb30-e597a58cdbb8";
ResourceIdentifier governanceRuleResourceId = GovernanceRuleResource.CreateResourceIdentifier(scope, ruleId);
GovernanceRuleResource governanceRule = client.GetGovernanceRuleResource(governanceRuleResourceId);
// invoke the operation
GovernanceRuleData data = new GovernanceRuleData()
{
DisplayName = "GCP Admin's rule",
Description = "A rule on critical GCP recommendations",
RemediationTimeframe = "7.00:00:00",
IsGracePeriod = true,
RulePriority = 200,
IsDisabled = false,
RuleType = GovernanceRuleType.Integrated,
SourceResourceType = GovernanceRuleSourceResourceType.Assessments,
ConditionSets =
{
BinaryData.FromObjectAsJson(new Dictionary<string, object>()
{
["conditions"] = new object[] { new Dictionary<string, object>()
{
["operator"] = "In",
["property"] = "$.AssessmentKey",
["value"] = "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]"} }})
},
OwnerSource = new GovernanceRuleOwnerSource()
{
SourceType = GovernanceRuleOwnerSourceType.Manually,
Value = "user@contoso.com",
},
GovernanceEmailNotification = new GovernanceRuleEmailNotification()
{
IsManagerEmailNotificationDisabled = true,
IsOwnerEmailNotificationDisabled = false,
},
};
ArmOperation<GovernanceRuleResource> lro = await governanceRule.UpdateAsync(WaitUntil.Completed, data);
GovernanceRuleResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
GovernanceRuleData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample response
{
"id": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
"name": "ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
"type": "Microsoft.Security/governanceRules",
"properties": {
"tenantId": "f0b6d37b-e4bc-4719-9291-c066c3194f23",
"displayName": "GCP Admin's rule",
"description": "A rule on critical GCP recommendations",
"remediationTimeframe": "7.00:00:00",
"isGracePeriod": true,
"rulePriority": 200,
"isDisabled": false,
"ruleType": "Integrated",
"sourceResourceType": "Assessments",
"conditionSets": [
{
"conditions": [
{
"property": "$.AssessmentKey",
"value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
"operator": "In"
}
]
}
],
"ownerSource": {
"type": "Manually",
"value": "user@contoso.com"
},
"governanceEmailNotification": {
"disableManagerEmailNotification": true,
"disableOwnerEmailNotification": false
},
"excludedScopes": [],
"includeMemberScopes": false,
"metadata": {
"createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"createdOn": "2022-11-10T08:31:26.7993124Z",
"updatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"updatedOn": "2022-11-10T08:31:26.7993124Z"
}
}
}
{
"id": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
"name": "ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
"type": "Microsoft.Security/governanceRules",
"properties": {
"displayName": "GCP Admin's rule",
"description": "A rule on critical GCP recommendations",
"remediationTimeframe": "7.00:00:00",
"isGracePeriod": true,
"rulePriority": 200,
"isDisabled": false,
"ruleType": "Integrated",
"sourceResourceType": "Assessments",
"conditionSets": [
{
"conditions": [
{
"property": "$.AssessmentKey",
"value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
"operator": "In"
}
]
}
],
"ownerSource": {
"type": "Manually",
"value": "user@contoso.com"
},
"governanceEmailNotification": {
"disableManagerEmailNotification": true,
"disableOwnerEmailNotification": false
},
"excludedScopes": [],
"includeMemberScopes": false,
"metadata": {
"createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"createdOn": "2022-11-10T08:31:26.7993124Z",
"updatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"updatedOn": "2022-11-10T08:31:26.7993124Z"
}
}
}
Create or update governance rule over subscription scope
Sample request
PUT https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8?api-version=2022-01-01-preview
{
"properties": {
"displayName": "Admin's rule",
"description": "A rule for critical recommendations",
"remediationTimeframe": "7.00:00:00",
"isGracePeriod": true,
"rulePriority": 200,
"isDisabled": false,
"ruleType": "Integrated",
"sourceResourceType": "Assessments",
"conditionSets": [
{
"conditions": [
{
"property": "$.AssessmentKey",
"value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
"operator": "In"
}
]
}
],
"ownerSource": {
"type": "Manually",
"value": "user@contoso.com"
},
"governanceEmailNotification": {
"disableManagerEmailNotification": false,
"disableOwnerEmailNotification": false
}
}
}
import com.azure.core.management.serializer.SerializerFactory;
import com.azure.core.util.serializer.SerializerEncoding;
import com.azure.resourcemanager.security.models.GovernanceRuleEmailNotification;
import com.azure.resourcemanager.security.models.GovernanceRuleOwnerSource;
import com.azure.resourcemanager.security.models.GovernanceRuleOwnerSourceType;
import com.azure.resourcemanager.security.models.GovernanceRuleSourceResourceType;
import com.azure.resourcemanager.security.models.GovernanceRuleType;
import java.io.IOException;
import java.util.Arrays;
/**
* Samples for GovernanceRules CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/
* PutGovernanceRule_example.json
*/
/**
* Sample code: Create or update governance rule over subscription scope.
