Jit Network Access Policies - Initiate

Referência

Service:: Defender for Cloud

API Version:: 2020-01-01

Inicie um acesso JIT de uma configuração de política just-in-time específica.

POST https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/locations/{ascLocation}/jitNetworkAccessPolicies/{jitNetworkAccessPolicyName}/initiate?api-version=2020-01-01

Parâmetros de URI

Nome	Em	Obrigatório	Tipo	Description
ascLocation	path	True	string	O local em que o ASC armazena os dados da assinatura. pode ser recuperado de Obter locais
jitNetworkAccessPolicyInitiateType	path	True	JitNetworkAccessPolicyInitiateType	Tipo da ação a ser feito na política de acesso Just-In-Time.
jitNetworkAccessPolicyName	path	True	string	Nome de uma política de configuração de acesso Just-In-Time.
resourceGroupName	path	True	string	O nome do grupo de recursos na assinatura do usuário. O nome diferencia maiúsculas de minúsculas. Regex pattern: `^[-\w\._]+$`
subscriptionId	path	True	string	ID de assinatura do Azure Regex pattern: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`
api-version	query	True	string	Versão da API para a operação

Corpo da solicitação

Nome	Obrigatório	Tipo	Description
virtualMachines	True	JitNetworkAccessPolicyInitiateVirtualMachine[]	Uma lista de máquinas virtuais & portas para abrir o acesso para
justification		string	A justificativa para fazer a solicitação de início

Respostas

Nome	Tipo	Description
202 Accepted	JitNetworkAccessRequest	Aceito
Other Status Codes	CloudError	Resposta de erro que descreve por que a operação falhou.

Segurança

azure_auth

Fluxo do OAuth2 do Azure Active Directory

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Nome	Description
user_impersonation	representar sua conta de usuário

Exemplos

Initiate an action on a JIT network access policy

Sample Request

POST https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/jitNetworkAccessPolicies/default/initiate?api-version=2020-01-01

{
  "virtualMachines": [
    {
      "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
      "ports": [
        {
          "number": 3389,
          "duration": "PT1H",
          "allowedSourceAddressPrefix": "192.127.0.2"
        }
      ]
    }
  ],
  "justification": "testing a new version of the product"
}

import com.azure.resourcemanager.security.models.JitNetworkAccessPolicyInitiatePort;
import com.azure.resourcemanager.security.models.JitNetworkAccessPolicyInitiateRequest;
import com.azure.resourcemanager.security.models.JitNetworkAccessPolicyInitiateVirtualMachine;
import java.util.Arrays;

/** Samples for JitNetworkAccessPolicies Initiate. */
public final class Main {
    /*
     * x-ms-original-file: specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/JitNetworkAccessPolicies/InitiateJitNetworkAccessPolicy_example.json
     */
    /**
     * Sample code: Initiate an action on a JIT network access policy.
     *
     * @param manager Entry point to SecurityManager.
     */
    public static void initiateAnActionOnAJITNetworkAccessPolicy(
        com.azure.resourcemanager.security.SecurityManager manager) {
        manager
            .jitNetworkAccessPolicies()
            .initiateWithResponse(
                "myRg1",
                "westeurope",
                "default",
                new JitNetworkAccessPolicyInitiateRequest()
                    .withVirtualMachines(
                        Arrays
                            .asList(
                                new JitNetworkAccessPolicyInitiateVirtualMachine()
                                    .withId(
                                        "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1")
                                    .withPorts(
                                        Arrays
                                            .asList(
                                                new JitNetworkAccessPolicyInitiatePort()
                                                    .withNumber(3389)
                                                    .withAllowedSourceAddressPrefix("192.127.0.2")))))
                    .withJustification("testing a new version of the product"),
                com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armsecurity_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/JitNetworkAccessPolicies/InitiateJitNetworkAccessPolicy_example.json
func ExampleJitNetworkAccessPoliciesClient_Initiate() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	_, err = clientFactory.NewJitNetworkAccessPoliciesClient().Initiate(ctx, "myRg1", "westeurope", "default", armsecurity.JitNetworkAccessPolicyInitiateRequest{
		Justification: to.Ptr("testing a new version of the product"),
		VirtualMachines: []*armsecurity.JitNetworkAccessPolicyInitiateVirtualMachine{
			{
				ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1"),
				Ports: []*armsecurity.JitNetworkAccessPolicyInitiatePort{
					{
						AllowedSourceAddressPrefix: to.Ptr("192.127.0.2"),
						Number:                     to.Ptr[int32](3389),
					}},
			}},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Initiate a JIT access from a specific Just-in-Time policy configuration.
 *
 * @summary Initiate a JIT access from a specific Just-in-Time policy configuration.
 * x-ms-original-file: specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/JitNetworkAccessPolicies/InitiateJitNetworkAccessPolicy_example.json
 */
async function initiateAnActionOnAJitNetworkAccessPolicy() {
  const subscriptionId =
    process.env["SECURITY_SUBSCRIPTION_ID"] || "20ff7fc3-e762-44dd-bd96-b71116dcdc23";
  const resourceGroupName = process.env["SECURITY_RESOURCE_GROUP"] || "myRg1";
  const ascLocation = "westeurope";
  const jitNetworkAccessPolicyName = "default";
  const body = {
    justification: "testing a new version of the product",
    virtualMachines: [
      {
        id: "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
        ports: [
          { allowedSourceAddressPrefix: "192.127.0.2", number: 3389, endTimeUtc: new Date() },
        ],
      },
    ],
  };
  const credential = new DefaultAzureCredential();
  const client = new SecurityCenter(credential, subscriptionId);
  const result = await client.jitNetworkAccessPolicies.initiate(
    resourceGroupName,
    ascLocation,
    jitNetworkAccessPolicyName,
    body,
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

