범위에 대한 모든 관련 거버넌스 규칙 목록을 가져옵니다.
GET https://management.azure.com/{scope}/providers/Microsoft.Security/governanceRules?api-version=2022-01-01-preview
URI 매개 변수
| Name |
In(다음 안에) |
필수 |
형식 |
Description |
|
scope
|
path |
True
|
string
|
거버넌스 규칙의 범위입니다. 유효한 범위는 관리 그룹(형식: 'providers/Microsoft.Management/managementGroups/{managementGroup}'), 구독(형식: 'subscriptions/{subscriptionId}') 또는 보안 커넥터(형식: 'subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/securityConnectors/{securityConnectorName})'입니다.
|
|
api-version
|
query |
True
|
string
|
작업에 대한 API 버전
|
응답
보안
azure_auth
Azure Active Directory OAuth2 Flow
형식:
oauth2
Flow:
implicit
권한 부여 URL:
https://login.microsoftonline.com/common/oauth2/authorize
범위
| Name |
Description |
|
user_impersonation
|
사용자 계정 가장
|
예제
List governance rules by management group scope
샘플 요청
GET https://management.azure.com/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Security/governanceRules?api-version=2022-01-01-preview
/**
* Samples for GovernanceRules List.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/
* ListByManagementGroupGovernanceRules_example.json
*/
/**
* Sample code: List governance rules by management group scope.
*
* @param manager Entry point to SecurityManager.
*/
public static void
listGovernanceRulesByManagementGroupScope(com.azure.resourcemanager.security.SecurityManager manager) {
manager.governanceRules().list("providers/Microsoft.Management/managementGroups/contoso",
com.azure.core.util.Context.NONE);
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armsecurity_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/ListByManagementGroupGovernanceRules_example.json
func ExampleGovernanceRulesClient_NewListPager_listGovernanceRulesByManagementGroupScope() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
pager := clientFactory.NewGovernanceRulesClient().NewListPager("providers/Microsoft.Management/managementGroups/contoso", nil)
for pager.More() {
page, err := pager.NextPage(ctx)
if err != nil {
log.Fatalf("failed to advance page: %v", err)
}
for _, v := range page.Value {
// You could use page here. We use blank identifier for just demo purposes.
_ = v
}
// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// page.GovernanceRuleList = armsecurity.GovernanceRuleList{
// Value: []*armsecurity.GovernanceRule{
// {
// Name: to.Ptr("ad9a8e26-29d9-4829-bb30-e597a58cdbb8"),
// Type: to.Ptr("Microsoft.Security/governanceRules"),
// ID: to.Ptr("providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8"),
// Properties: &armsecurity.GovernanceRuleProperties{
// Description: to.Ptr("A rule for a management group"),
// ConditionSets: []any{
// map[string]any{
// "conditions":[]any{
// map[string]any{
// "operator": "In",
// "property": "$.AssessmentKey",
// "value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
// },
// },
// }},
// DisplayName: to.Ptr("Management group rule"),
// GovernanceEmailNotification: &armsecurity.GovernanceRuleEmailNotification{
// DisableManagerEmailNotification: to.Ptr(false),
// DisableOwnerEmailNotification: to.Ptr(false),
// },
// IsDisabled: to.Ptr(false),
// IsGracePeriod: to.Ptr(true),
// Metadata: &armsecurity.GovernanceRuleMetadata{
// CreatedBy: to.Ptr("c23b5354-ff0a-4b2a-9f92-6f144effd936"),
// CreatedOn: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-11-10T08:31:26.799Z"); return t}()),
// UpdatedBy: to.Ptr("c23b5354-ff0a-4b2a-9f92-6f144effd936"),
// UpdatedOn: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-11-10T08:31:26.799Z"); return t}()),
// },
// OwnerSource: &armsecurity.GovernanceRuleOwnerSource{
// Type: to.Ptr(armsecurity.GovernanceRuleOwnerSourceTypeManually),
// Value: to.Ptr("user@contoso.com"),
// },
// RemediationTimeframe: to.Ptr("7.00:00:00"),
// RulePriority: to.Ptr[int32](100),
// RuleType: to.Ptr(armsecurity.GovernanceRuleTypeIntegrated),
// SourceResourceType: to.Ptr(armsecurity.GovernanceRuleSourceResourceTypeAssessments),
// TenantID: to.Ptr("f0b6d37b-e4bc-4719-9291-c066c3194f23"),
// },
// },
// {
// Name: to.Ptr("4106f43c-6d82-4fc8-a92c-dcfe50799d1d"),
// Type: to.Ptr("Microsoft.Security/governanceRules"),
// ID: to.Ptr("providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Security/governanceRules/4106f43c-6d82-4fc8-a92c-dcfe50799d1d"),
// Properties: &armsecurity.GovernanceRuleProperties{
// Description: to.Ptr("A rule for a management group"),
