作為事件方格來源的 Azure 訂用帳戶
本文提供 Azure 訂用帳戶事件的屬性和架構。 如需事件架構的簡介,請參閱 Azure 事件方格 事件架構。
Azure 訂用帳戶和資源群組會發出相同的事件類型。 事件類型與資源變更或動作相關。 主要差異在於資源群組會針對資源群組內的資源發出事件,而 Azure 訂用帳戶會針對訂用帳戶中的資源發出事件。
系統會針對傳送至 management.azure.com的PUT、PATCH、POST和DELETE作業建立資源事件。 GET 作業不會建立事件。 傳送至數據平面的作業(例如 myaccount.blob.core.windows.net) 不會建立事件。 動作事件會為作業提供事件數據,例如列出資源的索引鍵。
當您訂閱 Azure 訂用帳戶的事件時,您的端點會收到該訂用帳戶的所有事件。 這些事件可以包含您想要查看的事件,例如更新虛擬機,但也包含您不重要的事件,例如在部署歷程記錄中撰寫新專案。 您可以在端點接收所有事件,並撰寫程式代碼來處理您想要處理的事件。 或者,您可以在建立事件訂用帳戶時設定篩選。
若要以程式設計方式處理事件,您可以藉由查看 operationName 值來排序事件。 例如,您的事件端點可能只會處理等於 Microsoft.Compute/virtualMachines/write 或 Microsoft.Storage/storageAccounts/write的作業事件。
事件主體是作業目標之資源的資源標識符。 若要篩選資源的事件,請在建立事件訂用帳戶時提供該資源標識符。 若要依資源類型進行篩選,請使用下列格式的值: /subscriptions/<subscription-id>/resourcegroups/<resource-group>/providers/Microsoft.Compute/virtualMachines
可用的事件類型
Azure 訂用帳戶會從 Azure Resource Manager 發出管理事件,例如建立 VM 或刪除記憶體帳戶時。
| 事件類型 | 描述 |
|---|---|
| Microsoft.Resources.ResourceActionCancel | 取消資源動作時引發。 |
| Microsoft.Resources.ResourceActionFailure | 資源上的動作失敗時引發。 |
| Microsoft.Resources.ResourceActionSuccess | 當資源上的動作成功時引發。 |
| Microsoft.Resources.ResourceDeleteCancel | 取消刪除作業時引發。 取消範本部署時,就會發生此事件。 |
| Microsoft.Resources.ResourceDeleteFailure | 刪除作業失敗時引發。 |
| Microsoft.Resources.ResourceDeleteSuccess | 刪除作業成功時引發。 |
| Microsoft.Resources.ResourceWriteCancel | 取消建立或更新作業時引發。 |
| Microsoft.Resources.ResourceWriteFailure | 建立或更新作業失敗時引發。 |
| Microsoft.Resources.ResourceWriteSuccess | 建立或更新作業成功時引發。 |
範例事件
下列範例顯示 ResourceWriteSuccess 事件的架構。 相同的架構用於 ResourceWriteFailure 和 ResourceWriteCancel 事件,其值不同。eventType
[{
"subject": "/subscriptions/{subscription-id}/resourcegroups/{resource-group}/providers/Microsoft.Storage/storageAccounts/{storage-name}",
"topic": "/subscriptions/{subscription-id}",
"type": "Microsoft.Resources.ResourceWriteSuccess",
"time": "2018-07-19T18:38:04.6117357Z",
"id": "4db48cba-50a2-455a-93b4-de41a3b5b7f6",
"data": {
"authorization": {
"scope": "/subscriptions/{subscription-id}/resourcegroups/{resource-group}/providers/Microsoft.Storage/storageAccounts/{storage-name}",
"action": "Microsoft.Storage/storageAccounts/write",
"evidence": {
"role": "Subscription Admin"
}
},
"claims": {
"aud": "{audience-claim}",
"iss": "{issuer-claim}",
"iat": "{issued-at-claim}",
"nbf": "{not-before-claim}",
"exp": "{expiration-claim}",
"_claim_names": "{\"groups\":\"src1\"}",
"_claim_sources": "{\"src1\":{\"endpoint\":\"{URI}\"}}",
"http://schemas.microsoft.com/claims/authnclassreference": "1",
"aio": "{token}",
"http://schemas.microsoft.com/claims/authnmethodsreferences": "rsa,mfa",
"appid": "{ID}",
"appidacr": "2",
"http://schemas.microsoft.com/2012/01/devicecontext/claims/identifier": "{ID}",
"e_exp": "{expiration}",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname": "{last-name}",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname": "{first-name}",
"ipaddr": "{IP-address}",
"name": "{full-name}",
"http://schemas.microsoft.com/identity/claims/objectidentifier": "{ID}",
"onprem_sid": "{ID}",
"puid": "{ID}",
"http://schemas.microsoft.com/identity/claims/scope": "user_impersonation",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier": "{ID}",
