diff --git a/specification/sql/resource-manager/Microsoft.Sql/preview/2015-05-01-preview/blobAuditing.json b/specification/sql/resource-manager/Microsoft.Sql/preview/2015-05-01-preview/blobAuditing.json new file mode 100644 index 000000000000..32ddc19328b7 --- /dev/null +++ b/specification/sql/resource-manager/Microsoft.Sql/preview/2015-05-01-preview/blobAuditing.json @@ -0,0 +1,299 @@ +{ + "swagger": "2.0", + "info": { + "version": "2015-05-01-preview", + "title": "SqlManagementClient", + "description": "The Azure SQL Database management API provides a RESTful set of web APIs that interact with Azure SQL Database services to manage your databases. The API enables users to create, retrieve, update, and delete databases, servers, and other entities." + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/databases/{databaseName}/auditingSettings/{blobAuditingPolicyName}": { + "get": { + "tags": [ + "BlobAuditing" + ], + "description": "Gets a database's blob auditing policy.", + "operationId": "DatabaseBlobAuditingPolicies_Get", + "parameters": [ + { + "$ref": "#/parameters/ResourceGroupParameter" + }, + { + "$ref": "#/parameters/ServerNameParameter" + }, + { + "$ref": "#/parameters/DatabaseNameParameter" + }, + { + "$ref": "#/parameters/BlobAuditingPolicyNameParameter" + }, + { + "$ref": "#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "Successfully retrieved the database blob auditing policy.", + "schema": { + "$ref": "#/definitions/DatabaseBlobAuditingPolicy" + } + }, + "default": { + "description": "*** Error Responses: ***\n\n * 400 BlobAuditingIsNotSupportedOnResourceType - Blob Auditing is currently not supported for this resource type.\n\n * 404 DatabaseDoesNotExist - User has specified a database name that does not exist on this server instance.\n\n * 404 SourceDatabaseNotFound - The source database does not exist.\n\n * 500 DatabaseIsUnavailable - Loading failed. Please try again later." + } + }, + "x-ms-examples": { + "Get a database's blob auditing policy": { + "$ref": "./examples/DatabaseBlobAuditingGet.json" + } + } + }, + "put": { + "tags": [ + "BlobAuditing" + ], + "description": "Creates or updates a database's blob auditing policy.", + "operationId": "DatabaseBlobAuditingPolicies_CreateOrUpdate", + "parameters": [ + { + "$ref": "#/parameters/ResourceGroupParameter" + }, + { + "$ref": "#/parameters/ServerNameParameter" + }, + { + "$ref": "#/parameters/DatabaseNameParameter" + }, + { + "$ref": "#/parameters/BlobAuditingPolicyNameParameter" + }, + { + "name": "parameters", + "in": "body", + "description": "The database blob auditing policy.", + "required": true, + "schema": { + "$ref": "#/definitions/DatabaseBlobAuditingPolicy" + } + }, + { + "$ref": "#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "Successfully set the database blob auditing policy.", + "schema": { + "$ref": "#/definitions/DatabaseBlobAuditingPolicy" + } + }, + "default": { + "description": "*** Error Responses: ***\n\n * 400 BlobAuditingIsNotSupportedOnResourceType - Blob Auditing is currently not supported for this resource type.\n\n * 400 InvalidDatabaseBlobAuditingPolicyCreateRequest - The create database blob auditing policy request does not exist or has no properties object.\n\n * 400 InvalidBlobAuditActionsAndGroups - Invalid audit actions or action groups.\n\n * 400 DataSecurityInvalidUserSuppliedParameter - An invalid parameter value was provided by the client.\n\n * 400 BlobAuditingInsufficientStorageAccountPermissions - Insufficient read or write permissions on the provided storage account.\n\n * 400 BlobAuditingStorageAccountIsDisabled - The provided storage account is disabled.\n\n * 400 BlobAuditingInvalidStorageAccountName - The provided storage account is not valid or does not exist.\n\n * 400 BlobAuditingInvalidStorageAccountCredentials - The provided storage account or access key is not valid.\n\n * 400 BlobAuditingIsNotSupportedOnGeoDr - Blob auditing can be configured on primary databases only.\n\n * 404 DatabaseDoesNotExist - User has specified a database name that does not exist on this server instance.\n\n * 404 SourceDatabaseNotFound - The source database does not exist.\n\n * 500 DatabaseIsUnavailable - Loading failed. Please try again later." + }, + "201": { + "description": "Successfully created the database blob auditing policy.", + "schema": { + "$ref": "#/definitions/DatabaseBlobAuditingPolicy" + } + } + }, + "x-ms-examples": { + "Create or update a database's blob auditing policy with minimal parameters": { + "$ref": "./examples/DatabaseBlobAuditingCreateMin.json" + }, + "Create or update a database's blob auditing policy with all parameters": { + "$ref": "./examples/DatabaseBlobAuditingCreateMax.json" + } + } + } + } + }, + "definitions": { + "DatabaseBlobAuditingPolicyProperties": { + "description": "Properties of a database blob auditing policy.", + "required": [ + "state" + ], + "type": "object", + "properties": { + "state": { + "description": "Specifies the state of the policy. If state is Enabled, storageEndpoint and storageAccountAccessKey are required.", + "enum": [ + "Enabled", + "Disabled" + ], + "type": "string", + "x-ms-enum": { + "name": "BlobAuditingPolicyState", + "modelAsString": false + } + }, + "storageEndpoint": { + "description": "Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). If state is Enabled, storageEndpoint is required.", + "type": "string" + }, + "storageAccountAccessKey": { + "description": "Specifies the identifier key of the auditing storage account. If state is Enabled, storageAccountAccessKey is required.", + "type": "string", + "x-ms-mutability": [ + "create", + "update" + ] + }, + "retentionDays": { + "format": "int32", + "description": "Specifies the number of days to keep in the audit logs.", + "type": "integer" + }, + "auditActionsAndGroups": { + "description": "Specifies the Actions-Groups and Actions to audit.\r\n\r\nThe recommended set of action groups to use is the following combination - this will audit all the queries and stored procedures executed against the database, as well as successful and failed logins:\r\n\r\nBATCH_COMPLETED_GROUP,\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,\r\nFAILED_DATABASE_AUTHENTICATION_GROUP.\r\n\r\nThis above combination is also the set that is configured by default when enabling auditing from the Azure portal.\r\n\r\nThe supported action groups to audit are (note: choose only specific groups that cover your auditing needs. Using unnecessary groups could lead to very large quantities of audit records):\r\n\r\nAPPLICATION_ROLE_CHANGE_PASSWORD_GROUP\r\nBACKUP_RESTORE_GROUP\r\nDATABASE_LOGOUT_GROUP\r\nDATABASE_OBJECT_CHANGE_GROUP\r\nDATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nDATABASE_OBJECT_PERMISSION_CHANGE_GROUP\r\nDATABASE_OPERATION_GROUP\r\nDATABASE_PERMISSION_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_IMPERSONATION_GROUP\r\nDATABASE_ROLE_MEMBER_CHANGE_GROUP\r\nFAILED_DATABASE_AUTHENTICATION_GROUP\r\nSCHEMA_OBJECT_ACCESS_GROUP\r\nSCHEMA_OBJECT_CHANGE_GROUP\r\nSCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nSCHEMA_OBJECT_PERMISSION_CHANGE_GROUP\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP\r\nUSER_CHANGE_PASSWORD_GROUP\r\nBATCH_STARTED_GROUP\r\nBATCH_COMPLETED_GROUP\r\n\r\nThese are groups that cover all sql statements and stored procedures executed against the database, and should not be used in combination with other groups as this will result in duplicate audit logs.\r\n\r\nFor more information, see [Database-Level Audit Action Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups).\r\n\r\nFor Database auditing policy, specific Actions can also be specified (note that Actions cannot be specified for Server auditing policy). The supported actions to audit are:\r\nSELECT\r\nUPDATE\r\nINSERT\r\nDELETE\r\nEXECUTE\r\nRECEIVE\r\nREFERENCES\r\n\r\nThe general form for defining an action to be audited is:\r\n ON BY \r\n\r\nNote that in the above format can refer to an object like a table, view, or stored procedure, or an entire database or schema. For the latter cases, the forms DATABASE:: and SCHEMA:: are used, respectively.\r\n\r\nFor example:\r\nSELECT on dbo.myTable by public\r\nSELECT on DATABASE::myDatabase by public\r\nSELECT on SCHEMA::mySchema by public\r\n\r\nFor more information, see [Database-Level Audit Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions)", + "type": "array", + "items": { + "type": "string" + } + }, + "storageAccountSubscriptionId": { + "format": "uuid", + "description": "Specifies the blob storage subscription Id.", + "type": "string" + }, + "isStorageSecondaryKeyInUse": { + "description": "Specifies whether storageAccountAccessKey value is the storage's secondary key.", + "type": "boolean" + } + } + }, + "DatabaseBlobAuditingPolicy": { + "description": "A database blob auditing policy.", + "type": "object", + "allOf": [ + { + "$ref": "../../../common/v1/types.json#/definitions/ProxyResource" + } + ], + "properties": { + "kind": { + "description": "Resource kind.", + "type": "string", + "readOnly": true + }, + "properties": { + "$ref": "#/definitions/DatabaseBlobAuditingPolicyProperties", + "description": "Resource properties.", + "x-ms-client-flatten": true + } + } + } + }, + "parameters": { + "SubscriptionIdParameter": { + "name": "subscriptionId", + "in": "path", + "description": "The subscription ID that identifies an Azure subscription.", + "required": true, + "type": "string", + "x-ms-parameter-location": "client" + }, + "ApiVersionParameter": { + "name": "api-version", + "in": "query", + "description": "The API version to use for the request.", + "required": true, + "type": "string", + "x-ms-parameter-location": "client" + }, + "ResourceGroupParameter": { + "name": "resourceGroupName", + "in": "path", + "description": "The name of the resource group that contains the resource. You can obtain this value from the Azure Resource Manager API or the portal.", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "ServerNameParameter": { + "name": "serverName", + "in": "path", + "description": "The name of the server.", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "ManagedInstanceNameParameter": { + "name": "managedInstanceName", + "in": "path", + "description": "The name of the managed instance.", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "DatabaseNameParameter": { + "name": "databaseName", + "in": "path", + "description": "The name of the database.", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "BlobAuditingPolicyNameParameter": { + "name": "blobAuditingPolicyName", + "in": "path", + "description": "The name of the blob auditing policy.", + "required": true, + "type": "string", + "enum": [ + "default" + ], + "x-ms-parameter-location": "method" + }, + "SqlVirtualMachineInstanceNameParameter": { + "name": "sqlVirtualMachineInstanceName", + "in": "path", + "description": "The name of the SqlVirtualMachineInstance.", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "SqlVirtualMachineContainerNameParameter": { + "name": "sqlVirtualMachineContainerName", + "in": "path", + "description": "The name of the SqlVirtualMachineContainer.", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "VirtualClusterNameParameter": { + "name": "virtualClusterName", + "in": "path", + "description": "The name of the virtual cluster.", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + } + }, + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "description": "Azure Active Directory OAuth2 Flow", + "flow": "implicit", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + } +} \ No newline at end of file diff --git a/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/blobAuditing.json b/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/blobAuditing.json new file mode 100644 index 000000000000..916da093d4f3 --- /dev/null +++ b/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/blobAuditing.json @@ -0,0 +1,851 @@ +{ + "swagger": "2.0", + "info": { + "version": "2017-03-01-preview", + "title": "SqlManagementClient", + "description": "The Azure SQL Database management API provides a RESTful set of web APIs that interact with Azure SQL Database services to manage your databases. The API enables users to create, retrieve, update, and delete databases, servers, and other entities." + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/databases/{databaseName}/extendedAuditingSettings/{blobAuditingPolicyName}": { + "get": { + "tags": [ + "BlobAuditing" + ], + "description": "Gets an extended database's blob auditing policy.", + "operationId": "ExtendedDatabaseBlobAuditingPolicies_Get", + "parameters": [ + { + "$ref": "#/parameters/ResourceGroupParameter" + }, + { + "$ref": "#/parameters/ServerNameParameter" + }, + { + "$ref": "#/parameters/DatabaseNameParameter" + }, + { + "$ref": "#/parameters/BlobAuditingPolicyNameParameter" + }, + { + "$ref": "#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "Successfully retrieved the extended database blob auditing policy.", + "schema": { + "$ref": "#/definitions/ExtendedDatabaseBlobAuditingPolicy" + } + }, + "default": { + "description": "*** Error Responses: ***\n\n * 400 BlobAuditingIsNotSupportedOnResourceType - Blob Auditing is currently not supported for this resource type.\n\n * 404 DatabaseDoesNotExist - User has specified a database name that does not exist on this server instance.\n\n * 404 SourceDatabaseNotFound - The source database does not exist.\n\n * 500 DatabaseIsUnavailable - Loading failed. Please try again later." + } + }, + "x-ms-examples": { + "Get an extended database's blob auditing policy": { + "$ref": "./examples/ExtendedDatabaseBlobAuditingGet.json" + } + } + }, + "put": { + "tags": [ + "BlobAuditing" + ], + "description": "Creates or updates an extended database's blob auditing policy.", + "operationId": "ExtendedDatabaseBlobAuditingPolicies_CreateOrUpdate", + "parameters": [ + { + "$ref": "#/parameters/ResourceGroupParameter" + }, + { + "$ref": "#/parameters/ServerNameParameter" + }, + { + "$ref": "#/parameters/DatabaseNameParameter" + }, + { + "$ref": "#/parameters/BlobAuditingPolicyNameParameter" + }, + { + "name": "parameters", + "in": "body", + "description": "The extended database blob auditing policy.", + "required": true, + "schema": { + "$ref": "#/definitions/ExtendedDatabaseBlobAuditingPolicy" + } + }, + { + "$ref": "#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "Successfully set the extended database blob auditing policy.", + "schema": { + "$ref": "#/definitions/ExtendedDatabaseBlobAuditingPolicy" + } + }, + "default": { + "description": "*** Error Responses: ***\n\n * 400 BlobAuditingIsNotSupportedOnResourceType - Blob Auditing is currently not supported for this resource type.\n\n * 400 BlobAuditingPredicateExpressionSyntaxError - Invalid value of parameter 'predicateExpression'.\n\n * 400 InvalidDatabaseBlobAuditingPolicyCreateRequest - The create database blob auditing policy request does not exist or has no properties object.\n\n * 400 InvalidBlobAuditActionsAndGroups - Invalid audit actions or action groups.\n\n * 400 DataSecurityInvalidUserSuppliedParameter - An invalid parameter value was provided by the client.\n\n * 400 BlobAuditingPredicateExpressionEmpty - Invalid parameter 'predicateExpression', value can not be empty.\n\n * 400 BlobAuditingInsufficientStorageAccountPermissions - Insufficient read or write permissions on the provided storage account.\n\n * 400 BlobAuditingStorageAccountIsDisabled - The provided storage account is disabled.\n\n * 400 BlobAuditingInvalidStorageAccountName - The provided storage account is not valid or does not exist.\n\n * 400 BlobAuditingInvalidStorageAccountCredentials - The provided storage account or access key is not valid.\n\n * 400 BlobAuditingIsNotSupportedOnGeoDr - Blob auditing can be configured on primary databases only.\n\n * 404 DatabaseDoesNotExist - User has specified a database name that does not exist on this server instance.\n\n * 404 SourceDatabaseNotFound - The source database does not exist.\n\n * 500 DatabaseIsUnavailable - Loading failed. Please try again later." + }, + "201": { + "description": "Successfully created the extended database blob auditing policy.", + "schema": { + "$ref": "#/definitions/ExtendedDatabaseBlobAuditingPolicy" + } + } + }, + "x-ms-examples": { + "Create or update an extended database's blob auditing policy with minimal parameters": { + "$ref": "./examples/ExtendedDatabaseBlobAuditingCreateMin.json" + }, + "Create or update an extended database's blob auditing policy with all parameters": { + "$ref": "./examples/ExtendedDatabaseBlobAuditingCreateMax.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/extendedAuditingSettings/{blobAuditingPolicyName}": { + "get": { + "tags": [ + "BlobAuditing" + ], + "description": "Gets an extended server's blob auditing policy.", + "operationId": "ExtendedServerBlobAuditingPolicies_Get", + "parameters": [ + { + "$ref": "#/parameters/ResourceGroupParameter" + }, + { + "$ref": "#/parameters/ServerNameParameter" + }, + { + "$ref": "#/parameters/BlobAuditingPolicyNameParameter" + }, + { + "$ref": "#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "Successfully retrieved the extended server blob auditing policy.", + "schema": { + "$ref": "#/definitions/ExtendedServerBlobAuditingPolicy" + } + }, + "default": { + "description": "*** Error Responses: ***\n\n * 404 SubscriptionDoesNotHaveServer - The requested server was not found" + } + }, + "x-ms-examples": { + "Get a server's blob extended auditing policy": { + "$ref": "./examples/ExtendedServerBlobAuditingGet.json" + } + } + }, + "put": { + "tags": [ + "BlobAuditing" + ], + "description": "Creates or updates an extended server's blob auditing policy.", + "operationId": "ExtendedServerBlobAuditingPolicies_CreateOrUpdate", + "parameters": [ + { + "$ref": "#/parameters/ResourceGroupParameter" + }, + { + "$ref": "#/parameters/ServerNameParameter" + }, + { + "$ref": "#/parameters/BlobAuditingPolicyNameParameter" + }, + { + "name": "parameters", + "in": "body", + "description": "Properties of extended blob auditing policy", + "required": true, + "schema": { + "$ref": "#/definitions/ExtendedServerBlobAuditingPolicy" + } + }, + { + "$ref": "#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "Successfully updated the extended auditing settings.", + "schema": { + "$ref": "#/definitions/ExtendedServerBlobAuditingPolicy" + } + }, + "default": { + "description": "*** Error Responses: ***\n\n * 400 InvalidServerBlobAuditingPolicyCreateRequest - The create server blob auditing policy request does not exist or has no properties object.\n\n * 400 InvalidBlobAuditActionsAndGroups - Invalid audit actions or action groups.\n\n * 400 DataSecurityInvalidUserSuppliedParameter - An invalid parameter value was provided by the client.\n\n * 400 BlobAuditingPredicateExpressionEmpty - Invalid parameter 'predicateExpression', value can not be empty.\n\n * 404 SubscriptionDoesNotHaveServer - The requested server was not found\n\n * 409 ServerBlobAuditingPolicyInProgress - Set server blob auditing is already in progress." + }, + "202": { + "description": "Updating the extended auditing settings is in progress." + } + }, + "x-ms-long-running-operation": true, + "x-ms-examples": { + "Update a server's extended blob auditing policy with all parameters": { + "$ref": "./examples/ExtendedServerBlobAuditingCreateMax.json" + }, + "Update a server's extended blob auditing policy with minimal parameters": { + "$ref": "./examples/ExtendedServerBlobAuditingCreateMin.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/auditingSettings/{blobAuditingPolicyName}": { + "get": { + "tags": [ + "BlobAuditing" + ], + "description": "Gets a server's blob auditing policy.", + "operationId": "ServerBlobAuditingPolicies_Get", + "parameters": [ + { + "$ref": "#/parameters/ResourceGroupParameter" + }, + { + "$ref": "#/parameters/ServerNameParameter" + }, + { + "$ref": "#/parameters/BlobAuditingPolicyNameParameter" + }, + { + "$ref": "#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "Successfully retrieved the server blob auditing policy.", + "schema": { + "$ref": "#/definitions/ServerBlobAuditingPolicy" + } + }, + "default": { + "description": "*** Error Responses: ***\n\n * 404 SubscriptionDoesNotHaveServer - The requested server was not found" + } + }, + "x-ms-examples": { + "Get a server's blob auditing policy": { + "$ref": "./examples/ServerBlobAuditingGet.json" + } + } + }, + "put": { + "tags": [ + "BlobAuditing" + ], + "description": "Creates or updates a server's blob auditing policy.", + "operationId": "ServerBlobAuditingPolicies_CreateOrUpdate", + "parameters": [ + { + "$ref": "#/parameters/ResourceGroupParameter" + }, + { + "$ref": "#/parameters/ServerNameParameter" + }, + { + "$ref": "#/parameters/BlobAuditingPolicyNameParameter" + }, + { + "name": "parameters", + "in": "body", + "description": "Properties of blob auditing policy", + "required": true, + "schema": { + "$ref": "#/definitions/ServerBlobAuditingPolicy" + } + }, + { + "$ref": "#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "Successfully updated the auditing settings.", + "schema": { + "$ref": "#/definitions/ServerBlobAuditingPolicy" + } + }, + "default": { + "description": "*** Error Responses: ***\n\n * 400 InvalidServerBlobAuditingPolicyCreateRequest - The create server blob auditing policy request does not exist or has no properties object.\n\n * 400 InvalidBlobAuditActionsAndGroups - Invalid audit actions or action groups.\n\n * 400 DataSecurityInvalidUserSuppliedParameter - An invalid parameter value was provided by the client.\n\n * 404 SubscriptionDoesNotHaveServer - The requested server was not found\n\n * 409 ServerBlobAuditingPolicyInProgress - Set server blob auditing is already in progress." + }, + "202": { + "description": "Updating the auditing settings is in progress." + } + }, + "x-ms-long-running-operation": true, + "x-ms-examples": { + "Update a server's blob auditing policy with all parameters": { + "$ref": "./examples/ServerBlobAuditingCreateMax.json" + }, + "Update a server's blob auditing policy with minimal parameters": { + "$ref": "./examples/ServerBlobAuditingCreateMin.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/databases/{databaseName}/auditingSettings/{blobAuditingPolicyName}": { + "get": { + "tags": [ + "BlobAuditing" + ], + "description": "Gets a database's blob auditing policy.", + "operationId": "DatabaseBlobAuditingPolicies_Get", + "parameters": [ + { + "$ref": "#/parameters/ResourceGroupParameter" + }, + { + "$ref": "#/parameters/ServerNameParameter" + }, + { + "$ref": "#/parameters/DatabaseNameParameter" + }, + { + "$ref": "#/parameters/BlobAuditingPolicyNameParameter" + }, + { + "$ref": "#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "Successfully retrieved the database blob auditing policy.", + "schema": { + "$ref": "#/definitions/DatabaseBlobAuditingPolicy" + } + }, + "default": { + "description": "*** Error Responses: ***\n\n * 400 BlobAuditingIsNotSupportedOnResourceType - Blob Auditing is currently not supported for this resource type.\n\n * 404 DatabaseDoesNotExist - User has specified a database name that does not exist on this server instance.\n\n * 404 SourceDatabaseNotFound - The source database does not exist.\n\n * 500 DatabaseIsUnavailable - Loading failed. Please try again later." + } + }, + "x-ms-examples": { + "Get a database's blob auditing policy": { + "$ref": "./examples/DatabaseBlobAuditingGet.json" + } + } + }, + "put": { + "tags": [ + "BlobAuditing" + ], + "description": "Creates or updates a database's blob auditing policy.", + "operationId": "DatabaseBlobAuditingPolicies_CreateOrUpdate", + "parameters": [ + { + "$ref": "#/parameters/ResourceGroupParameter" + }, + { + "$ref": "#/parameters/ServerNameParameter" + }, + { + "$ref": "#/parameters/DatabaseNameParameter" + }, + { + "$ref": "#/parameters/BlobAuditingPolicyNameParameter" + }, + { + "name": "parameters", + "in": "body", + "description": "The database blob auditing policy.", + "required": true, + "schema": { + "$ref": "#/definitions/DatabaseBlobAuditingPolicy" + } + }, + { + "$ref": "#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "Successfully set the database blob auditing policy.", + "schema": { + "$ref": "#/definitions/DatabaseBlobAuditingPolicy" + } + }, + "default": { + "description": "*** Error Responses: ***\n\n * 400 BlobAuditingIsNotSupportedOnResourceType - Blob Auditing is currently not supported for this resource type.\n\n * 400 InvalidDatabaseBlobAuditingPolicyCreateRequest - The create database blob auditing policy request does not exist or has no properties object.\n\n * 400 InvalidBlobAuditActionsAndGroups - Invalid audit actions or action groups.\n\n * 400 DataSecurityInvalidUserSuppliedParameter - An invalid parameter value was provided by the client.\n\n * 400 BlobAuditingInsufficientStorageAccountPermissions - Insufficient read or write permissions on the provided storage account.\n\n * 400 BlobAuditingStorageAccountIsDisabled - The provided storage account is disabled.\n\n * 400 BlobAuditingInvalidStorageAccountName - The provided storage account is not valid or does not exist.\n\n * 400 BlobAuditingInvalidStorageAccountCredentials - The provided storage account or access key is not valid.\n\n * 400 BlobAuditingIsNotSupportedOnGeoDr - Blob auditing can be configured on primary databases only.\n\n * 404 DatabaseDoesNotExist - User has specified a database name that does not exist on this server instance.\n\n * 404 SourceDatabaseNotFound - The source database does not exist.\n\n * 500 DatabaseIsUnavailable - Loading failed. Please try again later." + }, + "201": { + "description": "Successfully created the database blob auditing policy.", + "schema": { + "$ref": "#/definitions/DatabaseBlobAuditingPolicy" + } + } + }, + "x-ms-examples": { + "Create or update a database's blob auditing policy with minimal parameters": { + "$ref": "./examples/DatabaseBlobAuditingCreateMin.json" + }, + "Create or update a database's blob auditing policy with all parameters": { + "$ref": "./examples/DatabaseBlobAuditingCreateMax.json" + } + } + } + } + }, + "definitions": { + "ExtendedDatabaseBlobAuditingPolicyProperties": { + "description": "Properties of an extended database blob auditing policy.", + "required": [ + "state" + ], + "type": "object", + "properties": { + "predicateExpression": { + "description": "Specifies condition of where clause when creating an audit.", + "type": "string" + }, + "state": { + "description": "Specifies the state of the policy. If state is Enabled, storageEndpoint and storageAccountAccessKey are required.", + "enum": [ + "Enabled", + "Disabled" + ], + "type": "string", + "x-ms-enum": { + "name": "BlobAuditingPolicyState", + "modelAsString": false + } + }, + "storageEndpoint": { + "description": "Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). If state is Enabled, storageEndpoint is required.", + "type": "string" + }, + "storageAccountAccessKey": { + "description": "Specifies the identifier key of the auditing storage account. If state is Enabled, storageAccountAccessKey is required.", + "type": "string", + "x-ms-mutability": [ + "create", + "update" + ] + }, + "retentionDays": { + "format": "int32", + "description": "Specifies the number of days to keep in the audit logs.", + "type": "integer" + }, + "auditActionsAndGroups": { + "description": "Specifies the Actions-Groups and Actions to audit.\r\n\r\nThe recommended set of action groups to use is the following combination - this will audit all the queries and stored procedures executed against the database, as well as successful and failed logins:\r\n\r\nBATCH_COMPLETED_GROUP,\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,\r\nFAILED_DATABASE_AUTHENTICATION_GROUP.\r\n\r\nThis above combination is also the set that is configured by default when enabling auditing from the Azure portal.\r\n\r\nThe supported action groups to audit are (note: choose only specific groups that cover your auditing needs. Using unnecessary groups could lead to very large quantities of audit records):\r\n\r\nAPPLICATION_ROLE_CHANGE_PASSWORD_GROUP\r\nBACKUP_RESTORE_GROUP\r\nDATABASE_LOGOUT_GROUP\r\nDATABASE_OBJECT_CHANGE_GROUP\r\nDATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nDATABASE_OBJECT_PERMISSION_CHANGE_GROUP\r\nDATABASE_OPERATION_GROUP\r\nDATABASE_PERMISSION_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_IMPERSONATION_GROUP\r\nDATABASE_ROLE_MEMBER_CHANGE_GROUP\r\nFAILED_DATABASE_AUTHENTICATION_GROUP\r\nSCHEMA_OBJECT_ACCESS_GROUP\r\nSCHEMA_OBJECT_CHANGE_GROUP\r\nSCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nSCHEMA_OBJECT_PERMISSION_CHANGE_GROUP\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP\r\nUSER_CHANGE_PASSWORD_GROUP\r\nBATCH_STARTED_GROUP\r\nBATCH_COMPLETED_GROUP\r\n\r\nThese are groups that cover all sql statements and stored procedures executed against the database, and should not be used in combination with other groups as this will result in duplicate audit logs.\r\n\r\nFor more information, see [Database-Level Audit Action Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups).\r\n\r\nFor Database auditing policy, specific Actions can also be specified (note that Actions cannot be specified for Server auditing policy). The supported actions to audit are:\r\nSELECT\r\nUPDATE\r\nINSERT\r\nDELETE\r\nEXECUTE\r\nRECEIVE\r\nREFERENCES\r\n\r\nThe general form for defining an action to be audited is:\r\n ON BY \r\n\r\nNote that in the above format can refer to an object like a table, view, or stored procedure, or an entire database or schema. For the latter cases, the forms DATABASE:: and SCHEMA:: are used, respectively.\r\n\r\nFor example:\r\nSELECT on dbo.myTable by public\r\nSELECT on DATABASE::myDatabase by public\r\nSELECT on SCHEMA::mySchema by public\r\n\r\nFor more information, see [Database-Level Audit Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions)", + "type": "array", + "items": { + "type": "string" + } + }, + "storageAccountSubscriptionId": { + "format": "uuid", + "description": "Specifies the blob storage subscription Id.", + "type": "string" + }, + "isStorageSecondaryKeyInUse": { + "description": "Specifies whether storageAccountAccessKey value is the storage's secondary key.", + "type": "boolean" + } + } + }, + "Resource": { + "description": "ARM resource.", + "type": "object", + "properties": { + "id": { + "description": "Resource ID.", + "type": "string", + "readOnly": true + }, + "name": { + "description": "Resource name.", + "type": "string", + "readOnly": true + }, + "type": { + "description": "Resource type.", + "type": "string", + "readOnly": true + } + }, + "x-ms-azure-resource": true + }, + "ProxyResource": { + "description": "ARM proxy resource.", + "type": "object", + "allOf": [ + { + "$ref": "#/definitions/Resource" + } + ], + "properties": {} + }, + "ExtendedDatabaseBlobAuditingPolicy": { + "description": "An extended database blob auditing policy.", + "type": "object", + "allOf": [ + { + "$ref": "#/definitions/ProxyResource" + } + ], + "properties": { + "properties": { + "$ref": "#/definitions/ExtendedDatabaseBlobAuditingPolicyProperties", + "description": "Resource properties.", + "x-ms-client-flatten": true + } + } + }, + "ExtendedServerBlobAuditingPolicyProperties": { + "description": "Properties of an extended server blob auditing policy.", + "required": [ + "state" + ], + "type": "object", + "properties": { + "predicateExpression": { + "description": "Specifies condition of where clause when creating an audit.", + "type": "string" + }, + "state": { + "description": "Specifies the state of the policy. If state is Enabled, storageEndpoint and storageAccountAccessKey are required.", + "enum": [ + "Enabled", + "Disabled" + ], + "type": "string", + "x-ms-enum": { + "name": "BlobAuditingPolicyState", + "modelAsString": false + } + }, + "storageEndpoint": { + "description": "Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). If state is Enabled, storageEndpoint is required.", + "type": "string" + }, + "storageAccountAccessKey": { + "description": "Specifies the identifier key of the auditing storage account. If state is Enabled, storageAccountAccessKey is required.", + "type": "string", + "x-ms-mutability": [ + "create", + "update" + ] + }, + "retentionDays": { + "format": "int32", + "description": "Specifies the number of days to keep in the audit logs.", + "type": "integer" + }, + "auditActionsAndGroups": { + "description": "Specifies the Actions-Groups and Actions to audit.\r\n\r\nThe recommended set of action groups to use is the following combination - this will audit all the queries and stored procedures executed against the database, as well as successful and failed logins:\r\n\r\nBATCH_COMPLETED_GROUP,\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,\r\nFAILED_DATABASE_AUTHENTICATION_GROUP.\r\n\r\nThis above combination is also the set that is configured by default when enabling auditing from the Azure portal.\r\n\r\nThe supported action groups to audit are (note: choose only specific groups that cover your auditing needs. Using unnecessary groups could lead to very large quantities of audit records):\r\n\r\nAPPLICATION_ROLE_CHANGE_PASSWORD_GROUP\r\nBACKUP_RESTORE_GROUP\r\nDATABASE_LOGOUT_GROUP\r\nDATABASE_OBJECT_CHANGE_GROUP\r\nDATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nDATABASE_OBJECT_PERMISSION_CHANGE_GROUP\r\nDATABASE_OPERATION_GROUP\r\nDATABASE_PERMISSION_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_IMPERSONATION_GROUP\r\nDATABASE_ROLE_MEMBER_CHANGE_GROUP\r\nFAILED_DATABASE_AUTHENTICATION_GROUP\r\nSCHEMA_OBJECT_ACCESS_GROUP\r\nSCHEMA_OBJECT_CHANGE_GROUP\r\nSCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nSCHEMA_OBJECT_PERMISSION_CHANGE_GROUP\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP\r\nUSER_CHANGE_PASSWORD_GROUP\r\nBATCH_STARTED_GROUP\r\nBATCH_COMPLETED_GROUP\r\n\r\nThese are groups that cover all sql statements and stored procedures executed against the database, and should not be used in combination with other groups as this will result in duplicate audit logs.\r\n\r\nFor more information, see [Database-Level Audit Action Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups).\r\n\r\nFor Database auditing policy, specific Actions can also be specified (note that Actions cannot be specified for Server auditing policy). The supported actions to audit are:\r\nSELECT\r\nUPDATE\r\nINSERT\r\nDELETE\r\nEXECUTE\r\nRECEIVE\r\nREFERENCES\r\n\r\nThe general form for defining an action to be audited is:\r\n ON BY \r\n\r\nNote that in the above format can refer to an object like a table, view, or stored procedure, or an entire database or schema. For the latter cases, the forms DATABASE:: and SCHEMA:: are used, respectively.\r\n\r\nFor example:\r\nSELECT on dbo.myTable by public\r\nSELECT on DATABASE::myDatabase by public\r\nSELECT on SCHEMA::mySchema by public\r\n\r\nFor more information, see [Database-Level Audit Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions)", + "type": "array", + "items": { + "type": "string" + } + }, + "storageAccountSubscriptionId": { + "format": "uuid", + "description": "Specifies the blob storage subscription Id.", + "type": "string" + }, + "isStorageSecondaryKeyInUse": { + "description": "Specifies whether storageAccountAccessKey value is the storage's secondary key.", + "type": "boolean" + } + } + }, + "ExtendedServerBlobAuditingPolicy": { + "description": "An extended server blob auditing policy.", + "type": "object", + "allOf": [ + { + "$ref": "#/definitions/ProxyResource" + } + ], + "properties": { + "properties": { + "$ref": "#/definitions/ExtendedServerBlobAuditingPolicyProperties", + "description": "Resource properties.", + "x-ms-client-flatten": true + } + } + }, + "ServerBlobAuditingPolicyProperties": { + "description": "Properties of a server blob auditing policy.", + "required": [ + "state" + ], + "type": "object", + "properties": { + "state": { + "description": "Specifies the state of the policy. If state is Enabled, storageEndpoint and storageAccountAccessKey are required.", + "enum": [ + "Enabled", + "Disabled" + ], + "type": "string", + "x-ms-enum": { + "name": "BlobAuditingPolicyState", + "modelAsString": false + } + }, + "storageEndpoint": { + "description": "Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). If state is Enabled, storageEndpoint is required.", + "type": "string" + }, + "storageAccountAccessKey": { + "description": "Specifies the identifier key of the auditing storage account. If state is Enabled, storageAccountAccessKey is required.", + "type": "string", + "x-ms-mutability": [ + "create", + "update" + ] + }, + "retentionDays": { + "format": "int32", + "description": "Specifies the number of days to keep in the audit logs.", + "type": "integer" + }, + "auditActionsAndGroups": { + "description": "Specifies the Actions-Groups and Actions to audit.\r\n\r\nThe recommended set of action groups to use is the following combination - this will audit all the queries and stored procedures executed against the database, as well as successful and failed logins:\r\n\r\nBATCH_COMPLETED_GROUP,\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,\r\nFAILED_DATABASE_AUTHENTICATION_GROUP.\r\n\r\nThis above combination is also the set that is configured by default when enabling auditing from the Azure portal.\r\n\r\nThe supported action groups to audit are (note: choose only specific groups that cover your auditing needs. Using unnecessary groups could lead to very large quantities of audit records):\r\n\r\nAPPLICATION_ROLE_CHANGE_PASSWORD_GROUP\r\nBACKUP_RESTORE_GROUP\r\nDATABASE_LOGOUT_GROUP\r\nDATABASE_OBJECT_CHANGE_GROUP\r\nDATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nDATABASE_OBJECT_PERMISSION_CHANGE_GROUP\r\nDATABASE_OPERATION_GROUP\r\nDATABASE_PERMISSION_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_IMPERSONATION_GROUP\r\nDATABASE_ROLE_MEMBER_CHANGE_GROUP\r\nFAILED_DATABASE_AUTHENTICATION_GROUP\r\nSCHEMA_OBJECT_ACCESS_GROUP\r\nSCHEMA_OBJECT_CHANGE_GROUP\r\nSCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nSCHEMA_OBJECT_PERMISSION_CHANGE_GROUP\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP\r\nUSER_CHANGE_PASSWORD_GROUP\r\nBATCH_STARTED_GROUP\r\nBATCH_COMPLETED_GROUP\r\n\r\nThese are groups that cover all sql statements and stored procedures executed against the database, and should not be used in combination with other groups as this will result in duplicate audit logs.\r\n\r\nFor more information, see [Database-Level Audit Action Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups).\r\n\r\nFor Database auditing policy, specific Actions can also be specified (note that Actions cannot be specified for Server auditing policy). The supported actions to audit are:\r\nSELECT\r\nUPDATE\r\nINSERT\r\nDELETE\r\nEXECUTE\r\nRECEIVE\r\nREFERENCES\r\n\r\nThe general form for defining an action to be audited is:\r\n ON BY \r\n\r\nNote that in the above format can refer to an object like a table, view, or stored procedure, or an entire database or schema. For the latter cases, the forms DATABASE:: and SCHEMA:: are used, respectively.\r\n\r\nFor example:\r\nSELECT on dbo.myTable by public\r\nSELECT on DATABASE::myDatabase by public\r\nSELECT on SCHEMA::mySchema by public\r\n\r\nFor more information, see [Database-Level Audit Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions)", + "type": "array", + "items": { + "type": "string" + } + }, + "storageAccountSubscriptionId": { + "format": "uuid", + "description": "Specifies the blob storage subscription Id.", + "type": "string" + }, + "isStorageSecondaryKeyInUse": { + "description": "Specifies whether storageAccountAccessKey value is the storage's secondary key.", + "type": "boolean" + } + } + }, + "ServerBlobAuditingPolicy": { + "description": "A server blob auditing policy.", + "type": "object", + "allOf": [ + { + "$ref": "#/definitions/ProxyResource" + } + ], + "properties": { + "properties": { + "$ref": "#/definitions/ServerBlobAuditingPolicyProperties", + "description": "Resource properties.", + "x-ms-client-flatten": true + } + } + }, + "DatabaseBlobAuditingPolicyProperties": { + "description": "Properties of a database blob auditing policy.", + "required": [ + "state" + ], + "type": "object", + "properties": { + "state": { + "description": "Specifies the state of the policy. If state is Enabled, storageEndpoint and storageAccountAccessKey are required.", + "enum": [ + "Enabled", + "Disabled" + ], + "type": "string", + "x-ms-enum": { + "name": "BlobAuditingPolicyState", + "modelAsString": false + } + }, + "storageEndpoint": { + "description": "Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). If state is Enabled, storageEndpoint is required.", + "type": "string" + }, + "storageAccountAccessKey": { + "description": "Specifies the identifier key of the auditing storage account. If state is Enabled, storageAccountAccessKey is required.", + "type": "string", + "x-ms-mutability": [ + "create", + "update" + ] + }, + "retentionDays": { + "format": "int32", + "description": "Specifies the number of days to keep in the audit logs.", + "type": "integer" + }, + "auditActionsAndGroups": { + "description": "Specifies the Actions-Groups and Actions to audit.\r\n\r\nThe recommended set of action groups to use is the following combination - this will audit all the queries and stored procedures executed against the database, as well as successful and failed logins:\r\n\r\nBATCH_COMPLETED_GROUP,\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,\r\nFAILED_DATABASE_AUTHENTICATION_GROUP.\r\n\r\nThis above combination is also the set that is configured by default when enabling auditing from the Azure portal.\r\n\r\nThe supported action groups to audit are (note: choose only specific groups that cover your auditing needs. Using unnecessary groups could lead to very large quantities of audit records):\r\n\r\nAPPLICATION_ROLE_CHANGE_PASSWORD_GROUP\r\nBACKUP_RESTORE_GROUP\r\nDATABASE_LOGOUT_GROUP\r\nDATABASE_OBJECT_CHANGE_GROUP\r\nDATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nDATABASE_OBJECT_PERMISSION_CHANGE_GROUP\r\nDATABASE_OPERATION_GROUP\r\nDATABASE_PERMISSION_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_IMPERSONATION_GROUP\r\nDATABASE_ROLE_MEMBER_CHANGE_GROUP\r\nFAILED_DATABASE_AUTHENTICATION_GROUP\r\nSCHEMA_OBJECT_ACCESS_GROUP\r\nSCHEMA_OBJECT_CHANGE_GROUP\r\nSCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nSCHEMA_OBJECT_PERMISSION_CHANGE_GROUP\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP\r\nUSER_CHANGE_PASSWORD_GROUP\r\nBATCH_STARTED_GROUP\r\nBATCH_COMPLETED_GROUP\r\n\r\nThese are groups that cover all sql statements and stored procedures executed against the database, and should not be used in combination with other groups as this will result in duplicate audit logs.\r\n\r\nFor more information, see [Database-Level Audit Action Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups).\r\n\r\nFor Database auditing policy, specific Actions can also be specified (note that Actions cannot be specified for Server auditing policy). The supported actions to audit are:\r\nSELECT\r\nUPDATE\r\nINSERT\r\nDELETE\r\nEXECUTE\r\nRECEIVE\r\nREFERENCES\r\n\r\nThe general form for defining an action to be audited is:\r\n ON BY \r\n\r\nNote that in the above format can refer to an object like a table, view, or stored procedure, or an entire database or schema. For the latter cases, the forms DATABASE:: and SCHEMA:: are used, respectively.\r\n\r\nFor example:\r\nSELECT on dbo.myTable by public\r\nSELECT on DATABASE::myDatabase by public\r\nSELECT on SCHEMA::mySchema by public\r\n\r\nFor more information, see [Database-Level Audit Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions)", + "type": "array", + "items": { + "type": "string" + } + }, + "storageAccountSubscriptionId": { + "format": "uuid", + "description": "Specifies the blob storage subscription Id.", + "type": "string" + }, + "isStorageSecondaryKeyInUse": { + "description": "Specifies whether storageAccountAccessKey value is the storage's secondary key.", + "type": "boolean" + } + } + }, + "DatabaseBlobAuditingPolicy": { + "description": "A database blob auditing policy.", + "type": "object", + "allOf": [ + { + "$ref": "#/definitions/ProxyResource" + } + ], + "properties": { + "kind": { + "description": "Resource kind.", + "type": "string", + "readOnly": true + }, + "properties": { + "$ref": "#/definitions/DatabaseBlobAuditingPolicyProperties", + "description": "Resource properties.", + "x-ms-client-flatten": true + } + } + } + }, + "parameters": { + "SubscriptionIdParameter": { + "name": "subscriptionId", + "in": "path", + "description": "The subscription ID that identifies an Azure subscription.", + "required": true, + "type": "string", + "x-ms-parameter-location": "client" + }, + "ApiVersionParameter": { + "name": "api-version", + "in": "query", + "description": "The API version to use for the request.", + "required": true, + "type": "string", + "x-ms-parameter-location": "client" + }, + "ResourceGroupParameter": { + "name": "resourceGroupName", + "in": "path", + "description": "The name of the resource group that contains the resource. You can obtain this value from the Azure Resource Manager API or the portal.", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "ServerNameParameter": { + "name": "serverName", + "in": "path", + "description": "The name of the server.", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "ManagedInstanceNameParameter": { + "name": "managedInstanceName", + "in": "path", + "description": "The name of the managed instance.", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "DatabaseNameParameter": { + "name": "databaseName", + "in": "path", + "description": "The name of the database.", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "BlobAuditingPolicyNameParameter": { + "name": "blobAuditingPolicyName", + "in": "path", + "description": "The name of the blob auditing policy.", + "required": true, + "type": "string", + "enum": [ + "default" + ], + "x-ms-parameter-location": "method" + }, + "SqlVirtualMachineInstanceNameParameter": { + "name": "sqlVirtualMachineInstanceName", + "in": "path", + "description": "The name of the SqlVirtualMachineInstance.", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "SqlVirtualMachineContainerNameParameter": { + "name": "sqlVirtualMachineContainerName", + "in": "path", + "description": "The name of the SqlVirtualMachineContainer.", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "VirtualClusterNameParameter": { + "name": "virtualClusterName", + "in": "path", + "description": "The name of the virtual cluster.", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + } + }, + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "description": "Azure Active Directory OAuth2 Flow", + "flow": "implicit", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + } +} \ No newline at end of file diff --git a/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/DatabaseBlobAuditingCreateMax.json b/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/DatabaseBlobAuditingCreateMax.json new file mode 100644 index 000000000000..a571903ebf91 --- /dev/null +++ b/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/DatabaseBlobAuditingCreateMax.json @@ -0,0 +1,57 @@ +{ + "parameters": { + "subscriptionId": "00000000-1111-2222-3333-444444444444", + "resourceGroupName": "blobauditingtest-4799", + "serverName": "blobauditingtest-6440", + "databaseName": "testdb", + "blobAuditingPolicyName": "default", + "api-version": "2017-03-01-preview", + "parameters": { + "properties": { + "state": "Enabled", + "storageAccountAccessKey": "sdlfkjabc+sdlfkjsdlkfsjdfLDKFTERLKFDFKLjsdfksjdflsdkfD2342309432849328476458/3RSD==", + "storageEndpoint": "https://mystorage.blob.core.windows.net", + "retentionDays": 6, + "storageAccountSubscriptionId": "00000000-1234-0000-5678-000000000000", + "isStorageSecondaryKeyInUse": false, + "auditActionsAndGroups":["DATABASE_LOGOUT_GROUP","DATABASE_ROLE_MEMBER_CHANGE_GROUP", "UPDATE on database::TestDatabaseName by public"] + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/blobauditingtest-4799/providers/Microsoft.Sql/servers/blobauditingtest-6440/databases/testdb", + "name": "default", + "type": "Microsoft.Sql/servers/databases/auditingSettings", + "kind": "V12", + "properties": { + "state":"Enabled", + "storageEndpoint": "https://mystorage.blob.core.windows.net", + "storageAccountAccessKey": "", + "retentionDays": 0, + "storageAccountSubscriptionId": "00000000-1234-0000-5678-000000000000", + "isStorageSecondaryKeyInUse": false, + "auditActionsAndGroups": ["DATABASE_LOGOUT_GROUP", "DATABASE_ROLE_MEMBER_CHANGE_GROUP", "UPDATE on database::TestDatabaseName by public"] + } + } + }, + "201": { + "body": { + "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/blobauditingtest-4799/providers/Microsoft.Sql/servers/blobauditingtest-6440/databases/testdb", + "name": "default", + "type": "Microsoft.Sql/servers/databases/auditingSettings", + "kind": "V12", + "properties": { + "state":"Enabled", + "storageEndpoint": "https://mystorage.blob.core.windows.net", + "storageAccountAccessKey": "", + "retentionDays": 0, + "storageAccountSubscriptionId": "00000000-1234-0000-5678-000000000000", + "isStorageSecondaryKeyInUse": false, + "auditActionsAndGroups": ["DATABASE_LOGOUT_GROUP", "DATABASE_ROLE_MEMBER_CHANGE_GROUP", "UPDATE on database::TestDatabaseName by public"] + } + } + } + } +} \ No newline at end of file diff --git a/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/DatabaseBlobAuditingCreateMin.json b/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/DatabaseBlobAuditingCreateMin.json new file mode 100644 index 000000000000..6821106df1d8 --- /dev/null +++ b/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/DatabaseBlobAuditingCreateMin.json @@ -0,0 +1,53 @@ +{ + "parameters": { + "subscriptionId": "00000000-1111-2222-3333-444444444444", + "resourceGroupName": "blobauditingtest-4799", + "serverName": "blobauditingtest-6440", + "databaseName": "testdb", + "blobAuditingPolicyName": "default", + "api-version": "2017-03-01-preview", + "parameters": { + "properties": { + "state": "Enabled", + "storageAccountAccessKey": "sdlfkjabc+sdlfkjsdlkfsjdfLDKFTERLKFDFKLjsdfksjdflsdkfD2342309432849328476458/3RSD==", + "storageEndpoint": "https://mystorage.blob.core.windows.net" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/blobauditingtest-4799/providers/Microsoft.Sql/servers/blobauditingtest-6440/databases/testdb", + "name": "default", + "type": "Microsoft.Sql/servers/databases/auditingSettings", + "kind": "V12", + "properties": { + "state":"Enabled", + "storageEndpoint": "https://mystorage.blob.core.windows.net", + "storageAccountAccessKey": "", + "retentionDays": 0, + "storageAccountSubscriptionId": "00000000-0000-0000-0000-000000000000", + "isStorageSecondaryKeyInUse": false, + "auditActionsAndGroups":["SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP","FAILED_DATABASE_AUTHENTICATION_GROUP","BATCH_COMPLETED_GROUP"] + } + } + }, + "201": { + "body": { + "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/blobauditingtest-4799/providers/Microsoft.Sql/servers/blobauditingtest-6440/databases/testdb", + "name": "default", + "type": "Microsoft.Sql/servers/databases/auditingSettings", + "kind": "V12", + "properties": { + "state":"Enabled", + "storageEndpoint": "https://mystorage.blob.core.windows.net", + "storageAccountAccessKey": "", + "retentionDays": 0, + "storageAccountSubscriptionId": "00000000-0000-0000-0000-000000000000", + "isStorageSecondaryKeyInUse": false, + "auditActionsAndGroups":["SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP","FAILED_DATABASE_AUTHENTICATION_GROUP","BATCH_COMPLETED_GROUP"] + } + } + } + } +} \ No newline at end of file diff --git a/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/DatabaseBlobAuditingGet.json b/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/DatabaseBlobAuditingGet.json new file mode 100644 index 000000000000..9637d314f0bc --- /dev/null +++ b/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/DatabaseBlobAuditingGet.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "subscriptionId": "00000000-1111-2222-3333-444444444444", + "resourceGroupName": "blobauditingtest-6852", + "serverName": "blobauditingtest-2080", + "databaseName": "testdb", + "blobAuditingPolicyName": "default", + "api-version": "2017-03-01-preview" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/blobauditingtest-6852/providers/Microsoft.Sql/servers/blobauditingtest-2080/databases/testdb", + "name": "default", + "type": "Microsoft.Sql/servers/databases/auditingSettings", + "kind": "V12", + "properties": { + "state": "Disabled", + "storageEndpoint": "", + "retentionDays": 0, + "auditActionsAndGroups": [], + "storageAccountSubscriptionId": "00000000-0000-0000-0000-000000000000", + "isStorageSecondaryKeyInUse": false + } + } + } + } +} \ No newline at end of file diff --git a/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/ExtendedDatabaseBlobAuditingCreateMax.json b/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/ExtendedDatabaseBlobAuditingCreateMax.json new file mode 100644 index 000000000000..c3d225765d3d --- /dev/null +++ b/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/ExtendedDatabaseBlobAuditingCreateMax.json @@ -0,0 +1,56 @@ +{ + "parameters": { + "subscriptionId": "00000000-1111-2222-3333-444444444444", + "resourceGroupName": "blobauditingtest-4799", + "serverName": "blobauditingtest-6440", + "databaseName": "testdb", + "blobAuditingPolicyName": "default", + "api-version": "2017-03-01-preview", + "parameters": { + "properties": { + "state": "Enabled", + "storageAccountAccessKey": "sdlfkjabc+sdlfkjsdlkfsjdfLDKFTERLKFDFKLjsdfksjdflsdkfD2342309432849328476458/3RSD==", + "storageEndpoint": "https://mystorage.blob.core.windows.net", + "retentionDays": 6, + "storageAccountSubscriptionId": "00000000-1234-0000-5678-000000000000", + "isStorageSecondaryKeyInUse": false, + "auditActionsAndGroups": [ "DATABASE_LOGOUT_GROUP", "DATABASE_ROLE_MEMBER_CHANGE_GROUP", "UPDATE on database::TestDatabaseName by public" ], + "predicateExpression": "statement = 'select 1'" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/blobauditingtest-4799/providers/Microsoft.Sql/servers/blobauditingtest-6440/databases/testdb", + "name": "default", + "type": "Microsoft.Sql/servers/databases/extendedAuditingSettings", + "properties": { + "state":"Enabled", + "storageEndpoint": "https://mystorage.blob.core.windows.net", + "retentionDays": 0, + "storageAccountSubscriptionId": "00000000-1234-0000-5678-000000000000", + "isStorageSecondaryKeyInUse": false, + "auditActionsAndGroups": [ "DATABASE_LOGOUT_GROUP", "DATABASE_ROLE_MEMBER_CHANGE_GROUP", "UPDATE on database::TestDatabaseName by public" ], + "predicateExpression": "statement = 'select 1'" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/blobauditingtest-4799/providers/Microsoft.Sql/servers/blobauditingtest-6440/databases/testdb", + "name": "default", + "type": "Microsoft.Sql/servers/databases/extendedAuditingSettings", + "properties": { + "state":"Enabled", + "storageEndpoint": "https://mystorage.blob.core.windows.net", + "retentionDays": 0, + "storageAccountSubscriptionId": "00000000-1234-0000-5678-000000000000", + "isStorageSecondaryKeyInUse": false, + "auditActionsAndGroups": [ "DATABASE_LOGOUT_GROUP", "DATABASE_ROLE_MEMBER_CHANGE_GROUP", "UPDATE on database::TestDatabaseName by public" ], + "predicateExpression": "statement = 'select 1'" + } + } + } + } +} \ No newline at end of file diff --git a/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/ExtendedDatabaseBlobAuditingCreateMin.json b/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/ExtendedDatabaseBlobAuditingCreateMin.json new file mode 100644 index 000000000000..822c2619666d --- /dev/null +++ b/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/ExtendedDatabaseBlobAuditingCreateMin.json @@ -0,0 +1,49 @@ +{ + "parameters": { + "subscriptionId": "00000000-1111-2222-3333-444444444444", + "resourceGroupName": "blobauditingtest-4799", + "serverName": "blobauditingtest-6440", + "databaseName": "testdb", + "blobAuditingPolicyName": "default", + "api-version": "2017-03-01-preview", + "parameters": { + "properties": { + "state": "Enabled", + "storageAccountAccessKey": "sdlfkjabc+sdlfkjsdlkfsjdfLDKFTERLKFDFKLjsdfksjdflsdkfD2342309432849328476458/3RSD==", + "storageEndpoint": "https://mystorage.blob.core.windows.net" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/blobauditingtest-4799/providers/Microsoft.Sql/servers/blobauditingtest-6440/databases/testdb", + "name": "default", + "type": "Microsoft.Sql/servers/databases/extendedAuditingSettings", + "properties": { + "state":"Enabled", + "storageEndpoint": "https://mystorage.blob.core.windows.net", + "retentionDays": 0, + "storageAccountSubscriptionId": "00000000-0000-0000-0000-000000000000", + "isStorageSecondaryKeyInUse": false, + "auditActionsAndGroups":["SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP","FAILED_DATABASE_AUTHENTICATION_GROUP","BATCH_COMPLETED_GROUP"] + } + } + }, + "201": { + "body": { + "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/blobauditingtest-4799/providers/Microsoft.Sql/servers/blobauditingtest-6440/databases/testdb", + "name": "default", + "type": "Microsoft.Sql/servers/databases/extendedAuditingSettings", + "properties": { + "state":"Enabled", + "storageEndpoint": "https://mystorage.blob.core.windows.net", + "retentionDays": 0, + "storageAccountSubscriptionId": "00000000-0000-0000-0000-000000000000", + "isStorageSecondaryKeyInUse": false, + "auditActionsAndGroups":["SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP","FAILED_DATABASE_AUTHENTICATION_GROUP","BATCH_COMPLETED_GROUP"] + } + } + } + } +} \ No newline at end of file diff --git a/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/ExtendedDatabaseBlobAuditingGet.json b/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/ExtendedDatabaseBlobAuditingGet.json new file mode 100644 index 000000000000..46a66ce2854c --- /dev/null +++ b/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/ExtendedDatabaseBlobAuditingGet.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "subscriptionId": "00000000-1111-2222-3333-444444444444", + "resourceGroupName": "blobauditingtest-6852", + "serverName": "blobauditingtest-2080", + "databaseName": "testdb", + "blobAuditingPolicyName": "default", + "api-version": "2017-03-01-preview" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/blobauditingtest-6852/providers/Microsoft.Sql/servers/blobauditingtest-2080/databases/testdb", + "name": "default", + "type": "Microsoft.Sql/servers/databases/extendedAuditingSettings", + "properties": { + "state": "Disabled", + "storageEndpoint": "", + "retentionDays": 0, + "auditActionsAndGroups": [], + "storageAccountSubscriptionId": "00000000-0000-0000-0000-000000000000", + "isStorageSecondaryKeyInUse": false, + "predicateExpression": "statement = 'select 1'" + } + } + } + } +} \ No newline at end of file diff --git a/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/ExtendedServerBlobAuditingCreateMax.json b/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/ExtendedServerBlobAuditingCreateMax.json new file mode 100644 index 000000000000..cd0ce930e7fa --- /dev/null +++ b/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/ExtendedServerBlobAuditingCreateMax.json @@ -0,0 +1,43 @@ +{ + "parameters": { + "subscriptionId": "00000000-1111-2222-3333-444444444444", + "resourceGroupName": "blobauditingtest-4799", + "serverName": "blobauditingtest-6440", + "blobAuditingPolicyName": "default", + "api-version": "2017-03-01-preview", + "parameters": { + "properties": { + "state": "Enabled", + "storageAccountAccessKey": "sdlfkjabc+sdlfkjsdlkfsjdfLDKFTERLKFDFKLjsdfksjdflsdkfD2342309432849328476458/3RSD==", + "storageEndpoint": "https://mystorage.blob.core.windows.net", + "retentionDays": 6, + "storageAccountSubscriptionId": "00000000-1234-0000-5678-000000000000", + "isStorageSecondaryKeyInUse": false, + "auditActionsAndGroups": [ "SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP", "FAILED_DATABASE_AUTHENTICATION_GROUP", "BATCH_COMPLETED_GROUP" ], + "predicateExpression": "object_name = 'SensitiveData'" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/blobauditingtest-4799/providers/Microsoft.Sql/servers/blobauditingtest-6440/extendedAuditingSettings/default", + "name": "default", + "type": "Microsoft.Sql/servers/extendedAuditingSettings", + "properties": { + "state": "Enabled", + "storageEndpoint": "https://mystorage.blob.core.windows.net", + "retentionDays": 6, + "storageAccountSubscriptionId": "00000000-1234-0000-5678-000000000000", + "isStorageSecondaryKeyInUse": false, + "auditActionsAndGroups": [ "SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP", "FAILED_DATABASE_AUTHENTICATION_GROUP", "BATCH_COMPLETED_GROUP" ], + "predicateExpression": "object_name = 'SensitiveData'" + } + } + }, + "202": { + "startTime": "2017-11-22T09:34:54.72Z", + "operation": "UpsertServerEngineAuditingPolicy" + } + } +} \ No newline at end of file diff --git a/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/ExtendedServerBlobAuditingCreateMin.json b/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/ExtendedServerBlobAuditingCreateMin.json new file mode 100644 index 000000000000..95847565cb3d --- /dev/null +++ b/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/ExtendedServerBlobAuditingCreateMin.json @@ -0,0 +1,37 @@ +{ + "parameters": { + "subscriptionId": "00000000-1111-2222-3333-444444444444", + "resourceGroupName": "blobauditingtest-4799", + "serverName": "blobauditingtest-6440", + "blobAuditingPolicyName": "default", + "api-version": "2017-03-01-preview", + "parameters": { + "properties": { + "state": "Enabled", + "storageAccountAccessKey": "sdlfkjabc+sdlfkjsdlkfsjdfLDKFTERLKFDFKLjsdfksjdflsdkfD2342309432849328476458/3RSD==", + "storageEndpoint": "https://mystorage.blob.core.windows.net" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/blobauditingtest-4799/providers/Microsoft.Sql/servers/blobauditingtest-6440/extendedAuditingSettings/default", + "name": "default", + "type": "Microsoft.Sql/servers/extendedAuditingSettings", + "properties": { + "state": "Enabled", + "storageEndpoint": "https://mystorage.blob.core.windows.net", + "retentionDays": 6, + "storageAccountSubscriptionId": "00000000-1234-0000-5678-000000000000", + "isStorageSecondaryKeyInUse": false, + "auditActionsAndGroups": [ "SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP", "FAILED_DATABASE_AUTHENTICATION_GROUP", "BATCH_COMPLETED_GROUP" ] + } + } + }, + "202": { + "startTime": "2017-11-22T09:34:54.72Z", + "operation": "UpsertServerEngineAuditingPolicy" + } + } +} \ No newline at end of file diff --git a/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/ExtendedServerBlobAuditingGet.json b/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/ExtendedServerBlobAuditingGet.json new file mode 100644 index 000000000000..1c13d70019b3 --- /dev/null +++ b/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/ExtendedServerBlobAuditingGet.json @@ -0,0 +1,27 @@ +{ + "parameters": { + "subscriptionId": "00000000-1111-2222-3333-444444444444", + "resourceGroupName": "blobauditingtest-4799", + "serverName": "blobauditingtest-6440", + "blobAuditingPolicyName": "default", + "api-version": "2017-03-01-preview" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/blobauditingtest-6852/providers/Microsoft.Sql/servers/blobauditingtest-2080/extendedAuditingSettings/default", + "name": "default", + "type": "Microsoft.Sql/servers/extendedAuditingSettings", + "properties": { + "state": "Disabled", + "storageEndpoint": "", + "retentionDays": 0, + "auditActionsAndGroups": [], + "storageAccountSubscriptionId": "00000000-0000-0000-0000-000000000000", + "isStorageSecondaryKeyInUse": false, + "predicateExpression": "object_name = 'SensitiveData'" + } + } + } + } +} \ No newline at end of file diff --git a/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/ServerBlobAuditingCreateMax.json b/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/ServerBlobAuditingCreateMax.json index 74919d55125f..144353d69a54 100644 --- a/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/ServerBlobAuditingCreateMax.json +++ b/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/ServerBlobAuditingCreateMax.json @@ -3,7 +3,7 @@ "subscriptionId": "00000000-1111-2222-3333-444444444444", "resourceGroupName": "blobauditingtest-4799", "serverName": "blobauditingtest-6440", - "blobAuditingPolicyName": "Default", + "blobAuditingPolicyName": "default", "api-version": "2017-03-01-preview", "parameters": { "properties": { @@ -20,13 +20,12 @@ "responses": { "200": { "body": { - "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/blobauditingtest-4799/providers/Microsoft.Sql/servers/blobauditingtest-6440/auditingSettings/Default", - "name": "Default", + "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/blobauditingtest-4799/providers/Microsoft.Sql/servers/blobauditingtest-6440/auditingSettings/default", + "name": "default", "type": "Microsoft.Sql/servers/auditingSettings", "properties": { "state": "Enabled", "storageEndpoint": "https://mystorage.blob.core.windows.net", - "storageAccountAccessKey": "", "retentionDays": 6, "storageAccountSubscriptionId": "00000000-1234-0000-5678-000000000000", "isStorageSecondaryKeyInUse": false, @@ -34,6 +33,9 @@ } } }, - "202": { } + "202": { + "startTime": "2017-11-22T09:34:54.72Z", + "operation": "UpsertServerEngineAuditingPolicy" + } } } diff --git a/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/ServerBlobAuditingCreateMin.json b/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/ServerBlobAuditingCreateMin.json new file mode 100644 index 000000000000..217a8d05ce80 --- /dev/null +++ b/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/ServerBlobAuditingCreateMin.json @@ -0,0 +1,37 @@ +{ + "parameters": { + "subscriptionId": "00000000-1111-2222-3333-444444444444", + "resourceGroupName": "blobauditingtest-4799", + "serverName": "blobauditingtest-6440", + "blobAuditingPolicyName": "default", + "api-version": "2017-03-01-preview", + "parameters": { + "properties": { + "state": "Enabled", + "storageAccountAccessKey": "sdlfkjabc+sdlfkjsdlkfsjdfLDKFTERLKFDFKLjsdfksjdflsdkfD2342309432849328476458/3RSD==", + "storageEndpoint": "https://mystorage.blob.core.windows.net" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/blobauditingtest-4799/providers/Microsoft.Sql/servers/blobauditingtest-6440/auditingSettings/default", + "name": "default", + "type": "Microsoft.Sql/servers/auditingSettings", + "properties": { + "state": "Enabled", + "storageEndpoint": "https://mystorage.blob.core.windows.net", + "retentionDays": 6, + "storageAccountSubscriptionId": "00000000-1234-0000-5678-000000000000", + "isStorageSecondaryKeyInUse": false, + "auditActionsAndGroups": [ "SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP", "FAILED_DATABASE_AUTHENTICATION_GROUP", "BATCH_COMPLETED_GROUP" ] + } + } + }, + "202": { + "startTime": "2017-11-22T09:34:54.72Z", + "operation": "UpsertServerEngineAuditingPolicy" + } + } +} diff --git a/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/ServerBlobAuditingGet.json b/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/ServerBlobAuditingGet.json new file mode 100644 index 000000000000..4fc165d07c2a --- /dev/null +++ b/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/ServerBlobAuditingGet.json @@ -0,0 +1,26 @@ +{ + "parameters": { + "subscriptionId": "00000000-1111-2222-3333-444444444444", + "resourceGroupName": "blobauditingtest-4799", + "serverName": "blobauditingtest-6440", + "blobAuditingPolicyName": "default", + "api-version": "2017-03-01-preview" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/blobauditingtest-6852/providers/Microsoft.Sql/servers/blobauditingtest-2080/auditingSettings/default", + "name": "default", + "type": "Microsoft.Sql/servers/auditingSettings", + "properties": { + "state": "Disabled", + "storageEndpoint": "", + "retentionDays": 0, + "auditActionsAndGroups": [], + "storageAccountSubscriptionId": "00000000-0000-0000-0000-000000000000", + "isStorageSecondaryKeyInUse": false + } + } + } + } +} \ No newline at end of file diff --git a/specification/sql/resource-manager/readme.md b/specification/sql/resource-manager/readme.md index 4454f2d9bad5..848e87a480c5 100644 --- a/specification/sql/resource-manager/readme.md +++ b/specification/sql/resource-manager/readme.md @@ -70,7 +70,6 @@ input-file: - Microsoft.Sql/stable/2014-04-01/serviceObjectives.json - Microsoft.Sql/stable/2014-04-01/sql.core.json - Microsoft.Sql/stable/2014-04-01/usages.json -- Microsoft.Sql/preview/2015-05-01-preview/blobAuditingPolicies.json - Microsoft.Sql/preview/2015-05-01-preview/databaseAutomaticTuning.json - Microsoft.Sql/preview/2015-05-01-preview/encryptionProtectors.json - Microsoft.Sql/preview/2015-05-01-preview/failoverGroups.json @@ -83,6 +82,7 @@ input-file: - Microsoft.Sql/preview/2015-05-01-preview/syncMembers.json - Microsoft.Sql/preview/2015-05-01-preview/usages.json - Microsoft.Sql/preview/2015-05-01-preview/virtualNetworkRules.json +- Microsoft.Sql/preview/2017-03-01-preview/blobAuditing.json - Microsoft.Sql/preview/2017-03-01-preview/databaseVulnerabilityAssessmentBaselines.json - Microsoft.Sql/preview/2017-03-01-preview/databaseVulnerabilityAssessments.json - Microsoft.Sql/preview/2017-03-01-preview/jobs.json @@ -142,7 +142,6 @@ input-file: - Microsoft.Sql/stable/2014-04-01/serviceObjectives.json - Microsoft.Sql/stable/2014-04-01/sql.core.json - Microsoft.Sql/stable/2014-04-01/usages.json -- Microsoft.Sql/preview/2015-05-01-preview/blobAuditingPolicies.json - Microsoft.Sql/preview/2015-05-01-preview/databaseAutomaticTuning.json - Microsoft.Sql/preview/2015-05-01-preview/encryptionProtectors.json - Microsoft.Sql/preview/2015-05-01-preview/failoverGroups.json @@ -155,6 +154,7 @@ input-file: - Microsoft.Sql/preview/2015-05-01-preview/syncMembers.json - Microsoft.Sql/preview/2015-05-01-preview/usages.json - Microsoft.Sql/preview/2015-05-01-preview/virtualNetworkRules.json +- Microsoft.Sql/preview/2017-03-01-preview/blobAuditing.json - Microsoft.Sql/preview/2017-03-01-preview/databaseVulnerabilityAssessmentBaselines.json - Microsoft.Sql/preview/2017-03-01-preview/databaseVulnerabilityAssessments.json - Microsoft.Sql/preview/2017-03-01-preview/jobs.json @@ -206,7 +206,6 @@ input-file: - Microsoft.Sql/stable/2014-04-01/serviceObjectives.json - Microsoft.Sql/stable/2014-04-01/sql.core.json - Microsoft.Sql/stable/2014-04-01/usages.json -- Microsoft.Sql/preview/2015-05-01-preview/blobAuditingPolicies.json - Microsoft.Sql/preview/2015-05-01-preview/databaseAutomaticTuning.json - Microsoft.Sql/preview/2015-05-01-preview/encryptionProtectors.json - Microsoft.Sql/preview/2015-05-01-preview/failoverGroups.json @@ -219,6 +218,7 @@ input-file: - Microsoft.Sql/preview/2015-05-01-preview/syncMembers.json - Microsoft.Sql/preview/2015-05-01-preview/usages.json - Microsoft.Sql/preview/2015-05-01-preview/virtualNetworkRules.json +- Microsoft.Sql/preview/2017-03-01-preview/blobAuditing.json - Microsoft.Sql/preview/2017-03-01-preview/databaseVulnerabilityAssessmentBaselines.json - Microsoft.Sql/preview/2017-03-01-preview/databaseVulnerabilityAssessments.json - Microsoft.Sql/preview/2017-03-01-preview/jobs.json @@ -268,7 +268,6 @@ input-file: - Microsoft.Sql/stable/2014-04-01/serviceObjectives.json - Microsoft.Sql/stable/2014-04-01/sql.core.json - Microsoft.Sql/stable/2014-04-01/usages.json -- Microsoft.Sql/preview/2015-05-01-preview/blobAuditingPolicies.json - Microsoft.Sql/preview/2015-05-01-preview/databaseAutomaticTuning.json - Microsoft.Sql/preview/2015-05-01-preview/encryptionProtectors.json - Microsoft.Sql/preview/2015-05-01-preview/failoverGroups.json @@ -280,6 +279,7 @@ input-file: - Microsoft.Sql/preview/2015-05-01-preview/syncGroups.json - Microsoft.Sql/preview/2015-05-01-preview/syncMembers.json - Microsoft.Sql/preview/2015-05-01-preview/usages.json +- Microsoft.Sql/preview/2017-03-01-preview/blobAuditing.json - Microsoft.Sql/preview/2017-03-01-preview/databaseVulnerabilityAssessmentBaselines.json - Microsoft.Sql/preview/2017-03-01-preview/databaseVulnerabilityAssessments.json - Microsoft.Sql/preview/2015-05-01-preview/virtualNetworkRules.json @@ -328,7 +328,7 @@ input-file: - Microsoft.Sql/stable/2014-04-01/sql.core.json - Microsoft.Sql/stable/2014-04-01/usages.json - Microsoft.Sql/stable/2015-05-01/capabilities.json -- Microsoft.Sql/preview/2015-05-01-preview/blobAuditingPolicies.json +- Microsoft.Sql/preview/2015-05-01-preview/blobAuditing.json - Microsoft.Sql/preview/2015-05-01-preview/encryptionProtectors.json - Microsoft.Sql/preview/2015-05-01-preview/failoverGroups.json - Microsoft.Sql/preview/2015-05-01-preview/managedInstances.json @@ -411,6 +411,7 @@ These can be regenerated by running the following PowerShell script from this re ``` yaml $(tag) == 'package-pure-2017-03-preview' input-file: + - ./Microsoft.Sql/preview/2017-03-01-preview/blobAuditing.json - ./Microsoft.Sql/preview/2017-03-01-preview/cancelOperations.json - ./Microsoft.Sql/preview/2017-03-01-preview/databases.json - ./Microsoft.Sql/preview/2017-03-01-preview/databaseVulnerabilityAssessmentBaselines.json @@ -442,7 +443,7 @@ These can be regenerated by running the following PowerShell script from this re ``` yaml $(tag) == 'package-pure-2015-05-preview' input-file: - ./Microsoft.Sql/preview/2015-05-01-preview/advisors.json - - ./Microsoft.Sql/preview/2015-05-01-preview/blobAuditingPolicies.json + - ./Microsoft.Sql/preview/2015-05-01-preview/blobAuditing.json - ./Microsoft.Sql/preview/2015-05-01-preview/databaseAutomaticTuning.json - ./Microsoft.Sql/preview/2015-05-01-preview/encryptionProtectors.json - ./Microsoft.Sql/preview/2015-05-01-preview/failoverGroups.json