diff --git a/services/securityinsight/mgmt/2020-01-01/securityinsight/CHANGELOG.md b/services/securityinsight/mgmt/2020-01-01/securityinsight/CHANGELOG.md new file mode 100644 index 000000000000..23b82d065568 --- /dev/null +++ b/services/securityinsight/mgmt/2020-01-01/securityinsight/CHANGELOG.md @@ -0,0 +1,2 @@ +# Unreleased Content + diff --git a/services/securityinsight/mgmt/2020-01-01/securityinsight/_meta.json b/services/securityinsight/mgmt/2020-01-01/securityinsight/_meta.json new file mode 100644 index 000000000000..0395a93a03c3 --- /dev/null +++ b/services/securityinsight/mgmt/2020-01-01/securityinsight/_meta.json @@ -0,0 +1,11 @@ +{ + "commit": "66d52ece127b50b17f21ceba984b975f2f095fb0", + "readme": "/_/azure-rest-api-specs/specification/securityinsights/resource-manager/readme.md", + "tag": "package-2020-01", + "use": "@microsoft.azure/autorest.go@2.1.180", + "repository_url": "https://github.com/Azure/azure-rest-api-specs.git", + "autorest_command": "autorest --use=@microsoft.azure/autorest.go@2.1.180 --tag=package-2020-01 --go-sdk-folder=/_/azure-sdk-for-go --go --verbose --use-onever --version=V2 --go.license-header=MICROSOFT_MIT_NO_VERSION /_/azure-rest-api-specs/specification/securityinsights/resource-manager/readme.md", + "additional_properties": { + "additional_options": "--go --verbose --use-onever --version=V2 --go.license-header=MICROSOFT_MIT_NO_VERSION" + } +} \ No newline at end of file diff --git a/services/securityinsight/mgmt/2020-01-01/securityinsight/actions.go b/services/securityinsight/mgmt/2020-01-01/securityinsight/actions.go new file mode 100644 index 000000000000..819058758cb8 --- /dev/null +++ b/services/securityinsight/mgmt/2020-01-01/securityinsight/actions.go @@ -0,0 +1,453 @@ +package securityinsight + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See License.txt in the project root for license information. +// +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +import ( + "context" + "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/azure" + "github.com/Azure/go-autorest/autorest/validation" + "github.com/Azure/go-autorest/tracing" + "net/http" +) + +// ActionsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider +type ActionsClient struct { + BaseClient +} + +// NewActionsClient creates an instance of the ActionsClient client. +func NewActionsClient(subscriptionID string) ActionsClient { + return NewActionsClientWithBaseURI(DefaultBaseURI, subscriptionID) +} + +// NewActionsClientWithBaseURI creates an instance of the ActionsClient client using a custom endpoint. Use this when +// interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack). +func NewActionsClientWithBaseURI(baseURI string, subscriptionID string) ActionsClient { + return ActionsClient{NewWithBaseURI(baseURI, subscriptionID)} +} + +// CreateOrUpdate creates or updates the action of alert rule. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// workspaceName - the name of the workspace. +// ruleID - alert rule ID +// actionID - action ID +// action - the action +func (client ActionsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string, actionID string, action ActionRequest) (result ActionResponse, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/ActionsClient.CreateOrUpdate") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}, + {TargetValue: action, + Constraints: []validation.Constraint{{Target: "action.ActionRequestProperties", Name: validation.Null, Rule: false, + Chain: []validation.Constraint{{Target: "action.ActionRequestProperties.TriggerURI", Name: validation.Null, Rule: true, Chain: nil}}}}}}); err != nil { + return result, validation.NewError("securityinsight.ActionsClient", "CreateOrUpdate", err.Error()) + } + + req, err := client.CreateOrUpdatePreparer(ctx, resourceGroupName, workspaceName, ruleID, actionID, action) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ActionsClient", "CreateOrUpdate", nil, "Failure preparing request") + return + } + + resp, err := client.CreateOrUpdateSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.ActionsClient", "CreateOrUpdate", resp, "Failure sending request") + return + } + + result, err = client.CreateOrUpdateResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ActionsClient", "CreateOrUpdate", resp, "Failure responding to request") + return + } + + return +} + +// CreateOrUpdatePreparer prepares the CreateOrUpdate request. +func (client ActionsClient) CreateOrUpdatePreparer(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string, actionID string, action ActionRequest) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "actionId": autorest.Encode("path", actionID), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "ruleId": autorest.Encode("path", ruleID), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2020-01-01" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsContentType("application/json; charset=utf-8"), + autorest.AsPut(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}", pathParameters), + autorest.WithJSON(action), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// CreateOrUpdateSender sends the CreateOrUpdate request. The method will close the +// http.Response Body if it receives an error. +func (client ActionsClient) CreateOrUpdateSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// CreateOrUpdateResponder handles the response to the CreateOrUpdate request. The method always +// closes the http.Response Body. +func (client ActionsClient) CreateOrUpdateResponder(resp *http.Response) (result ActionResponse, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK, http.StatusCreated), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// Delete delete the action of alert rule. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// workspaceName - the name of the workspace. +// ruleID - alert rule ID +// actionID - action ID +func (client ActionsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string, actionID string) (result autorest.Response, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/ActionsClient.Delete") + defer func() { + sc := -1 + if result.Response != nil { + sc = result.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.ActionsClient", "Delete", err.Error()) + } + + req, err := client.DeletePreparer(ctx, resourceGroupName, workspaceName, ruleID, actionID) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ActionsClient", "Delete", nil, "Failure preparing request") + return + } + + resp, err := client.DeleteSender(req) + if err != nil { + result.Response = resp + err = autorest.NewErrorWithError(err, "securityinsight.ActionsClient", "Delete", resp, "Failure sending request") + return + } + + result, err = client.DeleteResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ActionsClient", "Delete", resp, "Failure responding to request") + return + } + + return +} + +// DeletePreparer prepares the Delete request. +func (client ActionsClient) DeletePreparer(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string, actionID string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "actionId": autorest.Encode("path", actionID), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "ruleId": autorest.Encode("path", ruleID), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2020-01-01" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsDelete(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// DeleteSender sends the Delete request. The method will close the +// http.Response Body if it receives an error. +func (client ActionsClient) DeleteSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// DeleteResponder handles the response to the Delete request. The method always +// closes the http.Response Body. +func (client ActionsClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK, http.StatusNoContent), + autorest.ByClosing()) + result.Response = resp + return +} + +// Get gets the action of alert rule. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// workspaceName - the name of the workspace. +// ruleID - alert rule ID +// actionID - action ID +func (client ActionsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string, actionID string) (result ActionResponse, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/ActionsClient.Get") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.ActionsClient", "Get", err.Error()) + } + + req, err := client.GetPreparer(ctx, resourceGroupName, workspaceName, ruleID, actionID) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ActionsClient", "Get", nil, "Failure preparing request") + return + } + + resp, err := client.GetSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.ActionsClient", "Get", resp, "Failure sending request") + return + } + + result, err = client.GetResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ActionsClient", "Get", resp, "Failure responding to request") + return + } + + return +} + +// GetPreparer prepares the Get request. +func (client ActionsClient) GetPreparer(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string, actionID string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "actionId": autorest.Encode("path", actionID), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "ruleId": autorest.Encode("path", ruleID), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2020-01-01" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// GetSender sends the Get request. The method will close the +// http.Response Body if it receives an error. +func (client ActionsClient) GetSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// GetResponder handles the response to the Get request. The method always +// closes the http.Response Body. +func (client ActionsClient) GetResponder(resp *http.Response) (result ActionResponse, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// ListByAlertRule gets all actions of alert rule. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// workspaceName - the name of the workspace. +// ruleID - alert rule ID +func (client ActionsClient) ListByAlertRule(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string) (result ActionsListPage, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/ActionsClient.ListByAlertRule") + defer func() { + sc := -1 + if result.al.Response.Response != nil { + sc = result.al.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.ActionsClient", "ListByAlertRule", err.Error()) + } + + result.fn = client.listByAlertRuleNextResults + req, err := client.ListByAlertRulePreparer(ctx, resourceGroupName, workspaceName, ruleID) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ActionsClient", "ListByAlertRule", nil, "Failure preparing request") + return + } + + resp, err := client.ListByAlertRuleSender(req) + if err != nil { + result.al.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.ActionsClient", "ListByAlertRule", resp, "Failure sending request") + return + } + + result.al, err = client.ListByAlertRuleResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ActionsClient", "ListByAlertRule", resp, "Failure responding to request") + return + } + if result.al.hasNextLink() && result.al.IsEmpty() { + err = result.NextWithContext(ctx) + return + } + + return +} + +// ListByAlertRulePreparer prepares the ListByAlertRule request. +func (client ActionsClient) ListByAlertRulePreparer(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "ruleId": autorest.Encode("path", ruleID), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2020-01-01" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// ListByAlertRuleSender sends the ListByAlertRule request. The method will close the +// http.Response Body if it receives an error. +func (client ActionsClient) ListByAlertRuleSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// ListByAlertRuleResponder handles the response to the ListByAlertRule request. The method always +// closes the http.Response Body. +func (client ActionsClient) ListByAlertRuleResponder(resp *http.Response) (result ActionsList, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// listByAlertRuleNextResults retrieves the next set of results, if any. +func (client ActionsClient) listByAlertRuleNextResults(ctx context.Context, lastResults ActionsList) (result ActionsList, err error) { + req, err := lastResults.actionsListPreparer(ctx) + if err != nil { + return result, autorest.NewErrorWithError(err, "securityinsight.ActionsClient", "listByAlertRuleNextResults", nil, "Failure preparing next results request") + } + if req == nil { + return + } + resp, err := client.ListByAlertRuleSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + return result, autorest.NewErrorWithError(err, "securityinsight.ActionsClient", "listByAlertRuleNextResults", resp, "Failure sending next results request") + } + result, err = client.ListByAlertRuleResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.ActionsClient", "listByAlertRuleNextResults", resp, "Failure responding to next results request") + } + return +} + +// ListByAlertRuleComplete enumerates all values, automatically crossing page boundaries as required. +func (client ActionsClient) ListByAlertRuleComplete(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string) (result ActionsListIterator, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/ActionsClient.ListByAlertRule") + defer func() { + sc := -1 + if result.Response().Response.Response != nil { + sc = result.page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + result.page, err = client.ListByAlertRule(ctx, resourceGroupName, workspaceName, ruleID) + return +} diff --git a/services/securityinsight/mgmt/2020-01-01/securityinsight/alertrules.go b/services/securityinsight/mgmt/2020-01-01/securityinsight/alertrules.go new file mode 100644 index 000000000000..91440da6668f --- /dev/null +++ b/services/securityinsight/mgmt/2020-01-01/securityinsight/alertrules.go @@ -0,0 +1,442 @@ +package securityinsight + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See License.txt in the project root for license information. +// +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +import ( + "context" + "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/azure" + "github.com/Azure/go-autorest/autorest/validation" + "github.com/Azure/go-autorest/tracing" + "net/http" +) + +// AlertRulesClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider +type AlertRulesClient struct { + BaseClient +} + +// NewAlertRulesClient creates an instance of the AlertRulesClient client. +func NewAlertRulesClient(subscriptionID string) AlertRulesClient { + return NewAlertRulesClientWithBaseURI(DefaultBaseURI, subscriptionID) +} + +// NewAlertRulesClientWithBaseURI creates an instance of the AlertRulesClient client using a custom endpoint. Use this +// when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack). +func NewAlertRulesClientWithBaseURI(baseURI string, subscriptionID string) AlertRulesClient { + return AlertRulesClient{NewWithBaseURI(baseURI, subscriptionID)} +} + +// CreateOrUpdate creates or updates the alert rule. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// workspaceName - the name of the workspace. +// ruleID - alert rule ID +// alertRule - the alert rule +func (client AlertRulesClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string, alertRule BasicAlertRule) (result AlertRuleModel, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/AlertRulesClient.CreateOrUpdate") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.AlertRulesClient", "CreateOrUpdate", err.Error()) + } + + req, err := client.CreateOrUpdatePreparer(ctx, resourceGroupName, workspaceName, ruleID, alertRule) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.AlertRulesClient", "CreateOrUpdate", nil, "Failure preparing request") + return + } + + resp, err := client.CreateOrUpdateSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.AlertRulesClient", "CreateOrUpdate", resp, "Failure sending request") + return + } + + result, err = client.CreateOrUpdateResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.AlertRulesClient", "CreateOrUpdate", resp, "Failure responding to request") + return + } + + return +} + +// CreateOrUpdatePreparer prepares the CreateOrUpdate request. +func (client AlertRulesClient) CreateOrUpdatePreparer(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string, alertRule BasicAlertRule) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "ruleId": autorest.Encode("path", ruleID), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2020-01-01" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsContentType("application/json; charset=utf-8"), + autorest.AsPut(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}", pathParameters), + autorest.WithJSON(alertRule), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// CreateOrUpdateSender sends the CreateOrUpdate request. The method will close the +// http.Response Body if it receives an error. +func (client AlertRulesClient) CreateOrUpdateSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// CreateOrUpdateResponder handles the response to the CreateOrUpdate request. The method always +// closes the http.Response Body. +func (client AlertRulesClient) CreateOrUpdateResponder(resp *http.Response) (result AlertRuleModel, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK, http.StatusCreated), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// Delete delete the alert rule. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// workspaceName - the name of the workspace. +// ruleID - alert rule ID +func (client AlertRulesClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string) (result autorest.Response, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/AlertRulesClient.Delete") + defer func() { + sc := -1 + if result.Response != nil { + sc = result.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.AlertRulesClient", "Delete", err.Error()) + } + + req, err := client.DeletePreparer(ctx, resourceGroupName, workspaceName, ruleID) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.AlertRulesClient", "Delete", nil, "Failure preparing request") + return + } + + resp, err := client.DeleteSender(req) + if err != nil { + result.Response = resp + err = autorest.NewErrorWithError(err, "securityinsight.AlertRulesClient", "Delete", resp, "Failure sending request") + return + } + + result, err = client.DeleteResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.AlertRulesClient", "Delete", resp, "Failure responding to request") + return + } + + return +} + +// DeletePreparer prepares the Delete request. +func (client AlertRulesClient) DeletePreparer(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "ruleId": autorest.Encode("path", ruleID), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2020-01-01" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsDelete(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// DeleteSender sends the Delete request. The method will close the +// http.Response Body if it receives an error. +func (client AlertRulesClient) DeleteSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// DeleteResponder handles the response to the Delete request. The method always +// closes the http.Response Body. +func (client AlertRulesClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK, http.StatusNoContent), + autorest.ByClosing()) + result.Response = resp + return +} + +// Get gets the alert rule. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// workspaceName - the name of the workspace. +// ruleID - alert rule ID +func (client AlertRulesClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string) (result AlertRuleModel, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/AlertRulesClient.Get") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.AlertRulesClient", "Get", err.Error()) + } + + req, err := client.GetPreparer(ctx, resourceGroupName, workspaceName, ruleID) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.AlertRulesClient", "Get", nil, "Failure preparing request") + return + } + + resp, err := client.GetSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.AlertRulesClient", "Get", resp, "Failure sending request") + return + } + + result, err = client.GetResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.AlertRulesClient", "Get", resp, "Failure responding to request") + return + } + + return +} + +// GetPreparer prepares the Get request. +func (client AlertRulesClient) GetPreparer(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "ruleId": autorest.Encode("path", ruleID), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2020-01-01" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// GetSender sends the Get request. The method will close the +// http.Response Body if it receives an error. +func (client AlertRulesClient) GetSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// GetResponder handles the response to the Get request. The method always +// closes the http.Response Body. +func (client AlertRulesClient) GetResponder(resp *http.Response) (result AlertRuleModel, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// List gets all alert rules. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// workspaceName - the name of the workspace. +func (client AlertRulesClient) List(ctx context.Context, resourceGroupName string, workspaceName string) (result AlertRulesListPage, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/AlertRulesClient.List") + defer func() { + sc := -1 + if result.arl.Response.Response != nil { + sc = result.arl.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.AlertRulesClient", "List", err.Error()) + } + + result.fn = client.listNextResults + req, err := client.ListPreparer(ctx, resourceGroupName, workspaceName) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.AlertRulesClient", "List", nil, "Failure preparing request") + return + } + + resp, err := client.ListSender(req) + if err != nil { + result.arl.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.AlertRulesClient", "List", resp, "Failure sending request") + return + } + + result.arl, err = client.ListResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.AlertRulesClient", "List", resp, "Failure responding to request") + return + } + if result.arl.hasNextLink() && result.arl.IsEmpty() { + err = result.NextWithContext(ctx) + return + } + + return +} + +// ListPreparer prepares the List request. +func (client AlertRulesClient) ListPreparer(ctx context.Context, resourceGroupName string, workspaceName string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2020-01-01" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// ListSender sends the List request. The method will close the +// http.Response Body if it receives an error. +func (client AlertRulesClient) ListSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// ListResponder handles the response to the List request. The method always +// closes the http.Response Body. +func (client AlertRulesClient) ListResponder(resp *http.Response) (result AlertRulesList, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// listNextResults retrieves the next set of results, if any. +func (client AlertRulesClient) listNextResults(ctx context.Context, lastResults AlertRulesList) (result AlertRulesList, err error) { + req, err := lastResults.alertRulesListPreparer(ctx) + if err != nil { + return result, autorest.NewErrorWithError(err, "securityinsight.AlertRulesClient", "listNextResults", nil, "Failure preparing next results request") + } + if req == nil { + return + } + resp, err := client.ListSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + return result, autorest.NewErrorWithError(err, "securityinsight.AlertRulesClient", "listNextResults", resp, "Failure sending next results request") + } + result, err = client.ListResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.AlertRulesClient", "listNextResults", resp, "Failure responding to next results request") + } + return +} + +// ListComplete enumerates all values, automatically crossing page boundaries as required. +func (client AlertRulesClient) ListComplete(ctx context.Context, resourceGroupName string, workspaceName string) (result AlertRulesListIterator, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/AlertRulesClient.List") + defer func() { + sc := -1 + if result.Response().Response.Response != nil { + sc = result.page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + result.page, err = client.List(ctx, resourceGroupName, workspaceName) + return +} diff --git a/services/securityinsight/mgmt/2020-01-01/securityinsight/alertruletemplates.go b/services/securityinsight/mgmt/2020-01-01/securityinsight/alertruletemplates.go new file mode 100644 index 000000000000..4c7197f654c0 --- /dev/null +++ b/services/securityinsight/mgmt/2020-01-01/securityinsight/alertruletemplates.go @@ -0,0 +1,257 @@ +package securityinsight + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See License.txt in the project root for license information. +// +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +import ( + "context" + "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/azure" + "github.com/Azure/go-autorest/autorest/validation" + "github.com/Azure/go-autorest/tracing" + "net/http" +) + +// AlertRuleTemplatesClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider +type AlertRuleTemplatesClient struct { + BaseClient +} + +// NewAlertRuleTemplatesClient creates an instance of the AlertRuleTemplatesClient client. +func NewAlertRuleTemplatesClient(subscriptionID string) AlertRuleTemplatesClient { + return NewAlertRuleTemplatesClientWithBaseURI(DefaultBaseURI, subscriptionID) +} + +// NewAlertRuleTemplatesClientWithBaseURI creates an instance of the AlertRuleTemplatesClient client using a custom +// endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure +// stack). +func NewAlertRuleTemplatesClientWithBaseURI(baseURI string, subscriptionID string) AlertRuleTemplatesClient { + return AlertRuleTemplatesClient{NewWithBaseURI(baseURI, subscriptionID)} +} + +// Get gets the alert rule template. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// workspaceName - the name of the workspace. +// alertRuleTemplateID - alert rule template ID +func (client AlertRuleTemplatesClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, alertRuleTemplateID string) (result AlertRuleTemplateModel, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/AlertRuleTemplatesClient.Get") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.AlertRuleTemplatesClient", "Get", err.Error()) + } + + req, err := client.GetPreparer(ctx, resourceGroupName, workspaceName, alertRuleTemplateID) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.AlertRuleTemplatesClient", "Get", nil, "Failure preparing request") + return + } + + resp, err := client.GetSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.AlertRuleTemplatesClient", "Get", resp, "Failure sending request") + return + } + + result, err = client.GetResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.AlertRuleTemplatesClient", "Get", resp, "Failure responding to request") + return + } + + return +} + +// GetPreparer prepares the Get request. +func (client AlertRuleTemplatesClient) GetPreparer(ctx context.Context, resourceGroupName string, workspaceName string, alertRuleTemplateID string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "alertRuleTemplateId": autorest.Encode("path", alertRuleTemplateID), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2020-01-01" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates/{alertRuleTemplateId}", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// GetSender sends the Get request. The method will close the +// http.Response Body if it receives an error. +func (client AlertRuleTemplatesClient) GetSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// GetResponder handles the response to the Get request. The method always +// closes the http.Response Body. +func (client AlertRuleTemplatesClient) GetResponder(resp *http.Response) (result AlertRuleTemplateModel, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// List gets all alert rule templates. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// workspaceName - the name of the workspace. +func (client AlertRuleTemplatesClient) List(ctx context.Context, resourceGroupName string, workspaceName string) (result AlertRuleTemplatesListPage, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/AlertRuleTemplatesClient.List") + defer func() { + sc := -1 + if result.artl.Response.Response != nil { + sc = result.artl.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.AlertRuleTemplatesClient", "List", err.Error()) + } + + result.fn = client.listNextResults + req, err := client.ListPreparer(ctx, resourceGroupName, workspaceName) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.AlertRuleTemplatesClient", "List", nil, "Failure preparing request") + return + } + + resp, err := client.ListSender(req) + if err != nil { + result.artl.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.AlertRuleTemplatesClient", "List", resp, "Failure sending request") + return + } + + result.artl, err = client.ListResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.AlertRuleTemplatesClient", "List", resp, "Failure responding to request") + return + } + if result.artl.hasNextLink() && result.artl.IsEmpty() { + err = result.NextWithContext(ctx) + return + } + + return +} + +// ListPreparer prepares the List request. +func (client AlertRuleTemplatesClient) ListPreparer(ctx context.Context, resourceGroupName string, workspaceName string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2020-01-01" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// ListSender sends the List request. The method will close the +// http.Response Body if it receives an error. +func (client AlertRuleTemplatesClient) ListSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// ListResponder handles the response to the List request. The method always +// closes the http.Response Body. +func (client AlertRuleTemplatesClient) ListResponder(resp *http.Response) (result AlertRuleTemplatesList, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// listNextResults retrieves the next set of results, if any. +func (client AlertRuleTemplatesClient) listNextResults(ctx context.Context, lastResults AlertRuleTemplatesList) (result AlertRuleTemplatesList, err error) { + req, err := lastResults.alertRuleTemplatesListPreparer(ctx) + if err != nil { + return result, autorest.NewErrorWithError(err, "securityinsight.AlertRuleTemplatesClient", "listNextResults", nil, "Failure preparing next results request") + } + if req == nil { + return + } + resp, err := client.ListSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + return result, autorest.NewErrorWithError(err, "securityinsight.AlertRuleTemplatesClient", "listNextResults", resp, "Failure sending next results request") + } + result, err = client.ListResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.AlertRuleTemplatesClient", "listNextResults", resp, "Failure responding to next results request") + } + return +} + +// ListComplete enumerates all values, automatically crossing page boundaries as required. +func (client AlertRuleTemplatesClient) ListComplete(ctx context.Context, resourceGroupName string, workspaceName string) (result AlertRuleTemplatesListIterator, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/AlertRuleTemplatesClient.List") + defer func() { + sc := -1 + if result.Response().Response.Response != nil { + sc = result.page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + result.page, err = client.List(ctx, resourceGroupName, workspaceName) + return +} diff --git a/services/securityinsight/mgmt/2020-01-01/securityinsight/bookmarks.go b/services/securityinsight/mgmt/2020-01-01/securityinsight/bookmarks.go new file mode 100644 index 000000000000..489fcd4946eb --- /dev/null +++ b/services/securityinsight/mgmt/2020-01-01/securityinsight/bookmarks.go @@ -0,0 +1,451 @@ +package securityinsight + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See License.txt in the project root for license information. +// +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +import ( + "context" + "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/azure" + "github.com/Azure/go-autorest/autorest/validation" + "github.com/Azure/go-autorest/tracing" + "net/http" +) + +// BookmarksClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider +type BookmarksClient struct { + BaseClient +} + +// NewBookmarksClient creates an instance of the BookmarksClient client. +func NewBookmarksClient(subscriptionID string) BookmarksClient { + return NewBookmarksClientWithBaseURI(DefaultBaseURI, subscriptionID) +} + +// NewBookmarksClientWithBaseURI creates an instance of the BookmarksClient client using a custom endpoint. Use this +// when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack). +func NewBookmarksClientWithBaseURI(baseURI string, subscriptionID string) BookmarksClient { + return BookmarksClient{NewWithBaseURI(baseURI, subscriptionID)} +} + +// CreateOrUpdate creates or updates the bookmark. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// workspaceName - the name of the workspace. +// bookmarkID - bookmark ID +// bookmark - the bookmark +func (client BookmarksClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string, bookmark Bookmark) (result Bookmark, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/BookmarksClient.CreateOrUpdate") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}, + {TargetValue: bookmark, + Constraints: []validation.Constraint{{Target: "bookmark.BookmarkProperties", Name: validation.Null, Rule: false, + Chain: []validation.Constraint{{Target: "bookmark.BookmarkProperties.CreatedBy", Name: validation.Null, Rule: false, + Chain: []validation.Constraint{{Target: "bookmark.BookmarkProperties.CreatedBy.ObjectID", Name: validation.Null, Rule: true, Chain: nil}}}, + {Target: "bookmark.BookmarkProperties.DisplayName", Name: validation.Null, Rule: true, Chain: nil}, + {Target: "bookmark.BookmarkProperties.Query", Name: validation.Null, Rule: true, Chain: nil}, + {Target: "bookmark.BookmarkProperties.UpdatedBy", Name: validation.Null, Rule: false, + Chain: []validation.Constraint{{Target: "bookmark.BookmarkProperties.UpdatedBy.ObjectID", Name: validation.Null, Rule: true, Chain: nil}}}, + }}}}}); err != nil { + return result, validation.NewError("securityinsight.BookmarksClient", "CreateOrUpdate", err.Error()) + } + + req, err := client.CreateOrUpdatePreparer(ctx, resourceGroupName, workspaceName, bookmarkID, bookmark) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.BookmarksClient", "CreateOrUpdate", nil, "Failure preparing request") + return + } + + resp, err := client.CreateOrUpdateSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.BookmarksClient", "CreateOrUpdate", resp, "Failure sending request") + return + } + + result, err = client.CreateOrUpdateResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.BookmarksClient", "CreateOrUpdate", resp, "Failure responding to request") + return + } + + return +} + +// CreateOrUpdatePreparer prepares the CreateOrUpdate request. +func (client BookmarksClient) CreateOrUpdatePreparer(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string, bookmark Bookmark) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "bookmarkId": autorest.Encode("path", bookmarkID), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2020-01-01" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsContentType("application/json; charset=utf-8"), + autorest.AsPut(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}", pathParameters), + autorest.WithJSON(bookmark), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// CreateOrUpdateSender sends the CreateOrUpdate request. The method will close the +// http.Response Body if it receives an error. +func (client BookmarksClient) CreateOrUpdateSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// CreateOrUpdateResponder handles the response to the CreateOrUpdate request. The method always +// closes the http.Response Body. +func (client BookmarksClient) CreateOrUpdateResponder(resp *http.Response) (result Bookmark, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK, http.StatusCreated), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// Delete delete the bookmark. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// workspaceName - the name of the workspace. +// bookmarkID - bookmark ID +func (client BookmarksClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string) (result autorest.Response, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/BookmarksClient.Delete") + defer func() { + sc := -1 + if result.Response != nil { + sc = result.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.BookmarksClient", "Delete", err.Error()) + } + + req, err := client.DeletePreparer(ctx, resourceGroupName, workspaceName, bookmarkID) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.BookmarksClient", "Delete", nil, "Failure preparing request") + return + } + + resp, err := client.DeleteSender(req) + if err != nil { + result.Response = resp + err = autorest.NewErrorWithError(err, "securityinsight.BookmarksClient", "Delete", resp, "Failure sending request") + return + } + + result, err = client.DeleteResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.BookmarksClient", "Delete", resp, "Failure responding to request") + return + } + + return +} + +// DeletePreparer prepares the Delete request. +func (client BookmarksClient) DeletePreparer(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "bookmarkId": autorest.Encode("path", bookmarkID), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2020-01-01" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsDelete(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// DeleteSender sends the Delete request. The method will close the +// http.Response Body if it receives an error. +func (client BookmarksClient) DeleteSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// DeleteResponder handles the response to the Delete request. The method always +// closes the http.Response Body. +func (client BookmarksClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK, http.StatusNoContent), + autorest.ByClosing()) + result.Response = resp + return +} + +// Get gets a bookmark. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// workspaceName - the name of the workspace. +// bookmarkID - bookmark ID +func (client BookmarksClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string) (result Bookmark, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/BookmarksClient.Get") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.BookmarksClient", "Get", err.Error()) + } + + req, err := client.GetPreparer(ctx, resourceGroupName, workspaceName, bookmarkID) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.BookmarksClient", "Get", nil, "Failure preparing request") + return + } + + resp, err := client.GetSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.BookmarksClient", "Get", resp, "Failure sending request") + return + } + + result, err = client.GetResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.BookmarksClient", "Get", resp, "Failure responding to request") + return + } + + return +} + +// GetPreparer prepares the Get request. +func (client BookmarksClient) GetPreparer(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "bookmarkId": autorest.Encode("path", bookmarkID), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2020-01-01" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// GetSender sends the Get request. The method will close the +// http.Response Body if it receives an error. +func (client BookmarksClient) GetSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// GetResponder handles the response to the Get request. The method always +// closes the http.Response Body. +func (client BookmarksClient) GetResponder(resp *http.Response) (result Bookmark, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// List gets all bookmarks. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// workspaceName - the name of the workspace. +func (client BookmarksClient) List(ctx context.Context, resourceGroupName string, workspaceName string) (result BookmarkListPage, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/BookmarksClient.List") + defer func() { + sc := -1 + if result.bl.Response.Response != nil { + sc = result.bl.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.BookmarksClient", "List", err.Error()) + } + + result.fn = client.listNextResults + req, err := client.ListPreparer(ctx, resourceGroupName, workspaceName) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.BookmarksClient", "List", nil, "Failure preparing request") + return + } + + resp, err := client.ListSender(req) + if err != nil { + result.bl.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.BookmarksClient", "List", resp, "Failure sending request") + return + } + + result.bl, err = client.ListResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.BookmarksClient", "List", resp, "Failure responding to request") + return + } + if result.bl.hasNextLink() && result.bl.IsEmpty() { + err = result.NextWithContext(ctx) + return + } + + return +} + +// ListPreparer prepares the List request. +func (client BookmarksClient) ListPreparer(ctx context.Context, resourceGroupName string, workspaceName string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2020-01-01" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// ListSender sends the List request. The method will close the +// http.Response Body if it receives an error. +func (client BookmarksClient) ListSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// ListResponder handles the response to the List request. The method always +// closes the http.Response Body. +func (client BookmarksClient) ListResponder(resp *http.Response) (result BookmarkList, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// listNextResults retrieves the next set of results, if any. +func (client BookmarksClient) listNextResults(ctx context.Context, lastResults BookmarkList) (result BookmarkList, err error) { + req, err := lastResults.bookmarkListPreparer(ctx) + if err != nil { + return result, autorest.NewErrorWithError(err, "securityinsight.BookmarksClient", "listNextResults", nil, "Failure preparing next results request") + } + if req == nil { + return + } + resp, err := client.ListSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + return result, autorest.NewErrorWithError(err, "securityinsight.BookmarksClient", "listNextResults", resp, "Failure sending next results request") + } + result, err = client.ListResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.BookmarksClient", "listNextResults", resp, "Failure responding to next results request") + } + return +} + +// ListComplete enumerates all values, automatically crossing page boundaries as required. +func (client BookmarksClient) ListComplete(ctx context.Context, resourceGroupName string, workspaceName string) (result BookmarkListIterator, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/BookmarksClient.List") + defer func() { + sc := -1 + if result.Response().Response.Response != nil { + sc = result.page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + result.page, err = client.List(ctx, resourceGroupName, workspaceName) + return +} diff --git a/services/securityinsight/mgmt/2020-01-01/securityinsight/client.go b/services/securityinsight/mgmt/2020-01-01/securityinsight/client.go new file mode 100644 index 000000000000..8abc0940df00 --- /dev/null +++ b/services/securityinsight/mgmt/2020-01-01/securityinsight/client.go @@ -0,0 +1,41 @@ +// Package securityinsight implements the Azure ARM Securityinsight service API version 2020-01-01. +// +// API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider +package securityinsight + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See License.txt in the project root for license information. +// +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +import ( + "github.com/Azure/go-autorest/autorest" +) + +const ( + // DefaultBaseURI is the default URI used for the service Securityinsight + DefaultBaseURI = "https://management.azure.com" +) + +// BaseClient is the base client for Securityinsight. +type BaseClient struct { + autorest.Client + BaseURI string + SubscriptionID string +} + +// New creates an instance of the BaseClient client. +func New(subscriptionID string) BaseClient { + return NewWithBaseURI(DefaultBaseURI, subscriptionID) +} + +// NewWithBaseURI creates an instance of the BaseClient client using a custom endpoint. Use this when interacting with +// an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack). +func NewWithBaseURI(baseURI string, subscriptionID string) BaseClient { + return BaseClient{ + Client: autorest.NewClientWithUserAgent(UserAgent()), + BaseURI: baseURI, + SubscriptionID: subscriptionID, + } +} diff --git a/services/securityinsight/mgmt/2020-01-01/securityinsight/dataconnectors.go b/services/securityinsight/mgmt/2020-01-01/securityinsight/dataconnectors.go new file mode 100644 index 000000000000..2ee07fbf35ff --- /dev/null +++ b/services/securityinsight/mgmt/2020-01-01/securityinsight/dataconnectors.go @@ -0,0 +1,442 @@ +package securityinsight + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See License.txt in the project root for license information. +// +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +import ( + "context" + "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/azure" + "github.com/Azure/go-autorest/autorest/validation" + "github.com/Azure/go-autorest/tracing" + "net/http" +) + +// DataConnectorsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider +type DataConnectorsClient struct { + BaseClient +} + +// NewDataConnectorsClient creates an instance of the DataConnectorsClient client. +func NewDataConnectorsClient(subscriptionID string) DataConnectorsClient { + return NewDataConnectorsClientWithBaseURI(DefaultBaseURI, subscriptionID) +} + +// NewDataConnectorsClientWithBaseURI creates an instance of the DataConnectorsClient client using a custom endpoint. +// Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack). +func NewDataConnectorsClientWithBaseURI(baseURI string, subscriptionID string) DataConnectorsClient { + return DataConnectorsClient{NewWithBaseURI(baseURI, subscriptionID)} +} + +// CreateOrUpdate creates or updates the data connector. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// workspaceName - the name of the workspace. +// dataConnectorID - connector ID +// dataConnector - the data connector +func (client DataConnectorsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorID string, dataConnector BasicDataConnector) (result DataConnectorModel, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/DataConnectorsClient.CreateOrUpdate") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.DataConnectorsClient", "CreateOrUpdate", err.Error()) + } + + req, err := client.CreateOrUpdatePreparer(ctx, resourceGroupName, workspaceName, dataConnectorID, dataConnector) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.DataConnectorsClient", "CreateOrUpdate", nil, "Failure preparing request") + return + } + + resp, err := client.CreateOrUpdateSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.DataConnectorsClient", "CreateOrUpdate", resp, "Failure sending request") + return + } + + result, err = client.CreateOrUpdateResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.DataConnectorsClient", "CreateOrUpdate", resp, "Failure responding to request") + return + } + + return +} + +// CreateOrUpdatePreparer prepares the CreateOrUpdate request. +func (client DataConnectorsClient) CreateOrUpdatePreparer(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorID string, dataConnector BasicDataConnector) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "dataConnectorId": autorest.Encode("path", dataConnectorID), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2020-01-01" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsContentType("application/json; charset=utf-8"), + autorest.AsPut(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}", pathParameters), + autorest.WithJSON(dataConnector), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// CreateOrUpdateSender sends the CreateOrUpdate request. The method will close the +// http.Response Body if it receives an error. +func (client DataConnectorsClient) CreateOrUpdateSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// CreateOrUpdateResponder handles the response to the CreateOrUpdate request. The method always +// closes the http.Response Body. +func (client DataConnectorsClient) CreateOrUpdateResponder(resp *http.Response) (result DataConnectorModel, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK, http.StatusCreated), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// Delete delete the data connector. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// workspaceName - the name of the workspace. +// dataConnectorID - connector ID +func (client DataConnectorsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorID string) (result autorest.Response, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/DataConnectorsClient.Delete") + defer func() { + sc := -1 + if result.Response != nil { + sc = result.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.DataConnectorsClient", "Delete", err.Error()) + } + + req, err := client.DeletePreparer(ctx, resourceGroupName, workspaceName, dataConnectorID) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.DataConnectorsClient", "Delete", nil, "Failure preparing request") + return + } + + resp, err := client.DeleteSender(req) + if err != nil { + result.Response = resp + err = autorest.NewErrorWithError(err, "securityinsight.DataConnectorsClient", "Delete", resp, "Failure sending request") + return + } + + result, err = client.DeleteResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.DataConnectorsClient", "Delete", resp, "Failure responding to request") + return + } + + return +} + +// DeletePreparer prepares the Delete request. +func (client DataConnectorsClient) DeletePreparer(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorID string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "dataConnectorId": autorest.Encode("path", dataConnectorID), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2020-01-01" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsDelete(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// DeleteSender sends the Delete request. The method will close the +// http.Response Body if it receives an error. +func (client DataConnectorsClient) DeleteSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// DeleteResponder handles the response to the Delete request. The method always +// closes the http.Response Body. +func (client DataConnectorsClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK, http.StatusNoContent), + autorest.ByClosing()) + result.Response = resp + return +} + +// Get gets a data connector. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// workspaceName - the name of the workspace. +// dataConnectorID - connector ID +func (client DataConnectorsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorID string) (result DataConnectorModel, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/DataConnectorsClient.Get") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.DataConnectorsClient", "Get", err.Error()) + } + + req, err := client.GetPreparer(ctx, resourceGroupName, workspaceName, dataConnectorID) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.DataConnectorsClient", "Get", nil, "Failure preparing request") + return + } + + resp, err := client.GetSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.DataConnectorsClient", "Get", resp, "Failure sending request") + return + } + + result, err = client.GetResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.DataConnectorsClient", "Get", resp, "Failure responding to request") + return + } + + return +} + +// GetPreparer prepares the Get request. +func (client DataConnectorsClient) GetPreparer(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorID string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "dataConnectorId": autorest.Encode("path", dataConnectorID), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2020-01-01" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// GetSender sends the Get request. The method will close the +// http.Response Body if it receives an error. +func (client DataConnectorsClient) GetSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// GetResponder handles the response to the Get request. The method always +// closes the http.Response Body. +func (client DataConnectorsClient) GetResponder(resp *http.Response) (result DataConnectorModel, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// List gets all data connectors. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// workspaceName - the name of the workspace. +func (client DataConnectorsClient) List(ctx context.Context, resourceGroupName string, workspaceName string) (result DataConnectorListPage, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/DataConnectorsClient.List") + defer func() { + sc := -1 + if result.dcl.Response.Response != nil { + sc = result.dcl.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.DataConnectorsClient", "List", err.Error()) + } + + result.fn = client.listNextResults + req, err := client.ListPreparer(ctx, resourceGroupName, workspaceName) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.DataConnectorsClient", "List", nil, "Failure preparing request") + return + } + + resp, err := client.ListSender(req) + if err != nil { + result.dcl.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.DataConnectorsClient", "List", resp, "Failure sending request") + return + } + + result.dcl, err = client.ListResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.DataConnectorsClient", "List", resp, "Failure responding to request") + return + } + if result.dcl.hasNextLink() && result.dcl.IsEmpty() { + err = result.NextWithContext(ctx) + return + } + + return +} + +// ListPreparer prepares the List request. +func (client DataConnectorsClient) ListPreparer(ctx context.Context, resourceGroupName string, workspaceName string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2020-01-01" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// ListSender sends the List request. The method will close the +// http.Response Body if it receives an error. +func (client DataConnectorsClient) ListSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// ListResponder handles the response to the List request. The method always +// closes the http.Response Body. +func (client DataConnectorsClient) ListResponder(resp *http.Response) (result DataConnectorList, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// listNextResults retrieves the next set of results, if any. +func (client DataConnectorsClient) listNextResults(ctx context.Context, lastResults DataConnectorList) (result DataConnectorList, err error) { + req, err := lastResults.dataConnectorListPreparer(ctx) + if err != nil { + return result, autorest.NewErrorWithError(err, "securityinsight.DataConnectorsClient", "listNextResults", nil, "Failure preparing next results request") + } + if req == nil { + return + } + resp, err := client.ListSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + return result, autorest.NewErrorWithError(err, "securityinsight.DataConnectorsClient", "listNextResults", resp, "Failure sending next results request") + } + result, err = client.ListResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.DataConnectorsClient", "listNextResults", resp, "Failure responding to next results request") + } + return +} + +// ListComplete enumerates all values, automatically crossing page boundaries as required. +func (client DataConnectorsClient) ListComplete(ctx context.Context, resourceGroupName string, workspaceName string) (result DataConnectorListIterator, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/DataConnectorsClient.List") + defer func() { + sc := -1 + if result.Response().Response.Response != nil { + sc = result.page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + result.page, err = client.List(ctx, resourceGroupName, workspaceName) + return +} diff --git a/services/securityinsight/mgmt/2020-01-01/securityinsight/enums.go b/services/securityinsight/mgmt/2020-01-01/securityinsight/enums.go new file mode 100644 index 000000000000..7cff6198a975 --- /dev/null +++ b/services/securityinsight/mgmt/2020-01-01/securityinsight/enums.go @@ -0,0 +1,416 @@ +package securityinsight + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See License.txt in the project root for license information. +// +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +// AlertRuleKind enumerates the values for alert rule kind. +type AlertRuleKind string + +const ( + // Fusion ... + Fusion AlertRuleKind = "Fusion" + // MicrosoftSecurityIncidentCreation ... + MicrosoftSecurityIncidentCreation AlertRuleKind = "MicrosoftSecurityIncidentCreation" + // Scheduled ... + Scheduled AlertRuleKind = "Scheduled" +) + +// PossibleAlertRuleKindValues returns an array of possible values for the AlertRuleKind const type. +func PossibleAlertRuleKindValues() []AlertRuleKind { + return []AlertRuleKind{Fusion, MicrosoftSecurityIncidentCreation, Scheduled} +} + +// AlertSeverity enumerates the values for alert severity. +type AlertSeverity string + +const ( + // High High severity + High AlertSeverity = "High" + // Informational Informational severity + Informational AlertSeverity = "Informational" + // Low Low severity + Low AlertSeverity = "Low" + // Medium Medium severity + Medium AlertSeverity = "Medium" +) + +// PossibleAlertSeverityValues returns an array of possible values for the AlertSeverity const type. +func PossibleAlertSeverityValues() []AlertSeverity { + return []AlertSeverity{High, Informational, Low, Medium} +} + +// AttackTactic enumerates the values for attack tactic. +type AttackTactic string + +const ( + // Collection ... + Collection AttackTactic = "Collection" + // CommandAndControl ... + CommandAndControl AttackTactic = "CommandAndControl" + // CredentialAccess ... + CredentialAccess AttackTactic = "CredentialAccess" + // DefenseEvasion ... + DefenseEvasion AttackTactic = "DefenseEvasion" + // Discovery ... + Discovery AttackTactic = "Discovery" + // Execution ... + Execution AttackTactic = "Execution" + // Exfiltration ... + Exfiltration AttackTactic = "Exfiltration" + // Impact ... + Impact AttackTactic = "Impact" + // InitialAccess ... + InitialAccess AttackTactic = "InitialAccess" + // LateralMovement ... + LateralMovement AttackTactic = "LateralMovement" + // Persistence ... + Persistence AttackTactic = "Persistence" + // PrivilegeEscalation ... + PrivilegeEscalation AttackTactic = "PrivilegeEscalation" +) + +// PossibleAttackTacticValues returns an array of possible values for the AttackTactic const type. +func PossibleAttackTacticValues() []AttackTactic { + return []AttackTactic{Collection, CommandAndControl, CredentialAccess, DefenseEvasion, Discovery, Execution, Exfiltration, Impact, InitialAccess, LateralMovement, Persistence, PrivilegeEscalation} +} + +// CaseSeverity enumerates the values for case severity. +type CaseSeverity string + +const ( + // CaseSeverityCritical Critical severity + CaseSeverityCritical CaseSeverity = "Critical" + // CaseSeverityHigh High severity + CaseSeverityHigh CaseSeverity = "High" + // CaseSeverityInformational Informational severity + CaseSeverityInformational CaseSeverity = "Informational" + // CaseSeverityLow Low severity + CaseSeverityLow CaseSeverity = "Low" + // CaseSeverityMedium Medium severity + CaseSeverityMedium CaseSeverity = "Medium" +) + +// PossibleCaseSeverityValues returns an array of possible values for the CaseSeverity const type. +func PossibleCaseSeverityValues() []CaseSeverity { + return []CaseSeverity{CaseSeverityCritical, CaseSeverityHigh, CaseSeverityInformational, CaseSeverityLow, CaseSeverityMedium} +} + +// DataConnectorKind enumerates the values for data connector kind. +type DataConnectorKind string + +const ( + // DataConnectorKindAmazonWebServicesCloudTrail ... + DataConnectorKindAmazonWebServicesCloudTrail DataConnectorKind = "AmazonWebServicesCloudTrail" + // DataConnectorKindAzureActiveDirectory ... + DataConnectorKindAzureActiveDirectory DataConnectorKind = "AzureActiveDirectory" + // DataConnectorKindAzureAdvancedThreatProtection ... + DataConnectorKindAzureAdvancedThreatProtection DataConnectorKind = "AzureAdvancedThreatProtection" + // DataConnectorKindAzureSecurityCenter ... + DataConnectorKindAzureSecurityCenter DataConnectorKind = "AzureSecurityCenter" + // DataConnectorKindMicrosoftCloudAppSecurity ... + DataConnectorKindMicrosoftCloudAppSecurity DataConnectorKind = "MicrosoftCloudAppSecurity" + // DataConnectorKindMicrosoftDefenderAdvancedThreatProtection ... + DataConnectorKindMicrosoftDefenderAdvancedThreatProtection DataConnectorKind = "MicrosoftDefenderAdvancedThreatProtection" + // DataConnectorKindOffice365 ... + DataConnectorKindOffice365 DataConnectorKind = "Office365" + // DataConnectorKindThreatIntelligence ... + DataConnectorKindThreatIntelligence DataConnectorKind = "ThreatIntelligence" +) + +// PossibleDataConnectorKindValues returns an array of possible values for the DataConnectorKind const type. +func PossibleDataConnectorKindValues() []DataConnectorKind { + return []DataConnectorKind{DataConnectorKindAmazonWebServicesCloudTrail, DataConnectorKindAzureActiveDirectory, DataConnectorKindAzureAdvancedThreatProtection, DataConnectorKindAzureSecurityCenter, DataConnectorKindMicrosoftCloudAppSecurity, DataConnectorKindMicrosoftDefenderAdvancedThreatProtection, DataConnectorKindOffice365, DataConnectorKindThreatIntelligence} +} + +// DataTypeState enumerates the values for data type state. +type DataTypeState string + +const ( + // Disabled ... + Disabled DataTypeState = "Disabled" + // Enabled ... + Enabled DataTypeState = "Enabled" +) + +// PossibleDataTypeStateValues returns an array of possible values for the DataTypeState const type. +func PossibleDataTypeStateValues() []DataTypeState { + return []DataTypeState{Disabled, Enabled} +} + +// IncidentClassification enumerates the values for incident classification. +type IncidentClassification string + +const ( + // BenignPositive Incident was benign positive + BenignPositive IncidentClassification = "BenignPositive" + // FalsePositive Incident was false positive + FalsePositive IncidentClassification = "FalsePositive" + // TruePositive Incident was true positive + TruePositive IncidentClassification = "TruePositive" + // Undetermined Incident classification was undetermined + Undetermined IncidentClassification = "Undetermined" +) + +// PossibleIncidentClassificationValues returns an array of possible values for the IncidentClassification const type. +func PossibleIncidentClassificationValues() []IncidentClassification { + return []IncidentClassification{BenignPositive, FalsePositive, TruePositive, Undetermined} +} + +// IncidentClassificationReason enumerates the values for incident classification reason. +type IncidentClassificationReason string + +const ( + // InaccurateData Classification reason was inaccurate data + InaccurateData IncidentClassificationReason = "InaccurateData" + // IncorrectAlertLogic Classification reason was incorrect alert logic + IncorrectAlertLogic IncidentClassificationReason = "IncorrectAlertLogic" + // SuspiciousActivity Classification reason was suspicious activity + SuspiciousActivity IncidentClassificationReason = "SuspiciousActivity" + // SuspiciousButExpected Classification reason was suspicious but expected + SuspiciousButExpected IncidentClassificationReason = "SuspiciousButExpected" +) + +// PossibleIncidentClassificationReasonValues returns an array of possible values for the IncidentClassificationReason const type. +func PossibleIncidentClassificationReasonValues() []IncidentClassificationReason { + return []IncidentClassificationReason{InaccurateData, IncorrectAlertLogic, SuspiciousActivity, SuspiciousButExpected} +} + +// IncidentLabelType enumerates the values for incident label type. +type IncidentLabelType string + +const ( + // System Label automatically created by the system + System IncidentLabelType = "System" + // User Label manually created by a user + User IncidentLabelType = "User" +) + +// PossibleIncidentLabelTypeValues returns an array of possible values for the IncidentLabelType const type. +func PossibleIncidentLabelTypeValues() []IncidentLabelType { + return []IncidentLabelType{System, User} +} + +// IncidentSeverity enumerates the values for incident severity. +type IncidentSeverity string + +const ( + // IncidentSeverityHigh High severity + IncidentSeverityHigh IncidentSeverity = "High" + // IncidentSeverityInformational Informational severity + IncidentSeverityInformational IncidentSeverity = "Informational" + // IncidentSeverityLow Low severity + IncidentSeverityLow IncidentSeverity = "Low" + // IncidentSeverityMedium Medium severity + IncidentSeverityMedium IncidentSeverity = "Medium" +) + +// PossibleIncidentSeverityValues returns an array of possible values for the IncidentSeverity const type. +func PossibleIncidentSeverityValues() []IncidentSeverity { + return []IncidentSeverity{IncidentSeverityHigh, IncidentSeverityInformational, IncidentSeverityLow, IncidentSeverityMedium} +} + +// IncidentStatus enumerates the values for incident status. +type IncidentStatus string + +const ( + // IncidentStatusActive An active incident which is being handled + IncidentStatusActive IncidentStatus = "Active" + // IncidentStatusClosed A non-active incident + IncidentStatusClosed IncidentStatus = "Closed" + // IncidentStatusNew An active incident which isn't being handled currently + IncidentStatusNew IncidentStatus = "New" +) + +// PossibleIncidentStatusValues returns an array of possible values for the IncidentStatus const type. +func PossibleIncidentStatusValues() []IncidentStatus { + return []IncidentStatus{IncidentStatusActive, IncidentStatusClosed, IncidentStatusNew} +} + +// Kind enumerates the values for kind. +type Kind string + +const ( + // KindAlertRule ... + KindAlertRule Kind = "AlertRule" + // KindFusion ... + KindFusion Kind = "Fusion" + // KindMicrosoftSecurityIncidentCreation ... + KindMicrosoftSecurityIncidentCreation Kind = "MicrosoftSecurityIncidentCreation" + // KindScheduled ... + KindScheduled Kind = "Scheduled" +) + +// PossibleKindValues returns an array of possible values for the Kind const type. +func PossibleKindValues() []Kind { + return []Kind{KindAlertRule, KindFusion, KindMicrosoftSecurityIncidentCreation, KindScheduled} +} + +// KindBasicAlertRuleTemplate enumerates the values for kind basic alert rule template. +type KindBasicAlertRuleTemplate string + +const ( + // KindBasicAlertRuleTemplateKindAlertRuleTemplate ... + KindBasicAlertRuleTemplateKindAlertRuleTemplate KindBasicAlertRuleTemplate = "AlertRuleTemplate" + // KindBasicAlertRuleTemplateKindFusion ... + KindBasicAlertRuleTemplateKindFusion KindBasicAlertRuleTemplate = "Fusion" + // KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation ... + KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation KindBasicAlertRuleTemplate = "MicrosoftSecurityIncidentCreation" + // KindBasicAlertRuleTemplateKindScheduled ... + KindBasicAlertRuleTemplateKindScheduled KindBasicAlertRuleTemplate = "Scheduled" +) + +// PossibleKindBasicAlertRuleTemplateValues returns an array of possible values for the KindBasicAlertRuleTemplate const type. +func PossibleKindBasicAlertRuleTemplateValues() []KindBasicAlertRuleTemplate { + return []KindBasicAlertRuleTemplate{KindBasicAlertRuleTemplateKindAlertRuleTemplate, KindBasicAlertRuleTemplateKindFusion, KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation, KindBasicAlertRuleTemplateKindScheduled} +} + +// KindBasicDataConnector enumerates the values for kind basic data connector. +type KindBasicDataConnector string + +const ( + // KindAmazonWebServicesCloudTrail ... + KindAmazonWebServicesCloudTrail KindBasicDataConnector = "AmazonWebServicesCloudTrail" + // KindAzureActiveDirectory ... + KindAzureActiveDirectory KindBasicDataConnector = "AzureActiveDirectory" + // KindAzureAdvancedThreatProtection ... + KindAzureAdvancedThreatProtection KindBasicDataConnector = "AzureAdvancedThreatProtection" + // KindAzureSecurityCenter ... + KindAzureSecurityCenter KindBasicDataConnector = "AzureSecurityCenter" + // KindDataConnector ... + KindDataConnector KindBasicDataConnector = "DataConnector" + // KindMicrosoftCloudAppSecurity ... + KindMicrosoftCloudAppSecurity KindBasicDataConnector = "MicrosoftCloudAppSecurity" + // KindMicrosoftDefenderAdvancedThreatProtection ... + KindMicrosoftDefenderAdvancedThreatProtection KindBasicDataConnector = "MicrosoftDefenderAdvancedThreatProtection" + // KindOffice365 ... + KindOffice365 KindBasicDataConnector = "Office365" + // KindThreatIntelligence ... + KindThreatIntelligence KindBasicDataConnector = "ThreatIntelligence" +) + +// PossibleKindBasicDataConnectorValues returns an array of possible values for the KindBasicDataConnector const type. +func PossibleKindBasicDataConnectorValues() []KindBasicDataConnector { + return []KindBasicDataConnector{KindAmazonWebServicesCloudTrail, KindAzureActiveDirectory, KindAzureAdvancedThreatProtection, KindAzureSecurityCenter, KindDataConnector, KindMicrosoftCloudAppSecurity, KindMicrosoftDefenderAdvancedThreatProtection, KindOffice365, KindThreatIntelligence} +} + +// KindBasicSettings enumerates the values for kind basic settings. +type KindBasicSettings string + +const ( + // KindSettings ... + KindSettings KindBasicSettings = "Settings" + // KindToggleSettings ... + KindToggleSettings KindBasicSettings = "ToggleSettings" + // KindUebaSettings ... + KindUebaSettings KindBasicSettings = "UebaSettings" +) + +// PossibleKindBasicSettingsValues returns an array of possible values for the KindBasicSettings const type. +func PossibleKindBasicSettingsValues() []KindBasicSettings { + return []KindBasicSettings{KindSettings, KindToggleSettings, KindUebaSettings} +} + +// LicenseStatus enumerates the values for license status. +type LicenseStatus string + +const ( + // LicenseStatusDisabled ... + LicenseStatusDisabled LicenseStatus = "Disabled" + // LicenseStatusEnabled ... + LicenseStatusEnabled LicenseStatus = "Enabled" +) + +// PossibleLicenseStatusValues returns an array of possible values for the LicenseStatus const type. +func PossibleLicenseStatusValues() []LicenseStatus { + return []LicenseStatus{LicenseStatusDisabled, LicenseStatusEnabled} +} + +// MicrosoftSecurityProductName enumerates the values for microsoft security product name. +type MicrosoftSecurityProductName string + +const ( + // AzureActiveDirectoryIdentityProtection ... + AzureActiveDirectoryIdentityProtection MicrosoftSecurityProductName = "Azure Active Directory Identity Protection" + // AzureAdvancedThreatProtection ... + AzureAdvancedThreatProtection MicrosoftSecurityProductName = "Azure Advanced Threat Protection" + // AzureSecurityCenter ... + AzureSecurityCenter MicrosoftSecurityProductName = "Azure Security Center" + // AzureSecurityCenterforIoT ... + AzureSecurityCenterforIoT MicrosoftSecurityProductName = "Azure Security Center for IoT" + // MicrosoftCloudAppSecurity ... + MicrosoftCloudAppSecurity MicrosoftSecurityProductName = "Microsoft Cloud App Security" +) + +// PossibleMicrosoftSecurityProductNameValues returns an array of possible values for the MicrosoftSecurityProductName const type. +func PossibleMicrosoftSecurityProductNameValues() []MicrosoftSecurityProductName { + return []MicrosoftSecurityProductName{AzureActiveDirectoryIdentityProtection, AzureAdvancedThreatProtection, AzureSecurityCenter, AzureSecurityCenterforIoT, MicrosoftCloudAppSecurity} +} + +// SettingKind enumerates the values for setting kind. +type SettingKind string + +const ( + // SettingKindToggleSettings ... + SettingKindToggleSettings SettingKind = "ToggleSettings" + // SettingKindUebaSettings ... + SettingKindUebaSettings SettingKind = "UebaSettings" +) + +// PossibleSettingKindValues returns an array of possible values for the SettingKind const type. +func PossibleSettingKindValues() []SettingKind { + return []SettingKind{SettingKindToggleSettings, SettingKindUebaSettings} +} + +// StatusInMcas enumerates the values for status in mcas. +type StatusInMcas string + +const ( + // StatusInMcasDisabled ... + StatusInMcasDisabled StatusInMcas = "Disabled" + // StatusInMcasEnabled ... + StatusInMcasEnabled StatusInMcas = "Enabled" +) + +// PossibleStatusInMcasValues returns an array of possible values for the StatusInMcas const type. +func PossibleStatusInMcasValues() []StatusInMcas { + return []StatusInMcas{StatusInMcasDisabled, StatusInMcasEnabled} +} + +// TemplateStatus enumerates the values for template status. +type TemplateStatus string + +const ( + // Available Alert rule template is available. + Available TemplateStatus = "Available" + // Installed Alert rule template installed. and can not use more then once + Installed TemplateStatus = "Installed" + // NotAvailable Alert rule template is not available + NotAvailable TemplateStatus = "NotAvailable" +) + +// PossibleTemplateStatusValues returns an array of possible values for the TemplateStatus const type. +func PossibleTemplateStatusValues() []TemplateStatus { + return []TemplateStatus{Available, Installed, NotAvailable} +} + +// TriggerOperator enumerates the values for trigger operator. +type TriggerOperator string + +const ( + // Equal ... + Equal TriggerOperator = "Equal" + // GreaterThan ... + GreaterThan TriggerOperator = "GreaterThan" + // LessThan ... + LessThan TriggerOperator = "LessThan" + // NotEqual ... + NotEqual TriggerOperator = "NotEqual" +) + +// PossibleTriggerOperatorValues returns an array of possible values for the TriggerOperator const type. +func PossibleTriggerOperatorValues() []TriggerOperator { + return []TriggerOperator{Equal, GreaterThan, LessThan, NotEqual} +} diff --git a/services/securityinsight/mgmt/2020-01-01/securityinsight/incidentcomments.go b/services/securityinsight/mgmt/2020-01-01/securityinsight/incidentcomments.go new file mode 100644 index 000000000000..61918707ec45 --- /dev/null +++ b/services/securityinsight/mgmt/2020-01-01/securityinsight/incidentcomments.go @@ -0,0 +1,379 @@ +package securityinsight + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See License.txt in the project root for license information. +// +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +import ( + "context" + "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/azure" + "github.com/Azure/go-autorest/autorest/validation" + "github.com/Azure/go-autorest/tracing" + "net/http" +) + +// IncidentCommentsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider +type IncidentCommentsClient struct { + BaseClient +} + +// NewIncidentCommentsClient creates an instance of the IncidentCommentsClient client. +func NewIncidentCommentsClient(subscriptionID string) IncidentCommentsClient { + return NewIncidentCommentsClientWithBaseURI(DefaultBaseURI, subscriptionID) +} + +// NewIncidentCommentsClientWithBaseURI creates an instance of the IncidentCommentsClient client using a custom +// endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure +// stack). +func NewIncidentCommentsClientWithBaseURI(baseURI string, subscriptionID string) IncidentCommentsClient { + return IncidentCommentsClient{NewWithBaseURI(baseURI, subscriptionID)} +} + +// CreateComment creates the incident comment. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// workspaceName - the name of the workspace. +// incidentID - incident ID +// incidentCommentID - incident comment ID +// incidentComment - the incident comment +func (client IncidentCommentsClient) CreateComment(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, incidentCommentID string, incidentComment IncidentComment) (result IncidentComment, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/IncidentCommentsClient.CreateComment") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}, + {TargetValue: incidentComment, + Constraints: []validation.Constraint{{Target: "incidentComment.IncidentCommentProperties", Name: validation.Null, Rule: false, + Chain: []validation.Constraint{{Target: "incidentComment.IncidentCommentProperties.Message", Name: validation.Null, Rule: true, Chain: nil}}}}}}); err != nil { + return result, validation.NewError("securityinsight.IncidentCommentsClient", "CreateComment", err.Error()) + } + + req, err := client.CreateCommentPreparer(ctx, resourceGroupName, workspaceName, incidentID, incidentCommentID, incidentComment) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.IncidentCommentsClient", "CreateComment", nil, "Failure preparing request") + return + } + + resp, err := client.CreateCommentSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.IncidentCommentsClient", "CreateComment", resp, "Failure sending request") + return + } + + result, err = client.CreateCommentResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.IncidentCommentsClient", "CreateComment", resp, "Failure responding to request") + return + } + + return +} + +// CreateCommentPreparer prepares the CreateComment request. +func (client IncidentCommentsClient) CreateCommentPreparer(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, incidentCommentID string, incidentComment IncidentComment) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "incidentCommentId": autorest.Encode("path", incidentCommentID), + "incidentId": autorest.Encode("path", incidentID), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2020-01-01" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsContentType("application/json; charset=utf-8"), + autorest.AsPut(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}", pathParameters), + autorest.WithJSON(incidentComment), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// CreateCommentSender sends the CreateComment request. The method will close the +// http.Response Body if it receives an error. +func (client IncidentCommentsClient) CreateCommentSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// CreateCommentResponder handles the response to the CreateComment request. The method always +// closes the http.Response Body. +func (client IncidentCommentsClient) CreateCommentResponder(resp *http.Response) (result IncidentComment, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK, http.StatusCreated), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// Get gets an incident comment. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// workspaceName - the name of the workspace. +// incidentID - incident ID +// incidentCommentID - incident comment ID +func (client IncidentCommentsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, incidentCommentID string) (result IncidentComment, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/IncidentCommentsClient.Get") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.IncidentCommentsClient", "Get", err.Error()) + } + + req, err := client.GetPreparer(ctx, resourceGroupName, workspaceName, incidentID, incidentCommentID) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.IncidentCommentsClient", "Get", nil, "Failure preparing request") + return + } + + resp, err := client.GetSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.IncidentCommentsClient", "Get", resp, "Failure sending request") + return + } + + result, err = client.GetResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.IncidentCommentsClient", "Get", resp, "Failure responding to request") + return + } + + return +} + +// GetPreparer prepares the Get request. +func (client IncidentCommentsClient) GetPreparer(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, incidentCommentID string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "incidentCommentId": autorest.Encode("path", incidentCommentID), + "incidentId": autorest.Encode("path", incidentID), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2020-01-01" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// GetSender sends the Get request. The method will close the +// http.Response Body if it receives an error. +func (client IncidentCommentsClient) GetSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// GetResponder handles the response to the Get request. The method always +// closes the http.Response Body. +func (client IncidentCommentsClient) GetResponder(resp *http.Response) (result IncidentComment, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// ListByIncident gets all incident comments. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// workspaceName - the name of the workspace. +// incidentID - incident ID +// filter - filters the results, based on a Boolean condition. Optional. +// orderby - sorts the results. Optional. +// top - returns only the first n results. Optional. +// skipToken - skiptoken is only used if a previous operation returned a partial result. If a previous response +// contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that +// specifies a starting point to use for subsequent calls. Optional. +func (client IncidentCommentsClient) ListByIncident(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, filter string, orderby string, top *int32, skipToken string) (result IncidentCommentListPage, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/IncidentCommentsClient.ListByIncident") + defer func() { + sc := -1 + if result.icl.Response.Response != nil { + sc = result.icl.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.IncidentCommentsClient", "ListByIncident", err.Error()) + } + + result.fn = client.listByIncidentNextResults + req, err := client.ListByIncidentPreparer(ctx, resourceGroupName, workspaceName, incidentID, filter, orderby, top, skipToken) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.IncidentCommentsClient", "ListByIncident", nil, "Failure preparing request") + return + } + + resp, err := client.ListByIncidentSender(req) + if err != nil { + result.icl.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.IncidentCommentsClient", "ListByIncident", resp, "Failure sending request") + return + } + + result.icl, err = client.ListByIncidentResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.IncidentCommentsClient", "ListByIncident", resp, "Failure responding to request") + return + } + if result.icl.hasNextLink() && result.icl.IsEmpty() { + err = result.NextWithContext(ctx) + return + } + + return +} + +// ListByIncidentPreparer prepares the ListByIncident request. +func (client IncidentCommentsClient) ListByIncidentPreparer(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, filter string, orderby string, top *int32, skipToken string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "incidentId": autorest.Encode("path", incidentID), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2020-01-01" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + if len(filter) > 0 { + queryParameters["$filter"] = autorest.Encode("query", filter) + } + if len(orderby) > 0 { + queryParameters["$orderby"] = autorest.Encode("query", orderby) + } + if top != nil { + queryParameters["$top"] = autorest.Encode("query", *top) + } + if len(skipToken) > 0 { + queryParameters["$skipToken"] = autorest.Encode("query", skipToken) + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// ListByIncidentSender sends the ListByIncident request. The method will close the +// http.Response Body if it receives an error. +func (client IncidentCommentsClient) ListByIncidentSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// ListByIncidentResponder handles the response to the ListByIncident request. The method always +// closes the http.Response Body. +func (client IncidentCommentsClient) ListByIncidentResponder(resp *http.Response) (result IncidentCommentList, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// listByIncidentNextResults retrieves the next set of results, if any. +func (client IncidentCommentsClient) listByIncidentNextResults(ctx context.Context, lastResults IncidentCommentList) (result IncidentCommentList, err error) { + req, err := lastResults.incidentCommentListPreparer(ctx) + if err != nil { + return result, autorest.NewErrorWithError(err, "securityinsight.IncidentCommentsClient", "listByIncidentNextResults", nil, "Failure preparing next results request") + } + if req == nil { + return + } + resp, err := client.ListByIncidentSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + return result, autorest.NewErrorWithError(err, "securityinsight.IncidentCommentsClient", "listByIncidentNextResults", resp, "Failure sending next results request") + } + result, err = client.ListByIncidentResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.IncidentCommentsClient", "listByIncidentNextResults", resp, "Failure responding to next results request") + } + return +} + +// ListByIncidentComplete enumerates all values, automatically crossing page boundaries as required. +func (client IncidentCommentsClient) ListByIncidentComplete(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, filter string, orderby string, top *int32, skipToken string) (result IncidentCommentListIterator, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/IncidentCommentsClient.ListByIncident") + defer func() { + sc := -1 + if result.Response().Response.Response != nil { + sc = result.page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + result.page, err = client.ListByIncident(ctx, resourceGroupName, workspaceName, incidentID, filter, orderby, top, skipToken) + return +} diff --git a/services/securityinsight/mgmt/2020-01-01/securityinsight/incidents.go b/services/securityinsight/mgmt/2020-01-01/securityinsight/incidents.go new file mode 100644 index 000000000000..c6d63f07fae7 --- /dev/null +++ b/services/securityinsight/mgmt/2020-01-01/securityinsight/incidents.go @@ -0,0 +1,463 @@ +package securityinsight + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See License.txt in the project root for license information. +// +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +import ( + "context" + "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/azure" + "github.com/Azure/go-autorest/autorest/validation" + "github.com/Azure/go-autorest/tracing" + "net/http" +) + +// IncidentsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider +type IncidentsClient struct { + BaseClient +} + +// NewIncidentsClient creates an instance of the IncidentsClient client. +func NewIncidentsClient(subscriptionID string) IncidentsClient { + return NewIncidentsClientWithBaseURI(DefaultBaseURI, subscriptionID) +} + +// NewIncidentsClientWithBaseURI creates an instance of the IncidentsClient client using a custom endpoint. Use this +// when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack). +func NewIncidentsClientWithBaseURI(baseURI string, subscriptionID string) IncidentsClient { + return IncidentsClient{NewWithBaseURI(baseURI, subscriptionID)} +} + +// CreateOrUpdate creates or updates the incident. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// workspaceName - the name of the workspace. +// incidentID - incident ID +// incident - the incident +func (client IncidentsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, incident Incident) (result Incident, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/IncidentsClient.CreateOrUpdate") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}, + {TargetValue: incident, + Constraints: []validation.Constraint{{Target: "incident.IncidentProperties", Name: validation.Null, Rule: false, + Chain: []validation.Constraint{{Target: "incident.IncidentProperties.Title", Name: validation.Null, Rule: true, Chain: nil}}}}}}); err != nil { + return result, validation.NewError("securityinsight.IncidentsClient", "CreateOrUpdate", err.Error()) + } + + req, err := client.CreateOrUpdatePreparer(ctx, resourceGroupName, workspaceName, incidentID, incident) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.IncidentsClient", "CreateOrUpdate", nil, "Failure preparing request") + return + } + + resp, err := client.CreateOrUpdateSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.IncidentsClient", "CreateOrUpdate", resp, "Failure sending request") + return + } + + result, err = client.CreateOrUpdateResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.IncidentsClient", "CreateOrUpdate", resp, "Failure responding to request") + return + } + + return +} + +// CreateOrUpdatePreparer prepares the CreateOrUpdate request. +func (client IncidentsClient) CreateOrUpdatePreparer(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, incident Incident) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "incidentId": autorest.Encode("path", incidentID), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2020-01-01" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsContentType("application/json; charset=utf-8"), + autorest.AsPut(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}", pathParameters), + autorest.WithJSON(incident), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// CreateOrUpdateSender sends the CreateOrUpdate request. The method will close the +// http.Response Body if it receives an error. +func (client IncidentsClient) CreateOrUpdateSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// CreateOrUpdateResponder handles the response to the CreateOrUpdate request. The method always +// closes the http.Response Body. +func (client IncidentsClient) CreateOrUpdateResponder(resp *http.Response) (result Incident, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK, http.StatusCreated), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// Delete delete the incident. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// workspaceName - the name of the workspace. +// incidentID - incident ID +func (client IncidentsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string) (result autorest.Response, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/IncidentsClient.Delete") + defer func() { + sc := -1 + if result.Response != nil { + sc = result.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.IncidentsClient", "Delete", err.Error()) + } + + req, err := client.DeletePreparer(ctx, resourceGroupName, workspaceName, incidentID) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.IncidentsClient", "Delete", nil, "Failure preparing request") + return + } + + resp, err := client.DeleteSender(req) + if err != nil { + result.Response = resp + err = autorest.NewErrorWithError(err, "securityinsight.IncidentsClient", "Delete", resp, "Failure sending request") + return + } + + result, err = client.DeleteResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.IncidentsClient", "Delete", resp, "Failure responding to request") + return + } + + return +} + +// DeletePreparer prepares the Delete request. +func (client IncidentsClient) DeletePreparer(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "incidentId": autorest.Encode("path", incidentID), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2020-01-01" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsDelete(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// DeleteSender sends the Delete request. The method will close the +// http.Response Body if it receives an error. +func (client IncidentsClient) DeleteSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// DeleteResponder handles the response to the Delete request. The method always +// closes the http.Response Body. +func (client IncidentsClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK, http.StatusNoContent), + autorest.ByClosing()) + result.Response = resp + return +} + +// Get gets an incident. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// workspaceName - the name of the workspace. +// incidentID - incident ID +func (client IncidentsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string) (result Incident, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/IncidentsClient.Get") + defer func() { + sc := -1 + if result.Response.Response != nil { + sc = result.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.IncidentsClient", "Get", err.Error()) + } + + req, err := client.GetPreparer(ctx, resourceGroupName, workspaceName, incidentID) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.IncidentsClient", "Get", nil, "Failure preparing request") + return + } + + resp, err := client.GetSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.IncidentsClient", "Get", resp, "Failure sending request") + return + } + + result, err = client.GetResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.IncidentsClient", "Get", resp, "Failure responding to request") + return + } + + return +} + +// GetPreparer prepares the Get request. +func (client IncidentsClient) GetPreparer(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "incidentId": autorest.Encode("path", incidentID), + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2020-01-01" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// GetSender sends the Get request. The method will close the +// http.Response Body if it receives an error. +func (client IncidentsClient) GetSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// GetResponder handles the response to the Get request. The method always +// closes the http.Response Body. +func (client IncidentsClient) GetResponder(resp *http.Response) (result Incident, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// List gets all incidents. +// Parameters: +// resourceGroupName - the name of the resource group within the user's subscription. The name is case +// insensitive. +// workspaceName - the name of the workspace. +// filter - filters the results, based on a Boolean condition. Optional. +// orderby - sorts the results. Optional. +// top - returns only the first n results. Optional. +// skipToken - skiptoken is only used if a previous operation returned a partial result. If a previous response +// contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that +// specifies a starting point to use for subsequent calls. Optional. +func (client IncidentsClient) List(ctx context.Context, resourceGroupName string, workspaceName string, filter string, orderby string, top *int32, skipToken string) (result IncidentListPage, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/IncidentsClient.List") + defer func() { + sc := -1 + if result.il.Response.Response != nil { + sc = result.il.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + if err := validation.Validate([]validation.Validation{ + {TargetValue: client.SubscriptionID, + Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}, + {TargetValue: resourceGroupName, + Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil}, + {Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}, + {TargetValue: workspaceName, + Constraints: []validation.Constraint{{Target: "workspaceName", Name: validation.MaxLength, Rule: 90, Chain: nil}, + {Target: "workspaceName", Name: validation.MinLength, Rule: 1, Chain: nil}}}}); err != nil { + return result, validation.NewError("securityinsight.IncidentsClient", "List", err.Error()) + } + + result.fn = client.listNextResults + req, err := client.ListPreparer(ctx, resourceGroupName, workspaceName, filter, orderby, top, skipToken) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.IncidentsClient", "List", nil, "Failure preparing request") + return + } + + resp, err := client.ListSender(req) + if err != nil { + result.il.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.IncidentsClient", "List", resp, "Failure sending request") + return + } + + result.il, err = client.ListResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.IncidentsClient", "List", resp, "Failure responding to request") + return + } + if result.il.hasNextLink() && result.il.IsEmpty() { + err = result.NextWithContext(ctx) + return + } + + return +} + +// ListPreparer prepares the List request. +func (client IncidentsClient) ListPreparer(ctx context.Context, resourceGroupName string, workspaceName string, filter string, orderby string, top *int32, skipToken string) (*http.Request, error) { + pathParameters := map[string]interface{}{ + "resourceGroupName": autorest.Encode("path", resourceGroupName), + "subscriptionId": autorest.Encode("path", client.SubscriptionID), + "workspaceName": autorest.Encode("path", workspaceName), + } + + const APIVersion = "2020-01-01" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + if len(filter) > 0 { + queryParameters["$filter"] = autorest.Encode("query", filter) + } + if len(orderby) > 0 { + queryParameters["$orderby"] = autorest.Encode("query", orderby) + } + if top != nil { + queryParameters["$top"] = autorest.Encode("query", *top) + } + if len(skipToken) > 0 { + queryParameters["$skipToken"] = autorest.Encode("query", skipToken) + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents", pathParameters), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// ListSender sends the List request. The method will close the +// http.Response Body if it receives an error. +func (client IncidentsClient) ListSender(req *http.Request) (*http.Response, error) { + return client.Send(req, azure.DoRetryWithRegistration(client.Client)) +} + +// ListResponder handles the response to the List request. The method always +// closes the http.Response Body. +func (client IncidentsClient) ListResponder(resp *http.Response) (result IncidentList, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// listNextResults retrieves the next set of results, if any. +func (client IncidentsClient) listNextResults(ctx context.Context, lastResults IncidentList) (result IncidentList, err error) { + req, err := lastResults.incidentListPreparer(ctx) + if err != nil { + return result, autorest.NewErrorWithError(err, "securityinsight.IncidentsClient", "listNextResults", nil, "Failure preparing next results request") + } + if req == nil { + return + } + resp, err := client.ListSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + return result, autorest.NewErrorWithError(err, "securityinsight.IncidentsClient", "listNextResults", resp, "Failure sending next results request") + } + result, err = client.ListResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.IncidentsClient", "listNextResults", resp, "Failure responding to next results request") + } + return +} + +// ListComplete enumerates all values, automatically crossing page boundaries as required. +func (client IncidentsClient) ListComplete(ctx context.Context, resourceGroupName string, workspaceName string, filter string, orderby string, top *int32, skipToken string) (result IncidentListIterator, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/IncidentsClient.List") + defer func() { + sc := -1 + if result.Response().Response.Response != nil { + sc = result.page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + result.page, err = client.List(ctx, resourceGroupName, workspaceName, filter, orderby, top, skipToken) + return +} diff --git a/services/securityinsight/mgmt/2020-01-01/securityinsight/models.go b/services/securityinsight/mgmt/2020-01-01/securityinsight/models.go new file mode 100644 index 000000000000..cc51a66600bc --- /dev/null +++ b/services/securityinsight/mgmt/2020-01-01/securityinsight/models.go @@ -0,0 +1,5536 @@ +package securityinsight + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See License.txt in the project root for license information. +// +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +import ( + "context" + "encoding/json" + "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/date" + "github.com/Azure/go-autorest/autorest/to" + "github.com/Azure/go-autorest/tracing" + "github.com/gofrs/uuid" + "net/http" +) + +// The package's fully qualified name. +const fqdn = "github.com/Azure/azure-sdk-for-go/services/securityinsight/mgmt/2020-01-01/securityinsight" + +// AADDataConnector represents AAD (Azure Active Directory) data connector. +type AADDataConnector struct { + // AADDataConnectorProperties - AAD (Azure Active Directory) data connector properties. + *AADDataConnectorProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence' + Kind KindBasicDataConnector `json:"kind,omitempty"` +} + +// MarshalJSON is the custom marshaler for AADDataConnector. +func (adc AADDataConnector) MarshalJSON() ([]byte, error) { + adc.Kind = KindAzureActiveDirectory + objectMap := make(map[string]interface{}) + if adc.AADDataConnectorProperties != nil { + objectMap["properties"] = adc.AADDataConnectorProperties + } + if adc.Kind != "" { + objectMap["kind"] = adc.Kind + } + if adc.Etag != nil { + objectMap["etag"] = adc.Etag + } + return json.Marshal(objectMap) +} + +// AsAADDataConnector is the BasicDataConnector implementation for AADDataConnector. +func (adc AADDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { + return &adc, true +} + +// AsAATPDataConnector is the BasicDataConnector implementation for AADDataConnector. +func (adc AADDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { + return nil, false +} + +// AsASCDataConnector is the BasicDataConnector implementation for AADDataConnector. +func (adc AADDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { + return nil, false +} + +// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for AADDataConnector. +func (adc AADDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { + return nil, false +} + +// AsMCASDataConnector is the BasicDataConnector implementation for AADDataConnector. +func (adc AADDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { + return nil, false +} + +// AsMDATPDataConnector is the BasicDataConnector implementation for AADDataConnector. +func (adc AADDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { + return nil, false +} + +// AsOfficeDataConnector is the BasicDataConnector implementation for AADDataConnector. +func (adc AADDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { + return nil, false +} + +// AsTIDataConnector is the BasicDataConnector implementation for AADDataConnector. +func (adc AADDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { + return nil, false +} + +// AsDataConnector is the BasicDataConnector implementation for AADDataConnector. +func (adc AADDataConnector) AsDataConnector() (*DataConnector, bool) { + return nil, false +} + +// AsBasicDataConnector is the BasicDataConnector implementation for AADDataConnector. +func (adc AADDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) { + return &adc, true +} + +// UnmarshalJSON is the custom unmarshaler for AADDataConnector struct. +func (adc *AADDataConnector) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var aADDataConnectorProperties AADDataConnectorProperties + err = json.Unmarshal(*v, &aADDataConnectorProperties) + if err != nil { + return err + } + adc.AADDataConnectorProperties = &aADDataConnectorProperties + } + case "kind": + if v != nil { + var kind KindBasicDataConnector + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + adc.Kind = kind + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + adc.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + adc.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + adc.Type = &typeVar + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + adc.Etag = &etag + } + } + } + + return nil +} + +// AADDataConnectorProperties AAD (Azure Active Directory) data connector properties. +type AADDataConnectorProperties struct { + // TenantID - The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` + // DataTypes - The available data types for the connector. + DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"` +} + +// AATPDataConnector represents AATP (Azure Advanced Threat Protection) data connector. +type AATPDataConnector struct { + // AATPDataConnectorProperties - AATP (Azure Advanced Threat Protection) data connector properties. + *AATPDataConnectorProperties `json:"properties,omitempty"` + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence' + Kind KindBasicDataConnector `json:"kind,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` +} + +// MarshalJSON is the custom marshaler for AATPDataConnector. +func (adc AATPDataConnector) MarshalJSON() ([]byte, error) { + adc.Kind = KindAzureAdvancedThreatProtection + objectMap := make(map[string]interface{}) + if adc.AATPDataConnectorProperties != nil { + objectMap["properties"] = adc.AATPDataConnectorProperties + } + if adc.Kind != "" { + objectMap["kind"] = adc.Kind + } + if adc.Etag != nil { + objectMap["etag"] = adc.Etag + } + return json.Marshal(objectMap) +} + +// AsAADDataConnector is the BasicDataConnector implementation for AATPDataConnector. +func (adc AATPDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { + return nil, false +} + +// AsAATPDataConnector is the BasicDataConnector implementation for AATPDataConnector. +func (adc AATPDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { + return &adc, true +} + +// AsASCDataConnector is the BasicDataConnector implementation for AATPDataConnector. +func (adc AATPDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { + return nil, false +} + +// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for AATPDataConnector. +func (adc AATPDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { + return nil, false +} + +// AsMCASDataConnector is the BasicDataConnector implementation for AATPDataConnector. +func (adc AATPDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { + return nil, false +} + +// AsMDATPDataConnector is the BasicDataConnector implementation for AATPDataConnector. +func (adc AATPDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { + return nil, false +} + +// AsOfficeDataConnector is the BasicDataConnector implementation for AATPDataConnector. +func (adc AATPDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { + return nil, false +} + +// AsTIDataConnector is the BasicDataConnector implementation for AATPDataConnector. +func (adc AATPDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { + return nil, false +} + +// AsDataConnector is the BasicDataConnector implementation for AATPDataConnector. +func (adc AATPDataConnector) AsDataConnector() (*DataConnector, bool) { + return nil, false +} + +// AsBasicDataConnector is the BasicDataConnector implementation for AATPDataConnector. +func (adc AATPDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) { + return &adc, true +} + +// UnmarshalJSON is the custom unmarshaler for AATPDataConnector struct. +func (adc *AATPDataConnector) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var aATPDataConnectorProperties AATPDataConnectorProperties + err = json.Unmarshal(*v, &aATPDataConnectorProperties) + if err != nil { + return err + } + adc.AATPDataConnectorProperties = &aATPDataConnectorProperties + } + case "kind": + if v != nil { + var kind KindBasicDataConnector + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + adc.Kind = kind + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + adc.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + adc.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + adc.Type = &typeVar + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + adc.Etag = &etag + } + } + } + + return nil +} + +// AATPDataConnectorProperties AATP (Azure Advanced Threat Protection) data connector properties. +type AATPDataConnectorProperties struct { + // TenantID - The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` + // DataTypes - The available data types for the connector. + DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"` +} + +// ActionPropertiesBase action property bag base. +type ActionPropertiesBase struct { + // LogicAppResourceID - Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}. + LogicAppResourceID *string `json:"logicAppResourceId,omitempty"` +} + +// ActionRequest action for alert rule. +type ActionRequest struct { + // ActionRequestProperties - Action properties for put request + *ActionRequestProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` +} + +// MarshalJSON is the custom marshaler for ActionRequest. +func (ar ActionRequest) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if ar.ActionRequestProperties != nil { + objectMap["properties"] = ar.ActionRequestProperties + } + if ar.Etag != nil { + objectMap["etag"] = ar.Etag + } + return json.Marshal(objectMap) +} + +// UnmarshalJSON is the custom unmarshaler for ActionRequest struct. +func (ar *ActionRequest) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var actionRequestProperties ActionRequestProperties + err = json.Unmarshal(*v, &actionRequestProperties) + if err != nil { + return err + } + ar.ActionRequestProperties = &actionRequestProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + ar.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + ar.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + ar.Type = &typeVar + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + ar.Etag = &etag + } + } + } + + return nil +} + +// ActionRequestProperties action property bag. +type ActionRequestProperties struct { + // TriggerURI - Logic App Callback URL for this specific workflow. + TriggerURI *string `json:"triggerUri,omitempty"` + // LogicAppResourceID - Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}. + LogicAppResourceID *string `json:"logicAppResourceId,omitempty"` +} + +// ActionResponse action for alert rule. +type ActionResponse struct { + autorest.Response `json:"-"` + // Etag - Etag of the action. + Etag *string `json:"etag,omitempty"` + // ActionResponseProperties - Action properties for get request + *ActionResponseProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` +} + +// MarshalJSON is the custom marshaler for ActionResponse. +func (ar ActionResponse) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if ar.Etag != nil { + objectMap["etag"] = ar.Etag + } + if ar.ActionResponseProperties != nil { + objectMap["properties"] = ar.ActionResponseProperties + } + return json.Marshal(objectMap) +} + +// UnmarshalJSON is the custom unmarshaler for ActionResponse struct. +func (ar *ActionResponse) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + ar.Etag = &etag + } + case "properties": + if v != nil { + var actionResponseProperties ActionResponseProperties + err = json.Unmarshal(*v, &actionResponseProperties) + if err != nil { + return err + } + ar.ActionResponseProperties = &actionResponseProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + ar.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + ar.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + ar.Type = &typeVar + } + } + } + + return nil +} + +// ActionResponseProperties action property bag. +type ActionResponseProperties struct { + // WorkflowID - The name of the logic app's workflow. + WorkflowID *string `json:"workflowId,omitempty"` + // LogicAppResourceID - Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}. + LogicAppResourceID *string `json:"logicAppResourceId,omitempty"` +} + +// ActionsList list all the actions. +type ActionsList struct { + autorest.Response `json:"-"` + // NextLink - READ-ONLY; URL to fetch the next set of actions. + NextLink *string `json:"nextLink,omitempty"` + // Value - Array of actions. + Value *[]ActionResponse `json:"value,omitempty"` +} + +// MarshalJSON is the custom marshaler for ActionsList. +func (al ActionsList) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if al.Value != nil { + objectMap["value"] = al.Value + } + return json.Marshal(objectMap) +} + +// ActionsListIterator provides access to a complete listing of ActionResponse values. +type ActionsListIterator struct { + i int + page ActionsListPage +} + +// NextWithContext advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +func (iter *ActionsListIterator) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/ActionsListIterator.NextWithContext") + defer func() { + sc := -1 + if iter.Response().Response.Response != nil { + sc = iter.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + iter.i++ + if iter.i < len(iter.page.Values()) { + return nil + } + err = iter.page.NextWithContext(ctx) + if err != nil { + iter.i-- + return err + } + iter.i = 0 + return nil +} + +// Next advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (iter *ActionsListIterator) Next() error { + return iter.NextWithContext(context.Background()) +} + +// NotDone returns true if the enumeration should be started or is not yet complete. +func (iter ActionsListIterator) NotDone() bool { + return iter.page.NotDone() && iter.i < len(iter.page.Values()) +} + +// Response returns the raw server response from the last page request. +func (iter ActionsListIterator) Response() ActionsList { + return iter.page.Response() +} + +// Value returns the current value or a zero-initialized value if the +// iterator has advanced beyond the end of the collection. +func (iter ActionsListIterator) Value() ActionResponse { + if !iter.page.NotDone() { + return ActionResponse{} + } + return iter.page.Values()[iter.i] +} + +// Creates a new instance of the ActionsListIterator type. +func NewActionsListIterator(page ActionsListPage) ActionsListIterator { + return ActionsListIterator{page: page} +} + +// IsEmpty returns true if the ListResult contains no values. +func (al ActionsList) IsEmpty() bool { + return al.Value == nil || len(*al.Value) == 0 +} + +// hasNextLink returns true if the NextLink is not empty. +func (al ActionsList) hasNextLink() bool { + return al.NextLink != nil && len(*al.NextLink) != 0 +} + +// actionsListPreparer prepares a request to retrieve the next set of results. +// It returns nil if no more results exist. +func (al ActionsList) actionsListPreparer(ctx context.Context) (*http.Request, error) { + if !al.hasNextLink() { + return nil, nil + } + return autorest.Prepare((&http.Request{}).WithContext(ctx), + autorest.AsJSON(), + autorest.AsGet(), + autorest.WithBaseURL(to.String(al.NextLink))) +} + +// ActionsListPage contains a page of ActionResponse values. +type ActionsListPage struct { + fn func(context.Context, ActionsList) (ActionsList, error) + al ActionsList +} + +// NextWithContext advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +func (page *ActionsListPage) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/ActionsListPage.NextWithContext") + defer func() { + sc := -1 + if page.Response().Response.Response != nil { + sc = page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + for { + next, err := page.fn(ctx, page.al) + if err != nil { + return err + } + page.al = next + if !next.hasNextLink() || !next.IsEmpty() { + break + } + } + return nil +} + +// Next advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (page *ActionsListPage) Next() error { + return page.NextWithContext(context.Background()) +} + +// NotDone returns true if the page enumeration should be started or is not yet complete. +func (page ActionsListPage) NotDone() bool { + return !page.al.IsEmpty() +} + +// Response returns the raw server response from the last page request. +func (page ActionsListPage) Response() ActionsList { + return page.al +} + +// Values returns the slice of values for the current page or nil if there are no values. +func (page ActionsListPage) Values() []ActionResponse { + if page.al.IsEmpty() { + return nil + } + return *page.al.Value +} + +// Creates a new instance of the ActionsListPage type. +func NewActionsListPage(cur ActionsList, getNextPage func(context.Context, ActionsList) (ActionsList, error)) ActionsListPage { + return ActionsListPage{ + fn: getNextPage, + al: cur, + } +} + +// BasicAlertRule alert rule. +type BasicAlertRule interface { + AsFusionAlertRule() (*FusionAlertRule, bool) + AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool) + AsScheduledAlertRule() (*ScheduledAlertRule, bool) + AsAlertRule() (*AlertRule, bool) +} + +// AlertRule alert rule. +type AlertRule struct { + autorest.Response `json:"-"` + // Kind - Possible values include: 'KindAlertRule', 'KindFusion', 'KindMicrosoftSecurityIncidentCreation', 'KindScheduled' + Kind Kind `json:"kind,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` +} + +func unmarshalBasicAlertRule(body []byte) (BasicAlertRule, error) { + var m map[string]interface{} + err := json.Unmarshal(body, &m) + if err != nil { + return nil, err + } + + switch m["kind"] { + case string(KindFusion): + var far FusionAlertRule + err := json.Unmarshal(body, &far) + return far, err + case string(KindMicrosoftSecurityIncidentCreation): + var msicar MicrosoftSecurityIncidentCreationAlertRule + err := json.Unmarshal(body, &msicar) + return msicar, err + case string(KindScheduled): + var sar ScheduledAlertRule + err := json.Unmarshal(body, &sar) + return sar, err + default: + var ar AlertRule + err := json.Unmarshal(body, &ar) + return ar, err + } +} +func unmarshalBasicAlertRuleArray(body []byte) ([]BasicAlertRule, error) { + var rawMessages []*json.RawMessage + err := json.Unmarshal(body, &rawMessages) + if err != nil { + return nil, err + } + + arArray := make([]BasicAlertRule, len(rawMessages)) + + for index, rawMessage := range rawMessages { + ar, err := unmarshalBasicAlertRule(*rawMessage) + if err != nil { + return nil, err + } + arArray[index] = ar + } + return arArray, nil +} + +// MarshalJSON is the custom marshaler for AlertRule. +func (ar AlertRule) MarshalJSON() ([]byte, error) { + ar.Kind = KindAlertRule + objectMap := make(map[string]interface{}) + if ar.Kind != "" { + objectMap["kind"] = ar.Kind + } + if ar.Etag != nil { + objectMap["etag"] = ar.Etag + } + return json.Marshal(objectMap) +} + +// AsFusionAlertRule is the BasicAlertRule implementation for AlertRule. +func (ar AlertRule) AsFusionAlertRule() (*FusionAlertRule, bool) { + return nil, false +} + +// AsMicrosoftSecurityIncidentCreationAlertRule is the BasicAlertRule implementation for AlertRule. +func (ar AlertRule) AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool) { + return nil, false +} + +// AsScheduledAlertRule is the BasicAlertRule implementation for AlertRule. +func (ar AlertRule) AsScheduledAlertRule() (*ScheduledAlertRule, bool) { + return nil, false +} + +// AsAlertRule is the BasicAlertRule implementation for AlertRule. +func (ar AlertRule) AsAlertRule() (*AlertRule, bool) { + return &ar, true +} + +// AsBasicAlertRule is the BasicAlertRule implementation for AlertRule. +func (ar AlertRule) AsBasicAlertRule() (BasicAlertRule, bool) { + return &ar, true +} + +// AlertRuleModel ... +type AlertRuleModel struct { + autorest.Response `json:"-"` + Value BasicAlertRule `json:"value,omitempty"` +} + +// UnmarshalJSON is the custom unmarshaler for AlertRuleModel struct. +func (arm *AlertRuleModel) UnmarshalJSON(body []byte) error { + ar, err := unmarshalBasicAlertRule(body) + if err != nil { + return err + } + arm.Value = ar + + return nil +} + +// AlertRulesList list all the alert rules. +type AlertRulesList struct { + autorest.Response `json:"-"` + // NextLink - READ-ONLY; URL to fetch the next set of alert rules. + NextLink *string `json:"nextLink,omitempty"` + // Value - Array of alert rules. + Value *[]BasicAlertRule `json:"value,omitempty"` +} + +// MarshalJSON is the custom marshaler for AlertRulesList. +func (arl AlertRulesList) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if arl.Value != nil { + objectMap["value"] = arl.Value + } + return json.Marshal(objectMap) +} + +// UnmarshalJSON is the custom unmarshaler for AlertRulesList struct. +func (arl *AlertRulesList) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "nextLink": + if v != nil { + var nextLink string + err = json.Unmarshal(*v, &nextLink) + if err != nil { + return err + } + arl.NextLink = &nextLink + } + case "value": + if v != nil { + value, err := unmarshalBasicAlertRuleArray(*v) + if err != nil { + return err + } + arl.Value = &value + } + } + } + + return nil +} + +// AlertRulesListIterator provides access to a complete listing of AlertRule values. +type AlertRulesListIterator struct { + i int + page AlertRulesListPage +} + +// NextWithContext advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +func (iter *AlertRulesListIterator) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/AlertRulesListIterator.NextWithContext") + defer func() { + sc := -1 + if iter.Response().Response.Response != nil { + sc = iter.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + iter.i++ + if iter.i < len(iter.page.Values()) { + return nil + } + err = iter.page.NextWithContext(ctx) + if err != nil { + iter.i-- + return err + } + iter.i = 0 + return nil +} + +// Next advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (iter *AlertRulesListIterator) Next() error { + return iter.NextWithContext(context.Background()) +} + +// NotDone returns true if the enumeration should be started or is not yet complete. +func (iter AlertRulesListIterator) NotDone() bool { + return iter.page.NotDone() && iter.i < len(iter.page.Values()) +} + +// Response returns the raw server response from the last page request. +func (iter AlertRulesListIterator) Response() AlertRulesList { + return iter.page.Response() +} + +// Value returns the current value or a zero-initialized value if the +// iterator has advanced beyond the end of the collection. +func (iter AlertRulesListIterator) Value() BasicAlertRule { + if !iter.page.NotDone() { + return AlertRule{} + } + return iter.page.Values()[iter.i] +} + +// Creates a new instance of the AlertRulesListIterator type. +func NewAlertRulesListIterator(page AlertRulesListPage) AlertRulesListIterator { + return AlertRulesListIterator{page: page} +} + +// IsEmpty returns true if the ListResult contains no values. +func (arl AlertRulesList) IsEmpty() bool { + return arl.Value == nil || len(*arl.Value) == 0 +} + +// hasNextLink returns true if the NextLink is not empty. +func (arl AlertRulesList) hasNextLink() bool { + return arl.NextLink != nil && len(*arl.NextLink) != 0 +} + +// alertRulesListPreparer prepares a request to retrieve the next set of results. +// It returns nil if no more results exist. +func (arl AlertRulesList) alertRulesListPreparer(ctx context.Context) (*http.Request, error) { + if !arl.hasNextLink() { + return nil, nil + } + return autorest.Prepare((&http.Request{}).WithContext(ctx), + autorest.AsJSON(), + autorest.AsGet(), + autorest.WithBaseURL(to.String(arl.NextLink))) +} + +// AlertRulesListPage contains a page of BasicAlertRule values. +type AlertRulesListPage struct { + fn func(context.Context, AlertRulesList) (AlertRulesList, error) + arl AlertRulesList +} + +// NextWithContext advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +func (page *AlertRulesListPage) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/AlertRulesListPage.NextWithContext") + defer func() { + sc := -1 + if page.Response().Response.Response != nil { + sc = page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + for { + next, err := page.fn(ctx, page.arl) + if err != nil { + return err + } + page.arl = next + if !next.hasNextLink() || !next.IsEmpty() { + break + } + } + return nil +} + +// Next advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (page *AlertRulesListPage) Next() error { + return page.NextWithContext(context.Background()) +} + +// NotDone returns true if the page enumeration should be started or is not yet complete. +func (page AlertRulesListPage) NotDone() bool { + return !page.arl.IsEmpty() +} + +// Response returns the raw server response from the last page request. +func (page AlertRulesListPage) Response() AlertRulesList { + return page.arl +} + +// Values returns the slice of values for the current page or nil if there are no values. +func (page AlertRulesListPage) Values() []BasicAlertRule { + if page.arl.IsEmpty() { + return nil + } + return *page.arl.Value +} + +// Creates a new instance of the AlertRulesListPage type. +func NewAlertRulesListPage(cur AlertRulesList, getNextPage func(context.Context, AlertRulesList) (AlertRulesList, error)) AlertRulesListPage { + return AlertRulesListPage{ + fn: getNextPage, + arl: cur, + } +} + +// BasicAlertRuleTemplate alert rule template. +type BasicAlertRuleTemplate interface { + AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool) + AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool) + AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool) + AsAlertRuleTemplate() (*AlertRuleTemplate, bool) +} + +// AlertRuleTemplate alert rule template. +type AlertRuleTemplate struct { + autorest.Response `json:"-"` + // Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindFusion', 'KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation', 'KindBasicAlertRuleTemplateKindScheduled' + Kind KindBasicAlertRuleTemplate `json:"kind,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` +} + +func unmarshalBasicAlertRuleTemplate(body []byte) (BasicAlertRuleTemplate, error) { + var m map[string]interface{} + err := json.Unmarshal(body, &m) + if err != nil { + return nil, err + } + + switch m["kind"] { + case string(KindBasicAlertRuleTemplateKindFusion): + var fart FusionAlertRuleTemplate + err := json.Unmarshal(body, &fart) + return fart, err + case string(KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation): + var msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate + err := json.Unmarshal(body, &msicart) + return msicart, err + case string(KindBasicAlertRuleTemplateKindScheduled): + var sart ScheduledAlertRuleTemplate + err := json.Unmarshal(body, &sart) + return sart, err + default: + var art AlertRuleTemplate + err := json.Unmarshal(body, &art) + return art, err + } +} +func unmarshalBasicAlertRuleTemplateArray(body []byte) ([]BasicAlertRuleTemplate, error) { + var rawMessages []*json.RawMessage + err := json.Unmarshal(body, &rawMessages) + if err != nil { + return nil, err + } + + artArray := make([]BasicAlertRuleTemplate, len(rawMessages)) + + for index, rawMessage := range rawMessages { + art, err := unmarshalBasicAlertRuleTemplate(*rawMessage) + if err != nil { + return nil, err + } + artArray[index] = art + } + return artArray, nil +} + +// MarshalJSON is the custom marshaler for AlertRuleTemplate. +func (art AlertRuleTemplate) MarshalJSON() ([]byte, error) { + art.Kind = KindBasicAlertRuleTemplateKindAlertRuleTemplate + objectMap := make(map[string]interface{}) + if art.Kind != "" { + objectMap["kind"] = art.Kind + } + return json.Marshal(objectMap) +} + +// AsFusionAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate. +func (art AlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool) { + return nil, false +} + +// AsMicrosoftSecurityIncidentCreationAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate. +func (art AlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool) { + return nil, false +} + +// AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate. +func (art AlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool) { + return nil, false +} + +// AsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate. +func (art AlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool) { + return &art, true +} + +// AsBasicAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate. +func (art AlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool) { + return &art, true +} + +// AlertRuleTemplateDataSource alert rule template data sources +type AlertRuleTemplateDataSource struct { + // ConnectorID - The connector id that provides the following data types + ConnectorID *string `json:"connectorId,omitempty"` + // DataTypes - The data types used by the alert rule template + DataTypes *[]string `json:"dataTypes,omitempty"` +} + +// AlertRuleTemplateModel ... +type AlertRuleTemplateModel struct { + autorest.Response `json:"-"` + Value BasicAlertRuleTemplate `json:"value,omitempty"` +} + +// UnmarshalJSON is the custom unmarshaler for AlertRuleTemplateModel struct. +func (artm *AlertRuleTemplateModel) UnmarshalJSON(body []byte) error { + art, err := unmarshalBasicAlertRuleTemplate(body) + if err != nil { + return err + } + artm.Value = art + + return nil +} + +// AlertRuleTemplatesList list all the alert rule templates. +type AlertRuleTemplatesList struct { + autorest.Response `json:"-"` + // NextLink - READ-ONLY; URL to fetch the next set of alert rule templates. + NextLink *string `json:"nextLink,omitempty"` + // Value - Array of alert rule templates. + Value *[]BasicAlertRuleTemplate `json:"value,omitempty"` +} + +// MarshalJSON is the custom marshaler for AlertRuleTemplatesList. +func (artl AlertRuleTemplatesList) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if artl.Value != nil { + objectMap["value"] = artl.Value + } + return json.Marshal(objectMap) +} + +// UnmarshalJSON is the custom unmarshaler for AlertRuleTemplatesList struct. +func (artl *AlertRuleTemplatesList) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "nextLink": + if v != nil { + var nextLink string + err = json.Unmarshal(*v, &nextLink) + if err != nil { + return err + } + artl.NextLink = &nextLink + } + case "value": + if v != nil { + value, err := unmarshalBasicAlertRuleTemplateArray(*v) + if err != nil { + return err + } + artl.Value = &value + } + } + } + + return nil +} + +// AlertRuleTemplatesListIterator provides access to a complete listing of AlertRuleTemplate values. +type AlertRuleTemplatesListIterator struct { + i int + page AlertRuleTemplatesListPage +} + +// NextWithContext advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +func (iter *AlertRuleTemplatesListIterator) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/AlertRuleTemplatesListIterator.NextWithContext") + defer func() { + sc := -1 + if iter.Response().Response.Response != nil { + sc = iter.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + iter.i++ + if iter.i < len(iter.page.Values()) { + return nil + } + err = iter.page.NextWithContext(ctx) + if err != nil { + iter.i-- + return err + } + iter.i = 0 + return nil +} + +// Next advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (iter *AlertRuleTemplatesListIterator) Next() error { + return iter.NextWithContext(context.Background()) +} + +// NotDone returns true if the enumeration should be started or is not yet complete. +func (iter AlertRuleTemplatesListIterator) NotDone() bool { + return iter.page.NotDone() && iter.i < len(iter.page.Values()) +} + +// Response returns the raw server response from the last page request. +func (iter AlertRuleTemplatesListIterator) Response() AlertRuleTemplatesList { + return iter.page.Response() +} + +// Value returns the current value or a zero-initialized value if the +// iterator has advanced beyond the end of the collection. +func (iter AlertRuleTemplatesListIterator) Value() BasicAlertRuleTemplate { + if !iter.page.NotDone() { + return AlertRuleTemplate{} + } + return iter.page.Values()[iter.i] +} + +// Creates a new instance of the AlertRuleTemplatesListIterator type. +func NewAlertRuleTemplatesListIterator(page AlertRuleTemplatesListPage) AlertRuleTemplatesListIterator { + return AlertRuleTemplatesListIterator{page: page} +} + +// IsEmpty returns true if the ListResult contains no values. +func (artl AlertRuleTemplatesList) IsEmpty() bool { + return artl.Value == nil || len(*artl.Value) == 0 +} + +// hasNextLink returns true if the NextLink is not empty. +func (artl AlertRuleTemplatesList) hasNextLink() bool { + return artl.NextLink != nil && len(*artl.NextLink) != 0 +} + +// alertRuleTemplatesListPreparer prepares a request to retrieve the next set of results. +// It returns nil if no more results exist. +func (artl AlertRuleTemplatesList) alertRuleTemplatesListPreparer(ctx context.Context) (*http.Request, error) { + if !artl.hasNextLink() { + return nil, nil + } + return autorest.Prepare((&http.Request{}).WithContext(ctx), + autorest.AsJSON(), + autorest.AsGet(), + autorest.WithBaseURL(to.String(artl.NextLink))) +} + +// AlertRuleTemplatesListPage contains a page of BasicAlertRuleTemplate values. +type AlertRuleTemplatesListPage struct { + fn func(context.Context, AlertRuleTemplatesList) (AlertRuleTemplatesList, error) + artl AlertRuleTemplatesList +} + +// NextWithContext advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +func (page *AlertRuleTemplatesListPage) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/AlertRuleTemplatesListPage.NextWithContext") + defer func() { + sc := -1 + if page.Response().Response.Response != nil { + sc = page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + for { + next, err := page.fn(ctx, page.artl) + if err != nil { + return err + } + page.artl = next + if !next.hasNextLink() || !next.IsEmpty() { + break + } + } + return nil +} + +// Next advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (page *AlertRuleTemplatesListPage) Next() error { + return page.NextWithContext(context.Background()) +} + +// NotDone returns true if the page enumeration should be started or is not yet complete. +func (page AlertRuleTemplatesListPage) NotDone() bool { + return !page.artl.IsEmpty() +} + +// Response returns the raw server response from the last page request. +func (page AlertRuleTemplatesListPage) Response() AlertRuleTemplatesList { + return page.artl +} + +// Values returns the slice of values for the current page or nil if there are no values. +func (page AlertRuleTemplatesListPage) Values() []BasicAlertRuleTemplate { + if page.artl.IsEmpty() { + return nil + } + return *page.artl.Value +} + +// Creates a new instance of the AlertRuleTemplatesListPage type. +func NewAlertRuleTemplatesListPage(cur AlertRuleTemplatesList, getNextPage func(context.Context, AlertRuleTemplatesList) (AlertRuleTemplatesList, error)) AlertRuleTemplatesListPage { + return AlertRuleTemplatesListPage{ + fn: getNextPage, + artl: cur, + } +} + +// AlertsDataTypeOfDataConnector alerts data type for data connectors. +type AlertsDataTypeOfDataConnector struct { + // Alerts - Alerts data type connection. + Alerts *DataConnectorDataTypeCommon `json:"alerts,omitempty"` +} + +// ASCDataConnector represents ASC (Azure Security Center) data connector. +type ASCDataConnector struct { + // ASCDataConnectorProperties - ASC (Azure Security Center) data connector properties. + *ASCDataConnectorProperties `json:"properties,omitempty"` + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence' + Kind KindBasicDataConnector `json:"kind,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` +} + +// MarshalJSON is the custom marshaler for ASCDataConnector. +func (adc ASCDataConnector) MarshalJSON() ([]byte, error) { + adc.Kind = KindAzureSecurityCenter + objectMap := make(map[string]interface{}) + if adc.ASCDataConnectorProperties != nil { + objectMap["properties"] = adc.ASCDataConnectorProperties + } + if adc.Kind != "" { + objectMap["kind"] = adc.Kind + } + if adc.Etag != nil { + objectMap["etag"] = adc.Etag + } + return json.Marshal(objectMap) +} + +// AsAADDataConnector is the BasicDataConnector implementation for ASCDataConnector. +func (adc ASCDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { + return nil, false +} + +// AsAATPDataConnector is the BasicDataConnector implementation for ASCDataConnector. +func (adc ASCDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { + return nil, false +} + +// AsASCDataConnector is the BasicDataConnector implementation for ASCDataConnector. +func (adc ASCDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { + return &adc, true +} + +// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for ASCDataConnector. +func (adc ASCDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { + return nil, false +} + +// AsMCASDataConnector is the BasicDataConnector implementation for ASCDataConnector. +func (adc ASCDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { + return nil, false +} + +// AsMDATPDataConnector is the BasicDataConnector implementation for ASCDataConnector. +func (adc ASCDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { + return nil, false +} + +// AsOfficeDataConnector is the BasicDataConnector implementation for ASCDataConnector. +func (adc ASCDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { + return nil, false +} + +// AsTIDataConnector is the BasicDataConnector implementation for ASCDataConnector. +func (adc ASCDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { + return nil, false +} + +// AsDataConnector is the BasicDataConnector implementation for ASCDataConnector. +func (adc ASCDataConnector) AsDataConnector() (*DataConnector, bool) { + return nil, false +} + +// AsBasicDataConnector is the BasicDataConnector implementation for ASCDataConnector. +func (adc ASCDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) { + return &adc, true +} + +// UnmarshalJSON is the custom unmarshaler for ASCDataConnector struct. +func (adc *ASCDataConnector) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var aSCDataConnectorProperties ASCDataConnectorProperties + err = json.Unmarshal(*v, &aSCDataConnectorProperties) + if err != nil { + return err + } + adc.ASCDataConnectorProperties = &aSCDataConnectorProperties + } + case "kind": + if v != nil { + var kind KindBasicDataConnector + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + adc.Kind = kind + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + adc.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + adc.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + adc.Type = &typeVar + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + adc.Etag = &etag + } + } + } + + return nil +} + +// ASCDataConnectorProperties ASC (Azure Security Center) data connector properties. +type ASCDataConnectorProperties struct { + // SubscriptionID - The subscription id to connect to, and get the data from. + SubscriptionID *string `json:"subscriptionId,omitempty"` + // DataTypes - The available data types for the connector. + DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"` +} + +// AwsCloudTrailDataConnector represents Amazon Web Services CloudTrail data connector. +type AwsCloudTrailDataConnector struct { + // AwsCloudTrailDataConnectorProperties - Amazon Web Services CloudTrail data connector properties. + *AwsCloudTrailDataConnectorProperties `json:"properties,omitempty"` + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence' + Kind KindBasicDataConnector `json:"kind,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` +} + +// MarshalJSON is the custom marshaler for AwsCloudTrailDataConnector. +func (actdc AwsCloudTrailDataConnector) MarshalJSON() ([]byte, error) { + actdc.Kind = KindAmazonWebServicesCloudTrail + objectMap := make(map[string]interface{}) + if actdc.AwsCloudTrailDataConnectorProperties != nil { + objectMap["properties"] = actdc.AwsCloudTrailDataConnectorProperties + } + if actdc.Kind != "" { + objectMap["kind"] = actdc.Kind + } + if actdc.Etag != nil { + objectMap["etag"] = actdc.Etag + } + return json.Marshal(objectMap) +} + +// AsAADDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. +func (actdc AwsCloudTrailDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { + return nil, false +} + +// AsAATPDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. +func (actdc AwsCloudTrailDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { + return nil, false +} + +// AsASCDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. +func (actdc AwsCloudTrailDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { + return nil, false +} + +// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. +func (actdc AwsCloudTrailDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { + return &actdc, true +} + +// AsMCASDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. +func (actdc AwsCloudTrailDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { + return nil, false +} + +// AsMDATPDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. +func (actdc AwsCloudTrailDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { + return nil, false +} + +// AsOfficeDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. +func (actdc AwsCloudTrailDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { + return nil, false +} + +// AsTIDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. +func (actdc AwsCloudTrailDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { + return nil, false +} + +// AsDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. +func (actdc AwsCloudTrailDataConnector) AsDataConnector() (*DataConnector, bool) { + return nil, false +} + +// AsBasicDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector. +func (actdc AwsCloudTrailDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) { + return &actdc, true +} + +// UnmarshalJSON is the custom unmarshaler for AwsCloudTrailDataConnector struct. +func (actdc *AwsCloudTrailDataConnector) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var awsCloudTrailDataConnectorProperties AwsCloudTrailDataConnectorProperties + err = json.Unmarshal(*v, &awsCloudTrailDataConnectorProperties) + if err != nil { + return err + } + actdc.AwsCloudTrailDataConnectorProperties = &awsCloudTrailDataConnectorProperties + } + case "kind": + if v != nil { + var kind KindBasicDataConnector + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + actdc.Kind = kind + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + actdc.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + actdc.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + actdc.Type = &typeVar + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + actdc.Etag = &etag + } + } + } + + return nil +} + +// AwsCloudTrailDataConnectorDataTypes the available data types for Amazon Web Services CloudTrail data +// connector. +type AwsCloudTrailDataConnectorDataTypes struct { + // Logs - Logs data type. + Logs *AwsCloudTrailDataConnectorDataTypesLogs `json:"logs,omitempty"` +} + +// AwsCloudTrailDataConnectorDataTypesLogs logs data type. +type AwsCloudTrailDataConnectorDataTypesLogs struct { + // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' + State DataTypeState `json:"state,omitempty"` +} + +// AwsCloudTrailDataConnectorProperties amazon Web Services CloudTrail data connector properties. +type AwsCloudTrailDataConnectorProperties struct { + // AwsRoleArn - The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access the Aws account. + AwsRoleArn *string `json:"awsRoleArn,omitempty"` + // DataTypes - The available data types for the connector. + DataTypes *AwsCloudTrailDataConnectorDataTypes `json:"dataTypes,omitempty"` +} + +// Bookmark represents a bookmark in Azure Security Insights. +type Bookmark struct { + autorest.Response `json:"-"` + // BookmarkProperties - Bookmark properties + *BookmarkProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` +} + +// MarshalJSON is the custom marshaler for Bookmark. +func (b Bookmark) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if b.BookmarkProperties != nil { + objectMap["properties"] = b.BookmarkProperties + } + if b.Etag != nil { + objectMap["etag"] = b.Etag + } + return json.Marshal(objectMap) +} + +// UnmarshalJSON is the custom unmarshaler for Bookmark struct. +func (b *Bookmark) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var bookmarkProperties BookmarkProperties + err = json.Unmarshal(*v, &bookmarkProperties) + if err != nil { + return err + } + b.BookmarkProperties = &bookmarkProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + b.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + b.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + b.Type = &typeVar + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + b.Etag = &etag + } + } + } + + return nil +} + +// BookmarkList list all the bookmarks. +type BookmarkList struct { + autorest.Response `json:"-"` + // NextLink - READ-ONLY; URL to fetch the next set of cases. + NextLink *string `json:"nextLink,omitempty"` + // Value - Array of bookmarks. + Value *[]Bookmark `json:"value,omitempty"` +} + +// MarshalJSON is the custom marshaler for BookmarkList. +func (bl BookmarkList) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if bl.Value != nil { + objectMap["value"] = bl.Value + } + return json.Marshal(objectMap) +} + +// BookmarkListIterator provides access to a complete listing of Bookmark values. +type BookmarkListIterator struct { + i int + page BookmarkListPage +} + +// NextWithContext advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +func (iter *BookmarkListIterator) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/BookmarkListIterator.NextWithContext") + defer func() { + sc := -1 + if iter.Response().Response.Response != nil { + sc = iter.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + iter.i++ + if iter.i < len(iter.page.Values()) { + return nil + } + err = iter.page.NextWithContext(ctx) + if err != nil { + iter.i-- + return err + } + iter.i = 0 + return nil +} + +// Next advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (iter *BookmarkListIterator) Next() error { + return iter.NextWithContext(context.Background()) +} + +// NotDone returns true if the enumeration should be started or is not yet complete. +func (iter BookmarkListIterator) NotDone() bool { + return iter.page.NotDone() && iter.i < len(iter.page.Values()) +} + +// Response returns the raw server response from the last page request. +func (iter BookmarkListIterator) Response() BookmarkList { + return iter.page.Response() +} + +// Value returns the current value or a zero-initialized value if the +// iterator has advanced beyond the end of the collection. +func (iter BookmarkListIterator) Value() Bookmark { + if !iter.page.NotDone() { + return Bookmark{} + } + return iter.page.Values()[iter.i] +} + +// Creates a new instance of the BookmarkListIterator type. +func NewBookmarkListIterator(page BookmarkListPage) BookmarkListIterator { + return BookmarkListIterator{page: page} +} + +// IsEmpty returns true if the ListResult contains no values. +func (bl BookmarkList) IsEmpty() bool { + return bl.Value == nil || len(*bl.Value) == 0 +} + +// hasNextLink returns true if the NextLink is not empty. +func (bl BookmarkList) hasNextLink() bool { + return bl.NextLink != nil && len(*bl.NextLink) != 0 +} + +// bookmarkListPreparer prepares a request to retrieve the next set of results. +// It returns nil if no more results exist. +func (bl BookmarkList) bookmarkListPreparer(ctx context.Context) (*http.Request, error) { + if !bl.hasNextLink() { + return nil, nil + } + return autorest.Prepare((&http.Request{}).WithContext(ctx), + autorest.AsJSON(), + autorest.AsGet(), + autorest.WithBaseURL(to.String(bl.NextLink))) +} + +// BookmarkListPage contains a page of Bookmark values. +type BookmarkListPage struct { + fn func(context.Context, BookmarkList) (BookmarkList, error) + bl BookmarkList +} + +// NextWithContext advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +func (page *BookmarkListPage) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/BookmarkListPage.NextWithContext") + defer func() { + sc := -1 + if page.Response().Response.Response != nil { + sc = page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + for { + next, err := page.fn(ctx, page.bl) + if err != nil { + return err + } + page.bl = next + if !next.hasNextLink() || !next.IsEmpty() { + break + } + } + return nil +} + +// Next advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (page *BookmarkListPage) Next() error { + return page.NextWithContext(context.Background()) +} + +// NotDone returns true if the page enumeration should be started or is not yet complete. +func (page BookmarkListPage) NotDone() bool { + return !page.bl.IsEmpty() +} + +// Response returns the raw server response from the last page request. +func (page BookmarkListPage) Response() BookmarkList { + return page.bl +} + +// Values returns the slice of values for the current page or nil if there are no values. +func (page BookmarkListPage) Values() []Bookmark { + if page.bl.IsEmpty() { + return nil + } + return *page.bl.Value +} + +// Creates a new instance of the BookmarkListPage type. +func NewBookmarkListPage(cur BookmarkList, getNextPage func(context.Context, BookmarkList) (BookmarkList, error)) BookmarkListPage { + return BookmarkListPage{ + fn: getNextPage, + bl: cur, + } +} + +// BookmarkProperties describes bookmark properties +type BookmarkProperties struct { + // Created - The time the bookmark was created + Created *date.Time `json:"created,omitempty"` + // CreatedBy - Describes a user that created the bookmark + CreatedBy *UserInfo `json:"createdBy,omitempty"` + // DisplayName - The display name of the bookmark + DisplayName *string `json:"displayName,omitempty"` + // Labels - List of labels relevant to this bookmark + Labels *[]string `json:"labels,omitempty"` + // Notes - The notes of the bookmark + Notes *string `json:"notes,omitempty"` + // Query - The query of the bookmark. + Query *string `json:"query,omitempty"` + // QueryResult - The query result of the bookmark. + QueryResult *string `json:"queryResult,omitempty"` + // Updated - The last time the bookmark was updated + Updated *date.Time `json:"updated,omitempty"` + // UpdatedBy - Describes a user that updated the bookmark + UpdatedBy *UserInfo `json:"updatedBy,omitempty"` + // EventTime - The bookmark event time + EventTime *date.Time `json:"eventTime,omitempty"` + // QueryStartTime - The start time for the query + QueryStartTime *date.Time `json:"queryStartTime,omitempty"` + // QueryEndTime - The end time for the query + QueryEndTime *date.Time `json:"queryEndTime,omitempty"` + // IncidentInfo - Describes an incident that relates to bookmark + IncidentInfo *IncidentInfo `json:"incidentInfo,omitempty"` +} + +// ClientInfo information on the client (user or application) that made some action +type ClientInfo struct { + // Email - The email of the client. + Email *string `json:"email,omitempty"` + // Name - The name of the client. + Name *string `json:"name,omitempty"` + // ObjectID - The object id of the client. + ObjectID *uuid.UUID `json:"objectId,omitempty"` + // UserPrincipalName - The user principal name of the client. + UserPrincipalName *string `json:"userPrincipalName,omitempty"` +} + +// CloudError an error response for a resource management request. +type CloudError struct { + // Error - The error object of the CloudError response + Error *ErrorResponse `json:"error,omitempty"` +} + +// BasicDataConnector data connector. +type BasicDataConnector interface { + AsAADDataConnector() (*AADDataConnector, bool) + AsAATPDataConnector() (*AATPDataConnector, bool) + AsASCDataConnector() (*ASCDataConnector, bool) + AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) + AsMCASDataConnector() (*MCASDataConnector, bool) + AsMDATPDataConnector() (*MDATPDataConnector, bool) + AsOfficeDataConnector() (*OfficeDataConnector, bool) + AsTIDataConnector() (*TIDataConnector, bool) + AsDataConnector() (*DataConnector, bool) +} + +// DataConnector data connector. +type DataConnector struct { + autorest.Response `json:"-"` + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence' + Kind KindBasicDataConnector `json:"kind,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` +} + +func unmarshalBasicDataConnector(body []byte) (BasicDataConnector, error) { + var m map[string]interface{} + err := json.Unmarshal(body, &m) + if err != nil { + return nil, err + } + + switch m["kind"] { + case string(KindAzureActiveDirectory): + var adc AADDataConnector + err := json.Unmarshal(body, &adc) + return adc, err + case string(KindAzureAdvancedThreatProtection): + var adc AATPDataConnector + err := json.Unmarshal(body, &adc) + return adc, err + case string(KindAzureSecurityCenter): + var adc ASCDataConnector + err := json.Unmarshal(body, &adc) + return adc, err + case string(KindAmazonWebServicesCloudTrail): + var actdc AwsCloudTrailDataConnector + err := json.Unmarshal(body, &actdc) + return actdc, err + case string(KindMicrosoftCloudAppSecurity): + var mdc MCASDataConnector + err := json.Unmarshal(body, &mdc) + return mdc, err + case string(KindMicrosoftDefenderAdvancedThreatProtection): + var mdc MDATPDataConnector + err := json.Unmarshal(body, &mdc) + return mdc, err + case string(KindOffice365): + var odc OfficeDataConnector + err := json.Unmarshal(body, &odc) + return odc, err + case string(KindThreatIntelligence): + var tdc TIDataConnector + err := json.Unmarshal(body, &tdc) + return tdc, err + default: + var dc DataConnector + err := json.Unmarshal(body, &dc) + return dc, err + } +} +func unmarshalBasicDataConnectorArray(body []byte) ([]BasicDataConnector, error) { + var rawMessages []*json.RawMessage + err := json.Unmarshal(body, &rawMessages) + if err != nil { + return nil, err + } + + dcArray := make([]BasicDataConnector, len(rawMessages)) + + for index, rawMessage := range rawMessages { + dc, err := unmarshalBasicDataConnector(*rawMessage) + if err != nil { + return nil, err + } + dcArray[index] = dc + } + return dcArray, nil +} + +// MarshalJSON is the custom marshaler for DataConnector. +func (dc DataConnector) MarshalJSON() ([]byte, error) { + dc.Kind = KindDataConnector + objectMap := make(map[string]interface{}) + if dc.Kind != "" { + objectMap["kind"] = dc.Kind + } + if dc.Etag != nil { + objectMap["etag"] = dc.Etag + } + return json.Marshal(objectMap) +} + +// AsAADDataConnector is the BasicDataConnector implementation for DataConnector. +func (dc DataConnector) AsAADDataConnector() (*AADDataConnector, bool) { + return nil, false +} + +// AsAATPDataConnector is the BasicDataConnector implementation for DataConnector. +func (dc DataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { + return nil, false +} + +// AsASCDataConnector is the BasicDataConnector implementation for DataConnector. +func (dc DataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { + return nil, false +} + +// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for DataConnector. +func (dc DataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { + return nil, false +} + +// AsMCASDataConnector is the BasicDataConnector implementation for DataConnector. +func (dc DataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { + return nil, false +} + +// AsMDATPDataConnector is the BasicDataConnector implementation for DataConnector. +func (dc DataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { + return nil, false +} + +// AsOfficeDataConnector is the BasicDataConnector implementation for DataConnector. +func (dc DataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { + return nil, false +} + +// AsTIDataConnector is the BasicDataConnector implementation for DataConnector. +func (dc DataConnector) AsTIDataConnector() (*TIDataConnector, bool) { + return nil, false +} + +// AsDataConnector is the BasicDataConnector implementation for DataConnector. +func (dc DataConnector) AsDataConnector() (*DataConnector, bool) { + return &dc, true +} + +// AsBasicDataConnector is the BasicDataConnector implementation for DataConnector. +func (dc DataConnector) AsBasicDataConnector() (BasicDataConnector, bool) { + return &dc, true +} + +// DataConnectorDataTypeCommon common field for data type in data connectors. +type DataConnectorDataTypeCommon struct { + // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' + State DataTypeState `json:"state,omitempty"` +} + +// DataConnectorList list all the data connectors. +type DataConnectorList struct { + autorest.Response `json:"-"` + // NextLink - READ-ONLY; URL to fetch the next set of data connectors. + NextLink *string `json:"nextLink,omitempty"` + // Value - Array of data connectors. + Value *[]BasicDataConnector `json:"value,omitempty"` +} + +// MarshalJSON is the custom marshaler for DataConnectorList. +func (dcl DataConnectorList) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if dcl.Value != nil { + objectMap["value"] = dcl.Value + } + return json.Marshal(objectMap) +} + +// UnmarshalJSON is the custom unmarshaler for DataConnectorList struct. +func (dcl *DataConnectorList) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "nextLink": + if v != nil { + var nextLink string + err = json.Unmarshal(*v, &nextLink) + if err != nil { + return err + } + dcl.NextLink = &nextLink + } + case "value": + if v != nil { + value, err := unmarshalBasicDataConnectorArray(*v) + if err != nil { + return err + } + dcl.Value = &value + } + } + } + + return nil +} + +// DataConnectorListIterator provides access to a complete listing of DataConnector values. +type DataConnectorListIterator struct { + i int + page DataConnectorListPage +} + +// NextWithContext advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +func (iter *DataConnectorListIterator) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/DataConnectorListIterator.NextWithContext") + defer func() { + sc := -1 + if iter.Response().Response.Response != nil { + sc = iter.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + iter.i++ + if iter.i < len(iter.page.Values()) { + return nil + } + err = iter.page.NextWithContext(ctx) + if err != nil { + iter.i-- + return err + } + iter.i = 0 + return nil +} + +// Next advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (iter *DataConnectorListIterator) Next() error { + return iter.NextWithContext(context.Background()) +} + +// NotDone returns true if the enumeration should be started or is not yet complete. +func (iter DataConnectorListIterator) NotDone() bool { + return iter.page.NotDone() && iter.i < len(iter.page.Values()) +} + +// Response returns the raw server response from the last page request. +func (iter DataConnectorListIterator) Response() DataConnectorList { + return iter.page.Response() +} + +// Value returns the current value or a zero-initialized value if the +// iterator has advanced beyond the end of the collection. +func (iter DataConnectorListIterator) Value() BasicDataConnector { + if !iter.page.NotDone() { + return DataConnector{} + } + return iter.page.Values()[iter.i] +} + +// Creates a new instance of the DataConnectorListIterator type. +func NewDataConnectorListIterator(page DataConnectorListPage) DataConnectorListIterator { + return DataConnectorListIterator{page: page} +} + +// IsEmpty returns true if the ListResult contains no values. +func (dcl DataConnectorList) IsEmpty() bool { + return dcl.Value == nil || len(*dcl.Value) == 0 +} + +// hasNextLink returns true if the NextLink is not empty. +func (dcl DataConnectorList) hasNextLink() bool { + return dcl.NextLink != nil && len(*dcl.NextLink) != 0 +} + +// dataConnectorListPreparer prepares a request to retrieve the next set of results. +// It returns nil if no more results exist. +func (dcl DataConnectorList) dataConnectorListPreparer(ctx context.Context) (*http.Request, error) { + if !dcl.hasNextLink() { + return nil, nil + } + return autorest.Prepare((&http.Request{}).WithContext(ctx), + autorest.AsJSON(), + autorest.AsGet(), + autorest.WithBaseURL(to.String(dcl.NextLink))) +} + +// DataConnectorListPage contains a page of BasicDataConnector values. +type DataConnectorListPage struct { + fn func(context.Context, DataConnectorList) (DataConnectorList, error) + dcl DataConnectorList +} + +// NextWithContext advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +func (page *DataConnectorListPage) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/DataConnectorListPage.NextWithContext") + defer func() { + sc := -1 + if page.Response().Response.Response != nil { + sc = page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + for { + next, err := page.fn(ctx, page.dcl) + if err != nil { + return err + } + page.dcl = next + if !next.hasNextLink() || !next.IsEmpty() { + break + } + } + return nil +} + +// Next advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (page *DataConnectorListPage) Next() error { + return page.NextWithContext(context.Background()) +} + +// NotDone returns true if the page enumeration should be started or is not yet complete. +func (page DataConnectorListPage) NotDone() bool { + return !page.dcl.IsEmpty() +} + +// Response returns the raw server response from the last page request. +func (page DataConnectorListPage) Response() DataConnectorList { + return page.dcl +} + +// Values returns the slice of values for the current page or nil if there are no values. +func (page DataConnectorListPage) Values() []BasicDataConnector { + if page.dcl.IsEmpty() { + return nil + } + return *page.dcl.Value +} + +// Creates a new instance of the DataConnectorListPage type. +func NewDataConnectorListPage(cur DataConnectorList, getNextPage func(context.Context, DataConnectorList) (DataConnectorList, error)) DataConnectorListPage { + return DataConnectorListPage{ + fn: getNextPage, + dcl: cur, + } +} + +// DataConnectorModel ... +type DataConnectorModel struct { + autorest.Response `json:"-"` + Value BasicDataConnector `json:"value,omitempty"` +} + +// UnmarshalJSON is the custom unmarshaler for DataConnectorModel struct. +func (dcm *DataConnectorModel) UnmarshalJSON(body []byte) error { + dc, err := unmarshalBasicDataConnector(body) + if err != nil { + return err + } + dcm.Value = dc + + return nil +} + +// DataConnectorTenantID properties data connector on tenant level. +type DataConnectorTenantID struct { + // TenantID - The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` +} + +// DataConnectorWithAlertsProperties data connector properties. +type DataConnectorWithAlertsProperties struct { + // DataTypes - The available data types for the connector. + DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"` +} + +// ErrorAdditionalInfo the resource management error additional info. +type ErrorAdditionalInfo struct { + // Type - READ-ONLY; The additional info type. + Type *string `json:"type,omitempty"` + // Info - READ-ONLY; The additional info. + Info interface{} `json:"info,omitempty"` +} + +// ErrorResponse common error response for all Azure Resource Manager APIs to return error details for +// failed operations. (This also follows the OData error response format.) +type ErrorResponse struct { + // Code - READ-ONLY; The error code. + Code *string `json:"code,omitempty"` + // Message - READ-ONLY; The error message. + Message *string `json:"message,omitempty"` + // Target - READ-ONLY; The error target. + Target *string `json:"target,omitempty"` + // Details - READ-ONLY; The error details. + Details *[]ErrorResponse `json:"details,omitempty"` + // AdditionalInfo - READ-ONLY; The error additional info. + AdditionalInfo *[]ErrorAdditionalInfo `json:"additionalInfo,omitempty"` +} + +// FusionAlertRule represents Fusion alert rule. +type FusionAlertRule struct { + // FusionAlertRuleProperties - Fusion alert rule properties + *FusionAlertRuleProperties `json:"properties,omitempty"` + // Kind - Possible values include: 'KindAlertRule', 'KindFusion', 'KindMicrosoftSecurityIncidentCreation', 'KindScheduled' + Kind Kind `json:"kind,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` +} + +// MarshalJSON is the custom marshaler for FusionAlertRule. +func (far FusionAlertRule) MarshalJSON() ([]byte, error) { + far.Kind = KindFusion + objectMap := make(map[string]interface{}) + if far.FusionAlertRuleProperties != nil { + objectMap["properties"] = far.FusionAlertRuleProperties + } + if far.Kind != "" { + objectMap["kind"] = far.Kind + } + if far.Etag != nil { + objectMap["etag"] = far.Etag + } + return json.Marshal(objectMap) +} + +// AsFusionAlertRule is the BasicAlertRule implementation for FusionAlertRule. +func (far FusionAlertRule) AsFusionAlertRule() (*FusionAlertRule, bool) { + return &far, true +} + +// AsMicrosoftSecurityIncidentCreationAlertRule is the BasicAlertRule implementation for FusionAlertRule. +func (far FusionAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool) { + return nil, false +} + +// AsScheduledAlertRule is the BasicAlertRule implementation for FusionAlertRule. +func (far FusionAlertRule) AsScheduledAlertRule() (*ScheduledAlertRule, bool) { + return nil, false +} + +// AsAlertRule is the BasicAlertRule implementation for FusionAlertRule. +func (far FusionAlertRule) AsAlertRule() (*AlertRule, bool) { + return nil, false +} + +// AsBasicAlertRule is the BasicAlertRule implementation for FusionAlertRule. +func (far FusionAlertRule) AsBasicAlertRule() (BasicAlertRule, bool) { + return &far, true +} + +// UnmarshalJSON is the custom unmarshaler for FusionAlertRule struct. +func (far *FusionAlertRule) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var fusionAlertRuleProperties FusionAlertRuleProperties + err = json.Unmarshal(*v, &fusionAlertRuleProperties) + if err != nil { + return err + } + far.FusionAlertRuleProperties = &fusionAlertRuleProperties + } + case "kind": + if v != nil { + var kind Kind + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + far.Kind = kind + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + far.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + far.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + far.Type = &typeVar + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + far.Etag = &etag + } + } + } + + return nil +} + +// FusionAlertRuleProperties fusion alert rule base property bag. +type FusionAlertRuleProperties struct { + // AlertRuleTemplateName - The Name of the alert rule template used to create this rule. + AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"` + // Description - READ-ONLY; The description of the alert rule. + Description *string `json:"description,omitempty"` + // DisplayName - READ-ONLY; The display name for alerts created by this alert rule. + DisplayName *string `json:"displayName,omitempty"` + // Enabled - Determines whether this alert rule is enabled or disabled. + Enabled *bool `json:"enabled,omitempty"` + // LastModifiedUtc - READ-ONLY; The last time that this alert has been modified. + LastModifiedUtc *date.Time `json:"lastModifiedUtc,omitempty"` + // Severity - READ-ONLY; The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational' + Severity AlertSeverity `json:"severity,omitempty"` + // Tactics - READ-ONLY; The tactics of the alert rule + Tactics *[]AttackTactic `json:"tactics,omitempty"` +} + +// MarshalJSON is the custom marshaler for FusionAlertRuleProperties. +func (farp FusionAlertRuleProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if farp.AlertRuleTemplateName != nil { + objectMap["alertRuleTemplateName"] = farp.AlertRuleTemplateName + } + if farp.Enabled != nil { + objectMap["enabled"] = farp.Enabled + } + return json.Marshal(objectMap) +} + +// FusionAlertRuleTemplate represents Fusion alert rule template. +type FusionAlertRuleTemplate struct { + // FusionAlertRuleTemplateProperties - Fusion alert rule template properties + *FusionAlertRuleTemplateProperties `json:"properties,omitempty"` + // Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindFusion', 'KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation', 'KindBasicAlertRuleTemplateKindScheduled' + Kind KindBasicAlertRuleTemplate `json:"kind,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` +} + +// MarshalJSON is the custom marshaler for FusionAlertRuleTemplate. +func (fart FusionAlertRuleTemplate) MarshalJSON() ([]byte, error) { + fart.Kind = KindBasicAlertRuleTemplateKindFusion + objectMap := make(map[string]interface{}) + if fart.FusionAlertRuleTemplateProperties != nil { + objectMap["properties"] = fart.FusionAlertRuleTemplateProperties + } + if fart.Kind != "" { + objectMap["kind"] = fart.Kind + } + return json.Marshal(objectMap) +} + +// AsFusionAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate. +func (fart FusionAlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool) { + return &fart, true +} + +// AsMicrosoftSecurityIncidentCreationAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate. +func (fart FusionAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool) { + return nil, false +} + +// AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate. +func (fart FusionAlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool) { + return nil, false +} + +// AsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate. +func (fart FusionAlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool) { + return nil, false +} + +// AsBasicAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate. +func (fart FusionAlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool) { + return &fart, true +} + +// UnmarshalJSON is the custom unmarshaler for FusionAlertRuleTemplate struct. +func (fart *FusionAlertRuleTemplate) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var fusionAlertRuleTemplateProperties FusionAlertRuleTemplateProperties + err = json.Unmarshal(*v, &fusionAlertRuleTemplateProperties) + if err != nil { + return err + } + fart.FusionAlertRuleTemplateProperties = &fusionAlertRuleTemplateProperties + } + case "kind": + if v != nil { + var kind KindBasicAlertRuleTemplate + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + fart.Kind = kind + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + fart.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + fart.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + fart.Type = &typeVar + } + } + } + + return nil +} + +// FusionAlertRuleTemplateProperties represents Fusion alert rule template properties +type FusionAlertRuleTemplateProperties struct { + // AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template + AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` + // CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added. + CreatedDateUTC *date.Time `json:"createdDateUTC,omitempty"` + // Description - The description of the alert rule template. + Description *string `json:"description,omitempty"` + // DisplayName - The display name for alert rule template. + DisplayName *string `json:"displayName,omitempty"` + // RequiredDataConnectors - The required data connectors for this template + RequiredDataConnectors *[]AlertRuleTemplateDataSource `json:"requiredDataConnectors,omitempty"` + // Status - The alert rule template status. Possible values include: 'Installed', 'Available', 'NotAvailable' + Status TemplateStatus `json:"status,omitempty"` + // Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational' + Severity AlertSeverity `json:"severity,omitempty"` + // Tactics - The tactics of the alert rule template + Tactics *[]AttackTactic `json:"tactics,omitempty"` +} + +// MarshalJSON is the custom marshaler for FusionAlertRuleTemplateProperties. +func (fartp FusionAlertRuleTemplateProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if fartp.AlertRulesCreatedByTemplateCount != nil { + objectMap["alertRulesCreatedByTemplateCount"] = fartp.AlertRulesCreatedByTemplateCount + } + if fartp.Description != nil { + objectMap["description"] = fartp.Description + } + if fartp.DisplayName != nil { + objectMap["displayName"] = fartp.DisplayName + } + if fartp.RequiredDataConnectors != nil { + objectMap["requiredDataConnectors"] = fartp.RequiredDataConnectors + } + if fartp.Status != "" { + objectMap["status"] = fartp.Status + } + if fartp.Severity != "" { + objectMap["severity"] = fartp.Severity + } + if fartp.Tactics != nil { + objectMap["tactics"] = fartp.Tactics + } + return json.Marshal(objectMap) +} + +// Incident represents an incident in Azure Security Insights. +type Incident struct { + autorest.Response `json:"-"` + // IncidentProperties - Incident properties + *IncidentProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` +} + +// MarshalJSON is the custom marshaler for Incident. +func (i Incident) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if i.IncidentProperties != nil { + objectMap["properties"] = i.IncidentProperties + } + if i.Etag != nil { + objectMap["etag"] = i.Etag + } + return json.Marshal(objectMap) +} + +// UnmarshalJSON is the custom unmarshaler for Incident struct. +func (i *Incident) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var incidentProperties IncidentProperties + err = json.Unmarshal(*v, &incidentProperties) + if err != nil { + return err + } + i.IncidentProperties = &incidentProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + i.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + i.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + i.Type = &typeVar + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + i.Etag = &etag + } + } + } + + return nil +} + +// IncidentAdditionalData incident additional data property bag. +type IncidentAdditionalData struct { + // AlertsCount - READ-ONLY; The number of alerts in the incident + AlertsCount *int32 `json:"alertsCount,omitempty"` + // BookmarksCount - READ-ONLY; The number of bookmarks in the incident + BookmarksCount *int32 `json:"bookmarksCount,omitempty"` + // CommentsCount - READ-ONLY; The number of comments in the incident + CommentsCount *int32 `json:"commentsCount,omitempty"` + // AlertProductNames - READ-ONLY; List of product names of alerts in the incident + AlertProductNames *[]string `json:"alertProductNames,omitempty"` + // Tactics - READ-ONLY; The tactics associated with incident + Tactics *[]AttackTactic `json:"tactics,omitempty"` +} + +// IncidentComment represents an incident comment +type IncidentComment struct { + autorest.Response `json:"-"` + // IncidentCommentProperties - Incident comment properties + *IncidentCommentProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` +} + +// MarshalJSON is the custom marshaler for IncidentComment. +func (ic IncidentComment) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if ic.IncidentCommentProperties != nil { + objectMap["properties"] = ic.IncidentCommentProperties + } + return json.Marshal(objectMap) +} + +// UnmarshalJSON is the custom unmarshaler for IncidentComment struct. +func (ic *IncidentComment) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var incidentCommentProperties IncidentCommentProperties + err = json.Unmarshal(*v, &incidentCommentProperties) + if err != nil { + return err + } + ic.IncidentCommentProperties = &incidentCommentProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + ic.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + ic.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + ic.Type = &typeVar + } + } + } + + return nil +} + +// IncidentCommentList list of incident comments. +type IncidentCommentList struct { + autorest.Response `json:"-"` + // NextLink - READ-ONLY; URL to fetch the next set of comments. + NextLink *string `json:"nextLink,omitempty"` + // Value - Array of comments. + Value *[]IncidentComment `json:"value,omitempty"` +} + +// MarshalJSON is the custom marshaler for IncidentCommentList. +func (icl IncidentCommentList) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if icl.Value != nil { + objectMap["value"] = icl.Value + } + return json.Marshal(objectMap) +} + +// IncidentCommentListIterator provides access to a complete listing of IncidentComment values. +type IncidentCommentListIterator struct { + i int + page IncidentCommentListPage +} + +// NextWithContext advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +func (iter *IncidentCommentListIterator) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/IncidentCommentListIterator.NextWithContext") + defer func() { + sc := -1 + if iter.Response().Response.Response != nil { + sc = iter.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + iter.i++ + if iter.i < len(iter.page.Values()) { + return nil + } + err = iter.page.NextWithContext(ctx) + if err != nil { + iter.i-- + return err + } + iter.i = 0 + return nil +} + +// Next advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (iter *IncidentCommentListIterator) Next() error { + return iter.NextWithContext(context.Background()) +} + +// NotDone returns true if the enumeration should be started or is not yet complete. +func (iter IncidentCommentListIterator) NotDone() bool { + return iter.page.NotDone() && iter.i < len(iter.page.Values()) +} + +// Response returns the raw server response from the last page request. +func (iter IncidentCommentListIterator) Response() IncidentCommentList { + return iter.page.Response() +} + +// Value returns the current value or a zero-initialized value if the +// iterator has advanced beyond the end of the collection. +func (iter IncidentCommentListIterator) Value() IncidentComment { + if !iter.page.NotDone() { + return IncidentComment{} + } + return iter.page.Values()[iter.i] +} + +// Creates a new instance of the IncidentCommentListIterator type. +func NewIncidentCommentListIterator(page IncidentCommentListPage) IncidentCommentListIterator { + return IncidentCommentListIterator{page: page} +} + +// IsEmpty returns true if the ListResult contains no values. +func (icl IncidentCommentList) IsEmpty() bool { + return icl.Value == nil || len(*icl.Value) == 0 +} + +// hasNextLink returns true if the NextLink is not empty. +func (icl IncidentCommentList) hasNextLink() bool { + return icl.NextLink != nil && len(*icl.NextLink) != 0 +} + +// incidentCommentListPreparer prepares a request to retrieve the next set of results. +// It returns nil if no more results exist. +func (icl IncidentCommentList) incidentCommentListPreparer(ctx context.Context) (*http.Request, error) { + if !icl.hasNextLink() { + return nil, nil + } + return autorest.Prepare((&http.Request{}).WithContext(ctx), + autorest.AsJSON(), + autorest.AsGet(), + autorest.WithBaseURL(to.String(icl.NextLink))) +} + +// IncidentCommentListPage contains a page of IncidentComment values. +type IncidentCommentListPage struct { + fn func(context.Context, IncidentCommentList) (IncidentCommentList, error) + icl IncidentCommentList +} + +// NextWithContext advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +func (page *IncidentCommentListPage) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/IncidentCommentListPage.NextWithContext") + defer func() { + sc := -1 + if page.Response().Response.Response != nil { + sc = page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + for { + next, err := page.fn(ctx, page.icl) + if err != nil { + return err + } + page.icl = next + if !next.hasNextLink() || !next.IsEmpty() { + break + } + } + return nil +} + +// Next advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (page *IncidentCommentListPage) Next() error { + return page.NextWithContext(context.Background()) +} + +// NotDone returns true if the page enumeration should be started or is not yet complete. +func (page IncidentCommentListPage) NotDone() bool { + return !page.icl.IsEmpty() +} + +// Response returns the raw server response from the last page request. +func (page IncidentCommentListPage) Response() IncidentCommentList { + return page.icl +} + +// Values returns the slice of values for the current page or nil if there are no values. +func (page IncidentCommentListPage) Values() []IncidentComment { + if page.icl.IsEmpty() { + return nil + } + return *page.icl.Value +} + +// Creates a new instance of the IncidentCommentListPage type. +func NewIncidentCommentListPage(cur IncidentCommentList, getNextPage func(context.Context, IncidentCommentList) (IncidentCommentList, error)) IncidentCommentListPage { + return IncidentCommentListPage{ + fn: getNextPage, + icl: cur, + } +} + +// IncidentCommentProperties incident comment property bag. +type IncidentCommentProperties struct { + // CreatedTimeUtc - READ-ONLY; The time the comment was created + CreatedTimeUtc *date.Time `json:"createdTimeUtc,omitempty"` + // Message - The comment message + Message *string `json:"message,omitempty"` + // Author - READ-ONLY; Describes the client that created the comment + Author *ClientInfo `json:"author,omitempty"` +} + +// MarshalJSON is the custom marshaler for IncidentCommentProperties. +func (icp IncidentCommentProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if icp.Message != nil { + objectMap["message"] = icp.Message + } + return json.Marshal(objectMap) +} + +// IncidentInfo describes related incident information for the bookmark +type IncidentInfo struct { + // IncidentID - Incident Id + IncidentID *string `json:"incidentId,omitempty"` + // Severity - The severity of the incident. Possible values include: 'CaseSeverityCritical', 'CaseSeverityHigh', 'CaseSeverityMedium', 'CaseSeverityLow', 'CaseSeverityInformational' + Severity CaseSeverity `json:"severity,omitempty"` + // Title - The title of the incident + Title *string `json:"title,omitempty"` + // RelationName - Relation Name + RelationName *string `json:"relationName,omitempty"` +} + +// IncidentLabel represents an incident label +type IncidentLabel struct { + // LabelName - The name of the label + LabelName *string `json:"labelName,omitempty"` + // LabelType - READ-ONLY; The type of the label. Possible values include: 'User', 'System' + LabelType IncidentLabelType `json:"labelType,omitempty"` +} + +// MarshalJSON is the custom marshaler for IncidentLabel. +func (il IncidentLabel) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if il.LabelName != nil { + objectMap["labelName"] = il.LabelName + } + return json.Marshal(objectMap) +} + +// IncidentList list all the incidents. +type IncidentList struct { + autorest.Response `json:"-"` + // NextLink - READ-ONLY; URL to fetch the next set of incidents. + NextLink *string `json:"nextLink,omitempty"` + // Value - Array of incidents. + Value *[]Incident `json:"value,omitempty"` +} + +// MarshalJSON is the custom marshaler for IncidentList. +func (il IncidentList) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if il.Value != nil { + objectMap["value"] = il.Value + } + return json.Marshal(objectMap) +} + +// IncidentListIterator provides access to a complete listing of Incident values. +type IncidentListIterator struct { + i int + page IncidentListPage +} + +// NextWithContext advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +func (iter *IncidentListIterator) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/IncidentListIterator.NextWithContext") + defer func() { + sc := -1 + if iter.Response().Response.Response != nil { + sc = iter.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + iter.i++ + if iter.i < len(iter.page.Values()) { + return nil + } + err = iter.page.NextWithContext(ctx) + if err != nil { + iter.i-- + return err + } + iter.i = 0 + return nil +} + +// Next advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (iter *IncidentListIterator) Next() error { + return iter.NextWithContext(context.Background()) +} + +// NotDone returns true if the enumeration should be started or is not yet complete. +func (iter IncidentListIterator) NotDone() bool { + return iter.page.NotDone() && iter.i < len(iter.page.Values()) +} + +// Response returns the raw server response from the last page request. +func (iter IncidentListIterator) Response() IncidentList { + return iter.page.Response() +} + +// Value returns the current value or a zero-initialized value if the +// iterator has advanced beyond the end of the collection. +func (iter IncidentListIterator) Value() Incident { + if !iter.page.NotDone() { + return Incident{} + } + return iter.page.Values()[iter.i] +} + +// Creates a new instance of the IncidentListIterator type. +func NewIncidentListIterator(page IncidentListPage) IncidentListIterator { + return IncidentListIterator{page: page} +} + +// IsEmpty returns true if the ListResult contains no values. +func (il IncidentList) IsEmpty() bool { + return il.Value == nil || len(*il.Value) == 0 +} + +// hasNextLink returns true if the NextLink is not empty. +func (il IncidentList) hasNextLink() bool { + return il.NextLink != nil && len(*il.NextLink) != 0 +} + +// incidentListPreparer prepares a request to retrieve the next set of results. +// It returns nil if no more results exist. +func (il IncidentList) incidentListPreparer(ctx context.Context) (*http.Request, error) { + if !il.hasNextLink() { + return nil, nil + } + return autorest.Prepare((&http.Request{}).WithContext(ctx), + autorest.AsJSON(), + autorest.AsGet(), + autorest.WithBaseURL(to.String(il.NextLink))) +} + +// IncidentListPage contains a page of Incident values. +type IncidentListPage struct { + fn func(context.Context, IncidentList) (IncidentList, error) + il IncidentList +} + +// NextWithContext advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +func (page *IncidentListPage) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/IncidentListPage.NextWithContext") + defer func() { + sc := -1 + if page.Response().Response.Response != nil { + sc = page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + for { + next, err := page.fn(ctx, page.il) + if err != nil { + return err + } + page.il = next + if !next.hasNextLink() || !next.IsEmpty() { + break + } + } + return nil +} + +// Next advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (page *IncidentListPage) Next() error { + return page.NextWithContext(context.Background()) +} + +// NotDone returns true if the page enumeration should be started or is not yet complete. +func (page IncidentListPage) NotDone() bool { + return !page.il.IsEmpty() +} + +// Response returns the raw server response from the last page request. +func (page IncidentListPage) Response() IncidentList { + return page.il +} + +// Values returns the slice of values for the current page or nil if there are no values. +func (page IncidentListPage) Values() []Incident { + if page.il.IsEmpty() { + return nil + } + return *page.il.Value +} + +// Creates a new instance of the IncidentListPage type. +func NewIncidentListPage(cur IncidentList, getNextPage func(context.Context, IncidentList) (IncidentList, error)) IncidentListPage { + return IncidentListPage{ + fn: getNextPage, + il: cur, + } +} + +// IncidentOwnerInfo information on the user an incident is assigned to +type IncidentOwnerInfo struct { + // Email - The email of the user the incident is assigned to. + Email *string `json:"email,omitempty"` + // AssignedTo - The name of the user the incident is assigned to. + AssignedTo *string `json:"assignedTo,omitempty"` + // ObjectID - The object id of the user the incident is assigned to. + ObjectID *uuid.UUID `json:"objectId,omitempty"` + // UserPrincipalName - The user principal name of the user the incident is assigned to. + UserPrincipalName *string `json:"userPrincipalName,omitempty"` +} + +// IncidentProperties describes incident properties +type IncidentProperties struct { + // AdditionalData - READ-ONLY; Additional data on the incident + AdditionalData *IncidentAdditionalData `json:"additionalData,omitempty"` + // Classification - The reason the incident was closed. Possible values include: 'Undetermined', 'TruePositive', 'BenignPositive', 'FalsePositive' + Classification IncidentClassification `json:"classification,omitempty"` + // ClassificationComment - Describes the reason the incident was closed + ClassificationComment *string `json:"classificationComment,omitempty"` + // ClassificationReason - The classification reason the incident was closed with. Possible values include: 'SuspiciousActivity', 'SuspiciousButExpected', 'IncorrectAlertLogic', 'InaccurateData' + ClassificationReason IncidentClassificationReason `json:"classificationReason,omitempty"` + // CreatedTimeUtc - READ-ONLY; The time the incident was created + CreatedTimeUtc *date.Time `json:"createdTimeUtc,omitempty"` + // Description - The description of the incident + Description *string `json:"description,omitempty"` + // FirstActivityTimeUtc - The time of the first activity in the incident + FirstActivityTimeUtc *date.Time `json:"firstActivityTimeUtc,omitempty"` + // IncidentURL - READ-ONLY; The deep-link url to the incident in Azure portal + IncidentURL *string `json:"incidentUrl,omitempty"` + // IncidentNumber - READ-ONLY; A sequential number + IncidentNumber *int32 `json:"incidentNumber,omitempty"` + // Labels - List of labels relevant to this incident + Labels *[]IncidentLabel `json:"labels,omitempty"` + // LastActivityTimeUtc - The time of the last activity in the incident + LastActivityTimeUtc *date.Time `json:"lastActivityTimeUtc,omitempty"` + // LastModifiedTimeUtc - READ-ONLY; The last time the incident was updated + LastModifiedTimeUtc *date.Time `json:"lastModifiedTimeUtc,omitempty"` + // Owner - Describes a user that the incident is assigned to + Owner *IncidentOwnerInfo `json:"owner,omitempty"` + // RelatedAnalyticRuleIds - READ-ONLY; List of resource ids of Analytic rules related to the incident + RelatedAnalyticRuleIds *[]string `json:"relatedAnalyticRuleIds,omitempty"` + // Severity - The severity of the incident. Possible values include: 'IncidentSeverityHigh', 'IncidentSeverityMedium', 'IncidentSeverityLow', 'IncidentSeverityInformational' + Severity IncidentSeverity `json:"severity,omitempty"` + // Status - The status of the incident. Possible values include: 'IncidentStatusNew', 'IncidentStatusActive', 'IncidentStatusClosed' + Status IncidentStatus `json:"status,omitempty"` + // Title - The title of the incident + Title *string `json:"title,omitempty"` +} + +// MarshalJSON is the custom marshaler for IncidentProperties. +func (IP IncidentProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if IP.Classification != "" { + objectMap["classification"] = IP.Classification + } + if IP.ClassificationComment != nil { + objectMap["classificationComment"] = IP.ClassificationComment + } + if IP.ClassificationReason != "" { + objectMap["classificationReason"] = IP.ClassificationReason + } + if IP.Description != nil { + objectMap["description"] = IP.Description + } + if IP.FirstActivityTimeUtc != nil { + objectMap["firstActivityTimeUtc"] = IP.FirstActivityTimeUtc + } + if IP.Labels != nil { + objectMap["labels"] = IP.Labels + } + if IP.LastActivityTimeUtc != nil { + objectMap["lastActivityTimeUtc"] = IP.LastActivityTimeUtc + } + if IP.Owner != nil { + objectMap["owner"] = IP.Owner + } + if IP.Severity != "" { + objectMap["severity"] = IP.Severity + } + if IP.Status != "" { + objectMap["status"] = IP.Status + } + if IP.Title != nil { + objectMap["title"] = IP.Title + } + return json.Marshal(objectMap) +} + +// MCASDataConnector represents MCAS (Microsoft Cloud App Security) data connector. +type MCASDataConnector struct { + // MCASDataConnectorProperties - MCAS (Microsoft Cloud App Security) data connector properties. + *MCASDataConnectorProperties `json:"properties,omitempty"` + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence' + Kind KindBasicDataConnector `json:"kind,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` +} + +// MarshalJSON is the custom marshaler for MCASDataConnector. +func (mdc MCASDataConnector) MarshalJSON() ([]byte, error) { + mdc.Kind = KindMicrosoftCloudAppSecurity + objectMap := make(map[string]interface{}) + if mdc.MCASDataConnectorProperties != nil { + objectMap["properties"] = mdc.MCASDataConnectorProperties + } + if mdc.Kind != "" { + objectMap["kind"] = mdc.Kind + } + if mdc.Etag != nil { + objectMap["etag"] = mdc.Etag + } + return json.Marshal(objectMap) +} + +// AsAADDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { + return nil, false +} + +// AsAATPDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { + return nil, false +} + +// AsASCDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { + return nil, false +} + +// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { + return nil, false +} + +// AsMCASDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { + return &mdc, true +} + +// AsMDATPDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { + return nil, false +} + +// AsOfficeDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { + return nil, false +} + +// AsTIDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { + return nil, false +} + +// AsDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsDataConnector() (*DataConnector, bool) { + return nil, false +} + +// AsBasicDataConnector is the BasicDataConnector implementation for MCASDataConnector. +func (mdc MCASDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) { + return &mdc, true +} + +// UnmarshalJSON is the custom unmarshaler for MCASDataConnector struct. +func (mdc *MCASDataConnector) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var mCASDataConnectorProperties MCASDataConnectorProperties + err = json.Unmarshal(*v, &mCASDataConnectorProperties) + if err != nil { + return err + } + mdc.MCASDataConnectorProperties = &mCASDataConnectorProperties + } + case "kind": + if v != nil { + var kind KindBasicDataConnector + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + mdc.Kind = kind + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + mdc.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + mdc.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + mdc.Type = &typeVar + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + mdc.Etag = &etag + } + } + } + + return nil +} + +// MCASDataConnectorDataTypes the available data types for MCAS (Microsoft Cloud App Security) data +// connector. +type MCASDataConnectorDataTypes struct { + // DiscoveryLogs - Discovery log data type connection. + DiscoveryLogs *DataConnectorDataTypeCommon `json:"discoveryLogs,omitempty"` + // Alerts - Alerts data type connection. + Alerts *DataConnectorDataTypeCommon `json:"alerts,omitempty"` +} + +// MCASDataConnectorProperties MCAS (Microsoft Cloud App Security) data connector properties. +type MCASDataConnectorProperties struct { + // TenantID - The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` + // DataTypes - The available data types for the connector. + DataTypes *MCASDataConnectorDataTypes `json:"dataTypes,omitempty"` +} + +// MDATPDataConnector represents MDATP (Microsoft Defender Advanced Threat Protection) data connector. +type MDATPDataConnector struct { + // MDATPDataConnectorProperties - MDATP (Microsoft Defender Advanced Threat Protection) data connector properties. + *MDATPDataConnectorProperties `json:"properties,omitempty"` + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence' + Kind KindBasicDataConnector `json:"kind,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` +} + +// MarshalJSON is the custom marshaler for MDATPDataConnector. +func (mdc MDATPDataConnector) MarshalJSON() ([]byte, error) { + mdc.Kind = KindMicrosoftDefenderAdvancedThreatProtection + objectMap := make(map[string]interface{}) + if mdc.MDATPDataConnectorProperties != nil { + objectMap["properties"] = mdc.MDATPDataConnectorProperties + } + if mdc.Kind != "" { + objectMap["kind"] = mdc.Kind + } + if mdc.Etag != nil { + objectMap["etag"] = mdc.Etag + } + return json.Marshal(objectMap) +} + +// AsAADDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { + return nil, false +} + +// AsAATPDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { + return nil, false +} + +// AsASCDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { + return nil, false +} + +// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { + return nil, false +} + +// AsMCASDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { + return nil, false +} + +// AsMDATPDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { + return &mdc, true +} + +// AsOfficeDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { + return nil, false +} + +// AsTIDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { + return nil, false +} + +// AsDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsDataConnector() (*DataConnector, bool) { + return nil, false +} + +// AsBasicDataConnector is the BasicDataConnector implementation for MDATPDataConnector. +func (mdc MDATPDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) { + return &mdc, true +} + +// UnmarshalJSON is the custom unmarshaler for MDATPDataConnector struct. +func (mdc *MDATPDataConnector) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var mDATPDataConnectorProperties MDATPDataConnectorProperties + err = json.Unmarshal(*v, &mDATPDataConnectorProperties) + if err != nil { + return err + } + mdc.MDATPDataConnectorProperties = &mDATPDataConnectorProperties + } + case "kind": + if v != nil { + var kind KindBasicDataConnector + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + mdc.Kind = kind + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + mdc.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + mdc.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + mdc.Type = &typeVar + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + mdc.Etag = &etag + } + } + } + + return nil +} + +// MDATPDataConnectorProperties MDATP (Microsoft Defender Advanced Threat Protection) data connector +// properties. +type MDATPDataConnectorProperties struct { + // TenantID - The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` + // DataTypes - The available data types for the connector. + DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"` +} + +// MicrosoftSecurityIncidentCreationAlertRule represents MicrosoftSecurityIncidentCreation rule. +type MicrosoftSecurityIncidentCreationAlertRule struct { + // MicrosoftSecurityIncidentCreationAlertRuleProperties - MicrosoftSecurityIncidentCreation rule properties + *MicrosoftSecurityIncidentCreationAlertRuleProperties `json:"properties,omitempty"` + // Kind - Possible values include: 'KindAlertRule', 'KindFusion', 'KindMicrosoftSecurityIncidentCreation', 'KindScheduled' + Kind Kind `json:"kind,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` +} + +// MarshalJSON is the custom marshaler for MicrosoftSecurityIncidentCreationAlertRule. +func (msicar MicrosoftSecurityIncidentCreationAlertRule) MarshalJSON() ([]byte, error) { + msicar.Kind = KindMicrosoftSecurityIncidentCreation + objectMap := make(map[string]interface{}) + if msicar.MicrosoftSecurityIncidentCreationAlertRuleProperties != nil { + objectMap["properties"] = msicar.MicrosoftSecurityIncidentCreationAlertRuleProperties + } + if msicar.Kind != "" { + objectMap["kind"] = msicar.Kind + } + if msicar.Etag != nil { + objectMap["etag"] = msicar.Etag + } + return json.Marshal(objectMap) +} + +// AsFusionAlertRule is the BasicAlertRule implementation for MicrosoftSecurityIncidentCreationAlertRule. +func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsFusionAlertRule() (*FusionAlertRule, bool) { + return nil, false +} + +// AsMicrosoftSecurityIncidentCreationAlertRule is the BasicAlertRule implementation for MicrosoftSecurityIncidentCreationAlertRule. +func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool) { + return &msicar, true +} + +// AsScheduledAlertRule is the BasicAlertRule implementation for MicrosoftSecurityIncidentCreationAlertRule. +func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsScheduledAlertRule() (*ScheduledAlertRule, bool) { + return nil, false +} + +// AsAlertRule is the BasicAlertRule implementation for MicrosoftSecurityIncidentCreationAlertRule. +func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsAlertRule() (*AlertRule, bool) { + return nil, false +} + +// AsBasicAlertRule is the BasicAlertRule implementation for MicrosoftSecurityIncidentCreationAlertRule. +func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsBasicAlertRule() (BasicAlertRule, bool) { + return &msicar, true +} + +// UnmarshalJSON is the custom unmarshaler for MicrosoftSecurityIncidentCreationAlertRule struct. +func (msicar *MicrosoftSecurityIncidentCreationAlertRule) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var microsoftSecurityIncidentCreationAlertRuleProperties MicrosoftSecurityIncidentCreationAlertRuleProperties + err = json.Unmarshal(*v, µsoftSecurityIncidentCreationAlertRuleProperties) + if err != nil { + return err + } + msicar.MicrosoftSecurityIncidentCreationAlertRuleProperties = µsoftSecurityIncidentCreationAlertRuleProperties + } + case "kind": + if v != nil { + var kind Kind + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + msicar.Kind = kind + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + msicar.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + msicar.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + msicar.Type = &typeVar + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + msicar.Etag = &etag + } + } + } + + return nil +} + +// MicrosoftSecurityIncidentCreationAlertRuleCommonProperties microsoftSecurityIncidentCreation rule common +// property bag. +type MicrosoftSecurityIncidentCreationAlertRuleCommonProperties struct { + // DisplayNamesFilter - the alerts' displayNames on which the cases will be generated + DisplayNamesFilter *[]string `json:"displayNamesFilter,omitempty"` + // DisplayNamesExcludeFilter - the alerts' displayNames on which the cases will not be generated + DisplayNamesExcludeFilter *[]string `json:"displayNamesExcludeFilter,omitempty"` + // ProductFilter - The alerts' productName on which the cases will be generated. Possible values include: 'MicrosoftCloudAppSecurity', 'AzureSecurityCenter', 'AzureAdvancedThreatProtection', 'AzureActiveDirectoryIdentityProtection', 'AzureSecurityCenterforIoT' + ProductFilter MicrosoftSecurityProductName `json:"productFilter,omitempty"` + // SeveritiesFilter - the alerts' severities on which the cases will be generated + SeveritiesFilter *[]AlertSeverity `json:"severitiesFilter,omitempty"` +} + +// MicrosoftSecurityIncidentCreationAlertRuleProperties microsoftSecurityIncidentCreation rule property +// bag. +type MicrosoftSecurityIncidentCreationAlertRuleProperties struct { + // AlertRuleTemplateName - The Name of the alert rule template used to create this rule. + AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"` + // Description - The description of the alert rule. + Description *string `json:"description,omitempty"` + // DisplayName - The display name for alerts created by this alert rule. + DisplayName *string `json:"displayName,omitempty"` + // Enabled - Determines whether this alert rule is enabled or disabled. + Enabled *bool `json:"enabled,omitempty"` + // LastModifiedUtc - READ-ONLY; The last time that this alert has been modified. + LastModifiedUtc *date.Time `json:"lastModifiedUtc,omitempty"` + // DisplayNamesFilter - the alerts' displayNames on which the cases will be generated + DisplayNamesFilter *[]string `json:"displayNamesFilter,omitempty"` + // DisplayNamesExcludeFilter - the alerts' displayNames on which the cases will not be generated + DisplayNamesExcludeFilter *[]string `json:"displayNamesExcludeFilter,omitempty"` + // ProductFilter - The alerts' productName on which the cases will be generated. Possible values include: 'MicrosoftCloudAppSecurity', 'AzureSecurityCenter', 'AzureAdvancedThreatProtection', 'AzureActiveDirectoryIdentityProtection', 'AzureSecurityCenterforIoT' + ProductFilter MicrosoftSecurityProductName `json:"productFilter,omitempty"` + // SeveritiesFilter - the alerts' severities on which the cases will be generated + SeveritiesFilter *[]AlertSeverity `json:"severitiesFilter,omitempty"` +} + +// MarshalJSON is the custom marshaler for MicrosoftSecurityIncidentCreationAlertRuleProperties. +func (msicarp MicrosoftSecurityIncidentCreationAlertRuleProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if msicarp.AlertRuleTemplateName != nil { + objectMap["alertRuleTemplateName"] = msicarp.AlertRuleTemplateName + } + if msicarp.Description != nil { + objectMap["description"] = msicarp.Description + } + if msicarp.DisplayName != nil { + objectMap["displayName"] = msicarp.DisplayName + } + if msicarp.Enabled != nil { + objectMap["enabled"] = msicarp.Enabled + } + if msicarp.DisplayNamesFilter != nil { + objectMap["displayNamesFilter"] = msicarp.DisplayNamesFilter + } + if msicarp.DisplayNamesExcludeFilter != nil { + objectMap["displayNamesExcludeFilter"] = msicarp.DisplayNamesExcludeFilter + } + if msicarp.ProductFilter != "" { + objectMap["productFilter"] = msicarp.ProductFilter + } + if msicarp.SeveritiesFilter != nil { + objectMap["severitiesFilter"] = msicarp.SeveritiesFilter + } + return json.Marshal(objectMap) +} + +// MicrosoftSecurityIncidentCreationAlertRuleTemplate represents MicrosoftSecurityIncidentCreation rule +// template. +type MicrosoftSecurityIncidentCreationAlertRuleTemplate struct { + // MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties - MicrosoftSecurityIncidentCreation rule template properties + *MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties `json:"properties,omitempty"` + // Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindFusion', 'KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation', 'KindBasicAlertRuleTemplateKindScheduled' + Kind KindBasicAlertRuleTemplate `json:"kind,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` +} + +// MarshalJSON is the custom marshaler for MicrosoftSecurityIncidentCreationAlertRuleTemplate. +func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) MarshalJSON() ([]byte, error) { + msicart.Kind = KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation + objectMap := make(map[string]interface{}) + if msicart.MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties != nil { + objectMap["properties"] = msicart.MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties + } + if msicart.Kind != "" { + objectMap["kind"] = msicart.Kind + } + return json.Marshal(objectMap) +} + +// AsFusionAlertRuleTemplate is the BasicAlertRuleTemplate implementation for MicrosoftSecurityIncidentCreationAlertRuleTemplate. +func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool) { + return nil, false +} + +// AsMicrosoftSecurityIncidentCreationAlertRuleTemplate is the BasicAlertRuleTemplate implementation for MicrosoftSecurityIncidentCreationAlertRuleTemplate. +func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool) { + return &msicart, true +} + +// AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for MicrosoftSecurityIncidentCreationAlertRuleTemplate. +func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool) { + return nil, false +} + +// AsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for MicrosoftSecurityIncidentCreationAlertRuleTemplate. +func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool) { + return nil, false +} + +// AsBasicAlertRuleTemplate is the BasicAlertRuleTemplate implementation for MicrosoftSecurityIncidentCreationAlertRuleTemplate. +func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool) { + return &msicart, true +} + +// UnmarshalJSON is the custom unmarshaler for MicrosoftSecurityIncidentCreationAlertRuleTemplate struct. +func (msicart *MicrosoftSecurityIncidentCreationAlertRuleTemplate) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var microsoftSecurityIncidentCreationAlertRuleTemplateProperties MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties + err = json.Unmarshal(*v, µsoftSecurityIncidentCreationAlertRuleTemplateProperties) + if err != nil { + return err + } + msicart.MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties = µsoftSecurityIncidentCreationAlertRuleTemplateProperties + } + case "kind": + if v != nil { + var kind KindBasicAlertRuleTemplate + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + msicart.Kind = kind + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + msicart.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + msicart.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + msicart.Type = &typeVar + } + } + } + + return nil +} + +// MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties microsoftSecurityIncidentCreation rule +// template properties +type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties struct { + // AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template + AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` + // CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added. + CreatedDateUTC *date.Time `json:"createdDateUTC,omitempty"` + // Description - The description of the alert rule template. + Description *string `json:"description,omitempty"` + // DisplayName - The display name for alert rule template. + DisplayName *string `json:"displayName,omitempty"` + // RequiredDataConnectors - The required data connectors for this template + RequiredDataConnectors *[]AlertRuleTemplateDataSource `json:"requiredDataConnectors,omitempty"` + // Status - The alert rule template status. Possible values include: 'Installed', 'Available', 'NotAvailable' + Status TemplateStatus `json:"status,omitempty"` + // DisplayNamesFilter - the alerts' displayNames on which the cases will be generated + DisplayNamesFilter *[]string `json:"displayNamesFilter,omitempty"` + // DisplayNamesExcludeFilter - the alerts' displayNames on which the cases will not be generated + DisplayNamesExcludeFilter *[]string `json:"displayNamesExcludeFilter,omitempty"` + // ProductFilter - The alerts' productName on which the cases will be generated. Possible values include: 'MicrosoftCloudAppSecurity', 'AzureSecurityCenter', 'AzureAdvancedThreatProtection', 'AzureActiveDirectoryIdentityProtection', 'AzureSecurityCenterforIoT' + ProductFilter MicrosoftSecurityProductName `json:"productFilter,omitempty"` + // SeveritiesFilter - the alerts' severities on which the cases will be generated + SeveritiesFilter *[]AlertSeverity `json:"severitiesFilter,omitempty"` +} + +// MarshalJSON is the custom marshaler for MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties. +func (msicartp MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if msicartp.AlertRulesCreatedByTemplateCount != nil { + objectMap["alertRulesCreatedByTemplateCount"] = msicartp.AlertRulesCreatedByTemplateCount + } + if msicartp.Description != nil { + objectMap["description"] = msicartp.Description + } + if msicartp.DisplayName != nil { + objectMap["displayName"] = msicartp.DisplayName + } + if msicartp.RequiredDataConnectors != nil { + objectMap["requiredDataConnectors"] = msicartp.RequiredDataConnectors + } + if msicartp.Status != "" { + objectMap["status"] = msicartp.Status + } + if msicartp.DisplayNamesFilter != nil { + objectMap["displayNamesFilter"] = msicartp.DisplayNamesFilter + } + if msicartp.DisplayNamesExcludeFilter != nil { + objectMap["displayNamesExcludeFilter"] = msicartp.DisplayNamesExcludeFilter + } + if msicartp.ProductFilter != "" { + objectMap["productFilter"] = msicartp.ProductFilter + } + if msicartp.SeveritiesFilter != nil { + objectMap["severitiesFilter"] = msicartp.SeveritiesFilter + } + return json.Marshal(objectMap) +} + +// OfficeConsent consent for Office365 tenant that already made. +type OfficeConsent struct { + // OfficeConsentProperties - Office consent properties + *OfficeConsentProperties `json:"properties,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` +} + +// MarshalJSON is the custom marshaler for OfficeConsent. +func (oc OfficeConsent) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if oc.OfficeConsentProperties != nil { + objectMap["properties"] = oc.OfficeConsentProperties + } + return json.Marshal(objectMap) +} + +// UnmarshalJSON is the custom unmarshaler for OfficeConsent struct. +func (oc *OfficeConsent) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var officeConsentProperties OfficeConsentProperties + err = json.Unmarshal(*v, &officeConsentProperties) + if err != nil { + return err + } + oc.OfficeConsentProperties = &officeConsentProperties + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + oc.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + oc.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + oc.Type = &typeVar + } + } + } + + return nil +} + +// OfficeConsentList list of all the office365 consents. +type OfficeConsentList struct { + // NextLink - READ-ONLY; URL to fetch the next set of office consents. + NextLink *string `json:"nextLink,omitempty"` + // Value - Array of the consents. + Value *[]OfficeConsent `json:"value,omitempty"` +} + +// MarshalJSON is the custom marshaler for OfficeConsentList. +func (ocl OfficeConsentList) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if ocl.Value != nil { + objectMap["value"] = ocl.Value + } + return json.Marshal(objectMap) +} + +// OfficeConsentProperties consent property bag. +type OfficeConsentProperties struct { + // TenantID - The tenantId of the Office365 with the consent. + TenantID *string `json:"tenantId,omitempty"` + // TenantName - READ-ONLY; The tenant name of the Office365 with the consent. + TenantName *string `json:"tenantName,omitempty"` +} + +// MarshalJSON is the custom marshaler for OfficeConsentProperties. +func (ocp OfficeConsentProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if ocp.TenantID != nil { + objectMap["tenantId"] = ocp.TenantID + } + return json.Marshal(objectMap) +} + +// OfficeDataConnector represents office data connector. +type OfficeDataConnector struct { + // OfficeDataConnectorProperties - Office data connector properties. + *OfficeDataConnectorProperties `json:"properties,omitempty"` + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence' + Kind KindBasicDataConnector `json:"kind,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` +} + +// MarshalJSON is the custom marshaler for OfficeDataConnector. +func (odc OfficeDataConnector) MarshalJSON() ([]byte, error) { + odc.Kind = KindOffice365 + objectMap := make(map[string]interface{}) + if odc.OfficeDataConnectorProperties != nil { + objectMap["properties"] = odc.OfficeDataConnectorProperties + } + if odc.Kind != "" { + objectMap["kind"] = odc.Kind + } + if odc.Etag != nil { + objectMap["etag"] = odc.Etag + } + return json.Marshal(objectMap) +} + +// AsAADDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { + return nil, false +} + +// AsAATPDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { + return nil, false +} + +// AsASCDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { + return nil, false +} + +// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { + return nil, false +} + +// AsMCASDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { + return nil, false +} + +// AsMDATPDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { + return nil, false +} + +// AsOfficeDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { + return &odc, true +} + +// AsTIDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { + return nil, false +} + +// AsDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsDataConnector() (*DataConnector, bool) { + return nil, false +} + +// AsBasicDataConnector is the BasicDataConnector implementation for OfficeDataConnector. +func (odc OfficeDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) { + return &odc, true +} + +// UnmarshalJSON is the custom unmarshaler for OfficeDataConnector struct. +func (odc *OfficeDataConnector) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var officeDataConnectorProperties OfficeDataConnectorProperties + err = json.Unmarshal(*v, &officeDataConnectorProperties) + if err != nil { + return err + } + odc.OfficeDataConnectorProperties = &officeDataConnectorProperties + } + case "kind": + if v != nil { + var kind KindBasicDataConnector + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + odc.Kind = kind + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + odc.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + odc.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + odc.Type = &typeVar + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + odc.Etag = &etag + } + } + } + + return nil +} + +// OfficeDataConnectorDataTypes the available data types for office data connector. +type OfficeDataConnectorDataTypes struct { + // Exchange - Exchange data type connection. + Exchange *OfficeDataConnectorDataTypesExchange `json:"exchange,omitempty"` + // SharePoint - SharePoint data type connection. + SharePoint *OfficeDataConnectorDataTypesSharePoint `json:"sharePoint,omitempty"` + // Teams - Teams data type connection. + Teams *OfficeDataConnectorDataTypesTeams `json:"teams,omitempty"` +} + +// OfficeDataConnectorDataTypesExchange exchange data type connection. +type OfficeDataConnectorDataTypesExchange struct { + // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' + State DataTypeState `json:"state,omitempty"` +} + +// OfficeDataConnectorDataTypesSharePoint sharePoint data type connection. +type OfficeDataConnectorDataTypesSharePoint struct { + // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' + State DataTypeState `json:"state,omitempty"` +} + +// OfficeDataConnectorDataTypesTeams teams data type connection. +type OfficeDataConnectorDataTypesTeams struct { + // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' + State DataTypeState `json:"state,omitempty"` +} + +// OfficeDataConnectorProperties office data connector properties. +type OfficeDataConnectorProperties struct { + // TenantID - The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` + // DataTypes - The available data types for the connector. + DataTypes *OfficeDataConnectorDataTypes `json:"dataTypes,omitempty"` +} + +// Operation operation provided by provider +type Operation struct { + // Display - Properties of the operation + Display *OperationDisplay `json:"display,omitempty"` + // Name - Name of the operation + Name *string `json:"name,omitempty"` + // Origin - The origin of the operation + Origin *string `json:"origin,omitempty"` +} + +// OperationDisplay properties of the operation +type OperationDisplay struct { + // Description - Description of the operation + Description *string `json:"description,omitempty"` + // Operation - Operation name + Operation *string `json:"operation,omitempty"` + // Provider - Provider name + Provider *string `json:"provider,omitempty"` + // Resource - Resource name + Resource *string `json:"resource,omitempty"` +} + +// OperationsList lists the operations available in the SecurityInsights RP. +type OperationsList struct { + autorest.Response `json:"-"` + // NextLink - URL to fetch the next set of operations. + NextLink *string `json:"nextLink,omitempty"` + // Value - Array of operations + Value *[]Operation `json:"value,omitempty"` +} + +// OperationsListIterator provides access to a complete listing of Operation values. +type OperationsListIterator struct { + i int + page OperationsListPage +} + +// NextWithContext advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +func (iter *OperationsListIterator) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/OperationsListIterator.NextWithContext") + defer func() { + sc := -1 + if iter.Response().Response.Response != nil { + sc = iter.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + iter.i++ + if iter.i < len(iter.page.Values()) { + return nil + } + err = iter.page.NextWithContext(ctx) + if err != nil { + iter.i-- + return err + } + iter.i = 0 + return nil +} + +// Next advances to the next value. If there was an error making +// the request the iterator does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (iter *OperationsListIterator) Next() error { + return iter.NextWithContext(context.Background()) +} + +// NotDone returns true if the enumeration should be started or is not yet complete. +func (iter OperationsListIterator) NotDone() bool { + return iter.page.NotDone() && iter.i < len(iter.page.Values()) +} + +// Response returns the raw server response from the last page request. +func (iter OperationsListIterator) Response() OperationsList { + return iter.page.Response() +} + +// Value returns the current value or a zero-initialized value if the +// iterator has advanced beyond the end of the collection. +func (iter OperationsListIterator) Value() Operation { + if !iter.page.NotDone() { + return Operation{} + } + return iter.page.Values()[iter.i] +} + +// Creates a new instance of the OperationsListIterator type. +func NewOperationsListIterator(page OperationsListPage) OperationsListIterator { + return OperationsListIterator{page: page} +} + +// IsEmpty returns true if the ListResult contains no values. +func (ol OperationsList) IsEmpty() bool { + return ol.Value == nil || len(*ol.Value) == 0 +} + +// hasNextLink returns true if the NextLink is not empty. +func (ol OperationsList) hasNextLink() bool { + return ol.NextLink != nil && len(*ol.NextLink) != 0 +} + +// operationsListPreparer prepares a request to retrieve the next set of results. +// It returns nil if no more results exist. +func (ol OperationsList) operationsListPreparer(ctx context.Context) (*http.Request, error) { + if !ol.hasNextLink() { + return nil, nil + } + return autorest.Prepare((&http.Request{}).WithContext(ctx), + autorest.AsJSON(), + autorest.AsGet(), + autorest.WithBaseURL(to.String(ol.NextLink))) +} + +// OperationsListPage contains a page of Operation values. +type OperationsListPage struct { + fn func(context.Context, OperationsList) (OperationsList, error) + ol OperationsList +} + +// NextWithContext advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +func (page *OperationsListPage) NextWithContext(ctx context.Context) (err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/OperationsListPage.NextWithContext") + defer func() { + sc := -1 + if page.Response().Response.Response != nil { + sc = page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + for { + next, err := page.fn(ctx, page.ol) + if err != nil { + return err + } + page.ol = next + if !next.hasNextLink() || !next.IsEmpty() { + break + } + } + return nil +} + +// Next advances to the next page of values. If there was an error making +// the request the page does not advance and the error is returned. +// Deprecated: Use NextWithContext() instead. +func (page *OperationsListPage) Next() error { + return page.NextWithContext(context.Background()) +} + +// NotDone returns true if the page enumeration should be started or is not yet complete. +func (page OperationsListPage) NotDone() bool { + return !page.ol.IsEmpty() +} + +// Response returns the raw server response from the last page request. +func (page OperationsListPage) Response() OperationsList { + return page.ol +} + +// Values returns the slice of values for the current page or nil if there are no values. +func (page OperationsListPage) Values() []Operation { + if page.ol.IsEmpty() { + return nil + } + return *page.ol.Value +} + +// Creates a new instance of the OperationsListPage type. +func NewOperationsListPage(cur OperationsList, getNextPage func(context.Context, OperationsList) (OperationsList, error)) OperationsListPage { + return OperationsListPage{ + fn: getNextPage, + ol: cur, + } +} + +// Resource an azure resource object +type Resource struct { + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` +} + +// ResourceWithEtag an azure resource object with an Etag property +type ResourceWithEtag struct { + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` +} + +// MarshalJSON is the custom marshaler for ResourceWithEtag. +func (rwe ResourceWithEtag) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if rwe.Etag != nil { + objectMap["etag"] = rwe.Etag + } + return json.Marshal(objectMap) +} + +// ScheduledAlertRule represents scheduled alert rule. +type ScheduledAlertRule struct { + // ScheduledAlertRuleProperties - Scheduled alert rule properties + *ScheduledAlertRuleProperties `json:"properties,omitempty"` + // Kind - Possible values include: 'KindAlertRule', 'KindFusion', 'KindMicrosoftSecurityIncidentCreation', 'KindScheduled' + Kind Kind `json:"kind,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` +} + +// MarshalJSON is the custom marshaler for ScheduledAlertRule. +func (sar ScheduledAlertRule) MarshalJSON() ([]byte, error) { + sar.Kind = KindScheduled + objectMap := make(map[string]interface{}) + if sar.ScheduledAlertRuleProperties != nil { + objectMap["properties"] = sar.ScheduledAlertRuleProperties + } + if sar.Kind != "" { + objectMap["kind"] = sar.Kind + } + if sar.Etag != nil { + objectMap["etag"] = sar.Etag + } + return json.Marshal(objectMap) +} + +// AsFusionAlertRule is the BasicAlertRule implementation for ScheduledAlertRule. +func (sar ScheduledAlertRule) AsFusionAlertRule() (*FusionAlertRule, bool) { + return nil, false +} + +// AsMicrosoftSecurityIncidentCreationAlertRule is the BasicAlertRule implementation for ScheduledAlertRule. +func (sar ScheduledAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool) { + return nil, false +} + +// AsScheduledAlertRule is the BasicAlertRule implementation for ScheduledAlertRule. +func (sar ScheduledAlertRule) AsScheduledAlertRule() (*ScheduledAlertRule, bool) { + return &sar, true +} + +// AsAlertRule is the BasicAlertRule implementation for ScheduledAlertRule. +func (sar ScheduledAlertRule) AsAlertRule() (*AlertRule, bool) { + return nil, false +} + +// AsBasicAlertRule is the BasicAlertRule implementation for ScheduledAlertRule. +func (sar ScheduledAlertRule) AsBasicAlertRule() (BasicAlertRule, bool) { + return &sar, true +} + +// UnmarshalJSON is the custom unmarshaler for ScheduledAlertRule struct. +func (sar *ScheduledAlertRule) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var scheduledAlertRuleProperties ScheduledAlertRuleProperties + err = json.Unmarshal(*v, &scheduledAlertRuleProperties) + if err != nil { + return err + } + sar.ScheduledAlertRuleProperties = &scheduledAlertRuleProperties + } + case "kind": + if v != nil { + var kind Kind + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + sar.Kind = kind + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + sar.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + sar.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + sar.Type = &typeVar + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + sar.Etag = &etag + } + } + } + + return nil +} + +// ScheduledAlertRuleCommonProperties schedule alert rule template property bag. +type ScheduledAlertRuleCommonProperties struct { + // Query - The query that creates alerts for this rule. + Query *string `json:"query,omitempty"` + // QueryFrequency - The frequency (in ISO 8601 duration format) for this alert rule to run. + QueryFrequency *string `json:"queryFrequency,omitempty"` + // QueryPeriod - The period (in ISO 8601 duration format) that this alert rule looks at. + QueryPeriod *string `json:"queryPeriod,omitempty"` + // Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational' + Severity AlertSeverity `json:"severity,omitempty"` + // TriggerOperator - The operation against the threshold that triggers alert rule. Possible values include: 'GreaterThan', 'LessThan', 'Equal', 'NotEqual' + TriggerOperator TriggerOperator `json:"triggerOperator,omitempty"` + // TriggerThreshold - The threshold triggers this alert rule. + TriggerThreshold *int32 `json:"triggerThreshold,omitempty"` +} + +// ScheduledAlertRuleProperties scheduled alert rule base property bag. +type ScheduledAlertRuleProperties struct { + // AlertRuleTemplateName - The Name of the alert rule template used to create this rule. + AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"` + // Description - The description of the alert rule. + Description *string `json:"description,omitempty"` + // DisplayName - The display name for alerts created by this alert rule. + DisplayName *string `json:"displayName,omitempty"` + // Enabled - Determines whether this alert rule is enabled or disabled. + Enabled *bool `json:"enabled,omitempty"` + // LastModifiedUtc - READ-ONLY; The last time that this alert rule has been modified. + LastModifiedUtc *date.Time `json:"lastModifiedUtc,omitempty"` + // SuppressionDuration - The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered. + SuppressionDuration *string `json:"suppressionDuration,omitempty"` + // SuppressionEnabled - Determines whether the suppression for this alert rule is enabled or disabled. + SuppressionEnabled *bool `json:"suppressionEnabled,omitempty"` + // Tactics - The tactics of the alert rule + Tactics *[]AttackTactic `json:"tactics,omitempty"` + // Query - The query that creates alerts for this rule. + Query *string `json:"query,omitempty"` + // QueryFrequency - The frequency (in ISO 8601 duration format) for this alert rule to run. + QueryFrequency *string `json:"queryFrequency,omitempty"` + // QueryPeriod - The period (in ISO 8601 duration format) that this alert rule looks at. + QueryPeriod *string `json:"queryPeriod,omitempty"` + // Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational' + Severity AlertSeverity `json:"severity,omitempty"` + // TriggerOperator - The operation against the threshold that triggers alert rule. Possible values include: 'GreaterThan', 'LessThan', 'Equal', 'NotEqual' + TriggerOperator TriggerOperator `json:"triggerOperator,omitempty"` + // TriggerThreshold - The threshold triggers this alert rule. + TriggerThreshold *int32 `json:"triggerThreshold,omitempty"` +} + +// MarshalJSON is the custom marshaler for ScheduledAlertRuleProperties. +func (sarp ScheduledAlertRuleProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if sarp.AlertRuleTemplateName != nil { + objectMap["alertRuleTemplateName"] = sarp.AlertRuleTemplateName + } + if sarp.Description != nil { + objectMap["description"] = sarp.Description + } + if sarp.DisplayName != nil { + objectMap["displayName"] = sarp.DisplayName + } + if sarp.Enabled != nil { + objectMap["enabled"] = sarp.Enabled + } + if sarp.SuppressionDuration != nil { + objectMap["suppressionDuration"] = sarp.SuppressionDuration + } + if sarp.SuppressionEnabled != nil { + objectMap["suppressionEnabled"] = sarp.SuppressionEnabled + } + if sarp.Tactics != nil { + objectMap["tactics"] = sarp.Tactics + } + if sarp.Query != nil { + objectMap["query"] = sarp.Query + } + if sarp.QueryFrequency != nil { + objectMap["queryFrequency"] = sarp.QueryFrequency + } + if sarp.QueryPeriod != nil { + objectMap["queryPeriod"] = sarp.QueryPeriod + } + if sarp.Severity != "" { + objectMap["severity"] = sarp.Severity + } + if sarp.TriggerOperator != "" { + objectMap["triggerOperator"] = sarp.TriggerOperator + } + if sarp.TriggerThreshold != nil { + objectMap["triggerThreshold"] = sarp.TriggerThreshold + } + return json.Marshal(objectMap) +} + +// ScheduledAlertRuleTemplate represents scheduled alert rule template. +type ScheduledAlertRuleTemplate struct { + // ScheduledAlertRuleTemplateProperties - Scheduled alert rule template properties + *ScheduledAlertRuleTemplateProperties `json:"properties,omitempty"` + // Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindFusion', 'KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation', 'KindBasicAlertRuleTemplateKindScheduled' + Kind KindBasicAlertRuleTemplate `json:"kind,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` +} + +// MarshalJSON is the custom marshaler for ScheduledAlertRuleTemplate. +func (sart ScheduledAlertRuleTemplate) MarshalJSON() ([]byte, error) { + sart.Kind = KindBasicAlertRuleTemplateKindScheduled + objectMap := make(map[string]interface{}) + if sart.ScheduledAlertRuleTemplateProperties != nil { + objectMap["properties"] = sart.ScheduledAlertRuleTemplateProperties + } + if sart.Kind != "" { + objectMap["kind"] = sart.Kind + } + return json.Marshal(objectMap) +} + +// AsFusionAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate. +func (sart ScheduledAlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool) { + return nil, false +} + +// AsMicrosoftSecurityIncidentCreationAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate. +func (sart ScheduledAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool) { + return nil, false +} + +// AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate. +func (sart ScheduledAlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool) { + return &sart, true +} + +// AsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate. +func (sart ScheduledAlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool) { + return nil, false +} + +// AsBasicAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate. +func (sart ScheduledAlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool) { + return &sart, true +} + +// UnmarshalJSON is the custom unmarshaler for ScheduledAlertRuleTemplate struct. +func (sart *ScheduledAlertRuleTemplate) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var scheduledAlertRuleTemplateProperties ScheduledAlertRuleTemplateProperties + err = json.Unmarshal(*v, &scheduledAlertRuleTemplateProperties) + if err != nil { + return err + } + sart.ScheduledAlertRuleTemplateProperties = &scheduledAlertRuleTemplateProperties + } + case "kind": + if v != nil { + var kind KindBasicAlertRuleTemplate + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + sart.Kind = kind + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + sart.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + sart.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + sart.Type = &typeVar + } + } + } + + return nil +} + +// ScheduledAlertRuleTemplateProperties scheduled alert rule template properties +type ScheduledAlertRuleTemplateProperties struct { + // AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template + AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` + // CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added. + CreatedDateUTC *date.Time `json:"createdDateUTC,omitempty"` + // Description - The description of the alert rule template. + Description *string `json:"description,omitempty"` + // DisplayName - The display name for alert rule template. + DisplayName *string `json:"displayName,omitempty"` + // RequiredDataConnectors - The required data connectors for this template + RequiredDataConnectors *[]AlertRuleTemplateDataSource `json:"requiredDataConnectors,omitempty"` + // Status - The alert rule template status. Possible values include: 'Installed', 'Available', 'NotAvailable' + Status TemplateStatus `json:"status,omitempty"` + // Query - The query that creates alerts for this rule. + Query *string `json:"query,omitempty"` + // QueryFrequency - The frequency (in ISO 8601 duration format) for this alert rule to run. + QueryFrequency *string `json:"queryFrequency,omitempty"` + // QueryPeriod - The period (in ISO 8601 duration format) that this alert rule looks at. + QueryPeriod *string `json:"queryPeriod,omitempty"` + // Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational' + Severity AlertSeverity `json:"severity,omitempty"` + // TriggerOperator - The operation against the threshold that triggers alert rule. Possible values include: 'GreaterThan', 'LessThan', 'Equal', 'NotEqual' + TriggerOperator TriggerOperator `json:"triggerOperator,omitempty"` + // TriggerThreshold - The threshold triggers this alert rule. + TriggerThreshold *int32 `json:"triggerThreshold,omitempty"` + // Tactics - The tactics of the alert rule template + Tactics *[]AttackTactic `json:"tactics,omitempty"` +} + +// MarshalJSON is the custom marshaler for ScheduledAlertRuleTemplateProperties. +func (sartp ScheduledAlertRuleTemplateProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if sartp.AlertRulesCreatedByTemplateCount != nil { + objectMap["alertRulesCreatedByTemplateCount"] = sartp.AlertRulesCreatedByTemplateCount + } + if sartp.Description != nil { + objectMap["description"] = sartp.Description + } + if sartp.DisplayName != nil { + objectMap["displayName"] = sartp.DisplayName + } + if sartp.RequiredDataConnectors != nil { + objectMap["requiredDataConnectors"] = sartp.RequiredDataConnectors + } + if sartp.Status != "" { + objectMap["status"] = sartp.Status + } + if sartp.Query != nil { + objectMap["query"] = sartp.Query + } + if sartp.QueryFrequency != nil { + objectMap["queryFrequency"] = sartp.QueryFrequency + } + if sartp.QueryPeriod != nil { + objectMap["queryPeriod"] = sartp.QueryPeriod + } + if sartp.Severity != "" { + objectMap["severity"] = sartp.Severity + } + if sartp.TriggerOperator != "" { + objectMap["triggerOperator"] = sartp.TriggerOperator + } + if sartp.TriggerThreshold != nil { + objectMap["triggerThreshold"] = sartp.TriggerThreshold + } + if sartp.Tactics != nil { + objectMap["tactics"] = sartp.Tactics + } + return json.Marshal(objectMap) +} + +// BasicSettings the Settings. +type BasicSettings interface { + AsToggleSettings() (*ToggleSettings, bool) + AsUebaSettings() (*UebaSettings, bool) + AsSettings() (*Settings, bool) +} + +// Settings the Settings. +type Settings struct { + // Kind - Possible values include: 'KindSettings', 'KindToggleSettings', 'KindUebaSettings' + Kind KindBasicSettings `json:"kind,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` +} + +func unmarshalBasicSettings(body []byte) (BasicSettings, error) { + var m map[string]interface{} + err := json.Unmarshal(body, &m) + if err != nil { + return nil, err + } + + switch m["kind"] { + case string(KindToggleSettings): + var ts ToggleSettings + err := json.Unmarshal(body, &ts) + return ts, err + case string(KindUebaSettings): + var us UebaSettings + err := json.Unmarshal(body, &us) + return us, err + default: + var s Settings + err := json.Unmarshal(body, &s) + return s, err + } +} +func unmarshalBasicSettingsArray(body []byte) ([]BasicSettings, error) { + var rawMessages []*json.RawMessage + err := json.Unmarshal(body, &rawMessages) + if err != nil { + return nil, err + } + + sArray := make([]BasicSettings, len(rawMessages)) + + for index, rawMessage := range rawMessages { + s, err := unmarshalBasicSettings(*rawMessage) + if err != nil { + return nil, err + } + sArray[index] = s + } + return sArray, nil +} + +// MarshalJSON is the custom marshaler for Settings. +func (s Settings) MarshalJSON() ([]byte, error) { + s.Kind = KindSettings + objectMap := make(map[string]interface{}) + if s.Kind != "" { + objectMap["kind"] = s.Kind + } + if s.Etag != nil { + objectMap["etag"] = s.Etag + } + return json.Marshal(objectMap) +} + +// AsToggleSettings is the BasicSettings implementation for Settings. +func (s Settings) AsToggleSettings() (*ToggleSettings, bool) { + return nil, false +} + +// AsUebaSettings is the BasicSettings implementation for Settings. +func (s Settings) AsUebaSettings() (*UebaSettings, bool) { + return nil, false +} + +// AsSettings is the BasicSettings implementation for Settings. +func (s Settings) AsSettings() (*Settings, bool) { + return &s, true +} + +// AsBasicSettings is the BasicSettings implementation for Settings. +func (s Settings) AsBasicSettings() (BasicSettings, bool) { + return &s, true +} + +// ThreatIntelligence threatIntelligence property bag. +type ThreatIntelligence struct { + // Confidence - READ-ONLY; Confidence (must be between 0 and 1) + Confidence *float64 `json:"confidence,omitempty"` + // ProviderName - READ-ONLY; Name of the provider from whom this Threat Intelligence information was received + ProviderName *string `json:"providerName,omitempty"` + // ReportLink - READ-ONLY; Report link + ReportLink *string `json:"reportLink,omitempty"` + // ThreatDescription - READ-ONLY; Threat description (free text) + ThreatDescription *string `json:"threatDescription,omitempty"` + // ThreatName - READ-ONLY; Threat name (e.g. "Jedobot malware") + ThreatName *string `json:"threatName,omitempty"` + // ThreatType - READ-ONLY; Threat type (e.g. "Botnet") + ThreatType *string `json:"threatType,omitempty"` +} + +// TIDataConnector represents threat intelligence data connector. +type TIDataConnector struct { + // TIDataConnectorProperties - TI (Threat Intelligence) data connector properties. + *TIDataConnectorProperties `json:"properties,omitempty"` + // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence' + Kind KindBasicDataConnector `json:"kind,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` +} + +// MarshalJSON is the custom marshaler for TIDataConnector. +func (tdc TIDataConnector) MarshalJSON() ([]byte, error) { + tdc.Kind = KindThreatIntelligence + objectMap := make(map[string]interface{}) + if tdc.TIDataConnectorProperties != nil { + objectMap["properties"] = tdc.TIDataConnectorProperties + } + if tdc.Kind != "" { + objectMap["kind"] = tdc.Kind + } + if tdc.Etag != nil { + objectMap["etag"] = tdc.Etag + } + return json.Marshal(objectMap) +} + +// AsAADDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsAADDataConnector() (*AADDataConnector, bool) { + return nil, false +} + +// AsAATPDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) { + return nil, false +} + +// AsASCDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) { + return nil, false +} + +// AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) { + return nil, false +} + +// AsMCASDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) { + return nil, false +} + +// AsMDATPDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) { + return nil, false +} + +// AsOfficeDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) { + return nil, false +} + +// AsTIDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsTIDataConnector() (*TIDataConnector, bool) { + return &tdc, true +} + +// AsDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsDataConnector() (*DataConnector, bool) { + return nil, false +} + +// AsBasicDataConnector is the BasicDataConnector implementation for TIDataConnector. +func (tdc TIDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) { + return &tdc, true +} + +// UnmarshalJSON is the custom unmarshaler for TIDataConnector struct. +func (tdc *TIDataConnector) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var tIDataConnectorProperties TIDataConnectorProperties + err = json.Unmarshal(*v, &tIDataConnectorProperties) + if err != nil { + return err + } + tdc.TIDataConnectorProperties = &tIDataConnectorProperties + } + case "kind": + if v != nil { + var kind KindBasicDataConnector + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + tdc.Kind = kind + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + tdc.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + tdc.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + tdc.Type = &typeVar + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + tdc.Etag = &etag + } + } + } + + return nil +} + +// TIDataConnectorDataTypes the available data types for TI (Threat Intelligence) data connector. +type TIDataConnectorDataTypes struct { + // Indicators - Data type for indicators connection. + Indicators *TIDataConnectorDataTypesIndicators `json:"indicators,omitempty"` +} + +// TIDataConnectorDataTypesIndicators data type for indicators connection. +type TIDataConnectorDataTypesIndicators struct { + // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' + State DataTypeState `json:"state,omitempty"` +} + +// TIDataConnectorProperties TI (Threat Intelligence) data connector properties. +type TIDataConnectorProperties struct { + // TenantID - The tenant id to connect to, and get the data from. + TenantID *string `json:"tenantId,omitempty"` + // TipLookbackPeriod - The lookback period for the feed to be imported. + TipLookbackPeriod *date.Time `json:"tipLookbackPeriod,omitempty"` + // DataTypes - The available data types for the connector. + DataTypes *TIDataConnectorDataTypes `json:"dataTypes,omitempty"` +} + +// ToggleSettings settings with single toggle. +type ToggleSettings struct { + // ToggleSettingsProperties - toggle properties + *ToggleSettingsProperties `json:"properties,omitempty"` + // Kind - Possible values include: 'KindSettings', 'KindToggleSettings', 'KindUebaSettings' + Kind KindBasicSettings `json:"kind,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` +} + +// MarshalJSON is the custom marshaler for ToggleSettings. +func (ts ToggleSettings) MarshalJSON() ([]byte, error) { + ts.Kind = KindToggleSettings + objectMap := make(map[string]interface{}) + if ts.ToggleSettingsProperties != nil { + objectMap["properties"] = ts.ToggleSettingsProperties + } + if ts.Kind != "" { + objectMap["kind"] = ts.Kind + } + if ts.Etag != nil { + objectMap["etag"] = ts.Etag + } + return json.Marshal(objectMap) +} + +// AsToggleSettings is the BasicSettings implementation for ToggleSettings. +func (ts ToggleSettings) AsToggleSettings() (*ToggleSettings, bool) { + return &ts, true +} + +// AsUebaSettings is the BasicSettings implementation for ToggleSettings. +func (ts ToggleSettings) AsUebaSettings() (*UebaSettings, bool) { + return nil, false +} + +// AsSettings is the BasicSettings implementation for ToggleSettings. +func (ts ToggleSettings) AsSettings() (*Settings, bool) { + return nil, false +} + +// AsBasicSettings is the BasicSettings implementation for ToggleSettings. +func (ts ToggleSettings) AsBasicSettings() (BasicSettings, bool) { + return &ts, true +} + +// UnmarshalJSON is the custom unmarshaler for ToggleSettings struct. +func (ts *ToggleSettings) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var toggleSettingsProperties ToggleSettingsProperties + err = json.Unmarshal(*v, &toggleSettingsProperties) + if err != nil { + return err + } + ts.ToggleSettingsProperties = &toggleSettingsProperties + } + case "kind": + if v != nil { + var kind KindBasicSettings + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + ts.Kind = kind + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + ts.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + ts.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + ts.Type = &typeVar + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + ts.Etag = &etag + } + } + } + + return nil +} + +// ToggleSettingsProperties toggle property bag. +type ToggleSettingsProperties struct { + // IsEnabled - Determines whether the setting is enable or disabled. + IsEnabled *bool `json:"isEnabled,omitempty"` +} + +// UebaSettings represents settings for User and Entity Behavior Analytics enablement. +type UebaSettings struct { + // UebaSettingsProperties - User and Entity Behavior Analytics settings properties + *UebaSettingsProperties `json:"properties,omitempty"` + // Kind - Possible values include: 'KindSettings', 'KindToggleSettings', 'KindUebaSettings' + Kind KindBasicSettings `json:"kind,omitempty"` + // ID - READ-ONLY; Azure resource Id + ID *string `json:"id,omitempty"` + // Name - READ-ONLY; Azure resource name + Name *string `json:"name,omitempty"` + // Type - READ-ONLY; Azure resource type + Type *string `json:"type,omitempty"` + // Etag - Etag of the azure resource + Etag *string `json:"etag,omitempty"` +} + +// MarshalJSON is the custom marshaler for UebaSettings. +func (us UebaSettings) MarshalJSON() ([]byte, error) { + us.Kind = KindUebaSettings + objectMap := make(map[string]interface{}) + if us.UebaSettingsProperties != nil { + objectMap["properties"] = us.UebaSettingsProperties + } + if us.Kind != "" { + objectMap["kind"] = us.Kind + } + if us.Etag != nil { + objectMap["etag"] = us.Etag + } + return json.Marshal(objectMap) +} + +// AsToggleSettings is the BasicSettings implementation for UebaSettings. +func (us UebaSettings) AsToggleSettings() (*ToggleSettings, bool) { + return nil, false +} + +// AsUebaSettings is the BasicSettings implementation for UebaSettings. +func (us UebaSettings) AsUebaSettings() (*UebaSettings, bool) { + return &us, true +} + +// AsSettings is the BasicSettings implementation for UebaSettings. +func (us UebaSettings) AsSettings() (*Settings, bool) { + return nil, false +} + +// AsBasicSettings is the BasicSettings implementation for UebaSettings. +func (us UebaSettings) AsBasicSettings() (BasicSettings, bool) { + return &us, true +} + +// UnmarshalJSON is the custom unmarshaler for UebaSettings struct. +func (us *UebaSettings) UnmarshalJSON(body []byte) error { + var m map[string]*json.RawMessage + err := json.Unmarshal(body, &m) + if err != nil { + return err + } + for k, v := range m { + switch k { + case "properties": + if v != nil { + var uebaSettingsProperties UebaSettingsProperties + err = json.Unmarshal(*v, &uebaSettingsProperties) + if err != nil { + return err + } + us.UebaSettingsProperties = &uebaSettingsProperties + } + case "kind": + if v != nil { + var kind KindBasicSettings + err = json.Unmarshal(*v, &kind) + if err != nil { + return err + } + us.Kind = kind + } + case "id": + if v != nil { + var ID string + err = json.Unmarshal(*v, &ID) + if err != nil { + return err + } + us.ID = &ID + } + case "name": + if v != nil { + var name string + err = json.Unmarshal(*v, &name) + if err != nil { + return err + } + us.Name = &name + } + case "type": + if v != nil { + var typeVar string + err = json.Unmarshal(*v, &typeVar) + if err != nil { + return err + } + us.Type = &typeVar + } + case "etag": + if v != nil { + var etag string + err = json.Unmarshal(*v, &etag) + if err != nil { + return err + } + us.Etag = &etag + } + } + } + + return nil +} + +// UebaSettingsProperties user and Entity Behavior Analytics settings property bag. +type UebaSettingsProperties struct { + // AtpLicenseStatus - READ-ONLY; Determines whether the tenant has ATP (Advanced Threat Protection) license. Possible values include: 'LicenseStatusEnabled', 'LicenseStatusDisabled' + AtpLicenseStatus LicenseStatus `json:"atpLicenseStatus,omitempty"` + // IsEnabled - Determines whether User and Entity Behavior Analytics is enabled for this workspace. + IsEnabled *bool `json:"isEnabled,omitempty"` + // StatusInMcas - READ-ONLY; Determines whether User and Entity Behavior Analytics is enabled from MCAS (Microsoft Cloud App Security). Possible values include: 'StatusInMcasEnabled', 'StatusInMcasDisabled' + StatusInMcas StatusInMcas `json:"statusInMcas,omitempty"` +} + +// MarshalJSON is the custom marshaler for UebaSettingsProperties. +func (usp UebaSettingsProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if usp.IsEnabled != nil { + objectMap["isEnabled"] = usp.IsEnabled + } + return json.Marshal(objectMap) +} + +// UserInfo user information that made some action +type UserInfo struct { + // Email - READ-ONLY; The email of the user. + Email *string `json:"email,omitempty"` + // Name - READ-ONLY; The name of the user. + Name *string `json:"name,omitempty"` + // ObjectID - The object id of the user. + ObjectID *uuid.UUID `json:"objectId,omitempty"` +} + +// MarshalJSON is the custom marshaler for UserInfo. +func (UI UserInfo) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]interface{}) + if UI.ObjectID != nil { + objectMap["objectId"] = UI.ObjectID + } + return json.Marshal(objectMap) +} diff --git a/services/securityinsight/mgmt/2020-01-01/securityinsight/operations.go b/services/securityinsight/mgmt/2020-01-01/securityinsight/operations.go new file mode 100644 index 000000000000..a9d92aec855b --- /dev/null +++ b/services/securityinsight/mgmt/2020-01-01/securityinsight/operations.go @@ -0,0 +1,140 @@ +package securityinsight + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See License.txt in the project root for license information. +// +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +import ( + "context" + "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/azure" + "github.com/Azure/go-autorest/tracing" + "net/http" +) + +// OperationsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider +type OperationsClient struct { + BaseClient +} + +// NewOperationsClient creates an instance of the OperationsClient client. +func NewOperationsClient(subscriptionID string) OperationsClient { + return NewOperationsClientWithBaseURI(DefaultBaseURI, subscriptionID) +} + +// NewOperationsClientWithBaseURI creates an instance of the OperationsClient client using a custom endpoint. Use this +// when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack). +func NewOperationsClientWithBaseURI(baseURI string, subscriptionID string) OperationsClient { + return OperationsClient{NewWithBaseURI(baseURI, subscriptionID)} +} + +// List lists all operations available Azure Security Insights Resource Provider. +func (client OperationsClient) List(ctx context.Context) (result OperationsListPage, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/OperationsClient.List") + defer func() { + sc := -1 + if result.ol.Response.Response != nil { + sc = result.ol.Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + result.fn = client.listNextResults + req, err := client.ListPreparer(ctx) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.OperationsClient", "List", nil, "Failure preparing request") + return + } + + resp, err := client.ListSender(req) + if err != nil { + result.ol.Response = autorest.Response{Response: resp} + err = autorest.NewErrorWithError(err, "securityinsight.OperationsClient", "List", resp, "Failure sending request") + return + } + + result.ol, err = client.ListResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.OperationsClient", "List", resp, "Failure responding to request") + return + } + if result.ol.hasNextLink() && result.ol.IsEmpty() { + err = result.NextWithContext(ctx) + return + } + + return +} + +// ListPreparer prepares the List request. +func (client OperationsClient) ListPreparer(ctx context.Context) (*http.Request, error) { + const APIVersion = "2020-01-01" + queryParameters := map[string]interface{}{ + "api-version": APIVersion, + } + + preparer := autorest.CreatePreparer( + autorest.AsGet(), + autorest.WithBaseURL(client.BaseURI), + autorest.WithPath("/providers/Microsoft.SecurityInsights/operations"), + autorest.WithQueryParameters(queryParameters)) + return preparer.Prepare((&http.Request{}).WithContext(ctx)) +} + +// ListSender sends the List request. The method will close the +// http.Response Body if it receives an error. +func (client OperationsClient) ListSender(req *http.Request) (*http.Response, error) { + return client.Send(req, autorest.DoRetryForStatusCodes(client.RetryAttempts, client.RetryDuration, autorest.StatusCodesForRetry...)) +} + +// ListResponder handles the response to the List request. The method always +// closes the http.Response Body. +func (client OperationsClient) ListResponder(resp *http.Response) (result OperationsList, err error) { + err = autorest.Respond( + resp, + azure.WithErrorUnlessStatusCode(http.StatusOK), + autorest.ByUnmarshallingJSON(&result), + autorest.ByClosing()) + result.Response = autorest.Response{Response: resp} + return +} + +// listNextResults retrieves the next set of results, if any. +func (client OperationsClient) listNextResults(ctx context.Context, lastResults OperationsList) (result OperationsList, err error) { + req, err := lastResults.operationsListPreparer(ctx) + if err != nil { + return result, autorest.NewErrorWithError(err, "securityinsight.OperationsClient", "listNextResults", nil, "Failure preparing next results request") + } + if req == nil { + return + } + resp, err := client.ListSender(req) + if err != nil { + result.Response = autorest.Response{Response: resp} + return result, autorest.NewErrorWithError(err, "securityinsight.OperationsClient", "listNextResults", resp, "Failure sending next results request") + } + result, err = client.ListResponder(resp) + if err != nil { + err = autorest.NewErrorWithError(err, "securityinsight.OperationsClient", "listNextResults", resp, "Failure responding to next results request") + } + return +} + +// ListComplete enumerates all values, automatically crossing page boundaries as required. +func (client OperationsClient) ListComplete(ctx context.Context) (result OperationsListIterator, err error) { + if tracing.IsEnabled() { + ctx = tracing.StartSpan(ctx, fqdn+"/OperationsClient.List") + defer func() { + sc := -1 + if result.Response().Response.Response != nil { + sc = result.page.Response().Response.Response.StatusCode + } + tracing.EndSpan(ctx, sc, err) + }() + } + result.page, err = client.List(ctx) + return +} diff --git a/services/securityinsight/mgmt/2020-01-01/securityinsight/securityinsightapi/interfaces.go b/services/securityinsight/mgmt/2020-01-01/securityinsight/securityinsightapi/interfaces.go new file mode 100644 index 000000000000..01d801c16f4d --- /dev/null +++ b/services/securityinsight/mgmt/2020-01-01/securityinsight/securityinsightapi/interfaces.go @@ -0,0 +1,95 @@ +package securityinsightapi + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See License.txt in the project root for license information. +// +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +import ( + "context" + "github.com/Azure/azure-sdk-for-go/services/securityinsight/mgmt/2020-01-01/securityinsight" + "github.com/Azure/go-autorest/autorest" +) + +// OperationsClientAPI contains the set of methods on the OperationsClient type. +type OperationsClientAPI interface { + List(ctx context.Context) (result securityinsight.OperationsListPage, err error) + ListComplete(ctx context.Context) (result securityinsight.OperationsListIterator, err error) +} + +var _ OperationsClientAPI = (*securityinsight.OperationsClient)(nil) + +// AlertRulesClientAPI contains the set of methods on the AlertRulesClient type. +type AlertRulesClientAPI interface { + CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string, alertRule securityinsight.BasicAlertRule) (result securityinsight.AlertRuleModel, err error) + Delete(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string) (result autorest.Response, err error) + Get(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string) (result securityinsight.AlertRuleModel, err error) + List(ctx context.Context, resourceGroupName string, workspaceName string) (result securityinsight.AlertRulesListPage, err error) + ListComplete(ctx context.Context, resourceGroupName string, workspaceName string) (result securityinsight.AlertRulesListIterator, err error) +} + +var _ AlertRulesClientAPI = (*securityinsight.AlertRulesClient)(nil) + +// ActionsClientAPI contains the set of methods on the ActionsClient type. +type ActionsClientAPI interface { + CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string, actionID string, action securityinsight.ActionRequest) (result securityinsight.ActionResponse, err error) + Delete(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string, actionID string) (result autorest.Response, err error) + Get(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string, actionID string) (result securityinsight.ActionResponse, err error) + ListByAlertRule(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string) (result securityinsight.ActionsListPage, err error) + ListByAlertRuleComplete(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string) (result securityinsight.ActionsListIterator, err error) +} + +var _ ActionsClientAPI = (*securityinsight.ActionsClient)(nil) + +// AlertRuleTemplatesClientAPI contains the set of methods on the AlertRuleTemplatesClient type. +type AlertRuleTemplatesClientAPI interface { + Get(ctx context.Context, resourceGroupName string, workspaceName string, alertRuleTemplateID string) (result securityinsight.AlertRuleTemplateModel, err error) + List(ctx context.Context, resourceGroupName string, workspaceName string) (result securityinsight.AlertRuleTemplatesListPage, err error) + ListComplete(ctx context.Context, resourceGroupName string, workspaceName string) (result securityinsight.AlertRuleTemplatesListIterator, err error) +} + +var _ AlertRuleTemplatesClientAPI = (*securityinsight.AlertRuleTemplatesClient)(nil) + +// BookmarksClientAPI contains the set of methods on the BookmarksClient type. +type BookmarksClientAPI interface { + CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string, bookmark securityinsight.Bookmark) (result securityinsight.Bookmark, err error) + Delete(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string) (result autorest.Response, err error) + Get(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string) (result securityinsight.Bookmark, err error) + List(ctx context.Context, resourceGroupName string, workspaceName string) (result securityinsight.BookmarkListPage, err error) + ListComplete(ctx context.Context, resourceGroupName string, workspaceName string) (result securityinsight.BookmarkListIterator, err error) +} + +var _ BookmarksClientAPI = (*securityinsight.BookmarksClient)(nil) + +// DataConnectorsClientAPI contains the set of methods on the DataConnectorsClient type. +type DataConnectorsClientAPI interface { + CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorID string, dataConnector securityinsight.BasicDataConnector) (result securityinsight.DataConnectorModel, err error) + Delete(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorID string) (result autorest.Response, err error) + Get(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorID string) (result securityinsight.DataConnectorModel, err error) + List(ctx context.Context, resourceGroupName string, workspaceName string) (result securityinsight.DataConnectorListPage, err error) + ListComplete(ctx context.Context, resourceGroupName string, workspaceName string) (result securityinsight.DataConnectorListIterator, err error) +} + +var _ DataConnectorsClientAPI = (*securityinsight.DataConnectorsClient)(nil) + +// IncidentsClientAPI contains the set of methods on the IncidentsClient type. +type IncidentsClientAPI interface { + CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, incident securityinsight.Incident) (result securityinsight.Incident, err error) + Delete(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string) (result autorest.Response, err error) + Get(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string) (result securityinsight.Incident, err error) + List(ctx context.Context, resourceGroupName string, workspaceName string, filter string, orderby string, top *int32, skipToken string) (result securityinsight.IncidentListPage, err error) + ListComplete(ctx context.Context, resourceGroupName string, workspaceName string, filter string, orderby string, top *int32, skipToken string) (result securityinsight.IncidentListIterator, err error) +} + +var _ IncidentsClientAPI = (*securityinsight.IncidentsClient)(nil) + +// IncidentCommentsClientAPI contains the set of methods on the IncidentCommentsClient type. +type IncidentCommentsClientAPI interface { + CreateComment(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, incidentCommentID string, incidentComment securityinsight.IncidentComment) (result securityinsight.IncidentComment, err error) + Get(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, incidentCommentID string) (result securityinsight.IncidentComment, err error) + ListByIncident(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, filter string, orderby string, top *int32, skipToken string) (result securityinsight.IncidentCommentListPage, err error) + ListByIncidentComplete(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, filter string, orderby string, top *int32, skipToken string) (result securityinsight.IncidentCommentListIterator, err error) +} + +var _ IncidentCommentsClientAPI = (*securityinsight.IncidentCommentsClient)(nil) diff --git a/services/securityinsight/mgmt/2020-01-01/securityinsight/version.go b/services/securityinsight/mgmt/2020-01-01/securityinsight/version.go new file mode 100644 index 000000000000..77d6fa935541 --- /dev/null +++ b/services/securityinsight/mgmt/2020-01-01/securityinsight/version.go @@ -0,0 +1,19 @@ +package securityinsight + +import "github.com/Azure/azure-sdk-for-go/version" + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See License.txt in the project root for license information. +// +// Code generated by Microsoft (R) AutoRest Code Generator. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +// UserAgent returns the UserAgent string to use when sending http.Requests. +func UserAgent() string { + return "Azure-SDK-For-Go/" + Version() + " securityinsight/2020-01-01" +} + +// Version returns the semantic version (see http://semver.org) of the client. +func Version() string { + return version.Number +}