Jit Network Access Policies - Get

Referens

Tjänst:: Defender for Cloud

API-version:: 2020-01-01

Principer för att skydda resurser med just-in-time-åtkomstkontroll för prenumerationen, platsen

GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/locations/{ascLocation}/jitNetworkAccessPolicies/{jitNetworkAccessPolicyName}?api-version=2020-01-01

URI-parametrar

Name	I	Obligatorisk	Typ	Description
ascLocation	path	True	string	Platsen där ASC lagrar prenumerationens data. kan hämtas från Hämta platser
jitNetworkAccessPolicyName	path	True	string	Namnet på en just-in-time-åtkomstkonfigurationsprincip.
resourceGroupName	path	True	string	Namnet på resursgruppen i användarens prenumeration. Namnet är skiftlägesokänsligt. Reguljärt uttrycksmönster: `^[-\w\._]+$`
subscriptionId	path	True	string	Azure-prenumerations-ID Reguljärt uttrycksmönster: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`
api-version	query	True	string	API-version för åtgärden

Svar

Name	Typ	Description
200 OK	JitNetworkAccessPolicy	OKEJ
Other Status Codes	CloudError	Felsvar som beskriver varför åtgärden misslyckades.

Säkerhet

azure_auth

Azure Active Directory OAuth2 Flow

Typ: oauth2
Flow: implicit
Auktoriseringswebbadress: https://login.microsoftonline.com/common/oauth2/authorize

Omfattningar

Name	Description
user_impersonation	personifiera ditt användarkonto

Exempel

Get JIT network access policy

Exempelbegäran

GET https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/jitNetworkAccessPolicies/default?api-version=2020-01-01


/**
 * Samples for JitNetworkAccessPolicies Get.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/JitNetworkAccessPolicies/
     * GetJitNetworkAccessPolicy_example.json
     */
    /**
     * Sample code: Get JIT network access policy.
     * 
     * @param manager Entry point to SecurityManager.
     */
    public static void getJITNetworkAccessPolicy(com.azure.resourcemanager.security.SecurityManager manager) {
        manager.jitNetworkAccessPolicies().getWithResponse("myRg1", "westeurope", "default",
            com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armsecurity_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/JitNetworkAccessPolicies/GetJitNetworkAccessPolicy_example.json
func ExampleJitNetworkAccessPoliciesClient_Get() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewJitNetworkAccessPoliciesClient().Get(ctx, "myRg1", "westeurope", "default", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.JitNetworkAccessPolicy = armsecurity.JitNetworkAccessPolicy{
	// 	Kind: to.Ptr("Basic"),
	// 	Location: to.Ptr("westeurope"),
	// 	Name: to.Ptr("default"),
	// 	Type: to.Ptr("Microsoft.Security/locations/jitNetworkAccessPolicies"),
	// 	ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/jitNetworkAccessPolicies/default"),
	// 	Properties: &armsecurity.JitNetworkAccessPolicyProperties{
	// 		ProvisioningState: to.Ptr("Succeeded"),
	// 		Requests: []*armsecurity.JitNetworkAccessRequest{
	// 			{
	// 				Justification: to.Ptr("testing a new version of the product"),
	// 				Requestor: to.Ptr("barbara@contoso.com"),
	// 				StartTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2018-05-17T08:06:45.569Z"); return t}()),
	// 				VirtualMachines: []*armsecurity.JitNetworkAccessRequestVirtualMachine{
	// 					{
	// 						ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1"),
	// 						Ports: []*armsecurity.JitNetworkAccessRequestPort{
	// 							{
	// 								AllowedSourceAddressPrefix: to.Ptr("192.127.0.2"),
	// 								EndTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2018-05-17T09:06:45.569Z"); return t}()),
	// 								Number: to.Ptr[int32](3389),
	// 								Status: to.Ptr(armsecurity.StatusInitiated),
	// 								StatusReason: to.Ptr(armsecurity.StatusReasonUserRequested),
	// 						}},
	// 				}},
	// 		}},
	// 		VirtualMachines: []*armsecurity.JitNetworkAccessPolicyVirtualMachine{
	// 			{
	// 				ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1"),
	// 				Ports: []*armsecurity.JitNetworkAccessPortRule{
	// 					{
	// 						AllowedSourceAddressPrefix: to.Ptr("*"),
	// 						MaxRequestAccessDuration: to.Ptr("PT3H"),
	// 						Number: to.Ptr[int32](22),
	// 						Protocol: to.Ptr(armsecurity.ProtocolAll),
	// 					},
	// 					{
	// 						AllowedSourceAddressPrefix: to.Ptr("*"),
	// 						MaxRequestAccessDuration: to.Ptr("PT3H"),
	// 						Number: to.Ptr[int32](3389),
	// 						Protocol: to.Ptr(armsecurity.ProtocolAll),
	// 				}},
	// 		}},
	// 	},
	// }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Policies for protecting resources using Just-in-Time access control for the subscription, location
 *
 * @summary Policies for protecting resources using Just-in-Time access control for the subscription, location
 * x-ms-original-file: specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/JitNetworkAccessPolicies/GetJitNetworkAccessPolicy_example.json
 */
async function getJitNetworkAccessPolicy() {
  const subscriptionId =
    process.env["SECURITY_SUBSCRIPTION_ID"] || "20ff7fc3-e762-44dd-bd96-b71116dcdc23";
  const resourceGroupName = process.env["SECURITY_RESOURCE_GROUP"] || "myRg1";
  const ascLocation = "westeurope";
  const jitNetworkAccessPolicyName = "default";
  const credential = new DefaultAzureCredential();
  const client = new SecurityCenter(credential, subscriptionId);
  const result = await client.jitNetworkAccessPolicies.get(
    resourceGroupName,
    ascLocation,
    jitNetworkAccessPolicyName,
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

