governance_rules
Creates, updates, deletes, gets or lists a governance_rules resource.
Overview
| Name | governance_rules |
| Type | Resource |
| Id | azure.security.governance_rules |
Fields
The following fields are returned by SELECT queries:
- get
- list
| Name | Datatype | Description |
|---|---|---|
id | string (arm-id) | Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" |
name | string | The name of the resource |
properties | object | Properties of a governance rule |
systemData | object | Azure Resource Manager metadata containing createdBy and modifiedBy information. |
type | string | The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" |
| Name | Datatype | Description |
|---|---|---|
id | string (arm-id) | Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" |
name | string | The name of the resource |
properties | object | Properties of a governance rule |
systemData | object | Azure Resource Manager metadata containing createdBy and modifiedBy information. |
type | string | The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
get | select | scope, ruleId | api-version | Get a specific governance rule for the requested scope by ruleId |
list | select | scope | api-version | Get a list of all relevant governance rules over a scope |
create_or_update | insert | scope, ruleId | api-version | Creates or updates a governance rule over a given scope |
delete | delete | scope, ruleId | api-version | Delete a Governance rule over a given scope |
execute | exec | scope, ruleId | api-version | Execute a governance rule |
operation_results | exec | scope, ruleId, operationId | api-version | Get governance rules long run operation result for the requested scope by ruleId and operationId |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
operationId | string | The governance rule long running operation unique key |
ruleId | string | The governance rule key - unique key for the standard governance rule (GUID) |
scope | string | The scope of the standard assignment. Valid scopes are: management group (format: 'providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: 'subscriptions/{subscriptionId}'), or security connector (format: 'subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/securityConnectors/{securityConnectorName})' |
api-version | string | API version for the operation |
SELECT examples
- get
- list
Get a specific governance rule for the requested scope by ruleId
SELECT
id,
name,
properties,
systemData,
type
FROM azure.security.governance_rules
WHERE scope = '{{ scope }}' -- required
AND ruleId = '{{ ruleId }}' -- required
AND api-version = '{{ api-version }}'
;
Get a list of all relevant governance rules over a scope
SELECT
id,
name,
properties,
systemData,
type
FROM azure.security.governance_rules
WHERE scope = '{{ scope }}' -- required
AND api-version = '{{ api-version }}'
;
INSERT examples
- create_or_update
- Manifest
Creates or updates a governance rule over a given scope
INSERT INTO azure.security.governance_rules (
data__properties,
scope,
ruleId,
api-version
)
SELECT
'{{ properties }}',
'{{ scope }}',
'{{ ruleId }}',
'{{ api-version }}'
RETURNING
id,
name,
properties,
systemData,
type
;
# Description fields are for documentation purposes
- name: governance_rules
props:
- name: scope
value: string
description: Required parameter for the governance_rules resource.
- name: ruleId
value: string
description: Required parameter for the governance_rules resource.
- name: properties
value: object
description: |
Properties of a governance rule
- name: api-version
value: string
description: API version for the operation
DELETE examples
- delete
Delete a Governance rule over a given scope
DELETE FROM azure.security.governance_rules
WHERE scope = '{{ scope }}' --required
AND ruleId = '{{ ruleId }}' --required
AND api-version = '{{ api-version }}'
;
Lifecycle Methods
- execute
- operation_results
Execute a governance rule
EXEC azure.security.governance_rules.execute
@scope='{{ scope }}' --required,
@ruleId='{{ ruleId }}' --required,
@api-version='{{ api-version }}'
@@json=
'{
"override": {{ override }}
}'
;
Get governance rules long run operation result for the requested scope by ruleId and operationId
EXEC azure.security.governance_rules.operation_results
@scope='{{ scope }}' --required,
@ruleId='{{ ruleId }}' --required,
@operationId='{{ operationId }}' --required,
@api-version='{{ api-version }}'
;