From a9d8a1a738b87dc385c831c2d87d5c705b07f2f3 Mon Sep 17 00:00:00 2001 From: Azure SDK for Python bot Date: Thu, 7 Jun 2018 05:40:56 +0000 Subject: [PATCH 1/3] Generated from 462e8a68d6f8e8d169a1bf4340ca64ebdbce314d Fix validation error --- .../azure/mgmt/sql/models/__init__.py | 3 + .../models/database_security_alert_policy.py | 2 +- .../database_security_alert_policy_py3.py | 2 +- .../models/server_security_alert_policy.py | 82 +++++++ .../server_security_alert_policy_py3.py | 82 +++++++ .../sql/models/sql_management_client_enums.py | 1 - .../azure/mgmt/sql/operations/__init__.py | 2 + ...rver_security_alert_policies_operations.py | 211 ++++++++++++++++++ .../azure/mgmt/sql/sql_management_client.py | 5 + 9 files changed, 387 insertions(+), 3 deletions(-) create mode 100644 azure-mgmt-sql/azure/mgmt/sql/models/server_security_alert_policy.py create mode 100644 azure-mgmt-sql/azure/mgmt/sql/models/server_security_alert_policy_py3.py create mode 100644 azure-mgmt-sql/azure/mgmt/sql/operations/server_security_alert_policies_operations.py diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/__init__.py b/azure-mgmt-sql/azure/mgmt/sql/models/__init__.py index 6570ace507ee..1044ab8f0b3b 100644 --- a/azure-mgmt-sql/azure/mgmt/sql/models/__init__.py +++ b/azure-mgmt-sql/azure/mgmt/sql/models/__init__.py @@ -108,6 +108,7 @@ from .server_automatic_tuning_py3 import ServerAutomaticTuning from .server_dns_alias_py3 import ServerDnsAlias from .server_dns_alias_acquisition_py3 import ServerDnsAliasAcquisition + from .server_security_alert_policy_py3 import ServerSecurityAlertPolicy from .restore_point_py3 import RestorePoint from .create_database_restore_point_definition_py3 import CreateDatabaseRestorePointDefinition from .database_operation_py3 import DatabaseOperation @@ -243,6 +244,7 @@ from .server_automatic_tuning import ServerAutomaticTuning from .server_dns_alias import ServerDnsAlias from .server_dns_alias_acquisition import ServerDnsAliasAcquisition + from .server_security_alert_policy import ServerSecurityAlertPolicy from .restore_point import RestorePoint from .create_database_restore_point_definition import CreateDatabaseRestorePointDefinition from .database_operation import DatabaseOperation @@ -508,6 +510,7 @@ 'ServerAutomaticTuning', 'ServerDnsAlias', 'ServerDnsAliasAcquisition', + 'ServerSecurityAlertPolicy', 'RestorePoint', 'CreateDatabaseRestorePointDefinition', 'DatabaseOperation', diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/database_security_alert_policy.py b/azure-mgmt-sql/azure/mgmt/sql/models/database_security_alert_policy.py index ce511c006b99..1abac4742b20 100644 --- a/azure-mgmt-sql/azure/mgmt/sql/models/database_security_alert_policy.py +++ b/azure-mgmt-sql/azure/mgmt/sql/models/database_security_alert_policy.py @@ -32,7 +32,7 @@ class DatabaseSecurityAlertPolicy(ProxyResource): :vartype kind: str :param state: Required. Specifies the state of the policy. If state is Enabled, storageEndpoint and storageAccountAccessKey are required. - Possible values include: 'New', 'Enabled', 'Disabled' + Possible values include: 'Enabled', 'Disabled' :type state: str or ~azure.mgmt.sql.models.SecurityAlertPolicyState :param disabled_alerts: Specifies the semicolon-separated list of alerts that are disabled, or empty string to disable no alerts. Possible values: diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/database_security_alert_policy_py3.py b/azure-mgmt-sql/azure/mgmt/sql/models/database_security_alert_policy_py3.py index 8967d6a6e0f1..e9c04c89f5ba 100644 --- a/azure-mgmt-sql/azure/mgmt/sql/models/database_security_alert_policy_py3.py +++ b/azure-mgmt-sql/azure/mgmt/sql/models/database_security_alert_policy_py3.py @@ -32,7 +32,7 @@ class DatabaseSecurityAlertPolicy(ProxyResource): :vartype kind: str :param state: Required. Specifies the state of the policy. If state is Enabled, storageEndpoint and storageAccountAccessKey are required. - Possible values include: 'New', 'Enabled', 'Disabled' + Possible values include: 'Enabled', 'Disabled' :type state: str or ~azure.mgmt.sql.models.SecurityAlertPolicyState :param disabled_alerts: Specifies the semicolon-separated list of alerts that are disabled, or empty string to disable no alerts. Possible values: diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/server_security_alert_policy.py b/azure-mgmt-sql/azure/mgmt/sql/models/server_security_alert_policy.py new file mode 100644 index 000000000000..bf05d4d46db1 --- /dev/null +++ b/azure-mgmt-sql/azure/mgmt/sql/models/server_security_alert_policy.py @@ -0,0 +1,82 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from .proxy_resource import ProxyResource + + +class ServerSecurityAlertPolicy(ProxyResource): + """A server security alert policy. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Resource ID. + :vartype id: str + :ivar name: Resource name. + :vartype name: str + :ivar type: Resource type. + :vartype type: str + :param state: Required. Specifies the state of the policy, whether it is + enabled or disabled. Possible values include: 'Enabled', 'Disabled' + :type state: str or ~azure.mgmt.sql.models.SecurityAlertPolicyState + :param disabled_alerts: Specifies an array of alerts that are disabled. + Allowed values are: Sql_Injection, Sql_Injection_Vulnerability, + Access_Anomaly + :type disabled_alerts: list[str] + :param email_addresses: Specifies an array of e-mail addresses to which + the alert is sent. + :type email_addresses: list[str] + :param email_account_admins: Specifies that the alert is sent to the + account administrators. + :type email_account_admins: bool + :param storage_endpoint: Specifies the blob storage endpoint (e.g. + https://MyAccount.blob.core.windows.net). This blob storage will hold all + Threat Detection audit logs. + :type storage_endpoint: str + :param storage_account_access_key: Specifies the identifier key of the + Threat Detection audit storage account. + :type storage_account_access_key: str + :param retention_days: Specifies the number of days to keep in the Threat + Detection audit logs. + :type retention_days: int + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'state': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'state': {'key': 'properties.state', 'type': 'SecurityAlertPolicyState'}, + 'disabled_alerts': {'key': 'properties.disabledAlerts', 'type': '[str]'}, + 'email_addresses': {'key': 'properties.emailAddresses', 'type': '[str]'}, + 'email_account_admins': {'key': 'properties.emailAccountAdmins', 'type': 'bool'}, + 'storage_endpoint': {'key': 'properties.storageEndpoint', 'type': 'str'}, + 'storage_account_access_key': {'key': 'properties.storageAccountAccessKey', 'type': 'str'}, + 'retention_days': {'key': 'properties.retentionDays', 'type': 'int'}, + } + + def __init__(self, **kwargs): + super(ServerSecurityAlertPolicy, self).__init__(**kwargs) + self.state = kwargs.get('state', None) + self.disabled_alerts = kwargs.get('disabled_alerts', None) + self.email_addresses = kwargs.get('email_addresses', None) + self.email_account_admins = kwargs.get('email_account_admins', None) + self.storage_endpoint = kwargs.get('storage_endpoint', None) + self.storage_account_access_key = kwargs.get('storage_account_access_key', None) + self.retention_days = kwargs.get('retention_days', None) diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/server_security_alert_policy_py3.py b/azure-mgmt-sql/azure/mgmt/sql/models/server_security_alert_policy_py3.py new file mode 100644 index 000000000000..0f5087992948 --- /dev/null +++ b/azure-mgmt-sql/azure/mgmt/sql/models/server_security_alert_policy_py3.py @@ -0,0 +1,82 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from .proxy_resource_py3 import ProxyResource + + +class ServerSecurityAlertPolicy(ProxyResource): + """A server security alert policy. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Resource ID. + :vartype id: str + :ivar name: Resource name. + :vartype name: str + :ivar type: Resource type. + :vartype type: str + :param state: Required. Specifies the state of the policy, whether it is + enabled or disabled. Possible values include: 'Enabled', 'Disabled' + :type state: str or ~azure.mgmt.sql.models.SecurityAlertPolicyState + :param disabled_alerts: Specifies an array of alerts that are disabled. + Allowed values are: Sql_Injection, Sql_Injection_Vulnerability, + Access_Anomaly + :type disabled_alerts: list[str] + :param email_addresses: Specifies an array of e-mail addresses to which + the alert is sent. + :type email_addresses: list[str] + :param email_account_admins: Specifies that the alert is sent to the + account administrators. + :type email_account_admins: bool + :param storage_endpoint: Specifies the blob storage endpoint (e.g. + https://MyAccount.blob.core.windows.net). This blob storage will hold all + Threat Detection audit logs. + :type storage_endpoint: str + :param storage_account_access_key: Specifies the identifier key of the + Threat Detection audit storage account. + :type storage_account_access_key: str + :param retention_days: Specifies the number of days to keep in the Threat + Detection audit logs. + :type retention_days: int + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'state': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'state': {'key': 'properties.state', 'type': 'SecurityAlertPolicyState'}, + 'disabled_alerts': {'key': 'properties.disabledAlerts', 'type': '[str]'}, + 'email_addresses': {'key': 'properties.emailAddresses', 'type': '[str]'}, + 'email_account_admins': {'key': 'properties.emailAccountAdmins', 'type': 'bool'}, + 'storage_endpoint': {'key': 'properties.storageEndpoint', 'type': 'str'}, + 'storage_account_access_key': {'key': 'properties.storageAccountAccessKey', 'type': 'str'}, + 'retention_days': {'key': 'properties.retentionDays', 'type': 'int'}, + } + + def __init__(self, *, state, disabled_alerts=None, email_addresses=None, email_account_admins: bool=None, storage_endpoint: str=None, storage_account_access_key: str=None, retention_days: int=None, **kwargs) -> None: + super(ServerSecurityAlertPolicy, self).__init__(**kwargs) + self.state = state + self.disabled_alerts = disabled_alerts + self.email_addresses = email_addresses + self.email_account_admins = email_account_admins + self.storage_endpoint = storage_endpoint + self.storage_account_access_key = storage_account_access_key + self.retention_days = retention_days diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/sql_management_client_enums.py b/azure-mgmt-sql/azure/mgmt/sql/models/sql_management_client_enums.py index 273dd0d3484b..75dee5d83675 100644 --- a/azure-mgmt-sql/azure/mgmt/sql/models/sql_management_client_enums.py +++ b/azure-mgmt-sql/azure/mgmt/sql/models/sql_management_client_enums.py @@ -27,7 +27,6 @@ class ServerConnectionType(str, Enum): class SecurityAlertPolicyState(str, Enum): - new = "New" enabled = "Enabled" disabled = "Disabled" diff --git a/azure-mgmt-sql/azure/mgmt/sql/operations/__init__.py b/azure-mgmt-sql/azure/mgmt/sql/operations/__init__.py index 953bb00775df..6a439bd7367f 100644 --- a/azure-mgmt-sql/azure/mgmt/sql/operations/__init__.py +++ b/azure-mgmt-sql/azure/mgmt/sql/operations/__init__.py @@ -60,6 +60,7 @@ from .managed_databases_operations import ManagedDatabasesOperations from .server_automatic_tuning_operations import ServerAutomaticTuningOperations from .server_dns_aliases_operations import ServerDnsAliasesOperations +from .server_security_alert_policies_operations import ServerSecurityAlertPoliciesOperations from .restore_points_operations import RestorePointsOperations from .database_operations import DatabaseOperations from .elastic_pool_operations import ElasticPoolOperations @@ -120,6 +121,7 @@ 'ManagedDatabasesOperations', 'ServerAutomaticTuningOperations', 'ServerDnsAliasesOperations', + 'ServerSecurityAlertPoliciesOperations', 'RestorePointsOperations', 'DatabaseOperations', 'ElasticPoolOperations', diff --git a/azure-mgmt-sql/azure/mgmt/sql/operations/server_security_alert_policies_operations.py b/azure-mgmt-sql/azure/mgmt/sql/operations/server_security_alert_policies_operations.py new file mode 100644 index 000000000000..ddbd335574b4 --- /dev/null +++ b/azure-mgmt-sql/azure/mgmt/sql/operations/server_security_alert_policies_operations.py @@ -0,0 +1,211 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +import uuid +from msrest.pipeline import ClientRawResponse +from msrestazure.azure_exceptions import CloudError +from msrest.polling import LROPoller, NoPolling +from msrestazure.polling.arm_polling import ARMPolling + +from .. import models + + +class ServerSecurityAlertPoliciesOperations(object): + """ServerSecurityAlertPoliciesOperations operations. + + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + :ivar security_alert_policy_name: The name of the security alert policy. Constant value: "Default". + :ivar api_version: The API version to use for the request. Constant value: "2017-03-01-preview". + """ + + models = models + + def __init__(self, client, config, serializer, deserializer): + + self._client = client + self._serialize = serializer + self._deserialize = deserializer + self.security_alert_policy_name = "Default" + self.api_version = "2017-03-01-preview" + + self.config = config + + def get( + self, resource_group_name, server_name, custom_headers=None, raw=False, **operation_config): + """Get a server's security alert policy. + + :param resource_group_name: The name of the resource group that + contains the resource. You can obtain this value from the Azure + Resource Manager API or the portal. + :type resource_group_name: str + :param server_name: The name of the server. + :type server_name: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: ServerSecurityAlertPolicy or ClientRawResponse if raw=true + :rtype: ~azure.mgmt.sql.models.ServerSecurityAlertPolicy or + ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.get.metadata['url'] + path_format_arguments = { + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str'), + 'serverName': self._serialize.url("server_name", server_name, 'str'), + 'securityAlertPolicyName': self._serialize.url("self.security_alert_policy_name", self.security_alert_policy_name, 'str'), + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters) + response = self._client.send(request, header_parameters, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + + if response.status_code == 200: + deserialized = self._deserialize('ServerSecurityAlertPolicy', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + get.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/securityAlertPolicies/{securityAlertPolicyName}'} + + + def _create_or_update_initial( + self, resource_group_name, server_name, parameters, custom_headers=None, raw=False, **operation_config): + # Construct URL + url = self.create_or_update.metadata['url'] + path_format_arguments = { + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str'), + 'serverName': self._serialize.url("server_name", server_name, 'str'), + 'securityAlertPolicyName': self._serialize.url("self.security_alert_policy_name", self.security_alert_policy_name, 'str'), + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct body + body_content = self._serialize.body(parameters, 'ServerSecurityAlertPolicy') + + # Construct and send request + request = self._client.put(url, query_parameters) + response = self._client.send( + request, header_parameters, body_content, stream=False, **operation_config) + + if response.status_code not in [200, 202]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + + if response.status_code == 200: + deserialized = self._deserialize('ServerSecurityAlertPolicy', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + + def create_or_update( + self, resource_group_name, server_name, parameters, custom_headers=None, raw=False, polling=True, **operation_config): + """Creates or updates a threat detection policy. + + :param resource_group_name: The name of the resource group that + contains the resource. You can obtain this value from the Azure + Resource Manager API or the portal. + :type resource_group_name: str + :param server_name: The name of the server. + :type server_name: str + :param parameters: The server security alert policy. + :type parameters: ~azure.mgmt.sql.models.ServerSecurityAlertPolicy + :param dict custom_headers: headers that will be added to the request + :param bool raw: The poller return type is ClientRawResponse, the + direct response alongside the deserialized response + :param polling: True for ARMPolling, False for no polling, or a + polling object for personal polling strategy + :return: An instance of LROPoller that returns + ServerSecurityAlertPolicy or + ClientRawResponse if raw==True + :rtype: + ~msrestazure.azure_operation.AzureOperationPoller[~azure.mgmt.sql.models.ServerSecurityAlertPolicy] + or + ~msrestazure.azure_operation.AzureOperationPoller[~msrest.pipeline.ClientRawResponse[~azure.mgmt.sql.models.ServerSecurityAlertPolicy]] + :raises: :class:`CloudError` + """ + raw_result = self._create_or_update_initial( + resource_group_name=resource_group_name, + server_name=server_name, + parameters=parameters, + custom_headers=custom_headers, + raw=True, + **operation_config + ) + + def get_long_running_output(response): + deserialized = self._deserialize('ServerSecurityAlertPolicy', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + + lro_delay = operation_config.get( + 'long_running_operation_timeout', + self.config.long_running_operation_timeout) + if polling is True: polling_method = ARMPolling(lro_delay, **operation_config) + elif polling is False: polling_method = NoPolling() + else: polling_method = polling + return LROPoller(self._client, raw_result, get_long_running_output, polling_method) + create_or_update.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/securityAlertPolicies/{securityAlertPolicyName}'} diff --git a/azure-mgmt-sql/azure/mgmt/sql/sql_management_client.py b/azure-mgmt-sql/azure/mgmt/sql/sql_management_client.py index 39a53dad15fb..9afb33b63ea4 100644 --- a/azure-mgmt-sql/azure/mgmt/sql/sql_management_client.py +++ b/azure-mgmt-sql/azure/mgmt/sql/sql_management_client.py @@ -64,6 +64,7 @@ from .operations.managed_databases_operations import ManagedDatabasesOperations from .operations.server_automatic_tuning_operations import ServerAutomaticTuningOperations from .operations.server_dns_aliases_operations import ServerDnsAliasesOperations +from .operations.server_security_alert_policies_operations import ServerSecurityAlertPoliciesOperations from .operations.restore_points_operations import RestorePointsOperations from .operations.database_operations import DatabaseOperations from .operations.elastic_pool_operations import ElasticPoolOperations @@ -215,6 +216,8 @@ class SqlManagementClient(SDKClient): :vartype server_automatic_tuning: azure.mgmt.sql.operations.ServerAutomaticTuningOperations :ivar server_dns_aliases: ServerDnsAliases operations :vartype server_dns_aliases: azure.mgmt.sql.operations.ServerDnsAliasesOperations + :ivar server_security_alert_policies: ServerSecurityAlertPolicies operations + :vartype server_security_alert_policies: azure.mgmt.sql.operations.ServerSecurityAlertPoliciesOperations :ivar restore_points: RestorePoints operations :vartype restore_points: azure.mgmt.sql.operations.RestorePointsOperations :ivar database_operations: DatabaseOperations operations @@ -351,6 +354,8 @@ def __init__( self._client, self.config, self._serialize, self._deserialize) self.server_dns_aliases = ServerDnsAliasesOperations( self._client, self.config, self._serialize, self._deserialize) + self.server_security_alert_policies = ServerSecurityAlertPoliciesOperations( + self._client, self.config, self._serialize, self._deserialize) self.restore_points = RestorePointsOperations( self._client, self.config, self._serialize, self._deserialize) self.database_operations = DatabaseOperations( From 726beb9d9b33354b81e0388a827b6f609bc81d77 Mon Sep 17 00:00:00 2001 From: Azure SDK for Python bot Date: Sat, 9 Jun 2018 17:58:40 +0000 Subject: [PATCH 2/3] Generated from bd7ff47b3e8549566c77c4ebc7de1e86703ac29e fixed comments --- .../azure/mgmt/sql/models/__init__.py | 21 +- .../models/database_blob_auditing_policy.py | 62 ++++- .../database_blob_auditing_policy_py3.py | 62 ++++- .../models/database_security_alert_policy.py | 2 +- .../database_security_alert_policy_py3.py | 2 +- .../extended_database_blob_auditing_policy.py | 146 ++++++++++++ ...ended_database_blob_auditing_policy_py3.py | 146 ++++++++++++ .../extended_server_blob_auditing_policy.py | 146 ++++++++++++ ...xtended_server_blob_auditing_policy_py3.py | 146 ++++++++++++ .../sql/models/server_blob_auditing_policy.py | 141 ++++++++++++ .../models/server_blob_auditing_policy_py3.py | 141 ++++++++++++ .../models/server_security_alert_policy.py | 4 +- .../server_security_alert_policy_py3.py | 4 +- .../sql/models/sql_management_client_enums.py | 19 +- .../azure/mgmt/sql/operations/__init__.py | 10 +- ...abase_blob_auditing_policies_operations.py | 10 +- ...abase_blob_auditing_policies_operations.py | 187 +++++++++++++++ ...erver_blob_auditing_policies_operations.py | 213 ++++++++++++++++++ ...erver_blob_auditing_policies_operations.py | 211 +++++++++++++++++ .../azure/mgmt/sql/sql_management_client.py | 25 +- 20 files changed, 1664 insertions(+), 34 deletions(-) create mode 100644 azure-mgmt-sql/azure/mgmt/sql/models/extended_database_blob_auditing_policy.py create mode 100644 azure-mgmt-sql/azure/mgmt/sql/models/extended_database_blob_auditing_policy_py3.py create mode 100644 azure-mgmt-sql/azure/mgmt/sql/models/extended_server_blob_auditing_policy.py create mode 100644 azure-mgmt-sql/azure/mgmt/sql/models/extended_server_blob_auditing_policy_py3.py create mode 100644 azure-mgmt-sql/azure/mgmt/sql/models/server_blob_auditing_policy.py create mode 100644 azure-mgmt-sql/azure/mgmt/sql/models/server_blob_auditing_policy_py3.py create mode 100644 azure-mgmt-sql/azure/mgmt/sql/operations/extended_database_blob_auditing_policies_operations.py create mode 100644 azure-mgmt-sql/azure/mgmt/sql/operations/extended_server_blob_auditing_policies_operations.py create mode 100644 azure-mgmt-sql/azure/mgmt/sql/operations/server_blob_auditing_policies_operations.py diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/__init__.py b/azure-mgmt-sql/azure/mgmt/sql/models/__init__.py index 1044ab8f0b3b..c2ac545ef063 100644 --- a/azure-mgmt-sql/azure/mgmt/sql/models/__init__.py +++ b/azure-mgmt-sql/azure/mgmt/sql/models/__init__.py @@ -48,7 +48,6 @@ from .transparent_data_encryption_activity_py3 import TransparentDataEncryptionActivity from .server_usage_py3 import ServerUsage from .database_usage_py3 import DatabaseUsage - from .database_blob_auditing_policy_py3 import DatabaseBlobAuditingPolicy from .automatic_tuning_options_py3 import AutomaticTuningOptions from .database_automatic_tuning_py3 import DatabaseAutomaticTuning from .encryption_protector_py3 import EncryptionProtector @@ -81,6 +80,10 @@ from .sync_member_py3 import SyncMember from .subscription_usage_py3 import SubscriptionUsage from .virtual_network_rule_py3 import VirtualNetworkRule + from .extended_database_blob_auditing_policy_py3 import ExtendedDatabaseBlobAuditingPolicy + from .extended_server_blob_auditing_policy_py3 import ExtendedServerBlobAuditingPolicy + from .server_blob_auditing_policy_py3 import ServerBlobAuditingPolicy + from .database_blob_auditing_policy_py3 import DatabaseBlobAuditingPolicy from .database_vulnerability_assessment_rule_baseline_item_py3 import DatabaseVulnerabilityAssessmentRuleBaselineItem from .database_vulnerability_assessment_rule_baseline_py3 import DatabaseVulnerabilityAssessmentRuleBaseline from .vulnerability_assessment_recurring_scans_properties_py3 import VulnerabilityAssessmentRecurringScansProperties @@ -184,7 +187,6 @@ from .transparent_data_encryption_activity import TransparentDataEncryptionActivity from .server_usage import ServerUsage from .database_usage import DatabaseUsage - from .database_blob_auditing_policy import DatabaseBlobAuditingPolicy from .automatic_tuning_options import AutomaticTuningOptions from .database_automatic_tuning import DatabaseAutomaticTuning from .encryption_protector import EncryptionProtector @@ -217,6 +219,10 @@ from .sync_member import SyncMember from .subscription_usage import SubscriptionUsage from .virtual_network_rule import VirtualNetworkRule + from .extended_database_blob_auditing_policy import ExtendedDatabaseBlobAuditingPolicy + from .extended_server_blob_auditing_policy import ExtendedServerBlobAuditingPolicy + from .server_blob_auditing_policy import ServerBlobAuditingPolicy + from .database_blob_auditing_policy import DatabaseBlobAuditingPolicy from .database_vulnerability_assessment_rule_baseline_item import DatabaseVulnerabilityAssessmentRuleBaselineItem from .database_vulnerability_assessment_rule_baseline import DatabaseVulnerabilityAssessmentRuleBaseline from .vulnerability_assessment_recurring_scans_properties import VulnerabilityAssessmentRecurringScansProperties @@ -357,7 +363,6 @@ RecommendedIndexType, TransparentDataEncryptionStatus, TransparentDataEncryptionActivityStatus, - BlobAuditingPolicyState, AutomaticTuningMode, AutomaticTuningOptionModeDesired, AutomaticTuningOptionModeActual, @@ -376,6 +381,7 @@ SyncDirection, SyncMemberState, VirtualNetworkRuleState, + BlobAuditingPolicyState, JobAgentState, JobExecutionLifecycle, ProvisioningState, @@ -390,6 +396,7 @@ ManagedDatabaseCreateMode, AutomaticTuningServerMode, AutomaticTuningServerReason, + SecurityAlertState, RestorePointType, ManagementOperationState, MaxSizeUnit, @@ -450,7 +457,6 @@ 'TransparentDataEncryptionActivity', 'ServerUsage', 'DatabaseUsage', - 'DatabaseBlobAuditingPolicy', 'AutomaticTuningOptions', 'DatabaseAutomaticTuning', 'EncryptionProtector', @@ -483,6 +489,10 @@ 'SyncMember', 'SubscriptionUsage', 'VirtualNetworkRule', + 'ExtendedDatabaseBlobAuditingPolicy', + 'ExtendedServerBlobAuditingPolicy', + 'ServerBlobAuditingPolicy', + 'DatabaseBlobAuditingPolicy', 'DatabaseVulnerabilityAssessmentRuleBaselineItem', 'DatabaseVulnerabilityAssessmentRuleBaseline', 'VulnerabilityAssessmentRecurringScansProperties', @@ -622,7 +632,6 @@ 'RecommendedIndexType', 'TransparentDataEncryptionStatus', 'TransparentDataEncryptionActivityStatus', - 'BlobAuditingPolicyState', 'AutomaticTuningMode', 'AutomaticTuningOptionModeDesired', 'AutomaticTuningOptionModeActual', @@ -641,6 +650,7 @@ 'SyncDirection', 'SyncMemberState', 'VirtualNetworkRuleState', + 'BlobAuditingPolicyState', 'JobAgentState', 'JobExecutionLifecycle', 'ProvisioningState', @@ -655,6 +665,7 @@ 'ManagedDatabaseCreateMode', 'AutomaticTuningServerMode', 'AutomaticTuningServerReason', + 'SecurityAlertState', 'RestorePointType', 'ManagementOperationState', 'MaxSizeUnit', diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/database_blob_auditing_policy.py b/azure-mgmt-sql/azure/mgmt/sql/models/database_blob_auditing_policy.py index 407713325e7d..963b7674ac16 100644 --- a/azure-mgmt-sql/azure/mgmt/sql/models/database_blob_auditing_policy.py +++ b/azure-mgmt-sql/azure/mgmt/sql/models/database_blob_auditing_policy.py @@ -43,14 +43,72 @@ class DatabaseBlobAuditingPolicy(ProxyResource): :param retention_days: Specifies the number of days to keep in the audit logs. :type retention_days: int - :param audit_actions_and_groups: Specifies the Actions and Actions-Groups + :param audit_actions_and_groups: Specifies the Actions-Groups and Actions to audit. + The recommended set of action groups to use is the following combination - + this will audit all the queries and stored procedures executed against the + database, as well as successful and failed logins: + BATCH_COMPLETED_GROUP, + SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP, + FAILED_DATABASE_AUTHENTICATION_GROUP. + This above combination is also the set that is configured by default when + enabling auditing from the Azure portal. + The supported action groups to audit are (note: choose only specific + groups that cover your auditing needs. Using unnecessary groups could lead + to very large quantities of audit records): + APPLICATION_ROLE_CHANGE_PASSWORD_GROUP + BACKUP_RESTORE_GROUP + DATABASE_LOGOUT_GROUP + DATABASE_OBJECT_CHANGE_GROUP + DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP + DATABASE_OBJECT_PERMISSION_CHANGE_GROUP + DATABASE_OPERATION_GROUP + DATABASE_PERMISSION_CHANGE_GROUP + DATABASE_PRINCIPAL_CHANGE_GROUP + DATABASE_PRINCIPAL_IMPERSONATION_GROUP + DATABASE_ROLE_MEMBER_CHANGE_GROUP + FAILED_DATABASE_AUTHENTICATION_GROUP + SCHEMA_OBJECT_ACCESS_GROUP + SCHEMA_OBJECT_CHANGE_GROUP + SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP + SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP + SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP + USER_CHANGE_PASSWORD_GROUP + BATCH_STARTED_GROUP + BATCH_COMPLETED_GROUP + These are groups that cover all sql statements and stored procedures + executed against the database, and should not be used in combination with + other groups as this will result in duplicate audit logs. + For more information, see [Database-Level Audit Action + Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups). + For Database auditing policy, specific Actions can also be specified (note + that Actions cannot be specified for Server auditing policy). The + supported actions to audit are: + SELECT + UPDATE + INSERT + DELETE + EXECUTE + RECEIVE + REFERENCES + The general form for defining an action to be audited is: + ON BY + Note that in the above format can refer to an object like a + table, view, or stored procedure, or an entire database or schema. For the + latter cases, the forms DATABASE:: and SCHEMA:: are + used, respectively. + For example: + SELECT on dbo.myTable by public + SELECT on DATABASE::myDatabase by public + SELECT on SCHEMA::mySchema by public + For more information, see [Database-Level Audit + Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions) :type audit_actions_and_groups: list[str] :param storage_account_subscription_id: Specifies the blob storage subscription Id. :type storage_account_subscription_id: str :param is_storage_secondary_key_in_use: Specifies whether - storageAccountAccessKey value is the storage’s secondary key. + storageAccountAccessKey value is the storage's secondary key. :type is_storage_secondary_key_in_use: bool """ diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/database_blob_auditing_policy_py3.py b/azure-mgmt-sql/azure/mgmt/sql/models/database_blob_auditing_policy_py3.py index bfc95370f0fc..1c58ec560a03 100644 --- a/azure-mgmt-sql/azure/mgmt/sql/models/database_blob_auditing_policy_py3.py +++ b/azure-mgmt-sql/azure/mgmt/sql/models/database_blob_auditing_policy_py3.py @@ -43,14 +43,72 @@ class DatabaseBlobAuditingPolicy(ProxyResource): :param retention_days: Specifies the number of days to keep in the audit logs. :type retention_days: int - :param audit_actions_and_groups: Specifies the Actions and Actions-Groups + :param audit_actions_and_groups: Specifies the Actions-Groups and Actions to audit. + The recommended set of action groups to use is the following combination - + this will audit all the queries and stored procedures executed against the + database, as well as successful and failed logins: + BATCH_COMPLETED_GROUP, + SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP, + FAILED_DATABASE_AUTHENTICATION_GROUP. + This above combination is also the set that is configured by default when + enabling auditing from the Azure portal. + The supported action groups to audit are (note: choose only specific + groups that cover your auditing needs. Using unnecessary groups could lead + to very large quantities of audit records): + APPLICATION_ROLE_CHANGE_PASSWORD_GROUP + BACKUP_RESTORE_GROUP + DATABASE_LOGOUT_GROUP + DATABASE_OBJECT_CHANGE_GROUP + DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP + DATABASE_OBJECT_PERMISSION_CHANGE_GROUP + DATABASE_OPERATION_GROUP + DATABASE_PERMISSION_CHANGE_GROUP + DATABASE_PRINCIPAL_CHANGE_GROUP + DATABASE_PRINCIPAL_IMPERSONATION_GROUP + DATABASE_ROLE_MEMBER_CHANGE_GROUP + FAILED_DATABASE_AUTHENTICATION_GROUP + SCHEMA_OBJECT_ACCESS_GROUP + SCHEMA_OBJECT_CHANGE_GROUP + SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP + SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP + SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP + USER_CHANGE_PASSWORD_GROUP + BATCH_STARTED_GROUP + BATCH_COMPLETED_GROUP + These are groups that cover all sql statements and stored procedures + executed against the database, and should not be used in combination with + other groups as this will result in duplicate audit logs. + For more information, see [Database-Level Audit Action + Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups). + For Database auditing policy, specific Actions can also be specified (note + that Actions cannot be specified for Server auditing policy). The + supported actions to audit are: + SELECT + UPDATE + INSERT + DELETE + EXECUTE + RECEIVE + REFERENCES + The general form for defining an action to be audited is: + ON BY + Note that in the above format can refer to an object like a + table, view, or stored procedure, or an entire database or schema. For the + latter cases, the forms DATABASE:: and SCHEMA:: are + used, respectively. + For example: + SELECT on dbo.myTable by public + SELECT on DATABASE::myDatabase by public + SELECT on SCHEMA::mySchema by public + For more information, see [Database-Level Audit + Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions) :type audit_actions_and_groups: list[str] :param storage_account_subscription_id: Specifies the blob storage subscription Id. :type storage_account_subscription_id: str :param is_storage_secondary_key_in_use: Specifies whether - storageAccountAccessKey value is the storage’s secondary key. + storageAccountAccessKey value is the storage's secondary key. :type is_storage_secondary_key_in_use: bool """ diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/database_security_alert_policy.py b/azure-mgmt-sql/azure/mgmt/sql/models/database_security_alert_policy.py index 1abac4742b20..ce511c006b99 100644 --- a/azure-mgmt-sql/azure/mgmt/sql/models/database_security_alert_policy.py +++ b/azure-mgmt-sql/azure/mgmt/sql/models/database_security_alert_policy.py @@ -32,7 +32,7 @@ class DatabaseSecurityAlertPolicy(ProxyResource): :vartype kind: str :param state: Required. Specifies the state of the policy. If state is Enabled, storageEndpoint and storageAccountAccessKey are required. - Possible values include: 'Enabled', 'Disabled' + Possible values include: 'New', 'Enabled', 'Disabled' :type state: str or ~azure.mgmt.sql.models.SecurityAlertPolicyState :param disabled_alerts: Specifies the semicolon-separated list of alerts that are disabled, or empty string to disable no alerts. Possible values: diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/database_security_alert_policy_py3.py b/azure-mgmt-sql/azure/mgmt/sql/models/database_security_alert_policy_py3.py index e9c04c89f5ba..8967d6a6e0f1 100644 --- a/azure-mgmt-sql/azure/mgmt/sql/models/database_security_alert_policy_py3.py +++ b/azure-mgmt-sql/azure/mgmt/sql/models/database_security_alert_policy_py3.py @@ -32,7 +32,7 @@ class DatabaseSecurityAlertPolicy(ProxyResource): :vartype kind: str :param state: Required. Specifies the state of the policy. If state is Enabled, storageEndpoint and storageAccountAccessKey are required. - Possible values include: 'Enabled', 'Disabled' + Possible values include: 'New', 'Enabled', 'Disabled' :type state: str or ~azure.mgmt.sql.models.SecurityAlertPolicyState :param disabled_alerts: Specifies the semicolon-separated list of alerts that are disabled, or empty string to disable no alerts. Possible values: diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/extended_database_blob_auditing_policy.py b/azure-mgmt-sql/azure/mgmt/sql/models/extended_database_blob_auditing_policy.py new file mode 100644 index 000000000000..cdfb75e47f2a --- /dev/null +++ b/azure-mgmt-sql/azure/mgmt/sql/models/extended_database_blob_auditing_policy.py @@ -0,0 +1,146 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from .proxy_resource import ProxyResource + + +class ExtendedDatabaseBlobAuditingPolicy(ProxyResource): + """An extended database blob auditing policy. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Resource ID. + :vartype id: str + :ivar name: Resource name. + :vartype name: str + :ivar type: Resource type. + :vartype type: str + :param predicate_expression: Specifies condition of where clause when + creating an audit. + :type predicate_expression: str + :param state: Required. Specifies the state of the policy. If state is + Enabled, storageEndpoint and storageAccountAccessKey are required. + Possible values include: 'Enabled', 'Disabled' + :type state: str or ~azure.mgmt.sql.models.BlobAuditingPolicyState + :param storage_endpoint: Specifies the blob storage endpoint (e.g. + https://MyAccount.blob.core.windows.net). If state is Enabled, + storageEndpoint is required. + :type storage_endpoint: str + :param storage_account_access_key: Specifies the identifier key of the + auditing storage account. If state is Enabled, storageAccountAccessKey is + required. + :type storage_account_access_key: str + :param retention_days: Specifies the number of days to keep in the audit + logs. + :type retention_days: int + :param audit_actions_and_groups: Specifies the Actions-Groups and Actions + to audit. + The recommended set of action groups to use is the following combination - + this will audit all the queries and stored procedures executed against the + database, as well as successful and failed logins: + BATCH_COMPLETED_GROUP, + SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP, + FAILED_DATABASE_AUTHENTICATION_GROUP. + This above combination is also the set that is configured by default when + enabling auditing from the Azure portal. + The supported action groups to audit are (note: choose only specific + groups that cover your auditing needs. Using unnecessary groups could lead + to very large quantities of audit records): + APPLICATION_ROLE_CHANGE_PASSWORD_GROUP + BACKUP_RESTORE_GROUP + DATABASE_LOGOUT_GROUP + DATABASE_OBJECT_CHANGE_GROUP + DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP + DATABASE_OBJECT_PERMISSION_CHANGE_GROUP + DATABASE_OPERATION_GROUP + DATABASE_PERMISSION_CHANGE_GROUP + DATABASE_PRINCIPAL_CHANGE_GROUP + DATABASE_PRINCIPAL_IMPERSONATION_GROUP + DATABASE_ROLE_MEMBER_CHANGE_GROUP + FAILED_DATABASE_AUTHENTICATION_GROUP + SCHEMA_OBJECT_ACCESS_GROUP + SCHEMA_OBJECT_CHANGE_GROUP + SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP + SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP + SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP + USER_CHANGE_PASSWORD_GROUP + BATCH_STARTED_GROUP + BATCH_COMPLETED_GROUP + These are groups that cover all sql statements and stored procedures + executed against the database, and should not be used in combination with + other groups as this will result in duplicate audit logs. + For more information, see [Database-Level Audit Action + Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups). + For Database auditing policy, specific Actions can also be specified (note + that Actions cannot be specified for Server auditing policy). The + supported actions to audit are: + SELECT + UPDATE + INSERT + DELETE + EXECUTE + RECEIVE + REFERENCES + The general form for defining an action to be audited is: + ON BY + Note that in the above format can refer to an object like a + table, view, or stored procedure, or an entire database or schema. For the + latter cases, the forms DATABASE:: and SCHEMA:: are + used, respectively. + For example: + SELECT on dbo.myTable by public + SELECT on DATABASE::myDatabase by public + SELECT on SCHEMA::mySchema by public + For more information, see [Database-Level Audit + Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions) + :type audit_actions_and_groups: list[str] + :param storage_account_subscription_id: Specifies the blob storage + subscription Id. + :type storage_account_subscription_id: str + :param is_storage_secondary_key_in_use: Specifies whether + storageAccountAccessKey value is the storage's secondary key. + :type is_storage_secondary_key_in_use: bool + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'state': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'predicate_expression': {'key': 'properties.predicateExpression', 'type': 'str'}, + 'state': {'key': 'properties.state', 'type': 'BlobAuditingPolicyState'}, + 'storage_endpoint': {'key': 'properties.storageEndpoint', 'type': 'str'}, + 'storage_account_access_key': {'key': 'properties.storageAccountAccessKey', 'type': 'str'}, + 'retention_days': {'key': 'properties.retentionDays', 'type': 'int'}, + 'audit_actions_and_groups': {'key': 'properties.auditActionsAndGroups', 'type': '[str]'}, + 'storage_account_subscription_id': {'key': 'properties.storageAccountSubscriptionId', 'type': 'str'}, + 'is_storage_secondary_key_in_use': {'key': 'properties.isStorageSecondaryKeyInUse', 'type': 'bool'}, + } + + def __init__(self, **kwargs): + super(ExtendedDatabaseBlobAuditingPolicy, self).__init__(**kwargs) + self.predicate_expression = kwargs.get('predicate_expression', None) + self.state = kwargs.get('state', None) + self.storage_endpoint = kwargs.get('storage_endpoint', None) + self.storage_account_access_key = kwargs.get('storage_account_access_key', None) + self.retention_days = kwargs.get('retention_days', None) + self.audit_actions_and_groups = kwargs.get('audit_actions_and_groups', None) + self.storage_account_subscription_id = kwargs.get('storage_account_subscription_id', None) + self.is_storage_secondary_key_in_use = kwargs.get('is_storage_secondary_key_in_use', None) diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/extended_database_blob_auditing_policy_py3.py b/azure-mgmt-sql/azure/mgmt/sql/models/extended_database_blob_auditing_policy_py3.py new file mode 100644 index 000000000000..ee5ce27523e1 --- /dev/null +++ b/azure-mgmt-sql/azure/mgmt/sql/models/extended_database_blob_auditing_policy_py3.py @@ -0,0 +1,146 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from .proxy_resource_py3 import ProxyResource + + +class ExtendedDatabaseBlobAuditingPolicy(ProxyResource): + """An extended database blob auditing policy. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Resource ID. + :vartype id: str + :ivar name: Resource name. + :vartype name: str + :ivar type: Resource type. + :vartype type: str + :param predicate_expression: Specifies condition of where clause when + creating an audit. + :type predicate_expression: str + :param state: Required. Specifies the state of the policy. If state is + Enabled, storageEndpoint and storageAccountAccessKey are required. + Possible values include: 'Enabled', 'Disabled' + :type state: str or ~azure.mgmt.sql.models.BlobAuditingPolicyState + :param storage_endpoint: Specifies the blob storage endpoint (e.g. + https://MyAccount.blob.core.windows.net). If state is Enabled, + storageEndpoint is required. + :type storage_endpoint: str + :param storage_account_access_key: Specifies the identifier key of the + auditing storage account. If state is Enabled, storageAccountAccessKey is + required. + :type storage_account_access_key: str + :param retention_days: Specifies the number of days to keep in the audit + logs. + :type retention_days: int + :param audit_actions_and_groups: Specifies the Actions-Groups and Actions + to audit. + The recommended set of action groups to use is the following combination - + this will audit all the queries and stored procedures executed against the + database, as well as successful and failed logins: + BATCH_COMPLETED_GROUP, + SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP, + FAILED_DATABASE_AUTHENTICATION_GROUP. + This above combination is also the set that is configured by default when + enabling auditing from the Azure portal. + The supported action groups to audit are (note: choose only specific + groups that cover your auditing needs. Using unnecessary groups could lead + to very large quantities of audit records): + APPLICATION_ROLE_CHANGE_PASSWORD_GROUP + BACKUP_RESTORE_GROUP + DATABASE_LOGOUT_GROUP + DATABASE_OBJECT_CHANGE_GROUP + DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP + DATABASE_OBJECT_PERMISSION_CHANGE_GROUP + DATABASE_OPERATION_GROUP + DATABASE_PERMISSION_CHANGE_GROUP + DATABASE_PRINCIPAL_CHANGE_GROUP + DATABASE_PRINCIPAL_IMPERSONATION_GROUP + DATABASE_ROLE_MEMBER_CHANGE_GROUP + FAILED_DATABASE_AUTHENTICATION_GROUP + SCHEMA_OBJECT_ACCESS_GROUP + SCHEMA_OBJECT_CHANGE_GROUP + SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP + SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP + SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP + USER_CHANGE_PASSWORD_GROUP + BATCH_STARTED_GROUP + BATCH_COMPLETED_GROUP + These are groups that cover all sql statements and stored procedures + executed against the database, and should not be used in combination with + other groups as this will result in duplicate audit logs. + For more information, see [Database-Level Audit Action + Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups). + For Database auditing policy, specific Actions can also be specified (note + that Actions cannot be specified for Server auditing policy). The + supported actions to audit are: + SELECT + UPDATE + INSERT + DELETE + EXECUTE + RECEIVE + REFERENCES + The general form for defining an action to be audited is: + ON BY + Note that in the above format can refer to an object like a + table, view, or stored procedure, or an entire database or schema. For the + latter cases, the forms DATABASE:: and SCHEMA:: are + used, respectively. + For example: + SELECT on dbo.myTable by public + SELECT on DATABASE::myDatabase by public + SELECT on SCHEMA::mySchema by public + For more information, see [Database-Level Audit + Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions) + :type audit_actions_and_groups: list[str] + :param storage_account_subscription_id: Specifies the blob storage + subscription Id. + :type storage_account_subscription_id: str + :param is_storage_secondary_key_in_use: Specifies whether + storageAccountAccessKey value is the storage's secondary key. + :type is_storage_secondary_key_in_use: bool + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'state': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'predicate_expression': {'key': 'properties.predicateExpression', 'type': 'str'}, + 'state': {'key': 'properties.state', 'type': 'BlobAuditingPolicyState'}, + 'storage_endpoint': {'key': 'properties.storageEndpoint', 'type': 'str'}, + 'storage_account_access_key': {'key': 'properties.storageAccountAccessKey', 'type': 'str'}, + 'retention_days': {'key': 'properties.retentionDays', 'type': 'int'}, + 'audit_actions_and_groups': {'key': 'properties.auditActionsAndGroups', 'type': '[str]'}, + 'storage_account_subscription_id': {'key': 'properties.storageAccountSubscriptionId', 'type': 'str'}, + 'is_storage_secondary_key_in_use': {'key': 'properties.isStorageSecondaryKeyInUse', 'type': 'bool'}, + } + + def __init__(self, *, state, predicate_expression: str=None, storage_endpoint: str=None, storage_account_access_key: str=None, retention_days: int=None, audit_actions_and_groups=None, storage_account_subscription_id: str=None, is_storage_secondary_key_in_use: bool=None, **kwargs) -> None: + super(ExtendedDatabaseBlobAuditingPolicy, self).