Governance Rules - Get

服務:

Defender for Cloud

API 版本:

2022-01-01-preview

依 ruleId 取得要求範圍的特定治理規則

GET https://management.azure.com/{scope}/providers/Microsoft.Security/governanceRules/{ruleId}?api-version=2022-01-01-preview

URI 參數

名稱	位於	必要	類型	Description
ruleId	path	True	string	治理規則金鑰 - 標準治理規則的唯一索引鍵 （GUID）
scope	path	True	string	治理規則的範圍。 有效範圍包括：管理群組（格式：'providers/Microsoft.Management/managementGroups/{managementGroup}'）、訂用帳戶（格式：'subscriptions/{subscriptionId}'），或安全性連接器（格式：'subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/securityConnectors/{securityConnectorName}）'
api-version	query	True	string	作業的 API 版本

回應

名稱	類型	Description
200 OK	GovernanceRule	還行
Other Status Codes	CloudError	描述作業失敗原因的錯誤回應

安全性

azure_auth

Azure Active Directory OAuth2 Flow

類型: oauth2
Flow: implicit
授權 URL: https://login.microsoftonline.com/common/oauth2/authorize

範圍

名稱	Description
user_impersonation	模擬您的用戶帳戶

範例

Get a governance rule over management group scope

Get a governance rule over security connector scope

Get a governance rule over subscription scope

Get a governance rule over management group scope

範例要求

HTTP

GET https://management.azure.com/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8?api-version=2022-01-01-preview

Java

/**
 * Samples for GovernanceRules Get.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/
     * GetManagementGroupGovernanceRule_example.json
     */
    /**
     * Sample code: Get a governance rule over management group scope.
     * 
     * @param manager Entry point to SecurityManager.
     */
    public static void
        getAGovernanceRuleOverManagementGroupScope(com.azure.resourcemanager.security.SecurityManager manager) {
        manager.governanceRules().getWithResponse("providers/Microsoft.Management/managementGroups/contoso",
            "ad9a8e26-29d9-4829-bb30-e597a58cdbb8", com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armsecurity_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/GetManagementGroupGovernanceRule_example.json
func ExampleGovernanceRulesClient_Get_getAGovernanceRuleOverManagementGroupScope() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewGovernanceRulesClient().Get(ctx, "providers/Microsoft.Management/managementGroups/contoso", "ad9a8e26-29d9-4829-bb30-e597a58cdbb8", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.GovernanceRule = armsecurity.GovernanceRule{
	// 	Name: to.Ptr("ad9a8e26-29d9-4829-bb30-e597a58cdbb8"),
	// 	Type: to.Ptr("Microsoft.Security/governanceRules"),
	// 	ID: to.Ptr("providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8"),
	// 	Properties: &armsecurity.GovernanceRuleProperties{
	// 		Description: to.Ptr("A rule for a management group"),
	// 		ConditionSets: []any{
	// 			map[string]any{
	// 				"conditions":[]any{
	// 					map[string]any{
	// 						"operator": "In",
	// 						"property": "$.AssessmentKey",
	// 						"value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
	// 					},
	// 				},
	// 		}},
	// 		DisplayName: to.Ptr("Management group rule"),
	// 		ExcludedScopes: []*string{
	// 			to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23")},
	// 			GovernanceEmailNotification: &armsecurity.GovernanceRuleEmailNotification{
	// 				DisableManagerEmailNotification: to.Ptr(false),
	// 				DisableOwnerEmailNotification: to.Ptr(false),
	// 			},
	// 			IncludeMemberScopes: to.Ptr(false),
	// 			IsDisabled: to.Ptr(false),
	// 			IsGracePeriod: to.Ptr(true),
	// 			Metadata: &armsecurity.GovernanceRuleMetadata{
	// 				CreatedBy: to.Ptr("c23b5354-ff0a-4b2a-9f92-6f144effd936"),
	// 				CreatedOn: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-11-10T08:31:26.799Z"); return t}()),
	// 				UpdatedBy: to.Ptr("c23b5354-ff0a-4b2a-9f92-6f144effd936"),
	// 				UpdatedOn: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-11-10T08:31:26.799Z"); return t}()),
	// 			},
	// 			OwnerSource: &armsecurity.GovernanceRuleOwnerSource{
	// 				Type: to.Ptr(armsecurity.GovernanceRuleOwnerSourceTypeManually),
	// 				Value: to.Ptr("user@contoso.com"),
	// 			},
	// 			RemediationTimeframe: to.Ptr("7.00:00:00"),
	// 			RulePriority: to.Ptr[int32](200),
	// 			RuleType: to.Ptr(armsecurity.GovernanceRuleTypeIntegrated),
	// 			SourceResourceType: to.Ptr(armsecurity.GovernanceRuleSourceResourceTypeAssessments),
	// 			TenantID: to.Ptr("f0b6d37b-e4bc-4719-9291-c066c3194f23"),
	// 		},
	// 	}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Get a specific governance rule for the requested scope by ruleId
 *
 * @summary Get a specific governance rule for the requested scope by ruleId
 * x-ms-original-file: specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/GetManagementGroupGovernanceRule_example.json
 */
async function getAGovernanceRuleOverManagementGroupScope() {
  const scope = "providers/Microsoft.Management/managementGroups/contoso";
  const ruleId = "ad9a8e26-29d9-4829-bb30-e597a58cdbb8";
  const credential = new DefaultAzureCredential();
  const client = new SecurityCenter(credential);
  const result = await client.governanceRules.get(scope, ruleId);
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

