From 74c3323fe355677d79c50380ef0e5a26d6790b87 Mon Sep 17 00:00:00 2001 From: Martin Strobel Date: Fri, 8 Jun 2018 13:46:40 -0700 Subject: [PATCH] Sql/blob auditing (#3076) * One file for server and db apis Make one file which is blobAuditing.json that contains both server & db apis + update readme.md and add operations.json * Add extended server auditing settings API * Fixed operation id. * Enable Database Auditing Filtiring With a Predicate Expression New API which enables database auditing filtering by a where clause. * Enable Database Auditing Filtiring With a Predicate Expression New API which enables database auditing filtering by a where clause. In addition, existing related APIs swaggers were unified under same Public API name. * Enable Database Auditing Filtiring With a Predicate Expression New API which enables database auditing filtering by a where clause. In addition, existing related APIs swaggers were unified under same Public API name. * Fixing examples of existing APIs and modifying blobAuditing Swagger file storageAccountAccessKey was removed from requests response, and examples were modified accordingly. * Remove description of predicateExpression related exceptions from old APIs description. Fixing a small issue for client readability. AuditingSettings and ExtendedAuditingSettings APIs have a mutual exceptions description. Description which mentions predicateExpression parameter in all APIs. After this fix, predicateExpression related exceptions will not be mentioned on old APIs. * Moving files to preview/stable as appropriate. * Modifying swagger and examples of 2017 BlobAuditing APIs (#421) * 2017 Blob Auditing APIs - Swagger and examples. Modifying swagger and examples of 2017 blob auditing APIs. * Resetting examples of DatabaseBlobAuditing API to 2017 Resetting examples of DatabaseBlobAuditing API to 2017 * Fixing follwing comments Fixing follwing comments * Fixing build errors Fixing build errors * Fix build errors Fix build errors * Fixing comments fixing comments * Removed 2017 database API Removed 2017 database API * Revert "Fixing comments" This reverts commit c09f9f690faaeaf0ad7b3baec58fbb50ecd27633. * Modifying description of APIs Modifying description of APIs after generating new swagger. * Modifying readme.md. Modifying readme.md. * Updating blobAuditing Json files. Updating blobAuditing Json files. * Temp change Temp change * Final commit Final commit * Fix Duplicated model name with non-identical definitions build error Fix Duplicated model name with non-identical definitions * Fix Duplicated model name with non-identical definitions build error This reverts commit 616851d69ff60d0334c76bbe7b6bdb7a3fc5365a and commits fixes. * Fix Automation Duplicated model name with non-identical definitions Fix Automation Duplicated model name with non-identical definitions * One file for server and db apis Make one file which is blobAuditing.json that contains both server & db apis + update readme.md and add operations.json * Add extended server auditing settings API * Fixed operation id. * Enable Database Auditing Filtiring With a Predicate Expression New API which enables database auditing filtering by a where clause. * Enable Database Auditing Filtiring With a Predicate Expression New API which enables database auditing filtering by a where clause. In addition, existing related APIs swaggers were unified under same Public API name. * Enable Database Auditing Filtiring With a Predicate Expression New API which enables database auditing filtering by a where clause. In addition, existing related APIs swaggers were unified under same Public API name. * Fixing examples of existing APIs and modifying blobAuditing Swagger file storageAccountAccessKey was removed from requests response, and examples were modified accordingly. * Remove description of predicateExpression related exceptions from old APIs description. Fixing a small issue for client readability. AuditingSettings and ExtendedAuditingSettings APIs have a mutual exceptions description. Description which mentions predicateExpression parameter in all APIs. After this fix, predicateExpression related exceptions will not be mentioned on old APIs. * Moving files to preview/stable as appropriate. * Modifying swagger and examples of 2017 BlobAuditing APIs (#421) * 2017 Blob Auditing APIs - Swagger and examples. Modifying swagger and examples of 2017 blob auditing APIs. * Resetting examples of DatabaseBlobAuditing API to 2017 Resetting examples of DatabaseBlobAuditing API to 2017 * Fixing follwing comments Fixing follwing comments * Fixing build errors Fixing build errors * Fixing comments fixing comments * Removed 2017 database API Removed 2017 database API * Revert "Fixing comments" This reverts commit c09f9f690faaeaf0ad7b3baec58fbb50ecd27633. * Modifying description of APIs Modifying description of APIs after generating new swagger. * Modifying readme.md. Modifying readme.md. * Updating blobAuditing Json files. Updating blobAuditing Json files. * Temp change Temp change * Final commit Final commit * Fix Python conf of servermanager (#3140) * Fix ServerManager Py Conf (#3141) * Plug SwaggerToSdk to LogAnalyticsMgmt (#3142) * [Storage] Support Management policy on new api version 2018-03-01-preview (#3137) * [Storage] Add new API version 2018-03-01-preview * [Storage] Update rest version 2018-03-01-preview * [Storage] Support Management Policy * [Storage] Update since code review comments * Add Python conf * [Storage] Add managment policy doc link to policy description. * [Storage] modify as review comments * RSA key size examples, ECC descriptions (#3136) * RSA key size examples, ECC descriptions * remove preview changes for now * Added GroupType property in HybridWorkerGroup (#3132) * Watcher resource swagger specs. For more details on the Usage of the resource: https://docs.microsoft.com/en-us/azure/automation/automation-watchers-tutorial (#3102) * Watcher specs * using the same model for get/put input and output. * Fix storage Python conf (#3148) * Fix for Azure Networking swagger 2018-04-01 version (#3146) * Adding swagger for new api-version consumption 2018-05-31, introducing new Forecast api swagger (#3114) * Forecast Api swagger * consumption readme file update for the new swagger version * addressing review comment on adding nextLink * fixing build error * Addressed feedback on enum and fixed a typo * Stop using unobscured credentials * Fix Duplicated model name with non-identical definitions build error Fix Duplicated model name with non-identical definitions * Fix go tag for storage management plane 2018-03-02 api version (#3156) * Refactoring Job Definitions (#3116) * MySQL/PostgreSQL VNET with API Version 2017-12-01 for Public Preview. (#3138) * Fix Python conf * Adding the VNET Rest APIs to 2017-12-01 version. Adding the VNET Rest APIs to 2017-12-01 version. * Add specs for machine learning services provider (#3135) * Add specs for machine learning services provider * Added python config to readme * Added repo generation for Python * Addressed feedback * Address more comments * Adding Security RP API swagger (#3144) * Reverted methods in vpn gateways. (#3163) * Fix Duplicated model name with non-identical definitions build error This reverts commit 616851d69ff60d0334c76bbe7b6bdb7a3fc5365a and commits fixes. * Fix Automation Duplicated model name with non-identical definitions Fix Automation Duplicated model name with non-identical definitions * Revert "Fix Duplicated model name with non-identical definitions build error" This reverts commit d1c40f73e0c88d8c073a4d7ce34f0b042d38a6cc. * Revert "Fix Duplicated model name with non-identical definitions build error" This reverts commit 2c1261eb68393c9ac59d675d987f40186fac8249. * Update readme.md file Update readme.md file --- .../2015-05-01-preview/blobAuditing.json | 299 ++++++ .../2017-03-01-preview/blobAuditing.json | 851 ++++++++++++++++++ .../DatabaseBlobAuditingCreateMax.json | 57 ++ .../DatabaseBlobAuditingCreateMin.json | 53 ++ .../examples/DatabaseBlobAuditingGet.json | 28 + ...ExtendedDatabaseBlobAuditingCreateMax.json | 56 ++ ...ExtendedDatabaseBlobAuditingCreateMin.json | 49 + .../ExtendedDatabaseBlobAuditingGet.json | 28 + .../ExtendedServerBlobAuditingCreateMax.json | 43 + .../ExtendedServerBlobAuditingCreateMin.json | 37 + .../ExtendedServerBlobAuditingGet.json | 27 + .../examples/ServerBlobAuditingCreateMax.json | 12 +- .../examples/ServerBlobAuditingCreateMin.json | 37 + .../examples/ServerBlobAuditingGet.json | 26 + specification/sql/resource-manager/readme.md | 13 +- 15 files changed, 1605 insertions(+), 11 deletions(-) create mode 100644 specification/sql/resource-manager/Microsoft.Sql/preview/2015-05-01-preview/blobAuditing.json create mode 100644 specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/blobAuditing.json create mode 100644 specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/DatabaseBlobAuditingCreateMax.json create mode 100644 specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/DatabaseBlobAuditingCreateMin.json create mode 100644 specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/DatabaseBlobAuditingGet.json create mode 100644 specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/ExtendedDatabaseBlobAuditingCreateMax.json create mode 100644 specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/ExtendedDatabaseBlobAuditingCreateMin.json create mode 100644 specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/ExtendedDatabaseBlobAuditingGet.json create mode 100644 specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/ExtendedServerBlobAuditingCreateMax.json create mode 100644 specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/ExtendedServerBlobAuditingCreateMin.json create mode 100644 specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/ExtendedServerBlobAuditingGet.json create mode 100644 specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/ServerBlobAuditingCreateMin.json create mode 100644 specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/ServerBlobAuditingGet.json diff --git a/specification/sql/resource-manager/Microsoft.Sql/preview/2015-05-01-preview/blobAuditing.json b/specification/sql/resource-manager/Microsoft.Sql/preview/2015-05-01-preview/blobAuditing.json new file mode 100644 index 000000000000..32ddc19328b7 --- /dev/null +++ b/specification/sql/resource-manager/Microsoft.Sql/preview/2015-05-01-preview/blobAuditing.json @@ -0,0 +1,299 @@ +{ + "swagger": "2.0", + "info": { + "version": "2015-05-01-preview", + "title": "SqlManagementClient", + "description": "The Azure SQL Database management API provides a RESTful set of web APIs that interact with Azure SQL Database services to manage your databases. The API enables users to create, retrieve, update, and delete databases, servers, and other entities." + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/databases/{databaseName}/auditingSettings/{blobAuditingPolicyName}": { + "get": { + "tags": [ + "BlobAuditing" + ], + "description": "Gets a database's blob auditing policy.", + "operationId": "DatabaseBlobAuditingPolicies_Get", + "parameters": [ + { + "$ref": "#/parameters/ResourceGroupParameter" + }, + { + "$ref": "#/parameters/ServerNameParameter" + }, + { + "$ref": "#/parameters/DatabaseNameParameter" + }, + { + "$ref": "#/parameters/BlobAuditingPolicyNameParameter" + }, + { + "$ref": "#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "Successfully retrieved the database blob auditing policy.", + "schema": { + "$ref": "#/definitions/DatabaseBlobAuditingPolicy" + } + }, + "default": { + "description": "*** Error Responses: ***\n\n * 400 BlobAuditingIsNotSupportedOnResourceType - Blob Auditing is currently not supported for this resource type.\n\n * 404 DatabaseDoesNotExist - User has specified a database name that does not exist on this server instance.\n\n * 404 SourceDatabaseNotFound - The source database does not exist.\n\n * 500 DatabaseIsUnavailable - Loading failed. Please try again later." + } + }, + "x-ms-examples": { + "Get a database's blob auditing policy": { + "$ref": "./examples/DatabaseBlobAuditingGet.json" + } + } + }, + "put": { + "tags": [ + "BlobAuditing" + ], + "description": "Creates or updates a database's blob auditing policy.", + "operationId": "DatabaseBlobAuditingPolicies_CreateOrUpdate", + "parameters": [ + { + "$ref": "#/parameters/ResourceGroupParameter" + }, + { + "$ref": "#/parameters/ServerNameParameter" + }, + { + "$ref": "#/parameters/DatabaseNameParameter" + }, + { + "$ref": "#/parameters/BlobAuditingPolicyNameParameter" + }, + { + "name": "parameters", + "in": "body", + "description": "The database blob auditing policy.", + "required": true, + "schema": { + "$ref": "#/definitions/DatabaseBlobAuditingPolicy" + } + }, + { + "$ref": "#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "Successfully set the database blob auditing policy.", + "schema": { + "$ref": "#/definitions/DatabaseBlobAuditingPolicy" + } + }, + "default": { + "description": "*** Error Responses: ***\n\n * 400 BlobAuditingIsNotSupportedOnResourceType - Blob Auditing is currently not supported for this resource type.\n\n * 400 InvalidDatabaseBlobAuditingPolicyCreateRequest - The create database blob auditing policy request does not exist or has no properties object.\n\n * 400 InvalidBlobAuditActionsAndGroups - Invalid audit actions or action groups.\n\n * 400 DataSecurityInvalidUserSuppliedParameter - An invalid parameter value was provided by the client.\n\n * 400 BlobAuditingInsufficientStorageAccountPermissions - Insufficient read or write permissions on the provided storage account.\n\n * 400 BlobAuditingStorageAccountIsDisabled - The provided storage account is disabled.\n\n * 400 BlobAuditingInvalidStorageAccountName - The provided storage account is not valid or does not exist.\n\n * 400 BlobAuditingInvalidStorageAccountCredentials - The provided storage account or access key is not valid.\n\n * 400 BlobAuditingIsNotSupportedOnGeoDr - Blob auditing can be configured on primary databases only.\n\n * 404 DatabaseDoesNotExist - User has specified a database name that does not exist on this server instance.\n\n * 404 SourceDatabaseNotFound - The source database does not exist.\n\n * 500 DatabaseIsUnavailable - Loading failed. Please try again later." + }, + "201": { + "description": "Successfully created the database blob auditing policy.", + "schema": { + "$ref": "#/definitions/DatabaseBlobAuditingPolicy" + } + } + }, + "x-ms-examples": { + "Create or update a database's blob auditing policy with minimal parameters": { + "$ref": "./examples/DatabaseBlobAuditingCreateMin.json" + }, + "Create or update a database's blob auditing policy with all parameters": { + "$ref": "./examples/DatabaseBlobAuditingCreateMax.json" + } + } + } + } + }, + "definitions": { + "DatabaseBlobAuditingPolicyProperties": { + "description": "Properties of a database blob auditing policy.", + "required": [ + "state" + ], + "type": "object", + "properties": { + "state": { + "description": "Specifies the state of the policy. If state is Enabled, storageEndpoint and storageAccountAccessKey are required.", + "enum": [ + "Enabled", + "Disabled" + ], + "type": "string", + "x-ms-enum": { + "name": "BlobAuditingPolicyState", + "modelAsString": false + } + }, + "storageEndpoint": { + "description": "Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). If state is Enabled, storageEndpoint is required.", + "type": "string" + }, + "storageAccountAccessKey": { + "description": "Specifies the identifier key of the auditing storage account. If state is Enabled, storageAccountAccessKey is required.", + "type": "string", + "x-ms-mutability": [ + "create", + "update" + ] + }, + "retentionDays": { + "format": "int32", + "description": "Specifies the number of days to keep in the audit logs.", + "type": "integer" + }, + "auditActionsAndGroups": { + "description": "Specifies the Actions-Groups and Actions to audit.\r\n\r\nThe recommended set of action groups to use is the following combination - this will audit all the queries and stored procedures executed against the database, as well as successful and failed logins:\r\n\r\nBATCH_COMPLETED_GROUP,\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,\r\nFAILED_DATABASE_AUTHENTICATION_GROUP.\r\n\r\nThis above combination is also the set that is configured by default when enabling auditing from the Azure portal.\r\n\r\nThe supported action groups to audit are (note: choose only specific groups that cover your auditing needs. Using unnecessary groups could lead to very large quantities of audit records):\r\n\r\nAPPLICATION_ROLE_CHANGE_PASSWORD_GROUP\r\nBACKUP_RESTORE_GROUP\r\nDATABASE_LOGOUT_GROUP\r\nDATABASE_OBJECT_CHANGE_GROUP\r\nDATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nDATABASE_OBJECT_PERMISSION_CHANGE_GROUP\r\nDATABASE_OPERATION_GROUP\r\nDATABASE_PERMISSION_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_IMPERSONATION_GROUP\r\nDATABASE_ROLE_MEMBER_CHANGE_GROUP\r\nFAILED_DATABASE_AUTHENTICATION_GROUP\r\nSCHEMA_OBJECT_ACCESS_GROUP\r\nSCHEMA_OBJECT_CHANGE_GROUP\r\nSCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nSCHEMA_OBJECT_PERMISSION_CHANGE_GROUP\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP\r\nUSER_CHANGE_PASSWORD_GROUP\r\nBATCH_STARTED_GROUP\r\nBATCH_COMPLETED_GROUP\r\n\r\nThese are groups that cover all sql statements and stored procedures executed against the database, and should not be used in combination with other groups as this will result in duplicate audit logs.\r\n\r\nFor more information, see [Database-Level Audit Action Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups).\r\n\r\nFor Database auditing policy, specific Actions can also be specified (note that Actions cannot be specified for Server auditing policy). The supported actions to audit are:\r\nSELECT\r\nUPDATE\r\nINSERT\r\nDELETE\r\nEXECUTE\r\nRECEIVE\r\nREFERENCES\r\n\r\nThe general form for defining an action to be audited is:\r\n ON BY \r\n\r\nNote that in the above format can refer to an object like a table, view, or stored procedure, or an entire database or schema. For the latter cases, the forms DATABASE:: and SCHEMA:: are used, respectively.\r\n\r\nFor example:\r\nSELECT on dbo.myTable by public\r\nSELECT on DATABASE::myDatabase by public\r\nSELECT on SCHEMA::mySchema by public\r\n\r\nFor more information, see [Database-Level Audit Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions)", + "type": "array", + "items": { + "type": "string" + } + }, + "storageAccountSubscriptionId": { + "format": "uuid", + "description": "Specifies the blob storage subscription Id.", + "type": "string" + }, + "isStorageSecondaryKeyInUse": { + "description": "Specifies whether storageAccountAccessKey value is the storage's secondary key.", + "type": "boolean" + } + } + }, + "DatabaseBlobAuditingPolicy": { + "description": "A database blob auditing policy.", + "type": "object", + "allOf": [ + { + "$ref": "../../../common/v1/types.json#/definitions/ProxyResource" + } + ], + "properties": { + "kind": { + "description": "Resource kind.", + "type": "string", + "readOnly": true + }, + "properties": { + "$ref": "#/definitions/DatabaseBlobAuditingPolicyProperties", + "description": "Resource properties.", + "x-ms-client-flatten": true + } + } + } + }, + "parameters": { + "SubscriptionIdParameter": { + "name": "subscriptionId", + "in": "path", + "description": "The subscription ID that identifies an Azure subscription.", + "required": true, + "type": "string", + "x-ms-parameter-location": "client" + }, + "ApiVersionParameter": { + "name": "api-version", + "in": "query", + "description": "The API version to use for the request.", + "required": true, + "type": "string", + "x-ms-parameter-location": "client" + }, + "ResourceGroupParameter": { + "name": "resourceGroupName", + "in": "path", + "description": "The name of the resource group that contains the resource. You can obtain this value from the Azure Resource Manager API or the portal.", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "ServerNameParameter": { + "name": "serverName", + "in": "path", + "description": "The name of the server.", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "ManagedInstanceNameParameter": { + "name": "managedInstanceName", + "in": "path", + "description": "The name of the managed instance.", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "DatabaseNameParameter": { + "name": "databaseName", + "in": "path", + "description": "The name of the database.", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "BlobAuditingPolicyNameParameter": { + "name": "blobAuditingPolicyName", + "in": "path", + "description": "The name of the blob auditing policy.", + "required": true, + "type": "string", + "enum": [ + "default" + ], + "x-ms-parameter-location": "method" + }, + "SqlVirtualMachineInstanceNameParameter": { + "name": "sqlVirtualMachineInstanceName", + "in": "path", + "description": "The name of the SqlVirtualMachineInstance.", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "SqlVirtualMachineContainerNameParameter": { + "name": "sqlVirtualMachineContainerName", + "in": "path", + "description": "The name of the SqlVirtualMachineContainer.", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "VirtualClusterNameParameter": { + "name": "virtualClusterName", + "in": "path", + "description": "The name of the virtual cluster.", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + } + }, + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "description": "Azure Active Directory OAuth2 Flow", + "flow": "implicit", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + } +} \ No newline at end of file diff --git a/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/blobAuditing.json b/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/blobAuditing.json new file mode 100644 index 000000000000..916da093d4f3 --- /dev/null +++ b/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/blobAuditing.json @@ -0,0 +1,851 @@ +{ + "swagger": "2.0", + "info": { + "version": "2017-03-01-preview", + "title": "SqlManagementClient", + "description": "The Azure SQL Database management API provides a RESTful set of web APIs that interact with Azure SQL Database services to manage your databases. The API enables users to create, retrieve, update, and delete databases, servers, and other entities." + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/databases/{databaseName}/extendedAuditingSettings/{blobAuditingPolicyName}": { + "get": { + "tags": [ + "BlobAuditing" + ], + "description": "Gets an extended database's blob auditing policy.", + "operationId": "ExtendedDatabaseBlobAuditingPolicies_Get", + "parameters": [ + { + "$ref": "#/parameters/ResourceGroupParameter" + }, + { + "$ref": "#/parameters/ServerNameParameter" + }, + { + "$ref": "#/parameters/DatabaseNameParameter" + }, + { + "$ref": "#/parameters/BlobAuditingPolicyNameParameter" + }, + { + "$ref": "#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "Successfully retrieved the extended database blob auditing policy.", + "schema": { + "$ref": "#/definitions/ExtendedDatabaseBlobAuditingPolicy" + } + }, + "default": { + "description": "*** Error Responses: ***\n\n * 400 BlobAuditingIsNotSupportedOnResourceType - Blob Auditing is currently not supported for this resource type.\n\n * 404 DatabaseDoesNotExist - User has specified a database name that does not exist on this server instance.\n\n * 404 SourceDatabaseNotFound - The source database does not exist.\n\n * 500 DatabaseIsUnavailable - Loading failed. Please try again later." + } + }, + "x-ms-examples": { + "Get an extended database's blob auditing policy": { + "$ref": "./examples/ExtendedDatabaseBlobAuditingGet.json" + } + } + }, + "put": { + "tags": [ + "BlobAuditing" + ], + "description": "Creates or updates an extended database's blob auditing policy.", + "operationId": "ExtendedDatabaseBlobAuditingPolicies_CreateOrUpdate", + "parameters": [ + { + "$ref": "#/parameters/ResourceGroupParameter" + }, + { + "$ref": "#/parameters/ServerNameParameter" + }, + { + "$ref": "#/parameters/DatabaseNameParameter" + }, + { + "$ref": "#/parameters/BlobAuditingPolicyNameParameter" + }, + { + "name": "parameters", + "in": "body", + "description": "The extended database blob auditing policy.", + "required": true, + "schema": { + "$ref": "#/definitions/ExtendedDatabaseBlobAuditingPolicy" + } + }, + { + "$ref": "#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "Successfully set the extended database blob auditing policy.", + "schema": { + "$ref": "#/definitions/ExtendedDatabaseBlobAuditingPolicy" + } + }, + "default": { + "description": "*** Error Responses: ***\n\n * 400 BlobAuditingIsNotSupportedOnResourceType - Blob Auditing is currently not supported for this resource type.\n\n * 400 BlobAuditingPredicateExpressionSyntaxError - Invalid value of parameter 'predicateExpression'.\n\n * 400 InvalidDatabaseBlobAuditingPolicyCreateRequest - The create database blob auditing policy request does not exist or has no properties object.\n\n * 400 InvalidBlobAuditActionsAndGroups - Invalid audit actions or action groups.\n\n * 400 DataSecurityInvalidUserSuppliedParameter - An invalid parameter value was provided by the client.\n\n * 400 BlobAuditingPredicateExpressionEmpty - Invalid parameter 'predicateExpression', value can not be empty.\n\n * 400 BlobAuditingInsufficientStorageAccountPermissions - Insufficient read or write permissions on the provided storage account.\n\n * 400 BlobAuditingStorageAccountIsDisabled - The provided storage account is disabled.\n\n * 400 BlobAuditingInvalidStorageAccountName - The provided storage account is not valid or does not exist.\n\n * 400 BlobAuditingInvalidStorageAccountCredentials - The provided storage account or access key is not valid.\n\n * 400 BlobAuditingIsNotSupportedOnGeoDr - Blob auditing can be configured on primary databases only.\n\n * 404 DatabaseDoesNotExist - User has specified a database name that does not exist on this server instance.\n\n * 404 SourceDatabaseNotFound - The source database does not exist.\n\n * 500 DatabaseIsUnavailable - Loading failed. Please try again later." + }, + "201": { + "description": "Successfully created the extended database blob auditing policy.", + "schema": { + "$ref": "#/definitions/ExtendedDatabaseBlobAuditingPolicy" + } + } + }, + "x-ms-examples": { + "Create or update an extended database's blob auditing policy with minimal parameters": { + "$ref": "./examples/ExtendedDatabaseBlobAuditingCreateMin.json" + }, + "Create or update an extended database's blob auditing policy with all parameters": { + "$ref": "./examples/ExtendedDatabaseBlobAuditingCreateMax.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/extendedAuditingSettings/{blobAuditingPolicyName}": { + "get": { + "tags": [ + "BlobAuditing" + ], + "description": "Gets an extended server's blob auditing policy.", + "operationId": "ExtendedServerBlobAuditingPolicies_Get", + "parameters": [ + { + "$ref": "#/parameters/ResourceGroupParameter" + }, + { + "$ref": "#/parameters/ServerNameParameter" + }, + { + "$ref": "#/parameters/BlobAuditingPolicyNameParameter" + }, + { + "$ref": "#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "Successfully retrieved the extended server blob auditing policy.", + "schema": { + "$ref": "#/definitions/ExtendedServerBlobAuditingPolicy" + } + }, + "default": { + "description": "*** Error Responses: ***\n\n * 404 SubscriptionDoesNotHaveServer - The requested server was not found" + } + }, + "x-ms-examples": { + "Get a server's blob extended auditing policy": { + "$ref": "./examples/ExtendedServerBlobAuditingGet.json" + } + } + }, + "put": { + "tags": [ + "BlobAuditing" + ], + "description": "Creates or updates an extended server's blob auditing policy.", + "operationId": "ExtendedServerBlobAuditingPolicies_CreateOrUpdate", + "parameters": [ + { + "$ref": "#/parameters/ResourceGroupParameter" + }, + { + "$ref": "#/parameters/ServerNameParameter" + }, + { + "$ref": "#/parameters/BlobAuditingPolicyNameParameter" + }, + { + "name": "parameters", + "in": "body", + "description": "Properties of extended blob auditing policy", + "required": true, + "schema": { + "$ref": "#/definitions/ExtendedServerBlobAuditingPolicy" + } + }, + { + "$ref": "#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "Successfully updated the extended auditing settings.", + "schema": { + "$ref": "#/definitions/ExtendedServerBlobAuditingPolicy" + } + }, + "default": { + "description": "*** Error Responses: ***\n\n * 400 InvalidServerBlobAuditingPolicyCreateRequest - The create server blob auditing policy request does not exist or has no properties object.\n\n * 400 InvalidBlobAuditActionsAndGroups - Invalid audit actions or action groups.\n\n * 400 DataSecurityInvalidUserSuppliedParameter - An invalid parameter value was provided by the client.\n\n * 400 BlobAuditingPredicateExpressionEmpty - Invalid parameter 'predicateExpression', value can not be empty.\n\n * 404 SubscriptionDoesNotHaveServer - The requested server was not found\n\n * 409 ServerBlobAuditingPolicyInProgress - Set server blob auditing is already in progress." + }, + "202": { + "description": "Updating the extended auditing settings is in progress." + } + }, + "x-ms-long-running-operation": true, + "x-ms-examples": { + "Update a server's extended blob auditing policy with all parameters": { + "$ref": "./examples/ExtendedServerBlobAuditingCreateMax.json" + }, + "Update a server's extended blob auditing policy with minimal parameters": { + "$ref": "./examples/ExtendedServerBlobAuditingCreateMin.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/auditingSettings/{blobAuditingPolicyName}": { + "get": { + "tags": [ + "BlobAuditing" + ], + "description": "Gets a server's blob auditing policy.", + "operationId": "ServerBlobAuditingPolicies_Get", + "parameters": [ + { + "$ref": "#/parameters/ResourceGroupParameter" + }, + { + "$ref": "#/parameters/ServerNameParameter" + }, + { + "$ref": "#/parameters/BlobAuditingPolicyNameParameter" + }, + { + "$ref": "#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "Successfully retrieved the server blob auditing policy.", + "schema": { + "$ref": "#/definitions/ServerBlobAuditingPolicy" + } + }, + "default": { + "description": "*** Error Responses: ***\n\n * 404 SubscriptionDoesNotHaveServer - The requested server was not found" + } + }, + "x-ms-examples": { + "Get a server's blob auditing policy": { + "$ref": "./examples/ServerBlobAuditingGet.json" + } + } + }, + "put": { + "tags": [ + "BlobAuditing" + ], + "description": "Creates or updates a server's blob auditing policy.", + "operationId": "ServerBlobAuditingPolicies_CreateOrUpdate", + "parameters": [ + { + "$ref": "#/parameters/ResourceGroupParameter" + }, + { + "$ref": "#/parameters/ServerNameParameter" + }, + { + "$ref": "#/parameters/BlobAuditingPolicyNameParameter" + }, + { + "name": "parameters", + "in": "body", + "description": "Properties of blob auditing policy", + "required": true, + "schema": { + "$ref": "#/definitions/ServerBlobAuditingPolicy" + } + }, + { + "$ref": "#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "Successfully updated the auditing settings.", + "schema": { + "$ref": "#/definitions/ServerBlobAuditingPolicy" + } + }, + "default": { + "description": "*** Error Responses: ***\n\n * 400 InvalidServerBlobAuditingPolicyCreateRequest - The create server blob auditing policy request does not exist or has no properties object.\n\n * 400 InvalidBlobAuditActionsAndGroups - Invalid audit actions or action groups.\n\n * 400 DataSecurityInvalidUserSuppliedParameter - An invalid parameter value was provided by the client.\n\n * 404 SubscriptionDoesNotHaveServer - The requested server was not found\n\n * 409 ServerBlobAuditingPolicyInProgress - Set server blob auditing is already in progress." + }, + "202": { + "description": "Updating the auditing settings is in progress." + } + }, + "x-ms-long-running-operation": true, + "x-ms-examples": { + "Update a server's blob auditing policy with all parameters": { + "$ref": "./examples/ServerBlobAuditingCreateMax.json" + }, + "Update a server's blob auditing policy with minimal parameters": { + "$ref": "./examples/ServerBlobAuditingCreateMin.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/databases/{databaseName}/auditingSettings/{blobAuditingPolicyName}": { + "get": { + "tags": [ + "BlobAuditing" + ], + "description": "Gets a database's blob auditing policy.", + "operationId": "DatabaseBlobAuditingPolicies_Get", + "parameters": [ + { + "$ref": "#/parameters/ResourceGroupParameter" + }, + { + "$ref": "#/parameters/ServerNameParameter" + }, + { + "$ref": "#/parameters/DatabaseNameParameter" + }, + { + "$ref": "#/parameters/BlobAuditingPolicyNameParameter" + }, + { + "$ref": "#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "Successfully retrieved the database blob auditing policy.", + "schema": { + "$ref": "#/definitions/DatabaseBlobAuditingPolicy" + } + }, + "default": { + "description": "*** Error Responses: ***\n\n * 400 BlobAuditingIsNotSupportedOnResourceType - Blob Auditing is currently not supported for this resource type.\n\n * 404 DatabaseDoesNotExist - User has specified a database name that does not exist on this server instance.\n\n * 404 SourceDatabaseNotFound - The source database does not exist.\n\n * 500 DatabaseIsUnavailable - Loading failed. Please try again later." + } + }, + "x-ms-examples": { + "Get a database's blob auditing policy": { + "$ref": "./examples/DatabaseBlobAuditingGet.json" + } + } + }, + "put": { + "tags": [ + "BlobAuditing" + ], + "description": "Creates or updates a database's blob auditing policy.", + "operationId": "DatabaseBlobAuditingPolicies_CreateOrUpdate", + "parameters": [ + { + "$ref": "#/parameters/ResourceGroupParameter" + }, + { + "$ref": "#/parameters/ServerNameParameter" + }, + { + "$ref": "#/parameters/DatabaseNameParameter" + }, + { + "$ref": "#/parameters/BlobAuditingPolicyNameParameter" + }, + { + "name": "parameters", + "in": "body", + "description": "The database blob auditing policy.", + "required": true, + "schema": { + "$ref": "#/definitions/DatabaseBlobAuditingPolicy" + } + }, + { + "$ref": "#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "Successfully set the database blob auditing policy.", + "schema": { + "$ref": "#/definitions/DatabaseBlobAuditingPolicy" + } + }, + "default": { + "description": "*** Error Responses: ***\n\n * 400 BlobAuditingIsNotSupportedOnResourceType - Blob Auditing is currently not supported for this resource type.\n\n * 400 InvalidDatabaseBlobAuditingPolicyCreateRequest - The create database blob auditing policy request does not exist or has no properties object.\n\n * 400 InvalidBlobAuditActionsAndGroups - Invalid audit actions or action groups.\n\n * 400 DataSecurityInvalidUserSuppliedParameter - An invalid parameter value was provided by the client.\n\n * 400 BlobAuditingInsufficientStorageAccountPermissions - Insufficient read or write permissions on the provided storage account.\n\n * 400 BlobAuditingStorageAccountIsDisabled - The provided storage account is disabled.\n\n * 400 BlobAuditingInvalidStorageAccountName - The provided storage account is not valid or does not exist.\n\n * 400 BlobAuditingInvalidStorageAccountCredentials - The provided storage account or access key is not valid.\n\n * 400 BlobAuditingIsNotSupportedOnGeoDr - Blob auditing can be configured on primary databases only.\n\n * 404 DatabaseDoesNotExist - User has specified a database name that does not exist on this server instance.\n\n * 404 SourceDatabaseNotFound - The source database does not exist.\n\n * 500 DatabaseIsUnavailable - Loading failed. Please try again later." + }, + "201": { + "description": "Successfully created the database blob auditing policy.", + "schema": { + "$ref": "#/definitions/DatabaseBlobAuditingPolicy" + } + } + }, + "x-ms-examples": { + "Create or update a database's blob auditing policy with minimal parameters": { + "$ref": "./examples/DatabaseBlobAuditingCreateMin.json" + }, + "Create or update a database's blob auditing policy with all parameters": { + "$ref": "./examples/DatabaseBlobAuditingCreateMax.json" + } + } + } + } + }, + "definitions": { + "ExtendedDatabaseBlobAuditingPolicyProperties": { + "description": "Properties of an extended database blob auditing policy.", + "required": [ + "state" + ], + "type": "object", + "properties": { + "predicateExpression": { + "description": "Specifies condition of where clause when creating an audit.", + "type": "string" + }, + "state": { + "description": "Specifies the state of the policy. If state is Enabled, storageEndpoint and storageAccountAccessKey are required.", + "enum": [ + "Enabled", + "Disabled" + ], + "type": "string", + "x-ms-enum": { + "name": "BlobAuditingPolicyState", + "modelAsString": false + } + }, + "storageEndpoint": { + "description": "Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). If state is Enabled, storageEndpoint is required.", + "type": "string" + }, + "storageAccountAccessKey": { + "description": "Specifies the identifier key of the auditing storage account. If state is Enabled, storageAccountAccessKey is required.", + "type": "string", + "x-ms-mutability": [ + "create", + "update" + ] + }, + "retentionDays": { + "format": "int32", + "description": "Specifies the number of days to keep in the audit logs.", + "type": "integer" + }, + "auditActionsAndGroups": { + "description": "Specifies the Actions-Groups and Actions to audit.\r\n\r\nThe recommended set of action groups to use is the following combination - this will audit all the queries and stored procedures executed against the database, as well as successful and failed logins:\r\n\r\nBATCH_COMPLETED_GROUP,\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,\r\nFAILED_DATABASE_AUTHENTICATION_GROUP.\r\n\r\nThis above combination is also the set that is configured by default when enabling auditing from the Azure portal.\r\n\r\nThe supported action groups to audit are (note: choose only specific groups that cover your auditing needs. Using unnecessary groups could lead to very large quantities of audit records):\r\n\r\nAPPLICATION_ROLE_CHANGE_PASSWORD_GROUP\r\nBACKUP_RESTORE_GROUP\r\nDATABASE_LOGOUT_GROUP\r\nDATABASE_OBJECT_CHANGE_GROUP\r\nDATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nDATABASE_OBJECT_PERMISSION_CHANGE_GROUP\r\nDATABASE_OPERATION_GROUP\r\nDATABASE_PERMISSION_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_IMPERSONATION_GROUP\r\nDATABASE_ROLE_MEMBER_CHANGE_GROUP\r\nFAILED_DATABASE_AUTHENTICATION_GROUP\r\nSCHEMA_OBJECT_ACCESS_GROUP\r\nSCHEMA_OBJECT_CHANGE_GROUP\r\nSCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nSCHEMA_OBJECT_PERMISSION_CHANGE_GROUP\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP\r\nUSER_CHANGE_PASSWORD_GROUP\r\nBATCH_STARTED_GROUP\r\nBATCH_COMPLETED_GROUP\r\n\r\nThese are groups that cover all sql statements and stored procedures executed against the database, and should not be used in combination with other groups as this will result in duplicate audit logs.\r\n\r\nFor more information, see [Database-Level Audit Action Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups).\r\n\r\nFor Database auditing policy, specific Actions can also be specified (note that Actions cannot be specified for Server auditing policy). The supported actions to audit are:\r\nSELECT\r\nUPDATE\r\nINSERT\r\nDELETE\r\nEXECUTE\r\nRECEIVE\r\nREFERENCES\r\n\r\nThe general form for defining an action to be audited is:\r\n ON BY \r\n\r\nNote that in the above format can refer to an object like a table, view, or stored procedure, or an entire database or schema. For the latter cases, the forms DATABASE:: and SCHEMA:: are used, respectively.\r\n\r\nFor example:\r\nSELECT on dbo.myTable by public\r\nSELECT on DATABASE::myDatabase by public\r\nSELECT on SCHEMA::mySchema by public\r\n\r\nFor more information, see [Database-Level Audit Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions)", + "type": "array", + "items": { + "type": "string" + } + }, + "storageAccountSubscriptionId": { + "format": "uuid", + "description": "Specifies the blob storage subscription Id.", + "type": "string" + }, + "isStorageSecondaryKeyInUse": { + "description": "Specifies whether storageAccountAccessKey value is the storage's secondary key.", + "type": "boolean" + } + } + }, + "Resource": { + "description": "ARM resource.", + "type": "object", + "properties": { + "id": { + "description": "Resource ID.", + "type": "string", + "readOnly": true + }, + "name": { + "description": "Resource name.", + "type": "string", + "readOnly": true + }, + "type": { + "description": "Resource type.", + "type": "string", + "readOnly": true + } + }, + "x-ms-azure-resource": true + }, + "ProxyResource": { + "description": "ARM proxy resource.", + "type": "object", + "allOf": [ + { + "$ref": "#/definitions/Resource" + } + ], + "properties": {} + }, + "ExtendedDatabaseBlobAuditingPolicy": { + "description": "An extended database blob auditing policy.", + "type": "object", + "allOf": [ + { + "$ref": "#/definitions/ProxyResource" + } + ], + "properties": { + "properties": { + "$ref": "#/definitions/ExtendedDatabaseBlobAuditingPolicyProperties", + "description": "Resource properties.", + "x-ms-client-flatten": true + } + } + }, + "ExtendedServerBlobAuditingPolicyProperties": { + "description": "Properties of an extended server blob auditing policy.", + "required": [ + "state" + ], + "type": "object", + "properties": { + "predicateExpression": { + "description": "Specifies condition of where clause when creating an audit.", + "type": "string" + }, + "state": { + "description": "Specifies the state of the policy. If state is Enabled, storageEndpoint and storageAccountAccessKey are required.", + "enum": [ + "Enabled", + "Disabled" + ], + "type": "string", + "x-ms-enum": { + "name": "BlobAuditingPolicyState", + "modelAsString": false + } + }, + "storageEndpoint": { + "description": "Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). If state is Enabled, storageEndpoint is required.", + "type": "string" + }, + "storageAccountAccessKey": { + "description": "Specifies the identifier key of the auditing storage account. If state is Enabled, storageAccountAccessKey is required.", + "type": "string", + "x-ms-mutability": [ + "create", + "update" + ] + }, + "retentionDays": { + "format": "int32", + "description": "Specifies the number of days to keep in the audit logs.", + "type": "integer" + }, + "auditActionsAndGroups": { + "description": "Specifies the Actions-Groups and Actions to audit.\r\n\r\nThe recommended set of action groups to use is the following combination - this will audit all the queries and stored procedures executed against the database, as well as successful and failed logins:\r\n\r\nBATCH_COMPLETED_GROUP,\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,\r\nFAILED_DATABASE_AUTHENTICATION_GROUP.\r\n\r\nThis above combination is also the set that is configured by default when enabling auditing from the Azure portal.\r\n\r\nThe supported action groups to audit are (note: choose only specific groups that cover your auditing needs. Using unnecessary groups could lead to very large quantities of audit records):\r\n\r\nAPPLICATION_ROLE_CHANGE_PASSWORD_GROUP\r\nBACKUP_RESTORE_GROUP\r\nDATABASE_LOGOUT_GROUP\r\nDATABASE_OBJECT_CHANGE_GROUP\r\nDATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nDATABASE_OBJECT_PERMISSION_CHANGE_GROUP\r\nDATABASE_OPERATION_GROUP\r\nDATABASE_PERMISSION_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_IMPERSONATION_GROUP\r\nDATABASE_ROLE_MEMBER_CHANGE_GROUP\r\nFAILED_DATABASE_AUTHENTICATION_GROUP\r\nSCHEMA_OBJECT_ACCESS_GROUP\r\nSCHEMA_OBJECT_CHANGE_GROUP\r\nSCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nSCHEMA_OBJECT_PERMISSION_CHANGE_GROUP\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP\r\nUSER_CHANGE_PASSWORD_GROUP\r\nBATCH_STARTED_GROUP\r\nBATCH_COMPLETED_GROUP\r\n\r\nThese are groups that cover all sql statements and stored procedures executed against the database, and should not be used in combination with other groups as this will result in duplicate audit logs.\r\n\r\nFor more information, see [Database-Level Audit Action Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups).\r\n\r\nFor Database auditing policy, specific Actions can also be specified (note that Actions cannot be specified for Server auditing policy). The supported actions to audit are:\r\nSELECT\r\nUPDATE\r\nINSERT\r\nDELETE\r\nEXECUTE\r\nRECEIVE\r\nREFERENCES\r\n\r\nThe general form for defining an action to be audited is:\r\n ON BY \r\n\r\nNote that in the above format can refer to an object like a table, view, or stored procedure, or an entire database or schema. For the latter cases, the forms DATABASE:: and SCHEMA:: are used, respectively.\r\n\r\nFor example:\r\nSELECT on dbo.myTable by public\r\nSELECT on DATABASE::myDatabase by public\r\nSELECT on SCHEMA::mySchema by public\r\n\r\nFor more information, see [Database-Level Audit Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions)", + "type": "array", + "items": { + "type": "string" + } + }, + "storageAccountSubscriptionId": { + "format": "uuid", + "description": "Specifies the blob storage subscription Id.", + "type": "string" + }, + "isStorageSecondaryKeyInUse": { + "description": "Specifies whether storageAccountAccessKey value is the storage's secondary key.", + "type": "boolean" + } + } + }, + "ExtendedServerBlobAuditingPolicy": { + "description": "An extended server blob auditing policy.", + "type": "object", + "allOf": [ + { + "$ref": "#/definitions/ProxyResource" + } + ], + "properties": { + "properties": { + "$ref": "#/definitions/ExtendedServerBlobAuditingPolicyProperties", + "description": "Resource properties.", + "x-ms-client-flatten": true + } + } + }, + "ServerBlobAuditingPolicyProperties": { + "description": "Properties of a server blob auditing policy.", + "required": [ + "state" + ], + "type": "object", + "properties": { + "state": { + "description": "Specifies the state of the policy. If state is Enabled, storageEndpoint and storageAccountAccessKey are required.", + "enum": [ + "Enabled", + "Disabled" + ], + "type": "string", + "x-ms-enum": { + "name": "BlobAuditingPolicyState", + "modelAsString": false + } + }, + "storageEndpoint": { + "description": "Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). If state is Enabled, storageEndpoint is required.", + "type": "string" + }, + "storageAccountAccessKey": { + "description": "Specifies the identifier key of the auditing storage account. If state is Enabled, storageAccountAccessKey is required.", + "type": "string", + "x-ms-mutability": [ + "create", + "update" + ] + }, + "retentionDays": { + "format": "int32", + "description": "Specifies the number of days to keep in the audit logs.", + "type": "integer" + }, + "auditActionsAndGroups": { + "description": "Specifies the Actions-Groups and Actions to audit.\r\n\r\nThe recommended set of action groups to use is the following combination - this will audit all the queries and stored procedures executed against the database, as well as successful and failed logins:\r\n\r\nBATCH_COMPLETED_GROUP,\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,\r\nFAILED_DATABASE_AUTHENTICATION_GROUP.\r\n\r\nThis above combination is also the set that is configured by default when enabling auditing from the Azure portal.\r\n\r\nThe supported action groups to audit are (note: choose only specific groups that cover your auditing needs. Using unnecessary groups could lead to very large quantities of audit records):\r\n\r\nAPPLICATION_ROLE_CHANGE_PASSWORD_GROUP\r\nBACKUP_RESTORE_GROUP\r\nDATABASE_LOGOUT_GROUP\r\nDATABASE_OBJECT_CHANGE_GROUP\r\nDATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nDATABASE_OBJECT_PERMISSION_CHANGE_GROUP\r\nDATABASE_OPERATION_GROUP\r\nDATABASE_PERMISSION_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_IMPERSONATION_GROUP\r\nDATABASE_ROLE_MEMBER_CHANGE_GROUP\r\nFAILED_DATABASE_AUTHENTICATION_GROUP\r\nSCHEMA_OBJECT_ACCESS_GROUP\r\nSCHEMA_OBJECT_CHANGE_GROUP\r\nSCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nSCHEMA_OBJECT_PERMISSION_CHANGE_GROUP\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP\r\nUSER_CHANGE_PASSWORD_GROUP\r\nBATCH_STARTED_GROUP\r\nBATCH_COMPLETED_GROUP\r\n\r\nThese are groups that cover all sql statements and stored procedures executed against the database, and should not be used in combination with other groups as this will result in duplicate audit logs.\r\n\r\nFor more information, see [Database-Level Audit Action Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups).\r\n\r\nFor Database auditing policy, specific Actions can also be specified (note that Actions cannot be specified for Server auditing policy). The supported actions to audit are:\r\nSELECT\r\nUPDATE\r\nINSERT\r\nDELETE\r\nEXECUTE\r\nRECEIVE\r\nREFERENCES\r\n\r\nThe general form for defining an action to be audited is:\r\n ON BY \r\n\r\nNote that in the above format can refer to an object like a table, view, or stored procedure, or an entire database or schema. For the latter cases, the forms DATABASE:: and SCHEMA:: are used, respectively.\r\n\r\nFor example:\r\nSELECT on dbo.myTable by public\r\nSELECT on DATABASE::myDatabase by public\r\nSELECT on SCHEMA::mySchema by public\r\n\r\nFor more information, see [Database-Level Audit Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions)", + "type": "array", + "items": { + "type": "string" + } + }, + "storageAccountSubscriptionId": { + "format": "uuid", + "description": "Specifies the blob storage subscription Id.", + "type": "string" + }, + "isStorageSecondaryKeyInUse": { + "description": "Specifies whether storageAccountAccessKey value is the storage's secondary key.", + "type": "boolean" + } + } + }, + "ServerBlobAuditingPolicy": { + "description": "A server blob auditing policy.", + "type": "object", + "allOf": [ + { + "$ref": "#/definitions/ProxyResource" + } + ], + "properties": { + "properties": { + "$ref": "#/definitions/ServerBlobAuditingPolicyProperties", + "description": "Resource properties.", + "x-ms-client-flatten": true + } + } + }, + "DatabaseBlobAuditingPolicyProperties": { + "description": "Properties of a database blob auditing policy.", + "required": [ + "state" + ], + "type": "object", + "properties": { + "state": { + "description": "Specifies the state of the policy. If state is Enabled, storageEndpoint and storageAccountAccessKey are required.", + "enum": [ + "Enabled", + "Disabled" + ], + "type": "string", + "x-ms-enum": { + "name": "BlobAuditingPolicyState", + "modelAsString": false + } + }, + "storageEndpoint": { + "description": "Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). If state is Enabled, storageEndpoint is required.", + "type": "string" + }, + "storageAccountAccessKey": { + "description": "Specifies the identifier key of the auditing storage account. If state is Enabled, storageAccountAccessKey is required.", + "type": "string", + "x-ms-mutability": [ + "create", + "update" + ] + }, + "retentionDays": { + "format": "int32", + "description": "Specifies the number of days to keep in the audit logs.", + "type": "integer" + }, + "auditActionsAndGroups": { + "description": "Specifies the Actions-Groups and Actions to audit.\r\n\r\nThe recommended set of action groups to use is the following combination - this will audit all the queries and stored procedures executed against the database, as well as successful and failed logins:\r\n\r\nBATCH_COMPLETED_GROUP,\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,\r\nFAILED_DATABASE_AUTHENTICATION_GROUP.\r\n\r\nThis above combination is also the set that is configured by default when enabling auditing from the Azure portal.\r\n\r\nThe supported action groups to audit are (note: choose only specific groups that cover your auditing needs. Using unnecessary groups could lead to very large quantities of audit records):\r\n\r\nAPPLICATION_ROLE_CHANGE_PASSWORD_GROUP\r\nBACKUP_RESTORE_GROUP\r\nDATABASE_LOGOUT_GROUP\r\nDATABASE_OBJECT_CHANGE_GROUP\r\nDATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nDATABASE_OBJECT_PERMISSION_CHANGE_GROUP\r\nDATABASE_OPERATION_GROUP\r\nDATABASE_PERMISSION_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_IMPERSONATION_GROUP\r\nDATABASE_ROLE_MEMBER_CHANGE_GROUP\r\nFAILED_DATABASE_AUTHENTICATION_GROUP\r\nSCHEMA_OBJECT_ACCESS_GROUP\r\nSCHEMA_OBJECT_CHANGE_GROUP\r\nSCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nSCHEMA_OBJECT_PERMISSION_CHANGE_GROUP\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP\r\nUSER_CHANGE_PASSWORD_GROUP\r\nBATCH_STARTED_GROUP\r\nBATCH_COMPLETED_GROUP\r\n\r\nThese are groups that cover all sql statements and stored procedures executed against the database, and should not be used in combination with other groups as this will result in duplicate audit logs.\r\n\r\nFor more information, see [Database-Level Audit Action Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups).\r\n\r\nFor Database auditing policy, specific Actions can also be specified (note that Actions cannot be specified for Server auditing policy). The supported actions to audit are:\r\nSELECT\r\nUPDATE\r\nINSERT\r\nDELETE\r\nEXECUTE\r\nRECEIVE\r\nREFERENCES\r\n\r\nThe general form for defining an action to be audited is:\r\n ON BY \r\n\r\nNote that in the above format can refer to an object like a table, view, or stored procedure, or an entire database or schema. For the latter cases, the forms DATABASE:: and SCHEMA:: are used, respectively.\r\n\r\nFor example:\r\nSELECT on dbo.myTable by public\r\nSELECT on DATABASE::myDatabase by public\r\nSELECT on SCHEMA::mySchema by public\r\n\r\nFor more information, see [Database-Level Audit Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions)", + "type": "array", + "items": { + "type": "string" + } + }, + "storageAccountSubscriptionId": { + "format": "uuid", + "description": "Specifies the blob storage subscription Id.", + "type": "string" + }, + "isStorageSecondaryKeyInUse": { + "description": "Specifies whether storageAccountAccessKey value is the storage's secondary key.", + "type": "boolean" + } + } + }, + "DatabaseBlobAuditingPolicy": { + "description": "A database blob auditing policy.", + "type": "object", + "allOf": [ + { + "$ref": "#/definitions/ProxyResource" + } + ], + "properties": { + "kind": { + "description": "Resource kind.", + "type": "string", + "readOnly": true + }, + "properties": { + "$ref": "#/definitions/DatabaseBlobAuditingPolicyProperties", + "description": "Resource properties.", + "x-ms-client-flatten": true + } + } + } + }, + "parameters": { + "SubscriptionIdParameter": { + "name": "subscriptionId", + "in": "path", + "description": "The subscription ID that identifies an Azure subscription.", + "required": true, + "type": "string", + "x-ms-parameter-location": "client" + }, + "ApiVersionParameter": { + "name": "api-version", + "in": "query", + "description": "The API version to use for the request.", + "required": true, + "type": "string", + "x-ms-parameter-location": "client" + }, + "ResourceGroupParameter": { + "name": "resourceGroupName", + "in": "path", + "description": "The name of the resource group that contains the resource. You can obtain this value from the Azure Resource Manager API or the portal.", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "ServerNameParameter": { + "name": "serverName", + "in": "path", + "description": "The name of the server.", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "ManagedInstanceNameParameter": { + "name": "managedInstanceName", + "in": "path", + "description": "The name of the managed instance.", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "DatabaseNameParameter": { + "name": "databaseName", + "in": "path", + "description": "The name of the database.", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "BlobAuditingPolicyNameParameter": { + "name": "blobAuditingPolicyName", + "in": "path", + "description": "The name of the blob auditing policy.", + "required": true, + "type": "string", + "enum": [ + "default" + ], + "x-ms-parameter-location": "method" + }, + "SqlVirtualMachineInstanceNameParameter": { + "name": "sqlVirtualMachineInstanceName", + "in": "path", + "description": "The name of the SqlVirtualMachineInstance.", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "SqlVirtualMachineContainerNameParameter": { + "name": "sqlVirtualMachineContainerName", + "in": "path", + "description": "The name of the SqlVirtualMachineContainer.", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "VirtualClusterNameParameter": { + "name": "virtualClusterName", + "in": "path", + "description": "The name of the virtual cluster.", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + } + }, + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "description": "Azure Active Directory OAuth2 Flow", + "flow": "implicit", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + } +} \ No newline at end of file diff --git a/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/DatabaseBlobAuditingCreateMax.json b/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/DatabaseBlobAuditingCreateMax.json new file mode 100644 index 000000000000..a571903ebf91 --- /dev/null +++ b/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/DatabaseBlobAuditingCreateMax.json @@ -0,0 +1,57 @@ +{ + "parameters": { + "subscriptionId": "00000000-1111-2222-3333-444444444444", + "resourceGroupName": "blobauditingtest-4799", + "serverName": "blobauditingtest-6440", + "databaseName": "testdb", + "blobAuditingPolicyName": "default", + "api-version": "2017-03-01-preview", + "parameters": { + "properties": { + "state": "Enabled", + "storageAccountAccessKey": "sdlfkjabc+sdlfkjsdlkfsjdfLDKFTERLKFDFKLjsdfksjdflsdkfD2342309432849328476458/3RSD==", + "storageEndpoint": "https://mystorage.blob.core.windows.net", + "retentionDays": 6, + "storageAccountSubscriptionId": "00000000-1234-0000-5678-000000000000", + "isStorageSecondaryKeyInUse": false, + "auditActionsAndGroups":["DATABASE_LOGOUT_GROUP","DATABASE_ROLE_MEMBER_CHANGE_GROUP", "UPDATE on database::TestDatabaseName by public"] + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/blobauditingtest-4799/providers/Microsoft.Sql/servers/blobauditingtest-6440/databases/testdb", + "name": "default", + "type": "Microsoft.Sql/servers/databases/auditingSettings", + "kind": "V12", + "properties": { + "state":"Enabled", + "storageEndpoint": "https://mystorage.blob.core.windows.net", + "storageAccountAccessKey": "", + "retentionDays": 0, + "storageAccountSubscriptionId": "00000000-1234-0000-5678-000000000000", + "isStorageSecondaryKeyInUse": false, + "auditActionsAndGroups": ["DATABASE_LOGOUT_GROUP", "DATABASE_ROLE_MEMBER_CHANGE_GROUP", "UPDATE on database::TestDatabaseName by public"] + } + } + }, + "201": { + "body": { + "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/blobauditingtest-4799/providers/Microsoft.Sql/servers/blobauditingtest-6440/databases/testdb", + "name": "default", + "type": "Microsoft.Sql/servers/databases/auditingSettings", + "kind": "V12", + "properties": { + "state":"Enabled", + "storageEndpoint": "https://mystorage.blob.core.windows.net", + "storageAccountAccessKey": "", + "retentionDays": 0, + "storageAccountSubscriptionId": "00000000-1234-0000-5678-000000000000", + "isStorageSecondaryKeyInUse": false, + "auditActionsAndGroups": ["DATABASE_LOGOUT_GROUP", "DATABASE_ROLE_MEMBER_CHANGE_GROUP", "UPDATE on database::TestDatabaseName by public"] + } + } + } + } +} \ No newline at end of file diff --git a/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/DatabaseBlobAuditingCreateMin.json b/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/DatabaseBlobAuditingCreateMin.json new file mode 100644 index 000000000000..6821106df1d8 --- /dev/null +++ b/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/DatabaseBlobAuditingCreateMin.json @@ -0,0 +1,53 @@ +{ + "parameters": { + "subscriptionId": "00000000-1111-2222-3333-444444444444", + "resourceGroupName": "blobauditingtest-4799", + "serverName": "blobauditingtest-6440", + "databaseName": "testdb", + "blobAuditingPolicyName": "default", + "api-version": "2017-03-01-preview", + "parameters": { + "properties": { + "state": "Enabled", + "storageAccountAccessKey": "sdlfkjabc+sdlfkjsdlkfsjdfLDKFTERLKFDFKLjsdfksjdflsdkfD2342309432849328476458/3RSD==", + "storageEndpoint": "https://mystorage.blob.core.windows.net" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/blobauditingtest-4799/providers/Microsoft.Sql/servers/blobauditingtest-6440/databases/testdb", + "name": "default", + "type": "Microsoft.Sql/servers/databases/auditingSettings", + "kind": "V12", + "properties": { + "state":"Enabled", + "storageEndpoint": "https://mystorage.blob.core.windows.net", + "storageAccountAccessKey": "", + "retentionDays": 0, + "storageAccountSubscriptionId": "00000000-0000-0000-0000-000000000000", + "isStorageSecondaryKeyInUse": false, + "auditActionsAndGroups":["SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP","FAILED_DATABASE_AUTHENTICATION_GROUP","BATCH_COMPLETED_GROUP"] + } + } + }, + "201": { + "body": { + "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/blobauditingtest-4799/providers/Microsoft.Sql/servers/blobauditingtest-6440/databases/testdb", + "name": "default", + "type": "Microsoft.Sql/servers/databases/auditingSettings", + "kind": "V12", + "properties": { + "state":"Enabled", + "storageEndpoint": "https://mystorage.blob.core.windows.net", + "storageAccountAccessKey": "", + "retentionDays": 0, + "storageAccountSubscriptionId": "00000000-0000-0000-0000-000000000000", + "isStorageSecondaryKeyInUse": false, + "auditActionsAndGroups":["SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP","FAILED_DATABASE_AUTHENTICATION_GROUP","BATCH_COMPLETED_GROUP"] + } + } + } + } +} \ No newline at end of file diff --git a/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/DatabaseBlobAuditingGet.json b/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/DatabaseBlobAuditingGet.json new file mode 100644 index 000000000000..9637d314f0bc --- /dev/null +++ b/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/DatabaseBlobAuditingGet.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "subscriptionId": "00000000-1111-2222-3333-444444444444", + "resourceGroupName": "blobauditingtest-6852", + "serverName": "blobauditingtest-2080", + "databaseName": "testdb", + "blobAuditingPolicyName": "default", + "api-version": "2017-03-01-preview" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/blobauditingtest-6852/providers/Microsoft.Sql/servers/blobauditingtest-2080/databases/testdb", + "name": "default", + "type": "Microsoft.Sql/servers/databases/auditingSettings", + "kind": "V12", + "properties": { + "state": "Disabled", + "storageEndpoint": "", + "retentionDays": 0, + "auditActionsAndGroups": [], + "storageAccountSubscriptionId": "00000000-0000-0000-0000-000000000000", + "isStorageSecondaryKeyInUse": false + } + } + } + } +} \ No newline at end of file diff --git a/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/ExtendedDatabaseBlobAuditingCreateMax.json b/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/ExtendedDatabaseBlobAuditingCreateMax.json new file mode 100644 index 000000000000..c3d225765d3d --- /dev/null +++ b/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/ExtendedDatabaseBlobAuditingCreateMax.json @@ -0,0 +1,56 @@ +{ + "parameters": { + "subscriptionId": "00000000-1111-2222-3333-444444444444", + "resourceGroupName": "blobauditingtest-4799", + "serverName": "blobauditingtest-6440", + "databaseName": "testdb", + "blobAuditingPolicyName": "default", + "api-version": "2017-03-01-preview", + "parameters": { + "properties": { + "state": "Enabled", + "storageAccountAccessKey": "sdlfkjabc+sdlfkjsdlkfsjdfLDKFTERLKFDFKLjsdfksjdflsdkfD2342309432849328476458/3RSD==", + "storageEndpoint": "https://mystorage.blob.core.windows.net", + "retentionDays": 6, + "storageAccountSubscriptionId": "00000000-1234-0000-5678-000000000000", + "isStorageSecondaryKeyInUse": false, + "auditActionsAndGroups": [ "DATABASE_LOGOUT_GROUP", "DATABASE_ROLE_MEMBER_CHANGE_GROUP", "UPDATE on database::TestDatabaseName by public" ], + "predicateExpression": "statement = 'select 1'" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/blobauditingtest-4799/providers/Microsoft.Sql/servers/blobauditingtest-6440/databases/testdb", + "name": "default", + "type": "Microsoft.Sql/servers/databases/extendedAuditingSettings", + "properties": { + "state":"Enabled", + "storageEndpoint": "https://mystorage.blob.core.windows.net", + "retentionDays": 0, + "storageAccountSubscriptionId": "00000000-1234-0000-5678-000000000000", + "isStorageSecondaryKeyInUse": false, + "auditActionsAndGroups": [ "DATABASE_LOGOUT_GROUP", "DATABASE_ROLE_MEMBER_CHANGE_GROUP", "UPDATE on database::TestDatabaseName by public" ], + "predicateExpression": "statement = 'select 1'" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/blobauditingtest-4799/providers/Microsoft.Sql/servers/blobauditingtest-6440/databases/testdb", + "name": "default", + "type": "Microsoft.Sql/servers/databases/extendedAuditingSettings", + "properties": { + "state":"Enabled", + "storageEndpoint": "https://mystorage.blob.core.windows.net", + "retentionDays": 0, + "storageAccountSubscriptionId": "00000000-1234-0000-5678-000000000000", + "isStorageSecondaryKeyInUse": false, + "auditActionsAndGroups": [ "DATABASE_LOGOUT_GROUP", "DATABASE_ROLE_MEMBER_CHANGE_GROUP", "UPDATE on database::TestDatabaseName by public" ], + "predicateExpression": "statement = 'select 1'" + } + } + } + } +} \ No newline at end of file diff --git a/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/ExtendedDatabaseBlobAuditingCreateMin.json b/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/ExtendedDatabaseBlobAuditingCreateMin.json new file mode 100644 index 000000000000..822c2619666d --- /dev/null +++ b/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/ExtendedDatabaseBlobAuditingCreateMin.json @@ -0,0 +1,49 @@ +{ + "parameters": { + "subscriptionId": "00000000-1111-2222-3333-444444444444", + "resourceGroupName": "blobauditingtest-4799", + "serverName": "blobauditingtest-6440", + "databaseName": "testdb", + "blobAuditingPolicyName": "default", + "api-version": "2017-03-01-preview", + "parameters": { + "properties": { + "state": "Enabled", + "storageAccountAccessKey": "sdlfkjabc+sdlfkjsdlkfsjdfLDKFTERLKFDFKLjsdfksjdflsdkfD2342309432849328476458/3RSD==", + "storageEndpoint": "https://mystorage.blob.core.windows.net" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/blobauditingtest-4799/providers/Microsoft.Sql/servers/blobauditingtest-6440/databases/testdb", + "name": "default", + "type": "Microsoft.Sql/servers/databases/extendedAuditingSettings", + "properties": { + "state":"Enabled", + "storageEndpoint": "https://mystorage.blob.core.windows.net", + "retentionDays": 0, + "storageAccountSubscriptionId": "00000000-0000-0000-0000-000000000000", + "isStorageSecondaryKeyInUse": false, + "auditActionsAndGroups":["SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP","FAILED_DATABASE_AUTHENTICATION_GROUP","BATCH_COMPLETED_GROUP"] + } + } + }, + "201": { + "body": { + "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/blobauditingtest-4799/providers/Microsoft.Sql/servers/blobauditingtest-6440/databases/testdb", + "name": "default", + "type": "Microsoft.Sql/servers/databases/extendedAuditingSettings", + "properties": { + "state":"Enabled", + "storageEndpoint": "https://mystorage.blob.core.windows.net", + "retentionDays": 0, + "storageAccountSubscriptionId": "00000000-0000-0000-0000-000000000000", + "isStorageSecondaryKeyInUse": false, + "auditActionsAndGroups":["SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP","FAILED_DATABASE_AUTHENTICATION_GROUP","BATCH_COMPLETED_GROUP"] + } + } + } + } +} \ No newline at end of file diff --git a/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/ExtendedDatabaseBlobAuditingGet.json b/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/ExtendedDatabaseBlobAuditingGet.json new file mode 100644 index 000000000000..46a66ce2854c --- /dev/null +++ b/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/ExtendedDatabaseBlobAuditingGet.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "subscriptionId": "00000000-1111-2222-3333-444444444444", + "resourceGroupName": "blobauditingtest-6852", + "serverName": "blobauditingtest-2080", + "databaseName": "testdb", + "blobAuditingPolicyName": "default", + "api-version": "2017-03-01-preview" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/blobauditingtest-6852/providers/Microsoft.Sql/servers/blobauditingtest-2080/databases/testdb", + "name": "default", + "type": "Microsoft.Sql/servers/databases/extendedAuditingSettings", + "properties": { + "state": "Disabled", + "storageEndpoint": "", + "retentionDays": 0, + "auditActionsAndGroups": [], + "storageAccountSubscriptionId": "00000000-0000-0000-0000-000000000000", + "isStorageSecondaryKeyInUse": false, + "predicateExpression": "statement = 'select 1'" + } + } + } + } +} \ No newline at end of file diff --git a/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/ExtendedServerBlobAuditingCreateMax.json b/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/ExtendedServerBlobAuditingCreateMax.json new file mode 100644 index 000000000000..cd0ce930e7fa --- /dev/null +++ b/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/ExtendedServerBlobAuditingCreateMax.json @@ -0,0 +1,43 @@ +{ + "parameters": { + "subscriptionId": "00000000-1111-2222-3333-444444444444", + "resourceGroupName": "blobauditingtest-4799", + "serverName": "blobauditingtest-6440", + "blobAuditingPolicyName": "default", + "api-version": "2017-03-01-preview", + "parameters": { + "properties": { + "state": "Enabled", + "storageAccountAccessKey": "sdlfkjabc+sdlfkjsdlkfsjdfLDKFTERLKFDFKLjsdfksjdflsdkfD2342309432849328476458/3RSD==", + "storageEndpoint": "https://mystorage.blob.core.windows.net", + "retentionDays": 6, + "storageAccountSubscriptionId": "00000000-1234-0000-5678-000000000000", + "isStorageSecondaryKeyInUse": false, + "auditActionsAndGroups": [ "SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP", "FAILED_DATABASE_AUTHENTICATION_GROUP", "BATCH_COMPLETED_GROUP" ], + "predicateExpression": "object_name = 'SensitiveData'" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/blobauditingtest-4799/providers/Microsoft.Sql/servers/blobauditingtest-6440/extendedAuditingSettings/default", + "name": "default", + "type": "Microsoft.Sql/servers/extendedAuditingSettings", + "properties": { + "state": "Enabled", + "storageEndpoint": "https://mystorage.blob.core.windows.net", + "retentionDays": 6, + "storageAccountSubscriptionId": "00000000-1234-0000-5678-000000000000", + "isStorageSecondaryKeyInUse": false, + "auditActionsAndGroups": [ "SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP", "FAILED_DATABASE_AUTHENTICATION_GROUP", "BATCH_COMPLETED_GROUP" ], + "predicateExpression": "object_name = 'SensitiveData'" + } + } + }, + "202": { + "startTime": "2017-11-22T09:34:54.72Z", + "operation": "UpsertServerEngineAuditingPolicy" + } + } +} \ No newline at end of file diff --git a/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/ExtendedServerBlobAuditingCreateMin.json b/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/ExtendedServerBlobAuditingCreateMin.json new file mode 100644 index 000000000000..95847565cb3d --- /dev/null +++ b/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/ExtendedServerBlobAuditingCreateMin.json @@ -0,0 +1,37 @@ +{ + "parameters": { + "subscriptionId": "00000000-1111-2222-3333-444444444444", + "resourceGroupName": "blobauditingtest-4799", + "serverName": "blobauditingtest-6440", + "blobAuditingPolicyName": "default", + "api-version": "2017-03-01-preview", + "parameters": { + "properties": { + "state": "Enabled", + "storageAccountAccessKey": "sdlfkjabc+sdlfkjsdlkfsjdfLDKFTERLKFDFKLjsdfksjdflsdkfD2342309432849328476458/3RSD==", + "storageEndpoint": "https://mystorage.blob.core.windows.net" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/blobauditingtest-4799/providers/Microsoft.Sql/servers/blobauditingtest-6440/extendedAuditingSettings/default", + "name": "default", + "type": "Microsoft.Sql/servers/extendedAuditingSettings", + "properties": { + "state": "Enabled", + "storageEndpoint": "https://mystorage.blob.core.windows.net", + "retentionDays": 6, + "storageAccountSubscriptionId": "00000000-1234-0000-5678-000000000000", + "isStorageSecondaryKeyInUse": false, + "auditActionsAndGroups": [ "SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP", "FAILED_DATABASE_AUTHENTICATION_GROUP", "BATCH_COMPLETED_GROUP" ] + } + } + }, + "202": { + "startTime": "2017-11-22T09:34:54.72Z", + "operation": "UpsertServerEngineAuditingPolicy" + } + } +} \ No newline at end of file diff --git a/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/ExtendedServerBlobAuditingGet.json b/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/ExtendedServerBlobAuditingGet.json new file mode 100644 index 000000000000..1c13d70019b3 --- /dev/null +++ b/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/ExtendedServerBlobAuditingGet.json @@ -0,0 +1,27 @@ +{ + "parameters": { + "subscriptionId": "00000000-1111-2222-3333-444444444444", + "resourceGroupName": "blobauditingtest-4799", + "serverName": "blobauditingtest-6440", + "blobAuditingPolicyName": "default", + "api-version": "2017-03-01-preview" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/blobauditingtest-6852/providers/Microsoft.Sql/servers/blobauditingtest-2080/extendedAuditingSettings/default", + "name": "default", + "type": "Microsoft.Sql/servers/extendedAuditingSettings", + "properties": { + "state": "Disabled", + "storageEndpoint": "", + "retentionDays": 0, + "auditActionsAndGroups": [], + "storageAccountSubscriptionId": "00000000-0000-0000-0000-000000000000", + "isStorageSecondaryKeyInUse": false, + "predicateExpression": "object_name = 'SensitiveData'" + } + } + } + } +} \ No newline at end of file diff --git a/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/ServerBlobAuditingCreateMax.json b/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/ServerBlobAuditingCreateMax.json index 74919d55125f..144353d69a54 100644 --- a/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/ServerBlobAuditingCreateMax.json +++ b/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/ServerBlobAuditingCreateMax.json @@ -3,7 +3,7 @@ "subscriptionId": "00000000-1111-2222-3333-444444444444", "resourceGroupName": "blobauditingtest-4799", "serverName": "blobauditingtest-6440", - "blobAuditingPolicyName": "Default", + "blobAuditingPolicyName": "default", "api-version": "2017-03-01-preview", "parameters": { "properties": { @@ -20,13 +20,12 @@ "responses": { "200": { "body": { - "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/blobauditingtest-4799/providers/Microsoft.Sql/servers/blobauditingtest-6440/auditingSettings/Default", - "name": "Default", + "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/blobauditingtest-4799/providers/Microsoft.Sql/servers/blobauditingtest-6440/auditingSettings/default", + "name": "default", "type": "Microsoft.Sql/servers/auditingSettings", "properties": { "state": "Enabled", "storageEndpoint": "https://mystorage.blob.core.windows.net", - "storageAccountAccessKey": "", "retentionDays": 6, "storageAccountSubscriptionId": "00000000-1234-0000-5678-000000000000", "isStorageSecondaryKeyInUse": false, @@ -34,6 +33,9 @@ } } }, - "202": { } + "202": { + "startTime": "2017-11-22T09:34:54.72Z", + "operation": "UpsertServerEngineAuditingPolicy" + } } } diff --git a/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/ServerBlobAuditingCreateMin.json b/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/ServerBlobAuditingCreateMin.json new file mode 100644 index 000000000000..217a8d05ce80 --- /dev/null +++ b/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/ServerBlobAuditingCreateMin.json @@ -0,0 +1,37 @@ +{ + "parameters": { + "subscriptionId": "00000000-1111-2222-3333-444444444444", + "resourceGroupName": "blobauditingtest-4799", + "serverName": "blobauditingtest-6440", + "blobAuditingPolicyName": "default", + "api-version": "2017-03-01-preview", + "parameters": { + "properties": { + "state": "Enabled", + "storageAccountAccessKey": "sdlfkjabc+sdlfkjsdlkfsjdfLDKFTERLKFDFKLjsdfksjdflsdkfD2342309432849328476458/3RSD==", + "storageEndpoint": "https://mystorage.blob.core.windows.net" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/blobauditingtest-4799/providers/Microsoft.Sql/servers/blobauditingtest-6440/auditingSettings/default", + "name": "default", + "type": "Microsoft.Sql/servers/auditingSettings", + "properties": { + "state": "Enabled", + "storageEndpoint": "https://mystorage.blob.core.windows.net", + "retentionDays": 6, + "storageAccountSubscriptionId": "00000000-1234-0000-5678-000000000000", + "isStorageSecondaryKeyInUse": false, + "auditActionsAndGroups": [ "SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP", "FAILED_DATABASE_AUTHENTICATION_GROUP", "BATCH_COMPLETED_GROUP" ] + } + } + }, + "202": { + "startTime": "2017-11-22T09:34:54.72Z", + "operation": "UpsertServerEngineAuditingPolicy" + } + } +} diff --git a/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/ServerBlobAuditingGet.json b/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/ServerBlobAuditingGet.json new file mode 100644 index 000000000000..4fc165d07c2a --- /dev/null +++ b/specification/sql/resource-manager/Microsoft.Sql/preview/2017-03-01-preview/examples/ServerBlobAuditingGet.json @@ -0,0 +1,26 @@ +{ + "parameters": { + "subscriptionId": "00000000-1111-2222-3333-444444444444", + "resourceGroupName": "blobauditingtest-4799", + "serverName": "blobauditingtest-6440", + "blobAuditingPolicyName": "default", + "api-version": "2017-03-01-preview" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/blobauditingtest-6852/providers/Microsoft.Sql/servers/blobauditingtest-2080/auditingSettings/default", + "name": "default", + "type": "Microsoft.Sql/servers/auditingSettings", + "properties": { + "state": "Disabled", + "storageEndpoint": "", + "retentionDays": 0, + "auditActionsAndGroups": [], + "storageAccountSubscriptionId": "00000000-0000-0000-0000-000000000000", + "isStorageSecondaryKeyInUse": false + } + } + } + } +} \ No newline at end of file diff --git a/specification/sql/resource-manager/readme.md b/specification/sql/resource-manager/readme.md index 4454f2d9bad5..848e87a480c5 100644 --- a/specification/sql/resource-manager/readme.md +++ b/specification/sql/resource-manager/readme.md @@ -70,7 +70,6 @@ input-file: - Microsoft.Sql/stable/2014-04-01/serviceObjectives.json - Microsoft.Sql/stable/2014-04-01/sql.core.json - Microsoft.Sql/stable/2014-04-01/usages.json -- Microsoft.Sql/preview/2015-05-01-preview/blobAuditingPolicies.json - Microsoft.Sql/preview/2015-05-01-preview/databaseAutomaticTuning.json - Microsoft.Sql/preview/2015-05-01-preview/encryptionProtectors.json - Microsoft.Sql/preview/2015-05-01-preview/failoverGroups.json @@ -83,6 +82,7 @@ input-file: - Microsoft.Sql/preview/2015-05-01-preview/syncMembers.json - Microsoft.Sql/preview/2015-05-01-preview/usages.json - Microsoft.Sql/preview/2015-05-01-preview/virtualNetworkRules.json +- Microsoft.Sql/preview/2017-03-01-preview/blobAuditing.json - Microsoft.Sql/preview/2017-03-01-preview/databaseVulnerabilityAssessmentBaselines.json - Microsoft.Sql/preview/2017-03-01-preview/databaseVulnerabilityAssessments.json - Microsoft.Sql/preview/2017-03-01-preview/jobs.json @@ -142,7 +142,6 @@ input-file: - Microsoft.Sql/stable/2014-04-01/serviceObjectives.json - Microsoft.Sql/stable/2014-04-01/sql.core.json - Microsoft.Sql/stable/2014-04-01/usages.json -- Microsoft.Sql/preview/2015-05-01-preview/blobAuditingPolicies.json - Microsoft.Sql/preview/2015-05-01-preview/databaseAutomaticTuning.json - Microsoft.Sql/preview/2015-05-01-preview/encryptionProtectors.json - Microsoft.Sql/preview/2015-05-01-preview/failoverGroups.json @@ -155,6 +154,7 @@ input-file: - Microsoft.Sql/preview/2015-05-01-preview/syncMembers.json - Microsoft.Sql/preview/2015-05-01-preview/usages.json - Microsoft.Sql/preview/2015-05-01-preview/virtualNetworkRules.json +- Microsoft.Sql/preview/2017-03-01-preview/blobAuditing.json - Microsoft.Sql/preview/2017-03-01-preview/databaseVulnerabilityAssessmentBaselines.json - Microsoft.Sql/preview/2017-03-01-preview/databaseVulnerabilityAssessments.json - Microsoft.Sql/preview/2017-03-01-preview/jobs.json @@ -206,7 +206,6 @@ input-file: - Microsoft.Sql/stable/2014-04-01/serviceObjectives.json - Microsoft.Sql/stable/2014-04-01/sql.core.json - Microsoft.Sql/stable/2014-04-01/usages.json -- Microsoft.Sql/preview/2015-05-01-preview/blobAuditingPolicies.json - Microsoft.Sql/preview/2015-05-01-preview/databaseAutomaticTuning.json - Microsoft.Sql/preview/2015-05-01-preview/encryptionProtectors.json - Microsoft.Sql/preview/2015-05-01-preview/failoverGroups.json @@ -219,6 +218,7 @@ input-file: - Microsoft.Sql/preview/2015-05-01-preview/syncMembers.json - Microsoft.Sql/preview/2015-05-01-preview/usages.json - Microsoft.Sql/preview/2015-05-01-preview/virtualNetworkRules.json +- Microsoft.Sql/preview/2017-03-01-preview/blobAuditing.json - Microsoft.Sql/preview/2017-03-01-preview/databaseVulnerabilityAssessmentBaselines.json - Microsoft.Sql/preview/2017-03-01-preview/databaseVulnerabilityAssessments.json - Microsoft.Sql/preview/2017-03-01-preview/jobs.json @@ -268,7 +268,6 @@ input-file: - Microsoft.Sql/stable/2014-04-01/serviceObjectives.json - Microsoft.Sql/stable/2014-04-01/sql.core.json - Microsoft.Sql/stable/2014-04-01/usages.json -- Microsoft.Sql/preview/2015-05-01-preview/blobAuditingPolicies.json - Microsoft.Sql/preview/2015-05-01-preview/databaseAutomaticTuning.json - Microsoft.Sql/preview/2015-05-01-preview/encryptionProtectors.json - Microsoft.Sql/preview/2015-05-01-preview/failoverGroups.json @@ -280,6 +279,7 @@ input-file: - Microsoft.Sql/preview/2015-05-01-preview/syncGroups.json - Microsoft.Sql/preview/2015-05-01-preview/syncMembers.json - Microsoft.Sql/preview/2015-05-01-preview/usages.json +- Microsoft.Sql/preview/2017-03-01-preview/blobAuditing.json - Microsoft.Sql/preview/2017-03-01-preview/databaseVulnerabilityAssessmentBaselines.json - Microsoft.Sql/preview/2017-03-01-preview/databaseVulnerabilityAssessments.json - Microsoft.Sql/preview/2015-05-01-preview/virtualNetworkRules.json @@ -328,7 +328,7 @@ input-file: - Microsoft.Sql/stable/2014-04-01/sql.core.json - Microsoft.Sql/stable/2014-04-01/usages.json - Microsoft.Sql/stable/2015-05-01/capabilities.json -- Microsoft.Sql/preview/2015-05-01-preview/blobAuditingPolicies.json +- Microsoft.Sql/preview/2015-05-01-preview/blobAuditing.json - Microsoft.Sql/preview/2015-05-01-preview/encryptionProtectors.json - Microsoft.Sql/preview/2015-05-01-preview/failoverGroups.json - Microsoft.Sql/preview/2015-05-01-preview/managedInstances.json @@ -411,6 +411,7 @@ These can be regenerated by running the following PowerShell script from this re ``` yaml $(tag) == 'package-pure-2017-03-preview' input-file: + - ./Microsoft.Sql/preview/2017-03-01-preview/blobAuditing.json - ./Microsoft.Sql/preview/2017-03-01-preview/cancelOperations.json - ./Microsoft.Sql/preview/2017-03-01-preview/databases.json - ./Microsoft.Sql/preview/2017-03-01-preview/databaseVulnerabilityAssessmentBaselines.json @@ -442,7 +443,7 @@ These can be regenerated by running the following PowerShell script from this re ``` yaml $(tag) == 'package-pure-2015-05-preview' input-file: - ./Microsoft.Sql/preview/2015-05-01-preview/advisors.json - - ./Microsoft.Sql/preview/2015-05-01-preview/blobAuditingPolicies.json + - ./Microsoft.Sql/preview/2015-05-01-preview/blobAuditing.json - ./Microsoft.Sql/preview/2015-05-01-preview/databaseAutomaticTuning.json - ./Microsoft.Sql/preview/2015-05-01-preview/encryptionProtectors.json - ./Microsoft.Sql/preview/2015-05-01-preview/failoverGroups.json