本文提供资源组事件的属性和架构。 有关事件架构的简介,请参阅 Azure 事件网格事件架构。
Azure 订阅和资源组发出相同的事件类型。 这些事件类型与资源更改或操作相关。 主要区别是资源组针对资源组中的资源发出事件,Azure 订阅针对跨订阅的资源发出事件。
已为发送到 management.chinacloudapi.cn 的 PUT、PATCH、POST 和 DELETE 操作创建资源事件。 GET 操作不创建事件。 发送到数据平面的操作(如 myaccount.blob.core.chinacloudapi.cn)不会创建事件。 操作事件为操作(例如列出资源的键)提供事件数据。
当订阅资源组的事件时,终结点接收该资源组的所有事件。 事件可能包括要查看的事件(例如更新虚拟机),以及可能不重要的事件(例如在部署历史记录中编写新条目)。 可以在终结点接收所有事件,并编写代码用于处理需要处理的事件。 或可以在创建事件订阅时设置一个筛选器。
若要以编程方式处理事件,可通过查看 operationName 值对事件进行排序。 例如,事件终结点可能只处理值等于 Microsoft.Compute/virtualMachines/write 或 Microsoft.Storage/storageAccounts/write 的操作的事件。
事件主题是作为操作目标的资源的资源 ID。 若要筛选资源的事件,请在创建事件订阅时提供该资源 ID。 若要按资源类型筛选,请使用以下格式的值:/subscriptions/<subscription-id>/resourcegroups/<resource-group>/providers/Microsoft.Compute/virtualMachines
可用事件类型
资源组可从 Azure 资源管理器发出管理事件,例如,在创建 VM 或删除存储帐户时。
| 事件类型 | 说明 |
|---|---|
| Microsoft.Resources.ResourceActionCancel | 在资源操作被取消时引发。 |
| Microsoft.Resources.ResourceActionFailure | 在资源操作失败时引发。 |
| Microsoft.Resources.ResourceActionSuccess | 在资源操作成功时引发。 |
| Microsoft.Resources.ResourceDeleteCancel | 在删除操作被取消时引发。 取消模板部署时会发生此事件。 |
| Microsoft.Resources.ResourceDeleteFailure | 在删除操作失败时引发。 |
| Microsoft.Resources.ResourceDeleteSuccess | 在删除操作成功时引发。 |
| Microsoft.Resources.ResourceWriteCancel | 在创建或更新操作被取消时引发。 |
| Microsoft.Resources.ResourceWriteFailure | 在创建或更新操作失败时引发。 |
| Microsoft.Resources.ResourceWriteSuccess | 在创建或更新操作成功时引发。 |
示例事件
以下示例展示了 ResourceWriteSuccess 事件的架构 。 具有不同 eventType 值的 ResourceWriteFailure 和 ResourceWriteCancel 事件会使用相同的模式 。
[{
"subject": "/subscriptions/{subscription-id}/resourcegroups/{resource-group}/providers/Microsoft.Storage/storageAccounts/{storage-name}",
"source": "/subscriptions/{subscription-id}/resourceGroups/{resource-group}",
"type": "Microsoft.Resources.ResourceWriteSuccess",
"time": "2018-07-19T18:38:04.6117357Z",
"id": "4db48cba-50a2-455a-93b4-de41a3b5b7f6",
"data": {
"authorization": {
"scope": "/subscriptions/{subscription-id}/resourcegroups/{resource-group}/providers/Microsoft.Storage/storageAccounts/{storage-name}",
"action": "Microsoft.Storage/storageAccounts/write",
"evidence": {
"role": "Subscription Admin"
}
},
"claims": {
"aud": "{audience-claim}",
"iss": "{issuer-claim}",
"iat": "{issued-at-claim}",
"nbf": "{not-before-claim}",
"exp": "{expiration-claim}",
"_claim_names": "{\"groups\":\"src1\"}",
"_claim_sources": "{\"src1\":{\"endpoint\":\"{URI}\"}}",
"http://schemas.microsoft.com/claims/authnclassreference": "1",
"aio": "{token}",
"http://schemas.microsoft.com/claims/authnmethodsreferences": "rsa,mfa",
"appid": "{ID}",
"appidacr": "2",
"http://schemas.microsoft.com/2012/01/devicecontext/claims/identifier": "{ID}",
"e_exp": "{expiration}",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname": "{last-name}",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname": "{first-name}",
"ipaddr": "{IP-address}",
"name": "{full-name}",
"http://schemas.microsoft.com/identity/claims/objectidentifier": "{ID}",
"onprem_sid": "{ID}",
"puid": "{ID}",
"http://schemas.microsoft.com/identity/claims/scope": "user_impersonation",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier": "{ID}",
"http://schemas.microsoft.com/identity/claims/tenantid": "{ID}",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name": "{user-name}",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn": "{user-name}",
"uti": "{ID}",
"ver": "1.0"
},
"correlationId": "{ID}",
"resourceProvider": "Microsoft.Storage",
"resourceUri": "/subscriptions/{subscription-id}/resourcegroups/{resource-group}/providers/Microsoft.Storage/storageAccounts/{storage-name}",
"operationName": "Microsoft.Storage/storageAccounts/write",
"status": "Succeeded",
"subscriptionId": "{subscription-id}",
"tenantId": "{tenant-id}"
},
"specversion": "1.0"
}]
以下示例展示了 ResourceDeleteSuccess 事件的架构 。 具有不同 eventType 值的 ResourceDeleteFailure 和 ResourceDeleteCancel 事件会使用相同的模式 。
[{
"subject": "/subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.Storage/storageAccounts/{storage-name}",
"source": "/subscriptions/{subscription-id}/resourceGroups/{resource-group}",
"type": "Microsoft.Resources.ResourceDeleteSuccess",
"time": "2018-07-19T19:24:12.763881Z",
"id": "19a69642-1aad-4a96-a5ab-8d05494513ce",
"data": {
"authorization": {
"scope": "/subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.Storage/storageAccounts/{storage-name}",
"action": "Microsoft.Storage/storageAccounts/delete",
"evidence": {
"role": "Subscription Admin"
}
},
"claims": {
"aud": "{audience-claim}",
"iss": "{issuer-claim}",
"iat": "{issued-at-claim}",
"nbf": "{not-before-claim}",
"exp": "{expiration-claim}",
"_claim_names": "{\"groups\":\"src1\"}",
"_claim_sources": "{\"src1\":{\"endpoint\":\"{URI}\"}}",
"http://schemas.microsoft.com/claims/authnclassreference": "1",
"aio": "{token}",
"http://schemas.microsoft.com/claims/authnmethodsreferences": "rsa,mfa",
"appid": "{ID}",
"appidacr": "2",
"http://schemas.microsoft.com/2012/01/devicecontext/claims/identifier": "{ID}",
"e_exp": "262800",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname": "{last-name}",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname": "{first-name}",
"ipaddr": "{IP-address}",
"name": "{full-name}",
"http://schemas.microsoft.com/identity/claims/objectidentifier": "{ID}",
"onprem_sid": "{ID}",
"puid": "{ID}",
"http://schemas.microsoft.com/identity/claims/scope": "user_impersonation",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier": "{ID}",
"http://schemas.microsoft.com/identity/claims/tenantid": "{ID}",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name": "{user-name}",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn": "{user-name}",
"uti": "{ID}",
"ver": "1.0"
},
"correlationId": "{ID}",
"httpRequest": {
"clientRequestId": "{ID}",
"clientIpAddress": "{IP-address}",
"method": "DELETE",
"url": "https://management.chinacloudapi.cn/subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.Storage/storageAccounts/{storage-name}?api-version=2018-02-01"
},
"resourceProvider": "Microsoft.Storage",
"resourceUri": "/subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.Storage/storageAccounts/{storage-name}",
"operationName": "Microsoft.Storage/storageAccounts/delete",
"status": "Succeeded",
"subscriptionId": "{subscription-id}",
"tenantId": "{tenant-id}"
},
"specversion": "1.0"
}]