"http://schemas.microsoft.com/identity/claims/tenantid": "{ID}",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name": "{user-name}",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn": "{user-name}",
"uti": "{ID}",
"ver": "1.0"
},
"correlationId": "{ID}",
"resourceProvider": "Microsoft.Storage",
"resourceUri": "/subscriptions/{subscription-id}/resourcegroups/{resource-group}/providers/Microsoft.Storage/storageAccounts/{storage-name}",
"operationName": "Microsoft.Storage/storageAccounts/write",
"status": "Succeeded",
"subscriptionId": "{subscription-id}",
"tenantId": "{tenant-id}"
},
"specversion": "`1.0"
}]
下列範例顯示 ResourceDeleteSuccess 事件的架構。 針對 具有相同值的 ResourceDeleteFailure 和 ResourceDeleteCancel 事件,使用相同的架構。eventType
[{
"subject": "/subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.Storage/storageAccounts/{storage-name}",
"source": "/subscriptions/{subscription-id}",
"type": "Microsoft.Resources.ResourceDeleteSuccess",
"time": "2018-07-19T19:24:12.763881Z",
"id": "19a69642-1aad-4a96-a5ab-8d05494513ce",
"data": {
"authorization": {
"scope": "/subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.Storage/storageAccounts/{storage-name}",
"action": "Microsoft.Storage/storageAccounts/delete",
"evidence": {
"role": "Subscription Admin"
}
},
"claims": {
"aud": "{audience-claim}",
"iss": "{issuer-claim}",
"iat": "{issued-at-claim}",
"nbf": "{not-before-claim}",
"exp": "{expiration-claim}",
"_claim_names": "{\"groups\":\"src1\"}",
"_claim_sources": "{\"src1\":{\"endpoint\":\"{URI}\"}}",
"http://schemas.microsoft.com/claims/authnclassreference": "1",
"aio": "{token}",
"http://schemas.microsoft.com/claims/authnmethodsreferences": "rsa,mfa",
"appid": "{ID}",
"appidacr": "2",
"http://schemas.microsoft.com/2012/01/devicecontext/claims/identifier": "{ID}",
"e_exp": "262800",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname": "{last-name}",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname": "{first-name}",
"ipaddr": "{IP-address}",
"name": "{full-name}",
"http://schemas.microsoft.com/identity/claims/objectidentifier": "{ID}",
"onprem_sid": "{ID}",
"puid": "{ID}",
"http://schemas.microsoft.com/identity/claims/scope": "user_impersonation",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier": "{ID}",
"http://schemas.microsoft.com/identity/claims/tenantid": "{ID}",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name": "{user-name}",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn": "{user-name}",
"uti": "{ID}",
"ver": "1.0"
},
"correlationId": "{ID}",
"httpRequest": {
"clientRequestId": "{ID}",
"clientIpAddress": "{IP-address}",
"method": "DELETE",
"url": "https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.Storage/storageAccounts/{storage-name}?api-version=2018-02-01"
},
"resourceProvider": "Microsoft.Storage",
"resourceUri": "/subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.Storage/storageAccounts/{storage-name}",
"operationName": "Microsoft.Storage/storageAccounts/delete",
"status": "Succeeded",
"subscriptionId": "{subscription-id}",
"tenantId": "{tenant-id}"
},
"specversion": "1.0"
}]
下列範例顯示 ResourceActionSuccess 事件的架構。 針對 具有不同值的 ResourceActionFailure 和 ResourceActionCancel 事件,使用相同的架構。eventType
