Creates or updates an attestation at subscription scope.
PUT https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.PolicyInsights/attestations/{attestationName}?api-version=2022-09-01
URI Parameters
Name |
In |
Required |
Type |
Description |
attestationName
|
path |
True
|
string
|
The name of the attestation.
|
subscriptionId
|
path |
True
|
string
|
The ID of the target subscription.
|
api-version
|
query |
True
|
string
|
The API version to use for this operation.
|
Request Body
Name |
Required |
Type |
Description |
properties.policyAssignmentId
|
True
|
string
|
The resource ID of the policy assignment that the attestation is setting the state for.
|
properties.assessmentDate
|
|
string
|
The time the evidence was assessed
|
properties.comments
|
|
string
|
Comments describing why this attestation was created.
|
properties.complianceState
|
|
ComplianceState
|
The compliance state that should be set on the resource.
|
properties.evidence
|
|
AttestationEvidence[]
|
The evidence supporting the compliance state set in this attestation.
|
properties.expiresOn
|
|
string
|
The time the compliance state should expire.
|
properties.metadata
|
|
object
|
Additional metadata for this attestation
|
properties.owner
|
|
string
|
The person responsible for setting the state of the resource. This value is typically an Azure Active Directory object ID.
|
properties.policyDefinitionReferenceId
|
|
string
|
The policy definition reference ID from a policy set definition that the attestation is setting the state for. If the policy assignment assigns a policy set definition the attestation can choose a definition within the set definition with this property or omit this and set the state for the entire set definition.
|
Responses
Name |
Type |
Description |
200 OK
|
Attestation
|
The updated attestation.
|
201 Created
|
Attestation
|
The created attestation.
|
Other Status Codes
|
ErrorResponse
|
Error response describing why the operation failed.
|
Security
azure_auth
Azure Active Directory OAuth2 Flow
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
Name |
Description |
user_impersonation
|
impersonate your user account
|
Examples
Create attestation at subscription scope
Sample request
PUT https://management.azure.com/subscriptions/35ee058e-5fa0-414c-8145-3ebb8d09b6e2/providers/Microsoft.PolicyInsights/attestations/790996e6-9871-4b1f-9cd9-ec42cd6ced1e?api-version=2022-09-01
{
"properties": {
"policyAssignmentId": "/subscriptions/35ee058e-5fa0-414c-8145-3ebb8d09b6e2/providers/microsoft.authorization/policyassignments/b101830944f246d8a14088c5",
"complianceState": "Compliant"
}
}
import com.azure.resourcemanager.policyinsights.fluent.models.AttestationInner;
import com.azure.resourcemanager.policyinsights.models.ComplianceState;
/**
* Samples for Attestations CreateOrUpdateAtSubscription.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2022-09-01/examples/
* Attestations_CreateSubscriptionScope.json
*/
/**
* Sample code: Create attestation at subscription scope.
*
* @param manager Entry point to PolicyInsightsManager.
*/
public static void
createAttestationAtSubscriptionScope(com.azure.resourcemanager.policyinsights.PolicyInsightsManager manager) {
manager.attestations().createOrUpdateAtSubscription("790996e6-9871-4b1f-9cd9-ec42cd6ced1e",
new AttestationInner().withPolicyAssignmentId(
"/subscriptions/35ee058e-5fa0-414c-8145-3ebb8d09b6e2/providers/microsoft.authorization/policyassignments/b101830944f246d8a14088c5")
.withComplianceState(ComplianceState.COMPLIANT),
com.azure.core.util.Context.NONE);
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.policyinsights import PolicyInsightsClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-policyinsights
# USAGE
python attestations_create_subscription_scope.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = PolicyInsightsClient(
credential=DefaultAzureCredential(),
subscription_id="35ee058e-5fa0-414c-8145-3ebb8d09b6e2",
)
response = client.attestations.begin_create_or_update_at_subscription(
attestation_name="790996e6-9871-4b1f-9cd9-ec42cd6ced1e",
parameters={
"properties": {
"complianceState": "Compliant",
"policyAssignmentId": "/subscriptions/35ee058e-5fa0-414c-8145-3ebb8d09b6e2/providers/microsoft.authorization/policyassignments/b101830944f246d8a14088c5",
}
},
).result()
print(response)
# x-ms-original-file: specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2022-09-01/examples/Attestations_CreateSubscriptionScope.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armpolicyinsights_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/policyinsights/armpolicyinsights"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/05a9cdab363b8ec824094ee73950c04594325172/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2022-09-01/examples/Attestations_CreateSubscriptionScope.json
func ExampleAttestationsClient_BeginCreateOrUpdateAtSubscription_createAttestationAtSubscriptionScope() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armpolicyinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewAttestationsClient().BeginCreateOrUpdateAtSubscription(ctx, "790996e6-9871-4b1f-9cd9-ec42cd6ced1e", armpolicyinsights.Attestation{
Properties: &armpolicyinsights.AttestationProperties{
ComplianceState: to.Ptr(armpolicyinsights.ComplianceStateCompliant),
PolicyAssignmentID: to.Ptr("/subscriptions/35ee058e-5fa0-414c-8145-3ebb8d09b6e2/providers/microsoft.authorization/policyassignments/b101830944f246d8a14088c5"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Attestation = armpolicyinsights.Attestation{
// Name: to.Ptr("790996e6-9871-4b1f-9cd9-ec42cd6ced1e"),
// Type: to.Ptr("Microsoft.PolicyInsights/attestations"),
// ID: to.Ptr("/subscriptions/35ee058e-5fa0-414c-8145-3ebb8d09b6e2/providers/microsoft.policyinsights/attestations/790996e6-9871-4b1f-9cd9-ec42cd6ced1e"),
// Properties: &armpolicyinsights.AttestationProperties{
// ComplianceState: to.Ptr(armpolicyinsights.ComplianceStateCompliant),
// LastComplianceStateChangeAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-06-15T18:52:27.000Z"); return t}()),
// PolicyAssignmentID: to.Ptr("/subscriptions/35ee058e-5fa0-414c-8145-3ebb8d09b6e2/providers/microsoft.authorization/policyassignments/b101830944f246d8a14088c5"),
// ProvisioningState: to.Ptr("Succeeded"),
// },
// SystemData: &armpolicyinsights.SystemData{
// CreatedAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-06-15T18:52:27.000Z"); return t}()),
// CreatedBy: to.Ptr("b69a9388-9488-4534-b470-7ec6d41beef6"),
// CreatedByType: to.Ptr(armpolicyinsights.CreatedByTypeUser),
// LastModifiedAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-06-15T18:52:27.000Z"); return t}()),
// LastModifiedBy: to.Ptr("b69a9388-9488-4534-b470-7ec6d41beef6"),
// LastModifiedByType: to.Ptr(armpolicyinsights.CreatedByTypeUser),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { PolicyInsightsClient } = require("@azure/arm-policyinsights");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Creates or updates an attestation at subscription scope.
*
* @summary Creates or updates an attestation at subscription scope.