以下示例展示了 ResourceActionSuccess 事件的架构 。 具有不同 eventType 值的 ResourceActionFailure 和 ResourceActionCancel 事件会使用相同的模式 。
[{
"subject": "/subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.EventHub/namespaces/{namespace}/AuthorizationRules/RootManageSharedAccessKey",
"source": "/subscriptions/{subscription-id}/resourceGroups/{resource-group}",
"type": "Microsoft.Resources.ResourceActionSuccess",
"time": "2018-10-08T22:46:22.6022559Z",
"id": "{ID}",
"data": {
"authorization": {
"scope": "/subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.EventHub/namespaces/{namespace}/AuthorizationRules/RootManageSharedAccessKey",
"action": "Microsoft.EventHub/namespaces/AuthorizationRules/listKeys/action",
"evidence": {
"role": "Contributor",
"roleAssignmentScope": "/subscriptions/{subscription-id}",
"roleAssignmentId": "{ID}",
"roleDefinitionId": "{ID}",
"principalId": "{ID}",
"principalType": "ServicePrincipal"
}
},
"claims": {
"aud": "{audience-claim}",
"iss": "{issuer-claim}",
"iat": "{issued-at-claim}",
"nbf": "{not-before-claim}",
"exp": "{expiration-claim}",
"aio": "{token}",
"appid": "{ID}",
"appidacr": "2",
"http://schemas.microsoft.com/identity/claims/identityprovider": "{URL}",
"http://schemas.microsoft.com/identity/claims/objectidentifier": "{ID}",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier": "{ID}", "http://schemas.microsoft.com/identity/claims/tenantid": "{ID}",
"uti": "{ID}",
"ver": "1.0"
},
"correlationId": "{ID}",
"httpRequest": {
"clientRequestId": "{ID}",
"clientIpAddress": "{IP-address}",
"method": "POST",
"url": "https://management.chinacloudapi.cn/subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.EventHub/namespaces/{namespace}/AuthorizationRules/RootManageSharedAccessKey/listKeys?api-version=2017-04-01"
},
"resourceProvider": "Microsoft.EventHub",
"resourceUri": "/subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.EventHub/namespaces/{namespace}/AuthorizationRules/RootManageSharedAccessKey",
"operationName": "Microsoft.EventHub/namespaces/AuthorizationRules/listKeys/action",
"status": "Succeeded",
"subscriptionId": "{subscription-id}",
"tenantId": "{tenant-id}"
},
"specversion": "1.0"
}]
事件属性
事件具有以下顶级数据:
| 属性 | 类型 | 说明 |
|---|---|---|
source |
string | 事件源的完整资源路径。 此字段不可写入。 事件网格提供此值。 |
subject |
string | 事件主题的发布者定义路径。 |
type |
string | 此事件源的一个注册事件类型。 |
time |
string | 基于提供程序 UTC 时间的事件生成时间。 |
id |
string | 事件的唯一标识符。 |
data |
object | 资源组事件数据。 |
specversion |
字符串 | CloudEvents 架构规范版本。 |
数据对象具有以下属性:
| 属性 | 类型 | 说明 |
|---|---|---|
authorization |
object | 操作请求的授权。 |
claims |
object | 声明的属性。 有关详细信息,请参阅 JWT 规范。 |
correlationId |
string | 用于故障排除的操作 ID。 |
httpRequest |
object | 操作的详细信息。 仅在更新现有资源或删除资源时才包含此对象。 |
resourceProvider |
string | 操作的资源提供程序。 |
resourceUri |
string | 操作中资源的 URI。 |
operationName |
string | 执行的操作。 |
status |
string | 操作状态。 |
subscriptionId |
string | 资源的订阅 ID。 |
tenantId |
string | 资源的租户 ID。 |
教程和操作指南
| 标题 | 说明 |
|---|---|
| Azure CLI:订阅资源组的事件 | 用于订阅资源组的事件的示例脚本。 它将事件发送到 WebHook。 |
| Azure CLI:订阅资源组的事件并筛选资源 | 用于订阅资源组的事件并筛选一个资源的事件的示例脚本。 |
| PowerShell:订阅资源组的事件 | 用于订阅资源组的事件的示例脚本。 它将事件发送到 WebHook。 |
| PowerShell:订阅资源组的事件并筛选资源 | 用于订阅资源组的事件并筛选一个资源的事件的示例脚本。 |
| 资源管理器模板:资源订阅 | 订阅 Azure 订阅的事件或资源组。 它将事件发送到 WebHook。 |