diff --git a/profiles/preview/preview/security/mgmt/security/models.go b/profiles/preview/preview/security/mgmt/security/models.go index c061f1732baa..9c7bccc72a46 100644 --- a/profiles/preview/preview/security/mgmt/security/models.go +++ b/profiles/preview/preview/security/mgmt/security/models.go @@ -59,6 +59,15 @@ const ( AlertsToAdminsOn AlertsToAdmins = original.AlertsToAdminsOn ) +type AssessedResourceType = original.AssessedResourceType + +const ( + AssessedResourceTypeAdditionalData AssessedResourceType = original.AssessedResourceTypeAdditionalData + AssessedResourceTypeContainerRegistryVulnerability AssessedResourceType = original.AssessedResourceTypeContainerRegistryVulnerability + AssessedResourceTypeServerVulnerabilityAssessment AssessedResourceType = original.AssessedResourceTypeServerVulnerabilityAssessment + AssessedResourceTypeSQLServerVulnerability AssessedResourceType = original.AssessedResourceTypeSQLServerVulnerability +) + type AutoProvision = original.AutoProvision const ( @@ -314,6 +323,14 @@ const ( SettingKindDataExportSetting SettingKind = original.SettingKindDataExportSetting ) +type Severity = original.Severity + +const ( + SeverityHigh Severity = original.SeverityHigh + SeverityLow Severity = original.SeverityLow + SeverityMedium Severity = original.SeverityMedium +) + type SolutionStatus = original.SolutionStatus const ( @@ -321,6 +338,14 @@ const ( SolutionStatusEnabled SolutionStatus = original.SolutionStatusEnabled ) +type Source = original.Source + +const ( + SourceAws Source = original.SourceAws + SourceAzure Source = original.SourceAzure + SourceResourceDetails Source = original.SourceResourceDetails +) + type SourceSystem = original.SourceSystem const ( @@ -355,6 +380,14 @@ const ( UserRequested StatusReason = original.UserRequested ) +type SubAssessmentStatusCode = original.SubAssessmentStatusCode + +const ( + SubAssessmentStatusCodeHealthy SubAssessmentStatusCode = original.SubAssessmentStatusCodeHealthy + SubAssessmentStatusCodeNotApplicable SubAssessmentStatusCode = original.SubAssessmentStatusCodeNotApplicable + SubAssessmentStatusCodeUnhealthy SubAssessmentStatusCode = original.SubAssessmentStatusCodeUnhealthy +) + type Type = original.Type const ( @@ -377,6 +410,7 @@ type AadConnectivityState1 = original.AadConnectivityState1 type AadExternalSecuritySolution = original.AadExternalSecuritySolution type AadSolutionProperties = original.AadSolutionProperties type AdaptiveApplicationControlsClient = original.AdaptiveApplicationControlsClient +type AdditionalData = original.AdditionalData type AdvancedThreatProtectionClient = original.AdvancedThreatProtectionClient type AdvancedThreatProtectionProperties = original.AdvancedThreatProtectionProperties type AdvancedThreatProtectionSetting = original.AdvancedThreatProtectionSetting @@ -412,8 +446,14 @@ type AutoProvisioningSettingListIterator = original.AutoProvisioningSettingListI type AutoProvisioningSettingListPage = original.AutoProvisioningSettingListPage type AutoProvisioningSettingProperties = original.AutoProvisioningSettingProperties type AutoProvisioningSettingsClient = original.AutoProvisioningSettingsClient +type AwsResourceDetails = original.AwsResourceDetails +type AzureResourceDetails = original.AzureResourceDetails type BaseClient = original.BaseClient +type BasicAdditionalData = original.BasicAdditionalData type BasicExternalSecuritySolution = original.BasicExternalSecuritySolution +type BasicResourceDetails = original.BasicResourceDetails +type CVE = original.CVE +type CVSS = original.CVSS type CefExternalSecuritySolution = original.CefExternalSecuritySolution type CefSolutionProperties = original.CefSolutionProperties type CloudError = original.CloudError @@ -440,6 +480,7 @@ type ContactListIterator = original.ContactListIterator type ContactListPage = original.ContactListPage type ContactProperties = original.ContactProperties type ContactsClient = original.ContactsClient +type ContainerRegistryVulnerabilityProperties = original.ContainerRegistryVulnerabilityProperties type CustomAlertRule = original.CustomAlertRule type DataExportSetting = original.DataExportSetting type DataExportSettingProperties = original.DataExportSettingProperties @@ -550,17 +591,27 @@ type RegulatoryComplianceStandardListPage = original.RegulatoryComplianceStandar type RegulatoryComplianceStandardProperties = original.RegulatoryComplianceStandardProperties type RegulatoryComplianceStandardsClient = original.RegulatoryComplianceStandardsClient type Resource = original.Resource +type ResourceDetails = original.ResourceDetails +type SQLServerVulnerabilityProperties = original.SQLServerVulnerabilityProperties type SensitivityLabel = original.SensitivityLabel type ServerVulnerabilityAssessment = original.ServerVulnerabilityAssessment type ServerVulnerabilityAssessmentClient = original.ServerVulnerabilityAssessmentClient type ServerVulnerabilityAssessmentProperties = original.ServerVulnerabilityAssessmentProperties type ServerVulnerabilityAssessmentsList = original.ServerVulnerabilityAssessmentsList +type ServerVulnerabilityProperties = original.ServerVulnerabilityProperties type Setting = original.Setting type SettingResource = original.SettingResource type SettingsClient = original.SettingsClient type SettingsList = original.SettingsList type SettingsListIterator = original.SettingsListIterator type SettingsListPage = original.SettingsListPage +type SubAssessment = original.SubAssessment +type SubAssessmentList = original.SubAssessmentList +type SubAssessmentListIterator = original.SubAssessmentListIterator +type SubAssessmentListPage = original.SubAssessmentListPage +type SubAssessmentProperties = original.SubAssessmentProperties +type SubAssessmentStatus = original.SubAssessmentStatus +type SubAssessmentsClient = original.SubAssessmentsClient type TagsResource = original.TagsResource type Task = original.Task type TaskList = original.TaskList @@ -585,6 +636,7 @@ type UpdateIotSecuritySolutionData = original.UpdateIotSecuritySolutionData type UserDefinedResourcesProperties = original.UserDefinedResourcesProperties type UserRecommendation = original.UserRecommendation type VMRecommendation = original.VMRecommendation +type VendorReference = original.VendorReference type WorkspaceSetting = original.WorkspaceSetting type WorkspaceSettingList = original.WorkspaceSettingList type WorkspaceSettingListIterator = original.WorkspaceSettingListIterator @@ -865,6 +917,18 @@ func NewSettingsListIterator(page SettingsListPage) SettingsListIterator { func NewSettingsListPage(getNextPage func(context.Context, SettingsList) (SettingsList, error)) SettingsListPage { return original.NewSettingsListPage(getNextPage) } +func NewSubAssessmentListIterator(page SubAssessmentListPage) SubAssessmentListIterator { + return original.NewSubAssessmentListIterator(page) +} +func NewSubAssessmentListPage(getNextPage func(context.Context, SubAssessmentList) (SubAssessmentList, error)) SubAssessmentListPage { + return original.NewSubAssessmentListPage(getNextPage) +} +func NewSubAssessmentsClient(subscriptionID string, ascLocation string) SubAssessmentsClient { + return original.NewSubAssessmentsClient(subscriptionID, ascLocation) +} +func NewSubAssessmentsClientWithBaseURI(baseURI string, subscriptionID string, ascLocation string) SubAssessmentsClient { + return original.NewSubAssessmentsClientWithBaseURI(baseURI, subscriptionID, ascLocation) +} func NewTaskListIterator(page TaskListPage) TaskListIterator { return original.NewTaskListIterator(page) } @@ -916,6 +980,9 @@ func PossibleAlertNotificationsValues() []AlertNotifications { func PossibleAlertsToAdminsValues() []AlertsToAdmins { return original.PossibleAlertsToAdminsValues() } +func PossibleAssessedResourceTypeValues() []AssessedResourceType { + return original.PossibleAssessedResourceTypeValues() +} func PossibleAutoProvisionValues() []AutoProvision { return original.PossibleAutoProvisionValues() } @@ -1003,12 +1070,18 @@ func PossibleScriptValues() []Script { func PossibleSettingKindValues() []SettingKind { return original.PossibleSettingKindValues() } +func PossibleSeverityValues() []Severity { + return original.PossibleSeverityValues() +} func PossibleSolutionStatusValues() []SolutionStatus { return original.PossibleSolutionStatusValues() } func PossibleSourceSystemValues() []SourceSystem { return original.PossibleSourceSystemValues() } +func PossibleSourceValues() []Source { + return original.PossibleSourceValues() +} func PossibleStateValues() []State { return original.PossibleStateValues() } @@ -1018,6 +1091,9 @@ func PossibleStatusReasonValues() []StatusReason { func PossibleStatusValues() []Status { return original.PossibleStatusValues() } +func PossibleSubAssessmentStatusCodeValues() []SubAssessmentStatusCode { + return original.PossibleSubAssessmentStatusCodeValues() +} func PossibleTypeValues() []Type { return original.PossibleTypeValues() } diff --git a/profiles/preview/preview/security/mgmt/security/securityapi/models.go b/profiles/preview/preview/security/mgmt/security/securityapi/models.go index ea860e5ae9dc..6291ca8035f2 100644 --- a/profiles/preview/preview/security/mgmt/security/securityapi/models.go +++ b/profiles/preview/preview/security/mgmt/security/securityapi/models.go @@ -46,6 +46,7 @@ type RegulatoryComplianceControlsClientAPI = original.RegulatoryComplianceContro type RegulatoryComplianceStandardsClientAPI = original.RegulatoryComplianceStandardsClientAPI type ServerVulnerabilityAssessmentClientAPI = original.ServerVulnerabilityAssessmentClientAPI type SettingsClientAPI = original.SettingsClientAPI +type SubAssessmentsClientAPI = original.SubAssessmentsClientAPI type TasksClientAPI = original.TasksClientAPI type TopologyClientAPI = original.TopologyClientAPI type WorkspaceSettingsClientAPI = original.WorkspaceSettingsClientAPI diff --git a/services/preview/security/mgmt/v1.0/security/models.go b/services/preview/security/mgmt/v1.0/security/models.go index 739e34ac023b..f19291c333e0 100644 --- a/services/preview/security/mgmt/v1.0/security/models.go +++ b/services/preview/security/mgmt/v1.0/security/models.go @@ -96,6 +96,25 @@ func PossibleAlertsToAdminsValues() []AlertsToAdmins { return []AlertsToAdmins{AlertsToAdminsOff, AlertsToAdminsOn} } +// AssessedResourceType enumerates the values for assessed resource type. +type AssessedResourceType string + +const ( + // AssessedResourceTypeAdditionalData ... + AssessedResourceTypeAdditionalData AssessedResourceType = "AdditionalData" + // AssessedResourceTypeContainerRegistryVulnerability ... + AssessedResourceTypeContainerRegistryVulnerability AssessedResourceType = "ContainerRegistryVulnerability" + // AssessedResourceTypeServerVulnerabilityAssessment ... + AssessedResourceTypeServerVulnerabilityAssessment AssessedResourceType = "ServerVulnerabilityAssessment" + // AssessedResourceTypeSQLServerVulnerability ... + AssessedResourceTypeSQLServerVulnerability AssessedResourceType = "SqlServerVulnerability" +) + +// PossibleAssessedResourceTypeValues returns an array of possible values for the AssessedResourceType const type. +func PossibleAssessedResourceTypeValues() []AssessedResourceType { + return []AssessedResourceType{AssessedResourceTypeAdditionalData, AssessedResourceTypeContainerRegistryVulnerability, AssessedResourceTypeServerVulnerabilityAssessment, AssessedResourceTypeSQLServerVulnerability} +} + // AutoProvision enumerates the values for auto provision. type AutoProvision string @@ -526,6 +545,40 @@ func PossibleSettingKindValues() []SettingKind { return []SettingKind{SettingKindAlertSuppressionSetting, SettingKindDataExportSetting} } +// Severity enumerates the values for severity. +type Severity string + +const ( + // SeverityHigh ... + SeverityHigh Severity = "High" + // SeverityLow ... + SeverityLow Severity = "Low" + // SeverityMedium ... + SeverityMedium Severity = "Medium" +) + +// PossibleSeverityValues returns an array of possible values for the Severity const type. +func PossibleSeverityValues() []Severity { + return []Severity{SeverityHigh, SeverityLow, SeverityMedium} +} + +// Source enumerates the values for source. +type Source string + +const ( + // SourceAws ... + SourceAws Source = "Aws" + // SourceAzure ... + SourceAzure Source = "Azure" + // SourceResourceDetails ... + SourceResourceDetails Source = "ResourceDetails" +) + +// PossibleSourceValues returns an array of possible values for the Source const type. +func PossibleSourceValues() []Source { + return []Source{SourceAws, SourceAzure, SourceResourceDetails} +} + // SourceSystem enumerates the values for source system. type SourceSystem string @@ -599,6 +652,23 @@ func PossibleStatusReasonValues() []StatusReason { return []StatusReason{Expired, NewerRequestInitiated, UserRequested} } +// SubAssessmentStatusCode enumerates the values for sub assessment status code. +type SubAssessmentStatusCode string + +const ( + // Healthy The resource is healthy + Healthy SubAssessmentStatusCode = "Healthy" + // NotApplicable Assessment for this resource did not happen + NotApplicable SubAssessmentStatusCode = "NotApplicable" + // Unhealthy The resource has a security issue that needs to be addressed + Unhealthy SubAssessmentStatusCode = "Unhealthy" +) + +// PossibleSubAssessmentStatusCodeValues returns an array of possible values for the SubAssessmentStatusCode const type. +func PossibleSubAssessmentStatusCodeValues() []SubAssessmentStatusCode { + return []SubAssessmentStatusCode{Healthy, NotApplicable, Unhealthy} +} + // TransportProtocol enumerates the values for transport protocol. type TransportProtocol string @@ -983,6 +1053,100 @@ func NewAdaptiveNetworkHardeningsListPage(getNextPage func(context.Context, Adap return AdaptiveNetworkHardeningsListPage{fn: getNextPage} } +// BasicAdditionalData details of the sub-assessment +type BasicAdditionalData interface { + AsSQLServerVulnerabilityProperties() (*SQLServerVulnerabilityProperties, bool) + AsContainerRegistryVulnerabilityProperties() (*ContainerRegistryVulnerabilityProperties, bool) + AsServerVulnerabilityProperties() (*ServerVulnerabilityProperties, bool) + AsAdditionalData() (*AdditionalData, bool) +} + +// AdditionalData details of the sub-assessment +type AdditionalData struct { + // AssessedResourceType - Possible values include: 'AssessedResourceTypeAdditionalData', 'AssessedResourceTypeSQLServerVulnerability', 'AssessedResourceTypeContainerRegistryVulnerability', 'AssessedResourceTypeServerVulnerabilityAssessment' + AssessedResourceType AssessedResourceType `json:"assessedResourceType,omitempty"` +} + +func unmarshalBasicAdditionalData(body []byte) (BasicAdditionalData, error) { + var m map[string]interface{} + err := json.Unmarshal(body, &m) + if err != nil { + return nil, err + } + + switch m["assessedResourceType"] { + case string(AssessedResourceTypeSQLServerVulnerability): + var ssvp SQLServerVulnerabilityProperties + err := json.Unmarshal(body, &ssvp) + return ssvp, err + case string(AssessedResourceTypeContainerRegistryVulnerability): + var crvp ContainerRegistryVulnerabilityProperties + err := json.Unmarshal(body, &crvp) + return crvp, err + case string(AssessedResourceTypeServerVulnerabilityAssessment): + var svp ServerVulnerabilityProperties + err := json.Unmarshal(body, &svp) + return svp, err + default: + var ad AdditionalData + err := json.Unmarshal(body, &ad) + return ad, err + } +} +func unmarshalBasicAdditionalDataArray(body []byte) ([]BasicAdditionalData, error) { + var rawMessages []*json.RawMessage + err := json.Unmarshal(body, &rawMessages) + if err != nil { + return nil, err + } + + adArray := make([]BasicAdditionalData, len(rawMessages)) + + for index, rawMessage := range rawMessages { + ad, err := unmarshalBasicAdditionalData(*rawMessage) + if err != nil { + return nil, err + } + adArray[index] = ad + } + return adArray, nil +} + +// MarshalJSON is the custom marshaler for AdditionalData. +func (ad AdditionalData) MarshalJSON() ([]byte, error) { + ad.AssessedResourceType = AssessedResourceTypeAdditionalData + objectMap := make(map[string]interface{}) + if ad.AssessedResourceType != "" { + objectMap["assessedResourceType"] = ad.AssessedResourceType + } + return json.Marshal(objectMap) +} + +// AsSQLServerVulnerabilityProperties is the BasicAdditionalData implementation for AdditionalData. +func (ad AdditionalData) AsSQLServerVulnerabilityProperties() (*SQLServerVulnerabilityProperties, bool) { + return nil, false +} + +// AsContainerRegistryVulnerabilityProperties is the BasicAdditionalData implementation for AdditionalData. +func (ad AdditionalData) AsContainerRegistryVulnerabilityProperties() (*ContainerRegistryVulnerabilityProperties, bool) { + return nil, false +} + +// AsServerVulnerabilityProperties is the BasicAdditionalData implementation for AdditionalData. +func (ad AdditionalData) AsServerVulnerabilityProperties() (*ServerVulnerabilityProperties, bool) { + return nil, false +} + +// AsAdditionalData is the BasicAdditionalData implementation for AdditionalData. +func (ad AdditionalData) AsAdditionalData() (*AdditionalData, bool) { + return &ad, true +} + +// AsBasicAdditionalData is the BasicAdditionalData implementation for AdditionalData. +func (ad AdditionalData) AsBasicAdditionalData() (BasicAdditionalData, bool) { + return &ad, true +} + // AdvancedThreatProtectionProperties the Advanced Threat Protection settings. type AdvancedThreatProtectionProperties struct { // IsEnabled - Indicates whether Advanced Threat Protection is enabled. @@ -2313,6 +2477,84 @@ type AutoProvisioningSettingProperties struct { AutoProvision AutoProvision `json:"autoProvision,omitempty"` } +// AwsResourceDetails details of the resource that was assessed +type AwsResourceDetails struct { + // AccountID - READ-ONLY; AWS account ID + AccountID *string `json:"accountId,omitempty"` + // AwsResourceID - READ-ONLY; AWS resource ID. can be ARN or other + AwsResourceID *string `json:"awsResourceId,omitempty"` + // Source - Possible values include: 'SourceResourceDetails', 'SourceAzure', 'SourceAws' + Source Source `json:"source,omitempty"` +} + +// MarshalJSON is the custom marshaler for AwsResourceDetails. +func (ard AwsResourceDetails) MarshalJSON() ([]byte, error) { + ard.Source = SourceAws + objectMap := make(map[string]interface{}) + if ard.Source != "" { + objectMap["source"] = ard.Source + } + return json.Marshal(objectMap) +} + +// AsAzureResourceDetails is the BasicResourceDetails implementation for AwsResourceDetails. +func (ard AwsResourceDetails) AsAzureResourceDetails() (*AzureResourceDetails, bool) { + return nil, false +} + +// AsAwsResourceDetails is the BasicResourceDetails implementation for AwsResourceDetails. +func (ard AwsResourceDetails) AsAwsResourceDetails() (*AwsResourceDetails, bool) { + return &ard, true +} + +// AsResourceDetails is the BasicResourceDetails implementation for AwsResourceDetails. +func (ard AwsResourceDetails) AsResourceDetails() (*ResourceDetails, bool) { + return nil, false +} + +// AsBasicResourceDetails is the BasicResourceDetails implementation for