Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding Activity Customization to entityQuery resource #14376

Merged
merged 7 commits into from
May 31, 2021
Merged

Adding Activity Customization to entityQuery resource #14376

merged 7 commits into from
May 31, 2021

Conversation

ori-licht
Copy link
Contributor

MSFT employees can try out our new experience at OpenAPI Hub - one location for using our validation tools and finding your workflow.

Changelog

Please ensure to add changelog with this PR by answering the following questions.

  1. What's the purpose of the update?
    • new service onboarding
    • new API version
    • update existing version for new feature
    • update existing version to fix swagger quality issue in s360
    • Other, please clarify
  2. When you are targeting to deploy new service/feature to public regions? Please provide date, or month to public if date is not available yet. - 5.13.2021
  3. When you expect to publish swagger? Please provide date, or month to public if date is not available yet. - 5.13.2021
  4. If it's an update to existing version, please select SDKs of specific language and CLIs that require refresh after swagger is published.
    • SDK of .NET (need service team to ensure code readiness)
    • SDK of Python
    • SDK of Java
    • SDK of Js
    • SDK of Go
    • PowerShell
    • CLI
    • Terraform
    • No, no need to refresh for updates in this PR

Contribution checklist:

If any further question about AME onboarding or validation tools, please view the FAQ.

ARM API Review Checklist

  • Ensure to check this box if one of the following scenarios meet updates in the PR, so that label “WaitForARMFeedback” will be added automatically to involve ARM API Review. Failure to comply may result in delays for manifest application. Note this does not apply to data plane APIs, all “removals” and “adding a new property” no more require ARM API review.

    • Adding new API(s)
    • Adding a new API version
    • Ensure to copy the existing version into new directory structure for first commit (including refactoring) and then push new changes including version updates in separate commits. This is required to review the changes efficiently.
    • Adding a new service

  • Please ensure you've reviewed following guidelines including ARM resource provider contract and REST guidelines. Estimated time (4 hours). This is required before you can request review from ARM API Review board.

  • If you are blocked on ARM review and want to get the PR merged with urgency, please get the ARM oncall for reviews (RP Manifest Approvers team under Azure Resource Manager service) from IcM and reach out to them.

Breaking Change Review Checklist

If there are following updates in the PR, ensure to request an approval from Breaking Change Review Board as defined in the Breaking Change Policy.

  • Removing API(s) in stable version
  • Removing properties in stable version
  • Removing API version(s) in stable version
  • Updating API in stable or public preview version with Breaking Change Validation errors
  • Updating API(s) in public preview over 1 year (refer to Retirement of Previews)

Action: to initiate an evaluation of the breaking change, create a new intake using the template for breaking changes. Addition details on the process and office hours are on the Breaking change Wiki.

Please follow the link to find more details on PR review process.

@openapi-workflow-bot
Copy link

Hi, @ori-licht Thanks for your PR. I am workflow bot for review process. Here are some small tips.

  • Please ensure to do self-check against checklists in first PR comment.
  • PR assignee is the person auto-assigned and responsible for your current PR reviewing and merging.
  • For specs comparison cross API versions, Use API Specs Comparison Report Generator
  • If there is CI failure(s), to fix CI error(s) is mandatory for PR merging; or you need to provide justification in PR comment for explanation. How to fix?

    • Any feedback about review process or workflow bot, pls contact swagger and tools team. vsswagger@microsoft.com

    @openapi-pipeline-app
    Copy link

    openapi-pipeline-app bot commented May 12, 2021
    edited
    Loading

    Swagger Validation Report

    ️❌BreakingChange: 2 Errors, 0 Warnings failed [Detail]
    Rule Message
    1038 - AddedPath The new version is adding a path that was not found in the old version.
    New: Microsoft.SecurityInsights/preview/2021-03-01-preview/EntityQueries.json#L37:5
    1038 - AddedPath The new version is adding a path that was not found in the old version.
    New: Microsoft.SecurityInsights/preview/2021-03-01-preview/EntityQueries.json#L88:5
    ️⚠️LintDiff: 2 Warnings warning [Detail]
    The following errors/warnings are introduced by current PR:
    Rule Message
    ⚠️ R3010 - TrackedResourceListByImmediateParent The child tracked resource, 'watchlistItems' with immediate parent 'Watchlist', must have a list by immediate parent operation.
    Location: Microsoft.SecurityInsights/preview/2021-03-01-preview/Metadata.json#L302
    ⚠️ R3018 - EnumInsteadOfBoolean Booleans are not descriptive and make them hard to use. Consider using string enums with allowed set of values defined. Property: enabled
    Location: Microsoft.SecurityInsights/preview/2021-03-01-preview/EntityQueries.json#L607


    The following errors/warnings exist before current PR submission:

    Only 10 items are listed, please refer to log for more details.

    Rule Message
    R4018 - OperationsApiResponseSchema The response schema of operations API '/providers/Microsoft.SecurityInsights/operations' does not match the ARM specification. Please standardize the schema.
    Location: Microsoft.SecurityInsights/preview/2021-03-01-preview/operations.json#L37
    ⚠️ R1006 - PutInOperationName 'PUT' operation 'ProductSettings_Update' should use method name 'Create'. Note: If you have already shipped an SDK on top of this spec, fixing this warning may introduce a breaking change.
    Location: Microsoft.SecurityInsights/preview/2021-03-01-preview/Settings.json#L185
    ⚠️ R2029 - PageableOperation Based on the response model schema, operation 'ProductSettings_List' might be pageable. Consider adding the x-ms-pageable extension.
    Location: Microsoft.SecurityInsights/preview/2021-03-01-preview/Settings.json#L38
    ⚠️ R2029 - PageableOperation Based on the response model schema, operation 'SentinelOnboardingStates_List' might be pageable. Consider adding the x-ms-pageable extension.
    Location: Microsoft.SecurityInsights/preview/2021-03-01-preview/OnboardingStates.json#L187
    ⚠️ R2057 - InvalidSkuModel Sku Model definition 'Sku' is not valid. A Sku model must have 'name' property. It can also have 'tier', 'size', 'family', 'capacity' as optional properties.
    Location: Microsoft.SecurityInsights/preview/2021-03-01-preview/Settings.json#L482
    ⚠️ R2063 - OperationIdNounConflictingModelNames OperationId has a noun that conflicts with one of the model names in definitions section. The model name will be disambiguated to 'SourceControlModel'. Consider using the plural form of 'SourceControl' to avoid this. Note: If you have already shipped an SDK on top of this spec, fixing this warning may introduce a breaking change.
    Location: Microsoft.SecurityInsights/preview/2021-03-01-preview/SourceControls.json#L48
    ⚠️ R3017 - GuidUsage Guid used in model definition 'UserInfo' for property 'objectId'. Usage of Guid is not recommanded. If GUIDs are absolutely required in your service, please get sign off from the Azure API review board.
    Location: Microsoft.SecurityInsights/preview/2021-03-01-preview/Watchlists.json#L700
    ⚠️ R3018 - EnumInsteadOfBoolean Booleans are not descriptive and make them hard to use. Consider using string enums with allowed set of values defined. Property: isEnabled
    Location: Microsoft.SecurityInsights/preview/2021-03-01-preview/Settings.json#L380
    ⚠️ R3018 - EnumInsteadOfBoolean Booleans are not descriptive and make them hard to use. Consider using string enums with allowed set of values defined. Property: isEnabled
    Location: Microsoft.SecurityInsights/preview/2021-03-01-preview/Settings.json#L408
    ⚠️ R3018 - EnumInsteadOfBoolean Booleans are not descriptive and make them hard to use. Consider using string enums with allowed set of values defined. Property: customerManagedKey
    Location: Microsoft.SecurityInsights/preview/2021-03-01-preview/Settings.json#L462
    ️️✔️Avocado succeeded [Detail] [Expand] 
    Validation passes for Avocado.
    ️️✔️ModelValidation succeeded [Detail] [Expand] 
    Validation passes for ModelValidation.
    ️️✔️SemanticValidation succeeded [Detail] [Expand] 
    Validation passes for SemanticValidation.
    ️️✔️Cross-Version Breaking Changes succeeded [Detail] [Expand] 
    There are no breaking changes.
    ️️✔️CredScan succeeded [Detail] [Expand] 
    There is no credential detected.
    ️️✔️[Staging] SDK Track2 Validation succeeded [Detail] [Expand] 
    Validation passes for SDKTrack2Validation

    The following errors/warnings are introduced by current PR:

    |:speech_balloon: AutorestCore/Exception|"readme":"securityinsights/resource-manager/readme.md",
    "tag":"package-2021-03-preview-only",
    "details":"> Installing AutoRest extension '@microsoft.azure/openapi-validator' (1.8.0)"|
    |:speech_balloon: AutorestCore/Exception|"readme":"securityinsights/resource-manager/readme.md",
    "tag":"package-2021-03-preview-only",
    "details":"> Installed AutoRest extension '@microsoft.azure/openapi-validator' (1.8.0->1.8.0)"|


    The following errors/warnings exist before current PR submission:

    |:speech_balloon: AutorestCore/Exception|"readme":"securityinsights/resource-manager/readme.md",
    "tag":"package-2021-03-preview-only",
    "details":"> Loading AutoRest extension '@autorest/modelerfour' (4.15.456->4.15.456)"|

    ️️✔️[Staging] PrettierCheck succeeded [Detail] [Expand] 
    Validation passes for PrettierCheck.
    ️️✔️[Staging] SpellCheck succeeded [Detail] [Expand] 
    Validation passes for SpellCheck.
    ️️✔️[Staging] Lint(RPaaS) succeeded [Detail] [Expand] 
    Validation passes for Lint(RPaaS).
    Posted by Swagger Pipeline | How to fix these errors?

    @openapi-workflow-bot
    Copy link

    [Call for Action] To better understand Azure service dev/test scenario, and support Azure service developer better on Swagger and REST API related tests in early phase, please help to fill in with this survey https://aka.ms/SurveyForEarlyPhase. It will take 5 to 10 minutes. If you already complete survey, please neglect this comment. Thanks.

    @openapi-pipeline-app
    Copy link

    openapi-pipeline-app bot commented May 12, 2021
    edited
    Loading

    Swagger Generation Artifacts

    ️️✔️[Staging] ApiDocPreview succeeded [Detail] [Expand] 
     Please click here to preview with your @microsoft account.
    ️❌[Staging] SDK Breaking Change Tracking failed [Detail]

    Breaking Changes Tracking

    ️✔️azure-sdk-for-go - securityinsight/mgmt/v1.0/securityinsight - v55.0.0
    azure-sdk-for-go - securityinsight/mgmt/2020-01-01/securityinsight - v55.0.0
    +	Const `AlertRuleKindFusion` has been removed
+	Const `AlertRuleKindMicrosoftSecurityIncidentCreation` has been removed
+	Const `AlertRuleKindScheduled` has been removed
+	Const `AlertSeverityHigh` has been removed
+	Const `AlertSeverityInformational` has been removed
+	Const `AlertSeverityLow` has been removed
+	Const `AlertSeverityMedium` has been removed
+	Const `AttackTacticCollection` has been removed
+	Const `AttackTacticCommandAndControl` has been removed
+	Const `AttackTacticCredentialAccess` has been removed
+	Const `AttackTacticDefenseEvasion` has been removed
+	Const `AttackTacticDiscovery` has been removed
+	Const `AttackTacticExecution` has been removed
+	Const `AttackTacticExfiltration` has been removed
+	Const `AttackTacticImpact` has been removed
+	Const `AttackTacticInitialAccess` has been removed
+	Const `AttackTacticLateralMovement` has been removed
+	Const `AttackTacticPersistence` has been removed
+	Const `AttackTacticPrivilegeEscalation` has been removed
+	Const `DataTypeStateDisabled` has been removed
+	Const `DataTypeStateEnabled` has been removed
+	Const `IncidentClassificationBenignPositive` has been removed
+	Const `IncidentClassificationFalsePositive` has been removed
+	Const `IncidentClassificationReasonInaccurateData` has been removed
+	Const `IncidentClassificationReasonIncorrectAlertLogic` has been removed
+	Const `IncidentClassificationReasonSuspiciousActivity` has been removed
+	Const `IncidentClassificationReasonSuspiciousButExpected` has been removed
+	Const `IncidentClassificationTruePositive` has been removed
+	Const `IncidentClassificationUndetermined` has been removed
+	Const `IncidentLabelTypeSystem` has been removed
+	Const `IncidentLabelTypeUser` has been removed
+	Const `KindBasicDataConnectorKindAmazonWebServicesCloudTrail` has been removed
+	Const `KindBasicDataConnectorKindAzureActiveDirectory` has been removed
+	Const `KindBasicDataConnectorKindAzureAdvancedThreatProtection` has been removed
+	Const `KindBasicDataConnectorKindAzureSecurityCenter` has been removed
+	Const `KindBasicDataConnectorKindDataConnector` has been removed
+	Const `KindBasicDataConnectorKindMicrosoftCloudAppSecurity` has been removed
+	Const `KindBasicDataConnectorKindMicrosoftDefenderAdvancedThreatProtection` has been removed
+	Const `KindBasicDataConnectorKindOffice365` has been removed
+	Const `KindBasicDataConnectorKindThreatIntelligence` has been removed
+	Const `KindBasicSettingsKindSettings` has been removed
+	Const `KindBasicSettingsKindToggleSettings` has been removed
+	Const `KindBasicSettingsKindUebaSettings` has been removed
+	Const `MicrosoftSecurityProductNameAzureActiveDirectoryIdentityProtection` has been removed
+	Const `MicrosoftSecurityProductNameAzureAdvancedThreatProtection` has been removed
+	Const `MicrosoftSecurityProductNameAzureSecurityCenter` has been removed
+	Const `MicrosoftSecurityProductNameAzureSecurityCenterforIoT` has been removed
+	Const `MicrosoftSecurityProductNameMicrosoftCloudAppSecurity` has been removed
+	Const `TemplateStatusAvailable` has been removed
+	Const `TemplateStatusInstalled` has been removed
+	Const `TemplateStatusNotAvailable` has been removed
+	Const `TriggerOperatorEqual` has been removed
+	Const `TriggerOperatorGreaterThan` has been removed
+	Const `TriggerOperatorLessThan` has been removed
+	Const `TriggerOperatorNotEqual` has been removed
    azure-sdk-for-go - preview/securityinsight/mgmt/2019-01-01-preview/securityinsight - v55.0.0
    +	Const `AlertSeverityHigh` has been removed
+	Const `AlertSeverityInformational` has been removed
+	Const `AlertSeverityLow` has been removed
+	Const `AlertSeverityMedium` has been removed
+	Const `AntispamMailDirectionInbound` has been removed
+	Const `AntispamMailDirectionIntraorg` has been removed
+	Const `AntispamMailDirectionOutbound` has been removed
+	Const `AntispamMailDirectionUnknown` has been removed
+	Const `AttackTacticCollection` has been removed
+	Const `AttackTacticCommandAndControl` has been removed
+	Const `AttackTacticCredentialAccess` has been removed
+	Const `AttackTacticDefenseEvasion` has been removed
+	Const `AttackTacticDiscovery` has been removed
+	Const `AttackTacticExecution` has been removed
+	Const `AttackTacticExfiltration` has been removed
+	Const `AttackTacticImpact` has been removed
+	Const `AttackTacticInitialAccess` has been removed
+	Const `AttackTacticLateralMovement` has been removed
+	Const `AttackTacticPersistence` has been removed
+	Const `AttackTacticPreAttack` has been removed
+	Const `AttackTacticPrivilegeEscalation` has been removed
+	Const `AutomationRulePropertyConditionSupportedOperatorContains` has been removed
+	Const `AutomationRulePropertyConditionSupportedOperatorEndsWith` has been removed
+	Const `AutomationRulePropertyConditionSupportedOperatorEquals` has been removed
+	Const `AutomationRulePropertyConditionSupportedOperatorNotContains` has been removed
+	Const `AutomationRulePropertyConditionSupportedOperatorNotEndsWith` has been removed
+	Const `AutomationRulePropertyConditionSupportedOperatorNotEquals` has been removed
+	Const `AutomationRulePropertyConditionSupportedOperatorNotStartsWith` has been removed
+	Const `AutomationRulePropertyConditionSupportedOperatorStartsWith` has been removed
+	Const `CloseReasonDismissed` has been removed
+	Const `CloseReasonFalsePositive` has been removed
+	Const `CloseReasonOther` has been removed
+	Const `CloseReasonResolved` has been removed
+	Const `CloseReasonTruePositive` has been removed
+	Const `ConfidenceScoreStatusFinal` has been removed
+	Const `ConfidenceScoreStatusInProcess` has been removed
+	Const `ConfidenceScoreStatusNotApplicable` has been removed
+	Const `ConfidenceScoreStatusNotFinal` has been removed
+	Const `DataConnectorAuthorizationStateInvalid` has been removed
+	Const `DataConnectorAuthorizationStateValid` has been removed
+	Const `DataTypeStateDisabled` has been removed
+	Const `DataTypeStateEnabled` has been removed
+	Const `ElevationTokenDefault` has been removed
+	Const `ElevationTokenFull` has been removed
+	Const `ElevationTokenLimited` has been removed
+	Const `EntitiesMatchingMethodAll` has been removed
+	Const `EntitiesMatchingMethodCustom` has been removed
+	Const `EntitiesMatchingMethodNone` has been removed
+	Const `EntityQueryKindExpansion` has been removed
+	Const `EntityQueryKindInsight` has been removed
+	Const `EventGroupingAggregationKindAlertPerResult` has been removed
+	Const `EventGroupingAggregationKindSingleAlert` has been removed
+	Const `GroupingEntityTypeAccount` has been removed
+	Const `GroupingEntityTypeFileHash` has been removed
+	Const `GroupingEntityTypeHost` has been removed
+	Const `GroupingEntityTypeIP` has been removed
+	Const `GroupingEntityTypeURL` has been removed
+	Const `IncidentClassificationReasonInaccurateData` has been removed
+	Const `IncidentClassificationReasonIncorrectAlertLogic` has been removed
+	Const `IncidentClassificationReasonSuspiciousActivity` has been removed
+	Const `IncidentClassificationReasonSuspiciousButExpected` has been removed
+	Const `IncidentLabelTypeSystem` has been removed
+	Const `IncidentLabelTypeUser` has been removed
+	Const `KindBasicAlertRuleKindAlertRule` has been removed
+	Const `KindBasicAlertRuleKindFusion` has been removed
+	Const `KindBasicAlertRuleKindMLBehaviorAnalytics` has been removed
+	Const `KindBasicAlertRuleKindMicrosoftSecurityIncidentCreation` has been removed
+	Const `KindBasicAlertRuleKindScheduled` has been removed
+	Const `KindBasicAlertRuleKindThreatIntelligence` has been removed
+	Const `KindBasicEntityKindAccount` has been removed
+	Const `KindBasicEntityKindAzureResource` has been removed
+	Const `KindBasicEntityKindBookmark` has been removed
+	Const `KindBasicEntityKindCloudApplication` has been removed
+	Const `KindBasicEntityKindDNSResolution` has been removed
+	Const `KindBasicEntityKindEntity` has been removed
+	Const `KindBasicEntityKindFileHash` has been removed
+	Const `KindBasicEntityKindFile` has been removed
+	Const `KindBasicEntityKindHost` has been removed
+	Const `KindBasicEntityKindIP` has been removed
+	Const `KindBasicEntityKindIoTDevice` has been removed
+	Const `KindBasicEntityKindMailCluster` has been removed
+	Const `KindBasicEntityKindMailMessage` has been removed
+	Const `KindBasicEntityKindMailbox` has been removed
+	Const `KindBasicEntityKindMalware` has been removed
+	Const `KindBasicEntityKindProcess` has been removed
+	Const `KindBasicEntityKindRegistryKey` has been removed
+	Const `KindBasicEntityKindRegistryValue` has been removed
+	Const `KindBasicEntityKindSecurityAlert` has been removed
+	Const `KindBasicEntityKindSecurityGroup` has been removed
+	Const `KindBasicEntityKindSubmissionMail` has been removed
+	Const `KindBasicEntityKindURL` has been removed
+	Const `KindBasicEntityQueryKindEntityQuery` has been removed
+	Const `KindBasicEntityQueryKindExpansion` has been removed
+	Const `KindBasicSettingsKindEntityAnalytics` has been removed
+	Const `KindBasicSettingsKindEyesOn` has been removed
+	Const `KindBasicSettingsKindIPSyncer` has been removed
+	Const `KindBasicSettingsKindSettings` has been removed
+	Const `KindBasicSettingsKindUeba` has been removed
+	Const `KindBasicThreatIntelligenceInformationKindIndicator` has been removed
+	Const `KindBasicThreatIntelligenceInformationKindThreatIntelligenceInformation` has been removed
+	Const `MicrosoftSecurityProductNameAzureActiveDirectoryIdentityProtection` has been removed
+	Const `MicrosoftSecurityProductNameAzureAdvancedThreatProtection` has been removed
+	Const `MicrosoftSecurityProductNameAzureSecurityCenter` has been removed
+	Const `MicrosoftSecurityProductNameAzureSecurityCenterforIoT` has been removed
+	Const `MicrosoftSecurityProductNameMicrosoftCloudAppSecurity` has been removed
+	Const `MicrosoftSecurityProductNameMicrosoftDefenderAdvancedThreatProtection` has been removed
+	Const `MicrosoftSecurityProductNameOffice365AdvancedThreatProtection` has been removed
+	Const `PollingFrequencyOnceADay` has been removed
+	Const `PollingFrequencyOnceAMinute` has been removed
+	Const `PollingFrequencyOnceAnHour` has been removed
+	Const `RegistryHiveHKEYA` has been removed
+	Const `RegistryHiveHKEYCLASSESROOT` has been removed
+	Const `RegistryHiveHKEYCURRENTCONFIG` has been removed
+	Const `RegistryHiveHKEYCURRENTUSERLOCALSETTINGS` has been removed
+	Const `RegistryHiveHKEYCURRENTUSER` has been removed
+	Const `RegistryHiveHKEYLOCALMACHINE` has been removed
+	Const `RegistryHiveHKEYPERFORMANCEDATA` has been removed
+	Const `RegistryHiveHKEYPERFORMANCENLSTEXT` has been removed
+	Const `RegistryHiveHKEYPERFORMANCETEXT` has been removed
+	Const `RegistryHiveHKEYUSERS` has been removed
+	Const `RelationTypesCasesToBookmarks` has been removed
+	Const `SourceLocalfile` has been removed
+	Const `SourceRemotestorage` has been removed
+	Const `TemplateStatusAvailable` has been removed
+	Const `TemplateStatusInstalled` has been removed
+	Const `TemplateStatusNotAvailable` has been removed
+	Const `ThreatIntelligenceResourceKindIndicator` has been removed
+	Const `ThreatIntelligenceSortingCriteriaAscending` has been removed
+	Const `ThreatIntelligenceSortingCriteriaDescending` has been removed
+	Const `ThreatIntelligenceSortingCriteriaUnsorted` has been removed
+	Const `TriggerOperatorEqual` has been removed
+	Const `TriggerOperatorGreaterThan` has been removed
+	Const `TriggerOperatorLessThan` has been removed
+	Const `TriggerOperatorNotEqual` has been removed
+	Const `UebaDataSourcesAuditLogs` has been removed
+	Const `UebaDataSourcesAzureActivity` has been removed
+	Const `UebaDataSourcesSecurityEvent` has been removed
+	Const `UebaDataSourcesSigninLogs` has been removed
    ️️✔️ azure-sdk-for-net succeeded [Detail] [Expand]
    • ️✔️Succeeded [Logs]Release - Generate from e299fd0. SDK Automation 14.0.0 
      warn	Skip initScript due to not configured
command	sudo apt-get install -y dotnet-sdk-5.0
command	autorest --version=V2 --csharp --reflect-api-versions --license-header=MICROSOFT_MIT_NO_VERSION --use=@microsoft.azure/autorest.csharp@2.3.82 --csharp-sdks-folder=/home/vsts/work/1/s/azure-sdk-for-net/sdk ../azure-rest-api-specs/specification/securityinsights/resource-manager/readme.md
cmderr	[Autorest] realpath(): Permission denied
cmderr	[Autorest] realpath(): Permission denied
cmderr	[Autorest] realpath(): Permission denied
cmderr	[Autorest] realpath(): Permission denied
cmderr	[Autorest] realpath(): Permission denied
cmderr	[Autorest] realpath(): Permission denied
    • ️✔️Microsoft.Azure.Management.SecurityInsights [View full logs]  [Release SDK Changes]
    ️️✔️ azure-sdk-for-go succeeded [Detail] [Expand]
    • ️✔️Succeeded [Logs]Release - Generate from e299fd0. SDK Automation 14.0.0 
      command	sh ./initScript.sh ../../../../../azure-sdk-for-go_tmp/initInput.json ../../../../../azure-sdk-for-go_tmp/initOutput.json
command	go run ./tools/generator/main.go ../../../../../azure-sdk-for-go_tmp/generateInput.json ../../../../../azure-sdk-for-go_tmp/generateOutput.json
    • ️✔️securityinsight/mgmt/v1.0/securityinsight [View full logs]  [Release SDK Changes] Breaking Change Detected
      info	[Changelog] This package was removed
    • ️✔️securityinsight/mgmt/2020-01-01/securityinsight [View full logs]  [Release SDK Changes] Breaking Change Detected
      Only show 40 items here, please refer to log for details.
      info	[Changelog] - New const `AzureAdvancedThreatProtection`
info	[Changelog] - New const `IncorrectAlertLogic`
info	[Changelog] - New const `Enabled`
info	[Changelog] - New const `InitialAccess`
info	[Changelog] - New const `KindOffice365`
info	[Changelog] - New const `LateralMovement`
info	[Changelog] - New const `High`
info	[Changelog] - New const `KindMicrosoftCloudAppSecurity`
info	[Changelog] - New const `Disabled`
info	[Changelog] - New const `KindThreatIntelligence`
info	[Changelog] - New const `NotEqual`
info	[Changelog] - New const `Exfiltration`
info	[Changelog] - New const `KindUebaSettings`
info	[Changelog] - New const `Impact`
info	[Changelog] - New const `KindAzureSecurityCenter`
info	[Changelog] - New const `KindDataConnector`
info	[Changelog] - New const `MicrosoftSecurityIncidentCreation`
info	[Changelog] - New const `CommandAndControl`
info	[Changelog] - New const `MicrosoftCloudAppSecurity`
info	[Changelog] - New const `Available`
info	[Changelog] - New const `Collection`
info	[Changelog] - New const `SuspiciousButExpected`
info	[Changelog] - New const `KindAzureAdvancedThreatProtection`
info	[Changelog] - New const `System`
info	[Changelog] - New const `Scheduled`
info	[Changelog] - New const `AzureSecurityCenterforIoT`
info	[Changelog] - New const `KindMicrosoftDefenderAdvancedThreatProtection`
info	[Changelog] - New const `TruePositive`
info	[Changelog] - New const `FalsePositive`
info	[Changelog] - New const `Installed`
info	[Changelog] - New const `Equal`
info	[Changelog] - New const `SuspiciousActivity`
info	[Changelog] - New const `DefenseEvasion`
info	[Changelog] - New const `KindToggleSettings`
info	[Changelog] - New const `GreaterThan`
info	[Changelog] - New const `KindAzureActiveDirectory`
info	[Changelog] - New const `KindAmazonWebServicesCloudTrail`
info	[Changelog]
info	[Changelog] Total 55 breaking change(s), 55 additive change(s).
info	[Changelog]
    • ️✔️preview/securityinsight/mgmt/2019-01-01-preview/securityinsight [View full logs]  [Release SDK Changes] Breaking Change Detected
      Only show 40 items here, please refer to log for details.
      info	[Changelog] - New const `Office365AdvancedThreatProtection`
info	[Changelog] - New const `Default`
info	[Changelog] - New const `AzureSecurityCenter`
info	[Changelog] - New const `Unknown`
info	[Changelog] - New const `Informational`
info	[Changelog] - New const `OnceADay`
info	[Changelog] - New const `SigninLogs`
info	[Changelog] - New const `Other`
info	[Changelog] - New const `Contains`
info	[Changelog] - New const `NotAvailable`
info	[Changelog] - New const `KindAlertRule`
info	[Changelog] - New const `KindBookmark`
info	[Changelog] - New const `KindMicrosoftSecurityIncidentCreation`
info	[Changelog] - New const `KindEntityAnalytics`
info	[Changelog] - New const `Custom`
info	[Changelog] - New const `KindMailCluster`
info	[Changelog] - New const `KindProcess`
info	[Changelog] - New function `IPGeodataClient.GetPreparer(context.Context, string, string) (*http.Request, error)`
info	[Changelog] - New function `IPGeodataClient.GetResponder(*http.Response) (EnrichmentIPGeodata, error)`
info	[Changelog] - New function `IPGeodataClient.Get(context.Context, string, string) (EnrichmentIPGeodata, error)`
info	[Changelog] - New function `DomainWhoisClient.GetResponder(*http.Response) (EnrichmentDomainWhois, error)`
info	[Changelog] - New function `NewIPGeodataClient(string) IPGeodataClient`
info	[Changelog] - New function `NewIPGeodataClientWithBaseURI(string, string) IPGeodataClient`
info	[Changelog] - New function `IPGeodataClient.GetSender(*http.Request) (*http.Response, error)`
info	[Changelog] - New function `NewDomainWhoisClient(string) DomainWhoisClient`
info	[Changelog] - New function `DomainWhoisClient.Get(context.Context, string, string) (EnrichmentDomainWhois, error)`
info	[Changelog] - New function `DomainWhoisClient.GetPreparer(context.Context, string, string) (*http.Request, error)`
info	[Changelog] - New function `NewDomainWhoisClientWithBaseURI(string, string) DomainWhoisClient`
info	[Changelog] - New function `DomainWhoisClient.GetSender(*http.Request) (*http.Response, error)`
info	[Changelog] - New struct `DomainWhoisClient`
info	[Changelog] - New struct `EnrichmentDomainWhois`
info	[Changelog] - New struct `EnrichmentDomainWhoisContact`
info	[Changelog] - New struct `EnrichmentDomainWhoisContacts`
info	[Changelog] - New struct `EnrichmentDomainWhoisDetails`
info	[Changelog] - New struct `EnrichmentDomainWhoisRegistrarDetails`
info	[Changelog] - New struct `EnrichmentIPGeodata`
info	[Changelog] - New struct `IPGeodataClient`
info	[Changelog]
info	[Changelog] Total 138 breaking change(s), 166 additive change(s).
info	[Changelog]
    ️⚠️ azure-sdk-for-python-track2 warning [Detail]
    • ⚠️Warning [Logs]Release - Generate from e299fd0. SDK Automation 14.0.0 
      command	sh scripts/automation_init.sh ../azure-sdk-for-python_tmp/initInput.json ../azure-sdk-for-python_tmp/initOutput.json
cmderr	[automation_init.sh] WARNING: Skipping azure-nspkg as it is not installed.
command	sh scripts/automation_generate.sh ../azure-sdk-for-python_tmp/generateInput.json ../azure-sdk-for-python_tmp/generateOutput.json
    • ️✔️track2_azure-mgmt-securityinsight [View full logs]  [Release SDK Changes] 
      error	breakingChangeTracking is enabled, but version or changelogItem is not found in output.
    ️️✔️ azure-sdk-for-js succeeded [Detail] [Expand]
    • ️✔️Succeeded [Logs]Release - Generate from e299fd0. SDK Automation 14.0.0 
      warn	Skip initScript due to not configured
command	autorest --version=V2 --typescript --license-header=MICROSOFT_MIT_NO_VERSION --use=@microsoft.azure/autorest.typescript@4.4.4 --typescript-sdks-folder=/home/vsts/work/1/s/azure-sdk-for-js/azure-sdk-for-js ../../azure-rest-api-specs/specification/securityinsights/resource-manager/readme.md
    • ️✔️@azure/arm-securityinsight [View full logs]  [Release SDK Changes] 
      cmderr	[npmPack] loaded rollup.config.js with warnings
cmderr	[npmPack] (!) Unused external imports
cmderr	[npmPack] default imported from external module 'rollup' but never used
cmderr	[npmPack] ./esm/securityInsights.js → ./dist/arm-securityinsight.js...
cmderr	[npmPack] created ./dist/arm-securityinsight.js in 348ms
    ️️✔️ azure-cli-extensions succeeded [Detail] [Expand]
    • ️✔️Succeeded [Logs]Release - Generate from e299fd0. Azure CLI Automation 14.0.0 
      warn	Skip initScript due to not configured
command	npx n 12
command	python3 -m venv venv
command	pip install --upgrade setuptools wheel pip
command	pip install pathlib jinja2 msrestazure
command	autorest --az --use=@autorest/az@latest --version=3.0.6271 --clear-output-folder=true --azure-cli-extension-folder=/home/vsts/work/1/s/azure-cli-extensions ../azure-rest-api-specs/specification/securityinsights/resource-manager/readme.md
cmdout	[Autorest] WARNING (PreCheck/AllOfWhenYouMeantRef): Schema 'AwsCloudTrailDataConnectorDataTypes-logs' is using an 'allOf' instead of a $ref. This creates a wasteful anonymous type when generating code.
cmdout	[Autorest] WARNING (PreCheck/AllOfWhenYouMeantRef): Schema 'OfficeDataConnectorDataTypes-exchange' is using an 'allOf' instead of a $ref. This creates a wasteful anonymous type when generating code.
cmdout	[Autorest] WARNING (PreCheck/AllOfWhenYouMeantRef): Schema 'OfficeDataConnectorDataTypes-sharePoint' is using an 'allOf' instead of a $ref. This creates a wasteful anonymous type when generating code.
cmdout	[Autorest] WARNING (PreCheck/AllOfWhenYouMeantRef): Schema 'OfficeDataConnectorDataTypes-teams' is using an 'allOf' instead of a $ref. This creates a wasteful anonymous type when generating code.
cmdout	[Autorest] WARNING (PreCheck/AllOfWhenYouMeantRef): Schema 'TIDataConnectorDataTypes-indicators' is using an 'allOf' instead of a $ref. This creates a wasteful anonymous type when generating code.
cmdout	[Autorest] WARNING (PreCheck/SchemaMissingType): The schema 'ActionsList' with an undefined type and decalared properties is a bit ambigious. This has been auto-corrected to 'type:object'
cmdout	[Autorest] WARNING (PreCheck/SchemaMissingType): The schema 'AlertRuleTemplatesList' with an undefined type and decalared properties is a bit ambigious. This has been auto-corrected to 'type:object'
cmdout	[Autorest] WARNING (PreCheck/SchemaMissingType): The schema 'AlertRulesList' with an undefined type and decalared properties is a bit ambigious. This has been auto-corrected to 'type:object'
cmdout	[Autorest] WARNING (PreCheck/SchemaMissingType): The schema 'BookmarkList' with an undefined type and decalared properties is a bit ambigious. This has been auto-corrected to 'type:object'
cmdout	[Autorest] WARNING (PreCheck/SchemaMissingType): The schema 'CloudError' with an undefined type and decalared properties is a bit ambigious. This has been auto-corrected to 'type:object'
cmdout	[Autorest] WARNING (PreCheck/SchemaMissingType): The schema 'DataConnectorList' with an undefined type and decalared properties is a bit ambigious. This has been auto-corrected to 'type:object'
cmdout	[Autorest] WARNING (PreCheck/SchemaMissingType): The schema 'IncidentCommentList' with an undefined type and decalared properties is a bit ambigious. This has been auto-corrected to 'type:object'
cmdout	[Autorest] WARNING (PreCheck/SchemaMissingType): The schema 'IncidentList' with an undefined type and decalared properties is a bit ambigious. This has been auto-corrected to 'type:object'
cmdout	[Autorest] WARNING (PreCheck/SchemaMissingType): The schema 'OfficeConsentList' with an undefined type and decalared properties is a bit ambigious. This has been auto-corrected to 'type:object'
cmdout	[Autorest] WARNING (PreCheck/SchemaMissingType): The schema 'Operation' with an undefined type and decalared properties is a bit ambigious. This has been auto-corrected to 'type:object'
cmdout	[Autorest] WARNING (PreCheck/SchemaMissingType): The schema 'OperationsList' with an undefined type and decalared properties is a bit ambigious. This has been auto-corrected to 'type:object'
cmdout	[Autorest] WARNING (PreCheck/SchemaMissingType): The schema 'Resource' with an undefined type and decalared properties is a bit ambigious. This has been auto-corrected to 'type:object'
cmdout	[Autorest] WARNING (PreCheck/SchemaMissingType): The schema 'ResourceWithEtag' with an undefined type and decalared properties is a bit ambigious. This has been auto-corrected to 'type:object'
cmdout	[Autorest] WARNING (PreCheck/SchemaMissingType): The schema 'ErrorResponse' with an undefined type and decalared properties is a bit ambigious. This has been auto-corrected to 'type:object'
cmdout	[Autorest] WARNING (PreCheck/SchemaMissingType): The schema 'ErrorAdditionalInfo' with an undefined type and decalared properties is a bit ambigious. This has been auto-corrected to 'type:object'
cmdout	[Autorest] WARNING (PreCheck/CheckDuplicateSchemas): Checking for duplicate schemas, this could take a (long) while.  Run with --verbose for more detail.
cmdout	[Autorest] WARNING (PreCheck/PropertyRedeclarationWarning): Schema 'MCASDataConnectorDataTypes' has a property 'alerts' that is already declared the parent schema 'AlertsDataTypeOfDataConnector' but isn't significantly different. The property has been removed from MCASDataConnectorDataTypes
cmdout	[Autorest] WARNING (): cli.auto-parameter-hidden is not true, skip visibility cleaner
cmderr	[Autorest] BELOW TEST SCENARIO SECTION CAN BE USED IN readme.cli.md
cmderr	[Autorest] --------------------------------------------------------
cmderr	[Autorest]   test-scenario:
cmderr	[Autorest]     - name: /Actions/put/Creates or updates an action of alert rule.
cmderr	[Autorest]     - name: /Actions/get/Get all actions of alert rule.
cmderr	[Autorest]     - name: /Actions/get/Get an action of alert rule.
cmderr	[Autorest]     - name: /Actions/delete/Delete an action of alert rule.
cmderr	[Autorest]     - name: /AlertRules/put/Creates or updates a Fusion alert rule.
cmderr	[Autorest]     - name: /AlertRules/put/Creates or updates a MicrosoftSecurityIncidentCreation rule.
cmderr	[Autorest]     - name: /AlertRules/put/Creates or updates a Scheduled alert rule.
cmderr	[Autorest]     - name: /AlertRules/get/Get a Fusion alert rule.
cmderr	[Autorest]     - name: /AlertRules/get/Get a MicrosoftSecurityIncidentCreation rule.
cmderr	[Autorest]     - name: /AlertRules/get/Get a Scheduled alert rule.
cmderr	[Autorest]     - name: /AlertRules/get/Get all alert rules.
cmderr	[Autorest]     - name: /AlertRules/delete/Delete an alert rule.
cmderr	[Autorest]     - name: /AlertRuleTemplates/get/Get alert rule template by Id.
cmderr	[Autorest]     - name: /AlertRuleTemplates/get/Get all alert rule templates.
cmderr	[Autorest]     - name: /Bookmarks/put/Creates or updates a bookmark.
cmderr	[Autorest]     - name: /Bookmarks/get/Get a bookmark.
cmderr	[Autorest]     - name: /Bookmarks/get/Get all bookmarks.
cmderr	[Autorest]     - name: /Bookmarks/delete/Delete a bookmark.
cmderr	[Autorest]     - name: /DataConnectors/put/Creates or updates an Office365 data connector.
cmderr	[Autorest]     - name: /DataConnectors/put/Creates or updates an Threat Intelligence Platform data connector.
cmderr	[Autorest]     - name: /DataConnectors/get/Get a ASC data connector.
cmderr	[Autorest]     - name: /DataConnectors/get/Get a MCAS data connector.
cmderr	[Autorest]     - name: /DataConnectors/get/Get a MDATP data connector
cmderr	[Autorest]     - name: /DataConnectors/get/Get a TI data connector.
cmderr	[Autorest]     - name: /DataConnectors/get/Get all data connectors.
cmderr	[Autorest]     - name: /DataConnectors/get/Get an AAD data connector.
cmderr	[Autorest]     - name: /DataConnectors/get/Get an AATP data connector.
cmderr	[Autorest]     - name: /DataConnectors/get/Get an AwsCloudTrail data connector.
cmderr	[Autorest]     - name: /DataConnectors/get/Get an Office365 data connector.
cmderr	[Autorest]     - name: /DataConnectors/delete/Delete an Office365 data connector.
cmderr	[Autorest]     - name: /IncidentComments/put/Creates an incident comment.
cmderr	[Autorest]     - name: /IncidentComments/get/Get all incident comments.
cmderr	[Autorest]     - name: /IncidentComments/get/Get an incident comment.
cmderr	[Autorest]     - name: /Incidents/put/Creates or updates an incident.
cmderr	[Autorest]     - name: /Incidents/get/Get all incidents.
cmderr	[Autorest]     - name: /Incidents/get/Get an incident.
cmderr	[Autorest]     - name: /Incidents/delete/Delete an incident.
cmderr	[Autorest] --------------------------------------------------------
    • ️✔️securityinsight [View full logs]  [Release Azure CLI Changes]
    ️️✔️ azure-resource-manager-schemas succeeded [Detail] [Expand]
    • ️✔️Succeeded [Logs]Release - Generate from e299fd0. Schema Automation 14.0.0 
      command	.sdkauto/initScript.sh ../azure-resource-manager-schemas_tmp/initInput.json ../azure-resource-manager-schemas_tmp/initOutput.json
warn	File azure-resource-manager-schemas_tmp/initOutput.json not found to read
command	.sdkauto/generateScript.sh ../azure-resource-manager-schemas_tmp/generateInput.json ../azure-resource-manager-schemas_tmp/generateOutput.json
    • ️✔️securityinsights [View full logs]  [Release Schema Changes]
    Posted by Swagger Pipeline | How to fix these errors?

    @openapi-workflow-bot openapi-workflow-bot bot added the WaitForARMFeedback <valid label in PR review process> add this label when ARM review is required label May 12, 2021
    @openapi-workflow-bot
    Copy link

    Hi, @ori-licht your PR are labelled with WaitForARMFeedback. A notification email will be sent out shortly afterwards to notify ARM review board(armapireview@microsoft.com). cc @

    @ori-licht ori-licht changed the title copy existing API Adding Activity Customization to entityQuery resource May 12, 2021
    @openapi-workflow-bot
    Copy link

    NewApiVersionRequired reason:

    A service’s API is a contract with customers and is represented by using the api-version query parameter. Changes such as adding an optional property to a request/response or introducing a new operation is a change to the service’s contract and therefore requires a new api-version value. This is critically important for documentation, client libraries, and customer support.

    EXAMPLE: if a customer calls a service in the public cloud using api-version=2020-07-27, the new property or operation may exist but if they call the service in a government cloud, air-gapped cloud, or Azure Stack Hub cloud using the same api-version, the property or operation may not exist. Because there is no clear relationship between the service api-version and the new property/operation, customers can’t trust the documentation and Azure customer have difficulty helping customers diagnose issues. In addition, each client library version documents the service version it supports. When an optional property or new operation is added to a service and its Swagger, new client libraries must be produced to expose this functionality to customers. Without updating the api-version, it is unclear to customers which version of a client library supports these new features.

    This was referenced May 12, 2021
    Closed
    Closed
    Closed
    @openapi-sdkautomation openapi-sdkautomation bot mentioned this pull request May 12, 2021
    Closed
    @ori-licht ori-licht closed this May 12, 2021
    @ori-licht ori-licht reopened this May 12, 2021
    @ori-licht ori-licht closed this May 12, 2021
    @ori-licht ori-licht reopened this May 12, 2021
    @openapi-sdkautomation openapi-sdkautomation bot mentioned this pull request May 12, 2021
    Closed
    @ori-licht
    Copy link
    Contributor Author

    ori-licht commented May 12, 2021
    edited
    Loading

    Hi @pilor,
    This PR represents the following changes:
    Commit#1 - copy existing API for entityQueries resource to the new API version
    Commit#2 - Fix validation for duplicate schema for EntityQueryKind
    Commit#3 - Adding EntityQueryKind parameter to GetAll request
    Commit#4 - Adding PUT and DELETE request for entityQueries/{entityQueryId} api + examples
    Commit#5 - Fix example reference

    please LMK if any other information is needed, thank you

    @ori-licht ori-licht marked this pull request as ready for review May 12, 2021 10:49
    @pilor pilor self-requested a review May 12, 2021 20:25
    @pilor pilor added the ARMChangesRequested <valid label in PR review process>add this label when require changes after ARM review label May 12, 2021
    @JeffreyRichter JeffreyRichter added the Approved-BreakingChange DO NOT USE! OBSOLETE label. See https://github.com/Azure/azure-sdk-tools/issues/6374 label May 25, 2021
    @pilor pilor added ARMSignedOff <valid label in PR review process>add this label when ARM approve updates after review and removed ARMChangesRequested <valid label in PR review process>add this label when require changes after ARM review WaitForARMFeedback <valid label in PR review process> add this label when ARM review is required labels May 25, 2021
    @pilor
    Copy link
    Contributor

    pilor commented May 27, 2021

    The SDK reviewer (assignee in Github, @erich-wang) needs to review, approve, and merge

    @erich-wang
    Copy link
    Member

    @ori-licht , please solve the merge conflict, thanks.

    @ori-licht
    Copy link
    Contributor Author

    @ori-licht , please solve the merge conflict, thanks.

    @erich-wang, I have resolved the conflicts, but it seems that a breakingChanges validation is failing.
    not sure how this is related to my last commit

    @erich-wang erich-wang merged commit e299fd0 into Azure:master May 31, 2021
    This was referenced May 31, 2021
    Closed
    Closed
    Closed
    Closed
    Closed
    Closed
    Closed
    Closed
    @heaths heaths mentioned this pull request Jun 16, 2021
    Merged
    mkarmark pushed a commit to mkarmark/azure-rest-api-specs that referenced this pull request Jul 21, 2021
    @ori-licht @mkarmark
    Adding Activity Customization to entityQuery resource (Azure#14376)
    2cfff30 
    * copy existing API

* Change EntityQueryKind

* Adding EntityQueryKind parameter

* Adding PUT and DELETE for entityQueries, adding Activity as the supported entityQuery

* fix example

* construct entitiesFilter as a dictionary
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Reviewers

    @pilor pilor pilor left review comments

    @dosegal dosegal dosegal left review comments

    @JeffreyRichter JeffreyRichter JeffreyRichter approved these changes

    @erich-wang erich-wang erich-wang approved these changes

    Assignees

    @erich-wang erich-wang

    Labels
    Approved-BreakingChange DO NOT USE! OBSOLETE label. See https://github.com/Azure/azure-sdk-tools/issues/6374 ARMSignedOff <valid label in PR review process>add this label when ARM approve updates after review CI-BreakingChange-Go
    Projects
    None yet
    Milestone
    No milestone
    Development

    Successfully merging this pull request may close these issues.
    5 participants
    @ori-licht @pilor @erich-wang @JeffreyRichter @dosegal