*
* @param manager Entry point to SecurityManager.
*/
public static void createOrUpdateGovernanceRuleOverSubscriptionScope(
com.azure.resourcemanager.security.SecurityManager manager) throws IOException {
manager.governanceRules().define("ad9a8e26-29d9-4829-bb30-e597a58cdbb8")
.withExistingScope("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23").withDisplayName("Admin's rule")
.withDescription("A rule for critical recommendations").withRemediationTimeframe("7.00:00:00")
.withIsGracePeriod(true).withRulePriority(200).withIsDisabled(false)
.withRuleType(GovernanceRuleType.INTEGRATED)
.withSourceResourceType(GovernanceRuleSourceResourceType.ASSESSMENTS)
.withConditionSets(Arrays.asList(SerializerFactory.createDefaultManagementSerializerAdapter().deserialize(
"{\"conditions\":[{\"operator\":\"In\",\"property\":\"$.AssessmentKey\",\"value\":\"[\\\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\\\", \\\"fe83f80b-073d-4ccf-93d9-6797eb870201\\\"]\"}]}",
Object.class, SerializerEncoding.JSON)))
.withOwnerSource(new GovernanceRuleOwnerSource().withType(GovernanceRuleOwnerSourceType.MANUALLY)
.withValue("user@contoso.com"))
.withGovernanceEmailNotification(new GovernanceRuleEmailNotification()
.withDisableManagerEmailNotification(false).withDisableOwnerEmailNotification(false))
.create();
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armsecurity_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/PutGovernanceRule_example.json
func ExampleGovernanceRulesClient_CreateOrUpdate_createOrUpdateGovernanceRuleOverSubscriptionScope() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewGovernanceRulesClient().CreateOrUpdate(ctx, "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23", "ad9a8e26-29d9-4829-bb30-e597a58cdbb8", armsecurity.GovernanceRule{
Properties: &armsecurity.GovernanceRuleProperties{
Description: to.Ptr("A rule for critical recommendations"),
ConditionSets: []any{
map[string]any{
"conditions": []any{
map[string]any{
"operator": "In",
"property": "$.AssessmentKey",
"value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
},
},
}},
DisplayName: to.Ptr("Admin's rule"),
GovernanceEmailNotification: &armsecurity.GovernanceRuleEmailNotification{
DisableManagerEmailNotification: to.Ptr(false),
DisableOwnerEmailNotification: to.Ptr(false),
},
IsDisabled: to.Ptr(false),
IsGracePeriod: to.Ptr(true),
OwnerSource: &armsecurity.GovernanceRuleOwnerSource{
Type: to.Ptr(armsecurity.GovernanceRuleOwnerSourceTypeManually),
Value: to.Ptr("user@contoso.com"),
},
RemediationTimeframe: to.Ptr("7.00:00:00"),
RulePriority: to.Ptr[int32](200),
RuleType: to.Ptr(armsecurity.GovernanceRuleTypeIntegrated),
SourceResourceType: to.Ptr(armsecurity.GovernanceRuleSourceResourceTypeAssessments),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.GovernanceRule = armsecurity.GovernanceRule{
// Name: to.Ptr("ad9a8e26-29d9-4829-bb30-e597a58cdbb8"),
// Type: to.Ptr("Microsoft.Security/governanceRules"),
// ID: to.Ptr("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8"),
// Properties: &armsecurity.GovernanceRuleProperties{
// Description: to.Ptr("A rule for critical recommendations"),
// ConditionSets: []any{
// map[string]any{
// "conditions":[]any{
// map[string]any{
// "operator": "In",
// "property": "$.AssessmentKey",
// "value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
// },
// },
// }},
// DisplayName: to.Ptr("Admin's rule"),
// ExcludedScopes: []*string{
// },
// GovernanceEmailNotification: &armsecurity.GovernanceRuleEmailNotification{
// DisableManagerEmailNotification: to.Ptr(false),
// DisableOwnerEmailNotification: to.Ptr(false),
// },
// IncludeMemberScopes: to.Ptr(false),
// IsDisabled: to.Ptr(false),
// IsGracePeriod: to.Ptr(true),
// Metadata: &armsecurity.GovernanceRuleMetadata{
// CreatedBy: to.Ptr("c23b5354-ff0a-4b2a-9f92-6f144effd936"),
