作为事件网格源Azure Policy

本文提供 Azure Policy 事件的属性和架构。有关事件架构的简介，请参阅Azure 事件网格事件架构。它还提供了一系列快速入门和教程，用于将Azure Policy用作事件源。

可用事件类型

Azure Policy发出以下事件类型：

事件类型	说明
Microsoft。PolicyInsights.PolicyStateCreated	在创建策略符合性状态时引发。
Microsoft。PolicyInsights.PolicyStateChanged	在策略符合性状态发生更改时引发。
Microsoft。PolicyInsights.PolicyStateDeleted	在删除策略符合性状态时引发。

事件具有以下顶层数据：

财产	类型	说明
`topic`	字符串	事件源的完整资源路径。此字段不可写入。事件网格提供此值。
`subject`	字符串	符合性状态更改所针对的资源的完全限定 ID，包括资源名称和资源类型。使用格式 `/subscriptions/<SubscriptionID>/resourceGroups/<ResourceGroup>/providers/<ProviderNamespace>/<ResourceType>/<ResourceName>`
`eventType`	字符串	该事件源的其中一种注册事件类型。
`eventTime`	字符串	事件生成的时间是基于提供者的 UTC 时间。
`id`	字符串	事件的唯一标识符。
`data`	对象	Azure Policy事件数据。
`dataVersion`	字符串	数据对象的架构版本。发布者定义架构版本。
`metadataVersion`	字符串	事件元数据的架构版本。事件网格定义顶级属性的架构。事件网格提供此值。

事件具有以下顶层数据：

财产	类型	说明
`source`	字符串	事件源的完整资源路径。此字段不可写入。事件网格提供此值。
`subject`	字符串	符合性状态更改所针对的资源的完全限定 ID，包括资源名称和资源类型。使用格式 `/subscriptions/<SubscriptionID>/resourceGroups/<ResourceGroup>/providers/<ProviderNamespace>/<ResourceType>/<ResourceName>`
`type`	字符串	该事件源的其中一种注册事件类型。
`time`	字符串	事件生成的时间是基于提供者的 UTC 时间。
`id`	字符串	事件的唯一标识符。
`data`	对象	Azure Policy事件数据。
`specversion`	字符串	CloudEvents 架构规范版本。

数据对象具有以下属性：

财产	类型	说明
`timestamp`	字符串	Azure Policy扫描资源的时间（UTC）。若要对事件进行排序，请使用此属性而不是顶层 `eventTime` 或 `time` 属性。
`policyAssignmentId`	字符串	策略分配的资源 ID。
`policyDefinitionId`	字符串	策略定义的资源标识符。
`policyDefinitionReferenceId`	字符串	若策略分配针对某个计划，则为计划定义中的策略定义的引用 ID。可能为空。
`complianceState`	字符串	与策略分配相关的资源的符合性状态。
`subscriptionId`	字符串	资源的订阅 ID。
`complianceReasonCode`	字符串	合规原因代码。可能为空。

示例事件

事件网格事件架构
云事件架构

以下示例显示了订阅级别范围内的策略状态创建事件的架构：

[{
    "id": "5829794FCB5075FCF585476619577B5A5A30E52C84842CBD4E2AD73996714C4C",
    "topic": "/subscriptions/<SubscriptionID>",
    "subject": "/subscriptions/<SubscriptionID>/resourceGroups/<ResourceGroup>/providers/<ProviderNamespace>/<ResourceType>/<ResourceName>",
    "data": {
        "timestamp": "2021-03-27T18:37:42.4496956Z",
        "policyAssignmentId": "<policy-assignment-scope>/providers/microsoft.authorization/policyassignments/<policy-assignment-name>",
        "policyDefinitionId": "<policy-definition-scope>/providers/microsoft.authorization/policydefinitions/<policy-definition-name>",
        "policyDefinitionReferenceId": "",
        "complianceState": "NonCompliant",
        "subscriptionId": "<subscription-id>",
        "complianceReasonCode": ""
    },
    "eventType": "Microsoft.PolicyInsights.PolicyStateCreated",
    "eventTime": "2021-03-27T18:37:42.5241536Z",
    "dataVersion": "1",
    "metadataVersion": "1"
}]

范围设为订阅级别的策略状态更改事件的架构与此类似：

[{
    "id": "5829794FCB5075FCF585476619577B5A5A30E52C84842CBD4E2AD73996714C4C",
    "topic": "/subscriptions/<SubscriptionID>",
    "subject": "/subscriptions/<SubscriptionID>/resourceGroups/<ResourceGroup>/providers/<ProviderNamespace>/<ResourceType>/<ResourceName>",
    "data": {
        "timestamp": "2021-03-27T18:37:42.4496956Z",
        "policyAssignmentId": "<policy-assignment-scope>/providers/microsoft.authorization/policyassignments/<policy-assignment-name>",
        "policyDefinitionId": "<policy-definition-scope>/providers/microsoft.authorization/policydefinitions/<policy-definition-name>",
        "policyDefinitionReferenceId": "",
        "complianceState": "NonCompliant",
        "subscriptionId": "<subscription-id>",
        "complianceReasonCode": ""
    },
    "eventType": "Microsoft.PolicyInsights.PolicyStateChanged",
    "eventTime": "2021-03-27T18:37:42.5241536Z",
    "dataVersion": "1",
    "metadataVersion": "1"
}]