AwsResourceDetails. +func (ard AwsResourceDetails) AsBasicResourceDetails() (BasicResourceDetails, bool) { + return &ard, true +} + +// AzureResourceDetails details of the resource that was assessed +type AzureResourceDetails struct { + // ID - READ-ONLY; Azure resource ID of the assessed resource + ID *string `json:"id,omitempty"` + // Source - Possible values include: 'SourceResourceDetails', 'SourceAzure', 'SourceAws' + Source Source `json:"source,omitempty"` +} + +// MarshalJSON is the custom marshaler for AzureResourceDetails. +func (ard AzureResourceDetails) MarshalJSON() ([]byte, error) { + ard.Source = SourceAzure + objectMap := make(map[string]interface{}) + if ard.Source != "" { + objectMap["source"] = ard.Source + } + return json.Marshal(objectMap) +} + +// AsAzureResourceDetails is the BasicResourceDetails implementation for AzureResourceDetails. +func (ard AzureResourceDetails) AsAzureResourceDetails() (*AzureResourceDetails, bool) { + return &ard, true +} + +// AsAwsResourceDetails is the BasicResourceDetails implementation for AzureResourceDetails. +func (ard AzureResourceDetails) AsAwsResourceDetails() (*AwsResourceDetails, bool) { + return nil, false +} + +// AsResourceDetails is the BasicResourceDetails implementation for AzureResourceDetails. +func (ard AzureResourceDetails) AsResourceDetails() (*ResourceDetails, bool) { + return nil, false +} + +// AsBasicResourceDetails is the BasicResourceDetails implementation for AzureResourceDetails. +func (ard AzureResourceDetails) AsBasicResourceDetails() (BasicResourceDetails, bool) { + return &ard, true +} + // CefExternalSecuritySolution represents a security solution which sends CEF logs to an OMS workspace type CefExternalSecuritySolution struct { Properties *CefSolutionProperties `json:"properties,omitempty"` @@ -3029,6 +3271,64 @@ type ContactProperties struct { AlertsToAdmins AlertsToAdmins `json:"alertsToAdmins,omitempty"` } +// ContainerRegistryVulnerabilityProperties additional context fields for container registry Vulnerability +// assessment +type ContainerRegistryVulnerabilityProperties struct { + // Type - READ-ONLY; Vulnerability Type. e.g: Vulnerability, Potential Vulnerability, Information Gathered, Vulnerability + Type *string `json:"type,omitempty"` + // Cvss - READ-ONLY; Dictionary from cvss version to cvss details object + Cvss map[string]*CVSS `json:"cvss"` + // Patchable - READ-ONLY; Indicates whether a patch is available or not + Patchable *bool `json:"patchable,omitempty"` + // Cve - READ-ONLY; List of CVEs + Cve *[]CVE `json:"cve,omitempty"` + // PublishedTime - READ-ONLY; Published time + PublishedTime *date.Time `json:"publishedTime,omitempty"` + // VendorReferences - READ-ONLY + VendorReferences *[]VendorReference `json:"vendorReferences,omitempty"` + // RepositoryName - READ-ONLY; Name of the repository which the vulnerable image belongs to + RepositoryName *string `json:"repositoryName,omitempty"` + // ImageDigest - READ-ONLY; Digest of the vulnerable image + ImageDigest *string `json:"imageDigest,omitempty"` + // AssessedResourceType - Possible values include: 'AssessedResourceTypeAdditionalData', 'AssessedResourceTypeSQLServerVulnerability', 'AssessedResourceTypeContainerRegistryVulnerability', 'AssessedResourceTypeServerVulnerabilityAssessment' + AssessedResourceType AssessedResourceType `json:"assessedResourceType,omitempty"` +} + +// MarshalJSON is the custom marshaler for ContainerRegistryVulnerabilityProperties. +func (crvp ContainerRegistryVulnerabilityProperties) MarshalJSON() ([]byte, error) { + crvp.AssessedResourceType = AssessedResourceTypeContainerRegistryVulnerability + objectMap := make(map[string]interface{}) + if crvp.AssessedResourceType != "" { + objectMap["assessedResourceType"] = crvp.AssessedResourceType + } + return json.Marshal(objectMap) +} + +// AsSQLServerVulnerabilityProperties is the BasicAdditionalData implementation for ContainerRegistryVulnerabilityProperties. +func (crvp ContainerRegistryVulnerabilityProperties) AsSQLServerVulnerabilityProperties() (*SQLServerVulnerabilityProperties, bool) { + return nil, false +} + +// AsContainerRegistryVulnerabilityProperties is the BasicAdditionalData implementation for ContainerRegistryVulnerabilityProperties. +func (crvp ContainerRegistryVulnerabilityProperties) AsContainerRegistryVulnerabilityProperties() (*ContainerRegistryVulnerabilityProperties, bool) { + return &crvp, true +} + +// AsServerVulnerabilityProperties is the BasicAdditionalData implementation for ContainerRegistryVulnerabilityProperties. +func (crvp ContainerRegistryVulnerabilityProperties) AsServerVulnerabilityProperties() (*ServerVulnerabilityProperties, bool) { + return nil, false +} + +// AsAdditionalData is the BasicAdditionalData implementation for ContainerRegistryVulnerabilityProperties. +func (crvp ContainerRegistryVulnerabilityProperties) AsAdditionalData() (*AdditionalData, bool) { + return nil, false +} + +// AsBasicAdditionalData is the BasicAdditionalData implementation for ContainerRegistryVulnerabilityProperties. +func (crvp ContainerRegistryVulnerabilityProperties) AsBasicAdditionalData() (BasicAdditionalData, bool) { + return &crvp, true +} + // CustomAlertRule a custom alert rule type CustomAlertRule struct { // DisplayName - READ-ONLY; The display name of the custom alert. @@ -3041,6 +3341,20 @@ type CustomAlertRule struct { RuleType *string `json:"ruleType,omitempty"` } +// CVE CVE details +type CVE struct { + // Title - READ-ONLY; CVE title + Title *string `json:"title,omitempty"` + // Link - READ-ONLY; Link url + Link *string `json:"link,omitempty"` +} + +// CVSS CVSS details +type CVSS struct { + // Base - READ-ONLY; CVSS base + Base *float64 `json:"base,omitempty"` +} + // DataExportSetting represents a data export setting type DataExportSetting struct { // DataExportSettingProperties - Data export setting data @@ -4543,6 +4857,8 @@ type JitNetworkAccessPolicyInitiatePort struct { type JitNetworkAccessPolicyInitiateRequest struct { // VirtualMachines - A list of virtual machines & ports to open access for VirtualMachines *[]JitNetworkAccessPolicyInitiateVirtualMachine `json:"virtualMachines,omitempty"` + // Justification - The justification for making the initiate request + Justification *string `json:"justification,omitempty"` } // JitNetworkAccessPolicyInitiateVirtualMachine ... @@ -4593,6 +4909,8 @@ type JitNetworkAccessRequest struct { StartTimeUtc *date.Time `json:"startTimeUtc,omitempty"` // Requestor - The identity of the person who made the request Requestor *string `json:"requestor,omitempty"` + // Justification - The justification for making the initiate request + Justification *string `json:"justification,omitempty"` } // JitNetworkAccessRequestPort ... @@ -5798,6 +6116,90 @@ type Resource struct { Type *string `json:"type,omitempty"` } +// BasicResourceDetails details of the resource that was assessed +type BasicResourceDetails interface { + AsAzureResourceDetails() (*AzureResourceDetails, bool) + AsAwsResourceDetails() (*AwsResourceDetails, bool) + AsResourceDetails() (*ResourceDetails, bool) +} + +// ResourceDetails details of the resource that was assessed +type ResourceDetails struct { + // Source - Possible values include: 'SourceResourceDetails', 'SourceAzure', 'SourceAws' + Source Source `json:"source,omitempty"` +} + +func unmarshalBasicResourceDetails(body []byte) (BasicResourceDetails, error) { + var m map[string]interface{} + err := json.Unmarshal(body, &m) + if err != nil { + return nil, err + } + + switch m["source"] { + case string(SourceAzure): + var ard AzureResourceDetails + err := json.Unmarshal(body, &ard) + return ard, err + case string(SourceAws): + var ard AwsResourceDetails + err := json.Unmarshal(body, &ard) + return ard, err + default: + var rd ResourceDetails + err := json.Unmarshal(body, &rd) + return rd, err + } +} +func unmarshalBasicResourceDetailsArray(body []byte) ([]BasicResourceDetails, error) { + var rawMessages []*json.RawMessage + err := json.Unmarshal(body, &rawMessages) + if err != nil { + return nil, err + } + + rdArray := make([]BasicResourceDetails, len(rawMessages)) + + for index, rawMessage := range rawMessages { + rd, err := unmarshalBasicResourceDetails(*rawMessage) + if err != nil { + return nil, err + } + rdArray[index] = rd + } + return rdArray, nil +} + +// MarshalJSON is the custom marshaler for ResourceDetails. +func (rd ResourceDetails) MarshalJSON() ([]byte, error) { + rd.Source = SourceResourceDetails + objectMap := make(map[string]interface{}) + if rd.Source != "" { + objectMap["source"] = rd.Source + } + return json.Marshal(objectMap) +} + +// AsAzureResourceDetails is the BasicResourceDetails implementation for ResourceDetails. +func (rd ResourceDetails) AsAzureResourceDetails() (*AzureResourceDetails, bool) { + return nil, false +} + +// AsAwsResourceDetails is the BasicResourceDetails implementation for ResourceDetails. +func (rd ResourceDetails) AsAwsResourceDetails() (*AwsResourceDetails, bool) { + return nil, false +} + +// AsResourceDetails is the BasicResourceDetails implementation for ResourceDetails. +func (rd ResourceDetails) AsResourceDetails() (*ResourceDetails, bool) { + return &rd, true +} + +// AsBasicResourceDetails is the BasicResourceDetails implementation for ResourceDetails. +func (rd ResourceDetails) AsBasicResourceDetails() (BasicResourceDetails, bool) { + return &rd, true +} + // Rule describes remote addresses that is recommended to communicate with the Azure resource on some // (Protocol, Port, Direction). All other remote addresses are recommended to be blocked type Rule struct { @@ -5823,6 +6225,61 @@ type SensitivityLabel struct { Enabled *bool `json:"enabled,omitempty"` } +// ServerVulnerabilityProperties additional context fields for server vulnerability assessment +type ServerVulnerabilityProperties struct { + // Type - READ-ONLY; Vulnerability Type. e.g: Vulnerability, Potential Vulnerability, Information Gathered + Type *string `json:"type,omitempty"` + // Cvss - READ-ONLY; Dictionary from cvss version to cvss details object + Cvss map[string]*CVSS `json:"cvss"` + // Patchable - READ-ONLY; Indicates whether a patch is available or not + Patchable *bool `json:"patchable,omitempty"` + // Cve - READ-ONLY; List of CVEs + Cve *[]CVE `json:"cve,omitempty"` + // Threat - READ-ONLY; Threat name + Threat *string `json:"threat,omitempty"` + // PublishedTime - READ-ONLY; Published time + PublishedTime *date.Time `json:"publishedTime,omitempty"` + // VendorReferences - READ-ONLY + VendorReferences *[]VendorReference `json:"vendorReferences,omitempty"` + // AssessedResourceType - Possible values include: 'AssessedResourceTypeAdditionalData', 'AssessedResourceTypeSQLServerVulnerability', 'AssessedResourceTypeContainerRegistryVulnerability', 'AssessedResourceTypeServerVulnerabilityAssessment' + AssessedResourceType AssessedResourceType `json:"assessedResourceType,omitempty"` +} + +// MarshalJSON is the custom marshaler for ServerVulnerabilityProperties. +func (svp ServerVulnerabilityProperties) MarshalJSON() ([]byte, error) { + svp.AssessedResourceType = AssessedResourceTypeServerVulnerabilityAssessment + objectMap := make(map[string]interface{}) + if svp.AssessedResourceType != "" { + objectMap["assessedResourceType"] = svp.AssessedResourceType + } + return json.Marshal(objectMap) +} + +// AsSQLServerVulnerabilityProperties is the BasicAdditionalData implementation for ServerVulnerabilityProperties. +func (svp ServerVulnerabilityProperties) AsSQLServerVulnerabilityProperties() (*SQLServerVulnerabilityProperties, bool) { + return nil, false +} + +// AsContainerRegistryVulnerabilityProperties is the BasicAdditionalData implementation for ServerVulnerabilityProperties. +func (svp ServerVulnerabilityProperties) AsContainerRegistryVulnerabilityProperties() (*ContainerRegistryVulnerabilityProperties, bool) { + return nil, false +} + +// AsServerVulnerabilityProperties is the BasicAdditionalData implementation for ServerVulnerabilityProperties. +func (svp ServerVulnerabilityProperties) AsServerVulnerabilityProperties() (*ServerVulnerabilityProperties, bool) { + return &svp, true +} + +// AsAdditionalData is the BasicAdditionalData implementation for ServerVulnerabilityProperties. +func (svp ServerVulnerabilityProperties) AsAdditionalData() (*AdditionalData, bool) { + return nil, false +} + +// AsBasicAdditionalData is the BasicAdditionalData implementation for ServerVulnerabilityProperties. +func (svp ServerVulnerabilityProperties) AsBasicAdditionalData() (BasicAdditionalData, bool) { + return &svp, true +} + // Setting represents a security setting in Azure Security Center. type Setting struct { autorest.Response `json:"-"` @@ -5994,6 +6451,405 @@ func NewSettingsListPage(getNextPage func(context.Context, SettingsList) (Settin return SettingsListPage{fn: getNextPage} } +// SQLServerVulnerabilityProperties details of the resource that was assessed +type SQLServerVulnerabilityProperties struct { + // Type - READ-ONLY; The resource type the sub assessment refers to in its resource details + Type *string `json:"type,omitempty"` + // Query - READ-ONLY; The T-SQL query that runs on your SQL database to perform the particular check + Query *string `json:"query,omitempty"` + // AssessedResourceType - Possible values include: 'AssessedResourceTypeAdditionalData', 'AssessedResourceTypeSQLServerVulnerability', 'AssessedResourceTypeContainerRegistryVulnerability', 'AssessedResourceTypeServerVulnerabilityAssessment' + AssessedResourceType AssessedResourceType `json:"assessedResourceType,omitempty"` +} + +// MarshalJSON is the custom marshaler for SQLServerVulnerabilityProperties. +func (ssvp SQLServerVulnerabilityProperties) MarshalJSON() ([]byte, error) { + ssvp.AssessedResourceType = AssessedResourceTypeSQLServerVulnerability + objectMap := make(map[string]interface{}) + if ssvp.AssessedResourceType != "" { + objectMap["assessedResourceType"] = ssvp.AssessedResourceType + } + return json.Marshal(objectMap) +} + +// AsSQLServerVulnerabilityProperties is the BasicAdditionalData implementation for SQLServerVulnerabilityProperties. +func (ssvp SQLServerVulnerabilityProperties) AsSQLServerVulnerabilityProperties() (*SQLServerVulnerabilityProperties, bool) { + return &ssvp, true +} + +// AsContainerRegistryVulnerabilityProperties is the BasicAdditionalData implementation for SQLServerVulnerabilityProperties. +func (ssvp SQLServerVulnerabilityProperties) AsContainerRegistryVulnerabilityProperties() (*ContainerRegistryVulnerabilityProperties, bool) { + return nil, false +} + +// AsServerVulnerabilityProperties is the BasicAdditionalData implementation for SQLServerVulnerabilityProperties. +func (ssvp SQLServerVulnerabilityProperties) AsServerVulnerabilityProperties() (*ServerVulnerabilityProperties, bool) { + return nil, false +} + +// AsAdditionalData is the BasicAdditionalData implementation for SQLServerVulnerabilityProperties. +func (ssvp SQLServerVulnerabilityProperties) AsAdditionalData() (*AdditionalData, bool) { + return nil, false +} + +// AsBasicAdditionalData is the BasicAdditionalData implementation for SQLServerVulnerabilityProperties. +func (ssvp SQLServerVulnerabilityProperties) AsBasicAdditionalData() (BasicAdditionalData, bool) { + return &ssvp, true +} + +// SubAssessment security sub-assessment on a resource +type SubAssessment struct { + autorest.Response `json:"-"` + *SubAssessmentProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Resource type + Type *string `json:"type,omitempty"` +} + +// MarshalJSON is the custom marshaler for SubAssessment. +func (sa SubAssessment) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if sa.SubAssessmentProperties != nil { + objectMap["properties"] = sa.SubAssessmentProperties + } + return json.Marshal(objectMap) +} + +// UnmarshalJSON is the custom unmarshaler for SubAssessment struct. +func (sa *SubAssessment) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var subAssessmentProperties SubAssessmentProperties + err = json.Unmarshal(*v, &subAssessmentProperties) + if err != nil { + return err + } + sa.SubAssessmentProperties = &subAssessmentProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + sa.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + sa.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + sa.Type = &typeVar + } + } + } + + return nil +} + +// SubAssessmentList list of security sub-assessments +type SubAssessmentList struct { + autorest.Response `json:"-"` + // Value - READ-ONLY + Value *[]SubAssessment `json:"value,omitempty"` + // NextLink - READ-ONLY; The URI to fetch the next page. + NextLink *string `json:"nextLink,omitempty"` +} + +// SubAssessmentListIterator provides access to a complete listing of SubAssessment values. +type SubAssessmentListIterator struct { + i int + page SubAssessmentListPage +} + +// NextWithContext advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +func (iter *SubAssessmentListIterator) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/SubAssessmentListIterator.NextWithContext") + defer func() { + sc := -1 + if iter.Response().Response.Response != nil { + sc = iter.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + iter.i++ + if iter.i < len(iter.page.Values()) { + return nil + } + err = iter.page.NextWithContext(ctx) + if err != nil { + iter.i-- + return err + } + iter.i = 0 + return nil +} + +// Next advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (iter *SubAssessmentListIterator) Next() error { + return iter.NextWithContext(context.Background()) +} + +// NotDone returns true if the enumeration should be started or is not yet complete. +func (iter SubAssessmentListIterator) NotDone() bool { + return iter.page.NotDone() && iter.i < len(iter.page.Values()) +} + +// Response returns the raw server response from the last page request. +func (iter SubAssessmentListIterator) Response() SubAssessmentList { + return iter.page.Response() +} + +// Value returns the current value or a zero-initialized value if the +// iterator has advanced beyond the end of the collection. +func (iter SubAssessmentListIterator) Value() SubAssessment { + if !iter.page.NotDone() { + return SubAssessment{} + } + return iter.page.Values()[iter.i] +} + +// Creates a new instance of the SubAssessmentListIterator type. +func NewSubAssessmentListIterator(page SubAssessmentListPage) SubAssessmentListIterator { + return SubAssessmentListIterator{page: page} +} + +// IsEmpty returns true if the ListResult contains no values. +func (sal SubAssessmentList) IsEmpty() bool { + return sal.Value == nil || len(*sal.Value) == 0 +} + +// subAssessmentListPreparer prepares a request to retrieve the next set of results. +// It returns nil if no more results exist. +func (sal SubAssessmentList) subAssessmentListPreparer(ctx context.Context) (*http.Request, error) { + if sal.NextLink == nil || len(to.String(sal.NextLink)) < 1 { + return nil, nil + } + return autorest.Prepare((&http.Request{}).WithContext(ctx), + autorest.AsJSON(), + autorest.AsGet(), + autorest.WithBaseURL(to.String(sal.NextLink))) +} + +// SubAssessmentListPage contains a page of SubAssessment values. +type SubAssessmentListPage struct { + fn func(context.Context, SubAssessmentList) (SubAssessmentList, error) + sal SubAssessmentList +} + +// NextWithContext advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +func (page *SubAssessmentListPage) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/SubAssessmentListPage.NextWithContext") + defer func() { + sc := -1 + if page.Response().Response.Response != nil { + sc = page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + next, err := page.fn(ctx, page.sal) + if err != nil { + return err + } + page.sal = next + return nil +} + +// Next advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (page *SubAssessmentListPage) Next() error { + return page.NextWithContext(context.Background()) +} + +// NotDone returns true if the page enumeration should be started or is not yet complete. +func (page SubAssessmentListPage) NotDone() bool { + return !page.sal.IsEmpty() +} + +// Response returns the raw server response from the last page request. +func (page SubAssessmentListPage) Response() SubAssessmentList { + return page.sal +} + +// Values returns the slice of values for the current page or nil if there are no values. +func (page SubAssessmentListPage) Values() []SubAssessment { + if page.sal.IsEmpty() { + return nil + } + return *page.sal.Value +} + +// Creates a new instance of the SubAssessmentListPage type. +func NewSubAssessmentListPage(getNextPage func(context.Context, SubAssessmentList) (SubAssessmentList, error)) SubAssessmentListPage { + return SubAssessmentListPage{fn: getNextPage} +} + +// SubAssessmentProperties describes properties of an sub-assessment. +type SubAssessmentProperties struct { + // ID - READ-ONLY; Vulnerability ID + ID *string `json:"id,omitempty"` + // DisplayName - READ-ONLY; User friendly display name of the sub-assessment + DisplayName *string `json:"displayName,omitempty"` + Status *SubAssessmentStatus `json:"status,omitempty"` + // Remediation - READ-ONLY; Information on how to remediate this sub-assessment + Remediation *string `json:"remediation,omitempty"` + // Impact - READ-ONLY; Description of the impact of this sub-assessment + Impact *string `json:"impact,omitempty"` + // Category - READ-ONLY; Category of the sub-assessment + Category *string `json:"category,omitempty"` + // Description - READ-ONLY; Human readable description of the assessment status + Description *string `json:"description,omitempty"` + // TimeGenerated - READ-ONLY; The date and time the sub-assessment was generated + TimeGenerated *date.Time `json:"timeGenerated,omitempty"` + ResourceDetails BasicResourceDetails `json:"resourceDetails,omitempty"` + AdditionalData BasicAdditionalData `json:"additionalData,omitempty"` +} + +// UnmarshalJSON is the custom unmarshaler for SubAssessmentProperties struct. +func (sap *SubAssessmentProperties) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + sap.ID = &ID + } + case "displayName": + if v != nil { + var displayName string + err = json.Unmarshal(*v, &displayName) + if err != nil { + return err + } + sap.DisplayName = &displayName + } + case "status": + if v != nil { + var status SubAssessmentStatus + err = json.Unmarshal(*v, &status) + if err != nil { + return err + } + sap.Status = &status + } + case "remediation": + if v != nil { + var remediation string + err = json.Unmarshal(*v, &remediation) + if err != nil { + return err + } + sap.Remediation = &remediation + } + case "impact": + if v != nil { + var impact string + err = json.Unmarshal(*v, &impact) + if err != nil { + return err + } + sap.Impact = &impact + } + case "category": + if v != nil { + var category string + err = json.Unmarshal(*v, &category) + if err != nil { + return err + } + sap.Category = &category + } + case "description": + if v != nil { + var description string + err = json.Unmarshal(*v, &description) + if err != nil { + return err + } + sap.Description = &description + } + case "timeGenerated": + if v != nil { + var timeGenerated date.Time + err = json.Unmarshal(*v, &timeGenerated) + if err != nil { + return err + } + sap.TimeGenerated = &timeGenerated + } + case "resourceDetails": + if v != nil { + resourceDetails, err := unmarshalBasicResourceDetails(*v) + if err != nil { + return err + } + sap.ResourceDetails = resourceDetails + } + case "additionalData": + if v != nil { + additionalData, err := unmarshalBasicAdditionalData(*v) + if err != nil { + return err + } + sap.AdditionalData = additionalData + } + } + } + + return nil +} + +// SubAssessmentStatus status of the sub-assessment +type SubAssessmentStatus struct { + // Code - READ-ONLY; Programmatic code for the status of the assessment. Possible values include: 'Healthy', 'Unhealthy', 'NotApplicable' + Code SubAssessmentStatusCode `json:"code,omitempty"` + // Cause - READ-ONLY; Programmatic code for the cause of the assessment status + Cause *string `json:"cause,omitempty"` + // Description - READ-ONLY; Human readable description of the assessment status + Description *string `json:"description,omitempty"` + // Severity - READ-ONLY; The sub-assessment severity level. Possible values include: 'SeverityLow', 'SeverityMedium', 'SeverityHigh' + Severity Severity `json:"severity,omitempty"` +} + // Task security task that we recommend to do in order to strengthen security type Task struct { autorest.Response `json:"-"` @@ -6590,6 +7446,14 @@ type UserRecommendation struct { RecommendationAction RecommendationAction1 `json:"recommendationAction,omitempty"` } +// VendorReference vendor reference +type VendorReference struct { + // Title - READ-ONLY; Link title + Title *string `json:"title,omitempty"` + // Link - READ-ONLY; Link url + Link *string `json:"link,omitempty"` +} + // VMRecommendation represents a machine that is part of a VM/server group type VMRecommendation struct { // ConfigurationStatus - Possible values include: 'Configured', 'NotConfigured', 'InProgress', 'Failed', 'NoStatus' diff --git a/services/preview/security/mgmt/v1.0/security/securityapi/interfaces.go b/services/preview/security/mgmt/v1.0/security/securityapi/interfaces.go index 06c5df144765..811063e3ef89 100644 --- a/services/preview/security/mgmt/v1.0/security/securityapi/interfaces.go +++ b/services/preview/security/mgmt/v1.0/security/securityapi/interfaces.go @@ -23,6 +23,15 @@ import ( "github.com/Azure/go-autorest/autorest" ) +// SubAssessmentsClientAPI contains the set of methods on the SubAssessmentsClient type. +type SubAssessmentsClientAPI interface { + Get(ctx context.Context, scope string, assessmentName string, subAssessmentName string) (result security.SubAssessment, err error) + List(ctx context.Context, scope string, assessmentName string) (result security.SubAssessmentListPage, err error) + ListAll(ctx context.Context, scope string) (result security.SubAssessmentListPage, err error) +} + +var _ SubAssessmentsClientAPI = (*security.SubAssessmentsClient)(nil) + // RegulatoryComplianceStandardsClientAPI contains the set of methods on the RegulatoryComplianceStandardsClient type. type RegulatoryComplianceStandardsClientAPI interface { Get(ctx context.Context, regulatoryComplianceStandardName string) (result security.RegulatoryComplianceStandard, err error) diff --git a/services/preview/security/mgmt/v1.0/security/subassessments.go b/services/preview/security/mgmt/v1.0/security/subassessments.go new file mode 100644 index 000000000000..4fa19d8e398d --- /dev/null +++ b/services/preview/security/mgmt/v1.0/security/subassessments.go @@ -0,0 +1,348 @@ +package security + +// Copyright (c) Microsoft and contributors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// +// See the License for the specific language governing permissions and +// limitations under the License. +// +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +import ( + "context" + "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/azure" + "github.com/Azure/go-autorest/tracing" + "net/http" +) + +// SubAssessmentsClient is the API spec for Microsoft.Security (Azure Security Center) resource provider +type SubAssessmentsClient struct { + BaseClient +} + +// NewSubAssessmentsClient creates an instance of the SubAssessmentsClient client. +func NewSubAssessmentsClient(subscriptionID string, ascLocation string) SubAssessmentsClient { + return NewSubAssessmentsClientWithBaseURI(DefaultBaseURI, subscriptionID, ascLocation) +} + +// NewSubAssessmentsClientWithBaseURI creates an instance of the SubAssessmentsClient client. +func NewSubAssessmentsClientWithBaseURI(baseURI string, subscriptionID string, ascLocation string) SubAssessmentsClient { + return SubAssessmentsClient{NewWithBaseURI(baseURI, subscriptionID, ascLocation)} +} + +// Get get a security sub-assessment on your scanned resource +// Parameters: +// scope - scope of the query, can be subscription (/subscriptions/0b06d9ea-afe6-4779-bd59-30e5c2d9d13f) or +// management group (/providers/Microsoft.Management/managementGroups/mgName). +// assessmentName - the Assessment Key - Unique key for the assessment type +// subAssessmentName - the Sub-Assessment Key - Unique key for the sub-assessment type +func (client SubAssessmentsClient) Get(ctx context.Context, scope string, assessmentName string, subAssessmentName string) (result SubAssessment, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/SubAssessmentsClient.Get") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + req, err := client.GetPreparer(ctx, scope, assessmentName, subAssessmentName) + if err != nil { + err = autorest.NewErrorWithError(err, "security.SubAssessmentsClient", "Get", nil, "Failure preparing request") + return + } + + resp, err := client.GetSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "security.SubAssessmentsClient", "Get", resp, "Failure sending request") + return + } + + result, err = client.GetResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "security.SubAssessmentsClient", "Get", resp, "Failure responding to request") + } + + return +} + +// GetPreparer prepares the Get request. +func (client SubAssessmentsClient) GetPreparer(ctx context.Context, scope string, assessmentName string, subAssessmentName string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "assessmentName": autorest.Encode("path", assessmentName), + "scope": autorest.Encode("path", scope), + "subAssessmentName": autorest.Encode("path", subAssessmentName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/{scope}/providers/Microsoft.Security/assessments/{assessmentName}/subAssessments/{subAssessmentName}", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// GetSender sends the Get request. The method will close the +// http.Response Body if it receives an error. +func (client SubAssessmentsClient) GetSender(req *http.Request) (*http.Response, error) { + sd := autorest.GetSendDecorators(req.Context(), autorest.DoRetryForStatusCodes(client.RetryAttempts, client.RetryDuration, autorest.StatusCodesForRetry...)) + return autorest.SendWithSender(client, req, sd...) +} + +// GetResponder handles the response to the Get request. The method always +// closes the http.Response Body. +func (client SubAssessmentsClient) GetResponder(resp *http.Response) (result SubAssessment, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// List get security sub-assessments on all your scanned resources inside a scope +// Parameters: +// scope - scope of the query, can be subscription (/subscriptions/0b06d9ea-afe6-4779-bd59-30e5c2d9d13f) or +// management group (/providers/Microsoft.Management/managementGroups/mgName). +// assessmentName - the Assessment Key - Unique key for the assessment type +func (client SubAssessmentsClient) List(ctx context.Context, scope string, assessmentName string) (result SubAssessmentListPage, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/SubAssessmentsClient.List") + defer func() { + sc := -1 + if result.sal.Response.Response != nil { + sc = result.sal.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + result.fn = client.listNextResults + req, err := client.ListPreparer(ctx, scope, assessmentName) + if err != nil { + err = autorest.NewErrorWithError(err, "security.SubAssessmentsClient", "List", nil, "Failure preparing request") + return + } + + resp, err := client.ListSender(req) + if err != nil { + result.sal.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "security.SubAssessmentsClient", "List", resp, "Failure sending request") + return + } + + result.sal, err = client.ListResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "security.SubAssessmentsClient", "List", resp, "Failure responding to request") + } + + return +} + +// ListPreparer prepares the List request. +func (client SubAssessmentsClient) ListPreparer(ctx context.Context, scope string, assessmentName string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "assessmentName": autorest.Encode("path", assessmentName), + "scope": autorest.Encode("path", scope), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/{scope}/providers/Microsoft.Security/assessments/{assessmentName}/subAssessments", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// ListSender sends the List request. The method will close the +// http.Response Body if it receives an error. +func (client SubAssessmentsClient) ListSender(req *http.Request) (*http.Response, error) { + sd := autorest.GetSendDecorators(req.Context(), autorest.DoRetryForStatusCodes(client.RetryAttempts, client.RetryDuration, autorest.StatusCodesForRetry...)) + return autorest.SendWithSender(client, req, sd...) +} + +// ListResponder handles the response to the List request. The method always +// closes the http.Response Body. +func (client SubAssessmentsClient) ListResponder(resp *http.Response) (result SubAssessmentList, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// listNextResults retrieves the next set of results, if any. +func (client SubAssessmentsClient) listNextResults(ctx context.Context, lastResults SubAssessmentList) (result SubAssessmentList, err error) { + req, err := lastResults.subAssessmentListPreparer(ctx) + if err != nil { + return result, autorest.NewErrorWithError(err, "security.SubAssessmentsClient", "listNextResults", nil, "Failure preparing next results request") + } + if req == nil { + return + } + resp, err := client.ListSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + return result, autorest.NewErrorWithError(err, "security.SubAssessmentsClient", "listNextResults", resp, "Failure sending next results request") + } + result, err = client.ListResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "security.SubAssessmentsClient", "listNextResults", resp, "Failure responding to next results request") + } + return +} + +// ListComplete enumerates all values, automatically crossing page boundaries as required. +func (client SubAssessmentsClient) ListComplete(ctx context.Context, scope string, assessmentName string) (result SubAssessmentListIterator, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/SubAssessmentsClient.List") + defer func() { + sc := -1 + if result.Response().Response.Response != nil { + sc = result.page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + result.page, err = client.List(ctx, scope, assessmentName) + return +} + +// ListAll get security sub-assessments on all your scanned resources inside a subscription scope +// Parameters: +// scope - scope of the query, can be subscription (/subscriptions/0b06d9ea-afe6-4779-bd59-30e5c2d9d13f) or +// management group (/providers/Microsoft.Management/managementGroups/mgName). +func (client SubAssessmentsClient) ListAll(ctx context.Context, scope string) (result SubAssessmentListPage, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/SubAssessmentsClient.ListAll") + defer func() { + sc := -1 + if result.sal.Response.Response != nil { + sc = result.sal.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + result.fn = client.listAllNextResults + req, err := client.ListAllPreparer(ctx, scope) + if err != nil { + err = autorest.NewErrorWithError(err, "security.SubAssessmentsClient", "ListAll", nil, "Failure preparing request") + return + } + + resp, err := client.ListAllSender(req) + if err != nil { + result.sal.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "security.SubAssessmentsClient", "ListAll", resp, "Failure sending request") + return + } + + result.sal, err = client.ListAllResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "security.SubAssessmentsClient", "ListAll", resp, "Failure responding to request") + } + + return +} + +// ListAllPreparer prepares the ListAll request. +func (client SubAssessmentsClient) ListAllPreparer(ctx context.Context, scope string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "scope": autorest.Encode("path", scope), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/{scope}/providers/Microsoft.Security/subAssessments", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// ListAllSender sends the ListAll request. The method will close the +// http.Response Body if it receives an error. +func (client SubAssessmentsClient) ListAllSender(req *http.Request) (*http.Response, error) { + sd := autorest.GetSendDecorators(req.Context(), autorest.DoRetryForStatusCodes(client.RetryAttempts, client.RetryDuration, autorest.StatusCodesForRetry...)) + return autorest.SendWithSender(client, req, sd...) +} + +// ListAllResponder handles the response to the ListAll request. The method always +// closes the http.Response Body. +func (client SubAssessmentsClient) ListAllResponder(resp *http.Response) (result SubAssessmentList, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// listAllNextResults retrieves the next set of results, if any. +func (client SubAssessmentsClient) listAllNextResults(ctx context.Context, lastResults SubAssessmentList) (result SubAssessmentList, err error) { + req, err := lastResults.subAssessmentListPreparer(ctx) + if err != nil { + return result, autorest.NewErrorWithError(err, "security.SubAssessmentsClient", "listAllNextResults", nil, "Failure preparing next results request") + } + if req == nil { + return + } + resp, err := client.ListAllSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + return result, autorest.NewErrorWithError(err, "security.SubAssessmentsClient", "listAllNextResults", resp, "Failure sending next results request") + } + result, err = client.ListAllResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "security.SubAssessmentsClient", "listAllNextResults", resp, "Failure responding to next results request") + } + return +} + +// ListAllComplete enumerates all values, automatically crossing page boundaries as required. +func (client SubAssessmentsClient) ListAllComplete(ctx context.Context, scope string) (result SubAssessmentListIterator, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/SubAssessmentsClient.ListAll") + defer func() { + sc := -1 + if result.Response().Response.Response != nil { + sc = result.page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + result.page, err = client.ListAll(ctx, scope) + return +} diff --git