__init__(**kwargs) + self.predicate_expression = predicate_expression + self.state = state + self.storage_endpoint = storage_endpoint + self.storage_account_access_key = storage_account_access_key + self.retention_days = retention_days + self.audit_actions_and_groups = audit_actions_and_groups + self.storage_account_subscription_id = storage_account_subscription_id + self.is_storage_secondary_key_in_use = is_storage_secondary_key_in_use diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/extended_server_blob_auditing_policy.py b/azure-mgmt-sql/azure/mgmt/sql/models/extended_server_blob_auditing_policy.py new file mode 100644 index 000000000000..a11e18ac68b1 --- /dev/null +++ b/azure-mgmt-sql/azure/mgmt/sql/models/extended_server_blob_auditing_policy.py @@ -0,0 +1,146 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from .proxy_resource import ProxyResource + + +class ExtendedServerBlobAuditingPolicy(ProxyResource): + """An extended server blob auditing policy. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Resource ID. + :vartype id: str + :ivar name: Resource name. + :vartype name: str + :ivar type: Resource type. + :vartype type: str + :param predicate_expression: Specifies condition of where clause when + creating an audit. + :type predicate_expression: str + :param state: Required. Specifies the state of the policy. If state is + Enabled, storageEndpoint and storageAccountAccessKey are required. + Possible values include: 'Enabled', 'Disabled' + :type state: str or ~azure.mgmt.sql.models.BlobAuditingPolicyState + :param storage_endpoint: Specifies the blob storage endpoint (e.g. + https://MyAccount.blob.core.windows.net). If state is Enabled, + storageEndpoint is required. + :type storage_endpoint: str + :param storage_account_access_key: Specifies the identifier key of the + auditing storage account. If state is Enabled, storageAccountAccessKey is + required. + :type storage_account_access_key: str + :param retention_days: Specifies the number of days to keep in the audit + logs. + :type retention_days: int + :param audit_actions_and_groups: Specifies the Actions-Groups and Actions + to audit. + The recommended set of action groups to use is the following combination - + this will audit all the queries and stored procedures executed against the + database, as well as successful and failed logins: + BATCH_COMPLETED_GROUP, + SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP, + FAILED_DATABASE_AUTHENTICATION_GROUP. + This above combination is also the set that is configured by default when + enabling auditing from the Azure portal. + The supported action groups to audit are (note: choose only specific + groups that cover your auditing needs. Using unnecessary groups could lead + to very large quantities of audit records): + APPLICATION_ROLE_CHANGE_PASSWORD_GROUP + BACKUP_RESTORE_GROUP + DATABASE_LOGOUT_GROUP + DATABASE_OBJECT_CHANGE_GROUP + DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP + DATABASE_OBJECT_PERMISSION_CHANGE_GROUP + DATABASE_OPERATION_GROUP + DATABASE_PERMISSION_CHANGE_GROUP + DATABASE_PRINCIPAL_CHANGE_GROUP + DATABASE_PRINCIPAL_IMPERSONATION_GROUP + DATABASE_ROLE_MEMBER_CHANGE_GROUP + FAILED_DATABASE_AUTHENTICATION_GROUP + SCHEMA_OBJECT_ACCESS_GROUP + SCHEMA_OBJECT_CHANGE_GROUP + SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP + SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP + SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP + USER_CHANGE_PASSWORD_GROUP + BATCH_STARTED_GROUP + BATCH_COMPLETED_GROUP + These are groups that cover all sql statements and stored procedures + executed against the database, and should not be used in combination with + other groups as this will result in duplicate audit logs. + For more information, see [Database-Level Audit Action + Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups). + For Database auditing policy, specific Actions can also be specified (note + that Actions cannot be specified for Server auditing policy). The + supported actions to audit are: + SELECT + UPDATE + INSERT + DELETE + EXECUTE + RECEIVE + REFERENCES + The general form for defining an action to be audited is: + ON BY + Note that in the above format can refer to an object like a + table, view, or stored procedure, or an entire database or schema. For the + latter cases, the forms DATABASE:: and SCHEMA:: are + used, respectively. + For example: + SELECT on dbo.myTable by public + SELECT on DATABASE::myDatabase by public + SELECT on SCHEMA::mySchema by public + For more information, see [Database-Level Audit + Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions) + :type audit_actions_and_groups: list[str] + :param storage_account_subscription_id: Specifies the blob storage + subscription Id. + :type storage_account_subscription_id: str + :param is_storage_secondary_key_in_use: Specifies whether + storageAccountAccessKey value is the storage's secondary key. + :type is_storage_secondary_key_in_use: bool + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'state': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'predicate_expression': {'key': 'properties.predicateExpression', 'type': 'str'}, + 'state': {'key': 'properties.state', 'type': 'BlobAuditingPolicyState'}, + 'storage_endpoint': {'key': 'properties.storageEndpoint', 'type': 'str'}, + 'storage_account_access_key': {'key': 'properties.storageAccountAccessKey', 'type': 'str'}, + 'retention_days': {'key': 'properties.retentionDays', 'type': 'int'}, + 'audit_actions_and_groups': {'key': 'properties.auditActionsAndGroups', 'type': '[str]'}, + 'storage_account_subscription_id': {'key': 'properties.storageAccountSubscriptionId', 'type': 'str'}, + 'is_storage_secondary_key_in_use': {'key': 'properties.isStorageSecondaryKeyInUse', 'type': 'bool'}, + } + + def __init__(self, **kwargs): + super(ExtendedServerBlobAuditingPolicy, self).__init__(**kwargs) + self.predicate_expression = kwargs.get('predicate_expression', None) + self.state = kwargs.get('state', None) + self.storage_endpoint = kwargs.get('storage_endpoint', None) + self.storage_account_access_key = kwargs.get('storage_account_access_key', None) + self.retention_days = kwargs.get('retention_days', None) + self.audit_actions_and_groups = kwargs.get('audit_actions_and_groups', None) + self.storage_account_subscription_id = kwargs.get('storage_account_subscription_id', None) + self.is_storage_secondary_key_in_use = kwargs.get('is_storage_secondary_key_in_use', None) diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/extended_server_blob_auditing_policy_py3.py b/azure-mgmt-sql/azure/mgmt/sql/models/extended_server_blob_auditing_policy_py3.py new file mode 100644 index 000000000000..ac522801a8dd --- /dev/null +++ b/azure-mgmt-sql/azure/mgmt/sql/models/extended_server_blob_auditing_policy_py3.py @@ -0,0 +1,146 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from .proxy_resource_py3 import ProxyResource + + +class ExtendedServerBlobAuditingPolicy(ProxyResource): + """An extended server blob auditing policy. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Resource ID. + :vartype id: str + :ivar name: Resource name. + :vartype name: str + :ivar type: Resource type. + :vartype type: str + :param predicate_expression: Specifies condition of where clause when + creating an audit. + :type predicate_expression: str + :param state: Required. Specifies the state of the policy. If state is + Enabled, storageEndpoint and storageAccountAccessKey are required. + Possible values include: 'Enabled', 'Disabled' + :type state: str or ~azure.mgmt.sql.models.BlobAuditingPolicyState + :param storage_endpoint: Specifies the blob storage endpoint (e.g. + https://MyAccount.blob.core.windows.net). If state is Enabled, + storageEndpoint is required. + :type storage_endpoint: str + :param storage_account_access_key: Specifies the identifier key of the + auditing storage account. If state is Enabled, storageAccountAccessKey is + required. + :type storage_account_access_key: str + :param retention_days: Specifies the number of days to keep in the audit + logs. + :type retention_days: int + :param audit_actions_and_groups: Specifies the Actions-Groups and Actions + to audit. + The recommended set of action groups to use is the following combination - + this will audit all the queries and stored procedures executed against the + database, as well as successful and failed logins: + BATCH_COMPLETED_GROUP, + SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP, + FAILED_DATABASE_AUTHENTICATION_GROUP. + This above combination is also the set that is configured by default when + enabling auditing from the Azure portal. + The supported action groups to audit are (note: choose only specific + groups that cover your auditing needs. Using unnecessary groups could lead + to very large quantities of audit records): + APPLICATION_ROLE_CHANGE_PASSWORD_GROUP + BACKUP_RESTORE_GROUP + DATABASE_LOGOUT_GROUP + DATABASE_OBJECT_CHANGE_GROUP + DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP + DATABASE_OBJECT_PERMISSION_CHANGE_GROUP + DATABASE_OPERATION_GROUP + DATABASE_PERMISSION_CHANGE_GROUP + DATABASE_PRINCIPAL_CHANGE_GROUP + DATABASE_PRINCIPAL_IMPERSONATION_GROUP + DATABASE_ROLE_MEMBER_CHANGE_GROUP + FAILED_DATABASE_AUTHENTICATION_GROUP + SCHEMA_OBJECT_ACCESS_GROUP + SCHEMA_OBJECT_CHANGE_GROUP + SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP + SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP + SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP + USER_CHANGE_PASSWORD_GROUP + BATCH_STARTED_GROUP + BATCH_COMPLETED_GROUP + These are groups that cover all sql statements and stored procedures + executed against the database, and should not be used in combination with + other groups as this will result in duplicate audit logs. + For more information, see [Database-Level Audit Action + Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups). + For Database auditing policy, specific Actions can also be specified (note + that Actions cannot be specified for Server auditing policy). The + supported actions to audit are: + SELECT + UPDATE + INSERT + DELETE + EXECUTE + RECEIVE + REFERENCES + The general form for defining an action to be audited is: + ON BY + Note that in the above format can refer to an object like a + table, view, or stored procedure, or an entire database or schema. For the + latter cases, the forms DATABASE:: and SCHEMA:: are + used, respectively. + For example: + SELECT on dbo.myTable by public + SELECT on DATABASE::myDatabase by public + SELECT on SCHEMA::mySchema by public + For more information, see [Database-Level Audit + Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions) + :type audit_actions_and_groups: list[str] + :param storage_account_subscription_id: Specifies the blob storage + subscription Id. + :type storage_account_subscription_id: str + :param is_storage_secondary_key_in_use: Specifies whether + storageAccountAccessKey value is the storage's secondary key. + :type is_storage_secondary_key_in_use: bool + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'state': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'predicate_expression': {'key': 'properties.predicateExpression', 'type': 'str'}, + 'state': {'key': 'properties.state', 'type': 'BlobAuditingPolicyState'}, + 'storage_endpoint': {'key': 'properties.storageEndpoint', 'type': 'str'}, + 'storage_account_access_key': {'key': 'properties.storageAccountAccessKey', 'type': 'str'}, + 'retention_days': {'key': 'properties.retentionDays', 'type': 'int'}, + 'audit_actions_and_groups': {'key': 'properties.auditActionsAndGroups', 'type': '[str]'}, + 'storage_account_subscription_id': {'key': 'properties.storageAccountSubscriptionId', 'type': 'str'}, + 'is_storage_secondary_key_in_use': {'key': 'properties.isStorageSecondaryKeyInUse', 'type': 'bool'}, + } + + def __init__(self, *, state, predicate_expression: str=None, storage_endpoint: str=None, storage_account_access_key: str=None, retention_days: int=None, audit_actions_and_groups=None, storage_account_subscription_id: str=None, is_storage_secondary_key_in_use: bool=None, **kwargs) -> None: + super(ExtendedServerBlobAuditingPolicy, self).__init__(**kwargs) + self.predicate_expression = predicate_expression + self.state = state + self.storage_endpoint = storage_endpoint + self.storage_account_access_key = storage_account_access_key + self.retention_days = retention_days + self.audit_actions_and_groups = audit_actions_and_groups + self.storage_account_subscription_id = storage_account_subscription_id + self.is_storage_secondary_key_in_use = is_storage_secondary_key_in_use diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/server_blob_auditing_policy.py b/azure-mgmt-sql/azure/mgmt/sql/models/server_blob_auditing_policy.py new file mode 100644 index 000000000000..0232582a4237 --- /dev/null +++ b/azure-mgmt-sql/azure/mgmt/sql/models/server_blob_auditing_policy.py @@ -0,0 +1,141 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from .proxy_resource import ProxyResource + + +class ServerBlobAuditingPolicy(ProxyResource): + """A server blob auditing policy. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Resource ID. + :vartype id: str + :ivar name: Resource name. + :vartype name: str + :ivar type: Resource type. + :vartype type: str + :param state: Required. Specifies the state of the policy. If state is + Enabled, storageEndpoint and storageAccountAccessKey are required. + Possible values include: 'Enabled', 'Disabled' + :type state: str or ~azure.mgmt.sql.models.BlobAuditingPolicyState + :param storage_endpoint: Specifies the blob storage endpoint (e.g. + https://MyAccount.blob.core.windows.net). If state is Enabled, + storageEndpoint is required. + :type storage_endpoint: str + :param storage_account_access_key: Specifies the identifier key of the + auditing storage account. If state is Enabled, storageAccountAccessKey is + required. + :type storage_account_access_key: str + :param retention_days: Specifies the number of days to keep in the audit + logs. + :type retention_days: int + :param audit_actions_and_groups: Specifies the Actions-Groups and Actions + to audit. + The recommended set of action groups to use is the following combination - + this will audit all the queries and stored procedures executed against the + database, as well as successful and failed logins: + BATCH_COMPLETED_GROUP, + SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP, + FAILED_DATABASE_AUTHENTICATION_GROUP. + This above combination is also the set that is configured by default when + enabling auditing from the Azure portal. + The supported action groups to audit are (note: choose only specific + groups that cover your auditing needs. Using unnecessary groups could lead + to very large quantities of audit records): + APPLICATION_ROLE_CHANGE_PASSWORD_GROUP + BACKUP_RESTORE_GROUP + DATABASE_LOGOUT_GROUP + DATABASE_OBJECT_CHANGE_GROUP + DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP + DATABASE_OBJECT_PERMISSION_CHANGE_GROUP + DATABASE_OPERATION_GROUP + DATABASE_PERMISSION_CHANGE_GROUP + DATABASE_PRINCIPAL_CHANGE_GROUP + DATABASE_PRINCIPAL_IMPERSONATION_GROUP + DATABASE_ROLE_MEMBER_CHANGE_GROUP + FAILED_DATABASE_AUTHENTICATION_GROUP + SCHEMA_OBJECT_ACCESS_GROUP + SCHEMA_OBJECT_CHANGE_GROUP + SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP + SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP + SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP + USER_CHANGE_PASSWORD_GROUP + BATCH_STARTED_GROUP + BATCH_COMPLETED_GROUP + These are groups that cover all sql statements and stored procedures + executed against the database, and should not be used in combination with + other groups as this will result in duplicate audit logs. + For more information, see [Database-Level Audit Action + Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups). + For Database auditing policy, specific Actions can also be specified (note + that Actions cannot be specified for Server auditing policy). The + supported actions to audit are: + SELECT + UPDATE + INSERT + DELETE + EXECUTE + RECEIVE + REFERENCES + The general form for defining an action to be audited is: + ON BY + Note that in the above format can refer to an object like a + table, view, or stored procedure, or an entire database or schema. For the + latter cases, the forms DATABASE:: and SCHEMA:: are + used, respectively. + For example: + SELECT on dbo.myTable by public + SELECT on DATABASE::myDatabase by public + SELECT on SCHEMA::mySchema by public + For more information, see [Database-Level Audit + Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions) + :type audit_actions_and_groups: list[str] + :param storage_account_subscription_id: Specifies the blob storage + subscription Id. + :type storage_account_subscription_id: str + :param is_storage_secondary_key_in_use: Specifies whether + storageAccountAccessKey value is the storage's secondary key. + :type is_storage_secondary_key_in_use: bool + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'state': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'state': {'key': 'properties.state', 'type': 'BlobAuditingPolicyState'}, + 'storage_endpoint': {'key': 'properties.storageEndpoint', 'type': 'str'}, + 'storage_account_access_key': {'key': 'properties.storageAccountAccessKey', 'type': 'str'}, + 'retention_days': {'key': 'properties.retentionDays', 'type': 'int'}, + 'audit_actions_and_groups': {'key': 'properties.auditActionsAndGroups', 'type': '[str]'}, + 'storage_account_subscription_id': {'key': 'properties.storageAccountSubscriptionId', 'type': 'str'}, + 'is_storage_secondary_key_in_use': {'key': 'properties.isStorageSecondaryKeyInUse', 'type': 'bool'}, + } + + def __init__(self, **kwargs): + super(ServerBlobAuditingPolicy, self).__init__(**kwargs) + self.state = kwargs.get('state', None) + self.storage_endpoint = kwargs.get('storage_endpoint', None) + self.storage_account_access_key = kwargs.get('storage_account_access_key', None) + self.retention_days = kwargs.get('retention_days', None) + self.audit_actions_and_groups = kwargs.get('audit_actions_and_groups', None) + self.storage_account_subscription_id = kwargs.get('storage_account_subscription_id', None) + self.is_storage_secondary_key_in_use = kwargs.get('is_storage_secondary_key_in_use', None) diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/server_blob_auditing_policy_py3.py b/azure-mgmt-sql/azure/mgmt/sql/models/server_blob_auditing_policy_py3.py new file mode 100644 index 000000000000..51dcc8c41d4c --- /dev/null +++ b/azure-mgmt-sql/azure/mgmt/sql/models/server_blob_auditing_policy_py3.py @@ -0,0 +1,141 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +from .proxy_resource_py3 import ProxyResource + + +class ServerBlobAuditingPolicy(ProxyResource): + """A server blob auditing policy. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Resource ID. + :vartype id: str + :ivar name: Resource name. + :vartype name: str + :ivar type: Resource type. + :vartype type: str + :param state: Required. Specifies the state of the policy. If state is + Enabled, storageEndpoint and storageAccountAccessKey are required. + Possible values include: 'Enabled', 'Disabled' + :type state: str or ~azure.mgmt.sql.models.BlobAuditingPolicyState + :param storage_endpoint: Specifies the blob storage endpoint (e.g. + https://MyAccount.blob.core.windows.net). If state is Enabled, + storageEndpoint is required. + :type storage_endpoint: str + :param storage_account_access_key: Specifies the identifier key of the + auditing storage account. If state is Enabled, storageAccountAccessKey is + required. + :type storage_account_access_key: str + :param retention_days: Specifies the number of days to keep in the audit + logs. + :type retention_days: int + :param audit_actions_and_groups: Specifies the Actions-Groups and Actions + to audit. + The recommended set of action groups to use is the following combination - + this will audit all the queries and stored procedures executed against the + database, as well as successful and failed logins: + BATCH_COMPLETED_GROUP, + SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP, + FAILED_DATABASE_AUTHENTICATION_GROUP. + This above combination is also the set that is configured by default when + enabling auditing from the Azure portal. + The supported action groups to audit are (note: choose only specific + groups that cover your auditing needs. Using unnecessary groups could lead + to very large quantities of audit records): + APPLICATION_ROLE_CHANGE_PASSWORD_GROUP + BACKUP_RESTORE_GROUP + DATABASE_LOGOUT_GROUP + DATABASE_OBJECT_CHANGE_GROUP + DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP + DATABASE_OBJECT_PERMISSION_CHANGE_GROUP + DATABASE_OPERATION_GROUP + DATABASE_PERMISSION_CHANGE_GROUP + DATABASE_PRINCIPAL_CHANGE_GROUP + DATABASE_PRINCIPAL_IMPERSONATION_GROUP + DATABASE_ROLE_MEMBER_CHANGE_GROUP + FAILED_DATABASE_AUTHENTICATION_GROUP + SCHEMA_OBJECT_ACCESS_GROUP + SCHEMA_OBJECT_CHANGE_GROUP + SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP + SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP + SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP + USER_CHANGE_PASSWORD_GROUP + BATCH_STARTED_GROUP + BATCH_COMPLETED_GROUP + These are groups that cover all sql statements and stored procedures + executed against the database, and should not be used in combination with + other groups as this will result in duplicate audit logs. + For more information, see [Database-Level Audit Action + Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups). + For Database auditing policy, specific Actions can also be specified (note + that Actions cannot be specified for Server auditing policy). The + supported actions to audit are: + SELECT + UPDATE + INSERT + DELETE + EXECUTE + RECEIVE + REFERENCES + The general form for defining an action to be audited is: + ON BY + Note that in the above format can refer to an object like a + table, view, or stored procedure, or an entire database or schema. For the + latter cases, the forms DATABASE:: and SCHEMA:: are + used, respectively. + For example: + SELECT on dbo.myTable by public + SELECT on DATABASE::myDatabase by public + SELECT on SCHEMA::mySchema by public + For more information, see [Database-Level Audit + Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions) + :type audit_actions_and_groups: list[str] + :param storage_account_subscription_id: Specifies the blob storage + subscription Id. + :type storage_account_subscription_id: str + :param is_storage_secondary_key_in_use: Specifies whether + storageAccountAccessKey value is the storage's secondary key. + :type is_storage_secondary_key_in_use: bool + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'state': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'state': {'key': 'properties.state', 'type': 'BlobAuditingPolicyState'}, + 'storage_endpoint': {'key': 'properties.storageEndpoint', 'type': 'str'}, + 'storage_account_access_key': {'key': 'properties.storageAccountAccessKey', 'type': 'str'}, + 'retention_days': {'key': 'properties.retentionDays', 'type': 'int'}, + 'audit_actions_and_groups': {'key': 'properties.auditActionsAndGroups', 'type': '[str]'}, + 'storage_account_subscription_id': {'key': 'properties.storageAccountSubscriptionId', 'type': 'str'}, + 'is_storage_secondary_key_in_use': {'key': 'properties.isStorageSecondaryKeyInUse', 'type': 'bool'}, + } + + def __init__(self, *, state, storage_endpoint: str=None, storage_account_access_key: str=None, retention_days: int=None, audit_actions_and_groups=None, storage_account_subscription_id: str=None, is_storage_secondary_key_in_use: bool=None, **kwargs) -> None: + super(ServerBlobAuditingPolicy, self).