-
Notifications
You must be signed in to change notification settings - Fork 5.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add serverSecurityAlertPolicies APIs for MySQL servers #3644
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
{ | ||
"parameters": { | ||
"subscriptionId": "00000000-1111-2222-3333-444444444444", | ||
"resourceGroupName": "securityalert-4799", | ||
"serverName": "securityalert-6440", | ||
"securityAlertPolicyName": "Default", | ||
"api-version": "2017-12-01", | ||
"parameters": { | ||
"properties": { | ||
"state": "Enabled", | ||
"emailAccountAdmins": true, | ||
"emailAddresses": ["testSecurityAlert@microsoft.com"], | ||
"disabledAlerts": ["Access_Anomaly", "Usage_Anomaly"], | ||
"retentionDays": 5, | ||
"storageAccountAccessKey": "sdlfkjabc+sdlfkjsdlkfsjdfLDKFTERLKFDFKLjsdfksjdflsdkfD2342309432849328476458/3RSD==", | ||
"storageEndpoint": "https://mystorage.blob.core.windows.net" | ||
} | ||
} | ||
}, | ||
"responses": { | ||
"200": { | ||
"body": { | ||
"id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/securityalert-4799/providers/Microsoft.DBforMySQL/servers/securityalert-6440/securityAlertPolicies/default", | ||
"name": "Default", | ||
"type": "Microsoft.DBforMySQL/servers/securityAlertPolicies", | ||
"properties": { | ||
"state": "Enabled", | ||
"emailAccountAdmins": true, | ||
"emailAddresses": ["testSecurityAlert@microsoft.com"], | ||
"disabledAlerts": ["Access_Anomaly","Usage_Anomaly"], | ||
"retentionDays": 5, | ||
"storageEndpoint": "https://mystorage.blob.core.windows.net" | ||
} | ||
} | ||
}, | ||
"202": { | ||
} | ||
} | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
{ | ||
"parameters": { | ||
"subscriptionId": "00000000-1111-2222-3333-444444444444", | ||
"resourceGroupName": "securityalert-4799", | ||
"serverName": "securityalert-6440", | ||
"securityAlertPolicyName": "Default", | ||
"api-version": "2017-12-01", | ||
"parameters": { | ||
"properties": { | ||
"state": "Disabled", | ||
"emailAccountAdmins": true | ||
} | ||
} | ||
}, | ||
"responses": { | ||
"200": { | ||
"body": { | ||
"id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/securityalert-4799/providers/Microsoft.DBforMySQL/servers/securityalert-6440/securityAlertPolicies/default", | ||
"name": "Default", | ||
"type": "Microsoft.DBforMySQL/servers/securityAlertPolicies", | ||
"properties": { | ||
"state": "Enabled", | ||
"emailAccountAdmins": true, | ||
"emailAddresses": [], | ||
"disabledAlerts": [], | ||
"retentionDays": 0, | ||
"storageEndpoint": "" | ||
} | ||
} | ||
}, | ||
"202": { | ||
} | ||
} | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
{ | ||
"parameters": { | ||
"subscriptionId": "00000000-1111-2222-3333-444444444444", | ||
"resourceGroupName": "securityalert-4799", | ||
"serverName": "securityalert-6440", | ||
"securityAlertPolicyName": "Default", | ||
"api-version": "2017-03-01-preview" | ||
}, | ||
"responses": { | ||
"200": { | ||
"body": { | ||
"id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/securityalert-4799/providers/Microsoft.DBforMySQL/servers/securityalert-6440/securityAlertPolicies/default", | ||
"name": "Default", | ||
"type": "Microsoft.DBforMySQL/servers/securityAlertPolicies", | ||
"properties": { | ||
"state": "Disabled", | ||
"emailAccountAdmins": true, | ||
"emailAddresses": [ "test@microsoft.com;user@microsoft.com" ], | ||
"disabledAlerts": ["Access_Anomaly"], | ||
"retentionDays": 0, | ||
"storageEndpoint": "https://mystorage.blob.core.windows.net" | ||
} | ||
} | ||
} | ||
} | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -1062,6 +1062,126 @@ | |
} | ||
} | ||
}, | ||
"/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.DBforMySQL/servers/{serverName}/securityAlertPolicies/{securityAlertPolicyName}": { | ||
"get": { | ||
"tags": [ | ||
"ServerSecurityAlertPolicies" | ||
], | ||
"description": "Get a server's security alert policy.", | ||
"operationId": "ServerSecurityAlertPolicies_Get", | ||
"parameters": [ | ||
{ | ||
"$ref": "#/parameters/ResourceGroupParameter" | ||
}, | ||
{ | ||
"$ref": "#/parameters/ServerNameParameter" | ||
}, | ||
{ | ||
"name": "securityAlertPolicyName", | ||
"in": "path", | ||
"description": "The name of the security alert policy.", | ||
"required": true, | ||
"type": "string", | ||
"enum": [ | ||
"Default" | ||
], | ||
"x-ms-enum": { | ||
"name": "SecurityAlertPolicyName", | ||
"modelAsString": true | ||
} | ||
}, | ||
{ | ||
"$ref": "#/parameters/SubscriptionIdParameter" | ||
}, | ||
{ | ||
"$ref": "#/parameters/ApiVersionParameter" | ||
} | ||
], | ||
"responses": { | ||
"200": { | ||
"description": "Successfully retrieved the server threat detection policy.", | ||
"schema": { | ||
"$ref": "#/definitions/ServerSecurityAlertPolicy" | ||
} | ||
}, | ||
"default": { | ||
"description": "Error response describing why the operation of getting security alert policies failed." | ||
} | ||
}, | ||
"x-ms-examples": { | ||
"Get a server's threat detection policy": { | ||
"$ref": "./examples/ServerSecurityAlertsGet.json" | ||
} | ||
} | ||
}, | ||
"put": { | ||
"tags": [ | ||
"ServerSecurityAlertPolicies" | ||
], | ||
"description": "Creates or updates a threat detection policy.", | ||
"operationId": "ServerSecurityAlertPolicies_CreateOrUpdate", | ||
"parameters": [ | ||
{ | ||
"$ref": "#/parameters/ResourceGroupParameter" | ||
}, | ||
{ | ||
"$ref": "#/parameters/ServerNameParameter" | ||
}, | ||
{ | ||
"name": "securityAlertPolicyName", | ||
"in": "path", | ||
"description": "The name of the threat detection policy.", | ||
"required": true, | ||
"type": "string", | ||
"enum": [ | ||
"Default" | ||
], | ||
"x-ms-enum": { | ||
"name": "SecurityAlertPolicyName", | ||
"modelAsString": true | ||
} | ||
}, | ||
{ | ||
"name": "parameters", | ||
"in": "body", | ||
"description": "The server security alert policy.", | ||
"required": true, | ||
"schema": { | ||
"$ref": "#/definitions/ServerSecurityAlertPolicy" | ||
} | ||
}, | ||
{ | ||
"$ref": "#/parameters/SubscriptionIdParameter" | ||
}, | ||
{ | ||
"$ref": "#/parameters/ApiVersionParameter" | ||
} | ||
], | ||
"responses": { | ||
"200": { | ||
"description": "Successfully updated the threat detection policy.", | ||
"schema": { | ||
"$ref": "#/definitions/ServerSecurityAlertPolicy" | ||
} | ||
}, | ||
"default": { | ||
"description": "Error response describing why the operation of setting security alert policies failed." | ||
}, | ||
"202": { | ||
"description": "Created request to set the server threat detection policy." | ||
} | ||
}, | ||
"x-ms-long-running-operation": true, | ||
"x-ms-examples": { | ||
"Update a server's threat detection policy with all parameters": { | ||
"$ref": "./examples/ServerSecurityAlertsCreateMax.json" | ||
}, | ||
"Update a server's threat detection policy with minimal parameters": { | ||
"$ref": "./examples/ServerSecurityAlertsCreateMin.json" | ||
} | ||
} | ||
} | ||
}, | ||
"/providers/Microsoft.DBforMySQL/operations": { | ||
"get": { | ||
"tags": [ | ||
|
@@ -1916,6 +2036,74 @@ | |
} | ||
}, | ||
"description": "Represents a resource name availability." | ||
}, | ||
"SecurityAlertPolicyProperties": { | ||
"description": "Properties of a security alert policy.", | ||
"required": [ | ||
"state" | ||
], | ||
"type": "object", | ||
"properties": { | ||
"state": { | ||
"description": "Specifies the state of the policy, whether it is enabled or disabled.", | ||
"enum": [ | ||
"Enabled", | ||
"Disabled" | ||
], | ||
"type": "string", | ||
"x-ms-enum": { | ||
"name": "ServerSecurityAlertPolicyState", | ||
"modelAsString": false | ||
} | ||
}, | ||
"disabledAlerts": { | ||
"description": "Specifies an array of alerts that are disabled. Allowed values are: Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly", | ||
"type": "array", | ||
"items": { | ||
"type": "string" | ||
} | ||
}, | ||
"emailAddresses": { | ||
"description": "Specifies an array of e-mail addresses to which the alert is sent.", | ||
"type": "array", | ||
"items": { | ||
"type": "string" | ||
} | ||
}, | ||
"emailAccountAdmins": { | ||
"description": "Specifies that the alert is sent to the account administrators.", | ||
"type": "boolean" | ||
}, | ||
"storageEndpoint": { | ||
"description": "Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs.", | ||
"type": "string" | ||
}, | ||
"storageAccountAccessKey": { | ||
"description": "Specifies the identifier key of the Threat Detection audit storage account.", | ||
"type": "string" | ||
}, | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. My understanding is ARM usually recommend to refer storage account using the fully qualified ARM resource id. This requires service to have linked access to storage that way service can reliably ensure there are sufficient permission to perform the operation (such as reading keys). Adding @ravbhatnagar from ARM team to comment. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. It is similar in all our APIs for Postgres, SQL and Managed Instance |
||
"retentionDays": { | ||
"format": "int32", | ||
"description": "Specifies the number of days to keep in the Threat Detection audit logs.", | ||
"type": "integer" | ||
} | ||
} | ||
}, | ||
"ServerSecurityAlertPolicy": { | ||
"description": "A server security alert policy.", | ||
"type": "object", | ||
"allOf": [ | ||
{ | ||
"$ref": "#/definitions/ProxyResource" | ||
} | ||
], | ||
"properties": { | ||
"properties": { | ||
"$ref": "#/definitions/SecurityAlertPolicyProperties", | ||
"description": "Resource properties.", | ||
"x-ms-client-flatten": true | ||
} | ||
} | ||
} | ||
}, | ||
"parameters": { | ||
|
@@ -1988,6 +2176,17 @@ | |
"type": "string", | ||
"description": "The name of the location.", | ||
"x-ms-parameter-location": "method" | ||
}, | ||
"SecurityAlertPolicyNameParameter": { | ||
"name": "securityAlertPolicyName", | ||
"in": "path", | ||
"description": "The name of the security alert policy.", | ||
"required": true, | ||
"type": "string", | ||
"enum": [ | ||
"default" | ||
], | ||
"x-ms-parameter-location": "method" | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. It seems this definition is not used anywhere if so please remove it. |
||
} | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should there be an API to list the collection of securityPOlicies under a server.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is only one policy, but the user can define its name.