[AutoPR sql/resource-manager] [DO NOT MERGE] Adding VA support for manged instance

azure-mgmt-sql/azure/mgmt/sql/models/__init__.py

@@ -48,7 +48,6 @@
     from .transparent_data_encryption_activity_py3 import TransparentDataEncryptionActivity
     from .server_usage_py3 import ServerUsage
     from .database_usage_py3 import DatabaseUsage
-    from .database_blob_auditing_policy_py3 import DatabaseBlobAuditingPolicy
     from .automatic_tuning_options_py3 import AutomaticTuningOptions
     from .database_automatic_tuning_py3 import DatabaseAutomaticTuning
     from .encryption_protector_py3 import EncryptionProtector
@@ -81,6 +80,10 @@
     from .sync_member_py3 import SyncMember
     from .subscription_usage_py3 import SubscriptionUsage
     from .virtual_network_rule_py3 import VirtualNetworkRule
+    from .extended_database_blob_auditing_policy_py3 import ExtendedDatabaseBlobAuditingPolicy
+    from .extended_server_blob_auditing_policy_py3 import ExtendedServerBlobAuditingPolicy
+    from .server_blob_auditing_policy_py3 import ServerBlobAuditingPolicy
+    from .database_blob_auditing_policy_py3 import DatabaseBlobAuditingPolicy
     from .database_vulnerability_assessment_rule_baseline_item_py3 import DatabaseVulnerabilityAssessmentRuleBaselineItem
     from .database_vulnerability_assessment_rule_baseline_py3 import DatabaseVulnerabilityAssessmentRuleBaseline
     from .vulnerability_assessment_recurring_scans_properties_py3 import VulnerabilityAssessmentRecurringScansProperties
@@ -104,10 +107,12 @@
     from .complete_database_restore_definition_py3 import CompleteDatabaseRestoreDefinition
     from .managed_database_py3 import ManagedDatabase
     from .managed_database_update_py3 import ManagedDatabaseUpdate
+    from .sensitivity_label_py3 import SensitivityLabel
     from .automatic_tuning_server_options_py3 import AutomaticTuningServerOptions
     from .server_automatic_tuning_py3 import ServerAutomaticTuning
     from .server_dns_alias_py3 import ServerDnsAlias
     from .server_dns_alias_acquisition_py3 import ServerDnsAliasAcquisition
+    from .server_security_alert_policy_py3 import ServerSecurityAlertPolicy
     from .restore_point_py3 import RestorePoint
     from .create_database_restore_point_definition_py3 import CreateDatabaseRestorePointDefinition
     from .database_operation_py3 import DatabaseOperation
@@ -184,7 +189,6 @@
     from .transparent_data_encryption_activity import TransparentDataEncryptionActivity
     from .server_usage import ServerUsage
     from .database_usage import DatabaseUsage
-    from .database_blob_auditing_policy import DatabaseBlobAuditingPolicy
     from .automatic_tuning_options import AutomaticTuningOptions
     from .database_automatic_tuning import DatabaseAutomaticTuning
     from .encryption_protector import EncryptionProtector
@@ -217,6 +221,10 @@
     from .sync_member import SyncMember
     from .subscription_usage import SubscriptionUsage
     from .virtual_network_rule import VirtualNetworkRule
+    from .extended_database_blob_auditing_policy import ExtendedDatabaseBlobAuditingPolicy
+    from .extended_server_blob_auditing_policy import ExtendedServerBlobAuditingPolicy
+    from .server_blob_auditing_policy import ServerBlobAuditingPolicy
+    from .database_blob_auditing_policy import DatabaseBlobAuditingPolicy
     from .database_vulnerability_assessment_rule_baseline_item import DatabaseVulnerabilityAssessmentRuleBaselineItem
     from .database_vulnerability_assessment_rule_baseline import DatabaseVulnerabilityAssessmentRuleBaseline
     from .vulnerability_assessment_recurring_scans_properties import VulnerabilityAssessmentRecurringScansProperties
@@ -240,10 +248,12 @@
     from .complete_database_restore_definition import CompleteDatabaseRestoreDefinition
     from .managed_database import ManagedDatabase
     from .managed_database_update import ManagedDatabaseUpdate
+    from .sensitivity_label import SensitivityLabel
     from .automatic_tuning_server_options import AutomaticTuningServerOptions
     from .server_automatic_tuning import ServerAutomaticTuning
     from .server_dns_alias import ServerDnsAlias
     from .server_dns_alias_acquisition import ServerDnsAliasAcquisition
+    from .server_security_alert_policy import ServerSecurityAlertPolicy
     from .restore_point import RestorePoint
     from .create_database_restore_point_definition import CreateDatabaseRestorePointDefinition
     from .database_operation import DatabaseOperation
@@ -326,12 +336,14 @@
 from .job_version_paged import JobVersionPaged
 from .long_term_retention_backup_paged import LongTermRetentionBackupPaged
 from .managed_database_paged import ManagedDatabasePaged
+from .sensitivity_label_paged import SensitivityLabelPaged
 from .server_dns_alias_paged import ServerDnsAliasPaged
 from .restore_point_paged import RestorePointPaged
 from .database_operation_paged import DatabaseOperationPaged
 from .elastic_pool_operation_paged import ElasticPoolOperationPaged
 from .vulnerability_assessment_scan_record_paged import VulnerabilityAssessmentScanRecordPaged
 from .instance_failover_group_paged import InstanceFailoverGroupPaged
+from .backup_short_term_retention_policy_paged import BackupShortTermRetentionPolicyPaged
 from .sql_management_client_enums import (
     CheckNameAvailabilityReason,
     ServerConnectionType,
@@ -357,7 +369,6 @@
     RecommendedIndexType,
     TransparentDataEncryptionStatus,
     TransparentDataEncryptionActivityStatus,
-    BlobAuditingPolicyState,
     AutomaticTuningMode,
     AutomaticTuningOptionModeDesired,
     AutomaticTuningOptionModeActual,
@@ -376,6 +387,7 @@
     SyncDirection,
     SyncMemberState,
     VirtualNetworkRuleState,
+    BlobAuditingPolicyState,
     JobAgentState,
     JobExecutionLifecycle,
     ProvisioningState,
@@ -407,6 +419,8 @@
     VulnerabilityAssessmentScanState,
     InstanceFailoverGroupReplicationRole,
     LongTermRetentionDatabaseState,
+    VulnerabilityAssessmentPolicyBaselineName,
+    SensitivityLabelSource,
     CapabilityGroup,
 )
 
@@ -449,7 +463,6 @@
     'TransparentDataEncryptionActivity',
     'ServerUsage',
     'DatabaseUsage',
-    'DatabaseBlobAuditingPolicy',
     'AutomaticTuningOptions',
     'DatabaseAutomaticTuning',
     'EncryptionProtector',
@@ -482,6 +495,10 @@
     'SyncMember',
     'SubscriptionUsage',
     'VirtualNetworkRule',
+    'ExtendedDatabaseBlobAuditingPolicy',
+    'ExtendedServerBlobAuditingPolicy',
+    'ServerBlobAuditingPolicy',
+    'DatabaseBlobAuditingPolicy',
     'DatabaseVulnerabilityAssessmentRuleBaselineItem',
     'DatabaseVulnerabilityAssessmentRuleBaseline',
     'VulnerabilityAssessmentRecurringScansProperties',
@@ -505,10 +522,12 @@
     'CompleteDatabaseRestoreDefinition',
     'ManagedDatabase',
     'ManagedDatabaseUpdate',
+    'SensitivityLabel',
     'AutomaticTuningServerOptions',
     'ServerAutomaticTuning',
     'ServerDnsAlias',
     'ServerDnsAliasAcquisition',
+    'ServerSecurityAlertPolicy',
     'RestorePoint',
     'CreateDatabaseRestorePointDefinition',
     'DatabaseOperation',
@@ -591,12 +610,14 @@
     'JobVersionPaged',
     'LongTermRetentionBackupPaged',
     'ManagedDatabasePaged',
+    'SensitivityLabelPaged',
     'ServerDnsAliasPaged',
     'RestorePointPaged',
     'DatabaseOperationPaged',
     'ElasticPoolOperationPaged',
     'VulnerabilityAssessmentScanRecordPaged',
     'InstanceFailoverGroupPaged',
+    'BackupShortTermRetentionPolicyPaged',
     'CheckNameAvailabilityReason',
     'ServerConnectionType',
     'SecurityAlertPolicyState',
@@ -621,7 +642,6 @@
     'RecommendedIndexType',
     'TransparentDataEncryptionStatus',
     'TransparentDataEncryptionActivityStatus',
-    'BlobAuditingPolicyState',
     'AutomaticTuningMode',
     'AutomaticTuningOptionModeDesired',
     'AutomaticTuningOptionModeActual',
@@ -640,6 +660,7 @@
     'SyncDirection',
     'SyncMemberState',
     'VirtualNetworkRuleState',
+    'BlobAuditingPolicyState',
     'JobAgentState',
     'JobExecutionLifecycle',
     'ProvisioningState',
@@ -671,5 +692,7 @@
     'VulnerabilityAssessmentScanState',
     'InstanceFailoverGroupReplicationRole',
     'LongTermRetentionDatabaseState',
+    'VulnerabilityAssessmentPolicyBaselineName',
+    'SensitivityLabelSource',
     'CapabilityGroup',
 ]

azure-mgmt-sql/azure/mgmt/sql/models/backup_short_term_retention_policy_paged.py

@@ -0,0 +1,27 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from msrest.paging import Paged
+
+
+class BackupShortTermRetentionPolicyPaged(Paged):
+    """
+    A paging container for iterating over a list of :class:`BackupShortTermRetentionPolicy <azure.mgmt.sql.models.BackupShortTermRetentionPolicy>` object
+    """
+
+    _attribute_map = {
+        'next_link': {'key': 'nextLink', 'type': 'str'},
+        'current_page': {'key': 'value', 'type': '[BackupShortTermRetentionPolicy]'}
+    }
+
+    def __init__(self, *args, **kwargs):
+
+        super(BackupShortTermRetentionPolicyPaged, self).__init__(*args, **kwargs)

azure-mgmt-sql/azure/mgmt/sql/models/database_blob_auditing_policy.py

@@ -43,14 +43,72 @@ class DatabaseBlobAuditingPolicy(ProxyResource):
     :param retention_days: Specifies the number of days to keep in the audit
      logs.
     :type retention_days: int
-    :param audit_actions_and_groups: Specifies the Actions and Actions-Groups
+    :param audit_actions_and_groups: Specifies the Actions-Groups and Actions
      to audit.
+     The recommended set of action groups to use is the following combination -
+     this will audit all the queries and stored procedures executed against the
+     database, as well as successful and failed logins:
+     BATCH_COMPLETED_GROUP,
+     SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,
+     FAILED_DATABASE_AUTHENTICATION_GROUP.
+     This above combination is also the set that is configured by default when
+     enabling auditing from the Azure portal.
+     The supported action groups to audit are (note: choose only specific
+     groups that cover your auditing needs. Using unnecessary groups could lead
+     to very large quantities of audit records):
+     APPLICATION_ROLE_CHANGE_PASSWORD_GROUP
+     BACKUP_RESTORE_GROUP
+     DATABASE_LOGOUT_GROUP
+     DATABASE_OBJECT_CHANGE_GROUP
+     DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP
+     DATABASE_OBJECT_PERMISSION_CHANGE_GROUP
+     DATABASE_OPERATION_GROUP
+     DATABASE_PERMISSION_CHANGE_GROUP
+     DATABASE_PRINCIPAL_CHANGE_GROUP
+     DATABASE_PRINCIPAL_IMPERSONATION_GROUP
+     DATABASE_ROLE_MEMBER_CHANGE_GROUP
+     FAILED_DATABASE_AUTHENTICATION_GROUP
+     SCHEMA_OBJECT_ACCESS_GROUP
+     SCHEMA_OBJECT_CHANGE_GROUP
+     SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP
+     SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP
+     SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP
+     USER_CHANGE_PASSWORD_GROUP
+     BATCH_STARTED_GROUP
+     BATCH_COMPLETED_GROUP
+     These are groups that cover all sql statements and stored procedures
+     executed against the database, and should not be used in combination with
+     other groups as this will result in duplicate audit logs.
+     For more information, see [Database-Level Audit Action
+     Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups).
+     For Database auditing policy, specific Actions can also be specified (note
+     that Actions cannot be specified for Server auditing policy). The
+     supported actions to audit are:
+     SELECT
+     UPDATE
+     INSERT
+     DELETE
+     EXECUTE
+     RECEIVE
+     REFERENCES
+     The general form for defining an action to be audited is:
+     <action> ON <object> BY <principal>
+     Note that <object> in the above format can refer to an object like a
+     table, view, or stored procedure, or an entire database or schema. For the
+     latter cases, the forms DATABASE::<db_name> and SCHEMA::<schema_name> are
+     used, respectively.
+     For example:
+     SELECT on dbo.myTable by public
+     SELECT on DATABASE::myDatabase by public
+     SELECT on SCHEMA::mySchema by public
+     For more information, see [Database-Level Audit
+     Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions)
     :type audit_actions_and_groups: list[str]
     :param storage_account_subscription_id: Specifies the blob storage
