标注策略Callout policy

Azure 数据资源管理器群集可以在许多不同的方案中与外部服务通信。Azure Data Explorer clusters can communicate with external services in many different scenarios. 群集管理员可以通过更新群集的标注策略来管理用于外部调用的授权域。Cluster admins can manage the authorized domains for external calls, by updating the cluster's callout policy.

标注策略在群集级别进行管理,分为以下类型。Callout policies are being managed at cluster-level and are classified into the following types.

标注策略由以下内容组成。Callout policy is composed of the following.

  • CalloutType - 定义标注类型,可以为 kustosqlCalloutType - Defines the type of the callout, and can be kusto or sql.
  • CalloutUriRegex - 指定标注域允许的正则表达式CalloutUriRegex - Specifies the permitted Regex of the callout's domain
  • CanCall - 指示是否允许外部调用标注。CanCall - Indicates whether the callout is permitted external calls.

预定义标注策略Predefined callout policies

下表显示了一组预定义的标注策略,这些策略已在所有 Azure 数据资源管理器群集上进行了预配置,以使标注能够选择服务。The table shows a set of predefined callout policies that are preconfigured on all Azure Data Explorer clusters to enable callouts to select services.

服务Service Cloud 指定用途Designation 允许的域Permitted domains
KustoKusto Public Azure 跨群集查询Cross cluster queries ^[^.]*\.kusto\.chinacloudapi\.cn$
^[^.]*\.kustomfa\.windows\.net$
KustoKusto Black Forest 跨群集查询Cross cluster queries ^[^.]*\.kusto\.cloudapi\.de$
^[^.]*\.kustomfa\.cloudapi\.de$
KustoKusto Fairfax 跨群集查询Cross cluster queries ^[^.]*\.kusto\.usgovcloudapi\.net$
^[^.]*\.kustomfa\.usgovcloudapi\.net$
KustoKusto Mooncake 跨群集查询Cross cluster queries ^[^.]*\.kusto\.chinacloudapi\.cn$
^[^.]*\.kustomfa\.chinacloudapi\.cn$
Azure DBAzure DB Public Azure SQL 请求SQL requests ^[^.]*\.database\.chinacloudapi\.cn$
^[^.]*\.databasemfa\.windows\.net$
Azure DBAzure DB Black Forest SQL 请求SQL requests ^[^.]*\.database\.cloudapi\.de$
^[^.]*\.databasemfa\.cloudapi\.de$
Azure DBAzure DB Fairfax SQL 请求SQL requests ^[^.]*\.database\.usgovcloudapi\.net$
^[^.]*\.databasemfa\.usgovcloudapi\.net$
Azure DBAzure DB Mooncake SQL 请求SQL requests ^[^.]*\.database\.chinacloudapi\.cn$
^[^.]*\.databasemfa\.chinacloudapi\.cn$
基线服务Baselining service 公共 AzurePublic Azure 基线请求Baselining requests baseliningsvc-int.azurewebsites.net
baseliningsvc-ppe.azurewebsites.net
baseliningsvc-prod.azurewebsites.net

控制命令Control commands

命令需要 AllDatabasesAdmin 权限。The commands require AllDatabasesAdmin permissions.

显示所有已配置的标注策略Show all configured callout policies

.show cluster policy callout

更改标注策略Alter callout policies

.alter cluster policy callout @'[{"CalloutType": "sql","CalloutUriRegex": "sqlname.database.chinacloudapi.cn","CanCall": true}]'

添加一组允许的标注Add a set of permitted callouts

.alter-merge cluster policy callout @'[{"CalloutType": "sql","CalloutUriRegex": "sqlname.database.chinacloudapi.cn","CanCall": true}]'

删除所有非不可变的标注策略Delete all non-immutable callout policies

.delete cluster policy callout