当前位置: 首页 > 知识库问答 >
问题:

Azure资源图查询-按订阅名称列出策略状态

申屠昆
2023-03-14

我的目标是创建一个Azure dashboard小部件,其中包含订阅列表及其相应的策略状态。

+-------------------+-------+-----------+--------+---------------+------------+
| Subscription name | Total | Compliant | Exempt | Non-compliant | Percentage |
+-------------------+-------+-----------+--------+---------------+------------+
| foo-subscription  |   300 |       270 |      0 |            30 | 0.9        |
| bar-subscription  |   100 |        80 |      0 |            20 | 0.8        |
+-------------------+-------+-----------+--------+---------------+------------+

为此,我使用Azure资源图查询。我可以列出与订阅ID相关的策略状态。但与订阅名称无关。

这个问题

policyresources
| extend complianceState=tostring(properties['complianceState']), resourceId=tostring(properties['resourceId'])
| project subscriptionId, complianceState, resourceId
| summarize complianceStates=make_list(complianceState) by subscriptionId, resourceId
| summarize Total = count()
, Compliant = countif((complianceStates notcontains "NonCompliant") and (complianceStates contains "Compliant"))
, Exempt = countif((complianceStates notcontains "NonCompliant") and (complianceStates notcontains "Compliant") and (complianceStates contains "Exempt"))
, NonCompliant = countif (complianceStates contains "NonCompliant")
by subscriptionId
| extend OverallCompliancePerc = round(toreal(Compliant + Exempt) / toreal(Total), 2)
| order by OverallCompliancePerc desc

导致到

+--------------------+-------+-----------+--------+---------------+------------+
|  Subscription-ID   | Total | Compliant | Exempt | Non-compliant | Percentage |
+--------------------+-------+-----------+--------+---------------+------------+
| b4757628-9b24-447a |   300 |       270 |      0 |            30 | 0.9        |
| 86fa64ae-6c30-4157 |   100 |        80 |      0 |            20 | 0.8        |
+--------------------+-------+-----------+--------+---------------+------------+

kusto语言允许连接表。但是,kusto语言仅允许对Resources和ResourceContainer表进行连接。不适用于策略资源。

是否可以创建与订阅名称相关的表?

共有2个答案

壤驷兴朝
2023-03-14

很好的查询,你为我节省了很多时间。我对您的查询进行了一些调整,试图使最后的合规性结果尽可能接近门户仪表板,但速度更快。

policyresources
| extend complianceState=tostring(properties['complianceState']), resourceId=tostring(properties['resourceId']),timestamp=todatetime(tostring(properties['timestamp'])),policyDefinitionName=tostring(properties['policyDefinitionName'])
| where timestamp > ago(1d)
| project subscriptionId, complianceState, resourceId, timestamp,policyDefinitionName
| summarize max(timestamp) by subscriptionId, resourceId,complianceState,policyDefinitionName
| summarize complianceStates=make_list(complianceState) by subscriptionId, resourceId
| summarize Total = count()
, Compliant = countif((complianceStates notcontains "NonCompliant") and (complianceStates contains "Compliant"))
, Exempt = countif((complianceStates notcontains "NonCompliant") and (complianceStates notcontains "Compliant") and (complianceStates contains "Exempt"))
, ['Non-Compliant'] = countif (complianceStates contains "NonCompliant")
by subscriptionId
| extend ['Compliance %'] = round(toreal(Compliant + Exempt)*100 / toreal(Total), 2)
| order by ['Compliance %'] desc
索卓
2023-03-14

这是一个很好的问题,我想感谢您的分享。

如果在Azure资源图资源管理器中运行查询,则会显示结果,在结果标题“Formatted results”的上方有一个滑块开关,切换到on,它将用订阅名称替换SubscriptionId。

有工会的做法,但我遇到了困难,而且进展缓慢。以下是一个例子:

    Resources
    | summarize resourceCount=count() by subscriptionId
    | join (ResourceContainers | where type=='microsoft.resources/subscriptions' | project SubName=name, subscriptionId) on subscriptionId
    | project-away subscriptionId, subscriptionId1

如果从PowerShell运行,这是我用来解析订阅ID到订阅名称的方法:

# Create a Hash Table for lookups of SubscriptionName by subscriptionId
$LkUpSubs = @{}
For ($sub in (Get-AzSubscription)) {
    $LkUpSubs.Add($sub.Id, $sub.Name)
}

