Azure资源图查询-按订阅名称列出策略状态
我的目标是创建一个Azure dashboard小部件,其中包含订阅列表及其相应的策略状态。
+-------------------+-------+-----------+--------+---------------+------------+
| Subscription name | Total | Compliant | Exempt | Non-compliant | Percentage |
+-------------------+-------+-----------+--------+---------------+------------+
| foo-subscription | 300 | 270 | 0 | 30 | 0.9 |
| bar-subscription | 100 | 80 | 0 | 20 | 0.8 |
+-------------------+-------+-----------+--------+---------------+------------+
为此,我使用Azure资源图查询。我可以列出与订阅ID相关的策略状态。但与订阅名称无关。
这个问题
policyresources
| extend complianceState=tostring(properties['complianceState']), resourceId=tostring(properties['resourceId'])
| project subscriptionId, complianceState, resourceId
| summarize complianceStates=make_list(complianceState) by subscriptionId, resourceId
| summarize Total = count()
, Compliant = countif((complianceStates notcontains "NonCompliant") and (complianceStates contains "Compliant"))
, Exempt = countif((complianceStates notcontains "NonCompliant") and (complianceStates notcontains "Compliant") and (complianceStates contains "Exempt"))
, NonCompliant = countif (complianceStates contains "NonCompliant")
by subscriptionId
| extend OverallCompliancePerc = round(toreal(Compliant + Exempt) / toreal(Total), 2)
| order by OverallCompliancePerc desc
导致到
+--------------------+-------+-----------+--------+---------------+------------+
| Subscription-ID | Total | Compliant | Exempt | Non-compliant | Percentage |
+--------------------+-------+-----------+--------+---------------+------------+
| b4757628-9b24-447a | 300 | 270 | 0 | 30 | 0.9 |
| 86fa64ae-6c30-4157 | 100 | 80 | 0 | 20 | 0.8 |
+--------------------+-------+-----------+--------+---------------+------------+
kusto语言允许连接表。但是,kusto语言仅允许对Resources和ResourceContainer表进行连接。不适用于策略资源。
是否可以创建与订阅名称相关的表?
共有2个答案
很好的查询,你为我节省了很多时间。我对您的查询进行了一些调整,试图使最后的合规性结果尽可能接近门户仪表板,但速度更快。
policyresources
| extend complianceState=tostring(properties['complianceState']), resourceId=tostring(properties['resourceId']),timestamp=todatetime(tostring(properties['timestamp'])),policyDefinitionName=tostring(properties['policyDefinitionName'])
| where timestamp > ago(1d)
| project subscriptionId, complianceState, resourceId, timestamp,policyDefinitionName
| summarize max(timestamp) by subscriptionId, resourceId,complianceState,policyDefinitionName
| summarize complianceStates=make_list(complianceState) by subscriptionId, resourceId
| summarize Total = count()
, Compliant = countif((complianceStates notcontains "NonCompliant") and (complianceStates contains "Compliant"))
, Exempt = countif((complianceStates notcontains "NonCompliant") and (complianceStates notcontains "Compliant") and (complianceStates contains "Exempt"))
, ['Non-Compliant'] = countif (complianceStates contains "NonCompliant")
by subscriptionId
| extend ['Compliance %'] = round(toreal(Compliant + Exempt)*100 / toreal(Total), 2)
| order by ['Compliance %'] desc
这是一个很好的问题,我想感谢您的分享。
如果在Azure资源图资源管理器中运行查询,则会显示结果,在结果标题“Formatted results”的上方有一个滑块开关,切换到on,它将用订阅名称替换SubscriptionId。
有工会的做法,但我遇到了困难,而且进展缓慢。以下是一个例子:
Resources
| summarize resourceCount=count() by subscriptionId
| join (ResourceContainers | where type=='microsoft.resources/subscriptions' | project SubName=name, subscriptionId) on subscriptionId