__init__(**kwargs) + self.state = state + self.storage_endpoint = storage_endpoint + self.storage_account_access_key = storage_account_access_key + self.retention_days = retention_days + self.audit_actions_and_groups = audit_actions_and_groups + self.storage_account_subscription_id = storage_account_subscription_id + self.is_storage_secondary_key_in_use = is_storage_secondary_key_in_use diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/server_security_alert_policy.py b/azure-mgmt-sql/azure/mgmt/sql/models/server_security_alert_policy.py index bf05d4d46db1..428a8edb608b 100644 --- a/azure-mgmt-sql/azure/mgmt/sql/models/server_security_alert_policy.py +++ b/azure-mgmt-sql/azure/mgmt/sql/models/server_security_alert_policy.py @@ -28,7 +28,7 @@ class ServerSecurityAlertPolicy(ProxyResource): :vartype type: str :param state: Required. Specifies the state of the policy, whether it is enabled or disabled. Possible values include: 'Enabled', 'Disabled' - :type state: str or ~azure.mgmt.sql.models.SecurityAlertPolicyState + :type state: str or ~azure.mgmt.sql.models.SecurityAlertState :param disabled_alerts: Specifies an array of alerts that are disabled. Allowed values are: Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly @@ -62,7 +62,7 @@ class ServerSecurityAlertPolicy(ProxyResource): 'id': {'key': 'id', 'type': 'str'}, 'name': {'key': 'name', 'type': 'str'}, 'type': {'key': 'type', 'type': 'str'}, - 'state': {'key': 'properties.state', 'type': 'SecurityAlertPolicyState'}, + 'state': {'key': 'properties.state', 'type': 'SecurityAlertState'}, 'disabled_alerts': {'key': 'properties.disabledAlerts', 'type': '[str]'}, 'email_addresses': {'key': 'properties.emailAddresses', 'type': '[str]'}, 'email_account_admins': {'key': 'properties.emailAccountAdmins', 'type': 'bool'}, diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/server_security_alert_policy_py3.py b/azure-mgmt-sql/azure/mgmt/sql/models/server_security_alert_policy_py3.py index 0f5087992948..62457fadcf25 100644 --- a/azure-mgmt-sql/azure/mgmt/sql/models/server_security_alert_policy_py3.py +++ b/azure-mgmt-sql/azure/mgmt/sql/models/server_security_alert_policy_py3.py @@ -28,7 +28,7 @@ class ServerSecurityAlertPolicy(ProxyResource): :vartype type: str :param state: Required. Specifies the state of the policy, whether it is enabled or disabled. Possible values include: 'Enabled', 'Disabled' - :type state: str or ~azure.mgmt.sql.models.SecurityAlertPolicyState + :type state: str or ~azure.mgmt.sql.models.SecurityAlertState :param disabled_alerts: Specifies an array of alerts that are disabled. Allowed values are: Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly @@ -62,7 +62,7 @@ class ServerSecurityAlertPolicy(ProxyResource): 'id': {'key': 'id', 'type': 'str'}, 'name': {'key': 'name', 'type': 'str'}, 'type': {'key': 'type', 'type': 'str'}, - 'state': {'key': 'properties.state', 'type': 'SecurityAlertPolicyState'}, + 'state': {'key': 'properties.state', 'type': 'SecurityAlertState'}, 'disabled_alerts': {'key': 'properties.disabledAlerts', 'type': '[str]'}, 'email_addresses': {'key': 'properties.emailAddresses', 'type': '[str]'}, 'email_account_admins': {'key': 'properties.emailAccountAdmins', 'type': 'bool'}, diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/sql_management_client_enums.py b/azure-mgmt-sql/azure/mgmt/sql/models/sql_management_client_enums.py index 75dee5d83675..a1ebb2af3196 100644 --- a/azure-mgmt-sql/azure/mgmt/sql/models/sql_management_client_enums.py +++ b/azure-mgmt-sql/azure/mgmt/sql/models/sql_management_client_enums.py @@ -27,6 +27,7 @@ class ServerConnectionType(str, Enum): class SecurityAlertPolicyState(str, Enum): + new = "New" enabled = "Enabled" disabled = "Disabled" @@ -263,12 +264,6 @@ class TransparentDataEncryptionActivityStatus(str, Enum): decrypting = "Decrypting" -class BlobAuditingPolicyState(str, Enum): - - enabled = "Enabled" - disabled = "Disabled" - - class AutomaticTuningMode(str, Enum): inherit = "Inherit" @@ -410,6 +405,12 @@ class VirtualNetworkRuleState(str, Enum): unknown = "Unknown" +class BlobAuditingPolicyState(str, Enum): + + enabled = "Enabled" + disabled = "Disabled" + + class JobAgentState(str, Enum): creating = "Creating" @@ -514,6 +515,12 @@ class AutomaticTuningServerReason(str, Enum): auto_configured = "AutoConfigured" +class SecurityAlertState(str, Enum): + + enabled = "Enabled" + disabled = "Disabled" + + class RestorePointType(str, Enum): continuous = "CONTINUOUS" diff --git a/azure-mgmt-sql/azure/mgmt/sql/operations/__init__.py b/azure-mgmt-sql/azure/mgmt/sql/operations/__init__.py index 6a439bd7367f..5512e9c68b84 100644 --- a/azure-mgmt-sql/azure/mgmt/sql/operations/__init__.py +++ b/azure-mgmt-sql/azure/mgmt/sql/operations/__init__.py @@ -32,7 +32,6 @@ from .transparent_data_encryption_activities_operations import TransparentDataEncryptionActivitiesOperations from .server_usages_operations import ServerUsagesOperations from .database_usages_operations import DatabaseUsagesOperations -from .database_blob_auditing_policies_operations import DatabaseBlobAuditingPoliciesOperations from .database_automatic_tuning_operations import DatabaseAutomaticTuningOperations from .encryption_protectors_operations import EncryptionProtectorsOperations from .failover_groups_operations import FailoverGroupsOperations @@ -44,6 +43,10 @@ from .sync_members_operations import SyncMembersOperations from .subscription_usages_operations import SubscriptionUsagesOperations from .virtual_network_rules_operations import VirtualNetworkRulesOperations +from .extended_database_blob_auditing_policies_operations import ExtendedDatabaseBlobAuditingPoliciesOperations +from .extended_server_blob_auditing_policies_operations import ExtendedServerBlobAuditingPoliciesOperations +from .server_blob_auditing_policies_operations import ServerBlobAuditingPoliciesOperations +from .database_blob_auditing_policies_operations import DatabaseBlobAuditingPoliciesOperations from .database_vulnerability_assessment_rule_baselines_operations import DatabaseVulnerabilityAssessmentRuleBaselinesOperations from .database_vulnerability_assessments_operations import DatabaseVulnerabilityAssessmentsOperations from .job_agents_operations import JobAgentsOperations @@ -93,7 +96,6 @@ 'TransparentDataEncryptionActivitiesOperations', 'ServerUsagesOperations', 'DatabaseUsagesOperations', - 'DatabaseBlobAuditingPoliciesOperations', 'DatabaseAutomaticTuningOperations', 'EncryptionProtectorsOperations', 'FailoverGroupsOperations', @@ -105,6 +107,10 @@ 'SyncMembersOperations', 'SubscriptionUsagesOperations', 'VirtualNetworkRulesOperations', + 'ExtendedDatabaseBlobAuditingPoliciesOperations', + 'ExtendedServerBlobAuditingPoliciesOperations', + 'ServerBlobAuditingPoliciesOperations', + 'DatabaseBlobAuditingPoliciesOperations', 'DatabaseVulnerabilityAssessmentRuleBaselinesOperations', 'DatabaseVulnerabilityAssessmentsOperations', 'JobAgentsOperations', diff --git a/azure-mgmt-sql/azure/mgmt/sql/operations/database_blob_auditing_policies_operations.py b/azure-mgmt-sql/azure/mgmt/sql/operations/database_blob_auditing_policies_operations.py index fa915bf7c00d..425ace0b8cc3 100644 --- a/azure-mgmt-sql/azure/mgmt/sql/operations/database_blob_auditing_policies_operations.py +++ b/azure-mgmt-sql/azure/mgmt/sql/operations/database_blob_auditing_policies_operations.py @@ -24,7 +24,7 @@ class DatabaseBlobAuditingPoliciesOperations(object): :param serializer: An object model serializer. :param deserializer: An object model deserializer. :ivar blob_auditing_policy_name: The name of the blob auditing policy. Constant value: "default". - :ivar api_version: The API version to use for the request. Constant value: "2015-05-01-preview". + :ivar api_version: The API version to use for the request. Constant value: "2017-03-01-preview". """ models = models @@ -35,7 +35,7 @@ def __init__(self, client, config, serializer, deserializer): self._serialize = serializer self._deserialize = deserializer self.blob_auditing_policy_name = "default" - self.api_version = "2015-05-01-preview" + self.api_version = "2017-03-01-preview" self.config = config @@ -49,8 +49,7 @@ def get( :type resource_group_name: str :param server_name: The name of the server. :type server_name: str - :param database_name: The name of the database for which the blob - audit policy is defined. + :param database_name: The name of the database. :type database_name: str :param dict custom_headers: headers that will be added to the request :param bool raw: returns the direct response alongside the @@ -118,8 +117,7 @@ def create_or_update( :type resource_group_name: str :param server_name: The name of the server. :type server_name: str - :param database_name: The name of the database for which the blob - auditing policy will be defined. + :param database_name: The name of the database. :type database_name: str :param parameters: The database blob auditing policy. :type parameters: ~azure.mgmt.sql.models.DatabaseBlobAuditingPolicy diff --git a/azure-mgmt-sql/azure/mgmt/sql/operations/extended_database_blob_auditing_policies_operations.py b/azure-mgmt-sql/azure/mgmt/sql/operations/extended_database_blob_auditing_policies_operations.py new file mode 100644 index 000000000000..73ff8454c8b5 --- /dev/null +++ b/azure-mgmt-sql/azure/mgmt/sql/operations/extended_database_blob_auditing_policies_operations.py @@ -0,0 +1,187 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +import uuid +from msrest.pipeline import ClientRawResponse +from msrestazure.azure_exceptions import CloudError + +from .. import models + + +class ExtendedDatabaseBlobAuditingPoliciesOperations(object): + """ExtendedDatabaseBlobAuditingPoliciesOperations operations. + + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + :ivar blob_auditing_policy_name: The name of the blob auditing policy. Constant value: "default". + :ivar api_version: The API version to use for the request. Constant value: "2017-03-01-preview". + """ + + models = models + + def __init__(self, client, config, serializer, deserializer): + + self._client = client + self._serialize = serializer + self._deserialize = deserializer + self.blob_auditing_policy_name = "default" + self.api_version = "2017-03-01-preview" + + self.config = config + + def get( + self, resource_group_name, server_name, database_name, custom_headers=None, raw=False, **operation_config): + """Gets an extended database's blob auditing policy. + + :param resource_group_name: The name of the resource group that + contains the resource. You can obtain this value from the Azure + Resource Manager API or the portal. + :type resource_group_name: str + :param server_name: The name of the server. + :type server_name: str + :param database_name: The name of the database. + :type database_name: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: ExtendedDatabaseBlobAuditingPolicy or ClientRawResponse if + raw=true + :rtype: ~azure.mgmt.sql.models.ExtendedDatabaseBlobAuditingPolicy or + ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.get.metadata['url'] + path_format_arguments = { + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str'), + 'serverName': self._serialize.url("server_name", server_name, 'str'), + 'databaseName': self._serialize.url("database_name", database_name, 'str'), + 'blobAuditingPolicyName': self._serialize.url("self.blob_auditing_policy_name", self.blob_auditing_policy_name, 'str'), + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters) + response = self._client.send(request, header_parameters, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + + if response.status_code == 200: + deserialized = self._deserialize('ExtendedDatabaseBlobAuditingPolicy', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + get.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/databases/{databaseName}/extendedAuditingSettings/{blobAuditingPolicyName}'} + + def create_or_update( + self, resource_group_name, server_name, database_name, parameters, custom_headers=None, raw=False, **operation_config): + """Creates or updates an extended database's blob auditing policy. + + :param resource_group_name: The name of the resource group that + contains the resource. You can obtain this value from the Azure + Resource Manager API or the portal. + :type resource_group_name: str + :param server_name: The name of the server. + :type server_name: str + :param database_name: The name of the database. + :type database_name: str + :param parameters: The extended database blob auditing policy. + :type parameters: + ~azure.mgmt.sql.models.ExtendedDatabaseBlobAuditingPolicy + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: ExtendedDatabaseBlobAuditingPolicy or ClientRawResponse if + raw=true + :rtype: ~azure.mgmt.sql.models.ExtendedDatabaseBlobAuditingPolicy or + ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.create_or_update.metadata['url'] + path_format_arguments = { + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str'), + 'serverName': self._serialize.url("server_name", server_name, 'str'), + 'databaseName': self._serialize.url("database_name", database_name, 'str'), + 'blobAuditingPolicyName': self._serialize.url("self.blob_auditing_policy_name", self.blob_auditing_policy_name, 'str'), + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct body + body_content = self._serialize.body(parameters, 'ExtendedDatabaseBlobAuditingPolicy') + + # Construct and send request + request = self._client.put(url, query_parameters) + response = self._client.send( + request, header_parameters, body_content, stream=False, **operation_config) + + if response.status_code not in [200, 201]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + + if response.status_code == 200: + deserialized = self._deserialize('ExtendedDatabaseBlobAuditingPolicy', response) + if response.status_code == 201: + deserialized = self._deserialize('ExtendedDatabaseBlobAuditingPolicy', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + create_or_update.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/databases/{databaseName}/extendedAuditingSettings/{blobAuditingPolicyName}'} diff --git a/azure-mgmt-sql/azure/mgmt/sql/operations/extended_server_blob_auditing_policies_operations.py b/azure-mgmt-sql/azure/mgmt/sql/operations/extended_server_blob_auditing_policies_operations.py new file mode 100644 index 000000000000..02830132aa3f --- /dev/null +++ b/azure-mgmt-sql/azure/mgmt/sql/operations/extended_server_blob_auditing_policies_operations.py @@ -0,0 +1,213 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +import uuid +from msrest.pipeline import ClientRawResponse +from msrestazure.azure_exceptions import CloudError +from msrest.polling import LROPoller, NoPolling +from msrestazure.polling.arm_polling import ARMPolling + +from .. import models + + +class ExtendedServerBlobAuditingPoliciesOperations(object): + """ExtendedServerBlobAuditingPoliciesOperations operations. + + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + :ivar blob_auditing_policy_name: The name of the blob auditing policy. Constant value: "default". + :ivar api_version: The API version to use for the request. Constant value: "2017-03-01-preview". + """ + + models = models + + def __init__(self, client, config, serializer, deserializer): + + self._client = client + self._serialize = serializer + self._deserialize = deserializer + self.blob_auditing_policy_name = "default" + self.api_version = "2017-03-01-preview" + + self.config = config + + def get( + self, resource_group_name, server_name, custom_headers=None, raw=False, **operation_config): + """Gets an extended server's blob auditing policy. + + :param resource_group_name: The name of the resource group that + contains the resource. You can obtain this value from the Azure + Resource Manager API or the portal. + :type resource_group_name: str + :param server_name: The name of the server. + :type server_name: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: ExtendedServerBlobAuditingPolicy or ClientRawResponse if + raw=true + :rtype: ~azure.mgmt.sql.models.ExtendedServerBlobAuditingPolicy or + ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.get.metadata['url'] + path_format_arguments = { + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str'), + 'serverName': self._serialize.url("server_name", server_name, 'str'), + 'blobAuditingPolicyName': self._serialize.url("self.blob_auditing_policy_name", self.blob_auditing_policy_name, 'str'), + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters) + response = self._client.send(request, header_parameters, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + + if response.status_code == 200: + deserialized = self._deserialize('ExtendedServerBlobAuditingPolicy', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + get.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/extendedAuditingSettings/{blobAuditingPolicyName}'} + + + def _create_or_update_initial( + self, resource_group_name, server_name, parameters, custom_headers=None, raw=False, **operation_config): + # Construct URL + url = self.create_or_update.metadata['url'] + path_format_arguments = { + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str'), + 'serverName': self._serialize.url("server_name", server_name, 'str'), + 'blobAuditingPolicyName': self._serialize.url("self.blob_auditing_policy_name", self.blob_auditing_policy_name, 'str'), + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct body + body_content = self._serialize.body(parameters, 'ExtendedServerBlobAuditingPolicy') + + # Construct and send request + request = self._client.put(url, query_parameters) + response = self._client.send( + request, header_parameters, body_content, stream=False, **operation_config) + + if response.status_code not in [200, 202]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + + if response.status_code == 200: + deserialized = self._deserialize('ExtendedServerBlobAuditingPolicy', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + + def create_or_update( + self, resource_group_name, server_name, parameters, custom_headers=None, raw=False, polling=True, **operation_config): + """Creates or updates an extended server's blob auditing policy. + + :param resource_group_name: The name of the resource group that + contains the resource. You can obtain this value from the Azure + Resource Manager API or the portal. + :type resource_group_name: str + :param server_name: The name of the server. + :type server_name: str + :param parameters: Properties of extended blob auditing policy + :type parameters: + ~azure.mgmt.sql.models.ExtendedServerBlobAuditingPolicy + :param dict custom_headers: headers that will be added to the request + :param bool raw: The poller return type is ClientRawResponse, the + direct response alongside the deserialized response + :param polling: True for ARMPolling, False for no polling, or a + polling object for personal polling strategy + :return: An instance of LROPoller that returns + ExtendedServerBlobAuditingPolicy or + ClientRawResponse if raw==True + :rtype: + ~msrestazure.azure_operation.AzureOperationPoller[~azure.mgmt.sql.models.ExtendedServerBlobAuditingPolicy] + or + ~msrestazure.azure_operation.AzureOperationPoller[~msrest.pipeline.ClientRawResponse[~azure.mgmt.sql.models.ExtendedServerBlobAuditingPolicy]] + :raises: :class:`CloudError` + """ + raw_result = self._create_or_update_initial( + resource_group_name=resource_group_name, + server_name=server_name, + parameters=parameters, + custom_headers=custom_headers, + raw=True, + **operation_config + ) + + def get_long_running_output(response): + deserialized = self._deserialize('ExtendedServerBlobAuditingPolicy', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + + lro_delay = operation_config.get( + 'long_running_operation_timeout', + self.config.long_running_operation_timeout) + if polling is True: polling_method = ARMPolling(lro_delay, **operation_config) + elif polling is False: polling_method = NoPolling() + else: polling_method = polling + return LROPoller(self._client, raw_result, get_long_running_output, polling_method) + create_or_update.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/extendedAuditingSettings/{blobAuditingPolicyName}'} diff --git a/azure-mgmt-sql/azure/mgmt/sql/operations/server_blob_auditing_policies_operations.py b/azure-mgmt-sql/azure/mgmt/sql/operations/server_blob_auditing_policies_operations.py new file mode 100644 index 000000000000..ae38710656f9 --- /dev/null +++ b/azure-mgmt-sql/azure/mgmt/sql/operations/server_blob_auditing_policies_operations.py @@ -0,0 +1,211 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +import uuid +from msrest.pipeline import ClientRawResponse +from msrestazure.azure_exceptions import CloudError +from msrest.polling import LROPoller, NoPolling +from msrestazure.polling.arm_polling import ARMPolling + +from .. import models + + +class ServerBlobAuditingPoliciesOperations(object): + """ServerBlobAuditingPoliciesOperations operations. + + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + :ivar blob_auditing_policy_name: The name of the blob auditing policy. Constant value: "default". + :ivar api_version: The API version to use for the request. Constant value: "2017-03-01-preview". + """ + + models = models + + def __init__(self, client, config, serializer, deserializer): + + self._client = client + self._serialize = serializer + self._deserialize = deserializer + self.blob_auditing_policy_name = "default" + self.api_version = "2017-03-01-preview" + + self.config = config + + def get( + self, resource_group_name, server_name, custom_headers=None, raw=False, **operation_config): + """Gets a server's blob auditing policy. + + :param resource_group_name: The name of the resource group that + contains the resource. You can obtain this value from the Azure + Resource Manager API or the portal. + :type resource_group_name: str + :param server_name: The name of the server. + :type server_name: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: ServerBlobAuditingPolicy or ClientRawResponse if raw=true + :rtype: ~azure.mgmt.sql.models.ServerBlobAuditingPolicy or + ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.get.metadata['url'] + path_format_arguments = { + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str'), + 'serverName': self._serialize.url("server_name", server_name, 'str'), + 'blobAuditingPolicyName': self._serialize.url("self.blob_auditing_policy_name", self.blob_auditing_policy_name, 'str'), + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters) + response = self._client.send(request, header_parameters, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + + if response.status_code == 200: + deserialized = self._deserialize('ServerBlobAuditingPolicy', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + get.