Crea o aggiorna una regola di governance su un determinato ambito
PUT https://management.azure.com/{scope}/providers/Microsoft.Security/governanceRules/{ruleId}?api-version=2022-01-01-preview
Parametri dell'URI
| Nome |
In |
Necessario |
Tipo |
Descrizione |
|
ruleId
|
path |
True
|
string
|
Chiave della regola di governance- chiave univoca per la regola di governance standard (GUID)
|
|
scope
|
path |
True
|
string
|
Ambito delle regole di governance. Gli ambiti validi sono: gruppo di gestione (formato: 'providers/Microsoft.Management/managementGroups/{managementGroup}'), sottoscrizione (formato: 'subscriptions/{subscriptionId}') o connettore di sicurezza (formato: 'subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/securityConnectors/{securityConnectorName})'
|
|
api-version
|
query |
True
|
string
|
Versione dell'API per l'operazione
|
Corpo della richiesta
| Nome |
Necessario |
Tipo |
Descrizione |
|
properties.conditionSets
|
True
|
Condition[]
|
Set di condizioni della regola di governance: vedere gli esempi
|
|
properties.displayName
|
True
|
string
|
Nome visualizzato della regola di governance
|
|
properties.ownerSource
|
True
|
GovernanceRuleOwnerSource
|
Origine del proprietario per la regola di governance, ad esempio manualmente da user@contoso.com, vedere l'esempio
|
|
properties.rulePriority
|
True
|
integer
|
Priorità della regola di governance, priorità al numero inferiore. Le regole con la stessa priorità nello stesso ambito non saranno consentite
|
|
properties.ruleType
|
True
|
GovernanceRuleType
|
Il tipo di regola della regola di governance definisce l'origine della regola, ad esempio Integrato
|
|
properties.sourceResourceType
|
True
|
GovernanceRuleSourceResourceType
|
Origine della regola di governance, che cosa influisce la regola, ad esempio valutazioni
|
|
properties.description
|
|
string
|
Descrizione della regola di governance
|
|
properties.excludedScopes
|
|
string[]
|
Ambiti esclusi, filtrare i discendenti dell'ambito (negli ambiti di gestione)
|
|
properties.governanceEmailNotification
|
|
GovernanceRuleEmailNotification
|
Le impostazioni delle notifiche tramite posta elettronica per la regola di governance indicano se disabilitare le notifiche per i mangers e i proprietari
|
|
properties.includeMemberScopes
|
|
boolean
|
Definisce se la regola è regola di ambito di gestione (connettore master come ambito singolo o ambito di gestione)
|
|
properties.isDisabled
|
|
boolean
|
Definisce se la regola è attiva/inattiva
|
|
properties.isGracePeriod
|
|
boolean
|
Definisce se esiste un periodo di tolleranza per la regola di governance
|
|
properties.metadata
|
|
GovernanceRuleMetadata
|
Metadati delle regole di governance
|
|
properties.remediationTimeframe
|
|
string
|
Intervallo di tempo di correzione delle regole di governance: questo è il tempo che influirà sulla durata del periodo di tolleranza, ad esempio 7.00:00:00- significa 7 giorni
|
Risposte
| Nome |
Tipo |
Descrizione |
|
200 OK
|
GovernanceRule
|
OK - Aggiornato
|
|
201 Created
|
GovernanceRule
|
Creato
|
|
Other Status Codes
|
CloudError
|
Risposta di errore che descrive il motivo per cui l'operazione non è riuscita
|
Sicurezza
azure_auth
Flusso OAuth2 di Azure Active Directory
Tipo:
oauth2
Flow:
implicit
URL di autorizzazione:
https://login.microsoftonline.com/common/oauth2/authorize
Ambiti
| Nome |
Descrizione |
|
user_impersonation
|
rappresentare l'account utente
|
Esempio
Create or update governance rule over management group scope
Esempio di richiesta
PUT https://management.azure.com/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8?api-version=2022-01-01-preview
{
"properties": {
"displayName": "Management group rule",
"description": "A rule for a management group",
"remediationTimeframe": "7.00:00:00",
"isGracePeriod": true,
"rulePriority": 200,
"isDisabled": false,
"ruleType": "Integrated",
"sourceResourceType": "Assessments",
"conditionSets": [
{
"conditions": [
{
"property": "$.AssessmentKey",
"value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
"operator": "In"
}
]
}
],
"ownerSource": {
"type": "Manually",
"value": "user@contoso.com"
},
"governanceEmailNotification": {
"disableManagerEmailNotification": true,
"disableOwnerEmailNotification": false
},
"excludedScopes": [
"/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23"
]
}
}
import com.azure.core.management.serializer.SerializerFactory;
import com.azure.core.util.serializer.SerializerEncoding;
import com.azure.resourcemanager.security.models.GovernanceRuleEmailNotification;
import com.azure.resourcemanager.security.models.GovernanceRuleOwnerSource;
import com.azure.resourcemanager.security.models.GovernanceRuleOwnerSourceType;
import com.azure.resourcemanager.security.models.GovernanceRuleSourceResourceType;
import com.azure.resourcemanager.security.models.GovernanceRuleType;
import java.io.IOException;
import java.util.Arrays;
/**
* Samples for GovernanceRules CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/
* PutManagementGroupGovernanceRule_example.json
*/
/**
* Sample code: Create or update governance rule over management group scope.
*
* @param manager Entry point to SecurityManager.
