你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站,请访问 https://docs.azure.cn。
Set-AzPolicyAttestation
修改策略证明。
语法
Set-AzPolicyAttestation
-Name <String>
[-Scope <String>]
[-ResourceGroupName <String>]
[-PolicyAssignmentId <String>]
[-ComplianceState <String>]
[-PolicyDefinitionReferenceId <String>]
[-ExpiresOn <DateTime>]
[-Owner <String>]
[-Comment <String>]
[-Evidence <PSAttestationEvidence[]>]
[-AssessmentDate <DateTime>]
[-Metadata <String>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Set-AzPolicyAttestation
-ResourceId <String>
[-PolicyAssignmentId <String>]
[-ComplianceState <String>]
[-PolicyDefinitionReferenceId <String>]
[-ExpiresOn <DateTime>]
[-Owner <String>]
[-Comment <String>]
[-Evidence <PSAttestationEvidence[]>]
[-AssessmentDate <DateTime>]
[-Metadata <String>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Set-AzPolicyAttestation
-InputObject <PSAttestation>
[-PolicyAssignmentId <String>]
[-ComplianceState <String>]
[-PolicyDefinitionReferenceId <String>]
[-ExpiresOn <DateTime>]
[-Owner <String>]
[-Comment <String>]
[-Evidence <PSAttestationEvidence[]>]
[-AssessmentDate <DateTime>]
[-Metadata <String>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] 说明
Set-AzPolicyAttestation cmdlet 修改策略证明。 通过 ID 或名称和范围指定证明,或通过管道指定证明。
注意:现有策略证明或
policyAssignmentIdpolicyDefinitionReferenceId无法修改。
示例
示例 1:按名称更新证明
Set-AzContext -Subscription "d1acb22b-c876-44f7-b08e-3fcf9f6767f4"
# Update the existing attestation by resource name at subscription scope (default)
$comment = "Setting the state to non compliant"
$attestationName = "attestation-subscription"
$policyAssignmentId = "/subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/providers/Microsoft.Authorization/policyAssignments/PSAttestationSubAssignment"
Set-AzPolicyAttestation -PolicyAssignmentId $policyAssignmentId -Name $attestationName -ComplianceState "NonCompliant" -Comment $comment
Id : /subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/providers/microsoft.policyinsights/attestations/
attestation-subscription
Name : attestation-subscription
Type : Microsoft.PolicyInsights/attestations
PolicyAssignmentId : /subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/providers/microsoft.authorization/policyassignme
nts/psattestationsubassignment
PolicyDefinitionReferenceId :
ComplianceState : NonCompliant
ExpiresOn :
Owner :
Comment : Setting the state to non compliant
Evidence :
ProvisioningState : Succeeded
LastComplianceStateChangeAt : 1/27/2023 4:00:04 PM
AssessmentDate :
Metadata :
SystemData :此处的命令设置符合性状态,并将注释添加到订阅中具有 ID 为“d1acb22b-c876-44f7-b08e-3fcf9f6767f4”的现有证明
示例 2:按 ResourceId 更新证明
# Get an attestation
$rgName = "ps-attestation-test-rg"
$attestationName = "attestation-RG"
$attestation = Get-AzPolicyAttestation -ResourceGroupName $rgName -Name $attestationName
# Update the existing attestation by resource ID at RG
$expiresOn = [System.DateTime]::UtcNow.AddYears(1)
Set-AzPolicyAttestation -Id $attestation.Id -ExpiresOn $expiresOn
Id : /subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/resourcegroups/ps-attestation-test-rg/providers/
microsoft.policyinsights/attestations/attestation-rg
Name : attestation-rg
Type : Microsoft.PolicyInsights/attestations
PolicyAssignmentId : /subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/providers/microsoft.authorization/policyassignme
nts/psattestationrgassignment
PolicyDefinitionReferenceId :
ComplianceState :
ExpiresOn : 1/27/2024 4:04:24 PM
Owner :
Comment :
Evidence :
ProvisioningState : Succeeded
LastComplianceStateChangeAt : 1/27/2023 4:04:11 PM
AssessmentDate :
Metadata :
SystemData :第一个命令获取资源组“ps-attestation-test-rg”的现有证明,其名称为“attestation-RG”。
最后一个命令通过 现有证明的 ResourceId 属性更新策略证明的到期时间。
示例 3:按输入对象更新证明
# Get an attestation
$attestationName = "attestation-resource"
$scope = "/subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/resourceGroups/ps-attestation-test-rg/providers/Microsoft.Network/networkSecurityGroups/pstests0"
$attestation = Get-AzPolicyAttestation -Name $attestationName -Scope $scope
# Update attestation by input object
$newOwner = "Test Owner 2"
$attestation | Set-AzPolicyAttestation -Owner $newOwner
Id : /subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/resourcegroups/ps-attestation-test-rg/providers/
microsoft.network/networksecuritygroups/pstests0/providers/microsoft.policyinsights/attestations/att
estation-resource
Name : attestation-resource
Type : Microsoft.PolicyInsights/attestations
PolicyAssignmentId : /subscriptions/d1acb22b-c876-44f7-b08e-3fcf9f6767f4/providers/microsoft.authorization/policyassignme
nts/psattestationresourceassignment
PolicyDefinitionReferenceId :
ComplianceState : NonCompliant
ExpiresOn :
Owner : Test Owner 2
Comment :
Evidence :
ProvisioningState : Succeeded
LastComplianceStateChangeAt : 1/27/2023 2:38:17 AM
AssessmentDate :
Metadata :
SystemData :第一个命令使用给定资源的资源 ID 作为范围获取具有名称“证明-resource”的现有证明
最后一个命令使用管道更新策略证明的所有者。
参数
-AssessmentDate
评估证明证据的时间。
| Type: | Nullable<T>[DateTime] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Comment
描述创建此证明的原因的注释。
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-ComplianceState
资源的符合性状态。 例如“合规”、“不合规”、“未知”
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Confirm
提示你在运行 cmdlet 之前进行确认。
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DefaultProfile
用于与 Azure 通信的凭据、帐户、租户和订阅。
| Type: | IAzureContextContainer |
| Aliases: | AzContext, AzureRmContext, AzureCredential |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Evidence
支持此证明中设置符合性状态的证据。
| Type: | PSAttestationEvidence[] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-ExpiresOn
证明中设置的符合性状态应过期的时间。
| Type: | Nullable<T>[DateTime] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-InputObject
证明对象。
| Type: | PSAttestation |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Metadata
证明的其他元数据。
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Name
资源名称。
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Owner
负责设置资源状态的人员。 此值通常是 Microsoft Entra 对象 ID。
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-PolicyAssignmentId
策略分配 ID。 例如“/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyAssignments/{assignmentName}”。
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-PolicyDefinitionReferenceId
单个定义的策略定义引用 ID。 当策略分配分配分配策略集定义时是必需的。
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-ResourceGroupName
资源组名称。
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-ResourceId
资源 ID。
| Type: | String |
| Aliases: | Id |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Scope
资源的范围。 例如“/subscriptions/{subscriptionId}/resourceGroups/{rgName}”。
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-WhatIf
显示运行该 cmdlet 时会发生什么情况。 cmdlet 未运行。
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
输入
Nullable<T>[[System.DateTime, System.Private.CoreLib, Version=7.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]]
输出
相关链接
反馈
即将发布:在整个 2024 年,我们将逐步淘汰作为内容反馈机制的“GitHub 问题”,并将其取代为新的反馈系统。 有关详细信息,请参阅:https://aka.ms/ContentUserFeedback。
提交和查看相关反馈