Attestations - Create Or Update At Resource Group

Referência

Service:: Policy

API Version:: 2022-09-01

Cria ou atualiza um atestado no âmbito do grupo de recursos.

PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.PolicyInsights/attestations/{attestationName}?api-version=2022-09-01

Parâmetros do URI

Name	Em	Necessário	Tipo	Description
attestationName	path	True	string	O nome do atestado.
resourceGroupName	path	True	string	O nome do grupo de recursos. O nome não é sensível a maiúsculas e minúsculas.
subscriptionId	path	True	string	O ID da subscrição de destino.
api-version	query	True	string	A versão da API a utilizar para esta operação.

Corpo do Pedido

Name	Necessário	Tipo	Description
properties.policyAssignmentId	True	string	O ID de recurso da atribuição de política para a qual o atestado está a definir o estado.
properties.assessmentDate		string	A hora em que as provas foram avaliadas
properties.comments		string	Comentários que descrevem o motivo pelo qual este atestado foi criado.
properties.complianceState		ComplianceState	O estado de conformidade que deve ser definido no recurso.
properties.evidence		AttestationEvidence[]	As provas que suportam o estado de conformidade definido neste atestado.
properties.expiresOn		string	A hora em que o estado de conformidade deve expirar.
properties.metadata		object	Metadados adicionais para este atestado
properties.owner		string	A pessoa responsável por definir o estado do recurso. Normalmente, este valor é um ID de objeto do Azure Active Directory.
properties.policyDefinitionReferenceId		string	O ID de referência de definição de política de uma definição de conjunto de políticas para a qual o atestado está a definir o estado. Se a atribuição de política atribuir uma definição de conjunto de políticas, o atestado pode escolher uma definição na definição de conjunto com esta propriedade ou omitir esta e definir o estado para toda a definição do conjunto.

Respostas

Name	Tipo	Description
200 OK	Attestation	O atestado atualizado.
201 Created	Attestation	O atestado criado.
Other Status Codes	ErrorResponse	Resposta de erro que descreve a razão pela qual a operação falhou.

Segurança

azure_auth

Fluxo OAuth2 do Azure Active Directory

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name	Description
user_impersonation	representar a sua conta de utilizador

Exemplos

Create attestation at resource group scope

Sample Request

PUT https://management.azure.com/subscriptions/35ee058e-5fa0-414c-8145-3ebb8d09b6e2/resourceGroups/myRg/providers/Microsoft.PolicyInsights/attestations/790996e6-9871-4b1f-9cd9-ec42cd6ced1e?api-version=2022-09-01

{
  "properties": {
    "policyAssignmentId": "/subscriptions/35ee058e-5fa0-414c-8145-3ebb8d09b6e2/providers/microsoft.authorization/policyassignments/b101830944f246d8a14088c5",
    "policyDefinitionReferenceId": "0b158b46-ff42-4799-8e39-08a5c23b4551",
    "complianceState": "Compliant",
    "expiresOn": "2021-06-15T00:00:00Z",
    "owner": "55a32e28-3aa5-4eea-9b5a-4cd85153b966",
    "comments": "This subscription has passed a security audit.",
    "evidence": [
      {
        "description": "The results of the security audit.",
        "sourceUri": "https://gist.github.com/contoso/9573e238762c60166c090ae16b814011"
      }
    ],
    "assessmentDate": "2021-06-10T00:00:00Z",
    "metadata": {
      "departmentId": "NYC-MARKETING-1"
    }
  }
}

import com.azure.core.management.serializer.SerializerFactory;
import com.azure.core.util.serializer.SerializerEncoding;
import com.azure.resourcemanager.policyinsights.models.AttestationEvidence;
import com.azure.resourcemanager.policyinsights.models.ComplianceState;
import java.io.IOException;
import java.time.OffsetDateTime;
import java.util.Arrays;

/** Samples for Attestations CreateOrUpdateAtResourceGroup. */
public final class Main {
    /*
     * x-ms-original-file: specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2022-09-01/examples/Attestations_CreateResourceGroupScope.json
     */
    /**
     * Sample code: Create attestation at resource group scope.
     *
     * @param manager Entry point to PolicyInsightsManager.
     */
    public static void createAttestationAtResourceGroupScope(
        com.azure.resourcemanager.policyinsights.PolicyInsightsManager manager) throws IOException {
        manager
            .attestations()
            .define("790996e6-9871-4b1f-9cd9-ec42cd6ced1e")
            .withExistingResourceGroup("myRg")
            .withPolicyAssignmentId(
                "/subscriptions/35ee058e-5fa0-414c-8145-3ebb8d09b6e2/providers/microsoft.authorization/policyassignments/b101830944f246d8a14088c5")
            .withPolicyDefinitionReferenceId("0b158b46-ff42-4799-8e39-08a5c23b4551")
            .withComplianceState(ComplianceState.COMPLIANT)
            .withExpiresOn(OffsetDateTime.parse("2021-06-15T00:00:00Z"))
            .withOwner("55a32e28-3aa5-4eea-9b5a-4cd85153b966")
            .withComments("This subscription has passed a security audit.")
            .withEvidence(
                Arrays
                    .asList(
                        new AttestationEvidence()
                            .withDescription("The results of the security audit.")
                            .withSourceUri("https://gist.github.com/contoso/9573e238762c60166c090ae16b814011")))
            .withAssessmentDate(OffsetDateTime.parse("2021-06-10T00:00:00Z"))
            .withMetadata(
                SerializerFactory
                    .createDefaultManagementSerializerAdapter()
                    .deserialize("{\"departmentId\":\"NYC-MARKETING-1\"}", Object.class, SerializerEncoding.JSON))
            .create();
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

from azure.identity import DefaultAzureCredential
from azure.mgmt.policyinsights import PolicyInsightsClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-policyinsights
# USAGE
    python attestations_create_resource_group_scope.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = PolicyInsightsClient(
        credential=DefaultAzureCredential(),
        subscription_id="35ee058e-5fa0-414c-8145-3ebb8d09b6e2",
    )

    response = client.attestations.begin_create_or_update_at_resource_group(
        resource_group_name="myRg",
        attestation_name="790996e6-9871-4b1f-9cd9-ec42cd6ced1e",
        parameters={
            "properties": {
                "assessmentDate": "2021-06-10T00:00:00Z",
                "comments": "This subscription has passed a security audit.",
                "complianceState": "Compliant",
                "evidence": [
                    {
                        "description": "The results of the security audit.",
                        "sourceUri": "https://gist.github.com/contoso/9573e238762c60166c090ae16b814011",
                    }
                ],
                "expiresOn": "2021-06-15T00:00:00Z",
                "metadata": {"departmentId": "NYC-MARKETING-1"},
                "owner": "55a32e28-3aa5-4eea-9b5a-4cd85153b966",
                "policyAssignmentId": "/subscriptions/35ee058e-5fa0-414c-8145-3ebb8d09b6e2/providers/microsoft.authorization/policyassignments/b101830944f246d8a14088c5",
                "policyDefinitionReferenceId": "0b158b46-ff42-4799-8e39-08a5c23b4551",
            }
        },
    ).result()
    print(response)


# x-ms-original-file: specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2022-09-01/examples/Attestations_CreateResourceGroupScope.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armpolicyinsights_test

import (
	"context"
	"log"

