充当事件网格源的 Azure 资源组Azure resource group as an Event Grid source

本文提供资源组事件的属性和架构。This article provides the properties and schema for resource group events. 有关事件架构的简介,请参阅 Azure 事件网格事件架构 For an introduction to event schemas, see Azure Event Grid event schema.

Azure 订阅和资源组发出相同的事件类型。Azure subscriptions and resource groups emit the same event types. 这些事件类型与资源更改或操作相关。The event types are related to resource changes or actions. 主要区别是资源组针对资源组中的资源发出事件,Azure 订阅针对跨订阅的资源发出事件。The primary difference is that resource groups emit events for resources within the resource group, and Azure subscriptions emit events for resources across the subscription.

已为发送到 management.chinacloudapi.cn 的 PUT、PATCH、POST 和 DELETE 操作创建资源事件。Resource events are created for PUT, PATCH, POST, and DELETE operations that are sent to management.chinacloudapi.cn. GET 操作不创建事件。GET operations don't create events. 发送到数据平面的操作(如 myaccount.blob.core.chinacloudapi.cn)不会创建事件。Operations sent to the data plane (like myaccount.blob.core.chinacloudapi.cn) don't create events. 操作事件为操作(例如列出资源的键)提供事件数据。The action events provide event data for operations like listing the keys for a resource.

当订阅资源组的事件时,终结点接收该资源组的所有事件。When you subscribe to events for a resource group, your endpoint receives all events for that resource group. 事件可能包括要查看的事件(例如更新虚拟机),以及可能不重要的事件(例如在部署历史记录中编写新条目)。The events can include event you want to see, such as updating a virtual machine, but also events that maybe aren't important to you, such as writing a new entry in the deployment history. 可以在终结点接收所有事件,并编写代码用于处理需要处理的事件。You can receive all events at your endpoint and write code that processes the events you want to handle. 或可以在创建事件订阅时设置一个筛选器。Or, you can set a filter when creating the event subscription.

若要以编程方式处理事件,可通过查看 operationName 值对事件进行排序。To programmatically handle events, you can sort events by looking at the operationName value. 例如,事件终结点可能只处理值等于 Microsoft.Compute/virtualMachines/writeMicrosoft.Storage/storageAccounts/write 的操作的事件。For example, your event endpoint might only process events for operations that are equal to Microsoft.Compute/virtualMachines/write or Microsoft.Storage/storageAccounts/write.

事件主题是作为操作目标的资源的资源 ID。The event subject is the resource ID of the resource that is the target of the operation. 若要筛选资源的事件,请在创建事件订阅时提供该资源 ID。To filter events for a resource, provide that resource ID when creating the event subscription. 若要按资源类型筛选,请使用以下格式的值:/subscriptions/<subscription-id>/resourcegroups/<resource-group>/providers/Microsoft.Compute/virtualMachinesTo filter by a resource type, use a value in following format: /subscriptions/<subscription-id>/resourcegroups/<resource-group>/providers/Microsoft.Compute/virtualMachines

事件网格事件架构Event Grid event schema

可用事件类型Available event types

资源组可从 Azure 资源管理器发出管理事件,例如,在创建 VM 或删除存储帐户时。Resource groups emit management events from Azure Resource Manager, such as when a VM is created or a storage account is deleted.

事件类型Event type 说明Description
Microsoft.Resources.ResourceActionCancelMicrosoft.Resources.ResourceActionCancel 在资源操作被取消时引发。Raised when action on resource is canceled.
Microsoft.Resources.ResourceActionFailureMicrosoft.Resources.ResourceActionFailure 在资源操作失败时引发。Raised when action on resource fails.
Microsoft.Resources.ResourceActionSuccessMicrosoft.Resources.ResourceActionSuccess 在资源操作成功时引发。Raised when action on resource succeeds.
Microsoft.Resources.ResourceDeleteCancelMicrosoft.Resources.ResourceDeleteCancel 在删除操作被取消时引发。Raised when delete operation is canceled. 取消模板部署时会发生此事件。This event happens when a template deployment is canceled.
Microsoft.Resources.ResourceDeleteFailureMicrosoft.Resources.ResourceDeleteFailure 在删除操作失败时引发。Raised when delete operation fails.
Microsoft.Resources.ResourceDeleteSuccessMicrosoft.Resources.ResourceDeleteSuccess 在删除操作成功时引发。Raised when delete operation succeeds.
Microsoft.Resources.ResourceWriteCancelMicrosoft.Resources.ResourceWriteCancel 在创建或更新操作被取消时引发。Raised when create or update operation is canceled.
Microsoft.Resources.ResourceWriteFailureMicrosoft.Resources.ResourceWriteFailure 在创建或更新操作失败时引发。Raised when create or update operation fails.
Microsoft.Resources.ResourceWriteSuccessMicrosoft.Resources.ResourceWriteSuccess 在创建或更新操作成功时引发。Raised when create or update operation succeeds.

