Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[AutoPR sql/resource-manager] [DO NOT MERGE] Add DatabaseVulnerabilityAssessments swagger #2831

Merged
merged 2 commits into from
Jul 27, 2018
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 28 additions & 5 deletions azure-mgmt-sql/azure/mgmt/sql/models/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,6 @@
from .transparent_data_encryption_activity_py3 import TransparentDataEncryptionActivity
from .server_usage_py3 import ServerUsage
from .database_usage_py3 import DatabaseUsage
from .database_blob_auditing_policy_py3 import DatabaseBlobAuditingPolicy
from .automatic_tuning_options_py3 import AutomaticTuningOptions
from .database_automatic_tuning_py3 import DatabaseAutomaticTuning
from .encryption_protector_py3 import EncryptionProtector
Expand Down Expand Up @@ -81,6 +80,10 @@
from .sync_member_py3 import SyncMember
from .subscription_usage_py3 import SubscriptionUsage
from .virtual_network_rule_py3 import VirtualNetworkRule
from .extended_database_blob_auditing_policy_py3 import ExtendedDatabaseBlobAuditingPolicy
from .extended_server_blob_auditing_policy_py3 import ExtendedServerBlobAuditingPolicy
from .server_blob_auditing_policy_py3 import ServerBlobAuditingPolicy
from .database_blob_auditing_policy_py3 import DatabaseBlobAuditingPolicy
from .database_vulnerability_assessment_rule_baseline_item_py3 import DatabaseVulnerabilityAssessmentRuleBaselineItem
from .database_vulnerability_assessment_rule_baseline_py3 import DatabaseVulnerabilityAssessmentRuleBaseline
from .vulnerability_assessment_recurring_scans_properties_py3 import VulnerabilityAssessmentRecurringScansProperties
Expand All @@ -104,10 +107,12 @@
from .complete_database_restore_definition_py3 import CompleteDatabaseRestoreDefinition
from .managed_database_py3 import ManagedDatabase
from .managed_database_update_py3 import ManagedDatabaseUpdate
from .sensitivity_label_py3 import SensitivityLabel
from .automatic_tuning_server_options_py3 import AutomaticTuningServerOptions
from .server_automatic_tuning_py3 import ServerAutomaticTuning
from .server_dns_alias_py3 import ServerDnsAlias
from .server_dns_alias_acquisition_py3 import ServerDnsAliasAcquisition
from .server_security_alert_policy_py3 import ServerSecurityAlertPolicy
from .restore_point_py3 import RestorePoint
from .create_database_restore_point_definition_py3 import CreateDatabaseRestorePointDefinition
from .database_operation_py3 import DatabaseOperation
Expand Down Expand Up @@ -184,7 +189,6 @@
from .transparent_data_encryption_activity import TransparentDataEncryptionActivity
from .server_usage import ServerUsage
from .database_usage import DatabaseUsage
from .database_blob_auditing_policy import DatabaseBlobAuditingPolicy
from .automatic_tuning_options import AutomaticTuningOptions
from .database_automatic_tuning import DatabaseAutomaticTuning
from .encryption_protector import EncryptionProtector
Expand Down Expand Up @@ -217,6 +221,10 @@
from .sync_member import SyncMember
from .subscription_usage import SubscriptionUsage
from .virtual_network_rule import VirtualNetworkRule
from .extended_database_blob_auditing_policy import ExtendedDatabaseBlobAuditingPolicy
from .extended_server_blob_auditing_policy import ExtendedServerBlobAuditingPolicy
from .server_blob_auditing_policy import ServerBlobAuditingPolicy
from .database_blob_auditing_policy import DatabaseBlobAuditingPolicy
from .database_vulnerability_assessment_rule_baseline_item import DatabaseVulnerabilityAssessmentRuleBaselineItem
from .database_vulnerability_assessment_rule_baseline import DatabaseVulnerabilityAssessmentRuleBaseline
from .vulnerability_assessment_recurring_scans_properties import VulnerabilityAssessmentRecurringScansProperties
Expand All @@ -240,10 +248,12 @@
from .complete_database_restore_definition import CompleteDatabaseRestoreDefinition
from .managed_database import ManagedDatabase
from .managed_database_update import ManagedDatabaseUpdate
from .sensitivity_label import SensitivityLabel
from .automatic_tuning_server_options import AutomaticTuningServerOptions
from .server_automatic_tuning import ServerAutomaticTuning
from .server_dns_alias import ServerDnsAlias
from .server_dns_alias_acquisition import ServerDnsAliasAcquisition
from .server_security_alert_policy import ServerSecurityAlertPolicy
from .restore_point import RestorePoint
from .create_database_restore_point_definition import CreateDatabaseRestorePointDefinition
from .database_operation import DatabaseOperation
Expand Down Expand Up @@ -326,12 +336,14 @@
from .job_version_paged import JobVersionPaged
from .long_term_retention_backup_paged import LongTermRetentionBackupPaged
from .managed_database_paged import ManagedDatabasePaged
from .sensitivity_label_paged import SensitivityLabelPaged
from .server_dns_alias_paged import ServerDnsAliasPaged
from .restore_point_paged import RestorePointPaged
from .database_operation_paged import DatabaseOperationPaged
from .elastic_pool_operation_paged import ElasticPoolOperationPaged
from .vulnerability_assessment_scan_record_paged import VulnerabilityAssessmentScanRecordPaged
from .instance_failover_group_paged import InstanceFailoverGroupPaged
from .backup_short_term_retention_policy_paged import BackupShortTermRetentionPolicyPaged
from .sql_management_client_enums import (
CheckNameAvailabilityReason,
ServerConnectionType,
Expand All @@ -357,7 +369,6 @@
RecommendedIndexType,
TransparentDataEncryptionStatus,
TransparentDataEncryptionActivityStatus,
BlobAuditingPolicyState,
AutomaticTuningMode,
AutomaticTuningOptionModeDesired,
AutomaticTuningOptionModeActual,
Expand All @@ -376,6 +387,7 @@
SyncDirection,
SyncMemberState,
VirtualNetworkRuleState,
BlobAuditingPolicyState,
JobAgentState,
JobExecutionLifecycle,
ProvisioningState,
Expand Down Expand Up @@ -407,6 +419,8 @@
VulnerabilityAssessmentScanState,
InstanceFailoverGroupReplicationRole,
LongTermRetentionDatabaseState,
VulnerabilityAssessmentPolicyBaselineName,
SensitivityLabelSource,
CapabilityGroup,
)

Expand Down Expand Up @@ -449,7 +463,6 @@
'TransparentDataEncryptionActivity',
'ServerUsage',
'DatabaseUsage',
'DatabaseBlobAuditingPolicy',
'AutomaticTuningOptions',
'DatabaseAutomaticTuning',
'EncryptionProtector',
Expand Down Expand Up @@ -482,6 +495,10 @@
'SyncMember',
'SubscriptionUsage',
'VirtualNetworkRule',
'ExtendedDatabaseBlobAuditingPolicy',
'ExtendedServerBlobAuditingPolicy',
'ServerBlobAuditingPolicy',
'DatabaseBlobAuditingPolicy',
'DatabaseVulnerabilityAssessmentRuleBaselineItem',
'DatabaseVulnerabilityAssessmentRuleBaseline',
'VulnerabilityAssessmentRecurringScansProperties',
Expand All @@ -505,10 +522,12 @@
'CompleteDatabaseRestoreDefinition',
'ManagedDatabase',
'ManagedDatabaseUpdate',
'SensitivityLabel',
'AutomaticTuningServerOptions',
'ServerAutomaticTuning',
'ServerDnsAlias',
'ServerDnsAliasAcquisition',
'ServerSecurityAlertPolicy',
'RestorePoint',
'CreateDatabaseRestorePointDefinition',
'DatabaseOperation',
Expand Down Expand Up @@ -591,12 +610,14 @@
'JobVersionPaged',
'LongTermRetentionBackupPaged',
'ManagedDatabasePaged',
'SensitivityLabelPaged',
'ServerDnsAliasPaged',
'RestorePointPaged',
'DatabaseOperationPaged',
'ElasticPoolOperationPaged',
'VulnerabilityAssessmentScanRecordPaged',
'InstanceFailoverGroupPaged',
'BackupShortTermRetentionPolicyPaged',
'CheckNameAvailabilityReason',
'ServerConnectionType',
'SecurityAlertPolicyState',
Expand All @@ -621,7 +642,6 @@
'RecommendedIndexType',
'TransparentDataEncryptionStatus',
'TransparentDataEncryptionActivityStatus',
'BlobAuditingPolicyState',
'AutomaticTuningMode',
'AutomaticTuningOptionModeDesired',
'AutomaticTuningOptionModeActual',
Expand All @@ -640,6 +660,7 @@
'SyncDirection',
'SyncMemberState',
'VirtualNetworkRuleState',
'BlobAuditingPolicyState',
'JobAgentState',
'JobExecutionLifecycle',
'ProvisioningState',
Expand Down Expand Up @@ -671,5 +692,7 @@
'VulnerabilityAssessmentScanState',
'InstanceFailoverGroupReplicationRole',
'LongTermRetentionDatabaseState',
'VulnerabilityAssessmentPolicyBaselineName',
'SensitivityLabelSource',
'CapabilityGroup',
]
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
# coding=utf-8
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for
# license information.
#
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is
# regenerated.
# --------------------------------------------------------------------------

from msrest.paging import Paged


class BackupShortTermRetentionPolicyPaged(Paged):
"""
A paging container for iterating over a list of :class:`BackupShortTermRetentionPolicy <azure.mgmt.sql.models.BackupShortTermRetentionPolicy>` object
"""

_attribute_map = {
'next_link': {'key': 'nextLink', 'type': 'str'},
'current_page': {'key': 'value', 'type': '[BackupShortTermRetentionPolicy]'}
}

def __init__(self, *args, **kwargs):

super(BackupShortTermRetentionPolicyPaged, self).__init__(*args, **kwargs)
Original file line number Diff line number Diff line change
Expand Up @@ -43,14 +43,72 @@ class DatabaseBlobAuditingPolicy(ProxyResource):
:param retention_days: Specifies the number of days to keep in the audit
logs.
:type retention_days: int
:param audit_actions_and_groups: Specifies the Actions and Actions-Groups
:param audit_actions_and_groups: Specifies the Actions-Groups and Actions
to audit.
The recommended set of action groups to use is the following combination -
this will audit all the queries and stored procedures executed against the
database, as well as successful and failed logins:
BATCH_COMPLETED_GROUP,
SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,
FAILED_DATABASE_AUTHENTICATION_GROUP.
This above combination is also the set that is configured by default when
enabling auditing from the Azure portal.
The supported action groups to audit are (note: choose only specific
groups that cover your auditing needs. Using unnecessary groups could lead
to very large quantities of audit records):
APPLICATION_ROLE_CHANGE_PASSWORD_GROUP
BACKUP_RESTORE_GROUP
DATABASE_LOGOUT_GROUP
DATABASE_OBJECT_CHANGE_GROUP
DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP
DATABASE_OBJECT_PERMISSION_CHANGE_GROUP
DATABASE_OPERATION_GROUP
DATABASE_PERMISSION_CHANGE_GROUP
DATABASE_PRINCIPAL_CHANGE_GROUP
DATABASE_PRINCIPAL_IMPERSONATION_GROUP
DATABASE_ROLE_MEMBER_CHANGE_GROUP
FAILED_DATABASE_AUTHENTICATION_GROUP
SCHEMA_OBJECT_ACCESS_GROUP
SCHEMA_OBJECT_CHANGE_GROUP
SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP
SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP
SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP
USER_CHANGE_PASSWORD_GROUP
BATCH_STARTED_GROUP
BATCH_COMPLETED_GROUP
These are groups that cover all sql statements and stored procedures
executed against the database, and should not be used in combination with
other groups as this will result in duplicate audit logs.
For more information, see [Database-Level Audit Action
Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups).
For Database auditing policy, specific Actions can also be specified (note
that Actions cannot be specified for Server auditing policy). The
supported actions to audit are:
SELECT
UPDATE
INSERT
DELETE
EXECUTE
RECEIVE
REFERENCES
The general form for defining an action to be audited is:
<action> ON <object> BY <principal>
Note that <object> in the above format can refer to an object like a
table, view, or stored procedure, or an entire database or schema. For the
latter cases, the forms DATABASE::<db_name> and SCHEMA::<schema_name> are
used, respectively.
For example:
SELECT on dbo.myTable by public
SELECT on DATABASE::myDatabase by public
SELECT on SCHEMA::mySchema by public
For more information, see [Database-Level Audit
Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions)
:type audit_actions_and_groups: list[str]
:param storage_account_subscription_id: Specifies the blob storage
subscription Id.
:type storage_account_subscription_id: str
:param is_storage_secondary_key_in_use: Specifies whether
storageAccountAccessKey value is the storages secondary key.
storageAccountAccessKey value is the storage's secondary key.
:type is_storage_secondary_key_in_use: bool
"""

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -43,14 +43,72 @@ class DatabaseBlobAuditingPolicy(ProxyResource):
:param retention_days: Specifies the number of days to keep in the audit
logs.
:type retention_days: int
:param audit_actions_and_groups: Specifies the Actions and Actions-Groups
:param audit_actions_and_groups: Specifies the Actions-Groups and Actions
to audit.
The recommended set of action groups to use is the following combination -
this will audit all the queries and stored procedures executed against the
database, as well as successful and failed logins:
BATCH_COMPLETED_GROUP,
SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,
FAILED_DATABASE_AUTHENTICATION_GROUP.
This above combination is also the set that is configured by default when
enabling auditing from the Azure portal.
The supported action groups to audit are (note: choose only specific
groups that cover your auditing needs. Using unnecessary groups could lead
to very large quantities of audit records):
APPLICATION_ROLE_CHANGE_PASSWORD_GROUP
BACKUP_RESTORE_GROUP
DATABASE_LOGOUT_GROUP
DATABASE_OBJECT_CHANGE_GROUP
DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP
DATABASE_OBJECT_PERMISSION_CHANGE_GROUP
DATABASE_OPERATION_GROUP
DATABASE_PERMISSION_CHANGE_GROUP
DATABASE_PRINCIPAL_CHANGE_GROUP
DATABASE_PRINCIPAL_IMPERSONATION_GROUP
DATABASE_ROLE_MEMBER_CHANGE_GROUP
FAILED_DATABASE_AUTHENTICATION_GROUP
SCHEMA_OBJECT_ACCESS_GROUP
SCHEMA_OBJECT_CHANGE_GROUP
SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP
SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP
SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP
USER_CHANGE_PASSWORD_GROUP
BATCH_STARTED_GROUP
BATCH_COMPLETED_GROUP
These are groups that cover all sql statements and stored procedures
executed against the database, and should not be used in combination with
other groups as this will result in duplicate audit logs.
For more information, see [Database-Level Audit Action
Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups).
For Database auditing policy, specific Actions can also be specified (note
that Actions cannot be specified for Server auditing policy). The
supported actions to audit are:
SELECT
UPDATE
INSERT
DELETE
EXECUTE
RECEIVE
REFERENCES
The general form for defining an action to be audited is:
<action> ON <object> BY <principal>
Note that <object> in the above format can refer to an object like a
table, view, or stored procedure, or an entire database or schema. For the
latter cases, the forms DATABASE::<db_name> and SCHEMA::<schema_name> are
used, respectively.
For example:
SELECT on dbo.myTable by public
SELECT on DATABASE::myDatabase by public
SELECT on SCHEMA::mySchema by public
For more information, see [Database-Level Audit
Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions)
:type audit_actions_and_groups: list[str]
:param storage_account_subscription_id: Specifies the blob storage
subscription Id.
:type storage_account_subscription_id: str
:param is_storage_secondary_key_in_use: Specifies whether
storageAccountAccessKey value is the storages secondary key.
storageAccountAccessKey value is the storage's secondary key.
:type is_storage_secondary_key_in_use: bool
"""

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -30,10 +30,15 @@ class DatabaseVulnerabilityAssessment(ProxyResource):
hold the scan results (e.g.
https://myStorage.blob.core.windows.net/VaScans/).
:type storage_container_path: str
:param storage_container_sas_key: Required. A shared access signature (SAS
Key) that has write access to the blob container specified in
'storageContainerPath' parameter.
:param storage_container_sas_key: A shared access signature (SAS Key) that
has write access to the blob container specified in 'storageContainerPath'
parameter. If 'storageAccountAccessKey' isn't specified,
StorageContainerSasKey is required.
:type storage_container_sas_key: str
:param storage_account_access_key: Specifies the identifier key of the
auditing storage account. If 'StorageContainerSasKey' isn't specified,
storageAccountAccessKey is required.
:type storage_account_access_key: str
:param recurring_scans: The recurring scans settings
:type recurring_scans:
~azure.mgmt.sql.models.VulnerabilityAssessmentRecurringScansProperties
Expand All @@ -44,7 +49,6 @@ class DatabaseVulnerabilityAssessment(ProxyResource):
'name': {'readonly': True},
'type': {'readonly': True},
'storage_container_path': {'required': True},
'storage_container_sas_key': {'required': True},
}

_attribute_map = {
Expand All @@ -53,11 +57,13 @@ class DatabaseVulnerabilityAssessment(ProxyResource):
'type': {'key': 'type', 'type': 'str'},
'storage_container_path': {'key': 'properties.storageContainerPath', 'type': 'str'},
'storage_container_sas_key': {'key': 'properties.storageContainerSasKey', 'type': 'str'},
'storage_account_access_key': {'key': 'properties.storageAccountAccessKey', 'type': 'str'},
'recurring_scans': {'key': 'properties.recurringScans', 'type': 'VulnerabilityAssessmentRecurringScansProperties'},
}

def __init__(self, **kwargs):
super(DatabaseVulnerabilityAssessment, self).__init__(**kwargs)
self.storage_container_path = kwargs.get('storage_container_path', None)
self.storage_container_sas_key = kwargs.get('storage_container_sas_key', None)
self.storage_account_access_key = kwargs.get('storage_account_access_key', None)
self.recurring_scans = kwargs.get('recurring_scans', None)
Loading