你当前正在访问 Microsoft Azure Global Edition 技术文档网站。如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站，请访问 https://docs.azure.cn。

Registration Definitions - Create Or Update

参考

服务:: Managed Services

API 版本:: 2022-10-01

创建或更新注册定义。

PUT https://management.azure.com/{scope}/providers/Microsoft.ManagedServices/registrationDefinitions/{registrationDefinitionId}?api-version=2022-10-01

URI 参数

名称	在	必需	类型	说明
registrationDefinitionId	path	True	string	注册定义的 GUID。
scope	path	True	string	资源的范围。
api-version	query	True	string	用于此作的 API 版本。

请求正文

名称	类型	说明
plan	Plan	Azure 市场中托管服务产品/服务计划的详细信息。
properties	RegistrationDefinitionProperties	注册定义的属性。

响应

名称	类型	说明
200 OK	RegistrationDefinition	确定 - 返回有关更新的注册定义的信息。
201 Created	RegistrationDefinition	创建 - 返回有关所创建注册定义的信息。
Other Status Codes	ErrorResponse	描述作失败的原因的错误响应。

安全性

azure_auth

Azure Active Directory OAuth2 流

类型: oauth2
流向: implicit
授权 URL: https://login.microsoftonline.com/common/oauth2/authorize

作用域

名称	说明
user_impersonation	模拟用户帐户

示例

Put Registration Definition

示例请求

PUT https://management.azure.com/subscription/0afefe50-734e-4610-8a82-a144ahf49dea/providers/Microsoft.ManagedServices/registrationDefinitions/26c128c2-fefa-4340-9bb1-6e081c90ada2?api-version=2022-10-01

{
  "properties": {
    "registrationDefinitionName": "DefinitionName",
    "description": "Tes1t",
    "managedByTenantId": "83abe5cd-bcc3-441a-bd86-e6a75360cecc",
    "authorizations": [
      {
        "principalId": "f98d86a2-4cc4-4e9d-ad47-b3e80a1bcdfc",
        "principalIdDisplayName": "Support User",
        "roleDefinitionId": "acdd72a7-3385-48ef-bd42-f606fba81ae7"
      },
      {
        "principalId": "f98d86a2-4cc4-4e9d-ad47-b3e80a1bcdfc",
        "principalIdDisplayName": "User Access Administrator",
        "roleDefinitionId": "18d7d88d-d35e-4fb5-a5c3-7773c20a72d9",
        "delegatedRoleDefinitionIds": [
          "b24988ac-6180-42a0-ab88-20f7382dd24c"
        ]
      }
    ],
    "eligibleAuthorizations": [
      {
        "principalId": "3e0ed8c6-e902-4fc5-863c-e3ddbb2ae2a2",
        "principalIdDisplayName": "Support User",
        "roleDefinitionId": "ae349356-3a1b-4a5e-921d-050484c6347e",
        "justInTimeAccessPolicy": {
          "multiFactorAuthProvider": "Azure",
          "maximumActivationDuration": "PT8H",
          "managedByTenantApprovers": [
            {
              "principalId": "d9b22cd6-6407-43cc-8c60-07c56df0b51a",
              "principalIdDisplayName": "Approver Group"
            }
          ]
        }
      }
    ]
  },
  "plan": {
    "name": "addesai-plan",
    "product": "test",
    "publisher": "marketplace-test",
    "version": "1.0.0"
  }
}

from azure.identity import DefaultAzureCredential

from azure.mgmt.managedservices import ManagedServicesClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-managedservices
# USAGE
    python put_registration_definition.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = ManagedServicesClient(
        credential=DefaultAzureCredential(),
    )