[{
"subject": "/subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.EventHub/namespaces/{namespace}/AuthorizationRules/RootManageSharedAccessKey",
"source": "/subscriptions/{subscription-id}",
"type": "Microsoft.Resources.ResourceActionSuccess",
"time": "2018-10-08T22:46:22.6022559Z",
"id": "{ID}",
"data": {
"authorization": {
"scope": "/subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.EventHub/namespaces/{namespace}/AuthorizationRules/RootManageSharedAccessKey",
"action": "Microsoft.EventHub/namespaces/AuthorizationRules/listKeys/action",
"evidence": {
"role": "Contributor",
"roleAssignmentScope": "/subscriptions/{subscription-id}",
"roleAssignmentId": "{ID}",
"roleDefinitionId": "{ID}",
"principalId": "{ID}",
"principalType": "ServicePrincipal"
}
},
"claims": {
"aud": "{audience-claim}",
"iss": "{issuer-claim}",
"iat": "{issued-at-claim}",
"nbf": "{not-before-claim}",
"exp": "{expiration-claim}",
"aio": "{token}",
"appid": "{ID}",
"appidacr": "2",
"http://schemas.microsoft.com/identity/claims/identityprovider": "{URL}",
"http://schemas.microsoft.com/identity/claims/objectidentifier": "{ID}",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier": "{ID}", "http://schemas.microsoft.com/identity/claims/tenantid": "{ID}",
"uti": "{ID}",
"ver": "1.0"
},
"correlationId": "{ID}",
"httpRequest": {
"clientRequestId": "{ID}",
"clientIpAddress": "{IP-address}",
"method": "POST",
"url": "https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.EventHub/namespaces/{namespace}/AuthorizationRules/RootManageSharedAccessKey/listKeys?api-version=2017-04-01"
},
"resourceProvider": "Microsoft.EventHub",
"resourceUri": "/subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.EventHub/namespaces/{namespace}/AuthorizationRules/RootManageSharedAccessKey",
"operationName": "Microsoft.EventHub/namespaces/AuthorizationRules/listKeys/action",
"status": "Succeeded",
"subscriptionId": "{subscription-id}",
"tenantId": "{tenant-id}"
},
"specversion": "1.0"
}]
事件屬性
事件具有下列最上層數據:
| 屬性 | 類型 | 描述 |
|---|---|---|
source |
string | 事件來源的完整資源路徑。 此欄位無法寫入。 事件方格提供此值。 |
subject |
string | 發行者定義事件主旨的路徑。 |
type |
string | 此事件來源已註冊的事件類型之一。 |
time |
string | 事件產生的時間,以提供者的 UTC 時間為準。 |
id |
string | 事件的唯一識別碼。 |
data |
object | 訂用帳戶事件數據。 |
specversion |
string | CloudEvents 架構規格版本。 |
資料物件具有下列屬性:
| 屬性 | 類型 | 描述 |
|---|---|---|
authorization |
object | 作業要求的授權。 |
claims |
object | 宣告的屬性。 如需詳細資訊,請參閱 JWT 規格。 |
correlationId |
string | 用於疑難解答的作業標識碼。 |
httpRequest |
object | 作業的詳細數據。 只有在更新現有資源或刪除資源時,才會包含此物件。 |
resourceProvider |
string | 作業的資源提供者。 |
resourceUri |
string | 作業中資源的 URI。 |
operationName |
string | 已採取的作業。 |
status |
string | 作業的狀態。 |
subscriptionId |
string | 資源的訂用帳戶標識碼。 |
tenantId |
string | 資源的租用戶標識碼。 |
教學課程和操作說明
| 標題 | 描述 |
|---|---|
| 教學課程:使用事件方格和 Microsoft Teams Azure 自動化 | 建立虛擬機,以傳送事件。 事件會觸發標記虛擬機的自動化 Runbook,並觸發傳送至 Microsoft Teams 通道的訊息。 |
| 如何:透過入口網站訂閱事件 | 使用入口網站訂閱 Azure 訂用帳戶的事件。 |
| Azure CLI:訂閱 Azure 訂用帳戶的事件 | 範例腳本會建立 Azure 訂用帳戶的事件方格訂用帳戶,並將事件傳送至 WebHook。 |
| PowerShell:訂閱 Azure 訂用帳戶的事件 | 範例腳本會建立 Azure 訂用帳戶的事件方格訂用帳戶,並將事件傳送至 WebHook。 |
下一步
- 如需 Azure 事件方格 簡介,請參閱什麼是事件方格?。
- 如需建立 Azure 事件方格 訂閱的詳細資訊,請參閱 Event Grid 訂用帳戶架構。