你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站，请访问 https://docs.azure.cn。

Jit Network Access Policies - Initiate

Service:

Defender for Cloud

API Version:

2020-01-01

从特定的实时策略配置启动 JIT 访问。

POST https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/locations/{ascLocation}/jitNetworkAccessPolicies/{jitNetworkAccessPolicyName}/initiate?api-version=2020-01-01

URI 参数

名称	在	必需	类型	说明
ascLocation	path	True	string	ASC 存储订阅数据的位置。 可以从获取位置检索
jitNetworkAccessPolicyInitiateType	path	True	JitNetworkAccessPolicyInitiateType	要对实时访问策略执行的操作的类型。
jitNetworkAccessPolicyName	path	True	string	实时访问配置策略的名称。
resourceGroupName	path	True	string	用户订阅中的资源组的名称。 此名称不区分大小写。 Regex pattern: ^[-\w\._\(\)]+$
subscriptionId	path	True	string	Azure 订阅 ID Regex pattern: ^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$
api-version	query	True	string	操作的 API 版本

请求正文

名称	必需	类型	说明
virtualMachines	True	JitNetworkAccessPolicyInitiateVirtualMachine[]	要为其打开访问权限的虚拟机 & 端口的列表
justification		string	发出启动请求的理由

响应

名称	类型	说明
202 Accepted	JitNetworkAccessRequest	已接受
Other Status Codes	CloudError	描述操作失败原因的错误响应。

安全性

azure_auth

Azure Active Directory OAuth2 流

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

名称	说明
user_impersonation	模拟用户帐户

示例

Initiate an action on a JIT network access policy

Sample Request

HTTP

POST https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/jitNetworkAccessPolicies/default/initiate?api-version=2020-01-01

{
  "virtualMachines": [
    {
      "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
      "ports": [
        {
          "number": 3389,
          "duration": "PT1H",
          "allowedSourceAddressPrefix": "192.127.0.2"
        }
      ]
    }
  ],
  "justification": "testing a new version of the product"
}

Java

import com.azure.resourcemanager.security.models.JitNetworkAccessPolicyInitiatePort;
import com.azure.resourcemanager.security.models.JitNetworkAccessPolicyInitiateRequest;
import com.azure.resourcemanager.security.models.JitNetworkAccessPolicyInitiateVirtualMachine;
import java.util.Arrays;