// CreatedOn: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-11-10T08:31:26.799Z"); return t}()),
// UpdatedBy: to.Ptr("c23b5354-ff0a-4b2a-9f92-6f144effd936"),
// UpdatedOn: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-11-10T08:31:26.799Z"); return t}()),
// },
// OwnerSource: &armsecurity.GovernanceRuleOwnerSource{
// Type: to.Ptr(armsecurity.GovernanceRuleOwnerSourceTypeManually),
// Value: to.Ptr("user@contoso.com"),
// },
// RemediationTimeframe: to.Ptr("7.00:00:00"),
// RulePriority: to.Ptr[int32](200),
// RuleType: to.Ptr(armsecurity.GovernanceRuleTypeIntegrated),
// SourceResourceType: to.Ptr(armsecurity.GovernanceRuleSourceResourceTypeAssessments),
// TenantID: to.Ptr("f0b6d37b-e4bc-4719-9291-c066c3194f23"),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Creates or updates a governance rule over a given scope
*
* @summary Creates or updates a governance rule over a given scope
* x-ms-original-file: specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/PutGovernanceRule_example.json
*/
async function createOrUpdateGovernanceRuleOverSubscriptionScope() {
const scope = "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23";
const ruleId = "ad9a8e26-29d9-4829-bb30-e597a58cdbb8";
const governanceRule = {
description: "A rule for critical recommendations",
conditionSets: [
{
conditions: [
{
operator: "In",
property: "$.AssessmentKey",
value:
'["b1cd27e0-4ecc-4246-939f-49c426d9d72f", "fe83f80b-073d-4ccf-93d9-6797eb870201"]',
},
],
},
],
displayName: "Admin's rule",
governanceEmailNotification: {
disableManagerEmailNotification: false,
disableOwnerEmailNotification: false,
},
isDisabled: false,
isGracePeriod: true,
ownerSource: { type: "Manually", value: "user@contoso.com" },
remediationTimeframe: "7.00:00:00",
rulePriority: 200,
ruleType: "Integrated",
sourceResourceType: "Assessments",
};
const credential = new DefaultAzureCredential();
const client = new SecurityCenter(credential);
const result = await client.governanceRules.createOrUpdate(scope, ruleId, governanceRule);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using System;
using System.Collections.Generic;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.SecurityCenter;
using Azure.ResourceManager.SecurityCenter.Models;
// Generated from example definition: specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/PutGovernanceRule_example.json
// this example is just showing the usage of "GovernanceRules_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this GovernanceRuleResource created on azure
// for more information of creating GovernanceRuleResource, please refer to the document of GovernanceRuleResource
string scope = "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23";
string ruleId = "ad9a8e26-29d9-4829-bb30-e597a58cdbb8";
ResourceIdentifier governanceRuleResourceId = GovernanceRuleResource.CreateResourceIdentifier(scope, ruleId);
GovernanceRuleResource governanceRule = client.GetGovernanceRuleResource(governanceRuleResourceId);
// invoke the operation
GovernanceRuleData data = new GovernanceRuleData()
{
DisplayName = "Admin's rule",
Description = "A rule for critical recommendations",
RemediationTimeframe = "7.00:00:00",
IsGracePeriod = true,
RulePriority = 200,
IsDisabled = false,
RuleType = GovernanceRuleType.Integrated,
SourceResourceType = GovernanceRuleSourceResourceType.Assessments,
ConditionSets =
{
BinaryData.FromObjectAsJson(new Dictionary<string, object>()
{
["conditions"] = new object[] { new Dictionary<string, object>()
{
["operator"] = "In",
["property"] = "$.AssessmentKey",
["value"] = "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]"} }})
},
OwnerSource = new GovernanceRuleOwnerSource()
{
SourceType = GovernanceRuleOwnerSourceType.Manually,
Value = "user@contoso.com",
},
GovernanceEmailNotification = new GovernanceRuleEmailNotification()
{
IsManagerEmailNotificationDisabled = false,
IsOwnerEmailNotificationDisabled = false,
},
};
ArmOperation<GovernanceRuleResource> lro = await governanceRule.UpdateAsync(WaitUntil.Completed, data);
GovernanceRuleResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
GovernanceRuleData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample response
{
"id": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
"name": "ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
"type": "Microsoft.Security/governanceRules",
"properties": {
"tenantId": "f0b6d37b-e4bc-4719-9291-c066c3194f23",
"displayName": "Admin's rule",
"description": "A rule for critical recommendations",
"remediationTimeframe": "7.00:00:00",
"isGracePeriod": true,
"rulePriority": 200,
"isDisabled": false,
"ruleType": "Integrated",
"sourceResourceType": "Assessments",
"conditionSets": [
{
"conditions": [
{
"property": "$.AssessmentKey",
"value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
"operator": "In"
}
]
}
],
"ownerSource": {
"type": "Manually",
"value": "user@contoso.com"
},
"governanceEmailNotification": {
"disableManagerEmailNotification": false,
"disableOwnerEmailNotification": false
},
"excludedScopes": [],
"includeMemberScopes": false,
"metadata": {
"createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"createdOn": "2022-11-10T08:31:26.7993124Z",
"updatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"updatedOn": "2022-11-10T08:31:26.7993124Z"
}
}
}
{
"id": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
"name": "ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
"type": "Microsoft.Security/governanceRules",
"properties": {
"tenantId": "f0b6d37b-e4bc-4719-9291-c066c3194f23",
"displayName": "Admin's rule",
"description": "A rule for critical recommendations",
"remediationTimeframe": "7.00:00:00",
"isGracePeriod": true,
"rulePriority": 200,
"isDisabled": false,
"ruleType": "Integrated",
"sourceResourceType": "Assessments",
"conditionSets": [
{
"conditions": [
{
"property": "$.AssessmentKey",
"value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
"operator": "In"
}
]
}
],
"ownerSource": {
"type": "Manually",
"value": "user@contoso.com"
},
"governanceEmailNotification": {
"disableManagerEmailNotification": false,
"disableOwnerEmailNotification": false
},
"excludedScopes": [],
"includeMemberScopes": false,
"metadata": {
"createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"createdOn": "2022-11-10T08:31:26.7993124Z",
"updatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"updatedOn": "2022-11-10T08:31:26.7993124Z"
}
}
}
Definitions
CloudError
Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.).
| Name |
Type |
Description |
|
error.additionalInfo
|
ErrorAdditionalInfo[]
|
The error additional info.
|
|
error.code
|
string
|
The error code.
|
|
error.details
|
CloudErrorBody[]
|
The error details.
|
|
error.message
|
string
|
The error message.
|
|
error.target
|
string
|
The error target.
|
CloudErrorBody
The error detail.
| Name |
Type |
Description |
|
additionalInfo
|
ErrorAdditionalInfo[]
|
The error additional info.
|
|
code
|
string
|
The error code.
|
|
details
|
CloudErrorBody[]
|
The error details.
|
|
message
|
string
|
The error message.
|
|
target
|
string
|
The error target.
|
Condition
Governance rule's condition
| Name |
Type |
Description |
|
operator
|
GovernanceRuleConditionOperator
|
The governance rule Condition's Operator, for example Equals for severity or In for list of assessments, see examples
|
|
property
|
string
|
The governance rule Condition's Property, e.g. Severity or AssessmentKey, see examples
|
|
value
|
string
|
The governance rule Condition's Value like severity Low, High or assessments keys, see examples
|
ErrorAdditionalInfo
The resource management error additional info.
| Name |
Type |
Description |
|
info
|
object
|
The additional info.
|
|
type
|
string
|
The additional info type.
|
GovernanceRule
Governance rule over a given scope
| Name |
Type |
Description |
|
id
|
string
|
Resource Id
|
|
name
|
string
|
Resource name
|
|
properties.conditionSets
|
Condition[]
|
The governance rule conditionSets - see examples
|
|
properties.description
|
string
|
Description of the governance rule
|
|
properties.displayName
|
string
|
Display name of the governance rule
|
|
properties.excludedScopes
|
string[]
|
Excluded scopes, filter out the descendants of the scope (on management scopes)
|
|
properties.governanceEmailNotification
|
GovernanceRuleEmailNotification
|
The email notifications settings for the governance rule, states whether to disable notifications for mangers and owners
|
|
properties.includeMemberScopes
|
boolean
|
Defines whether the rule is management scope rule (master connector as a single scope or management scope)
|
|
properties.isDisabled
|
boolean
|
Defines whether the rule is active/inactive
|
|
properties.isGracePeriod
|
boolean
|
Defines whether there is a grace period on the governance rule
|
|
properties.metadata
|
GovernanceRuleMetadata
|
The governance rule metadata
|
|
properties.ownerSource
|
GovernanceRuleOwnerSource
|
The owner source for the governance rule - e.g. Manually by user@contoso.com - see example
|
|
properties.remediationTimeframe
|
string
|
Governance rule remediation timeframe - this is the time that will affect on the grace-period duration e.g. 7.00:00:00 - means 7 days
|
|
properties.rulePriority
|
integer
|
The governance rule priority, priority to the lower number. Rules with the same priority on the same scope will not be allowed
|
|
properties.ruleType
|
GovernanceRuleType
|
The rule type of the governance rule, defines the source of the rule e.g. Integrated
|
|
properties.sourceResourceType
|
GovernanceRuleSourceResourceType
|
The governance rule source, what the rule affects, e.g. Assessments
|
|
properties.tenantId
|
string
|
The tenantId (GUID)
|
|
type
|
string
|
Resource type
|
GovernanceRuleConditionOperator
The governance rule Condition's Operator, for example Equals for severity or In for list of assessments, see examples
| Name |
Type |
Description |
|
Equals
|
string
|
Checks that the string value of the data defined in Property equals the given value - exact fit
|
|
In
|
string
|
Checks that the string value of the data defined in Property equals any of the given values (exact fit)
|
GovernanceRuleEmailNotification
The governance email weekly notification configuration
| Name |
Type |
Description |
|
disableManagerEmailNotification
|
boolean
|
Defines whether manager email notifications are disabled
|
|
disableOwnerEmailNotification
|
boolean
|
Defines whether owner email notifications are disabled
|
The governance rule metadata
| Name |
Type |
Description |
|
createdBy
|
string
|
Governance rule Created by object id (GUID)
|
|
createdOn
|
string
|
Governance rule creation date
|
|
updatedBy
|
string
|
Governance rule last updated by object id (GUID)
|
|
updatedOn
|
string
|
Governance rule last update date
|
GovernanceRuleOwnerSource
Describe the owner source of governance rule
| Name |
Type |
Description |
|
type
|
GovernanceRuleOwnerSourceType
|
The owner type for the governance rule owner source
|
|
value
|
string
|
The source value e.g. tag key like owner name or email address
|
GovernanceRuleOwnerSourceType
The owner type for the governance rule owner source
| Name |
Type |
Description |
|
ByTag
|
string
|
The rule source type defined using resource tag
|
|
Manually
|
string
|
The rule source type defined manually
|
GovernanceRuleSourceResourceType
The governance rule source, what the rule affects, e.g. Assessments
| Name |
Type |
Description |
|
Assessments
|
string
|
The source of the governance rule is assessments
|
GovernanceRuleType
The rule type of the governance rule, defines the source of the rule e.g. Integrated
| Name |
Type |
Description |
|
Integrated
|
string
|
The source of the rule type definition is integrated
|
|
ServiceNow
|
string
|
The source of the rule type definition is ServiceNow
|