示例事件Example event

以下示例展示了 ResourceWriteSuccess 事件的架构 。The following example shows the schema for a ResourceWriteSuccess event. 具有不同 eventType 值的 ResourceWriteFailure 和 ResourceWriteCancel 事件会使用相同的模式 。The same schema is used for ResourceWriteFailure and ResourceWriteCancel events with different values for eventType.

[{
  "subject": "/subscriptions/{subscription-id}/resourcegroups/{resource-group}/providers/Microsoft.Storage/storageAccounts/{storage-name}",
  "eventType": "Microsoft.Resources.ResourceWriteSuccess",
  "eventTime": "2018-07-19T18:38:04.6117357Z",
  "id": "4db48cba-50a2-455a-93b4-de41a3b5b7f6",
  "data": {
    "authorization": {
      "scope": "/subscriptions/{subscription-id}/resourcegroups/{resource-group}/providers/Microsoft.Storage/storageAccounts/{storage-name}",
      "action": "Microsoft.Storage/storageAccounts/write",
      "evidence": {
        "role": "Subscription Admin"
      }
    },
    "claims": {
      "aud": "{audience-claim}",
      "iss": "{issuer-claim}",
      "iat": "{issued-at-claim}",
      "nbf": "{not-before-claim}",
      "exp": "{expiration-claim}",
      "_claim_names": "{\"groups\":\"src1\"}",
      "_claim_sources": "{\"src1\":{\"endpoint\":\"{URI}\"}}",
      "http://schemas.microsoft.com/claims/authnclassreference": "1",
      "aio": "{token}",
      "http://schemas.microsoft.com/claims/authnmethodsreferences": "rsa,mfa",
      "appid": "{ID}",
      "appidacr": "2",
      "http://schemas.microsoft.com/2012/01/devicecontext/claims/identifier": "{ID}",
      "e_exp": "{expiration}",
      "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname": "{last-name}",
      "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname": "{first-name}",
      "ipaddr": "{IP-address}",
      "name": "{full-name}",
      "http://schemas.microsoft.com/identity/claims/objectidentifier": "{ID}",
      "onprem_sid": "{ID}",
      "puid": "{ID}",
      "http://schemas.microsoft.com/identity/claims/scope": "user_impersonation",
      "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier": "{ID}",
      "http://schemas.microsoft.com/identity/claims/tenantid": "{ID}",
      "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name": "{user-name}",
      "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn": "{user-name}",
      "uti": "{ID}",
      "ver": "1.0"
    },
    "correlationId": "{ID}",
    "resourceProvider": "Microsoft.Storage",
    "resourceUri": "/subscriptions/{subscription-id}/resourcegroups/{resource-group}/providers/Microsoft.Storage/storageAccounts/{storage-name}",
    "operationName": "Microsoft.Storage/storageAccounts/write",
    "status": "Succeeded",
    "subscriptionId": "{subscription-id}",
    "tenantId": "{tenant-id}"
  },
  "dataVersion": "2",
  "metadataVersion": "1",
  "topic": "/subscriptions/{subscription-id}/resourceGroups/{resource-group}"
}]

以下示例展示了 ResourceDeleteSuccess 事件的架构 。The following example shows the schema for a ResourceDeleteSuccess event. 具有不同 eventType 值的 ResourceDeleteFailure 和 ResourceDeleteCancel 事件会使用相同的模式 。The same schema is used for ResourceDeleteFailure and ResourceDeleteCancel events with different values for eventType.

[{
  "subject": "/subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.Storage/storageAccounts/{storage-name}",
  "eventType": "Microsoft.Resources.ResourceDeleteSuccess",
  "eventTime": "2018-07-19T19:24:12.763881Z",
  "id": "19a69642-1aad-4a96-a5ab-8d05494513ce",
  "data": {
    "authorization": {
      "scope": "/subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.Storage/storageAccounts/{storage-name}",
      "action": "Microsoft.Storage/storageAccounts/delete",
      "evidence": {
        "role": "Subscription Admin"
      }
    },
    "claims": {
      "aud": "{audience-claim}",
      "iss": "{issuer-claim}",
      "iat": "{issued-at-claim}",
      "nbf": "{not-before-claim}",
      "exp": "{expiration-claim}",
      "_claim_names": "{\"groups\":\"src1\"}",
      "_claim_sources": "{\"src1\":{\"endpoint\":\"{URI}\"}}",
      "http://schemas.microsoft.com/claims/authnclassreference": "1",
      "aio": "{token}",
      "http://schemas.microsoft.com/claims/authnmethodsreferences": "rsa,mfa",
      "appid": "{ID}",
      "appidacr": "2",
      "http://schemas.microsoft.com/2012/01/devicecontext/claims/identifier": "{ID}",
      "e_exp": "262800",
      "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname": "{last-name}",
      "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname": "{first-name}",
      "ipaddr": "{IP-address}",
      "name": "{full-name}",
      "http://schemas.microsoft.com/identity/claims/objectidentifier": "{ID}",
      "onprem_sid": "{ID}",
      "puid": "{ID}",
      "http://schemas.microsoft.com/identity/claims/scope": "user_impersonation",
      "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier": "{ID}",
      "http://schemas.microsoft.com/identity/claims/tenantid": "{ID}",
      "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name": "{user-name}",
      "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn": "{user-name}",
      "uti": "{ID}",
      "ver": "1.0"
    },
    "correlationId": "{ID}",
    "httpRequest": {
      "clientRequestId": "{ID}",
      "clientIpAddress": "{IP-address}",
      "method": "DELETE",
      "url": "https://management.chinacloudapi.cn/subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.Storage/storageAccounts/{storage-name}?api-version=2018-02-01"
    },
    "resourceProvider": "Microsoft.Storage",
    "resourceUri": "/subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.Storage/storageAccounts/{storage-name}",
    "operationName": "Microsoft.Storage/storageAccounts/delete",
    "status": "Succeeded",
    "subscriptionId": "{subscription-id}",
    "tenantId": "{tenant-id}"
  },
  "dataVersion": "2",
  "metadataVersion": "1",
  "topic": "/subscriptions/{subscription-id}/resourceGroups/{resource-group}"
}]

以下示例展示了 ResourceActionSuccess 事件的架构 。The following example shows the schema for a ResourceActionSuccess event. 具有不同 eventType 值的 ResourceActionFailure 和 ResourceActionCancel 事件会使用相同的模式 。The same schema is used for ResourceActionFailure and ResourceActionCancel events with different values for eventType.

[{   
  "subject": "/subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.EventHub/namespaces/{namespace}/AuthorizationRules/RootManageSharedAccessKey",
  "eventType": "Microsoft.Resources.ResourceActionSuccess",
  "eventTime": "2018-10-08T22:46:22.6022559Z",
  "id": "{ID}",
  "data": {
    "authorization": {
      "scope": "/subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.EventHub/namespaces/{namespace}/AuthorizationRules/RootManageSharedAccessKey",
      "action": "Microsoft.EventHub/namespaces/AuthorizationRules/listKeys/action",
      "evidence": {
        "role": "Contributor",
        "roleAssignmentScope": "/subscriptions/{subscription-id}",
        "roleAssignmentId": "{ID}",
        "roleDefinitionId": "{ID}",
        "principalId": "{ID}",
        "principalType": "ServicePrincipal"
      }     
    },
    "claims": {
      "aud": "{audience-claim}",
      "iss": "{issuer-claim}",
      "iat": "{issued-at-claim}",
      "nbf": "{not-before-claim}",
      "exp": "{expiration-claim}",
      "aio": "{token}",
      "appid": "{ID}",
      "appidacr": "2",
      "http://schemas.microsoft.com/identity/claims/identityprovider": "{URL}",
      "http://schemas.microsoft.com/identity/claims/objectidentifier": "{ID}",
      "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier": "{ID}",       "http://schemas.microsoft.com/identity/claims/tenantid": "{ID}",
      "uti": "{ID}",
      "ver": "1.0"
    },
    "correlationId": "{ID}",
    "httpRequest": {
      "clientRequestId": "{ID}",
      "clientIpAddress": "{IP-address}",
      "method": "POST",
      "url": "https://management.chinacloudapi.cn/subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.EventHub/namespaces/{namespace}/AuthorizationRules/RootManageSharedAccessKey/listKeys?api-version=2017-04-01"
    },
    "resourceProvider": "Microsoft.EventHub",
    "resourceUri": "/subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.EventHub/namespaces/{namespace}/AuthorizationRules/RootManageSharedAccessKey",
    "operationName": "Microsoft.EventHub/namespaces/AuthorizationRules/listKeys/action",
    "status": "Succeeded",
    "subscriptionId": "{subscription-id}",
    "tenantId": "{tenant-id}"
  },
  "dataVersion": "2",
  "metadataVersion": "1",
  "topic": "/subscriptions/{subscription-id}/resourceGroups/{resource-group}" 
}]

事件属性Event properties

事件具有以下顶级数据:An event has the following top-level data:

属性Property 类型Type 说明Description
主题topic stringstring 事件源的完整资源路径。Full resource path to the event source. 此字段不可写入。This field isn't writeable. 事件网格提供此值。Event Grid provides this value.
subjectsubject stringstring 事件主题的发布者定义路径。Publisher-defined path to the event subject.
eventTypeeventType stringstring 此事件源的一个注册事件类型。One of the registered event types for this event source.
EventTimeeventTime stringstring 基于提供程序 UTC 时间的事件生成时间。The time the event is generated based on the provider's UTC time.
idid stringstring 事件的唯一标识符。Unique identifier for the event.
数据data objectobject 资源组事件数据。Resource group event data.
dataVersiondataVersion stringstring 数据对象的架构版本。The schema version of the data object. 发布者定义架构版本。The publisher defines the schema version.
metadataVersionmetadataVersion stringstring 事件元数据的架构版本。The schema version of the event metadata. 事件网格定义顶级属性的架构。Event Grid defines the schema of the top-level properties. 事件网格提供此值。Event Grid provides this value.

数据对象具有以下属性:The data object has the following properties:

属性Property 类型Type 说明Description
authorizationauthorization objectobject 操作请求的授权。The requested authorization for the operation.
声明claims objectobject 声明的属性。The properties of the claims. 有关详细信息,请参阅 JWT 规范For more information, see JWT specification.
correlationIdcorrelationId stringstring 用于故障排除的操作 ID。An operation ID for troubleshooting.
httpRequesthttpRequest objectobject 操作的详细信息。The details of the operation. 仅在更新现有资源或删除资源时才包含此对象。This object is only included when updating an existing resource or deleting a resource.
resourceProviderresourceProvider stringstring 操作的资源提供程序。The resource provider for the operation.
resourceUriresourceUri stringstring 操作中资源的 URI。The URI of the resource in the operation.
operationNameoperationName stringstring 执行的操作。The operation that was taken.
状态status stringstring 操作状态。The status of the operation.
subscriptionIdsubscriptionId stringstring 资源的订阅 ID。The subscription ID of the resource.
tenantIdtenantId stringstring 资源的租户 ID。The tenant ID of the resource.

教程和操作指南Tutorials and how-tos

标题Title 说明Description
Azure CLI:订阅资源组的事件Azure CLI: subscribe to events for a resource group 用于订阅资源组的事件的示例脚本。Sample script that subscribes to events for a resource group. 它将事件发送到 WebHook。It sends events to a WebHook.
Azure CLI:订阅资源组的事件并筛选资源Azure CLI: subscribe to events for a resource group and filter for a resource 用于订阅资源组的事件并筛选一个资源的事件的示例脚本。Sample script that subscribes to events for a resource group and filters events for one resource.
PowerShell:订阅资源组的事件PowerShell: subscribe to events for a resource group 用于订阅资源组的事件的示例脚本。Sample script that subscribes to events for a resource group. 它将事件发送到 WebHook。It sends events to a WebHook.
PowerShell:订阅资源组的事件并筛选资源PowerShell: subscribe to events for a resource group and filter for a resource 用于订阅资源组的事件并筛选一个资源的事件的示例脚本。Sample script that subscribes to events for a resource group and filters events for one resource.
资源管理器模板:资源订阅Resource Manager template: resource subscription 订阅 Azure 订阅的事件或资源组。Subscribes to events for an Azure subscription or resource group. 它将事件发送到 WebHook。It sends events to a WebHook.

后续步骤Next steps