using System;
using System.Threading.Tasks;
using System.Xml;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.SecurityCenter;
using Azure.ResourceManager.SecurityCenter.Models;

// Generated from example definition: specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/JitNetworkAccessPolicies/GetJitNetworkAccessPolicy_example.json
// this example is just showing the usage of "JitNetworkAccessPolicies_Get" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this JitNetworkAccessPolicyResource created on azure
// for more information of creating JitNetworkAccessPolicyResource, please refer to the document of JitNetworkAccessPolicyResource
string subscriptionId = "20ff7fc3-e762-44dd-bd96-b71116dcdc23";
string resourceGroupName = "myRg1";
AzureLocation ascLocation = new AzureLocation("westeurope");
string jitNetworkAccessPolicyName = "default";
ResourceIdentifier jitNetworkAccessPolicyResourceId = JitNetworkAccessPolicyResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, ascLocation, jitNetworkAccessPolicyName);
JitNetworkAccessPolicyResource jitNetworkAccessPolicy = client.GetJitNetworkAccessPolicyResource(jitNetworkAccessPolicyResourceId);

// invoke the operation
JitNetworkAccessPolicyResource result = await jitNetworkAccessPolicy.GetAsync();

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
JitNetworkAccessPolicyData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Exempelsvar

Statuskod:: 200

{
  "kind": "Basic",
  "properties": {
    "virtualMachines": [
      {
        "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
        "ports": [
          {
            "number": 22,
            "protocol": "*",
            "allowedSourceAddressPrefix": "*",
            "maxRequestAccessDuration": "PT3H"
          },
          {
            "number": 3389,
            "protocol": "*",
            "allowedSourceAddressPrefix": "*",
            "maxRequestAccessDuration": "PT3H"
          }
        ]
      }
    ],
    "requests": [
      {
        "virtualMachines": [
          {
            "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
            "ports": [
              {
                "number": 3389,
                "allowedSourceAddressPrefix": "192.127.0.2",
                "endTimeUtc": "2018-05-17T09:06:45.5691611Z",
                "status": "Initiated",
                "statusReason": "UserRequested"
              }
            ]
          }
        ],
        "startTimeUtc": "2018-05-17T08:06:45.5691611Z",
        "requestor": "barbara@contoso.com",
        "justification": "testing a new version of the product"
      }
    ],
    "provisioningState": "Succeeded"
  },
  "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/jitNetworkAccessPolicies/default",
  "name": "default",
  "type": "Microsoft.Security/locations/jitNetworkAccessPolicies",
  "location": "westeurope"
}

Definitioner

Name	Description
CloudError	Vanligt felsvar för alla Azure Resource Manager-API:er för att returnera felinformation för misslyckade åtgärder. (Detta följer även formatet för OData-felsvar.).
CloudErrorBody	Felinformationen.
ErrorAdditionalInfo	Ytterligare information om resurshanteringsfelet.
JitNetworkAccessPolicy
JitNetworkAccessPolicyVirtualMachine
JitNetworkAccessPortRule
JitNetworkAccessRequest
JitNetworkAccessRequestPort
JitNetworkAccessRequestVirtualMachine
protocol
status	Status för porten
statusReason	En beskrivning av varför `status` har sitt värde

CloudError

Vanligt felsvar för alla Azure Resource Manager-API:er för att returnera felinformation för misslyckade åtgärder. (Detta följer även formatet för OData-felsvar.).