| project-away subscriptionId, subscriptionId1
如果从PowerShell运行,这是我用来解析订阅ID到订阅名称的方法:
# Create a Hash Table for lookups of SubscriptionName by subscriptionId
$LkUpSubs = @{}
For ($sub in (Get-AzSubscription)) {
$LkUpSubs.Add($sub.Id, $sub.Name)
}
// In the Kusto Query, Add and include SubscriptionName in the | project statement
| extend SubscriptionName = ''
# Run Search-AzGraph and assign output to a variable like $results
# Enrich the results
ForEach ($rec in $results) {
$rec.SubscriptionName = $LkUpSub[$rec.subscriptionId]
}
以下是基于您的查询的工作示例:
$LkUpSubs = @{}
ForEach ($sub in (Get-AzSubscription)) {
$LkUpSubs.Add($sub.Id, $sub.Name)
}
$Query = "policyresources | where tolower(properties.policyAssignmentName) != 'securitycenterbuiltIn'
| extend complianceState=tostring(properties['complianceState']), resourceId=tostring(properties['resourceId'])
| project subscriptionId, complianceState, resourceId
| summarize complianceStates=make_list(complianceState) by subscriptionId, resourceId
| summarize Total = count()
, Compliant = countif((complianceStates notcontains 'NonCompliant') and (complianceStates contains 'Compliant'))
, Exempt = countif((complianceStates notcontains 'NonCompliant') and (complianceStates notcontains 'Compliant') and (complianceStates contains 'Exempt'))
, NonCompliant = countif (complianceStates contains 'NonCompliant') by subscriptionId
| extend OverallCompliancePerc = round(toreal(Compliant + Exempt) / toreal(Total), 2)
| extend SubscriptionName = ''
| project SubscriptionName, subscriptionId, Total, Compliant, Exempt, NonCompliant, OverallCompliancePerc
| order by OverallCompliancePerc desc
"
$Results = Search-AzGraph -Query $Query -First 5000
ForEach ($rec in $Results) {
$rec.SubscriptionName = $LkUpSubs[$rec.subscriptionId]
}
$TimeStamp = (Get-Date -Format 'yyyy-MMdd-HHmm')
$FilePath = ('C:\Temp\ComplianceReports\ResourceCompliance_CountsBySubscription_{0}.csv' -f $TimeStamp)
$Results |
Sort-Object -Property SubscriptionName |
Select-Object -Property SubscriptionName, Total, Compliant, NonCompliant, OverallCompliancePerc |
Export-Csv -Path $FilePath -Encoding UTF8 -Delimiter ',' -NoTypeInformation -Force
祝你好运
-
构建目录 将前端构建配置文件所在的目录视为构建目录,也视为当前项目的根目录。 - dest - src |-- coolie.config.js 此时,coolie.config.js所在的目录src即为项目根目录,用 webstorm 可以非常好的标记项目根目录。 glob 路径 *:多个文件 **:多层级目录 更多 coolie 前端构建的配置文件以下配置是支持 glob 路径的: js.m
-
因此,使用VS2019,我创建了一个Blob触发函数(v2),并针对Blob存储(v2)将其部署到Azure。如果我上传一个文件,该函数将被执行,blob存储中的文件将被成功处理。这里一切都好。 我现在希望创建一个Azure事件网格订阅(通过Azure门户)来附加到触发器和存储,但是,我看不到函数名称。 选择订阅后,请选择资源组 以前有人面对过吗?我希望在这个问题上有任何见解。 谢啦
-
我有一个BizSpark帐户,但我正在努力弄清楚作为我的免费Azure包的一部分,我实际上有权得到什么。套餐详情列于此处: http://www.windowsazure.com/en-us/offers/details?locale=en-us 我需要运行: 一个虚拟机(运行Linux)为网站供电 一个托管服务,为客户端软件(Windows Phone和Windows 8)提供数据库访问 一个托
-
Elasticsearch模块支持所有基本查询构建,比如String,Abstract,Criteria或通过方法名获得构建查询。 声明查询 通过解析方法名来构建查询有时可能满足不了开发者的需求,或造成方法名可读性差。这时可以使用@Query注解来声明一个查询(参考使用@Query注解)
-
Spring Data repository使用下面的一套策略来决定最后创建的查询。可以通过配置XML中的query-loop-strategy属性或Javaconfig中Enable${store}Repositories注解的queryLookupStrategy属性来调整策略。某些特定的数据存储可能不支持所有策略。 CREATE 通过解析方法名构建查询,会删除方法名的某些前缀(eg:find
-
我创建了一个通过spring数据自动创建查询的方法。问题出在返回参数上,因为与名称定义不匹配。实际上,通过只指定一个参数,它返回4个参数。 springData方法是: