diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/database_blob_auditing_policy.py b/azure-mgmt-sql/azure/mgmt/sql/models/database_blob_auditing_policy.py index 963b7674ac16..57e85a7ffeef 100644 --- a/azure-mgmt-sql/azure/mgmt/sql/models/database_blob_auditing_policy.py +++ b/azure-mgmt-sql/azure/mgmt/sql/models/database_blob_auditing_policy.py @@ -29,7 +29,7 @@ class DatabaseBlobAuditingPolicy(ProxyResource): :ivar kind: Resource kind. :vartype kind: str :param state: Required. Specifies the state of the policy. If state is - Enabled, storageEndpoint and storageAccountAccessKey are required. + Enabled, storageEndpoint or isAzureMonitorTargetEnabled are required. Possible values include: 'Enabled', 'Disabled' :type state: str or ~azure.mgmt.sql.models.BlobAuditingPolicyState :param storage_endpoint: Specifies the blob storage endpoint (e.g. @@ -37,11 +37,11 @@ class DatabaseBlobAuditingPolicy(ProxyResource): storageEndpoint is required. :type storage_endpoint: str :param storage_account_access_key: Specifies the identifier key of the - auditing storage account. If state is Enabled, storageAccountAccessKey is - required. + auditing storage account. If state is Enabled and storageEndpoint is + specified, storageAccountAccessKey is required. :type storage_account_access_key: str :param retention_days: Specifies the number of days to keep in the audit - logs. + logs in the storage account. :type retention_days: int :param audit_actions_and_groups: Specifies the Actions-Groups and Actions to audit. @@ -110,6 +110,23 @@ class DatabaseBlobAuditingPolicy(ProxyResource): :param is_storage_secondary_key_in_use: Specifies whether storageAccountAccessKey value is the storage's secondary key. :type is_storage_secondary_key_in_use: bool + :param is_azure_monitor_target_enabled: Specifies whether audit events are + sent to Azure Monitor. + In order to send the events to Azure Monitor, specify 'State' as 'Enabled' + and 'IsAzureMonitorTargetEnabled' as true. + When using REST API to configure auditing, Diagnostic Settings with + 'SQLSecurityAuditEvents' diagnostic logs category on the database should + be also created. + Note that for server level audit you should use the 'master' database as + . + Diagnostic Settings URI format: + PUT + https://management.azure.com/subscriptions//resourceGroups//providers/Microsoft.Sql/servers//databases//providers/microsoft.insights/diagnosticSettings/?api-version=2017-05-01-preview + For more information, see [Diagnostic Settings REST + API](https://go.microsoft.com/fwlink/?linkid=2033207) + or [Diagnostic Settings + PowerShell](https://go.microsoft.com/fwlink/?linkid=2033043) + :type is_azure_monitor_target_enabled: bool """ _validation = { @@ -132,6 +149,7 @@ class DatabaseBlobAuditingPolicy(ProxyResource): 'audit_actions_and_groups': {'key': 'properties.auditActionsAndGroups', 'type': '[str]'}, 'storage_account_subscription_id': {'key': 'properties.storageAccountSubscriptionId', 'type': 'str'}, 'is_storage_secondary_key_in_use': {'key': 'properties.isStorageSecondaryKeyInUse', 'type': 'bool'}, + 'is_azure_monitor_target_enabled': {'key': 'properties.isAzureMonitorTargetEnabled', 'type': 'bool'}, } def __init__(self, **kwargs): @@ -144,3 +162,4 @@ def __init__(self, **kwargs): self.audit_actions_and_groups = kwargs.get('audit_actions_and_groups', None) self.storage_account_subscription_id = kwargs.get('storage_account_subscription_id', None) self.is_storage_secondary_key_in_use = kwargs.get('is_storage_secondary_key_in_use', None) + self.is_azure_monitor_target_enabled = kwargs.get('is_azure_monitor_target_enabled', None) diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/database_blob_auditing_policy_py3.py b/azure-mgmt-sql/azure/mgmt/sql/models/database_blob_auditing_policy_py3.py index 1c58ec560a03..ab7e08965ed6 100644 --- a/azure-mgmt-sql/azure/mgmt/sql/models/database_blob_auditing_policy_py3.py +++ b/azure-mgmt-sql/azure/mgmt/sql/models/database_blob_auditing_policy_py3.py @@ -29,7 +29,7 @@ class DatabaseBlobAuditingPolicy(ProxyResource): :ivar kind: Resource kind. :vartype kind: str :param state: Required. Specifies the state of the policy. If state is - Enabled, storageEndpoint and storageAccountAccessKey are required. + Enabled, storageEndpoint or isAzureMonitorTargetEnabled are required. Possible values include: 'Enabled', 'Disabled' :type state: str or ~azure.mgmt.sql.models.BlobAuditingPolicyState :param storage_endpoint: Specifies the blob storage endpoint (e.g. @@ -37,11 +37,11 @@ class DatabaseBlobAuditingPolicy(ProxyResource): storageEndpoint is required. :type storage_endpoint: str :param storage_account_access_key: Specifies the identifier key of the - auditing storage account. If state is Enabled, storageAccountAccessKey is - required. + auditing storage account. If state is Enabled and storageEndpoint is + specified, storageAccountAccessKey is required. :type storage_account_access_key: str :param retention_days: Specifies the number of days to keep in the audit - logs. + logs in the storage account. :type retention_days: int :param audit_actions_and_groups: Specifies the Actions-Groups and Actions to audit. @@ -110,6 +110,23 @@ class DatabaseBlobAuditingPolicy(ProxyResource): :param is_storage_secondary_key_in_use: Specifies whether storageAccountAccessKey value is the storage's secondary key. :type is_storage_secondary_key_in_use: bool + :param is_azure_monitor_target_enabled: Specifies whether audit events are + sent to Azure Monitor. + In order to send the events to Azure Monitor, specify 'State' as 'Enabled' + and 'IsAzureMonitorTargetEnabled' as true. + When using REST API to configure auditing, Diagnostic Settings with + 'SQLSecurityAuditEvents' diagnostic logs category on the database should + be also created. + Note that for server level audit you should use the 'master' database as + . + Diagnostic Settings URI format: + PUT + https://management.azure.com/subscriptions//resourceGroups//providers/Microsoft.Sql/servers//databases//providers/microsoft.insights/diagnosticSettings/?api-version=2017-05-01-preview + For more information, see [Diagnostic Settings REST + API](https://go.microsoft.com/fwlink/?linkid=2033207) + or [Diagnostic Settings + PowerShell](https://go.microsoft.com/fwlink/?linkid=2033043) + :type is_azure_monitor_target_enabled: bool """ _validation = { @@ -132,9 +149,10 @@ class DatabaseBlobAuditingPolicy(ProxyResource): 'audit_actions_and_groups': {'key': 'properties.auditActionsAndGroups', 'type': '[str]'}, 'storage_account_subscription_id': {'key': 'properties.storageAccountSubscriptionId', 'type': 'str'}, 'is_storage_secondary_key_in_use': {'key': 'properties.isStorageSecondaryKeyInUse', 'type': 'bool'}, + 'is_azure_monitor_target_enabled': {'key': 'properties.isAzureMonitorTargetEnabled', 'type': 'bool'}, } - def __init__(self, *, state, storage_endpoint: str=None, storage_account_access_key: str=None, retention_days: int=None, audit_actions_and_groups=None, storage_account_subscription_id: str=None, is_storage_secondary_key_in_use: bool=None, **kwargs) -> None: + def __init__(self, *, state, storage_endpoint: str=None, storage_account_access_key: str=None, retention_days: int=None, audit_actions_and_groups=None, storage_account_subscription_id: str=None, is_storage_secondary_key_in_use: bool=None, is_azure_monitor_target_enabled: bool=None, **kwargs) -> None: super(DatabaseBlobAuditingPolicy, self).__init__(**kwargs) self.kind = None self.state = state @@ -144,3 +162,4 @@ def __init__(self, *, state, storage_endpoint: str=None, storage_account_access_ self.audit_actions_and_groups = audit_actions_and_groups self.storage_account_subscription_id = storage_account_subscription_id self.is_storage_secondary_key_in_use = is_storage_secondary_key_in_use + self.is_azure_monitor_target_enabled = is_azure_monitor_target_enabled diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/extended_database_blob_auditing_policy.py b/azure-mgmt-sql/azure/mgmt/sql/models/extended_database_blob_auditing_policy.py index cdfb75e47f2a..a7b143ea8b15 100644 --- a/azure-mgmt-sql/azure/mgmt/sql/models/extended_database_blob_auditing_policy.py +++ b/azure-mgmt-sql/azure/mgmt/sql/models/extended_database_blob_auditing_policy.py @@ -30,7 +30,7 @@ class ExtendedDatabaseBlobAuditingPolicy(ProxyResource): creating an audit. :type predicate_expression: str :param state: Required. Specifies the state of the policy. If state is - Enabled, storageEndpoint and storageAccountAccessKey are required. + Enabled, storageEndpoint or isAzureMonitorTargetEnabled are required. Possible values include: 'Enabled', 'Disabled' :type state: str or ~azure.mgmt.sql.models.BlobAuditingPolicyState :param storage_endpoint: Specifies the blob storage endpoint (e.g. @@ -38,11 +38,11 @@ class ExtendedDatabaseBlobAuditingPolicy(ProxyResource): storageEndpoint is required. :type storage_endpoint: str :param storage_account_access_key: Specifies the identifier key of the - auditing storage account. If state is Enabled, storageAccountAccessKey is - required. + auditing storage account. If state is Enabled and storageEndpoint is + specified, storageAccountAccessKey is required. :type storage_account_access_key: str :param retention_days: Specifies the number of days to keep in the audit - logs. + logs in the storage account. :type retention_days: int :param audit_actions_and_groups: Specifies the Actions-Groups and Actions to audit. @@ -111,6 +111,23 @@ class ExtendedDatabaseBlobAuditingPolicy(ProxyResource): :param is_storage_secondary_key_in_use: Specifies whether storageAccountAccessKey value is the storage's secondary key. :type is_storage_secondary_key_in_use: bool + :param is_azure_monitor_target_enabled: Specifies whether audit events are + sent to Azure Monitor. + In order to send the events to Azure Monitor, specify 'State' as 'Enabled' + and 'IsAzureMonitorTargetEnabled' as true. + When using REST API to configure auditing, Diagnostic Settings with + 'SQLSecurityAuditEvents' diagnostic logs category on the database should + be also created. + Note that for server level audit you should use the 'master' database as + . + Diagnostic Settings URI format: + PUT + https://management.azure.com/subscriptions//resourceGroups//providers/Microsoft.Sql/servers//databases//providers/microsoft.insights/diagnosticSettings/?api-version=2017-05-01-preview + For more information, see [Diagnostic Settings REST + API](https://go.microsoft.com/fwlink/?linkid=2033207) + or [Diagnostic Settings + PowerShell](https://go.microsoft.com/fwlink/?linkid=2033043) + :type is_azure_monitor_target_enabled: bool """ _validation = { @@ -132,6 +149,7 @@ class ExtendedDatabaseBlobAuditingPolicy(ProxyResource): 'audit_actions_and_groups': {'key': 'properties.auditActionsAndGroups', 'type': '[str]'}, 'storage_account_subscription_id': {'key': 'properties.storageAccountSubscriptionId', 'type': 'str'}, 'is_storage_secondary_key_in_use': {'key': 'properties.isStorageSecondaryKeyInUse', 'type': 'bool'}, + 'is_azure_monitor_target_enabled': {'key': 'properties.isAzureMonitorTargetEnabled', 'type': 'bool'}, } def __init__(self, **kwargs): @@ -144,3 +162,4 @@ def __init__(self, **kwargs): self.audit_actions_and_groups = kwargs.get('audit_actions_and_groups', None) self.storage_account_subscription_id = kwargs.get('storage_account_subscription_id', None) self.is_storage_secondary_key_in_use = kwargs.get('is_storage_secondary_key_in_use', None) + self.is_azure_monitor_target_enabled = kwargs.get('is_azure_monitor_target_enabled', None) diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/extended_database_blob_auditing_policy_py3.py b/azure-mgmt-sql/azure/mgmt/sql/models/extended_database_blob_auditing_policy_py3.py index ee5ce27523e1..5a4c8f173611 100644 --- a/azure-mgmt-sql/azure/mgmt/sql/models/extended_database_blob_auditing_policy_py3.py +++ b/azure-mgmt-sql/azure/mgmt/sql/models/extended_database_blob_auditing_policy_py3.py @@ -30,7 +30,7 @@ class ExtendedDatabaseBlobAuditingPolicy(ProxyResource): creating an audit. :type predicate_expression: str :param state: Required. Specifies the state of the policy. If state is - Enabled, storageEndpoint and storageAccountAccessKey are required. + Enabled, storageEndpoint or isAzureMonitorTargetEnabled are required. Possible values include: 'Enabled', 'Disabled' :type state: str or ~azure.mgmt.sql.models.BlobAuditingPolicyState :param storage_endpoint: Specifies the blob storage endpoint (e.g. @@ -38,11 +38,11 @@ class ExtendedDatabaseBlobAuditingPolicy(ProxyResource): storageEndpoint is required. :type storage_endpoint: str :param storage_account_access_key: Specifies the identifier key of the - auditing storage account. If state is Enabled, storageAccountAccessKey is - required. + auditing storage account. If state is Enabled and storageEndpoint is + specified, storageAccountAccessKey is required. :type storage_account_access_key: str :param retention_days: Specifies the number of days to keep in the audit - logs. + logs in the storage account. :type retention_days: int :param audit_actions_and_groups: Specifies the Actions-Groups and Actions to audit. @@ -111,6 +111,23 @@ class ExtendedDatabaseBlobAuditingPolicy(ProxyResource): :param is_storage_secondary_key_in_use: Specifies whether storageAccountAccessKey value is the storage's secondary key. :type is_storage_secondary_key_in_use: bool + :param is_azure_monitor_target_enabled: Specifies whether audit events are + sent to Azure Monitor. + In order to send the events to Azure Monitor, specify 'State' as 'Enabled' + and 'IsAzureMonitorTargetEnabled' as true. + When using REST API to configure auditing, Diagnostic Settings with + 'SQLSecurityAuditEvents' diagnostic logs category on the database should + be also created. + Note that for server level audit you should use the 'master' database as + . + Diagnostic Settings URI format: + PUT + https://management.azure.com/subscriptions//resourceGroups//providers/Microsoft.Sql/servers//databases//providers/microsoft.insights/diagnosticSettings/?api-version=2017-05-01-preview + For more information, see [Diagnostic Settings REST + API](https://go.microsoft.com/fwlink/?linkid=2033207) + or [Diagnostic Settings + PowerShell](https://go.microsoft.com/fwlink/?linkid=2033043) + :type is_azure_monitor_target_enabled: bool """ _validation = { @@ -132,9 +149,10 @@ class ExtendedDatabaseBlobAuditingPolicy(ProxyResource): 'audit_actions_and_groups': {'key': 'properties.auditActionsAndGroups', 'type': '[str]'}, 'storage_account_subscription_id': {'key': 'properties.storageAccountSubscriptionId', 'type': 'str'}, 'is_storage_secondary_key_in_use': {'key': 'properties.isStorageSecondaryKeyInUse', 'type': 'bool'}, + 'is_azure_monitor_target_enabled': {'key': 'properties.isAzureMonitorTargetEnabled', 'type': 'bool'}, } - def __init__(self, *, state, predicate_expression: str=None, storage_endpoint: str=None, storage_account_access_key: str=None, retention_days: int=None, audit_actions_and_groups=None, storage_account_subscription_id: str=None, is_storage_secondary_key_in_use: bool=None, **kwargs) -> None: + def __init__(self, *, state, predicate_expression: str=None, storage_endpoint: str=None, storage_account_access_key: str=None, retention_days: int=None, audit_actions_and_groups=None, storage_account_subscription_id: str=None, is_storage_secondary_key_in_use: bool=None, is_azure_monitor_target_enabled: bool=None, **kwargs) -> None: super(ExtendedDatabaseBlobAuditingPolicy, self).