[AutoPR] sql/resource-manager

azure-mgmt-sql/HISTORY.rst

@@ -3,6 +3,37 @@
 Release History
 ===============
 
+0.10.0 (2018-10-18)
++++++++++++++++++++
+
+**Features**
+
+- Model DatabaseVulnerabilityAssessment has a new parameter storage_account_access_key
+- Model ManagedInstanceUpdate has a new parameter dns_zone_partner
+- Model ManagedInstanceUpdate has a new parameter collation
+- Model ManagedInstanceUpdate has a new parameter dns_zone
+- Model ManagedInstance has a new parameter dns_zone_partner
+- Model ManagedInstance has a new parameter collation
+- Model ManagedInstance has a new parameter dns_zone
+- Added operation BackupShortTermRetentionPoliciesOperations.list_by_database
+- Added operation group ManagedDatabaseVulnerabilityAssessmentsOperations
+- Added operation group ExtendedDatabaseBlobAuditingPoliciesOperations
+- Added operation group TdeCertificatesOperations
+- Added operation group ManagedInstanceKeysOperations
+- Added operation group ServerBlobAuditingPoliciesOperations
+- Added operation group ManagedInstanceEncryptionProtectorsOperations
+- Added operation group ExtendedServerBlobAuditingPoliciesOperations
+- Added operation group ServerSecurityAlertPoliciesOperations
+- Added operation group ManagedDatabaseVulnerabilityAssessmentScansOperations
+- Added operation group ManagedInstanceTdeCertificatesOperations
+- Added operation group ManagedDatabaseVulnerabilityAssessmentRuleBaselinesOperations
+
+**Breaking changes**
+
+- Operation DatabaseVulnerabilityAssessmentRuleBaselinesOperations.delete has a new signature
+- Operation DatabaseVulnerabilityAssessmentRuleBaselinesOperations.get has a new signature
+- Operation DatabaseVulnerabilityAssessmentRuleBaselinesOperations.create_or_update has a new signature
+
 0.9.1 (2018-05-24)
 ++++++++++++++++++
 

azure-mgmt-sql/MANIFEST.in

@@ -1 +1,4 @@
 include *.rst
+include azure/__init__.py
+include azure/mgmt/__init__.py
+

azure-mgmt-sql/azure/mgmt/sql/models/__init__.py

@@ -48,7 +48,6 @@
     from .transparent_data_encryption_activity_py3 import TransparentDataEncryptionActivity
     from .server_usage_py3 import ServerUsage
     from .database_usage_py3 import DatabaseUsage
-    from .database_blob_auditing_policy_py3 import DatabaseBlobAuditingPolicy
     from .automatic_tuning_options_py3 import AutomaticTuningOptions
     from .database_automatic_tuning_py3 import DatabaseAutomaticTuning
     from .encryption_protector_py3 import EncryptionProtector
@@ -81,6 +80,10 @@
     from .sync_member_py3 import SyncMember
     from .subscription_usage_py3 import SubscriptionUsage
     from .virtual_network_rule_py3 import VirtualNetworkRule
+    from .extended_database_blob_auditing_policy_py3 import ExtendedDatabaseBlobAuditingPolicy
+    from .extended_server_blob_auditing_policy_py3 import ExtendedServerBlobAuditingPolicy
+    from .server_blob_auditing_policy_py3 import ServerBlobAuditingPolicy
+    from .database_blob_auditing_policy_py3 import DatabaseBlobAuditingPolicy
     from .database_vulnerability_assessment_rule_baseline_item_py3 import DatabaseVulnerabilityAssessmentRuleBaselineItem
     from .database_vulnerability_assessment_rule_baseline_py3 import DatabaseVulnerabilityAssessmentRuleBaseline
     from .vulnerability_assessment_recurring_scans_properties_py3 import VulnerabilityAssessmentRecurringScansProperties
@@ -108,6 +111,7 @@
     from .server_automatic_tuning_py3 import ServerAutomaticTuning
     from .server_dns_alias_py3 import ServerDnsAlias
     from .server_dns_alias_acquisition_py3 import ServerDnsAliasAcquisition
+    from .server_security_alert_policy_py3 import ServerSecurityAlertPolicy
     from .restore_point_py3 import RestorePoint
     from .create_database_restore_point_definition_py3 import CreateDatabaseRestorePointDefinition
     from .database_operation_py3 import DatabaseOperation
@@ -144,6 +148,9 @@
     from .managed_instance_pair_info_py3 import ManagedInstancePairInfo
     from .instance_failover_group_py3 import InstanceFailoverGroup
     from .backup_short_term_retention_policy_py3 import BackupShortTermRetentionPolicy
+    from .tde_certificate_py3 import TdeCertificate
+    from .managed_instance_key_py3 import ManagedInstanceKey
+    from .managed_instance_encryption_protector_py3 import ManagedInstanceEncryptionProtector
 except (SyntaxError, ImportError):
     from .recoverable_database import RecoverableDatabase
     from .restorable_dropped_database import RestorableDroppedDatabase
@@ -183,7 +190,6 @@
     from .transparent_data_encryption_activity import TransparentDataEncryptionActivity
     from .server_usage import ServerUsage
     from .database_usage import DatabaseUsage
-    from .database_blob_auditing_policy import DatabaseBlobAuditingPolicy
     from .automatic_tuning_options import AutomaticTuningOptions
     from .database_automatic_tuning import DatabaseAutomaticTuning
     from .encryption_protector import EncryptionProtector
@@ -216,6 +222,10 @@
     from .sync_member import SyncMember
     from .subscription_usage import SubscriptionUsage
     from .virtual_network_rule import VirtualNetworkRule
+    from .extended_database_blob_auditing_policy import ExtendedDatabaseBlobAuditingPolicy
+    from .extended_server_blob_auditing_policy import ExtendedServerBlobAuditingPolicy
+    from .server_blob_auditing_policy import ServerBlobAuditingPolicy
+    from .database_blob_auditing_policy import DatabaseBlobAuditingPolicy
     from .database_vulnerability_assessment_rule_baseline_item import DatabaseVulnerabilityAssessmentRuleBaselineItem
     from .database_vulnerability_assessment_rule_baseline import DatabaseVulnerabilityAssessmentRuleBaseline
     from .vulnerability_assessment_recurring_scans_properties import VulnerabilityAssessmentRecurringScansProperties
@@ -243,6 +253,7 @@
     from .server_automatic_tuning import ServerAutomaticTuning
     from .server_dns_alias import ServerDnsAlias
     from .server_dns_alias_acquisition import ServerDnsAliasAcquisition
+    from .server_security_alert_policy import ServerSecurityAlertPolicy
     from .restore_point import RestorePoint
     from .create_database_restore_point_definition import CreateDatabaseRestorePointDefinition
     from .database_operation import DatabaseOperation
@@ -279,6 +290,9 @@
     from .managed_instance_pair_info import ManagedInstancePairInfo
     from .instance_failover_group import InstanceFailoverGroup
     from .backup_short_term_retention_policy import BackupShortTermRetentionPolicy
+    from .tde_certificate import TdeCertificate
+    from .managed_instance_key import ManagedInstanceKey
+    from .managed_instance_encryption_protector import ManagedInstanceEncryptionProtector
 from .recoverable_database_paged import RecoverableDatabasePaged
 from .restorable_dropped_database_paged import RestorableDroppedDatabasePaged
 from .server_paged import ServerPaged
@@ -330,6 +344,9 @@
 from .elastic_pool_operation_paged import ElasticPoolOperationPaged
 from .vulnerability_assessment_scan_record_paged import VulnerabilityAssessmentScanRecordPaged
 from .instance_failover_group_paged import InstanceFailoverGroupPaged
+from .backup_short_term_retention_policy_paged import BackupShortTermRetentionPolicyPaged
+from .managed_instance_key_paged import ManagedInstanceKeyPaged
+from .managed_instance_encryption_protector_paged import ManagedInstanceEncryptionProtectorPaged
 from .sql_management_client_enums import (
     CheckNameAvailabilityReason,
     ServerConnectionType,
@@ -355,7 +372,6 @@
     RecommendedIndexType,
     TransparentDataEncryptionStatus,
     TransparentDataEncryptionActivityStatus,
-    BlobAuditingPolicyState,
     AutomaticTuningMode,
     AutomaticTuningOptionModeDesired,
     AutomaticTuningOptionModeActual,
@@ -374,6 +390,7 @@
     SyncDirection,
     SyncMemberState,
     VirtualNetworkRuleState,
+    BlobAuditingPolicyState,
     JobAgentState,
     JobExecutionLifecycle,
     ProvisioningState,
@@ -405,6 +422,7 @@
     VulnerabilityAssessmentScanState,
     InstanceFailoverGroupReplicationRole,
     LongTermRetentionDatabaseState,
+    VulnerabilityAssessmentPolicyBaselineName,
     CapabilityGroup,
 )
 