以下示例显示了订阅级别范围内的策略状态创建事件的架构：

[{
    "id": "5829794FCB5075FCF585476619577B5A5A30E52C84842CBD4E2AD73996714C4C",
    "source": "/subscriptions/<SubscriptionID>",
    "subject": "/subscriptions/<SubscriptionID>/resourceGroups/<ResourceGroup>/providers/<ProviderNamespace>/<ResourceType>/<ResourceName>",
    "data": {
        "timestamp": "2021-03-27T18:37:42.4496956Z",
        "policyAssignmentId": "<policy-assignment-scope>/providers/microsoft.authorization/policyassignments/<policy-assignment-name>",
        "policyDefinitionId": "<policy-definition-scope>/providers/microsoft.authorization/policydefinitions/<policy-definition-name>",
        "policyDefinitionReferenceId": "",
        "complianceState": "NonCompliant",
        "subscriptionId": "<subscription-id>",
        "complianceReasonCode": ""
    },
    "type": "Microsoft.PolicyInsights.PolicyStateCreated",
    "time": "2021-03-27T18:37:42.5241536Z",
    "specversion": "1.0"
}]

范围设为订阅级别的策略状态更改事件的架构与此类似：

[{
    "id": "5829794FCB5075FCF585476619577B5A5A30E52C84842CBD4E2AD73996714C4C",
    "source": "/subscriptions/<SubscriptionID>",
    "subject": "/subscriptions/<SubscriptionID>/resourceGroups/<ResourceGroup>/providers/<ProviderNamespace>/<ResourceType>/<ResourceName>",
    "data": {
        "timestamp": "2021-03-27T18:37:42.4496956Z",
        "policyAssignmentId": "<policy-assignment-scope>/providers/microsoft.authorization/policyassignments/<policy-assignment-name>",
        "policyDefinitionId": "<policy-definition-scope>/providers/microsoft.authorization/policydefinitions/<policy-definition-name>",
        "policyDefinitionReferenceId": "",
        "complianceState": "NonCompliant",
        "subscriptionId": "<subscription-id>",
        "complianceReasonCode": ""
    },
    "type": "Microsoft.PolicyInsights.PolicyStateChanged",
    "time": "2021-03-27T18:37:42.5241536Z",
    "specversion": "1.0"
}]

事件网格事件架构
云事件架构

以下示例显示了管理组级别范围内的策略状态创建事件的架构：

[{
    "id": "5829794FCB5075FCF585476619577B5A5A30E52C84842CBD4E2AD73996714C4C",
    "topic": "/tenants/<tenantId>/providers/Microsoft.Management/managementGroups/<managementGroupId>",
    "subject": "/subscriptions/<SubscriptionID>/resourceGroups/<ResourceGroup>/providers/<ProviderNamespace>/<ResourceType>/<ResourceName>",
    "data": {
        "timestamp": "2021-03-27T18:37:42.4496956Z",
        "policyAssignmentId": "<policy-assignment-scope>/providers/microsoft.authorization/policyassignments/<policy-assignment-name>",
        "policyDefinitionId": "<policy-definition-scope>/providers/microsoft.authorization/policydefinitions/<policy-definition-name>",
        "policyDefinitionReferenceId": "",
        "complianceState": "NonCompliant",
        "subscriptionId": "<subscription-id>",
        "complianceReasonCode": ""
    },
    "eventType": "Microsoft.PolicyInsights.PolicyStateCreated",
    "eventTime": "2021-03-27T18:37:42.5241536Z",
    "dataVersion": "1",
    "metadataVersion": "1"
}]

管理组级别范围内的策略状态更改事件的架构类似：

[{
    "id": "5829794FCB5075FCF585476619577B5A5A30E52C84842CBD4E2AD73996714C4C",
    "topic": "/tenants/<tenantId>/providers/Microsoft.Management/managementGroups/<managementGroupId>",
    "subject": "/subscriptions/<SubscriptionID>/resourceGroups/<ResourceGroup>/providers/<ProviderNamespace>/<ResourceType>/<ResourceName>",
    "data": {
        "timestamp": "2021-03-27T18:37:42.4496956Z",
        "policyAssignmentId": "<policy-assignment-scope>/providers/microsoft.authorization/policyassignments/<policy-assignment-name>",
        "policyDefinitionId": "<policy-definition-scope>/providers/microsoft.authorization/policydefinitions/<policy-definition-name>",
        "policyDefinitionReferenceId": "",
        "complianceState": "NonCompliant",
        "subscriptionId": "<subscription-id>",
        "complianceReasonCode": ""
    },
    "eventType": "Microsoft.PolicyInsights.PolicyStateChanged",
    "eventTime": "2021-03-27T18:37:42.5241536Z",
    "dataVersion": "1",
    "metadataVersion": "1"
}]