dotnet

using Azure;
using Azure.ResourceManager;
using System;
using System.Collections.Generic;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.SecurityCenter.Models;
using Azure.ResourceManager.SecurityCenter;

// Generated from example definition: specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/GetManagementGroupGovernanceRule_example.json
// this example is just showing the usage of "GovernanceRules_Get" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// get the collection of this GovernanceRuleResource
string scope = "providers/Microsoft.Management/managementGroups/contoso";
GovernanceRuleCollection collection = client.GetGovernanceRules(new ResourceIdentifier(scope));

// invoke the operation
string ruleId = "ad9a8e26-29d9-4829-bb30-e597a58cdbb8";
NullableResponse<GovernanceRuleResource> response = await collection.GetIfExistsAsync(ruleId);
GovernanceRuleResource result = response.HasValue ? response.Value : null;

if (result == null)
{
    Console.WriteLine("Succeeded with null as result");
}
else
{
    // the variable result is a resource, you could call other operations on this instance as well
    // but just for demo, we get its data from this resource instance
    GovernanceRuleData resourceData = result.Data;
    // for demo we just print out the id
    Console.WriteLine($"Succeeded on id: {resourceData.Id}");
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

範例回覆

狀態碼:

200

{
  "id": "providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
  "name": "ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
  "type": "Microsoft.Security/governanceRules",
  "properties": {
    "tenantId": "f0b6d37b-e4bc-4719-9291-c066c3194f23",
    "displayName": "Management group rule",
    "description": "A rule for a management group",
    "remediationTimeframe": "7.00:00:00",
    "isGracePeriod": true,
    "rulePriority": 200,
    "isDisabled": false,
    "ruleType": "Integrated",
    "sourceResourceType": "Assessments",
    "conditionSets": [
      {
        "conditions": [
          {
            "property": "$.AssessmentKey",
            "value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
            "operator": "In"
          }
        ]
      }
    ],
    "ownerSource": {
      "type": "Manually",
      "value": "user@contoso.com"
    },
    "governanceEmailNotification": {
      "disableManagerEmailNotification": false,
      "disableOwnerEmailNotification": false
    },
    "excludedScopes": [
      "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23"
    ],
    "includeMemberScopes": false,
    "metadata": {
      "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
      "createdOn": "2022-11-10T08:31:26.7993124Z",
      "updatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
      "updatedOn": "2022-11-10T08:31:26.7993124Z"
    }
  }
}

Get a governance rule over security connector scope

範例要求

HTTP

GET https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8?api-version=2022-01-01-preview

Java

/**
 * Samples for GovernanceRules Get.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/
     * GetSecurityConnectorGovernanceRule_example.json
     */
    /**
     * Sample code: Get a governance rule over security connector scope.
     * 
     * @param manager Entry point to SecurityManager.
     */
    public static void
        getAGovernanceRuleOverSecurityConnectorScope(com.azure.resourcemanager.security.SecurityManager manager) {
        manager.governanceRules().getWithResponse(
            "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector",
            "ad9a8e26-29d9-4829-bb30-e597a58cdbb8", com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armsecurity_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/GetSecurityConnectorGovernanceRule_example.json
func ExampleGovernanceRulesClient_Get_getAGovernanceRuleOverSecurityConnectorScope() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewGovernanceRulesClient().Get(ctx, "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector", "ad9a8e26-29d9-4829-bb30-e597a58cdbb8", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.GovernanceRule = armsecurity.GovernanceRule{
	// 	Name: to.Ptr("ad9a8e26-29d9-4829-bb30-e597a58cdbb8"),
	// 	Type: to.Ptr("Microsoft.Security/governanceRules"),
	// 	ID: to.Ptr("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8"),
	// 	Properties: &armsecurity.GovernanceRuleProperties{
	// 		Description: to.Ptr("A rule on critical GCP recommendations"),
	// 		ConditionSets: []any{
	// 			map[string]any{
	// 				"conditions":[]any{
	// 					map[string]any{
	// 						"operator": "In",
	// 						"property": "$.AssessmentKey",
	// 						"value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
	// 					},
	// 				},
	// 		}},
	// 		DisplayName: to.Ptr("GCP Admin's rule"),
	// 		ExcludedScopes: []*string{
	// 		},
	// 		GovernanceEmailNotification: &armsecurity.GovernanceRuleEmailNotification{
	// 			DisableManagerEmailNotification: to.Ptr(false),
	// 			DisableOwnerEmailNotification: to.Ptr(false),
	// 		},
	// 		IncludeMemberScopes: to.Ptr(false),
	// 		IsDisabled: to.Ptr(false),
	// 		IsGracePeriod: to.Ptr(true),
	// 		Metadata: &armsecurity.GovernanceRuleMetadata{
	// 			CreatedBy: to.Ptr("c23b5354-ff0a-4b2a-9f92-6f144effd936"),
	// 			CreatedOn: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-11-10T08:31:26.799Z"); return t}()),
	// 			UpdatedBy: to.Ptr("c23b5354-ff0a-4b2a-9f92-6f144effd936"),
	// 			UpdatedOn: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-11-10T08:31:26.799Z"); return t}()),
	// 		},
	// 		OwnerSource: &armsecurity.GovernanceRuleOwnerSource{
	// 			Type: to.Ptr(armsecurity.GovernanceRuleOwnerSourceTypeManually),
	// 			Value: to.Ptr("user@contoso.com"),
	// 		},
	// 		RemediationTimeframe: to.Ptr("7.00:00:00"),
	// 		RulePriority: to.Ptr[int32](200),
	// 		RuleType: to.Ptr(armsecurity.GovernanceRuleTypeIntegrated),
	// 		SourceResourceType: to.Ptr(armsecurity.GovernanceRuleSourceResourceTypeAssessments),
	// 		TenantID: to.Ptr("f0b6d37b-e4bc-4719-9291-c066c3194f23"),
	// 	},
	// }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Get a specific governance rule for the requested scope by ruleId
 *
 * @summary Get a specific governance rule for the requested scope by ruleId
 * x-ms-original-file: specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/GetSecurityConnectorGovernanceRule_example.json
 */
async function getAGovernanceRuleOverSecurityConnectorScope() {
  const scope =
    "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector";
  const ruleId = "ad9a8e26-29d9-4829-bb30-e597a58cdbb8";
  const credential = new DefaultAzureCredential();
  const client = new SecurityCenter(credential);
  const result = await client.governanceRules.get(scope, ruleId);
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

dotnet

using Azure;
using Azure.ResourceManager;
using System;
using System.Collections.Generic;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.SecurityCenter.Models;
using Azure.ResourceManager.SecurityCenter;

// Generated from example definition: specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/GetSecurityConnectorGovernanceRule_example.json
// this example is just showing the usage of "GovernanceRules_Get" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// get the collection of this GovernanceRuleResource
string scope = "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector";
GovernanceRuleCollection collection = client.GetGovernanceRules(new ResourceIdentifier(scope));

// invoke the operation
string ruleId = "ad9a8e26-29d9-4829-bb30-e597a58cdbb8";
NullableResponse<GovernanceRuleResource> response = await collection.GetIfExistsAsync(ruleId);
GovernanceRuleResource result = response.HasValue ? response.Value : null;

if (result == null)
{
    Console.WriteLine("Succeeded with null as result");
}
else
{
    // the variable result is a resource, you could call other operations on this instance as well
    // but just for demo, we get its data from this resource instance
    GovernanceRuleData resourceData = result.Data;
    // for demo we just print out the id
    Console.WriteLine($"Succeeded on id: {resourceData.Id}");
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

範例回覆

狀態碼:

200

{
  "id": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
  "name": "ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
  "type": "Microsoft.Security/governanceRules",
  "properties": {
    "tenantId": "f0b6d37b-e4bc-4719-9291-c066c3194f23",
    "displayName": "GCP Admin's rule",
    "description": "A rule on critical GCP recommendations",
    "remediationTimeframe": "7.00:00:00",
    "isGracePeriod": true,
    "rulePriority": 200,
    "isDisabled": false,
    "ruleType": "Integrated",
    "sourceResourceType": "Assessments",
    "conditionSets": [
      {
        "conditions": [
          {
            "property": "$.AssessmentKey",
            "value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
            "operator": "In"
          }
        ]
      }
    ],
    "ownerSource": {
      "type": "Manually",
      "value": "user@contoso.com"
    },
    "governanceEmailNotification": {
      "disableManagerEmailNotification": false,
      "disableOwnerEmailNotification": false
    },
    "excludedScopes": [],
    "includeMemberScopes": false,
    "metadata": {
      "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
      "createdOn": "2022-11-10T08:31:26.7993124Z",
      "updatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
      "updatedOn": "2022-11-10T08:31:26.7993124Z"
    }
  }
}

Get a governance rule over subscription scope

範例要求

HTTP

GET https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8?api-version=2022-01-01-preview

Java

/**
 * Samples for GovernanceRules Get.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/
     * GetGovernanceRule_example.json
     */
    /**
     * Sample code: Get a governance rule over subscription scope.
     * 
     * @param manager Entry point to SecurityManager.
     */
    public static void
        getAGovernanceRuleOverSubscriptionScope(com.azure.resourcemanager.security.SecurityManager manager) {
        manager.governanceRules().getWithResponse("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23",
            "ad9a8e26-29d9-4829-bb30-e597a58cdbb8", com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armsecurity_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/GetGovernanceRule_example.json
func ExampleGovernanceRulesClient_Get_getAGovernanceRuleOverSubscriptionScope() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewGovernanceRulesClient().Get(ctx, "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23", "ad9a8e26-29d9-4829-bb30-e597a58cdbb8", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.GovernanceRule = armsecurity.GovernanceRule{
	// 	Name: to.Ptr("ad9a8e26-29d9-4829-bb30-e597a58cdbb8"),
	// 	Type: to.Ptr("Microsoft.Security/governanceRules"),
	// 	ID: to.Ptr("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8"),
	// 	Properties: &armsecurity.GovernanceRuleProperties{
	// 		Description: to.Ptr("A rule for critical recommendations"),
	// 		ConditionSets: []any{
	// 			map[string]any{
	// 				"conditions":[]any{
	// 					map[string]any{
	// 						"operator": "In",
	// 						"property": "$.AssessmentKey",
	// 						"value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
	// 					},
	// 				},
	// 		}},
	// 		DisplayName: to.Ptr("Admin's rule"),
	// 		ExcludedScopes: []*string{
	// 		},
	// 		GovernanceEmailNotification: &armsecurity.GovernanceRuleEmailNotification{
	// 			DisableManagerEmailNotification: to.Ptr(false),
	// 			DisableOwnerEmailNotification: to.Ptr(false),
	// 		},
	// 		IncludeMemberScopes: to.Ptr(false),
	// 		IsDisabled: to.Ptr(false),
	// 		IsGracePeriod: to.Ptr(true),
	// 		Metadata: &armsecurity.GovernanceRuleMetadata{
	// 			CreatedBy: to.Ptr("c23b5354-ff0a-4b2a-9f92-6f144effd936"),
	// 			CreatedOn: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-11-10T08:31:26.799Z"); return t}()),
	// 			UpdatedBy: to.Ptr("c23b5354-ff0a-4b2a-9f92-6f144effd936"),
	// 			UpdatedOn: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-11-10T08:31:26.799Z"); return t}()),
	// 		},
	// 		OwnerSource: &armsecurity.GovernanceRuleOwnerSource{
	// 			Type: to.Ptr(armsecurity.GovernanceRuleOwnerSourceTypeManually),
	// 			Value: to.Ptr("user@contoso.com"),
	// 		},
	// 		RemediationTimeframe: to.Ptr("7.00:00:00"),
	// 		RulePriority: to.Ptr[int32](200),
	// 		RuleType: to.Ptr(armsecurity.GovernanceRuleTypeIntegrated),
	// 		SourceResourceType: to.Ptr(armsecurity.GovernanceRuleSourceResourceTypeAssessments),
	// 		TenantID: to.Ptr("f0b6d37b-e4bc-4719-9291-c066c3194f23"),
	// 	},
	// }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Get a specific governance rule for the requested scope by ruleId
 *
 * @summary Get a specific governance rule for the requested scope by ruleId
 * x-ms-original-file: specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/GetGovernanceRule_example.json
 */
async function getAGovernanceRuleOverSubscriptionScope() {
  const scope = "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23";
  const ruleId = "ad9a8e26-29d9-4829-bb30-e597a58cdbb8";
  const credential = new DefaultAzureCredential();
  const client = new SecurityCenter(credential);
  const result = await client.governanceRules.get(scope, ruleId);
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