@@ -447,7 +465,6 @@
     'TransparentDataEncryptionActivity',
     'ServerUsage',
     'DatabaseUsage',
-    'DatabaseBlobAuditingPolicy',
     'AutomaticTuningOptions',
     'DatabaseAutomaticTuning',
     'EncryptionProtector',
@@ -480,6 +497,10 @@
     'SyncMember',
     'SubscriptionUsage',
     'VirtualNetworkRule',
+    'ExtendedDatabaseBlobAuditingPolicy',
+    'ExtendedServerBlobAuditingPolicy',
+    'ServerBlobAuditingPolicy',
+    'DatabaseBlobAuditingPolicy',
     'DatabaseVulnerabilityAssessmentRuleBaselineItem',
     'DatabaseVulnerabilityAssessmentRuleBaseline',
     'VulnerabilityAssessmentRecurringScansProperties',
@@ -507,6 +528,7 @@
     'ServerAutomaticTuning',
     'ServerDnsAlias',
     'ServerDnsAliasAcquisition',
+    'ServerSecurityAlertPolicy',
     'RestorePoint',
     'CreateDatabaseRestorePointDefinition',
     'DatabaseOperation',
@@ -543,6 +565,9 @@
     'ManagedInstancePairInfo',
     'InstanceFailoverGroup',
     'BackupShortTermRetentionPolicy',
+    'TdeCertificate',
+    'ManagedInstanceKey',
+    'ManagedInstanceEncryptionProtector',
     'RecoverableDatabasePaged',
     'RestorableDroppedDatabasePaged',
     'ServerPaged',
@@ -594,6 +619,9 @@
     'ElasticPoolOperationPaged',
     'VulnerabilityAssessmentScanRecordPaged',
     'InstanceFailoverGroupPaged',
+    'BackupShortTermRetentionPolicyPaged',
+    'ManagedInstanceKeyPaged',
+    'ManagedInstanceEncryptionProtectorPaged',
     'CheckNameAvailabilityReason',
     'ServerConnectionType',
     'SecurityAlertPolicyState',
@@ -618,7 +646,6 @@
     'RecommendedIndexType',
     'TransparentDataEncryptionStatus',
     'TransparentDataEncryptionActivityStatus',
-    'BlobAuditingPolicyState',
     'AutomaticTuningMode',
     'AutomaticTuningOptionModeDesired',
     'AutomaticTuningOptionModeActual',
@@ -637,6 +664,7 @@
     'SyncDirection',
     'SyncMemberState',
     'VirtualNetworkRuleState',
+    'BlobAuditingPolicyState',
     'JobAgentState',
     'JobExecutionLifecycle',
     'ProvisioningState',
@@ -668,5 +696,6 @@
     'VulnerabilityAssessmentScanState',
     'InstanceFailoverGroupReplicationRole',
     'LongTermRetentionDatabaseState',
+    'VulnerabilityAssessmentPolicyBaselineName',
     'CapabilityGroup',
 ]

azure-mgmt-sql/azure/mgmt/sql/models/backup_short_term_retention_policy_paged.py

@@ -0,0 +1,27 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from msrest.paging import Paged
+
+
+class BackupShortTermRetentionPolicyPaged(Paged):
+    """
+    A paging container for iterating over a list of :class:`BackupShortTermRetentionPolicy <azure.mgmt.sql.models.BackupShortTermRetentionPolicy>` object
+    """
+
+    _attribute_map = {
+        'next_link': {'key': 'nextLink', 'type': 'str'},
+        'current_page': {'key': 'value', 'type': '[BackupShortTermRetentionPolicy]'}
+    }
+
+    def __init__(self, *args, **kwargs):
+
+        super(BackupShortTermRetentionPolicyPaged, self).__init__(*args, **kwargs)

azure-mgmt-sql/azure/mgmt/sql/models/database_blob_auditing_policy.py

@@ -43,14 +43,72 @@ class DatabaseBlobAuditingPolicy(ProxyResource):
     :param retention_days: Specifies the number of days to keep in the audit
      logs.
     :type retention_days: int
-    :param audit_actions_and_groups: Specifies the Actions and Actions-Groups
+    :param audit_actions_and_groups: Specifies the Actions-Groups and Actions
      to audit.
+     The recommended set of action groups to use is the following combination -
+     this will audit all the queries and stored procedures executed against the
+     database, as well as successful and failed logins:
+     BATCH_COMPLETED_GROUP,
+     SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,
+     FAILED_DATABASE_AUTHENTICATION_GROUP.
+     This above combination is also the set that is configured by default when
+     enabling auditing from the Azure portal.
+     The supported action groups to audit are (note: choose only specific
+     groups that cover your auditing needs. Using unnecessary groups could lead
+     to very large quantities of audit records):
+     APPLICATION_ROLE_CHANGE_PASSWORD_GROUP
+     BACKUP_RESTORE_GROUP
+     DATABASE_LOGOUT_GROUP
+     DATABASE_OBJECT_CHANGE_GROUP
+     DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP
+     DATABASE_OBJECT_PERMISSION_CHANGE_GROUP
+     DATABASE_OPERATION_GROUP
+     DATABASE_PERMISSION_CHANGE_GROUP
+     DATABASE_PRINCIPAL_CHANGE_GROUP
+     DATABASE_PRINCIPAL_IMPERSONATION_GROUP
+     DATABASE_ROLE_MEMBER_CHANGE_GROUP
+     FAILED_DATABASE_AUTHENTICATION_GROUP
+     SCHEMA_OBJECT_ACCESS_GROUP
+     SCHEMA_OBJECT_CHANGE_GROUP
+     SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP
+     SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP
+     SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP
+     USER_CHANGE_PASSWORD_GROUP
+     BATCH_STARTED_GROUP
+     BATCH_COMPLETED_GROUP
+     These are groups that cover all sql statements and stored procedures
+     executed against the database, and should not be used in combination with
+     other groups as this will result in duplicate audit logs.
+     For more information, see [Database-Level Audit Action
+     Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups).
+     For Database auditing policy, specific Actions can also be specified (note
+     that Actions cannot be specified for Server auditing policy). The
+     supported actions to audit are:
+     SELECT
+     UPDATE
+     INSERT
+     DELETE
+     EXECUTE
+     RECEIVE
+     REFERENCES
+     The general form for defining an action to be audited is:
+     <action> ON <object> BY <principal>
+     Note that <object> in the above format can refer to an object like a
+     table, view, or stored procedure, or an entire database or schema. For the
+     latter cases, the forms DATABASE::<db_name> and SCHEMA::<schema_name> are
+     used, respectively.
+     For example:
+     SELECT on dbo.myTable by public
+     SELECT on DATABASE::myDatabase by public
+     SELECT on SCHEMA::mySchema by public
+     For more information, see [Database-Level Audit
+     Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions)
     :type audit_actions_and_groups: list[str]
     :param storage_account_subscription_id: Specifies the blob storage
      subscription Id.
     :type storage_account_subscription_id: str
     :param is_storage_secondary_key_in_use: Specifies whether
-     storageAccountAccessKey value is the storage’s secondary key.
+     storageAccountAccessKey value is the storage's secondary key.
     :type is_storage_secondary_key_in_use: bool
     """
 