* x-ms-original-file: specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2022-09-01/examples/Attestations_CreateSubscriptionScope.json
*/
async function createAttestationAtSubscriptionScope() {
const subscriptionId =
process.env["POLICYINSIGHTS_SUBSCRIPTION_ID"] || "35ee058e-5fa0-414c-8145-3ebb8d09b6e2";
const attestationName = "790996e6-9871-4b1f-9cd9-ec42cd6ced1e";
const parameters = {
complianceState: "Compliant",
policyAssignmentId:
"/subscriptions/35ee058e-5fa0-414c-8145-3ebb8d09b6e2/providers/microsoft.authorization/policyassignments/b101830944f246d8a14088c5",
};
const credential = new DefaultAzureCredential();
const client = new PolicyInsightsClient(credential, subscriptionId);
const result = await client.attestations.beginCreateOrUpdateAtSubscriptionAndWait(
attestationName,
parameters
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample response
{
"properties": {
"policyAssignmentId": "/subscriptions/35ee058e-5fa0-414c-8145-3ebb8d09b6e2/providers/microsoft.authorization/policyassignments/b101830944f246d8a14088c5",
"complianceState": "Compliant",
"lastComplianceStateChangeAt": "2020-06-15T18:52:27Z",
"provisioningState": "Succeeded"
},
"systemData": {
"createdBy": "b69a9388-9488-4534-b470-7ec6d41beef6",
"createdByType": "User",
"createdAt": "2020-06-15T18:52:27Z",
"lastModifiedBy": "b69a9388-9488-4534-b470-7ec6d41beef6",
"lastModifiedByType": "User",
"lastModifiedAt": "2020-06-15T18:52:27Z"
},
"id": "/subscriptions/35ee058e-5fa0-414c-8145-3ebb8d09b6e2/providers/microsoft.policyinsights/attestations/790996e6-9871-4b1f-9cd9-ec42cd6ced1e",
"name": "790996e6-9871-4b1f-9cd9-ec42cd6ced1e",
"type": "Microsoft.PolicyInsights/attestations"
}
{
"properties": {
"policyAssignmentId": "/subscriptions/35ee058e-5fa0-414c-8145-3ebb8d09b6e2/providers/microsoft.authorization/policyassignments/b101830944f246d8a14088c5",
"complianceState": "Compliant",
"lastComplianceStateChangeAt": "2020-06-15T18:52:27Z",
"provisioningState": "Succeeded"
},
"systemData": {
"createdBy": "b69a9388-9488-4534-b470-7ec6d41beef6",
"createdByType": "User",
"createdAt": "2020-06-15T18:52:27Z",
"lastModifiedBy": "b69a9388-9488-4534-b470-7ec6d41beef6",
"lastModifiedByType": "User",
"lastModifiedAt": "2020-06-15T18:52:27Z"
},
"id": "/subscriptions/35ee058e-5fa0-414c-8145-3ebb8d09b6e2/providers/microsoft.policyinsights/attestations/790996e6-9871-4b1f-9cd9-ec42cd6ced1e",
"name": "790996e6-9871-4b1f-9cd9-ec42cd6ced1e",
"type": "Microsoft.PolicyInsights/attestations"
}
Create attestation at subscription scope with all properties
Sample request
PUT https://management.azure.com/subscriptions/35ee058e-5fa0-414c-8145-3ebb8d09b6e2/providers/Microsoft.PolicyInsights/attestations/790996e6-9871-4b1f-9cd9-ec42cd6ced1e?api-version=2022-09-01
{
"properties": {
"policyAssignmentId": "/subscriptions/35ee058e-5fa0-414c-8145-3ebb8d09b6e2/providers/microsoft.authorization/policyassignments/b101830944f246d8a14088c5",
"policyDefinitionReferenceId": "0b158b46-ff42-4799-8e39-08a5c23b4551",
"complianceState": "Compliant",
"expiresOn": "2021-06-15T00:00:00Z",
"owner": "55a32e28-3aa5-4eea-9b5a-4cd85153b966",
"comments": "This subscription has passed a security audit.",
"evidence": [
{
"description": "The results of the security audit.",
"sourceUri": "https://gist.github.com/contoso/9573e238762c60166c090ae16b814011"
}
],
"assessmentDate": "2021-06-10T00:00:00Z",
"metadata": {
"departmentId": "NYC-MARKETING-1"
}
}
}
import com.azure.core.management.serializer.SerializerFactory;
import com.azure.core.util.serializer.SerializerEncoding;
import com.azure.resourcemanager.policyinsights.fluent.models.AttestationInner;
import com.azure.resourcemanager.policyinsights.models.AttestationEvidence;
import com.azure.resourcemanager.policyinsights.models.ComplianceState;
import java.io.IOException;
import java.time.OffsetDateTime;
import java.util.Arrays;
/**
* Samples for Attestations CreateOrUpdateAtSubscription.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2022-09-01/examples/
* Attestations_CreateSubscriptionScope_AllProperties.json
*/
/**
* Sample code: Create attestation at subscription scope with all properties.
*
* @param manager Entry point to PolicyInsightsManager.
*/
public static void createAttestationAtSubscriptionScopeWithAllProperties(
com.azure.resourcemanager.policyinsights.PolicyInsightsManager manager) throws IOException {
manager.attestations().createOrUpdateAtSubscription("790996e6-9871-4b1f-9cd9-ec42cd6ced1e",
new AttestationInner().withPolicyAssignmentId(
"/subscriptions/35ee058e-5fa0-414c-8145-3ebb8d09b6e2/providers/microsoft.authorization/policyassignments/b101830944f246d8a14088c5")
.withPolicyDefinitionReferenceId("0b158b46-ff42-4799-8e39-08a5c23b4551")
.withComplianceState(ComplianceState.COMPLIANT)
.withExpiresOn(OffsetDateTime.parse("2021-06-15T00:00:00Z"))
.withOwner("55a32e28-3aa5-4eea-9b5a-4cd85153b966")
.withComments("This subscription has passed a security audit.")
.withEvidence(
Arrays.asList(new AttestationEvidence().withDescription("The results of the security audit.")
.withSourceUri("https://gist.github.com/contoso/9573e238762c60166c090ae16b814011")))
.withAssessmentDate(OffsetDateTime.parse("2021-06-10T00:00:00Z"))
.withMetadata(SerializerFactory.createDefaultManagementSerializerAdapter()
.deserialize("{\"departmentId\":\"NYC-MARKETING-1\"}", Object.class, SerializerEncoding.JSON)),
com.azure.core.util.Context.NONE);
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.policyinsights import PolicyInsightsClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-policyinsights
# USAGE
python attestations_create_subscription_scope_all_properties.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = PolicyInsightsClient(
credential=DefaultAzureCredential(),
subscription_id="35ee058e-5fa0-414c-8145-3ebb8d09b6e2",
)
response = client.attestations.begin_create_or_update_at_subscription(
attestation_name="790996e6-9871-4b1f-9cd9-ec42cd6ced1e",
parameters={
"properties": {
"assessmentDate": "2021-06-10T00:00:00Z",
"comments": "This subscription has passed a security audit.",
"complianceState": "Compliant",
"evidence": [
{
"description": "The results of the security audit.",
"sourceUri": "https://gist.github.com/contoso/9573e238762c60166c090ae16b814011",
}
],
"expiresOn": "2021-06-15T00:00:00Z",
"metadata": {"departmentId": "NYC-MARKETING-1"},
"owner": "55a32e28-3aa5-4eea-9b5a-4cd85153b966",
"policyAssignmentId": "/subscriptions/35ee058e-5fa0-414c-8145-3ebb8d09b6e2/providers/microsoft.authorization/policyassignments/b101830944f246d8a14088c5",
"policyDefinitionReferenceId": "0b158b46-ff42-4799-8e39-08a5c23b4551",
}
},
).result()
print(response)
# x-ms-original-file: specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2022-09-01/examples/Attestations_CreateSubscriptionScope_AllProperties.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armpolicyinsights_test
import (
"context"
"log"
"time"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/policyinsights/armpolicyinsights"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/05a9cdab363b8ec824094ee73950c04594325172/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2022-09-01/examples/Attestations_CreateSubscriptionScope_AllProperties.json
func ExampleAttestationsClient_BeginCreateOrUpdateAtSubscription_createAttestationAtSubscriptionScopeWithAllProperties() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armpolicyinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewAttestationsClient().BeginCreateOrUpdateAtSubscription(ctx, "790996e6-9871-4b1f-9cd9-ec42cd6ced1e", armpolicyinsights.Attestation{
