java - 如何使用 Java SDK 按名称查找 Azure 策略定义?
问题描述
Azure 的策略服务带有许多内置策略。可以使用 Azure 的 Java SDK 和 Azure 资源管理器访问它们。具体策略的定义可以通过getByName()
SDK 中的方法获取。
代码如下所示:
AzureResourceManager azureResourceManager = AzureResourceManager
.authenticate(credential, profile)
.withSubscription("<my-subscription-id>");
PolicyDefinition policyDefinition = azureResourceManager.policyDefinitions().getByName("<name>");
为了测试这段代码,我去控制台找到了一个预建策略的名称。我发现了两个不同的名字,一个在文本中:
和定义中的不同:
但是,尝试使用这些名称中的任何一个来检索策略定义都会导致相同的错误:
Status code 404, The policy definition 'Audit VMs that do not use managed disks' could not be found.
和
Status code 404, The policy definition '06a78e20-9358-41c9-923c-fb736d382a4d' could not be found
问题:这个方法要找什么名字?还是有更好的方法来检索策略定义?
解决方案
最后,当我都知道策略定义名称时,我最终使用 REST API 来获取策略定义。请注意,我必须使用一个调用来获取内置策略,而另一个调用来获取自定义策略,这很痛苦,因为我事先不知道我拥有哪种类型。我使用OkHttpClient来处理繁重的工作。这是我的解决方案:
Boolean itMightBeACustomPolicy = false;
OkHttpClient builtinPolicyDefinitionHttpClient = new OkHttpClient();
String builtinPolicyDefinitionUrl = "https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/"
+ policyState.getString("policyDefinitionName") // This is what I know
+ "?api-version=2020-09-01";
Request builtinPolicyDefinitionRequest = new Request.Builder()
.url(builtinPolicyDefinitionUrl)
.addHeader("Authorization", "Bearer " + token)
.get()
.build();
String policyDefinitionJson = "";
try
{
Response builtinPolicyDefinitionResponse = builtinPolicyDefinitionHttpClient.newCall(builtinPolicyDefinitionRequest).execute();
if(builtinPolicyDefinitionResponse.isSuccessful())
{
// It's a built-in policy definition
policyDefinitionJson = builtinPolicyDefinitionResponse.body().string();
}
else
{
// Let's try for a custom definition
// I do this separately to keep the try..catch unique.
itMightBeACustomPolicy = true;
}
}
catch (IOException e)
{
e.printStackTrace(); // TODO Handle this...
}
if(itMightBeACustomPolicy)
{
OkHttpClient customPolicyDefinitionHttpClient = new OkHttpClient();
String customPolicyDefinitionUrl = "https://management.azure.com/subscriptions/"
+ subscriptionId
+ "/providers/Microsoft.Authorization/policyDefinitions/"
+ policyState.getString("policyDefinitionName") // This is what I know
+ "?api-version=2020-09-01";
Request customPolicyDefinitionRequest = new Request.Builder()
.url(customPolicyDefinitionUrl)
.addHeader("Authorization", "Bearer " + token)
.get()
.build();
try
{
Response customPolicyDefinitionResponse = customPolicyDefinitionHttpClient.newCall(customPolicyDefinitionRequest).execute();
if(customPolicyDefinitionResponse.isSuccessful())
{
policyDefinitionJson = customPolicyDefinitionResponse.body().string();
}
else
{
// Not sure what it is. Let's assume there are no policy definitions available.
// So do nothing here for now.
}
}
catch (IOException e)
{
e.printStackTrace(); // TODO Handle this...
}
}
// Wherever we got the policy definition from, let's parse it and gather data.
// NOTE: This design assumes that the JSON for built-in and custom are (nearly) identical.
// That might be wrong.
if(!policyDefinitionJson.isEmpty())
{
JSONObject policyDefinitionRootObject = new JSONObject(policyDefinitionJson);
// Do something with the resulting JSON
System.out.println(policyDefinitionRootObject.getJSONObject("properties").getString("policyType"));
System.out.println(policyDefinitionRootObject.getJSONObject("properties").getString("description"));
System.out.println(policyDefinitionRootObject.getJSONObject("properties").getString("displayName"));
}
注意:“当您创建单个 OkHttpClient 实例并将其重用于所有 HTTP 调用时,OkHttp 的性能最佳。” 所以我仍然需要做一些重构以避免创建多个客户端。
推荐阅读
- makefile - Makefile 规则仅在调用 make 之前存在文件时才有效
- java - 如何将MWS本地安装到Maven管理的Spring Boot项目中?
- android - TextField 模糊在 Nativescript vue 中不起作用
- css - 使网格列元素以空间均匀拉伸
- javascript - 在 JavaScript 数组 for 循环中执行某些操作
- python - 关联来自两个 CSV 的数据并使用 Python 将数据写入第一个 CSV
- android - 致命错误:RNFirebaseDatabase.on 有 2 个参数,预期为 3
- vba - VBA替换文本不保留替换文本的格式并随机应用大写格式
- javascript - jquery检查页面URL是否包含特定路径
- r - 'Calloc' 无法使用 kernelUD 函数分配内存