From cb4fc13e3b8c1a604ae52e997b3309855f00cf55 Mon Sep 17 00:00:00 2001 From: Azure SDK for Python bot Date: Mon, 11 Jun 2018 19:46:53 +0000 Subject: [PATCH 1/2] Generated from 929fcc6c506c0ca401f39a48a3ea55a0a948f9e9 Fixed inconsistent definitions for SQL 2014 apis. --- .../azure/mgmt/sql/models/__init__.py | 19 +- .../models/database_blob_auditing_policy.py | 62 ++++- .../database_blob_auditing_policy_py3.py | 62 ++++- .../extended_database_blob_auditing_policy.py | 146 ++++++++++++ ...ended_database_blob_auditing_policy_py3.py | 146 ++++++++++++ .../extended_server_blob_auditing_policy.py | 146 ++++++++++++ ...xtended_server_blob_auditing_policy_py3.py | 146 ++++++++++++ .../sql/models/server_blob_auditing_policy.py | 141 ++++++++++++ .../models/server_blob_auditing_policy_py3.py | 141 ++++++++++++ .../sql/models/sql_management_client_enums.py | 12 +- .../azure/mgmt/sql/operations/__init__.py | 10 +- ...abase_blob_auditing_policies_operations.py | 10 +- ...abase_blob_auditing_policies_operations.py | 187 +++++++++++++++ ...erver_blob_auditing_policies_operations.py | 213 ++++++++++++++++++ ...erver_blob_auditing_policies_operations.py | 211 +++++++++++++++++ .../azure/mgmt/sql/sql_management_client.py | 25 +- 16 files changed, 1649 insertions(+), 28 deletions(-) create mode 100644 azure-mgmt-sql/azure/mgmt/sql/models/extended_database_blob_auditing_policy.py create mode 100644 azure-mgmt-sql/azure/mgmt/sql/models/extended_database_blob_auditing_policy_py3.py create mode 100644 azure-mgmt-sql/azure/mgmt/sql/models/extended_server_blob_auditing_policy.py create mode 100644 azure-mgmt-sql/azure/mgmt/sql/models/extended_server_blob_auditing_policy_py3.py create mode 100644 azure-mgmt-sql/azure/mgmt/sql/models/server_blob_auditing_policy.py create mode 100644 azure-mgmt-sql/azure/mgmt/sql/models/server_blob_auditing_policy_py3.py create mode 100644 azure-mgmt-sql/azure/mgmt/sql/operations/extended_database_blob_auditing_policies_operations.py create mode 100644 azure-mgmt-sql/azure/mgmt/sql/operations/extended_server_blob_auditing_policies_operations.py create mode 100644 azure-mgmt-sql/azure/mgmt/sql/operations/server_blob_auditing_policies_operations.py diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/__init__.py b/azure-mgmt-sql/azure/mgmt/sql/models/__init__.py index 6d4bd5f3c186..c2ac545ef063 100644 --- a/azure-mgmt-sql/azure/mgmt/sql/models/__init__.py +++ b/azure-mgmt-sql/azure/mgmt/sql/models/__init__.py @@ -48,7 +48,6 @@ from .transparent_data_encryption_activity_py3 import TransparentDataEncryptionActivity from .server_usage_py3 import ServerUsage from .database_usage_py3 import DatabaseUsage - from .database_blob_auditing_policy_py3 import DatabaseBlobAuditingPolicy from .automatic_tuning_options_py3 import AutomaticTuningOptions from .database_automatic_tuning_py3 import DatabaseAutomaticTuning from .encryption_protector_py3 import EncryptionProtector @@ -81,6 +80,10 @@ from .sync_member_py3 import SyncMember from .subscription_usage_py3 import SubscriptionUsage from .virtual_network_rule_py3 import VirtualNetworkRule + from .extended_database_blob_auditing_policy_py3 import ExtendedDatabaseBlobAuditingPolicy + from .extended_server_blob_auditing_policy_py3 import ExtendedServerBlobAuditingPolicy + from .server_blob_auditing_policy_py3 import ServerBlobAuditingPolicy + from .database_blob_auditing_policy_py3 import DatabaseBlobAuditingPolicy from .database_vulnerability_assessment_rule_baseline_item_py3 import DatabaseVulnerabilityAssessmentRuleBaselineItem from .database_vulnerability_assessment_rule_baseline_py3 import DatabaseVulnerabilityAssessmentRuleBaseline from .vulnerability_assessment_recurring_scans_properties_py3 import VulnerabilityAssessmentRecurringScansProperties @@ -184,7 +187,6 @@ from .transparent_data_encryption_activity import TransparentDataEncryptionActivity from .server_usage import ServerUsage from .database_usage import DatabaseUsage - from .database_blob_auditing_policy import DatabaseBlobAuditingPolicy from .automatic_tuning_options import AutomaticTuningOptions from .database_automatic_tuning import DatabaseAutomaticTuning from .encryption_protector import EncryptionProtector @@ -217,6 +219,10 @@ from .sync_member import SyncMember from .subscription_usage import SubscriptionUsage from .virtual_network_rule import VirtualNetworkRule + from .extended_database_blob_auditing_policy import ExtendedDatabaseBlobAuditingPolicy + from .extended_server_blob_auditing_policy import ExtendedServerBlobAuditingPolicy + from .server_blob_auditing_policy import ServerBlobAuditingPolicy + from .database_blob_auditing_policy import DatabaseBlobAuditingPolicy from .database_vulnerability_assessment_rule_baseline_item import DatabaseVulnerabilityAssessmentRuleBaselineItem from .database_vulnerability_assessment_rule_baseline import DatabaseVulnerabilityAssessmentRuleBaseline from .vulnerability_assessment_recurring_scans_properties import VulnerabilityAssessmentRecurringScansProperties @@ -357,7 +363,6 @@ RecommendedIndexType, TransparentDataEncryptionStatus, TransparentDataEncryptionActivityStatus, - BlobAuditingPolicyState, AutomaticTuningMode, AutomaticTuningOptionModeDesired, AutomaticTuningOptionModeActual, @@ -376,6 +381,7 @@ SyncDirection, SyncMemberState, VirtualNetworkRuleState, + BlobAuditingPolicyState, JobAgentState, JobExecutionLifecycle, ProvisioningState, @@ -451,7 +457,6 @@ 'TransparentDataEncryptionActivity', 'ServerUsage', 'DatabaseUsage', - 'DatabaseBlobAuditingPolicy', 'AutomaticTuningOptions', 'DatabaseAutomaticTuning', 'EncryptionProtector', @@ -484,6 +489,10 @@ 'SyncMember', 'SubscriptionUsage', 'VirtualNetworkRule', + 'ExtendedDatabaseBlobAuditingPolicy', + 'ExtendedServerBlobAuditingPolicy', + 'ServerBlobAuditingPolicy', + 'DatabaseBlobAuditingPolicy', 'DatabaseVulnerabilityAssessmentRuleBaselineItem', 'DatabaseVulnerabilityAssessmentRuleBaseline', 'VulnerabilityAssessmentRecurringScansProperties', @@ -623,7 +632,6 @@ 'RecommendedIndexType', 'TransparentDataEncryptionStatus', 'TransparentDataEncryptionActivityStatus', - 'BlobAuditingPolicyState', 'AutomaticTuningMode', 'AutomaticTuningOptionModeDesired', 'AutomaticTuningOptionModeActual', @@ -642,6 +650,7 @@ 'SyncDirection', 'SyncMemberState', 'VirtualNetworkRuleState', + 'BlobAuditingPolicyState', 'JobAgentState', 'JobExecutionLifecycle', 'ProvisioningState', diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/database_blob_auditing_policy.py b/azure-mgmt-sql/azure/mgmt/sql/models/database_blob_auditing_policy.py index 407713325e7d..963b7674ac16 100644 --- a/azure-mgmt-sql/azure/mgmt/sql/models/database_blob_auditing_policy.py +++ b/azure-mgmt-sql/azure/mgmt/sql/models/database_blob_auditing_policy.py @@ -43,14 +43,72 @@ class DatabaseBlobAuditingPolicy(ProxyResource): :param retention_days: Specifies the number of days to keep in the audit logs. :type retention_days: int - :param audit_actions_and_groups: Specifies the Actions and Actions-Groups + :param audit_actions_and_groups: Specifies the Actions-Groups and Actions to audit. + The recommended set of action groups to use is the following combination - + this will audit all the queries and stored procedures executed against the + database, as well as successful and failed logins: + BATCH_COMPLETED_GROUP, + SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP, + FAILED_DATABASE_AUTHENTICATION_GROUP. + This above combination is also the set that is configured by default when + enabling auditing from the Azure portal. + The supported action groups to audit are (note: choose only specific + groups that cover your auditing needs. Using unnecessary groups could lead + to very large quantities of audit records): + APPLICATION_ROLE_CHANGE_PASSWORD_GROUP + BACKUP_RESTORE_GROUP + DATABASE_LOGOUT_GROUP + DATABASE_OBJECT_CHANGE_GROUP + DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP + DATABASE_OBJECT_PERMISSION_CHANGE_GROUP + DATABASE_OPERATION_GROUP + DATABASE_PERMISSION_CHANGE_GROUP + DATABASE_PRINCIPAL_CHANGE_GROUP + DATABASE_PRINCIPAL_IMPERSONATION_GROUP + DATABASE_ROLE_MEMBER_CHANGE_GROUP + FAILED_DATABASE_AUTHENTICATION_GROUP + SCHEMA_OBJECT_ACCESS_GROUP + SCHEMA_OBJECT_CHANGE_GROUP + SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP + SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP + SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP + USER_CHANGE_PASSWORD_GROUP + BATCH_STARTED_GROUP + BATCH_COMPLETED_GROUP + These are groups that cover all sql statements and stored procedures + executed against the database, and should not be used in combination with + other groups as this will result in duplicate audit logs. + For more information, see [Database-Level Audit Action + Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups). + For Database auditing policy, specific Actions can also be specified (note + that Actions cannot be specified for Server auditing policy). The + supported actions to audit are: + SELECT + UPDATE + INSERT + DELETE + EXECUTE + RECEIVE + REFERENCES + The general form for defining an action to be audited is: + ON BY + Note that in the above format can refer to an object like a + table, view, or stored procedure, or an entire database or schema. For the + latter cases, the forms DATABASE:: and SCHEMA:: are + used, respectively. + For example: + SELECT on dbo.myTable by public + SELECT on DATABASE::myDatabase by public + SELECT on SCHEMA::mySchema by public + For more information, see [Database-Level Audit + Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions) :type audit_actions_and_groups: list[str] :param storage_account_subscription_id: Specifies the blob storage subscription Id. :type storage_account_subscription_id: str :param is_storage_secondary_key_in_use: Specifies whether - storageAccountAccessKey value is the storage’s secondary key. + storageAccountAccessKey value is the storage's secondary key. :type is_storage_secondary_key_in_use: bool """ diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/database_blob_auditing_policy_py3.py b/azure-mgmt-sql/azure/mgmt/sql/models/database_blob_auditing_policy_py3.py index bfc95370f0fc..1c58ec560a03 100644 --- a/azure-mgmt-sql/azure/mgmt/sql/models/database_blob_auditing_policy_py3.py +++ b/azure-mgmt-sql/azure/mgmt/sql/models/database_blob_auditing_policy_py3.py @@ -43,14 +43,72 @@ class DatabaseBlobAuditingPolicy(ProxyResource): :param retention_days: Specifies the number of days to keep in the audit logs. :type retention_days: int - :param audit_actions_and_groups: Specifies the Actions and Actions-Groups + :param audit_actions_and_groups: Specifies the Actions-Groups and Actions to audit. + The recommended set of action groups to use is the following combination - + this will audit all the queries and stored procedures executed against the + database, as well as successful and failed logins: + BATCH_COMPLETED_GROUP, + SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP, + FAILED_DATABASE_AUTHENTICATION_GROUP. + This above combination is also the set that is configured by default when + enabling auditing from the Azure portal. + The supported action groups to audit are (note: choose only specific + groups that cover your auditing needs. Using unnecessary groups could lead + to very large quantities of audit records): + APPLICATION_ROLE_CHANGE_PASSWORD_GROUP + BACKUP_RESTORE_GROUP + DATABASE_LOGOUT_GROUP + DATABASE_OBJECT_CHANGE_GROUP + DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP + DATABASE_OBJECT_PERMISSION_CHANGE_GROUP + DATABASE_OPERATION_GROUP + DATABASE_PERMISSION_CHANGE_GROUP + DATABASE_PRINCIPAL_CHANGE_GROUP + DATABASE_PRINCIPAL_IMPERSONATION_GROUP + DATABASE_ROLE_MEMBER_CHANGE_GROUP + FAILED_DATABASE_AUTHENTICATION_GROUP + SCHEMA_OBJECT_ACCESS_GROUP + SCHEMA_OBJECT_CHANGE_GROUP + SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP + SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP + SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP + USER_CHANGE_PASSWORD_GROUP + BATCH_STARTED_GROUP + BATCH_COMPLETED_GROUP + These are groups that cover all sql statements and stored procedures + executed against the database, and should not be used in combination with + other groups as this will result in duplicate audit logs. + For more information, see [Database-Level Audit Action + Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups). + For Database auditing policy, specific Actions can also be specified (note + that Actions cannot be specified for Server auditing policy). The + supported actions to audit are: + SELECT + UPDATE + INSERT + DELETE + EXECUTE + RECEIVE + REFERENCES + The general form for defining an action to be audited is: + ON BY + Note that in the above format can refer to an object like a + table, view, or stored procedure, or an entire database or schema. For the + latter cases, the forms DATABASE:: and SCHEMA:: are + used, respectively. + For example: + SELECT on dbo.myTable by public + SELECT on DATABASE::myDatabase by public + SELECT on SCHEMA::mySchema by public + For more information, see [Database-Level Audit + Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions) :type audit_actions_and_groups: list[str] :param storage_account_subscription_id: Specifies the blob storage subscription Id. :type storage_account_subscription_id: str :param is_storage_secondary_key_in_use: Specifies whether - storageAccountAccessKey value is the storage’s secondary key. + storageAccountAccessKey value is the storage's secondary key. :type is_storage_secondary_key_in_use: bool """ diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/extended_database_blob_auditing_policy.py b/azure-mgmt-sql/azure/mgmt/sql/models/extended_database_blob_auditing_policy.py new file mode 100644 index 000000000000..cdfb75e47f2a --- /dev/null +++ b/azure-mgmt-sql/azure/mgmt/sql/models/extended_database_blob_auditing_policy.py @@ -0,0 +1,146 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from .proxy_resource import ProxyResource + + +class ExtendedDatabaseBlobAuditingPolicy(ProxyResource): + """An extended database blob auditing policy. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Resource ID. + :vartype id: str + :ivar name: Resource name. + :vartype name: str + :ivar type: Resource type. + :vartype type: str + :param predicate_expression: Specifies condition of where clause when + creating an audit. + :type predicate_expression: str + :param state: Required. Specifies the state of the policy. If state is + Enabled, storageEndpoint and storageAccountAccessKey are required. + Possible values include: 'Enabled', 'Disabled' + :type state: str or ~azure.mgmt.sql.models.BlobAuditingPolicyState + :param storage_endpoint: Specifies the blob storage endpoint (e.g. + https://MyAccount.blob.core.windows.net). If state is Enabled, + storageEndpoint is required. + :type storage_endpoint: str + :param storage_account_access_key: Specifies the identifier key of the + auditing storage account. If state is Enabled, storageAccountAccessKey is + required. + :type storage_account_access_key: str + :param retention_days: Specifies the number of days to keep in the audit + logs. + :type retention_days: int + :param audit_actions_and_groups: Specifies the Actions-Groups and Actions + to audit. + The recommended set of action groups to use is the following combination - + this will audit all the queries and stored procedures executed against the + database, as well as successful and failed logins: + BATCH_COMPLETED_GROUP, + SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP, + FAILED_DATABASE_AUTHENTICATION_GROUP. + This above combination is also the set that is configured by default when + enabling auditing from the Azure portal. + The supported action groups to audit are (note: choose only specific + groups that cover your auditing needs. Using unnecessary groups could lead + to very large quantities of audit records): + APPLICATION_ROLE_CHANGE_PASSWORD_GROUP + BACKUP_RESTORE_GROUP + DATABASE_LOGOUT_GROUP + DATABASE_OBJECT_CHANGE_GROUP + DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP + DATABASE_OBJECT_PERMISSION_CHANGE_GROUP + DATABASE_OPERATION_GROUP + DATABASE_PERMISSION_CHANGE_GROUP + DATABASE_PRINCIPAL_CHANGE_GROUP + DATABASE_PRINCIPAL_IMPERSONATION_GROUP + DATABASE_ROLE_MEMBER_CHANGE_GROUP + FAILED_DATABASE_AUTHENTICATION_GROUP + SCHEMA_OBJECT_ACCESS_GROUP + SCHEMA_OBJECT_CHANGE_GROUP + SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP + SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP + SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP + USER_CHANGE_PASSWORD_GROUP + BATCH_STARTED_GROUP + BATCH_COMPLETED_GROUP + These are groups that cover all sql statements and stored procedures + executed against the database, and should not be used in combination with + other groups as this will result in duplicate audit logs. + For more information, see [Database-Level Audit Action + Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups). + For Database auditing policy, specific Actions can also be specified (note + that Actions cannot be specified for Server auditing policy). The + supported actions to audit are: + SELECT + UPDATE + INSERT + DELETE + EXECUTE + RECEIVE + REFERENCES + The general form for defining an action to be audited is: + ON BY + Note that in the above format can refer to an object like a + table, view, or stored procedure, or an entire database or schema. For the + latter cases, the forms DATABASE:: and SCHEMA:: are + used, respectively. + For example: + SELECT on dbo.myTable by public + SELECT on DATABASE::myDatabase by public + SELECT on SCHEMA::mySchema by public + For more information, see [Database-Level Audit + Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions) + :type audit_actions_and_groups: list[str] + :param storage_account_subscription_id: Specifies the blob storage + subscription Id. + :type storage_account_subscription_id: str + :param is_storage_secondary_key_in_use: Specifies whether + storageAccountAccessKey value is the storage's secondary key. + :type is_storage_secondary_key_in_use: bool + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'state': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'predicate_expression': {'key': 'properties.predicateExpression', 'type': 'str'}, + 'state': {'key': 'properties.state', 'type': 'BlobAuditingPolicyState'}, + 'storage_endpoint': {'key': 'properties.storageEndpoint', 'type': 'str'}, + 'storage_account_access_key': {'key': 'properties.storageAccountAccessKey', 'type': 'str'}, + 'retention_days': {'key': 'properties.retentionDays', 'type': 'int'}, + 'audit_actions_and_groups': {'key': 'properties.auditActionsAndGroups', 'type': '[str]'}, + 'storage_account_subscription_id': {'key': 'properties.storageAccountSubscriptionId', 'type': 'str'}, + 'is_storage_secondary_key_in_use': {'key': 'properties.isStorageSecondaryKeyInUse', 'type': 'bool'}, + } + + def __init__(self, **kwargs): + super(ExtendedDatabaseBlobAuditingPolicy, self).__init__(**kwargs) + self.predicate_expression = kwargs.get('predicate_expression', None) + self.state = kwargs.get('state', None) + self.storage_endpoint = kwargs.get('storage_endpoint', None) + self.storage_account_access_key = kwargs.get('storage_account_access_key', None) + self.retention_days = kwargs.get('retention_days', None) + self.audit_actions_and_groups = kwargs.get('audit_actions_and_groups', None) + self.storage_account_subscription_id = kwargs.get('storage_account_subscription_id', None) + self.is_storage_secondary_key_in_use = kwargs.get('is_storage_secondary_key_in_use', None) diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/extended_database_blob_auditing_policy_py3.py b/azure-mgmt-sql/azure/mgmt/sql/models/extended_database_blob_auditing_policy_py3.py new file mode 100644 index 000000000000..ee5ce27523e1 --- /dev/null +++ b/azure-mgmt-sql/azure/mgmt/sql/models/extended_database_blob_auditing_policy_py3.py @@ -0,0 +1,146 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from .proxy_resource_py3 import ProxyResource + + +class ExtendedDatabaseBlobAuditingPolicy(ProxyResource): + """An extended database blob auditing policy. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Resource ID. + :vartype id: str + :ivar name: Resource name. + :vartype name: str + :ivar type: Resource type. + :vartype type: str + :param predicate_expression: Specifies condition of where clause when + creating an audit. + :type predicate_expression: str + :param state: Required. Specifies the state of the policy. If state is + Enabled, storageEndpoint and storageAccountAccessKey are required. + Possible values include: 'Enabled', 'Disabled' + :type state: str or ~azure.mgmt.sql.models.BlobAuditingPolicyState + :param storage_endpoint: Specifies the blob storage endpoint (e.g. + https://MyAccount.blob.core.windows.net). If state is Enabled, + storageEndpoint is required. + :type storage_endpoint: str + :param storage_account_access_key: Specifies the identifier key of the + auditing storage account. If state is Enabled, storageAccountAccessKey is + required. + :type storage_account_access_key: str + :param retention_days: Specifies the number of days to keep in the audit + logs. + :type retention_days: int + :param audit_actions_and_groups: Specifies the Actions-Groups and Actions + to audit. + The recommended set of action groups to use is the following combination - + this will audit all the queries and stored procedures executed against the + database, as well as successful and failed logins: + BATCH_COMPLETED_GROUP, + SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP, + FAILED_DATABASE_AUTHENTICATION_GROUP. + This above combination is also the set that is configured by default when + enabling auditing from the Azure portal. + The supported action groups to audit are (note: choose only specific + groups that cover your auditing needs. Using unnecessary groups could lead + to very large quantities of audit records): + APPLICATION_ROLE_CHANGE_PASSWORD_GROUP + BACKUP_RESTORE_GROUP + DATABASE_LOGOUT_GROUP + DATABASE_OBJECT_CHANGE_GROUP + DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP + DATABASE_OBJECT_PERMISSION_CHANGE_GROUP + DATABASE_OPERATION_GROUP + DATABASE_PERMISSION_CHANGE_GROUP + DATABASE_PRINCIPAL_CHANGE_GROUP + DATABASE_PRINCIPAL_IMPERSONATION_GROUP + DATABASE_ROLE_MEMBER_CHANGE_GROUP + FAILED_DATABASE_AUTHENTICATION_GROUP + SCHEMA_OBJECT_ACCESS_GROUP + SCHEMA_OBJECT_CHANGE_GROUP + SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP + SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP + SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP + USER_CHANGE_PASSWORD_GROUP + BATCH_STARTED_GROUP + BATCH_COMPLETED_GROUP + These are groups that cover all sql statements and stored procedures + executed against the database, and should not be used in combination with + other groups as this will result in duplicate audit logs. + For more information, see [Database-Level Audit Action + Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups). + For Database auditing policy, specific Actions can also be specified (note + that Actions cannot be specified for Server auditing policy). The + supported actions to audit are: + SELECT + UPDATE + INSERT + DELETE + EXECUTE + RECEIVE + REFERENCES + The general form for defining an action to be audited is: + ON BY + Note that in the above format can refer to an object like a + table, view, or stored procedure, or an entire database or schema. For the + latter cases, the forms DATABASE:: and SCHEMA:: are + used, respectively. + For example: + SELECT on dbo.myTable by public + SELECT on DATABASE::myDatabase by public + SELECT on SCHEMA::mySchema by public + For more information, see [Database-Level Audit + Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions) + :type audit_actions_and_groups: list[str] + :param storage_account_subscription_id: Specifies the blob storage + subscription Id. + :type storage_account_subscription_id: str + :param is_storage_secondary_key_in_use: Specifies whether + storageAccountAccessKey value is the storage's secondary key. + :type is_storage_secondary_key_in_use: bool + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'state': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'predicate_expression': {'key': 'properties.predicateExpression', 'type': 'str'}, + 'state': {'key': 'properties.state', 'type': 'BlobAuditingPolicyState'}, + 'storage_endpoint': {'key': 'properties.storageEndpoint', 'type': 'str'}, + 'storage_account_access_key': {'key': 'properties.storageAccountAccessKey', 'type': 'str'}, + 'retention_days': {'key': 'properties.retentionDays', 'type': 'int'}, + 'audit_actions_and_groups': {'key': 'properties.auditActionsAndGroups', 'type': '[str]'}, + 'storage_account_subscription_id': {'key': 'properties.storageAccountSubscriptionId', 'type': 'str'}, + 'is_storage_secondary_key_in_use': {'key': 'properties.isStorageSecondaryKeyInUse', 'type': 'bool'}, + } + + def __init__(self, *, state, predicate_expression: str=None, storage_endpoint: str=None, storage_account_access_key: str=None, retention_days: int=None, audit_actions_and_groups=None, storage_account_subscription_id: str=None, is_storage_secondary_key_in_use: bool=None, **kwargs) -> None: + super(ExtendedDatabaseBlobAuditingPolicy, self).__init__(**kwargs) + self.predicate_expression = predicate_expression + self.state = state + self.storage_endpoint = storage_endpoint + self.storage_account_access_key = storage_account_access_key + self.retention_days = retention_days + self.audit_actions_and_groups = audit_actions_and_groups + self.storage_account_subscription_id = storage_account_subscription_id + self.is_storage_secondary_key_in_use = is_storage_secondary_key_in_use diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/extended_server_blob_auditing_policy.py b/azure-mgmt-sql/azure/mgmt/sql/models/extended_server_blob_auditing_policy.py new file mode 100644 index 000000000000..a11e18ac68b1 --- /dev/null +++ b/azure-mgmt-sql/azure/mgmt/sql/models/extended_server_blob_auditing_policy.py @@ -0,0 +1,146 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from .proxy_resource import ProxyResource + + +class ExtendedServerBlobAuditingPolicy(ProxyResource): + """An extended server blob auditing policy. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Resource ID. + :vartype id: str + :ivar name: Resource name. + :vartype name: str + :ivar type: Resource type. + :vartype type: str + :param predicate_expression: Specifies condition of where clause when + creating an audit. + :type predicate_expression: str + :param state: Required. Specifies the state of the policy. If state is + Enabled, storageEndpoint and storageAccountAccessKey are required. + Possible values include: 'Enabled', 'Disabled' + :type state: str or ~azure.mgmt.sql.models.BlobAuditingPolicyState + :param storage_endpoint: Specifies the blob storage endpoint (e.g. + https://MyAccount.blob.core.windows.net). If state is Enabled, + storageEndpoint is required. + :type storage_endpoint: str + :param storage_account_access_key: Specifies the identifier key of the + auditing storage account. If state is Enabled, storageAccountAccessKey is + required. + :type storage_account_access_key: str + :param retention_days: Specifies the number of days to keep in the audit + logs. + :type retention_days: int + :param audit_actions_and_groups: Specifies the Actions-Groups and Actions + to audit. + The recommended set of action groups to use is the following combination - + this will audit all the queries and stored procedures executed against the + database, as well as successful and failed logins: + BATCH_COMPLETED_GROUP, + SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP, + FAILED_DATABASE_AUTHENTICATION_GROUP. + This above combination is also the set that is configured by default when + enabling auditing from the Azure portal. + The supported action groups to audit are (note: choose only specific + groups that cover your auditing needs. Using unnecessary groups could lead + to very large quantities of audit records): + APPLICATION_ROLE_CHANGE_PASSWORD_GROUP + BACKUP_RESTORE_GROUP + DATABASE_LOGOUT_GROUP + DATABASE_OBJECT_CHANGE_GROUP + DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP + DATABASE_OBJECT_PERMISSION_CHANGE_GROUP + DATABASE_OPERATION_GROUP + DATABASE_PERMISSION_CHANGE_GROUP + DATABASE_PRINCIPAL_CHANGE_GROUP + DATABASE_PRINCIPAL_IMPERSONATION_GROUP + DATABASE_ROLE_MEMBER_CHANGE_GROUP + FAILED_DATABASE_AUTHENTICATION_GROUP + SCHEMA_OBJECT_ACCESS_GROUP + SCHEMA_OBJECT_CHANGE_GROUP + SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP + SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP + SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP + USER_CHANGE_PASSWORD_GROUP + BATCH_STARTED_GROUP + BATCH_COMPLETED_GROUP + These are groups that cover all sql statements and stored procedures + executed against the database, and should not be used in combination with + other groups as this will result in duplicate audit logs. + For more information, see [Database-Level Audit Action + Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups). + For Database auditing policy, specific Actions can also be specified (note + that Actions cannot be specified for Server auditing policy). The + supported actions to audit are: + SELECT + UPDATE + INSERT + DELETE + EXECUTE + RECEIVE + REFERENCES + The general form for defining an action to be audited is: + ON BY + Note that in the above format can refer to an object like a + table, view, or stored procedure, or an entire database or schema. For the + latter cases, the forms DATABASE:: and SCHEMA:: are + used, respectively. + For example: + SELECT on dbo.myTable by public + SELECT on DATABASE::myDatabase by public + SELECT on SCHEMA::mySchema by public + For more information, see [Database-Level Audit + Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions) + :type audit_actions_and_groups: list[str] + :param storage_account_subscription_id: Specifies the blob storage + subscription Id. + :type storage_account_subscription_id: str + :param is_storage_secondary_key_in_use: Specifies whether + storageAccountAccessKey value is the storage's secondary key. + :type is_storage_secondary_key_in_use: bool + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'state': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'predicate_expression': {'key': 'properties.predicateExpression', 'type': 'str'}, + 'state': {'key': 'properties.state', 'type': 'BlobAuditingPolicyState'}, + 'storage_endpoint': {'key': 'properties.storageEndpoint', 'type': 'str'}, + 'storage_account_access_key': {'key': 'properties.storageAccountAccessKey', 'type': 'str'}, + 'retention_days': {'key': 'properties.retentionDays', 'type': 'int'}, + 'audit_actions_and_groups': {'key': 'properties.auditActionsAndGroups', 'type': '[str]'}, + 'storage_account_subscription_id': {'key': 'properties.storageAccountSubscriptionId', 'type': 'str'}, + 'is_storage_secondary_key_in_use': {'key': 'properties.isStorageSecondaryKeyInUse', 'type': 'bool'}, + } + + def __init__(self, **kwargs): + super(ExtendedServerBlobAuditingPolicy, self).__init__(**kwargs) + self.predicate_expression = kwargs.get('predicate_expression', None) + self.state = kwargs.get('state', None) + self.storage_endpoint = kwargs.get('storage_endpoint', None) + self.storage_account_access_key = kwargs.get('storage_account_access_key', None) + self.retention_days = kwargs.get('retention_days', None) + self.audit_actions_and_groups = kwargs.get('audit_actions_and_groups', None) + self.storage_account_subscription_id = kwargs.get('storage_account_subscription_id', None) + self.is_storage_secondary_key_in_use = kwargs.get('is_storage_secondary_key_in_use', None) diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/extended_server_blob_auditing_policy_py3.py b/azure-mgmt-sql/azure/mgmt/sql/models/extended_server_blob_auditing_policy_py3.py new file mode 100644 index 000000000000..ac522801a8dd --- /dev/null +++ b/azure-mgmt-sql/azure/mgmt/sql/models/extended_server_blob_auditing_policy_py3.py @@ -0,0 +1,146 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from .proxy_resource_py3 import ProxyResource + + +class ExtendedServerBlobAuditingPolicy(ProxyResource): + """An extended server blob auditing policy. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Resource ID. + :vartype id: str + :ivar name: Resource name. + :vartype name: str + :ivar type: Resource type. + :vartype type: str + :param predicate_expression: Specifies condition of where clause when + creating an audit. + :type predicate_expression: str + :param state: Required. Specifies the state of the policy. If state is + Enabled, storageEndpoint and storageAccountAccessKey are required. + Possible values include: 'Enabled', 'Disabled' + :type state: str or ~azure.mgmt.sql.models.BlobAuditingPolicyState + :param storage_endpoint: Specifies the blob storage endpoint (e.g. + https://MyAccount.blob.core.windows.net). If state is Enabled, + storageEndpoint is required. + :type storage_endpoint: str + :param storage_account_access_key: Specifies the identifier key of the + auditing storage account. If state is Enabled, storageAccountAccessKey is + required. + :type storage_account_access_key: str + :param retention_days: Specifies the number of days to keep in the audit + logs. + :type retention_days: int + :param audit_actions_and_groups: Specifies the Actions-Groups and Actions + to audit. + The recommended set of action groups to use is the following combination - + this will audit all the queries and stored procedures executed against the + database, as well as successful and failed logins: + BATCH_COMPLETED_GROUP, + SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP, + FAILED_DATABASE_AUTHENTICATION_GROUP. + This above combination is also the set that is configured by default when + enabling auditing from the Azure portal. + The supported action groups to audit are (note: choose only specific + groups that cover your auditing needs. Using unnecessary groups could lead + to very large quantities of audit records): + APPLICATION_ROLE_CHANGE_PASSWORD_GROUP + BACKUP_RESTORE_GROUP + DATABASE_LOGOUT_GROUP + DATABASE_OBJECT_CHANGE_GROUP + DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP + DATABASE_OBJECT_PERMISSION_CHANGE_GROUP + DATABASE_OPERATION_GROUP + DATABASE_PERMISSION_CHANGE_GROUP + DATABASE_PRINCIPAL_CHANGE_GROUP + DATABASE_PRINCIPAL_IMPERSONATION_GROUP + DATABASE_ROLE_MEMBER_CHANGE_GROUP + FAILED_DATABASE_AUTHENTICATION_GROUP + SCHEMA_OBJECT_ACCESS_GROUP + SCHEMA_OBJECT_CHANGE_GROUP + SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP + SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP + SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP + USER_CHANGE_PASSWORD_GROUP + BATCH_STARTED_GROUP + BATCH_COMPLETED_GROUP + These are groups that cover all sql statements and stored procedures + executed against the database, and should not be used in combination with + other groups as this will result in duplicate audit logs. + For more information, see [Database-Level Audit Action + Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups). + For Database auditing policy, specific Actions can also be specified (note + that Actions cannot be specified for Server auditing policy). The + supported actions to audit are: + SELECT + UPDATE + INSERT + DELETE + EXECUTE + RECEIVE + REFERENCES + The general form for defining an action to be audited is: + ON BY + Note that in the above format can refer to an object like a + table, view, or stored procedure, or an entire database or schema. For the + latter cases, the forms DATABASE:: and SCHEMA:: are + used, respectively. + For example: + SELECT on dbo.myTable by public + SELECT on DATABASE::myDatabase by public + SELECT on SCHEMA::mySchema by public + For more information, see [Database-Level Audit + Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions) + :type audit_actions_and_groups: list[str] + :param storage_account_subscription_id: Specifies the blob storage + subscription Id. + :type storage_account_subscription_id: str + :param is_storage_secondary_key_in_use: Specifies whether + storageAccountAccessKey value is the storage's secondary key. + :type is_storage_secondary_key_in_use: bool + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'state': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'predicate_expression': {'key': 'properties.predicateExpression', 'type': 'str'}, + 'state': {'key': 'properties.state', 'type': 'BlobAuditingPolicyState'}, + 'storage_endpoint': {'key': 'properties.storageEndpoint', 'type': 'str'}, + 'storage_account_access_key': {'key': 'properties.storageAccountAccessKey', 'type': 'str'}, + 'retention_days': {'key': 'properties.retentionDays', 'type': 'int'}, + 'audit_actions_and_groups': {'key': 'properties.auditActionsAndGroups', 'type': '[str]'}, + 'storage_account_subscription_id': {'key': 'properties.storageAccountSubscriptionId', 'type': 'str'}, + 'is_storage_secondary_key_in_use': {'key': 'properties.isStorageSecondaryKeyInUse', 'type': 'bool'}, + } + + def __init__(self, *, state, predicate_expression: str=None, storage_endpoint: str=None, storage_account_access_key: str=None, retention_days: int=None, audit_actions_and_groups=None, storage_account_subscription_id: str=None, is_storage_secondary_key_in_use: bool=None, **kwargs) -> None: + super(ExtendedServerBlobAuditingPolicy, self).