/** Samples for JitNetworkAccessPolicies Initiate. */
public final class Main {
    /*
     * x-ms-original-file: specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/JitNetworkAccessPolicies/InitiateJitNetworkAccessPolicy_example.json
     */
    /**
     * Sample code: Initiate an action on a JIT network access policy.
     *
     * @param manager Entry point to SecurityManager.
     */
    public static void initiateAnActionOnAJITNetworkAccessPolicy(
        com.azure.resourcemanager.security.SecurityManager manager) {
        manager
            .jitNetworkAccessPolicies()
            .initiateWithResponse(
                "myRg1",
                "westeurope",
                "default",
                new JitNetworkAccessPolicyInitiateRequest()
                    .withVirtualMachines(
                        Arrays
                            .asList(
                                new JitNetworkAccessPolicyInitiateVirtualMachine()
                                    .withId(
                                        "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1")
                                    .withPorts(
                                        Arrays
                                            .asList(
                                                new JitNetworkAccessPolicyInitiatePort()
                                                    .withNumber(3389)
                                                    .withAllowedSourceAddressPrefix("192.127.0.2")))))
                    .withJustification("testing a new version of the product"),
                com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armsecurity_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/JitNetworkAccessPolicies/InitiateJitNetworkAccessPolicy_example.json
func ExampleJitNetworkAccessPoliciesClient_Initiate() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	_, err = clientFactory.NewJitNetworkAccessPoliciesClient().Initiate(ctx, "myRg1", "westeurope", "default", armsecurity.JitNetworkAccessPolicyInitiateRequest{
		Justification: to.Ptr("testing a new version of the product"),
		VirtualMachines: []*armsecurity.JitNetworkAccessPolicyInitiateVirtualMachine{
			{
				ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1"),
				Ports: []*armsecurity.JitNetworkAccessPolicyInitiatePort{
					{
						AllowedSourceAddressPrefix: to.Ptr("192.127.0.2"),
						Number:                     to.Ptr[int32](3389),
					}},
			}},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Initiate a JIT access from a specific Just-in-Time policy configuration.
 *
 * @summary Initiate a JIT access from a specific Just-in-Time policy configuration.
 * x-ms-original-file: specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/JitNetworkAccessPolicies/InitiateJitNetworkAccessPolicy_example.json
 */
async function initiateAnActionOnAJitNetworkAccessPolicy() {
  const subscriptionId =
    process.env["SECURITY_SUBSCRIPTION_ID"] || "20ff7fc3-e762-44dd-bd96-b71116dcdc23";
  const resourceGroupName = process.env["SECURITY_RESOURCE_GROUP"] || "myRg1";
  const ascLocation = "westeurope";
  const jitNetworkAccessPolicyName = "default";
  const body = {
    justification: "testing a new version of the product",
    virtualMachines: [
      {
        id: "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
        ports: [
          { allowedSourceAddressPrefix: "192.127.0.2", number: 3389, endTimeUtc: new Date() },
        ],
      },
    ],
  };
  const credential = new DefaultAzureCredential();
  const client = new SecurityCenter(credential, subscriptionId);
  const result = await client.jitNetworkAccessPolicies.initiate(
    resourceGroupName,
    ascLocation,
    jitNetworkAccessPolicyName,
    body,
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

dotnet

using System;
using System.Threading.Tasks;
using System.Xml;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.SecurityCenter;
using Azure.ResourceManager.SecurityCenter.Models;

// Generated from example definition: specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/JitNetworkAccessPolicies/InitiateJitNetworkAccessPolicy_example.json
// this example is just showing the usage of "JitNetworkAccessPolicies_Initiate" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this JitNetworkAccessPolicyResource created on azure
// for more information of creating JitNetworkAccessPolicyResource, please refer to the document of JitNetworkAccessPolicyResource
string subscriptionId = "20ff7fc3-e762-44dd-bd96-b71116dcdc23";
string resourceGroupName = "myRg1";
AzureLocation ascLocation = new AzureLocation("westeurope");
string jitNetworkAccessPolicyName = "default";
ResourceIdentifier jitNetworkAccessPolicyResourceId = JitNetworkAccessPolicyResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, ascLocation, jitNetworkAccessPolicyName);
JitNetworkAccessPolicyResource jitNetworkAccessPolicy = client.GetJitNetworkAccessPolicyResource(jitNetworkAccessPolicyResourceId);

// invoke the operation
JitNetworkAccessPolicyInitiateContent content = new JitNetworkAccessPolicyInitiateContent(new JitNetworkAccessPolicyInitiateVirtualMachine[]
{
new JitNetworkAccessPolicyInitiateVirtualMachine(new ResourceIdentifier("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1"),new JitNetworkAccessPolicyInitiatePort[]
{
new JitNetworkAccessPolicyInitiatePort(3389,DateTimeOffset.Parse("placeholder"))
{
AllowedSourceAddressPrefix = "192.127.0.2",
}
})
})
{
    Justification = "testing a new version of the product",
};
JitNetworkAccessRequestInfo result = await jitNetworkAccessPolicy.InitiateAsync(content);

Console.WriteLine($"Succeeded: {result}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:

202

{
  "virtualMachines": [
    {
      "id": "/subscriptions/3eeab341-f466-499c-a8be-85427e154baf/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
      "ports": [
        {
          "number": 3389,
          "allowedSourceAddressPrefix": "192.127.0.2",
          "endTimeUtc": "2018-07-12T09:53:03.3658798Z",
          "status": "Initiating",
          "statusReason": "UserRequested"
        }
      ]
    }
  ],
  "startTimeUtc": "2018-07-12T08:53:03.3658798Z",
  "requestor": "barbara@contoso.com",
  "justification": "testing a new version of the product"
}