azure-mgmt-sql/azure/mgmt/sql/models/database_blob_auditing_policy_py3.py

@@ -43,14 +43,72 @@ class DatabaseBlobAuditingPolicy(ProxyResource):
     :param retention_days: Specifies the number of days to keep in the audit
      logs.
     :type retention_days: int
-    :param audit_actions_and_groups: Specifies the Actions and Actions-Groups
+    :param audit_actions_and_groups: Specifies the Actions-Groups and Actions
      to audit.
+     The recommended set of action groups to use is the following combination -
+     this will audit all the queries and stored procedures executed against the
+     database, as well as successful and failed logins:
+     BATCH_COMPLETED_GROUP,
+     SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,
+     FAILED_DATABASE_AUTHENTICATION_GROUP.
+     This above combination is also the set that is configured by default when
+     enabling auditing from the Azure portal.
+     The supported action groups to audit are (note: choose only specific
+     groups that cover your auditing needs. Using unnecessary groups could lead
+     to very large quantities of audit records):
+     APPLICATION_ROLE_CHANGE_PASSWORD_GROUP
+     BACKUP_RESTORE_GROUP
+     DATABASE_LOGOUT_GROUP
+     DATABASE_OBJECT_CHANGE_GROUP
+     DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP
+     DATABASE_OBJECT_PERMISSION_CHANGE_GROUP
+     DATABASE_OPERATION_GROUP
+     DATABASE_PERMISSION_CHANGE_GROUP
+     DATABASE_PRINCIPAL_CHANGE_GROUP
+     DATABASE_PRINCIPAL_IMPERSONATION_GROUP
+     DATABASE_ROLE_MEMBER_CHANGE_GROUP
+     FAILED_DATABASE_AUTHENTICATION_GROUP
+     SCHEMA_OBJECT_ACCESS_GROUP
+     SCHEMA_OBJECT_CHANGE_GROUP
+     SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP
+     SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP
+     SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP
+     USER_CHANGE_PASSWORD_GROUP
+     BATCH_STARTED_GROUP
+     BATCH_COMPLETED_GROUP
+     These are groups that cover all sql statements and stored procedures
+     executed against the database, and should not be used in combination with
+     other groups as this will result in duplicate audit logs.
+     For more information, see [Database-Level Audit Action
+     Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups).
+     For Database auditing policy, specific Actions can also be specified (note
+     that Actions cannot be specified for Server auditing policy). The
+     supported actions to audit are:
+     SELECT
+     UPDATE
+     INSERT
+     DELETE
+     EXECUTE
+     RECEIVE
+     REFERENCES
+     The general form for defining an action to be audited is:
+     <action> ON <object> BY <principal>
+     Note that <object> in the above format can refer to an object like a
+     table, view, or stored procedure, or an entire database or schema. For the
+     latter cases, the forms DATABASE::<db_name> and SCHEMA::<schema_name> are
+     used, respectively.
+     For example:
+     SELECT on dbo.myTable by public
+     SELECT on DATABASE::myDatabase by public
+     SELECT on SCHEMA::mySchema by public
+     For more information, see [Database-Level Audit
+     Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions)
     :type audit_actions_and_groups: list[str]
     :param storage_account_subscription_id: Specifies the blob storage
      subscription Id.
     :type storage_account_subscription_id: str
     :param is_storage_secondary_key_in_use: Specifies whether
-     storageAccountAccessKey value is the storage’s secondary key.
+     storageAccountAccessKey value is the storage's secondary key.
     :type is_storage_secondary_key_in_use: bool
     """