	"time"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/policyinsights/armpolicyinsights"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/05a9cdab363b8ec824094ee73950c04594325172/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2022-09-01/examples/Attestations_CreateResourceGroupScope.json
func ExampleAttestationsClient_BeginCreateOrUpdateAtResourceGroup() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicyinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	poller, err := clientFactory.NewAttestationsClient().BeginCreateOrUpdateAtResourceGroup(ctx, "myRg", "790996e6-9871-4b1f-9cd9-ec42cd6ced1e", armpolicyinsights.Attestation{
		Properties: &armpolicyinsights.AttestationProperties{
			AssessmentDate:  to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-06-10T00:00:00.000Z"); return t }()),
			Comments:        to.Ptr("This subscription has passed a security audit."),
			ComplianceState: to.Ptr(armpolicyinsights.ComplianceStateCompliant),
			Evidence: []*armpolicyinsights.AttestationEvidence{
				{
					Description: to.Ptr("The results of the security audit."),
					SourceURI:   to.Ptr("https://gist.github.com/contoso/9573e238762c60166c090ae16b814011"),
				}},
			ExpiresOn: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-06-15T00:00:00.000Z"); return t }()),
			Metadata: map[string]any{
				"departmentId": "NYC-MARKETING-1",
			},
			Owner:                       to.Ptr("55a32e28-3aa5-4eea-9b5a-4cd85153b966"),
			PolicyAssignmentID:          to.Ptr("/subscriptions/35ee058e-5fa0-414c-8145-3ebb8d09b6e2/providers/microsoft.authorization/policyassignments/b101830944f246d8a14088c5"),
			PolicyDefinitionReferenceID: to.Ptr("0b158b46-ff42-4799-8e39-08a5c23b4551"),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	res, err := poller.PollUntilDone(ctx, nil)
	if err != nil {
		log.Fatalf("failed to pull the result: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.Attestation = armpolicyinsights.Attestation{
	// 	Name: to.Ptr("790996e6-9871-4b1f-9cd9-ec42cd6ced1e"),
	// 	Type: to.Ptr("Microsoft.PolicyInsights/attestations"),
	// 	ID: to.Ptr("/subscriptions/35ee058e-5fa0-414c-8145-3ebb8d09b6e2/resourcegroups/myrg/providers/microsoft.policyinsights/attestations/790996e6-9871-4b1f-9cd9-ec42cd6ced1e"),
	// 	Properties: &armpolicyinsights.AttestationProperties{
	// 		AssessmentDate: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-06-10T00:00:00.000Z"); return t}()),
	// 		Comments: to.Ptr("This subscription has passed a security audit."),
	// 		ComplianceState: to.Ptr(armpolicyinsights.ComplianceStateCompliant),
	// 		Evidence: []*armpolicyinsights.AttestationEvidence{
	// 			{
	// 				Description: to.Ptr("The results of the security audit."),
	// 				SourceURI: to.Ptr("https://gist.github.com/contoso/9573e238762c60166c090ae16b814011"),
	// 		}},
	// 		ExpiresOn: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-06-15T00:00:00.000Z"); return t}()),
	// 		LastComplianceStateChangeAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-06-15T18:52:27.000Z"); return t}()),
	// 		Metadata: map[string]any{
	// 			"departmentId": "NYC-MARKETING-1",
	// 		},
	// 		Owner: to.Ptr("55a32e28-3aa5-4eea-9b5a-4cd85153b966"),
	// 		PolicyAssignmentID: to.Ptr("/subscriptions/35ee058e-5fa0-414c-8145-3ebb8d09b6e2/providers/microsoft.authorization/policyassignments/b101830944f246d8a14088c5"),
	// 		PolicyDefinitionReferenceID: to.Ptr("0b158b46-ff42-4799-8e39-08a5c23b4551"),
	// 		ProvisioningState: to.Ptr("Succeeded"),
	// 	},
	// 	SystemData: &armpolicyinsights.SystemData{
	// 		CreatedAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-06-15T18:52:27.000Z"); return t}()),
	// 		CreatedBy: to.Ptr("b69a9388-9488-4534-b470-7ec6d41beef6"),
	// 		CreatedByType: to.Ptr(armpolicyinsights.CreatedByTypeUser),
	// 		LastModifiedAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-06-15T18:52:27.000Z"); return t}()),
	// 		LastModifiedBy: to.Ptr("b69a9388-9488-4534-b470-7ec6d41beef6"),
	// 		LastModifiedByType: to.Ptr(armpolicyinsights.CreatedByTypeUser),
	// 	},
	// }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { PolicyInsightsClient } = require("@azure/arm-policyinsights");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Creates or updates an attestation at resource group scope.
 *
 * @summary Creates or updates an attestation at resource group scope.
 * x-ms-original-file: specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2022-09-01/examples/Attestations_CreateResourceGroupScope.json
 */
async function createAttestationAtResourceGroupScope() {
  const subscriptionId =
    process.env["POLICYINSIGHTS_SUBSCRIPTION_ID"] || "35ee058e-5fa0-414c-8145-3ebb8d09b6e2";
  const resourceGroupName = process.env["POLICYINSIGHTS_RESOURCE_GROUP"] || "myRg";
  const attestationName = "790996e6-9871-4b1f-9cd9-ec42cd6ced1e";
  const parameters = {
    assessmentDate: new Date("2021-06-10T00:00:00Z"),
    comments: "This subscription has passed a security audit.",
    complianceState: "Compliant",
    evidence: [
      {
        description: "The results of the security audit.",
        sourceUri: "https://gist.github.com/contoso/9573e238762c60166c090ae16b814011",
      },
    ],
    expiresOn: new Date("2021-06-15T00:00:00Z"),
    metadata: { departmentId: "NYC-MARKETING-1" },
    owner: "55a32e28-3aa5-4eea-9b5a-4cd85153b966",
    policyAssignmentId:
      "/subscriptions/35ee058e-5fa0-414c-8145-3ebb8d09b6e2/providers/microsoft.authorization/policyassignments/b101830944f246d8a14088c5",
    policyDefinitionReferenceId: "0b158b46-ff42-4799-8e39-08a5c23b4551",
  };
  const credential = new DefaultAzureCredential();
  const client = new PolicyInsightsClient(credential, subscriptionId);
  const result = await client.attestations.beginCreateOrUpdateAtResourceGroupAndWait(
    resourceGroupName,
    attestationName,
    parameters
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:: 200