      subscription Id.
     :type storage_account_subscription_id: str
     :param is_storage_secondary_key_in_use: Specifies whether
-     storageAccountAccessKey value is the storage’s secondary key.
+     storageAccountAccessKey value is the storage's secondary key.
     :type is_storage_secondary_key_in_use: bool
     """
 

azure-mgmt-sql/azure/mgmt/sql/models/database_blob_auditing_policy_py3.py

@@ -43,14 +43,72 @@ class DatabaseBlobAuditingPolicy(ProxyResource):
     :param retention_days: Specifies the number of days to keep in the audit
      logs.
     :type retention_days: int
-    :param audit_actions_and_groups: Specifies the Actions and Actions-Groups
+    :param audit_actions_and_groups: Specifies the Actions-Groups and Actions
      to audit.
+     The recommended set of action groups to use is the following combination -
+     this will audit all the queries and stored procedures executed against the
+     database, as well as successful and failed logins:
+     BATCH_COMPLETED_GROUP,
+     SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,
+     FAILED_DATABASE_AUTHENTICATION_GROUP.
+     This above combination is also the set that is configured by default when
+     enabling auditing from the Azure portal.
+     The supported action groups to audit are (note: choose only specific
+     groups that cover your auditing needs. Using unnecessary groups could lead
+     to very large quantities of audit records):
+     APPLICATION_ROLE_CHANGE_PASSWORD_GROUP
+     BACKUP_RESTORE_GROUP
+     DATABASE_LOGOUT_GROUP
+     DATABASE_OBJECT_CHANGE_GROUP
+     DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP
+     DATABASE_OBJECT_PERMISSION_CHANGE_GROUP
+     DATABASE_OPERATION_GROUP
+     DATABASE_PERMISSION_CHANGE_GROUP
+     DATABASE_PRINCIPAL_CHANGE_GROUP
+     DATABASE_PRINCIPAL_IMPERSONATION_GROUP
+     DATABASE_ROLE_MEMBER_CHANGE_GROUP
+     FAILED_DATABASE_AUTHENTICATION_GROUP
+     SCHEMA_OBJECT_ACCESS_GROUP
+     SCHEMA_OBJECT_CHANGE_GROUP
+     SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP
+     SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP
+     SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP
+     USER_CHANGE_PASSWORD_GROUP
+     BATCH_STARTED_GROUP
+     BATCH_COMPLETED_GROUP
+     These are groups that cover all sql statements and stored procedures
+     executed against the database, and should not be used in combination with
+     other groups as this will result in duplicate audit logs.
+     For more information, see [Database-Level Audit Action
+     Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups).
+     For Database auditing policy, specific Actions can also be specified (note
+     that Actions cannot be specified for Server auditing policy). The
+     supported actions to audit are:
+     SELECT
+     UPDATE
+     INSERT
+     DELETE
+     EXECUTE
+     RECEIVE
+     REFERENCES
+     The general form for defining an action to be audited is:
+     <action> ON <object> BY <principal>
+     Note that <object> in the above format can refer to an object like a
+     table, view, or stored procedure, or an entire database or schema. For the
+     latter cases, the forms DATABASE::<db_name> and SCHEMA::<schema_name> are
+     used, respectively.
+     For example:
+     SELECT on dbo.myTable by public
+     SELECT on DATABASE::myDatabase by public
+     SELECT on SCHEMA::mySchema by public
+     For more information, see [Database-Level Audit
+     Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions)
     :type audit_actions_and_groups: list[str]
     :param storage_account_subscription_id: Specifies the blob storage
      subscription Id.
     :type storage_account_subscription_id: str
     :param is_storage_secondary_key_in_use: Specifies whether
-     storageAccountAccessKey value is the storage’s secondary key.
+     storageAccountAccessKey value is the storage's secondary key.
     :type is_storage_secondary_key_in_use: bool
     """
 