    response = client.registration_definitions.begin_create_or_update(
        registration_definition_id="26c128c2-fefa-4340-9bb1-6e081c90ada2",
        scope="subscription/0afefe50-734e-4610-8a82-a144ahf49dea",
        request_body={
            "plan": {"name": "addesai-plan", "product": "test", "publisher": "marketplace-test", "version": "1.0.0"},
            "properties": {
                "authorizations": [
                    {
                        "principalId": "f98d86a2-4cc4-4e9d-ad47-b3e80a1bcdfc",
                        "principalIdDisplayName": "Support User",
                        "roleDefinitionId": "acdd72a7-3385-48ef-bd42-f606fba81ae7",
                    },
                    {
                        "delegatedRoleDefinitionIds": ["b24988ac-6180-42a0-ab88-20f7382dd24c"],
                        "principalId": "f98d86a2-4cc4-4e9d-ad47-b3e80a1bcdfc",
                        "principalIdDisplayName": "User Access Administrator",
                        "roleDefinitionId": "18d7d88d-d35e-4fb5-a5c3-7773c20a72d9",
                    },
                ],
                "description": "Tes1t",
                "eligibleAuthorizations": [
                    {
                        "justInTimeAccessPolicy": {
                            "managedByTenantApprovers": [
                                {
                                    "principalId": "d9b22cd6-6407-43cc-8c60-07c56df0b51a",
                                    "principalIdDisplayName": "Approver Group",
                                }
                            ],
                            "maximumActivationDuration": "PT8H",
                            "multiFactorAuthProvider": "Azure",
                        },
                        "principalId": "3e0ed8c6-e902-4fc5-863c-e3ddbb2ae2a2",
                        "principalIdDisplayName": "Support User",
                        "roleDefinitionId": "ae349356-3a1b-4a5e-921d-050484c6347e",
                    }
                ],
                "managedByTenantId": "83abe5cd-bcc3-441a-bd86-e6a75360cecc",
                "registrationDefinitionName": "DefinitionName",
            },
        },
    ).result()
    print(response)


# x-ms-original-file: specification/managedservices/resource-manager/Microsoft.ManagedServices/stable/2022-10-01/examples/PutRegistrationDefinition.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using System.Xml;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ManagedServices.Models;
using Azure.ResourceManager.ManagedServices;

// Generated from example definition: specification/managedservices/resource-manager/Microsoft.ManagedServices/stable/2022-10-01/examples/PutRegistrationDefinition.json
// this example is just showing the usage of "RegistrationDefinitions_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this ManagedServicesRegistrationResource created on azure
// for more information of creating ManagedServicesRegistrationResource, please refer to the document of ManagedServicesRegistrationResource
string scope = "subscription/0afefe50-734e-4610-8a82-a144ahf49dea";
string registrationId = "26c128c2-fefa-4340-9bb1-6e081c90ada2";
ResourceIdentifier managedServicesRegistrationResourceId = ManagedServicesRegistrationResource.CreateResourceIdentifier(scope, registrationId);
ManagedServicesRegistrationResource managedServicesRegistration = client.GetManagedServicesRegistrationResource(managedServicesRegistrationResourceId);

// invoke the operation
ManagedServicesRegistrationData data = new ManagedServicesRegistrationData
{
    Properties = new ManagedServicesRegistrationProperties(new ManagedServicesAuthorization[]
{
new ManagedServicesAuthorization(Guid.Parse("f98d86a2-4cc4-4e9d-ad47-b3e80a1bcdfc"), "acdd72a7-3385-48ef-bd42-f606fba81ae7")
{
PrincipalIdDisplayName = "Support User",
},
new ManagedServicesAuthorization(Guid.Parse("f98d86a2-4cc4-4e9d-ad47-b3e80a1bcdfc"), "18d7d88d-d35e-4fb5-a5c3-7773c20a72d9")
{
PrincipalIdDisplayName = "User Access Administrator",
DelegatedRoleDefinitionIds = {Guid.Parse("b24988ac-6180-42a0-ab88-20f7382dd24c")},
}
}, Guid.Parse("83abe5cd-bcc3-441a-bd86-e6a75360cecc"))
    {
        Description = "Tes1t",
        EligibleAuthorizations = {new ManagedServicesEligibleAuthorization(Guid.Parse("3e0ed8c6-e902-4fc5-863c-e3ddbb2ae2a2"), "ae349356-3a1b-4a5e-921d-050484c6347e")
        {
        PrincipalIdDisplayName = "Support User",
        JustInTimeAccessPolicy = new ManagedServicesJustInTimeAccessPolicy(MultiFactorAuthProvider.Azure)
        {
        MaximumActivationDuration = XmlConvert.ToTimeSpan("PT8H"),
        ManagedByTenantApprovers = {new ManagedServicesEligibleApprover(Guid.Parse("d9b22cd6-6407-43cc-8c60-07c56df0b51a"))
        {
        PrincipalIdDisplayName = "Approver Group",
        }},
        },
        }},
        RegistrationDefinitionName = "DefinitionName",
    },
    Plan = new ManagedServicesPlan("addesai-plan", "marketplace-test", "test", "1.0.0"),
};
ArmOperation<ManagedServicesRegistrationResource> lro = await managedServicesRegistration.UpdateAsync(WaitUntil.Completed, data);
ManagedServicesRegistrationResource result = lro.Value;

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ManagedServicesRegistrationData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

示例响应

状态代码:: 200

{
  "properties": {
    "description": "Test",
    "managedByTenantId": "83ace5cd-bcc3-441a-hd86-e6a75360cecc",
    "registrationDefinitionName": "DefinitionName",
    "authorizations": [
      {
        "principalId": "f98g86a2-4cc4-4e6d-ad47-b3e80a1bcdfc",
        "principalIdDisplayName": "Support User",
        "roleDefinitionId": "acdd72a7-3385-48ef-bd42-f606fba81ae7"
      },
      {
        "principalId": "f98d86a2-4cc4-4e9d-ad47-b3e80a1bcdfc",
        "principalIdDisplayName": "User Access Administrator",
        "roleDefinitionId": "18d7d88d-d35e-4fb5-a5c3-7773c20a72d9",
        "delegatedRoleDefinitionIds": [
          "b24988ac-6180-42a0-ab88-20f7382dd24c"
        ]
      }
    ],
    "eligibleAuthorizations": [
      {
        "justInTimeAccessPolicy": {
          "multiFactorAuthProvider": "Azure",
          "maximumActivationDuration": "PT8H",
          "managedByTenantApprovers": [
            {
              "principalId": "d9b22cd6-6407-43cc-8c60-07c56df0b51a",
              "principalIdDisplayName": "Approver Group"
            }
          ]
        },
        "principalId": "3e0ed8c6-e902-4fc5-863c-e3ddbb2ae2a2",
        "principalIdDisplayName": "Support User",
        "roleDefinitionId": "ae349356-3a1b-4a5e-921d-050484c6347e"
      }
    ],
    "provisioningState": "Succeeded",
    "managedByTenantName": "Test Tenant"
  },
  "plan": {
    "name": "addesai-plan",
    "product": "test",
    "publisher": "marketplace-test",
    "version": "1.0.0"
  },
  "id": "/subscriptions/0afefe50-734e-4610-8a82-a144ahf49dea/providers/Microsoft.ManagedServices/registrationDefinitions/26c128c2-fefa-4340-9bb1-6e081c90ada2",
  "type": "Microsoft.ManagedServices/registrationDefinitions",
  "name": "26c128c2-fefa-4340-9bb1-6e081c90ada2"
}

状态代码:: 201

{
  "properties": {
    "description": "Test",
    "managedByTenantId": "83ace5cd-bcc3-441a-hd86-e6a75360cecc",
    "registrationDefinitionName": "DefinitionName",
    "authorizations": [
      {
        "principalId": "f98g86a2-4cc4-4e6d-ad47-b3e80a1bcdfc",
        "principalIdDisplayName": "Support User",
        "roleDefinitionId": "acdd72a7-3385-48ef-bd42-f606fba81ae7"
      },
      {
        "principalId": "f98d86a2-4cc4-4e9d-ad47-b3e80a1bcdfc",
        "principalIdDisplayName": "User Access Administrator",
        "roleDefinitionId": "18d7d88d-d35e-4fb5-a5c3-7773c20a72d9",
        "delegatedRoleDefinitionIds": [
          "b24988ac-6180-42a0-ab88-20f7382dd24c"
        ]
      }
    ],
    "eligibleAuthorizations": [
      {
        "justInTimeAccessPolicy": {
          "multiFactorAuthProvider": "Azure",
          "maximumActivationDuration": "PT8H",
          "managedByTenantApprovers": [
            {
              "principalId": "d9b22cd6-6407-43cc-8c60-07c56df0b51a",
              "principalIdDisplayName": "Approver Group"
            }
          ]
        },
        "principalId": "3e0ed8c6-e902-4fc5-863c-e3ddbb2ae2a2",
        "principalIdDisplayName": "Support User",
        "roleDefinitionId": "ae349356-3a1b-4a5e-921d-050484c6347e"
      }
    ],
    "provisioningState": "Succeeded",
    "managedByTenantName": "Test Tenant"
  },
  "plan": {
    "name": "addesai-plan",
    "product": "test",
    "publisher": "marketplace-test",
    "version": "1.0.0"
  },
  "id": "/subscriptions/0afefe50-734e-4610-8a82-a144ahf49dea/providers/Microsoft.ManagedServices/registrationDefinitions/26c128c2-fefa-4340-9bb1-6e081c90ada2",
  "type": "Microsoft.ManagedServices/registrationDefinitions",
  "name": "26c128c2-fefa-4340-9bb1-6e081c90ada2"
}