Properties: &armpolicyinsights.AttestationProperties{
AssessmentDate: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-06-10T00:00:00.000Z"); return t }()),
Comments: to.Ptr("This subscription has passed a security audit."),
ComplianceState: to.Ptr(armpolicyinsights.ComplianceStateCompliant),
Evidence: []*armpolicyinsights.AttestationEvidence{
{
Description: to.Ptr("The results of the security audit."),
SourceURI: to.Ptr("https://gist.github.com/contoso/9573e238762c60166c090ae16b814011"),
}},
ExpiresOn: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-06-15T00:00:00.000Z"); return t }()),
Metadata: map[string]any{
"departmentId": "NYC-MARKETING-1",
},
Owner: to.Ptr("55a32e28-3aa5-4eea-9b5a-4cd85153b966"),
PolicyAssignmentID: to.Ptr("/subscriptions/35ee058e-5fa0-414c-8145-3ebb8d09b6e2/providers/microsoft.authorization/policyassignments/b101830944f246d8a14088c5"),
PolicyDefinitionReferenceID: to.Ptr("0b158b46-ff42-4799-8e39-08a5c23b4551"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Attestation = armpolicyinsights.Attestation{
// Name: to.Ptr("790996e6-9871-4b1f-9cd9-ec42cd6ced1e"),
// Type: to.Ptr("Microsoft.PolicyInsights/attestations"),
// ID: to.Ptr("/subscriptions/35ee058e-5fa0-414c-8145-3ebb8d09b6e2/providers/microsoft.policyinsights/attestations/790996e6-9871-4b1f-9cd9-ec42cd6ced1e"),
// Properties: &armpolicyinsights.AttestationProperties{
// AssessmentDate: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-06-10T00:00:00.000Z"); return t}()),
// Comments: to.Ptr("This subscription has passed a security audit."),
// ComplianceState: to.Ptr(armpolicyinsights.ComplianceStateCompliant),
// Evidence: []*armpolicyinsights.AttestationEvidence{
// {
// Description: to.Ptr("The results of the security audit."),
// SourceURI: to.Ptr("https://gist.github.com/contoso/9573e238762c60166c090ae16b814011"),
// }},
// ExpiresOn: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-06-15T00:00:00.000Z"); return t}()),
// LastComplianceStateChangeAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-06-15T18:52:27.000Z"); return t}()),
// Metadata: map[string]any{
// "departmentId": "NYC-MARKETING-1",
// },
// Owner: to.Ptr("55a32e28-3aa5-4eea-9b5a-4cd85153b966"),
// PolicyAssignmentID: to.Ptr("/subscriptions/35ee058e-5fa0-414c-8145-3ebb8d09b6e2/providers/microsoft.authorization/policyassignments/b101830944f246d8a14088c5"),
// PolicyDefinitionReferenceID: to.Ptr("0b158b46-ff42-4799-8e39-08a5c23b4551"),
// ProvisioningState: to.Ptr("Succeeded"),
// },
// SystemData: &armpolicyinsights.SystemData{
// CreatedAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-06-15T18:52:27.000Z"); return t}()),
// CreatedBy: to.Ptr("b69a9388-9488-4534-b470-7ec6d41beef6"),
// CreatedByType: to.Ptr(armpolicyinsights.CreatedByTypeUser),
// LastModifiedAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-06-15T18:52:27.000Z"); return t}()),
// LastModifiedBy: to.Ptr("b69a9388-9488-4534-b470-7ec6d41beef6"),
// LastModifiedByType: to.Ptr(armpolicyinsights.CreatedByTypeUser),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { PolicyInsightsClient } = require("@azure/arm-policyinsights");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Creates or updates an attestation at subscription scope.
*
* @summary Creates or updates an attestation at subscription scope.
* x-ms-original-file: specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2022-09-01/examples/Attestations_CreateSubscriptionScope_AllProperties.json
*/
async function createAttestationAtSubscriptionScopeWithAllProperties() {
const subscriptionId =
process.env["POLICYINSIGHTS_SUBSCRIPTION_ID"] || "35ee058e-5fa0-414c-8145-3ebb8d09b6e2";
const attestationName = "790996e6-9871-4b1f-9cd9-ec42cd6ced1e";
const parameters = {
assessmentDate: new Date("2021-06-10T00:00:00Z"),
comments: "This subscription has passed a security audit.",
complianceState: "Compliant",
evidence: [
{
description: "The results of the security audit.",
sourceUri: "https://gist.github.com/contoso/9573e238762c60166c090ae16b814011",
},
],
expiresOn: new Date("2021-06-15T00:00:00Z"),
metadata: { departmentId: "NYC-MARKETING-1" },
owner: "55a32e28-3aa5-4eea-9b5a-4cd85153b966",
policyAssignmentId:
"/subscriptions/35ee058e-5fa0-414c-8145-3ebb8d09b6e2/providers/microsoft.authorization/policyassignments/b101830944f246d8a14088c5",
policyDefinitionReferenceId: "0b158b46-ff42-4799-8e39-08a5c23b4551",
};
const credential = new DefaultAzureCredential();
const client = new PolicyInsightsClient(credential, subscriptionId);
const result = await client.attestations.beginCreateOrUpdateAtSubscriptionAndWait(
attestationName,
parameters
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample response
{
"properties": {
"policyAssignmentId": "/subscriptions/35ee058e-5fa0-414c-8145-3ebb8d09b6e2/providers/microsoft.authorization/policyassignments/b101830944f246d8a14088c5",
"policyDefinitionReferenceId": "0b158b46-ff42-4799-8e39-08a5c23b4551",
"complianceState": "Compliant",
"lastComplianceStateChangeAt": "2020-06-15T18:52:27Z",
"expiresOn": "2021-06-15T00:00:00Z",
"owner": "55a32e28-3aa5-4eea-9b5a-4cd85153b966",
"comments": "This subscription has passed a security audit.",
"evidence": [
{
"description": "The results of the security audit.",
"sourceUri": "https://gist.github.com/contoso/9573e238762c60166c090ae16b814011"
}
],
"assessmentDate": "2021-06-10T00:00:00Z",
"metadata": {
"departmentId": "NYC-MARKETING-1"
},
"provisioningState": "Succeeded"
},
"systemData": {
"createdBy": "b69a9388-9488-4534-b470-7ec6d41beef6",
"createdByType": "User",
"createdAt": "2020-06-15T18:52:27Z",
"lastModifiedBy": "b69a9388-9488-4534-b470-7ec6d41beef6",
"lastModifiedByType": "User",
"lastModifiedAt": "2020-06-15T18:52:27Z"
},
"id": "/subscriptions/35ee058e-5fa0-414c-8145-3ebb8d09b6e2/providers/microsoft.policyinsights/attestations/790996e6-9871-4b1f-9cd9-ec42cd6ced1e",
"name": "790996e6-9871-4b1f-9cd9-ec42cd6ced1e",
"type": "Microsoft.PolicyInsights/attestations"
}
{
"properties": {
"policyAssignmentId": "/subscriptions/35ee058e-5fa0-414c-8145-3ebb8d09b6e2/providers/microsoft.authorization/policyassignments/b101830944f246d8a14088c5",
"policyDefinitionReferenceId": "0b158b46-ff42-4799-8e39-08a5c23b4551",
"complianceState": "Compliant",
"lastComplianceStateChangeAt": "2020-06-15T18:52:27Z",
"expiresOn": "2021-06-15T00:00:00Z",
"owner": "55a32e28-3aa5-4eea-9b5a-4cd85153b966",
"comments": "This subscription has passed a security audit.",
"evidence": [
{
"description": "The results of the security audit.",
"sourceUri": "https://gist.github.com/contoso/9573e238762c60166c090ae16b814011"
}
],
"assessmentDate": "2021-06-10T00:00:00Z",
"metadata": {
"departmentId": "NYC-MARKETING-1"
},
"provisioningState": "Succeeded"
},
"systemData": {
"createdBy": "b69a9388-9488-4534-b470-7ec6d41beef6",
"createdByType": "User",
"createdAt": "2020-06-15T18:52:27Z",
"lastModifiedBy": "b69a9388-9488-4534-b470-7ec6d41beef6",
"lastModifiedByType": "User",
"lastModifiedAt": "2020-06-15T18:52:27Z"
},
"id": "/subscriptions/35ee058e-5fa0-414c-8145-3ebb8d09b6e2/providers/microsoft.policyinsights/attestations/790996e6-9871-4b1f-9cd9-ec42cd6ced1e",
"name": "790996e6-9871-4b1f-9cd9-ec42cd6ced1e",
"type": "Microsoft.PolicyInsights/attestations"
}
Definitions
Attestation
An attestation resource.