azure-mgmt-sql/azure/mgmt/sql/models/database_vulnerability_assessment.py

@@ -30,10 +30,15 @@ class DatabaseVulnerabilityAssessment(ProxyResource):
      hold the scan results (e.g.
      https://myStorage.blob.core.windows.net/VaScans/).
     :type storage_container_path: str
-    :param storage_container_sas_key: Required. A shared access signature (SAS
-     Key) that has write access to the blob container specified in
-     'storageContainerPath' parameter.
+    :param storage_container_sas_key: A shared access signature (SAS Key) that
+     has write access to the blob container specified in 'storageContainerPath'
+     parameter. If 'storageAccountAccessKey' isn't specified,
+     StorageContainerSasKey is required.
     :type storage_container_sas_key: str
+    :param storage_account_access_key: Specifies the identifier key of the
+     vulnerability assessment storage account. If 'StorageContainerSasKey'
+     isn't specified, storageAccountAccessKey is required.
+    :type storage_account_access_key: str
     :param recurring_scans: The recurring scans settings
     :type recurring_scans:
      ~azure.mgmt.sql.models.VulnerabilityAssessmentRecurringScansProperties
@@ -44,7 +49,6 @@ class DatabaseVulnerabilityAssessment(ProxyResource):
         'name': {'readonly': True},
         'type': {'readonly': True},
         'storage_container_path': {'required': True},
-        'storage_container_sas_key': {'required': True},
     }
 
     _attribute_map = {
@@ -53,11 +57,13 @@ class DatabaseVulnerabilityAssessment(ProxyResource):
         'type': {'key': 'type', 'type': 'str'},
         'storage_container_path': {'key': 'properties.storageContainerPath', 'type': 'str'},
         'storage_container_sas_key': {'key': 'properties.storageContainerSasKey', 'type': 'str'},
+        'storage_account_access_key': {'key': 'properties.storageAccountAccessKey', 'type': 'str'},
         'recurring_scans': {'key': 'properties.recurringScans', 'type': 'VulnerabilityAssessmentRecurringScansProperties'},
     }
 
     def __init__(self, **kwargs):
         super(DatabaseVulnerabilityAssessment, self).__init__(**kwargs)
         self.storage_container_path = kwargs.get('storage_container_path', None)
         self.storage_container_sas_key = kwargs.get('storage_container_sas_key', None)
+        self.storage_account_access_key = kwargs.get('storage_account_access_key', None)
         self.recurring_scans = kwargs.get('recurring_scans', None)