Name	Typ	Description
error.additionalInfo	ErrorAdditionalInfo[]	Ytterligare information om felet.
error.code	string	Felkoden.
error.details	CloudErrorBody[]	Felinformationen.
error.message	string	Felmeddelandet.
error.target	string	Felmålet.

CloudErrorBody

Felinformationen.

Name	Typ	Description
additionalInfo	ErrorAdditionalInfo[]	Ytterligare information om felet.
code	string	Felkoden.
details	CloudErrorBody[]	Felinformationen.
message	string	Felmeddelandet.
target	string	Felmålet.

ErrorAdditionalInfo

Ytterligare information om resurshanteringsfelet.

Name	Typ	Description
info	object	Ytterligare information.
type	string	Ytterligare informationstyp.

JitNetworkAccessPolicy

Name	Typ	Description
id	string	Resurs-ID
kind	string	Typ av resurs
location	string	Plats där resursen lagras
name	string	Resursnamn
properties.provisioningState	string	Hämtar etableringstillståndet för just-in-time-principen.
properties.requests	JitNetworkAccessRequest[]
properties.virtualMachines	JitNetworkAccessPolicyVirtualMachine[]	Konfigurationer för resurstypen Microsoft.Compute/virtualMachines.
type	string	Resurstyp

JitNetworkAccessPolicyVirtualMachine

Name	Typ	Description
id	string	Resurs-ID för den virtuella datorn som är länkad till den här principen
ports	JitNetworkAccessPortRule[]	Portkonfigurationer för den virtuella datorn
publicIpAddress	string	Offentlig IP-adress för Azure Firewall som är länkad till den här principen, om tillämpligt

JitNetworkAccessPortRule

Name	Typ	Description
allowedSourceAddressPrefix	string	Ömsesidigt uteslutande med parametern "allowedSourceAddressPrefixes". Ska vara en IP-adress eller CIDR, till exempel "192.168.0.3" eller "192.168.0.0/16".
allowedSourceAddressPrefixes	string[]	Ömsesidigt uteslutande med parametern "allowedSourceAddressPrefix".
maxRequestAccessDuration	string	Maximala varaktighetsbegäranden kan göras för. I ISO 8601-varaktighetsformat. Minst 5 minuter, maximalt 1 dag
number	integer
protocol	protocol

JitNetworkAccessRequest

Name	Typ	Description
justification	string	Motiveringen för att göra den initierade begäran
requestor	string	Identiteten på den person som gjorde begäran
startTimeUtc	string	Starttiden för begäran i UTC
virtualMachines	JitNetworkAccessRequestVirtualMachine[]

JitNetworkAccessRequestPort

Name	Typ	Description
allowedSourceAddressPrefix	string	Ömsesidigt uteslutande med parametern "allowedSourceAddressPrefixes". Ska vara en IP-adress eller CIDR, till exempel "192.168.0.3" eller "192.168.0.0/16".
allowedSourceAddressPrefixes	string[]	Ömsesidigt uteslutande med parametern "allowedSourceAddressPrefix".
endTimeUtc	string	Det datum & tid då begäran slutar i UTC
mappedPort	integer	Porten som mappas till den här portens `number` i Azure Firewall, om tillämpligt
number	integer
status	status	Status för porten
statusReason	statusReason	En beskrivning av varför `status` har sitt värde

JitNetworkAccessRequestVirtualMachine

Name	Typ	Description
id	string	Resurs-ID för den virtuella datorn som är länkad till den här principen
ports	JitNetworkAccessRequestPort[]	Portarna som öppnades för den virtuella datorn

protocol

Name	Typ	Description
*	string
TCP	string
UDP	string

status

Status för porten

Name	Typ	Description
Initiated	string
Revoked	string

statusReason

En beskrivning av varför status har sitt värde

Name	Typ	Description
Expired	string
NewerRequestInitiated	string
UserRequested	string

Dela via

Jit Network Access Policies - Get

URI-parametrar

Svar

Säkerhet

azure_auth

Omfattningar

Exempel

Get JIT network access policy

Exempelbegäran

Exempelsvar

Definitioner

CloudError

CloudErrorBody

ErrorAdditionalInfo

JitNetworkAccessPolicy

JitNetworkAccessPolicyVirtualMachine

JitNetworkAccessPortRule

JitNetworkAccessRequest

JitNetworkAccessRequestPort

JitNetworkAccessRequestVirtualMachine

protocol

status

statusReason

Ytterligare resurser