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/auditingSettings/{blobAuditingPolicyName}'} + + + def _create_or_update_initial( + self, resource_group_name, server_name, parameters, custom_headers=None, raw=False, **operation_config): + # Construct URL + url = self.create_or_update.metadata['url'] + path_format_arguments = { + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str'), + 'serverName': self._serialize.url("server_name", server_name, 'str'), + 'blobAuditingPolicyName': self._serialize.url("self.blob_auditing_policy_name", self.blob_auditing_policy_name, 'str'), + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct body + body_content = self._serialize.body(parameters, 'ServerBlobAuditingPolicy') + + # Construct and send request + request = self._client.put(url, query_parameters) + response = self._client.send( + request, header_parameters, body_content, stream=False, **operation_config) + + if response.status_code not in [200, 202]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + + if response.status_code == 200: + deserialized = self._deserialize('ServerBlobAuditingPolicy', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + + def create_or_update( + self, resource_group_name, server_name, parameters, custom_headers=None, raw=False, polling=True, **operation_config): + """Creates or updates a server's blob auditing policy. + + :param resource_group_name: The name of the resource group that + contains the resource. You can obtain this value from the Azure + Resource Manager API or the portal. + :type resource_group_name: str + :param server_name: The name of the server. + :type server_name: str + :param parameters: Properties of blob auditing policy + :type parameters: ~azure.mgmt.sql.models.ServerBlobAuditingPolicy + :param dict custom_headers: headers that will be added to the request + :param bool raw: The poller return type is ClientRawResponse, the + direct response alongside the deserialized response + :param polling: True for ARMPolling, False for no polling, or a + polling object for personal polling strategy + :return: An instance of LROPoller that returns + ServerBlobAuditingPolicy or + ClientRawResponse if raw==True + :rtype: + ~msrestazure.azure_operation.AzureOperationPoller[~azure.mgmt.sql.models.ServerBlobAuditingPolicy] + or + ~msrestazure.azure_operation.AzureOperationPoller[~msrest.pipeline.ClientRawResponse[~azure.mgmt.sql.models.ServerBlobAuditingPolicy]] + :raises: :class:`CloudError` + """ + raw_result = self._create_or_update_initial( + resource_group_name=resource_group_name, + server_name=server_name, + parameters=parameters, + custom_headers=custom_headers, + raw=True, + **operation_config + ) + + def get_long_running_output(response): + deserialized = self._deserialize('ServerBlobAuditingPolicy', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + + lro_delay = operation_config.get( + 'long_running_operation_timeout', + self.config.long_running_operation_timeout) + if polling is True: polling_method = ARMPolling(lro_delay, **operation_config) + elif polling is False: polling_method = NoPolling() + else: polling_method = polling + return LROPoller(self._client, raw_result, get_long_running_output, polling_method) + create_or_update.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/auditingSettings/{blobAuditingPolicyName}'} diff --git a/azure-mgmt-sql/azure/mgmt/sql/sql_management_client.py b/azure-mgmt-sql/azure/mgmt/sql/sql_management_client.py index 9afb33b63ea4..404b7b7bc740 100644 --- a/azure-mgmt-sql/azure/mgmt/sql/sql_management_client.py +++ b/azure-mgmt-sql/azure/mgmt/sql/sql_management_client.py @@ -36,7 +36,6 @@ from .operations.transparent_data_encryption_activities_operations import TransparentDataEncryptionActivitiesOperations from .operations.server_usages_operations import ServerUsagesOperations from .operations.database_usages_operations import DatabaseUsagesOperations -from .operations.database_blob_auditing_policies_operations import DatabaseBlobAuditingPoliciesOperations from .operations.database_automatic_tuning_operations import DatabaseAutomaticTuningOperations from .operations.encryption_protectors_operations import EncryptionProtectorsOperations from .operations.failover_groups_operations import FailoverGroupsOperations @@ -48,6 +47,10 @@ from .operations.sync_members_operations import SyncMembersOperations from .operations.subscription_usages_operations import SubscriptionUsagesOperations from .operations.virtual_network_rules_operations import VirtualNetworkRulesOperations +from .operations.extended_database_blob_auditing_policies_operations import ExtendedDatabaseBlobAuditingPoliciesOperations +from .operations.extended_server_blob_auditing_policies_operations import ExtendedServerBlobAuditingPoliciesOperations +from .operations.server_blob_auditing_policies_operations import ServerBlobAuditingPoliciesOperations +from .operations.database_blob_auditing_policies_operations import DatabaseBlobAuditingPoliciesOperations from .operations.database_vulnerability_assessment_rule_baselines_operations import DatabaseVulnerabilityAssessmentRuleBaselinesOperations from .operations.database_vulnerability_assessments_operations import DatabaseVulnerabilityAssessmentsOperations from .operations.job_agents_operations import JobAgentsOperations @@ -160,8 +163,6 @@ class SqlManagementClient(SDKClient): :vartype server_usages: azure.mgmt.sql.operations.ServerUsagesOperations :ivar database_usages: DatabaseUsages operations :vartype database_usages: azure.mgmt.sql.operations.DatabaseUsagesOperations - :ivar database_blob_auditing_policies: DatabaseBlobAuditingPolicies operations - :vartype database_blob_auditing_policies: azure.mgmt.sql.operations.DatabaseBlobAuditingPoliciesOperations :ivar database_automatic_tuning: DatabaseAutomaticTuning operations :vartype database_automatic_tuning: azure.mgmt.sql.operations.DatabaseAutomaticTuningOperations :ivar encryption_protectors: EncryptionProtectors operations @@ -184,6 +185,14 @@ class SqlManagementClient(SDKClient): :vartype subscription_usages: azure.mgmt.sql.operations.SubscriptionUsagesOperations :ivar virtual_network_rules: VirtualNetworkRules operations :vartype virtual_network_rules: azure.mgmt.sql.operations.VirtualNetworkRulesOperations + :ivar extended_database_blob_auditing_policies: ExtendedDatabaseBlobAuditingPolicies operations + :vartype extended_database_blob_auditing_policies: azure.mgmt.sql.operations.ExtendedDatabaseBlobAuditingPoliciesOperations + :ivar extended_server_blob_auditing_policies: ExtendedServerBlobAuditingPolicies operations + :vartype extended_server_blob_auditing_policies: azure.mgmt.sql.operations.ExtendedServerBlobAuditingPoliciesOperations + :ivar server_blob_auditing_policies: ServerBlobAuditingPolicies operations + :vartype server_blob_auditing_policies: azure.mgmt.sql.operations.ServerBlobAuditingPoliciesOperations + :ivar database_blob_auditing_policies: DatabaseBlobAuditingPolicies operations + :vartype database_blob_auditing_policies: azure.mgmt.sql.operations.DatabaseBlobAuditingPoliciesOperations :ivar database_vulnerability_assessment_rule_baselines: DatabaseVulnerabilityAssessmentRuleBaselines operations :vartype database_vulnerability_assessment_rule_baselines: azure.mgmt.sql.operations.DatabaseVulnerabilityAssessmentRuleBaselinesOperations :ivar database_vulnerability_assessments: DatabaseVulnerabilityAssessments operations @@ -298,8 +307,6 @@ def __init__( self._client, self.config, self._serialize, self._deserialize) self.database_usages = DatabaseUsagesOperations( self._client, self.config, self._serialize, self._deserialize) - self.database_blob_auditing_policies = DatabaseBlobAuditingPoliciesOperations( - self._client, self.config, self._serialize, self._deserialize) self.database_automatic_tuning = DatabaseAutomaticTuningOperations( self._client, self.config, self._serialize, self._deserialize) self.encryption_protectors = EncryptionProtectorsOperations( @@ -322,6 +329,14 @@ def __init__( self._client, self.config, self._serialize, self._deserialize) self.virtual_network_rules = VirtualNetworkRulesOperations( self._client, self.config, self._serialize, self._deserialize) + self.extended_database_blob_auditing_policies = ExtendedDatabaseBlobAuditingPoliciesOperations( + self._client, self.config, self._serialize, self._deserialize) + self.extended_server_blob_auditing_policies = ExtendedServerBlobAuditingPoliciesOperations( + self._client, self.config, self._serialize, self._deserialize) + self.server_blob_auditing_policies = ServerBlobAuditingPoliciesOperations( + self._client, self.config, self._serialize, self._deserialize) + self.database_blob_auditing_policies = DatabaseBlobAuditingPoliciesOperations( + self._client, self.config, self._serialize, self._deserialize) self.database_vulnerability_assessment_rule_baselines = DatabaseVulnerabilityAssessmentRuleBaselinesOperations( self._client, self.config, self._serialize, self._deserialize) self.database_vulnerability_assessments = DatabaseVulnerabilityAssessmentsOperations( From 206f61327edb180fe8b98a73feae4bcab9ac6e1f Mon Sep 17 00:00:00 2001 From: Azure SDK for Python bot Date: Mon, 11 Jun 2018 19:43:16 +0000 Subject: [PATCH 3/3] Generated from bd7ff47b3e8549566c77c4ebc7de1e86703ac29e fixed comments --- .../azure/mgmt/sql/models/__init__.py | 19 +- .../models/database_blob_auditing_policy.py | 62 +---- .../database_blob_auditing_policy_py3.py | 62 +---- .../extended_database_blob_auditing_policy.py | 146 ------------ ...ended_database_blob_auditing_policy_py3.py | 146 ------------ .../extended_server_blob_auditing_policy.py | 146 ------------ ...xtended_server_blob_auditing_policy_py3.py | 146 ------------ .../sql/models/server_blob_auditing_policy.py | 141 ------------ .../models/server_blob_auditing_policy_py3.py | 141 ------------ .../sql/models/sql_management_client_enums.py | 12 +- .../azure/mgmt/sql/operations/__init__.py | 10 +- ...abase_blob_auditing_policies_operations.py | 10 +- ...abase_blob_auditing_policies_operations.py | 187 --------------- ...erver_blob_auditing_policies_operations.py | 213 ------------------ ...erver_blob_auditing_policies_operations.py | 211 ----------------- .../azure/mgmt/sql/sql_management_client.py | 25 +- 16 files changed, 28 insertions(+), 1649 deletions(-) delete mode 100644 azure-mgmt-sql/azure/mgmt/sql/models/extended_database_blob_auditing_policy.py delete mode 100644 azure-mgmt-sql/azure/mgmt/sql/models/extended_database_blob_auditing_policy_py3.py delete mode 100644 azure-mgmt-sql/azure/mgmt/sql/models/extended_server_blob_auditing_policy.py delete mode 100644 azure-mgmt-sql/azure/mgmt/sql/models/extended_server_blob_auditing_policy_py3.py delete mode 100644 azure-mgmt-sql/azure/mgmt/sql/models/server_blob_auditing_policy.py delete mode 100644 azure-mgmt-sql/azure/mgmt/sql/models/server_blob_auditing_policy_py3.py delete mode 100644 azure-mgmt-sql/azure/mgmt/sql/operations/extended_database_blob_auditing_policies_operations.py delete mode 100644 azure-mgmt-sql/azure/mgmt/sql/operations/extended_server_blob_auditing_policies_operations.py delete mode 100644 azure-mgmt-sql/azure/mgmt/sql/operations/server_blob_auditing_policies_operations.py diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/__init__.py b/azure-mgmt-sql/azure/mgmt/sql/models/__init__.py index c2ac545ef063..6d4bd5f3c186 100644 --- a/azure-mgmt-sql/azure/mgmt/sql/models/__init__.py +++ b/azure-mgmt-sql/azure/mgmt/sql/models/__init__.py @@ -48,6 +48,7 @@ from .transparent_data_encryption_activity_py3 import TransparentDataEncryptionActivity from .server_usage_py3 import ServerUsage from .database_usage_py3 import DatabaseUsage + from .database_blob_auditing_policy_py3 import DatabaseBlobAuditingPolicy from .automatic_tuning_options_py3 import AutomaticTuningOptions from .database_automatic_tuning_py3 import DatabaseAutomaticTuning from .encryption_protector_py3 import EncryptionProtector @@ -80,10 +81,6 @@ from .sync_member_py3 import SyncMember from .subscription_usage_py3 import SubscriptionUsage from .virtual_network_rule_py3 import VirtualNetworkRule - from .extended_database_blob_auditing_policy_py3 import ExtendedDatabaseBlobAuditingPolicy - from .extended_server_blob_auditing_policy_py3 import ExtendedServerBlobAuditingPolicy - from .server_blob_auditing_policy_py3 import ServerBlobAuditingPolicy - from .database_blob_auditing_policy_py3 import DatabaseBlobAuditingPolicy from .database_vulnerability_assessment_rule_baseline_item_py3 import DatabaseVulnerabilityAssessmentRuleBaselineItem from .database_vulnerability_assessment_rule_baseline_py3 import DatabaseVulnerabilityAssessmentRuleBaseline from .vulnerability_assessment_recurring_scans_properties_py3 import VulnerabilityAssessmentRecurringScansProperties @@ -187,6 +184,7 @@ from .transparent_data_encryption_activity import TransparentDataEncryptionActivity from .server_usage import ServerUsage from .database_usage import DatabaseUsage + from .database_blob_auditing_policy import DatabaseBlobAuditingPolicy from .automatic_tuning_options import AutomaticTuningOptions from .database_automatic_tuning import DatabaseAutomaticTuning from .encryption_protector import EncryptionProtector @@ -219,10 +217,6 @@ from .sync_member import SyncMember from .subscription_usage import SubscriptionUsage from .virtual_network_rule import VirtualNetworkRule - from .extended_database_blob_auditing_policy import ExtendedDatabaseBlobAuditingPolicy - from .extended_server_blob_auditing_policy import ExtendedServerBlobAuditingPolicy - from .server_blob_auditing_policy import ServerBlobAuditingPolicy - from .database_blob_auditing_policy import DatabaseBlobAuditingPolicy from .database_vulnerability_assessment_rule_baseline_item import DatabaseVulnerabilityAssessmentRuleBaselineItem from .database_vulnerability_assessment_rule_baseline import DatabaseVulnerabilityAssessmentRuleBaseline from .vulnerability_assessment_recurring_scans_properties import VulnerabilityAssessmentRecurringScansProperties @@ -363,6 +357,7 @@ RecommendedIndexType, TransparentDataEncryptionStatus, TransparentDataEncryptionActivityStatus, + BlobAuditingPolicyState, AutomaticTuningMode, AutomaticTuningOptionModeDesired, AutomaticTuningOptionModeActual, @@ -381,7 +376,6 @@ SyncDirection, SyncMemberState, VirtualNetworkRuleState, - BlobAuditingPolicyState, JobAgentState, JobExecutionLifecycle, ProvisioningState, @@ -457,6 +451,7 @@ 'TransparentDataEncryptionActivity', 'ServerUsage', 'DatabaseUsage', + 'DatabaseBlobAuditingPolicy', 'AutomaticTuningOptions', 'DatabaseAutomaticTuning', 'EncryptionProtector', @@ -489,10 +484,6 @@ 'SyncMember', 'SubscriptionUsage', 'VirtualNetworkRule', - 'ExtendedDatabaseBlobAuditingPolicy', - 'ExtendedServerBlobAuditingPolicy', - 'ServerBlobAuditingPolicy', - 'DatabaseBlobAuditingPolicy', 'DatabaseVulnerabilityAssessmentRuleBaselineItem', 'DatabaseVulnerabilityAssessmentRuleBaseline', 'VulnerabilityAssessmentRecurringScansProperties', @@ -632,6 +623,7 @@ 'RecommendedIndexType', 'TransparentDataEncryptionStatus', 'TransparentDataEncryptionActivityStatus', + 'BlobAuditingPolicyState', 'AutomaticTuningMode', 'AutomaticTuningOptionModeDesired', 'AutomaticTuningOptionModeActual', @@ -650,7 +642,6 @@ 'SyncDirection', 'SyncMemberState', 'VirtualNetworkRuleState', - 'BlobAuditingPolicyState', 'JobAgentState', 'JobExecutionLifecycle', 'ProvisioningState', diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/database_blob_auditing_policy.py b/azure-mgmt-sql/azure/mgmt/sql/models/database_blob_auditing_policy.py index 963b7674ac16..407713325e7d 100644 --- a/azure-mgmt-sql/azure/mgmt/sql/models/database_blob_auditing_policy.py +++ b/azure-mgmt-sql/azure/mgmt/sql/models/database_blob_auditing_policy.py @@ -43,72 +43,14 @@ class DatabaseBlobAuditingPolicy(ProxyResource): :param retention_days: Specifies the number of days to keep in the audit logs. :type retention_days: int - :param audit_actions_and_groups: Specifies the Actions-Groups and Actions + :param audit_actions_and_groups: Specifies the Actions and Actions-Groups to audit. - The recommended set of action groups to use is the following combination - - this will audit all the queries and stored procedures executed against the - database, as well as successful and failed logins: - BATCH_COMPLETED_GROUP, - SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP, - FAILED_DATABASE_AUTHENTICATION_GROUP. - This above combination is also the set that is configured by default when - enabling auditing from the Azure portal. - The supported action groups to audit are (note: choose only specific - groups that cover your auditing needs. Using unnecessary groups could lead - to very large quantities of audit records): - APPLICATION_ROLE_CHANGE_PASSWORD_GROUP - BACKUP_RESTORE_GROUP - DATABASE_LOGOUT_GROUP - DATABASE_OBJECT_CHANGE_GROUP - DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP - DATABASE_OBJECT_PERMISSION_CHANGE_GROUP - DATABASE_OPERATION_GROUP - DATABASE_PERMISSION_CHANGE_GROUP - DATABASE_PRINCIPAL_CHANGE_GROUP - DATABASE_PRINCIPAL_IMPERSONATION_GROUP - DATABASE_ROLE_MEMBER_CHANGE_GROUP - FAILED_DATABASE_AUTHENTICATION_GROUP - SCHEMA_OBJECT_ACCESS_GROUP - SCHEMA_OBJECT_CHANGE_GROUP - SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP - SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP - SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP - USER_CHANGE_PASSWORD_GROUP - BATCH_STARTED_GROUP - BATCH_COMPLETED_GROUP - These are groups that cover all sql statements and stored procedures - executed against the database, and should not be used in combination with - other groups as this will result in duplicate audit logs. - For more information, see [Database-Level Audit Action - Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups). - For Database auditing policy, specific Actions can also be specified (note - that Actions cannot be specified for Server auditing policy). The - supported actions to audit are: - SELECT - UPDATE - INSERT - DELETE - EXECUTE - RECEIVE - REFERENCES - The general form for defining an action to be audited is: - ON BY - Note that in the above format can refer to an object like a - table, view, or stored procedure, or an entire database or schema. For the - latter cases, the forms DATABASE:: and SCHEMA:: are - used, respectively. - For example: - SELECT on dbo.myTable by public - SELECT on DATABASE::myDatabase by public - SELECT on SCHEMA::mySchema by public - For more information, see [Database-Level Audit - Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions) :type audit_actions_and_groups: list[str] :param storage_account_subscription_id: Specifies the blob storage subscription Id. :type storage_account_subscription_id: str :param is_storage_secondary_key_in_use: Specifies whether - storageAccountAccessKey value is the storage's secondary key. + storageAccountAccessKey value is the storage’s secondary key. :type is_storage_secondary_key_in_use: bool """ diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/database_blob_auditing_policy_py3.py b/azure-mgmt-sql/azure/mgmt/sql/models/database_blob_auditing_policy_py3.py index 1c58ec560a03..bfc95370f0fc 100644 --- a/azure-mgmt-sql/azure/mgmt/sql/models/database_blob_auditing_policy_py3.py +++ b/azure-mgmt-sql/azure/mgmt/sql/models/database_blob_auditing_policy_py3.py @@ -43,72 +43,14 @@ class DatabaseBlobAuditingPolicy(ProxyResource): :param retention_days: Specifies the number of days to keep in the audit logs. :type retention_days: int - :param audit_actions_and_groups: Specifies the Actions-Groups and Actions + :param audit_actions_and_groups: Specifies the Actions and Actions-Groups to audit. - The recommended set of action groups to use is the following combination - - this will audit all the queries and stored procedures executed against the - database, as well as successful and failed logins: - BATCH_COMPLETED_GROUP, - SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP, - FAILED_DATABASE_AUTHENTICATION_GROUP. - This above combination is also the set that is configured by default when - enabling auditing from the Azure portal. - The supported action groups to audit are (note: choose only specific - groups that cover your auditing needs. Using unnecessary groups could lead - to very large quantities of audit records): - APPLICATION_ROLE_CHANGE_PASSWORD_GROUP - BACKUP_RESTORE_GROUP - DATABASE_LOGOUT_GROUP - DATABASE_OBJECT_CHANGE_GROUP - DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP - DATABASE_OBJECT_PERMISSION_CHANGE_GROUP - DATABASE_OPERATION_GROUP - DATABASE_PERMISSION_CHANGE_GROUP - DATABASE_PRINCIPAL_CHANGE_GROUP - DATABASE_PRINCIPAL_IMPERSONATION_GROUP - DATABASE_ROLE_MEMBER_CHANGE_GROUP - FAILED_DATABASE_AUTHENTICATION_GROUP - SCHEMA_OBJECT_ACCESS_GROUP - SCHEMA_OBJECT_CHANGE_GROUP - SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP - SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP - SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP - USER_CHANGE_PASSWORD_GROUP - BATCH_STARTED_GROUP - BATCH_COMPLETED_GROUP - These are groups that cover all sql statements and stored procedures - executed against the database, and should not be used in combination with - other groups as this will result in duplicate audit logs. - For more information, see [Database-Level Audit Action - Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups). - For Database auditing policy, specific Actions can also be specified (note - that Actions cannot be specified for Server auditing policy). The - supported actions to audit are: - SELECT - UPDATE - INSERT - DELETE - EXECUTE - RECEIVE - REFERENCES - The general form for defining an action to be audited is: - ON BY - Note that in the above format can refer to an object like a - table, view, or stored procedure, or an entire database or schema. For the - latter cases, the forms DATABASE:: and SCHEMA:: are - used, respectively. - For example: - SELECT on dbo.myTable by public - SELECT on DATABASE::myDatabase by public - SELECT on SCHEMA::mySchema by public - For more information, see [Database-Level Audit - Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions) :type audit_actions_and_groups: list[str] :param storage_account_subscription_id: Specifies the blob storage subscription Id. :type storage_account_subscription_id: str :param is_storage_secondary_key_in_use: Specifies whether - storageAccountAccessKey value is the storage's secondary key. + storageAccountAccessKey value is the storage’s secondary key. :type is_storage_secondary_key_in_use: bool """ diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/extended_database_blob_auditing_policy.py b/azure-mgmt-sql/azure/mgmt/sql/models/extended_database_blob_auditing_policy.py deleted file mode 100644 index cdfb75e47f2a..000000000000 --- a/azure-mgmt-sql/azure/mgmt/sql/models/extended_database_blob_auditing_policy.py +++ /dev/null @@ -1,146 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for -# license information. -# -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is -# regenerated. -# -------------------------------------------------------------------------- - -from .proxy_resource import ProxyResource - - -class ExtendedDatabaseBlobAuditingPolicy(ProxyResource): - """An extended database blob auditing policy. - - Variables are only populated by the server, and will be ignored when - sending a request. - - All required parameters must be populated in order to send to Azure. - - :ivar id: Resource ID. - :vartype id: str - :ivar name: Resource name. - :vartype name: str - :ivar type: Resource type. - :vartype type: str - :param predicate_expression: Specifies condition of where clause when - creating an audit. - :type predicate_expression: str - :param state: Required. Specifies the state of the policy. If state is - Enabled, storageEndpoint and storageAccountAccessKey are required. - Possible values include: 'Enabled', 'Disabled' - :type state: str or ~azure.mgmt.sql.models.BlobAuditingPolicyState - :param storage_endpoint: Specifies the blob storage endpoint (e.g. - https://MyAccount.blob.core.windows.net). If state is Enabled, - storageEndpoint is required. - :type storage_endpoint: str - :param storage_account_access_key: Specifies the identifier key of the - auditing storage account. If state is Enabled, storageAccountAccessKey is - required. - :type storage_account_access_key: str - :param retention_days: Specifies the number of days to keep in the audit - logs. - :type retention_days: int - :param audit_actions_and_groups: Specifies the Actions-Groups and Actions - to audit. - The recommended set of action groups to use is the following combination - - this will audit all the queries and stored procedures executed against the - database, as well as successful and failed logins: - BATCH_COMPLETED_GROUP, - SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP, - FAILED_DATABASE_AUTHENTICATION_GROUP. - This above combination is also the set that is configured by default when - enabling auditing from the Azure portal. - The supported action groups to audit are (note: choose only specific - groups that cover your auditing needs. Using unnecessary groups could lead - to very large quantities of audit records): - APPLICATION_ROLE_CHANGE_PASSWORD_GROUP - BACKUP_RESTORE_GROUP - DATABASE_LOGOUT_GROUP - DATABASE_OBJECT_CHANGE_GROUP - DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP - DATABASE_OBJECT_PERMISSION_CHANGE_GROUP - DATABASE_OPERATION_GROUP - DATABASE_PERMISSION_CHANGE_GROUP - DATABASE_PRINCIPAL_CHANGE_GROUP - DATABASE_PRINCIPAL_IMPERSONATION_GROUP - DATABASE_ROLE_MEMBER_CHANGE_GROUP - FAILED_DATABASE_AUTHENTICATION_GROUP - SCHEMA_OBJECT_ACCESS_GROUP - SCHEMA_OBJECT_CHANGE_GROUP - SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP - SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP - SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP - USER_CHANGE_PASSWORD_GROUP - BATCH_STARTED_GROUP - BATCH_COMPLETED_GROUP - These are groups that cover all sql statements and stored procedures - executed against the database, and should not be used in combination with - other groups as this will result in duplicate audit logs. - For more information, see [Database-Level Audit Action - Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups). - For Database auditing policy, specific Actions can also be specified (note - that Actions cannot be specified for Server auditing policy). The - supported actions to audit are: - SELECT - UPDATE - INSERT - DELETE - EXECUTE - RECEIVE - REFERENCES - The general form for defining an action to be audited is: - ON BY - Note that in the above format can refer to an object like a - table, view, or stored procedure, or an entire database or schema. For the - latter cases, the forms DATABASE:: and SCHEMA:: are - used, respectively. - For example: - SELECT on dbo.myTable by public - SELECT on DATABASE::myDatabase by public - SELECT on SCHEMA::mySchema by public - For more information, see [Database-Level Audit - Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions) - :type audit_actions_and_groups: list[str] - :param storage_account_subscription_id: Specifies the blob storage - subscription Id. - :type storage_account_subscription_id: str - :param is_storage_secondary_key_in_use: Specifies whether - storageAccountAccessKey value is the storage's secondary key. - :type is_storage_secondary_key_in_use: bool - """ - - _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'state': {'required': True}, - } - - _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'predicate_expression': {'key': 'properties.predicateExpression', 'type': 'str'}, - 'state': {'key': 'properties.state', 'type': 'BlobAuditingPolicyState'}, - 'storage_endpoint': {'key': 'properties.storageEndpoint', 'type': 'str'}, - 'storage_account_access_key': {'key': 'properties.storageAccountAccessKey', 'type': 'str'}, - 'retention_days': {'key': 'properties.retentionDays', 'type': 'int'}, - 'audit_actions_and_groups': {'key': 'properties.auditActionsAndGroups', 'type': '[str]'}, - 'storage_account_subscription_id': {'key': 'properties.storageAccountSubscriptionId', 'type': 'str'}, - 'is_storage_secondary_key_in_use': {'key': 'properties.isStorageSecondaryKeyInUse', 'type': 'bool'}, - } - - def __init__(self, **kwargs): - super(ExtendedDatabaseBlobAuditingPolicy, self).__init__(**kwargs) - self.predicate_expression = kwargs.get('predicate_expression', None) - self.state = kwargs.get('state', None) - self.storage_endpoint = kwargs.get('storage_endpoint', None) - self.storage_account_access_key = kwargs.get('storage_account_access_key', None) - self.retention_days = kwargs.get('retention_days', None) - self.audit_actions_and_groups = kwargs.get('audit_actions_and_groups', None) - self.storage_account_subscription_id = kwargs.get('storage_account_subscription_id', None) - self.is_storage_secondary_key_in_use = kwargs.get('is_storage_secondary_key_in_use', None) diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/extended_database_blob_auditing_policy_py3.py b/azure-mgmt-sql/azure/mgmt/sql/models/extended_database_blob_auditing_policy_py3.py deleted file mode 100644 index ee5ce27523e1..000000000000 --- a/azure-mgmt-sql/azure/mgmt/sql/models/extended_database_blob_auditing_policy_py3.py +++ /dev/null @@ -1,146 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for -# license information. -# -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is -# regenerated. -# -------------------------------------------------------------------------- - -from .proxy_resource_py3 import ProxyResource - - -class ExtendedDatabaseBlobAuditingPolicy(ProxyResource): - """An extended database blob auditing policy. - - Variables are only populated by the server, and will be ignored when - sending a request. - - All required parameters must be populated in order to send to Azure. - - :ivar id: Resource ID. - :vartype id: str - :ivar name: Resource name. - :vartype name: str - :ivar type: Resource type. - :vartype type: str - :param predicate_expression: Specifies condition of where clause when - creating an audit. - :type predicate_expression: str - :param state: Required. Specifies the state of the policy. If state is - Enabled, storageEndpoint and storageAccountAccessKey are required. - Possible values include: 'Enabled', 'Disabled' - :type state: str or ~azure.mgmt.sql.models.BlobAuditingPolicyState - :param storage_endpoint: Specifies the blob storage endpoint (e.g. - https://MyAccount.blob.core.windows.net). If state is Enabled, - storageEndpoint is required. - :type storage_endpoint: str - :param storage_account_access_key: Specifies the identifier key of the - auditing storage account. If state is Enabled, storageAccountAccessKey is - required. - :type storage_account_access_key: str - :param retention_days: Specifies the number of days to keep in the audit - logs. - :type retention_days: int - :param audit_actions_and_groups: Specifies the Actions-Groups and Actions - to audit. - The recommended set of action groups to use is the following combination - - this will audit all the queries and stored procedures executed against the - database, as well as successful and failed logins: - BATCH_COMPLETED_GROUP, - SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP, - FAILED_DATABASE_AUTHENTICATION_GROUP. - This above combination is also the set that is configured by default when - enabling auditing from the Azure portal. - The supported action groups to audit are (note: choose only specific - groups that cover your auditing needs. Using unnecessary groups could lead - to very large quantities of audit records): - APPLICATION_ROLE_CHANGE_PASSWORD_GROUP - BACKUP_RESTORE_GROUP - DATABASE_LOGOUT_GROUP - DATABASE_OBJECT_CHANGE_GROUP - DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP - DATABASE_OBJECT_PERMISSION_CHANGE_GROUP - DATABASE_OPERATION_GROUP - DATABASE_PERMISSION_CHANGE_GROUP - DATABASE_PRINCIPAL_CHANGE_GROUP - DATABASE_PRINCIPAL_IMPERSONATION_GROUP - DATABASE_ROLE_MEMBER_CHANGE_GROUP - FAILED_DATABASE_AUTHENTICATION_GROUP - SCHEMA_OBJECT_ACCESS_GROUP - SCHEMA_OBJECT_CHANGE_GROUP - SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP - SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP - SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP - USER_CHANGE_PASSWORD_GROUP - BATCH_STARTED_GROUP - BATCH_COMPLETED_GROUP - These are groups that cover all sql statements and stored procedures - executed against the database, and should not be used in combination with - other groups as this will result in duplicate audit logs. - For more information, see [Database-Level Audit Action - Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups). - For Database auditing policy, specific Actions can also be specified (note - that Actions cannot be specified for Server auditing policy). The - supported actions to audit are: - SELECT - UPDATE - INSERT - DELETE - EXECUTE - RECEIVE - REFERENCES - The general form for defining an action to be audited is: - ON BY - Note that in the above format can refer to an object like a - table, view, or stored procedure, or an entire database or schema. For the - latter cases, the forms DATABASE:: and SCHEMA:: are - used, respectively. - For example: - SELECT on dbo.myTable by public - SELECT on DATABASE::myDatabase by public - SELECT on SCHEMA::mySchema by public - For more information, see [Database-Level Audit - Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions) - :type audit_actions_and_groups: list[str] - :param storage_account_subscription_id: Specifies the blob storage - subscription Id. - :type storage_account_subscription_id: str - :param is_storage_secondary_key_in_use: Specifies whether - storageAccountAccessKey value is the storage's secondary key. - :type is_storage_secondary_key_in_use: bool - """ - - _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'state': {'required': True}, - } - - _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'predicate_expression': {'key': 'properties.predicateExpression', 'type': 'str'}, - 'state': {'key': 'properties.state', 'type': 'BlobAuditingPolicyState'}, - 'storage_endpoint': {'key': 'properties.storageEndpoint', 'type': 'str'}, - 'storage_account_access_key': {'key': 'properties.storageAccountAccessKey', 'type': 'str'}, - 'retention_days': {'key': 'properties.retentionDays', 'type': 'int'}, - 'audit_actions_and_groups': {'key': 'properties.auditActionsAndGroups', 'type': '[str]'}, - 'storage_account_subscription_id': {'key': 'properties.storageAccountSubscriptionId', 'type': 'str'}, - 'is_storage_secondary_key_in_use': {'key': 'properties.isStorageSecondaryKeyInUse', 'type': 'bool'}, - } - - def __init__(self, *, state, predicate_expression: str=None, storage_endpoint: str=None, storage_account_access_key: str=None, retention_days: int=None, audit_actions_and_groups=None, storage_account_subscription_id: str=None, is_storage_secondary_key_in_use: bool=None, **kwargs) -> None: - super(ExtendedDatabaseBlobAuditingPolicy, self).__init__(**kwargs) - self.predicate_expression = predicate_expression - self.state = state - self.storage_endpoint = storage_endpoint - self.storage_account_access_key = storage_account_access_key - self.retention_days = retention_days - self.audit_actions_and_groups = audit_actions_and_groups - self.storage_account_subscription_id = storage_account_subscription_id - self.is_storage_secondary_key_in_use = is_storage_secondary_key_in_use diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/extended_server_blob_auditing_policy.py b/azure-mgmt-sql/azure/mgmt/sql/models/extended_server_blob_auditing_policy.py deleted file mode 100644 index a11e18ac68b1..000000000000 --- a/azure-mgmt-sql/azure/mgmt/sql/models/extended_server_blob_auditing_policy.py +++ /dev/null @@ -1,146 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for -# license information. -# -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is -# regenerated. -# -------------------------------------------------------------------------- - -from .proxy_resource import ProxyResource - - -class ExtendedServerBlobAuditingPolicy(ProxyResource): - """An extended server blob auditing policy. - - Variables are only populated by the server, and will be ignored when - sending a request. - - All required parameters must be populated in order to send to Azure. - - :ivar id: Resource ID. - :vartype id: str - :ivar name: Resource name. - :vartype name: str - :ivar type: Resource type. - :vartype type: str - :param predicate_expression: Specifies condition of where clause when - creating an audit. - :type predicate_expression: str - :param state: Required. Specifies the state of the policy. If state is - Enabled, storageEndpoint and storageAccountAccessKey are required. - Possible values include: 'Enabled', 'Disabled' - :type state: str or ~azure.mgmt.sql.models.BlobAuditingPolicyState - :param storage_endpoint: Specifies the blob storage endpoint (e.g. - https://MyAccount.blob.core.windows.net). If state is Enabled, - storageEndpoint is required. - :type storage_endpoint: str - :param storage_account_access_key: Specifies the identifier key of the - auditing storage account. If state is Enabled, storageAccountAccessKey is - required. - :type storage_account_access_key: str - :param retention_days: Specifies the number of days to keep in the audit - logs. - :type retention_days: int - :param audit_actions_and_groups: Specifies the Actions-Groups and Actions - to audit. - The recommended set of action groups to use is the following combination - - this will audit all the queries and stored procedures executed against the - database, as well as successful and failed logins: - BATCH_COMPLETED_GROUP, - SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP, - FAILED_DATABASE_AUTHENTICATION_GROUP. - This above combination is also the set that is configured by default when - enabling auditing from the Azure portal. - The supported action groups to audit are (note: choose only specific - groups that cover your auditing needs. Using unnecessary groups could lead - to very large quantities of audit records): - APPLICATION_ROLE_CHANGE_PASSWORD_GROUP - BACKUP_RESTORE_GROUP - DATABASE_LOGOUT_GROUP - DATABASE_OBJECT_CHANGE_GROUP - DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP - DATABASE_OBJECT_PERMISSION_CHANGE_GROUP - DATABASE_OPERATION_GROUP - DATABASE_PERMISSION_CHANGE_GROUP - DATABASE_PRINCIPAL_CHANGE_GROUP - DATABASE_PRINCIPAL_IMPERSONATION_GROUP - DATABASE_ROLE_MEMBER_CHANGE_GROUP - FAILED_DATABASE_AUTHENTICATION_GROUP - SCHEMA_OBJECT_ACCESS_GROUP - SCHEMA_OBJECT_CHANGE_GROUP - SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP - SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP - SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP - USER_CHANGE_PASSWORD_GROUP - BATCH_STARTED_GROUP - BATCH_COMPLETED_GROUP - These are groups that cover all sql statements and stored procedures - executed against the database, and should not be used in combination with - other groups as this will result in duplicate audit logs. - For more information, see [Database-Level Audit Action - Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups). - For Database auditing policy, specific Actions can also be specified (note - that Actions cannot be specified for Server auditing policy). The - supported actions to audit are: - SELECT - UPDATE - INSERT - DELETE - EXECUTE - RECEIVE - REFERENCES - The general form for defining an action to be audited is: - ON BY - Note that in the above format can refer to an object like a - table, view, or stored procedure, or an entire database or schema. For the - latter cases, the forms DATABASE:: and SCHEMA:: are - used, respectively. - For example: - SELECT on dbo.myTable by public - SELECT on DATABASE::myDatabase by public - SELECT on SCHEMA::mySchema by public - For more information, see [Database-Level Audit - Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions) - :type audit_actions_and_groups: list[str] - :param storage_account_subscription_id: Specifies the blob storage - subscription Id. - :type storage_account_subscription_id: str - :param is_storage_secondary_key_in_use: Specifies whether - storageAccountAccessKey value is the storage's secondary key. - :type is_storage_secondary_key_in_use: bool - """ - - _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'state': {'required': True}, - } - - _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'predicate_expression': {'key': 'properties.predicateExpression', 'type': 'str'}, - 'state': {'key': 'properties.state', 'type': 'BlobAuditingPolicyState'}, - 'storage_endpoint': {'key': 'properties.storageEndpoint', 'type': 'str'}, - 'storage_account_access_key': {'key': 'properties.storageAccountAccessKey', 'type': 'str'}, - 'retention_days': {'key': 'properties.retentionDays', 'type': 'int'}, - 'audit_actions_and_groups': {'key': 'properties.auditActionsAndGroups', 'type': '[str]'}, - 'storage_account_subscription_id': {'key': 'properties.storageAccountSubscriptionId', 'type': 'str'}, - 'is_storage_secondary_key_in_use': {'key': 'properties.isStorageSecondaryKeyInUse', 'type': 'bool'}, - } - - def __init__(self, **kwargs): - super(ExtendedServerBlobAuditingPolicy, self).__init__(**kwargs) - self.predicate_expression = kwargs.get('predicate_expression', None) - self.state = kwargs.get('state', None) - self.storage_endpoint = kwargs.get('storage_endpoint', None) - self.storage_account_access_key = kwargs.get('storage_account_access_key', None) - self.retention_days = kwargs.get('retention_days', None) - self.audit_actions_and_groups = kwargs.get('audit_actions_and_groups', None) - self.storage_account_subscription_id = kwargs.get('storage_account_subscription_id', None) - self.is_storage_secondary_key_in_use = kwargs.get('is_storage_secondary_key_in_use', None) diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/extended_server_blob_auditing_policy_py3.py b/azure-mgmt-sql/azure/mgmt/sql/models/extended_server_blob_auditing_policy_py3.py deleted file mode 100644 index ac522801a8dd..000000000000 --- a/azure-mgmt-sql/azure/mgmt/sql/models/extended_server_blob_auditing_policy_py3.py +++ /dev/null @@ -1,146 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for -# license information. -# -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is -# regenerated. -# -------------------------------------------------------------------------- - -from .proxy_resource_py3 import ProxyResource - - -class ExtendedServerBlobAuditingPolicy(ProxyResource): - """An extended server blob auditing policy. - - Variables are only populated by the server, and will be ignored when - sending a request. - - All required parameters must be populated in order to send to Azure. - - :ivar id: Resource ID. - :vartype id: str - :ivar name: Resource name. - :vartype name: str - :ivar type: Resource type. - :vartype type: str - :param predicate_expression: Specifies condition of where clause when - creating an audit. - :type predicate_expression: str - :param state: Required. Specifies the state of the policy. If state is - Enabled, storageEndpoint and storageAccountAccessKey are required. - Possible values include: 'Enabled', 'Disabled' - :type state: str or ~azure.mgmt.sql.models.BlobAuditingPolicyState - :param storage_endpoint: Specifies the blob storage endpoint (e.g. - https://MyAccount.blob.core.windows.net). If state is Enabled, - storageEndpoint is required. - :type storage_endpoint: str - :param storage_account_access_key: Specifies the identifier key of the - auditing storage account. If state is Enabled, storageAccountAccessKey is - required. - :type storage_account_access_key: str - :param retention_days: Specifies the number of days to keep in the audit - logs. - :type retention_days: int - :param audit_actions_and_groups: Specifies the Actions-Groups and Actions - to audit. - The recommended set of action groups to use is the following combination - - this will audit all the queries and stored procedures executed against the - database, as well as successful and failed logins: - BATCH_COMPLETED_GROUP, - SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP, - FAILED_DATABASE_AUTHENTICATION_GROUP. - This above combination is also the set that is configured by default when - enabling auditing from the Azure portal. - The supported action groups to audit are (note: choose only specific - groups that cover your auditing needs. Using unnecessary groups could lead - to very large quantities of audit records): - APPLICATION_ROLE_CHANGE_PASSWORD_GROUP - BACKUP_RESTORE_GROUP - DATABASE_LOGOUT_GROUP - DATABASE_OBJECT_CHANGE_GROUP - DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP - DATABASE_OBJECT_PERMISSION_CHANGE_GROUP - DATABASE_OPERATION_GROUP - DATABASE_PERMISSION_CHANGE_GROUP - DATABASE_PRINCIPAL_CHANGE_GROUP - DATABASE_PRINCIPAL_IMPERSONATION_GROUP - DATABASE_ROLE_MEMBER_CHANGE_GROUP - FAILED_DATABASE_AUTHENTICATION_GROUP - SCHEMA_OBJECT_ACCESS_GROUP - SCHEMA_OBJECT_CHANGE_GROUP - SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP - SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP - SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP - USER_CHANGE_PASSWORD_GROUP - BATCH_STARTED_GROUP - BATCH_COMPLETED_GROUP - These are groups that cover all sql statements and stored procedures - executed against the database, and should not be used in combination with - other groups as this will result in duplicate audit logs. - For more information, see [Database-Level Audit Action - Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups). - For Database auditing policy, specific Actions can also be specified (note - that Actions cannot be specified for Server auditing policy). The - supported actions to audit are: - SELECT - UPDATE - INSERT - DELETE - EXECUTE - RECEIVE - REFERENCES - The general form for defining an action to be audited is: - ON BY - Note that in the above format can refer to an object like a - table, view, or stored procedure, or an entire database or schema. For the - latter cases, the forms DATABASE:: and SCHEMA:: are - used, respectively. - For example: - SELECT on dbo.myTable by public - SELECT on DATABASE::myDatabase by public - SELECT on SCHEMA::mySchema by public - For more information, see [Database-Level Audit - Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions) - :type audit_actions_and_groups: list[str] - :param storage_account_subscription_id: Specifies the blob storage - subscription Id. - :type storage_account_subscription_id: str - :param is_storage_secondary_key_in_use: Specifies whether - storageAccountAccessKey value is the storage's secondary key. - :type is_storage_secondary_key_in_use: bool - """ - - _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'state': {'required': True}, - } - - _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'predicate_expression': {'key': 'properties.predicateExpression', 'type': 'str'}, - 'state': {'key': 'properties.state', 'type': 'BlobAuditingPolicyState'}, - 'storage_endpoint': {'key': 'properties.storageEndpoint', 'type': 'str'}, - 'storage_account_access_key': {'key': 'properties.storageAccountAccessKey', 'type': 'str'}, - 'retention_days': {'key': 'properties.retentionDays', 'type': 'int'}, - 'audit_actions_and_groups': {'key': 'properties.auditActionsAndGroups', 'type': '[str]'}, - 'storage_account_subscription_id': {'key': 'properties.storageAccountSubscriptionId', 'type': 'str'}, - 'is_storage_secondary_key_in_use': {'key': 'properties.isStorageSecondaryKeyInUse', 'type': 'bool'}, - } - - def __init__(self, *, state, predicate_expression: str=None, storage_endpoint: str=None, storage_account_access_key: str=None, retention_days: int=None, audit_actions_and_groups=None, storage_account_subscription_id: str=None, is_storage_secondary_key_in_use: bool=None, **kwargs) -> None: - super(ExtendedServerBlobAuditingPolicy, self).__init__(**kwargs) - self.predicate_expression = predicate_expression - self.state = state - self.storage_endpoint = storage_endpoint - self.storage_account_access_key = storage_account_access_key - self.retention_days = retention_days - self.audit_actions_and_groups = audit_actions_and_groups - self.storage_account_subscription_id = storage_account_subscription_id - self.is_storage_secondary_key_in_use = is_storage_secondary_key_in_use diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/server_blob_auditing_policy.py b/azure-mgmt-sql/azure/mgmt/sql/models/server_blob_auditing_policy.py deleted file mode 100644 index 0232582a4237..000000000000 --- a/azure-mgmt-sql/azure/mgmt/sql/models/server_blob_auditing_policy.py +++ /dev/null @@ -1,141 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for -# license information. -# -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is -# regenerated. -# -------------------------------------------------------------------------- - -from .proxy_resource import ProxyResource - - -class ServerBlobAuditingPolicy(ProxyResource): - """A server blob auditing policy. - - Variables are only populated by the server, and will be ignored when - sending a request. - - All required parameters must be populated in order to send to Azure. - - :ivar id: Resource ID. - :vartype id: str - :ivar name: Resource name. - :vartype name: str - :ivar type: Resource type. - :vartype type: str - :param state: Required. Specifies the state of the policy. If state is - Enabled, storageEndpoint and storageAccountAccessKey are required. - Possible values include: 'Enabled', 'Disabled' - :type state: str or ~azure.mgmt.sql.models.BlobAuditingPolicyState - :param storage_endpoint: Specifies the blob storage endpoint (e.g. - https://MyAccount.blob.core.windows.net). If state is Enabled, - storageEndpoint is required. - :type storage_endpoint: str - :param storage_account_access_key: Specifies the identifier key of the - auditing storage account. If state is Enabled, storageAccountAccessKey is - required. - :type storage_account_access_key: str - :param retention_days: Specifies the number of days to keep in the audit - logs. - :type retention_days: int - :param audit_actions_and_groups: Specifies the Actions-Groups and Actions - to audit. - The recommended set of action groups to use is the following combination - - this will audit all the queries and stored procedures executed against the - database, as well as successful and failed logins: - BATCH_COMPLETED_GROUP, - SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP, - FAILED_DATABASE_AUTHENTICATION_GROUP. - This above combination is also the set that is configured by default when - enabling auditing from the Azure portal. - The supported action groups to audit are (note: choose only specific - groups that cover your auditing needs. Using unnecessary groups could lead - to very large quantities of audit records): - APPLICATION_ROLE_CHANGE_PASSWORD_GROUP - BACKUP_RESTORE_GROUP - DATABASE_LOGOUT_GROUP - DATABASE_OBJECT_CHANGE_GROUP - DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP - DATABASE_OBJECT_PERMISSION_CHANGE_GROUP - DATABASE_OPERATION_GROUP - DATABASE_PERMISSION_CHANGE_GROUP - DATABASE_PRINCIPAL_CHANGE_GROUP - DATABASE_PRINCIPAL_IMPERSONATION_GROUP - DATABASE_ROLE_MEMBER_CHANGE_GROUP - FAILED_DATABASE_AUTHENTICATION_GROUP - SCHEMA_OBJECT_ACCESS_GROUP - SCHEMA_OBJECT_CHANGE_GROUP - SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP - SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP - SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP - USER_CHANGE_PASSWORD_GROUP - BATCH_STARTED_GROUP - BATCH_COMPLETED_GROUP - These are groups that cover all sql statements and stored procedures - executed against the database, and should not be used in combination with - other groups as this will result in duplicate audit logs. - For more information, see [Database-Level Audit Action - Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups). - For Database auditing policy, specific Actions can also be specified (note - that Actions cannot be specified for Server auditing policy). The - supported actions to audit are: - SELECT - UPDATE - INSERT - DELETE - EXECUTE - RECEIVE - REFERENCES - The general form for defining an action to be audited is: - ON BY - Note that in the above format can refer to an object like a - table, view, or stored procedure, or an entire database or schema. For the - latter cases, the forms DATABASE:: and SCHEMA:: are - used, respectively. - For example: - SELECT on dbo.myTable by public - SELECT on DATABASE::myDatabase by public - SELECT on SCHEMA::mySchema by public - For more information, see [Database-Level Audit - Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions) - :type audit_actions_and_groups: list[str] - :param storage_account_subscription_id: Specifies the blob storage - subscription Id. - :type storage_account_subscription_id: str - :param is_storage_secondary_key_in_use: Specifies whether - storageAccountAccessKey value is the storage's secondary key. - :type is_storage_secondary_key_in_use: bool - """ - - _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'state': {'required': True}, - } - - _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'state': {'key': 'properties.state', 'type': 'BlobAuditingPolicyState'}, - 'storage_endpoint': {'key': 'properties.storageEndpoint', 'type': 'str'}, - 'storage_account_access_key': {'key': 'properties.storageAccountAccessKey', 'type': 'str'}, - 'retention_days': {'key': 'properties.retentionDays', 'type': 'int'}, - 'audit_actions_and_groups': {'key': 'properties.auditActionsAndGroups', 'type': '[str]'}, - 'storage_account_subscription_id': {'key': 'properties.storageAccountSubscriptionId', 'type': 'str'}, - 'is_storage_secondary_key_in_use': {'key': 'properties.isStorageSecondaryKeyInUse', 'type': 'bool'}, - } - - def __init__(self, **kwargs): - super(ServerBlobAuditingPolicy, self).__init__(**kwargs) - self.state = kwargs.get('state', None) - self.storage_endpoint = kwargs.get('storage_endpoint', None) - self.storage_account_access_key = kwargs.get('storage_account_access_key', None) - self.retention_days = kwargs.get('retention_days', None) - self.audit_actions_and_groups = kwargs.get('audit_actions_and_groups', None) - self.storage_account_subscription_id = kwargs.get('storage_account_subscription_id', None) - self.is_storage_secondary_key_in_use = kwargs.get('is_storage_secondary_key_in_use', None) diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/server_blob_auditing_policy_py3.py b/azure-mgmt-sql/azure/mgmt/sql/models/server_blob_auditing_policy_py3.py deleted file mode 100644 index 51dcc8c41d4c..000000000000 --- a/azure-mgmt-sql/azure/mgmt/sql/models/server_blob_auditing_policy_py3.py +++ /dev/null @@ -1,141 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for -# license information. -# -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is -# regenerated. -# -------------------------------------------------------------------------- - -from .proxy_resource_py3 import ProxyResource - - -class ServerBlobAuditingPolicy(ProxyResource): - """A server blob auditing policy. - - Variables are only populated by the server, and will be ignored when - sending a request. - - All required parameters must be populated in order to send to Azure. - - :ivar id: Resource ID. - :vartype id: str - :ivar name: Resource name. - :vartype name: str - :ivar type: Resource type. - :vartype type: str - :param state: Required. Specifies the state of the policy. If state is - Enabled, storageEndpoint and storageAccountAccessKey are required. - Possible values include: 'Enabled', 'Disabled' - :type state: str or ~azure.mgmt.sql.models.BlobAuditingPolicyState - :param storage_endpoint: Specifies the blob storage endpoint (e.g. - https://MyAccount.blob.core.windows.net). If state is Enabled, - storageEndpoint is required. - :type storage_endpoint: str - :param storage_account_access_key: Specifies the identifier key of the - auditing storage account. If state is Enabled, storageAccountAccessKey is - required. - :type storage_account_access_key: str - :param retention_days: Specifies the number of days to keep in the audit - logs. - :type retention_days: int - :param audit_actions_and_groups: Specifies the Actions-Groups and Actions - to audit. - The recommended set of action groups to use is the following combination - - this will audit all the queries and stored procedures executed against the - database, as well as successful and failed logins: - BATCH_COMPLETED_GROUP, - SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP, - FAILED_DATABASE_AUTHENTICATION_GROUP. - This above combination is also the set that is configured by default when - enabling auditing from the Azure portal. - The supported action groups to audit are (note: choose only specific - groups that cover your auditing needs. Using unnecessary groups could lead - to very large quantities of audit records): - APPLICATION_ROLE_CHANGE_PASSWORD_GROUP - BACKUP_RESTORE_GROUP - DATABASE_LOGOUT_GROUP - DATABASE_OBJECT_CHANGE_GROUP - DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP - DATABASE_OBJECT_PERMISSION_CHANGE_GROUP - DATABASE_OPERATION_GROUP - DATABASE_PERMISSION_CHANGE_GROUP - DATABASE_PRINCIPAL_CHANGE_GROUP - DATABASE_PRINCIPAL_IMPERSONATION_GROUP - DATABASE_ROLE_MEMBER_CHANGE_GROUP - FAILED_DATABASE_AUTHENTICATION_GROUP - SCHEMA_OBJECT_ACCESS_GROUP - SCHEMA_OBJECT_CHANGE_GROUP - SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP - SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP - SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP - USER_CHANGE_PASSWORD_GROUP - BATCH_STARTED_GROUP - BATCH_COMPLETED_GROUP - These are groups that cover all sql statements and stored procedures - executed against the database, and should not be used in combination with - other groups as this will result in duplicate audit logs. - For more information, see [Database-Level Audit Action - Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups). - For Database auditing policy, specific Actions can also be specified (note - that Actions cannot be specified for Server auditing policy). The - supported actions to audit are: - SELECT - UPDATE - INSERT - DELETE - EXECUTE - RECEIVE - REFERENCES - The general form for defining an action to be audited is: - ON BY - Note that in the above format can refer to an object like a - table, view, or stored procedure, or an entire database or schema. For the - latter cases, the forms DATABASE:: and SCHEMA:: are - used, respectively. - For example: - SELECT on dbo.myTable by public - SELECT on DATABASE::myDatabase by public - SELECT on SCHEMA::mySchema by public - For more information, see [Database-Level Audit - Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions) - :type audit_actions_and_groups: list[str] - :param storage_account_subscription_id: Specifies the blob storage - subscription Id. - :type storage_account_subscription_id: str - :param is_storage_secondary_key_in_use: Specifies whether - storageAccountAccessKey value is the storage's secondary key. - :type is_storage_secondary_key_in_use: bool - """ - - _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'state': {'required': True}, - } - - _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'state': {'key': 'properties.state', 'type': 'BlobAuditingPolicyState'}, - 'storage_endpoint': {'key': 'properties.storageEndpoint', 'type': 'str'}, - 'storage_account_access_key': {'key': 'properties.storageAccountAccessKey', 'type': 'str'}, - 'retention_days': {'key': 'properties.retentionDays', 'type': 'int'}, - 'audit_actions_and_groups': {'key': 'properties.auditActionsAndGroups', 'type': '[str]'}, - 'storage_account_subscription_id': {'key': 'properties.storageAccountSubscriptionId', 'type': 'str'}, - 'is_storage_secondary_key_in_use': {'key': 'properties.isStorageSecondaryKeyInUse', 'type': 'bool'}, - } - - def __init__(self, *, state, storage_endpoint: str=None, storage_account_access_key: str=None, retention_days: int=None, audit_actions_and_groups=None, storage_account_subscription_id: str=None, is_storage_secondary_key_in_use: bool=None, **kwargs) -> None: - super(ServerBlobAuditingPolicy, self).__init__(**kwargs) - self.state = state - self.storage_endpoint = storage_endpoint - self.storage_account_access_key = storage_account_access_key - self.retention_days = retention_days - self.audit_actions_and_groups = audit_actions_and_groups - self.storage_account_subscription_id = storage_account_subscription_id - self.is_storage_secondary_key_in_use = is_storage_secondary_key_in_use diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/sql_management_client_enums.py b/azure-mgmt-sql/azure/mgmt/sql/models/sql_management_client_enums.py index a1ebb2af3196..1a9912914186 100644 --- a/azure-mgmt-sql/azure/mgmt/sql/models/sql_management_client_enums.py +++ b/azure-mgmt-sql/azure/mgmt/sql/models/sql_management_client_enums.py @@ -264,6 +264,12 @@ class TransparentDataEncryptionActivityStatus(str, Enum): decrypting = "Decrypting" +class BlobAuditingPolicyState(str, Enum): + + enabled = "Enabled" + disabled = "Disabled" + + class AutomaticTuningMode(str, Enum): inherit = "Inherit" @@ -405,12 +411,6 @@ class VirtualNetworkRuleState(str, Enum): unknown = "Unknown" -class BlobAuditingPolicyState(str, Enum): - - enabled = "Enabled" - disabled = "Disabled" - - class JobAgentState(str, Enum): creating = "Creating" diff --git a/azure-mgmt-sql/azure/mgmt/sql/operations/__init__.py b/azure-mgmt-sql/azure/mgmt/sql/operations/__init__.py index 5512e9c68b84..6a439bd7367f 100644 --- a/azure-mgmt-sql/azure/mgmt/sql/operations/__init__.py +++ b/azure-mgmt-sql/azure/mgmt/sql/operations/__init__.py @@ -32,6 +32,7 @@ from .transparent_data_encryption_activities_operations import TransparentDataEncryptionActivitiesOperations from .server_usages_operations import ServerUsagesOperations from .database_usages_operations import DatabaseUsagesOperations +from .database_blob_auditing_policies_operations import DatabaseBlobAuditingPoliciesOperations from .database_automatic_tuning_operations import DatabaseAutomaticTuningOperations from .encryption_protectors_operations import EncryptionProtectorsOperations from .failover_groups_operations import FailoverGroupsOperations @@ -43,10 +44,6 @@ from .sync_members_operations import SyncMembersOperations from .subscription_usages_operations import SubscriptionUsagesOperations from .virtual_network_rules_operations import VirtualNetworkRulesOperations -from .extended_database_blob_auditing_policies_operations import ExtendedDatabaseBlobAuditingPoliciesOperations -from .extended_server_blob_auditing_policies_operations import ExtendedServerBlobAuditingPoliciesOperations -from .server_blob_auditing_policies_operations import ServerBlobAuditingPoliciesOperations -from .database_blob_auditing_policies_operations import DatabaseBlobAuditingPoliciesOperations from .database_vulnerability_assessment_rule_baselines_operations import DatabaseVulnerabilityAssessmentRuleBaselinesOperations from .database_vulnerability_assessments_operations import DatabaseVulnerabilityAssessmentsOperations from .job_agents_operations import JobAgentsOperations @@ -96,6 +93,7 @@ 'TransparentDataEncryptionActivitiesOperations', 'ServerUsagesOperations', 'DatabaseUsagesOperations', + 'DatabaseBlobAuditingPoliciesOperations', 'DatabaseAutomaticTuningOperations', 'EncryptionProtectorsOperations', 'FailoverGroupsOperations', @@ -107,10 +105,6 @@ 'SyncMembersOperations', 'SubscriptionUsagesOperations', 'VirtualNetworkRulesOperations', - 'ExtendedDatabaseBlobAuditingPoliciesOperations', - 'ExtendedServerBlobAuditingPoliciesOperations', - 'ServerBlobAuditingPoliciesOperations', - 'DatabaseBlobAuditingPoliciesOperations', 'DatabaseVulnerabilityAssessmentRuleBaselinesOperations', 'DatabaseVulnerabilityAssessmentsOperations', 'JobAgentsOperations', diff --git a/azure-mgmt-sql/azure/mgmt/sql/operations/database_blob_auditing_policies_operations.py b/azure-mgmt-sql/azure/mgmt/sql/operations/database_blob_auditing_policies_operations.py index 425ace0b8cc3..fa915bf7c00d 100644 --- a/azure-mgmt-sql/azure/mgmt/sql/operations/database_blob_auditing_policies_operations.py +++ b/azure-mgmt-sql/azure/mgmt/sql/operations/database_blob_auditing_policies_operations.py @@ -24,7 +24,7 @@ class DatabaseBlobAuditingPoliciesOperations(object): :param serializer: An object model serializer. :param deserializer: An object model deserializer. :ivar blob_auditing_policy_name: The name of the blob auditing policy. Constant value: "default". - :ivar api_version: The API version to use for the request. Constant value: "2017-03-01-preview". + :ivar api_version: The API version to use for the request. Constant value: "2015-05-01-preview". """ models = models @@ -35,7 +35,7 @@ def __init__(self, client, config, serializer, deserializer): self._serialize = serializer self._deserialize = deserializer self.blob_auditing_policy_name = "default" - self.api_version = "2017-03-01-preview" + self.api_version = "2015-05-01-preview" self.config = config @@ -49,7 +49,8 @@ def get( :type resource_group_name: str :param server_name: The name of the server. :type server_name: str - :param database_name: The name of the database. + :param database_name: The name of the database for which the blob + audit policy is defined. :type database_name: str :param dict custom_headers: headers that will be added to the request :param bool raw: returns the direct response alongside the @@ -117,7 +118,8 @@ def create_or_update( :type resource_group_name: str :param server_name: The name of the server. :type server_name: str - :param database_name: The name of the database. + :param database_name: The name of the database for which the blob + auditing policy will be defined. :type database_name: str :param parameters: The database blob auditing policy. :type parameters: ~azure.mgmt.sql.models.DatabaseBlobAuditingPolicy diff --git a/azure-mgmt-sql/azure/mgmt/sql/operations/extended_database_blob_auditing_policies_operations.py b/azure-mgmt-sql/azure/mgmt/sql/operations/extended_database_blob_auditing_policies_operations.py deleted file mode 100644 index 73ff8454c8b5..000000000000 --- a/azure-mgmt-sql/azure/mgmt/sql/operations/extended_database_blob_auditing_policies_operations.py +++ /dev/null @@ -1,187 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for -# license information. -# -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is -# regenerated. -# -------------------------------------------------------------------------- - -import uuid -from msrest.pipeline import ClientRawResponse -from msrestazure.azure_exceptions import CloudError - -from .. import models - - -class ExtendedDatabaseBlobAuditingPoliciesOperations(object): - """ExtendedDatabaseBlobAuditingPoliciesOperations operations. - - :param client: Client for service requests. - :param config: Configuration of service client. - :param serializer: An object model serializer. - :param deserializer: An object model deserializer. - :ivar blob_auditing_policy_name: The name of the blob auditing policy. Constant value: "default". - :ivar api_version: The API version to use for the request. Constant value: "2017-03-01-preview". - """ - - models = models - - def __init__(self, client, config, serializer, deserializer): - - self._client = client - self._serialize = serializer - self._deserialize = deserializer - self.blob_auditing_policy_name = "default" - self.api_version = "2017-03-01-preview" - - self.config = config - - def get( - self, resource_group_name, server_name, database_name, custom_headers=None, raw=False, **operation_config): - """Gets an extended database's blob auditing policy. - - :param resource_group_name: The name of the resource group that - contains the resource. You can obtain this value from the Azure - Resource Manager API or the portal. - :type resource_group_name: str - :param server_name: The name of the server. - :type server_name: str - :param database_name: The name of the database. - :type database_name: str - :param dict custom_headers: headers that will be added to the request - :param bool raw: returns the direct response alongside the - deserialized response - :param operation_config: :ref:`Operation configuration - overrides`. - :return: ExtendedDatabaseBlobAuditingPolicy or ClientRawResponse if - raw=true - :rtype: ~azure.mgmt.sql.models.ExtendedDatabaseBlobAuditingPolicy or - ~msrest.pipeline.ClientRawResponse - :raises: :class:`CloudError` - """ - # Construct URL - url = self.get.metadata['url'] - path_format_arguments = { - 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str'), - 'serverName': self._serialize.url("server_name", server_name, 'str'), - 'databaseName': self._serialize.url("database_name", database_name, 'str'), - 'blobAuditingPolicyName': self._serialize.url("self.blob_auditing_policy_name", self.blob_auditing_policy_name, 'str'), - 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str') - } - url = self._client.format_url(url, **path_format_arguments) - - # Construct parameters - query_parameters = {} - query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') - - # Construct headers - header_parameters = {} - header_parameters['Content-Type'] = 'application/json; charset=utf-8' - if self.config.generate_client_request_id: - header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) - if custom_headers: - header_parameters.update(custom_headers) - if self.config.accept_language is not None: - header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') - - # Construct and send request - request = self._client.get(url, query_parameters) - response = self._client.send(request, header_parameters, stream=False, **operation_config) - - if response.status_code not in [200]: - exp = CloudError(response) - exp.request_id = response.headers.get('x-ms-request-id') - raise exp - - deserialized = None - - if response.status_code == 200: - deserialized = self._deserialize('ExtendedDatabaseBlobAuditingPolicy', response) - - if raw: - client_raw_response = ClientRawResponse(deserialized, response) - return client_raw_response - - return deserialized - get.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/databases/{databaseName}/extendedAuditingSettings/{blobAuditingPolicyName}'} - - def create_or_update( - self, resource_group_name, server_name, database_name, parameters, custom_headers=None, raw=False, **operation_config): - """Creates or updates an extended database's blob auditing policy. - - :param resource_group_name: The name of the resource group that - contains the resource. You can obtain this value from the Azure - Resource Manager API or the portal. - :type resource_group_name: str - :param server_name: The name of the server. - :type server_name: str - :param database_name: The name of the database. - :type database_name: str - :param parameters: The extended database blob auditing policy. - :type parameters: - ~azure.mgmt.sql.models.ExtendedDatabaseBlobAuditingPolicy - :param dict custom_headers: headers that will be added to the request - :param bool raw: returns the direct response alongside the - deserialized response - :param operation_config: :ref:`Operation configuration - overrides`. - :return: ExtendedDatabaseBlobAuditingPolicy or ClientRawResponse if - raw=true - :rtype: ~azure.mgmt.sql.models.ExtendedDatabaseBlobAuditingPolicy or - ~msrest.pipeline.ClientRawResponse - :raises: :class:`CloudError` - """ - # Construct URL - url = self.create_or_update.metadata['url'] - path_format_arguments = { - 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str'), - 'serverName': self._serialize.url("server_name", server_name, 'str'), - 'databaseName': self._serialize.url("database_name", database_name, 'str'), - 'blobAuditingPolicyName': self._serialize.url("self.blob_auditing_policy_name", self.blob_auditing_policy_name, 'str'), - 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str') - } - url = self._client.format_url(url, **path_format_arguments) - - # Construct parameters - query_parameters = {} - query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') - - # Construct headers - header_parameters = {} - header_parameters['Content-Type'] = 'application/json; charset=utf-8' - if self.config.generate_client_request_id: - header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) - if custom_headers: - header_parameters.update(custom_headers) - if self.config.accept_language is not None: - header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') - - # Construct body - body_content = self._serialize.body(parameters, 'ExtendedDatabaseBlobAuditingPolicy') - - # Construct and send request - request = self._client.put(url, query_parameters) - response = self._client.send( - request, header_parameters, body_content, stream=False, **operation_config) - - if response.status_code not in [200, 201]: - exp = CloudError(response) - exp.request_id = response.headers.get('x-ms-request-id') - raise exp - - deserialized = None - - if response.status_code == 200: - deserialized = self._deserialize('ExtendedDatabaseBlobAuditingPolicy', response) - if response.status_code == 201: - deserialized = self._deserialize('ExtendedDatabaseBlobAuditingPolicy', response) - - if raw: - client_raw_response = ClientRawResponse(deserialized, response) - return client_raw_response - - return deserialized - create_or_update.