dotnet

using Azure;
using Azure.ResourceManager;
using System;
using System.Collections.Generic;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.SecurityCenter.Models;
using Azure.ResourceManager.SecurityCenter;

// Generated from example definition: specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/GetGovernanceRule_example.json
// this example is just showing the usage of "GovernanceRules_Get" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// get the collection of this GovernanceRuleResource
string scope = "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23";
GovernanceRuleCollection collection = client.GetGovernanceRules(new ResourceIdentifier(scope));

// invoke the operation
string ruleId = "ad9a8e26-29d9-4829-bb30-e597a58cdbb8";
NullableResponse<GovernanceRuleResource> response = await collection.GetIfExistsAsync(ruleId);
GovernanceRuleResource result = response.HasValue ? response.Value : null;

if (result == null)
{
    Console.WriteLine("Succeeded with null as result");
}
else
{
    // the variable result is a resource, you could call other operations on this instance as well
    // but just for demo, we get its data from this resource instance
    GovernanceRuleData resourceData = result.Data;
    // for demo we just print out the id
    Console.WriteLine($"Succeeded on id: {resourceData.Id}");
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

範例回覆

狀態碼:

200

{
  "id": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
  "name": "ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
  "type": "Microsoft.Security/governanceRules",
  "properties": {
    "tenantId": "f0b6d37b-e4bc-4719-9291-c066c3194f23",
    "displayName": "Admin's rule",
    "description": "A rule for critical recommendations",
    "remediationTimeframe": "7.00:00:00",
    "isGracePeriod": true,
    "rulePriority": 200,
    "isDisabled": false,
    "ruleType": "Integrated",
    "sourceResourceType": "Assessments",
    "conditionSets": [
      {
        "conditions": [
          {
            "property": "$.AssessmentKey",
            "value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
            "operator": "In"
          }
        ]
      }
    ],
    "ownerSource": {
      "type": "Manually",
      "value": "user@contoso.com"
    },
    "governanceEmailNotification": {
      "disableManagerEmailNotification": false,
      "disableOwnerEmailNotification": false
    },
    "excludedScopes": [],
    "includeMemberScopes": false,
    "metadata": {
      "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
      "createdOn": "2022-11-10T08:31:26.7993124Z",
      "updatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
      "updatedOn": "2022-11-10T08:31:26.7993124Z"
    }
  }
}

定義

名稱	Description
CloudError	所有 Azure Resource Manager API 的常見錯誤回應，以傳回失敗作業的錯誤詳細數據。 （這也遵循 OData 錯誤回應格式。）。
CloudErrorBody	錯誤詳細數據。
Condition	治理規則的條件
ErrorAdditionalInfo	資源管理錯誤其他資訊。
GovernanceRule	指定範圍的治理規則
GovernanceRuleConditionOperator	治理規則條件的運算符，例如等於嚴重性或 In，以取得評量清單，請參閱範例
GovernanceRuleEmailNotification	治理電子郵件每周通知設定
GovernanceRuleMetadata	治理規則元數據
GovernanceRuleOwnerSource	描述治理規則的擁有者來源
GovernanceRuleOwnerSourceType	治理規則擁有者來源的擁有者類型
GovernanceRuleSourceResourceType	治理規則來源、規則影響的內容，例如評定
GovernanceRuleType	治理規則的規則類型，定義規則的來源，例如整合式

CloudError

Object

所有 Azure Resource Manager API 的常見錯誤回應，以傳回失敗作業的錯誤詳細數據。 （這也遵循 OData 錯誤回應格式。）。

名稱	類型	Description
error.additionalInfo	ErrorAdditionalInfo[]	錯誤其他資訊。
error.code	string	錯誤碼。
error.details	CloudErrorBody[]	錯誤詳細數據。
error.message	string	錯誤訊息。
error.target	string	錯誤目標。

CloudErrorBody

Object

錯誤詳細數據。

名稱	類型	Description
additionalInfo	ErrorAdditionalInfo[]	錯誤其他資訊。
code	string	錯誤碼。
details	CloudErrorBody[]	錯誤詳細數據。
message	string	錯誤訊息。
target	string	錯誤目標。

Condition

Object

治理規則的條件

名稱	類型	Description
operator	GovernanceRuleConditionOperator	治理規則條件的運算符，例如等於嚴重性或 In，以取得評量清單，請參閱範例
property	string	治理規則條件的屬性，例如嚴重性或 AssessmentKey，請參閱範例
value	string	治理規則條件的值，例如嚴重性低、高或評量索引鍵，請參閱範例

ErrorAdditionalInfo

Object

資源管理錯誤其他資訊。

名稱	類型	Description
info	object	其他資訊。
type	string	其他信息類型。

GovernanceRule

Object

指定範圍的治理規則

名稱	類型	Description
id	string	資源標識碼
name	string	資源名稱
properties.conditionSets	Condition[]	治理規則條件集 - 請參閱範例
properties.description	string	治理規則的描述
properties.displayName	string	治理規則的顯示名稱
properties.excludedScopes	string[]	排除的範圍，篩選出範圍的子系（在管理範圍上）
properties.governanceEmailNotification	GovernanceRuleEmailNotification	治理規則的電子郵件通知設定，指出是否要停用管理員和擁有者的通知
properties.includeMemberScopes	boolean	定義規則是否為管理範圍規則（主要連接器為單一範圍或管理範圍）
properties.isDisabled	boolean	定義規則是否為使用中/非使用中
properties.isGracePeriod	boolean	定義治理規則是否有寬限期
properties.metadata	GovernanceRuleMetadata	治理規則元數據
properties.ownerSource	GovernanceRuleOwnerSource	治理規則的擁有者來源 -- 例如手動 user@contoso.com - 請參閱範例
properties.remediationTimeframe	string pattern: ^[0-9]+\.[0-9]{2}:[0-9]{2}:[0-9]{2}$	治理規則補救時間範圍 - 這是會影響寬限期間期間的時間，例如 7.00：00：00 - 表示 7 天
properties.rulePriority	integer (int32) minimum: 0 maximum: 1000	治理規則優先順序，優先順序為較低的數位。 不允許在相同範圍上具有相同優先順序的規則
properties.ruleType	GovernanceRuleType	治理規則的規則類型，定義規則的來源，例如整合式
properties.sourceResourceType	GovernanceRuleSourceResourceType	治理規則來源、規則影響的內容，例如評定
properties.tenantId	string	tenantId （GUID）
type	string	資源類型

GovernanceRuleConditionOperator

列舉型別

治理規則條件的運算符，例如等於嚴重性或 In，以取得評量清單，請參閱範例

值	Description
Equals	檢查 Property 中所定義之數據的字串值是否等於指定的值 - 完全符合
In	檢查 Property 中定義的資料字串值是否等於任何指定的值（完全相符）

GovernanceRuleEmailNotification

Object

治理電子郵件每周通知設定

名稱	類型	Description
disableManagerEmailNotification	boolean	定義管理員電子郵件通知是否停用
disableOwnerEmailNotification	boolean	定義是否停用擁有者電子郵件通知

GovernanceRuleMetadata

Object

治理規則元數據

名稱	類型	Description
createdBy	string	由物件識別碼建立的治理規則 （GUID）
createdOn	string (date-time)	治理規則建立日期
updatedBy	string	治理規則上次由物件識別碼更新 （GUID）
updatedOn	string (date-time)	治理規則上次更新日期

GovernanceRuleOwnerSource

Object

描述治理規則的擁有者來源

名稱	類型	Description
type	GovernanceRuleOwnerSourceType	治理規則擁有者來源的擁有者類型
value	string	來源值，例如標籤索引鍵，例如擁有者名稱或電子郵件位址

GovernanceRuleOwnerSourceType

列舉型別

治理規則擁有者來源的擁有者類型

值	Description
ByTag	使用資源標籤定義的規則來源類型
Manually	手動定義的規則來源類型

GovernanceRuleSourceResourceType

列舉型別

治理規則來源、規則影響的內容，例如評定

值	Description
Assessments	治理規則的來源是評量

GovernanceRuleType

列舉型別

治理規則的規則類型，定義規則的來源，例如整合式

值	Description
Integrated	規則類型定義的來源已整合
ServiceNow	規則類型定義的來源是 ServiceNow