__init__(**kwargs) + self.predicate_expression = predicate_expression + self.state = state + self.storage_endpoint = storage_endpoint + self.storage_account_access_key = storage_account_access_key + self.retention_days = retention_days + self.audit_actions_and_groups = audit_actions_and_groups + self.storage_account_subscription_id = storage_account_subscription_id + self.is_storage_secondary_key_in_use = is_storage_secondary_key_in_use diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/server_blob_auditing_policy.py b/azure-mgmt-sql/azure/mgmt/sql/models/server_blob_auditing_policy.py new file mode 100644 index 000000000000..0232582a4237 --- /dev/null +++ b/azure-mgmt-sql/azure/mgmt/sql/models/server_blob_auditing_policy.py @@ -0,0 +1,141 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from .proxy_resource import ProxyResource + + +class ServerBlobAuditingPolicy(ProxyResource): + """A server blob auditing policy. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Resource ID. + :vartype id: str + :ivar name: Resource name. + :vartype name: str + :ivar type: Resource type. + :vartype type: str + :param state: Required. Specifies the state of the policy. If state is + Enabled, storageEndpoint and storageAccountAccessKey are required. + Possible values include: 'Enabled', 'Disabled' + :type state: str or ~azure.mgmt.sql.models.BlobAuditingPolicyState + :param storage_endpoint: Specifies the blob storage endpoint (e.g. + https://MyAccount.blob.core.windows.net). If state is Enabled, + storageEndpoint is required. + :type storage_endpoint: str + :param storage_account_access_key: Specifies the identifier key of the + auditing storage account. If state is Enabled, storageAccountAccessKey is + required. + :type storage_account_access_key: str + :param retention_days: Specifies the number of days to keep in the audit + logs. + :type retention_days: int + :param audit_actions_and_groups: Specifies the Actions-Groups and Actions + to audit. + The recommended set of action groups to use is the following combination - + this will audit all the queries and stored procedures executed against the + database, as well as successful and failed logins: + BATCH_COMPLETED_GROUP, + SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP, + FAILED_DATABASE_AUTHENTICATION_GROUP. + This above combination is also the set that is configured by default when + enabling auditing from the Azure portal. + The supported action groups to audit are (note: choose only specific + groups that cover your auditing needs. Using unnecessary groups could lead + to very large quantities of audit records): + APPLICATION_ROLE_CHANGE_PASSWORD_GROUP + BACKUP_RESTORE_GROUP + DATABASE_LOGOUT_GROUP + DATABASE_OBJECT_CHANGE_GROUP + DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP + DATABASE_OBJECT_PERMISSION_CHANGE_GROUP + DATABASE_OPERATION_GROUP + DATABASE_PERMISSION_CHANGE_GROUP + DATABASE_PRINCIPAL_CHANGE_GROUP + DATABASE_PRINCIPAL_IMPERSONATION_GROUP + DATABASE_ROLE_MEMBER_CHANGE_GROUP + FAILED_DATABASE_AUTHENTICATION_GROUP + SCHEMA_OBJECT_ACCESS_GROUP + SCHEMA_OBJECT_CHANGE_GROUP + SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP + SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP + SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP + USER_CHANGE_PASSWORD_GROUP + BATCH_STARTED_GROUP + BATCH_COMPLETED_GROUP + These are groups that cover all sql statements and stored procedures + executed against the database, and should not be used in combination with + other groups as this will result in duplicate audit logs. + For more information, see [Database-Level Audit Action + Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups). + For Database auditing policy, specific Actions can also be specified (note + that Actions cannot be specified for Server auditing policy). The + supported actions to audit are: + SELECT + UPDATE + INSERT + DELETE + EXECUTE + RECEIVE + REFERENCES + The general form for defining an action to be audited is: + ON BY + Note that in the above format can refer to an object like a + table, view, or stored procedure, or an entire database or schema. For the + latter cases, the forms DATABASE:: and SCHEMA:: are + used, respectively. + For example: + SELECT on dbo.myTable by public + SELECT on DATABASE::myDatabase by public + SELECT on SCHEMA::mySchema by public + For more information, see [Database-Level Audit + Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions) + :type audit_actions_and_groups: list[str] + :param storage_account_subscription_id: Specifies the blob storage + subscription Id. + :type storage_account_subscription_id: str + :param is_storage_secondary_key_in_use: Specifies whether + storageAccountAccessKey value is the storage's secondary key. + :type is_storage_secondary_key_in_use: bool + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'state': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'state': {'key': 'properties.state', 'type': 'BlobAuditingPolicyState'}, + 'storage_endpoint': {'key': 'properties.storageEndpoint', 'type': 'str'}, + 'storage_account_access_key': {'key': 'properties.storageAccountAccessKey', 'type': 'str'}, + 'retention_days': {'key': 'properties.retentionDays', 'type': 'int'}, + 'audit_actions_and_groups': {'key': 'properties.auditActionsAndGroups', 'type': '[str]'}, + 'storage_account_subscription_id': {'key': 'properties.storageAccountSubscriptionId', 'type': 'str'}, + 'is_storage_secondary_key_in_use': {'key': 'properties.isStorageSecondaryKeyInUse', 'type': 'bool'}, + } + + def __init__(self, **kwargs): + super(ServerBlobAuditingPolicy, self).__init__(**kwargs) + self.state = kwargs.get('state', None) + self.storage_endpoint = kwargs.get('storage_endpoint', None) + self.storage_account_access_key = kwargs.get('storage_account_access_key', None) + self.retention_days = kwargs.get('retention_days', None) + self.audit_actions_and_groups = kwargs.get('audit_actions_and_groups', None) + self.storage_account_subscription_id = kwargs.get('storage_account_subscription_id', None) + self.is_storage_secondary_key_in_use = kwargs.get('is_storage_secondary_key_in_use', None) diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/server_blob_auditing_policy_py3.py b/azure-mgmt-sql/azure/mgmt/sql/models/server_blob_auditing_policy_py3.py new file mode 100644 index 000000000000..51dcc8c41d4c --- /dev/null +++ b/azure-mgmt-sql/azure/mgmt/sql/models/server_blob_auditing_policy_py3.py @@ -0,0 +1,141 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from .proxy_resource_py3 import ProxyResource + + +class ServerBlobAuditingPolicy(ProxyResource): + """A server blob auditing policy. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Resource ID. + :vartype id: str + :ivar name: Resource name. + :vartype name: str + :ivar type: Resource type. + :vartype type: str + :param state: Required. Specifies the state of the policy. If state is + Enabled, storageEndpoint and storageAccountAccessKey are required. + Possible values include: 'Enabled', 'Disabled' + :type state: str or ~azure.mgmt.sql.models.BlobAuditingPolicyState + :param storage_endpoint: Specifies the blob storage endpoint (e.g. + https://MyAccount.blob.core.windows.net). If state is Enabled, + storageEndpoint is required. + :type storage_endpoint: str + :param storage_account_access_key: Specifies the identifier key of the + auditing storage account. If state is Enabled, storageAccountAccessKey is + required. + :type storage_account_access_key: str + :param retention_days: Specifies the number of days to keep in the audit + logs. + :type retention_days: int + :param audit_actions_and_groups: Specifies the Actions-Groups and Actions + to audit. + The recommended set of action groups to use is the following combination - + this will audit all the queries and stored procedures executed against the + database, as well as successful and failed logins: + BATCH_COMPLETED_GROUP, + SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP, + FAILED_DATABASE_AUTHENTICATION_GROUP. + This above combination is also the set that is configured by default when + enabling auditing from the Azure portal. + The supported action groups to audit are (note: choose only specific + groups that cover your auditing needs. Using unnecessary groups could lead + to very large quantities of audit records): + APPLICATION_ROLE_CHANGE_PASSWORD_GROUP + BACKUP_RESTORE_GROUP + DATABASE_LOGOUT_GROUP + DATABASE_OBJECT_CHANGE_GROUP + DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP + DATABASE_OBJECT_PERMISSION_CHANGE_GROUP + DATABASE_OPERATION_GROUP + DATABASE_PERMISSION_CHANGE_GROUP + DATABASE_PRINCIPAL_CHANGE_GROUP + DATABASE_PRINCIPAL_IMPERSONATION_GROUP + DATABASE_ROLE_MEMBER_CHANGE_GROUP + FAILED_DATABASE_AUTHENTICATION_GROUP + SCHEMA_OBJECT_ACCESS_GROUP + SCHEMA_OBJECT_CHANGE_GROUP + SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP + SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP + SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP + USER_CHANGE_PASSWORD_GROUP + BATCH_STARTED_GROUP + BATCH_COMPLETED_GROUP + These are groups that cover all sql statements and stored procedures + executed against the database, and should not be used in combination with + other groups as this will result in duplicate audit logs. + For more information, see [Database-Level Audit Action + Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups). + For Database auditing policy, specific Actions can also be specified (note + that Actions cannot be specified for Server auditing policy). The + supported actions to audit are: + SELECT + UPDATE + INSERT + DELETE + EXECUTE + RECEIVE + REFERENCES + The general form for defining an action to be audited is: + ON BY + Note that in the above format can refer to an object like a + table, view, or stored procedure, or an entire database or schema. For the + latter cases, the forms DATABASE:: and SCHEMA:: are + used, respectively. + For example: + SELECT on dbo.myTable by public + SELECT on DATABASE::myDatabase by public + SELECT on SCHEMA::mySchema by public + For more information, see [Database-Level Audit + Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions) + :type audit_actions_and_groups: list[str] + :param storage_account_subscription_id: Specifies the blob storage + subscription Id. + :type storage_account_subscription_id: str + :param is_storage_secondary_key_in_use: Specifies whether + storageAccountAccessKey value is the storage's secondary key. + :type is_storage_secondary_key_in_use: bool + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'state': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'state': {'key': 'properties.state', 'type': 'BlobAuditingPolicyState'}, + 'storage_endpoint': {'key': 'properties.storageEndpoint', 'type': 'str'}, + 'storage_account_access_key': {'key': 'properties.storageAccountAccessKey', 'type': 'str'}, + 'retention_days': {'key': 'properties.retentionDays', 'type': 'int'}, + 'audit_actions_and_groups': {'key': 'properties.auditActionsAndGroups', 'type': '[str]'}, + 'storage_account_subscription_id': {'key': 'properties.storageAccountSubscriptionId', 'type': 'str'}, + 'is_storage_secondary_key_in_use': {'key': 'properties.isStorageSecondaryKeyInUse', 'type': 'bool'}, + } + + def __init__(self, *, state, storage_endpoint: str=None, storage_account_access_key: str=None, retention_days: int=None, audit_actions_and_groups=None, storage_account_subscription_id: str=None, is_storage_secondary_key_in_use: bool=None, **kwargs) -> None: + super(ServerBlobAuditingPolicy, self).__init__(**kwargs) + self.state = state + self.storage_endpoint = storage_endpoint + self.storage_account_access_key = storage_account_access_key + self.retention_days = retention_days + self.audit_actions_and_groups = audit_actions_and_groups + self.storage_account_subscription_id = storage_account_subscription_id + self.is_storage_secondary_key_in_use = is_storage_secondary_key_in_use diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/sql_management_client_enums.py b/azure-mgmt-sql/azure/mgmt/sql/models/sql_management_client_enums.py index 1a9912914186..a1ebb2af3196 100644 --- a/azure-mgmt-sql/azure/mgmt/sql/models/sql_management_client_enums.py +++ b/azure-mgmt-sql/azure/mgmt/sql/models/sql_management_client_enums.py @@ -264,12 +264,6 @@ class TransparentDataEncryptionActivityStatus(str, Enum): decrypting = "Decrypting" -class BlobAuditingPolicyState(str, Enum): - - enabled = "Enabled" - disabled = "Disabled" - - class AutomaticTuningMode(str, Enum): inherit = "Inherit" @@ -411,6 +405,12 @@ class VirtualNetworkRuleState(str, Enum): unknown = "Unknown" +class BlobAuditingPolicyState(str, Enum): + + enabled = "Enabled" + disabled = "Disabled" + + class JobAgentState(str, Enum): creating = "Creating" diff --git a/azure-mgmt-sql/azure/mgmt/sql/operations/__init__.py b/azure-mgmt-sql/azure/mgmt/sql/operations/__init__.py index 6a439bd7367f..5512e9c68b84 100644 --- a/azure-mgmt-sql/azure/mgmt/sql/operations/__init__.py +++ b/azure-mgmt-sql/azure/mgmt/sql/operations/__init__.py @@ -32,7 +32,6 @@ from .transparent_data_encryption_activities_operations import TransparentDataEncryptionActivitiesOperations from .server_usages_operations import ServerUsagesOperations from .database_usages_operations import DatabaseUsagesOperations -from .database_blob_auditing_policies_operations import DatabaseBlobAuditingPoliciesOperations from .database_automatic_tuning_operations import DatabaseAutomaticTuningOperations from .encryption_protectors_operations import EncryptionProtectorsOperations from .failover_groups_operations import FailoverGroupsOperations @@ -44,6 +43,10 @@ from .sync_members_operations import SyncMembersOperations from .subscription_usages_operations import SubscriptionUsagesOperations from .virtual_network_rules_operations import VirtualNetworkRulesOperations +from .extended_database_blob_auditing_policies_operations import ExtendedDatabaseBlobAuditingPoliciesOperations +from .extended_server_blob_auditing_policies_operations import ExtendedServerBlobAuditingPoliciesOperations +from .server_blob_auditing_policies_operations import ServerBlobAuditingPoliciesOperations +from .database_blob_auditing_policies_operations import DatabaseBlobAuditingPoliciesOperations from .database_vulnerability_assessment_rule_baselines_operations import DatabaseVulnerabilityAssessmentRuleBaselinesOperations from .database_vulnerability_assessments_operations import DatabaseVulnerabilityAssessmentsOperations from .job_agents_operations import JobAgentsOperations @@ -93,7 +96,6 @@ 'TransparentDataEncryptionActivitiesOperations', 'ServerUsagesOperations', 'DatabaseUsagesOperations', - 'DatabaseBlobAuditingPoliciesOperations', 'DatabaseAutomaticTuningOperations', 'EncryptionProtectorsOperations', 'FailoverGroupsOperations', @@ -105,6 +107,10 @@ 'SyncMembersOperations', 'SubscriptionUsagesOperations', 'VirtualNetworkRulesOperations', + 'ExtendedDatabaseBlobAuditingPoliciesOperations', + 'ExtendedServerBlobAuditingPoliciesOperations', + 'ServerBlobAuditingPoliciesOperations', + 'DatabaseBlobAuditingPoliciesOperations', 'DatabaseVulnerabilityAssessmentRuleBaselinesOperations', 'DatabaseVulnerabilityAssessmentsOperations', 'JobAgentsOperations', diff --git a/azure-mgmt-sql/azure/mgmt/sql/operations/database_blob_auditing_policies_operations.py b/azure-mgmt-sql/azure/mgmt/sql/operations/database_blob_auditing_policies_operations.py index fa915bf7c00d..425ace0b8cc3 100644 --- a/azure-mgmt-sql/azure/mgmt/sql/operations/database_blob_auditing_policies_operations.py +++ b/azure-mgmt-sql/azure/mgmt/sql/operations/database_blob_auditing_policies_operations.py @@ -24,7 +24,7 @@ class DatabaseBlobAuditingPoliciesOperations(object): :param serializer: An object model serializer. :param deserializer: An object model deserializer. :ivar blob_auditing_policy_name: The name of the blob auditing policy. Constant value: "default". - :ivar api_version: The API version to use for the request. Constant value: "2015-05-01-preview". + :ivar api_version: The API version to use for the request. Constant value: "2017-03-01-preview". """ models = models @@ -35,7 +35,7 @@ def __init__(self, client, config, serializer, deserializer): self._serialize = serializer self._deserialize = deserializer self.blob_auditing_policy_name = "default" - self.api_version = "2015-05-01-preview" + self.api_version = "2017-03-01-preview" self.config = config @@ -49,8 +49,7 @@ def get( :type resource_group_name: str :param server_name: The name of the server. :type server_name: str - :param database_name: The name of the database for which the blob - audit policy is defined. + :param database_name: The name of the database. :type database_name: str :param dict custom_headers: headers that will be added to the request :param bool raw: returns the direct response alongside the @@ -118,8 +117,7 @@ def create_or_update( :type resource_group_name: str :param server_name: The name of the server. :type server_name: str - :param database_name: The name of the database for which the blob - auditing policy will be defined. + :param database_name: The name of the database. :type database_name: str :param parameters: The database blob auditing policy. :type parameters: ~azure.mgmt.sql.models.DatabaseBlobAuditingPolicy diff --git a/azure-mgmt-sql/azure/mgmt/sql/operations/extended_database_blob_auditing_policies_operations.py b/azure-mgmt-sql/azure/mgmt/sql/operations/extended_database_blob_auditing_policies_operations.py new file mode 100644 index 000000000000..73ff8454c8b5 --- /dev/null +++ b/azure-mgmt-sql/azure/mgmt/sql/operations/extended_database_blob_auditing_policies_operations.py @@ -0,0 +1,187 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +import uuid +from msrest.pipeline import ClientRawResponse +from msrestazure.azure_exceptions import CloudError + +from .. import models + + +class ExtendedDatabaseBlobAuditingPoliciesOperations(object): + """ExtendedDatabaseBlobAuditingPoliciesOperations operations. + + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + :ivar blob_auditing_policy_name: The name of the blob auditing policy. Constant value: "default". + :ivar api_version: The API version to use for the request. Constant value: "2017-03-01-preview". + """ + + models = models + + def __init__(self, client, config, serializer, deserializer): + + self._client = client + self._serialize = serializer + self._deserialize = deserializer + self.blob_auditing_policy_name = "default" + self.api_version = "2017-03-01-preview" + + self.config = config + + def get( + self, resource_group_name, server_name, database_name, custom_headers=None, raw=False, **operation_config): + """Gets an extended database's blob auditing policy. + + :param resource_group_name: The name of the resource group that + contains the resource. You can obtain this value from the Azure + Resource Manager API or the portal. + :type resource_group_name: str + :param server_name: The name of the server. + :type server_name: str + :param database_name: The name of the database. + :type database_name: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: ExtendedDatabaseBlobAuditingPolicy or ClientRawResponse if + raw=true + :rtype: ~azure.mgmt.sql.models.ExtendedDatabaseBlobAuditingPolicy or + ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.get.metadata['url'] + path_format_arguments = { + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str'), + 'serverName': self._serialize.url("server_name", server_name, 'str'), + 'databaseName': self._serialize.url("database_name", database_name, 'str'), + 'blobAuditingPolicyName': self._serialize.url("self.blob_auditing_policy_name", self.blob_auditing_policy_name, 'str'), + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters) + response = self._client.send(request, header_parameters, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + + if response.status_code == 200: + deserialized = self._deserialize('ExtendedDatabaseBlobAuditingPolicy', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + get.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/databases/{databaseName}/extendedAuditingSettings/{blobAuditingPolicyName}'} + + def create_or_update( + self, resource_group_name, server_name, database_name, parameters, custom_headers=None, raw=False, **operation_config): + """Creates or updates an extended database's blob auditing policy. + + :param resource_group_name: The name of the resource group that + contains the resource. You can obtain this value from the Azure + Resource Manager API or the portal. + :type resource_group_name: str + :param server_name: The name of the server. + :type server_name: str + :param database_name: The name of the database. + :type database_name: str + :param parameters: The extended database blob auditing policy. + :type parameters: + ~azure.mgmt.sql.models.ExtendedDatabaseBlobAuditingPolicy + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: ExtendedDatabaseBlobAuditingPolicy or ClientRawResponse if + raw=true + :rtype: ~azure.mgmt.sql.models.ExtendedDatabaseBlobAuditingPolicy or + ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.create_or_update.metadata['url'] + path_format_arguments = { + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str'), + 'serverName': self._serialize.url("server_name", server_name, 'str'), + 'databaseName': self._serialize.url("database_name", database_name, 'str'), + 'blobAuditingPolicyName': self._serialize.url("self.blob_auditing_policy_name", self.blob_auditing_policy_name, 'str'), + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct body + body_content = self._serialize.body(parameters, 'ExtendedDatabaseBlobAuditingPolicy') + + # Construct and send request + request = self._client.put(url, query_parameters) + response = self._client.send( + request, header_parameters, body_content, stream=False, **operation_config) + + if response.status_code not in [200, 201]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + + if response.status_code == 200: + deserialized = self._deserialize('ExtendedDatabaseBlobAuditingPolicy', response) + if response.status_code == 201: + deserialized = self._deserialize('ExtendedDatabaseBlobAuditingPolicy', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + create_or_update.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/databases/{databaseName}/extendedAuditingSettings/{blobAuditingPolicyName}'} diff --git a/azure-mgmt-sql/azure/mgmt/sql/operations/extended_server_blob_auditing_policies_operations.py b/azure-mgmt-sql/azure/mgmt/sql/operations/extended_server_blob_auditing_policies_operations.py new file mode 100644 index 000000000000..02830132aa3f --- /dev/null +++ b/azure-mgmt-sql/azure/mgmt/sql/operations/extended_server_blob_auditing_policies_operations.py @@ -0,0 +1,213 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +import uuid +from msrest.pipeline import ClientRawResponse +from msrestazure.azure_exceptions import CloudError +from msrest.polling import LROPoller, NoPolling +from msrestazure.polling.arm_polling import ARMPolling + +from .. import models + + +class ExtendedServerBlobAuditingPoliciesOperations(object): + """ExtendedServerBlobAuditingPoliciesOperations operations. + + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + :ivar blob_auditing_policy_name: The name of the blob auditing policy. Constant value: "default". + :ivar api_version: The API version to use for the request. Constant value: "2017-03-01-preview". + """ + + models = models + + def __init__(self, client, config, serializer, deserializer): + + self._client = client + self._serialize = serializer + self._deserialize = deserializer + self.blob_auditing_policy_name = "default" + self.api_version = "2017-03-01-preview" + + self.config = config + + def get( + self, resource_group_name, server_name, custom_headers=None, raw=False, **operation_config): + """Gets an extended server's blob auditing policy. + + :param resource_group_name: The name of the resource group that + contains the resource. You can obtain this value from the Azure + Resource Manager API or the portal. + :type resource_group_name: str + :param server_name: The name of the server. + :type server_name: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: ExtendedServerBlobAuditingPolicy or ClientRawResponse if + raw=true + :rtype: ~azure.mgmt.sql.models.ExtendedServerBlobAuditingPolicy or + ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.get.metadata['url'] + path_format_arguments = { + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str'), + 'serverName': self._serialize.url("server_name", server_name, 'str'), + 'blobAuditingPolicyName': self._serialize.url("self.blob_auditing_policy_name", self.blob_auditing_policy_name, 'str'), + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters) + response = self._client.send(request, header_parameters, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + + if response.status_code == 200: + deserialized = self._deserialize('ExtendedServerBlobAuditingPolicy', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + get.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/extendedAuditingSettings/{blobAuditingPolicyName}'} + + + def _create_or_update_initial( + self, resource_group_name, server_name, parameters, custom_headers=None, raw=False, **operation_config): + # Construct URL + url = self.create_or_update.metadata['url'] + path_format_arguments = { + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str'), + 'serverName': self._serialize.url("server_name", server_name, 'str'), + 'blobAuditingPolicyName': self._serialize.url("self.blob_auditing_policy_name", self.blob_auditing_policy_name, 'str'), + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct body + body_content = self._serialize.body(parameters, 'ExtendedServerBlobAuditingPolicy') + + # Construct and send request + request = self._client.put(url, query_parameters) + response = self._client.send( + request, header_parameters, body_content, stream=False, **operation_config) + + if response.status_code not in [200, 202]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + + if response.status_code == 200: + deserialized = self._deserialize('ExtendedServerBlobAuditingPolicy', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + + def create_or_update( + self, resource_group_name, server_name, parameters, custom_headers=None, raw=False, polling=True, **operation_config): + """Creates or updates an extended server's blob auditing policy. + + :param resource_group_name: The name of the resource group that + contains the resource. You can obtain this value from the Azure + Resource Manager API or the portal. + :type resource_group_name: str + :param server_name: The name of the server. + :type server_name: str + :param parameters: Properties of extended blob auditing policy + :type parameters: + ~azure.mgmt.sql.models.ExtendedServerBlobAuditingPolicy + :param dict custom_headers: headers that will be added to the request + :param bool raw: The poller return type is ClientRawResponse, the + direct response alongside the deserialized response + :param polling: True for ARMPolling, False for no polling, or a + polling object for personal polling strategy + :return: An instance of LROPoller that returns + ExtendedServerBlobAuditingPolicy or + ClientRawResponse if raw==True + :rtype: + ~msrestazure.azure_operation.AzureOperationPoller[~azure.mgmt.sql.models.ExtendedServerBlobAuditingPolicy] + or + ~msrestazure.azure_operation.AzureOperationPoller[~msrest.pipeline.ClientRawResponse[~azure.mgmt.sql.models.ExtendedServerBlobAuditingPolicy]] + :raises: :class:`CloudError` + """ + raw_result = self._create_or_update_initial( + resource_group_name=resource_group_name, + server_name=server_name, + parameters=parameters, + custom_headers=custom_headers, + raw=True, + **operation_config + ) + + def get_long_running_output(response): + deserialized = self._deserialize('ExtendedServerBlobAuditingPolicy', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + + lro_delay = operation_config.get( + 'long_running_operation_timeout', + self.config.long_running_operation_timeout) + if polling is True: polling_method = ARMPolling(lro_delay, **operation_config) + elif polling is False: polling_method = NoPolling() + else: polling_method = polling + return LROPoller(self._client, raw_result, get_long_running_output, polling_method) + create_or_update.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/extendedAuditingSettings/{blobAuditingPolicyName}'} diff --git a/azure-mgmt-sql/azure/mgmt/sql/operations/server_blob_auditing_policies_operations.py b/azure-mgmt-sql/azure/mgmt/sql/operations/server_blob_auditing_policies_operations.py new file mode 100644 index 000000000000..ae38710656f9 --- /dev/null +++ b/azure-mgmt-sql/azure/mgmt/sql/operations/server_blob_auditing_policies_operations.py @@ -0,0 +1,211 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +import uuid +from msrest.pipeline import ClientRawResponse +from msrestazure.azure_exceptions import CloudError +from msrest.polling import LROPoller, NoPolling +from msrestazure.polling.arm_polling import ARMPolling + +from .. import models + + +class ServerBlobAuditingPoliciesOperations(object): + """ServerBlobAuditingPoliciesOperations operations. + + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + :ivar blob_auditing_policy_name: The name of the blob auditing policy. Constant value: "default". + :ivar api_version: The API version to use for the request. Constant value: "2017-03-01-preview". + """ + + models = models + + def __init__(self, client, config, serializer, deserializer): + + self._client = client + self._serialize = serializer + self._deserialize = deserializer + self.blob_auditing_policy_name = "default" + self.api_version = "2017-03-01-preview" + + self.config = config + + def get( + self, resource_group_name, server_name, custom_headers=None, raw=False, **operation_config): + """Gets a server's blob auditing policy. + + :param resource_group_name: The name of the resource group that + contains the resource. You can obtain this value from the Azure + Resource Manager API or the portal. + :type resource_group_name: str + :param server_name: The name of the server. + :type server_name: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: ServerBlobAuditingPolicy or ClientRawResponse if raw=true + :rtype: ~azure.mgmt.sql.models.ServerBlobAuditingPolicy or + ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.get.metadata['url'] + path_format_arguments = { + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str'), + 'serverName': self._serialize.url("server_name", server_name, 'str'), + 'blobAuditingPolicyName': self._serialize.url("self.blob_auditing_policy_name", self.blob_auditing_policy_name, 'str'), + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters) + response = self._client.send(request, header_parameters, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + + if response.status_code == 200: + deserialized = self._deserialize('ServerBlobAuditingPolicy', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + get.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/auditingSettings/{blobAuditingPolicyName}'} + + + def _create_or_update_initial( + self, resource_group_name, server_name, parameters, custom_headers=None, raw=False, **operation_config): + # Construct URL + url = self.create_or_update.metadata['url'] + path_format_arguments = { + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str'), + 'serverName': self._serialize.url("server_name", server_name, 'str'), + 'blobAuditingPolicyName': self._serialize.url("self.blob_auditing_policy_name", self.blob_auditing_policy_name, 'str'), + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct body + body_content = self._serialize.body(parameters, 'ServerBlobAuditingPolicy') + + # Construct and send request + request = self._client.put(url, query_parameters) + response = self._client.send( + request, header_parameters, body_content, stream=False, **operation_config) + + if response.status_code not in [200, 202]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + + if response.status_code == 200: + deserialized = self._deserialize('ServerBlobAuditingPolicy', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + + def create_or_update( + self, resource_group_name, server_name, parameters, custom_headers=None, raw=False, polling=True, **operation_config): + """Creates or updates a server's blob auditing policy. + + :param resource_group_name: The name of the resource group that + contains the resource. You can obtain this value from the Azure + Resource Manager API or the portal. + :type resource_group_name: str + :param server_name: The name of the server. + :type server_name: str + :param parameters: Properties of blob auditing policy + :type parameters: ~azure.mgmt.sql.models.ServerBlobAuditingPolicy + :param dict custom_headers: headers that will be added to the request + :param bool raw: The poller return type is ClientRawResponse, the + direct response alongside the deserialized response + :param polling: True for ARMPolling, False for no polling, or a + polling object for personal polling strategy + :return: An instance of LROPoller that returns + ServerBlobAuditingPolicy or + ClientRawResponse if raw==True + :rtype: + ~msrestazure.azure_operation.AzureOperationPoller[~azure.mgmt.sql.models.ServerBlobAuditingPolicy] + or + ~msrestazure.azure_operation.AzureOperationPoller[~msrest.pipeline.ClientRawResponse[~azure.mgmt.sql.models.ServerBlobAuditingPolicy]] + :raises: :class:`CloudError` + """ + raw_result = self._create_or_update_initial( + resource_group_name=resource_group_name, + server_name=server_name, + parameters=parameters, + custom_headers=custom_headers, + raw=True, + **operation_config + ) + + def get_long_running_output(response): + deserialized = self._deserialize('ServerBlobAuditingPolicy', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + + lro_delay = operation_config.get( + 'long_running_operation_timeout', + self.config.long_running_operation_timeout) + if polling is True: polling_method = ARMPolling(lro_delay, **operation_config) + elif polling is False: polling_method = NoPolling() + else: polling_method = polling + return LROPoller(self._client, raw_result, get_long_running_output, polling_method) + create_or_update.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/auditingSettings/{blobAuditingPolicyName}'} diff --git a/azure-mgmt-sql/azure/mgmt/sql/sql_management_client.py b/azure-mgmt-sql/azure/mgmt/sql/sql_management_client.py index 9afb33b63ea4..404b7b7bc740 100644 --- a/azure-mgmt-sql/azure/mgmt/sql/sql_management_client.py +++ b/azure-mgmt-sql/azure/mgmt/sql/sql_management_client.py @@ -36,7 +36,6 @@ from .operations.transparent_data_encryption_activities_operations import TransparentDataEncryptionActivitiesOperations from .operations.server_usages_operations import ServerUsagesOperations from .operations.database_usages_operations import DatabaseUsagesOperations -from .operations.database_blob_auditing_policies_operations import DatabaseBlobAuditingPoliciesOperations from .operations.database_automatic_tuning_operations import DatabaseAutomaticTuningOperations from .operations.encryption_protectors_operations import EncryptionProtectorsOperations from .operations.failover_groups_operations import FailoverGroupsOperations @@ -48,6 +47,10 @@ from .operations.sync_members_operations import SyncMembersOperations from .operations.subscription_usages_operations import SubscriptionUsagesOperations from .operations.virtual_network_rules_operations import VirtualNetworkRulesOperations +from .operations.extended_database_blob_auditing_policies_operations import ExtendedDatabaseBlobAuditingPoliciesOperations +from .operations.extended_server_blob_auditing_policies_operations import ExtendedServerBlobAuditingPoliciesOperations +from .operations.server_blob_auditing_policies_operations import ServerBlobAuditingPoliciesOperations +from .operations.database_blob_auditing_policies_operations import DatabaseBlobAuditingPoliciesOperations from .operations.database_vulnerability_assessment_rule_baselines_operations import DatabaseVulnerabilityAssessmentRuleBaselinesOperations from .operations.database_vulnerability_assessments_operations import DatabaseVulnerabilityAssessmentsOperations from .operations.job_agents_operations import JobAgentsOperations @@ -160,8 +163,6 @@ class SqlManagementClient(SDKClient): :vartype server_usages: azure.mgmt.sql.operations.ServerUsagesOperations :ivar database_usages: DatabaseUsages operations :vartype database_usages: azure.mgmt.sql.operations.DatabaseUsagesOperations - :ivar database_blob_auditing_policies: DatabaseBlobAuditingPolicies operations - :vartype database_blob_auditing_policies: azure.mgmt.sql.operations.DatabaseBlobAuditingPoliciesOperations :ivar database_automatic_tuning: DatabaseAutomaticTuning operations :vartype database_automatic_tuning: azure.mgmt.sql.operations.DatabaseAutomaticTuningOperations :ivar encryption_protectors: EncryptionProtectors operations @@ -184,6 +185,14 @@ class SqlManagementClient(SDKClient): :vartype subscription_usages: azure.mgmt.sql.operations.SubscriptionUsagesOperations :ivar virtual_network_rules: VirtualNetworkRules operations :vartype virtual_network_rules: azure.mgmt.sql.operations.VirtualNetworkRulesOperations + :ivar extended_database_blob_auditing_policies: ExtendedDatabaseBlobAuditingPolicies operations + :vartype extended_database_blob_auditing_policies: azure.mgmt.sql.operations.ExtendedDatabaseBlobAuditingPoliciesOperations + :ivar extended_server_blob_auditing_policies: ExtendedServerBlobAuditingPolicies operations + :vartype extended_server_blob_auditing_policies: azure.mgmt.sql.operations.ExtendedServerBlobAuditingPoliciesOperations + :ivar server_blob_auditing_policies: ServerBlobAuditingPolicies operations + :vartype server_blob_auditing_policies: azure.mgmt.sql.operations.ServerBlobAuditingPoliciesOperations + :ivar database_blob_auditing_policies: DatabaseBlobAuditingPolicies operations + :vartype database_blob_auditing_policies: azure.mgmt.sql.operations.DatabaseBlobAuditingPoliciesOperations :ivar database_vulnerability_assessment_rule_baselines: DatabaseVulnerabilityAssessmentRuleBaselines operations :vartype database_vulnerability_assessment_rule_baselines: azure.mgmt.sql.operations.DatabaseVulnerabilityAssessmentRuleBaselinesOperations :ivar database_vulnerability_assessments: DatabaseVulnerabilityAssessments operations @@ -298,8 +307,6 @@ def __init__( self._client, self.config, self._serialize, self._deserialize) self.database_usages = DatabaseUsagesOperations( self._client, self.config, self._serialize, self._deserialize) - self.database_blob_auditing_policies = DatabaseBlobAuditingPoliciesOperations( - self._client, self.config, self._serialize, self._deserialize) self.database_automatic_tuning = DatabaseAutomaticTuningOperations( self._client, self.config, self._serialize, self._deserialize) self.encryption_protectors = EncryptionProtectorsOperations( @@ -322,6 +329,14 @@ def __init__( self._client, self.config, self._serialize, self._deserialize) self.virtual_network_rules = VirtualNetworkRulesOperations( self._client, self.config, self._serialize, self._deserialize) + self.extended_database_blob_auditing_policies = ExtendedDatabaseBlobAuditingPoliciesOperations( + self._client, self.config, self._serialize, self._deserialize) + self.extended_server_blob_auditing_policies = ExtendedServerBlobAuditingPoliciesOperations( + self._client, self.config, self._serialize, self._deserialize) + self.server_blob_auditing_policies = ServerBlobAuditingPoliciesOperations( + self._client, self.config, self._serialize, self._deserialize) + self.database_blob_auditing_policies = DatabaseBlobAuditingPoliciesOperations( + self._client, self.config, self._serialize, self._deserialize) self.database_vulnerability_assessment_rule_baselines = DatabaseVulnerabilityAssessmentRuleBaselinesOperations( self._client, self.config, self._serialize, self._deserialize) self.database_vulnerability_assessments = DatabaseVulnerabilityAssessmentsOperations( From 2bc11c317b2c071b83594521ffde2600a0ba40b4 Mon Sep 17 00:00:00 2001 From: Azure SDK for Python bot Date: Wed, 13 Jun 2018 00:16:22 +0000 Subject: [PATCH 2/2] Generated from 929fcc6c506c0ca401f39a48a3ea55a0a948f9e9 Fixed inconsistent definitions for SQL 2014 apis. --- .../azure/mgmt/sql/models/__init__.py | 5 - .../models/server_security_alert_policy.py | 82 ------- .../server_security_alert_policy_py3.py | 82 ------- .../sql/models/sql_management_client_enums.py | 6 - .../azure/mgmt/sql/operations/__init__.py | 2 - ...rver_security_alert_policies_operations.py | 211 ------------------ .../azure/mgmt/sql/sql_management_client.py | 5 - 7 files changed, 393 deletions(-) delete mode 100644 azure-mgmt-sql/azure/mgmt/sql/models/server_security_alert_policy.py delete mode 100644 azure-mgmt-sql/azure/mgmt/sql/models/server_security_alert_policy_py3.py delete mode 100644 azure-mgmt-sql/azure/mgmt/sql/operations/server_security_alert_policies_operations.py diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/__init__.py b/azure-mgmt-sql/azure/mgmt/sql/models/__init__.py index c2ac545ef063..09841e652260 100644 --- a/azure-mgmt-sql/azure/mgmt/sql/models/__init__.py +++ b/azure-mgmt-sql/azure/mgmt/sql/models/__init__.py @@ -111,7 +111,6 @@ from .server_automatic_tuning_py3 import ServerAutomaticTuning from .server_dns_alias_py3 import ServerDnsAlias from .server_dns_alias_acquisition_py3 import ServerDnsAliasAcquisition - from .server_security_alert_policy_py3 import ServerSecurityAlertPolicy from .restore_point_py3 import RestorePoint from .create_database_restore_point_definition_py3 import CreateDatabaseRestorePointDefinition from .database_operation_py3 import DatabaseOperation @@ -250,7 +249,6 @@ from .server_automatic_tuning import ServerAutomaticTuning from .server_dns_alias import ServerDnsAlias from .server_dns_alias_acquisition import ServerDnsAliasAcquisition - from .server_security_alert_policy import ServerSecurityAlertPolicy from .restore_point import RestorePoint from .create_database_restore_point_definition import CreateDatabaseRestorePointDefinition from .database_operation import DatabaseOperation @@ -396,7 +394,6 @@ ManagedDatabaseCreateMode, AutomaticTuningServerMode, AutomaticTuningServerReason, - SecurityAlertState, RestorePointType, ManagementOperationState, MaxSizeUnit, @@ -520,7 +517,6 @@ 'ServerAutomaticTuning', 'ServerDnsAlias', 'ServerDnsAliasAcquisition', - 'ServerSecurityAlertPolicy', 'RestorePoint', 'CreateDatabaseRestorePointDefinition', 'DatabaseOperation', @@ -665,7 +661,6 @@ 'ManagedDatabaseCreateMode', 'AutomaticTuningServerMode', 'AutomaticTuningServerReason', - 'SecurityAlertState', 'RestorePointType', 'ManagementOperationState', 'MaxSizeUnit', diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/server_security_alert_policy.py b/azure-mgmt-sql/azure/mgmt/sql/models/server_security_alert_policy.py deleted file mode 100644 index 428a8edb608b..000000000000 --- a/azure-mgmt-sql/azure/mgmt/sql/models/server_security_alert_policy.py +++ /dev/null @@ -1,82 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for -# license information. -# -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is -# regenerated. -# -------------------------------------------------------------------------- - -from .proxy_resource import ProxyResource - - -class ServerSecurityAlertPolicy(ProxyResource): - """A server security alert policy. - - Variables are only populated by the server, and will be ignored when - sending a request. - - All required parameters must be populated in order to send to Azure. - - :ivar id: Resource ID. - :vartype id: str - :ivar name: Resource name. - :vartype name: str - :ivar type: Resource type. - :vartype type: str - :param state: Required. Specifies the state of the policy, whether it is - enabled or disabled. Possible values include: 'Enabled', 'Disabled' - :type state: str or ~azure.mgmt.sql.models.SecurityAlertState - :param disabled_alerts: Specifies an array of alerts that are disabled. - Allowed values are: Sql_Injection, Sql_Injection_Vulnerability, - Access_Anomaly - :type disabled_alerts: list[str] - :param email_addresses: Specifies an array of e-mail addresses to which - the alert is sent. - :type email_addresses: list[str] - :param email_account_admins: Specifies that the alert is sent to the - account administrators. - :type email_account_admins: bool - :param storage_endpoint: Specifies the blob storage endpoint (e.g. - https://MyAccount.blob.core.windows.net). This blob storage will hold all - Threat Detection audit logs. - :type storage_endpoint: str - :param storage_account_access_key: Specifies the identifier key of the - Threat Detection audit storage account. - :type storage_account_access_key: str - :param retention_days: Specifies the number of days to keep in the Threat - Detection audit logs. - :type retention_days: int - """ - - _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'state': {'required': True}, - } - - _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'state': {'key': 'properties.state', 'type': 'SecurityAlertState'}, - 'disabled_alerts': {'key': 'properties.disabledAlerts', 'type': '[str]'}, - 'email_addresses': {'key': 'properties.emailAddresses', 'type': '[str]'}, - 'email_account_admins': {'key': 'properties.emailAccountAdmins', 'type': 'bool'}, - 'storage_endpoint': {'key': 'properties.storageEndpoint', 'type': 'str'}, - 'storage_account_access_key': {'key': 'properties.storageAccountAccessKey', 'type': 'str'}, - 'retention_days': {'key': 'properties.retentionDays', 'type': 'int'}, - } - - def __init__(self, **kwargs): - super(ServerSecurityAlertPolicy, self).__init__(**kwargs) - self.state = kwargs.get('state', None) - self.disabled_alerts = kwargs.get('disabled_alerts', None) - self.email_addresses = kwargs.get('email_addresses', None) - self.email_account_admins = kwargs.get('email_account_admins', None) - self.storage_endpoint = kwargs.get('storage_endpoint', None) - self.storage_account_access_key = kwargs.get('storage_account_access_key', None) - self.retention_days = kwargs.get('retention_days', None) diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/server_security_alert_policy_py3.py b/azure-mgmt-sql/azure/mgmt/sql/models/server_security_alert_policy_py3.py deleted file mode 100644 index 62457fadcf25..000000000000 --- a/azure-mgmt-sql/azure/mgmt/sql/models/server_security_alert_policy_py3.py +++ /dev/null @@ -1,82 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for -# license information. -# -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is -# regenerated. -# -------------------------------------------------------------------------- - -from .proxy_resource_py3 import ProxyResource - - -class ServerSecurityAlertPolicy(ProxyResource): - """A server security alert policy. - - Variables are only populated by the server, and will be ignored when - sending a request. - - All required parameters must be populated in order to send to Azure. - - :ivar id: Resource ID. - :vartype id: str - :ivar name: Resource name. - :vartype name: str - :ivar type: Resource type. - :vartype type: str - :param state: Required. Specifies the state of the policy, whether it is - enabled or disabled. Possible values include: 'Enabled', 'Disabled' - :type state: str or ~azure.mgmt.sql.models.SecurityAlertState - :param disabled_alerts: Specifies an array of alerts that are disabled. - Allowed values are: Sql_Injection, Sql_Injection_Vulnerability, - Access_Anomaly - :type disabled_alerts: list[str] - :param email_addresses: Specifies an array of e-mail addresses to which - the alert is sent. - :type email_addresses: list[str] - :param email_account_admins: Specifies that the alert is sent to the - account administrators. - :type email_account_admins: bool - :param storage_endpoint: Specifies the blob storage endpoint (e.g. - https://MyAccount.blob.core.windows.net). This blob storage will hold all - Threat Detection audit logs. - :type storage_endpoint: str - :param storage_account_access_key: Specifies the identifier key of the - Threat Detection audit storage account. - :type storage_account_access_key: str - :param retention_days: Specifies the number of days to keep in the Threat - Detection audit logs. - :type retention_days: int - """ - - _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'state': {'required': True}, - } - - _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'state': {'key': 'properties.state', 'type': 'SecurityAlertState'}, - 'disabled_alerts': {'key': 'properties.disabledAlerts', 'type': '[str]'}, - 'email_addresses': {'key': 'properties.emailAddresses', 'type': '[str]'}, - 'email_account_admins': {'key': 'properties.emailAccountAdmins', 'type': 'bool'}, - 'storage_endpoint': {'key': 'properties.storageEndpoint', 'type': 'str'}, - 'storage_account_access_key': {'key': 'properties.storageAccountAccessKey', 'type': 'str'}, - 'retention_days': {'key': 'properties.retentionDays', 'type': 'int'}, - } - - def __init__(self, *, state, disabled_alerts=None, email_addresses=None, email_account_admins: bool=None, storage_endpoint: str=None, storage_account_access_key: str=None, retention_days: int=None, **kwargs) -> None: - super(ServerSecurityAlertPolicy, self).