*/
public static void createOrUpdateGovernanceRuleOverManagementGroupScope(
com.azure.resourcemanager.security.SecurityManager manager) throws IOException {
manager.governanceRules().define("ad9a8e26-29d9-4829-bb30-e597a58cdbb8")
.withExistingScope("providers/Microsoft.Management/managementGroups/contoso")
.withDisplayName("Management group rule").withDescription("A rule for a management group")
.withRemediationTimeframe("7.00:00:00").withIsGracePeriod(true).withRulePriority(200).withIsDisabled(false)
.withRuleType(GovernanceRuleType.INTEGRATED)
.withSourceResourceType(GovernanceRuleSourceResourceType.ASSESSMENTS)
.withExcludedScopes(Arrays.asList("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23"))
.withConditionSets(Arrays.asList(SerializerFactory.createDefaultManagementSerializerAdapter().deserialize(
"{\"conditions\":[{\"operator\":\"In\",\"property\":\"$.AssessmentKey\",\"value\":\"[\\\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\\\", \\\"fe83f80b-073d-4ccf-93d9-6797eb870201\\\"]\"}]}",
Object.class, SerializerEncoding.JSON)))
.withOwnerSource(new GovernanceRuleOwnerSource().withType(GovernanceRuleOwnerSourceType.MANUALLY)
.withValue("user@contoso.com"))
.withGovernanceEmailNotification(new GovernanceRuleEmailNotification()
.withDisableManagerEmailNotification(true).withDisableOwnerEmailNotification(false))
.create();
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armsecurity_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/PutManagementGroupGovernanceRule_example.json
func ExampleGovernanceRulesClient_CreateOrUpdate_createOrUpdateGovernanceRuleOverManagementGroupScope() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewGovernanceRulesClient().CreateOrUpdate(ctx, "providers/Microsoft.Management/managementGroups/contoso", "ad9a8e26-29d9-4829-bb30-e597a58cdbb8", armsecurity.GovernanceRule{
Properties: &armsecurity.GovernanceRuleProperties{
Description: to.Ptr("A rule for a management group"),
ConditionSets: []any{
map[string]any{
"conditions": []any{
map[string]any{
"operator": "In",
"property": "$.AssessmentKey",
"value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
},
},
}},
DisplayName: to.Ptr("Management group rule"),
ExcludedScopes: []*string{
to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23")},
GovernanceEmailNotification: &armsecurity.GovernanceRuleEmailNotification{
DisableManagerEmailNotification: to.Ptr(true),
DisableOwnerEmailNotification: to.Ptr(false),
},
IsDisabled: to.Ptr(false),
IsGracePeriod: to.Ptr(true),
OwnerSource: &armsecurity.GovernanceRuleOwnerSource{
Type: to.Ptr(armsecurity.GovernanceRuleOwnerSourceTypeManually),
Value: to.Ptr("user@contoso.com"),
},
RemediationTimeframe: to.Ptr("7.00:00:00"),
RulePriority: to.Ptr[int32](200),
RuleType: to.Ptr(armsecurity.GovernanceRuleTypeIntegrated),
SourceResourceType: to.Ptr(armsecurity.GovernanceRuleSourceResourceTypeAssessments),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.GovernanceRule = armsecurity.GovernanceRule{
// Name: to.Ptr("ad9a8e26-29d9-4829-bb30-e597a58cdbb8"),
// Type: to.Ptr("Microsoft.Security/governanceRules"),
// ID: to.Ptr("providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8"),
// Properties: &armsecurity.GovernanceRuleProperties{
// Description: to.Ptr("A rule for a management group"),
// ConditionSets: []any{
// map[string]any{
// "conditions":[]any{
// map[string]any{
// "operator": "In",
// "property": "$.AssessmentKey",
// "value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
// },
// },
// }},
// DisplayName: to.Ptr("Management group rule"),
// ExcludedScopes: []*string{
// to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23")},
// GovernanceEmailNotification: &armsecurity.GovernanceRuleEmailNotification{
// DisableManagerEmailNotification: to.Ptr(true),
// DisableOwnerEmailNotification: to.Ptr(false),
// },
// IncludeMemberScopes: to.Ptr(false),
// IsDisabled: to.Ptr(false),
// IsGracePeriod: to.Ptr(true),
// Metadata: &armsecurity.GovernanceRuleMetadata{
// CreatedBy: to.Ptr("c23b5354-ff0a-4b2a-9f92-6f144effd936"),
// CreatedOn: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-11-10T08:31:26.799Z"); return t}()),
// UpdatedBy: to.Ptr("c23b5354-ff0a-4b2a-9f92-6f144effd936"),
// UpdatedOn: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-11-10T08:31:26.799Z"); return t}()),
// },
// OwnerSource: &armsecurity.GovernanceRuleOwnerSource{
// Type: to.Ptr(armsecurity.GovernanceRuleOwnerSourceTypeManually),
// Value: to.Ptr("user@contoso.com"),
// },
// RemediationTimeframe: to.Ptr("7.00:00:00"),
// RulePriority: to.Ptr[int32](200),
// RuleType: to.Ptr(armsecurity.GovernanceRuleTypeIntegrated),
// SourceResourceType: to.Ptr(armsecurity.GovernanceRuleSourceResourceTypeAssessments),
// TenantID: to.Ptr("f0b6d37b-e4bc-4719-9291-c066c3194f23"),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Creates or updates a governance rule over a given scope
*
* @summary Creates or updates a governance rule over a given scope
* x-ms-original-file: specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/PutManagementGroupGovernanceRule_example.json
*/
async function createOrUpdateGovernanceRuleOverManagementGroupScope() {
const scope = "providers/Microsoft.Management/managementGroups/contoso";
const ruleId = "ad9a8e26-29d9-4829-bb30-e597a58cdbb8";
const governanceRule = {
description: "A rule for a management group",
conditionSets: [
{
conditions: [
{
operator: "In",
property: "$.AssessmentKey",
value:
'["b1cd27e0-4ecc-4246-939f-49c426d9d72f", "fe83f80b-073d-4ccf-93d9-6797eb870201"]',
},
],
},
],
displayName: "Management group rule",
excludedScopes: ["/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23"],
governanceEmailNotification: {
disableManagerEmailNotification: true,
disableOwnerEmailNotification: false,
},
isDisabled: false,
isGracePeriod: true,
ownerSource: { type: "Manually", value: "user@contoso.com" },
remediationTimeframe: "7.00:00:00",
rulePriority: 200,
ruleType: "Integrated",
sourceResourceType: "Assessments",
};
const credential = new DefaultAzureCredential();
const client = new SecurityCenter(credential);
const result = await client.governanceRules.createOrUpdate(scope, ruleId, governanceRule);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using System;
using System.Collections.Generic;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.SecurityCenter;
using Azure.ResourceManager.SecurityCenter.Models;
// Generated from example definition: specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/PutManagementGroupGovernanceRule_example.json
// this example is just showing the usage of "GovernanceRules_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this GovernanceRuleResource created on azure
// for more information of creating GovernanceRuleResource, please refer to the document of GovernanceRuleResource
string scope = "providers/Microsoft.Management/managementGroups/contoso";
string ruleId = "ad9a8e26-29d9-4829-bb30-e597a58cdbb8";
ResourceIdentifier governanceRuleResourceId = GovernanceRuleResource.CreateResourceIdentifier(scope, ruleId);
GovernanceRuleResource governanceRule = client.GetGovernanceRuleResource(governanceRuleResourceId);
// invoke the operation
GovernanceRuleData data = new GovernanceRuleData()
{
DisplayName = "Management group rule",
Description = "A rule for a management group",
RemediationTimeframe = "7.00:00:00",
IsGracePeriod = true,
RulePriority = 200,
IsDisabled = false,
RuleType = GovernanceRuleType.Integrated,
SourceResourceType = GovernanceRuleSourceResourceType.Assessments,
ExcludedScopes =
{
"/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23"
},
ConditionSets =
{
BinaryData.FromObjectAsJson(new Dictionary<string, object>()
{
["conditions"] = new object[] { new Dictionary<string, object>()
{
["operator"] = "In",
["property"] = "$.AssessmentKey",
["value"] = "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]"} }})
},
OwnerSource = new GovernanceRuleOwnerSource()
{
SourceType = GovernanceRuleOwnerSourceType.Manually,
Value = "user@contoso.com",
},
GovernanceEmailNotification = new GovernanceRuleEmailNotification()
{
IsManagerEmailNotificationDisabled = true,
IsOwnerEmailNotificationDisabled = false,
},
};
ArmOperation<GovernanceRuleResource> lro = await governanceRule.UpdateAsync(WaitUntil.Completed, data);
GovernanceRuleResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
GovernanceRuleData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Risposta di esempio
{
"id": "providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
"name": "ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
"type": "Microsoft.Security/governanceRules",
"properties": {
"tenantId": "f0b6d37b-e4bc-4719-9291-c066c3194f23",
"displayName": "Management group rule",
"description": "A rule for a management group",
"remediationTimeframe": "7.00:00:00",
"isGracePeriod": true,
"rulePriority": 200,
"isDisabled": false,
"ruleType": "Integrated",
"sourceResourceType": "Assessments",
"conditionSets": [
{
"conditions": [
{
"property": "$.AssessmentKey",
"value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
"operator": "In"
}
]
}
],
"ownerSource": {
"type": "Manually",
"value": "user@contoso.com"
},
"governanceEmailNotification": {
"disableManagerEmailNotification": true,
"disableOwnerEmailNotification": false
},
"excludedScopes": [
"/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23"
],
"includeMemberScopes": false,
"metadata": {
"createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"createdOn": "2022-11-10T08:31:26.7993124Z",
"updatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"updatedOn": "2022-11-10T08:31:26.7993124Z"
}
}
}
{
"id": "providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
"name": "ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
"type": "Microsoft.Security/governanceRules",
"properties": {
"tenantId": "f0b6d37b-e4bc-4719-9291-c066c3194f23",
"displayName": "Management group rule",
"description": "A rule for a management group",
"remediationTimeframe": "7.00:00:00",
"isGracePeriod": true,
"rulePriority": 200,
"isDisabled": false,
"ruleType": "Integrated",
"sourceResourceType": "Assessments",
"conditionSets": [
{
"conditions": [
{
"property": "$.AssessmentKey",
"value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
"operator": "In"
}
]
}
],
"ownerSource": {
"type": "Manually",
"value": "user@contoso.com"
},
"governanceEmailNotification": {
"disableManagerEmailNotification": true,
"disableOwnerEmailNotification": false
},
"excludedScopes": [
"/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23"
],
"includeMemberScopes": false,
"metadata": {
"createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"createdOn": "2022-11-10T08:31:26.7993124Z",
"updatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"updatedOn": "2022-11-10T08:31:26.7993124Z"
}
}
}
Create or update governance rule over security connector scope
Esempio di richiesta
PUT https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8?api-version=2022-01-01-preview
{
"properties": {
"displayName": "GCP Admin's rule",
"description": "A rule on critical GCP recommendations",
"remediationTimeframe": "7.00:00:00",
"isGracePeriod": true,
"rulePriority": 200,
"isDisabled": false,
"ruleType": "Integrated",
"sourceResourceType": "Assessments",
"conditionSets": [
{
"conditions": [
{
"property": "$.AssessmentKey",
"value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
"operator": "In"
}
]
}
],
"ownerSource": {
"type": "Manually",
"value": "user@contoso.com"
},
"governanceEmailNotification": {
"disableManagerEmailNotification": true,
"disableOwnerEmailNotification": false
}
}
}
import com.azure.core.management.serializer.SerializerFactory;
import com.azure.core.util.serializer.SerializerEncoding;
import com.azure.resourcemanager.security.models.GovernanceRuleEmailNotification;
import com.azure.resourcemanager.security.models.GovernanceRuleOwnerSource;
import com.azure.resourcemanager.security.models.GovernanceRuleOwnerSourceType;
import com.azure.resourcemanager.security.models.GovernanceRuleSourceResourceType;
import com.azure.resourcemanager.security.models.GovernanceRuleType;
import java.io.IOException;
import java.util.Arrays;
/**
* Samples for GovernanceRules CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/
* PutSecurityConnectorGovernanceRule_example.json
*/
/**
* Sample code: Create or update governance rule over security connector scope.
*
* @param manager Entry point to SecurityManager.
*/
public static void createOrUpdateGovernanceRuleOverSecurityConnectorScope(
com.azure.resourcemanager.security.SecurityManager manager) throws IOException {
manager.governanceRules().define("ad9a8e26-29d9-4829-bb30-e597a58cdbb8").withExistingScope(
"subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector")
.withDisplayName("GCP Admin's rule").withDescription("A rule on critical GCP recommendations")
.withRemediationTimeframe("7.00:00:00").withIsGracePeriod(true).withRulePriority(200).withIsDisabled(false)
.withRuleType(GovernanceRuleType.INTEGRATED)
.withSourceResourceType(GovernanceRuleSourceResourceType.ASSESSMENTS)
.withConditionSets(Arrays.asList(SerializerFactory.createDefaultManagementSerializerAdapter().deserialize(
"{\"conditions\":[{\"operator\":\"In\",\"property\":\"$.AssessmentKey\",\"value\":\"[\\\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\\\", \\\"fe83f80b-073d-4ccf-93d9-6797eb870201\\\"]\"}]}",
Object.class, SerializerEncoding.JSON)))
.withOwnerSource(new GovernanceRuleOwnerSource().withType(GovernanceRuleOwnerSourceType.MANUALLY)
.withValue("user@contoso.com"))
.withGovernanceEmailNotification(new GovernanceRuleEmailNotification()
.withDisableManagerEmailNotification(true).withDisableOwnerEmailNotification(false))
.create();
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armsecurity_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/PutSecurityConnectorGovernanceRule_example.json
func ExampleGovernanceRulesClient_CreateOrUpdate_createOrUpdateGovernanceRuleOverSecurityConnectorScope() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewGovernanceRulesClient().CreateOrUpdate(ctx, "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector", "ad9a8e26-29d9-4829-bb30-e597a58cdbb8", armsecurity.GovernanceRule{
Properties: &armsecurity.GovernanceRuleProperties{
Description: to.Ptr("A rule on critical GCP recommendations"),
ConditionSets: []any{
map[string]any{
"conditions": []any{
map[string]any{
"operator": "In",
"property": "$.AssessmentKey",
"value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
},
},
}},
DisplayName: to.Ptr("GCP Admin's rule"),
GovernanceEmailNotification: &armsecurity.GovernanceRuleEmailNotification{
DisableManagerEmailNotification: to.Ptr(true),
DisableOwnerEmailNotification: to.Ptr(false),
},
IsDisabled: to.Ptr(false),
IsGracePeriod: to.Ptr(true),
OwnerSource: &armsecurity.GovernanceRuleOwnerSource{
Type: to.Ptr(armsecurity.GovernanceRuleOwnerSourceTypeManually),
Value: to.Ptr("user@contoso.com"),
},
RemediationTimeframe: to.Ptr("7.00:00:00"),
RulePriority: to.Ptr[int32](200),
RuleType: to.Ptr(armsecurity.GovernanceRuleTypeIntegrated),
SourceResourceType: to.Ptr(armsecurity.GovernanceRuleSourceResourceTypeAssessments),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.GovernanceRule = armsecurity.GovernanceRule{
// Name: to.Ptr("ad9a8e26-29d9-4829-bb30-e597a58cdbb8"),
// Type: to.Ptr("Microsoft.Security/governanceRules"),
// ID: to.Ptr("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8"),
// Properties: &armsecurity.GovernanceRuleProperties{
// Description: to.Ptr("A rule on critical GCP recommendations"),
// ConditionSets: []any{
// map[string]any{
// "conditions":[]any{
// map[string]any{
// "operator": "In",
// "property": "$.AssessmentKey",
// "value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
// },
// },
// }},
// DisplayName: to.Ptr("GCP Admin's rule"),
// ExcludedScopes: []*string{
// },
// GovernanceEmailNotification: &armsecurity.GovernanceRuleEmailNotification{
// DisableManagerEmailNotification: to.Ptr(true),
// DisableOwnerEmailNotification: to.Ptr(false),
// },
// IncludeMemberScopes: to.Ptr(false),
// IsDisabled: to.Ptr(false),
// IsGracePeriod: to.Ptr(true),
// Metadata: &armsecurity.GovernanceRuleMetadata{
// CreatedBy: to.Ptr("c23b5354-ff0a-4b2a-9f92-6f144effd936"),
// CreatedOn: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-11-10T08:31:26.799Z"); return t}()),
// UpdatedBy: to.Ptr("c23b5354-ff0a-4b2a-9f92-6f144effd936"),
// UpdatedOn: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-11-10T08:31:26.799Z"); return t}()),
// },
// OwnerSource: &armsecurity.GovernanceRuleOwnerSource{
// Type: to.Ptr(armsecurity.GovernanceRuleOwnerSourceTypeManually),
// Value: to.Ptr("user@contoso.com"),
// },
// RemediationTimeframe: to.Ptr("7.00:00:00"),
// RulePriority: to.Ptr[int32](200),
// RuleType: to.Ptr(armsecurity.GovernanceRuleTypeIntegrated),
// SourceResourceType: to.Ptr(armsecurity.GovernanceRuleSourceResourceTypeAssessments),
// TenantID: to.Ptr("f0b6d37b-e4bc-4719-9291-c066c3194f23"),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Creates or updates a governance rule over a given scope
*
* @summary Creates or updates a governance rule over a given scope
* x-ms-original-file: specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/PutSecurityConnectorGovernanceRule_example.json
*/
async function createOrUpdateGovernanceRuleOverSecurityConnectorScope() {
const scope =
"subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector";
const ruleId = "ad9a8e26-29d9-4829-bb30-e597a58cdbb8";
const governanceRule = {
description: "A rule on critical GCP recommendations",
conditionSets: [
{
conditions: [
{
operator: "In",
property: "$.AssessmentKey",
value:
'["b1cd27e0-4ecc-4246-939f-49c426d9d72f", "fe83f80b-073d-4ccf-93d9-6797eb870201"]',
},
],
},
],
displayName: "GCP Admin's rule",
governanceEmailNotification: {
disableManagerEmailNotification: true,
disableOwnerEmailNotification: false,
},
isDisabled: false,
isGracePeriod: true,
ownerSource: { type: "Manually", value: "user@contoso.com" },
remediationTimeframe: "7.00:00:00",
rulePriority: 200,
ruleType: "Integrated",
sourceResourceType: "Assessments",
};
const credential = new DefaultAzureCredential();
const client = new SecurityCenter(credential);
const result = await client.governanceRules.createOrUpdate(scope, ruleId, governanceRule);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using System;
using System.Collections.Generic;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.SecurityCenter;
using Azure.ResourceManager.SecurityCenter.Models;
// Generated from example definition: specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/PutSecurityConnectorGovernanceRule_example.json
// this example is just showing the usage of "GovernanceRules_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this GovernanceRuleResource created on azure
// for more information of creating GovernanceRuleResource, please refer to the document of GovernanceRuleResource
string scope = "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector";
string ruleId = "ad9a8e26-29d9-4829-bb30-e597a58cdbb8";
ResourceIdentifier governanceRuleResourceId = GovernanceRuleResource.CreateResourceIdentifier(scope, ruleId);
GovernanceRuleResource governanceRule = client.GetGovernanceRuleResource(governanceRuleResourceId);
// invoke the operation
GovernanceRuleData data = new GovernanceRuleData()
{
DisplayName = "GCP Admin's rule",
Description = "A rule on critical GCP recommendations",
RemediationTimeframe = "7.00:00:00",
IsGracePeriod = true,
RulePriority = 200,
IsDisabled = false,
RuleType = GovernanceRuleType.Integrated,
SourceResourceType = GovernanceRuleSourceResourceType.Assessments,
ConditionSets =
{
BinaryData.FromObjectAsJson(new Dictionary<string, object>()
{
["conditions"] = new object[] { new Dictionary<string, object>()
{
["operator"] = "In",
["property"] = "$.AssessmentKey",
["value"] = "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]"} }})
},
OwnerSource = new GovernanceRuleOwnerSource()
{
SourceType = GovernanceRuleOwnerSourceType.Manually,
Value = "user@contoso.com",
},
GovernanceEmailNotification = new GovernanceRuleEmailNotification()
{
IsManagerEmailNotificationDisabled = true,
IsOwnerEmailNotificationDisabled = false,
},
};
ArmOperation<GovernanceRuleResource> lro = await governanceRule.UpdateAsync(WaitUntil.Completed, data);
GovernanceRuleResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
GovernanceRuleData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Risposta di esempio
{
"id": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
"name": "ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
"type": "Microsoft.Security/governanceRules",
"properties": {
"tenantId": "f0b6d37b-e4bc-4719-9291-c066c3194f23",
"displayName": "GCP Admin's rule",
"description": "A rule on critical GCP recommendations",
"remediationTimeframe": "7.00:00:00",
"isGracePeriod": true,
"rulePriority": 200,
"isDisabled": false,
"ruleType": "Integrated",
"sourceResourceType": "Assessments",
"conditionSets": [
{
"conditions": [
{
"property": "$.AssessmentKey",
"value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
"operator": "In"
}
]
}
],
"ownerSource": {
"type": "Manually",
"value": "user@contoso.com"
},
"governanceEmailNotification": {
"disableManagerEmailNotification": true,
"disableOwnerEmailNotification": false
},
"excludedScopes": [],
"includeMemberScopes": false,
"metadata": {
"createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"createdOn": "2022-11-10T08:31:26.7993124Z",
"updatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"updatedOn": "2022-11-10T08:31:26.7993124Z"
}
}
}
{
"id": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
"name": "ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
"type": "Microsoft.Security/governanceRules",
"properties": {
"displayName": "GCP Admin's rule",
"description": "A rule on critical GCP recommendations",
"remediationTimeframe": "7.00:00:00",
"isGracePeriod": true,
"rulePriority": 200,
"isDisabled": false,
"ruleType": "Integrated",
"sourceResourceType": "Assessments",
"conditionSets": [
{
"conditions": [
{
"property": "$.AssessmentKey",
"value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
"operator": "In"
}
]
}
],
"ownerSource": {
"type": "Manually",
"value": "user@contoso.com"
},
"governanceEmailNotification": {
"disableManagerEmailNotification": true,
"disableOwnerEmailNotification": false
},
"excludedScopes": [],
"includeMemberScopes": false,
"metadata": {
"createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"createdOn": "2022-11-10T08:31:26.7993124Z",
"updatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"updatedOn": "2022-11-10T08:31:26.7993124Z"
}
}
}
Create or update governance rule over subscription scope
Esempio di richiesta
PUT https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8?api-version=2022-01-01-preview
{
"properties": {
"displayName": "Admin's rule",
"description": "A rule for critical recommendations",
"remediationTimeframe": "7.00:00:00",
"isGracePeriod": true,
"rulePriority": 200,
"isDisabled": false,
"ruleType": "Integrated",
"sourceResourceType": "Assessments",
"conditionSets": [
{
"conditions": [
{
"property": "$.AssessmentKey",
"value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
"operator": "In"
}
]
}
],
"ownerSource": {
"type": "Manually",
"value": "user@contoso.com"
},
"governanceEmailNotification": {
"disableManagerEmailNotification": false,
"disableOwnerEmailNotification": false
}
}
}
import com.azure.core.management.serializer.SerializerFactory;
import com.azure.core.util.serializer.SerializerEncoding;
import com.azure.resourcemanager.security.models.GovernanceRuleEmailNotification;
import com.azure.resourcemanager.security.models.GovernanceRuleOwnerSource;
import com.azure.resourcemanager.security.models.GovernanceRuleOwnerSourceType;
import com.azure.resourcemanager.security.models.GovernanceRuleSourceResourceType;
import com.azure.resourcemanager.security.models.GovernanceRuleType;
import java.io.IOException;
import java.util.Arrays;
/**
* Samples for GovernanceRules CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/
* PutGovernanceRule_example.json
*/
/**
* Sample code: Create or update governance rule over subscription scope.
