Jit Network Access Policies - Get

Referensi

Service:: Defender for Cloud

API Version:: 2020-01-01

Kebijakan untuk melindungi sumber daya menggunakan kontrol akses Just-in-Time untuk langganan, lokasi

GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/locations/{ascLocation}/jitNetworkAccessPolicies/{jitNetworkAccessPolicyName}?api-version=2020-01-01

Parameter URI

Nama	Dalam	Diperlukan	Jenis	Deskripsi
ascLocation	path	True	string	Lokasi tempat ASC menyimpan data langganan. dapat diambil dari Dapatkan lokasi
jitNetworkAccessPolicyName	path	True	string	Nama kebijakan konfigurasi akses Just-in-Time.
resourceGroupName	path	True	string	Nama grup sumber daya dalam langganan pengguna. Nama tidak peka huruf besar/kecil. Regex pattern: `^[-\w\._]+$`
subscriptionId	path	True	string	ID langganan Azure Regex pattern: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`
api-version	query	True	string	Versi API untuk operasi

Respons

Nama	Jenis	Deskripsi
200 OK	JitNetworkAccessPolicy	OK
Other Status Codes	CloudError	Respons kesalahan yang menjelaskan mengapa operasi gagal.

Keamanan

azure_auth

Alur OAuth2 Azure Active Directory

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Nama	Deskripsi
user_impersonation	meniru akun pengguna Anda

Contoh

Get JIT network access policy

Sample Request

GET https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/jitNetworkAccessPolicies/default?api-version=2020-01-01


/**
 * Samples for JitNetworkAccessPolicies Get.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/JitNetworkAccessPolicies/
     * GetJitNetworkAccessPolicy_example.json
     */
    /**
     * Sample code: Get JIT network access policy.
     * 
     * @param manager Entry point to SecurityManager.
     */
    public static void getJITNetworkAccessPolicy(com.azure.resourcemanager.security.SecurityManager manager) {
        manager.jitNetworkAccessPolicies().getWithResponse("myRg1", "westeurope", "default",
            com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armsecurity_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/JitNetworkAccessPolicies/GetJitNetworkAccessPolicy_example.json
func ExampleJitNetworkAccessPoliciesClient_Get() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewJitNetworkAccessPoliciesClient().Get(ctx, "myRg1", "westeurope", "default", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.JitNetworkAccessPolicy = armsecurity.JitNetworkAccessPolicy{
	// 	Kind: to.Ptr("Basic"),
	// 	Location: to.Ptr("westeurope"),
	// 	Name: to.Ptr("default"),
	// 	Type: to.Ptr("Microsoft.Security/locations/jitNetworkAccessPolicies"),
	// 	ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/jitNetworkAccessPolicies/default"),
	// 	Properties: &armsecurity.JitNetworkAccessPolicyProperties{
	// 		ProvisioningState: to.Ptr("Succeeded"),
	// 		Requests: []*armsecurity.JitNetworkAccessRequest{
	// 			{
	// 				Justification: to.Ptr("testing a new version of the product"),
	// 				Requestor: to.Ptr("barbara@contoso.com"),
	// 				StartTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2018-05-17T08:06:45.569Z"); return t}()),
	// 				VirtualMachines: []*armsecurity.JitNetworkAccessRequestVirtualMachine{
	// 					{
	// 						ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1"),
	// 						Ports: []*armsecurity.JitNetworkAccessRequestPort{
	// 							{
	// 								AllowedSourceAddressPrefix: to.Ptr("192.127.0.2"),
	// 								EndTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2018-05-17T09:06:45.569Z"); return t}()),
	// 								Number: to.Ptr[int32](3389),
	// 								Status: to.Ptr(armsecurity.StatusInitiated),
	// 								StatusReason: to.Ptr(armsecurity.StatusReasonUserRequested),
	// 						}},
	// 				}},
	// 		}},
	// 		VirtualMachines: []*armsecurity.JitNetworkAccessPolicyVirtualMachine{
	// 			{
	// 				ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1"),
	// 				Ports: []*armsecurity.JitNetworkAccessPortRule{
	// 					{
	// 						AllowedSourceAddressPrefix: to.Ptr("*"),
	// 						MaxRequestAccessDuration: to.Ptr("PT3H"),
	// 						Number: to.Ptr[int32](22),
	// 						Protocol: to.Ptr(armsecurity.ProtocolAll),
	// 					},
	// 					{
	// 						AllowedSourceAddressPrefix: to.Ptr("*"),
	// 						MaxRequestAccessDuration: to.Ptr("PT3H"),
	// 						Number: to.Ptr[int32](3389),
	// 						Protocol: to.Ptr(armsecurity.ProtocolAll),
	// 				}},
	// 		}},
	// 	},
	// }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Policies for protecting resources using Just-in-Time access control for the subscription, location
 *
 * @summary Policies for protecting resources using Just-in-Time access control for the subscription, location
 * x-ms-original-file: specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/JitNetworkAccessPolicies/GetJitNetworkAccessPolicy_example.json
 */
async function getJitNetworkAccessPolicy() {
  const subscriptionId =
    process.env["SECURITY_SUBSCRIPTION_ID"] || "20ff7fc3-e762-44dd-bd96-b71116dcdc23";
  const resourceGroupName = process.env["SECURITY_RESOURCE_GROUP"] || "myRg1";
  const ascLocation = "westeurope";
  const jitNetworkAccessPolicyName = "default";
  const credential = new DefaultAzureCredential();
  const client = new SecurityCenter(credential, subscriptionId);
  const result = await client.jitNetworkAccessPolicies.get(
    resourceGroupName,
    ascLocation,
    jitNetworkAccessPolicyName,
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

