Skip to content

Commit

Permalink
Sql/blob auditing (#3076)
Browse files Browse the repository at this point in the history
* One file for server and db apis

Make one file which is blobAuditing.json that contains both server & db apis + update readme.md and add operations.json

* Add extended server auditing settings API

* Fixed operation id.

* Enable Database Auditing Filtiring With a Predicate Expression

New API which enables database auditing filtering by a where clause.

* Enable Database Auditing Filtiring With a Predicate Expression

New API which enables database auditing filtering by a where clause.
In addition, existing related APIs swaggers were unified under same Public API name.

* Enable Database Auditing Filtiring With a Predicate Expression

New API which enables database auditing filtering by a where clause.
In addition, existing related APIs swaggers were unified under same Public API name.

* Fixing examples of existing APIs and modifying blobAuditing Swagger file

storageAccountAccessKey was removed from requests response, and examples were modified accordingly.

* Remove description of predicateExpression related exceptions from old APIs description.

Fixing a small issue for client readability.
AuditingSettings and ExtendedAuditingSettings APIs have a mutual exceptions description. Description which mentions predicateExpression parameter in all APIs.
After this fix, predicateExpression related exceptions will not be mentioned on old APIs.

* Moving files to preview/stable as appropriate.

* Modifying swagger and examples of 2017 BlobAuditing APIs (#421)

* 2017 Blob Auditing APIs - Swagger and examples.

Modifying swagger and examples of 2017 blob auditing APIs.

* Resetting examples of DatabaseBlobAuditing API to 2017

Resetting examples of DatabaseBlobAuditing API to 2017

* Fixing follwing comments

Fixing follwing comments

* Fixing build errors

Fixing build errors

* Fix build errors

Fix build errors

* Fixing comments

fixing comments

* Removed 2017 database API

Removed 2017 database API

* Revert "Fixing comments"

This reverts commit c09f9f6.

* Modifying description of APIs

Modifying description of APIs after generating new swagger.

* Modifying readme.md.

Modifying readme.md.

* Updating blobAuditing Json files.

Updating blobAuditing Json files.

* Temp change

Temp change

* Final commit

Final commit

* Fix Duplicated model name with non-identical definitions build error

Fix Duplicated model name with non-identical definitions

* Fix Duplicated model name with non-identical definitions build error

This reverts commit 616851d and commits fixes.

* Fix Automation Duplicated model name with non-identical definitions

Fix Automation Duplicated model name with non-identical definitions

* One file for server and db apis

Make one file which is blobAuditing.json that contains both server & db apis + update readme.md and add operations.json

* Add extended server auditing settings API

* Fixed operation id.

* Enable Database Auditing Filtiring With a Predicate Expression

New API which enables database auditing filtering by a where clause.

* Enable Database Auditing Filtiring With a Predicate Expression

New API which enables database auditing filtering by a where clause.
In addition, existing related APIs swaggers were unified under same Public API name.

* Enable Database Auditing Filtiring With a Predicate Expression

New API which enables database auditing filtering by a where clause.
In addition, existing related APIs swaggers were unified under same Public API name.

* Fixing examples of existing APIs and modifying blobAuditing Swagger file

storageAccountAccessKey was removed from requests response, and examples were modified accordingly.

* Remove description of predicateExpression related exceptions from old APIs description.

Fixing a small issue for client readability.
AuditingSettings and ExtendedAuditingSettings APIs have a mutual exceptions description. Description which mentions predicateExpression parameter in all APIs.
After this fix, predicateExpression related exceptions will not be mentioned on old APIs.

* Moving files to preview/stable as appropriate.

* Modifying swagger and examples of 2017 BlobAuditing APIs (#421)

* 2017 Blob Auditing APIs - Swagger and examples.

Modifying swagger and examples of 2017 blob auditing APIs.

* Resetting examples of DatabaseBlobAuditing API to 2017

Resetting examples of DatabaseBlobAuditing API to 2017

* Fixing follwing comments

Fixing follwing comments

* Fixing build errors

Fixing build errors

* Fixing comments

fixing comments

* Removed 2017 database API

Removed 2017 database API

* Revert "Fixing comments"

This reverts commit c09f9f6.

* Modifying description of APIs

Modifying description of APIs after generating new swagger.

* Modifying readme.md.

Modifying readme.md.

* Updating blobAuditing Json files.

Updating blobAuditing Json files.

* Temp change

Temp change

* Final commit

Final commit

* Fix Python conf of servermanager (#3140)

* Fix ServerManager Py Conf (#3141)

* Plug SwaggerToSdk to LogAnalyticsMgmt (#3142)

* [Storage] Support Management policy on new api version 2018-03-01-preview (#3137)

* [Storage] Add new API version 2018-03-01-preview

* [Storage] Update rest version 2018-03-01-preview

* [Storage] Support Management Policy

* [Storage] Update since code review comments

* Add Python conf

* [Storage] Add managment policy doc link to policy description.

* [Storage] modify as review comments

* RSA key size examples, ECC descriptions (#3136)

* RSA key size examples, ECC descriptions

* remove preview changes for now

* Added GroupType property in HybridWorkerGroup (#3132)

* Watcher resource swagger specs. For more details on the Usage of the resource: https://docs.microsoft.com/en-us/azure/automation/automation-watchers-tutorial (#3102)

* Watcher specs

* using the same model for get/put input and output.

* Fix storage Python conf (#3148)

* Fix for Azure Networking swagger 2018-04-01 version (#3146)

* Adding swagger for new api-version consumption 2018-05-31, introducing new Forecast api swagger (#3114)

* Forecast Api swagger

* consumption readme file update for the new swagger version

* addressing review comment on adding nextLink

* fixing build error

* Addressed feedback on enum and fixed a typo

* Stop using unobscured credentials

* Fix Duplicated model name with non-identical definitions build error

Fix Duplicated model name with non-identical definitions

* Fix go tag for storage management plane 2018-03-02 api version (#3156)

* Refactoring Job Definitions (#3116)

* MySQL/PostgreSQL VNET with API Version 2017-12-01 for Public Preview. (#3138)

* Fix Python conf

* Adding the VNET Rest APIs to 2017-12-01 version.

Adding the VNET Rest APIs to 2017-12-01 version.

* Add specs for machine learning services provider (#3135)

* Add specs for machine learning services provider

* Added python config to readme

* Added repo generation for Python

* Addressed feedback

* Address more comments

* Adding Security RP API swagger (#3144)

* Reverted methods in vpn gateways. (#3163)

* Fix Duplicated model name with non-identical definitions build error

This reverts commit 616851d and commits fixes.

* Fix Automation Duplicated model name with non-identical definitions

Fix Automation Duplicated model name with non-identical definitions

* Revert "Fix Duplicated model name with non-identical definitions build error"

This reverts commit d1c40f7.

* Revert "Fix Duplicated model name with non-identical definitions build error"

This reverts commit 2c1261e.

* Update readme.md file

Update readme.md file
  • Loading branch information
marstr authored and hovsepm committed Jun 8, 2018
1 parent 51f2fe7 commit 74c3323
Show file tree
Hide file tree
Showing 15 changed files with 1,605 additions and 11 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1,299 @@
{
"swagger": "2.0",
"info": {
"version": "2015-05-01-preview",
"title": "SqlManagementClient",
"description": "The Azure SQL Database management API provides a RESTful set of web APIs that interact with Azure SQL Database services to manage your databases. The API enables users to create, retrieve, update, and delete databases, servers, and other entities."
},
"host": "management.azure.com",
"schemes": [
"https"
],
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"paths": {
"/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/databases/{databaseName}/auditingSettings/{blobAuditingPolicyName}": {
"get": {
"tags": [
"BlobAuditing"
],
"description": "Gets a database's blob auditing policy.",
"operationId": "DatabaseBlobAuditingPolicies_Get",
"parameters": [
{
"$ref": "#/parameters/ResourceGroupParameter"
},
{
"$ref": "#/parameters/ServerNameParameter"
},
{
"$ref": "#/parameters/DatabaseNameParameter"
},
{
"$ref": "#/parameters/BlobAuditingPolicyNameParameter"
},
{
"$ref": "#/parameters/SubscriptionIdParameter"
},
{
"$ref": "#/parameters/ApiVersionParameter"
}
],
"responses": {
"200": {
"description": "Successfully retrieved the database blob auditing policy.",
"schema": {
"$ref": "#/definitions/DatabaseBlobAuditingPolicy"
}
},
"default": {
"description": "*** Error Responses: ***\n\n * 400 BlobAuditingIsNotSupportedOnResourceType - Blob Auditing is currently not supported for this resource type.\n\n * 404 DatabaseDoesNotExist - User has specified a database name that does not exist on this server instance.\n\n * 404 SourceDatabaseNotFound - The source database does not exist.\n\n * 500 DatabaseIsUnavailable - Loading failed. Please try again later."
}
},
"x-ms-examples": {
"Get a database's blob auditing policy": {
"$ref": "./examples/DatabaseBlobAuditingGet.json"
}
}
},
"put": {
"tags": [
"BlobAuditing"
],
"description": "Creates or updates a database's blob auditing policy.",
"operationId": "DatabaseBlobAuditingPolicies_CreateOrUpdate",
"parameters": [
{
"$ref": "#/parameters/ResourceGroupParameter"
},
{
"$ref": "#/parameters/ServerNameParameter"
},
{
"$ref": "#/parameters/DatabaseNameParameter"
},
{
"$ref": "#/parameters/BlobAuditingPolicyNameParameter"
},
{
"name": "parameters",
"in": "body",
"description": "The database blob auditing policy.",
"required": true,
"schema": {
"$ref": "#/definitions/DatabaseBlobAuditingPolicy"
}
},
{
"$ref": "#/parameters/SubscriptionIdParameter"
},
{
"$ref": "#/parameters/ApiVersionParameter"
}
],
"responses": {
"200": {
"description": "Successfully set the database blob auditing policy.",
"schema": {
"$ref": "#/definitions/DatabaseBlobAuditingPolicy"
}
},
"default": {
"description": "*** Error Responses: ***\n\n * 400 BlobAuditingIsNotSupportedOnResourceType - Blob Auditing is currently not supported for this resource type.\n\n * 400 InvalidDatabaseBlobAuditingPolicyCreateRequest - The create database blob auditing policy request does not exist or has no properties object.\n\n * 400 InvalidBlobAuditActionsAndGroups - Invalid audit actions or action groups.\n\n * 400 DataSecurityInvalidUserSuppliedParameter - An invalid parameter value was provided by the client.\n\n * 400 BlobAuditingInsufficientStorageAccountPermissions - Insufficient read or write permissions on the provided storage account.\n\n * 400 BlobAuditingStorageAccountIsDisabled - The provided storage account is disabled.\n\n * 400 BlobAuditingInvalidStorageAccountName - The provided storage account is not valid or does not exist.\n\n * 400 BlobAuditingInvalidStorageAccountCredentials - The provided storage account or access key is not valid.\n\n * 400 BlobAuditingIsNotSupportedOnGeoDr - Blob auditing can be configured on primary databases only.\n\n * 404 DatabaseDoesNotExist - User has specified a database name that does not exist on this server instance.\n\n * 404 SourceDatabaseNotFound - The source database does not exist.\n\n * 500 DatabaseIsUnavailable - Loading failed. Please try again later."
},
"201": {
"description": "Successfully created the database blob auditing policy.",
"schema": {
"$ref": "#/definitions/DatabaseBlobAuditingPolicy"
}
}
},
"x-ms-examples": {
"Create or update a database's blob auditing policy with minimal parameters": {
"$ref": "./examples/DatabaseBlobAuditingCreateMin.json"
},
"Create or update a database's blob auditing policy with all parameters": {
"$ref": "./examples/DatabaseBlobAuditingCreateMax.json"
}
}
}
}
},
"definitions": {
"DatabaseBlobAuditingPolicyProperties": {
"description": "Properties of a database blob auditing policy.",
"required": [
"state"
],
"type": "object",
"properties": {
"state": {
"description": "Specifies the state of the policy. If state is Enabled, storageEndpoint and storageAccountAccessKey are required.",
"enum": [
"Enabled",
"Disabled"
],
"type": "string",
"x-ms-enum": {
"name": "BlobAuditingPolicyState",
"modelAsString": false
}
},
"storageEndpoint": {
"description": "Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). If state is Enabled, storageEndpoint is required.",
"type": "string"
},
"storageAccountAccessKey": {
"description": "Specifies the identifier key of the auditing storage account. If state is Enabled, storageAccountAccessKey is required.",
"type": "string",
"x-ms-mutability": [
"create",
"update"
]
},
"retentionDays": {
"format": "int32",
"description": "Specifies the number of days to keep in the audit logs.",
"type": "integer"
},
"auditActionsAndGroups": {
"description": "Specifies the Actions-Groups and Actions to audit.\r\n\r\nThe recommended set of action groups to use is the following combination - this will audit all the queries and stored procedures executed against the database, as well as successful and failed logins:\r\n\r\nBATCH_COMPLETED_GROUP,\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,\r\nFAILED_DATABASE_AUTHENTICATION_GROUP.\r\n\r\nThis above combination is also the set that is configured by default when enabling auditing from the Azure portal.\r\n\r\nThe supported action groups to audit are (note: choose only specific groups that cover your auditing needs. Using unnecessary groups could lead to very large quantities of audit records):\r\n\r\nAPPLICATION_ROLE_CHANGE_PASSWORD_GROUP\r\nBACKUP_RESTORE_GROUP\r\nDATABASE_LOGOUT_GROUP\r\nDATABASE_OBJECT_CHANGE_GROUP\r\nDATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nDATABASE_OBJECT_PERMISSION_CHANGE_GROUP\r\nDATABASE_OPERATION_GROUP\r\nDATABASE_PERMISSION_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_IMPERSONATION_GROUP\r\nDATABASE_ROLE_MEMBER_CHANGE_GROUP\r\nFAILED_DATABASE_AUTHENTICATION_GROUP\r\nSCHEMA_OBJECT_ACCESS_GROUP\r\nSCHEMA_OBJECT_CHANGE_GROUP\r\nSCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nSCHEMA_OBJECT_PERMISSION_CHANGE_GROUP\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP\r\nUSER_CHANGE_PASSWORD_GROUP\r\nBATCH_STARTED_GROUP\r\nBATCH_COMPLETED_GROUP\r\n\r\nThese are groups that cover all sql statements and stored procedures executed against the database, and should not be used in combination with other groups as this will result in duplicate audit logs.\r\n\r\nFor more information, see [Database-Level Audit Action Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups).\r\n\r\nFor Database auditing policy, specific Actions can also be specified (note that Actions cannot be specified for Server auditing policy). The supported actions to audit are:\r\nSELECT\r\nUPDATE\r\nINSERT\r\nDELETE\r\nEXECUTE\r\nRECEIVE\r\nREFERENCES\r\n\r\nThe general form for defining an action to be audited is:\r\n<action> ON <object> BY <principal>\r\n\r\nNote that <object> in the above format can refer to an object like a table, view, or stored procedure, or an entire database or schema. For the latter cases, the forms DATABASE::<db_name> and SCHEMA::<schema_name> are used, respectively.\r\n\r\nFor example:\r\nSELECT on dbo.myTable by public\r\nSELECT on DATABASE::myDatabase by public\r\nSELECT on SCHEMA::mySchema by public\r\n\r\nFor more information, see [Database-Level Audit Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions)",
"type": "array",
"items": {
"type": "string"
}
},
"storageAccountSubscriptionId": {
"format": "uuid",
"description": "Specifies the blob storage subscription Id.",
"type": "string"
},
"isStorageSecondaryKeyInUse": {
"description": "Specifies whether storageAccountAccessKey value is the storage's secondary key.",
"type": "boolean"
}
}
},
"DatabaseBlobAuditingPolicy": {
"description": "A database blob auditing policy.",
"type": "object",
"allOf": [
{
"$ref": "../../../common/v1/types.json#/definitions/ProxyResource"
}
],
"properties": {
"kind": {
"description": "Resource kind.",
"type": "string",
"readOnly": true
},
"properties": {
"$ref": "#/definitions/DatabaseBlobAuditingPolicyProperties",
"description": "Resource properties.",
"x-ms-client-flatten": true
}
}
}
},
"parameters": {
"SubscriptionIdParameter": {
"name": "subscriptionId",
"in": "path",
"description": "The subscription ID that identifies an Azure subscription.",
"required": true,
"type": "string",
"x-ms-parameter-location": "client"
},
"ApiVersionParameter": {
"name": "api-version",
"in": "query",
"description": "The API version to use for the request.",
"required": true,
"type": "string",
"x-ms-parameter-location": "client"
},
"ResourceGroupParameter": {
"name": "resourceGroupName",
"in": "path",
"description": "The name of the resource group that contains the resource. You can obtain this value from the Azure Resource Manager API or the portal.",
"required": true,
"type": "string",
"x-ms-parameter-location": "method"
},
"ServerNameParameter": {
"name": "serverName",
"in": "path",
"description": "The name of the server.",
"required": true,
"type": "string",
"x-ms-parameter-location": "method"
},
"ManagedInstanceNameParameter": {
"name": "managedInstanceName",
"in": "path",
"description": "The name of the managed instance.",
"required": true,
"type": "string",
"x-ms-parameter-location": "method"
},
"DatabaseNameParameter": {
"name": "databaseName",
"in": "path",
"description": "The name of the database.",
"required": true,
"type": "string",
"x-ms-parameter-location": "method"
},
"BlobAuditingPolicyNameParameter": {
"name": "blobAuditingPolicyName",
"in": "path",
"description": "The name of the blob auditing policy.",
"required": true,
"type": "string",
"enum": [
"default"
],
"x-ms-parameter-location": "method"
},
"SqlVirtualMachineInstanceNameParameter": {
"name": "sqlVirtualMachineInstanceName",
"in": "path",
"description": "The name of the SqlVirtualMachineInstance.",
"required": true,
"type": "string",
"x-ms-parameter-location": "method"
},
"SqlVirtualMachineContainerNameParameter": {
"name": "sqlVirtualMachineContainerName",
"in": "path",
"description": "The name of the SqlVirtualMachineContainer.",
"required": true,
"type": "string",
"x-ms-parameter-location": "method"
},
"VirtualClusterNameParameter": {
"name": "virtualClusterName",
"in": "path",
"description": "The name of the virtual cluster.",
"required": true,
"type": "string",
"x-ms-parameter-location": "method"
}
},
"securityDefinitions": {
"azure_auth": {
"type": "oauth2",
"description": "Azure Active Directory OAuth2 Flow",
"flow": "implicit",
"authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize",
"scopes": {
"user_impersonation": "impersonate your user account"
}
}
}
}
Loading

0 comments on commit 74c3323

Please sign in to comment.