// ConditionSets: []any{
// map[string]any{
// "conditions":[]any{
// map[string]any{
// "operator": "Equals",
// "property": "$.Metadata.Severity",
// "value": "Low",
// },
// },
// }},
// DisplayName: to.Ptr("Management group rule 2"),
// ExcludedScopes: []*string{
// to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23")},
// GovernanceEmailNotification: &armsecurity.GovernanceRuleEmailNotification{
// DisableManagerEmailNotification: to.Ptr(false),
// DisableOwnerEmailNotification: to.Ptr(false),
// },
// IncludeMemberScopes: to.Ptr(false),
// IsDisabled: to.Ptr(false),
// IsGracePeriod: to.Ptr(true),
// Metadata: &armsecurity.GovernanceRuleMetadata{
// CreatedBy: to.Ptr("c23b5354-ff0a-4b2a-9f92-6f144effd936"),
// CreatedOn: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-11-10T08:31:26.799Z"); return t}()),
// UpdatedBy: to.Ptr("c23b5354-ff0a-4b2a-9f92-6f144effd936"),
// UpdatedOn: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-11-10T08:31:26.799Z"); return t}()),
// },
// OwnerSource: &armsecurity.GovernanceRuleOwnerSource{
// Type: to.Ptr(armsecurity.GovernanceRuleOwnerSourceTypeManually),
// Value: to.Ptr("user@contoso.com"),
// },
// RemediationTimeframe: to.Ptr("7.00:00:00"),
// RulePriority: to.Ptr[int32](200),
// RuleType: to.Ptr(armsecurity.GovernanceRuleTypeIntegrated),
// SourceResourceType: to.Ptr(armsecurity.GovernanceRuleSourceResourceTypeAssessments),
// TenantID: to.Ptr("f0b6d37b-e4bc-4719-9291-c066c3194f23"),
// },
// }},
// }
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Get a list of all relevant governance rules over a scope
*
* @summary Get a list of all relevant governance rules over a scope
* x-ms-original-file: specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/ListByManagementGroupGovernanceRules_example.json
*/
async function listGovernanceRulesByManagementGroupScope() {
const scope = "providers/Microsoft.Management/managementGroups/contoso";
const credential = new DefaultAzureCredential();
const client = new SecurityCenter(credential);
const resArray = new Array();
for await (let item of client.governanceRules.list(scope)) {
resArray.push(item);
}
console.log(resArray);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using System;
using System.Collections.Generic;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.SecurityCenter;
using Azure.ResourceManager.SecurityCenter.Models;
// Generated from example definition: specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/ListByManagementGroupGovernanceRules_example.json
// this example is just showing the usage of "GovernanceRules_List" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://zcusa.951200.xyz/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ArmResource created on azure
// for more information of creating ArmResource, please refer to the document of ArmResource
// get the collection of this GovernanceRuleResource
string scope = "providers/Microsoft.Management/managementGroups/contoso";
ResourceIdentifier scopeId = new ResourceIdentifier(string.Format("/{0}", scope));
GovernanceRuleCollection collection = client.GetGovernanceRules(scopeId);
// invoke the operation and iterate over the result
await foreach (GovernanceRuleResource item in collection.GetAllAsync())
{
// the variable item is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
GovernanceRuleData resourceData = item.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
}
Console.WriteLine($"Succeeded");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
샘플 응답
{
"value": [
{
"id": "providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
"name": "ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
"type": "Microsoft.Security/governanceRules",
"properties": {
"tenantId": "f0b6d37b-e4bc-4719-9291-c066c3194f23",
"displayName": "Management group rule",
"description": "A rule for a management group",
"remediationTimeframe": "7.00:00:00",
"isGracePeriod": true,
"rulePriority": 100,
"isDisabled": false,
"ruleType": "Integrated",
"sourceResourceType": "Assessments",
"conditionSets": [
{
"conditions": [
{
"property": "$.AssessmentKey",
"value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
"operator": "In"
}
]
}
],
"ownerSource": {
"type": "Manually",
"value": "user@contoso.com"
},
"governanceEmailNotification": {
"disableManagerEmailNotification": false,
"disableOwnerEmailNotification": false
},
"metadata": {
"createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"createdOn": "2022-11-10T08:31:26.7993124Z",
"updatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"updatedOn": "2022-11-10T08:31:26.7993124Z"
}
}
},
{
"id": "providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Security/governanceRules/4106f43c-6d82-4fc8-a92c-dcfe50799d1d",
"name": "4106f43c-6d82-4fc8-a92c-dcfe50799d1d",
"type": "Microsoft.Security/governanceRules",
"properties": {
"tenantId": "f0b6d37b-e4bc-4719-9291-c066c3194f23",
"displayName": "Management group rule 2",
"description": "A rule for a management group",
"remediationTimeframe": "7.00:00:00",
"isGracePeriod": true,
"rulePriority": 200,
"isDisabled": false,
"ruleType": "Integrated",
"sourceResourceType": "Assessments",
"conditionSets": [
{
"conditions": [
{
"property": "$.Metadata.Severity",
"value": "Low",
"operator": "Equals"
}
]
}
],
"ownerSource": {
"type": "Manually",
"value": "user@contoso.com"
},
"governanceEmailNotification": {
"disableManagerEmailNotification": false,
"disableOwnerEmailNotification": false
},
"excludedScopes": [
"/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23"
],
"includeMemberScopes": false,
"metadata": {
"createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"createdOn": "2022-11-10T08:31:26.7993124Z",
"updatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"updatedOn": "2022-11-10T08:31:26.7993124Z"
}
}
}
]
}
List governance rules by security connector scope
샘플 요청
GET https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector/providers/Microsoft.Security/governanceRules?api-version=2022-01-01-preview
/**
* Samples for GovernanceRules List.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/
* ListBySecurityConnectorGovernanceRules_example.json
*/
/**
* Sample code: List governance rules by security connector scope.
*
* @param manager Entry point to SecurityManager.
*/
public static void
listGovernanceRulesBySecurityConnectorScope(com.azure.resourcemanager.security.SecurityManager manager) {
manager.governanceRules().list(
"subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector",
com.azure.core.util.Context.NONE);
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armsecurity_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/ListBySecurityConnectorGovernanceRules_example.json
func ExampleGovernanceRulesClient_NewListPager_listGovernanceRulesBySecurityConnectorScope() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
pager := clientFactory.NewGovernanceRulesClient().NewListPager("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector", nil)
for pager.More() {
page, err := pager.NextPage(ctx)
if err != nil {
log.Fatalf("failed to advance page: %v", err)
}
for _, v := range page.Value {
// You could use page here. We use blank identifier for just demo purposes.
_ = v
}
// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// page.GovernanceRuleList = armsecurity.GovernanceRuleList{
// Value: []*armsecurity.GovernanceRule{
// {
// Name: to.Ptr("ad9a8e26-29d9-4829-bb30-e597a58cdbb8"),
// Type: to.Ptr("Microsoft.Security/governanceRules"),
// ID: to.Ptr("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8"),
// Properties: &armsecurity.GovernanceRuleProperties{
// Description: to.Ptr("A rule on critical GCP recommendations"),
// ConditionSets: []any{
// map[string]any{
// "conditions":[]any{
// map[string]any{
// "operator": "In",
// "property": "$.AssessmentKey",
// "value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
// },
// },
// }},
// DisplayName: to.Ptr("Admin's GCP rule"),
// ExcludedScopes: []*string{
// },
// GovernanceEmailNotification: &armsecurity.GovernanceRuleEmailNotification{
// DisableManagerEmailNotification: to.Ptr(false),
// DisableOwnerEmailNotification: to.Ptr(false),
// },
// IncludeMemberScopes: to.Ptr(false),
// IsDisabled: to.Ptr(false),
// IsGracePeriod: to.Ptr(true),
// Metadata: &armsecurity.GovernanceRuleMetadata{
// CreatedBy: to.Ptr("c23b5354-ff0a-4b2a-9f92-6f144effd936"),
// CreatedOn: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-11-10T08:31:26.799Z"); return t}()),
// UpdatedBy: to.Ptr("c23b5354-ff0a-4b2a-9f92-6f144effd936"),
// UpdatedOn: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-11-10T08:31:26.799Z"); return t}()),
// },
// OwnerSource: &armsecurity.GovernanceRuleOwnerSource{