__init__(**kwargs) - self.state = state - self.disabled_alerts = disabled_alerts - self.email_addresses = email_addresses - self.email_account_admins = email_account_admins - self.storage_endpoint = storage_endpoint - self.storage_account_access_key = storage_account_access_key - self.retention_days = retention_days diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/sql_management_client_enums.py b/azure-mgmt-sql/azure/mgmt/sql/models/sql_management_client_enums.py index a1ebb2af3196..90b01d122079 100644 --- a/azure-mgmt-sql/azure/mgmt/sql/models/sql_management_client_enums.py +++ b/azure-mgmt-sql/azure/mgmt/sql/models/sql_management_client_enums.py @@ -515,12 +515,6 @@ class AutomaticTuningServerReason(str, Enum): auto_configured = "AutoConfigured" -class SecurityAlertState(str, Enum): - - enabled = "Enabled" - disabled = "Disabled" - - class RestorePointType(str, Enum): continuous = "CONTINUOUS" diff --git a/azure-mgmt-sql/azure/mgmt/sql/operations/__init__.py b/azure-mgmt-sql/azure/mgmt/sql/operations/__init__.py index 5512e9c68b84..d996acfe707b 100644 --- a/azure-mgmt-sql/azure/mgmt/sql/operations/__init__.py +++ b/azure-mgmt-sql/azure/mgmt/sql/operations/__init__.py @@ -63,7 +63,6 @@ from .managed_databases_operations import ManagedDatabasesOperations from .server_automatic_tuning_operations import ServerAutomaticTuningOperations from .server_dns_aliases_operations import ServerDnsAliasesOperations -from .server_security_alert_policies_operations import ServerSecurityAlertPoliciesOperations from .restore_points_operations import RestorePointsOperations from .database_operations import DatabaseOperations from .elastic_pool_operations import ElasticPoolOperations @@ -127,7 +126,6 @@ 'ManagedDatabasesOperations', 'ServerAutomaticTuningOperations', 'ServerDnsAliasesOperations', - 'ServerSecurityAlertPoliciesOperations', 'RestorePointsOperations', 'DatabaseOperations', 'ElasticPoolOperations', diff --git a/azure-mgmt-sql/azure/mgmt/sql/operations/server_security_alert_policies_operations.py b/azure-mgmt-sql/azure/mgmt/sql/operations/server_security_alert_policies_operations.py deleted file mode 100644 index ddbd335574b4..000000000000 --- a/azure-mgmt-sql/azure/mgmt/sql/operations/server_security_alert_policies_operations.py +++ /dev/null @@ -1,211 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for -# license information. -# -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is -# regenerated. -# -------------------------------------------------------------------------- - -import uuid -from msrest.pipeline import ClientRawResponse -from msrestazure.azure_exceptions import CloudError -from msrest.polling import LROPoller, NoPolling -from msrestazure.polling.arm_polling import ARMPolling - -from .. import models - - -class ServerSecurityAlertPoliciesOperations(object): - """ServerSecurityAlertPoliciesOperations operations. - - :param client: Client for service requests. - :param config: Configuration of service client. - :param serializer: An object model serializer. - :param deserializer: An object model deserializer. - :ivar security_alert_policy_name: The name of the security alert policy. Constant value: "Default". - :ivar api_version: The API version to use for the request. Constant value: "2017-03-01-preview". - """ - - models = models - - def __init__(self, client, config, serializer, deserializer): - - self._client = client - self._serialize = serializer - self._deserialize = deserializer - self.security_alert_policy_name = "Default" - self.api_version = "2017-03-01-preview" - - self.config = config - - def get( - self, resource_group_name, server_name, custom_headers=None, raw=False, **operation_config): - """Get a server's security alert policy. - - :param resource_group_name: The name of the resource group that - contains the resource. You can obtain this value from the Azure - Resource Manager API or the portal. - :type resource_group_name: str - :param server_name: The name of the server. - :type server_name: str - :param dict custom_headers: headers that will be added to the request - :param bool raw: returns the direct response alongside the - deserialized response - :param operation_config: :ref:`Operation configuration - overrides`. - :return: ServerSecurityAlertPolicy or ClientRawResponse if raw=true - :rtype: ~azure.mgmt.sql.models.ServerSecurityAlertPolicy or - ~msrest.pipeline.ClientRawResponse - :raises: :class:`CloudError` - """ - # Construct URL - url = self.get.metadata['url'] - path_format_arguments = { - 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str'), - 'serverName': self._serialize.url("server_name", server_name, 'str'), - 'securityAlertPolicyName': self._serialize.url("self.security_alert_policy_name", self.security_alert_policy_name, 'str'), - 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str') - } - url = self._client.format_url(url, **path_format_arguments) - - # Construct parameters - query_parameters = {} - query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') - - # Construct headers - header_parameters = {} - header_parameters['Content-Type'] = 'application/json; charset=utf-8' - if self.config.generate_client_request_id: - header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) - if custom_headers: - header_parameters.update(custom_headers) - if self.config.accept_language is not None: - header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') - - # Construct and send request - request = self._client.get(url, query_parameters) - response = self._client.send(request, header_parameters, stream=False, **operation_config) - - if response.status_code not in [200]: - exp = CloudError(response) - exp.request_id = response.headers.get('x-ms-request-id') - raise exp - - deserialized = None - - if response.status_code == 200: - deserialized = self._deserialize('ServerSecurityAlertPolicy', response) - - if raw: - client_raw_response = ClientRawResponse(deserialized, response) - return client_raw_response - - return deserialized - get.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/securityAlertPolicies/{securityAlertPolicyName}'} - - - def _create_or_update_initial( - self, resource_group_name, server_name, parameters, custom_headers=None, raw=False, **operation_config): - # Construct URL - url = self.create_or_update.metadata['url'] - path_format_arguments = { - 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str'), - 'serverName': self._serialize.url("server_name", server_name, 'str'), - 'securityAlertPolicyName': self._serialize.url("self.security_alert_policy_name", self.security_alert_policy_name, 'str'), - 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str') - } - url = self._client.format_url(url, **path_format_arguments) - - # Construct parameters - query_parameters = {} - query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') - - # Construct headers - header_parameters = {} - header_parameters['Content-Type'] = 'application/json; charset=utf-8' - if self.config.generate_client_request_id: - header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) - if custom_headers: - header_parameters.update(custom_headers) - if self.config.accept_language is not None: - header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') - - # Construct body - body_content = self._serialize.body(parameters, 'ServerSecurityAlertPolicy') - - # Construct and send request - request = self._client.put(url, query_parameters) - response = self._client.send( - request, header_parameters, body_content, stream=False, **operation_config) - - if response.status_code not in [200, 202]: - exp = CloudError(response) - exp.request_id = response.headers.get('x-ms-request-id') - raise exp - - deserialized = None - - if response.status_code == 200: - deserialized = self._deserialize('ServerSecurityAlertPolicy', response) - - if raw: - client_raw_response = ClientRawResponse(deserialized, response) - return client_raw_response - - return deserialized - - def create_or_update( - self, resource_group_name, server_name, parameters, custom_headers=None, raw=False, polling=True, **operation_config): - """Creates or updates a threat detection policy. - - :param resource_group_name: The name of the resource group that - contains the resource. You can obtain this value from the Azure - Resource Manager API or the portal. - :type resource_group_name: str - :param server_name: The name of the server. - :type server_name: str - :param parameters: The server security alert policy. - :type parameters: ~azure.mgmt.sql.models.ServerSecurityAlertPolicy - :param dict custom_headers: headers that will be added to the request - :param bool raw: The poller return type is ClientRawResponse, the - direct response alongside the deserialized response - :param polling: True for ARMPolling, False for no polling, or a - polling object for personal polling strategy - :return: An instance of LROPoller that returns - ServerSecurityAlertPolicy or - ClientRawResponse if raw==True - :rtype: - ~msrestazure.azure_operation.AzureOperationPoller[~azure.mgmt.sql.models.ServerSecurityAlertPolicy] - or - ~msrestazure.azure_operation.AzureOperationPoller[~msrest.pipeline.ClientRawResponse[~azure.mgmt.sql.models.ServerSecurityAlertPolicy]] - :raises: :class:`CloudError` - """ - raw_result = self._create_or_update_initial( - resource_group_name=resource_group_name, - server_name=server_name, - parameters=parameters, - custom_headers=custom_headers, - raw=True, - **operation_config - ) - - def get_long_running_output(response): - deserialized = self._deserialize('ServerSecurityAlertPolicy', response) - - if raw: - client_raw_response = ClientRawResponse(deserialized, response) - return client_raw_response - - return deserialized - - lro_delay = operation_config.get( - 'long_running_operation_timeout', - self.config.long_running_operation_timeout) - if polling is True: polling_method = ARMPolling(lro_delay, **operation_config) - elif polling is False: polling_method = NoPolling() - else: polling_method = polling - return LROPoller(self._client, raw_result, get_long_running_output, polling_method) - create_or_update.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/securityAlertPolicies/{securityAlertPolicyName}'} diff --git a/azure-mgmt-sql/azure/mgmt/sql/sql_management_client.py b/azure-mgmt-sql/azure/mgmt/sql/sql_management_client.py index 404b7b7bc740..b2566c07fb89 100644 --- a/azure-mgmt-sql/azure/mgmt/sql/sql_management_client.py +++ b/azure-mgmt-sql/azure/mgmt/sql/sql_management_client.py @@ -67,7 +67,6 @@ from .operations.managed_databases_operations import ManagedDatabasesOperations from .operations.server_automatic_tuning_operations import ServerAutomaticTuningOperations from .operations.server_dns_aliases_operations import ServerDnsAliasesOperations -from .operations.server_security_alert_policies_operations import ServerSecurityAlertPoliciesOperations from .operations.restore_points_operations import RestorePointsOperations from .operations.database_operations import DatabaseOperations from .operations.elastic_pool_operations import ElasticPoolOperations @@ -225,8 +224,6 @@ class SqlManagementClient(SDKClient): :vartype server_automatic_tuning: azure.mgmt.sql.operations.ServerAutomaticTuningOperations :ivar server_dns_aliases: ServerDnsAliases operations :vartype server_dns_aliases: azure.mgmt.sql.operations.ServerDnsAliasesOperations - :ivar server_security_alert_policies: ServerSecurityAlertPolicies operations - :vartype server_security_alert_policies: azure.mgmt.sql.operations.ServerSecurityAlertPoliciesOperations :ivar restore_points: RestorePoints operations :vartype restore_points: azure.mgmt.sql.operations.RestorePointsOperations :ivar database_operations: DatabaseOperations operations @@ -369,8 +366,6 @@ def __init__( self._client, self.config, self._serialize, self._deserialize) self.server_dns_aliases = ServerDnsAliasesOperations( self._client, self.config, self._serialize, self._deserialize) - self.server_security_alert_policies = ServerSecurityAlertPoliciesOperations( - self._client, self.config, self._serialize, self._deserialize) self.restore_points = RestorePointsOperations( self._client, self.config, self._serialize, self._deserialize) self.database_operations = DatabaseOperations(