*
* @param manager Entry point to SecurityManager.
*/
public static void createOrUpdateGovernanceRuleOverSubscriptionScope(
com.azure.resourcemanager.security.SecurityManager manager) throws IOException {
manager.governanceRules().define("ad9a8e26-29d9-4829-bb30-e597a58cdbb8")
.withExistingScope("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23").withDisplayName("Admin's rule")
.withDescription("A rule for critical recommendations").withRemediationTimeframe("7.00:00:00")
.withIsGracePeriod(true).withRulePriority(200).withIsDisabled(false)
.withRuleType(GovernanceRuleType.INTEGRATED)
.withSourceResourceType(GovernanceRuleSourceResourceType.ASSESSMENTS)
.withConditionSets(Arrays.asList(SerializerFactory.createDefaultManagementSerializerAdapter().deserialize(
"{\"conditions\":[{\"operator\":\"In\",\"property\":\"$.AssessmentKey\",\"value\":\"[\\\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\\\", \\\"fe83f80b-073d-4ccf-93d9-6797eb870201\\\"]\"}]}",
Object.class, SerializerEncoding.JSON)))
.withOwnerSource(new GovernanceRuleOwnerSource().withType(GovernanceRuleOwnerSourceType.MANUALLY)
.withValue("user@contoso.com"))
.withGovernanceEmailNotification(new GovernanceRuleEmailNotification()
.withDisableManagerEmailNotification(false).withDisableOwnerEmailNotification(false))
.create();
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armsecurity_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/PutGovernanceRule_example.json
func ExampleGovernanceRulesClient_CreateOrUpdate_createOrUpdateGovernanceRuleOverSubscriptionScope() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewGovernanceRulesClient().CreateOrUpdate(ctx, "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23", "ad9a8e26-29d9-4829-bb30-e597a58cdbb8", armsecurity.GovernanceRule{
Properties: &armsecurity.GovernanceRuleProperties{
Description: to.Ptr("A rule for critical recommendations"),
ConditionSets: []any{
map[string]any{
"conditions": []any{
map[string]any{
"operator": "In",
"property": "$.AssessmentKey",
"value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
},
},
}},
DisplayName: to.Ptr("Admin's rule"),
GovernanceEmailNotification: &armsecurity.GovernanceRuleEmailNotification{
DisableManagerEmailNotification: to.Ptr(false),
DisableOwnerEmailNotification: to.Ptr(false),
},
IsDisabled: to.Ptr(false),
IsGracePeriod: to.Ptr(true),
OwnerSource: &armsecurity.GovernanceRuleOwnerSource{
Type: to.Ptr(armsecurity.GovernanceRuleOwnerSourceTypeManually),
Value: to.Ptr("user@contoso.com"),
},
RemediationTimeframe: to.Ptr("7.00:00:00"),
RulePriority: to.Ptr[int32](200),
RuleType: to.Ptr(armsecurity.GovernanceRuleTypeIntegrated),
SourceResourceType: to.Ptr(armsecurity.GovernanceRuleSourceResourceTypeAssessments),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.GovernanceRule = armsecurity.GovernanceRule{
// Name: to.Ptr("ad9a8e26-29d9-4829-bb30-e597a58cdbb8"),
// Type: to.Ptr("Microsoft.Security/governanceRules"),
// ID: to.Ptr("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8"),
// Properties: &armsecurity.GovernanceRuleProperties{
// Description: to.Ptr("A rule for critical recommendations"),
// ConditionSets: []any{
// map[string]any{
// "conditions":[]any{
// map[string]any{
// "operator": "In",
// "property": "$.AssessmentKey",
// "value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
// },
// },
// }},
// DisplayName: to.Ptr("Admin's rule"),
// ExcludedScopes: []*string{
// },
// GovernanceEmailNotification: &armsecurity.GovernanceRuleEmailNotification{
// DisableManagerEmailNotification: to.Ptr(false),
// DisableOwnerEmailNotification: to.Ptr(false),
// },
// IncludeMemberScopes: to.Ptr(false),
// IsDisabled: to.Ptr(false),
// IsGracePeriod: to.Ptr(true),
// Metadata: &armsecurity.GovernanceRuleMetadata{
// CreatedBy: to.Ptr("c23b5354-ff0a-4b2a-9f92-6f144effd936"),
// CreatedOn: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-11-10T08:31:26.799Z"); return t}()),
// UpdatedBy: to.Ptr("c23b5354-ff0a-4b2a-9f92-6f144effd936"),
// UpdatedOn: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-11-10T08:31:26.799Z"); return t}()),
// },
// OwnerSource: &armsecurity.GovernanceRuleOwnerSource{
// Type: to.Ptr(armsecurity.GovernanceRuleOwnerSourceTypeManually),
// Value: to.Ptr("user@contoso.com"),
// },
// RemediationTimeframe: to.Ptr("7.00:00:00"),
// RulePriority: to.Ptr[int32](200),
// RuleType: to.Ptr(armsecurity.GovernanceRuleTypeIntegrated),
// SourceResourceType: to.Ptr(armsecurity.GovernanceRuleSourceResourceTypeAssessments),
// TenantID: to.Ptr("f0b6d37b-e4bc-4719-9291-c066c3194f23"),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Creates or updates a governance rule over a given scope
*
* @summary Creates or updates a governance rule over a given scope
* x-ms-original-file: specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/PutGovernanceRule_example.json
*/
async function createOrUpdateGovernanceRuleOverSubscriptionScope() {
const scope = "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23";
const ruleId = "ad9a8e26-29d9-4829-bb30-e597a58cdbb8";
const governanceRule = {
description: "A rule for critical recommendations",
conditionSets: [
{
conditions: [
{
operator: "In",
property: "$.AssessmentKey",
value:
'["b1cd27e0-4ecc-4246-939f-49c426d9d72f", "fe83f80b-073d-4ccf-93d9-6797eb870201"]',
},
],
},
],
displayName: "Admin's rule",
governanceEmailNotification: {
disableManagerEmailNotification: false,
disableOwnerEmailNotification: false,
},
isDisabled: false,
isGracePeriod: true,
ownerSource: { type: "Manually", value: "user@contoso.com" },
remediationTimeframe: "7.00:00:00",
rulePriority: 200,
ruleType: "Integrated",
sourceResourceType: "Assessments",
};
const credential = new DefaultAzureCredential();
const client = new SecurityCenter(credential);
const result = await client.governanceRules.createOrUpdate(scope, ruleId, governanceRule);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using System;
using System.Collections.Generic;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.SecurityCenter;
using Azure.ResourceManager.SecurityCenter.Models;
// Generated from example definition: specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/PutGovernanceRule_example.json
// this example is just showing the usage of "GovernanceRules_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this GovernanceRuleResource created on azure
// for more information of creating GovernanceRuleResource, please refer to the document of GovernanceRuleResource
string scope = "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23";
string ruleId = "ad9a8e26-29d9-4829-bb30-e597a58cdbb8";
ResourceIdentifier governanceRuleResourceId = GovernanceRuleResource.CreateResourceIdentifier(scope, ruleId);
GovernanceRuleResource governanceRule = client.GetGovernanceRuleResource(governanceRuleResourceId);
// invoke the operation
GovernanceRuleData data = new GovernanceRuleData()
{
DisplayName = "Admin's rule",
Description = "A rule for critical recommendations",
RemediationTimeframe = "7.00:00:00",
IsGracePeriod = true,
RulePriority = 200,
IsDisabled = false,
RuleType = GovernanceRuleType.Integrated,
SourceResourceType = GovernanceRuleSourceResourceType.Assessments,
ConditionSets =
{
BinaryData.FromObjectAsJson(new Dictionary<string, object>()
{
["conditions"] = new object[] { new Dictionary<string, object>()
{
["operator"] = "In",
["property"] = "$.AssessmentKey",
["value"] = "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]"} }})
},
OwnerSource = new GovernanceRuleOwnerSource()
{
SourceType = GovernanceRuleOwnerSourceType.Manually,
Value = "user@contoso.com",
},
GovernanceEmailNotification = new GovernanceRuleEmailNotification()
{
IsManagerEmailNotificationDisabled = false,
IsOwnerEmailNotificationDisabled = false,
},
};
ArmOperation<GovernanceRuleResource> lro = await governanceRule.UpdateAsync(WaitUntil.Completed, data);
GovernanceRuleResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
GovernanceRuleData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Risposta di esempio
{
"id": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
"name": "ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
"type": "Microsoft.Security/governanceRules",
"properties": {
"tenantId": "f0b6d37b-e4bc-4719-9291-c066c3194f23",
"displayName": "Admin's rule",
"description": "A rule for critical recommendations",
"remediationTimeframe": "7.00:00:00",
"isGracePeriod": true,
"rulePriority": 200,
"isDisabled": false,
"ruleType": "Integrated",
"sourceResourceType": "Assessments",
"conditionSets": [
{
"conditions": [
{
"property": "$.AssessmentKey",
"value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
"operator": "In"
}
]
}
],
"ownerSource": {
"type": "Manually",
"value": "user@contoso.com"
},
"governanceEmailNotification": {
"disableManagerEmailNotification": false,
"disableOwnerEmailNotification": false
},
"excludedScopes": [],
"includeMemberScopes": false,
"metadata": {
"createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"createdOn": "2022-11-10T08:31:26.7993124Z",
"updatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"updatedOn": "2022-11-10T08:31:26.7993124Z"
}
}
}
{
"id": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
"name": "ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
"type": "Microsoft.Security/governanceRules",
"properties": {
"tenantId": "f0b6d37b-e4bc-4719-9291-c066c3194f23",
"displayName": "Admin's rule",
"description": "A rule for critical recommendations",
"remediationTimeframe": "7.00:00:00",
"isGracePeriod": true,
"rulePriority": 200,
"isDisabled": false,
"ruleType": "Integrated",
"sourceResourceType": "Assessments",
"conditionSets": [
{
"conditions": [
{
"property": "$.AssessmentKey",
"value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
"operator": "In"
}
]
}
],
"ownerSource": {
"type": "Manually",
"value": "user@contoso.com"
},
"governanceEmailNotification": {
"disableManagerEmailNotification": false,
"disableOwnerEmailNotification": false
},
"excludedScopes": [],
"includeMemberScopes": false,
"metadata": {
"createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"createdOn": "2022-11-10T08:31:26.7993124Z",
"updatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"updatedOn": "2022-11-10T08:31:26.7993124Z"
}
}
}
Definizioni
CloudError
Risposta di errore comune per tutte le API di Azure Resource Manager per restituire i dettagli dell'errore per le operazioni non riuscite. Questo segue anche il formato di risposta di errore OData.
| Nome |
Tipo |
Descrizione |
|
error.additionalInfo
|
ErrorAdditionalInfo[]
|
Informazioni aggiuntive sull'errore.
|
|
error.code
|
string
|
Codice di errore.
|
|
error.details
|
CloudErrorBody[]
|
Dettagli dell'errore.
|
|
error.message
|
string
|
Messaggio di errore.
|
|
error.target
|
string
|
Destinazione dell'errore.
|
CloudErrorBody
Dettagli dell'errore.
| Nome |
Tipo |
Descrizione |
|
additionalInfo
|
ErrorAdditionalInfo[]
|
Informazioni aggiuntive sull'errore.
|
|
code
|
string
|
Codice di errore.
|
|
details
|
CloudErrorBody[]
|
Dettagli dell'errore.
|
|
message
|
string
|
Messaggio di errore.