{
  "properties": {
    "policyAssignmentId": "/subscriptions/35ee058e-5fa0-414c-8145-3ebb8d09b6e2/providers/microsoft.authorization/policyassignments/b101830944f246d8a14088c5",
    "policyDefinitionReferenceId": "0b158b46-ff42-4799-8e39-08a5c23b4551",
    "complianceState": "Compliant",
    "lastComplianceStateChangeAt": "2020-06-15T18:52:27Z",
    "expiresOn": "2021-06-15T00:00:00Z",
    "owner": "55a32e28-3aa5-4eea-9b5a-4cd85153b966",
    "comments": "This subscription has passed a security audit.",
    "evidence": [
      {
        "description": "The results of the security audit.",
        "sourceUri": "https://gist.github.com/contoso/9573e238762c60166c090ae16b814011"
      }
    ],
    "assessmentDate": "2021-06-10T00:00:00Z",
    "metadata": {
      "departmentId": "NYC-MARKETING-1"
    },
    "provisioningState": "Succeeded"
  },
  "systemData": {
    "createdBy": "b69a9388-9488-4534-b470-7ec6d41beef6",
    "createdByType": "User",
    "createdAt": "2020-06-15T18:52:27Z",
    "lastModifiedBy": "b69a9388-9488-4534-b470-7ec6d41beef6",
    "lastModifiedByType": "User",
    "lastModifiedAt": "2020-06-15T18:52:27Z"
  },
  "id": "/subscriptions/35ee058e-5fa0-414c-8145-3ebb8d09b6e2/resourcegroups/myrg/providers/microsoft.policyinsights/attestations/790996e6-9871-4b1f-9cd9-ec42cd6ced1e",
  "name": "790996e6-9871-4b1f-9cd9-ec42cd6ced1e",
  "type": "Microsoft.PolicyInsights/attestations"
}

Status code:: 201

{
  "properties": {
    "policyAssignmentId": "/subscriptions/35ee058e-5fa0-414c-8145-3ebb8d09b6e2/providers/microsoft.authorization/policyassignments/b101830944f246d8a14088c5",
    "policyDefinitionReferenceId": "0b158b46-ff42-4799-8e39-08a5c23b4551",
    "complianceState": "Compliant",
    "lastComplianceStateChangeAt": "2020-06-15T18:52:27Z",
    "expiresOn": "2021-06-15T00:00:00Z",
    "owner": "55a32e28-3aa5-4eea-9b5a-4cd85153b966",
    "comments": "This subscription has passed a security audit.",
    "evidence": [
      {
        "description": "The results of the security audit.",
        "sourceUri": "https://gist.github.com/contoso/9573e238762c60166c090ae16b814011"
      }
    ],
    "assessmentDate": "2021-06-10T00:00:00Z",
    "metadata": {
      "departmentId": "NYC-MARKETING-1"
    },
    "provisioningState": "Succeeded"
  },
  "systemData": {
    "createdBy": "b69a9388-9488-4534-b470-7ec6d41beef6",
    "createdByType": "User",
    "createdAt": "2020-06-15T18:52:27Z",
    "lastModifiedBy": "b69a9388-9488-4534-b470-7ec6d41beef6",
    "lastModifiedByType": "User",
    "lastModifiedAt": "2020-06-15T18:52:27Z"
  },
  "id": "/subscriptions/35ee058e-5fa0-414c-8145-3ebb8d09b6e2/resourcegroups/myrg/providers/microsoft.policyinsights/attestations/790996e6-9871-4b1f-9cd9-ec42cd6ced1e",
  "name": "790996e6-9871-4b1f-9cd9-ec42cd6ced1e",
  "type": "Microsoft.PolicyInsights/attestations"
}

Definições

Name	Description
Attestation	Um recurso de atestado.
AttestationEvidence	Uma prova que suporta o estado de conformidade definido no atestado.
ComplianceState	O estado de conformidade que deve ser definido no recurso.
createdByType	O tipo de identidade que criou o recurso.
ErrorDefinition	Definição de erro.
ErrorResponse	Resposta de erro.
systemData	Metadados relativos à criação e última modificação do recurso.
TypedErrorInfo	Detalhes de erro específicos do cenário.

Attestation

Um recurso de atestado.

Name	Tipo	Description
id	string	ID de recurso completamente qualificado para o recurso. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
name	string	O nome do recurso
properties.assessmentDate	string	A hora em que as provas foram avaliadas
properties.comments	string	Comentários que descrevem o motivo pelo qual este atestado foi criado.
properties.complianceState	ComplianceState	O estado de conformidade que deve ser definido no recurso.
properties.evidence	AttestationEvidence[]	As provas que suportam o estado de conformidade definido neste atestado.
properties.expiresOn	string	A hora em que o estado de conformidade deve expirar.
properties.lastComplianceStateChangeAt	string	A hora em que o estado de conformidade foi alterado pela última vez neste atestado.
properties.metadata	object	Metadados adicionais para este atestado
properties.owner	string	A pessoa responsável por definir o estado do recurso. Normalmente, este valor é um ID de objeto do Azure Active Directory.
properties.policyAssignmentId	string	O ID de recurso da atribuição de política para a qual o atestado está a definir o estado.
properties.policyDefinitionReferenceId	string	O ID de referência de definição de política de uma definição de conjunto de políticas para a qual o atestado está a definir o estado. Se a atribuição de política atribuir uma definição de conjunto de políticas, o atestado pode escolher uma definição na definição de conjunto com esta propriedade ou omitir esta e definir o estado para toda a definição do conjunto.
properties.provisioningState	string	O estado do atestado.
systemData	systemData	O Azure Resource Manager metadados que contêm informações createdBy e modifiedBy.
type	string	O tipo de recurso. Por exemplo, "Microsoft.Compute/virtualMachines" ou "Microsoft.Storage/storageAccounts"

AttestationEvidence

Uma prova que suporta o estado de conformidade definido no atestado.

Name	Tipo	Description
description	string	A descrição desta prova.
sourceUri	string	A localização do URI das provas.

ComplianceState

O estado de conformidade que deve ser definido no recurso.

Name	Tipo	Description
Compliant	string	O recurso está em conformidade com a política.
NonCompliant	string	O recurso não está em conformidade com a política.
Unknown	string	O estado de conformidade do recurso não é conhecido.

createdByType

O tipo de identidade que criou o recurso.

Name	Tipo	Description
Application	string
Key	string
ManagedIdentity	string
User	string

ErrorDefinition

Definição de erro.

Name	Tipo	Description
additionalInfo	TypedErrorInfo[]	Detalhes de erros específicos de cenários adicionais.
code	string	Código de erro específico do serviço que serve como o subtatus para o código de erro HTTP.
details	ErrorDefinition[]	Detalhes de erro internos.
message	string	Descrição do erro.
target	string	O destino do erro.

ErrorResponse

Resposta de erro.

Name	Tipo	Description
error	ErrorDefinition	Os detalhes do erro.

systemData

Metadados relativos à criação e última modificação do recurso.

Name	Tipo	Description
createdAt	string	O carimbo de data/hora da criação de recursos (UTC).
createdBy	string	A identidade que criou o recurso.
createdByType	createdByType	O tipo de identidade que criou o recurso.
lastModifiedAt	string	O carimbo de data/hora da última modificação do recurso (UTC)
lastModifiedBy	string	A identidade que modificou o recurso pela última vez.
lastModifiedByType	createdByType	O tipo de identidade que modificou o recurso pela última vez.

TypedErrorInfo

Detalhes de erro específicos do cenário.

Name	Tipo	Description
info		Os detalhes de erro específicos do cenário.
type	string	O tipo de detalhes de erro incluídos.

Attestations - Create Or Update At Resource Group

Parâmetros do URI

Corpo do Pedido

Respostas

Segurança

azure_auth

Scopes

Exemplos

Create attestation at resource group scope

Sample Request

Sample Response

Definições

Attestation

AttestationEvidence

ComplianceState

createdByType

ErrorDefinition

ErrorResponse

systemData

TypedErrorInfo

Recursos adicionais