From 36a418e37f504150cf0c755483a268779675aa01 Mon Sep 17 00:00:00 2001 From: Azure SDK for Python bot Date: Wed, 24 Oct 2018 08:53:34 +0000 Subject: [PATCH 1/2] Generated from ca82e064c1bbf7e8be309bb75730c277f9185f01 Update DatabaseVulnerabilityAssessmentListByDatabase.json --- .../azure/mgmt/sql/models/__init__.py | 2 + .../database_vulnerability_assessment.py | 14 ++-- ...database_vulnerability_assessment_paged.py | 27 +++++++ .../database_vulnerability_assessment_py3.py | 16 ++-- ...se_vulnerability_assessments_operations.py | 76 +++++++++++++++++++ ...se_vulnerability_assessments_operations.py | 76 +++++++++++++++++++ azure-mgmt-sql/azure/mgmt/sql/version.py | 2 +- 7 files changed, 195 insertions(+), 18 deletions(-) create mode 100644 azure-mgmt-sql/azure/mgmt/sql/models/database_vulnerability_assessment_paged.py diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/__init__.py b/azure-mgmt-sql/azure/mgmt/sql/models/__init__.py index 418c82c016ae..5b6e6f097db9 100644 --- a/azure-mgmt-sql/azure/mgmt/sql/models/__init__.py +++ b/azure-mgmt-sql/azure/mgmt/sql/models/__init__.py @@ -329,6 +329,7 @@ from .sync_member_paged import SyncMemberPaged from .subscription_usage_paged import SubscriptionUsagePaged from .virtual_network_rule_paged import VirtualNetworkRulePaged +from .database_vulnerability_assessment_paged import DatabaseVulnerabilityAssessmentPaged from .job_agent_paged import JobAgentPaged from .job_credential_paged import JobCredentialPaged from .job_execution_paged import JobExecutionPaged @@ -604,6 +605,7 @@ 'SyncMemberPaged', 'SubscriptionUsagePaged', 'VirtualNetworkRulePaged', + 'DatabaseVulnerabilityAssessmentPaged', 'JobAgentPaged', 'JobCredentialPaged', 'JobExecutionPaged', diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/database_vulnerability_assessment.py b/azure-mgmt-sql/azure/mgmt/sql/models/database_vulnerability_assessment.py index 760e7166aef1..b4fbd42f864b 100644 --- a/azure-mgmt-sql/azure/mgmt/sql/models/database_vulnerability_assessment.py +++ b/azure-mgmt-sql/azure/mgmt/sql/models/database_vulnerability_assessment.py @@ -18,17 +18,15 @@ class DatabaseVulnerabilityAssessment(ProxyResource): Variables are only populated by the server, and will be ignored when sending a request. - All required parameters must be populated in order to send to Azure. - :ivar id: Resource ID. :vartype id: str :ivar name: Resource name. :vartype name: str :ivar type: Resource type. :vartype type: str - :param storage_container_path: Required. A blob storage container path to - hold the scan results (e.g. - https://myStorage.blob.core.windows.net/VaScans/). + :param storage_container_path: A blob storage container path to hold the + scan results (e.g. https://myStorage.blob.core.windows.net/VaScans/). It + is required if server level vulnerability assessment policy doesn't set :type storage_container_path: str :param storage_container_sas_key: A shared access signature (SAS Key) that has write access to the blob container specified in 'storageContainerPath' @@ -36,8 +34,9 @@ class DatabaseVulnerabilityAssessment(ProxyResource): StorageContainerSasKey is required. :type storage_container_sas_key: str :param storage_account_access_key: Specifies the identifier key of the - vulnerability assessment storage account. If 'StorageContainerSasKey' - isn't specified, storageAccountAccessKey is required. + storage account for vulnerability assessment scan results. If + 'StorageContainerSasKey' isn't specified, storageAccountAccessKey is + required. :type storage_account_access_key: str :param recurring_scans: The recurring scans settings :type recurring_scans: @@ -48,7 +47,6 @@ class DatabaseVulnerabilityAssessment(ProxyResource): 'id': {'readonly': True}, 'name': {'readonly': True}, 'type': {'readonly': True}, - 'storage_container_path': {'required': True}, } _attribute_map = { diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/database_vulnerability_assessment_paged.py b/azure-mgmt-sql/azure/mgmt/sql/models/database_vulnerability_assessment_paged.py new file mode 100644 index 000000000000..8ec2fe4eae5f --- /dev/null +++ b/azure-mgmt-sql/azure/mgmt/sql/models/database_vulnerability_assessment_paged.py @@ -0,0 +1,27 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from msrest.paging import Paged + + +class DatabaseVulnerabilityAssessmentPaged(Paged): + """ + A paging container for iterating over a list of :class:`DatabaseVulnerabilityAssessment ` object + """ + + _attribute_map = { + 'next_link': {'key': 'nextLink', 'type': 'str'}, + 'current_page': {'key': 'value', 'type': '[DatabaseVulnerabilityAssessment]'} + } + + def __init__(self, *args, **kwargs): + + super(DatabaseVulnerabilityAssessmentPaged, self).__init__(*args, **kwargs) diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/database_vulnerability_assessment_py3.py b/azure-mgmt-sql/azure/mgmt/sql/models/database_vulnerability_assessment_py3.py index 56fd72657b22..e0d54f6105f1 100644 --- a/azure-mgmt-sql/azure/mgmt/sql/models/database_vulnerability_assessment_py3.py +++ b/azure-mgmt-sql/azure/mgmt/sql/models/database_vulnerability_assessment_py3.py @@ -18,17 +18,15 @@ class DatabaseVulnerabilityAssessment(ProxyResource): Variables are only populated by the server, and will be ignored when sending a request. - All required parameters must be populated in order to send to Azure. - :ivar id: Resource ID. :vartype id: str :ivar name: Resource name. :vartype name: str :ivar type: Resource type. :vartype type: str - :param storage_container_path: Required. A blob storage container path to - hold the scan results (e.g. - https://myStorage.blob.core.windows.net/VaScans/). + :param storage_container_path: A blob storage container path to hold the + scan results (e.g. https://myStorage.blob.core.windows.net/VaScans/). It + is required if server level vulnerability assessment policy doesn't set :type storage_container_path: str :param storage_container_sas_key: A shared access signature (SAS Key) that has write access to the blob container specified in 'storageContainerPath' @@ -36,8 +34,9 @@ class DatabaseVulnerabilityAssessment(ProxyResource): StorageContainerSasKey is required. :type storage_container_sas_key: str :param storage_account_access_key: Specifies the identifier key of the - vulnerability assessment storage account. If 'StorageContainerSasKey' - isn't specified, storageAccountAccessKey is required. + storage account for vulnerability assessment scan results. If + 'StorageContainerSasKey' isn't specified, storageAccountAccessKey is + required. :type storage_account_access_key: str :param recurring_scans: The recurring scans settings :type recurring_scans: @@ -48,7 +47,6 @@ class DatabaseVulnerabilityAssessment(ProxyResource): 'id': {'readonly': True}, 'name': {'readonly': True}, 'type': {'readonly': True}, - 'storage_container_path': {'required': True}, } _attribute_map = { @@ -61,7 +59,7 @@ class DatabaseVulnerabilityAssessment(ProxyResource): 'recurring_scans': {'key': 'properties.recurringScans', 'type': 'VulnerabilityAssessmentRecurringScansProperties'}, } - def __init__(self, *, storage_container_path: str, storage_container_sas_key: str=None, storage_account_access_key: str=None, recurring_scans=None, **kwargs) -> None: + def __init__(self, *, storage_container_path: str=None, storage_container_sas_key: str=None, storage_account_access_key: str=None, recurring_scans=None, **kwargs) -> None: super(DatabaseVulnerabilityAssessment, self).__init__(**kwargs) self.storage_container_path = storage_container_path self.storage_container_sas_key = storage_container_sas_key diff --git a/azure-mgmt-sql/azure/mgmt/sql/operations/database_vulnerability_assessments_operations.py b/azure-mgmt-sql/azure/mgmt/sql/operations/database_vulnerability_assessments_operations.py index da9db7d9402e..5fa6a1ef7ade 100644 --- a/azure-mgmt-sql/azure/mgmt/sql/operations/database_vulnerability_assessments_operations.py +++ b/azure-mgmt-sql/azure/mgmt/sql/operations/database_vulnerability_assessments_operations.py @@ -247,3 +247,79 @@ def delete( client_raw_response = ClientRawResponse(None, response) return client_raw_response delete.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/databases/{databaseName}/vulnerabilityAssessments/{vulnerabilityAssessmentName}'} + + def list_by_database( + self, resource_group_name, server_name, database_name, custom_headers=None, raw=False, **operation_config): + """Lists the vulnerability assessment policies associated with a database. + + :param resource_group_name: The name of the resource group that + contains the resource. You can obtain this value from the Azure + Resource Manager API or the portal. + :type resource_group_name: str + :param server_name: The name of the server. + :type server_name: str + :param database_name: The name of the database for which the + vulnerability assessment policies are defined. + :type database_name: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: An iterator like instance of DatabaseVulnerabilityAssessment + :rtype: + ~azure.mgmt.sql.models.DatabaseVulnerabilityAssessmentPaged[~azure.mgmt.sql.models.DatabaseVulnerabilityAssessment] + :raises: :class:`CloudError` + """ + def internal_paging(next_link=None, raw=False): + + if not next_link: + # Construct URL + url = self.list_by_database.metadata['url'] + path_format_arguments = { + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str'), + 'serverName': self._serialize.url("server_name", server_name, 'str'), + 'databaseName': self._serialize.url("database_name", database_name, 'str'), + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + query_parameters = {} + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + return response + + # Deserialize response + deserialized = models.DatabaseVulnerabilityAssessmentPaged(internal_paging, self._deserialize.dependencies) + + if raw: + header_dict = {} + client_raw_response = models.DatabaseVulnerabilityAssessmentPaged(internal_paging, self._deserialize.dependencies, header_dict) + return client_raw_response + + return deserialized + list_by_database.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/databases/{databaseName}/vulnerabilityAssessments'} diff --git a/azure-mgmt-sql/azure/mgmt/sql/operations/managed_database_vulnerability_assessments_operations.py b/azure-mgmt-sql/azure/mgmt/sql/operations/managed_database_vulnerability_assessments_operations.py index eed38b378fe1..6c224244c8fc 100644 --- a/azure-mgmt-sql/azure/mgmt/sql/operations/managed_database_vulnerability_assessments_operations.py +++ b/azure-mgmt-sql/azure/mgmt/sql/operations/managed_database_vulnerability_assessments_operations.py @@ -247,3 +247,79 @@ def delete( client_raw_response = ClientRawResponse(None, response) return client_raw_response delete.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/managedInstances/{managedInstanceName}/databases/{databaseName}/vulnerabilityAssessments/{vulnerabilityAssessmentName}'} + + def list_by_database( + self, resource_group_name, managed_instance_name, database_name, custom_headers=None, raw=False, **operation_config): + """Lists the vulnerability assessments of a managed database. + + :param resource_group_name: The name of the resource group that + contains the resource. You can obtain this value from the Azure + Resource Manager API or the portal. + :type resource_group_name: str + :param managed_instance_name: The name of the managed instance. + :type managed_instance_name: str + :param database_name: The name of the database for which the + vulnerability assessment is defined. + :type database_name: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: An iterator like instance of DatabaseVulnerabilityAssessment + :rtype: + ~azure.mgmt.sql.models.DatabaseVulnerabilityAssessmentPaged[~azure.mgmt.sql.models.DatabaseVulnerabilityAssessment] + :raises: :class:`CloudError` + """ + def internal_paging(next_link=None, raw=False): + + if not next_link: + # Construct URL + url = self.list_by_database.metadata['url'] + path_format_arguments = { + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str'), + 'managedInstanceName': self._serialize.url("managed_instance_name", managed_instance_name, 'str'), + 'databaseName': self._serialize.url("database_name", database_name, 'str'), + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + query_parameters = {} + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + return response + + # Deserialize response + deserialized = models.DatabaseVulnerabilityAssessmentPaged(internal_paging, self._deserialize.dependencies) + + if raw: + header_dict = {} + client_raw_response = models.DatabaseVulnerabilityAssessmentPaged(internal_paging, self._deserialize.dependencies, header_dict) + return client_raw_response + + return deserialized + list_by_database.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/managedInstances/{managedInstanceName}/databases/{databaseName}/vulnerabilityAssessments'} diff --git a/azure-mgmt-sql/azure/mgmt/sql/version.py b/azure-mgmt-sql/azure/mgmt/sql/version.py index 1f08862acee4..3697d9b71739 100644 --- a/azure-mgmt-sql/azure/mgmt/sql/version.py +++ b/azure-mgmt-sql/azure/mgmt/sql/version.py @@ -9,5 +9,5 @@ # regenerated. # -------------------------------------------------------------------------- -VERSION = "0.10.0" +VERSION = "0.9.0" From 4855a1e35801f17a9bc5369f321a5212ff18714c Mon Sep 17 00:00:00 2001 From: Azure SDK for Python bot Date: Wed, 31 Oct 2018 20:42:39 +0000 Subject: [PATCH 2/2] Generated from b77f5d1a2652b84a016c368bff34ec26940facac Update DatabaseVulnerabilityAssessmentListByDatabase.json --- .../backup_long_term_retention_policy.py | 4 +-- .../backup_long_term_retention_policy_py3.py | 4 +-- .../models/database_blob_auditing_policy.py | 27 ++++++++++++++--- .../database_blob_auditing_policy_py3.py | 29 +++++++++++++++---- .../extended_database_blob_auditing_policy.py | 27 ++++++++++++++--- ...ended_database_blob_auditing_policy_py3.py | 29 +++++++++++++++---- .../extended_server_blob_auditing_policy.py | 27 ++++++++++++++--- ...xtended_server_blob_auditing_policy_py3.py | 29 +++++++++++++++---- .../sql/models/server_blob_auditing_policy.py | 27 ++++++++++++++--- .../models/server_blob_auditing_policy_py3.py | 29 +++++++++++++++---- 10 files changed, 192 insertions(+), 40 deletions(-) diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/backup_long_term_retention_policy.py b/azure-mgmt-sql/azure/mgmt/sql/models/backup_long_term_retention_policy.py index ac17e33a15ec..544110988a82 100644 --- a/azure-mgmt-sql/azure/mgmt/sql/models/backup_long_term_retention_policy.py +++ b/azure-mgmt-sql/azure/mgmt/sql/models/backup_long_term_retention_policy.py @@ -27,8 +27,8 @@ class BackupLongTermRetentionPolicy(ProxyResource): :param weekly_retention: The weekly retention policy for an LTR backup in an ISO 8601 format. :type weekly_retention: str - :param monthly_retention: The montly retention policy for an LTR backup in - an ISO 8601 format. + :param monthly_retention: The monthly retention policy for an LTR backup + in an ISO 8601 format. :type monthly_retention: str :param yearly_retention: The yearly retention policy for an LTR backup in an ISO 8601 format. diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/backup_long_term_retention_policy_py3.py b/azure-mgmt-sql/azure/mgmt/sql/models/backup_long_term_retention_policy_py3.py index b075dac8562d..6e7cb8ace394 100644 --- a/azure-mgmt-sql/azure/mgmt/sql/models/backup_long_term_retention_policy_py3.py +++ b/azure-mgmt-sql/azure/mgmt/sql/models/backup_long_term_retention_policy_py3.py @@ -27,8 +27,8 @@ class BackupLongTermRetentionPolicy(ProxyResource): :param weekly_retention: The weekly retention policy for an LTR backup in an ISO 8601 format. :type weekly_retention: str - :param monthly_retention: The montly retention policy for an LTR backup in - an ISO 8601 format. + :param monthly_retention: The monthly retention policy for an LTR backup + in an ISO 8601 format. :type monthly_retention: str :param yearly_retention: The yearly retention policy for an LTR backup in an ISO 8601 format. diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/database_blob_auditing_policy.py b/azure-mgmt-sql/azure/mgmt/sql/models/database_blob_auditing_policy.py index 963b7674ac16..57e85a7ffeef 100644 --- a/azure-mgmt-sql/azure/mgmt/sql/models/database_blob_auditing_policy.py +++ b/azure-mgmt-sql/azure/mgmt/sql/models/database_blob_auditing_policy.py @@ -29,7 +29,7 @@ class DatabaseBlobAuditingPolicy(ProxyResource): :ivar kind: Resource kind. :vartype kind: str :param state: Required. Specifies the state of the policy. If state is - Enabled, storageEndpoint and storageAccountAccessKey are required. + Enabled, storageEndpoint or isAzureMonitorTargetEnabled are required. Possible values include: 'Enabled', 'Disabled' :type state: str or ~azure.mgmt.sql.models.BlobAuditingPolicyState :param storage_endpoint: Specifies the blob storage endpoint (e.g. @@ -37,11 +37,11 @@ class DatabaseBlobAuditingPolicy(ProxyResource): storageEndpoint is required. :type storage_endpoint: str :param storage_account_access_key: Specifies the identifier key of the - auditing storage account. If state is Enabled, storageAccountAccessKey is - required. + auditing storage account. If state is Enabled and storageEndpoint is + specified, storageAccountAccessKey is required. :type storage_account_access_key: str :param retention_days: Specifies the number of days to keep in the audit - logs. + logs in the storage account. :type retention_days: int :param audit_actions_and_groups: Specifies the Actions-Groups and Actions to audit. @@ -110,6 +110,23 @@ class DatabaseBlobAuditingPolicy(ProxyResource): :param is_storage_secondary_key_in_use: Specifies whether storageAccountAccessKey value is the storage's secondary key. :type is_storage_secondary_key_in_use: bool + :param is_azure_monitor_target_enabled: Specifies whether audit events are + sent to Azure Monitor. + In order to send the events to Azure Monitor, specify 'State' as 'Enabled' + and 'IsAzureMonitorTargetEnabled' as true. + When using REST API to configure auditing, Diagnostic Settings with + 'SQLSecurityAuditEvents' diagnostic logs category on the database should + be also created. + Note that for server level audit you should use the 'master' database as + . + Diagnostic Settings URI format: + PUT + https://management.azure.com/subscriptions//resourceGroups//providers/Microsoft.Sql/servers//databases//providers/microsoft.insights/diagnosticSettings/?api-version=2017-05-01-preview + For more information, see [Diagnostic Settings REST + API](https://go.microsoft.com/fwlink/?linkid=2033207) + or [Diagnostic Settings + PowerShell](https://go.microsoft.com/fwlink/?linkid=2033043) + :type is_azure_monitor_target_enabled: bool """ _validation = { @@ -132,6 +149,7 @@ class DatabaseBlobAuditingPolicy(ProxyResource): 'audit_actions_and_groups': {'key': 'properties.auditActionsAndGroups', 'type': '[str]'}, 'storage_account_subscription_id': {'key': 'properties.storageAccountSubscriptionId', 'type': 'str'}, 'is_storage_secondary_key_in_use': {'key': 'properties.isStorageSecondaryKeyInUse', 'type': 'bool'}, + 'is_azure_monitor_target_enabled': {'key': 'properties.isAzureMonitorTargetEnabled', 'type': 'bool'}, } def __init__(self, **kwargs): @@ -144,3 +162,4 @@ def __init__(self, **kwargs): self.audit_actions_and_groups = kwargs.get('audit_actions_and_groups', None) self.storage_account_subscription_id = kwargs.get('storage_account_subscription_id', None) self.is_storage_secondary_key_in_use = kwargs.get('is_storage_secondary_key_in_use', None) + self.is_azure_monitor_target_enabled = kwargs.get('is_azure_monitor_target_enabled', None) diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/database_blob_auditing_policy_py3.py b/azure-mgmt-sql/azure/mgmt/sql/models/database_blob_auditing_policy_py3.py index 1c58ec560a03..ab7e08965ed6 100644 --- a/azure-mgmt-sql/azure/mgmt/sql/models/database_blob_auditing_policy_py3.py +++ b/azure-mgmt-sql/azure/mgmt/sql/models/database_blob_auditing_policy_py3.py @@ -29,7 +29,7 @@ class DatabaseBlobAuditingPolicy(ProxyResource): :ivar kind: Resource kind. :vartype kind: str :param state: Required. Specifies the state of the policy. If state is - Enabled, storageEndpoint and storageAccountAccessKey are required. + Enabled, storageEndpoint or isAzureMonitorTargetEnabled are required. Possible values include: 'Enabled', 'Disabled' :type state: str or ~azure.mgmt.sql.models.BlobAuditingPolicyState :param storage_endpoint: Specifies the blob storage endpoint (e.g. @@ -37,11 +37,11 @@ class DatabaseBlobAuditingPolicy(ProxyResource): storageEndpoint is required. :type storage_endpoint: str :param storage_account_access_key: Specifies the identifier key of the - auditing storage account. If state is Enabled, storageAccountAccessKey is - required. + auditing storage account. If state is Enabled and storageEndpoint is + specified, storageAccountAccessKey is required. :type storage_account_access_key: str :param retention_days: Specifies the number of days to keep in the audit - logs. + logs in the storage account. :type retention_days: int :param audit_actions_and_groups: Specifies the Actions-Groups and Actions to audit. @@ -110,6 +110,23 @@ class DatabaseBlobAuditingPolicy(ProxyResource): :param is_storage_secondary_key_in_use: Specifies whether storageAccountAccessKey value is the storage's secondary key. :type is_storage_secondary_key_in_use: bool + :param is_azure_monitor_target_enabled: Specifies whether audit events are + sent to Azure Monitor. + In order to send the events to Azure Monitor, specify 'State' as 'Enabled' + and 'IsAzureMonitorTargetEnabled' as true. + When using REST API to configure auditing, Diagnostic Settings with + 'SQLSecurityAuditEvents' diagnostic logs category on the database should + be also created. + Note that for server level audit you should use the 'master' database as + . + Diagnostic Settings URI format: + PUT + https://management.azure.com/subscriptions//resourceGroups//providers/Microsoft.Sql/servers//databases//providers/microsoft.insights/diagnosticSettings/?api-version=2017-05-01-preview + For more information, see [Diagnostic Settings REST + API](https://go.microsoft.com/fwlink/?linkid=2033207) + or [Diagnostic Settings + PowerShell](https://go.microsoft.com/fwlink/?linkid=2033043) + :type is_azure_monitor_target_enabled: bool """ _validation = { @@ -132,9 +149,10 @@ class DatabaseBlobAuditingPolicy(ProxyResource): 'audit_actions_and_groups': {'key': 'properties.auditActionsAndGroups', 'type': '[str]'}, 'storage_account_subscription_id': {'key': 'properties.storageAccountSubscriptionId', 'type': 'str'}, 'is_storage_secondary_key_in_use': {'key': 'properties.isStorageSecondaryKeyInUse', 'type': 'bool'}, + 'is_azure_monitor_target_enabled': {'key': 'properties.isAzureMonitorTargetEnabled', 'type': 'bool'}, } - def __init__(self, *, state, storage_endpoint: str=None, storage_account_access_key: str=None, retention_days: int=None, audit_actions_and_groups=None, storage_account_subscription_id: str=None, is_storage_secondary_key_in_use: bool=None, **kwargs) -> None: + def __init__(self, *, state, storage_endpoint: str=None, storage_account_access_key: str=None, retention_days: int=None, audit_actions_and_groups=None, storage_account_subscription_id: str=None, is_storage_secondary_key_in_use: bool=None, is_azure_monitor_target_enabled: bool=None, **kwargs) -> None: super(DatabaseBlobAuditingPolicy, self).__init__(**kwargs) self.kind = None self.state = state @@ -144,3 +162,4 @@ def __init__(self, *, state, storage_endpoint: str=None, storage_account_access_ self.audit_actions_and_groups = audit_actions_and_groups self.storage_account_subscription_id = storage_account_subscription_id self.is_storage_secondary_key_in_use = is_storage_secondary_key_in_use + self.is_azure_monitor_target_enabled = is_azure_monitor_target_enabled diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/extended_database_blob_auditing_policy.py b/azure-mgmt-sql/azure/mgmt/sql/models/extended_database_blob_auditing_policy.py index cdfb75e47f2a..a7b143ea8b15 100644 --- a/azure-mgmt-sql/azure/mgmt/sql/models/extended_database_blob_auditing_policy.py +++ b/azure-mgmt-sql/azure/mgmt/sql/models/extended_database_blob_auditing_policy.py @@ -30,7 +30,7 @@ class ExtendedDatabaseBlobAuditingPolicy(ProxyResource): creating an audit. :type predicate_expression: str :param state: Required. Specifies the state of the policy. If state is - Enabled, storageEndpoint and storageAccountAccessKey are required. + Enabled, storageEndpoint or isAzureMonitorTargetEnabled are required. Possible values include: 'Enabled', 'Disabled' :type state: str or ~azure.mgmt.sql.models.BlobAuditingPolicyState :param storage_endpoint: Specifies the blob storage endpoint (e.g. @@ -38,11 +38,11 @@ class ExtendedDatabaseBlobAuditingPolicy(ProxyResource): storageEndpoint is required. :type storage_endpoint: str :param storage_account_access_key: Specifies the identifier key of the - auditing storage account. If state is Enabled, storageAccountAccessKey is - required. + auditing storage account. If state is Enabled and storageEndpoint is + specified, storageAccountAccessKey is required. :type storage_account_access_key: str :param retention_days: Specifies the number of days to keep in the audit - logs. + logs in the storage account. :type retention_days: int :param audit_actions_and_groups: Specifies the Actions-Groups and Actions to audit. @@ -111,6 +111,23 @@ class ExtendedDatabaseBlobAuditingPolicy(ProxyResource): :param is_storage_secondary_key_in_use: Specifies whether storageAccountAccessKey value is the storage's secondary key. :type is_storage_secondary_key_in_use: bool + :param is_azure_monitor_target_enabled: Specifies whether audit events are + sent to Azure Monitor. + In order to send the events to Azure Monitor, specify 'State' as 'Enabled' + and 'IsAzureMonitorTargetEnabled' as true. + When using REST API to configure auditing, Diagnostic Settings with + 'SQLSecurityAuditEvents' diagnostic logs category on the database should + be also created. + Note that for server level audit you should use the 'master' database as + . + Diagnostic Settings URI format: + PUT + https://management.azure.com/subscriptions//resourceGroups//providers/Microsoft.Sql/servers//databases//providers/microsoft.insights/diagnosticSettings/?api-version=2017-05-01-preview + For more information, see [Diagnostic Settings REST + API](https://go.microsoft.com/fwlink/?linkid=2033207) + or [Diagnostic Settings + PowerShell](https://go.microsoft.com/fwlink/?linkid=2033043) + :type is_azure_monitor_target_enabled: bool """ _validation = { @@ -132,6 +149,7 @@ class ExtendedDatabaseBlobAuditingPolicy(ProxyResource): 'audit_actions_and_groups': {'key': 'properties.auditActionsAndGroups', 'type': '[str]'}, 'storage_account_subscription_id': {'key': 'properties.storageAccountSubscriptionId', 'type': 'str'}, 'is_storage_secondary_key_in_use': {'key': 'properties.isStorageSecondaryKeyInUse', 'type': 'bool'}, + 'is_azure_monitor_target_enabled': {'key': 'properties.isAzureMonitorTargetEnabled', 'type': 'bool'}, } def __init__(self, **kwargs): @@ -144,3 +162,4 @@ def __init__(self, **kwargs): self.audit_actions_and_groups = kwargs.get('audit_actions_and_groups', None) self.storage_account_subscription_id = kwargs.get('storage_account_subscription_id', None) self.is_storage_secondary_key_in_use = kwargs.get('is_storage_secondary_key_in_use', None) + self.is_azure_monitor_target_enabled = kwargs.get('is_azure_monitor_target_enabled', None) diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/extended_database_blob_auditing_policy_py3.py b/azure-mgmt-sql/azure/mgmt/sql/models/extended_database_blob_auditing_policy_py3.py index ee5ce27523e1..5a4c8f173611 100644 --- a/azure-mgmt-sql/azure/mgmt/sql/models/extended_database_blob_auditing_policy_py3.py +++ b/azure-mgmt-sql/azure/mgmt/sql/models/extended_database_blob_auditing_policy_py3.py @@ -30,7 +30,7 @@ class ExtendedDatabaseBlobAuditingPolicy(ProxyResource): creating an audit. :type predicate_expression: str :param state: Required. Specifies the state of the policy. If state is - Enabled, storageEndpoint and storageAccountAccessKey are required. + Enabled, storageEndpoint or isAzureMonitorTargetEnabled are required. Possible values include: 'Enabled', 'Disabled' :type state: str or ~azure.mgmt.sql.models.BlobAuditingPolicyState :param storage_endpoint: Specifies the blob storage endpoint (e.g. @@ -38,11 +38,11 @@ class ExtendedDatabaseBlobAuditingPolicy(ProxyResource): storageEndpoint is required. :type storage_endpoint: str :param storage_account_access_key: Specifies the identifier key of the - auditing storage account. If state is Enabled, storageAccountAccessKey is - required. + auditing storage account. If state is Enabled and storageEndpoint is + specified, storageAccountAccessKey is required. :type storage_account_access_key: str :param retention_days: Specifies the number of days to keep in the audit - logs. + logs in the storage account. :type retention_days: int :param audit_actions_and_groups: Specifies the Actions-Groups and Actions to audit. @@ -111,6 +111,23 @@ class ExtendedDatabaseBlobAuditingPolicy(ProxyResource): :param is_storage_secondary_key_in_use: Specifies whether storageAccountAccessKey value is the storage's secondary key. :type is_storage_secondary_key_in_use: bool + :param is_azure_monitor_target_enabled: Specifies whether audit events are + sent to Azure Monitor. + In order to send the events to Azure Monitor, specify 'State' as 'Enabled' + and 'IsAzureMonitorTargetEnabled' as true. + When using REST API to configure auditing, Diagnostic Settings with + 'SQLSecurityAuditEvents' diagnostic logs category on the database should + be also created. + Note that for server level audit you should use the 'master' database as + . + Diagnostic Settings URI format: + PUT + https://management.azure.com/subscriptions//resourceGroups//providers/Microsoft.Sql/servers//databases//providers/microsoft.insights/diagnosticSettings/?api-version=2017-05-01-preview + For more information, see [Diagnostic Settings REST + API](https://go.microsoft.com/fwlink/?linkid=2033207) + or [Diagnostic Settings + PowerShell](https://go.microsoft.com/fwlink/?linkid=2033043) + :type is_azure_monitor_target_enabled: bool """ _validation = { @@ -132,9 +149,10 @@ class ExtendedDatabaseBlobAuditingPolicy(ProxyResource): 'audit_actions_and_groups': {'key': 'properties.auditActionsAndGroups', 'type': '[str]'}, 'storage_account_subscription_id': {'key': 'properties.storageAccountSubscriptionId', 'type': 'str'}, 'is_storage_secondary_key_in_use': {'key': 'properties.isStorageSecondaryKeyInUse', 'type': 'bool'}, + 'is_azure_monitor_target_enabled': {'key': 'properties.isAzureMonitorTargetEnabled', 'type': 'bool'}, } - def __init__(self, *, state, predicate_expression: str=None, storage_endpoint: str=None, storage_account_access_key: str=None, retention_days: int=None, audit_actions_and_groups=None, storage_account_subscription_id: str=None, is_storage_secondary_key_in_use: bool=None, **kwargs) -> None: + def __init__(self, *, state, predicate_expression: str=None, storage_endpoint: str=None, storage_account_access_key: str=None, retention_days: int=None, audit_actions_and_groups=None, storage_account_subscription_id: str=None, is_storage_secondary_key_in_use: bool=None, is_azure_monitor_target_enabled: bool=None, **kwargs) -> None: super(ExtendedDatabaseBlobAuditingPolicy, self).__init__(**kwargs) self.predicate_expression = predicate_expression self.state = state @@ -144,3 +162,4 @@ def __init__(self, *, state, predicate_expression: str=None, storage_endpoint: s self.audit_actions_and_groups = audit_actions_and_groups self.storage_account_subscription_id = storage_account_subscription_id self.is_storage_secondary_key_in_use = is_storage_secondary_key_in_use + self.is_azure_monitor_target_enabled = is_azure_monitor_target_enabled diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/extended_server_blob_auditing_policy.py b/azure-mgmt-sql/azure/mgmt/sql/models/extended_server_blob_auditing_policy.py index a11e18ac68b1..68813994b0be 100644 --- a/azure-mgmt-sql/azure/mgmt/sql/models/extended_server_blob_auditing_policy.py +++ b/azure-mgmt-sql/azure/mgmt/sql/models/extended_server_blob_auditing_policy.py @@ -30,7 +30,7 @@ class ExtendedServerBlobAuditingPolicy(ProxyResource): creating an audit. :type predicate_expression: str :param state: Required. Specifies the state of the policy. If state is - Enabled, storageEndpoint and storageAccountAccessKey are required. + Enabled, storageEndpoint or isAzureMonitorTargetEnabled are required. Possible values include: 'Enabled', 'Disabled' :type state: str or ~azure.mgmt.sql.models.BlobAuditingPolicyState :param storage_endpoint: Specifies the blob storage endpoint (e.g. @@ -38,11 +38,11 @@ class ExtendedServerBlobAuditingPolicy(ProxyResource): storageEndpoint is required. :type storage_endpoint: str :param storage_account_access_key: Specifies the identifier key of the - auditing storage account. If state is Enabled, storageAccountAccessKey is - required. + auditing storage account. If state is Enabled and storageEndpoint is + specified, storageAccountAccessKey is required. :type storage_account_access_key: str :param retention_days: Specifies the number of days to keep in the audit - logs. + logs in the storage account. :type retention_days: int :param audit_actions_and_groups: Specifies the Actions-Groups and Actions to audit. @@ -111,6 +111,23 @@ class ExtendedServerBlobAuditingPolicy(ProxyResource): :param is_storage_secondary_key_in_use: Specifies whether storageAccountAccessKey value is the storage's secondary key. :type is_storage_secondary_key_in_use: bool + :param is_azure_monitor_target_enabled: Specifies whether audit events are + sent to Azure Monitor. + In order to send the events to Azure Monitor, specify 'State' as 'Enabled' + and 'IsAzureMonitorTargetEnabled' as true. + When using REST API to configure auditing, Diagnostic Settings with + 'SQLSecurityAuditEvents' diagnostic logs category on the database should + be also created. + Note that for server level audit you should use the 'master' database as + . + Diagnostic Settings URI format: + PUT + https://management.azure.com/subscriptions//resourceGroups//providers/Microsoft.Sql/servers//databases//providers/microsoft.insights/diagnosticSettings/?api-version=2017-05-01-preview + For more information, see [Diagnostic Settings REST + API](https://go.microsoft.com/fwlink/?linkid=2033207) + or [Diagnostic Settings + PowerShell](https://go.microsoft.com/fwlink/?linkid=2033043) + :type is_azure_monitor_target_enabled: bool """ _validation = { @@ -132,6 +149,7 @@ class ExtendedServerBlobAuditingPolicy(ProxyResource): 'audit_actions_and_groups': {'key': 'properties.auditActionsAndGroups', 'type': '[str]'}, 'storage_account_subscription_id': {'key': 'properties.storageAccountSubscriptionId', 'type': 'str'}, 'is_storage_secondary_key_in_use': {'key': 'properties.isStorageSecondaryKeyInUse', 'type': 'bool'}, + 'is_azure_monitor_target_enabled': {'key': 'properties.isAzureMonitorTargetEnabled', 'type': 'bool'}, } def __init__(self, **kwargs): @@ -144,3 +162,4 @@ def __init__(self, **kwargs): self.audit_actions_and_groups = kwargs.get('audit_actions_and_groups', None) self.storage_account_subscription_id = kwargs.get('storage_account_subscription_id', None) self.is_storage_secondary_key_in_use = kwargs.get('is_storage_secondary_key_in_use', None) + self.is_azure_monitor_target_enabled = kwargs.get('is_azure_monitor_target_enabled', None) diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/extended_server_blob_auditing_policy_py3.py b/azure-mgmt-sql/azure/mgmt/sql/models/extended_server_blob_auditing_policy_py3.py index ac522801a8dd..1f60403ce96c 100644 --- a/azure-mgmt-sql/azure/mgmt/sql/models/extended_server_blob_auditing_policy_py3.py +++ b/azure-mgmt-sql/azure/mgmt/sql/models/extended_server_blob_auditing_policy_py3.py @@ -30,7 +30,7 @@ class ExtendedServerBlobAuditingPolicy(ProxyResource): creating an audit. :type predicate_expression: str :param state: Required. Specifies the state of the policy. If state is - Enabled, storageEndpoint and storageAccountAccessKey are required. + Enabled, storageEndpoint or isAzureMonitorTargetEnabled are required. Possible values include: 'Enabled', 'Disabled' :type state: str or ~azure.mgmt.sql.models.BlobAuditingPolicyState :param storage_endpoint: Specifies the blob storage endpoint (e.g. @@ -38,11 +38,11 @@ class ExtendedServerBlobAuditingPolicy(ProxyResource): storageEndpoint is required. :type storage_endpoint: str :param storage_account_access_key: Specifies the identifier key of the - auditing storage account. If state is Enabled, storageAccountAccessKey is - required. + auditing storage account. If state is Enabled and storageEndpoint is + specified, storageAccountAccessKey is required. :type storage_account_access_key: str :param retention_days: Specifies the number of days to keep in the audit - logs. + logs in the storage account. :type retention_days: int :param audit_actions_and_groups: Specifies the Actions-Groups and Actions to audit. @@ -111,6 +111,23 @@ class ExtendedServerBlobAuditingPolicy(ProxyResource): :param is_storage_secondary_key_in_use: Specifies whether storageAccountAccessKey value is the storage's secondary key. :type is_storage_secondary_key_in_use: bool + :param is_azure_monitor_target_enabled: Specifies whether audit events are + sent to Azure Monitor. + In order to send the events to Azure Monitor, specify 'State' as 'Enabled' + and 'IsAzureMonitorTargetEnabled' as true. + When using REST API to configure auditing, Diagnostic Settings with + 'SQLSecurityAuditEvents' diagnostic logs category on the database should + be also created. + Note that for server level audit you should use the 'master' database as + . + Diagnostic Settings URI format: + PUT + https://management.azure.com/subscriptions//resourceGroups//providers/Microsoft.Sql/servers//databases//providers/microsoft.insights/diagnosticSettings/?api-version=2017-05-01-preview + For more information, see [Diagnostic Settings REST + API](https://go.microsoft.com/fwlink/?linkid=2033207) + or [Diagnostic Settings + PowerShell](https://go.microsoft.com/fwlink/?linkid=2033043) + :type is_azure_monitor_target_enabled: bool """ _validation = { @@ -132,9 +149,10 @@ class ExtendedServerBlobAuditingPolicy(ProxyResource): 'audit_actions_and_groups': {'key': 'properties.auditActionsAndGroups', 'type': '[str]'}, 'storage_account_subscription_id': {'key': 'properties.storageAccountSubscriptionId', 'type': 'str'}, 'is_storage_secondary_key_in_use': {'key': 'properties.isStorageSecondaryKeyInUse', 'type': 'bool'}, + 'is_azure_monitor_target_enabled': {'key': 'properties.isAzureMonitorTargetEnabled', 'type': 'bool'}, } - def __init__(self, *, state, predicate_expression: str=None, storage_endpoint: str=None, storage_account_access_key: str=None, retention_days: int=None, audit_actions_and_groups=None, storage_account_subscription_id: str=None, is_storage_secondary_key_in_use: bool=None, **kwargs) -> None: + def __init__(self, *, state, predicate_expression: str=None, storage_endpoint: str=None, storage_account_access_key: str=None, retention_days: int=None, audit_actions_and_groups=None, storage_account_subscription_id: str=None, is_storage_secondary_key_in_use: bool=None, is_azure_monitor_target_enabled: bool=None, **kwargs) -> None: super(ExtendedServerBlobAuditingPolicy, self).__init__(**kwargs) self.predicate_expression = predicate_expression self.state = state @@ -144,3 +162,4 @@ def __init__(self, *, state, predicate_expression: str=None, storage_endpoint: s self.audit_actions_and_groups = audit_actions_and_groups self.storage_account_subscription_id = storage_account_subscription_id self.is_storage_secondary_key_in_use = is_storage_secondary_key_in_use + self.is_azure_monitor_target_enabled = is_azure_monitor_target_enabled diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/server_blob_auditing_policy.py b/azure-mgmt-sql/azure/mgmt/sql/models/server_blob_auditing_policy.py index 0232582a4237..e100e6d3b95c 100644 --- a/azure-mgmt-sql/azure/mgmt/sql/models/server_blob_auditing_policy.py +++ b/azure-mgmt-sql/azure/mgmt/sql/models/server_blob_auditing_policy.py @@ -27,7 +27,7 @@ class ServerBlobAuditingPolicy(ProxyResource): :ivar type: Resource type. :vartype type: str :param state: Required. Specifies the state of the policy. If state is - Enabled, storageEndpoint and storageAccountAccessKey are required. + Enabled, storageEndpoint or isAzureMonitorTargetEnabled are required. Possible values include: 'Enabled', 'Disabled' :type state: str or ~azure.mgmt.sql.models.BlobAuditingPolicyState :param storage_endpoint: Specifies the blob storage endpoint (e.g. @@ -35,11 +35,11 @@ class ServerBlobAuditingPolicy(ProxyResource): storageEndpoint is required. :type storage_endpoint: str :param storage_account_access_key: Specifies the identifier key of the - auditing storage account. If state is Enabled, storageAccountAccessKey is - required. + auditing storage account. If state is Enabled and storageEndpoint is + specified, storageAccountAccessKey is required. :type storage_account_access_key: str :param retention_days: Specifies the number of days to keep in the audit - logs. + logs in the storage account. :type retention_days: int :param audit_actions_and_groups: Specifies the Actions-Groups and Actions to audit. @@ -108,6 +108,23 @@ class ServerBlobAuditingPolicy(ProxyResource): :param is_storage_secondary_key_in_use: Specifies whether storageAccountAccessKey value is the storage's secondary key. :type is_storage_secondary_key_in_use: bool + :param is_azure_monitor_target_enabled: Specifies whether audit events are + sent to Azure Monitor. + In order to send the events to Azure Monitor, specify 'State' as 'Enabled' + and 'IsAzureMonitorTargetEnabled' as true. + When using REST API to configure auditing, Diagnostic Settings with + 'SQLSecurityAuditEvents' diagnostic logs category on the database should + be also created. + Note that for server level audit you should use the 'master' database as + . + Diagnostic Settings URI format: + PUT + https://management.azure.com/subscriptions//resourceGroups//providers/Microsoft.Sql/servers//databases//providers/microsoft.insights/diagnosticSettings/?api-version=2017-05-01-preview + For more information, see [Diagnostic Settings REST + API](https://go.microsoft.com/fwlink/?linkid=2033207) + or [Diagnostic Settings + PowerShell](https://go.microsoft.com/fwlink/?linkid=2033043) + :type is_azure_monitor_target_enabled: bool """ _validation = { @@ -128,6 +145,7 @@ class ServerBlobAuditingPolicy(ProxyResource): 'audit_actions_and_groups': {'key': 'properties.auditActionsAndGroups', 'type': '[str]'}, 'storage_account_subscription_id': {'key': 'properties.storageAccountSubscriptionId', 'type': 'str'}, 'is_storage_secondary_key_in_use': {'key': 'properties.isStorageSecondaryKeyInUse', 'type': 'bool'}, + 'is_azure_monitor_target_enabled': {'key': 'properties.isAzureMonitorTargetEnabled', 'type': 'bool'}, } def __init__(self, **kwargs): @@ -139,3 +157,4 @@ def __init__(self, **kwargs): self.audit_actions_and_groups = kwargs.get('audit_actions_and_groups', None) self.storage_account_subscription_id = kwargs.get('storage_account_subscription_id', None) self.is_storage_secondary_key_in_use = kwargs.get('is_storage_secondary_key_in_use', None) + self.is_azure_monitor_target_enabled = kwargs.get('is_azure_monitor_target_enabled', None) diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/server_blob_auditing_policy_py3.py b/azure-mgmt-sql/azure/mgmt/sql/models/server_blob_auditing_policy_py3.py index 51dcc8c41d4c..183f99e50113 100644 --- a/azure-mgmt-sql/azure/mgmt/sql/models/server_blob_auditing_policy_py3.py +++ b/azure-mgmt-sql/azure/mgmt/sql/models/server_blob_auditing_policy_py3.py @@ -27,7 +27,7 @@ class ServerBlobAuditingPolicy(ProxyResource): :ivar type: Resource type. :vartype type: str :param state: Required. Specifies the state of the policy. If state is - Enabled, storageEndpoint and storageAccountAccessKey are required. + Enabled, storageEndpoint or isAzureMonitorTargetEnabled are required. Possible values include: 'Enabled', 'Disabled' :type state: str or ~azure.mgmt.sql.models.BlobAuditingPolicyState :param storage_endpoint: Specifies the blob storage endpoint (e.g. @@ -35,11 +35,11 @@ class ServerBlobAuditingPolicy(ProxyResource): storageEndpoint is required. :type storage_endpoint: str :param storage_account_access_key: Specifies the identifier key of the - auditing storage account. If state is Enabled, storageAccountAccessKey is - required. + auditing storage account. If state is Enabled and storageEndpoint is + specified, storageAccountAccessKey is required. :type storage_account_access_key: str :param retention_days: Specifies the number of days to keep in the audit - logs. + logs in the storage account. :type retention_days: int :param audit_actions_and_groups: Specifies the Actions-Groups and Actions to audit. @@ -108,6 +108,23 @@ class ServerBlobAuditingPolicy(ProxyResource): :param is_storage_secondary_key_in_use: Specifies whether storageAccountAccessKey value is the storage's secondary key. :type is_storage_secondary_key_in_use: bool + :param is_azure_monitor_target_enabled: Specifies whether audit events are + sent to Azure Monitor. + In order to send the events to Azure Monitor, specify 'State' as 'Enabled' + and 'IsAzureMonitorTargetEnabled' as true. + When using REST API to configure auditing, Diagnostic Settings with + 'SQLSecurityAuditEvents' diagnostic logs category on the database should + be also created. + Note that for server level audit you should use the 'master' database as + . + Diagnostic Settings URI format: + PUT + https://management.azure.com/subscriptions//resourceGroups//providers/Microsoft.Sql/servers//databases//providers/microsoft.insights/diagnosticSettings/?api-version=2017-05-01-preview + For more information, see [Diagnostic Settings REST + API](https://go.microsoft.com/fwlink/?linkid=2033207) + or [Diagnostic Settings + PowerShell](https://go.microsoft.com/fwlink/?linkid=2033043) + :type is_azure_monitor_target_enabled: bool """ _validation = { @@ -128,9 +145,10 @@ class ServerBlobAuditingPolicy(ProxyResource): 'audit_actions_and_groups': {'key': 'properties.auditActionsAndGroups', 'type': '[str]'}, 'storage_account_subscription_id': {'key': 'properties.storageAccountSubscriptionId', 'type': 'str'}, 'is_storage_secondary_key_in_use': {'key': 'properties.isStorageSecondaryKeyInUse', 'type': 'bool'}, + 'is_azure_monitor_target_enabled': {'key': 'properties.isAzureMonitorTargetEnabled', 'type': 'bool'}, } - def __init__(self, *, state, storage_endpoint: str=None, storage_account_access_key: str=None, retention_days: int=None, audit_actions_and_groups=None, storage_account_subscription_id: str=None, is_storage_secondary_key_in_use: bool=None, **kwargs) -> None: + def __init__(self, *, state, storage_endpoint: str=None, storage_account_access_key: str=None, retention_days: int=None, audit_actions_and_groups=None, storage_account_subscription_id: str=None, is_storage_secondary_key_in_use: bool=None, is_azure_monitor_target_enabled: bool=None, **kwargs) -> None: super(ServerBlobAuditingPolicy, self).__init__(**kwargs) self.state = state self.storage_endpoint = storage_endpoint @@ -139,3 +157,4 @@ def __init__(self, *, state, storage_endpoint: str=None, storage_account_access_ self.audit_actions_and_groups = audit_actions_and_groups self.storage_account_subscription_id = storage_account_subscription_id self.is_storage_secondary_key_in_use = is_storage_secondary_key_in_use + self.is_azure_monitor_target_enabled = is_azure_monitor_target_enabled