充当事件网格源的 Azure 资源组

本文提供资源组事件的属性和架构。 有关事件架构的简介,请参阅 Azure 事件网格事件架构

Azure 订阅和资源组发出相同的事件类型。 这些事件类型与资源更改或操作相关。 主要区别是资源组针对资源组中的资源发出事件,Azure 订阅针对跨订阅的资源发出事件。

已为发送到 management.chinacloudapi.cn 的 PUT、PATCH、POST 和 DELETE 操作创建资源事件。 GET 操作不创建事件。 发送到数据平面的操作(如 myaccount.blob.core.chinacloudapi.cn)不会创建事件。 操作事件为操作(例如列出资源的键)提供事件数据。

当订阅资源组的事件时,终结点接收该资源组的所有事件。 事件可能包括要查看的事件(例如更新虚拟机),以及可能不重要的事件(例如在部署历史记录中编写新条目)。 可以在终结点接收所有事件,并编写代码用于处理需要处理的事件。 或可以在创建事件订阅时设置一个筛选器。

若要以编程方式处理事件,可通过查看 operationName 值对事件进行排序。 例如,事件终结点可能只处理值等于 Microsoft.Compute/virtualMachines/writeMicrosoft.Storage/storageAccounts/write 的操作的事件。

事件主题是作为操作目标的资源的资源 ID。 若要筛选资源的事件,请在创建事件订阅时提供该资源 ID。 若要按资源类型筛选,请使用以下格式的值:/subscriptions/<subscription-id>/resourcegroups/<resource-group>/providers/Microsoft.Compute/virtualMachines

可用事件类型

资源组可从 Azure 资源管理器发出管理事件,例如,在创建 VM 或删除存储帐户时。

事件类型 说明
Microsoft.Resources.ResourceActionCancel 在资源操作被取消时引发。
Microsoft.Resources.ResourceActionFailure 在资源操作失败时引发。
Microsoft.Resources.ResourceActionSuccess 在资源操作成功时引发。
Microsoft.Resources.ResourceDeleteCancel 在删除操作被取消时引发。 取消模板部署时会发生此事件。
Microsoft.Resources.ResourceDeleteFailure 在删除操作失败时引发。
Microsoft.Resources.ResourceDeleteSuccess 在删除操作成功时引发。
Microsoft.Resources.ResourceWriteCancel 在创建或更新操作被取消时引发。
Microsoft.Resources.ResourceWriteFailure 在创建或更新操作失败时引发。
Microsoft.Resources.ResourceWriteSuccess 在创建或更新操作成功时引发。

示例事件

以下示例展示了 ResourceWriteSuccess 事件的架构 。 具有不同 eventType 值的 ResourceWriteFailure 和 ResourceWriteCancel 事件会使用相同的模式 。

[{
  "subject": "/subscriptions/{subscription-id}/resourcegroups/{resource-group}/providers/Microsoft.Storage/storageAccounts/{storage-name}",
  "source": "/subscriptions/{subscription-id}/resourceGroups/{resource-group}",
  "type": "Microsoft.Resources.ResourceWriteSuccess",
  "time": "2018-07-19T18:38:04.6117357Z",
  "id": "4db48cba-50a2-455a-93b4-de41a3b5b7f6",
  "data": {
    "authorization": {
      "scope": "/subscriptions/{subscription-id}/resourcegroups/{resource-group}/providers/Microsoft.Storage/storageAccounts/{storage-name}",
      "action": "Microsoft.Storage/storageAccounts/write",
      "evidence": {
        "role": "Subscription Admin"
      }
    },
    "claims": {
      "aud": "{audience-claim}",
      "iss": "{issuer-claim}",
      "iat": "{issued-at-claim}",
      "nbf": "{not-before-claim}",
      "exp": "{expiration-claim}",
      "_claim_names": "{\"groups\":\"src1\"}",
      "_claim_sources": "{\"src1\":{\"endpoint\":\"{URI}\"}}",
      "http://schemas.microsoft.com/claims/authnclassreference": "1",
      "aio": "{token}",
      "http://schemas.microsoft.com/claims/authnmethodsreferences": "rsa,mfa",
      "appid": "{ID}",
      "appidacr": "2",
      "http://schemas.microsoft.com/2012/01/devicecontext/claims/identifier": "{ID}",
      "e_exp": "{expiration}",
      "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname": "{last-name}",
      "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname": "{first-name}",
      "ipaddr": "{IP-address}",
      "name": "{full-name}",
      "http://schemas.microsoft.com/identity/claims/objectidentifier": "{ID}",
      "onprem_sid": "{ID}",
      "puid": "{ID}",
      "http://schemas.microsoft.com/identity/claims/scope": "user_impersonation",
      "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier": "{ID}",
      "http://schemas.microsoft.com/identity/claims/tenantid": "{ID}",
      "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name": "{user-name}",
      "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn": "{user-name}",
      "uti": "{ID}",
      "ver": "1.0"
    },
    "correlationId": "{ID}",
    "resourceProvider": "Microsoft.Storage",
    "resourceUri": "/subscriptions/{subscription-id}/resourcegroups/{resource-group}/providers/Microsoft.Storage/storageAccounts/{storage-name}",
    "operationName": "Microsoft.Storage/storageAccounts/write",
    "status": "Succeeded",
    "subscriptionId": "{subscription-id}",
    "tenantId": "{tenant-id}"
  },

