Policy States - Summarize For Policy Set Definition

服務:

Policy

API 版本:

2019-10-01

摘要說明訂用帳戶層級原則集定義的原則狀態。

POST https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}/providers/Microsoft.PolicyInsights/policyStates/latest/summarize?api-version=2019-10-01

含選擇性參數:

POST https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}/providers/Microsoft.PolicyInsights/policyStates/latest/summarize?api-version=2019-10-01&$top={$top}&$from={$from}&$to={$to}&$filter={$filter}

URI 參數

名稱	位於	必要	類型	Description
authorizationNamespace	path	True	AuthorizationNamespaceType	Microsoft授權資源提供者的命名空間;只允許 「Microsoft.Authorization」。。
policySetDefinitionName	path	True	string	原則集定義名稱。
policyStatesSummaryResource	path	True	PolicyStatesSummaryResourceType	摘要動作之 PolicyStates 資源類型下的虛擬資源。 在指定的時間範圍內，『latest』 代表最新的原則狀態，而且是唯一允許的值。
subscriptionId	path	True	string	Microsoft Azure 訂用帳戶標識碼。
api-version	query	True	string	用戶端 API 版本。
$filter	query		string	OData 篩選表達式。
$from	query		string (date-time)	ISO 8601 格式化時間戳，指定要查詢的間隔開始時間。 未指定時，服務會使用 （$to - 1 天）。
$to	query		string (date-time)	ISO 8601 格式化時間戳，指定要查詢之間隔的結束時間。 未指定時，服務會使用要求時間。
$top	query		integer (int32) minimum: 0	要傳回的記錄數目上限。

回應

名稱	類型	Description
200 OK	SummarizeResults	摘要結果。
Other Status Codes	QueryFailure	描述作業失敗原因的錯誤回應。

安全性

azure_auth

Azure Active Directory OAuth2 流

類型: oauth2
Flow: implicit
授權 URL: https://login.microsoftonline.com/common/oauth2/authorize

範圍

名稱	Description
user_impersonation	模擬您的用戶帳戶

範例

Summarize at policy set definition scope

範例要求

HTTP

POST https://management.azure.com/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/Microsoft.Authorization/policySetDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e338c/providers/Microsoft.PolicyInsights/policyStates/latest/summarize?api-version=2019-10-01&$top=1&$from=2019-10-05T18:00:00Z&$to=2019-10-06T18:00:00Z&$filter=PolicyDefinitionAction eq 'deny'

Java

import com.azure.resourcemanager.policyinsights.models.PolicyStatesSummaryResourceType;
import java.time.OffsetDateTime;

/**
 * Samples for PolicyStates SummarizeForPolicySetDefinition.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2019-10-01/examples/
     * PolicyStates_SummarizeSubscriptionLevelPolicySetDefinitionScope.json
     */
    /**
     * Sample code: Summarize at policy set definition scope.
     * 
     * @param manager Entry point to PolicyInsightsManager.
     */
    public static void
        summarizeAtPolicySetDefinitionScope(com.azure.resourcemanager.policyinsights.PolicyInsightsManager manager) {
        manager.policyStates().summarizeForPolicySetDefinitionWithResponse(PolicyStatesSummaryResourceType.LATEST,
            "fffedd8f-ffff-fffd-fffd-fffed2f84852", "3e3807c1-65c9-49e0-a406-82d8ae3e338c", 1,
            OffsetDateTime.parse("2019-10-05T18:00:00Z"), OffsetDateTime.parse("2019-10-06T18:00:00Z"),
            "PolicyDefinitionAction eq 'deny'", com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Python

from azure.identity import DefaultAzureCredential
from azure.mgmt.policyinsights import PolicyInsightsClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-policyinsights
# USAGE
    python policy_states_summarize_subscription_level_policy_set_definition_scope.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = PolicyInsightsClient(
        credential=DefaultAzureCredential(),
        subscription_id="fffedd8f-ffff-fffd-fffd-fffed2f84852",
    )

    response = client.policy_states.summarize_for_policy_set_definition(
        policy_states_summary_resource="latest",
        subscription_id="fffedd8f-ffff-fffd-fffd-fffed2f84852",
        policy_set_definition_name="3e3807c1-65c9-49e0-a406-82d8ae3e338c",
    )
    print(response)


# x-ms-original-file: specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2019-10-01/examples/PolicyStates_SummarizeSubscriptionLevelPolicySetDefinitionScope.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armpolicyinsights_test

import (
	"context"
	"log"

