Jit Network Access Policies - Get

Başvuru

Service:: Defender for Cloud

API Version:: 2020-01-01

Abonelik, konum için Tam Zamanında erişim denetimini kullanarak kaynakları korumaya yönelik ilkeler

GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/locations/{ascLocation}/jitNetworkAccessPolicies/{jitNetworkAccessPolicyName}?api-version=2020-01-01

URI Parametreleri

Name	İçinde	Gerekli	Tür	Description
ascLocation	path	True	string	ASC'nin aboneliğin verilerini depoladığı konum. Get konumlarından alınabilir
jitNetworkAccessPolicyName	path	True	string	Tam Zamanında erişim yapılandırma ilkesinin adı.
resourceGroupName	path	True	string	Kullanıcının aboneliğindeki kaynak grubunun adı. Ad büyük/küçük harfe duyarlı değildir. Regex pattern: `^[-\w\._]+$`
subscriptionId	path	True	string	Azure abonelik kimliği Regex pattern: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`
api-version	query	True	string	İşlem için API sürümü

Yanıtlar

Name	Tür	Description
200 OK	JitNetworkAccessPolicy	Tamam
Other Status Codes	CloudError	İşlemin neden başarısız olduğunu açıklayan hata yanıtı.

Güvenlik

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name	Description
user_impersonation	kullanıcı hesabınızın kimliğine bürünme

Örnekler

Get JIT network access policy

Sample Request

GET https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/jitNetworkAccessPolicies/default?api-version=2020-01-01


/**
 * Samples for JitNetworkAccessPolicies Get.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/JitNetworkAccessPolicies/
     * GetJitNetworkAccessPolicy_example.json
     */
    /**
     * Sample code: Get JIT network access policy.
     * 
     * @param manager Entry point to SecurityManager.
     */
    public static void getJITNetworkAccessPolicy(com.azure.resourcemanager.security.SecurityManager manager) {
        manager.jitNetworkAccessPolicies().getWithResponse("myRg1", "westeurope", "default",
            com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armsecurity_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/JitNetworkAccessPolicies/GetJitNetworkAccessPolicy_example.json
func ExampleJitNetworkAccessPoliciesClient_Get() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewJitNetworkAccessPoliciesClient().Get(ctx, "myRg1", "westeurope", "default", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.JitNetworkAccessPolicy = armsecurity.JitNetworkAccessPolicy{
	// 	Kind: to.Ptr("Basic"),
	// 	Location: to.Ptr("westeurope"),
	// 	Name: to.Ptr("default"),
	// 	Type: to.Ptr("Microsoft.Security/locations/jitNetworkAccessPolicies"),
	// 	ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/jitNetworkAccessPolicies/default"),
	// 	Properties: &armsecurity.JitNetworkAccessPolicyProperties{
	// 		ProvisioningState: to.Ptr("Succeeded"),
	// 		Requests: []*armsecurity.JitNetworkAccessRequest{
	// 			{
	// 				Justification: to.Ptr("testing a new version of the product"),
	// 				Requestor: to.Ptr("barbara@contoso.com"),
	// 				StartTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2018-05-17T08:06:45.569Z"); return t}()),
	// 				VirtualMachines: []*armsecurity.JitNetworkAccessRequestVirtualMachine{
	// 					{
	// 						ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1"),
	// 						Ports: []*armsecurity.JitNetworkAccessRequestPort{
	// 							{
	// 								AllowedSourceAddressPrefix: to.Ptr("192.127.0.2"),
	// 								EndTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2018-05-17T09:06:45.569Z"); return t}()),
	// 								Number: to.Ptr[int32](3389),
	// 								Status: to.Ptr(armsecurity.StatusInitiated),
	// 								StatusReason: to.Ptr(armsecurity.StatusReasonUserRequested),
	// 						}},
	// 				}},
	// 		}},
	// 		VirtualMachines: []*armsecurity.JitNetworkAccessPolicyVirtualMachine{
	// 			{
	// 				ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1"),
	// 				Ports: []*armsecurity.JitNetworkAccessPortRule{
	// 					{
	// 						AllowedSourceAddressPrefix: to.Ptr("*"),
	// 						MaxRequestAccessDuration: to.Ptr("PT3H"),
	// 						Number: to.Ptr[int32](22),
	// 						Protocol: to.Ptr(armsecurity.ProtocolAll),
	// 					},
	// 					{
	// 						AllowedSourceAddressPrefix: to.Ptr("*"),
	// 						MaxRequestAccessDuration: to.Ptr("PT3H"),
	// 						Number: to.Ptr[int32](3389),
	// 						Protocol: to.Ptr(armsecurity.ProtocolAll),
	// 				}},
	// 		}},
	// 	},
	// }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Policies for protecting resources using Just-in-Time access control for the subscription, location
 *
 * @summary Policies for protecting resources using Just-in-Time access control for the subscription, location
 * x-ms-original-file: specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/JitNetworkAccessPolicies/GetJitNetworkAccessPolicy_example.json
 */
async function getJitNetworkAccessPolicy() {
  const subscriptionId =
    process.env["SECURITY_SUBSCRIPTION_ID"] || "20ff7fc3-e762-44dd-bd96-b71116dcdc23";
  const resourceGroupName = process.env["SECURITY_RESOURCE_GROUP"] || "myRg1";
  const ascLocation = "westeurope";
  const jitNetworkAccessPolicyName = "default";
  const credential = new DefaultAzureCredential();
  const client = new SecurityCenter(credential, subscriptionId);
  const result = await client.jitNetworkAccessPolicies.get(
    resourceGroupName,
    ascLocation,
    jitNetworkAccessPolicyName,
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

using System;
using System.Threading.Tasks;
using System.Xml;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.SecurityCenter;
using Azure.ResourceManager.SecurityCenter.Models;

// Generated from example definition: specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/JitNetworkAccessPolicies/GetJitNetworkAccessPolicy_example.json
// this example is just showing the usage of "JitNetworkAccessPolicies_Get" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this JitNetworkAccessPolicyResource created on azure
// for more information of creating JitNetworkAccessPolicyResource, please refer to the document of JitNetworkAccessPolicyResource
string subscriptionId = "20ff7fc3-e762-44dd-bd96-b71116dcdc23";
string resourceGroupName = "myRg1";
AzureLocation ascLocation = new AzureLocation("westeurope");
string jitNetworkAccessPolicyName = "default";
ResourceIdentifier jitNetworkAccessPolicyResourceId = JitNetworkAccessPolicyResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, ascLocation, jitNetworkAccessPolicyName);
JitNetworkAccessPolicyResource jitNetworkAccessPolicy = client.GetJitNetworkAccessPolicyResource(jitNetworkAccessPolicyResourceId);

// invoke the operation
JitNetworkAccessPolicyResource result = await jitNetworkAccessPolicy.GetAsync();

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
JitNetworkAccessPolicyData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:: 200

{
  "kind": "Basic",
  "properties": {
    "virtualMachines": [
      {
        "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
        "ports": [
          {
            "number": 22,
            "protocol": "*",
            "allowedSourceAddressPrefix": "*",
            "maxRequestAccessDuration": "PT3H"
          },
          {
            "number": 3389,
            "protocol": "*",
            "allowedSourceAddressPrefix": "*",
            "maxRequestAccessDuration": "PT3H"
          }
        ]
      }
    ],
    "requests": [
      {
        "virtualMachines": [
          {
            "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
            "ports": [
              {
                "number": 3389,
                "allowedSourceAddressPrefix": "192.127.0.2",
                "endTimeUtc": "2018-05-17T09:06:45.5691611Z",
                "status": "Initiated",
                "statusReason": "UserRequested"
              }
            ]
          }
        ],
        "startTimeUtc": "2018-05-17T08:06:45.5691611Z",
        "requestor": "barbara@contoso.com",
        "justification": "testing a new version of the product"
      }
    ],
    "provisioningState": "Succeeded"
  },
  "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/jitNetworkAccessPolicies/default",
  "name": "default",
  "type": "Microsoft.Security/locations/jitNetworkAccessPolicies",
  "location": "westeurope"
}

Tanımlar

Name	Description
CloudError	Başarısız işlemlerin hata ayrıntılarını döndürmek için tüm Azure Resource Manager API'leri için genel hata yanıtı. (Bu, OData hata yanıtı biçimini de izler.).
CloudErrorBody	Hata ayrıntısı.
ErrorAdditionalInfo	Kaynak yönetimi hatası ek bilgileri.
JitNetworkAccessPolicy
JitNetworkAccessPolicyVirtualMachine
JitNetworkAccessPortRule
JitNetworkAccessRequest
JitNetworkAccessRequestPort
JitNetworkAccessRequestVirtualMachine
protocol
status	Bağlantı noktasının durumu
statusReason	değerinin neden `status` değerine sahip olduğunu açıklama

CloudError

Başarısız işlemlerin hata ayrıntılarını döndürmek için tüm Azure Resource Manager API'leri için genel hata yanıtı. (Bu, OData hata yanıtı biçimini de izler.).

Name	Tür	Description
error.additionalInfo	ErrorAdditionalInfo[]	Hata ek bilgileri.
error.code	string	Hata kodu.
error.details	CloudErrorBody[]	Hata ayrıntıları.
error.message	string	Hata iletisi.
error.target	string	Hata hedefi.

CloudErrorBody

Hata ayrıntısı.

Name	Tür	Description
additionalInfo	ErrorAdditionalInfo[]	Hata ek bilgileri.
code	string	Hata kodu.
details	CloudErrorBody[]	Hata ayrıntıları.
message	string	Hata iletisi.
target	string	Hata hedefi.

ErrorAdditionalInfo

Kaynak yönetimi hatası ek bilgileri.

Name	Tür	Description
info	object	Ek bilgiler.
type	string	Ek bilgi türü.

JitNetworkAccessPolicy

Name	Tür	Description
id	string	Kaynak Kimliği
kind	string	Kaynağın türü
location	string	Kaynağın depolandığı konum
name	string	Kaynak adı
properties.provisioningState	string	Tam Zamanında ilkesinin sağlama durumunu alır.
properties.requests	JitNetworkAccessRequest[]
properties.virtualMachines	JitNetworkAccessPolicyVirtualMachine[]	Microsoft.Compute/virtualMachines kaynak türü için yapılandırmalar.
type	string	Kaynak türü

JitNetworkAccessPolicyVirtualMachine

Name	Tür	Description
id	string	Bu ilkeye bağlı sanal makinenin kaynak kimliği
ports	JitNetworkAccessPortRule[]	Sanal makine için bağlantı noktası yapılandırmaları
publicIpAddress	string	Varsa, bu ilkeye bağlı Azure Güvenlik Duvarı genel IP adresi

JitNetworkAccessPortRule

Name	Tür	Description
allowedSourceAddressPrefix	string	"allowedSourceAddressPrefixes" parametresiyle birbirini dışlar. BIR IP adresi veya CIDR olmalıdır, örneğin "192.168.0.3" veya "192.168.0.0/16".
allowedSourceAddressPrefixes	string[]	"allowedSourceAddressPrefix" parametresiyle birbirini dışlar.
maxRequestAccessDuration	string	Için maksimum süre istekleri yapılabilir. ISO 8601 süre biçiminde. En az 5 dakika, en fazla 1 gün
number	integer
protocol	protocol

JitNetworkAccessRequest

Name	Tür	Description
justification	string	Başlatma isteğinde bulunmanın gerekçesi
requestor	string	İsteği yapan kişinin kimliği
startTimeUtc	string	İsteğin UTC olarak başlangıç saati
virtualMachines	JitNetworkAccessRequestVirtualMachine[]

JitNetworkAccessRequestPort

Name	Tür	Description
allowedSourceAddressPrefix	string	"allowedSourceAddressPrefixes" parametresiyle birbirini dışlar. BIR IP adresi veya CIDR olmalıdır, örneğin "192.168.0.3" veya "192.168.0.0/16".
allowedSourceAddressPrefixes	string[]	"allowedSourceAddressPrefix" parametresiyle birbirini dışlar.
endTimeUtc	string	İsteğin UTC ile sona erdiği tarih & saat
mappedPort	integer	Bu bağlantı noktasıyla eşlenen bağlantı noktası `number` varsa Azure Güvenlik Duvarı
number	integer
status	status	Bağlantı noktasının durumu
statusReason	statusReason	değerinin neden `status` değerine sahip olduğunu açıklama

JitNetworkAccessRequestVirtualMachine

Name	Tür	Description
id	string	Bu ilkeye bağlı sanal makinenin kaynak kimliği
ports	JitNetworkAccessRequestPort[]	Sanal makine için açılan bağlantı noktaları

protocol

Name	Tür	Description
*	string
TCP	string
UDP	string

status

Bağlantı noktasının durumu

Name	Tür	Description
Initiated	string
Revoked	string

statusReason

değerinin neden status değerine sahip olduğunu açıklama

Name	Tür	Description
Expired	string
NewerRequestInitiated	string
UserRequested	string

Aracılığıyla paylaş

Jit Network Access Policies - Get

URI Parametreleri

Yanıtlar

Güvenlik

azure_auth

Scopes

Örnekler

Get JIT network access policy

Sample Request

Sample Response

Tanımlar

CloudError

CloudErrorBody

ErrorAdditionalInfo

JitNetworkAccessPolicy

JitNetworkAccessPolicyVirtualMachine

JitNetworkAccessPortRule

JitNetworkAccessRequest

JitNetworkAccessRequestPort

JitNetworkAccessRequestVirtualMachine

protocol

status

statusReason

Ek kaynaklar