  "specversion": "1.0"
}]

以下示例展示了 ResourceDeleteSuccess 事件的架构 。 具有不同 eventType 值的 ResourceDeleteFailure 和 ResourceDeleteCancel 事件会使用相同的模式 。

[{
  "subject": "/subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.Storage/storageAccounts/{storage-name}",
  "source": "/subscriptions/{subscription-id}/resourceGroups/{resource-group}",
  "type": "Microsoft.Resources.ResourceDeleteSuccess",
  "time": "2018-07-19T19:24:12.763881Z",
  "id": "19a69642-1aad-4a96-a5ab-8d05494513ce",
  "data": {
    "authorization": {
      "scope": "/subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.Storage/storageAccounts/{storage-name}",
      "action": "Microsoft.Storage/storageAccounts/delete",
      "evidence": {
        "role": "Subscription Admin"
      }
    },
    "claims": {
      "aud": "{audience-claim}",
      "iss": "{issuer-claim}",
      "iat": "{issued-at-claim}",
      "nbf": "{not-before-claim}",
      "exp": "{expiration-claim}",
      "_claim_names": "{\"groups\":\"src1\"}",
      "_claim_sources": "{\"src1\":{\"endpoint\":\"{URI}\"}}",
      "http://schemas.microsoft.com/claims/authnclassreference": "1",
      "aio": "{token}",
      "http://schemas.microsoft.com/claims/authnmethodsreferences": "rsa,mfa",
      "appid": "{ID}",
      "appidacr": "2",
      "http://schemas.microsoft.com/2012/01/devicecontext/claims/identifier": "{ID}",
      "e_exp": "262800",
      "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname": "{last-name}",
      "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname": "{first-name}",
      "ipaddr": "{IP-address}",
      "name": "{full-name}",
      "http://schemas.microsoft.com/identity/claims/objectidentifier": "{ID}",
      "onprem_sid": "{ID}",
      "puid": "{ID}",
      "http://schemas.microsoft.com/identity/claims/scope": "user_impersonation",
      "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier": "{ID}",
      "http://schemas.microsoft.com/identity/claims/tenantid": "{ID}",
      "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name": "{user-name}",
      "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn": "{user-name}",
      "uti": "{ID}",
      "ver": "1.0"
    },
    "correlationId": "{ID}",
    "httpRequest": {
      "clientRequestId": "{ID}",
      "clientIpAddress": "{IP-address}",
      "method": "DELETE",
      "url": "https://management.chinacloudapi.cn/subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.Storage/storageAccounts/{storage-name}?api-version=2018-02-01"
    },
    "resourceProvider": "Microsoft.Storage",
    "resourceUri": "/subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.Storage/storageAccounts/{storage-name}",
    "operationName": "Microsoft.Storage/storageAccounts/delete",
    "status": "Succeeded",
    "subscriptionId": "{subscription-id}",
    "tenantId": "{tenant-id}"
  },
  "specversion": "1.0"
}]