	"time"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/policyinsights/armpolicyinsights"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/05a9cdab363b8ec824094ee73950c04594325172/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2019-10-01/examples/PolicyStates_SummarizeSubscriptionLevelPolicySetDefinitionScope.json
func ExamplePolicyStatesClient_SummarizeForPolicySetDefinition() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armpolicyinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewPolicyStatesClient().SummarizeForPolicySetDefinition(ctx, armpolicyinsights.PolicyStatesSummaryResourceTypeLatest, "fffedd8f-ffff-fffd-fffd-fffed2f84852", "3e3807c1-65c9-49e0-a406-82d8ae3e338c", &armpolicyinsights.QueryOptions{Top: to.Ptr[int32](1),
		Filter:    to.Ptr("PolicyDefinitionAction eq 'deny'"),
		OrderBy:   nil,
		Select:    nil,
		From:      to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-10-05T18:00:00.000Z"); return t }()),
		To:        to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-10-06T18:00:00.000Z"); return t }()),
		Apply:     nil,
		SkipToken: nil,
		Expand:    nil,
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.SummarizeResults = armpolicyinsights.SummarizeResults{
	// 	ODataContext: to.Ptr("https://management.azure.com/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/Microsoft.Authorization/policySetDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e338c/providers/Microsoft.PolicyInsights/policyStates/$metadata#summary"),
	// 	ODataCount: to.Ptr[int32](1),
	// 	Value: []*armpolicyinsights.Summary{
	// 		{
	// 			ODataContext: to.Ptr("https://management.azure.com/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/Microsoft.Authorization/policySetDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e338c/providers/Microsoft.PolicyInsights/policyStates/$metadata#summary/$entity"),
	// 			PolicyAssignments: []*armpolicyinsights.PolicyAssignmentSummary{
	// 			},
	// 			Results: &armpolicyinsights.SummaryResults{
	// 				NonCompliantPolicies: to.Ptr[int32](0),
	// 				NonCompliantResources: to.Ptr[int32](0),
	// 				PolicyDetails: []*armpolicyinsights.ComplianceDetail{
	// 					{
	// 						ComplianceState: to.Ptr("compliant"),
	// 						Count: to.Ptr[int32](1),
	// 				}},
	// 				PolicyGroupDetails: []*armpolicyinsights.ComplianceDetail{
	// 					{
	// 						ComplianceState: to.Ptr("compliant"),
	// 						Count: to.Ptr[int32](1),
	// 				}},
	// 				QueryResultsURI: to.Ptr("https://management.azure.com/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/Microsoft.Authorization/policySetDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e338c/providers/Microsoft.PolicyInsights/policyStates/latest/queryResults?api-version=2019-10-01&$from=2019-10-05 18:00:00Z&$to=2019-10-06 18:00:00Z&$filter=(PolicyDefinitionAction eq 'deny') and IsCompliant eq false"),
	// 				ResourceDetails: []*armpolicyinsights.ComplianceDetail{
	// 					{
	// 						ComplianceState: to.Ptr("compliant"),
	// 						Count: to.Ptr[int32](140),
	// 				}},
	// 			},
	// 	}},
	// }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { PolicyInsightsClient } = require("@azure/arm-policyinsights");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Summarizes policy states for the subscription level policy set definition.
 *
 * @summary Summarizes policy states for the subscription level policy set definition.
 * x-ms-original-file: specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2019-10-01/examples/PolicyStates_SummarizeSubscriptionLevelPolicySetDefinitionScope.json
 */
async function summarizeAtPolicySetDefinitionScope() {
  const subscriptionId =
    process.env["POLICYINSIGHTS_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
  const policyStatesSummaryResource = "latest";

  const policySetDefinitionName = "3e3807c1-65c9-49e0-a406-82d8ae3e338c";
  const top = 1;
  const fromParam = new Date("2019-10-05T18:00:00Z");
  const to = new Date("2019-10-06T18:00:00Z");
  const filter = "PolicyDefinitionAction eq 'deny'";
  const options = {
    queryOptions: { top: top, to: to, from: fromParam, filter: filter },
  };
  const credential = new DefaultAzureCredential();
  const client = new PolicyInsightsClient(credential, subscriptionId);
  const result = await client.policyStates.summarizeForPolicySetDefinition(
    policyStatesSummaryResource,
    subscriptionId,
    policySetDefinitionName,
    options
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

範例回覆

狀態碼:

200

{
  "@odata.context": "https://management.azure.com/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/Microsoft.Authorization/policySetDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e338c/providers/Microsoft.PolicyInsights/policyStates/$metadata#summary",
  "@odata.count": 1,
  "value": [
    {
      "@odata.id": null,
      "@odata.context": "https://management.azure.com/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/Microsoft.Authorization/policySetDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e338c/providers/Microsoft.PolicyInsights/policyStates/$metadata#summary/$entity",
      "results": {
        "queryResultsUri": "https://management.azure.com/subscriptions/fffedd8f-ffff-fffd-fffd-fffed2f84852/providers/Microsoft.Authorization/policySetDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e338c/providers/Microsoft.PolicyInsights/policyStates/latest/queryResults?api-version=2019-10-01&$from=2019-10-05 18:00:00Z&$to=2019-10-06 18:00:00Z&$filter=(PolicyDefinitionAction eq 'deny') and IsCompliant eq false",
        "nonCompliantResources": 0,
        "nonCompliantPolicies": 0,
        "resourceDetails": [
          {
            "complianceState": "compliant",
            "count": 140
          }
        ],
        "policyDetails": [
          {
            "complianceState": "compliant",
            "count": 1
          }
        ],
        "policyGroupDetails": [
          {
            "complianceState": "compliant",
            "count": 1
          }
        ]
      },
      "policyAssignments": []
    }
  ]
}