using System;
using System.Threading.Tasks;
using System.Xml;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.SecurityCenter;
using Azure.ResourceManager.SecurityCenter.Models;

// Generated from example definition: specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/JitNetworkAccessPolicies/InitiateJitNetworkAccessPolicy_example.json
// this example is just showing the usage of "JitNetworkAccessPolicies_Initiate" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this JitNetworkAccessPolicyResource created on azure
// for more information of creating JitNetworkAccessPolicyResource, please refer to the document of JitNetworkAccessPolicyResource
string subscriptionId = "20ff7fc3-e762-44dd-bd96-b71116dcdc23";
string resourceGroupName = "myRg1";
AzureLocation ascLocation = new AzureLocation("westeurope");
string jitNetworkAccessPolicyName = "default";
ResourceIdentifier jitNetworkAccessPolicyResourceId = JitNetworkAccessPolicyResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, ascLocation, jitNetworkAccessPolicyName);
JitNetworkAccessPolicyResource jitNetworkAccessPolicy = client.GetJitNetworkAccessPolicyResource(jitNetworkAccessPolicyResourceId);

// invoke the operation
JitNetworkAccessPolicyInitiateContent content = new JitNetworkAccessPolicyInitiateContent(new JitNetworkAccessPolicyInitiateVirtualMachine[]
{
new JitNetworkAccessPolicyInitiateVirtualMachine(new ResourceIdentifier("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1"),new JitNetworkAccessPolicyInitiatePort[]
{
new JitNetworkAccessPolicyInitiatePort(3389,DateTimeOffset.Parse("placeholder"))
{
AllowedSourceAddressPrefix = "192.127.0.2",
}
})
})
{
    Justification = "testing a new version of the product",
};
JitNetworkAccessRequestInfo result = await jitNetworkAccessPolicy.InitiateAsync(content);

Console.WriteLine($"Succeeded: {result}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:: 202

{
  "virtualMachines": [
    {
      "id": "/subscriptions/3eeab341-f466-499c-a8be-85427e154baf/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
      "ports": [
        {
          "number": 3389,
          "allowedSourceAddressPrefix": "192.127.0.2",
          "endTimeUtc": "2018-07-12T09:53:03.3658798Z",
          "status": "Initiating",
          "statusReason": "UserRequested"
        }
      ]
    }
  ],
  "startTimeUtc": "2018-07-12T08:53:03.3658798Z",
  "requestor": "barbara@contoso.com",
  "justification": "testing a new version of the product"
}

Definições

Nome	Description
CloudError	Resposta de erro comum para todas as APIs do Azure Resource Manager para retornar detalhes de erro de operações com falha. (Isso também segue o formato de resposta de erro OData.).
CloudErrorBody	Os detalhes do erro.
ErrorAdditionalInfo	As informações adicionais do erro de gerenciamento de recursos.
JitNetworkAccessPolicyInitiatePort
JitNetworkAccessPolicyInitiateRequest
JitNetworkAccessPolicyInitiateType	Tipo da ação a ser feito na política de acesso Just-In-Time.
JitNetworkAccessPolicyInitiateVirtualMachine
JitNetworkAccessRequest
JitNetworkAccessRequestPort
JitNetworkAccessRequestVirtualMachine
status	O status da porta
statusReason	Uma descrição de por que o `status` tem seu valor

CloudError

Resposta de erro comum para todas as APIs do Azure Resource Manager para retornar detalhes de erro de operações com falha. (Isso também segue o formato de resposta de erro OData.).

Nome	Tipo	Description
error.additionalInfo	ErrorAdditionalInfo[]	As informações adicionais do erro.
error.code	string	O código de erro.
error.details	CloudErrorBody[]	Os detalhes do erro.
error.message	string	A mensagem de erro.
error.target	string	O destino do erro.

CloudErrorBody

Os detalhes do erro.

Nome	Tipo	Description
additionalInfo	ErrorAdditionalInfo[]	As informações adicionais do erro.
code	string	O código de erro.
details	CloudErrorBody[]	Os detalhes do erro.
message	string	A mensagem de erro.
target	string	O destino do erro.

ErrorAdditionalInfo

As informações adicionais do erro de gerenciamento de recursos.

Nome	Tipo	Description
info	object	As informações adicionais.
type	string	O tipo de informação adicional.

JitNetworkAccessPolicyInitiatePort

Nome	Tipo	Description
allowedSourceAddressPrefix	string	Origem do tráfego permitido. Se omitida, a solicitação será para o endereço IP de origem da solicitação de início.
endTimeUtc	string	A hora de fechar a solicitação em UTC
number	integer

JitNetworkAccessPolicyInitiateRequest

Nome	Tipo	Description
justification	string	A justificativa para fazer a solicitação de início
virtualMachines	JitNetworkAccessPolicyInitiateVirtualMachine[]	Uma lista de máquinas virtuais & portas para abrir o acesso para

JitNetworkAccessPolicyInitiateType

Tipo da ação a ser feito na política de acesso Just-In-Time.

Nome	Tipo	Description
initiate	string

JitNetworkAccessPolicyInitiateVirtualMachine

Nome	Tipo	Description
id	string	ID do recurso da máquina virtual vinculada a essa política
ports	JitNetworkAccessPolicyInitiatePort[]	As portas a serem abertas para o recurso com o `id`

JitNetworkAccessRequest

Nome	Tipo	Description
justification	string	A justificativa para fazer a solicitação de início
requestor	string	A identidade da pessoa que fez a solicitação
startTimeUtc	string	A hora de início da solicitação em UTC
virtualMachines	JitNetworkAccessRequestVirtualMachine[]

JitNetworkAccessRequestPort

Nome	Tipo	Description
allowedSourceAddressPrefix	string	Mutuamente exclusivo com o parâmetro "allowedSourceAddressPrefixes". Deve ser um endereço IP ou CIDR, por exemplo , "192.168.0.3" ou "192.168.0.0/16".
allowedSourceAddressPrefixes	string[]	Mutuamente exclusivo com o parâmetro "allowedSourceAddressPrefix".
endTimeUtc	string	A data & hora em que a solicitação termina em UTC
mappedPort	integer	A porta mapeada para esta porta `number` no Firewall do Azure, se aplicável
number	integer
status	status	O status da porta
statusReason	statusReason	Uma descrição de por que o `status` tem seu valor

JitNetworkAccessRequestVirtualMachine

Nome	Tipo	Description
id	string	ID do recurso da máquina virtual vinculada a essa política
ports	JitNetworkAccessRequestPort[]	As portas que foram abertas para a máquina virtual

status

O status da porta

Nome	Tipo	Description
Initiated	string
Revoked	string

statusReason

Uma descrição de por que o status tem seu valor

Nome	Tipo	Description
Expired	string
NewerRequestInitiated	string
UserRequested	string

Compartilhar via

Jit Network Access Policies - Initiate

Parâmetros de URI

Corpo da solicitação

Respostas

Segurança

azure_auth

Scopes

Exemplos

Initiate an action on a JIT network access policy

Sample Request

Sample Response

Definições

CloudError

CloudErrorBody

ErrorAdditionalInfo

JitNetworkAccessPolicyInitiatePort

JitNetworkAccessPolicyInitiateRequest

JitNetworkAccessPolicyInitiateType

JitNetworkAccessPolicyInitiateVirtualMachine

JitNetworkAccessRequest

JitNetworkAccessRequestPort

JitNetworkAccessRequestVirtualMachine

status

statusReason

Recursos adicionais