__init__(**kwargs) self.predicate_expression = predicate_expression self.state = state @@ -144,3 +162,4 @@ def __init__(self, *, state, predicate_expression: str=None, storage_endpoint: s self.audit_actions_and_groups = audit_actions_and_groups self.storage_account_subscription_id = storage_account_subscription_id self.is_storage_secondary_key_in_use = is_storage_secondary_key_in_use + self.is_azure_monitor_target_enabled = is_azure_monitor_target_enabled diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/extended_server_blob_auditing_policy.py b/azure-mgmt-sql/azure/mgmt/sql/models/extended_server_blob_auditing_policy.py index a11e18ac68b1..68813994b0be 100644 --- a/azure-mgmt-sql/azure/mgmt/sql/models/extended_server_blob_auditing_policy.py +++ b/azure-mgmt-sql/azure/mgmt/sql/models/extended_server_blob_auditing_policy.py @@ -30,7 +30,7 @@ class ExtendedServerBlobAuditingPolicy(ProxyResource): creating an audit. :type predicate_expression: str :param state: Required. Specifies the state of the policy. If state is - Enabled, storageEndpoint and storageAccountAccessKey are required. + Enabled, storageEndpoint or isAzureMonitorTargetEnabled are required. Possible values include: 'Enabled', 'Disabled' :type state: str or ~azure.mgmt.sql.models.BlobAuditingPolicyState :param storage_endpoint: Specifies the blob storage endpoint (e.g. @@ -38,11 +38,11 @@ class ExtendedServerBlobAuditingPolicy(ProxyResource): storageEndpoint is required. :type storage_endpoint: str :param storage_account_access_key: Specifies the identifier key of the - auditing storage account. If state is Enabled, storageAccountAccessKey is - required. + auditing storage account. If state is Enabled and storageEndpoint is + specified, storageAccountAccessKey is required. :type storage_account_access_key: str :param retention_days: Specifies the number of days to keep in the audit - logs. + logs in the storage account. :type retention_days: int :param audit_actions_and_groups: Specifies the Actions-Groups and Actions to audit. @@ -111,6 +111,23 @@ class ExtendedServerBlobAuditingPolicy(ProxyResource): :param is_storage_secondary_key_in_use: Specifies whether storageAccountAccessKey value is the storage's secondary key. :type is_storage_secondary_key_in_use: bool + :param is_azure_monitor_target_enabled: Specifies whether audit events are + sent to Azure Monitor. + In order to send the events to Azure Monitor, specify 'State' as 'Enabled' + and 'IsAzureMonitorTargetEnabled' as true. + When using REST API to configure auditing, Diagnostic Settings with + 'SQLSecurityAuditEvents' diagnostic logs category on the database should + be also created. + Note that for server level audit you should use the 'master' database as + . + Diagnostic Settings URI format: + PUT + https://management.azure.com/subscriptions//resourceGroups//providers/Microsoft.Sql/servers//databases//providers/microsoft.insights/diagnosticSettings/?api-version=2017-05-01-preview + For more information, see [Diagnostic Settings REST + API](https://go.microsoft.com/fwlink/?linkid=2033207) + or [Diagnostic Settings + PowerShell](https://go.microsoft.com/fwlink/?linkid=2033043) + :type is_azure_monitor_target_enabled: bool """ _validation = { @@ -132,6 +149,7 @@ class ExtendedServerBlobAuditingPolicy(ProxyResource): 'audit_actions_and_groups': {'key': 'properties.auditActionsAndGroups', 'type': '[str]'}, 'storage_account_subscription_id': {'key': 'properties.storageAccountSubscriptionId', 'type': 'str'}, 'is_storage_secondary_key_in_use': {'key': 'properties.isStorageSecondaryKeyInUse', 'type': 'bool'}, + 'is_azure_monitor_target_enabled': {'key': 'properties.isAzureMonitorTargetEnabled', 'type': 'bool'}, } def __init__(self, **kwargs): @@ -144,3 +162,4 @@ def __init__(self, **kwargs): self.audit_actions_and_groups = kwargs.get('audit_actions_and_groups', None) self.storage_account_subscription_id = kwargs.get('storage_account_subscription_id', None) self.is_storage_secondary_key_in_use = kwargs.get('is_storage_secondary_key_in_use', None) + self.is_azure_monitor_target_enabled = kwargs.get('is_azure_monitor_target_enabled', None) diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/extended_server_blob_auditing_policy_py3.py b/azure-mgmt-sql/azure/mgmt/sql/models/extended_server_blob_auditing_policy_py3.py index ac522801a8dd..1f60403ce96c 100644 --- a/azure-mgmt-sql/azure/mgmt/sql/models/extended_server_blob_auditing_policy_py3.py +++ b/azure-mgmt-sql/azure/mgmt/sql/models/extended_server_blob_auditing_policy_py3.py @@ -30,7 +30,7 @@ class ExtendedServerBlobAuditingPolicy(ProxyResource): creating an audit. :type predicate_expression: str :param state: Required. Specifies the state of the policy. If state is - Enabled, storageEndpoint and storageAccountAccessKey are required. + Enabled, storageEndpoint or isAzureMonitorTargetEnabled are required. Possible values include: 'Enabled', 'Disabled' :type state: str or ~azure.mgmt.sql.models.BlobAuditingPolicyState :param storage_endpoint: Specifies the blob storage endpoint (e.g. @@ -38,11 +38,11 @@ class ExtendedServerBlobAuditingPolicy(ProxyResource): storageEndpoint is required. :type storage_endpoint: str :param storage_account_access_key: Specifies the identifier key of the - auditing storage account. If state is Enabled, storageAccountAccessKey is - required. + auditing storage account. If state is Enabled and storageEndpoint is + specified, storageAccountAccessKey is required. :type storage_account_access_key: str :param retention_days: Specifies the number of days to keep in the audit - logs. + logs in the storage account. :type retention_days: int :param audit_actions_and_groups: Specifies the Actions-Groups and Actions to audit. @@ -111,6 +111,23 @@ class ExtendedServerBlobAuditingPolicy(ProxyResource): :param is_storage_secondary_key_in_use: Specifies whether storageAccountAccessKey value is the storage's secondary key. :type is_storage_secondary_key_in_use: bool + :param is_azure_monitor_target_enabled: Specifies whether audit events are + sent to Azure Monitor. + In order to send the events to Azure Monitor, specify 'State' as 'Enabled' + and 'IsAzureMonitorTargetEnabled' as true. + When using REST API to configure auditing, Diagnostic Settings with + 'SQLSecurityAuditEvents' diagnostic logs category on the database should + be also created. + Note that for server level audit you should use the 'master' database as + . + Diagnostic Settings URI format: + PUT + https://management.azure.com/subscriptions//resourceGroups//providers/Microsoft.Sql/servers//databases//providers/microsoft.insights/diagnosticSettings/?api-version=2017-05-01-preview + For more information, see [Diagnostic Settings REST + API](https://go.microsoft.com/fwlink/?linkid=2033207) + or [Diagnostic Settings + PowerShell](https://go.microsoft.com/fwlink/?linkid=2033043) + :type is_azure_monitor_target_enabled: bool """ _validation = { @@ -132,9 +149,10 @@ class ExtendedServerBlobAuditingPolicy(ProxyResource): 'audit_actions_and_groups': {'key': 'properties.auditActionsAndGroups', 'type': '[str]'}, 'storage_account_subscription_id': {'key': 'properties.storageAccountSubscriptionId', 'type': 'str'}, 'is_storage_secondary_key_in_use': {'key': 'properties.isStorageSecondaryKeyInUse', 'type': 'bool'}, + 'is_azure_monitor_target_enabled': {'key': 'properties.isAzureMonitorTargetEnabled', 'type': 'bool'}, } - def __init__(self, *, state, predicate_expression: str=None, storage_endpoint: str=None, storage_account_access_key: str=None, retention_days: int=None, audit_actions_and_groups=None, storage_account_subscription_id: str=None, is_storage_secondary_key_in_use: bool=None, **kwargs) -> None: + def __init__(self, *, state, predicate_expression: str=None, storage_endpoint: str=None, storage_account_access_key: str=None, retention_days: int=None, audit_actions_and_groups=None, storage_account_subscription_id: str=None, is_storage_secondary_key_in_use: bool=None, is_azure_monitor_target_enabled: bool=None, **kwargs) -> None: super(ExtendedServerBlobAuditingPolicy, self).__init__(**kwargs) self.predicate_expression = predicate_expression self.state = state @@ -144,3 +162,4 @@ def __init__(self, *, state, predicate_expression: str=None, storage_endpoint: s self.audit_actions_and_groups = audit_actions_and_groups self.storage_account_subscription_id = storage_account_subscription_id self.is_storage_secondary_key_in_use = is_storage_secondary_key_in_use + self.is_azure_monitor_target_enabled = is_azure_monitor_target_enabled diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/server_blob_auditing_policy.py b/azure-mgmt-sql/azure/mgmt/sql/models/server_blob_auditing_policy.py index 0232582a4237..e100e6d3b95c 100644 --- a/azure-mgmt-sql/azure/mgmt/sql/models/server_blob_auditing_policy.py +++ b/azure-mgmt-sql/azure/mgmt/sql/models/server_blob_auditing_policy.py @@ -27,7 +27,7 @@ class ServerBlobAuditingPolicy(ProxyResource): :ivar type: Resource type. :vartype type: str :param state: Required. Specifies the state of the policy. If state is - Enabled, storageEndpoint and storageAccountAccessKey are required. + Enabled, storageEndpoint or isAzureMonitorTargetEnabled are required. Possible values include: 'Enabled', 'Disabled' :type state: str or ~azure.mgmt.sql.models.BlobAuditingPolicyState :param storage_endpoint: Specifies the blob storage endpoint (e.g. @@ -35,11 +35,11 @@ class ServerBlobAuditingPolicy(ProxyResource): storageEndpoint is required. :type storage_endpoint: str :param storage_account_access_key: Specifies the identifier key of the - auditing storage account. If state is Enabled, storageAccountAccessKey is - required. + auditing storage account. If state is Enabled and storageEndpoint is + specified, storageAccountAccessKey is required. :type storage_account_access_key: str :param retention_days: Specifies the number of days to keep in the audit - logs. + logs in the storage account. :type retention_days: int :param audit_actions_and_groups: Specifies the Actions-Groups and Actions to audit. @@ -108,6 +108,23 @@ class ServerBlobAuditingPolicy(ProxyResource): :param is_storage_secondary_key_in_use: Specifies whether storageAccountAccessKey value is the storage's secondary key. :type is_storage_secondary_key_in_use: bool + :param is_azure_monitor_target_enabled: Specifies whether audit events are + sent to Azure Monitor. + In order to send the events to Azure Monitor, specify 'State' as 'Enabled' + and 'IsAzureMonitorTargetEnabled' as true. + When using REST API to configure auditing, Diagnostic Settings with + 'SQLSecurityAuditEvents' diagnostic logs category on the database should + be also created. + Note that for server level audit you should use the 'master' database as + . + Diagnostic Settings URI format: + PUT + https://management.azure.com/subscriptions//resourceGroups//providers/Microsoft.Sql/servers//databases//providers/microsoft.insights/diagnosticSettings/?api-version=2017-05-01-preview + For more information, see [Diagnostic Settings REST + API](https://go.microsoft.com/fwlink/?linkid=2033207) + or [Diagnostic Settings + PowerShell](https://go.microsoft.com/fwlink/?linkid=2033043) + :type is_azure_monitor_target_enabled: bool """ _validation = { @@ -128,6 +145,7 @@ class ServerBlobAuditingPolicy(ProxyResource): 'audit_actions_and_groups': {'key': 'properties.auditActionsAndGroups', 'type': '[str]'}, 'storage_account_subscription_id': {'key': 'properties.storageAccountSubscriptionId', 'type': 'str'}, 'is_storage_secondary_key_in_use': {'key': 'properties.isStorageSecondaryKeyInUse', 'type': 'bool'}, + 'is_azure_monitor_target_enabled': {'key': 'properties.isAzureMonitorTargetEnabled', 'type': 'bool'}, } def __init__(self, **kwargs): @@ -139,3 +157,4 @@ def __init__(self, **kwargs): self.audit_actions_and_groups = kwargs.get('audit_actions_and_groups', None) self.storage_account_subscription_id = kwargs.get('storage_account_subscription_id', None) self.is_storage_secondary_key_in_use = kwargs.get('is_storage_secondary_key_in_use', None) + self.is_azure_monitor_target_enabled = kwargs.get('is_azure_monitor_target_enabled', None) diff --git a/azure-mgmt-sql/azure/mgmt/sql/models/server_blob_auditing_policy_py3.py b/azure-mgmt-sql/azure/mgmt/sql/models/server_blob_auditing_policy_py3.py index 51dcc8c41d4c..183f99e50113 100644 --- a/azure-mgmt-sql/azure/mgmt/sql/models/server_blob_auditing_policy_py3.py +++ b/azure-mgmt-sql/azure/mgmt/sql/models/server_blob_auditing_policy_py3.py @@ -27,7 +27,7 @@ class ServerBlobAuditingPolicy(ProxyResource): :ivar type: Resource type. :vartype type: str :param state: Required. Specifies the state of the policy. If state is - Enabled, storageEndpoint and storageAccountAccessKey are required. + Enabled, storageEndpoint or isAzureMonitorTargetEnabled are required. Possible values include: 'Enabled', 'Disabled' :type state: str or ~azure.mgmt.sql.models.BlobAuditingPolicyState :param storage_endpoint: Specifies the blob storage endpoint (e.g. @@ -35,11 +35,11 @@ class ServerBlobAuditingPolicy(ProxyResource): storageEndpoint is required. :type storage_endpoint: str :param storage_account_access_key: Specifies the identifier key of the - auditing storage account. If state is Enabled, storageAccountAccessKey is - required. + auditing storage account. If state is Enabled and storageEndpoint is + specified, storageAccountAccessKey is required. :type storage_account_access_key: str :param retention_days: Specifies the number of days to keep in the audit - logs. + logs in the storage account. :type retention_days: int :param audit_actions_and_groups: Specifies the Actions-Groups and Actions to audit. @@ -108,6 +108,23 @@ class ServerBlobAuditingPolicy(ProxyResource): :param is_storage_secondary_key_in_use: Specifies whether storageAccountAccessKey value is the storage's secondary key. :type is_storage_secondary_key_in_use: bool + :param is_azure_monitor_target_enabled: Specifies whether audit events are + sent to Azure Monitor. + In order to send the events to Azure Monitor, specify 'State' as 'Enabled' + and 'IsAzureMonitorTargetEnabled' as true. + When using REST API to configure auditing, Diagnostic Settings with + 'SQLSecurityAuditEvents' diagnostic logs category on the database should + be also created. + Note that for server level audit you should use the 'master' database as + . + Diagnostic Settings URI format: + PUT + https://management.azure.com/subscriptions//resourceGroups//providers/Microsoft.Sql/servers//databases//providers/microsoft.insights/diagnosticSettings/?api-version=2017-05-01-preview + For more information, see [Diagnostic Settings REST + API](https://go.microsoft.com/fwlink/?linkid=2033207) + or [Diagnostic Settings + PowerShell](https://go.microsoft.com/fwlink/?linkid=2033043) + :type is_azure_monitor_target_enabled: bool """ _validation = { @@ -128,9 +145,10 @@ class ServerBlobAuditingPolicy(ProxyResource): 'audit_actions_and_groups': {'key': 'properties.auditActionsAndGroups', 'type': '[str]'}, 'storage_account_subscription_id': {'key': 'properties.storageAccountSubscriptionId', 'type': 'str'}, 'is_storage_secondary_key_in_use': {'key': 'properties.isStorageSecondaryKeyInUse', 'type': 'bool'}, + 'is_azure_monitor_target_enabled': {'key': 'properties.isAzureMonitorTargetEnabled', 'type': 'bool'}, } - def __init__(self, *, state, storage_endpoint: str=None, storage_account_access_key: str=None, retention_days: int=None, audit_actions_and_groups=None, storage_account_subscription_id: str=None, is_storage_secondary_key_in_use: bool=None, **kwargs) -> None: + def __init__(self, *, state, storage_endpoint: str=None, storage_account_access_key: str=None, retention_days: int=None, audit_actions_and_groups=None, storage_account_subscription_id: str=None, is_storage_secondary_key_in_use: bool=None, is_azure_monitor_target_enabled: bool=None, **kwargs) -> None: super(ServerBlobAuditingPolicy, self).__init__(**kwargs) self.state = state self.storage_endpoint = storage_endpoint @@ -139,3 +157,4 @@ def __init__(self, *, state, storage_endpoint: str=None, storage_account_access_ self.audit_actions_and_groups = audit_actions_and_groups self.storage_account_subscription_id = storage_account_subscription_id self.is_storage_secondary_key_in_use = is_storage_secondary_key_in_use + self.is_azure_monitor_target_enabled = is_azure_monitor_target_enabled