将 Azure Policy 用作事件网格源

本文提供 Azure Policy 事件的属性和架构。 有关事件架构的简介,请参阅 Azure 事件网格事件架构。 它还提供了一系列有关如何将 Azure Policy 用作事件网格源的快速入门和教程。

可用事件类型

Azure Policy 发出以下事件类型:

事件类型 说明
Microsoft.PolicyInsights.PolicyStateCreated 在创建策略符合性状态时引发。
Microsoft.PolicyInsights.PolicyStateChanged 在策略符合性状态发生更改时引发。
Microsoft.PolicyInsights.PolicyStateDeleted 在删除策略符合性状态时引发。

事件属性

事件具有以下顶级数据:

属性 类型​​ 说明
topic string 事件源的完整资源路径。 此字段不可写入。 事件网格提供此值。
subject string 符合性状态更改所针对的资源的完全限定 ID,包括资源名称和资源类型。 使用格式 /subscriptions/<SubscriptionID>/resourceGroups/<ResourceGroup>/providers/<ProviderNamespace>/<ResourceType>/<ResourceName>
eventType string 此事件源的一个注册事件类型。
eventTime string 基于提供程序 UTC 时间的事件生成时间。
id string 事件的唯一标识符。
data object Azure Policy 事件数据。
dataVersion string 数据对象的架构版本。 发布者定义架构版本。
metadataVersion string 事件元数据的架构版本。 事件网格定义顶级属性的架构。 事件网格提供此值。

数据对象具有以下属性:

属性 类型​​ 说明
timestamp string Azure Policy 扫描资源的时间(采用 UTC)。 若要对事件进行排序,请使用此属性而不是顶层 eventTimetime 属性。
policyAssignmentId string 策略分配的资源 ID。
policyDefinitionId string 策略定义的资源 ID。
policyDefinitionReferenceId string 若策略分配针对某个计划,则为计划定义中的策略定义的引用 ID。 可能为空。
complianceState string 与策略分配相关的资源的符合性状态。
subscriptionId string 资源的订阅 ID。
complianceReasonCode string 符合性原因代码。 可能为空。

示例事件

以下示例显示了订阅级别范围内的策略状态创建事件的架构:

[{
    "id": "5829794FCB5075FCF585476619577B5A5A30E52C84842CBD4E2AD73996714C4C",
    "topic": "/subscriptions/<SubscriptionID>",
    "subject": "/subscriptions/<SubscriptionID>/resourceGroups/<ResourceGroup>/providers/<ProviderNamespace>/<ResourceType>/<ResourceName>",
    "data": {
        "timestamp": "2021-03-27T18:37:42.4496956Z",
        "policyAssignmentId": "<policy-assignment-scope>/providers/microsoft.authorization/policyassignments/<policy-assignment-name>",
        "policyDefinitionId": "<policy-definition-scope>/providers/microsoft.authorization/policydefinitions/<policy-definition-name>",
        "policyDefinitionReferenceId": "",
        "complianceState": "NonCompliant",
        "subscriptionId": "<subscription-id>",
        "complianceReasonCode": ""
    },
    "eventType": "Microsoft.PolicyInsights.PolicyStateCreated",
    "eventTime": "2021-03-27T18:37:42.5241536Z",
    "dataVersion": "1",
    "metadataVersion": "1"
}]

订阅级别范围内的策略状态更改事件的架构类似:

[{
    "id": "5829794FCB5075FCF585476619577B5A5A30E52C84842CBD4E2AD73996714C4C",
    "topic": "/subscriptions/<SubscriptionID>",
    "subject": "/subscriptions/<SubscriptionID>/resourceGroups/<ResourceGroup>/providers/<ProviderNamespace>/<ResourceType>/<ResourceName>",
    "data": {
        "timestamp": "2021-03-27T18:37:42.4496956Z",
        "policyAssignmentId": "<policy-assignment-scope>/providers/microsoft.authorization/policyassignments/<policy-assignment-name>",
        "policyDefinitionId": "<policy-definition-scope>/providers/microsoft.authorization/policydefinitions/<policy-definition-name>",
        "policyDefinitionReferenceId": "",
        "complianceState": "NonCompliant",
        "subscriptionId": "<subscription-id>",
        "complianceReasonCode": ""
    },
    "eventType": "Microsoft.PolicyInsights.PolicyStateChanged",
    "eventTime": "2021-03-27T18:37:42.5241536Z",
    "dataVersion": "1",
    "metadataVersion": "1"
}]

以下示例显示了管理组级别范围内的策略状态创建事件的架构:

[{
    "id": "5829794FCB5075FCF585476619577B5A5A30E52C84842CBD4E2AD73996714C4C",
    "topic": "/tenants/<tenantId>/providers/Microsoft.Management/managementGroups/<managementGroupId>",
    "subject": "/subscriptions/<SubscriptionID>/resourceGroups/<ResourceGroup>/providers/<ProviderNamespace>/<ResourceType>/<ResourceName>",
    "data": {
        "timestamp": "2021-03-27T18:37:42.4496956Z",
        "policyAssignmentId": "<policy-assignment-scope>/providers/microsoft.authorization/policyassignments/<policy-assignment-name>",
        "policyDefinitionId": "<policy-definition-scope>/providers/microsoft.authorization/policydefinitions/<policy-definition-name>",
        "policyDefinitionReferenceId": "",
        "complianceState": "NonCompliant",
        "subscriptionId": "<subscription-id>",
        "complianceReasonCode": ""
    },
    "eventType": "Microsoft.PolicyInsights.PolicyStateCreated",
    "eventTime": "2021-03-27T18:37:42.5241536Z",
    "dataVersion": "1",
    "metadataVersion": "1"
}]

管理组级别范围内的策略状态更改事件的架构类似:

[{
    "id": "5829794FCB5075FCF585476619577B5A5A30E52C84842CBD4E2AD73996714C4C",
    "topic": "/tenants/<tenantId>/providers/Microsoft.Management/managementGroups/<managementGroupId>",
    "subject": "/subscriptions/<SubscriptionID>/resourceGroups/<ResourceGroup>/providers/<ProviderNamespace>/<ResourceType>/<ResourceName>",
    "data": {
        "timestamp": "2021-03-27T18:37:42.4496956Z",
        "policyAssignmentId": "<policy-assignment-scope>/providers/microsoft.authorization/policyassignments/<policy-assignment-name>",
        "policyDefinitionId": "<policy-definition-scope>/providers/microsoft.authorization/policydefinitions/<policy-definition-name>",
        "policyDefinitionReferenceId": "",
        "complianceState": "NonCompliant",
        "subscriptionId": "<subscription-id>",
        "complianceReasonCode": ""
    },
    "eventType": "Microsoft.PolicyInsights.PolicyStateChanged",
    "eventTime": "2021-03-27T18:37:42.5241536Z",
    "dataVersion": "1",
    "metadataVersion": "1"
}]

后续步骤