以下示例展示了 ResourceActionSuccess 事件的架构 。 具有不同 eventType 值的 ResourceActionFailure 和 ResourceActionCancel 事件会使用相同的模式 。

[{   
  "subject": "/subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.EventHub/namespaces/{namespace}/AuthorizationRules/RootManageSharedAccessKey",
  "source": "/subscriptions/{subscription-id}/resourceGroups/{resource-group}",
  "type": "Microsoft.Resources.ResourceActionSuccess",
  "time": "2018-10-08T22:46:22.6022559Z",
  "id": "{ID}",
  "data": {
    "authorization": {
      "scope": "/subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.EventHub/namespaces/{namespace}/AuthorizationRules/RootManageSharedAccessKey",
      "action": "Microsoft.EventHub/namespaces/AuthorizationRules/listKeys/action",
      "evidence": {
        "role": "Contributor",
        "roleAssignmentScope": "/subscriptions/{subscription-id}",
        "roleAssignmentId": "{ID}",
        "roleDefinitionId": "{ID}",
        "principalId": "{ID}",
        "principalType": "ServicePrincipal"
      }     
    },
    "claims": {
      "aud": "{audience-claim}",
      "iss": "{issuer-claim}",
      "iat": "{issued-at-claim}",
      "nbf": "{not-before-claim}",
      "exp": "{expiration-claim}",
      "aio": "{token}",
      "appid": "{ID}",
      "appidacr": "2",
      "http://schemas.microsoft.com/identity/claims/identityprovider": "{URL}",
      "http://schemas.microsoft.com/identity/claims/objectidentifier": "{ID}",
      "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier": "{ID}",       "http://schemas.microsoft.com/identity/claims/tenantid": "{ID}",
      "uti": "{ID}",
      "ver": "1.0"
    },
    "correlationId": "{ID}",
    "httpRequest": {
      "clientRequestId": "{ID}",
      "clientIpAddress": "{IP-address}",
      "method": "POST",
      "url": "https://management.chinacloudapi.cn/subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.EventHub/namespaces/{namespace}/AuthorizationRules/RootManageSharedAccessKey/listKeys?api-version=2017-04-01"
    },
    "resourceProvider": "Microsoft.EventHub",
    "resourceUri": "/subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.EventHub/namespaces/{namespace}/AuthorizationRules/RootManageSharedAccessKey",
    "operationName": "Microsoft.EventHub/namespaces/AuthorizationRules/listKeys/action",
    "status": "Succeeded",
    "subscriptionId": "{subscription-id}",
    "tenantId": "{tenant-id}"
  },
  "specversion": "1.0"
}]

事件属性

事件具有以下顶级数据:

属性 类型​​ 说明
source string 事件源的完整资源路径。 此字段不可写入。 事件网格提供此值。
subject string 事件主题的发布者定义路径。
type string 此事件源的一个注册事件类型。
time string 基于提供程序 UTC 时间的事件生成时间。
id string 事件的唯一标识符。
data object 资源组事件数据。
specversion 字符串 CloudEvents 架构规范版本。

数据对象具有以下属性:

属性 类型​​ 说明
authorization object 操作请求的授权。
claims object 声明的属性。 有关详细信息,请参阅 JWT 规范
correlationId string 用于故障排除的操作 ID。
httpRequest object 操作的详细信息。 仅在更新现有资源或删除资源时才包含此对象。
resourceProvider string 操作的资源提供程序。
resourceUri string 操作中资源的 URI。
operationName string 执行的操作。
status string 操作状态。
subscriptionId string 资源的订阅 ID。
tenantId string 资源的租户 ID。

教程和操作指南

标题 说明
Azure CLI:订阅资源组的事件 用于订阅资源组的事件的示例脚本。 它将事件发送到 WebHook。
Azure CLI:订阅资源组的事件并筛选资源 用于订阅资源组的事件并筛选一个资源的事件的示例脚本。
PowerShell:订阅资源组的事件 用于订阅资源组的事件的示例脚本。 它将事件发送到 WebHook。
PowerShell:订阅资源组的事件并筛选资源 用于订阅资源组的事件并筛选一个资源的事件的示例脚本。
资源管理器模板:资源订阅 订阅 Azure 订阅的事件或资源组。 它将事件发送到 WebHook。

后续步骤