a/services/preview/security/mgmt/v2.0/security/models.go b/services/preview/security/mgmt/v2.0/security/models.go index 2e32b3288d3c..b6c26676de8d 100644 --- a/services/preview/security/mgmt/v2.0/security/models.go +++ b/services/preview/security/mgmt/v2.0/security/models.go @@ -96,6 +96,25 @@ func PossibleAlertsToAdminsValues() []AlertsToAdmins { return []AlertsToAdmins{AlertsToAdminsOff, AlertsToAdminsOn} } +// AssessedResourceType enumerates the values for assessed resource type. +type AssessedResourceType string + +const ( + // AssessedResourceTypeAdditionalData ... + AssessedResourceTypeAdditionalData AssessedResourceType = "AdditionalData" + // AssessedResourceTypeContainerRegistryVulnerability ... + AssessedResourceTypeContainerRegistryVulnerability AssessedResourceType = "ContainerRegistryVulnerability" + // AssessedResourceTypeServerVulnerabilityAssessment ... + AssessedResourceTypeServerVulnerabilityAssessment AssessedResourceType = "ServerVulnerabilityAssessment" + // AssessedResourceTypeSQLServerVulnerability ... + AssessedResourceTypeSQLServerVulnerability AssessedResourceType = "SqlServerVulnerability" +) + +// PossibleAssessedResourceTypeValues returns an array of possible values for the AssessedResourceType const type. +func PossibleAssessedResourceTypeValues() []AssessedResourceType { + return []AssessedResourceType{AssessedResourceTypeAdditionalData, AssessedResourceTypeContainerRegistryVulnerability, AssessedResourceTypeServerVulnerabilityAssessment, AssessedResourceTypeSQLServerVulnerability} +} + // AutoProvision enumerates the values for auto provision. type AutoProvision string @@ -622,6 +641,23 @@ func PossibleSettingKindValues() []SettingKind { return []SettingKind{SettingKindAlertSuppressionSetting, SettingKindDataExportSetting} } +// Severity enumerates the values for severity. +type Severity string + +const ( + // SeverityHigh ... + SeverityHigh Severity = "High" + // SeverityLow ... + SeverityLow Severity = "Low" + // SeverityMedium ... + SeverityMedium Severity = "Medium" +) + +// PossibleSeverityValues returns an array of possible values for the Severity const type. +func PossibleSeverityValues() []Severity { + return []Severity{SeverityHigh, SeverityLow, SeverityMedium} +} + // SolutionStatus enumerates the values for solution status. type SolutionStatus string @@ -637,6 +673,23 @@ func PossibleSolutionStatusValues() []SolutionStatus { return []SolutionStatus{SolutionStatusDisabled, SolutionStatusEnabled} } +// Source enumerates the values for source. +type Source string + +const ( + // SourceAws ... + SourceAws Source = "Aws" + // SourceAzure ... + SourceAzure Source = "Azure" + // SourceResourceDetails ... + SourceResourceDetails Source = "ResourceDetails" +) + +// PossibleSourceValues returns an array of possible values for the Source const type. +func PossibleSourceValues() []Source { + return []Source{SourceAws, SourceAzure, SourceResourceDetails} +} + // SourceSystem enumerates the values for source system. type SourceSystem string @@ -710,6 +763,23 @@ func PossibleStatusReasonValues() []StatusReason { return []StatusReason{Expired, NewerRequestInitiated, UserRequested} } +// SubAssessmentStatusCode enumerates the values for sub assessment status code. +type SubAssessmentStatusCode string + +const ( + // Healthy The resource is healthy + Healthy SubAssessmentStatusCode = "Healthy" + // NotApplicable Assessment for this resource did not happen + NotApplicable SubAssessmentStatusCode = "NotApplicable" + // Unhealthy The resource has a security issue that needs to be addressed + Unhealthy SubAssessmentStatusCode = "Unhealthy" +) + +// PossibleSubAssessmentStatusCodeValues returns an array of possible values for the SubAssessmentStatusCode const type. +func PossibleSubAssessmentStatusCodeValues() []SubAssessmentStatusCode { + return []SubAssessmentStatusCode{Healthy, NotApplicable, Unhealthy} +} + // TransportProtocol enumerates the values for transport protocol. type TransportProtocol string @@ -1094,6 +1164,100 @@ func NewAdaptiveNetworkHardeningsListPage(getNextPage func(context.Context, Adap return AdaptiveNetworkHardeningsListPage{fn: getNextPage} } +// BasicAdditionalData details of the sub-assessment +type BasicAdditionalData interface { + AsSQLServerVulnerabilityProperties() (*SQLServerVulnerabilityProperties, bool) + AsContainerRegistryVulnerabilityProperties() (*ContainerRegistryVulnerabilityProperties, bool) + AsServerVulnerabilityProperties() (*ServerVulnerabilityProperties, bool) + AsAdditionalData() (*AdditionalData, bool) +} + +// AdditionalData details of the sub-assessment +type AdditionalData struct { + // AssessedResourceType - Possible values include: 'AssessedResourceTypeAdditionalData', 'AssessedResourceTypeSQLServerVulnerability', 'AssessedResourceTypeContainerRegistryVulnerability', 'AssessedResourceTypeServerVulnerabilityAssessment' + AssessedResourceType AssessedResourceType `json:"assessedResourceType,omitempty"` +} + +func unmarshalBasicAdditionalData(body []byte) (BasicAdditionalData, error) { + var m map[string]interface{} + err := json.Unmarshal(body, &m) + if err != nil { + return nil, err + } + + switch m["assessedResourceType"] { + case string(AssessedResourceTypeSQLServerVulnerability): + var ssvp SQLServerVulnerabilityProperties + err := json.Unmarshal(body, &ssvp) + return ssvp, err + case string(AssessedResourceTypeContainerRegistryVulnerability): + var crvp ContainerRegistryVulnerabilityProperties + err := json.Unmarshal(body, &crvp) + return crvp, err + case string(AssessedResourceTypeServerVulnerabilityAssessment): + var svp ServerVulnerabilityProperties + err := json.Unmarshal(body, &svp) + return svp, err + default: + var ad AdditionalData + err := json.Unmarshal(body, &ad) + return ad, err + } +} +func unmarshalBasicAdditionalDataArray(body []byte) ([]BasicAdditionalData, error) { + var rawMessages []*json.RawMessage + err := json.Unmarshal(body, &rawMessages) + if err != nil { + return nil, err + } + + adArray := make([]BasicAdditionalData, len(rawMessages)) + + for index, rawMessage := range rawMessages { + ad, err := unmarshalBasicAdditionalData(*rawMessage) + if err != nil { + return nil, err + } + adArray[index] = ad + } + return adArray, nil +} + +// MarshalJSON is the custom marshaler for AdditionalData. +func (ad AdditionalData) MarshalJSON() ([]byte, error) { + ad.AssessedResourceType = AssessedResourceTypeAdditionalData + objectMap := make(map[string]interface{}) + if ad.AssessedResourceType != "" { + objectMap["assessedResourceType"] = ad.AssessedResourceType + } + return json.Marshal(objectMap) +} + +// AsSQLServerVulnerabilityProperties is the BasicAdditionalData implementation for AdditionalData. +func (ad AdditionalData) AsSQLServerVulnerabilityProperties() (*SQLServerVulnerabilityProperties, bool) { + return nil, false +} + +// AsContainerRegistryVulnerabilityProperties is the BasicAdditionalData implementation for AdditionalData. +func (ad AdditionalData) AsContainerRegistryVulnerabilityProperties() (*ContainerRegistryVulnerabilityProperties, bool) { + return nil, false +} + +// AsServerVulnerabilityProperties is the BasicAdditionalData implementation for AdditionalData. +func (ad AdditionalData) AsServerVulnerabilityProperties() (*ServerVulnerabilityProperties, bool) { + return nil, false +} + +// AsAdditionalData is the BasicAdditionalData implementation for AdditionalData. +func (ad AdditionalData) AsAdditionalData() (*AdditionalData, bool) { + return &ad, true +} + +// AsBasicAdditionalData is the BasicAdditionalData implementation for AdditionalData. +func (ad AdditionalData) AsBasicAdditionalData() (BasicAdditionalData, bool) { + return &ad, true +} + // AdvancedThreatProtectionProperties the Advanced Threat Protection settings. type AdvancedThreatProtectionProperties struct { // IsEnabled - Indicates whether Advanced Threat Protection is enabled. @@ -2424,6 +2588,84 @@ type AutoProvisioningSettingProperties struct { AutoProvision AutoProvision `json:"autoProvision,omitempty"` } +// AwsResourceDetails details of the resource that was assessed +type AwsResourceDetails struct { + // AccountID - READ-ONLY; AWS account ID + AccountID *string `json:"accountId,omitempty"` + // AwsResourceID - READ-ONLY; AWS resource ID. can be ARN or other + AwsResourceID *string `json:"awsResourceId,omitempty"` + // Source - Possible values include: 'SourceResourceDetails', 'SourceAzure', 'SourceAws' + Source Source `json:"source,omitempty"` +} + +// MarshalJSON is the custom marshaler for AwsResourceDetails. +func (ard AwsResourceDetails) MarshalJSON() ([]byte, error) { + ard.Source = SourceAws + objectMap := make(map[string]interface{}) + if ard.Source != "" { + objectMap["source"] = ard.Source + } + return json.Marshal(objectMap) +} + +// AsAzureResourceDetails is the BasicResourceDetails implementation for AwsResourceDetails. +func (ard AwsResourceDetails) AsAzureResourceDetails() (*AzureResourceDetails, bool) { + return nil, false +} + +// AsAwsResourceDetails is the BasicResourceDetails implementation for AwsResourceDetails. +func (ard AwsResourceDetails) AsAwsResourceDetails() (*AwsResourceDetails, bool) { + return &ard, true +} + +// AsResourceDetails is the BasicResourceDetails implementation for AwsResourceDetails. +func (ard AwsResourceDetails) AsResourceDetails() (*ResourceDetails, bool) { + return nil, false +} + +// AsBasicResourceDetails is the BasicResourceDetails implementation for AwsResourceDetails. +func (ard AwsResourceDetails) AsBasicResourceDetails() (BasicResourceDetails, bool) { + return &ard, true +} + +// AzureResourceDetails details of the resource that was assessed +type AzureResourceDetails struct { + // ID - READ-ONLY; Azure resource ID of the assessed resource + ID *string `json:"id,omitempty"` + // Source - Possible values include: 'SourceResourceDetails', 'SourceAzure', 'SourceAws' + Source Source `json:"source,omitempty"` +} + +// MarshalJSON is the custom marshaler for AzureResourceDetails. +func (ard AzureResourceDetails) MarshalJSON() ([]byte, error) { + ard.Source = SourceAzure + objectMap := make(map[string]interface{}) + if ard.Source != "" { + objectMap["source"] = ard.Source + } + return json.Marshal(objectMap) +} + +// AsAzureResourceDetails is the BasicResourceDetails implementation for AzureResourceDetails. +func (ard AzureResourceDetails) AsAzureResourceDetails() (*AzureResourceDetails, bool) { + return &ard, true +} + +// AsAwsResourceDetails is the BasicResourceDetails implementation for AzureResourceDetails. +func (ard AzureResourceDetails) AsAwsResourceDetails() (*AwsResourceDetails, bool) { + return nil, false +} + +// AsResourceDetails is the BasicResourceDetails implementation for AzureResourceDetails. +func (ard AzureResourceDetails) AsResourceDetails() (*ResourceDetails, bool) { + return nil, false +} + +// AsBasicResourceDetails is the BasicResourceDetails implementation for AzureResourceDetails. +func (ard AzureResourceDetails) AsBasicResourceDetails() (BasicResourceDetails, bool) { + return &ard, true +} + // CefExternalSecuritySolution represents a security solution which sends CEF logs to an OMS workspace type CefExternalSecuritySolution struct { Properties *CefSolutionProperties `json:"properties,omitempty"` @@ -3140,6 +3382,64 @@ type ContactProperties struct { AlertsToAdmins AlertsToAdmins `json:"alertsToAdmins,omitempty"` } +// ContainerRegistryVulnerabilityProperties additional context fields for container registry Vulnerability +// assessment +type ContainerRegistryVulnerabilityProperties struct { + // Type - READ-ONLY; Vulnerability Type. e.g: Vulnerability, Potential Vulnerability, Information Gathered, Vulnerability + Type *string `json:"type,omitempty"` + // Cvss - READ-ONLY; Dictionary from cvss version to cvss details object + Cvss map[string]*CVSS `json:"cvss"` + // Patchable - READ-ONLY; Indicates whether a patch is available or not + Patchable *bool `json:"patchable,omitempty"` + // Cve - READ-ONLY; List of CVEs + Cve *[]CVE `json:"cve,omitempty"` + // PublishedTime - READ-ONLY; Published time + PublishedTime *date.Time `json:"publishedTime,omitempty"` + // VendorReferences - READ-ONLY + VendorReferences *[]VendorReference `json:"vendorReferences,omitempty"` + // RepositoryName - READ-ONLY; Name of the repository which the vulnerable image belongs to + RepositoryName *string `json:"repositoryName,omitempty"` + // ImageDigest - READ-ONLY; Digest of the vulnerable image + ImageDigest *string `json:"imageDigest,omitempty"` + // AssessedResourceType - Possible values include: 'AssessedResourceTypeAdditionalData', 'AssessedResourceTypeSQLServerVulnerability', 'AssessedResourceTypeContainerRegistryVulnerability', 'AssessedResourceTypeServerVulnerabilityAssessment' + AssessedResourceType AssessedResourceType `json:"assessedResourceType,omitempty"` +} + +// MarshalJSON is the custom marshaler for ContainerRegistryVulnerabilityProperties. +func (crvp ContainerRegistryVulnerabilityProperties) MarshalJSON() ([]byte, error) { + crvp.AssessedResourceType = AssessedResourceTypeContainerRegistryVulnerability + objectMap := make(map[string]interface{}) + if crvp.AssessedResourceType != "" { + objectMap["assessedResourceType"] = crvp.AssessedResourceType + } + return json.Marshal(objectMap) +} + +// AsSQLServerVulnerabilityProperties is the BasicAdditionalData implementation for ContainerRegistryVulnerabilityProperties. +func (crvp ContainerRegistryVulnerabilityProperties) AsSQLServerVulnerabilityProperties() (*SQLServerVulnerabilityProperties, bool) { + return nil, false +} + +// AsContainerRegistryVulnerabilityProperties is the BasicAdditionalData implementation for ContainerRegistryVulnerabilityProperties. +func (crvp ContainerRegistryVulnerabilityProperties) AsContainerRegistryVulnerabilityProperties() (*ContainerRegistryVulnerabilityProperties, bool) { + return &crvp, true +} + +// AsServerVulnerabilityProperties is the BasicAdditionalData implementation for ContainerRegistryVulnerabilityProperties. +func (crvp ContainerRegistryVulnerabilityProperties) AsServerVulnerabilityProperties() (*ServerVulnerabilityProperties, bool) { + return nil, false +} + +// AsAdditionalData is the BasicAdditionalData implementation for ContainerRegistryVulnerabilityProperties. +func (crvp ContainerRegistryVulnerabilityProperties) AsAdditionalData() (*AdditionalData, bool) { + return nil, false +} + +// AsBasicAdditionalData is the BasicAdditionalData implementation for ContainerRegistryVulnerabilityProperties. +func (crvp ContainerRegistryVulnerabilityProperties) AsBasicAdditionalData() (BasicAdditionalData, bool) { + return &crvp, true +} + // CustomAlertRule a custom alert rule type CustomAlertRule struct { // DisplayName - READ-ONLY; The display name of the custom alert. @@ -3152,6 +3452,20 @@ type CustomAlertRule struct { RuleType *string `json:"ruleType,omitempty"` } +// CVE CVE details +type CVE struct { + // Title - READ-ONLY; CVE title + Title *string `json:"title,omitempty"` + // Link - READ-ONLY; Link url + Link *string `json:"link,omitempty"` +} + +// CVSS CVSS details +type CVSS struct { + // Base - READ-ONLY; CVSS base + Base *float64 `json:"base,omitempty"` +} + // DataExportSetting represents a data export setting type DataExportSetting struct { // DataExportSettingProperties - Data export setting data @@ -5614,6 +5928,8 @@ type JitNetworkAccessPolicyInitiatePort struct { type JitNetworkAccessPolicyInitiateRequest struct { // VirtualMachines - A list of virtual machines & ports to open access for VirtualMachines *[]JitNetworkAccessPolicyInitiateVirtualMachine `json:"virtualMachines,omitempty"` + // Justification - The justification for making the initiate request + Justification *string `json:"justification,omitempty"` } // JitNetworkAccessPolicyInitiateVirtualMachine ... @@ -5664,6 +5980,8 @@ type JitNetworkAccessRequest struct { StartTimeUtc *date.Time `json:"startTimeUtc,omitempty"` // Requestor - The identity of the person who made the request Requestor *string `json:"requestor,omitempty"` + // Justification - The justification for making the initiate request + Justification *string `json:"justification,omitempty"` } // JitNetworkAccessRequestPort ... @@ -6744,6 +7062,90 @@ type Resource struct { Type *string `json:"type,omitempty"` } +// BasicResourceDetails details of the resource that was assessed +type BasicResourceDetails interface { + AsAzureResourceDetails() (*AzureResourceDetails, bool) + AsAwsResourceDetails() (*AwsResourceDetails, bool) + AsResourceDetails() (*ResourceDetails, bool) +} + +// ResourceDetails details of the resource that was assessed +type ResourceDetails struct { + // Source - Possible values include: 'SourceResourceDetails', 'SourceAzure', 'SourceAws' + Source Source `json:"source,omitempty"` +} + +func unmarshalBasicResourceDetails(body []byte) (BasicResourceDetails, error) { + var m map[string]interface{} + err := json.Unmarshal(body, &m) + if err != nil { + return nil, err + } + + switch m["source"] { + case string(SourceAzure): + var ard AzureResourceDetails + err := json.Unmarshal(body, &ard) + return ard, err + case string(SourceAws): + var ard AwsResourceDetails + err := json.Unmarshal(body, &ard) + return ard, err + default: + var rd ResourceDetails + err := json.Unmarshal(body, &rd) + return rd, err + } +} +func unmarshalBasicResourceDetailsArray(body []byte) ([]BasicResourceDetails, error) { + var rawMessages []*json.RawMessage + err := json.Unmarshal(body, &rawMessages) + if err != nil { + return nil, err + } + + rdArray := make([]BasicResourceDetails, len(rawMessages)) + + for index, rawMessage := range rawMessages { + rd, err := unmarshalBasicResourceDetails(*rawMessage) + if err != nil { + return nil, err + } + rdArray[index] = rd + } + return rdArray, nil +} + +// MarshalJSON is the custom marshaler for ResourceDetails. +func (rd ResourceDetails) MarshalJSON() ([]byte, error) { + rd.Source = SourceResourceDetails + objectMap := make(map[string]interface{}) + if rd.Source != "" { + objectMap["source"] = rd.Source + } + return json.Marshal(objectMap) +} + +// AsAzureResourceDetails is the BasicResourceDetails implementation for ResourceDetails. +func (rd ResourceDetails) AsAzureResourceDetails() (*AzureResourceDetails, bool) { + return nil, false +} + +// AsAwsResourceDetails is the BasicResourceDetails implementation for ResourceDetails. +func (rd ResourceDetails) AsAwsResourceDetails() (*AwsResourceDetails, bool) { + return nil, false +} + +// AsResourceDetails is the BasicResourceDetails implementation for ResourceDetails. +func (rd ResourceDetails) AsResourceDetails() (*ResourceDetails, bool) { + return &rd, true +} + +// AsBasicResourceDetails is the BasicResourceDetails implementation for ResourceDetails. +func (rd ResourceDetails) AsBasicResourceDetails() (BasicResourceDetails, bool) { + return &rd, true +} + // Rule describes remote addresses that is recommended to communicate with the Azure resource on some // (Protocol, Port, Direction). All other remote addresses are recommended to be blocked type Rule struct { @@ -6769,6 +7171,61 @@ type SensitivityLabel struct { Enabled *bool `json:"enabled,omitempty"` } +// ServerVulnerabilityProperties additional context fields for server vulnerability assessment +type ServerVulnerabilityProperties struct { + // Type - READ-ONLY; Vulnerability Type. e.g: Vulnerability, Potential Vulnerability, Information Gathered + Type *string `json:"type,omitempty"` + // Cvss - READ-ONLY; Dictionary from cvss version to cvss details object + Cvss map[string]*CVSS `json:"cvss"` + // Patchable - READ-ONLY; Indicates whether a patch is available or not + Patchable *bool `json:"patchable,omitempty"` + // Cve - READ-ONLY; List of CVEs + Cve *[]CVE `json:"cve,omitempty"` + // Threat - READ-ONLY; Threat name + Threat *string `json:"threat,omitempty"` + // PublishedTime - READ-ONLY; Published time + PublishedTime *date.Time `json:"publishedTime,omitempty"` + // VendorReferences - READ-ONLY + VendorReferences *[]VendorReference `json:"vendorReferences,omitempty"` + // AssessedResourceType - Possible values include: 'AssessedResourceTypeAdditionalData', 'AssessedResourceTypeSQLServerVulnerability', 'AssessedResourceTypeContainerRegistryVulnerability', 'AssessedResourceTypeServerVulnerabilityAssessment' + AssessedResourceType AssessedResourceType `json:"assessedResourceType,omitempty"` +} + +// MarshalJSON is the custom marshaler for ServerVulnerabilityProperties. +func (svp ServerVulnerabilityProperties) MarshalJSON() ([]byte, error) { + svp.AssessedResourceType = AssessedResourceTypeServerVulnerabilityAssessment + objectMap := make(map[string]interface{}) + if svp.AssessedResourceType != "" { + objectMap["assessedResourceType"] = svp.AssessedResourceType + } + return json.Marshal(objectMap) +} + +// AsSQLServerVulnerabilityProperties is the BasicAdditionalData implementation for ServerVulnerabilityProperties. +func (svp ServerVulnerabilityProperties) AsSQLServerVulnerabilityProperties() (*SQLServerVulnerabilityProperties, bool) { + return nil, false +} + +// AsContainerRegistryVulnerabilityProperties is the BasicAdditionalData implementation for ServerVulnerabilityProperties. +func (svp ServerVulnerabilityProperties) AsContainerRegistryVulnerabilityProperties() (*ContainerRegistryVulnerabilityProperties, bool) { + return nil, false +} + +// AsServerVulnerabilityProperties is the BasicAdditionalData implementation for ServerVulnerabilityProperties. +func (svp ServerVulnerabilityProperties) AsServerVulnerabilityProperties() (*ServerVulnerabilityProperties, bool) { + return &svp, true +} + +// AsAdditionalData is the BasicAdditionalData implementation for ServerVulnerabilityProperties. +func (svp ServerVulnerabilityProperties) AsAdditionalData() (*AdditionalData, bool) { + return nil, false +} + +// AsBasicAdditionalData is the BasicAdditionalData implementation for ServerVulnerabilityProperties. +func (svp ServerVulnerabilityProperties) AsBasicAdditionalData() (BasicAdditionalData, bool) { + return &svp, true +} + // Setting represents a security setting in Azure Security Center. type Setting struct { autorest.Response `json:"-"` @@ -6940,6 +7397,405 @@ func NewSettingsListPage(getNextPage func(context.Context, SettingsList) (Settin return SettingsListPage{fn: getNextPage} } +// SQLServerVulnerabilityProperties details of the resource that was assessed +type SQLServerVulnerabilityProperties struct { + // Type - READ-ONLY; The resource type the sub assessment refers to in its resource details + Type *string `json:"type,omitempty"` + // Query - READ-ONLY; The T-SQL query that runs on your SQL database to perform the particular check + Query *string `json:"query,omitempty"` + // AssessedResourceType - Possible values include: 'AssessedResourceTypeAdditionalData', 'AssessedResourceTypeSQLServerVulnerability', 'AssessedResourceTypeContainerRegistryVulnerability', 'AssessedResourceTypeServerVulnerabilityAssessment' + AssessedResourceType AssessedResourceType `json:"assessedResourceType,omitempty"` +} + +// MarshalJSON is the custom marshaler for SQLServerVulnerabilityProperties. +func (ssvp SQLServerVulnerabilityProperties) MarshalJSON() ([]byte, error) { + ssvp.AssessedResourceType = AssessedResourceTypeSQLServerVulnerability + objectMap := make(map[string]interface{}) + if ssvp.AssessedResourceType != "" { + objectMap["assessedResourceType"] = ssvp.AssessedResourceType + } + return json.Marshal(objectMap) +} + +// AsSQLServerVulnerabilityProperties is the BasicAdditionalData implementation for SQLServerVulnerabilityProperties. +func (ssvp SQLServerVulnerabilityProperties) AsSQLServerVulnerabilityProperties() (*SQLServerVulnerabilityProperties, bool) { + return &ssvp, true +} + +// AsContainerRegistryVulnerabilityProperties is the BasicAdditionalData implementation for SQLServerVulnerabilityProperties. +func (ssvp SQLServerVulnerabilityProperties) AsContainerRegistryVulnerabilityProperties() (*ContainerRegistryVulnerabilityProperties, bool) { + return nil, false +} + +// AsServerVulnerabilityProperties is the BasicAdditionalData implementation for SQLServerVulnerabilityProperties. +func (ssvp SQLServerVulnerabilityProperties) AsServerVulnerabilityProperties() (*ServerVulnerabilityProperties, bool) { + return nil, false +} + +// AsAdditionalData is the BasicAdditionalData implementation for SQLServerVulnerabilityProperties. +func (ssvp SQLServerVulnerabilityProperties) AsAdditionalData() (*AdditionalData, bool) { + return nil, false +} + +// AsBasicAdditionalData is the BasicAdditionalData implementation for SQLServerVulnerabilityProperties. +func (ssvp SQLServerVulnerabilityProperties) AsBasicAdditionalData() (BasicAdditionalData, bool) { + return &ssvp, true +} + +// SubAssessment security sub-assessment on a resource +type SubAssessment struct { + autorest.Response `json:"-"` + *SubAssessmentProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Resource type + Type *string `json:"type,omitempty"` +} + +// MarshalJSON is the custom marshaler for SubAssessment. +func (sa SubAssessment) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if sa.SubAssessmentProperties != nil { + objectMap["properties"] = sa.SubAssessmentProperties + } + return json.Marshal(objectMap) +} + +// UnmarshalJSON is the custom unmarshaler for SubAssessment struct. +func (sa *SubAssessment) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var subAssessmentProperties SubAssessmentProperties + err = json.Unmarshal(*v, &subAssessmentProperties) + if err != nil { + return err + } + sa.SubAssessmentProperties = &subAssessmentProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + sa.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + sa.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + sa.Type = &typeVar + } + } + } + + return nil +} + +// SubAssessmentList list of security sub-assessments +type SubAssessmentList struct { + autorest.Response `json:"-"` + // Value - READ-ONLY + Value *[]SubAssessment `json:"value,omitempty"` + // NextLink - READ-ONLY; The URI to fetch the next page. + NextLink *string `json:"nextLink,omitempty"` +} + +// SubAssessmentListIterator provides access to a complete listing of SubAssessment values. +type SubAssessmentListIterator struct { + i int + page SubAssessmentListPage +} + +// NextWithContext advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +func (iter *SubAssessmentListIterator) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/SubAssessmentListIterator.NextWithContext") + defer func() { + sc := -1 + if iter.Response().Response.Response != nil { + sc = iter.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + iter.i++ + if iter.i < len(iter.page.Values()) { + return nil + } + err = iter.page.NextWithContext(ctx) + if err != nil { + iter.i-- + return err + } + iter.i = 0 + return nil +} + +// Next advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (iter *SubAssessmentListIterator) Next() error { + return iter.NextWithContext(context.Background()) +} + +// NotDone returns true if the enumeration should be started or is not yet complete. +func (iter SubAssessmentListIterator) NotDone() bool { + return iter.page.NotDone() && iter.i < len(iter.page.Values()) +} + +// Response returns the raw server response from the last page request. +func (iter SubAssessmentListIterator) Response() SubAssessmentList { + return iter.page.Response() +} + +// Value returns the current value or a zero-initialized value if the +// iterator has advanced beyond the end of the collection. +func (iter SubAssessmentListIterator) Value() SubAssessment { + if !iter.page.NotDone() { + return SubAssessment{} + } + return iter.page.Values()[iter.i] +} + +// Creates a new instance of the SubAssessmentListIterator type. +func NewSubAssessmentListIterator(page SubAssessmentListPage) SubAssessmentListIterator { + return SubAssessmentListIterator{page: page} +} + +// IsEmpty returns true if the ListResult contains no values. +func (sal SubAssessmentList) IsEmpty() bool { + return sal.Value == nil || len(*sal.Value) == 0 +} + +// subAssessmentListPreparer prepares a request to retrieve the next set of results. +// It returns nil if no more results exist. +func (sal SubAssessmentList) subAssessmentListPreparer(ctx context.Context) (*http.Request, error) { + if sal.NextLink == nil || len(to.String(sal.NextLink)) < 1 { + return nil, nil + } + return autorest.Prepare((&http.Request{}).WithContext(ctx), + autorest.AsJSON(), + autorest.AsGet(), + autorest.WithBaseURL(to.String(sal.NextLink))) +} + +// SubAssessmentListPage contains a page of SubAssessment values. +type SubAssessmentListPage struct { + fn func(context.Context, SubAssessmentList) (SubAssessmentList, error) + sal SubAssessmentList +} + +// NextWithContext advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +func (page *SubAssessmentListPage) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/SubAssessmentListPage.NextWithContext") + defer func() { + sc := -1 + if page.Response().Response.Response != nil { + sc = page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + next, err := page.fn(ctx, page.sal) + if err != nil { + return err + } + page.sal = next + return nil +} + +// Next advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (page *SubAssessmentListPage) Next() error { + return page.NextWithContext(context.Background()) +} + +// NotDone returns true if the page enumeration should be started or is not yet complete. +func (page SubAssessmentListPage) NotDone() bool { + return !page.sal.IsEmpty() +} + +// Response returns the raw server response from the last page request. +func (page SubAssessmentListPage) Response() SubAssessmentList { + return page.sal +} + +// Values returns the slice of values for the current page or nil if there are no values. +func (page SubAssessmentListPage) Values() []SubAssessment { + if page.sal.IsEmpty() { + return nil + } + return *page.sal.Value +} + +// Creates a new instance of the SubAssessmentListPage type. +func NewSubAssessmentListPage(getNextPage func(context.Context, SubAssessmentList) (SubAssessmentList, error)) SubAssessmentListPage { + return SubAssessmentListPage{fn: getNextPage} +} + +// SubAssessmentProperties describes properties of an sub-assessment. +type SubAssessmentProperties struct { + // ID - READ-ONLY; Vulnerability ID + ID *string `json:"id,omitempty"` + // DisplayName - READ-ONLY; User friendly display name of the sub-assessment + DisplayName *string `json:"displayName,omitempty"` + Status *SubAssessmentStatus `json:"status,omitempty"` + // Remediation - READ-ONLY; Information on how to remediate this sub-assessment + Remediation *string `json:"remediation,omitempty"` + // Impact - READ-ONLY; Description of the impact of this sub-assessment + Impact *string `json:"impact,omitempty"` + // Category - READ-ONLY; Category of the sub-assessment + Category *string `json:"category,omitempty"` + // Description - READ-ONLY; Human readable description of the assessment status + Description *string `json:"description,omitempty"` + // TimeGenerated - READ-ONLY; The date and time the sub-assessment was generated + TimeGenerated *date.Time `json:"timeGenerated,omitempty"` + ResourceDetails BasicResourceDetails `json:"resourceDetails,omitempty"` + AdditionalData BasicAdditionalData `json:"additionalData,omitempty"` +} + +// UnmarshalJSON is the custom unmarshaler for SubAssessmentProperties struct. +func (sap *SubAssessmentProperties) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + sap.ID = &ID + } + case "displayName": + if v != nil { + var displayName string + err = json.Unmarshal(*v, &displayName) + if err != nil { + return err + } + sap.DisplayName = &displayName + } + case "status": + if v != nil { + var status SubAssessmentStatus + err = json.Unmarshal(*v, &status) + if err != nil { + return err + } + sap.Status = &status + } + case "remediation": + if v != nil { + var remediation string + err = json.Unmarshal(*v, &remediation) + if err != nil { + return err + } + sap.Remediation = &remediation + } + case "impact": + if v != nil { + var impact string + err = json.Unmarshal(*v, &impact) + if err != nil { + return err + } + sap.Impact = &impact + } + case "category": + if v != nil { + var category string + err = json.Unmarshal(*v, &category) + if err != nil { + return err + } + sap.Category = &category + } + case "description": + if v != nil { + var description string + err = json.Unmarshal(*v, &description) + if err != nil { + return err + } + sap.Description = &description + } + case "timeGenerated": + if v != nil { + var timeGenerated date.Time + err = json.Unmarshal(*v, &timeGenerated) + if err != nil { + return err + } + sap.TimeGenerated = &timeGenerated + } + case "resourceDetails": + if v != nil { + resourceDetails, err := unmarshalBasicResourceDetails(*v) + if err != nil { + return err + } + sap.ResourceDetails = resourceDetails + } + case "additionalData": + if v != nil { + additionalData, err := unmarshalBasicAdditionalData(*v) + if err != nil { + return err + } + sap.AdditionalData = additionalData + } + } + } + + return nil +} + +// SubAssessmentStatus status of the sub-assessment +type SubAssessmentStatus struct { + // Code - READ-ONLY; Programmatic code for the status of the assessment. Possible values include: 'Healthy', 'Unhealthy', 'NotApplicable' + Code SubAssessmentStatusCode `json:"code,omitempty"` + // Cause - READ-ONLY; Programmatic code for the cause of the assessment status + Cause *string `json:"cause,omitempty"` + // Description - READ-ONLY; Human readable description of the assessment status + Description *string `json:"description,omitempty"` + // Severity - READ-ONLY; The sub-assessment severity level. Possible values include: 'SeverityLow', 'SeverityMedium', 'SeverityHigh' + Severity Severity `json:"severity,omitempty"` +} + // TagsResource a container holding only the Tags for a resource, allowing the user to update the tags. type TagsResource struct { // Tags - Resource tags @@ -7582,6 +8438,14 @@ type UserRecommendation struct { RecommendationAction RecommendationAction1 `json:"recommendationAction,omitempty"` } +// VendorReference vendor reference +type VendorReference struct { + // Title - READ-ONLY; Link title + Title *string `json:"title,omitempty"` + // Link - READ-ONLY; Link url + Link *string `json:"link,omitempty"` +} + // VMRecommendation represents a machine that is part of a VM/server group type VMRecommendation struct { // ConfigurationStatus - Possible values include: 'Configured', 'NotConfigured', 'InProgress', 'Failed', 'NoStatus' diff --git a/services/preview/security/mgmt/v2.0/security/securityapi/interfaces.go b/services/preview/security/mgmt/v2.0/security/securityapi/interfaces.go index dde4288d926e..dec22bd03f50 100644 --- a/services/preview/security/mgmt/v2.0/security/securityapi/interfaces.go +++ b/services/preview/security/mgmt/v2.0/security/securityapi/interfaces.go @@ -23,6 +23,15 @@ import ( "github.com/Azure/go-autorest/autorest" ) +// SubAssessmentsClientAPI contains the set of methods on the SubAssessmentsClient type. +type SubAssessmentsClientAPI interface { + Get(ctx context.Context, scope string, assessmentName string, subAssessmentName string) (result security.SubAssessment, err error) + List(ctx context.Context, scope string, assessmentName string) (result security.SubAssessmentListPage, err error) + ListAll(ctx context.Context, scope string) (result security.SubAssessmentListPage, err error) +} + +var _ SubAssessmentsClientAPI = (*security.SubAssessmentsClient)(nil) + // RegulatoryComplianceStandardsClientAPI contains the set of methods on the RegulatoryComplianceStandardsClient type. type RegulatoryComplianceStandardsClientAPI interface { Get(ctx context.Context, regulatoryComplianceStandardName string) (result security.RegulatoryComplianceStandard, err error) diff --git a/services/preview/security/mgmt/v2.0/security/subassessments.go b/services/preview/security/mgmt/v2.0/security/subassessments.go new file mode 100644 index 000000000000..4fa19d8e398d --- /dev/null +++ b/services/preview/security/mgmt/v2.0/security/subassessments.go @@ -0,0 +1,348 @@ +package security + +// Copyright (c) Microsoft and contributors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// +// See the License for the specific language governing permissions and +// limitations under the License. +// +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +import ( + "context" + "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/azure" + "github.com/Azure/go-autorest/tracing" + "net/http" +) + +// SubAssessmentsClient is the API spec for Microsoft.Security (Azure Security Center) resource provider +type SubAssessmentsClient struct { + BaseClient +} + +// NewSubAssessmentsClient creates an instance of the SubAssessmentsClient client. +func NewSubAssessmentsClient(subscriptionID string, ascLocation string) SubAssessmentsClient { + return NewSubAssessmentsClientWithBaseURI(DefaultBaseURI, subscriptionID, ascLocation) +} + +// NewSubAssessmentsClientWithBaseURI creates an instance of the SubAssessmentsClient client. +func NewSubAssessmentsClientWithBaseURI(baseURI string, subscriptionID string, ascLocation string) SubAssessmentsClient { + return SubAssessmentsClient{NewWithBaseURI(baseURI, subscriptionID, ascLocation)} +} + +// Get get a security sub-assessment on your scanned resource +// Parameters: +// scope - scope of the query, can be subscription (/subscriptions/0b06d9ea-afe6-4779-bd59-30e5c2d9d13f) or +// management group (/providers/Microsoft.Management/managementGroups/mgName). +// assessmentName - the Assessment Key - Unique key for the assessment type +// subAssessmentName - the Sub-Assessment Key - Unique key for the sub-assessment type +func (client SubAssessmentsClient) Get(ctx context.Context, scope string, assessmentName string, subAssessmentName string) (result SubAssessment, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/SubAssessmentsClient.Get") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + req, err := client.GetPreparer(ctx, scope, assessmentName, subAssessmentName) + if err != nil { + err = autorest.NewErrorWithError(err, "security.SubAssessmentsClient", "Get", nil, "Failure preparing request") + return + } + + resp, err := client.GetSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "security.SubAssessmentsClient", "Get", resp, "Failure sending request") + return + } + + result, err = client.GetResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "security.SubAssessmentsClient", "Get", resp, "Failure responding to request") + } + + return +} + +// GetPreparer prepares the Get request. +func (client SubAssessmentsClient) GetPreparer(ctx context.Context, scope string, assessmentName string, subAssessmentName string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "assessmentName": autorest.Encode("path", assessmentName), + "scope": autorest.Encode("path", scope), + "subAssessmentName": autorest.Encode("path", subAssessmentName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/{scope}/providers/Microsoft.Security/assessments/{assessmentName}/subAssessments/{subAssessmentName}", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// GetSender sends the Get request. The method will close the +// http.Response Body if it receives an error. +func (client SubAssessmentsClient) GetSender(req *http.Request) (*http.Response, error) { + sd := autorest.GetSendDecorators(req.Context(), autorest.DoRetryForStatusCodes(client.RetryAttempts, client.RetryDuration, autorest.StatusCodesForRetry...)) + return autorest.SendWithSender(client, req, sd...) +} + +// GetResponder handles the response to the Get request. The method always +// closes the http.Response Body. +func (client SubAssessmentsClient) GetResponder(resp *http.Response) (result SubAssessment, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// List get security sub-assessments on all your scanned resources inside a scope +// Parameters: +// scope - scope of the query, can be subscription (/subscriptions/0b06d9ea-afe6-4779-bd59-30e5c2d9d13f) or +// management group (/providers/Microsoft.Management/managementGroups/mgName). +// assessmentName - the Assessment Key - Unique key for the assessment type +func (client SubAssessmentsClient) List(ctx context.Context, scope string, assessmentName string) (result SubAssessmentListPage, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/SubAssessmentsClient.List") + defer func() { + sc := -1 + if result.sal.Response.Response != nil { + sc = result.sal.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + result.fn = client.listNextResults + req, err := client.ListPreparer(ctx, scope, assessmentName) + if err != nil { + err = autorest.NewErrorWithError(err, "security.SubAssessmentsClient", "List", nil, "Failure preparing request") + return + } + + resp, err := client.ListSender(req) + if err != nil { + result.sal.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "security.SubAssessmentsClient", "List", resp, "Failure sending request") + return + } + + result.sal, err = client.ListResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "security.SubAssessmentsClient", "List", resp, "Failure responding to request") + } + + return +} + +// ListPreparer prepares the List request. +func (client SubAssessmentsClient) ListPreparer(ctx context.Context, scope string, assessmentName string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "assessmentName": autorest.Encode("path", assessmentName), + "scope": autorest.Encode("path", scope), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/{scope}/providers/Microsoft.Security/assessments/{assessmentName}/subAssessments", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// ListSender sends the List request. The method will close the +// http.Response Body if it receives an error. +func (client SubAssessmentsClient) ListSender(req *http.Request) (*http.Response, error) { + sd := autorest.GetSendDecorators(req.Context(), autorest.DoRetryForStatusCodes(client.RetryAttempts, client.RetryDuration, autorest.StatusCodesForRetry...)) + return autorest.SendWithSender(client, req, sd...) +} + +// ListResponder handles the response to the List request. The method always +// closes the http.Response Body. +func (client SubAssessmentsClient) ListResponder(resp *http.Response) (result SubAssessmentList, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// listNextResults retrieves the next set of results, if any. +func (client SubAssessmentsClient) listNextResults(ctx context.Context, lastResults SubAssessmentList) (result SubAssessmentList, err error) { + req, err := lastResults.subAssessmentListPreparer(ctx) + if err != nil { + return result, autorest.NewErrorWithError(err, "security.SubAssessmentsClient", "listNextResults", nil, "Failure preparing next results request") + } + if req == nil { + return + } + resp, err := client.ListSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + return result, autorest.NewErrorWithError(err, "security.SubAssessmentsClient", "listNextResults", resp, "Failure sending next results request") + } + result, err = client.ListResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "security.SubAssessmentsClient", "listNextResults", resp, "Failure responding to next results request") + } + return +} + +// ListComplete enumerates all values, automatically crossing page boundaries as required. +func (client SubAssessmentsClient) ListComplete(ctx context.Context, scope string, assessmentName string) (result SubAssessmentListIterator, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/SubAssessmentsClient.List") + defer func() { + sc := -1 + if result.Response().Response.Response != nil { + sc = result.page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + result.page, err = client.List(ctx, scope, assessmentName) + return +} + +// ListAll get security sub-assessments on all your scanned resources inside a subscription scope +// Parameters: +// scope - scope of the query, can be subscription (/subscriptions/0b06d9ea-afe6-4779-bd59-30e5c2d9d13f) or +// management group (/providers/Microsoft.Management/managementGroups/mgName). +func (client SubAssessmentsClient) ListAll(ctx context.Context, scope string) (result SubAssessmentListPage, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/SubAssessmentsClient.ListAll") + defer func() { + sc := -1 + if result.sal.Response.Response != nil { + sc = result.sal.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + result.fn = client.listAllNextResults + req, err := client.ListAllPreparer(ctx, scope) + if err != nil { + err = autorest.NewErrorWithError(err, "security.SubAssessmentsClient", "ListAll", nil, "Failure preparing request") + return + } + + resp, err := client.ListAllSender(req) + if err != nil { + result.sal.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "security.SubAssessmentsClient", "ListAll", resp, "Failure sending request") + return + } + + result.sal, err = client.ListAllResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "security.SubAssessmentsClient", "ListAll", resp, "Failure responding to request") + } + + return +} + +// ListAllPreparer prepares the ListAll request. +func (client SubAssessmentsClient) ListAllPreparer(ctx context.Context, scope string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "scope": autorest.Encode("path", scope), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/{scope}/providers/Microsoft.Security/subAssessments", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// ListAllSender sends the ListAll request. The method will close the +// http.Response Body if it receives an error. +func (client SubAssessmentsClient) ListAllSender(req *http.Request) (*http.Response, error) { + sd := autorest.GetSendDecorators(req.Context(), autorest.DoRetryForStatusCodes(client.RetryAttempts, client.RetryDuration, autorest.StatusCodesForRetry...)) + return autorest.SendWithSender(client, req, sd...) +} + +// ListAllResponder handles the response to the ListAll request. The method always +// closes the http.Response Body. +func (client SubAssessmentsClient) ListAllResponder(resp *http.Response) (result SubAssessmentList, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// listAllNextResults retrieves the next set of results, if any. +func (client SubAssessmentsClient) listAllNextResults(ctx context.Context, lastResults SubAssessmentList) (result SubAssessmentList, err error) { + req, err := lastResults.subAssessmentListPreparer(ctx) + if err != nil { + return result, autorest.NewErrorWithError(err, "security.SubAssessmentsClient", "listAllNextResults", nil, "Failure preparing next results request") + } + if req == nil { + return + } + resp, err := client.ListAllSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + return result, autorest.NewErrorWithError(err, "security.SubAssessmentsClient", "listAllNextResults", resp, "Failure sending next results request") + } + result, err = client.ListAllResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "security.SubAssessmentsClient", "listAllNextResults", resp, "Failure responding to next results request") + } + return +} + +// ListAllComplete enumerates all values, automatically crossing page boundaries as required. +func (client SubAssessmentsClient) ListAllComplete(ctx context.Context, scope string) (result SubAssessmentListIterator, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/SubAssessmentsClient.ListAll") + defer func() { + sc := -1 + if result.Response().Response.Response != nil { + sc = result.page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + result.page, err = client.ListAll(ctx, scope) + return +} diff --git a/services/preview/security/mgmt/v3.0/security/models.go b/services/preview/security/mgmt/v3.0/security/models.go index 61cf7b536850..1f0482eb5644 100644 --- a/services/preview/security/mgmt/v3.0/security/models.go +++ b/services/preview/security/mgmt/v3.0/security/models.go @@ -95,6 +95,25 @@ func PossibleAlertsToAdminsValues() []AlertsToAdmins { return []AlertsToAdmins{AlertsToAdminsOff, AlertsToAdminsOn} } +// AssessedResourceType enumerates the values for assessed resource type. +type AssessedResourceType string + +const ( + // AssessedResourceTypeAdditionalData ... + AssessedResourceTypeAdditionalData AssessedResourceType = "AdditionalData" + // AssessedResourceTypeContainerRegistryVulnerability ... + AssessedResourceTypeContainerRegistryVulnerability AssessedResourceType = "ContainerRegistryVulnerability" + // AssessedResourceTypeServerVulnerabilityAssessment ... + AssessedResourceTypeServerVulnerabilityAssessment AssessedResourceType = "ServerVulnerabilityAssessment" + // AssessedResourceTypeSQLServerVulnerability ... + AssessedResourceTypeSQLServerVulnerability AssessedResourceType = "SqlServerVulnerability" +) + +// PossibleAssessedResourceTypeValues returns an array of possible values for the AssessedResourceType const type. +func PossibleAssessedResourceTypeValues() []AssessedResourceType { + return []AssessedResourceType{AssessedResourceTypeAdditionalData, AssessedResourceTypeContainerRegistryVulnerability, AssessedResourceTypeServerVulnerabilityAssessment, AssessedResourceTypeSQLServerVulnerability} +} + // AutoProvision enumerates the values for auto provision. type AutoProvision string @@ -646,6 +665,23 @@ func PossibleSettingKindValues() []SettingKind { return []SettingKind{SettingKindAlertSuppressionSetting, SettingKindDataExportSetting} } +// Severity enumerates the values for severity. +type Severity string + +const ( + // SeverityHigh ... + SeverityHigh Severity = "High" + // SeverityLow ... + SeverityLow Severity = "Low" + // SeverityMedium ... + SeverityMedium Severity = "Medium" +) + +// PossibleSeverityValues returns an array of possible values for the Severity const type. +func PossibleSeverityValues() []Severity { + return []Severity{SeverityHigh, SeverityLow, SeverityMedium} +} + // SolutionStatus enumerates the values for solution status. type SolutionStatus string @@ -661,6 +697,23 @@ func PossibleSolutionStatusValues() []SolutionStatus { return []SolutionStatus{SolutionStatusDisabled, SolutionStatusEnabled} } +// Source enumerates the values for source. +type Source string + +const ( + // SourceAws ... + SourceAws Source = "Aws" + // SourceAzure ... + SourceAzure Source = "Azure" + // SourceResourceDetails ... + SourceResourceDetails Source = "ResourceDetails" +) + +// PossibleSourceValues returns an array of possible values for the Source const type. +func PossibleSourceValues() []Source { + return []Source{SourceAws, SourceAzure, SourceResourceDetails} +} + // SourceSystem enumerates the values for source system. type SourceSystem string @@ -734,6 +787,23 @@ func PossibleStatusReasonValues() []StatusReason { return []StatusReason{Expired, NewerRequestInitiated, UserRequested} } +// SubAssessmentStatusCode enumerates the values for sub assessment status code. +type SubAssessmentStatusCode string + +const ( + // SubAssessmentStatusCodeHealthy The resource is healthy + SubAssessmentStatusCodeHealthy SubAssessmentStatusCode = "Healthy" + // SubAssessmentStatusCodeNotApplicable Assessment for this resource did not happen + SubAssessmentStatusCodeNotApplicable SubAssessmentStatusCode = "NotApplicable" + // SubAssessmentStatusCodeUnhealthy The resource has a security issue that needs to be addressed + SubAssessmentStatusCodeUnhealthy SubAssessmentStatusCode = "Unhealthy" +) + +// PossibleSubAssessmentStatusCodeValues returns an array of possible values for the SubAssessmentStatusCode const type. +func PossibleSubAssessmentStatusCodeValues() []SubAssessmentStatusCode { + return []SubAssessmentStatusCode{SubAssessmentStatusCodeHealthy, SubAssessmentStatusCodeNotApplicable, SubAssessmentStatusCodeUnhealthy} +} + // Type enumerates the values for type. type Type string @@ -841,6 +911,100 @@ type AadSolutionProperties struct { ConnectivityState AadConnectivityState `json:"connectivityState,omitempty"` } +// BasicAdditionalData details of the sub-assessment +type BasicAdditionalData interface { + AsSQLServerVulnerabilityProperties() (*SQLServerVulnerabilityProperties, bool) + AsContainerRegistryVulnerabilityProperties() (*ContainerRegistryVulnerabilityProperties, bool) + AsServerVulnerabilityProperties() (*ServerVulnerabilityProperties, bool) + AsAdditionalData() (*AdditionalData, bool) +} + +// AdditionalData details of the sub-assessment +type AdditionalData struct { + // AssessedResourceType - Possible values include: 'AssessedResourceTypeAdditionalData', 'AssessedResourceTypeSQLServerVulnerability', 'AssessedResourceTypeContainerRegistryVulnerability', 'AssessedResourceTypeServerVulnerabilityAssessment' + AssessedResourceType AssessedResourceType `json:"assessedResourceType,omitempty"` +} + +func unmarshalBasicAdditionalData(body []byte) (BasicAdditionalData, error) { + var m map[string]interface{} + err := json.Unmarshal(body, &m) + if err != nil { + return nil, err + } + + switch m["assessedResourceType"] { + case string(AssessedResourceTypeSQLServerVulnerability): + var ssvp SQLServerVulnerabilityProperties + err := json.Unmarshal(body, &ssvp) + return ssvp, err + case string(AssessedResourceTypeContainerRegistryVulnerability): + var crvp ContainerRegistryVulnerabilityProperties + err := json.Unmarshal(body, &crvp) + return crvp, err + case string(AssessedResourceTypeServerVulnerabilityAssessment): + var svp ServerVulnerabilityProperties + err := json.Unmarshal(body, &svp) + return svp, err + default: + var ad AdditionalData + err := json.Unmarshal(body, &ad) + return ad, err + } +} +func unmarshalBasicAdditionalDataArray(body []byte) ([]BasicAdditionalData, error) { + var rawMessages []*json.RawMessage + err := json.Unmarshal(body, &rawMessages) + if err != nil { + return nil, err + } + + adArray := make([]BasicAdditionalData, len(rawMessages)) + + for index, rawMessage := range rawMessages { + ad, err := unmarshalBasicAdditionalData(*rawMessage) + if err != nil { + return nil, err + } + adArray[index] = ad + } + return adArray, nil +} + +// MarshalJSON is the custom marshaler for AdditionalData. +func (ad AdditionalData) MarshalJSON() ([]byte, error) { + ad.AssessedResourceType = AssessedResourceTypeAdditionalData + objectMap := make(map[string]interface{}) + if ad.AssessedResourceType != "" { + objectMap["assessedResourceType"] = ad.AssessedResourceType + } + return json.Marshal(objectMap) +} + +// AsSQLServerVulnerabilityProperties is the BasicAdditionalData implementation for AdditionalData. +func (ad AdditionalData) AsSQLServerVulnerabilityProperties() (*SQLServerVulnerabilityProperties, bool) { + return nil, false +} + +// AsContainerRegistryVulnerabilityProperties is the BasicAdditionalData implementation for AdditionalData. +func (ad AdditionalData) AsContainerRegistryVulnerabilityProperties() (*ContainerRegistryVulnerabilityProperties, bool) { + return nil, false +} + +// AsServerVulnerabilityProperties is the BasicAdditionalData implementation for AdditionalData. +func (ad AdditionalData) AsServerVulnerabilityProperties() (*ServerVulnerabilityProperties, bool) { + return nil, false +} + +// AsAdditionalData is the BasicAdditionalData implementation for AdditionalData. +func (ad AdditionalData) AsAdditionalData() (*AdditionalData, bool) { + return &ad, true +} + +// AsBasicAdditionalData is the BasicAdditionalData implementation for AdditionalData. +func (ad AdditionalData) AsBasicAdditionalData() (BasicAdditionalData, bool) { + return &ad, true +} + // AdvancedThreatProtectionProperties the Advanced Threat Protection settings. type AdvancedThreatProtectionProperties struct { // IsEnabled - Indicates whether Advanced Threat Protection is enabled. @@ -2171,6 +2335,84 @@ type AutoProvisioningSettingProperties struct { AutoProvision AutoProvision `json:"autoProvision,omitempty"` } +// AwsResourceDetails details of the resource that was assessed +type AwsResourceDetails struct { + // AccountID - READ-ONLY; AWS account ID + AccountID *string `json:"accountId,omitempty"` + // AwsResourceID - READ-ONLY; AWS resource ID. can be ARN or other + AwsResourceID *string `json:"awsResourceId,omitempty"` + // Source - Possible values include: 'SourceResourceDetails', 'SourceAzure', 'SourceAws' + Source Source `json:"source,omitempty"` +} + +// MarshalJSON is the custom marshaler for AwsResourceDetails. +func (ard AwsResourceDetails) MarshalJSON() ([]byte, error) { + ard.Source = SourceAws + objectMap := make(map[string]interface{}) + if ard.Source != "" { + objectMap["source"] = ard.Source + } + return json.Marshal(objectMap) +} + +// AsAzureResourceDetails is the BasicResourceDetails implementation for AwsResourceDetails. +func (ard AwsResourceDetails) AsAzureResourceDetails() (*AzureResourceDetails, bool) { + return nil, false +} + +// AsAwsResourceDetails is the BasicResourceDetails implementation for AwsResourceDetails. +func (ard AwsResourceDetails) AsAwsResourceDetails() (*AwsResourceDetails, bool) { + return &ard, true +} + +// AsResourceDetails is the BasicResourceDetails implementation for AwsResourceDetails. +func (ard AwsResourceDetails) AsResourceDetails() (*ResourceDetails, bool) { + return nil, false +} + +// AsBasicResourceDetails is the BasicResourceDetails implementation for AwsResourceDetails. +func (ard AwsResourceDetails) AsBasicResourceDetails() (BasicResourceDetails, bool) { + return &ard, true +} + +// AzureResourceDetails details of the resource that was assessed +type AzureResourceDetails struct { + // ID - READ-ONLY; Azure resource ID of the assessed resource + ID *string `json:"id,omitempty"` + // Source - Possible values include: 'SourceResourceDetails', 'SourceAzure', 'SourceAws' + Source Source `json:"source,omitempty"` +} + +// MarshalJSON is the custom marshaler for AzureResourceDetails. +func (ard AzureResourceDetails) MarshalJSON() ([]byte, error) { + ard.Source = SourceAzure + objectMap := make(map[string]interface{}) + if ard.Source != "" { + objectMap["source"] = ard.Source + } + return json.Marshal(objectMap) +} + +// AsAzureResourceDetails is the BasicResourceDetails implementation for AzureResourceDetails. +func (ard AzureResourceDetails) AsAzureResourceDetails() (*AzureResourceDetails, bool) { + return &ard, true +} + +// AsAwsResourceDetails is the BasicResourceDetails implementation for AzureResourceDetails. +func (ard AzureResourceDetails) AsAwsResourceDetails() (*AwsResourceDetails, bool) { + return nil, false +} + +// AsResourceDetails is the BasicResourceDetails implementation for AzureResourceDetails. +func (ard AzureResourceDetails) AsResourceDetails() (*ResourceDetails, bool) { + return nil, false +} + +// AsBasicResourceDetails is the BasicResourceDetails implementation for AzureResourceDetails. +func (ard AzureResourceDetails) AsBasicResourceDetails() (BasicResourceDetails, bool) { + return &ard, true +} + // CefExternalSecuritySolution represents a security solution which sends CEF logs to an OMS workspace type CefExternalSecuritySolution struct { Properties *CefSolutionProperties `json:"properties,omitempty"` @@ -3112,6 +3354,64 @@ type ContactProperties struct { AlertsToAdmins AlertsToAdmins `json:"alertsToAdmins,omitempty"` } +// ContainerRegistryVulnerabilityProperties additional context fields for container registry Vulnerability +// assessment +type ContainerRegistryVulnerabilityProperties struct { + // Type - READ-ONLY; Vulnerability Type. e.g: Vulnerability, Potential Vulnerability, Information Gathered, Vulnerability + Type *string `json:"type,omitempty"` + // Cvss - READ-ONLY; Dictionary from cvss version to cvss details object + Cvss map[string]*CVSS `json:"cvss"` + // Patchable - READ-ONLY; Indicates whether a patch is available or not + Patchable *bool `json:"patchable,omitempty"` + // Cve - READ-ONLY; List of CVEs + Cve *[]CVE `json:"cve,omitempty"` + // PublishedTime - READ-ONLY; Published time + PublishedTime *date.Time `json:"publishedTime,omitempty"` + // VendorReferences - READ-ONLY + VendorReferences *[]VendorReference `json:"vendorReferences,omitempty"` + // RepositoryName - READ-ONLY; Name of the repository which the vulnerable image belongs to + RepositoryName *string `json:"repositoryName,omitempty"` + // ImageDigest - READ-ONLY; Digest of the vulnerable image + ImageDigest *string `json:"imageDigest,omitempty"` + // AssessedResourceType - Possible values include: 'AssessedResourceTypeAdditionalData', 'AssessedResourceTypeSQLServerVulnerability', 'AssessedResourceTypeContainerRegistryVulnerability', 'AssessedResourceTypeServerVulnerabilityAssessment' + AssessedResourceType AssessedResourceType `json:"assessedResourceType,omitempty"` +} + +// MarshalJSON is the custom marshaler for ContainerRegistryVulnerabilityProperties. +func (crvp ContainerRegistryVulnerabilityProperties) MarshalJSON() ([]byte, error) { + crvp.AssessedResourceType = AssessedResourceTypeContainerRegistryVulnerability + objectMap := make(map[string]interface{}) + if crvp.AssessedResourceType != "" { + objectMap["assessedResourceType"] = crvp.AssessedResourceType + } + return json.Marshal(objectMap) +} + +// AsSQLServerVulnerabilityProperties is the BasicAdditionalData implementation for ContainerRegistryVulnerabilityProperties. +func (crvp ContainerRegistryVulnerabilityProperties) AsSQLServerVulnerabilityProperties() (*SQLServerVulnerabilityProperties, bool) { + return nil, false +} + +// AsContainerRegistryVulnerabilityProperties is the BasicAdditionalData implementation for ContainerRegistryVulnerabilityProperties. +func (crvp ContainerRegistryVulnerabilityProperties) AsContainerRegistryVulnerabilityProperties() (*ContainerRegistryVulnerabilityProperties, bool) { + return &crvp, true +} + +// AsServerVulnerabilityProperties is the BasicAdditionalData implementation for ContainerRegistryVulnerabilityProperties. +func (crvp ContainerRegistryVulnerabilityProperties) AsServerVulnerabilityProperties() (*ServerVulnerabilityProperties, bool) { + return nil, false +} + +// AsAdditionalData is the BasicAdditionalData implementation for ContainerRegistryVulnerabilityProperties. +func (crvp ContainerRegistryVulnerabilityProperties) AsAdditionalData() (*AdditionalData, bool) { + return nil, false +} + +// AsBasicAdditionalData is the BasicAdditionalData implementation for ContainerRegistryVulnerabilityProperties. +func (crvp ContainerRegistryVulnerabilityProperties) AsBasicAdditionalData() (BasicAdditionalData, bool) { + return &crvp, true +} + // CustomAlertRule a custom alert rule. type CustomAlertRule struct { // DisplayName - READ-ONLY; The display name of the custom alert. @@ -3124,6 +3424,20 @@ type CustomAlertRule struct { RuleType *string `json:"ruleType,omitempty"` } +// CVE CVE details +type CVE struct { + // Title - READ-ONLY; CVE title + Title *string `json:"title,omitempty"` + // Link - READ-ONLY; Link url + Link *string `json:"link,omitempty"` +} + +// CVSS CVSS details +type CVSS struct { + // Base - READ-ONLY; CVSS base + Base *float64 `json:"base,omitempty"` +} + // DataExportSetting represents a data export setting type DataExportSetting struct { // DataExportSettingProperties - Data export setting data @@ -5555,6 +5869,8 @@ type JitNetworkAccessPolicyInitiatePort struct { type JitNetworkAccessPolicyInitiateRequest struct { // VirtualMachines - A list of virtual machines & ports to open access for VirtualMachines *[]JitNetworkAccessPolicyInitiateVirtualMachine `json:"virtualMachines,omitempty"` + // Justification - The justification for making the initiate request + Justification *string `json:"justification,omitempty"` } // JitNetworkAccessPolicyInitiateVirtualMachine ... @@ -5605,6 +5921,8 @@ type JitNetworkAccessRequest struct { StartTimeUtc *date.Time `json:"startTimeUtc,omitempty"` // Requestor - The identity of the person who made the request Requestor *string `json:"requestor,omitempty"` + // Justification - The justification for making the initiate request + Justification *string `json:"justification,omitempty"` } // JitNetworkAccessRequestPort ... @@ -6685,6 +7003,90 @@ type Resource struct { Type *string `json:"type,omitempty"` } +// BasicResourceDetails details of the resource that was assessed +type BasicResourceDetails interface { + AsAzureResourceDetails() (*AzureResourceDetails, bool) + AsAwsResourceDetails() (*AwsResourceDetails, bool) + AsResourceDetails() (*ResourceDetails, bool) +} + +// ResourceDetails details of the resource that was assessed +type ResourceDetails struct { + // Source - Possible values include: 'SourceResourceDetails', 'SourceAzure', 'SourceAws' + Source Source `json:"source,omitempty"` +} + +func unmarshalBasicResourceDetails(body []byte) (BasicResourceDetails, error) { + var m map[string]interface{} + err := json.Unmarshal(body, &m) + if err != nil { + return nil, err + } + + switch m["source"] { + case string(SourceAzure): + var ard AzureResourceDetails + err := json.Unmarshal(body, &ard) + return ard, err + case string(SourceAws): + var ard AwsResourceDetails + err := json.Unmarshal(body, &ard) + return ard, err + default: + var rd ResourceDetails + err := json.Unmarshal(body, &rd) + return rd, err + } +} +func unmarshalBasicResourceDetailsArray(body []byte) ([]BasicResourceDetails, error) { + var rawMessages []*json.RawMessage + err := json.Unmarshal(body, &rawMessages) + if err != nil { + return nil, err + } + + rdArray := make([]BasicResourceDetails, len(rawMessages)) + + for index, rawMessage := range rawMessages { + rd, err := unmarshalBasicResourceDetails(*rawMessage) + if err != nil { + return nil, err + } + rdArray[index] = rd + } + return rdArray, nil +} + +// MarshalJSON is the custom marshaler for ResourceDetails. +func (rd ResourceDetails) MarshalJSON() ([]byte, error) { + rd.Source = SourceResourceDetails + objectMap := make(map[string]interface{}) + if rd.Source != "" { + objectMap["source"] = rd.Source + } + return json.Marshal(objectMap) +} + +// AsAzureResourceDetails is the BasicResourceDetails implementation for ResourceDetails. +func (rd ResourceDetails) AsAzureResourceDetails() (*AzureResourceDetails, bool) { + return nil, false +} + +// AsAwsResourceDetails is the BasicResourceDetails implementation for ResourceDetails. +func (rd ResourceDetails) AsAwsResourceDetails() (*AwsResourceDetails, bool) { + return nil, false +} + +// AsResourceDetails is the BasicResourceDetails implementation for ResourceDetails. +func (rd ResourceDetails) AsResourceDetails() (*ResourceDetails, bool) { + return &rd, true +} + +// AsBasicResourceDetails is the BasicResourceDetails implementation for ResourceDetails. +func (rd ResourceDetails) AsBasicResourceDetails() (BasicResourceDetails, bool) { + return &rd, true +} + // SensitivityLabel the sensitivity label. type SensitivityLabel struct { // DisplayName - The name of the sensitivity label. @@ -6779,6 +7181,61 @@ type ServerVulnerabilityAssessmentsList struct { Value *[]ServerVulnerabilityAssessment `json:"value,omitempty"` } +// ServerVulnerabilityProperties additional context fields for server vulnerability assessment +type ServerVulnerabilityProperties struct { + // Type - READ-ONLY; Vulnerability Type. e.g: Vulnerability, Potential Vulnerability, Information Gathered + Type *string `json:"type,omitempty"` + // Cvss - READ-ONLY; Dictionary from cvss version to cvss details object + Cvss map[string]*CVSS `json:"cvss"` + // Patchable - READ-ONLY; Indicates whether a patch is available or not + Patchable *bool `json:"patchable,omitempty"` + // Cve - READ-ONLY; List of CVEs + Cve *[]CVE `json:"cve,omitempty"` + // Threat - READ-ONLY; Threat name + Threat *string `json:"threat,omitempty"` + // PublishedTime - READ-ONLY; Published time + PublishedTime *date.Time `json:"publishedTime,omitempty"` + // VendorReferences - READ-ONLY + VendorReferences *[]VendorReference `json:"vendorReferences,omitempty"` + // AssessedResourceType - Possible values include: 'AssessedResourceTypeAdditionalData', 'AssessedResourceTypeSQLServerVulnerability', 'AssessedResourceTypeContainerRegistryVulnerability', 'AssessedResourceTypeServerVulnerabilityAssessment' + AssessedResourceType AssessedResourceType `json:"assessedResourceType,omitempty"` +} + +// MarshalJSON is the custom marshaler for ServerVulnerabilityProperties. +func (svp ServerVulnerabilityProperties) MarshalJSON() ([]byte, error) { + svp.AssessedResourceType = AssessedResourceTypeServerVulnerabilityAssessment + objectMap := make(map[string]interface{}) + if svp.AssessedResourceType != "" { + objectMap["assessedResourceType"] = svp.AssessedResourceType + } + return json.Marshal(objectMap) +} + +// AsSQLServerVulnerabilityProperties is the BasicAdditionalData implementation for ServerVulnerabilityProperties. +func (svp ServerVulnerabilityProperties) AsSQLServerVulnerabilityProperties() (*SQLServerVulnerabilityProperties, bool) { + return nil, false +} + +// AsContainerRegistryVulnerabilityProperties is the BasicAdditionalData implementation for ServerVulnerabilityProperties. +func (svp ServerVulnerabilityProperties) AsContainerRegistryVulnerabilityProperties() (*ContainerRegistryVulnerabilityProperties, bool) { + return nil, false +} + +// AsServerVulnerabilityProperties is the BasicAdditionalData implementation for ServerVulnerabilityProperties. +func (svp ServerVulnerabilityProperties) AsServerVulnerabilityProperties() (*ServerVulnerabilityProperties, bool) { + return &svp, true +} + +// AsAdditionalData is the BasicAdditionalData implementation for ServerVulnerabilityProperties. +func (svp ServerVulnerabilityProperties) AsAdditionalData() (*AdditionalData, bool) { + return nil, false +} + +// AsBasicAdditionalData is the BasicAdditionalData implementation for ServerVulnerabilityProperties. +func (svp ServerVulnerabilityProperties) AsBasicAdditionalData() (BasicAdditionalData, bool) { + return &svp, true +} + // Setting represents a security setting in Azure Security Center. type Setting struct { autorest.Response `json:"-"` @@ -6950,6 +7407,405 @@ func NewSettingsListPage(getNextPage func(context.Context, SettingsList) (Settin return SettingsListPage{fn: getNextPage} } +// SQLServerVulnerabilityProperties details of the resource that was assessed +type SQLServerVulnerabilityProperties struct { + // Type - READ-ONLY; The resource type the sub assessment refers to in its resource details + Type *string `json:"type,omitempty"` + // Query - READ-ONLY; The T-SQL query that runs on your SQL database to perform the particular check + Query *string `json:"query,omitempty"` + // AssessedResourceType - Possible values include: 'AssessedResourceTypeAdditionalData', 'AssessedResourceTypeSQLServerVulnerability', 'AssessedResourceTypeContainerRegistryVulnerability', 'AssessedResourceTypeServerVulnerabilityAssessment' + AssessedResourceType AssessedResourceType `json:"assessedResourceType,omitempty"` +} + +// MarshalJSON is the custom marshaler for SQLServerVulnerabilityProperties. +func (ssvp SQLServerVulnerabilityProperties) MarshalJSON() ([]byte, error) { + ssvp.AssessedResourceType = AssessedResourceTypeSQLServerVulnerability + objectMap := make(map[string]interface{}) + if ssvp.AssessedResourceType != "" { + objectMap["assessedResourceType"] = ssvp.AssessedResourceType + } + return json.Marshal(objectMap) +} + +// AsSQLServerVulnerabilityProperties is the BasicAdditionalData implementation for SQLServerVulnerabilityProperties. +func (ssvp SQLServerVulnerabilityProperties) AsSQLServerVulnerabilityProperties() (*SQLServerVulnerabilityProperties, bool) { + return &ssvp, true +} + +// AsContainerRegistryVulnerabilityProperties is the BasicAdditionalData implementation for SQLServerVulnerabilityProperties. +func (ssvp SQLServerVulnerabilityProperties) AsContainerRegistryVulnerabilityProperties() (*ContainerRegistryVulnerabilityProperties, bool) { + return nil, false +} + +// AsServerVulnerabilityProperties is the BasicAdditionalData implementation for SQLServerVulnerabilityProperties. +func (ssvp SQLServerVulnerabilityProperties) AsServerVulnerabilityProperties() (*ServerVulnerabilityProperties, bool) { + return nil, false +} + +// AsAdditionalData is the BasicAdditionalData implementation for SQLServerVulnerabilityProperties. +func (ssvp SQLServerVulnerabilityProperties) AsAdditionalData() (*AdditionalData, bool) { + return nil, false +} + +// AsBasicAdditionalData is the BasicAdditionalData implementation for SQLServerVulnerabilityProperties. +func (ssvp SQLServerVulnerabilityProperties) AsBasicAdditionalData() (BasicAdditionalData, bool) { + return &ssvp, true +} + +// SubAssessment security sub-assessment on a resource +type SubAssessment struct { + autorest.Response `json:"-"` + *SubAssessmentProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Resource type + Type *string `json:"type,omitempty"` +} + +// MarshalJSON is the custom marshaler for SubAssessment. +func (sa SubAssessment) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if sa.SubAssessmentProperties != nil { + objectMap["properties"] = sa.SubAssessmentProperties + } + return json.Marshal(objectMap) +} + +// UnmarshalJSON is the custom unmarshaler for SubAssessment struct. +func (sa *SubAssessment) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var subAssessmentProperties SubAssessmentProperties + err = json.Unmarshal(*v, &subAssessmentProperties) + if err != nil { + return err + } + sa.SubAssessmentProperties = &subAssessmentProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + sa.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + sa.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + sa.Type = &typeVar + } + } + } + + return nil +} + +// SubAssessmentList list of security sub-assessments +type SubAssessmentList struct { + autorest.Response `json:"-"` + // Value - READ-ONLY + Value *[]SubAssessment `json:"value,omitempty"` + // NextLink - READ-ONLY; The URI to fetch the next page. + NextLink *string `json:"nextLink,omitempty"` +} + +// SubAssessmentListIterator provides access to a complete listing of SubAssessment values. +type SubAssessmentListIterator struct { + i int + page SubAssessmentListPage +} + +// NextWithContext advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +func (iter *SubAssessmentListIterator) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/SubAssessmentListIterator.NextWithContext") + defer func() { + sc := -1 + if iter.Response().Response.Response != nil { + sc = iter.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + iter.i++ + if iter.i < len(iter.page.Values()) { + return nil + } + err = iter.page.NextWithContext(ctx) + if err != nil { + iter.i-- + return err + } + iter.i = 0 + return nil +} + +// Next advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (iter *SubAssessmentListIterator) Next() error { + return iter.NextWithContext(context.Background()) +} + +// NotDone returns true if the enumeration should be started or is not yet complete. +func (iter SubAssessmentListIterator) NotDone() bool { + return iter.page.NotDone() && iter.i < len(iter.page.Values()) +} + +// Response returns the raw server response from the last page request. +func (iter SubAssessmentListIterator) Response() SubAssessmentList { + return iter.page.Response() +} + +// Value returns the current value or a zero-initialized value if the +// iterator has advanced beyond the end of the collection. +func (iter SubAssessmentListIterator) Value() SubAssessment { + if !iter.page.NotDone() { + return SubAssessment{} + } + return iter.page.Values()[iter.i] +} + +// Creates a new instance of the SubAssessmentListIterator type. +func NewSubAssessmentListIterator(page SubAssessmentListPage) SubAssessmentListIterator { + return SubAssessmentListIterator{page: page} +} + +// IsEmpty returns true if the ListResult contains no values. +func (sal SubAssessmentList) IsEmpty() bool { + return sal.Value == nil || len(*sal.Value) == 0 +} + +// subAssessmentListPreparer prepares a request to retrieve the next set of results. +// It returns nil if no more results exist. +func (sal SubAssessmentList) subAssessmentListPreparer(ctx context.Context) (*http.Request, error) { + if sal.NextLink == nil || len(to.String(sal.NextLink)) < 1 { + return nil, nil + } + return autorest.Prepare((&http.Request{}).WithContext(ctx), + autorest.AsJSON(), + autorest.AsGet(), + autorest.WithBaseURL(to.String(sal.NextLink))) +} + +// SubAssessmentListPage contains a page of SubAssessment values. +type SubAssessmentListPage struct { + fn func(context.Context, SubAssessmentList) (SubAssessmentList, error) + sal SubAssessmentList +} + +// NextWithContext advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +func (page *SubAssessmentListPage) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/SubAssessmentListPage.NextWithContext") + defer func() { + sc := -1 + if page.Response().Response.Response != nil { + sc = page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + next, err := page.fn(ctx, page.sal) + if err != nil { + return err + } + page.sal = next + return nil +} + +// Next advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (page *SubAssessmentListPage) Next() error { + return page.NextWithContext(context.Background()) +} + +// NotDone returns true if the page enumeration should be started or is not yet complete. +func (page SubAssessmentListPage) NotDone() bool { + return !page.sal.IsEmpty() +} + +// Response returns the raw server response from the last page request. +func (page SubAssessmentListPage) Response() SubAssessmentList { + return page.sal +} + +// Values returns the slice of values for the current page or nil if there are no values. +func (page SubAssessmentListPage) Values() []SubAssessment { + if page.sal.IsEmpty() { + return nil + } + return *page.sal.Value +} + +// Creates a new instance of the SubAssessmentListPage type. +func NewSubAssessmentListPage(getNextPage func(context.Context, SubAssessmentList) (SubAssessmentList, error)) SubAssessmentListPage { + return SubAssessmentListPage{fn: getNextPage} +} + +// SubAssessmentProperties describes properties of an sub-assessment. +type SubAssessmentProperties struct { + // ID - READ-ONLY; Vulnerability ID + ID *string `json:"id,omitempty"` + // DisplayName - READ-ONLY; User friendly display name of the sub-assessment + DisplayName *string `json:"displayName,omitempty"` + Status *SubAssessmentStatus `json:"status,omitempty"` + // Remediation - READ-ONLY; Information on how to remediate this sub-assessment + Remediation *string `json:"remediation,omitempty"` + // Impact - READ-ONLY; Description of the impact of this sub-assessment + Impact *string `json:"impact,omitempty"` + // Category - READ-ONLY; Category of the sub-assessment + Category *string `json:"category,omitempty"` + // Description - READ-ONLY; Human readable description of the assessment status + Description *string `json:"description,omitempty"` + // TimeGenerated - READ-ONLY; The date and time the sub-assessment was generated + TimeGenerated *date.Time `json:"timeGenerated,omitempty"` + ResourceDetails BasicResourceDetails `json:"resourceDetails,omitempty"` + AdditionalData BasicAdditionalData `json:"additionalData,omitempty"` +} + +// UnmarshalJSON is the custom unmarshaler for SubAssessmentProperties struct. +func (sap *SubAssessmentProperties) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + sap.ID = &ID + } + case "displayName": + if v != nil { + var displayName string + err = json.Unmarshal(*v, &displayName) + if err != nil { + return err + } + sap.DisplayName = &displayName + } + case "status": + if v != nil { + var status SubAssessmentStatus + err = json.Unmarshal(*v, &status) + if err != nil { + return err + } + sap.Status = &status + } + case "remediation": + if v != nil { + var remediation string + err = json.Unmarshal(*v, &remediation) + if err != nil { + return err + } + sap.Remediation = &remediation + } + case "impact": + if v != nil { + var impact string + err = json.Unmarshal(*v, &impact) + if err != nil { + return err + } + sap.Impact = &impact + } + case "category": + if v != nil { + var category string + err = json.Unmarshal(*v, &category) + if err != nil { + return err + } + sap.Category = &category + } + case "description": + if v != nil { + var description string + err = json.Unmarshal(*v, &description) + if err != nil { + return err + } + sap.Description = &description + } + case "timeGenerated": + if v != nil { + var timeGenerated date.Time + err = json.Unmarshal(*v, &timeGenerated) + if err != nil { + return err + } + sap.TimeGenerated = &timeGenerated + } + case "resourceDetails": + if v != nil { + resourceDetails, err := unmarshalBasicResourceDetails(*v) + if err != nil { + return err + } + sap.ResourceDetails = resourceDetails + } + case "additionalData": + if v != nil { + additionalData, err := unmarshalBasicAdditionalData(*v) + if err != nil { + return err + } + sap.AdditionalData = additionalData + } + } + } + + return nil +} + +// SubAssessmentStatus status of the sub-assessment +type SubAssessmentStatus struct { + // Code - READ-ONLY; Programmatic code for the status of the assessment. Possible values include: 'SubAssessmentStatusCodeHealthy', 'SubAssessmentStatusCodeUnhealthy', 'SubAssessmentStatusCodeNotApplicable' + Code SubAssessmentStatusCode `json:"code,omitempty"` + // Cause - READ-ONLY; Programmatic code for the cause of the assessment status + Cause *string `json:"cause,omitempty"` + // Description - READ-ONLY; Human readable description of the assessment status + Description *string `json:"description,omitempty"` + // Severity - READ-ONLY; The sub-assessment severity level. Possible values include: 'SeverityLow', 'SeverityMedium', 'SeverityHigh' + Severity Severity `json:"severity,omitempty"` +} + // TagsResource a container holding only the Tags for a resource, allowing the user to update the tags. type TagsResource struct { // Tags - Resource tags @@ -7628,6 +8484,14 @@ type UserRecommendation struct { RecommendationAction RecommendationAction1 `json:"recommendationAction,omitempty"` } +// VendorReference vendor reference +type VendorReference struct { + // Title - READ-ONLY; Link title + Title *string `json:"title,omitempty"` + // Link - READ-ONLY; Link url + Link *string `json:"link,omitempty"` +} + // VMRecommendation represents a machine that is part of a VM/server group type VMRecommendation struct { // ConfigurationStatus - Possible values include: 'Configured', 'NotConfigured', 'InProgress', 'Failed', 'NoStatus' diff --git a/services/preview/security/mgmt/v3.0/security/securityapi/interfaces.go b/services/preview/security/mgmt/v3.0/security/securityapi/interfaces.go index 279a2d80bcb1..3b70713dc7cb 100644 --- a/services/preview/security/mgmt/v3.0/security/securityapi/interfaces.go +++ b/services/preview/security/mgmt/v3.0/security/securityapi/interfaces.go @@ -286,3 +286,12 @@ type ServerVulnerabilityAssessmentClientAPI interface { } var _ ServerVulnerabilityAssessmentClientAPI = (*security.ServerVulnerabilityAssessmentClient)(nil) + +// SubAssessmentsClientAPI contains the set of methods on the SubAssessmentsClient type. +type SubAssessmentsClientAPI interface { + Get(ctx context.Context, scope string, assessmentName string, subAssessmentName string) (result security.SubAssessment, err error) + List(ctx context.Context, scope string, assessmentName string) (result security.SubAssessmentListPage, err error) + ListAll(ctx context.Context, scope string) (result security.SubAssessmentListPage, err error) +} + +var _ SubAssessmentsClientAPI = (*security.SubAssessmentsClient)(nil) diff --git a/services/preview/security/mgmt/v3.0/security/subassessments.go b/services/preview/security/mgmt/v3.0/security/subassessments.go new file mode 100644 index 000000000000..4fa19d8e398d --- /dev/null +++ b/services/preview/security/mgmt/v3.0/security/subassessments.go @@ -0,0 +1,348 @@ +package security + +// Copyright (c) Microsoft and contributors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// +// See the License for the specific language governing permissions and +// limitations under the License. +// +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +import ( + "context" + "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/azure" + "github.com/Azure/go-autorest/tracing" + "net/http" +) + +// SubAssessmentsClient is the API spec for Microsoft.Security (Azure Security Center) resource provider +type SubAssessmentsClient struct { + BaseClient +} + +// NewSubAssessmentsClient creates an instance of the SubAssessmentsClient client. +func NewSubAssessmentsClient(subscriptionID string, ascLocation string) SubAssessmentsClient { + return NewSubAssessmentsClientWithBaseURI(DefaultBaseURI, subscriptionID, ascLocation) +} + +// NewSubAssessmentsClientWithBaseURI creates an instance of the SubAssessmentsClient client. +func NewSubAssessmentsClientWithBaseURI(baseURI string, subscriptionID string, ascLocation string) SubAssessmentsClient { + return SubAssessmentsClient{NewWithBaseURI(baseURI, subscriptionID, ascLocation)} +} + +// Get get a security sub-assessment on your scanned resource +// Parameters: +// scope - scope of the query, can be subscription (/subscriptions/0b06d9ea-afe6-4779-bd59-30e5c2d9d13f) or +// management group (/providers/Microsoft.Management/managementGroups/mgName). +// assessmentName - the Assessment Key - Unique key for the assessment type +// subAssessmentName - the Sub-Assessment Key - Unique key for the sub-assessment type +func (client SubAssessmentsClient) Get(ctx context.Context, scope string, assessmentName string, subAssessmentName string) (result SubAssessment, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/SubAssessmentsClient.Get") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + req, err := client.GetPreparer(ctx, scope, assessmentName, subAssessmentName) + if err != nil { + err = autorest.NewErrorWithError(err, "security.SubAssessmentsClient", "Get", nil, "Failure preparing request") + return + } + + resp, err := client.GetSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "security.SubAssessmentsClient", "Get", resp, "Failure sending request") + return + } + + result, err = client.GetResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "security.SubAssessmentsClient", "Get", resp, "Failure responding to request") + } + + return +} + +// GetPreparer prepares the Get request. +func (client SubAssessmentsClient) GetPreparer(ctx context.Context, scope string, assessmentName string, subAssessmentName string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "assessmentName": autorest.Encode("path", assessmentName), + "scope": autorest.Encode("path", scope), + "subAssessmentName": autorest.Encode("path", subAssessmentName), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/{scope}/providers/Microsoft.Security/assessments/{assessmentName}/subAssessments/{subAssessmentName}", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// GetSender sends the Get request. The method will close the +// http.Response Body if it receives an error. +func (client SubAssessmentsClient) GetSender(req *http.Request) (*http.Response, error) { + sd := autorest.GetSendDecorators(req.Context(), autorest.DoRetryForStatusCodes(client.RetryAttempts, client.RetryDuration, autorest.StatusCodesForRetry...)) + return autorest.SendWithSender(client, req, sd...) +} + +// GetResponder handles the response to the Get request. The method always +// closes the http.Response Body. +func (client SubAssessmentsClient) GetResponder(resp *http.Response) (result SubAssessment, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// List get security sub-assessments on all your scanned resources inside a scope +// Parameters: +// scope - scope of the query, can be subscription (/subscriptions/0b06d9ea-afe6-4779-bd59-30e5c2d9d13f) or +// management group (/providers/Microsoft.Management/managementGroups/mgName). +// assessmentName - the Assessment Key - Unique key for the assessment type +func (client SubAssessmentsClient) List(ctx context.Context, scope string, assessmentName string) (result SubAssessmentListPage, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/SubAssessmentsClient.List") + defer func() { + sc := -1 + if result.sal.Response.Response != nil { + sc = result.sal.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + result.fn = client.listNextResults + req, err := client.ListPreparer(ctx, scope, assessmentName) + if err != nil { + err = autorest.NewErrorWithError(err, "security.SubAssessmentsClient", "List", nil, "Failure preparing request") + return + } + + resp, err := client.ListSender(req) + if err != nil { + result.sal.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "security.SubAssessmentsClient", "List", resp, "Failure sending request") + return + } + + result.sal, err = client.ListResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "security.SubAssessmentsClient", "List", resp, "Failure responding to request") + } + + return +} + +// ListPreparer prepares the List request. +func (client SubAssessmentsClient) ListPreparer(ctx context.Context, scope string, assessmentName string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "assessmentName": autorest.Encode("path", assessmentName), + "scope": autorest.Encode("path", scope), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/{scope}/providers/Microsoft.Security/assessments/{assessmentName}/subAssessments", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// ListSender sends the List request. The method will close the +// http.Response Body if it receives an error. +func (client SubAssessmentsClient) ListSender(req *http.Request) (*http.Response, error) { + sd := autorest.GetSendDecorators(req.Context(), autorest.DoRetryForStatusCodes(client.RetryAttempts, client.RetryDuration, autorest.StatusCodesForRetry...)) + return autorest.SendWithSender(client, req, sd...) +} + +// ListResponder handles the response to the List request. The method always +// closes the http.Response Body. +func (client SubAssessmentsClient) ListResponder(resp *http.Response) (result SubAssessmentList, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// listNextResults retrieves the next set of results, if any. +func (client SubAssessmentsClient) listNextResults(ctx context.Context, lastResults SubAssessmentList) (result SubAssessmentList, err error) { + req, err := lastResults.subAssessmentListPreparer(ctx) + if err != nil { + return result, autorest.NewErrorWithError(err, "security.SubAssessmentsClient", "listNextResults", nil, "Failure preparing next results request") + } + if req == nil { + return + } + resp, err := client.ListSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + return result, autorest.NewErrorWithError(err, "security.SubAssessmentsClient", "listNextResults", resp, "Failure sending next results request") + } + result, err = client.ListResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "security.SubAssessmentsClient", "listNextResults", resp, "Failure responding to next results request") + } + return +} + +// ListComplete enumerates all values, automatically crossing page boundaries as required. +func (client SubAssessmentsClient) ListComplete(ctx context.Context, scope string, assessmentName string) (result SubAssessmentListIterator, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/SubAssessmentsClient.List") + defer func() { + sc := -1 + if result.Response().Response.Response != nil { + sc = result.page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + result.page, err = client.List(ctx, scope, assessmentName) + return +} + +// ListAll get security sub-assessments on all your scanned resources inside a subscription scope +// Parameters: +// scope - scope of the query, can be subscription (/subscriptions/0b06d9ea-afe6-4779-bd59-30e5c2d9d13f) or +// management group (/providers/Microsoft.Management/managementGroups/mgName). +func (client SubAssessmentsClient) ListAll(ctx context.Context, scope string) (result SubAssessmentListPage, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/SubAssessmentsClient.ListAll") + defer func() { + sc := -1 + if result.sal.Response.Response != nil { + sc = result.sal.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + result.fn = client.listAllNextResults + req, err := client.ListAllPreparer(ctx, scope) + if err != nil { + err = autorest.NewErrorWithError(err, "security.SubAssessmentsClient", "ListAll", nil, "Failure preparing request") + return + } + + resp, err := client.ListAllSender(req) + if err != nil { + result.sal.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "security.SubAssessmentsClient", "ListAll", resp, "Failure sending request") + return + } + + result.sal, err = client.ListAllResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "security.SubAssessmentsClient", "ListAll", resp, "Failure responding to request") + } + + return +} + +// ListAllPreparer prepares the ListAll request. +func (client SubAssessmentsClient) ListAllPreparer(ctx context.Context, scope string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "scope": autorest.Encode("path", scope), + } + + const APIVersion = "2019-01-01-preview" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/{scope}/providers/Microsoft.Security/subAssessments", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// ListAllSender sends the ListAll request. The method will close the +// http.Response Body if it receives an error. +func (client SubAssessmentsClient) ListAllSender(req *http.Request) (*http.Response, error) { + sd := autorest.GetSendDecorators(req.Context(), autorest.DoRetryForStatusCodes(client.RetryAttempts, client.RetryDuration, autorest.StatusCodesForRetry...)) + return autorest.SendWithSender(client, req, sd...) +} + +// ListAllResponder handles the response to the ListAll request. The method always +// closes the http.Response Body. +func (client SubAssessmentsClient) ListAllResponder(resp *http.Response) (result SubAssessmentList, err error) { + err = autorest.Respond( + resp, + client.ByInspecting(), + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// listAllNextResults retrieves the next set of results, if any. +func (client SubAssessmentsClient) listAllNextResults(ctx context.Context, lastResults SubAssessmentList) (result SubAssessmentList, err error) { + req, err := lastResults.subAssessmentListPreparer(ctx) + if err != nil { + return result, autorest.NewErrorWithError(err, "security.SubAssessmentsClient", "listAllNextResults", nil, "Failure preparing next results request") + } + if req == nil { + return + } + resp, err := client.ListAllSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + return result, autorest.NewErrorWithError(err, "security.SubAssessmentsClient", "listAllNextResults", resp, "Failure sending next results request") + } + result, err = client.ListAllResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "security.SubAssessmentsClient", "listAllNextResults", resp, "Failure responding to next results request") + } + return +} + +// ListAllComplete enumerates all values, automatically crossing page boundaries as required. +func (client SubAssessmentsClient) ListAllComplete(ctx context.Context, scope string) (result SubAssessmentListIterator, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/SubAssessmentsClient.ListAll") + defer func() { + sc := -1 + if result.Response().Response.Response != nil { + sc = result.page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + result.page, err = client.ListAll(ctx, scope) + return +}