|
|
target
|
string
|
Destinazione dell'errore.
|
Condition
Condizione della regola di governance
| Nome |
Tipo |
Descrizione |
|
operator
|
GovernanceRuleConditionOperator
|
Operatore della regola di governance Condizione, ad esempio Uguale a per gravità o In per l'elenco delle valutazioni, vedere esempi
|
|
property
|
string
|
Proprietà della regola di governance, ad esempio Gravità o AssessmentKey, vedere esempi
|
|
value
|
string
|
Il valore della regola di governance Condizione come le chiavi di gravità bassa, alta o di valutazione, vedere esempi
|
ErrorAdditionalInfo
Informazioni aggiuntive sull'errore di gestione delle risorse.
| Nome |
Tipo |
Descrizione |
|
info
|
object
|
Informazioni aggiuntive.
|
|
type
|
string
|
Tipo di informazioni aggiuntive.
|
GovernanceRule
Regola di governance su un determinato ambito
| Nome |
Tipo |
Descrizione |
|
id
|
string
|
ID risorsa
|
|
name
|
string
|
Nome risorsa
|
|
properties.conditionSets
|
Condition[]
|
Set di condizioni della regola di governance: vedere gli esempi
|
|
properties.description
|
string
|
Descrizione della regola di governance
|
|
properties.displayName
|
string
|
Nome visualizzato della regola di governance
|
|
properties.excludedScopes
|
string[]
|
Ambiti esclusi, filtrare i discendenti dell'ambito (negli ambiti di gestione)
|
|
properties.governanceEmailNotification
|
GovernanceRuleEmailNotification
|
Le impostazioni delle notifiche tramite posta elettronica per la regola di governance indicano se disabilitare le notifiche per i mangers e i proprietari
|
|
properties.includeMemberScopes
|
boolean
|
Definisce se la regola è regola di ambito di gestione (connettore master come ambito singolo o ambito di gestione)
|
|
properties.isDisabled
|
boolean
|
Definisce se la regola è attiva/inattiva
|
|
properties.isGracePeriod
|
boolean
|
Definisce se esiste un periodo di tolleranza per la regola di governance
|
|
properties.metadata
|
GovernanceRuleMetadata
|
Metadati delle regole di governance
|
|
properties.ownerSource
|
GovernanceRuleOwnerSource
|
Origine del proprietario per la regola di governance, ad esempio manualmente da user@contoso.com, vedere l'esempio
|
|
properties.remediationTimeframe
|
string
|
Intervallo di tempo di correzione delle regole di governance: questo è il tempo che influirà sulla durata del periodo di tolleranza, ad esempio 7.00:00:00- significa 7 giorni
|
|
properties.rulePriority
|
integer
|
Priorità della regola di governance, priorità al numero inferiore. Le regole con la stessa priorità nello stesso ambito non saranno consentite
|
|
properties.ruleType
|
GovernanceRuleType
|
Il tipo di regola della regola di governance definisce l'origine della regola, ad esempio Integrato
|
|
properties.sourceResourceType
|
GovernanceRuleSourceResourceType
|
Origine della regola di governance, che cosa influisce la regola, ad esempio valutazioni
|
|
properties.tenantId
|
string
|
TenantId (GUID)
|
|
type
|
string
|
Tipo di risorsa
|
GovernanceRuleConditionOperator
Operatore della regola di governance Condizione, ad esempio Uguale a per gravità o In per l'elenco delle valutazioni, vedere esempi
| Nome |
Tipo |
Descrizione |
|
Equals
|
string
|
Verifica che il valore stringa dei dati definiti in Property sia uguale al valore specificato.
|
|
In
|
string
|
Verifica che il valore stringa dei dati definiti in Property sia uguale a uno dei valori specificati (adattamento esatto)
|
GovernanceRuleEmailNotification
Configurazione settimanale della posta elettronica di governance
| Nome |
Tipo |
Descrizione |
|
disableManagerEmailNotification
|
boolean
|
Definisce se le notifiche di posta elettronica del manager sono disabilitate
|
|
disableOwnerEmailNotification
|
boolean
|
Definisce se le notifiche tramite posta elettronica del proprietario sono disabilitate
|
Metadati delle regole di governance
| Nome |
Tipo |
Descrizione |
|
createdBy
|
string
|
Regola di governance creata dall'ID oggetto (GUID)
|
|
createdOn
|
string
|
Data di creazione delle regole di governance
|
|
updatedBy
|
string
|
Regola di governance aggiornata per ultimo id oggetto (GUID)
|
|
updatedOn
|
string
|
Data dell'ultimo aggiornamento della regola di governance
|
GovernanceRuleOwnerSource
Descrivere l'origine proprietaria della regola di governance
| Nome |
Tipo |
Descrizione |
|
type
|
GovernanceRuleOwnerSourceType
|
Tipo di proprietario per l'origine del proprietario della regola di governance
|
|
value
|
string
|
Il valore di origine, ad esempio la chiave del tag, ad esempio il nome del proprietario o l'indirizzo di posta elettronica
|
GovernanceRuleOwnerSourceType
Tipo di proprietario per l'origine del proprietario della regola di governance
| Nome |
Tipo |
Descrizione |
|
ByTag
|
string
|
Tipo di origine della regola definito tramite tag di risorsa
|
|
Manually
|
string
|
Tipo di origine della regola definito manualmente
|
GovernanceRuleSourceResourceType
Origine della regola di governance, che cosa influisce la regola, ad esempio valutazioni
| Nome |
Tipo |
Descrizione |
|
Assessments
|
string
|
L'origine della regola di governance è la valutazione
|
GovernanceRuleType
Il tipo di regola della regola di governance definisce l'origine della regola, ad esempio Integrato
| Nome |
Tipo |
Descrizione |
|
Integrated
|
string
|
L'origine della definizione del tipo di regola è integrata
|
|
ServiceNow
|
string
|
L'origine della definizione del tipo di regola è ServiceNow
|