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/databases/{databaseName}/extendedAuditingSettings/{blobAuditingPolicyName}'} diff --git a/azure-mgmt-sql/azure/mgmt/sql/operations/extended_server_blob_auditing_policies_operations.py b/azure-mgmt-sql/azure/mgmt/sql/operations/extended_server_blob_auditing_policies_operations.py deleted file mode 100644 index 02830132aa3f..000000000000 --- a/azure-mgmt-sql/azure/mgmt/sql/operations/extended_server_blob_auditing_policies_operations.py +++ /dev/null @@ -1,213 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for -# license information. -# -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is -# regenerated. -# -------------------------------------------------------------------------- - -import uuid -from msrest.pipeline import ClientRawResponse -from msrestazure.azure_exceptions import CloudError -from msrest.polling import LROPoller, NoPolling -from msrestazure.polling.arm_polling import ARMPolling - -from .. import models - - -class ExtendedServerBlobAuditingPoliciesOperations(object): - """ExtendedServerBlobAuditingPoliciesOperations operations. - - :param client: Client for service requests. - :param config: Configuration of service client. - :param serializer: An object model serializer. - :param deserializer: An object model deserializer. - :ivar blob_auditing_policy_name: The name of the blob auditing policy. Constant value: "default". - :ivar api_version: The API version to use for the request. Constant value: "2017-03-01-preview". - """ - - models = models - - def __init__(self, client, config, serializer, deserializer): - - self._client = client - self._serialize = serializer - self._deserialize = deserializer - self.blob_auditing_policy_name = "default" - self.api_version = "2017-03-01-preview" - - self.config = config - - def get( - self, resource_group_name, server_name, custom_headers=None, raw=False, **operation_config): - """Gets an extended server's blob auditing policy. - - :param resource_group_name: The name of the resource group that - contains the resource. You can obtain this value from the Azure - Resource Manager API or the portal. - :type resource_group_name: str - :param server_name: The name of the server. - :type server_name: str - :param dict custom_headers: headers that will be added to the request - :param bool raw: returns the direct response alongside the - deserialized response - :param operation_config: :ref:`Operation configuration - overrides`. - :return: ExtendedServerBlobAuditingPolicy or ClientRawResponse if - raw=true - :rtype: ~azure.mgmt.sql.models.ExtendedServerBlobAuditingPolicy or - ~msrest.pipeline.ClientRawResponse - :raises: :class:`CloudError` - """ - # Construct URL - url = self.get.metadata['url'] - path_format_arguments = { - 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str'), - 'serverName': self._serialize.url("server_name", server_name, 'str'), - 'blobAuditingPolicyName': self._serialize.url("self.blob_auditing_policy_name", self.blob_auditing_policy_name, 'str'), - 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str') - } - url = self._client.format_url(url, **path_format_arguments) - - # Construct parameters - query_parameters = {} - query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') - - # Construct headers - header_parameters = {} - header_parameters['Content-Type'] = 'application/json; charset=utf-8' - if self.config.generate_client_request_id: - header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) - if custom_headers: - header_parameters.update(custom_headers) - if self.config.accept_language is not None: - header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') - - # Construct and send request - request = self._client.get(url, query_parameters) - response = self._client.send(request, header_parameters, stream=False, **operation_config) - - if response.status_code not in [200]: - exp = CloudError(response) - exp.request_id = response.headers.get('x-ms-request-id') - raise exp - - deserialized = None - - if response.status_code == 200: - deserialized = self._deserialize('ExtendedServerBlobAuditingPolicy', response) - - if raw: - client_raw_response = ClientRawResponse(deserialized, response) - return client_raw_response - - return deserialized - get.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/extendedAuditingSettings/{blobAuditingPolicyName}'} - - - def _create_or_update_initial( - self, resource_group_name, server_name, parameters, custom_headers=None, raw=False, **operation_config): - # Construct URL - url = self.create_or_update.metadata['url'] - path_format_arguments = { - 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str'), - 'serverName': self._serialize.url("server_name", server_name, 'str'), - 'blobAuditingPolicyName': self._serialize.url("self.blob_auditing_policy_name", self.blob_auditing_policy_name, 'str'), - 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str') - } - url = self._client.format_url(url, **path_format_arguments) - - # Construct parameters - query_parameters = {} - query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') - - # Construct headers - header_parameters = {} - header_parameters['Content-Type'] = 'application/json; charset=utf-8' - if self.config.generate_client_request_id: - header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) - if custom_headers: - header_parameters.update(custom_headers) - if self.config.accept_language is not None: - header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') - - # Construct body - body_content = self._serialize.body(parameters, 'ExtendedServerBlobAuditingPolicy') - - # Construct and send request - request = self._client.put(url, query_parameters) - response = self._client.send( - request, header_parameters, body_content, stream=False, **operation_config) - - if response.status_code not in [200, 202]: - exp = CloudError(response) - exp.request_id = response.headers.get('x-ms-request-id') - raise exp - - deserialized = None - - if response.status_code == 200: - deserialized = self._deserialize('ExtendedServerBlobAuditingPolicy', response) - - if raw: - client_raw_response = ClientRawResponse(deserialized, response) - return client_raw_response - - return deserialized - - def create_or_update( - self, resource_group_name, server_name, parameters, custom_headers=None, raw=False, polling=True, **operation_config): - """Creates or updates an extended server's blob auditing policy. - - :param resource_group_name: The name of the resource group that - contains the resource. You can obtain this value from the Azure - Resource Manager API or the portal. - :type resource_group_name: str - :param server_name: The name of the server. - :type server_name: str - :param parameters: Properties of extended blob auditing policy - :type parameters: - ~azure.mgmt.sql.models.ExtendedServerBlobAuditingPolicy - :param dict custom_headers: headers that will be added to the request - :param bool raw: The poller return type is ClientRawResponse, the - direct response alongside the deserialized response - :param polling: True for ARMPolling, False for no polling, or a - polling object for personal polling strategy - :return: An instance of LROPoller that returns - ExtendedServerBlobAuditingPolicy or - ClientRawResponse if raw==True - :rtype: - ~msrestazure.azure_operation.AzureOperationPoller[~azure.mgmt.sql.models.ExtendedServerBlobAuditingPolicy] - or - ~msrestazure.azure_operation.AzureOperationPoller[~msrest.pipeline.ClientRawResponse[~azure.mgmt.sql.models.ExtendedServerBlobAuditingPolicy]] - :raises: :class:`CloudError` - """ - raw_result = self._create_or_update_initial( - resource_group_name=resource_group_name, - server_name=server_name, - parameters=parameters, - custom_headers=custom_headers, - raw=True, - **operation_config - ) - - def get_long_running_output(response): - deserialized = self._deserialize('ExtendedServerBlobAuditingPolicy', response) - - if raw: - client_raw_response = ClientRawResponse(deserialized, response) - return client_raw_response - - return deserialized - - lro_delay = operation_config.get( - 'long_running_operation_timeout', - self.config.long_running_operation_timeout) - if polling is True: polling_method = ARMPolling(lro_delay, **operation_config) - elif polling is False: polling_method = NoPolling() - else: polling_method = polling - return LROPoller(self._client, raw_result, get_long_running_output, polling_method) - create_or_update.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/extendedAuditingSettings/{blobAuditingPolicyName}'} diff --git a/azure-mgmt-sql/azure/mgmt/sql/operations/server_blob_auditing_policies_operations.py b/azure-mgmt-sql/azure/mgmt/sql/operations/server_blob_auditing_policies_operations.py deleted file mode 100644 index ae38710656f9..000000000000 --- a/azure-mgmt-sql/azure/mgmt/sql/operations/server_blob_auditing_policies_operations.py +++ /dev/null @@ -1,211 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for -# license information. -# -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is -# regenerated. -# -------------------------------------------------------------------------- - -import uuid -from msrest.pipeline import ClientRawResponse -from msrestazure.azure_exceptions import CloudError -from msrest.polling import LROPoller, NoPolling -from msrestazure.polling.arm_polling import ARMPolling - -from .. import models - - -class ServerBlobAuditingPoliciesOperations(object): - """ServerBlobAuditingPoliciesOperations operations. - - :param client: Client for service requests. - :param config: Configuration of service client. - :param serializer: An object model serializer. - :param deserializer: An object model deserializer. - :ivar blob_auditing_policy_name: The name of the blob auditing policy. Constant value: "default". - :ivar api_version: The API version to use for the request. Constant value: "2017-03-01-preview". - """ - - models = models - - def __init__(self, client, config, serializer, deserializer): - - self._client = client - self._serialize = serializer - self._deserialize = deserializer - self.blob_auditing_policy_name = "default" - self.api_version = "2017-03-01-preview" - - self.config = config - - def get( - self, resource_group_name, server_name, custom_headers=None, raw=False, **operation_config): - """Gets a server's blob auditing policy. - - :param resource_group_name: The name of the resource group that - contains the resource. You can obtain this value from the Azure - Resource Manager API or the portal. - :type resource_group_name: str - :param server_name: The name of the server. - :type server_name: str - :param dict custom_headers: headers that will be added to the request - :param bool raw: returns the direct response alongside the - deserialized response - :param operation_config: :ref:`Operation configuration - overrides`. - :return: ServerBlobAuditingPolicy or ClientRawResponse if raw=true - :rtype: ~azure.mgmt.sql.models.ServerBlobAuditingPolicy or - ~msrest.pipeline.ClientRawResponse - :raises: :class:`CloudError` - """ - # Construct URL - url = self.get.metadata['url'] - path_format_arguments = { - 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str'), - 'serverName': self._serialize.url("server_name", server_name, 'str'), - 'blobAuditingPolicyName': self._serialize.url("self.blob_auditing_policy_name", self.blob_auditing_policy_name, 'str'), - 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str') - } - url = self._client.format_url(url, **path_format_arguments) - - # Construct parameters - query_parameters = {} - query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') - - # Construct headers - header_parameters = {} - header_parameters['Content-Type'] = 'application/json; charset=utf-8' - if self.config.generate_client_request_id: - header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) - if custom_headers: - header_parameters.update(custom_headers) - if self.config.accept_language is not None: - header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') - - # Construct and send request - request = self._client.get(url, query_parameters) - response = self._client.send(request, header_parameters, stream=False, **operation_config) - - if response.status_code not in [200]: - exp = CloudError(response) - exp.request_id = response.headers.get('x-ms-request-id') - raise exp - - deserialized = None - - if response.status_code == 200: - deserialized = self._deserialize('ServerBlobAuditingPolicy', response) - - if raw: - client_raw_response = ClientRawResponse(deserialized, response) - return client_raw_response - - return deserialized - get.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/auditingSettings/{blobAuditingPolicyName}'} - - - def _create_or_update_initial( - self, resource_group_name, server_name, parameters, custom_headers=None, raw=False, **operation_config): - # Construct URL - url = self.create_or_update.metadata['url'] - path_format_arguments = { - 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str'), - 'serverName': self._serialize.url("server_name", server_name, 'str'), - 'blobAuditingPolicyName': self._serialize.url("self.blob_auditing_policy_name", self.blob_auditing_policy_name, 'str'), - 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str') - } - url = self._client.format_url(url, **path_format_arguments) - - # Construct parameters - query_parameters = {} - query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') - - # Construct headers - header_parameters = {} - header_parameters['Content-Type'] = 'application/json; charset=utf-8' - if self.config.generate_client_request_id: - header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) - if custom_headers: - header_parameters.update(custom_headers) - if self.config.accept_language is not None: - header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') - - # Construct body - body_content = self._serialize.body(parameters, 'ServerBlobAuditingPolicy') - - # Construct and send request - request = self._client.put(url, query_parameters) - response = self._client.send( - request, header_parameters, body_content, stream=False, **operation_config) - - if response.status_code not in [200, 202]: - exp = CloudError(response) - exp.request_id = response.headers.get('x-ms-request-id') - raise exp - - deserialized = None - - if response.status_code == 200: - deserialized = self._deserialize('ServerBlobAuditingPolicy', response) - - if raw: - client_raw_response = ClientRawResponse(deserialized, response) - return client_raw_response - - return deserialized - - def create_or_update( - self, resource_group_name, server_name, parameters, custom_headers=None, raw=False, polling=True, **operation_config): - """Creates or updates a server's blob auditing policy. - - :param resource_group_name: The name of the resource group that - contains the resource. You can obtain this value from the Azure - Resource Manager API or the portal. - :type resource_group_name: str - :param server_name: The name of the server. - :type server_name: str - :param parameters: Properties of blob auditing policy - :type parameters: ~azure.mgmt.sql.models.ServerBlobAuditingPolicy - :param dict custom_headers: headers that will be added to the request - :param bool raw: The poller return type is ClientRawResponse, the - direct response alongside the deserialized response - :param polling: True for ARMPolling, False for no polling, or a - polling object for personal polling strategy - :return: An instance of LROPoller that returns - ServerBlobAuditingPolicy or - ClientRawResponse if raw==True - :rtype: - ~msrestazure.azure_operation.AzureOperationPoller[~azure.mgmt.sql.models.ServerBlobAuditingPolicy] - or - ~msrestazure.azure_operation.AzureOperationPoller[~msrest.pipeline.ClientRawResponse[~azure.mgmt.sql.models.ServerBlobAuditingPolicy]] - :raises: :class:`CloudError` - """ - raw_result = self._create_or_update_initial( - resource_group_name=resource_group_name, - server_name=server_name, - parameters=parameters, - custom_headers=custom_headers, - raw=True, - **operation_config - ) - - def get_long_running_output(response): - deserialized = self._deserialize('ServerBlobAuditingPolicy', response) - - if raw: - client_raw_response = ClientRawResponse(deserialized, response) - return client_raw_response - - return deserialized - - lro_delay = operation_config.get( - 'long_running_operation_timeout', - self.config.long_running_operation_timeout) - if polling is True: polling_method = ARMPolling(lro_delay, **operation_config) - elif polling is False: polling_method = NoPolling() - else: polling_method = polling - return LROPoller(self._client, raw_result, get_long_running_output, polling_method) - create_or_update.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/auditingSettings/{blobAuditingPolicyName}'} diff --git a/azure-mgmt-sql/azure/mgmt/sql/sql_management_client.py b/azure-mgmt-sql/azure/mgmt/sql/sql_management_client.py index 404b7b7bc740..9afb33b63ea4 100644 --- a/azure-mgmt-sql/azure/mgmt/sql/sql_management_client.py +++ b/azure-mgmt-sql/azure/mgmt/sql/sql_management_client.py @@ -36,6 +36,7 @@ from .operations.transparent_data_encryption_activities_operations import TransparentDataEncryptionActivitiesOperations from .operations.server_usages_operations import ServerUsagesOperations from .operations.database_usages_operations import DatabaseUsagesOperations +from .operations.database_blob_auditing_policies_operations import DatabaseBlobAuditingPoliciesOperations from .operations.database_automatic_tuning_operations import DatabaseAutomaticTuningOperations from .operations.encryption_protectors_operations import EncryptionProtectorsOperations from .operations.failover_groups_operations import FailoverGroupsOperations @@ -47,10 +48,6 @@ from .operations.sync_members_operations import SyncMembersOperations from .operations.subscription_usages_operations import SubscriptionUsagesOperations from .operations.virtual_network_rules_operations import VirtualNetworkRulesOperations -from .operations.extended_database_blob_auditing_policies_operations import ExtendedDatabaseBlobAuditingPoliciesOperations -from .operations.extended_server_blob_auditing_policies_operations import ExtendedServerBlobAuditingPoliciesOperations -from .operations.server_blob_auditing_policies_operations import ServerBlobAuditingPoliciesOperations -from .operations.database_blob_auditing_policies_operations import DatabaseBlobAuditingPoliciesOperations from .operations.database_vulnerability_assessment_rule_baselines_operations import DatabaseVulnerabilityAssessmentRuleBaselinesOperations from .operations.database_vulnerability_assessments_operations import DatabaseVulnerabilityAssessmentsOperations from .operations.job_agents_operations import JobAgentsOperations @@ -163,6 +160,8 @@ class SqlManagementClient(SDKClient): :vartype server_usages: azure.mgmt.sql.operations.ServerUsagesOperations :ivar database_usages: DatabaseUsages operations :vartype database_usages: azure.mgmt.sql.operations.DatabaseUsagesOperations + :ivar database_blob_auditing_policies: DatabaseBlobAuditingPolicies operations + :vartype database_blob_auditing_policies: azure.mgmt.sql.operations.DatabaseBlobAuditingPoliciesOperations :ivar database_automatic_tuning: DatabaseAutomaticTuning operations :vartype database_automatic_tuning: azure.mgmt.sql.operations.DatabaseAutomaticTuningOperations :ivar encryption_protectors: EncryptionProtectors operations @@ -185,14 +184,6 @@ class SqlManagementClient(SDKClient): :vartype subscription_usages: azure.mgmt.sql.operations.SubscriptionUsagesOperations :ivar virtual_network_rules: VirtualNetworkRules operations :vartype virtual_network_rules: azure.mgmt.sql.operations.VirtualNetworkRulesOperations - :ivar extended_database_blob_auditing_policies: ExtendedDatabaseBlobAuditingPolicies operations - :vartype extended_database_blob_auditing_policies: azure.mgmt.sql.operations.ExtendedDatabaseBlobAuditingPoliciesOperations - :ivar extended_server_blob_auditing_policies: ExtendedServerBlobAuditingPolicies operations - :vartype extended_server_blob_auditing_policies: azure.mgmt.sql.operations.ExtendedServerBlobAuditingPoliciesOperations - :ivar server_blob_auditing_policies: ServerBlobAuditingPolicies operations - :vartype server_blob_auditing_policies: azure.mgmt.sql.operations.ServerBlobAuditingPoliciesOperations - :ivar database_blob_auditing_policies: DatabaseBlobAuditingPolicies operations - :vartype database_blob_auditing_policies: azure.mgmt.sql.operations.DatabaseBlobAuditingPoliciesOperations :ivar database_vulnerability_assessment_rule_baselines: DatabaseVulnerabilityAssessmentRuleBaselines operations :vartype database_vulnerability_assessment_rule_baselines: azure.mgmt.sql.operations.DatabaseVulnerabilityAssessmentRuleBaselinesOperations :ivar database_vulnerability_assessments: DatabaseVulnerabilityAssessments operations @@ -307,6 +298,8 @@ def __init__( self._client, self.config, self._serialize, self._deserialize) self.database_usages = DatabaseUsagesOperations( self._client, self.config, self._serialize, self._deserialize) + self.database_blob_auditing_policies = DatabaseBlobAuditingPoliciesOperations( + self._client, self.config, self._serialize, self._deserialize) self.database_automatic_tuning = DatabaseAutomaticTuningOperations( self._client, self.config, self._serialize, self._deserialize) self.encryption_protectors = EncryptionProtectorsOperations( @@ -329,14 +322,6 @@ def __init__( self._client, self.config, self._serialize, self._deserialize) self.virtual_network_rules = VirtualNetworkRulesOperations( self._client, self.config, self._serialize, self._deserialize) - self.extended_database_blob_auditing_policies = ExtendedDatabaseBlobAuditingPoliciesOperations( - self._client, self.config, self._serialize, self._deserialize) - self.extended_server_blob_auditing_policies = ExtendedServerBlobAuditingPoliciesOperations( - self._client, self.config, self._serialize, self._deserialize) - self.server_blob_auditing_policies = ServerBlobAuditingPoliciesOperations( - self._client, self.config, self._serialize, self._deserialize) - self.database_blob_auditing_policies = DatabaseBlobAuditingPoliciesOperations( - self._client, self.config, self._serialize, self._deserialize) self.database_vulnerability_assessment_rule_baselines = DatabaseVulnerabilityAssessmentRuleBaselinesOperations( self._client, self.config, self._serialize, self._deserialize) self.database_vulnerability_assessments = DatabaseVulnerabilityAssessmentsOperations(