定義

名稱	Description
AuthorizationNamespaceType	Microsoft授權資源提供者的命名空間;只允許 「Microsoft.Authorization」。。
ComplianceDetail	合規性狀態匯總。
Error	錯誤定義。
PolicyAssignmentSummary	原則指派摘要。
PolicyDefinitionSummary	原則定義摘要。
PolicyGroupSummary	原則定義群組摘要。
PolicyStatesSummaryResourceType	摘要動作之 PolicyStates 資源類型下的虛擬資源。 在指定的時間範圍內，『latest』 代表最新的原則狀態，而且是唯一允許的值。
QueryFailure	錯誤回應。
SummarizeResults	摘要說明動作結果。
Summary	摘要結果。
SummaryResults	特定摘要層級的合規性摘要。

AuthorizationNamespaceType

列舉型別

Microsoft授權資源提供者的命名空間;只允許 「Microsoft.Authorization」。。

值	Description
Microsoft.Authorization

ComplianceDetail

Object

合規性狀態匯總。

名稱	類型	Description
complianceState	string	合規性狀態。
count	integer (int32)	此合規性狀態的摘要計數值。

Error

Object

錯誤定義。

名稱	類型	Description
code	string	服務特定的錯誤碼，做為 HTTP 錯誤碼的子狀態。
message	string	錯誤的描述。

PolicyAssignmentSummary

Object

原則指派摘要。

名稱	類型	Description
policyAssignmentId	string	原則指派標識碼。
policyDefinitions	PolicyDefinitionSummary[]	原則定義摘要。
policyGroups	PolicyGroupSummary[]	原則定義群組摘要。
policySetDefinitionId	string	如果原則指派是針對原則集，則原則集定義標識符。
results	SummaryResults	原則指派的合規性摘要。

PolicyDefinitionSummary

Object

原則定義摘要。

名稱	類型	Description
effect	string	原則效果，即原則定義動作。
policyDefinitionGroupNames	string[]	原則定義組名。
policyDefinitionId	string	原則定義標識碼。
policyDefinitionReferenceId	string	原則定義參考標識碼。
results	SummaryResults	原則定義的合規性摘要。

PolicyGroupSummary

Object

原則定義群組摘要。

名稱	類型	Description
policyGroupName	string	原則組名。
results	SummaryResults	原則定義群組的合規性摘要。

PolicyStatesSummaryResourceType

列舉型別

摘要動作之 PolicyStates 資源類型下的虛擬資源。 在指定的時間範圍內，『latest』 代表最新的原則狀態，而且是唯一允許的值。

值	Description
latest

QueryFailure

Object

錯誤回應。

名稱	類型	Description
error	Error	錯誤定義。

SummarizeResults

Object

摘要說明動作結果。

名稱	類型	Description
@odata.context	string	OData 內容字串;OData 用戶端用來根據元數據解析類型資訊。
@odata.count	integer (int32) minimum: 1 maximum: 1	OData 實體計數;代表傳回的摘要數目;一律設定為 1。
value	Summary[]	摘要說明動作結果。

Summary

Object

摘要結果。

名稱	類型	Description
@odata.context	string	OData 內容字串;OData 用戶端用來根據元數據解析類型資訊。
@odata.id	string	OData 實體識別碼;一律設定為 null，因為摘要沒有實體標識符。
policyAssignments	PolicyAssignmentSummary[]	原則指派摘要。
results	SummaryResults	所有原則指派的合規性摘要。

SummaryResults

Object

特定摘要層級的合規性摘要。

名稱	類型	Description
nonCompliantPolicies	integer (int32) minimum: 0	不符合規範的原則數目。
nonCompliantResources	integer (int32) minimum: 0	不符合規範的資源數目。
policyDetails	ComplianceDetail[]	此層級的原則成品摘要。 針對查詢範圍層級，它代表原則指派摘要。 針對原則指派層級，它代表原則定義摘要。
policyGroupDetails	ComplianceDetail[]	此層級的原則定義群組摘要。
queryResultsUri	string	Microsoft.PolicyInsights 上 queryResults 動作的 HTTP POST URI，以擷取合規性摘要的原始結果。 在未來的 API 版本中，此屬性預設無法使用，但可以明確查詢。
resourceDetails	ComplianceDetail[]	此層級的資源摘要。