Name |
Type |
Description |
id
|
string
|
Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
|
name
|
string
|
The name of the resource
|
properties.assessmentDate
|
string
|
The time the evidence was assessed
|
properties.comments
|
string
|
Comments describing why this attestation was created.
|
properties.complianceState
|
ComplianceState
|
The compliance state that should be set on the resource.
|
properties.evidence
|
AttestationEvidence[]
|
The evidence supporting the compliance state set in this attestation.
|
properties.expiresOn
|
string
|
The time the compliance state should expire.
|
properties.lastComplianceStateChangeAt
|
string
|
The time the compliance state was last changed in this attestation.
|
properties.metadata
|
object
|
Additional metadata for this attestation
|
properties.owner
|
string
|
The person responsible for setting the state of the resource. This value is typically an Azure Active Directory object ID.
|
properties.policyAssignmentId
|
string
|
The resource ID of the policy assignment that the attestation is setting the state for.
|
properties.policyDefinitionReferenceId
|
string
|
The policy definition reference ID from a policy set definition that the attestation is setting the state for. If the policy assignment assigns a policy set definition the attestation can choose a definition within the set definition with this property or omit this and set the state for the entire set definition.
|
properties.provisioningState
|
string
|
The status of the attestation.
|
systemData
|
systemData
|
Azure Resource Manager metadata containing createdBy and modifiedBy information.
|
type
|
string
|
The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
|
AttestationEvidence
A piece of evidence supporting the compliance state set in the attestation.
Name |
Type |
Description |
description
|
string
|
The description for this piece of evidence.
|
sourceUri
|
string
|
The URI location of the evidence.
|
ComplianceState
The compliance state that should be set on the resource.
Name |
Type |
Description |
Compliant
|
string
|
The resource is in compliance with the policy.
|
NonCompliant
|
string
|
The resource is not in compliance with the policy.
|
Unknown
|
string
|
The compliance state of the resource is not known.
|
createdByType
The type of identity that created the resource.
Name |
Type |
Description |
Application
|
string
|
|
Key
|
string
|
|
ManagedIdentity
|
string
|
|
User
|
string
|
|
ErrorDefinition
Error definition.
Name |
Type |
Description |
additionalInfo
|
TypedErrorInfo[]
|
Additional scenario specific error details.
|
code
|
string
|
Service specific error code which serves as the substatus for the HTTP error code.
|
details
|
ErrorDefinition[]
|
Internal error details.
|
message
|
string
|
Description of the error.
|
target
|
string
|
The target of the error.
|
ErrorResponse
Error response.
systemData
Metadata pertaining to creation and last modification of the resource.
Name |
Type |
Description |
createdAt
|
string
|
The timestamp of resource creation (UTC).
|
createdBy
|
string
|
The identity that created the resource.
|
createdByType
|
createdByType
|
The type of identity that created the resource.
|
lastModifiedAt
|
string
|
The timestamp of resource last modification (UTC)
|
lastModifiedBy
|
string
|
The identity that last modified the resource.
|
lastModifiedByType
|
createdByType
|
The type of identity that last modified the resource.
|
TypedErrorInfo
Scenario specific error details.
Name |
Type |
Description |
info
|
|
The scenario specific error details.
|
type
|
string
|
The type of included error details.
|