Jit Network Access Policies - Get

Service:

Defender for Cloud

API-versie:

2020-01-01

Beleid voor het beveiligen van resources met Just-In-Time-toegangsbeheer voor het abonnement, de locatie

GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/locations/{ascLocation}/jitNetworkAccessPolicies/{jitNetworkAccessPolicyName}?api-version=2020-01-01

URI-parameters

Name	In	Vereist	Type	Description
ascLocation	path	True	string	De locatie waar ASC de gegevens van het abonnement opslaat. kan worden opgehaald uit Get-locaties
jitNetworkAccessPolicyName	path	True	string	Naam van een Just-In-Time-toegangsconfiguratiebeleid.
resourceGroupName	path	True	string	De naam van de resourcegroep binnen het abonnement van de gebruiker. De naam is niet hoofdlettergevoelig. Regex-patroon: ^[-\w\._\(\)]+$
subscriptionId	path	True	string	Azure-abonnements-id Regex-patroon: ^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$
api-version	query	True	string	API-versie voor de bewerking

Antwoorden

Name	Type	Description
200 OK	JitNetworkAccessPolicy	OK
Other Status Codes	CloudError	Foutreactie waarin wordt beschreven waarom de bewerking is mislukt.

Beveiliging

azure_auth

Azure Active Directory OAuth2-stroom

Type: oauth2
Stroom: implicit
Autorisatie-URL: https://login.microsoftonline.com/common/oauth2/authorize

Bereiken

Name	Description
user_impersonation	Uw gebruikersaccount imiteren

Voorbeelden

Get JIT network access policy

Voorbeeldaanvraag

HTTP

GET https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/jitNetworkAccessPolicies/default?api-version=2020-01-01

Java

/**
 * Samples for JitNetworkAccessPolicies Get.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/JitNetworkAccessPolicies/
     * GetJitNetworkAccessPolicy_example.json
     */
    /**
     * Sample code: Get JIT network access policy.
     * 
     * @param manager Entry point to SecurityManager.
     */
    public static void getJITNetworkAccessPolicy(com.azure.resourcemanager.security.SecurityManager manager) {
        manager.jitNetworkAccessPolicies().getWithResponse("myRg1", "westeurope", "default",
            com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armsecurity_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/JitNetworkAccessPolicies/GetJitNetworkAccessPolicy_example.json
func ExampleJitNetworkAccessPoliciesClient_Get() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewJitNetworkAccessPoliciesClient().Get(ctx, "myRg1", "westeurope", "default", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.JitNetworkAccessPolicy = armsecurity.JitNetworkAccessPolicy{
	// 	Kind: to.Ptr("Basic"),
	// 	Location: to.Ptr("westeurope"),
	// 	Name: to.Ptr("default"),
	// 	Type: to.Ptr("Microsoft.Security/locations/jitNetworkAccessPolicies"),
	// 	ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/jitNetworkAccessPolicies/default"),
	// 	Properties: &armsecurity.JitNetworkAccessPolicyProperties{
	// 		ProvisioningState: to.Ptr("Succeeded"),
	// 		Requests: []*armsecurity.JitNetworkAccessRequest{
	// 			{
	// 				Justification: to.Ptr("testing a new version of the product"),
	// 				Requestor: to.Ptr("barbara@contoso.com"),
	// 				StartTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2018-05-17T08:06:45.569Z"); return t}()),
	// 				VirtualMachines: []*armsecurity.JitNetworkAccessRequestVirtualMachine{
	// 					{
	// 						ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1"),
	// 						Ports: []*armsecurity.JitNetworkAccessRequestPort{
	// 							{
	// 								AllowedSourceAddressPrefix: to.Ptr("192.127.0.2"),
	// 								EndTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2018-05-17T09:06:45.569Z"); return t}()),
	// 								Number: to.Ptr[int32](3389),
	// 								Status: to.Ptr(armsecurity.StatusInitiated),
	// 								StatusReason: to.Ptr(armsecurity.StatusReasonUserRequested),
	// 						}},
	// 				}},
	// 		}},
	// 		VirtualMachines: []*armsecurity.JitNetworkAccessPolicyVirtualMachine{
	// 			{
	// 				ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1"),
	// 				Ports: []*armsecurity.JitNetworkAccessPortRule{
	// 					{
	// 						AllowedSourceAddressPrefix: to.Ptr("*"),
	// 						MaxRequestAccessDuration: to.Ptr("PT3H"),
	// 						Number: to.Ptr[int32](22),
	// 						Protocol: to.Ptr(armsecurity.ProtocolAll),
	// 					},
	// 					{
	// 						AllowedSourceAddressPrefix: to.Ptr("*"),
	// 						MaxRequestAccessDuration: to.Ptr("PT3H"),
	// 						Number: to.Ptr[int32](3389),
	// 						Protocol: to.Ptr(armsecurity.ProtocolAll),
	// 				}},
	// 		}},
	// 	},
	// }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Policies for protecting resources using Just-in-Time access control for the subscription, location
 *
 * @summary Policies for protecting resources using Just-in-Time access control for the subscription, location
 * x-ms-original-file: specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/JitNetworkAccessPolicies/GetJitNetworkAccessPolicy_example.json
 */
async function getJitNetworkAccessPolicy() {
  const subscriptionId =
    process.env["SECURITY_SUBSCRIPTION_ID"] || "20ff7fc3-e762-44dd-bd96-b71116dcdc23";
  const resourceGroupName = process.env["SECURITY_RESOURCE_GROUP"] || "myRg1";
  const ascLocation = "westeurope";
  const jitNetworkAccessPolicyName = "default";
  const credential = new DefaultAzureCredential();
  const client = new SecurityCenter(credential, subscriptionId);
  const result = await client.jitNetworkAccessPolicies.get(
    resourceGroupName,
    ascLocation,
    jitNetworkAccessPolicyName,
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

dotnet

using System;
using System.Threading.Tasks;
using System.Xml;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.SecurityCenter;
using Azure.ResourceManager.SecurityCenter.Models;

// Generated from example definition: specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/JitNetworkAccessPolicies/GetJitNetworkAccessPolicy_example.json
// this example is just showing the usage of "JitNetworkAccessPolicies_Get" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this JitNetworkAccessPolicyResource created on azure
// for more information of creating JitNetworkAccessPolicyResource, please refer to the document of JitNetworkAccessPolicyResource
string subscriptionId = "20ff7fc3-e762-44dd-bd96-b71116dcdc23";
string resourceGroupName = "myRg1";
AzureLocation ascLocation = new AzureLocation("westeurope");
string jitNetworkAccessPolicyName = "default";
ResourceIdentifier jitNetworkAccessPolicyResourceId = JitNetworkAccessPolicyResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, ascLocation, jitNetworkAccessPolicyName);
JitNetworkAccessPolicyResource jitNetworkAccessPolicy = client.GetJitNetworkAccessPolicyResource(jitNetworkAccessPolicyResourceId);

// invoke the operation
JitNetworkAccessPolicyResource result = await jitNetworkAccessPolicy.GetAsync();

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
JitNetworkAccessPolicyData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Voorbeeldrespons

Statuscode:

200

{
  "kind": "Basic",
  "properties": {
    "virtualMachines": [
      {
        "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
        "ports": [
          {
            "number": 22,
            "protocol": "*",
            "allowedSourceAddressPrefix": "*",
            "maxRequestAccessDuration": "PT3H"
          },
          {
            "number": 3389,
            "protocol": "*",
            "allowedSourceAddressPrefix": "*",
            "maxRequestAccessDuration": "PT3H"
          }
        ]
      }
    ],
    "requests": [
      {
        "virtualMachines": [
          {
            "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
            "ports": [
              {
                "number": 3389,
                "allowedSourceAddressPrefix": "192.127.0.2",
                "endTimeUtc": "2018-05-17T09:06:45.5691611Z",
                "status": "Initiated",
                "statusReason": "UserRequested"
              }
            ]
          }
        ],
        "startTimeUtc": "2018-05-17T08:06:45.5691611Z",
        "requestor": "barbara@contoso.com",
        "justification": "testing a new version of the product"
      }
    ],
    "provisioningState": "Succeeded"
  },
  "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/jitNetworkAccessPolicies/default",
  "name": "default",
  "type": "Microsoft.Security/locations/jitNetworkAccessPolicies",
  "location": "westeurope"
}

Definities

Name	Description
CloudError	Veelvoorkomende foutreactie voor alle Azure Resource Manager-API's om foutdetails te retourneren voor mislukte bewerkingen. (Dit volgt ook de OData-foutreactieindeling.)
CloudErrorBody	De foutdetails.
ErrorAdditionalInfo	Aanvullende informatie over de resourcebeheerfout.
JitNetworkAccessPolicy
JitNetworkAccessPolicyVirtualMachine
JitNetworkAccessPortRule
JitNetworkAccessRequest
JitNetworkAccessRequestPort
JitNetworkAccessRequestVirtualMachine
protocol
status	De status van de poort
statusReason	Een beschrijving van de reden waarom de status de waarde heeft

CloudError

Veelvoorkomende foutreactie voor alle Azure Resource Manager-API's om foutdetails te retourneren voor mislukte bewerkingen. (Dit volgt ook de OData-foutreactieindeling.)

Name	Type	Description
error.additionalInfo	ErrorAdditionalInfo[]	De fout bevat aanvullende informatie.
error.code	string	De foutcode.
error.details	CloudErrorBody[]	De foutdetails.
error.message	string	Het foutbericht.
error.target	string	Het foutdoel.

CloudErrorBody

De foutdetails.

Name	Type	Description
additionalInfo	ErrorAdditionalInfo[]	De fout bevat aanvullende informatie.
code	string	De foutcode.
details	CloudErrorBody[]	De foutdetails.
message	string	Het foutbericht.
target	string	Het foutdoel.

ErrorAdditionalInfo

Aanvullende informatie over de resourcebeheerfout.

Name	Type	Description
info	object	De aanvullende informatie.
type	string	Het extra informatietype.

JitNetworkAccessPolicy

Name	Type	Description
id	string	Resource-id
kind	string	Soort resource
location	string	Locatie waar de resource is opgeslagen
name	string	Resourcenaam
properties.provisioningState	string	Hiermee haalt u de inrichtingsstatus van het Just-In-Time-beleid op.
properties.requests	JitNetworkAccessRequest[]
properties.virtualMachines	JitNetworkAccessPolicyVirtualMachine[]	Configuraties voor het resourcetype Microsoft.Compute/virtualMachines.
type	string	Resourcetype

JitNetworkAccessPolicyVirtualMachine

Name	Type	Description
id	string	Resource-id van de virtuele machine die is gekoppeld aan dit beleid
ports	JitNetworkAccessPortRule[]	Poortconfiguraties voor de virtuele machine
publicIpAddress	string	Openbaar IP-adres van de Azure Firewall die is gekoppeld aan dit beleid, indien van toepassing

JitNetworkAccessPortRule

Name	Type	Description
allowedSourceAddressPrefix	string	Wederzijds exclusief met de parameter allowedSourceAddressPrefixes. Moet een IP-adres of CIDR zijn, bijvoorbeeld '192.168.0.3' of '192.168.0.0/16'.
allowedSourceAddressPrefixes	string[]	Sluiten elkaar wederzijds uit met de parameter allowedSourceAddressPrefix.
maxRequestAccessDuration	string	Aanvragen voor maximale duur kunnen worden ingediend. In ISO 8601-duurnotatie. Minimaal 5 minuten, maximaal 1 dag
number	integer
protocol	protocol

JitNetworkAccessRequest

Name	Type	Description
justification	string	De reden voor het indienen van de initieeraanvraag
requestor	string	De identiteit van de persoon die het verzoek heeft ingediend
startTimeUtc	string	De begintijd van de aanvraag in UTC
virtualMachines	JitNetworkAccessRequestVirtualMachine[]

JitNetworkAccessRequestPort

Name	Type	Description
allowedSourceAddressPrefix	string	Wederzijds exclusief met de parameter allowedSourceAddressPrefixes. Moet een IP-adres of CIDR zijn, bijvoorbeeld '192.168.0.3' of '192.168.0.0/16'.
allowedSourceAddressPrefixes	string[]	Sluiten elkaar wederzijds uit met de parameter allowedSourceAddressPrefix.
endTimeUtc	string	De datum & tijdstip waarop de aanvraag eindigt in UTC
mappedPort	integer	De poort die is toegewezen aan de number van deze poort in de Azure Firewall, indien van toepassing
number	integer
status	status	De status van de poort
statusReason	statusReason	Een beschrijving van de reden waarom de status de waarde heeft

JitNetworkAccessRequestVirtualMachine

Name	Type	Description
id	string	Resource-id van de virtuele machine die is gekoppeld aan dit beleid
ports	JitNetworkAccessRequestPort[]	De poorten die zijn geopend voor de virtuele machine

protocol

Name	Type	Description
*	string
TCP	string
UDP	string

status

De status van de poort

Name	Type	Description
Initiated	string
Revoked	string

statusReason

Een beschrijving van de reden waarom de status de waarde heeft

Name	Type	Description
Expired	string
NewerRequestInitiated	string
UserRequested	string