定义

名称	说明
Authorization	Azure Active Directory 主体标识符和 Azure 内置角色，用于描述主体将在托管租户中的委托资源上接收的访问。
createdByType	创建资源的标识的类型。
EligibleApprover	定义 Azure Active Directory 主体，该主体可以通过在 EligibleAuthorization 中定义的主体批准任何实时访问请求。
EligibleAuthorization	Azure Active Directory 主体标识符、Azure 内置角色和实时访问策略，用于描述主体将在托管租户中的委托资源上接收的实时访问策略。
ErrorDefinition	指示传入请求无法处理的原因的错误响应
ErrorResponse	错误响应。
JustInTimeAccessPolicy	实时访问策略设置。
MultiFactorAuthProvider	用于实时访问请求的多重授权提供程序。
Plan	Azure 市场中托管服务产品/服务计划的详细信息。
ProvisioningState	注册定义的当前预配状态。
RegistrationDefinition	注册定义。
RegistrationDefinitionProperties	注册定义的属性。
systemData	与创建和上次修改资源相关的元数据。

Authorization

Object

Azure Active Directory 主体标识符和 Azure 内置角色，用于描述主体将在托管租户中的委托资源上接收的访问。

名称	类型	说明
delegatedRoleDefinitionIds	string[] (uuid)	当 roleDefinitionId 引用用户访问管理员角色时，需要 delegatedRoleDefinitionId 字段。它是角色定义 ID 的列表，用于定义授权中用户可以分配给其他主体的所有权限。
principalId	string	Azure Active Directory 主体的标识符。
principalIdDisplayName	string	Azure Active Directory 主体的显示名称。
roleDefinitionId	string	Azure 内置角色的标识符，用于定义 Azure Active Directory 主体在投影范围上拥有的权限。

createdByType

枚举

创建资源的标识的类型。

值	说明
Application
Key
ManagedIdentity
User

EligibleApprover

Object

定义 Azure Active Directory 主体，该主体可以通过在 EligibleAuthorization 中定义的主体批准任何实时访问请求。

名称	类型	说明
principalId	string	Azure Active Directory 主体的标识符。
principalIdDisplayName	string	Azure Active Directory 主体的显示名称。

EligibleAuthorization

Object

Azure Active Directory 主体标识符、Azure 内置角色和实时访问策略，用于描述主体将在托管租户中的委托资源上接收的实时访问策略。

名称	类型	说明
justInTimeAccessPolicy	JustInTimeAccessPolicy	实时访问策略设置。
principalId	string	Azure Active Directory 主体的标识符。
principalIdDisplayName	string	Azure Active Directory 主体的显示名称。
roleDefinitionId	string	Azure 内置角色的标识符，用于定义 Azure Active Directory 主体在投影范围上拥有的权限。

ErrorDefinition

Object

指示传入请求无法处理的原因的错误响应

名称	类型	说明
code	string	错误代码。
details	ErrorDefinition[]	内部错误详细信息。
message	string	指示作失败的原因的错误消息。

ErrorResponse

Object

错误响应。

名称	类型	说明
error	ErrorDefinition	错误详细信息。

JustInTimeAccessPolicy

Object

实时访问策略设置。

名称	类型	默认值	说明
managedByTenantApprovers	EligibleApprover[]		符合条件的授权的 managedByTenant 审批者列表。
maximumActivationDuration	string (duration)	PT8H	实时访问请求的最大访问持续时间（采用 ISO 8601 格式）。
multiFactorAuthProvider	MultiFactorAuthProvider	None	用于实时访问请求的多重授权提供程序。

MultiFactorAuthProvider

枚举

用于实时访问请求的多重授权提供程序。

值	说明
Azure
None

Plan

Object

Azure 市场中托管服务产品/服务计划的详细信息。

名称	类型	说明
name	string	Azure 市场计划名称。
product	string	Azure 市场代码示例。
publisher	string	Azure 市场发布者 ID。
version	string	Azure 市场计划的版本。

ProvisioningState

枚举

注册定义的当前预配状态。

值	说明
Accepted
Canceled
Created
Creating
Deleted
Deleting
Failed
NotSpecified
Ready
Running
Succeeded
Updating