定义

名称	说明
CloudError	对所有 Azure 资源管理器 API 的常见错误响应，可返回失败操作的错误详细信息。 (这也遵循 OData 错误响应格式.) 。
CloudErrorBody	错误详细信息。
ErrorAdditionalInfo	资源管理错误附加信息。
JitNetworkAccessPolicyInitiatePort
JitNetworkAccessPolicyInitiateRequest
JitNetworkAccessPolicyInitiateType	要对实时访问策略执行的操作的类型。
JitNetworkAccessPolicyInitiateVirtualMachine
JitNetworkAccessRequest
JitNetworkAccessRequestPort
JitNetworkAccessRequestVirtualMachine
status	端口的状态
statusReason	说明 为何 status 具有其值

CloudError

对所有 Azure 资源管理器 API 的常见错误响应，可返回失败操作的错误详细信息。 (这也遵循 OData 错误响应格式.) 。

名称	类型	说明
error.additionalInfo	ErrorAdditionalInfo[]	错误附加信息。
error.code	string	错误代码。
error.details	CloudErrorBody[]	错误详细信息。
error.message	string	错误消息。
error.target	string	错误目标。

CloudErrorBody

错误详细信息。

名称	类型	说明
additionalInfo	ErrorAdditionalInfo[]	错误附加信息。
code	string	错误代码。
details	CloudErrorBody[]	错误详细信息。
message	string	错误消息。
target	string	错误目标。

ErrorAdditionalInfo

资源管理错误附加信息。

名称	类型	说明
info	object	其他信息。
type	string	其他信息类型。

JitNetworkAccessPolicyInitiatePort

名称	类型	说明
allowedSourceAddressPrefix	string	允许的流量的来源。 如果省略，则请求将为启动请求的源 IP 地址。
endTimeUtc	string	以 UTC 格式关闭请求的时间
number	integer

JitNetworkAccessPolicyInitiateRequest

名称	类型	说明
justification	string	发出启动请求的理由
virtualMachines	JitNetworkAccessPolicyInitiateVirtualMachine[]	要为其打开访问权限的虚拟机 & 端口的列表

JitNetworkAccessPolicyInitiateType

要对实时访问策略执行的操作的类型。

名称	类型	说明
initiate	string

JitNetworkAccessPolicyInitiateVirtualMachine

名称	类型	说明
id	string	链接到此策略的虚拟机的资源 ID
ports	JitNetworkAccessPolicyInitiatePort[]	要为具有 的资源打开的端口 id

JitNetworkAccessRequest

名称	类型	说明
justification	string	发出启动请求的理由
requestor	string	发出请求的人员的身份
startTimeUtc	string	请求的开始时间（UTC）
virtualMachines	JitNetworkAccessRequestVirtualMachine[]

JitNetworkAccessRequestPort

名称	类型	说明
allowedSourceAddressPrefix	string	与“allowedSourceAddressPrefixes”参数互斥。 应为 IP 地址或 CIDR，例如“192.168.0.3”或“192.168.0.0/16”。
allowedSourceAddressPrefixes	string[]	与“allowedSourceAddressPrefix”参数互斥。
endTimeUtc	string	请求结束的日期 & UTC
mappedPort	integer	映射到Azure 防火墙中此端口的 number 端口（如果适用）
number	integer
status	status	端口的状态
statusReason	statusReason	说明 为何 status 具有其值

JitNetworkAccessRequestVirtualMachine

名称	类型	说明
id	string	链接到此策略的虚拟机的资源 ID
ports	JitNetworkAccessRequestPort[]	为虚拟机打开的端口

status

端口的状态

名称	类型	说明
Initiated	string
Revoked	string

statusReason

说明 为何 status 具有其值

名称	类型	说明
Expired	string
NewerRequestInitiated	string
UserRequested	string