// Type: to.Ptr(armsecurity.GovernanceRuleOwnerSourceTypeManually),
// Value: to.Ptr("user@contoso.com"),
// },
// RemediationTimeframe: to.Ptr("7.00:00:00"),
// RulePriority: to.Ptr[int32](100),
// RuleType: to.Ptr(armsecurity.GovernanceRuleTypeIntegrated),
// SourceResourceType: to.Ptr(armsecurity.GovernanceRuleSourceResourceTypeAssessments),
// TenantID: to.Ptr("f0b6d37b-e4bc-4719-9291-c066c3194f23"),
// },
// },
// {
// Name: to.Ptr("4106f43c-6d82-4fc8-a92c-dcfe50799d1d"),
// Type: to.Ptr("Microsoft.Security/governanceRules"),
// ID: to.Ptr("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector/providers/Microsoft.Security/governanceRules/4106f43c-6d82-4fc8-a92c-dcfe50799d1d"),
// Properties: &armsecurity.GovernanceRuleProperties{
// Description: to.Ptr("A rule on critical GCP recommendations"),
// ConditionSets: []any{
// map[string]any{
// "conditions":[]any{
// map[string]any{
// "operator": "Equals",
// "property": "$.Metadata.Severity",
// "value": "Low",
// },
// },
// }},
// DisplayName: to.Ptr("GCP Admin's rule"),
// ExcludedScopes: []*string{
// },
// GovernanceEmailNotification: &armsecurity.GovernanceRuleEmailNotification{
// DisableManagerEmailNotification: to.Ptr(false),
// DisableOwnerEmailNotification: to.Ptr(false),
// },
// IncludeMemberScopes: to.Ptr(false),
// IsDisabled: to.Ptr(false),
// IsGracePeriod: to.Ptr(true),
// Metadata: &armsecurity.GovernanceRuleMetadata{
// CreatedBy: to.Ptr("c23b5354-ff0a-4b2a-9f92-6f144effd936"),
// CreatedOn: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-11-10T08:31:26.799Z"); return t}()),
// UpdatedBy: to.Ptr("c23b5354-ff0a-4b2a-9f92-6f144effd936"),
// UpdatedOn: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-11-10T08:31:26.799Z"); return t}()),
// },
// OwnerSource: &armsecurity.GovernanceRuleOwnerSource{
// Type: to.Ptr(armsecurity.GovernanceRuleOwnerSourceTypeManually),
// Value: to.Ptr("user@contoso.com"),
// },
// RemediationTimeframe: to.Ptr("7.00:00:00"),
// RulePriority: to.Ptr[int32](200),
// RuleType: to.Ptr(armsecurity.GovernanceRuleTypeIntegrated),
// SourceResourceType: to.Ptr(armsecurity.GovernanceRuleSourceResourceTypeAssessments),
// TenantID: to.Ptr("f0b6d37b-e4bc-4719-9291-c066c3194f23"),
// },
// }},
// }
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Get a list of all relevant governance rules over a scope
*
* @summary Get a list of all relevant governance rules over a scope
* x-ms-original-file: specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/ListBySecurityConnectorGovernanceRules_example.json
*/
async function listGovernanceRulesBySecurityConnectorScope() {
const scope =
"subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector";
const credential = new DefaultAzureCredential();
const client = new SecurityCenter(credential);
const resArray = new Array();
for await (let item of client.governanceRules.list(scope)) {
resArray.push(item);
}
console.log(resArray);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using System;
using System.Collections.Generic;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.SecurityCenter;
using Azure.ResourceManager.SecurityCenter.Models;
// Generated from example definition: specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/ListBySecurityConnectorGovernanceRules_example.json
// this example is just showing the usage of "GovernanceRules_List" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://zcusa.951200.xyz/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ArmResource created on azure
// for more information of creating ArmResource, please refer to the document of ArmResource
// get the collection of this GovernanceRuleResource
string scope = "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector";
ResourceIdentifier scopeId = new ResourceIdentifier(string.Format("/{0}", scope));
GovernanceRuleCollection collection = client.GetGovernanceRules(scopeId);
// invoke the operation and iterate over the result
await foreach (GovernanceRuleResource item in collection.GetAllAsync())
{
// the variable item is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
GovernanceRuleData resourceData = item.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
}
Console.WriteLine($"Succeeded");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
샘플 응답
{
"value": [
{
"id": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
"name": "ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
"type": "Microsoft.Security/governanceRules",
"properties": {
"tenantId": "f0b6d37b-e4bc-4719-9291-c066c3194f23",
"displayName": "Admin's GCP rule",
"description": "A rule on critical GCP recommendations",
"remediationTimeframe": "7.00:00:00",
"isGracePeriod": true,
"rulePriority": 100,
"isDisabled": false,
"ruleType": "Integrated",
"sourceResourceType": "Assessments",
"conditionSets": [
{
"conditions": [
{
"property": "$.AssessmentKey",
"value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
"operator": "In"
}
]
}
],
"ownerSource": {
"type": "Manually",
"value": "user@contoso.com"
},
"governanceEmailNotification": {
"disableManagerEmailNotification": false,
"disableOwnerEmailNotification": false
},
"excludedScopes": [],
"includeMemberScopes": false,
"metadata": {
"createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"createdOn": "2022-11-10T08:31:26.7993124Z",
"updatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"updatedOn": "2022-11-10T08:31:26.7993124Z"
}
}
},
{
"id": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector/providers/Microsoft.Security/governanceRules/4106f43c-6d82-4fc8-a92c-dcfe50799d1d",
"name": "4106f43c-6d82-4fc8-a92c-dcfe50799d1d",
"type": "Microsoft.Security/governanceRules",
"properties": {
"tenantId": "f0b6d37b-e4bc-4719-9291-c066c3194f23",
"displayName": "GCP Admin's rule",
"description": "A rule on critical GCP recommendations",
"remediationTimeframe": "7.00:00:00",
"isGracePeriod": true,
"rulePriority": 200,
"isDisabled": false,
"ruleType": "Integrated",
"sourceResourceType": "Assessments",
"conditionSets": [
{
"conditions": [
{
"property": "$.Metadata.Severity",
"value": "Low",
"operator": "Equals"
}
]
}
],
"ownerSource": {
"type": "Manually",
"value": "user@contoso.com"
},
"governanceEmailNotification": {
"disableManagerEmailNotification": false,
"disableOwnerEmailNotification": false
},
"excludedScopes": [],
"includeMemberScopes": false,
"metadata": {
"createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"createdOn": "2022-11-10T08:31:26.7993124Z",
"updatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"updatedOn": "2022-11-10T08:31:26.7993124Z"
}
}
}
]
}
List governance rules by subscription scope
샘플 요청
GET https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/governanceRules?api-version=2022-01-01-preview
/**
* Samples for GovernanceRules List.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/
* ListBySubscriptionGovernanceRules_example.json
*/
/**
* Sample code: List governance rules by subscription scope.
*
* @param manager Entry point to SecurityManager.
*/
public static void
listGovernanceRulesBySubscriptionScope(com.azure.resourcemanager.security.SecurityManager manager) {
manager.governanceRules().list("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23",
com.azure.core.util.Context.NONE);
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armsecurity_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/ListBySubscriptionGovernanceRules_example.json
func ExampleGovernanceRulesClient_NewListPager_listGovernanceRulesBySubscriptionScope() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
pager := clientFactory.NewGovernanceRulesClient().NewListPager("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23", nil)
for pager.More() {
page, err := pager.NextPage(ctx)
if err != nil {
log.Fatalf("failed to advance page: %v", err)
}
for _, v := range page.Value {
// You could use page here. We use blank identifier for just demo purposes.
_ = v
}
// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// page.GovernanceRuleList = armsecurity.GovernanceRuleList{
// Value: []*armsecurity.GovernanceRule{
// {
// Name: to.Ptr("ad9a8e26-29d9-4829-bb30-e597a58cdbb8"),
// Type: to.Ptr("Microsoft.Security/governanceRules"),
// ID: to.Ptr("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8"),
// Properties: &armsecurity.GovernanceRuleProperties{
// Description: to.Ptr("A rule for critical recommendations"),
// ConditionSets: []any{
// map[string]any{
// "conditions":[]any{
// map[string]any{
// "operator": "In",
// "property": "$.AssessmentKey",
// "value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
// },
// },
// }},
// DisplayName: to.Ptr("Admin's rule"),
// ExcludedScopes: []*string{
// },
// GovernanceEmailNotification: &armsecurity.GovernanceRuleEmailNotification{
// DisableManagerEmailNotification: to.Ptr(false),
// DisableOwnerEmailNotification: to.Ptr(false),
// },
// IncludeMemberScopes: to.Ptr(false),
// IsDisabled: to.Ptr(false),
// IsGracePeriod: to.Ptr(true),
// Metadata: &armsecurity.GovernanceRuleMetadata{
// CreatedBy: to.Ptr("c23b5354-ff0a-4b2a-9f92-6f144effd936"),
// CreatedOn: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-11-10T08:31:26.799Z"); return t}()),
// UpdatedBy: to.Ptr("c23b5354-ff0a-4b2a-9f92-6f144effd936"),
// UpdatedOn: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-11-10T08:31:26.799Z"); return t}()),
// },
// OwnerSource: &armsecurity.GovernanceRuleOwnerSource{
// Type: to.Ptr(armsecurity.GovernanceRuleOwnerSourceTypeManually),
// Value: to.Ptr("user@contoso.com"),
// },
// RemediationTimeframe: to.Ptr("7.00:00:00"),
// RulePriority: to.Ptr[int32](100),
// RuleType: to.Ptr(armsecurity.GovernanceRuleTypeIntegrated),
// SourceResourceType: to.Ptr(armsecurity.GovernanceRuleSourceResourceTypeAssessments),
// TenantID: to.Ptr("f0b6d37b-e4bc-4719-9291-c066c3194f23"),
// },
// },
// {
// Name: to.Ptr("4106f43c-6d82-4fc8-a92c-dcfe50799d1d"),
// Type: to.Ptr("Microsoft.Security/governanceRules"),
// ID: to.Ptr("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/governanceRules/4106f43c-6d82-4fc8-a92c-dcfe50799d1d"),
// Properties: &armsecurity.GovernanceRuleProperties{
// Description: to.Ptr("A rule for critical recommendations"),
// ConditionSets: []any{
// map[string]any{
// "conditions":[]any{
// map[string]any{
// "operator": "Equals",
// "property": "$.Metadata.Severity",
// "value": "Low",
// },
// },
// }},
// DisplayName: to.Ptr("Admin's rule"),
// ExcludedScopes: []*string{
// },
// GovernanceEmailNotification: &armsecurity.GovernanceRuleEmailNotification{
// DisableManagerEmailNotification: to.Ptr(true),
// DisableOwnerEmailNotification: to.Ptr(true),
// },
// IncludeMemberScopes: to.Ptr(false),
// IsDisabled: to.Ptr(false),
// IsGracePeriod: to.Ptr(true),
// Metadata: &armsecurity.GovernanceRuleMetadata{
// CreatedBy: to.Ptr("c23b5354-ff0a-4b2a-9f92-6f144effd936"),
// CreatedOn: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-11-10T08:31:26.799Z"); return t}()),
// UpdatedBy: to.Ptr("c23b5354-ff0a-4b2a-9f92-6f144effd936"),
// UpdatedOn: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-11-10T08:31:26.799Z"); return t}()),
// },
// OwnerSource: &armsecurity.GovernanceRuleOwnerSource{
// Type: to.Ptr(armsecurity.GovernanceRuleOwnerSourceTypeManually),
// Value: to.Ptr("user@contoso.com"),
// },
// RemediationTimeframe: to.Ptr("7.00:00:00"),
// RulePriority: to.Ptr[int32](200),
// RuleType: to.Ptr(armsecurity.GovernanceRuleTypeIntegrated),
// SourceResourceType: to.Ptr(armsecurity.GovernanceRuleSourceResourceTypeAssessments),
// TenantID: to.Ptr("f0b6d37b-e4bc-4719-9291-c066c3194f23"),
// },
// }},
// }
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Get a list of all relevant governance rules over a scope
*
* @summary Get a list of all relevant governance rules over a scope
* x-ms-original-file: specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/ListBySubscriptionGovernanceRules_example.json
*/
async function listGovernanceRulesBySubscriptionScope() {
const scope = "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23";
const credential = new DefaultAzureCredential();
const client = new SecurityCenter(credential);
const resArray = new Array();
for await (let item of client.governanceRules.list(scope)) {
resArray.push(item);
}
console.log(resArray);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using System;
using System.Collections.Generic;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.SecurityCenter;
using Azure.ResourceManager.SecurityCenter.Models;
// Generated from example definition: specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/ListBySubscriptionGovernanceRules_example.json
// this example is just showing the usage of "GovernanceRules_List" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://zcusa.951200.xyz/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ArmResource created on azure
// for more information of creating ArmResource, please refer to the document of ArmResource
// get the collection of this GovernanceRuleResource
string scope = "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23";
ResourceIdentifier scopeId = new ResourceIdentifier(string.Format("/{0}", scope));
GovernanceRuleCollection collection = client.GetGovernanceRules(scopeId);
// invoke the operation and iterate over the result
await foreach (GovernanceRuleResource item in collection.GetAllAsync())
{
// the variable item is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
GovernanceRuleData resourceData = item.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
}
Console.WriteLine($"Succeeded");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
샘플 응답
{
"value": [
{
"id": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
"name": "ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
"type": "Microsoft.Security/governanceRules",
"properties": {
"tenantId": "f0b6d37b-e4bc-4719-9291-c066c3194f23",
"displayName": "Admin's rule",
"description": "A rule for critical recommendations",
"remediationTimeframe": "7.00:00:00",
"isGracePeriod": true,
"rulePriority": 100,
"isDisabled": false,
"ruleType": "Integrated",
"sourceResourceType": "Assessments",
"conditionSets": [
{
"conditions": [
{
"property": "$.AssessmentKey",
"value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
"operator": "In"
}
]
}
],
"ownerSource": {
"type": "Manually",
"value": "user@contoso.com"
},
"governanceEmailNotification": {
"disableManagerEmailNotification": false,
"disableOwnerEmailNotification": false
},
"excludedScopes": [],
"includeMemberScopes": false,
"metadata": {
"createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"createdOn": "2022-11-10T08:31:26.7993124Z",
"updatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"updatedOn": "2022-11-10T08:31:26.7993124Z"
}
}
},
{
"id": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/governanceRules/4106f43c-6d82-4fc8-a92c-dcfe50799d1d",
"name": "4106f43c-6d82-4fc8-a92c-dcfe50799d1d",
"type": "Microsoft.Security/governanceRules",
"properties": {
"tenantId": "f0b6d37b-e4bc-4719-9291-c066c3194f23",
"displayName": "Admin's rule",
"description": "A rule for critical recommendations",
"remediationTimeframe": "7.00:00:00",
"isGracePeriod": true,
"rulePriority": 200,
"isDisabled": false,
"ruleType": "Integrated",
"sourceResourceType": "Assessments",
"conditionSets": [
{
"conditions": [
{
"property": "$.Metadata.Severity",
"value": "Low",
"operator": "Equals"
}
]
}
],
"ownerSource": {
"type": "Manually",
"value": "user@contoso.com"
},
"governanceEmailNotification": {
"disableManagerEmailNotification": true,
"disableOwnerEmailNotification": true
},
"excludedScopes": [],
"includeMemberScopes": false,
"metadata": {
"createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"createdOn": "2022-11-10T08:31:26.7993124Z",
"updatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"updatedOn": "2022-11-10T08:31:26.7993124Z"
}
}
}
]
}
정의
CloudError
실패한 작업에 대한 오류 세부 정보를 반환하는 모든 Azure Resource Manager API에 대한 일반적인 오류 응답입니다. 또한 OData 오류 응답 형식을 따릅니다.
| Name |
형식 |
Description |
|
error.additionalInfo
|
ErrorAdditionalInfo[]
|
오류 추가 정보입니다.
|
|
error.code
|
string
|
오류 코드입니다.
|
|
error.details
|
CloudErrorBody[]
|
오류 세부 정보입니다.
|
|
error.message
|
string
|
오류 메시지입니다.
|
|
error.target
|
string
|
오류 대상입니다.
|
CloudErrorBody
오류 세부 정보입니다.
| Name |
형식 |
Description |
|
additionalInfo
|
ErrorAdditionalInfo[]
|
오류 추가 정보입니다.
|
|
code
|
string
|
오류 코드입니다.
|
|
details
|
CloudErrorBody[]
|
오류 세부 정보입니다.
|
|
message
|
string
|
오류 메시지입니다.
|
|
target
|
string
|
오류 대상입니다.
|
Condition
거버넌스 규칙의 조건
| Name |
형식 |
Description |
|
operator
|
GovernanceRuleConditionOperator
|
거버넌스 규칙 조건 연산자(예: 심각도에 대해 같음 또는 평가 목록의 경우 In)는 예제를 참조하세요.
|
|
property
|
string
|
거버넌스 규칙 조건의 속성(예: 심각도 또는 AssessmentKey)은 예제를 참조하세요.
|
|
value
|
string
|
심각도 낮음, 높음 또는 평가 키와 같은 거버넌스 규칙 조건의 값은 예제를 참조하세요.
|
ErrorAdditionalInfo
리소스 관리 오류 추가 정보입니다.
| Name |
형식 |
Description |
|
info
|
object
|
추가 정보입니다.
|
|
type
|
string
|
추가 정보 유형입니다.
|
GovernanceRule
지정된 범위에 대한 거버넌스 규칙
| Name |
형식 |
Description |
|
id
|
string
|
리소스 ID
|
|
name
|
string
|
리소스 이름
|
|
properties.conditionSets
|
Condition[]
|
거버넌스 규칙 조건 집합 - 예제 참조
|
|
properties.description
|
string
|
거버넌스 규칙에 대한 설명
|
|
properties.displayName
|
string
|
거버넌스 규칙의 표시 이름
|
|
properties.excludedScopes
|
string[]
|
제외된 범위, 범위의 하위 항목 필터링(관리 범위)
|
|
properties.governanceEmailNotification
|
GovernanceRuleEmailNotification
|
거버넌스 규칙에 대한 이메일 알림 설정은 관리자 및 소유자에 대한 알림을 사용하지 않도록 설정할지 여부를 명시합니다.
|
|
properties.includeMemberScopes
|
boolean
|
규칙이 관리 범위 규칙인지 여부를 정의합니다(마스터 커넥터를 단일 범위 또는 관리 범위로 지정).
|
|
properties.isDisabled
|
boolean
|
규칙이 활성/비활성 상태인지 여부를 정의합니다.
|
|
properties.isGracePeriod
|
boolean
|
거버넌스 규칙에 유예 기간이 있는지 여부를 정의합니다.
|
|
properties.metadata
|
GovernanceRuleMetadata
|
거버넌스 규칙 메타데이터
|
|
properties.ownerSource
|
GovernanceRuleOwnerSource
|
거버넌스 규칙의 소유자 원본(예: user@contoso.com 수동으로) 예제 참조
|
|
properties.remediationTimeframe
|
string
|
거버넌스 규칙 수정 기간 - 유예 기간(예: 7.00:00:00)에 영향을 주는 시간이며 7일을 의미합니다.
|
|
properties.rulePriority
|
integer
|
거버넌스 규칙 우선 순위, 낮은 수 우선 순위입니다. 동일한 범위에서 동일한 우선 순위를 가진 규칙은 허용되지 않습니다.
|
|
properties.ruleType
|
GovernanceRuleType
|
거버넌스 규칙의 규칙 유형은 규칙의 원본(예: 통합됨)을 정의합니다.
|
|
properties.sourceResourceType
|
GovernanceRuleSourceResourceType
|
거버넌스 규칙 원본, 규칙의 영향(예: 평가)
|
|
properties.tenantId
|
string
|
tenantId(GUID)
|
|
type
|
string
|
리소스 종류
|
GovernanceRuleConditionOperator
거버넌스 규칙 조건 연산자(예: 심각도에 대해 같음 또는 평가 목록의 경우 In)는 예제를 참조하세요.
| Name |
형식 |
Description |
|
Equals
|
string
|
속성에 정의된 데이터의 문자열 값이 지정된 값과 정확히 일치하는지 확인합니다.
|
|
In
|
string
|
속성에 정의된 데이터의 문자열 값이 지정된 값(정확한 맞춤)과 같은지 확인합니다.
|
GovernanceRuleEmailNotification
거버넌스 이메일 주간 알림 구성
| Name |
형식 |
Description |
|
disableManagerEmailNotification
|
boolean
|
관리자 전자 메일 알림을 사용하지 않도록 설정할지 여부를 정의합니다.
|
|
disableOwnerEmailNotification
|
boolean
|
소유자 전자 메일 알림을 사용할 수 없는지 여부를 정의합니다.
|
GovernanceRuleList
거버넌스 규칙 목록의 페이지
| Name |
형식 |
Description |
|
nextLink
|
string
|
다음 페이지를 가져올 URI
|
|
value
|
GovernanceRule[]
|
이 페이지의 거버넌스 규칙 컬렉션
|
거버넌스 규칙 메타데이터
| Name |
형식 |
Description |
|
createdBy
|
string
|
개체 ID로 만든 거버넌스 규칙(GUID)
|
|
createdOn
|
string
|
거버넌스 규칙 생성 날짜
|
|
updatedBy
|
string
|
개체 ID(GUID)로 마지막으로 업데이트된 거버넌스 규칙
|
|
updatedOn
|
string
|
거버넌스 규칙 마지막 업데이트 날짜
|
GovernanceRuleOwnerSource
거버넌스 규칙의 소유자 원본 설명
GovernanceRuleOwnerSourceType
거버넌스 규칙 소유자 원본의 소유자 유형
| Name |
형식 |
Description |
|
ByTag
|
string
|
리소스 태그를 사용하여 정의된 규칙 원본 유형
|
|
Manually
|
string
|
수동으로 정의된 규칙 원본 형식
|
GovernanceRuleSourceResourceType
거버넌스 규칙 원본, 규칙의 영향(예: 평가)
| Name |
형식 |
Description |
|
Assessments
|
string
|
거버넌스 규칙의 원본은 평가입니다.
|
GovernanceRuleType
거버넌스 규칙의 규칙 유형은 규칙의 원본(예: 통합됨)을 정의합니다.
| Name |
형식 |
Description |
|
Integrated
|
string
|
규칙 형식 정의의 원본이 통합됩니다.
|
|
ServiceNow
|
string
|
규칙 유형 정의의 원본은 ServiceNow입니다.
|