using System;
using System.Threading.Tasks;
using System.Xml;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.SecurityCenter;
using Azure.ResourceManager.SecurityCenter.Models;

// Generated from example definition: specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/JitNetworkAccessPolicies/GetJitNetworkAccessPolicy_example.json
// this example is just showing the usage of "JitNetworkAccessPolicies_Get" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this JitNetworkAccessPolicyResource created on azure
// for more information of creating JitNetworkAccessPolicyResource, please refer to the document of JitNetworkAccessPolicyResource
string subscriptionId = "20ff7fc3-e762-44dd-bd96-b71116dcdc23";
string resourceGroupName = "myRg1";
AzureLocation ascLocation = new AzureLocation("westeurope");
string jitNetworkAccessPolicyName = "default";
ResourceIdentifier jitNetworkAccessPolicyResourceId = JitNetworkAccessPolicyResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, ascLocation, jitNetworkAccessPolicyName);
JitNetworkAccessPolicyResource jitNetworkAccessPolicy = client.GetJitNetworkAccessPolicyResource(jitNetworkAccessPolicyResourceId);

// invoke the operation
JitNetworkAccessPolicyResource result = await jitNetworkAccessPolicy.GetAsync();

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
JitNetworkAccessPolicyData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:: 200

{
  "kind": "Basic",
  "properties": {
    "virtualMachines": [
      {
        "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
        "ports": [
          {
            "number": 22,
            "protocol": "*",
            "allowedSourceAddressPrefix": "*",
            "maxRequestAccessDuration": "PT3H"
          },
          {
            "number": 3389,
            "protocol": "*",
            "allowedSourceAddressPrefix": "*",
            "maxRequestAccessDuration": "PT3H"
          }
        ]
      }
    ],
    "requests": [
      {
        "virtualMachines": [
          {
            "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
            "ports": [
              {
                "number": 3389,
                "allowedSourceAddressPrefix": "192.127.0.2",
                "endTimeUtc": "2018-05-17T09:06:45.5691611Z",
                "status": "Initiated",
                "statusReason": "UserRequested"
              }
            ]
          }
        ],
        "startTimeUtc": "2018-05-17T08:06:45.5691611Z",
        "requestor": "barbara@contoso.com",
        "justification": "testing a new version of the product"
      }
    ],
    "provisioningState": "Succeeded"
  },
  "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/jitNetworkAccessPolicies/default",
  "name": "default",
  "type": "Microsoft.Security/locations/jitNetworkAccessPolicies",
  "location": "westeurope"
}

Definisi

Nama	Deskripsi
CloudError	Respons kesalahan umum untuk semua API Azure Resource Manager untuk mengembalikan detail kesalahan untuk operasi yang gagal. (Ini juga mengikuti format respons kesalahan OData.).
CloudErrorBody	Detail kesalahan.
ErrorAdditionalInfo	Info tambahan kesalahan manajemen sumber daya.
JitNetworkAccessPolicy
JitNetworkAccessPolicyVirtualMachine
JitNetworkAccessPortRule
JitNetworkAccessRequest
JitNetworkAccessRequestPort
JitNetworkAccessRequestVirtualMachine
protocol
status	Status port
statusReason	Deskripsi mengapa memiliki `status` nilainya

CloudError

Respons kesalahan umum untuk semua API Azure Resource Manager untuk mengembalikan detail kesalahan untuk operasi yang gagal. (Ini juga mengikuti format respons kesalahan OData.).

Nama	Jenis	Deskripsi
error.additionalInfo	ErrorAdditionalInfo[]	Info tambahan kesalahan.
error.code	string	Kode kesalahan.
error.details	CloudErrorBody[]	Detail kesalahan.
error.message	string	Pesan kesalahan.
error.target	string	Target kesalahan.

CloudErrorBody

Detail kesalahan.

Nama	Jenis	Deskripsi
additionalInfo	ErrorAdditionalInfo[]	Info tambahan kesalahan.
code	string	Kode kesalahan.
details	CloudErrorBody[]	Detail kesalahan.
message	string	Pesan kesalahan.
target	string	Target kesalahan.

ErrorAdditionalInfo

Info tambahan kesalahan manajemen sumber daya.

Nama	Jenis	Deskripsi
info	object	Info tambahan.
type	string	Jenis info tambahan.

JitNetworkAccessPolicy

Nama	Jenis	Deskripsi
id	string	ID sumber daya
kind	string	Jenis sumber daya
location	string	Lokasi tempat sumber daya disimpan
name	string	Nama sumber daya
properties.provisioningState	string	Mendapatkan status penyediaan kebijakan Just-in-Time.
properties.requests	JitNetworkAccessRequest[]
properties.virtualMachines	JitNetworkAccessPolicyVirtualMachine[]	Konfigurasi untuk jenis sumber daya Microsoft.Compute/virtualMachines.
type	string	Jenis Sumber Daya

JitNetworkAccessPolicyVirtualMachine

Nama	Jenis	Deskripsi
id	string	ID sumber daya komputer virtual yang ditautkan ke kebijakan ini
ports	JitNetworkAccessPortRule[]	Konfigurasi port untuk komputer virtual
publicIpAddress	string	Alamat IP publik Azure Firewall yang ditautkan ke kebijakan ini, jika berlaku

JitNetworkAccessPortRule

Nama	Jenis	Deskripsi
allowedSourceAddressPrefix	string	Saling eksklusif dengan parameter "allowedSourceAddressPrefixes". Harus berupa alamat IP atau CIDR, misalnya "192.168.0.3" atau "192.168.0.0/16".
allowedSourceAddressPrefixes	string[]	Saling eksklusif dengan parameter "allowedSourceAddressPrefix".
maxRequestAccessDuration	string	Permintaan durasi maksimum dapat dibuat untuk. Dalam format durasi ISO 8601. Minimal 5 menit, maksimum 1 hari
number	integer
protocol	protocol

JitNetworkAccessRequest

Nama	Jenis	Deskripsi
justification	string	Pembenaran untuk membuat permintaan inisiasi
requestor	string	Identitas orang yang membuat permintaan
startTimeUtc	string	Waktu mulai permintaan di UTC
virtualMachines	JitNetworkAccessRequestVirtualMachine[]

JitNetworkAccessRequestPort

Nama	Jenis	Deskripsi
allowedSourceAddressPrefix	string	Saling eksklusif dengan parameter "allowedSourceAddressPrefixes". Harus berupa alamat IP atau CIDR, misalnya "192.168.0.3" atau "192.168.0.0/16".
allowedSourceAddressPrefixes	string[]	Saling eksklusif dengan parameter "allowedSourceAddressPrefix".
endTimeUtc	string	Tanggal & waktu di mana permintaan berakhir di UTC
mappedPort	integer	Port yang dipetakan ke port `number` ini dalam Azure Firewall, jika berlaku
number	integer
status	status	Status port
statusReason	statusReason	Deskripsi mengapa memiliki `status` nilainya

JitNetworkAccessRequestVirtualMachine

Nama	Jenis	Deskripsi
id	string	ID sumber daya komputer virtual yang ditautkan ke kebijakan ini
ports	JitNetworkAccessRequestPort[]	Port yang dibuka untuk komputer virtual

protocol

Nama	Jenis	Deskripsi
*	string
TCP	string
UDP	string

status

Status port

Nama	Jenis	Deskripsi
Initiated	string
Revoked	string

statusReason

Deskripsi mengapa memiliki status nilainya

Nama	Jenis	Deskripsi
Expired	string
NewerRequestInitiated	string
UserRequested	string

Bagikan melalui

Jit Network Access Policies - Get

Parameter URI

Respons

Keamanan

azure_auth

Scopes

Contoh

Get JIT network access policy

Sample Request

Sample Response

Definisi

CloudError

CloudErrorBody

ErrorAdditionalInfo

JitNetworkAccessPolicy

JitNetworkAccessPolicyVirtualMachine

JitNetworkAccessPortRule

JitNetworkAccessRequest

JitNetworkAccessRequestPort

JitNetworkAccessRequestVirtualMachine

protocol

status

statusReason

Sumber Daya Tambahan: