特定のスコープに対するガバナンス 規則を作成または更新します
PUT https://management.azure.com/{scope}/providers/Microsoft.Security/governanceRules/{ruleId}?api-version=2022-01-01-preview
URI パラメーター
| 名前 |
/ |
必須 |
型 |
説明 |
|
ruleId
|
path |
True
|
string
|
ガバナンス ルール キー - 標準ガバナンス 規則 (GUID) の一意のキー
|
|
scope
|
path |
True
|
string
|
ガバナンス ルールのスコープ。 有効なスコープは、管理グループ (形式: 'providers/Microsoft.Management/managementGroups/{managementGroup}')、サブスクリプション (形式: 'subscriptions/{subscriptionId}'))、またはセキュリティ コネクタ (形式: 'subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/securityConnectors/{securityConnectorName})' です。
|
|
api-version
|
query |
True
|
string
|
操作の API バージョン
|
要求本文
| 名前 |
必須 |
型 |
説明 |
|
properties.conditionSets
|
True
|
Condition[]
|
ガバナンス ルールの conditionSets - 例を参照してください
|
|
properties.displayName
|
True
|
string
|
ガバナンス 規則の表示名
|
|
properties.ownerSource
|
True
|
GovernanceRuleOwnerSource
|
ガバナンス ルールの所有者ソース (例: user@contoso.com による手動) は、例を参照してください
|
|
properties.rulePriority
|
True
|
integer
|
ガバナンス ルールの優先順位。優先順位は低い数値です。 同じスコープで同じ優先度を持つルールは許可されません
|
|
properties.ruleType
|
True
|
GovernanceRuleType
|
ガバナンス ルールのルールの種類は、ルールのソースを定義します (例: 統合
|
|
properties.sourceResourceType
|
True
|
GovernanceRuleSourceResourceType
|
ガバナンス ルールのソース。ルールが影響を受ける内容 (評価など)
|
|
properties.description
|
|
string
|
ガバナンス 規則の説明
|
|
properties.excludedScopes
|
|
string[]
|
除外されたスコープ、スコープの子孫を除外する (管理スコープの場合)
|
|
properties.governanceEmailNotification
|
|
GovernanceRuleEmailNotification
|
ガバナンス ルールの電子メール通知設定では、管理人と所有者の通知を無効にするかどうかを示します
|
|
properties.includeMemberScopes
|
|
boolean
|
ルールが管理スコープ ルール (単一のスコープとしてマスター コネクタまたは管理スコープ) であるかどうかを定義します。
|
|
properties.isDisabled
|
|
boolean
|
ルールがアクティブ/非アクティブかどうかを定義します
|
|
properties.isGracePeriod
|
|
boolean
|
ガバナンス ルールに猶予期間があるかどうかを定義します
|
|
properties.metadata
|
|
GovernanceRuleMetadata
|
ガバナンス 規則のメタデータ
|
|
properties.remediationTimeframe
|
|
string
|
ガバナンス ルールの修復期間 - これは猶予期間期間に影響を与える時間です (例: 7.00:00:00 - 7 日間)
|
応答
セキュリティ
azure_auth
Azure Active Directory OAuth2 フロー
型:
oauth2
フロー:
implicit
Authorization URL (承認 URL):
https://login.microsoftonline.com/common/oauth2/authorize
スコープ
| 名前 |
説明 |
|
user_impersonation
|
ユーザー アカウントを偽装する
|
例
Create or update governance rule over management group scope
要求のサンプル
PUT https://management.azure.com/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8?api-version=2022-01-01-preview
{
"properties": {
"displayName": "Management group rule",
"description": "A rule for a management group",
"remediationTimeframe": "7.00:00:00",
"isGracePeriod": true,
"rulePriority": 200,
"isDisabled": false,
"ruleType": "Integrated",
"sourceResourceType": "Assessments",
"conditionSets": [
{
"conditions": [
{
"property": "$.AssessmentKey",
"value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
"operator": "In"
}
]
}
],
"ownerSource": {
"type": "Manually",
"value": "user@contoso.com"
},
"governanceEmailNotification": {
"disableManagerEmailNotification": true,
"disableOwnerEmailNotification": false
},
"excludedScopes": [
"/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23"
]
}
}
import com.azure.core.management.serializer.SerializerFactory;
import com.azure.core.util.serializer.SerializerEncoding;
import com.azure.resourcemanager.security.models.GovernanceRuleEmailNotification;
import com.azure.resourcemanager.security.models.GovernanceRuleOwnerSource;
import com.azure.resourcemanager.security.models.GovernanceRuleOwnerSourceType;
import com.azure.resourcemanager.security.models.GovernanceRuleSourceResourceType;
import com.azure.resourcemanager.security.models.GovernanceRuleType;
import java.io.IOException;
import java.util.Arrays;
/**
* Samples for GovernanceRules CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/
* PutManagementGroupGovernanceRule_example.json
*/
/**
* Sample code: Create or update governance rule over management group scope.
*
* @param manager Entry point to SecurityManager.
*/
public static void createOrUpdateGovernanceRuleOverManagementGroupScope(
com.azure.resourcemanager.security.SecurityManager manager) throws IOException {
manager.governanceRules().define("ad9a8e26-29d9-4829-bb30-e597a58cdbb8")
.withExistingScope("providers/Microsoft.Management/managementGroups/contoso")
.withDisplayName("Management group rule").withDescription("A rule for a management group")
.withRemediationTimeframe("7.00:00:00").withIsGracePeriod(true).withRulePriority(200).withIsDisabled(false)
.withRuleType(GovernanceRuleType.INTEGRATED)
.withSourceResourceType(GovernanceRuleSourceResourceType.ASSESSMENTS)
.withExcludedScopes(Arrays.asList("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23"))
.withConditionSets(Arrays.asList(SerializerFactory.createDefaultManagementSerializerAdapter().deserialize(
"{\"conditions\":[{\"operator\":\"In\",\"property\":\"$.AssessmentKey\",\"value\":\"[\\\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\\\", \\\"fe83f80b-073d-4ccf-93d9-6797eb870201\\\"]\"}]}",
Object.class, SerializerEncoding.JSON)))
.withOwnerSource(new GovernanceRuleOwnerSource().withType(GovernanceRuleOwnerSourceType.MANUALLY)
.withValue("user@contoso.com"))
.withGovernanceEmailNotification(new GovernanceRuleEmailNotification()
.withDisableManagerEmailNotification(true).withDisableOwnerEmailNotification(false))
.create();
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armsecurity_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/PutManagementGroupGovernanceRule_example.json
func ExampleGovernanceRulesClient_CreateOrUpdate_createOrUpdateGovernanceRuleOverManagementGroupScope() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewGovernanceRulesClient().CreateOrUpdate(ctx, "providers/Microsoft.Management/managementGroups/contoso", "ad9a8e26-29d9-4829-bb30-e597a58cdbb8", armsecurity.GovernanceRule{
Properties: &armsecurity.GovernanceRuleProperties{
Description: to.Ptr("A rule for a management group"),
ConditionSets: []any{
map[string]any{
"conditions": []any{
map[string]any{
"operator": "In",
"property": "$.AssessmentKey",
"value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
},
},
}},
DisplayName: to.Ptr("Management group rule"),
ExcludedScopes: []*string{
to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23")},
GovernanceEmailNotification: &armsecurity.GovernanceRuleEmailNotification{
DisableManagerEmailNotification: to.Ptr(true),
DisableOwnerEmailNotification: to.Ptr(false),
},
IsDisabled: to.Ptr(false),
IsGracePeriod: to.Ptr(true),
OwnerSource: &armsecurity.GovernanceRuleOwnerSource{
Type: to.Ptr(armsecurity.GovernanceRuleOwnerSourceTypeManually),
Value: to.Ptr("user@contoso.com"),
},
RemediationTimeframe: to.Ptr("7.00:00:00"),
RulePriority: to.Ptr[int32](200),
RuleType: to.Ptr(armsecurity.GovernanceRuleTypeIntegrated),
SourceResourceType: to.Ptr(armsecurity.GovernanceRuleSourceResourceTypeAssessments),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.GovernanceRule = armsecurity.GovernanceRule{
// Name: to.Ptr("ad9a8e26-29d9-4829-bb30-e597a58cdbb8"),
// Type: to.Ptr("Microsoft.Security/governanceRules"),
// ID: to.Ptr("providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8"),
// Properties: &armsecurity.GovernanceRuleProperties{
// Description: to.Ptr("A rule for a management group"),
// ConditionSets: []any{
// map[string]any{
// "conditions":[]any{
// map[string]any{
// "operator": "In",
// "property": "$.AssessmentKey",
// "value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
// },
// },
// }},
// DisplayName: to.Ptr("Management group rule"),
// ExcludedScopes: []*string{
// to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23")},
// GovernanceEmailNotification: &armsecurity.GovernanceRuleEmailNotification{
// DisableManagerEmailNotification: to.Ptr(true),
// DisableOwnerEmailNotification: to.Ptr(false),
// },
// IncludeMemberScopes: to.Ptr(false),
// IsDisabled: to.Ptr(false),
// IsGracePeriod: to.Ptr(true),
// Metadata: &armsecurity.GovernanceRuleMetadata{
// CreatedBy: to.Ptr("c23b5354-ff0a-4b2a-9f92-6f144effd936"),
// CreatedOn: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-11-10T08:31:26.799Z"); return t}()),
// UpdatedBy: to.Ptr("c23b5354-ff0a-4b2a-9f92-6f144effd936"),
// UpdatedOn: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-11-10T08:31:26.799Z"); return t}()),
// },
// OwnerSource: &armsecurity.GovernanceRuleOwnerSource{
// Type: to.Ptr(armsecurity.GovernanceRuleOwnerSourceTypeManually),
// Value: to.Ptr("user@contoso.com"),
// },
// RemediationTimeframe: to.Ptr("7.00:00:00"),
// RulePriority: to.Ptr[int32](200),
// RuleType: to.Ptr(armsecurity.GovernanceRuleTypeIntegrated),
// SourceResourceType: to.Ptr(armsecurity.GovernanceRuleSourceResourceTypeAssessments),
// TenantID: to.Ptr("f0b6d37b-e4bc-4719-9291-c066c3194f23"),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Creates or updates a governance rule over a given scope
*
* @summary Creates or updates a governance rule over a given scope
* x-ms-original-file: specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/PutManagementGroupGovernanceRule_example.json
*/
async function createOrUpdateGovernanceRuleOverManagementGroupScope() {
const scope = "providers/Microsoft.Management/managementGroups/contoso";
const ruleId = "ad9a8e26-29d9-4829-bb30-e597a58cdbb8";
const governanceRule = {
description: "A rule for a management group",
conditionSets: [
{
conditions: [
{
operator: "In",
property: "$.AssessmentKey",
value:
'["b1cd27e0-4ecc-4246-939f-49c426d9d72f", "fe83f80b-073d-4ccf-93d9-6797eb870201"]',
},
],
},
],
displayName: "Management group rule",
excludedScopes: ["/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23"],
governanceEmailNotification: {
disableManagerEmailNotification: true,
disableOwnerEmailNotification: false,
},
isDisabled: false,
isGracePeriod: true,
ownerSource: { type: "Manually", value: "user@contoso.com" },
remediationTimeframe: "7.00:00:00",
rulePriority: 200,
ruleType: "Integrated",
sourceResourceType: "Assessments",
};
const credential = new DefaultAzureCredential();
const client = new SecurityCenter(credential);
const result = await client.governanceRules.createOrUpdate(scope, ruleId, governanceRule);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using System;
using System.Collections.Generic;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.SecurityCenter;
using Azure.ResourceManager.SecurityCenter.Models;
// Generated from example definition: specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/PutManagementGroupGovernanceRule_example.json
// this example is just showing the usage of "GovernanceRules_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this GovernanceRuleResource created on azure
// for more information of creating GovernanceRuleResource, please refer to the document of GovernanceRuleResource
string scope = "providers/Microsoft.Management/managementGroups/contoso";
string ruleId = "ad9a8e26-29d9-4829-bb30-e597a58cdbb8";
ResourceIdentifier governanceRuleResourceId = GovernanceRuleResource.CreateResourceIdentifier(scope, ruleId);
GovernanceRuleResource governanceRule = client.GetGovernanceRuleResource(governanceRuleResourceId);
// invoke the operation
GovernanceRuleData data = new GovernanceRuleData()
{
DisplayName = "Management group rule",
Description = "A rule for a management group",
RemediationTimeframe = "7.00:00:00",
IsGracePeriod = true,
RulePriority = 200,
IsDisabled = false,
RuleType = GovernanceRuleType.Integrated,
SourceResourceType = GovernanceRuleSourceResourceType.Assessments,
ExcludedScopes =
{
"/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23"
},
ConditionSets =
{
BinaryData.FromObjectAsJson(new Dictionary<string, object>()
{
["conditions"] = new object[] { new Dictionary<string, object>()
{
["operator"] = "In",
["property"] = "$.AssessmentKey",
["value"] = "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]"} }})
},
OwnerSource = new GovernanceRuleOwnerSource()
{
SourceType = GovernanceRuleOwnerSourceType.Manually,
Value = "user@contoso.com",
},
GovernanceEmailNotification = new GovernanceRuleEmailNotification()
{
IsManagerEmailNotificationDisabled = true,
IsOwnerEmailNotificationDisabled = false,
},
};
ArmOperation<GovernanceRuleResource> lro = await governanceRule.UpdateAsync(WaitUntil.Completed, data);
GovernanceRuleResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
GovernanceRuleData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
応答のサンプル
{
"id": "providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
"name": "ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
"type": "Microsoft.Security/governanceRules",
"properties": {
"tenantId": "f0b6d37b-e4bc-4719-9291-c066c3194f23",
"displayName": "Management group rule",
"description": "A rule for a management group",
"remediationTimeframe": "7.00:00:00",
"isGracePeriod": true,
"rulePriority": 200,
"isDisabled": false,
"ruleType": "Integrated",
"sourceResourceType": "Assessments",
"conditionSets": [
{
"conditions": [
{
"property": "$.AssessmentKey",
"value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
"operator": "In"
}
]
}
],
"ownerSource": {
"type": "Manually",
"value": "user@contoso.com"
},
"governanceEmailNotification": {
"disableManagerEmailNotification": true,
"disableOwnerEmailNotification": false
},
"excludedScopes": [
"/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23"
],
"includeMemberScopes": false,
"metadata": {
"createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"createdOn": "2022-11-10T08:31:26.7993124Z",
"updatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"updatedOn": "2022-11-10T08:31:26.7993124Z"
}
}
}
{
"id": "providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
"name": "ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
"type": "Microsoft.Security/governanceRules",
"properties": {
"tenantId": "f0b6d37b-e4bc-4719-9291-c066c3194f23",
"displayName": "Management group rule",
"description": "A rule for a management group",
"remediationTimeframe": "7.00:00:00",
"isGracePeriod": true,
"rulePriority": 200,
"isDisabled": false,
"ruleType": "Integrated",
"sourceResourceType": "Assessments",
"conditionSets": [
{
"conditions": [
{
"property": "$.AssessmentKey",
"value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
"operator": "In"
}
]
}
],
"ownerSource": {
"type": "Manually",
"value": "user@contoso.com"
},
"governanceEmailNotification": {
"disableManagerEmailNotification": true,
"disableOwnerEmailNotification": false
},
"excludedScopes": [
"/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23"
],
"includeMemberScopes": false,
"metadata": {
"createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"createdOn": "2022-11-10T08:31:26.7993124Z",
"updatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"updatedOn": "2022-11-10T08:31:26.7993124Z"
}
}
}
Create or update governance rule over security connector scope
要求のサンプル
PUT https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8?api-version=2022-01-01-preview
{
"properties": {
"displayName": "GCP Admin's rule",
"description": "A rule on critical GCP recommendations",
"remediationTimeframe": "7.00:00:00",
"isGracePeriod": true,
"rulePriority": 200,
"isDisabled": false,
"ruleType": "Integrated",
"sourceResourceType": "Assessments",
"conditionSets": [
{
"conditions": [
{
"property": "$.AssessmentKey",
"value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
"operator": "In"
}
]
}
],
"ownerSource": {
"type": "Manually",
"value": "user@contoso.com"
},
"governanceEmailNotification": {
"disableManagerEmailNotification": true,
"disableOwnerEmailNotification": false
}
}
}
import com.azure.core.management.serializer.SerializerFactory;
import com.azure.core.util.serializer.SerializerEncoding;
import com.azure.resourcemanager.security.models.GovernanceRuleEmailNotification;
import com.azure.resourcemanager.security.models.GovernanceRuleOwnerSource;
import com.azure.resourcemanager.security.models.GovernanceRuleOwnerSourceType;
import com.azure.resourcemanager.security.models.GovernanceRuleSourceResourceType;
import com.azure.resourcemanager.security.models.GovernanceRuleType;
import java.io.IOException;
import java.util.Arrays;
/**
* Samples for GovernanceRules CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/
* PutSecurityConnectorGovernanceRule_example.json
*/
/**
* Sample code: Create or update governance rule over security connector scope.
*
* @param manager Entry point to SecurityManager.
*/
public static void createOrUpdateGovernanceRuleOverSecurityConnectorScope(
com.azure.resourcemanager.security.SecurityManager manager) throws IOException {
manager.governanceRules().define("ad9a8e26-29d9-4829-bb30-e597a58cdbb8").withExistingScope(
"subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector")
.withDisplayName("GCP Admin's rule").withDescription("A rule on critical GCP recommendations")
.withRemediationTimeframe("7.00:00:00").withIsGracePeriod(true).withRulePriority(200).withIsDisabled(false)
.withRuleType(GovernanceRuleType.INTEGRATED)
.withSourceResourceType(GovernanceRuleSourceResourceType.ASSESSMENTS)
.withConditionSets(Arrays.asList(SerializerFactory.createDefaultManagementSerializerAdapter().deserialize(
"{\"conditions\":[{\"operator\":\"In\",\"property\":\"$.AssessmentKey\",\"value\":\"[\\\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\\\", \\\"fe83f80b-073d-4ccf-93d9-6797eb870201\\\"]\"}]}",
Object.class, SerializerEncoding.JSON)))
.withOwnerSource(new GovernanceRuleOwnerSource().withType(GovernanceRuleOwnerSourceType.MANUALLY)
.withValue("user@contoso.com"))
.withGovernanceEmailNotification(new GovernanceRuleEmailNotification()
.withDisableManagerEmailNotification(true).withDisableOwnerEmailNotification(false))
.create();
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armsecurity_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/PutSecurityConnectorGovernanceRule_example.json
func ExampleGovernanceRulesClient_CreateOrUpdate_createOrUpdateGovernanceRuleOverSecurityConnectorScope() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewGovernanceRulesClient().CreateOrUpdate(ctx, "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector", "ad9a8e26-29d9-4829-bb30-e597a58cdbb8", armsecurity.GovernanceRule{
Properties: &armsecurity.GovernanceRuleProperties{
Description: to.Ptr("A rule on critical GCP recommendations"),
ConditionSets: []any{
map[string]any{
"conditions": []any{
map[string]any{
"operator": "In",
"property": "$.AssessmentKey",
"value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
},
},
}},
DisplayName: to.Ptr("GCP Admin's rule"),
GovernanceEmailNotification: &armsecurity.GovernanceRuleEmailNotification{
DisableManagerEmailNotification: to.Ptr(true),
DisableOwnerEmailNotification: to.Ptr(false),
},
IsDisabled: to.Ptr(false),
IsGracePeriod: to.Ptr(true),
OwnerSource: &armsecurity.GovernanceRuleOwnerSource{
Type: to.Ptr(armsecurity.GovernanceRuleOwnerSourceTypeManually),
Value: to.Ptr("user@contoso.com"),
},
RemediationTimeframe: to.Ptr("7.00:00:00"),
RulePriority: to.Ptr[int32](200),
RuleType: to.Ptr(armsecurity.GovernanceRuleTypeIntegrated),
SourceResourceType: to.Ptr(armsecurity.GovernanceRuleSourceResourceTypeAssessments),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.GovernanceRule = armsecurity.GovernanceRule{
// Name: to.Ptr("ad9a8e26-29d9-4829-bb30-e597a58cdbb8"),
// Type: to.Ptr("Microsoft.Security/governanceRules"),
// ID: to.Ptr("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8"),
// Properties: &armsecurity.GovernanceRuleProperties{
// Description: to.Ptr("A rule on critical GCP recommendations"),
// ConditionSets: []any{
// map[string]any{
// "conditions":[]any{
// map[string]any{
// "operator": "In",
// "property": "$.AssessmentKey",
// "value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
// },
// },
// }},
// DisplayName: to.Ptr("GCP Admin's rule"),
// ExcludedScopes: []*string{
// },
// GovernanceEmailNotification: &armsecurity.GovernanceRuleEmailNotification{
// DisableManagerEmailNotification: to.Ptr(true),
// DisableOwnerEmailNotification: to.Ptr(false),
// },
// IncludeMemberScopes: to.Ptr(false),
// IsDisabled: to.Ptr(false),
// IsGracePeriod: to.Ptr(true),
// Metadata: &armsecurity.GovernanceRuleMetadata{
// CreatedBy: to.Ptr("c23b5354-ff0a-4b2a-9f92-6f144effd936"),
// CreatedOn: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-11-10T08:31:26.799Z"); return t}()),
// UpdatedBy: to.Ptr("c23b5354-ff0a-4b2a-9f92-6f144effd936"),
// UpdatedOn: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-11-10T08:31:26.799Z"); return t}()),
// },
// OwnerSource: &armsecurity.GovernanceRuleOwnerSource{
// Type: to.Ptr(armsecurity.GovernanceRuleOwnerSourceTypeManually),
// Value: to.Ptr("user@contoso.com"),
// },
// RemediationTimeframe: to.Ptr("7.00:00:00"),
// RulePriority: to.Ptr[int32](200),
// RuleType: to.Ptr(armsecurity.GovernanceRuleTypeIntegrated),
// SourceResourceType: to.Ptr(armsecurity.GovernanceRuleSourceResourceTypeAssessments),
// TenantID: to.Ptr("f0b6d37b-e4bc-4719-9291-c066c3194f23"),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Creates or updates a governance rule over a given scope
*
* @summary Creates or updates a governance rule over a given scope
* x-ms-original-file: specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/PutSecurityConnectorGovernanceRule_example.json
*/
async function createOrUpdateGovernanceRuleOverSecurityConnectorScope() {
const scope =
"subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector";
const ruleId = "ad9a8e26-29d9-4829-bb30-e597a58cdbb8";
const governanceRule = {
description: "A rule on critical GCP recommendations",
conditionSets: [
{
conditions: [
{
operator: "In",
property: "$.AssessmentKey",
value:
'["b1cd27e0-4ecc-4246-939f-49c426d9d72f", "fe83f80b-073d-4ccf-93d9-6797eb870201"]',
},
],
},
],
displayName: "GCP Admin's rule",
governanceEmailNotification: {
disableManagerEmailNotification: true,
disableOwnerEmailNotification: false,
},
isDisabled: false,
isGracePeriod: true,
ownerSource: { type: "Manually", value: "user@contoso.com" },
remediationTimeframe: "7.00:00:00",
rulePriority: 200,
ruleType: "Integrated",
sourceResourceType: "Assessments",
};
const credential = new DefaultAzureCredential();
const client = new SecurityCenter(credential);
const result = await client.governanceRules.createOrUpdate(scope, ruleId, governanceRule);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using System;
using System.Collections.Generic;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.SecurityCenter;
using Azure.ResourceManager.SecurityCenter.Models;
// Generated from example definition: specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/PutSecurityConnectorGovernanceRule_example.json
// this example is just showing the usage of "GovernanceRules_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this GovernanceRuleResource created on azure
// for more information of creating GovernanceRuleResource, please refer to the document of GovernanceRuleResource
string scope = "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector";
string ruleId = "ad9a8e26-29d9-4829-bb30-e597a58cdbb8";
ResourceIdentifier governanceRuleResourceId = GovernanceRuleResource.CreateResourceIdentifier(scope, ruleId);
GovernanceRuleResource governanceRule = client.GetGovernanceRuleResource(governanceRuleResourceId);
// invoke the operation
GovernanceRuleData data = new GovernanceRuleData()
{
DisplayName = "GCP Admin's rule",
Description = "A rule on critical GCP recommendations",
RemediationTimeframe = "7.00:00:00",
IsGracePeriod = true,
RulePriority = 200,
IsDisabled = false,
RuleType = GovernanceRuleType.Integrated,
SourceResourceType = GovernanceRuleSourceResourceType.Assessments,
ConditionSets =
{
BinaryData.FromObjectAsJson(new Dictionary<string, object>()
{
["conditions"] = new object[] { new Dictionary<string, object>()
{
["operator"] = "In",
["property"] = "$.AssessmentKey",
["value"] = "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]"} }})
},
OwnerSource = new GovernanceRuleOwnerSource()
{
SourceType = GovernanceRuleOwnerSourceType.Manually,
Value = "user@contoso.com",
},
GovernanceEmailNotification = new GovernanceRuleEmailNotification()
{
IsManagerEmailNotificationDisabled = true,
IsOwnerEmailNotificationDisabled = false,
},
};
ArmOperation<GovernanceRuleResource> lro = await governanceRule.UpdateAsync(WaitUntil.Completed, data);
GovernanceRuleResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
GovernanceRuleData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
応答のサンプル
{
"id": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
"name": "ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
"type": "Microsoft.Security/governanceRules",
"properties": {
"tenantId": "f0b6d37b-e4bc-4719-9291-c066c3194f23",
"displayName": "GCP Admin's rule",
"description": "A rule on critical GCP recommendations",
"remediationTimeframe": "7.00:00:00",
"isGracePeriod": true,
"rulePriority": 200,
"isDisabled": false,
"ruleType": "Integrated",
"sourceResourceType": "Assessments",
"conditionSets": [
{
"conditions": [
{
"property": "$.AssessmentKey",
"value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
"operator": "In"
}
]
}
],
"ownerSource": {
"type": "Manually",
"value": "user@contoso.com"
},
"governanceEmailNotification": {
"disableManagerEmailNotification": true,
"disableOwnerEmailNotification": false
},
"excludedScopes": [],
"includeMemberScopes": false,
"metadata": {
"createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"createdOn": "2022-11-10T08:31:26.7993124Z",
"updatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"updatedOn": "2022-11-10T08:31:26.7993124Z"
}
}
}
{
"id": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
"name": "ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
"type": "Microsoft.Security/governanceRules",
"properties": {
"displayName": "GCP Admin's rule",
"description": "A rule on critical GCP recommendations",
"remediationTimeframe": "7.00:00:00",
"isGracePeriod": true,
"rulePriority": 200,
"isDisabled": false,
"ruleType": "Integrated",
"sourceResourceType": "Assessments",
"conditionSets": [
{
"conditions": [
{
"property": "$.AssessmentKey",
"value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
"operator": "In"
}
]
}
],
"ownerSource": {
"type": "Manually",
"value": "user@contoso.com"
},
"governanceEmailNotification": {
"disableManagerEmailNotification": true,
"disableOwnerEmailNotification": false
},
"excludedScopes": [],
"includeMemberScopes": false,
"metadata": {
"createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"createdOn": "2022-11-10T08:31:26.7993124Z",
"updatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"updatedOn": "2022-11-10T08:31:26.7993124Z"
}
}
}
Create or update governance rule over subscription scope
要求のサンプル
PUT https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8?api-version=2022-01-01-preview
{
"properties": {
"displayName": "Admin's rule",
"description": "A rule for critical recommendations",
"remediationTimeframe": "7.00:00:00",
"isGracePeriod": true,
"rulePriority": 200,
"isDisabled": false,
"ruleType": "Integrated",
"sourceResourceType": "Assessments",
"conditionSets": [
{
"conditions": [
{
"property": "$.AssessmentKey",
"value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
"operator": "In"
}
]
}
],
"ownerSource": {
"type": "Manually",
"value": "user@contoso.com"
},
"governanceEmailNotification": {
"disableManagerEmailNotification": false,
"disableOwnerEmailNotification": false
}
}
}
import com.azure.core.management.serializer.SerializerFactory;
import com.azure.core.util.serializer.SerializerEncoding;
import com.azure.resourcemanager.security.models.GovernanceRuleEmailNotification;
import com.azure.resourcemanager.security.models.GovernanceRuleOwnerSource;
import com.azure.resourcemanager.security.models.GovernanceRuleOwnerSourceType;
import com.azure.resourcemanager.security.models.GovernanceRuleSourceResourceType;
import com.azure.resourcemanager.security.models.GovernanceRuleType;
import java.io.IOException;
import java.util.Arrays;
/**
* Samples for GovernanceRules CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/
* PutGovernanceRule_example.json
*/
/**
* Sample code: Create or update governance rule over subscription scope.
*
* @param manager Entry point to SecurityManager.
*/
public static void createOrUpdateGovernanceRuleOverSubscriptionScope(
com.azure.resourcemanager.security.SecurityManager manager) throws IOException {
manager.governanceRules().define("ad9a8e26-29d9-4829-bb30-e597a58cdbb8")
.withExistingScope("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23").withDisplayName("Admin's rule")
.withDescription("A rule for critical recommendations").withRemediationTimeframe("7.00:00:00")
.withIsGracePeriod(true).withRulePriority(200).withIsDisabled(false)
.withRuleType(GovernanceRuleType.INTEGRATED)
.withSourceResourceType(GovernanceRuleSourceResourceType.ASSESSMENTS)
.withConditionSets(Arrays.asList(SerializerFactory.createDefaultManagementSerializerAdapter().deserialize(
"{\"conditions\":[{\"operator\":\"In\",\"property\":\"$.AssessmentKey\",\"value\":\"[\\\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\\\", \\\"fe83f80b-073d-4ccf-93d9-6797eb870201\\\"]\"}]}",
Object.class, SerializerEncoding.JSON)))
.withOwnerSource(new GovernanceRuleOwnerSource().withType(GovernanceRuleOwnerSourceType.MANUALLY)
.withValue("user@contoso.com"))
.withGovernanceEmailNotification(new GovernanceRuleEmailNotification()
.withDisableManagerEmailNotification(false).withDisableOwnerEmailNotification(false))
.create();
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armsecurity_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/PutGovernanceRule_example.json
func ExampleGovernanceRulesClient_CreateOrUpdate_createOrUpdateGovernanceRuleOverSubscriptionScope() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewGovernanceRulesClient().CreateOrUpdate(ctx, "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23", "ad9a8e26-29d9-4829-bb30-e597a58cdbb8", armsecurity.GovernanceRule{
Properties: &armsecurity.GovernanceRuleProperties{
Description: to.Ptr("A rule for critical recommendations"),
ConditionSets: []any{
map[string]any{
"conditions": []any{
map[string]any{
"operator": "In",
"property": "$.AssessmentKey",
"value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
},
},
}},
DisplayName: to.Ptr("Admin's rule"),
GovernanceEmailNotification: &armsecurity.GovernanceRuleEmailNotification{
DisableManagerEmailNotification: to.Ptr(false),
DisableOwnerEmailNotification: to.Ptr(false),
},
IsDisabled: to.Ptr(false),
IsGracePeriod: to.Ptr(true),
OwnerSource: &armsecurity.GovernanceRuleOwnerSource{
Type: to.Ptr(armsecurity.GovernanceRuleOwnerSourceTypeManually),
Value: to.Ptr("user@contoso.com"),
},
RemediationTimeframe: to.Ptr("7.00:00:00"),
RulePriority: to.Ptr[int32](200),
RuleType: to.Ptr(armsecurity.GovernanceRuleTypeIntegrated),
SourceResourceType: to.Ptr(armsecurity.GovernanceRuleSourceResourceTypeAssessments),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.GovernanceRule = armsecurity.GovernanceRule{
// Name: to.Ptr("ad9a8e26-29d9-4829-bb30-e597a58cdbb8"),
// Type: to.Ptr("Microsoft.Security/governanceRules"),
// ID: to.Ptr("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8"),
// Properties: &armsecurity.GovernanceRuleProperties{
// Description: to.Ptr("A rule for critical recommendations"),
// ConditionSets: []any{
// map[string]any{
// "conditions":[]any{
// map[string]any{
// "operator": "In",
// "property": "$.AssessmentKey",
// "value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
// },
// },
// }},
// DisplayName: to.Ptr("Admin's rule"),
// ExcludedScopes: []*string{
// },
// GovernanceEmailNotification: &armsecurity.GovernanceRuleEmailNotification{
// DisableManagerEmailNotification: to.Ptr(false),
// DisableOwnerEmailNotification: to.Ptr(false),
// },
// IncludeMemberScopes: to.Ptr(false),
// IsDisabled: to.Ptr(false),
// IsGracePeriod: to.Ptr(true),
// Metadata: &armsecurity.GovernanceRuleMetadata{
// CreatedBy: to.Ptr("c23b5354-ff0a-4b2a-9f92-6f144effd936"),
// CreatedOn: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-11-10T08:31:26.799Z"); return t}()),
// UpdatedBy: to.Ptr("c23b5354-ff0a-4b2a-9f92-6f144effd936"),
// UpdatedOn: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-11-10T08:31:26.799Z"); return t}()),
// },
// OwnerSource: &armsecurity.GovernanceRuleOwnerSource{
// Type: to.Ptr(armsecurity.GovernanceRuleOwnerSourceTypeManually),
// Value: to.Ptr("user@contoso.com"),
// },
// RemediationTimeframe: to.Ptr("7.00:00:00"),
// RulePriority: to.Ptr[int32](200),
// RuleType: to.Ptr(armsecurity.GovernanceRuleTypeIntegrated),
// SourceResourceType: to.Ptr(armsecurity.GovernanceRuleSourceResourceTypeAssessments),
// TenantID: to.Ptr("f0b6d37b-e4bc-4719-9291-c066c3194f23"),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Creates or updates a governance rule over a given scope
*
* @summary Creates or updates a governance rule over a given scope
* x-ms-original-file: specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/PutGovernanceRule_example.json
*/
async function createOrUpdateGovernanceRuleOverSubscriptionScope() {
const scope = "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23";
const ruleId = "ad9a8e26-29d9-4829-bb30-e597a58cdbb8";
const governanceRule = {
description: "A rule for critical recommendations",
conditionSets: [
{
conditions: [
{
operator: "In",
property: "$.AssessmentKey",
value:
'["b1cd27e0-4ecc-4246-939f-49c426d9d72f", "fe83f80b-073d-4ccf-93d9-6797eb870201"]',
},
],
},
],
displayName: "Admin's rule",
governanceEmailNotification: {
disableManagerEmailNotification: false,
disableOwnerEmailNotification: false,
},
isDisabled: false,
isGracePeriod: true,
ownerSource: { type: "Manually", value: "user@contoso.com" },
remediationTimeframe: "7.00:00:00",
rulePriority: 200,
ruleType: "Integrated",
sourceResourceType: "Assessments",
};
const credential = new DefaultAzureCredential();
const client = new SecurityCenter(credential);
const result = await client.governanceRules.createOrUpdate(scope, ruleId, governanceRule);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using System;
using System.Collections.Generic;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.SecurityCenter;
using Azure.ResourceManager.SecurityCenter.Models;
// Generated from example definition: specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/PutGovernanceRule_example.json
// this example is just showing the usage of "GovernanceRules_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this GovernanceRuleResource created on azure
// for more information of creating GovernanceRuleResource, please refer to the document of GovernanceRuleResource
string scope = "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23";
string ruleId = "ad9a8e26-29d9-4829-bb30-e597a58cdbb8";
ResourceIdentifier governanceRuleResourceId = GovernanceRuleResource.CreateResourceIdentifier(scope, ruleId);
GovernanceRuleResource governanceRule = client.GetGovernanceRuleResource(governanceRuleResourceId);
// invoke the operation
GovernanceRuleData data = new GovernanceRuleData()
{
DisplayName = "Admin's rule",
Description = "A rule for critical recommendations",
RemediationTimeframe = "7.00:00:00",
IsGracePeriod = true,
RulePriority = 200,
IsDisabled = false,
RuleType = GovernanceRuleType.Integrated,
SourceResourceType = GovernanceRuleSourceResourceType.Assessments,
ConditionSets =
{
BinaryData.FromObjectAsJson(new Dictionary<string, object>()
{
["conditions"] = new object[] { new Dictionary<string, object>()
{
["operator"] = "In",
["property"] = "$.AssessmentKey",
["value"] = "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]"} }})
},
OwnerSource = new GovernanceRuleOwnerSource()
{
SourceType = GovernanceRuleOwnerSourceType.Manually,
Value = "user@contoso.com",
},
GovernanceEmailNotification = new GovernanceRuleEmailNotification()
{
IsManagerEmailNotificationDisabled = false,
IsOwnerEmailNotificationDisabled = false,
},
};
ArmOperation<GovernanceRuleResource> lro = await governanceRule.UpdateAsync(WaitUntil.Completed, data);
GovernanceRuleResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
GovernanceRuleData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
応答のサンプル
{
"id": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
"name": "ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
"type": "Microsoft.Security/governanceRules",
"properties": {
"tenantId": "f0b6d37b-e4bc-4719-9291-c066c3194f23",
"displayName": "Admin's rule",
"description": "A rule for critical recommendations",
"remediationTimeframe": "7.00:00:00",
"isGracePeriod": true,
"rulePriority": 200,
"isDisabled": false,
"ruleType": "Integrated",
"sourceResourceType": "Assessments",
"conditionSets": [
{
"conditions": [
{
"property": "$.AssessmentKey",
"value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
"operator": "In"
}
]
}
],
"ownerSource": {
"type": "Manually",
"value": "user@contoso.com"
},
"governanceEmailNotification": {
"disableManagerEmailNotification": false,
"disableOwnerEmailNotification": false
},
"excludedScopes": [],
"includeMemberScopes": false,
"metadata": {
"createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"createdOn": "2022-11-10T08:31:26.7993124Z",
"updatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"updatedOn": "2022-11-10T08:31:26.7993124Z"
}
}
}
{
"id": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
"name": "ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
"type": "Microsoft.Security/governanceRules",
"properties": {
"tenantId": "f0b6d37b-e4bc-4719-9291-c066c3194f23",
"displayName": "Admin's rule",
"description": "A rule for critical recommendations",
"remediationTimeframe": "7.00:00:00",
"isGracePeriod": true,
"rulePriority": 200,
"isDisabled": false,
"ruleType": "Integrated",
"sourceResourceType": "Assessments",
"conditionSets": [
{
"conditions": [
{
"property": "$.AssessmentKey",
"value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
"operator": "In"
}
]
}
],
"ownerSource": {
"type": "Manually",
"value": "user@contoso.com"
},
"governanceEmailNotification": {
"disableManagerEmailNotification": false,
"disableOwnerEmailNotification": false
},
"excludedScopes": [],
"includeMemberScopes": false,
"metadata": {
"createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"createdOn": "2022-11-10T08:31:26.7993124Z",
"updatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"updatedOn": "2022-11-10T08:31:26.7993124Z"
}
}
}
定義
CloudError
失敗した操作のエラーの詳細を返す、すべての Azure Resource Manager API の一般的なエラー応答。 (これは、OData エラー応答形式にも従います)。
| 名前 |
型 |
説明 |
|
error.additionalInfo
|
ErrorAdditionalInfo[]
|
エラーの追加情報。
|
|
error.code
|
string
|
エラー コード。
|
|
error.details
|
CloudErrorBody[]
|
エラーの詳細。
|
|
error.message
|
string
|
エラー メッセージ。
|
|
error.target
|
string
|
エラーターゲット。
|
CloudErrorBody
エラーの詳細。
Condition
ガバナンス ルールの条件
| 名前 |
型 |
説明 |
|
operator
|
GovernanceRuleConditionOperator
|
ガバナンス ルール条件の演算子 (重大度の場合は Equals、評価の一覧については In など) を参照してください。
|
|
property
|
string
|
ガバナンス ルール条件のプロパティ (重大度や AssessmentKey など) は、例を参照してください。
|
|
value
|
string
|
ガバナンス ルールの条件の値 (重大度が低、高、評価キーなど) は、例を参照してください
|
ErrorAdditionalInfo
リソース管理エラーの追加情報。
| 名前 |
型 |
説明 |
|
info
|
object
|
追加情報。
|
|
type
|
string
|
追加情報の種類。
|
GovernanceRule
特定のスコープに対するガバナンス ルール
| 名前 |
型 |
説明 |
|
id
|
string
|
リソース ID
|
|
name
|
string
|
リソース名
|
|
properties.conditionSets
|
Condition[]
|
ガバナンス ルールの conditionSets - 例を参照してください
|
|
properties.description
|
string
|
ガバナンス 規則の説明
|
|
properties.displayName
|
string
|
ガバナンス 規則の表示名
|
|
properties.excludedScopes
|
string[]
|
除外されたスコープ、スコープの子孫を除外する (管理スコープの場合)
|
|
properties.governanceEmailNotification
|
GovernanceRuleEmailNotification
|
ガバナンス ルールの電子メール通知設定では、管理人と所有者の通知を無効にするかどうかを示します
|
|
properties.includeMemberScopes
|
boolean
|
ルールが管理スコープ ルール (単一のスコープとしてマスター コネクタまたは管理スコープ) であるかどうかを定義します。
|
|
properties.isDisabled
|
boolean
|
ルールがアクティブ/非アクティブかどうかを定義します
|
|
properties.isGracePeriod
|
boolean
|
ガバナンス ルールに猶予期間があるかどうかを定義します
|
|
properties.metadata
|
GovernanceRuleMetadata
|
ガバナンス 規則のメタデータ
|
|
properties.ownerSource
|
GovernanceRuleOwnerSource
|
ガバナンス ルールの所有者ソース (例: user@contoso.com による手動) は、例を参照してください
|
|
properties.remediationTimeframe
|
string
|
ガバナンス ルールの修復期間 - これは猶予期間期間に影響を与える時間です (例: 7.00:00:00 - 7 日間)
|
|
properties.rulePriority
|
integer
|
ガバナンス ルールの優先順位。優先順位は低い数値です。 同じスコープで同じ優先度を持つルールは許可されません
|
|
properties.ruleType
|
GovernanceRuleType
|
ガバナンス ルールのルールの種類は、ルールのソースを定義します (例: 統合
|
|
properties.sourceResourceType
|
GovernanceRuleSourceResourceType
|
ガバナンス ルールのソース。ルールが影響を受ける内容 (評価など)
|
|
properties.tenantId
|
string
|
tenantId (GUID)
|
|
type
|
string
|
リソースの種類
|
GovernanceRuleConditionOperator
ガバナンス ルール条件の演算子 (重大度の場合は Equals、評価の一覧については In など) を参照してください。
| 名前 |
型 |
説明 |
|
Equals
|
string
|
Property で定義されているデータの文字列値が、指定された値と等しいことを確認します 。
|
|
In
|
string
|
Property で定義されているデータの文字列値が、指定された値のいずれかと等しいことを確認します (正確に適合)
|
GovernanceRuleEmailNotification
ガバナンス電子メールの週次通知の構成
| 名前 |
型 |
説明 |
|
disableManagerEmailNotification
|
boolean
|
マネージャーの電子メール通知を無効にするかどうかを定義します
|
|
disableOwnerEmailNotification
|
boolean
|
所有者の電子メール通知を無効にするかどうかを定義します
|
ガバナンス 規則のメタデータ
| 名前 |
型 |
説明 |
|
createdBy
|
string
|
オブジェクト ID (GUID) によって作成されたガバナンス ルール
|
|
createdOn
|
string
|
ガバナンス ルールの作成日
|
|
updatedBy
|
string
|
オブジェクト ID (GUID) によって最後に更新されたガバナンス ルール
|
|
updatedOn
|
string
|
ガバナンス ルールの最終更新日
|
GovernanceRuleOwnerSource
ガバナンス 規則の所有者ソースについて説明する
GovernanceRuleOwnerSourceType
ガバナンス ルール所有者ソースの所有者の種類
| 名前 |
型 |
説明 |
|
ByTag
|
string
|
リソース タグを使用して定義されたルール ソースの種類
|
|
Manually
|
string
|
手動で定義されたルール ソースの種類
|
GovernanceRuleSourceResourceType
ガバナンス ルールのソース。ルールが影響を受ける内容 (評価など)
| 名前 |
型 |
説明 |
|
Assessments
|
string
|
ガバナンス ルールのソースは評価です
|
GovernanceRuleType
ガバナンス ルールのルールの種類は、ルールのソースを定義します (例: 統合
| 名前 |
型 |
説明 |
|
Integrated
|
string
|
ルールの種類の定義のソースが統合されている
|
|
ServiceNow
|
string
|
規則の種類の定義のソースは ServiceNow です
|