// In the Kusto Query, Add and include SubscriptionName in the | project statement
| extend SubscriptionName = ''

# Run Search-AzGraph and assign output to a variable like $results
# Enrich the results
ForEach ($rec in $results) {
    $rec.SubscriptionName = $LkUpSub[$rec.subscriptionId]
}

以下是基于您的查询的工作示例:

$LkUpSubs = @{}
ForEach ($sub in (Get-AzSubscription)) {
    $LkUpSubs.Add($sub.Id, $sub.Name)
}

$Query = "policyresources | where tolower(properties.policyAssignmentName) != 'securitycenterbuiltIn'
| extend complianceState=tostring(properties['complianceState']), resourceId=tostring(properties['resourceId'])
| project subscriptionId, complianceState, resourceId
| summarize complianceStates=make_list(complianceState) by subscriptionId, resourceId
| summarize Total = count()
  , Compliant = countif((complianceStates notcontains 'NonCompliant') and (complianceStates contains 'Compliant'))
  , Exempt = countif((complianceStates notcontains 'NonCompliant') and (complianceStates notcontains 'Compliant') and (complianceStates contains 'Exempt'))
  , NonCompliant = countif (complianceStates contains 'NonCompliant') by subscriptionId
| extend OverallCompliancePerc = round(toreal(Compliant + Exempt) / toreal(Total), 2)
| extend SubscriptionName = ''
| project SubscriptionName, subscriptionId, Total, Compliant, Exempt, NonCompliant, OverallCompliancePerc
| order by OverallCompliancePerc desc
"
$Results = Search-AzGraph -Query $Query -First 5000

ForEach ($rec in $Results) {
    $rec.SubscriptionName = $LkUpSubs[$rec.subscriptionId]
}

$TimeStamp = (Get-Date -Format 'yyyy-MMdd-HHmm')
$FilePath = ('C:\Temp\ComplianceReports\ResourceCompliance_CountsBySubscription_{0}.csv' -f $TimeStamp)
$Results |
    Sort-Object -Property SubscriptionName | 
    Select-Object -Property SubscriptionName, Total, Compliant, NonCompliant, OverallCompliancePerc |  
    Export-Csv -Path $FilePath -Encoding UTF8 -Delimiter ',' -NoTypeInformation -Force

祝你好运

 类似资料:
  • 构建目录 将前端构建配置文件所在的目录视为构建目录,也视为当前项目的根目录。 - dest - src |-- coolie.config.js 此时,coolie.config.js所在的目录src即为项目根目录,用 webstorm 可以非常好的标记项目根目录。 glob 路径 *:多个文件 **:多层级目录 更多 coolie 前端构建的配置文件以下配置是支持 glob 路径的: js.m

  • 因此,使用VS2019,我创建了一个Blob触发函数(v2),并针对Blob存储(v2)将其部署到Azure。如果我上传一个文件,该函数将被执行,blob存储中的文件将被成功处理。这里一切都好。 我现在希望创建一个Azure事件网格订阅(通过Azure门户)来附加到触发器和存储,但是,我看不到函数名称。 选择订阅后,请选择资源组 以前有人面对过吗?我希望在这个问题上有任何见解。 谢啦

  • 我有一个BizSpark帐户,但我正在努力弄清楚作为我的免费Azure包的一部分,我实际上有权得到什么。套餐详情列于此处: http://www.windowsazure.com/en-us/offers/details?locale=en-us 我需要运行: 一个虚拟机(运行Linux)为网站供电 一个托管服务,为客户端软件(Windows Phone和Windows 8)提供数据库访问 一个托

  • Elasticsearch模块支持所有基本查询构建,比如String,Abstract,Criteria或通过方法名获得构建查询。 声明查询 通过解析方法名来构建查询有时可能满足不了开发者的需求,或造成方法名可读性差。这时可以使用@Query注解来声明一个查询(参考使用@Query注解)

  • Spring Data repository使用下面的一套策略来决定最后创建的查询。可以通过配置XML中的query-loop-strategy属性或Javaconfig中Enable${store}Repositories注解的queryLookupStrategy属性来调整策略。某些特定的数据存储可能不支持所有策略。 CREATE 通过解析方法名构建查询,会删除方法名的某些前缀(eg:find

  • 我创建了一个通过spring数据自动创建查询的方法。问题出在返回参数上,因为与名称定义不匹配。实际上,通过只指定一个参数,它返回4个参数。 springData方法是: