Jit Network Access Policies - List By Resource Group And Region

Référence

Service:: Defender for Cloud

API Version:: 2020-01-01

Stratégies de protection des ressources à l’aide du contrôle d’accès juste-à-temps pour l’abonnement, l’emplacement

GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/locations/{ascLocation}/jitNetworkAccessPolicies?api-version=2020-01-01

Paramètres URI

Nom	Dans	Obligatoire	Type	Description
ascLocation	path	True	string	Emplacement où ASC stocke les données de l’abonnement. peut être récupéré à partir de Get locations
resourceGroupName	path	True	string	Nom du groupe de ressources dans l’abonnement de l’utilisateur. Le nom ne respecte pas la casse. Regex pattern: `^[-\w\._]+$`
subscriptionId	path	True	string	ID d’abonnement Azure Regex pattern: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`
api-version	query	True	string	Version de l’API pour l’opération

Réponses

Nom	Type	Description
200 OK	JitNetworkAccessPoliciesList	Ok
Other Status Codes	CloudError	Réponse d’erreur décrivant la raison de l’échec de l’opération.

Sécurité

azure_auth

Flux OAuth2 Azure Active Directory

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Nom	Description
user_impersonation	Emprunter l’identité de votre compte d’utilisateur

Exemples

Get JIT network access policies on a resource group from a security data location

Sample Request

GET https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/jitNetworkAccessPolicies?api-version=2020-01-01


/**
 * Samples for JitNetworkAccessPolicies ListByResourceGroupAndRegion.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/JitNetworkAccessPolicies/
     * GetJitNetworkAccessPoliciesResourceGroupLocation_example.json
     */
    /**
     * Sample code: Get JIT network access policies on a resource group from a security data location.
     * 
     * @param manager Entry point to SecurityManager.
     */
    public static void getJITNetworkAccessPoliciesOnAResourceGroupFromASecurityDataLocation(
        com.azure.resourcemanager.security.SecurityManager manager) {
        manager.jitNetworkAccessPolicies().listByResourceGroupAndRegion("myRg1", "westeurope",
            com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armsecurity_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/JitNetworkAccessPolicies/GetJitNetworkAccessPoliciesResourceGroupLocation_example.json
func ExampleJitNetworkAccessPoliciesClient_NewListByResourceGroupAndRegionPager() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	pager := clientFactory.NewJitNetworkAccessPoliciesClient().NewListByResourceGroupAndRegionPager("myRg1", "westeurope", nil)
	for pager.More() {
		page, err := pager.NextPage(ctx)
		if err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		for _, v := range page.Value {
			// You could use page here. We use blank identifier for just demo purposes.
			_ = v
		}
		// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
		// page.JitNetworkAccessPoliciesList = armsecurity.JitNetworkAccessPoliciesList{
		// 	Value: []*armsecurity.JitNetworkAccessPolicy{
		// 		{
		// 			Kind: to.Ptr("Basic"),
		// 			Location: to.Ptr("westeurope"),
		// 			Name: to.Ptr("default"),
		// 			Type: to.Ptr("Microsoft.Security/locations/jitNetworkAccessPolicies"),
		// 			ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/jitNetworkAccessPolicies/default"),
		// 			Properties: &armsecurity.JitNetworkAccessPolicyProperties{
		// 				ProvisioningState: to.Ptr("Succeeded"),
		// 				Requests: []*armsecurity.JitNetworkAccessRequest{
		// 					{
		// 						Justification: to.Ptr("testing a new version of the product"),
		// 						Requestor: to.Ptr("barbara@contoso.com"),
		// 						StartTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2018-05-17T08:06:45.569Z"); return t}()),
		// 						VirtualMachines: []*armsecurity.JitNetworkAccessRequestVirtualMachine{
		// 							{
		// 								ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1"),
		// 								Ports: []*armsecurity.JitNetworkAccessRequestPort{
		// 									{
		// 										AllowedSourceAddressPrefix: to.Ptr("192.127.0.2"),
		// 										EndTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2018-05-17T09:06:45.569Z"); return t}()),
		// 										Number: to.Ptr[int32](3389),
		// 										Status: to.Ptr(armsecurity.StatusInitiated),
		// 										StatusReason: to.Ptr(armsecurity.StatusReasonUserRequested),
		// 								}},
		// 						}},
		// 				}},
		// 				VirtualMachines: []*armsecurity.JitNetworkAccessPolicyVirtualMachine{
		// 					{
		// 						ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1"),
		// 						Ports: []*armsecurity.JitNetworkAccessPortRule{
		// 							{
		// 								AllowedSourceAddressPrefix: to.Ptr("*"),
		// 								MaxRequestAccessDuration: to.Ptr("PT3H"),
		// 								Number: to.Ptr[int32](22),
		// 								Protocol: to.Ptr(armsecurity.ProtocolAll),
		// 							},
		// 							{
		// 								AllowedSourceAddressPrefix: to.Ptr("*"),
		// 								MaxRequestAccessDuration: to.Ptr("PT3H"),
		// 								Number: to.Ptr[int32](3389),
		// 								Protocol: to.Ptr(armsecurity.ProtocolAll),
		// 						}},
		// 				}},
		// 			},
		// 	}},
		// }
	}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Policies for protecting resources using Just-in-Time access control for the subscription, location
 *
 * @summary Policies for protecting resources using Just-in-Time access control for the subscription, location
 * x-ms-original-file: specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/JitNetworkAccessPolicies/GetJitNetworkAccessPoliciesResourceGroupLocation_example.json
 */
async function getJitNetworkAccessPoliciesOnAResourceGroupFromASecurityDataLocation() {
  const subscriptionId =
    process.env["SECURITY_SUBSCRIPTION_ID"] || "20ff7fc3-e762-44dd-bd96-b71116dcdc23";
  const resourceGroupName = process.env["SECURITY_RESOURCE_GROUP"] || "myRg1";
  const ascLocation = "westeurope";
  const credential = new DefaultAzureCredential();
  const client = new SecurityCenter(credential, subscriptionId);
  const resArray = new Array();
  for await (let item of client.jitNetworkAccessPolicies.listByResourceGroupAndRegion(
    resourceGroupName,
    ascLocation,
  )) {
    resArray.push(item);
  }
  console.log(resArray);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

using System;
using System.Threading.Tasks;
using System.Xml;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.SecurityCenter;
using Azure.ResourceManager.SecurityCenter.Models;

// Generated from example definition: specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/JitNetworkAccessPolicies/GetJitNetworkAccessPoliciesResourceGroupLocation_example.json
// this example is just showing the usage of "JitNetworkAccessPolicies_ListByResourceGroupAndRegion" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "20ff7fc3-e762-44dd-bd96-b71116dcdc23";
string resourceGroupName = "myRg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);

// get the collection of this JitNetworkAccessPolicyResource
AzureLocation ascLocation = new AzureLocation("westeurope");
JitNetworkAccessPolicyCollection collection = resourceGroupResource.GetJitNetworkAccessPolicies(ascLocation);

// invoke the operation and iterate over the result
await foreach (JitNetworkAccessPolicyResource item in collection.GetAllAsync())
{
    // the variable item is a resource, you could call other operations on this instance as well
    // but just for demo, we get its data from this resource instance
    JitNetworkAccessPolicyData resourceData = item.Data;
    // for demo we just print out the id
    Console.WriteLine($"Succeeded on id: {resourceData.Id}");
}

Console.WriteLine($"Succeeded");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:: 200

{
  "value": [
    {
      "kind": "Basic",
      "properties": {
        "virtualMachines": [
          {
            "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
            "ports": [
              {
                "number": 22,
                "protocol": "*",
                "allowedSourceAddressPrefix": "*",
                "maxRequestAccessDuration": "PT3H"
              },
              {
                "number": 3389,
                "protocol": "*",
                "allowedSourceAddressPrefix": "*",
                "maxRequestAccessDuration": "PT3H"
              }
            ]
          }
        ],
        "requests": [
          {
            "virtualMachines": [
              {
                "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Compute/virtualMachines/vm1",
                "ports": [
                  {
                    "number": 3389,
                    "allowedSourceAddressPrefix": "192.127.0.2",
                    "endTimeUtc": "2018-05-17T09:06:45.5691611Z",
                    "status": "Initiated",
                    "statusReason": "UserRequested"
                  }
                ]
              }
            ],
            "startTimeUtc": "2018-05-17T08:06:45.5691611Z",
            "requestor": "barbara@contoso.com",
            "justification": "testing a new version of the product"
          }
        ],
        "provisioningState": "Succeeded"
      },
      "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg1/providers/Microsoft.Security/locations/westeurope/jitNetworkAccessPolicies/default",
      "name": "default",
      "type": "Microsoft.Security/locations/jitNetworkAccessPolicies",
      "location": "westeurope"
    }
  ]
}

Définitions

Nom	Description
CloudError	Réponse d’erreur courante pour toutes les API Azure Resource Manager pour retourner les détails de l’erreur concernant les opérations ayant échoué. (Cela suit également le format de réponse d’erreur OData.).
CloudErrorBody	Détail de l’erreur.
ErrorAdditionalInfo	Informations supplémentaires sur l’erreur de gestion des ressources.
JitNetworkAccessPoliciesList
JitNetworkAccessPolicy
JitNetworkAccessPolicyVirtualMachine
JitNetworkAccessPortRule
JitNetworkAccessRequest
JitNetworkAccessRequestPort
JitNetworkAccessRequestVirtualMachine
protocol
status	Status du port
statusReason	Description de la raison pour laquelle a `status` sa valeur

CloudError

Réponse d’erreur courante pour toutes les API Azure Resource Manager pour retourner les détails de l’erreur concernant les opérations ayant échoué. (Cela suit également le format de réponse d’erreur OData.).

Nom	Type	Description
error.additionalInfo	ErrorAdditionalInfo[]	Informations supplémentaires sur l’erreur.
error.code	string	Code d'erreur.
error.details	CloudErrorBody[]	Détails de l’erreur.
error.message	string	Message d’erreur.
error.target	string	Cible d’erreur.

CloudErrorBody

Détail de l’erreur.

Nom	Type	Description
additionalInfo	ErrorAdditionalInfo[]	Informations supplémentaires sur l’erreur.
code	string	Code d'erreur.
details	CloudErrorBody[]	Détails de l’erreur.
message	string	Message d’erreur.
target	string	Cible d’erreur.

ErrorAdditionalInfo

Informations supplémentaires sur l’erreur de gestion des ressources.

Nom	Type	Description
info	object	Informations supplémentaires
type	string	Type d’informations supplémentaires.