From 5624462933e0cc14c42477a4c7478f0d7f6497f4 Mon Sep 17 00:00:00 2001 From: SDKAuto Date: Mon, 11 Nov 2024 21:08:10 +0000 Subject: [PATCH] CodeGen from PR 31491 in Azure/azure-rest-api-specs Merge b41d4ec6fe73ac71d847d9d175e8c07d52e4a8c6 into b77e87885932c399965bfbd01e4c8b660b4e725e --- .../armsecurityinsights/CHANGELOG.md | 254 + .../armsecurityinsights/actions_client.go | 18 +- .../actions_client_example_test.go | 140 - .../armsecurityinsights/alertrules_client.go | 18 +- .../alertrules_client_example_test.go | 2249 --- .../alertruletemplates_client.go | 10 +- .../alertruletemplates_client_example_test.go | 297 - .../automationrules_client.go | 18 +- .../automationrules_client_example_test.go | 304 - .../armsecurityinsights/autorest.md | 7 +- .../armsecurityinsights/bookmark_client.go | 117 - .../bookmark_client_example_test.go | 68 - .../bookmarkrelations_client_example_test.go | 145 - .../armsecurityinsights/bookmarks_client.go | 18 +- .../bookmarks_client_example_test.go | 270 - .../armsecurityinsights/client_factory.go | 130 +- .../armsecurityinsights/constants.go | 1026 +- .../contentpackage_client.go | 177 + ...es_client.go => contentpackages_client.go} | 110 +- .../contenttemplate_client.go | 247 + .../contenttemplates_client.go | 136 + ....go => dataconnectordefinitions_client.go} | 200 +- .../dataconnectors_client.go | 141 +- .../dataconnectors_client_example_test.go | 2500 --- .../dataconnectorscheckrequirements_client.go | 113 - ...rscheckrequirements_client_example_test.go | 483 - .../domainwhois_client_example_test.go | 99 - .../armsecurityinsights/entities_client.go | 335 +- .../entities_client_example_test.go | 1442 -- .../entitiesgettimeline_client.go | 118 - ...entitiesgettimeline_client_example_test.go | 113 - .../entitiesrelations_client_example_test.go | 61 - .../entityqueries_client_example_test.go | 276 - ...ntityquerytemplates_client_example_test.go | 180 - .../entityrelations_client.go | 119 - .../entityrelations_client_example_test.go | 49 - .../fake/contentpackage_server.go | 151 + .../fake/contentpackages_server.go | 226 + .../fake/contenttemplate_server.go | 194 + .../fake/contenttemplates_server.go | 188 + ....go => dataconnectordefinitions_server.go} | 180 +- .../fake/dataconnectors_server.go | 90 - .../dataconnectorscheckrequirements_server.go | 108 - .../fake/domainwhois_server.go | 101 - .../fake/entities_server.go | 233 +- .../fake/entitiesgettimeline_server.go | 108 - .../fake/entityquerytemplates_server.go | 168 - .../fake/fileimports_server.go | 299 - .../fake/incidents_server.go | 49 +- ...ries_server.go => incidenttasks_server.go} | 150 +- .../armsecurityinsights/fake/internal.go | 8 - .../fake/ipgeodata_server.go | 101 - .../fake/officeconsents_server.go | 199 - .../fake/polymorphic_helpers.go | 122 +- ...ark_server.go => productpackage_server.go} | 50 +- ...ns_server.go => productpackages_server.go} | 64 +- .../fake/productsettings_server.go | 237 - ...ns_server.go => producttemplate_server.go} | 52 +- .../fake/producttemplates_server.go | 182 + .../fake/server_factory.go | 149 +- .../fake/sourcecontrol_server.go | 4 +- .../fake/sourcecontrols_server.go | 18 +- .../threatintelligenceindicators_server.go | 14 +- .../fake/watchlistitems_server.go | 6 +- .../fake/watchlists_server.go | 174 +- .../armsecurityinsights/fileimports_client.go | 344 - .../fileimports_client_example_test.go | 167 - .../armsecurityinsights/go.mod | 12 +- .../armsecurityinsights/go.sum | 17 - .../incidentcomments_client.go | 26 +- .../incidentcomments_client_example_test.go | 163 - .../incidentrelations_client.go | 26 +- .../incidentrelations_client_example_test.go | 157 - .../armsecurityinsights/incidents_client.go | 132 +- .../incidents_client_example_test.go | 495 - ...ries_client.go => incidenttasks_client.go} | 189 +- .../armsecurityinsights/interfaces.go | 90 +- .../ipgeodata_client_example_test.go | 56 - .../armsecurityinsights/metadata_client.go | 22 +- .../metadata_client_example_test.go | 541 - .../armsecurityinsights/models.go | 5001 ++--- .../armsecurityinsights/models_serde.go | 16434 ++++++---------- .../officeconsents_client.go | 236 - .../officeconsents_client_example_test.go | 101 - .../armsecurityinsights/operations_client.go | 4 +- .../operations_client_example_test.go | 596 - .../armsecurityinsights/options.go | 307 +- .../polymorphic_helpers.go | 371 +- ...ois_client.go => productpackage_client.go} | 58 +- ...ns_client.go => productpackages_client.go} | 55 +- .../productsettings_client.go | 309 - .../productsettings_client_example_test.go | 135 - ...ta_client.go => producttemplate_client.go} | 58 +- .../producttemplates_client.go | 131 + .../armsecurityinsights/responses.go | 383 +- .../securitymlanalyticssettings_client.go | 18 +- ...mlanalyticssettings_client_example_test.go | 399 - .../sentinelonboardingstates_client.go | 18 +- ...nelonboardingstates_client_example_test.go | 128 - .../sourcecontrol_client.go | 16 +- .../sourcecontrol_client_example_test.go | 53 - .../sourcecontrols_client.go | 46 +- .../sourcecontrols_client_example_test.go | 305 - .../threatintelligenceindicator_client.go | 30 +- ...telligenceindicator_client_example_test.go | 438 - ...reatintelligenceindicatormetrics_client.go | 6 +- ...nceindicatormetrics_client_example_test.go | 65 - .../threatintelligenceindicators_client.go | 6 +- ...elligenceindicators_client_example_test.go | 112 - .../watchlistitems_client.go | 38 +- .../watchlistitems_client_example_test.go | 213 - .../armsecurityinsights/watchlists_client.go | 138 +- .../watchlists_client_example_test.go | 279 - 113 files changed, 11212 insertions(+), 33325 deletions(-) delete mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/actions_client_example_test.go delete mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/alertrules_client_example_test.go delete mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/alertruletemplates_client_example_test.go delete mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/automationrules_client_example_test.go delete mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/bookmark_client.go delete mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/bookmark_client_example_test.go delete mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/bookmarkrelations_client_example_test.go delete mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/bookmarks_client_example_test.go create mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/contentpackage_client.go rename sdk/resourcemanager/securityinsights/armsecurityinsights/{entityquerytemplates_client.go => contentpackages_client.go} (53%) create mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/contenttemplate_client.go create mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/contenttemplates_client.go rename sdk/resourcemanager/securityinsights/armsecurityinsights/{bookmarkrelations_client.go => dataconnectordefinitions_client.go} (50%) delete mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/dataconnectors_client_example_test.go delete mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/dataconnectorscheckrequirements_client.go delete mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/dataconnectorscheckrequirements_client_example_test.go delete mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/domainwhois_client_example_test.go delete mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/entities_client_example_test.go delete mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/entitiesgettimeline_client.go delete mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/entitiesgettimeline_client_example_test.go delete mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/entitiesrelations_client_example_test.go delete mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/entityqueries_client_example_test.go delete mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/entityquerytemplates_client_example_test.go delete mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/entityrelations_client.go delete mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/entityrelations_client_example_test.go create mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/fake/contentpackage_server.go create mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/fake/contentpackages_server.go create mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/fake/contenttemplate_server.go create mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/fake/contenttemplates_server.go rename sdk/resourcemanager/securityinsights/armsecurityinsights/fake/{bookmarkrelations_server.go => dataconnectordefinitions_server.go} (51%) delete mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/fake/dataconnectorscheckrequirements_server.go delete mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/fake/domainwhois_server.go delete mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/fake/entitiesgettimeline_server.go delete mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/fake/entityquerytemplates_server.go delete mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/fake/fileimports_server.go rename sdk/resourcemanager/securityinsights/armsecurityinsights/fake/{entityqueries_server.go => incidenttasks_server.go} (59%) delete mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/fake/ipgeodata_server.go delete mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/fake/officeconsents_server.go rename sdk/resourcemanager/securityinsights/armsecurityinsights/fake/{bookmark_server.go => productpackage_server.go} (55%) rename sdk/resourcemanager/securityinsights/armsecurityinsights/fake/{entitiesrelations_server.go => productpackages_server.go} (62%) delete mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/fake/productsettings_server.go rename sdk/resourcemanager/securityinsights/armsecurityinsights/fake/{entityrelations_server.go => producttemplate_server.go} (54%) create mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/fake/producttemplates_server.go delete mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/fileimports_client.go delete mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/fileimports_client_example_test.go delete mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/incidentcomments_client_example_test.go delete mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/incidentrelations_client_example_test.go delete mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/incidents_client_example_test.go rename sdk/resourcemanager/securityinsights/armsecurityinsights/{entityqueries_client.go => incidenttasks_client.go} (53%) delete mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/ipgeodata_client_example_test.go delete mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/metadata_client_example_test.go delete mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/officeconsents_client.go delete mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/officeconsents_client_example_test.go delete mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/operations_client_example_test.go rename sdk/resourcemanager/securityinsights/armsecurityinsights/{domainwhois_client.go => productpackage_client.go} (51%) rename sdk/resourcemanager/securityinsights/armsecurityinsights/{entitiesrelations_client.go => productpackages_client.go} (58%) delete mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/productsettings_client.go delete mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/productsettings_client_example_test.go rename sdk/resourcemanager/securityinsights/armsecurityinsights/{ipgeodata_client.go => producttemplate_client.go} (51%) create mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/producttemplates_client.go delete mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/securitymlanalyticssettings_client_example_test.go delete mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/sentinelonboardingstates_client_example_test.go delete mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/sourcecontrol_client_example_test.go delete mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/sourcecontrols_client_example_test.go delete mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/threatintelligenceindicator_client_example_test.go delete mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/threatintelligenceindicatormetrics_client_example_test.go delete mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/threatintelligenceindicators_client_example_test.go delete mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/watchlistitems_client_example_test.go delete mode 100644 sdk/resourcemanager/securityinsights/armsecurityinsights/watchlists_client_example_test.go diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/CHANGELOG.md b/sdk/resourcemanager/securityinsights/armsecurityinsights/CHANGELOG.md index cd2202f6620c..e2c365aeee48 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/CHANGELOG.md +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/CHANGELOG.md @@ -1,5 +1,259 @@ # Release History +## 2.0.0 (2024-11-11) +### Breaking Changes + +- Type of `IncidentPropertiesAction.Owner` has been changed from `*IncidentOwnerInfoAutoGenerated` to `*IncidentOwnerInfo` +- Type of `WatchlistProperties.Source` has been changed from `*Source` to `*string` +- Enum `Source` has been removed +- Operation `*WatchlistsClient.CreateOrUpdate` has been changed to LRO, use `*WatchlistsClient.BeginCreateOrUpdate` instead. +- Operation `*WatchlistsClient.Delete` has been changed to LRO, use `*WatchlistsClient.BeginDelete` instead. +- Struct `IncidentOwnerInfoAutoGenerated` has been removed + +### Features Added + +- New value `ActionTypeAddIncidentTask` added to enum type `ActionType` +- New value `AttackTacticImpairProcessControl`, `AttackTacticInhibitResponseFunction`, `AttackTacticReconnaissance`, `AttackTacticResourceDevelopment` added to enum type `AttackTactic` +- New value `AutomationRulePropertyConditionSupportedPropertyAlertAnalyticRuleIDs`, `AutomationRulePropertyConditionSupportedPropertyIncidentCustomDetailsKey`, `AutomationRulePropertyConditionSupportedPropertyIncidentCustomDetailsValue`, `AutomationRulePropertyConditionSupportedPropertyIncidentUpdatedBySource` added to enum type `AutomationRulePropertyConditionSupportedProperty` +- New value `ConditionTypeBoolean`, `ConditionTypePropertyArray`, `ConditionTypePropertyArrayChanged`, `ConditionTypePropertyChanged` added to enum type `ConditionType` +- New value `DataConnectorKindMicrosoftThreatIntelligence`, `DataConnectorKindPremiumMicrosoftDefenderForThreatIntelligence`, `DataConnectorKindRestAPIPoller` added to enum type `DataConnectorKind` +- New value `TriggersOnAlerts` added to enum type `TriggersOn` +- New value `TriggersWhenUpdated` added to enum type `TriggersWhen` +- New enum type `AlertProperty` with values `AlertPropertyAlertLink`, `AlertPropertyConfidenceLevel`, `AlertPropertyConfidenceScore`, `AlertPropertyExtendedLinks`, `AlertPropertyProductComponentName`, `AlertPropertyProductName`, `AlertPropertyProviderName`, `AlertPropertyRemediationSteps`, `AlertPropertyTechniques` +- New enum type `AutomationRuleBooleanConditionSupportedOperator` with values `AutomationRuleBooleanConditionSupportedOperatorAnd`, `AutomationRuleBooleanConditionSupportedOperatorOr` +- New enum type `AutomationRulePropertyArrayChangedConditionSupportedArrayType` with values `AutomationRulePropertyArrayChangedConditionSupportedArrayTypeAlerts`, `AutomationRulePropertyArrayChangedConditionSupportedArrayTypeComments`, `AutomationRulePropertyArrayChangedConditionSupportedArrayTypeLabels`, `AutomationRulePropertyArrayChangedConditionSupportedArrayTypeTactics` +- New enum type `AutomationRulePropertyArrayChangedConditionSupportedChangeType` with values `AutomationRulePropertyArrayChangedConditionSupportedChangeTypeAdded` +- New enum type `AutomationRulePropertyArrayConditionSupportedArrayConditionType` with values `AutomationRulePropertyArrayConditionSupportedArrayConditionTypeAnyItem` +- New enum type `AutomationRulePropertyArrayConditionSupportedArrayType` with values `AutomationRulePropertyArrayConditionSupportedArrayTypeCustomDetailValues`, `AutomationRulePropertyArrayConditionSupportedArrayTypeCustomDetails` +- New enum type `AutomationRulePropertyChangedConditionSupportedChangedType` with values `AutomationRulePropertyChangedConditionSupportedChangedTypeChangedFrom`, `AutomationRulePropertyChangedConditionSupportedChangedTypeChangedTo` +- New enum type `AutomationRulePropertyChangedConditionSupportedPropertyType` with values `AutomationRulePropertyChangedConditionSupportedPropertyTypeIncidentOwner`, `AutomationRulePropertyChangedConditionSupportedPropertyTypeIncidentSeverity`, `AutomationRulePropertyChangedConditionSupportedPropertyTypeIncidentStatus` +- New enum type `CcpAuthType` with values `CcpAuthTypeAPIKey`, `CcpAuthTypeAWS`, `CcpAuthTypeBasic`, `CcpAuthTypeGCP`, `CcpAuthTypeGitHub`, `CcpAuthTypeJwtToken`, `CcpAuthTypeNone`, `CcpAuthTypeOAuth2`, `CcpAuthTypeOracle`, `CcpAuthTypeServiceBus`, `CcpAuthTypeSession` +- New enum type `ContentType` with values `ContentTypeAnalyticRule`, `ContentTypeAutomationRule`, `ContentTypeHuntingQuery`, `ContentTypeParser`, `ContentTypePlaybook`, `ContentTypeWorkbook` +- New enum type `DataConnectorDefinitionKind` with values `DataConnectorDefinitionKindCustomizable` +- New enum type `DeploymentFetchStatus` with values `DeploymentFetchStatusNotFound`, `DeploymentFetchStatusSuccess`, `DeploymentFetchStatusUnauthorized` +- New enum type `DeploymentResult` with values `DeploymentResultCanceled`, `DeploymentResultFailed`, `DeploymentResultSuccess` +- New enum type `DeploymentState` with values `DeploymentStateCanceling`, `DeploymentStateCompleted`, `DeploymentStateInProgress`, `DeploymentStateQueued` +- New enum type `Flag` with values `FlagFalse`, `FlagTrue` +- New enum type `HTTPMethodVerb` with values `HTTPMethodVerbDELETE`, `HTTPMethodVerbGET`, `HTTPMethodVerbPOST`, `HTTPMethodVerbPUT` +- New enum type `IncidentTaskStatus` with values `IncidentTaskStatusCompleted`, `IncidentTaskStatusNew` +- New enum type `Kind` with values `KindAnalyticsRule`, `KindAnalyticsRuleTemplate`, `KindAutomationRule`, `KindAzureFunction`, `KindDataConnector`, `KindDataType`, `KindHuntingQuery`, `KindInvestigationQuery`, `KindLogicAppsCustomConnector`, `KindParser`, `KindPlaybook`, `KindPlaybookTemplate`, `KindSolution`, `KindWatchlist`, `KindWatchlistTemplate`, `KindWorkbook`, `KindWorkbookTemplate` +- New enum type `Operator` with values `OperatorAND`, `OperatorOR` +- New enum type `PackageKind` with values `PackageKindSolution`, `PackageKindStandalone` +- New enum type `ProviderPermissionsScope` with values `ProviderPermissionsScopeResourceGroup`, `ProviderPermissionsScopeSubscription`, `ProviderPermissionsScopeWorkspace` +- New enum type `ProvisioningState` with values `ProvisioningStateCanceled`, `ProvisioningStateDeleting`, `ProvisioningStateFailed`, `ProvisioningStateInProgress`, `ProvisioningStateNew`, `ProvisioningStateSucceeded`, `ProvisioningStateUploading` +- New enum type `RepoType` with values `RepoTypeAzureDevOps`, `RepoTypeGithub` +- New enum type `RepositoryAccessKind` with values `RepositoryAccessKindApp`, `RepositoryAccessKindOAuth`, `RepositoryAccessKindPAT` +- New enum type `RestAPIPollerRequestPagingKind` with values `RestAPIPollerRequestPagingKindCountBasedPaging`, `RestAPIPollerRequestPagingKindLinkHeader`, `RestAPIPollerRequestPagingKindNextPageToken`, `RestAPIPollerRequestPagingKindNextPageURL`, `RestAPIPollerRequestPagingKindOffset`, `RestAPIPollerRequestPagingKindPersistentLinkHeader`, `RestAPIPollerRequestPagingKindPersistentToken` +- New enum type `SecurityMLAnalyticsSettingsKind` with values `SecurityMLAnalyticsSettingsKindAnomaly` +- New enum type `SettingsStatus` with values `SettingsStatusFlighting`, `SettingsStatusProduction` +- New enum type `SourceKind` with values `SourceKindCommunity`, `SourceKindLocalWorkspace`, `SourceKindSolution`, `SourceKindSourceRepository` +- New enum type `SourceType` with values `SourceTypeLocalFile`, `SourceTypeRemoteStorage` +- New enum type `State` with values `StateClosed`, `StateOpen` +- New enum type `SupportTier` with values `SupportTierCommunity`, `SupportTierMicrosoft`, `SupportTierPartner` +- New enum type `Version` with values `VersionV1`, `VersionV2` +- New enum type `WarningCode` with values `WarningCodeSourceControlDeletedWithWarnings`, `WarningCodeSourceControlWarningDeletePipelineFromAzureDevOps`, `WarningCodeSourceControlWarningDeleteRoleAssignment`, `WarningCodeSourceControlWarningDeleteServicePrincipal`, `WarningCodeSourceControlWarningDeleteWorkflowAndSecretFromGitHub` +- New function `*APIKeyAuthModel.GetCcpAuthConfig() *CcpAuthConfig` +- New function `*AWSAuthModel.GetCcpAuthConfig() *CcpAuthConfig` +- New function `*AnomalySecurityMLAnalyticsSettings.GetSecurityMLAnalyticsSetting() *SecurityMLAnalyticsSetting` +- New function `*AutomationRuleAddIncidentTaskAction.GetAutomationRuleAction() *AutomationRuleAction` +- New function `*BasicAuthModel.GetCcpAuthConfig() *CcpAuthConfig` +- New function `*BooleanConditionProperties.GetAutomationRuleCondition() *AutomationRuleCondition` +- New function `*CcpAuthConfig.GetCcpAuthConfig() *CcpAuthConfig` +- New function `*ClientFactory.NewContentPackageClient() *ContentPackageClient` +- New function `*ClientFactory.NewContentPackagesClient() *ContentPackagesClient` +- New function `*ClientFactory.NewContentTemplateClient() *ContentTemplateClient` +- New function `*ClientFactory.NewContentTemplatesClient() *ContentTemplatesClient` +- New function `*ClientFactory.NewDataConnectorDefinitionsClient() *DataConnectorDefinitionsClient` +- New function `*ClientFactory.NewEntitiesClient() *EntitiesClient` +- New function `*ClientFactory.NewIncidentTasksClient() *IncidentTasksClient` +- New function `*ClientFactory.NewMetadataClient() *MetadataClient` +- New function `*ClientFactory.NewProductPackageClient() *ProductPackageClient` +- New function `*ClientFactory.NewProductPackagesClient() *ProductPackagesClient` +- New function `*ClientFactory.NewProductTemplateClient() *ProductTemplateClient` +- New function `*ClientFactory.NewProductTemplatesClient() *ProductTemplatesClient` +- New function `*ClientFactory.NewSecurityMLAnalyticsSettingsClient() *SecurityMLAnalyticsSettingsClient` +- New function `*ClientFactory.NewSourceControlClient() *SourceControlClient` +- New function `*ClientFactory.NewSourceControlsClient() *SourceControlsClient` +- New function `NewContentPackageClient(string, azcore.TokenCredential, *arm.ClientOptions) (*ContentPackageClient, error)` +- New function `*ContentPackageClient.Install(context.Context, string, string, string, PackageModel, *ContentPackageClientInstallOptions) (ContentPackageClientInstallResponse, error)` +- New function `*ContentPackageClient.Uninstall(context.Context, string, string, string, *ContentPackageClientUninstallOptions) (ContentPackageClientUninstallResponse, error)` +- New function `NewContentPackagesClient(string, azcore.TokenCredential, *arm.ClientOptions) (*ContentPackagesClient, error)` +- New function `*ContentPackagesClient.Get(context.Context, string, string, string, *ContentPackagesClientGetOptions) (ContentPackagesClientGetResponse, error)` +- New function `*ContentPackagesClient.NewListPager(string, string, *ContentPackagesClientListOptions) *runtime.Pager[ContentPackagesClientListResponse]` +- New function `NewContentTemplateClient(string, azcore.TokenCredential, *arm.ClientOptions) (*ContentTemplateClient, error)` +- New function `*ContentTemplateClient.Delete(context.Context, string, string, string, *ContentTemplateClientDeleteOptions) (ContentTemplateClientDeleteResponse, error)` +- New function `*ContentTemplateClient.Get(context.Context, string, string, string, *ContentTemplateClientGetOptions) (ContentTemplateClientGetResponse, error)` +- New function `*ContentTemplateClient.Install(context.Context, string, string, string, TemplateModel, *ContentTemplateClientInstallOptions) (ContentTemplateClientInstallResponse, error)` +- New function `NewContentTemplatesClient(string, azcore.TokenCredential, *arm.ClientOptions) (*ContentTemplatesClient, error)` +- New function `*ContentTemplatesClient.NewListPager(string, string, *ContentTemplatesClientListOptions) *runtime.Pager[ContentTemplatesClientListResponse]` +- New function `*CustomizableConnectorDefinition.GetDataConnectorDefinition() *DataConnectorDefinition` +- New function `*DataConnectorDefinition.GetDataConnectorDefinition() *DataConnectorDefinition` +- New function `NewDataConnectorDefinitionsClient(string, azcore.TokenCredential, *arm.ClientOptions) (*DataConnectorDefinitionsClient, error)` +- New function `*DataConnectorDefinitionsClient.CreateOrUpdate(context.Context, string, string, string, DataConnectorDefinitionClassification, *DataConnectorDefinitionsClientCreateOrUpdateOptions) (DataConnectorDefinitionsClientCreateOrUpdateResponse, error)` +- New function `*DataConnectorDefinitionsClient.Delete(context.Context, string, string, string, *DataConnectorDefinitionsClientDeleteOptions) (DataConnectorDefinitionsClientDeleteResponse, error)` +- New function `*DataConnectorDefinitionsClient.Get(context.Context, string, string, string, *DataConnectorDefinitionsClientGetOptions) (DataConnectorDefinitionsClientGetResponse, error)` +- New function `*DataConnectorDefinitionsClient.NewListPager(string, string, *DataConnectorDefinitionsClientListOptions) *runtime.Pager[DataConnectorDefinitionsClientListResponse]` +- New function `NewEntitiesClient(string, azcore.TokenCredential, *arm.ClientOptions) (*EntitiesClient, error)` +- New function `*EntitiesClient.RunPlaybook(context.Context, string, string, string, *EntitiesClientRunPlaybookOptions) (EntitiesClientRunPlaybookResponse, error)` +- New function `*GCPAuthModel.GetCcpAuthConfig() *CcpAuthConfig` +- New function `*GenericBlobSbsAuthModel.GetCcpAuthConfig() *CcpAuthConfig` +- New function `*GitHubAuthModel.GetCcpAuthConfig() *CcpAuthConfig` +- New function `NewIncidentTasksClient(string, azcore.TokenCredential, *arm.ClientOptions) (*IncidentTasksClient, error)` +- New function `*IncidentTasksClient.CreateOrUpdate(context.Context, string, string, string, string, IncidentTask, *IncidentTasksClientCreateOrUpdateOptions) (IncidentTasksClientCreateOrUpdateResponse, error)` +- New function `*IncidentTasksClient.Delete(context.Context, string, string, string, string, *IncidentTasksClientDeleteOptions) (IncidentTasksClientDeleteResponse, error)` +- New function `*IncidentTasksClient.Get(context.Context, string, string, string, string, *IncidentTasksClientGetOptions) (IncidentTasksClientGetResponse, error)` +- New function `*IncidentTasksClient.NewListPager(string, string, string, *IncidentTasksClientListOptions) *runtime.Pager[IncidentTasksClientListResponse]` +- New function `*IncidentsClient.RunPlaybook(context.Context, string, string, string, *IncidentsClientRunPlaybookOptions) (IncidentsClientRunPlaybookResponse, error)` +- New function `*JwtAuthModel.GetCcpAuthConfig() *CcpAuthConfig` +- New function `*MSTIDataConnector.GetDataConnector() *DataConnector` +- New function `NewMetadataClient(string, azcore.TokenCredential, *arm.ClientOptions) (*MetadataClient, error)` +- New function `*MetadataClient.Create(context.Context, string, string, string, MetadataModel, *MetadataClientCreateOptions) (MetadataClientCreateResponse, error)` +- New function `*MetadataClient.Delete(context.Context, string, string, string, *MetadataClientDeleteOptions) (MetadataClientDeleteResponse, error)` +- New function `*MetadataClient.Get(context.Context, string, string, string, *MetadataClientGetOptions) (MetadataClientGetResponse, error)` +- New function `*MetadataClient.NewListPager(string, string, *MetadataClientListOptions) *runtime.Pager[MetadataClientListResponse]` +- New function `*MetadataClient.Update(context.Context, string, string, string, MetadataPatch, *MetadataClientUpdateOptions) (MetadataClientUpdateResponse, error)` +- New function `*OAuthModel.GetCcpAuthConfig() *CcpAuthConfig` +- New function `*OracleAuthModel.GetCcpAuthConfig() *CcpAuthConfig` +- New function `*PremiumMicrosoftDefenderForThreatIntelligence.GetDataConnector() *DataConnector` +- New function `NewProductPackageClient(string, azcore.TokenCredential, *arm.ClientOptions) (*ProductPackageClient, error)` +- New function `*ProductPackageClient.Get(context.Context, string, string, string, *ProductPackageClientGetOptions) (ProductPackageClientGetResponse, error)` +- New function `NewProductPackagesClient(string, azcore.TokenCredential, *arm.ClientOptions) (*ProductPackagesClient, error)` +- New function `*ProductPackagesClient.NewListPager(string, string, *ProductPackagesClientListOptions) *runtime.Pager[ProductPackagesClientListResponse]` +- New function `NewProductTemplateClient(string, azcore.TokenCredential, *arm.ClientOptions) (*ProductTemplateClient, error)` +- New function `*ProductTemplateClient.Get(context.Context, string, string, string, *ProductTemplateClientGetOptions) (ProductTemplateClientGetResponse, error)` +- New function `NewProductTemplatesClient(string, azcore.TokenCredential, *arm.ClientOptions) (*ProductTemplatesClient, error)` +- New function `*ProductTemplatesClient.NewListPager(string, string, *ProductTemplatesClientListOptions) *runtime.Pager[ProductTemplatesClientListResponse]` +- New function `*PropertyArrayChangedConditionProperties.GetAutomationRuleCondition() *AutomationRuleCondition` +- New function `*PropertyArrayConditionProperties.GetAutomationRuleCondition() *AutomationRuleCondition` +- New function `*PropertyChangedConditionProperties.GetAutomationRuleCondition() *AutomationRuleCondition` +- New function `*RestAPIPollerDataConnector.GetDataConnector() *DataConnector` +- New function `*SecurityMLAnalyticsSetting.GetSecurityMLAnalyticsSetting() *SecurityMLAnalyticsSetting` +- New function `NewSecurityMLAnalyticsSettingsClient(string, azcore.TokenCredential, *arm.ClientOptions) (*SecurityMLAnalyticsSettingsClient, error)` +- New function `*SecurityMLAnalyticsSettingsClient.CreateOrUpdate(context.Context, string, string, string, SecurityMLAnalyticsSettingClassification, *SecurityMLAnalyticsSettingsClientCreateOrUpdateOptions) (SecurityMLAnalyticsSettingsClientCreateOrUpdateResponse, error)` +- New function `*SecurityMLAnalyticsSettingsClient.Delete(context.Context, string, string, string, *SecurityMLAnalyticsSettingsClientDeleteOptions) (SecurityMLAnalyticsSettingsClientDeleteResponse, error)` +- New function `*SecurityMLAnalyticsSettingsClient.Get(context.Context, string, string, string, *SecurityMLAnalyticsSettingsClientGetOptions) (SecurityMLAnalyticsSettingsClientGetResponse, error)` +- New function `*SecurityMLAnalyticsSettingsClient.NewListPager(string, string, *SecurityMLAnalyticsSettingsClientListOptions) *runtime.Pager[SecurityMLAnalyticsSettingsClientListResponse]` +- New function `*SessionAuthModel.GetCcpAuthConfig() *CcpAuthConfig` +- New function `NewSourceControlClient(string, azcore.TokenCredential, *arm.ClientOptions) (*SourceControlClient, error)` +- New function `*SourceControlClient.NewListRepositoriesPager(string, string, RepositoryAccessProperties, *SourceControlClientListRepositoriesOptions) *runtime.Pager[SourceControlClientListRepositoriesResponse]` +- New function `NewSourceControlsClient(string, azcore.TokenCredential, *arm.ClientOptions) (*SourceControlsClient, error)` +- New function `*SourceControlsClient.Create(context.Context, string, string, string, SourceControl, *SourceControlsClientCreateOptions) (SourceControlsClientCreateResponse, error)` +- New function `*SourceControlsClient.Delete(context.Context, string, string, string, RepositoryAccessProperties, *SourceControlsClientDeleteOptions) (SourceControlsClientDeleteResponse, error)` +- New function `*SourceControlsClient.Get(context.Context, string, string, string, *SourceControlsClientGetOptions) (SourceControlsClientGetResponse, error)` +- New function `*SourceControlsClient.NewListPager(string, string, *SourceControlsClientListOptions) *runtime.Pager[SourceControlsClientListResponse]` +- New function `*NoneAuthModel.GetCcpAuthConfig() *CcpAuthConfig` +- New struct `APIKeyAuthModel` +- New struct `AWSAuthModel` +- New struct `AddIncidentTaskActionProperties` +- New struct `AlertPropertyMapping` +- New struct `AnomalySecurityMLAnalyticsSettings` +- New struct `AnomalySecurityMLAnalyticsSettingsProperties` +- New struct `AutomationRuleAddIncidentTaskAction` +- New struct `AutomationRuleBooleanCondition` +- New struct `AutomationRulePropertyArrayChangedValuesCondition` +- New struct `AutomationRulePropertyArrayValuesCondition` +- New struct `AutomationRulePropertyValuesChangedCondition` +- New struct `AzureDevOpsResourceInfo` +- New struct `BasicAuthModel` +- New struct `BooleanConditionProperties` +- New struct `CcpResponseConfig` +- New struct `ConnectivityCriterion` +- New struct `ConnectorDataType` +- New struct `ConnectorDefinitionsAvailability` +- New struct `ConnectorDefinitionsPermissions` +- New struct `ConnectorDefinitionsResourceProvider` +- New struct `CustomPermissionDetails` +- New struct `CustomizableConnectionsConfig` +- New struct `CustomizableConnectorDefinition` +- New struct `CustomizableConnectorDefinitionProperties` +- New struct `CustomizableConnectorUIConfig` +- New struct `DCRConfiguration` +- New struct `DataConnectorDefinitionArmCollectionWrapper` +- New struct `Deployment` +- New struct `DeploymentInfo` +- New struct `EntityManualTriggerRequestBody` +- New struct `GCPAuthModel` +- New struct `GenericBlobSbsAuthModel` +- New struct `GitHubAuthModel` +- New struct `GitHubResourceInfo` +- New struct `GraphQuery` +- New struct `IncidentTask` +- New struct `IncidentTaskList` +- New struct `IncidentTaskProperties` +- New struct `InstructionStep` +- New struct `InstructionStepDetails` +- New struct `JwtAuthModel` +- New struct `MSTIDataConnector` +- New struct `MSTIDataConnectorDataTypes` +- New struct `MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed` +- New struct `MSTIDataConnectorProperties` +- New struct `ManualTriggerRequestBody` +- New struct `MetadataAuthor` +- New struct `MetadataCategories` +- New struct `MetadataDependencies` +- New struct `MetadataList` +- New struct `MetadataModel` +- New struct `MetadataPatch` +- New struct `MetadataProperties` +- New struct `MetadataPropertiesPatch` +- New struct `MetadataSource` +- New struct `MetadataSupport` +- New struct `NoneAuthModel` +- New struct `OAuthModel` +- New struct `OracleAuthModel` +- New struct `PackageList` +- New struct `PackageModel` +- New struct `PackageProperties` +- New struct `PremiumMdtiDataConnectorDataTypes` +- New struct `PremiumMdtiDataConnectorDataTypesConnector` +- New struct `PremiumMdtiDataConnectorProperties` +- New struct `PremiumMicrosoftDefenderForThreatIntelligence` +- New struct `ProductPackageList` +- New struct `ProductPackageModel` +- New struct `ProductPackageProperties` +- New struct `ProductTemplateList` +- New struct `ProductTemplateModel` +- New struct `ProductTemplateProperties` +- New struct `PropertyArrayChangedConditionProperties` +- New struct `PropertyArrayConditionProperties` +- New struct `PropertyChangedConditionProperties` +- New struct `PullRequest` +- New struct `Repo` +- New struct `RepoList` +- New struct `Repository` +- New struct `RepositoryAccess` +- New struct `RepositoryAccessObject` +- New struct `RepositoryAccessProperties` +- New struct `RepositoryResourceInfo` +- New struct `ResourceProviderRequiredPermissions` +- New struct `RestAPIPollerDataConnector` +- New struct `RestAPIPollerDataConnectorProperties` +- New struct `RestAPIPollerRequestConfig` +- New struct `RestAPIPollerRequestPagingConfig` +- New struct `SecurityMLAnalyticsSettingsDataSource` +- New struct `SecurityMLAnalyticsSettingsList` +- New struct `ServicePrincipal` +- New struct `SessionAuthModel` +- New struct `SourceControl` +- New struct `SourceControlList` +- New struct `SourceControlProperties` +- New struct `TemplateList` +- New struct `TemplateModel` +- New struct `TemplateProperties` +- New struct `Warning` +- New struct `WarningBody` +- New struct `Webhook` +- New field `AlertDynamicProperties` in struct `AlertDetailsOverride` +- New field `Techniques` in struct `FusionAlertRuleProperties` +- New field `Techniques` in struct `FusionAlertRuleTemplateProperties` +- New field `ProviderIncidentURL` in struct `IncidentAdditionalData` +- New field `OwnerType` in struct `IncidentOwnerInfo` +- New field `ProviderIncidentID`, `ProviderName` in struct `IncidentProperties` +- New field `Techniques` in struct `ScheduledAlertRuleProperties` +- New field `Techniques` in struct `ScheduledAlertRuleTemplateProperties` +- New field `ProvisioningState`, `SourceType` in struct `WatchlistProperties` + + ## 2.0.0-beta.4 (2024-06-14) ### Features Added diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/actions_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/actions_client.go index e36f064ff891..276fe181039d 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/actions_client.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/actions_client.go @@ -28,7 +28,7 @@ type ActionsClient struct { } // NewActionsClient creates a new instance of ActionsClient with the specified values. -// - subscriptionID - The ID of the target subscription. +// - subscriptionID - The ID of the target subscription. The value must be an UUID. // - credential - used to authorize requests. Usually a credential from azidentity. // - options - pass nil to accept the default values. func NewActionsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*ActionsClient, error) { @@ -46,7 +46,7 @@ func NewActionsClient(subscriptionID string, credential azcore.TokenCredential, // CreateOrUpdate - Creates or updates the action of alert rule. // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. // - ruleID - Alert rule ID @@ -103,7 +103,7 @@ func (client *ActionsClient) createOrUpdateCreateRequest(ctx context.Context, re return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} if err := runtime.MarshalAsJSON(req, action); err != nil { @@ -124,7 +124,7 @@ func (client *ActionsClient) createOrUpdateHandleResponse(resp *http.Response) ( // Delete - Delete the action of alert rule. // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. // - ruleID - Alert rule ID @@ -179,7 +179,7 @@ func (client *ActionsClient) deleteCreateRequest(ctx context.Context, resourceGr return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil @@ -188,7 +188,7 @@ func (client *ActionsClient) deleteCreateRequest(ctx context.Context, resourceGr // Get - Gets the action of alert rule. // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. // - ruleID - Alert rule ID @@ -244,7 +244,7 @@ func (client *ActionsClient) getCreateRequest(ctx context.Context, resourceGroup return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil @@ -261,7 +261,7 @@ func (client *ActionsClient) getHandleResponse(resp *http.Response) (ActionsClie // NewListByAlertRulePager - Gets all actions of alert rule. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. // - ruleID - Alert rule ID @@ -314,7 +314,7 @@ func (client *ActionsClient) listByAlertRuleCreateRequest(ctx context.Context, r return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/actions_client_example_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/actions_client_example_test.go deleted file mode 100644 index 06ec633f7476..000000000000 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/actions_client_example_test.go +++ /dev/null @@ -1,140 +0,0 @@ -//go:build go1.18 -// +build go1.18 - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See License.txt in the project root for license information. -// Code generated by Microsoft (R) AutoRest Code Generator. -// Changes may cause incorrect behavior and will be lost if the code is regenerated. -// DO NOT EDIT. - -package armsecurityinsights_test - -import ( - "context" - "log" - - "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" - "github.com/Azure/azure-sdk-for-go/sdk/azidentity" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" -) - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/actions/GetAllActionsByAlertRule.json -func ExampleActionsClient_NewListByAlertRulePager() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - pager := clientFactory.NewActionsClient().NewListByAlertRulePager("myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", nil) - for pager.More() { - page, err := pager.NextPage(ctx) - if err != nil { - log.Fatalf("failed to advance page: %v", err) - } - for _, v := range page.Value { - // You could use page here. We use blank identifier for just demo purposes. - _ = v - } - // If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // page.ActionsList = armsecurityinsights.ActionsList{ - // Value: []*armsecurityinsights.ActionResponse{ - // { - // Name: to.Ptr("912bec42-cb66-4c03-ac63-1761b6898c3e"), - // Type: to.Ptr("Microsoft.SecurityInsights/alertRules/actions"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e"), - // Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - // Properties: &armsecurityinsights.ActionResponseProperties{ - // LogicAppResourceID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts"), - // WorkflowID: to.Ptr("cd3765391efd48549fd7681ded1d48d7"), - // }, - // }}, - // } - } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/actions/GetActionOfAlertRuleById.json -func ExampleActionsClient_Get() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewActionsClient().Get(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "912bec42-cb66-4c03-ac63-1761b6898c3e", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res.ActionResponse = armsecurityinsights.ActionResponse{ - // Name: to.Ptr("912bec42-cb66-4c03-ac63-1761b6898c3e"), - // Type: to.Ptr("Microsoft.SecurityInsights/alertRules/actions"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e"), - // Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - // Properties: &armsecurityinsights.ActionResponseProperties{ - // LogicAppResourceID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts"), - // WorkflowID: to.Ptr("cd3765391efd48549fd7681ded1d48d7"), - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/actions/CreateActionOfAlertRule.json -func ExampleActionsClient_CreateOrUpdate() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewActionsClient().CreateOrUpdate(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "912bec42-cb66-4c03-ac63-1761b6898c3e", armsecurityinsights.ActionRequest{ - Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - Properties: &armsecurityinsights.ActionRequestProperties{ - LogicAppResourceID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts"), - TriggerURI: to.Ptr("https://prod-31.northcentralus.logic.azure.com:443/workflows/cd3765391efd48549fd7681ded1d48d7/triggers/manual/paths/invoke?api-version=2016-10-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=signature"), - }, - }, nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res.ActionResponse = armsecurityinsights.ActionResponse{ - // Name: to.Ptr("912bec42-cb66-4c03-ac63-1761b6898c3e"), - // Type: to.Ptr("Microsoft.SecurityInsights/alertRules/actions"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e"), - // Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - // Properties: &armsecurityinsights.ActionResponseProperties{ - // LogicAppResourceID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts"), - // WorkflowID: to.Ptr("cd3765391efd48549fd7681ded1d48d7"), - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/actions/DeleteActionOfAlertRule.json -func ExampleActionsClient_Delete() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - _, err = clientFactory.NewActionsClient().Delete(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "912bec42-cb66-4c03-ac63-1761b6898c3e", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } -} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/alertrules_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/alertrules_client.go index 58e0b2ff4170..0237f91e6b5a 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/alertrules_client.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/alertrules_client.go @@ -28,7 +28,7 @@ type AlertRulesClient struct { } // NewAlertRulesClient creates a new instance of AlertRulesClient with the specified values. -// - subscriptionID - The ID of the target subscription. +// - subscriptionID - The ID of the target subscription. The value must be an UUID. // - credential - used to authorize requests. Usually a credential from azidentity. // - options - pass nil to accept the default values. func NewAlertRulesClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*AlertRulesClient, error) { @@ -46,7 +46,7 @@ func NewAlertRulesClient(subscriptionID string, credential azcore.TokenCredentia // CreateOrUpdate - Creates or updates the alert rule. // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. // - ruleID - Alert rule ID @@ -99,7 +99,7 @@ func (client *AlertRulesClient) createOrUpdateCreateRequest(ctx context.Context, return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} if err := runtime.MarshalAsJSON(req, alertRule); err != nil { @@ -120,7 +120,7 @@ func (client *AlertRulesClient) createOrUpdateHandleResponse(resp *http.Response // Delete - Delete the alert rule. // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. // - ruleID - Alert rule ID @@ -170,7 +170,7 @@ func (client *AlertRulesClient) deleteCreateRequest(ctx context.Context, resourc return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil @@ -179,7 +179,7 @@ func (client *AlertRulesClient) deleteCreateRequest(ctx context.Context, resourc // Get - Gets the alert rule. // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. // - ruleID - Alert rule ID @@ -230,7 +230,7 @@ func (client *AlertRulesClient) getCreateRequest(ctx context.Context, resourceGr return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil @@ -247,7 +247,7 @@ func (client *AlertRulesClient) getHandleResponse(resp *http.Response) (AlertRul // NewListPager - Gets all alert rules. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. // - options - AlertRulesClientListOptions contains the optional parameters for the AlertRulesClient.NewListPager method. @@ -294,7 +294,7 @@ func (client *AlertRulesClient) listCreateRequest(ctx context.Context, resourceG return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/alertrules_client_example_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/alertrules_client_example_test.go deleted file mode 100644 index 534c187a779a..000000000000 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/alertrules_client_example_test.go +++ /dev/null @@ -1,2249 +0,0 @@ -//go:build go1.18 -// +build go1.18 - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See License.txt in the project root for license information. -// Code generated by Microsoft (R) AutoRest Code Generator. -// Changes may cause incorrect behavior and will be lost if the code is regenerated. -// DO NOT EDIT. - -package armsecurityinsights_test - -import ( - "context" - "log" - - "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" - "github.com/Azure/azure-sdk-for-go/sdk/azidentity" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" -) - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/alertRules/GetAllAlertRules.json -func ExampleAlertRulesClient_NewListPager() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - pager := clientFactory.NewAlertRulesClient().NewListPager("myRg", "myWorkspace", nil) - for pager.More() { - page, err := pager.NextPage(ctx) - if err != nil { - log.Fatalf("failed to advance page: %v", err) - } - for _, v := range page.Value { - // You could use page here. We use blank identifier for just demo purposes. - _ = v - } - // If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // page.AlertRulesList = armsecurityinsights.AlertRulesList{ - // Value: []armsecurityinsights.AlertRuleClassification{ - // &armsecurityinsights.ScheduledAlertRule{ - // Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"), - // Type: to.Ptr("Microsoft.SecurityInsights/alertRules"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5"), - // Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - // Kind: to.Ptr(armsecurityinsights.AlertRuleKindScheduled), - // Properties: &armsecurityinsights.ScheduledAlertRuleProperties{ - // AlertDetailsOverride: &armsecurityinsights.AlertDetailsOverride{ - // AlertDescriptionFormat: to.Ptr("Suspicious activity was made by {{ComputerIP}}"), - // AlertDisplayNameFormat: to.Ptr("Alert from {{Computer}}"), - // }, - // CustomDetails: map[string]*string{ - // "OperatingSystemName": to.Ptr("OSName"), - // "OperatingSystemType": to.Ptr("OSType"), - // }, - // EntityMappings: []*armsecurityinsights.EntityMapping{ - // { - // EntityType: to.Ptr(armsecurityinsights.EntityMappingTypeHost), - // FieldMappings: []*armsecurityinsights.FieldMapping{ - // { - // ColumnName: to.Ptr("Computer"), - // Identifier: to.Ptr("FullName"), - // }}, - // }, - // { - // EntityType: to.Ptr(armsecurityinsights.EntityMappingTypeIP), - // FieldMappings: []*armsecurityinsights.FieldMapping{ - // { - // ColumnName: to.Ptr("ComputerIP"), - // Identifier: to.Ptr("Address"), - // }}, - // }}, - // EventGroupingSettings: &armsecurityinsights.EventGroupingSettings{ - // AggregationKind: to.Ptr(armsecurityinsights.EventGroupingAggregationKindAlertPerResult), - // }, - // Query: to.Ptr("Heartbeat"), - // QueryFrequency: to.Ptr("PT1H"), - // QueryPeriod: to.Ptr("P2DT1H30M"), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - // TriggerOperator: to.Ptr(armsecurityinsights.TriggerOperatorGreaterThan), - // TriggerThreshold: to.Ptr[int32](0), - // Description: to.Ptr("An example for a scheduled rule"), - // DisplayName: to.Ptr("My scheduled rule"), - // Enabled: to.Ptr(true), - // IncidentConfiguration: &armsecurityinsights.IncidentConfiguration{ - // CreateIncident: to.Ptr(true), - // GroupingConfiguration: &armsecurityinsights.GroupingConfiguration{ - // Enabled: to.Ptr(true), - // GroupByAlertDetails: []*armsecurityinsights.AlertDetail{ - // to.Ptr(armsecurityinsights.AlertDetailDisplayName)}, - // GroupByCustomDetails: []*string{ - // to.Ptr("OperatingSystemType"), - // to.Ptr("OperatingSystemName")}, - // GroupByEntities: []*armsecurityinsights.EntityMappingType{ - // to.Ptr(armsecurityinsights.EntityMappingTypeHost)}, - // LookbackDuration: to.Ptr("PT5H"), - // MatchingMethod: to.Ptr(armsecurityinsights.MatchingMethodSelected), - // ReopenClosedIncident: to.Ptr(false), - // }, - // }, - // LastModifiedUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-01T13:17:30.000Z"); return t}()), - // SuppressionDuration: to.Ptr("PT1H"), - // SuppressionEnabled: to.Ptr(false), - // Tactics: []*armsecurityinsights.AttackTactic{ - // to.Ptr(armsecurityinsights.AttackTacticPersistence), - // to.Ptr(armsecurityinsights.AttackTacticLateralMovement)}, - // Techniques: []*string{ - // to.Ptr("T1037"), - // to.Ptr("T1021")}, - // }, - // }, - // &armsecurityinsights.MicrosoftSecurityIncidentCreationAlertRule{ - // Name: to.Ptr("microsoftSecurityIncidentCreationRuleExample"), - // Type: to.Ptr("Microsoft.SecurityInsights/alertRules"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExample"), - // Etag: to.Ptr("\"260097e0-0000-0d00-0000-5d6fa88f0000\""), - // Kind: to.Ptr(armsecurityinsights.AlertRuleKindMicrosoftSecurityIncidentCreation), - // Properties: &armsecurityinsights.MicrosoftSecurityIncidentCreationAlertRuleProperties{ - // ProductFilter: to.Ptr(armsecurityinsights.MicrosoftSecurityProductNameMicrosoftCloudAppSecurity), - // DisplayName: to.Ptr("testing displayname"), - // Enabled: to.Ptr(true), - // LastModifiedUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-09-04T12:05:35.729Z"); return t}()), - // }, - // }, - // &armsecurityinsights.FusionAlertRule{ - // Name: to.Ptr("myFirstFusionRule"), - // Type: to.Ptr("Microsoft.SecurityInsights/alertRules"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule"), - // Etag: to.Ptr("\"25005c11-0000-0d00-0000-5d6cc0e20000\""), - // Kind: to.Ptr(armsecurityinsights.AlertRuleKindFusion), - // Properties: &armsecurityinsights.FusionAlertRuleProperties{ - // Description: to.Ptr("Microsoft Sentinel uses Fusion, a correlation engine based on scalable machine learning algorithms, to automatically detect multistage attacks by identifying combinations of anomalous behaviors and suspicious activities that are observed at various stages of the kill chain. On the basis of these discoveries, Azure Sentinel generates incidents that would otherwise be very difficult to catch. By design, these incidents are low-volume, high-fidelity, and high-severity, which is why this detection is turned ON by default.\n\nSince Fusion correlates multiple signals from various products to detect advanced multistage attacks, successful Fusion detections are presented as Fusion incidents on the Microsoft Sentinel Incidents page. This rule covers the following detections:\n- Fusion for emerging threats\n- Fusion for ransomware\n- Scenario-based Fusion detections (122 scenarios)\n\nTo enable these detections, we recommend you configure the following data connectors for best results:\n- Out-of-the-box anomaly detections\n- Azure Active Directory Identity Protection\n- Azure Defender\n- Azure Defender for IoT\n- Microsoft 365 Defender\n- Microsoft Cloud App Security \n- Microsoft Defender for Endpoint\n- Microsoft Defender for Identity\n- Microsoft Defender for Office 365\n- Palo Alto Networks\n- Scheduled analytics rules, both built-in and those created by your security analysts. Analytics rules must contain kill-chain (tactics) and entity mapping information in order to be used by Fusion.\n\nFor the full description of each detection that is supported by Fusion, go to https://aka.ms/SentinelFusion."), - // AlertRuleTemplateName: to.Ptr("f71aba3d-28fb-450b-b192-4e76a83015c8"), - // DisplayName: to.Ptr("Advanced Multi-Stage Attack Detection"), - // Enabled: to.Ptr(true), - // LastModifiedUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-10-22T07:12:34.906Z"); return t}()), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - // SourceSettings: []*armsecurityinsights.FusionSourceSettings{ - // { - // Enabled: to.Ptr(true), - // SourceName: to.Ptr("Anomalies"), - // }, - // { - // Enabled: to.Ptr(true), - // SourceName: to.Ptr("Alert providers"), - // SourceSubTypes: []*armsecurityinsights.FusionSourceSubTypeSetting{ - // { - // Enabled: to.Ptr(true), - // SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ - // Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{ - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational), - // }}, - // IsSupported: to.Ptr(true), - // }, - // SourceSubTypeDisplayName: to.Ptr("Azure Active Directory Identity Protection"), - // SourceSubTypeName: to.Ptr("Azure Active Directory Identity Protection"), - // }, - // { - // Enabled: to.Ptr(true), - // SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ - // Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{ - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational), - // }}, - // IsSupported: to.Ptr(true), - // }, - // SourceSubTypeDisplayName: to.Ptr("Microsoft Defender for Cloud"), - // SourceSubTypeName: to.Ptr("Azure Defender"), - // }, - // { - // Enabled: to.Ptr(true), - // SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ - // Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{ - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational), - // }}, - // IsSupported: to.Ptr(true), - // }, - // SourceSubTypeDisplayName: to.Ptr("Microsoft Defender for IoT"), - // SourceSubTypeName: to.Ptr("Azure Defender for IoT"), - // }, - // { - // Enabled: to.Ptr(true), - // SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ - // Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{ - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational), - // }}, - // IsSupported: to.Ptr(true), - // }, - // SourceSubTypeDisplayName: to.Ptr("Microsoft 365 Defender"), - // SourceSubTypeName: to.Ptr("Microsoft 365 Defender"), - // }, - // { - // Enabled: to.Ptr(true), - // SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ - // Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{ - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational), - // }}, - // IsSupported: to.Ptr(true), - // }, - // SourceSubTypeDisplayName: to.Ptr("Microsoft Cloud App Security"), - // SourceSubTypeName: to.Ptr("Microsoft Cloud App Security"), - // }, - // { - // Enabled: to.Ptr(true), - // SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ - // Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{ - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational), - // }}, - // IsSupported: to.Ptr(true), - // }, - // SourceSubTypeDisplayName: to.Ptr("Microsoft Defender for Endpoint"), - // SourceSubTypeName: to.Ptr("Microsoft Defender for Endpoint"), - // }, - // { - // Enabled: to.Ptr(true), - // SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ - // Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{ - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational), - // }}, - // IsSupported: to.Ptr(true), - // }, - // SourceSubTypeDisplayName: to.Ptr("Microsoft Defender for Identity"), - // SourceSubTypeName: to.Ptr("Microsoft Defender for Identity"), - // }, - // { - // Enabled: to.Ptr(true), - // SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ - // Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{ - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational), - // }}, - // IsSupported: to.Ptr(true), - // }, - // SourceSubTypeDisplayName: to.Ptr("Microsoft Defender for Office 365"), - // SourceSubTypeName: to.Ptr("Microsoft Defender for Office 365"), - // }, - // { - // Enabled: to.Ptr(true), - // SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ - // Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{ - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational), - // }}, - // IsSupported: to.Ptr(true), - // }, - // SourceSubTypeDisplayName: to.Ptr("Azure Sentinel scheduled analytics rules"), - // SourceSubTypeName: to.Ptr("Azure Sentinel scheduled analytics rules"), - // }}, - // }, - // { - // Enabled: to.Ptr(true), - // SourceName: to.Ptr("Raw logs from other sources"), - // SourceSubTypes: []*armsecurityinsights.FusionSourceSubTypeSetting{ - // { - // Enabled: to.Ptr(true), - // SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ - // IsSupported: to.Ptr(false), - // }, - // SourceSubTypeDisplayName: to.Ptr("Palo Alto Networks"), - // SourceSubTypeName: to.Ptr("Palo Alto Networks"), - // }}, - // }}, - // Tactics: []*armsecurityinsights.AttackTactic{ - // to.Ptr(armsecurityinsights.AttackTacticCollection), - // to.Ptr(armsecurityinsights.AttackTacticCommandAndControl), - // to.Ptr(armsecurityinsights.AttackTacticCredentialAccess), - // to.Ptr(armsecurityinsights.AttackTacticDefenseEvasion), - // to.Ptr(armsecurityinsights.AttackTacticDiscovery), - // to.Ptr(armsecurityinsights.AttackTacticExecution), - // to.Ptr(armsecurityinsights.AttackTacticExfiltration), - // to.Ptr(armsecurityinsights.AttackTacticImpact), - // to.Ptr(armsecurityinsights.AttackTacticInitialAccess), - // to.Ptr(armsecurityinsights.AttackTacticLateralMovement), - // to.Ptr(armsecurityinsights.AttackTacticPersistence), - // to.Ptr(armsecurityinsights.AttackTacticPrivilegeEscalation)}, - // }, - // }}, - // } - } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/alertRules/GetFusionAlertRule.json -func ExampleAlertRulesClient_Get_getAFusionAlertRule() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewAlertRulesClient().Get(ctx, "myRg", "myWorkspace", "myFirstFusionRule", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.AlertRulesClientGetResponse{ - // AlertRuleClassification: &armsecurityinsights.FusionAlertRule{ - // Name: to.Ptr("myFirstFusionRule"), - // Type: to.Ptr("Microsoft.SecurityInsights/alertRules"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule"), - // Etag: to.Ptr("\"260090e2-0000-0d00-0000-5d6fb8670000\""), - // Kind: to.Ptr(armsecurityinsights.AlertRuleKindFusion), - // Properties: &armsecurityinsights.FusionAlertRuleProperties{ - // Description: to.Ptr("Microsoft Sentinel uses Fusion, a correlation engine based on scalable machine learning algorithms, to automatically detect multistage attacks by identifying combinations of anomalous behaviors and suspicious activities that are observed at various stages of the kill chain. On the basis of these discoveries, Azure Sentinel generates incidents that would otherwise be very difficult to catch. By design, these incidents are low-volume, high-fidelity, and high-severity, which is why this detection is turned ON by default.\n\nSince Fusion correlates multiple signals from various products to detect advanced multistage attacks, successful Fusion detections are presented as Fusion incidents on the Microsoft Sentinel Incidents page. This rule covers the following detections:\n- Fusion for emerging threats\n- Fusion for ransomware\n- Scenario-based Fusion detections (122 scenarios)\n\nTo enable these detections, we recommend you configure the following data connectors for best results:\n- Out-of-the-box anomaly detections\n- Azure Active Directory Identity Protection\n- Azure Defender\n- Azure Defender for IoT\n- Microsoft 365 Defender\n- Microsoft Cloud App Security \n- Microsoft Defender for Endpoint\n- Microsoft Defender for Identity\n- Microsoft Defender for Office 365\n- Palo Alto Networks\n- Scheduled analytics rules, both built-in and those created by your security analysts. Analytics rules must contain kill-chain (tactics) and entity mapping information in order to be used by Fusion.\n\nFor the full description of each detection that is supported by Fusion, go to https://aka.ms/SentinelFusion."), - // AlertRuleTemplateName: to.Ptr("f71aba3d-28fb-450b-b192-4e76a83015c8"), - // DisplayName: to.Ptr("Advanced Multi-Stage Attack Detection"), - // Enabled: to.Ptr(true), - // LastModifiedUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-10-20T13:13:11.534Z"); return t}()), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - // SourceSettings: []*armsecurityinsights.FusionSourceSettings{ - // { - // Enabled: to.Ptr(true), - // SourceName: to.Ptr("Anomalies"), - // }, - // { - // Enabled: to.Ptr(true), - // SourceName: to.Ptr("Alert providers"), - // SourceSubTypes: []*armsecurityinsights.FusionSourceSubTypeSetting{ - // { - // Enabled: to.Ptr(true), - // SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ - // Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{ - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational), - // }}, - // IsSupported: to.Ptr(true), - // }, - // SourceSubTypeDisplayName: to.Ptr("Azure Active Directory Identity Protection"), - // SourceSubTypeName: to.Ptr("Azure Active Directory Identity Protection"), - // }, - // { - // Enabled: to.Ptr(true), - // SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ - // Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{ - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational), - // }}, - // IsSupported: to.Ptr(true), - // }, - // SourceSubTypeDisplayName: to.Ptr("Microsoft Defender for Cloud"), - // SourceSubTypeName: to.Ptr("Azure Defender"), - // }, - // { - // Enabled: to.Ptr(true), - // SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ - // Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{ - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational), - // }}, - // IsSupported: to.Ptr(true), - // }, - // SourceSubTypeDisplayName: to.Ptr("Microsoft Defender for IoT"), - // SourceSubTypeName: to.Ptr("Azure Defender for IoT"), - // }, - // { - // Enabled: to.Ptr(true), - // SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ - // Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{ - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational), - // }}, - // IsSupported: to.Ptr(true), - // }, - // SourceSubTypeDisplayName: to.Ptr("Microsoft 365 Defender"), - // SourceSubTypeName: to.Ptr("Microsoft 365 Defender"), - // }, - // { - // Enabled: to.Ptr(true), - // SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ - // Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{ - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational), - // }}, - // IsSupported: to.Ptr(true), - // }, - // SourceSubTypeDisplayName: to.Ptr("Microsoft Cloud App Security"), - // SourceSubTypeName: to.Ptr("Microsoft Cloud App Security"), - // }, - // { - // Enabled: to.Ptr(true), - // SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ - // Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{ - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational), - // }}, - // IsSupported: to.Ptr(true), - // }, - // SourceSubTypeDisplayName: to.Ptr("Microsoft Defender for Endpoint"), - // SourceSubTypeName: to.Ptr("Microsoft Defender for Endpoint"), - // }, - // { - // Enabled: to.Ptr(true), - // SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ - // Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{ - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational), - // }}, - // IsSupported: to.Ptr(true), - // }, - // SourceSubTypeDisplayName: to.Ptr("Microsoft Defender for Identity"), - // SourceSubTypeName: to.Ptr("Microsoft Defender for Identity"), - // }, - // { - // Enabled: to.Ptr(true), - // SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ - // Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{ - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational), - // }}, - // IsSupported: to.Ptr(true), - // }, - // SourceSubTypeDisplayName: to.Ptr("Microsoft Defender for Office 365"), - // SourceSubTypeName: to.Ptr("Microsoft Defender for Office 365"), - // }, - // { - // Enabled: to.Ptr(true), - // SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ - // Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{ - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational), - // }}, - // IsSupported: to.Ptr(true), - // }, - // SourceSubTypeDisplayName: to.Ptr("Azure Sentinel scheduled analytics rules"), - // SourceSubTypeName: to.Ptr("Azure Sentinel scheduled analytics rules"), - // }}, - // }, - // { - // Enabled: to.Ptr(true), - // SourceName: to.Ptr("Raw logs from other sources"), - // SourceSubTypes: []*armsecurityinsights.FusionSourceSubTypeSetting{ - // { - // Enabled: to.Ptr(true), - // SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ - // IsSupported: to.Ptr(false), - // }, - // SourceSubTypeDisplayName: to.Ptr("Palo Alto Networks"), - // SourceSubTypeName: to.Ptr("Palo Alto Networks"), - // }}, - // }}, - // Tactics: []*armsecurityinsights.AttackTactic{ - // to.Ptr(armsecurityinsights.AttackTacticCollection), - // to.Ptr(armsecurityinsights.AttackTacticCommandAndControl), - // to.Ptr(armsecurityinsights.AttackTacticCredentialAccess), - // to.Ptr(armsecurityinsights.AttackTacticDefenseEvasion), - // to.Ptr(armsecurityinsights.AttackTacticDiscovery), - // to.Ptr(armsecurityinsights.AttackTacticExecution), - // to.Ptr(armsecurityinsights.AttackTacticExfiltration), - // to.Ptr(armsecurityinsights.AttackTacticImpact), - // to.Ptr(armsecurityinsights.AttackTacticInitialAccess), - // to.Ptr(armsecurityinsights.AttackTacticLateralMovement), - // to.Ptr(armsecurityinsights.AttackTacticPersistence), - // to.Ptr(armsecurityinsights.AttackTacticPrivilegeEscalation)}, - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json -func ExampleAlertRulesClient_Get_getAMicrosoftSecurityIncidentCreationRule() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewAlertRulesClient().Get(ctx, "myRg", "myWorkspace", "microsoftSecurityIncidentCreationRuleExample", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.AlertRulesClientGetResponse{ - // AlertRuleClassification: &armsecurityinsights.MicrosoftSecurityIncidentCreationAlertRule{ - // Name: to.Ptr("microsoftSecurityIncidentCreationRuleExample"), - // Type: to.Ptr("Microsoft.SecurityInsights/alertRules"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExample"), - // Etag: to.Ptr("\"260097e0-0000-0d00-0000-5d6fa88f0000\""), - // Kind: to.Ptr(armsecurityinsights.AlertRuleKindMicrosoftSecurityIncidentCreation), - // Properties: &armsecurityinsights.MicrosoftSecurityIncidentCreationAlertRuleProperties{ - // ProductFilter: to.Ptr(armsecurityinsights.MicrosoftSecurityProductNameMicrosoftCloudAppSecurity), - // DisplayName: to.Ptr("testing displayname"), - // Enabled: to.Ptr(true), - // LastModifiedUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-09-04T12:05:35.729Z"); return t}()), - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/alertRules/GetScheduledAlertRule.json -func ExampleAlertRulesClient_Get_getAScheduledAlertRule() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewAlertRulesClient().Get(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.AlertRulesClientGetResponse{ - // AlertRuleClassification: &armsecurityinsights.ScheduledAlertRule{ - // Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"), - // Type: to.Ptr("Microsoft.SecurityInsights/alertRules"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5"), - // Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - // Kind: to.Ptr(armsecurityinsights.AlertRuleKindScheduled), - // Properties: &armsecurityinsights.ScheduledAlertRuleProperties{ - // AlertDetailsOverride: &armsecurityinsights.AlertDetailsOverride{ - // AlertDescriptionFormat: to.Ptr("Suspicious activity was made by {{ComputerIP}}"), - // AlertDisplayNameFormat: to.Ptr("Alert from {{Computer}}"), - // }, - // CustomDetails: map[string]*string{ - // "OperatingSystemName": to.Ptr("OSName"), - // "OperatingSystemType": to.Ptr("OSType"), - // }, - // EntityMappings: []*armsecurityinsights.EntityMapping{ - // { - // EntityType: to.Ptr(armsecurityinsights.EntityMappingTypeHost), - // FieldMappings: []*armsecurityinsights.FieldMapping{ - // { - // ColumnName: to.Ptr("Computer"), - // Identifier: to.Ptr("FullName"), - // }}, - // }, - // { - // EntityType: to.Ptr(armsecurityinsights.EntityMappingTypeIP), - // FieldMappings: []*armsecurityinsights.FieldMapping{ - // { - // ColumnName: to.Ptr("ComputerIP"), - // Identifier: to.Ptr("Address"), - // }}, - // }}, - // EventGroupingSettings: &armsecurityinsights.EventGroupingSettings{ - // AggregationKind: to.Ptr(armsecurityinsights.EventGroupingAggregationKindAlertPerResult), - // }, - // Query: to.Ptr("Heartbeat"), - // QueryFrequency: to.Ptr("PT1H"), - // QueryPeriod: to.Ptr("P2DT1H30M"), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - // TriggerOperator: to.Ptr(armsecurityinsights.TriggerOperatorGreaterThan), - // TriggerThreshold: to.Ptr[int32](0), - // Description: to.Ptr("An example for a scheduled rule"), - // DisplayName: to.Ptr("My scheduled rule"), - // Enabled: to.Ptr(true), - // IncidentConfiguration: &armsecurityinsights.IncidentConfiguration{ - // CreateIncident: to.Ptr(true), - // GroupingConfiguration: &armsecurityinsights.GroupingConfiguration{ - // Enabled: to.Ptr(true), - // GroupByAlertDetails: []*armsecurityinsights.AlertDetail{ - // to.Ptr(armsecurityinsights.AlertDetailDisplayName)}, - // GroupByCustomDetails: []*string{ - // to.Ptr("OperatingSystemType"), - // to.Ptr("OperatingSystemName")}, - // GroupByEntities: []*armsecurityinsights.EntityMappingType{ - // to.Ptr(armsecurityinsights.EntityMappingTypeHost)}, - // LookbackDuration: to.Ptr("PT5H"), - // MatchingMethod: to.Ptr(armsecurityinsights.MatchingMethodSelected), - // ReopenClosedIncident: to.Ptr(false), - // }, - // }, - // LastModifiedUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-01T13:17:30.000Z"); return t}()), - // SuppressionDuration: to.Ptr("PT1H"), - // SuppressionEnabled: to.Ptr(false), - // Tactics: []*armsecurityinsights.AttackTactic{ - // to.Ptr(armsecurityinsights.AttackTacticPersistence), - // to.Ptr(armsecurityinsights.AttackTacticLateralMovement)}, - // Techniques: []*string{ - // to.Ptr("T1037"), - // to.Ptr("T1021")}, - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/alertRules/GetNrtAlertRule.json -func ExampleAlertRulesClient_Get_getAnNrtAlertRule() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewAlertRulesClient().Get(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.AlertRulesClientGetResponse{ - // AlertRuleClassification: &armsecurityinsights.NrtAlertRule{ - // Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"), - // Type: to.Ptr("Microsoft.SecurityInsights/alertRules"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5"), - // Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - // Kind: to.Ptr(armsecurityinsights.AlertRuleKindNRT), - // Properties: &armsecurityinsights.NrtAlertRuleProperties{ - // Description: to.Ptr(""), - // DisplayName: to.Ptr("Rule2"), - // Enabled: to.Ptr(true), - // EventGroupingSettings: &armsecurityinsights.EventGroupingSettings{ - // AggregationKind: to.Ptr(armsecurityinsights.EventGroupingAggregationKindAlertPerResult), - // }, - // IncidentConfiguration: &armsecurityinsights.IncidentConfiguration{ - // CreateIncident: to.Ptr(true), - // GroupingConfiguration: &armsecurityinsights.GroupingConfiguration{ - // Enabled: to.Ptr(true), - // GroupByEntities: []*armsecurityinsights.EntityMappingType{ - // to.Ptr(armsecurityinsights.EntityMappingTypeHost), - // to.Ptr(armsecurityinsights.EntityMappingTypeAccount)}, - // LookbackDuration: to.Ptr("PT5H"), - // MatchingMethod: to.Ptr(armsecurityinsights.MatchingMethodSelected), - // ReopenClosedIncident: to.Ptr(false), - // }, - // }, - // LastModifiedUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:15:30.000Z"); return t}()), - // Query: to.Ptr("ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden"), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - // SuppressionDuration: to.Ptr("PT1H"), - // SuppressionEnabled: to.Ptr(false), - // Tactics: []*armsecurityinsights.AttackTactic{ - // to.Ptr(armsecurityinsights.AttackTacticPersistence), - // to.Ptr(armsecurityinsights.AttackTacticLateralMovement)}, - // Techniques: []*string{ - // to.Ptr("T1037"), - // to.Ptr("T1021")}, - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/alertRules/CreateFusionAlertRuleWithFusionScenarioExclusion.json -func ExampleAlertRulesClient_CreateOrUpdate_createsOrUpdatesAFusionAlertRuleWithScenarioExclusionPattern() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewAlertRulesClient().CreateOrUpdate(ctx, "myRg", "myWorkspace", "myFirstFusionRule", &armsecurityinsights.FusionAlertRule{ - Etag: to.Ptr("3d00c3ca-0000-0100-0000-5d42d5010000"), - Kind: to.Ptr(armsecurityinsights.AlertRuleKindFusion), - Properties: &armsecurityinsights.FusionAlertRuleProperties{ - AlertRuleTemplateName: to.Ptr("f71aba3d-28fb-450b-b192-4e76a83015c8"), - Enabled: to.Ptr(true), - SourceSettings: []*armsecurityinsights.FusionSourceSettings{ - { - Enabled: to.Ptr(true), - SourceName: to.Ptr("Anomalies"), - }, - { - Enabled: to.Ptr(true), - SourceName: to.Ptr("Alert providers"), - SourceSubTypes: []*armsecurityinsights.FusionSourceSubTypeSetting{ - { - Enabled: to.Ptr(true), - SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ - Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{ - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - }, - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), - }, - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), - }, - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational), - }}, - }, - SourceSubTypeName: to.Ptr("Azure Active Directory Identity Protection"), - }, - { - Enabled: to.Ptr(true), - SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ - Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{ - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - }, - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), - }, - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), - }, - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational), - }}, - }, - SourceSubTypeName: to.Ptr("Azure Defender"), - }, - { - Enabled: to.Ptr(true), - SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ - Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{ - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - }, - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), - }, - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), - }, - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational), - }}, - }, - SourceSubTypeName: to.Ptr("Azure Defender for IoT"), - }, - { - Enabled: to.Ptr(true), - SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ - Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{ - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - }, - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), - }, - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), - }, - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational), - }}, - }, - SourceSubTypeName: to.Ptr("Microsoft 365 Defender"), - }, - { - Enabled: to.Ptr(true), - SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ - Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{ - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - }, - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), - }, - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), - }, - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational), - }}, - }, - SourceSubTypeName: to.Ptr("Microsoft Cloud App Security"), - }, - { - Enabled: to.Ptr(true), - SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ - Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{ - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - }, - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), - }, - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), - }, - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational), - }}, - }, - SourceSubTypeName: to.Ptr("Microsoft Defender for Endpoint"), - }, - { - Enabled: to.Ptr(true), - SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ - Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{ - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - }, - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), - }, - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), - }, - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational), - }}, - }, - SourceSubTypeName: to.Ptr("Microsoft Defender for Identity"), - }, - { - Enabled: to.Ptr(true), - SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ - Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{ - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - }, - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), - }, - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), - }, - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational), - }}, - }, - SourceSubTypeName: to.Ptr("Microsoft Defender for Office 365"), - }, - { - Enabled: to.Ptr(true), - SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ - Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{ - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - }, - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), - }, - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), - }, - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational), - }}, - }, - SourceSubTypeName: to.Ptr("Azure Sentinel scheduled analytics rules"), - }}, - }, - { - Enabled: to.Ptr(true), - SourceName: to.Ptr("Raw logs from other sources"), - SourceSubTypes: []*armsecurityinsights.FusionSourceSubTypeSetting{ - { - Enabled: to.Ptr(true), - SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{}, - SourceSubTypeName: to.Ptr("Palo Alto Networks"), - }}, - }}, - }, - }, nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.AlertRulesClientCreateOrUpdateResponse{ - // AlertRuleClassification: &armsecurityinsights.FusionAlertRule{ - // Name: to.Ptr("myFirstFusionRule"), - // Type: to.Ptr("Microsoft.SecurityInsights/alertRules"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule"), - // Etag: to.Ptr("\"260090e2-0000-0d00-0000-5d6fb8670000\""), - // Kind: to.Ptr(armsecurityinsights.AlertRuleKindFusion), - // Properties: &armsecurityinsights.FusionAlertRuleProperties{ - // Description: to.Ptr("Using Fusion technology based on machine learning, Azure Sentinel automatically detects multistage attacks by identifying combinations of anomalous behaviors and suspicious activities observed at various stages of the kill chain. On the basis of these discoveries, Azure Sentinel generates incidents that would otherwise be very difficult to catch. By design, these incidents are low-volume, high-fidelity, and high-severity, which is why this detection is turned ON by default.\n\nThere are a total of 122 Fusion incident types detected by Azure Sentinel.\n\nTo detect these multistage attacks, the following data connectors must be configured:\n- Azure Active Directory Identity Protection.\n- Microsoft Cloud App Security.\n- Microsoft Defender for Endpoint.\n- Azure Defender.\n- Palo Alto Networks.\n- Scheduled Analytics Rules supported by Fusion\n\nFor a full list and description of each scenario that is supported for these multistage attacks, go to https://aka.ms/SentinelFusion."), - // AlertRuleTemplateName: to.Ptr("f71aba3d-28fb-450b-b192-4e76a83015c8"), - // DisplayName: to.Ptr("Advanced Multi-Stage Attack Detection"), - // Enabled: to.Ptr(true), - // LastModifiedUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-09-04T13:13:11.534Z"); return t}()), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - // SourceSettings: []*armsecurityinsights.FusionSourceSettings{ - // { - // Enabled: to.Ptr(true), - // SourceName: to.Ptr("Anomalies"), - // }, - // { - // Enabled: to.Ptr(true), - // SourceName: to.Ptr("Alert providers"), - // SourceSubTypes: []*armsecurityinsights.FusionSourceSubTypeSetting{ - // { - // Enabled: to.Ptr(true), - // SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ - // Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{ - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational), - // }}, - // IsSupported: to.Ptr(true), - // }, - // SourceSubTypeName: to.Ptr("Azure Active Directory Identity Protection"), - // }, - // { - // Enabled: to.Ptr(true), - // SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ - // Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{ - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational), - // }}, - // IsSupported: to.Ptr(true), - // }, - // SourceSubTypeName: to.Ptr("Azure Defender"), - // }, - // { - // Enabled: to.Ptr(true), - // SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ - // Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{ - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational), - // }}, - // IsSupported: to.Ptr(true), - // }, - // SourceSubTypeName: to.Ptr("Azure Defender for IoT"), - // }, - // { - // Enabled: to.Ptr(true), - // SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ - // Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{ - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational), - // }}, - // IsSupported: to.Ptr(true), - // }, - // SourceSubTypeName: to.Ptr("Microsoft 365 Defender"), - // }, - // { - // Enabled: to.Ptr(true), - // SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ - // Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{ - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational), - // }}, - // IsSupported: to.Ptr(true), - // }, - // SourceSubTypeName: to.Ptr("Microsoft Cloud App Security"), - // }, - // { - // Enabled: to.Ptr(true), - // SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ - // Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{ - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational), - // }}, - // IsSupported: to.Ptr(true), - // }, - // SourceSubTypeName: to.Ptr("Microsoft Defender for Endpoint"), - // }, - // { - // Enabled: to.Ptr(true), - // SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ - // Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{ - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational), - // }}, - // IsSupported: to.Ptr(true), - // }, - // SourceSubTypeName: to.Ptr("Microsoft Defender for Identity"), - // }, - // { - // Enabled: to.Ptr(true), - // SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ - // Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{ - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational), - // }}, - // IsSupported: to.Ptr(true), - // }, - // SourceSubTypeName: to.Ptr("Microsoft Defender for Office 365"), - // }, - // { - // Enabled: to.Ptr(true), - // SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ - // Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{ - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational), - // }}, - // IsSupported: to.Ptr(true), - // }, - // SourceSubTypeName: to.Ptr("Azure Sentinel scheduled analytics rules"), - // }}, - // }, - // { - // Enabled: to.Ptr(true), - // SourceName: to.Ptr("Raw logs from other sources"), - // SourceSubTypes: []*armsecurityinsights.FusionSourceSubTypeSetting{ - // { - // Enabled: to.Ptr(true), - // SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ - // IsSupported: to.Ptr(false), - // }, - // SourceSubTypeName: to.Ptr("Palo Alto Networks"), - // }}, - // }}, - // Tactics: []*armsecurityinsights.AttackTactic{ - // to.Ptr(armsecurityinsights.AttackTacticCollection), - // to.Ptr(armsecurityinsights.AttackTacticCommandAndControl), - // to.Ptr(armsecurityinsights.AttackTacticCredentialAccess), - // to.Ptr(armsecurityinsights.AttackTacticDefenseEvasion), - // to.Ptr(armsecurityinsights.AttackTacticDiscovery), - // to.Ptr(armsecurityinsights.AttackTacticExecution), - // to.Ptr(armsecurityinsights.AttackTacticExfiltration), - // to.Ptr(armsecurityinsights.AttackTacticImpact), - // to.Ptr(armsecurityinsights.AttackTacticInitialAccess), - // to.Ptr(armsecurityinsights.AttackTacticLateralMovement), - // to.Ptr(armsecurityinsights.AttackTacticPersistence), - // to.Ptr(armsecurityinsights.AttackTacticPrivilegeEscalation)}, - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/alertRules/CreateFusionAlertRule.json -func ExampleAlertRulesClient_CreateOrUpdate_createsOrUpdatesAFusionAlertRule() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewAlertRulesClient().CreateOrUpdate(ctx, "myRg", "myWorkspace", "myFirstFusionRule", &armsecurityinsights.FusionAlertRule{ - Etag: to.Ptr("3d00c3ca-0000-0100-0000-5d42d5010000"), - Kind: to.Ptr(armsecurityinsights.AlertRuleKindFusion), - Properties: &armsecurityinsights.FusionAlertRuleProperties{ - AlertRuleTemplateName: to.Ptr("f71aba3d-28fb-450b-b192-4e76a83015c8"), - Enabled: to.Ptr(true), - SourceSettings: []*armsecurityinsights.FusionSourceSettings{ - { - Enabled: to.Ptr(true), - SourceName: to.Ptr("Anomalies"), - }, - { - Enabled: to.Ptr(true), - SourceName: to.Ptr("Alert providers"), - SourceSubTypes: []*armsecurityinsights.FusionSourceSubTypeSetting{ - { - Enabled: to.Ptr(true), - SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ - Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{ - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - }, - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), - }, - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), - }, - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational), - }}, - }, - SourceSubTypeName: to.Ptr("Azure Active Directory Identity Protection"), - }, - { - Enabled: to.Ptr(true), - SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ - Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{ - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - }, - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), - }, - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), - }, - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational), - }}, - }, - SourceSubTypeName: to.Ptr("Azure Defender"), - }, - { - Enabled: to.Ptr(true), - SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ - Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{ - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - }, - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), - }, - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), - }, - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational), - }}, - }, - SourceSubTypeName: to.Ptr("Azure Defender for IoT"), - }, - { - Enabled: to.Ptr(true), - SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ - Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{ - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - }, - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), - }, - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), - }, - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational), - }}, - }, - SourceSubTypeName: to.Ptr("Microsoft 365 Defender"), - }, - { - Enabled: to.Ptr(true), - SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ - Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{ - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - }, - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), - }, - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), - }, - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational), - }}, - }, - SourceSubTypeName: to.Ptr("Microsoft Cloud App Security"), - }, - { - Enabled: to.Ptr(true), - SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ - Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{ - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - }, - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), - }, - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), - }, - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational), - }}, - }, - SourceSubTypeName: to.Ptr("Microsoft Defender for Endpoint"), - }, - { - Enabled: to.Ptr(true), - SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ - Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{ - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - }, - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), - }, - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), - }, - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational), - }}, - }, - SourceSubTypeName: to.Ptr("Microsoft Defender for Identity"), - }, - { - Enabled: to.Ptr(true), - SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ - Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{ - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - }, - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), - }, - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), - }, - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational), - }}, - }, - SourceSubTypeName: to.Ptr("Microsoft Defender for Office 365"), - }, - { - Enabled: to.Ptr(true), - SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ - Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{ - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - }, - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), - }, - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), - }, - { - Enabled: to.Ptr(true), - Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational), - }}, - }, - SourceSubTypeName: to.Ptr("Azure Sentinel scheduled analytics rules"), - }}, - }, - { - Enabled: to.Ptr(true), - SourceName: to.Ptr("Raw logs from other sources"), - SourceSubTypes: []*armsecurityinsights.FusionSourceSubTypeSetting{ - { - Enabled: to.Ptr(true), - SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{}, - SourceSubTypeName: to.Ptr("Palo Alto Networks"), - }}, - }}, - }, - }, nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.AlertRulesClientCreateOrUpdateResponse{ - // AlertRuleClassification: &armsecurityinsights.FusionAlertRule{ - // Name: to.Ptr("myFirstFusionRule"), - // Type: to.Ptr("Microsoft.SecurityInsights/alertRules"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule"), - // Etag: to.Ptr("\"260090e2-0000-0d00-0000-5d6fb8670000\""), - // Kind: to.Ptr(armsecurityinsights.AlertRuleKindFusion), - // Properties: &armsecurityinsights.FusionAlertRuleProperties{ - // Description: to.Ptr("Using Fusion technology based on machine learning, Azure Sentinel automatically detects multistage attacks by identifying combinations of anomalous behaviors and suspicious activities observed at various stages of the kill chain. On the basis of these discoveries, Azure Sentinel generates incidents that would otherwise be very difficult to catch. By design, these incidents are low-volume, high-fidelity, and high-severity, which is why this detection is turned ON by default.\n\nThere are a total of 122 Fusion incident types detected by Azure Sentinel.\n\nTo detect these multistage attacks, the following data connectors must be configured:\n- Azure Active Directory Identity Protection.\n- Microsoft Cloud App Security.\n- Microsoft Defender for Endpoint.\n- Azure Defender.\n- Palo Alto Networks.\n- Scheduled Analytics Rules supported by Fusion\n\nFor a full list and description of each scenario that is supported for these multistage attacks, go to https://aka.ms/SentinelFusion."), - // AlertRuleTemplateName: to.Ptr("f71aba3d-28fb-450b-b192-4e76a83015c8"), - // DisplayName: to.Ptr("Advanced Multi-Stage Attack Detection"), - // Enabled: to.Ptr(true), - // LastModifiedUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-09-04T13:13:11.534Z"); return t}()), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - // SourceSettings: []*armsecurityinsights.FusionSourceSettings{ - // { - // Enabled: to.Ptr(true), - // SourceName: to.Ptr("Anomalies"), - // }, - // { - // Enabled: to.Ptr(true), - // SourceName: to.Ptr("Alert providers"), - // SourceSubTypes: []*armsecurityinsights.FusionSourceSubTypeSetting{ - // { - // Enabled: to.Ptr(true), - // SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ - // Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{ - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational), - // }}, - // IsSupported: to.Ptr(true), - // }, - // SourceSubTypeName: to.Ptr("Azure Active Directory Identity Protection"), - // }, - // { - // Enabled: to.Ptr(true), - // SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ - // Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{ - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational), - // }}, - // IsSupported: to.Ptr(true), - // }, - // SourceSubTypeName: to.Ptr("Azure Defender"), - // }, - // { - // Enabled: to.Ptr(true), - // SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ - // Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{ - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational), - // }}, - // IsSupported: to.Ptr(true), - // }, - // SourceSubTypeName: to.Ptr("Azure Defender for IoT"), - // }, - // { - // Enabled: to.Ptr(true), - // SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ - // Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{ - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational), - // }}, - // IsSupported: to.Ptr(true), - // }, - // SourceSubTypeName: to.Ptr("Microsoft 365 Defender"), - // }, - // { - // Enabled: to.Ptr(true), - // SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ - // Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{ - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational), - // }}, - // IsSupported: to.Ptr(true), - // }, - // SourceSubTypeName: to.Ptr("Microsoft Cloud App Security"), - // }, - // { - // Enabled: to.Ptr(true), - // SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ - // Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{ - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational), - // }}, - // IsSupported: to.Ptr(true), - // }, - // SourceSubTypeName: to.Ptr("Microsoft Defender for Endpoint"), - // }, - // { - // Enabled: to.Ptr(true), - // SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ - // Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{ - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational), - // }}, - // IsSupported: to.Ptr(true), - // }, - // SourceSubTypeName: to.Ptr("Microsoft Defender for Identity"), - // }, - // { - // Enabled: to.Ptr(true), - // SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ - // Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{ - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational), - // }}, - // IsSupported: to.Ptr(true), - // }, - // SourceSubTypeName: to.Ptr("Microsoft Defender for Office 365"), - // }, - // { - // Enabled: to.Ptr(true), - // SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ - // Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{ - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), - // }, - // { - // Enabled: to.Ptr(true), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational), - // }}, - // IsSupported: to.Ptr(true), - // }, - // SourceSubTypeName: to.Ptr("Azure Sentinel scheduled analytics rules"), - // }}, - // }, - // { - // Enabled: to.Ptr(true), - // SourceName: to.Ptr("Raw logs from other sources"), - // SourceSubTypes: []*armsecurityinsights.FusionSourceSubTypeSetting{ - // { - // Enabled: to.Ptr(true), - // SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{ - // IsSupported: to.Ptr(false), - // }, - // SourceSubTypeName: to.Ptr("Palo Alto Networks"), - // }}, - // }}, - // Tactics: []*armsecurityinsights.AttackTactic{ - // to.Ptr(armsecurityinsights.AttackTacticCollection), - // to.Ptr(armsecurityinsights.AttackTacticCommandAndControl), - // to.Ptr(armsecurityinsights.AttackTacticCredentialAccess), - // to.Ptr(armsecurityinsights.AttackTacticDefenseEvasion), - // to.Ptr(armsecurityinsights.AttackTacticDiscovery), - // to.Ptr(armsecurityinsights.AttackTacticExecution), - // to.Ptr(armsecurityinsights.AttackTacticExfiltration), - // to.Ptr(armsecurityinsights.AttackTacticImpact), - // to.Ptr(armsecurityinsights.AttackTacticInitialAccess), - // to.Ptr(armsecurityinsights.AttackTacticLateralMovement), - // to.Ptr(armsecurityinsights.AttackTacticPersistence), - // to.Ptr(armsecurityinsights.AttackTacticPrivilegeEscalation)}, - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json -func ExampleAlertRulesClient_CreateOrUpdate_createsOrUpdatesAMicrosoftSecurityIncidentCreationRule() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewAlertRulesClient().CreateOrUpdate(ctx, "myRg", "myWorkspace", "microsoftSecurityIncidentCreationRuleExample", &armsecurityinsights.MicrosoftSecurityIncidentCreationAlertRule{ - Etag: to.Ptr("\"260097e0-0000-0d00-0000-5d6fa88f0000\""), - Kind: to.Ptr(armsecurityinsights.AlertRuleKindMicrosoftSecurityIncidentCreation), - Properties: &armsecurityinsights.MicrosoftSecurityIncidentCreationAlertRuleProperties{ - ProductFilter: to.Ptr(armsecurityinsights.MicrosoftSecurityProductNameMicrosoftCloudAppSecurity), - DisplayName: to.Ptr("testing displayname"), - Enabled: to.Ptr(true), - }, - }, nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.AlertRulesClientCreateOrUpdateResponse{ - // AlertRuleClassification: &armsecurityinsights.MicrosoftSecurityIncidentCreationAlertRule{ - // Name: to.Ptr("microsoftSecurityIncidentCreationRuleExample"), - // Type: to.Ptr("Microsoft.SecurityInsights/alertRules"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExample"), - // Etag: to.Ptr("\"260097e0-0000-0d00-0000-5d6fa88f0000\""), - // Kind: to.Ptr(armsecurityinsights.AlertRuleKindMicrosoftSecurityIncidentCreation), - // Properties: &armsecurityinsights.MicrosoftSecurityIncidentCreationAlertRuleProperties{ - // ProductFilter: to.Ptr(armsecurityinsights.MicrosoftSecurityProductNameMicrosoftCloudAppSecurity), - // DisplayName: to.Ptr("testing displayname"), - // Enabled: to.Ptr(true), - // LastModifiedUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-09-04T12:05:35.729Z"); return t}()), - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/alertRules/CreateNrtAlertRule.json -func ExampleAlertRulesClient_CreateOrUpdate_createsOrUpdatesANrtAlertRule() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewAlertRulesClient().CreateOrUpdate(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", &armsecurityinsights.NrtAlertRule{ - Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - Kind: to.Ptr(armsecurityinsights.AlertRuleKindNRT), - Properties: &armsecurityinsights.NrtAlertRuleProperties{ - Description: to.Ptr(""), - DisplayName: to.Ptr("Rule2"), - Enabled: to.Ptr(true), - EventGroupingSettings: &armsecurityinsights.EventGroupingSettings{ - AggregationKind: to.Ptr(armsecurityinsights.EventGroupingAggregationKindAlertPerResult), - }, - IncidentConfiguration: &armsecurityinsights.IncidentConfiguration{ - CreateIncident: to.Ptr(true), - GroupingConfiguration: &armsecurityinsights.GroupingConfiguration{ - Enabled: to.Ptr(true), - GroupByEntities: []*armsecurityinsights.EntityMappingType{ - to.Ptr(armsecurityinsights.EntityMappingTypeHost), - to.Ptr(armsecurityinsights.EntityMappingTypeAccount)}, - LookbackDuration: to.Ptr("PT5H"), - MatchingMethod: to.Ptr(armsecurityinsights.MatchingMethodSelected), - ReopenClosedIncident: to.Ptr(false), - }, - }, - Query: to.Ptr("ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden"), - Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - SuppressionDuration: to.Ptr("PT1H"), - SuppressionEnabled: to.Ptr(false), - Tactics: []*armsecurityinsights.AttackTactic{ - to.Ptr(armsecurityinsights.AttackTacticPersistence), - to.Ptr(armsecurityinsights.AttackTacticLateralMovement)}, - Techniques: []*string{ - to.Ptr("T1037"), - to.Ptr("T1021")}, - }, - }, nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.AlertRulesClientCreateOrUpdateResponse{ - // AlertRuleClassification: &armsecurityinsights.NrtAlertRule{ - // Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"), - // Type: to.Ptr("Microsoft.SecurityInsights/alertRules"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5"), - // Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - // Kind: to.Ptr(armsecurityinsights.AlertRuleKindNRT), - // Properties: &armsecurityinsights.NrtAlertRuleProperties{ - // Description: to.Ptr(""), - // DisplayName: to.Ptr("Rule2"), - // Enabled: to.Ptr(true), - // EventGroupingSettings: &armsecurityinsights.EventGroupingSettings{ - // AggregationKind: to.Ptr(armsecurityinsights.EventGroupingAggregationKindAlertPerResult), - // }, - // IncidentConfiguration: &armsecurityinsights.IncidentConfiguration{ - // CreateIncident: to.Ptr(true), - // GroupingConfiguration: &armsecurityinsights.GroupingConfiguration{ - // Enabled: to.Ptr(true), - // GroupByEntities: []*armsecurityinsights.EntityMappingType{ - // to.Ptr(armsecurityinsights.EntityMappingTypeHost), - // to.Ptr(armsecurityinsights.EntityMappingTypeAccount)}, - // LookbackDuration: to.Ptr("PT5H"), - // MatchingMethod: to.Ptr(armsecurityinsights.MatchingMethodSelected), - // ReopenClosedIncident: to.Ptr(false), - // }, - // }, - // LastModifiedUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:15:30.000Z"); return t}()), - // Query: to.Ptr("ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden"), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - // SuppressionDuration: to.Ptr("PT1H"), - // SuppressionEnabled: to.Ptr(false), - // Tactics: []*armsecurityinsights.AttackTactic{ - // to.Ptr(armsecurityinsights.AttackTacticPersistence), - // to.Ptr(armsecurityinsights.AttackTacticLateralMovement)}, - // Techniques: []*string{ - // to.Ptr("T1037"), - // to.Ptr("T1021")}, - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/alertRules/CreateScheduledAlertRule.json -func ExampleAlertRulesClient_CreateOrUpdate_createsOrUpdatesAScheduledAlertRule() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewAlertRulesClient().CreateOrUpdate(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", &armsecurityinsights.ScheduledAlertRule{ - Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - Kind: to.Ptr(armsecurityinsights.AlertRuleKindScheduled), - Properties: &armsecurityinsights.ScheduledAlertRuleProperties{ - AlertDetailsOverride: &armsecurityinsights.AlertDetailsOverride{ - AlertDescriptionFormat: to.Ptr("Suspicious activity was made by {{ComputerIP}}"), - AlertDisplayNameFormat: to.Ptr("Alert from {{Computer}}"), - }, - CustomDetails: map[string]*string{ - "OperatingSystemName": to.Ptr("OSName"), - "OperatingSystemType": to.Ptr("OSType"), - }, - EntityMappings: []*armsecurityinsights.EntityMapping{ - { - EntityType: to.Ptr(armsecurityinsights.EntityMappingTypeHost), - FieldMappings: []*armsecurityinsights.FieldMapping{ - { - ColumnName: to.Ptr("Computer"), - Identifier: to.Ptr("FullName"), - }}, - }, - { - EntityType: to.Ptr(armsecurityinsights.EntityMappingTypeIP), - FieldMappings: []*armsecurityinsights.FieldMapping{ - { - ColumnName: to.Ptr("ComputerIP"), - Identifier: to.Ptr("Address"), - }}, - }}, - EventGroupingSettings: &armsecurityinsights.EventGroupingSettings{ - AggregationKind: to.Ptr(armsecurityinsights.EventGroupingAggregationKindAlertPerResult), - }, - Query: to.Ptr("Heartbeat"), - QueryFrequency: to.Ptr("PT1H"), - QueryPeriod: to.Ptr("P2DT1H30M"), - Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - TriggerOperator: to.Ptr(armsecurityinsights.TriggerOperatorGreaterThan), - TriggerThreshold: to.Ptr[int32](0), - Description: to.Ptr("An example for a scheduled rule"), - DisplayName: to.Ptr("My scheduled rule"), - Enabled: to.Ptr(true), - IncidentConfiguration: &armsecurityinsights.IncidentConfiguration{ - CreateIncident: to.Ptr(true), - GroupingConfiguration: &armsecurityinsights.GroupingConfiguration{ - Enabled: to.Ptr(true), - GroupByAlertDetails: []*armsecurityinsights.AlertDetail{ - to.Ptr(armsecurityinsights.AlertDetailDisplayName)}, - GroupByCustomDetails: []*string{ - to.Ptr("OperatingSystemType"), - to.Ptr("OperatingSystemName")}, - GroupByEntities: []*armsecurityinsights.EntityMappingType{ - to.Ptr(armsecurityinsights.EntityMappingTypeHost)}, - LookbackDuration: to.Ptr("PT5H"), - MatchingMethod: to.Ptr(armsecurityinsights.MatchingMethodSelected), - ReopenClosedIncident: to.Ptr(false), - }, - }, - SuppressionDuration: to.Ptr("PT1H"), - SuppressionEnabled: to.Ptr(false), - Tactics: []*armsecurityinsights.AttackTactic{ - to.Ptr(armsecurityinsights.AttackTacticPersistence), - to.Ptr(armsecurityinsights.AttackTacticLateralMovement)}, - Techniques: []*string{ - to.Ptr("T1037"), - to.Ptr("T1021")}, - }, - }, nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.AlertRulesClientCreateOrUpdateResponse{ - // AlertRuleClassification: &armsecurityinsights.ScheduledAlertRule{ - // Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"), - // Type: to.Ptr("Microsoft.SecurityInsights/alertRules"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5"), - // Etag: to.Ptr("\"01005144-0000-0d00-0000-6058632c0000\""), - // Kind: to.Ptr(armsecurityinsights.AlertRuleKindScheduled), - // Properties: &armsecurityinsights.ScheduledAlertRuleProperties{ - // AlertDetailsOverride: &armsecurityinsights.AlertDetailsOverride{ - // AlertDescriptionFormat: to.Ptr("Suspicious activity was made by {{ComputerIP}}"), - // AlertDisplayNameFormat: to.Ptr("Alert from {{Computer}}"), - // }, - // CustomDetails: map[string]*string{ - // "OperatingSystemName": to.Ptr("OSName"), - // "OperatingSystemType": to.Ptr("OSType"), - // }, - // EntityMappings: []*armsecurityinsights.EntityMapping{ - // { - // EntityType: to.Ptr(armsecurityinsights.EntityMappingTypeHost), - // FieldMappings: []*armsecurityinsights.FieldMapping{ - // { - // ColumnName: to.Ptr("Computer"), - // Identifier: to.Ptr("FullName"), - // }}, - // }, - // { - // EntityType: to.Ptr(armsecurityinsights.EntityMappingTypeIP), - // FieldMappings: []*armsecurityinsights.FieldMapping{ - // { - // ColumnName: to.Ptr("ComputerIP"), - // Identifier: to.Ptr("Address"), - // }}, - // }}, - // EventGroupingSettings: &armsecurityinsights.EventGroupingSettings{ - // AggregationKind: to.Ptr(armsecurityinsights.EventGroupingAggregationKindAlertPerResult), - // }, - // Query: to.Ptr("Heartbeat"), - // QueryFrequency: to.Ptr("PT1H"), - // QueryPeriod: to.Ptr("P2DT1H30M"), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - // TriggerOperator: to.Ptr(armsecurityinsights.TriggerOperatorGreaterThan), - // TriggerThreshold: to.Ptr[int32](0), - // Description: to.Ptr("An example for a scheduled rule"), - // DisplayName: to.Ptr("My scheduled rule"), - // Enabled: to.Ptr(true), - // IncidentConfiguration: &armsecurityinsights.IncidentConfiguration{ - // CreateIncident: to.Ptr(true), - // GroupingConfiguration: &armsecurityinsights.GroupingConfiguration{ - // Enabled: to.Ptr(true), - // GroupByAlertDetails: []*armsecurityinsights.AlertDetail{ - // to.Ptr(armsecurityinsights.AlertDetailDisplayName)}, - // GroupByCustomDetails: []*string{ - // to.Ptr("OperatingSystemType"), - // to.Ptr("OperatingSystemName")}, - // GroupByEntities: []*armsecurityinsights.EntityMappingType{ - // to.Ptr(armsecurityinsights.EntityMappingTypeHost)}, - // LookbackDuration: to.Ptr("PT5H"), - // MatchingMethod: to.Ptr(armsecurityinsights.MatchingMethodSelected), - // ReopenClosedIncident: to.Ptr(false), - // }, - // }, - // LastModifiedUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-01T13:17:30.000Z"); return t}()), - // SuppressionDuration: to.Ptr("PT1H"), - // SuppressionEnabled: to.Ptr(false), - // Tactics: []*armsecurityinsights.AttackTactic{ - // to.Ptr(armsecurityinsights.AttackTacticPersistence), - // to.Ptr(armsecurityinsights.AttackTacticLateralMovement)}, - // Techniques: []*string{ - // to.Ptr("T1037"), - // to.Ptr("T1021")}, - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/alertRules/DeleteAlertRule.json -func ExampleAlertRulesClient_Delete() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - _, err = clientFactory.NewAlertRulesClient().Delete(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } -} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/alertruletemplates_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/alertruletemplates_client.go index 07c3b14939a6..8f1840c9998c 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/alertruletemplates_client.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/alertruletemplates_client.go @@ -28,7 +28,7 @@ type AlertRuleTemplatesClient struct { } // NewAlertRuleTemplatesClient creates a new instance of AlertRuleTemplatesClient with the specified values. -// - subscriptionID - The ID of the target subscription. +// - subscriptionID - The ID of the target subscription. The value must be an UUID. // - credential - used to authorize requests. Usually a credential from azidentity. // - options - pass nil to accept the default values. func NewAlertRuleTemplatesClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*AlertRuleTemplatesClient, error) { @@ -46,7 +46,7 @@ func NewAlertRuleTemplatesClient(subscriptionID string, credential azcore.TokenC // Get - Gets the alert rule template. // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. // - alertRuleTemplateID - Alert rule template ID @@ -97,7 +97,7 @@ func (client *AlertRuleTemplatesClient) getCreateRequest(ctx context.Context, re return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil @@ -114,7 +114,7 @@ func (client *AlertRuleTemplatesClient) getHandleResponse(resp *http.Response) ( // NewListPager - Gets all alert rule templates. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. // - options - AlertRuleTemplatesClientListOptions contains the optional parameters for the AlertRuleTemplatesClient.NewListPager @@ -162,7 +162,7 @@ func (client *AlertRuleTemplatesClient) listCreateRequest(ctx context.Context, r return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/alertruletemplates_client_example_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/alertruletemplates_client_example_test.go deleted file mode 100644 index d07856b6f3d6..000000000000 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/alertruletemplates_client_example_test.go +++ /dev/null @@ -1,297 +0,0 @@ -//go:build go1.18 -// +build go1.18 - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See License.txt in the project root for license information. -// Code generated by Microsoft (R) AutoRest Code Generator. -// Changes may cause incorrect behavior and will be lost if the code is regenerated. -// DO NOT EDIT. - -package armsecurityinsights_test - -import ( - "context" - "log" - - "github.com/Azure/azure-sdk-for-go/sdk/azidentity" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" -) - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplates.json -func ExampleAlertRuleTemplatesClient_NewListPager() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - pager := clientFactory.NewAlertRuleTemplatesClient().NewListPager("myRg", "myWorkspace", nil) - for pager.More() { - page, err := pager.NextPage(ctx) - if err != nil { - log.Fatalf("failed to advance page: %v", err) - } - for _, v := range page.Value { - // You could use page here. We use blank identifier for just demo purposes. - _ = v - } - // If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // page.AlertRuleTemplatesList = armsecurityinsights.AlertRuleTemplatesList{ - // Value: []armsecurityinsights.AlertRuleTemplateClassification{ - // &armsecurityinsights.ScheduledAlertRuleTemplate{ - // Name: to.Ptr("65360bb0-8986-4ade-a89d-af3cf44d28aa"), - // Type: to.Ptr("Microsoft.SecurityInsights/AlertRuleTemplates"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/AlertRuleTemplates/65360bb0-8986-4ade-a89d-af3cf44d28aa"), - // Kind: to.Ptr(armsecurityinsights.AlertRuleKindScheduled), - // Properties: &armsecurityinsights.ScheduledAlertRuleTemplateProperties{ - // Description: to.Ptr("This alert monitors changes to Amazon VPC (Virtual Private Cloud) settings such as new ACL entries and routes in route tables.\nMore information: https://medium.com/@GorillaStack/the-most-important-aws-cloudtrail-security-events-to-track-a5b9873f8255 \nand https://aws.amazon.com/vpc/"), - // AlertRulesCreatedByTemplateCount: to.Ptr[int32](0), - // CreatedDateUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-02-27T00:00:00.000Z"); return t}()), - // DisplayName: to.Ptr("Changes to Amazon VPC settings"), - // LastUpdatedDateUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-02-27T00:00:00.000Z"); return t}()), - // Query: to.Ptr("let timeframe = 1d;\nAWSCloudTrail\n| where TimeGenerated >= ago(timeframe)\n| where EventName == \"CreateNetworkAclEntry\"\n or EventName == \"CreateRoute\"\n| project TimeGenerated, EventName, EventTypeName, UserIdentityAccountId, UserIdentityPrincipalid, UserAgent, UserIdentityUserName, SessionMfaAuthenticated, SourceIpAddress, AWSRegion, EventSource, AdditionalEventData, ResponseElements\n| extend AccountCustomEntity = UserIdentityUserName, IPCustomEntity = SourceIpAddress"), - // QueryFrequency: to.Ptr("P1D"), - // QueryPeriod: to.Ptr("P1D"), - // RequiredDataConnectors: []*armsecurityinsights.AlertRuleTemplateDataSource{ - // { - // ConnectorID: to.Ptr("AWS"), - // DataTypes: []*string{ - // to.Ptr("AWSCloudTrail")}, - // }}, - // Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), - // Status: to.Ptr(armsecurityinsights.TemplateStatusAvailable), - // Tactics: []*armsecurityinsights.AttackTactic{ - // to.Ptr(armsecurityinsights.AttackTacticPrivilegeEscalation), - // to.Ptr(armsecurityinsights.AttackTacticLateralMovement)}, - // Techniques: []*string{ - // to.Ptr("T1037"), - // to.Ptr("T1021")}, - // TriggerOperator: to.Ptr(armsecurityinsights.TriggerOperatorGreaterThan), - // TriggerThreshold: to.Ptr[int32](0), - // Version: to.Ptr("1.0.1"), - // }, - // }, - // &armsecurityinsights.FusionAlertRuleTemplate{ - // Name: to.Ptr("f71aba3d-28fb-450b-b192-4e76a83015c8"), - // Type: to.Ptr("Microsoft.SecurityInsights/AlertRuleTemplates"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/AlertRuleTemplates/f71aba3d-28fb-450b-b192-4e76a83015c8"), - // Kind: to.Ptr(armsecurityinsights.AlertRuleKindFusion), - // Properties: &armsecurityinsights.FusionAlertRuleTemplateProperties{ - // Description: to.Ptr("Microsoft Sentinel uses Fusion, a correlation engine based on scalable machine learning algorithms, to automatically detect multistage attacks by identifying combinations of anomalous behaviors and suspicious activities that are observed at various stages of the kill chain. On the basis of these discoveries, Azure Sentinel generates incidents that would otherwise be very difficult to catch. By design, these incidents are low-volume, high-fidelity, and high-severity, which is why this detection is turned ON by default.\n\nSince Fusion correlates multiple signals from various products to detect advanced multistage attacks, successful Fusion detections are presented as Fusion incidents on the Microsoft Sentinel Incidents page. This rule covers the following detections:\n- Fusion for emerging threats\n- Fusion for ransomware\n- Scenario-based Fusion detections (122 scenarios)\n\nTo enable these detections, we recommend you configure the following data connectors for best results:\n- Out-of-the-box anomaly detections\n- Azure Active Directory Identity Protection\n- Azure Defender\n- Azure Defender for IoT\n- Microsoft 365 Defender\n- Microsoft Cloud App Security \n- Microsoft Defender for Endpoint\n- Microsoft Defender for Identity\n- Microsoft Defender for Office 365\n- Palo Alto Networks\n- Scheduled analytics rules, both built-in and those created by your security analysts. Analytics rules must contain kill-chain (tactics) and entity mapping information in order to be used by Fusion.\n\nFor the full description of each detection that is supported by Fusion, go to https://aka.ms/SentinelFusion."), - // AlertRulesCreatedByTemplateCount: to.Ptr[int32](0), - // CreatedDateUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-07-25T00:00:00.000Z"); return t}()), - // DisplayName: to.Ptr("Advanced Multi-Stage Attack Detection"), - // LastUpdatedDateUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-06-09T00:00:00.000Z"); return t}()), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh), - // SourceSettings: []*armsecurityinsights.FusionTemplateSourceSetting{ - // { - // SourceName: to.Ptr("Anomalies"), - // }, - // { - // SourceName: to.Ptr("Alert providers"), - // SourceSubTypes: []*armsecurityinsights.FusionTemplateSourceSubType{ - // { - // SeverityFilter: &armsecurityinsights.FusionTemplateSubTypeSeverityFilter{ - // IsSupported: to.Ptr(true), - // SeverityFilters: []*armsecurityinsights.AlertSeverity{ - // to.Ptr(armsecurityinsights.AlertSeverityInformational), - // to.Ptr(armsecurityinsights.AlertSeverityLow), - // to.Ptr(armsecurityinsights.AlertSeverityMedium), - // to.Ptr(armsecurityinsights.AlertSeverityHigh)}, - // }, - // SourceSubTypeName: to.Ptr("Azure Active Directory Identity Protection"), - // }, - // { - // SeverityFilter: &armsecurityinsights.FusionTemplateSubTypeSeverityFilter{ - // IsSupported: to.Ptr(true), - // SeverityFilters: []*armsecurityinsights.AlertSeverity{ - // to.Ptr(armsecurityinsights.AlertSeverityInformational), - // to.Ptr(armsecurityinsights.AlertSeverityLow), - // to.Ptr(armsecurityinsights.AlertSeverityMedium), - // to.Ptr(armsecurityinsights.AlertSeverityHigh)}, - // }, - // SourceSubTypeName: to.Ptr("Azure Defender"), - // }, - // { - // SeverityFilter: &armsecurityinsights.FusionTemplateSubTypeSeverityFilter{ - // IsSupported: to.Ptr(true), - // SeverityFilters: []*armsecurityinsights.AlertSeverity{ - // to.Ptr(armsecurityinsights.AlertSeverityInformational), - // to.Ptr(armsecurityinsights.AlertSeverityLow), - // to.Ptr(armsecurityinsights.AlertSeverityMedium), - // to.Ptr(armsecurityinsights.AlertSeverityHigh)}, - // }, - // SourceSubTypeName: to.Ptr("Azure Defender for IoT"), - // }, - // { - // SeverityFilter: &armsecurityinsights.FusionTemplateSubTypeSeverityFilter{ - // IsSupported: to.Ptr(true), - // SeverityFilters: []*armsecurityinsights.AlertSeverity{ - // to.Ptr(armsecurityinsights.AlertSeverityInformational), - // to.Ptr(armsecurityinsights.AlertSeverityLow), - // to.Ptr(armsecurityinsights.AlertSeverityMedium), - // to.Ptr(armsecurityinsights.AlertSeverityHigh)}, - // }, - // SourceSubTypeName: to.Ptr("Microsoft 365 Defender"), - // }, - // { - // SeverityFilter: &armsecurityinsights.FusionTemplateSubTypeSeverityFilter{ - // IsSupported: to.Ptr(true), - // SeverityFilters: []*armsecurityinsights.AlertSeverity{ - // to.Ptr(armsecurityinsights.AlertSeverityInformational), - // to.Ptr(armsecurityinsights.AlertSeverityLow), - // to.Ptr(armsecurityinsights.AlertSeverityMedium), - // to.Ptr(armsecurityinsights.AlertSeverityHigh)}, - // }, - // SourceSubTypeName: to.Ptr("Microsoft Cloud App Security"), - // }, - // { - // SeverityFilter: &armsecurityinsights.FusionTemplateSubTypeSeverityFilter{ - // IsSupported: to.Ptr(true), - // SeverityFilters: []*armsecurityinsights.AlertSeverity{ - // to.Ptr(armsecurityinsights.AlertSeverityInformational), - // to.Ptr(armsecurityinsights.AlertSeverityLow), - // to.Ptr(armsecurityinsights.AlertSeverityMedium), - // to.Ptr(armsecurityinsights.AlertSeverityHigh)}, - // }, - // SourceSubTypeName: to.Ptr("Microsoft Defender for Endpoint"), - // }, - // { - // SeverityFilter: &armsecurityinsights.FusionTemplateSubTypeSeverityFilter{ - // IsSupported: to.Ptr(true), - // SeverityFilters: []*armsecurityinsights.AlertSeverity{ - // to.Ptr(armsecurityinsights.AlertSeverityInformational), - // to.Ptr(armsecurityinsights.AlertSeverityLow), - // to.Ptr(armsecurityinsights.AlertSeverityMedium), - // to.Ptr(armsecurityinsights.AlertSeverityHigh)}, - // }, - // SourceSubTypeName: to.Ptr("Microsoft Defender for Identity"), - // }, - // { - // SeverityFilter: &armsecurityinsights.FusionTemplateSubTypeSeverityFilter{ - // IsSupported: to.Ptr(true), - // SeverityFilters: []*armsecurityinsights.AlertSeverity{ - // to.Ptr(armsecurityinsights.AlertSeverityInformational), - // to.Ptr(armsecurityinsights.AlertSeverityLow), - // to.Ptr(armsecurityinsights.AlertSeverityMedium), - // to.Ptr(armsecurityinsights.AlertSeverityHigh)}, - // }, - // SourceSubTypeName: to.Ptr("Microsoft Defender for Office 365"), - // }, - // { - // SeverityFilter: &armsecurityinsights.FusionTemplateSubTypeSeverityFilter{ - // IsSupported: to.Ptr(true), - // SeverityFilters: []*armsecurityinsights.AlertSeverity{ - // to.Ptr(armsecurityinsights.AlertSeverityInformational), - // to.Ptr(armsecurityinsights.AlertSeverityLow), - // to.Ptr(armsecurityinsights.AlertSeverityMedium), - // to.Ptr(armsecurityinsights.AlertSeverityHigh)}, - // }, - // SourceSubTypeName: to.Ptr("Azure Sentinel scheduled analytics rules"), - // }}, - // }, - // { - // SourceName: to.Ptr("Raw logs from other sources"), - // SourceSubTypes: []*armsecurityinsights.FusionTemplateSourceSubType{ - // { - // SeverityFilter: &armsecurityinsights.FusionTemplateSubTypeSeverityFilter{ - // IsSupported: to.Ptr(false), - // }, - // SourceSubTypeName: to.Ptr("Palo Alto Networks"), - // }}, - // }}, - // Status: to.Ptr(armsecurityinsights.TemplateStatusAvailable), - // Tactics: []*armsecurityinsights.AttackTactic{ - // to.Ptr(armsecurityinsights.AttackTacticCollection), - // to.Ptr(armsecurityinsights.AttackTacticCommandAndControl), - // to.Ptr(armsecurityinsights.AttackTacticCredentialAccess), - // to.Ptr(armsecurityinsights.AttackTacticDefenseEvasion), - // to.Ptr(armsecurityinsights.AttackTacticDiscovery), - // to.Ptr(armsecurityinsights.AttackTacticExecution), - // to.Ptr(armsecurityinsights.AttackTacticExfiltration), - // to.Ptr(armsecurityinsights.AttackTacticImpact), - // to.Ptr(armsecurityinsights.AttackTacticInitialAccess), - // to.Ptr(armsecurityinsights.AttackTacticLateralMovement), - // to.Ptr(armsecurityinsights.AttackTacticPersistence), - // to.Ptr(armsecurityinsights.AttackTacticPrivilegeEscalation)}, - // }, - // }, - // &armsecurityinsights.MicrosoftSecurityIncidentCreationAlertRuleTemplate{ - // Name: to.Ptr("b3cfc7c0-092c-481c-a55b-34a3979758cb"), - // Type: to.Ptr("Microsoft.SecurityInsights/AlertRuleTemplates"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/AlertRuleTemplates/b3cfc7c0-092c-481c-a55b-34a3979758cb"), - // Kind: to.Ptr(armsecurityinsights.AlertRuleKindMicrosoftSecurityIncidentCreation), - // Properties: &armsecurityinsights.MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties{ - // Description: to.Ptr("Create incidents based on all alerts generated in Microsoft Cloud App Security"), - // AlertRulesCreatedByTemplateCount: to.Ptr[int32](0), - // CreatedDateUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-07-16T00:00:00.000Z"); return t}()), - // DisplayName: to.Ptr("Create incidents based on Microsoft Cloud App Security alerts"), - // LastUpdatedDateUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-02-27T00:00:00.000Z"); return t}()), - // Status: to.Ptr(armsecurityinsights.TemplateStatusAvailable), - // ProductFilter: to.Ptr(armsecurityinsights.MicrosoftSecurityProductNameMicrosoftCloudAppSecurity), - // }, - // }}, - // } - } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplateById.json -func ExampleAlertRuleTemplatesClient_Get() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewAlertRuleTemplatesClient().Get(ctx, "myRg", "myWorkspace", "65360bb0-8986-4ade-a89d-af3cf44d28aa", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.AlertRuleTemplatesClientGetResponse{ - // AlertRuleTemplateClassification: &armsecurityinsights.ScheduledAlertRuleTemplate{ - // Name: to.Ptr("65360bb0-8986-4ade-a89d-af3cf44d28aa"), - // Type: to.Ptr("Microsoft.SecurityInsights/AlertRuleTemplates"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRuleTemplates/65360bb0-8986-4ade-a89d-af3cf44d28aa"), - // Kind: to.Ptr(armsecurityinsights.AlertRuleKindScheduled), - // Properties: &armsecurityinsights.ScheduledAlertRuleTemplateProperties{ - // Description: to.Ptr("This alert monitors changes to Amazon VPC (Virtual Private Cloud) settings such as new ACL entries and routes in route tables.\nMore information: https://medium.com/@GorillaStack/the-most-important-aws-cloudtrail-security-events-to-track-a5b9873f8255 \nand https://aws.amazon.com/vpc/"), - // AlertRulesCreatedByTemplateCount: to.Ptr[int32](0), - // CreatedDateUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-02-27T00:00:00.000Z"); return t}()), - // DisplayName: to.Ptr("Changes to Amazon VPC settings"), - // EventGroupingSettings: &armsecurityinsights.EventGroupingSettings{ - // AggregationKind: to.Ptr(armsecurityinsights.EventGroupingAggregationKindAlertPerResult), - // }, - // LastUpdatedDateUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-02-27T00:00:00.000Z"); return t}()), - // Query: to.Ptr("let timeframe = 1d;\nAWSCloudTrail\n| where TimeGenerated >= ago(timeframe)\n| where EventName == \"CreateNetworkAclEntry\"\n or EventName == \"CreateRoute\"\n| project TimeGenerated, EventName, EventTypeName, UserIdentityAccountId, UserIdentityPrincipalid, UserAgent, UserIdentityUserName, SessionMfaAuthenticated, SourceIpAddress, AWSRegion, EventSource, AdditionalEventData, ResponseElements\n| extend AccountCustomEntity = UserIdentityUserName, IPCustomEntity = SourceIpAddress"), - // QueryFrequency: to.Ptr("P1D"), - // QueryPeriod: to.Ptr("P1D"), - // RequiredDataConnectors: []*armsecurityinsights.AlertRuleTemplateDataSource{ - // { - // ConnectorID: to.Ptr("AWS"), - // DataTypes: []*string{ - // to.Ptr("AWSCloudTrail")}, - // }}, - // Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), - // Status: to.Ptr(armsecurityinsights.TemplateStatusAvailable), - // Tactics: []*armsecurityinsights.AttackTactic{ - // to.Ptr(armsecurityinsights.AttackTacticPrivilegeEscalation), - // to.Ptr(armsecurityinsights.AttackTacticLateralMovement)}, - // Techniques: []*string{ - // to.Ptr("T1037"), - // to.Ptr("T1021")}, - // TriggerOperator: to.Ptr(armsecurityinsights.TriggerOperatorGreaterThan), - // TriggerThreshold: to.Ptr[int32](0), - // Version: to.Ptr("1.0.2"), - // }, - // }, - // } -} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/automationrules_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/automationrules_client.go index e2d3436d85a8..e34914a7d674 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/automationrules_client.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/automationrules_client.go @@ -28,7 +28,7 @@ type AutomationRulesClient struct { } // NewAutomationRulesClient creates a new instance of AutomationRulesClient with the specified values. -// - subscriptionID - The ID of the target subscription. +// - subscriptionID - The ID of the target subscription. The value must be an UUID. // - credential - used to authorize requests. Usually a credential from azidentity. // - options - pass nil to accept the default values. func NewAutomationRulesClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*AutomationRulesClient, error) { @@ -46,7 +46,7 @@ func NewAutomationRulesClient(subscriptionID string, credential azcore.TokenCred // CreateOrUpdate - Creates or updates the automation rule. // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. // - automationRuleID - Automation rule ID @@ -98,7 +98,7 @@ func (client *AutomationRulesClient) createOrUpdateCreateRequest(ctx context.Con return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} if options != nil && options.AutomationRuleToUpsert != nil { @@ -122,7 +122,7 @@ func (client *AutomationRulesClient) createOrUpdateHandleResponse(resp *http.Res // Delete - Delete the automation rule. // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. // - automationRuleID - Automation rule ID @@ -173,7 +173,7 @@ func (client *AutomationRulesClient) deleteCreateRequest(ctx context.Context, re return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil @@ -191,7 +191,7 @@ func (client *AutomationRulesClient) deleteHandleResponse(resp *http.Response) ( // Get - Gets the automation rule. // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. // - automationRuleID - Automation rule ID @@ -242,7 +242,7 @@ func (client *AutomationRulesClient) getCreateRequest(ctx context.Context, resou return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil @@ -259,7 +259,7 @@ func (client *AutomationRulesClient) getHandleResponse(resp *http.Response) (Aut // NewListPager - Gets all automation rules. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. // - options - AutomationRulesClientListOptions contains the optional parameters for the AutomationRulesClient.NewListPager @@ -307,7 +307,7 @@ func (client *AutomationRulesClient) listCreateRequest(ctx context.Context, reso return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/automationrules_client_example_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/automationrules_client_example_test.go deleted file mode 100644 index 588fd5ab83f8..000000000000 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/automationrules_client_example_test.go +++ /dev/null @@ -1,304 +0,0 @@ -//go:build go1.18 -// +build go1.18 - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See License.txt in the project root for license information. -// Code generated by Microsoft (R) AutoRest Code Generator. -// Changes may cause incorrect behavior and will be lost if the code is regenerated. -// DO NOT EDIT. - -package armsecurityinsights_test - -import ( - "context" - "log" - - "github.com/Azure/azure-sdk-for-go/sdk/azidentity" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" -) - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/automationRules/AutomationRules_Get.json -func ExampleAutomationRulesClient_Get() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewAutomationRulesClient().Get(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res.AutomationRule = armsecurityinsights.AutomationRule{ - // Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"), - // Type: to.Ptr("Microsoft.SecurityInsights/automationRules"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/automationRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5"), - // Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - // Properties: &armsecurityinsights.AutomationRuleProperties{ - // Actions: []armsecurityinsights.AutomationRuleActionClassification{ - // &armsecurityinsights.AutomationRuleRunPlaybookAction{ - // ActionType: to.Ptr(armsecurityinsights.ActionTypeRunPlaybook), - // Order: to.Ptr[int32](1), - // ActionConfiguration: &armsecurityinsights.PlaybookActionProperties{ - // LogicAppResourceID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/IncidentPlaybook"), - // TenantID: to.Ptr("d23e3eef-eed0-428f-a2d5-bc48c268e31d"), - // }, - // }}, - // CreatedBy: &armsecurityinsights.ClientInfo{ - // Name: to.Ptr("john doe"), - // Email: to.Ptr("john.doe@contoso.com"), - // ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"), - // UserPrincipalName: to.Ptr("john@contoso.com"), - // }, - // CreatedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:00:00.000Z"); return t}()), - // DisplayName: to.Ptr("Suspicious alerts in workspace"), - // LastModifiedBy: &armsecurityinsights.ClientInfo{ - // Name: to.Ptr("john doe"), - // Email: to.Ptr("john.doe@contoso.com"), - // ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"), - // UserPrincipalName: to.Ptr("john@contoso.com"), - // }, - // LastModifiedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:00:30.000Z"); return t}()), - // Order: to.Ptr[int32](1), - // TriggeringLogic: &armsecurityinsights.AutomationRuleTriggeringLogic{ - // Conditions: []armsecurityinsights.AutomationRuleConditionClassification{ - // &armsecurityinsights.BooleanConditionProperties{ - // ConditionType: to.Ptr(armsecurityinsights.ConditionTypeBoolean), - // ConditionProperties: &armsecurityinsights.AutomationRuleBooleanCondition{ - // InnerConditions: []armsecurityinsights.AutomationRuleConditionClassification{ - // &armsecurityinsights.PropertyConditionProperties{ - // ConditionType: to.Ptr(armsecurityinsights.ConditionTypeProperty), - // ConditionProperties: &armsecurityinsights.AutomationRulePropertyValuesCondition{ - // Operator: to.Ptr(armsecurityinsights.AutomationRulePropertyConditionSupportedOperatorEquals), - // PropertyName: to.Ptr(armsecurityinsights.AutomationRulePropertyConditionSupportedPropertyAccountName), - // PropertyValues: []*string{ - // to.Ptr("Administrator")}, - // }, - // }, - // &armsecurityinsights.PropertyConditionProperties{ - // ConditionType: to.Ptr(armsecurityinsights.ConditionTypeProperty), - // ConditionProperties: &armsecurityinsights.AutomationRulePropertyValuesCondition{ - // Operator: to.Ptr(armsecurityinsights.AutomationRulePropertyConditionSupportedOperatorEquals), - // PropertyName: to.Ptr(armsecurityinsights.AutomationRulePropertyConditionSupportedPropertyHostName), - // PropertyValues: []*string{ - // to.Ptr("MainServer")}, - // }, - // }}, - // Operator: to.Ptr(armsecurityinsights.AutomationRuleBooleanConditionSupportedOperatorOr), - // }, - // }, - // &armsecurityinsights.PropertyArrayConditionProperties{ - // ConditionType: to.Ptr(armsecurityinsights.ConditionTypePropertyArray), - // ConditionProperties: &armsecurityinsights.AutomationRulePropertyArrayValuesCondition{ - // ArrayConditionType: to.Ptr(armsecurityinsights.AutomationRulePropertyArrayConditionSupportedArrayConditionTypeAnyItem), - // ArrayType: to.Ptr(armsecurityinsights.AutomationRulePropertyArrayConditionSupportedArrayTypeCustomDetails), - // ItemConditions: []armsecurityinsights.AutomationRuleConditionClassification{ - // &armsecurityinsights.PropertyConditionProperties{ - // ConditionType: to.Ptr(armsecurityinsights.ConditionTypeProperty), - // ConditionProperties: &armsecurityinsights.AutomationRulePropertyValuesCondition{ - // Operator: to.Ptr(armsecurityinsights.AutomationRulePropertyConditionSupportedOperatorEquals), - // PropertyName: to.Ptr(armsecurityinsights.AutomationRulePropertyConditionSupportedPropertyIncidentCustomDetailsKey), - // PropertyValues: []*string{ - // to.Ptr("AlertTags")}, - // }, - // }, - // &armsecurityinsights.PropertyArrayConditionProperties{ - // ConditionType: to.Ptr(armsecurityinsights.ConditionTypePropertyArray), - // ConditionProperties: &armsecurityinsights.AutomationRulePropertyArrayValuesCondition{ - // ArrayConditionType: to.Ptr(armsecurityinsights.AutomationRulePropertyArrayConditionSupportedArrayConditionTypeAnyItem), - // ArrayType: to.Ptr(armsecurityinsights.AutomationRulePropertyArrayConditionSupportedArrayTypeCustomDetailValues), - // ItemConditions: []armsecurityinsights.AutomationRuleConditionClassification{ - // &armsecurityinsights.PropertyConditionProperties{ - // ConditionType: to.Ptr(armsecurityinsights.ConditionTypeProperty), - // ConditionProperties: &armsecurityinsights.AutomationRulePropertyValuesCondition{ - // Operator: to.Ptr(armsecurityinsights.AutomationRulePropertyConditionSupportedOperatorEquals), - // PropertyName: to.Ptr(armsecurityinsights.AutomationRulePropertyConditionSupportedPropertyIncidentCustomDetailsValue), - // PropertyValues: []*string{ - // to.Ptr("HighPriority")}, - // }, - // }}, - // }, - // }}, - // }, - // }}, - // IsEnabled: to.Ptr(true), - // TriggersOn: to.Ptr(armsecurityinsights.TriggersOnIncidents), - // TriggersWhen: to.Ptr(armsecurityinsights.TriggersWhenCreated), - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json -func ExampleAutomationRulesClient_CreateOrUpdate() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewAutomationRulesClient().CreateOrUpdate(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", &armsecurityinsights.AutomationRulesClientCreateOrUpdateOptions{AutomationRuleToUpsert: nil}) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res.AutomationRule = armsecurityinsights.AutomationRule{ - // Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"), - // Type: to.Ptr("Microsoft.SecurityInsights/automationRules"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/automationRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5"), - // Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - // Properties: &armsecurityinsights.AutomationRuleProperties{ - // Actions: []armsecurityinsights.AutomationRuleActionClassification{ - // &armsecurityinsights.AutomationRuleRunPlaybookAction{ - // ActionType: to.Ptr(armsecurityinsights.ActionTypeRunPlaybook), - // Order: to.Ptr[int32](1), - // ActionConfiguration: &armsecurityinsights.PlaybookActionProperties{ - // LogicAppResourceID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/AlertPlaybook"), - // TenantID: to.Ptr("d23e3eef-eed0-428f-a2d5-bc48c268e31d"), - // }, - // }}, - // CreatedBy: &armsecurityinsights.ClientInfo{ - // Name: to.Ptr("john doe"), - // Email: to.Ptr("john.doe@contoso.com"), - // ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"), - // UserPrincipalName: to.Ptr("john@contoso.com"), - // }, - // CreatedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:00:00.000Z"); return t}()), - // DisplayName: to.Ptr("Suspicious alerts in workspace"), - // LastModifiedBy: &armsecurityinsights.ClientInfo{ - // Name: to.Ptr("john doe"), - // Email: to.Ptr("john.doe@contoso.com"), - // ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"), - // UserPrincipalName: to.Ptr("john@contoso.com"), - // }, - // LastModifiedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:00:30.000Z"); return t}()), - // Order: to.Ptr[int32](1), - // TriggeringLogic: &armsecurityinsights.AutomationRuleTriggeringLogic{ - // Conditions: []armsecurityinsights.AutomationRuleConditionClassification{ - // &armsecurityinsights.PropertyConditionProperties{ - // ConditionType: to.Ptr(armsecurityinsights.ConditionTypeProperty), - // ConditionProperties: &armsecurityinsights.AutomationRulePropertyValuesCondition{ - // Operator: to.Ptr(armsecurityinsights.AutomationRulePropertyConditionSupportedOperatorContains), - // PropertyName: to.Ptr(armsecurityinsights.AutomationRulePropertyConditionSupportedPropertyAlertAnalyticRuleIDs), - // PropertyValues: []*string{ - // to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7"), - // to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a")}, - // }, - // }}, - // IsEnabled: to.Ptr(true), - // TriggersOn: to.Ptr(armsecurityinsights.TriggersOnAlerts), - // TriggersWhen: to.Ptr(armsecurityinsights.TriggersWhenCreated), - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/automationRules/AutomationRules_Delete.json -func ExampleAutomationRulesClient_Delete() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewAutomationRulesClient().Delete(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res.Interface = map[string]any{ - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/automationRules/AutomationRules_List.json -func ExampleAutomationRulesClient_NewListPager() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - pager := clientFactory.NewAutomationRulesClient().NewListPager("myRg", "myWorkspace", nil) - for pager.More() { - page, err := pager.NextPage(ctx) - if err != nil { - log.Fatalf("failed to advance page: %v", err) - } - for _, v := range page.Value { - // You could use page here. We use blank identifier for just demo purposes. - _ = v - } - // If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // page.AutomationRulesList = armsecurityinsights.AutomationRulesList{ - // Value: []*armsecurityinsights.AutomationRule{ - // { - // Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"), - // Type: to.Ptr("Microsoft.SecurityInsights/automationRules"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/automationRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5"), - // Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - // Properties: &armsecurityinsights.AutomationRuleProperties{ - // Actions: []armsecurityinsights.AutomationRuleActionClassification{ - // &armsecurityinsights.AutomationRuleRunPlaybookAction{ - // ActionType: to.Ptr(armsecurityinsights.ActionTypeRunPlaybook), - // Order: to.Ptr[int32](1), - // ActionConfiguration: &armsecurityinsights.PlaybookActionProperties{ - // LogicAppResourceID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/AlertPlaybook"), - // TenantID: to.Ptr("d23e3eef-eed0-428f-a2d5-bc48c268e31d"), - // }, - // }}, - // CreatedBy: &armsecurityinsights.ClientInfo{ - // Name: to.Ptr("john doe"), - // Email: to.Ptr("john.doe@contoso.com"), - // ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"), - // UserPrincipalName: to.Ptr("john@contoso.com"), - // }, - // CreatedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:00:00.000Z"); return t}()), - // DisplayName: to.Ptr("Suspicious alerts in workspace"), - // LastModifiedBy: &armsecurityinsights.ClientInfo{ - // Name: to.Ptr("john doe"), - // Email: to.Ptr("john.doe@contoso.com"), - // ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"), - // UserPrincipalName: to.Ptr("john@contoso.com"), - // }, - // LastModifiedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:00:30.000Z"); return t}()), - // Order: to.Ptr[int32](1), - // TriggeringLogic: &armsecurityinsights.AutomationRuleTriggeringLogic{ - // Conditions: []armsecurityinsights.AutomationRuleConditionClassification{ - // &armsecurityinsights.PropertyConditionProperties{ - // ConditionType: to.Ptr(armsecurityinsights.ConditionTypeProperty), - // ConditionProperties: &armsecurityinsights.AutomationRulePropertyValuesCondition{ - // Operator: to.Ptr(armsecurityinsights.AutomationRulePropertyConditionSupportedOperatorContains), - // PropertyName: to.Ptr(armsecurityinsights.AutomationRulePropertyConditionSupportedPropertyAlertAnalyticRuleIDs), - // PropertyValues: []*string{ - // to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7"), - // to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a")}, - // }, - // }}, - // IsEnabled: to.Ptr(true), - // TriggersOn: to.Ptr(armsecurityinsights.TriggersOnAlerts), - // TriggersWhen: to.Ptr(armsecurityinsights.TriggersWhenCreated), - // }, - // }, - // }}, - // } - } -} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/autorest.md b/sdk/resourcemanager/securityinsights/armsecurityinsights/autorest.md index d3f5ffc2ac5e..570aeefe98d4 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/autorest.md +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/autorest.md @@ -5,9 +5,8 @@ ``` yaml azure-arm: true require: -- https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/readme.md -- https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/readme.go.md +- /mnt/vss/_work/1/s/azure-rest-api-specs/specification/securityinsights/resource-manager/readme.md +- /mnt/vss/_work/1/s/azure-rest-api-specs/specification/securityinsights/resource-manager/readme.go.md license-header: MICROSOFT_MIT_NO_VERSION -module-version: 2.0.0-beta.4 -tag: package-preview-2022-09 +module-version: 2.0.0 ``` \ No newline at end of file diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/bookmark_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/bookmark_client.go deleted file mode 100644 index ad617ff03cb5..000000000000 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/bookmark_client.go +++ /dev/null @@ -1,117 +0,0 @@ -//go:build go1.18 -// +build go1.18 - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See License.txt in the project root for license information. -// Code generated by Microsoft (R) AutoRest Code Generator. DO NOT EDIT. -// Changes may cause incorrect behavior and will be lost if the code is regenerated. - -package armsecurityinsights - -import ( - "context" - "errors" - "github.com/Azure/azure-sdk-for-go/sdk/azcore" - "github.com/Azure/azure-sdk-for-go/sdk/azcore/arm" - "github.com/Azure/azure-sdk-for-go/sdk/azcore/policy" - "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime" - "net/http" - "net/url" - "strings" -) - -// BookmarkClient contains the methods for the Bookmark group. -// Don't use this type directly, use NewBookmarkClient() instead. -type BookmarkClient struct { - internal *arm.Client - subscriptionID string -} - -// NewBookmarkClient creates a new instance of BookmarkClient with the specified values. -// - subscriptionID - The ID of the target subscription. -// - credential - used to authorize requests. Usually a credential from azidentity. -// - options - pass nil to accept the default values. -func NewBookmarkClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*BookmarkClient, error) { - cl, err := arm.NewClient(moduleName, moduleVersion, credential, options) - if err != nil { - return nil, err - } - client := &BookmarkClient{ - subscriptionID: subscriptionID, - internal: cl, - } - return client, nil -} - -// Expand - Expand an bookmark -// If the operation fails it returns an *azcore.ResponseError type. -// -// Generated from API version 2022-09-01-preview -// - resourceGroupName - The name of the resource group. The name is case insensitive. -// - workspaceName - The name of the workspace. -// - bookmarkID - Bookmark ID -// - parameters - The parameters required to execute an expand operation on the given bookmark. -// - options - BookmarkClientExpandOptions contains the optional parameters for the BookmarkClient.Expand method. -func (client *BookmarkClient) Expand(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string, parameters BookmarkExpandParameters, options *BookmarkClientExpandOptions) (BookmarkClientExpandResponse, error) { - var err error - const operationName = "BookmarkClient.Expand" - ctx = context.WithValue(ctx, runtime.CtxAPINameKey{}, operationName) - ctx, endSpan := runtime.StartSpan(ctx, operationName, client.internal.Tracer(), nil) - defer func() { endSpan(err) }() - req, err := client.expandCreateRequest(ctx, resourceGroupName, workspaceName, bookmarkID, parameters, options) - if err != nil { - return BookmarkClientExpandResponse{}, err - } - httpResp, err := client.internal.Pipeline().Do(req) - if err != nil { - return BookmarkClientExpandResponse{}, err - } - if !runtime.HasStatusCode(httpResp, http.StatusOK) { - err = runtime.NewResponseError(httpResp) - return BookmarkClientExpandResponse{}, err - } - resp, err := client.expandHandleResponse(httpResp) - return resp, err -} - -// expandCreateRequest creates the Expand request. -func (client *BookmarkClient) expandCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string, parameters BookmarkExpandParameters, options *BookmarkClientExpandOptions) (*policy.Request, error) { - urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/expand" - if client.subscriptionID == "" { - return nil, errors.New("parameter client.subscriptionID cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) - if resourceGroupName == "" { - return nil, errors.New("parameter resourceGroupName cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) - if workspaceName == "" { - return nil, errors.New("parameter workspaceName cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) - if bookmarkID == "" { - return nil, errors.New("parameter bookmarkID cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{bookmarkId}", url.PathEscape(bookmarkID)) - req, err := runtime.NewRequest(ctx, http.MethodPost, runtime.JoinPaths(client.internal.Endpoint(), urlPath)) - if err != nil { - return nil, err - } - reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") - req.Raw().URL.RawQuery = reqQP.Encode() - req.Raw().Header["Accept"] = []string{"application/json"} - if err := runtime.MarshalAsJSON(req, parameters); err != nil { - return nil, err - } - return req, nil -} - -// expandHandleResponse handles the Expand response. -func (client *BookmarkClient) expandHandleResponse(resp *http.Response) (BookmarkClientExpandResponse, error) { - result := BookmarkClientExpandResponse{} - if err := runtime.UnmarshalAsJSON(resp, &result.BookmarkExpandResponse); err != nil { - return BookmarkClientExpandResponse{}, err - } - return result, nil -} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/bookmark_client_example_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/bookmark_client_example_test.go deleted file mode 100644 index 68c3e0b207af..000000000000 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/bookmark_client_example_test.go +++ /dev/null @@ -1,68 +0,0 @@ -//go:build go1.18 -// +build go1.18 - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See License.txt in the project root for license information. -// Code generated by Microsoft (R) AutoRest Code Generator. -// Changes may cause incorrect behavior and will be lost if the code is regenerated. -// DO NOT EDIT. - -package armsecurityinsights_test - -import ( - "context" - "log" - - "time" - - "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" - "github.com/Azure/azure-sdk-for-go/sdk/azidentity" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" -) - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/bookmarks/expand/PostExpandBookmark.json -func ExampleBookmarkClient_Expand() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewBookmarkClient().Expand(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", armsecurityinsights.BookmarkExpandParameters{ - EndTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-01-24T17:21:00.000Z"); return t }()), - ExpansionID: to.Ptr("27f76e63-c41b-480f-bb18-12ad2e011d49"), - StartTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-25T17:21:00.000Z"); return t }()), - }, nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res.BookmarkExpandResponse = armsecurityinsights.BookmarkExpandResponse{ - // MetaData: &armsecurityinsights.ExpansionResultsMetadata{ - // Aggregations: []*armsecurityinsights.ExpansionResultAggregation{ - // { - // Count: to.Ptr[int32](1), - // EntityKind: to.Ptr(armsecurityinsights.EntityKindAccount), - // }}, - // }, - // Value: &armsecurityinsights.BookmarkExpandResponseValue{ - // Entities: []armsecurityinsights.EntityClassification{ - // &armsecurityinsights.AccountEntity{ - // Name: to.Ptr("fe4ddab5-8cea-eca3-c8b8-9e92e830a387"), - // Type: to.Ptr("Microsoft.SecurityInsights/entities"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/fe4ddab5-8cea-eca3-c8b8-9e92e830a387"), - // Kind: to.Ptr(armsecurityinsights.EntityKindAccount), - // Properties: &armsecurityinsights.AccountEntityProperties{ - // FriendlyName: to.Ptr("administrator"), - // AccountName: to.Ptr("administrator"), - // NtDomain: to.Ptr("domain"), - // }, - // }}, - // }, - // } -} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/bookmarkrelations_client_example_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/bookmarkrelations_client_example_test.go deleted file mode 100644 index 444e03c98fe9..000000000000 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/bookmarkrelations_client_example_test.go +++ /dev/null @@ -1,145 +0,0 @@ -//go:build go1.18 -// +build go1.18 - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See License.txt in the project root for license information. -// Code generated by Microsoft (R) AutoRest Code Generator. -// Changes may cause incorrect behavior and will be lost if the code is regenerated. -// DO NOT EDIT. - -package armsecurityinsights_test - -import ( - "context" - "log" - - "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" - "github.com/Azure/azure-sdk-for-go/sdk/azidentity" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" -) - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/bookmarks/relations/GetAllBookmarkRelations.json -func ExampleBookmarkRelationsClient_NewListPager() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - pager := clientFactory.NewBookmarkRelationsClient().NewListPager("myRg", "myWorkspace", "2216d0e1-91e3-4902-89fd-d2df8c535096", &armsecurityinsights.BookmarkRelationsClientListOptions{Filter: nil, - Orderby: nil, - Top: nil, - SkipToken: nil, - }) - for pager.More() { - page, err := pager.NextPage(ctx) - if err != nil { - log.Fatalf("failed to advance page: %v", err) - } - for _, v := range page.Value { - // You could use page here. We use blank identifier for just demo purposes. - _ = v - } - // If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // page.RelationList = armsecurityinsights.RelationList{ - // Value: []*armsecurityinsights.Relation{ - // { - // Name: to.Ptr("4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"), - // Type: to.Ptr("Microsoft.SecurityInsights/bookmarks/relations"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"), - // Etag: to.Ptr("190057d0-0000-0d00-0000-5c6f5adb0000"), - // Properties: &armsecurityinsights.RelationProperties{ - // RelatedResourceID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812"), - // RelatedResourceName: to.Ptr("afbd324f-6c48-459c-8710-8d1e1cd03812"), - // RelatedResourceType: to.Ptr("Microsoft.SecurityInsights/incidents"), - // }, - // }}, - // } - } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/bookmarks/relations/GetBookmarkRelationByName.json -func ExampleBookmarkRelationsClient_Get() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewBookmarkRelationsClient().Get(ctx, "myRg", "myWorkspace", "2216d0e1-91e3-4902-89fd-d2df8c535096", "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res.Relation = armsecurityinsights.Relation{ - // Name: to.Ptr("4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"), - // Type: to.Ptr("Microsoft.SecurityInsights/bookmarks/relations"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"), - // Etag: to.Ptr("190057d0-0000-0d00-0000-5c6f5adb0000"), - // Properties: &armsecurityinsights.RelationProperties{ - // RelatedResourceID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812"), - // RelatedResourceName: to.Ptr("afbd324f-6c48-459c-8710-8d1e1cd03812"), - // RelatedResourceType: to.Ptr("Microsoft.SecurityInsights/incidents"), - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/bookmarks/relations/CreateBookmarkRelation.json -func ExampleBookmarkRelationsClient_CreateOrUpdate() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewBookmarkRelationsClient().CreateOrUpdate(ctx, "myRg", "myWorkspace", "2216d0e1-91e3-4902-89fd-d2df8c535096", "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", armsecurityinsights.Relation{ - Properties: &armsecurityinsights.RelationProperties{ - RelatedResourceID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812"), - }, - }, nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res.Relation = armsecurityinsights.Relation{ - // Name: to.Ptr("4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"), - // Type: to.Ptr("Microsoft.SecurityInsights/bookmarks/relations"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"), - // Etag: to.Ptr("190057d0-0000-0d00-0000-5c6f5adb0000"), - // Properties: &armsecurityinsights.RelationProperties{ - // RelatedResourceID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812"), - // RelatedResourceName: to.Ptr("afbd324f-6c48-459c-8710-8d1e1cd03812"), - // RelatedResourceType: to.Ptr("Microsoft.SecurityInsights/incidents"), - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/bookmarks/relations/DeleteBookmarkRelation.json -func ExampleBookmarkRelationsClient_Delete() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - _, err = clientFactory.NewBookmarkRelationsClient().Delete(ctx, "myRg", "myWorkspace", "2216d0e1-91e3-4902-89fd-d2df8c535096", "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } -} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/bookmarks_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/bookmarks_client.go index 61b9576d33f7..45c6c2895175 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/bookmarks_client.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/bookmarks_client.go @@ -28,7 +28,7 @@ type BookmarksClient struct { } // NewBookmarksClient creates a new instance of BookmarksClient with the specified values. -// - subscriptionID - The ID of the target subscription. +// - subscriptionID - The ID of the target subscription. The value must be an UUID. // - credential - used to authorize requests. Usually a credential from azidentity. // - options - pass nil to accept the default values. func NewBookmarksClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*BookmarksClient, error) { @@ -46,7 +46,7 @@ func NewBookmarksClient(subscriptionID string, credential azcore.TokenCredential // CreateOrUpdate - Creates or updates the bookmark. // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. // - bookmarkID - Bookmark ID @@ -99,7 +99,7 @@ func (client *BookmarksClient) createOrUpdateCreateRequest(ctx context.Context, return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} if err := runtime.MarshalAsJSON(req, bookmark); err != nil { @@ -120,7 +120,7 @@ func (client *BookmarksClient) createOrUpdateHandleResponse(resp *http.Response) // Delete - Delete the bookmark. // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. // - bookmarkID - Bookmark ID @@ -170,7 +170,7 @@ func (client *BookmarksClient) deleteCreateRequest(ctx context.Context, resource return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil @@ -179,7 +179,7 @@ func (client *BookmarksClient) deleteCreateRequest(ctx context.Context, resource // Get - Gets a bookmark. // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. // - bookmarkID - Bookmark ID @@ -230,7 +230,7 @@ func (client *BookmarksClient) getCreateRequest(ctx context.Context, resourceGro return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil @@ -247,7 +247,7 @@ func (client *BookmarksClient) getHandleResponse(resp *http.Response) (Bookmarks // NewListPager - Gets all bookmarks. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. // - options - BookmarksClientListOptions contains the optional parameters for the BookmarksClient.NewListPager method. @@ -294,7 +294,7 @@ func (client *BookmarksClient) listCreateRequest(ctx context.Context, resourceGr return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/bookmarks_client_example_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/bookmarks_client_example_test.go deleted file mode 100644 index 7a0cd2fcc989..000000000000 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/bookmarks_client_example_test.go +++ /dev/null @@ -1,270 +0,0 @@ -//go:build go1.18 -// +build go1.18 - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See License.txt in the project root for license information. -// Code generated by Microsoft (R) AutoRest Code Generator. -// Changes may cause incorrect behavior and will be lost if the code is regenerated. -// DO NOT EDIT. - -package armsecurityinsights_test - -import ( - "context" - "log" - - "time" - - "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" - "github.com/Azure/azure-sdk-for-go/sdk/azidentity" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" -) - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/bookmarks/GetBookmarks.json -func ExampleBookmarksClient_NewListPager() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - pager := clientFactory.NewBookmarksClient().NewListPager("myRg", "myWorkspace", nil) - for pager.More() { - page, err := pager.NextPage(ctx) - if err != nil { - log.Fatalf("failed to advance page: %v", err) - } - for _, v := range page.Value { - // You could use page here. We use blank identifier for just demo purposes. - _ = v - } - // If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // page.BookmarkList = armsecurityinsights.BookmarkList{ - // Value: []*armsecurityinsights.Bookmark{ - // { - // Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"), - // Type: to.Ptr("Microsoft.SecurityInsights/bookmarks"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/73e01a99-5cd7-4139-a149-9f2736ff2ab5"), - // Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - // Properties: &armsecurityinsights.BookmarkProperties{ - // Created: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T13:15:30.000Z"); return t}()), - // CreatedBy: &armsecurityinsights.UserInfo{ - // Name: to.Ptr("john doe"), - // Email: to.Ptr("john@contoso.com"), - // ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"), - // }, - // DisplayName: to.Ptr("My bookmark"), - // EntityMappings: []*armsecurityinsights.BookmarkEntityMappings{ - // { - // EntityType: to.Ptr("Account"), - // FieldMappings: []*armsecurityinsights.EntityFieldMapping{ - // { - // Identifier: to.Ptr("Fullname"), - // Value: to.Ptr("johndoe@microsoft.com"), - // }}, - // }}, - // IncidentInfo: &armsecurityinsights.IncidentInfo{ - // IncidentID: to.Ptr("DDA55F97-170B-40B9-B8ED-CBFD05481E7D"), - // RelationName: to.Ptr("4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0018"), - // Severity: to.Ptr(armsecurityinsights.IncidentSeverityLow), - // Title: to.Ptr("New case 1"), - // }, - // Labels: []*string{ - // to.Ptr("Tag1"), - // to.Ptr("Tag2")}, - // Notes: to.Ptr("Found a suspicious activity"), - // Query: to.Ptr("SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)"), - // QueryResult: to.Ptr("Security Event query result"), - // Tactics: []*armsecurityinsights.AttackTactic{ - // to.Ptr(armsecurityinsights.AttackTacticExecution)}, - // Techniques: []*string{ - // to.Ptr("T1609")}, - // Updated: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T13:15:30.000Z"); return t}()), - // UpdatedBy: &armsecurityinsights.UserInfo{ - // Name: to.Ptr("john doe"), - // Email: to.Ptr("john@contoso.com"), - // ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"), - // }, - // }, - // }}, - // } - } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/bookmarks/GetBookmarkById.json -func ExampleBookmarksClient_Get() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewBookmarksClient().Get(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res.Bookmark = armsecurityinsights.Bookmark{ - // Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"), - // Type: to.Ptr("Microsoft.SecurityInsights/bookmarks"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/73e01a99-5cd7-4139-a149-9f2736ff2ab5"), - // Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - // Properties: &armsecurityinsights.BookmarkProperties{ - // Created: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T13:15:30.000Z"); return t}()), - // CreatedBy: &armsecurityinsights.UserInfo{ - // Name: to.Ptr("john doe"), - // Email: to.Ptr("john@contoso.com"), - // ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"), - // }, - // DisplayName: to.Ptr("My bookmark"), - // EntityMappings: []*armsecurityinsights.BookmarkEntityMappings{ - // { - // EntityType: to.Ptr("Account"), - // FieldMappings: []*armsecurityinsights.EntityFieldMapping{ - // { - // Identifier: to.Ptr("Fullname"), - // Value: to.Ptr("johndoe@microsoft.com"), - // }}, - // }}, - // IncidentInfo: &armsecurityinsights.IncidentInfo{ - // IncidentID: to.Ptr("DDA55F97-170B-40B9-B8ED-CBFD05481E7D"), - // RelationName: to.Ptr("4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0018"), - // Severity: to.Ptr(armsecurityinsights.IncidentSeverityLow), - // Title: to.Ptr("New case 1"), - // }, - // Labels: []*string{ - // to.Ptr("Tag1"), - // to.Ptr("Tag2")}, - // Notes: to.Ptr("Found a suspicious activity"), - // Query: to.Ptr("SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)"), - // QueryResult: to.Ptr("Security Event query result"), - // Tactics: []*armsecurityinsights.AttackTactic{ - // to.Ptr(armsecurityinsights.AttackTacticExecution)}, - // Techniques: []*string{ - // to.Ptr("T1609")}, - // Updated: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T13:15:30.000Z"); return t}()), - // UpdatedBy: &armsecurityinsights.UserInfo{ - // Name: to.Ptr("john doe"), - // Email: to.Ptr("john@contoso.com"), - // ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"), - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/bookmarks/CreateBookmark.json -func ExampleBookmarksClient_CreateOrUpdate() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewBookmarksClient().CreateOrUpdate(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", armsecurityinsights.Bookmark{ - Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - Properties: &armsecurityinsights.BookmarkProperties{ - Created: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T13:15:30.000Z"); return t }()), - CreatedBy: &armsecurityinsights.UserInfo{ - ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"), - }, - DisplayName: to.Ptr("My bookmark"), - EntityMappings: []*armsecurityinsights.BookmarkEntityMappings{ - { - EntityType: to.Ptr("Account"), - FieldMappings: []*armsecurityinsights.EntityFieldMapping{ - { - Identifier: to.Ptr("Fullname"), - Value: to.Ptr("johndoe@microsoft.com"), - }}, - }}, - Labels: []*string{ - to.Ptr("Tag1"), - to.Ptr("Tag2")}, - Notes: to.Ptr("Found a suspicious activity"), - Query: to.Ptr("SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)"), - QueryResult: to.Ptr("Security Event query result"), - Tactics: []*armsecurityinsights.AttackTactic{ - to.Ptr(armsecurityinsights.AttackTacticExecution)}, - Techniques: []*string{ - to.Ptr("T1609")}, - Updated: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T13:15:30.000Z"); return t }()), - UpdatedBy: &armsecurityinsights.UserInfo{ - ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"), - }, - }, - }, nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res.Bookmark = armsecurityinsights.Bookmark{ - // Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"), - // Type: to.Ptr("Microsoft.SecurityInsights/bookmarks"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/73e01a99-5cd7-4139-a149-9f2736ff2ab5"), - // Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - // Properties: &armsecurityinsights.BookmarkProperties{ - // Created: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T13:15:30.000Z"); return t}()), - // CreatedBy: &armsecurityinsights.UserInfo{ - // Name: to.Ptr("john doe"), - // Email: to.Ptr("john@contoso.com"), - // ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"), - // }, - // DisplayName: to.Ptr("My bookmark"), - // EntityMappings: []*armsecurityinsights.BookmarkEntityMappings{ - // { - // EntityType: to.Ptr("Account"), - // FieldMappings: []*armsecurityinsights.EntityFieldMapping{ - // { - // Identifier: to.Ptr("Fullname"), - // Value: to.Ptr("johndoe@microsoft.com"), - // }}, - // }}, - // Labels: []*string{ - // to.Ptr("Tag1"), - // to.Ptr("Tag2")}, - // Notes: to.Ptr("Found a suspicious activity"), - // Query: to.Ptr("SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)"), - // QueryResult: to.Ptr("Security Event query result"), - // Tactics: []*armsecurityinsights.AttackTactic{ - // to.Ptr(armsecurityinsights.AttackTacticExecution)}, - // Techniques: []*string{ - // to.Ptr("T1609")}, - // Updated: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T13:15:30.000Z"); return t}()), - // UpdatedBy: &armsecurityinsights.UserInfo{ - // Name: to.Ptr("john doe"), - // Email: to.Ptr("john@contoso.com"), - // ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"), - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/bookmarks/DeleteBookmark.json -func ExampleBookmarksClient_Delete() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - _, err = clientFactory.NewBookmarksClient().Delete(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } -} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/client_factory.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/client_factory.go index 9fffbe478fdd..9e5d6036b3b6 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/client_factory.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/client_factory.go @@ -22,7 +22,7 @@ type ClientFactory struct { // NewClientFactory creates a new instance of ClientFactory with the specified values. // The parameter values will be propagated to any client created from this factory. -// - subscriptionID - The ID of the target subscription. +// - subscriptionID - The ID of the target subscription. The value must be an UUID. // - credential - used to authorize requests. Usually a credential from azidentity. // - options - pass nil to accept the default values. func NewClientFactory(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*ClientFactory, error) { @@ -68,22 +68,6 @@ func (c *ClientFactory) NewAutomationRulesClient() *AutomationRulesClient { } } -// NewBookmarkClient creates a new instance of BookmarkClient. -func (c *ClientFactory) NewBookmarkClient() *BookmarkClient { - return &BookmarkClient{ - subscriptionID: c.subscriptionID, - internal: c.internal, - } -} - -// NewBookmarkRelationsClient creates a new instance of BookmarkRelationsClient. -func (c *ClientFactory) NewBookmarkRelationsClient() *BookmarkRelationsClient { - return &BookmarkRelationsClient{ - subscriptionID: c.subscriptionID, - internal: c.internal, - } -} - // NewBookmarksClient creates a new instance of BookmarksClient. func (c *ClientFactory) NewBookmarksClient() *BookmarksClient { return &BookmarksClient{ @@ -92,144 +76,136 @@ func (c *ClientFactory) NewBookmarksClient() *BookmarksClient { } } -// NewDataConnectorsCheckRequirementsClient creates a new instance of DataConnectorsCheckRequirementsClient. -func (c *ClientFactory) NewDataConnectorsCheckRequirementsClient() *DataConnectorsCheckRequirementsClient { - return &DataConnectorsCheckRequirementsClient{ +// NewContentPackageClient creates a new instance of ContentPackageClient. +func (c *ClientFactory) NewContentPackageClient() *ContentPackageClient { + return &ContentPackageClient{ subscriptionID: c.subscriptionID, internal: c.internal, } } -// NewDataConnectorsClient creates a new instance of DataConnectorsClient. -func (c *ClientFactory) NewDataConnectorsClient() *DataConnectorsClient { - return &DataConnectorsClient{ +// NewContentPackagesClient creates a new instance of ContentPackagesClient. +func (c *ClientFactory) NewContentPackagesClient() *ContentPackagesClient { + return &ContentPackagesClient{ subscriptionID: c.subscriptionID, internal: c.internal, } } -// NewDomainWhoisClient creates a new instance of DomainWhoisClient. -func (c *ClientFactory) NewDomainWhoisClient() *DomainWhoisClient { - return &DomainWhoisClient{ +// NewContentTemplateClient creates a new instance of ContentTemplateClient. +func (c *ClientFactory) NewContentTemplateClient() *ContentTemplateClient { + return &ContentTemplateClient{ subscriptionID: c.subscriptionID, internal: c.internal, } } -// NewEntitiesClient creates a new instance of EntitiesClient. -func (c *ClientFactory) NewEntitiesClient() *EntitiesClient { - return &EntitiesClient{ +// NewContentTemplatesClient creates a new instance of ContentTemplatesClient. +func (c *ClientFactory) NewContentTemplatesClient() *ContentTemplatesClient { + return &ContentTemplatesClient{ subscriptionID: c.subscriptionID, internal: c.internal, } } -// NewEntitiesGetTimelineClient creates a new instance of EntitiesGetTimelineClient. -func (c *ClientFactory) NewEntitiesGetTimelineClient() *EntitiesGetTimelineClient { - return &EntitiesGetTimelineClient{ +// NewDataConnectorDefinitionsClient creates a new instance of DataConnectorDefinitionsClient. +func (c *ClientFactory) NewDataConnectorDefinitionsClient() *DataConnectorDefinitionsClient { + return &DataConnectorDefinitionsClient{ subscriptionID: c.subscriptionID, internal: c.internal, } } -// NewEntitiesRelationsClient creates a new instance of EntitiesRelationsClient. -func (c *ClientFactory) NewEntitiesRelationsClient() *EntitiesRelationsClient { - return &EntitiesRelationsClient{ +// NewDataConnectorsClient creates a new instance of DataConnectorsClient. +func (c *ClientFactory) NewDataConnectorsClient() *DataConnectorsClient { + return &DataConnectorsClient{ subscriptionID: c.subscriptionID, internal: c.internal, } } -// NewEntityQueriesClient creates a new instance of EntityQueriesClient. -func (c *ClientFactory) NewEntityQueriesClient() *EntityQueriesClient { - return &EntityQueriesClient{ +// NewEntitiesClient creates a new instance of EntitiesClient. +func (c *ClientFactory) NewEntitiesClient() *EntitiesClient { + return &EntitiesClient{ subscriptionID: c.subscriptionID, internal: c.internal, } } -// NewEntityQueryTemplatesClient creates a new instance of EntityQueryTemplatesClient. -func (c *ClientFactory) NewEntityQueryTemplatesClient() *EntityQueryTemplatesClient { - return &EntityQueryTemplatesClient{ +// NewIncidentCommentsClient creates a new instance of IncidentCommentsClient. +func (c *ClientFactory) NewIncidentCommentsClient() *IncidentCommentsClient { + return &IncidentCommentsClient{ subscriptionID: c.subscriptionID, internal: c.internal, } } -// NewEntityRelationsClient creates a new instance of EntityRelationsClient. -func (c *ClientFactory) NewEntityRelationsClient() *EntityRelationsClient { - return &EntityRelationsClient{ +// NewIncidentRelationsClient creates a new instance of IncidentRelationsClient. +func (c *ClientFactory) NewIncidentRelationsClient() *IncidentRelationsClient { + return &IncidentRelationsClient{ subscriptionID: c.subscriptionID, internal: c.internal, } } -// NewFileImportsClient creates a new instance of FileImportsClient. -func (c *ClientFactory) NewFileImportsClient() *FileImportsClient { - return &FileImportsClient{ +// NewIncidentTasksClient creates a new instance of IncidentTasksClient. +func (c *ClientFactory) NewIncidentTasksClient() *IncidentTasksClient { + return &IncidentTasksClient{ subscriptionID: c.subscriptionID, internal: c.internal, } } -// NewIPGeodataClient creates a new instance of IPGeodataClient. -func (c *ClientFactory) NewIPGeodataClient() *IPGeodataClient { - return &IPGeodataClient{ +// NewIncidentsClient creates a new instance of IncidentsClient. +func (c *ClientFactory) NewIncidentsClient() *IncidentsClient { + return &IncidentsClient{ subscriptionID: c.subscriptionID, internal: c.internal, } } -// NewIncidentCommentsClient creates a new instance of IncidentCommentsClient. -func (c *ClientFactory) NewIncidentCommentsClient() *IncidentCommentsClient { - return &IncidentCommentsClient{ +// NewMetadataClient creates a new instance of MetadataClient. +func (c *ClientFactory) NewMetadataClient() *MetadataClient { + return &MetadataClient{ subscriptionID: c.subscriptionID, internal: c.internal, } } -// NewIncidentRelationsClient creates a new instance of IncidentRelationsClient. -func (c *ClientFactory) NewIncidentRelationsClient() *IncidentRelationsClient { - return &IncidentRelationsClient{ - subscriptionID: c.subscriptionID, - internal: c.internal, +// NewOperationsClient creates a new instance of OperationsClient. +func (c *ClientFactory) NewOperationsClient() *OperationsClient { + return &OperationsClient{ + internal: c.internal, } } -// NewIncidentsClient creates a new instance of IncidentsClient. -func (c *ClientFactory) NewIncidentsClient() *IncidentsClient { - return &IncidentsClient{ +// NewProductPackageClient creates a new instance of ProductPackageClient. +func (c *ClientFactory) NewProductPackageClient() *ProductPackageClient { + return &ProductPackageClient{ subscriptionID: c.subscriptionID, internal: c.internal, } } -// NewMetadataClient creates a new instance of MetadataClient. -func (c *ClientFactory) NewMetadataClient() *MetadataClient { - return &MetadataClient{ +// NewProductPackagesClient creates a new instance of ProductPackagesClient. +func (c *ClientFactory) NewProductPackagesClient() *ProductPackagesClient { + return &ProductPackagesClient{ subscriptionID: c.subscriptionID, internal: c.internal, } } -// NewOfficeConsentsClient creates a new instance of OfficeConsentsClient. -func (c *ClientFactory) NewOfficeConsentsClient() *OfficeConsentsClient { - return &OfficeConsentsClient{ +// NewProductTemplateClient creates a new instance of ProductTemplateClient. +func (c *ClientFactory) NewProductTemplateClient() *ProductTemplateClient { + return &ProductTemplateClient{ subscriptionID: c.subscriptionID, internal: c.internal, } } -// NewOperationsClient creates a new instance of OperationsClient. -func (c *ClientFactory) NewOperationsClient() *OperationsClient { - return &OperationsClient{ - internal: c.internal, - } -} - -// NewProductSettingsClient creates a new instance of ProductSettingsClient. -func (c *ClientFactory) NewProductSettingsClient() *ProductSettingsClient { - return &ProductSettingsClient{ +// NewProductTemplatesClient creates a new instance of ProductTemplatesClient. +func (c *ClientFactory) NewProductTemplatesClient() *ProductTemplatesClient { + return &ProductTemplatesClient{ subscriptionID: c.subscriptionID, internal: c.internal, } diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/constants.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/constants.go index 7a67cf91168a..8f7f0e44a967 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/constants.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/constants.go @@ -10,13 +10,15 @@ package armsecurityinsights const ( moduleName = "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights" - moduleVersion = "v2.0.0-beta.4" + moduleVersion = "v2.0.0" ) // ActionType - The type of the automation rule action. type ActionType string const ( + // ActionTypeAddIncidentTask - Add a task to an incident object + ActionTypeAddIncidentTask ActionType = "AddIncidentTask" // ActionTypeModifyProperties - Modify an object's properties ActionTypeModifyProperties ActionType = "ModifyProperties" // ActionTypeRunPlaybook - Run a playbook on an object @@ -26,6 +28,7 @@ const ( // PossibleActionTypeValues returns the possible values for the ActionType const type. func PossibleActionTypeValues() []ActionType { return []ActionType{ + ActionTypeAddIncidentTask, ActionTypeModifyProperties, ActionTypeRunPlaybook, } @@ -49,27 +52,60 @@ func PossibleAlertDetailValues() []AlertDetail { } } +// AlertProperty - The V3 alert property +type AlertProperty string + +const ( + // AlertPropertyAlertLink - Alert's link + AlertPropertyAlertLink AlertProperty = "AlertLink" + // AlertPropertyConfidenceLevel - Confidence level property + AlertPropertyConfidenceLevel AlertProperty = "ConfidenceLevel" + // AlertPropertyConfidenceScore - Confidence score + AlertPropertyConfidenceScore AlertProperty = "ConfidenceScore" + // AlertPropertyExtendedLinks - Extended links to the alert + AlertPropertyExtendedLinks AlertProperty = "ExtendedLinks" + // AlertPropertyProductComponentName - Product component name alert property + AlertPropertyProductComponentName AlertProperty = "ProductComponentName" + // AlertPropertyProductName - Product name alert property + AlertPropertyProductName AlertProperty = "ProductName" + // AlertPropertyProviderName - Provider name alert property + AlertPropertyProviderName AlertProperty = "ProviderName" + // AlertPropertyRemediationSteps - Remediation steps alert property + AlertPropertyRemediationSteps AlertProperty = "RemediationSteps" + // AlertPropertyTechniques - Techniques alert property + AlertPropertyTechniques AlertProperty = "Techniques" +) + +// PossibleAlertPropertyValues returns the possible values for the AlertProperty const type. +func PossibleAlertPropertyValues() []AlertProperty { + return []AlertProperty{ + AlertPropertyAlertLink, + AlertPropertyConfidenceLevel, + AlertPropertyConfidenceScore, + AlertPropertyExtendedLinks, + AlertPropertyProductComponentName, + AlertPropertyProductName, + AlertPropertyProviderName, + AlertPropertyRemediationSteps, + AlertPropertyTechniques, + } +} + // AlertRuleKind - The kind of the alert rule type AlertRuleKind string const ( AlertRuleKindFusion AlertRuleKind = "Fusion" - AlertRuleKindMLBehaviorAnalytics AlertRuleKind = "MLBehaviorAnalytics" AlertRuleKindMicrosoftSecurityIncidentCreation AlertRuleKind = "MicrosoftSecurityIncidentCreation" - AlertRuleKindNRT AlertRuleKind = "NRT" AlertRuleKindScheduled AlertRuleKind = "Scheduled" - AlertRuleKindThreatIntelligence AlertRuleKind = "ThreatIntelligence" ) // PossibleAlertRuleKindValues returns the possible values for the AlertRuleKind const type. func PossibleAlertRuleKindValues() []AlertRuleKind { return []AlertRuleKind{ AlertRuleKindFusion, - AlertRuleKindMLBehaviorAnalytics, AlertRuleKindMicrosoftSecurityIncidentCreation, - AlertRuleKindNRT, AlertRuleKindScheduled, - AlertRuleKindThreatIntelligence, } } @@ -194,6 +230,7 @@ func PossibleAttackTacticValues() []AttackTactic { } } +// AutomationRuleBooleanConditionSupportedOperator - Describes a boolean condition operator. type AutomationRuleBooleanConditionSupportedOperator string const ( @@ -249,6 +286,7 @@ func PossibleAutomationRulePropertyArrayChangedConditionSupportedChangeTypeValue } } +// AutomationRulePropertyArrayConditionSupportedArrayConditionType - Describes an array condition evaluation type. type AutomationRulePropertyArrayConditionSupportedArrayConditionType string const ( @@ -264,6 +302,7 @@ func PossibleAutomationRulePropertyArrayConditionSupportedArrayConditionTypeValu } } +// AutomationRulePropertyArrayConditionSupportedArrayType - Describes an array condition evaluated array type. type AutomationRulePropertyArrayConditionSupportedArrayType string const ( @@ -549,6 +588,40 @@ func PossibleAutomationRulePropertyConditionSupportedPropertyValues() []Automati } } +// CcpAuthType - Type of paging +type CcpAuthType string + +const ( + CcpAuthTypeAPIKey CcpAuthType = "APIKey" + CcpAuthTypeAWS CcpAuthType = "AWS" + CcpAuthTypeBasic CcpAuthType = "Basic" + CcpAuthTypeGCP CcpAuthType = "GCP" + CcpAuthTypeGitHub CcpAuthType = "GitHub" + CcpAuthTypeJwtToken CcpAuthType = "JwtToken" + CcpAuthTypeNone CcpAuthType = "None" + CcpAuthTypeOAuth2 CcpAuthType = "OAuth2" + CcpAuthTypeOracle CcpAuthType = "Oracle" + CcpAuthTypeServiceBus CcpAuthType = "ServiceBus" + CcpAuthTypeSession CcpAuthType = "Session" +) + +// PossibleCcpAuthTypeValues returns the possible values for the CcpAuthType const type. +func PossibleCcpAuthTypeValues() []CcpAuthType { + return []CcpAuthType{ + CcpAuthTypeAPIKey, + CcpAuthTypeAWS, + CcpAuthTypeBasic, + CcpAuthTypeGCP, + CcpAuthTypeGitHub, + CcpAuthTypeJwtToken, + CcpAuthTypeNone, + CcpAuthTypeOAuth2, + CcpAuthTypeOracle, + CcpAuthTypeServiceBus, + CcpAuthTypeSession, + } +} + type ConditionType string const ( @@ -622,50 +695,26 @@ func PossibleConfidenceScoreStatusValues() []ConfidenceScoreStatus { } } -// ConnectAuthKind - The authentication kind used to poll the data -type ConnectAuthKind string - -const ( - ConnectAuthKindAPIKey ConnectAuthKind = "APIKey" - ConnectAuthKindBasic ConnectAuthKind = "Basic" - ConnectAuthKindOAuth2 ConnectAuthKind = "OAuth2" -) - -// PossibleConnectAuthKindValues returns the possible values for the ConnectAuthKind const type. -func PossibleConnectAuthKindValues() []ConnectAuthKind { - return []ConnectAuthKind{ - ConnectAuthKindAPIKey, - ConnectAuthKindBasic, - ConnectAuthKindOAuth2, - } -} - -// ConnectivityType - type of connectivity -type ConnectivityType string - -const ( - ConnectivityTypeIsConnectedQuery ConnectivityType = "IsConnectedQuery" -) - -// PossibleConnectivityTypeValues returns the possible values for the ConnectivityType const type. -func PossibleConnectivityTypeValues() []ConnectivityType { - return []ConnectivityType{ - ConnectivityTypeIsConnectedQuery, - } -} - // ContentType - The content type of a source control path. type ContentType string const ( - ContentTypeAnalyticRule ContentType = "AnalyticRule" - ContentTypeWorkbook ContentType = "Workbook" + ContentTypeAnalyticRule ContentType = "AnalyticRule" + ContentTypeAutomationRule ContentType = "AutomationRule" + ContentTypeHuntingQuery ContentType = "HuntingQuery" + ContentTypeParser ContentType = "Parser" + ContentTypePlaybook ContentType = "Playbook" + ContentTypeWorkbook ContentType = "Workbook" ) // PossibleContentTypeValues returns the possible values for the ContentType const type. func PossibleContentTypeValues() []ContentType { return []ContentType{ ContentTypeAnalyticRule, + ContentTypeAutomationRule, + ContentTypeHuntingQuery, + ContentTypeParser, + ContentTypePlaybook, ContentTypeWorkbook, } } @@ -690,33 +739,17 @@ func PossibleCreatedByTypeValues() []CreatedByType { } } -// CustomEntityQueryKind - The kind of the entity query that supports put request. -type CustomEntityQueryKind string +// DataConnectorDefinitionKind - The kind of the data connector definitions +type DataConnectorDefinitionKind string const ( - CustomEntityQueryKindActivity CustomEntityQueryKind = "Activity" + DataConnectorDefinitionKindCustomizable DataConnectorDefinitionKind = "Customizable" ) -// PossibleCustomEntityQueryKindValues returns the possible values for the CustomEntityQueryKind const type. -func PossibleCustomEntityQueryKindValues() []CustomEntityQueryKind { - return []CustomEntityQueryKind{ - CustomEntityQueryKindActivity, - } -} - -// DataConnectorAuthorizationState - Describes the state of user's authorization for a connector kind. -type DataConnectorAuthorizationState string - -const ( - DataConnectorAuthorizationStateInvalid DataConnectorAuthorizationState = "Invalid" - DataConnectorAuthorizationStateValid DataConnectorAuthorizationState = "Valid" -) - -// PossibleDataConnectorAuthorizationStateValues returns the possible values for the DataConnectorAuthorizationState const type. -func PossibleDataConnectorAuthorizationStateValues() []DataConnectorAuthorizationState { - return []DataConnectorAuthorizationState{ - DataConnectorAuthorizationStateInvalid, - DataConnectorAuthorizationStateValid, +// PossibleDataConnectorDefinitionKindValues returns the possible values for the DataConnectorDefinitionKind const type. +func PossibleDataConnectorDefinitionKindValues() []DataConnectorDefinitionKind { + return []DataConnectorDefinitionKind{ + DataConnectorDefinitionKindCustomizable, } } @@ -724,69 +757,33 @@ func PossibleDataConnectorAuthorizationStateValues() []DataConnectorAuthorizatio type DataConnectorKind string const ( - DataConnectorKindAPIPolling DataConnectorKind = "APIPolling" - DataConnectorKindAmazonWebServicesCloudTrail DataConnectorKind = "AmazonWebServicesCloudTrail" - DataConnectorKindAmazonWebServicesS3 DataConnectorKind = "AmazonWebServicesS3" - DataConnectorKindAzureActiveDirectory DataConnectorKind = "AzureActiveDirectory" - DataConnectorKindAzureAdvancedThreatProtection DataConnectorKind = "AzureAdvancedThreatProtection" - DataConnectorKindAzureSecurityCenter DataConnectorKind = "AzureSecurityCenter" - DataConnectorKindDynamics365 DataConnectorKind = "Dynamics365" - DataConnectorKindGenericUI DataConnectorKind = "GenericUI" - DataConnectorKindIOT DataConnectorKind = "IOT" - DataConnectorKindMicrosoftCloudAppSecurity DataConnectorKind = "MicrosoftCloudAppSecurity" - DataConnectorKindMicrosoftDefenderAdvancedThreatProtection DataConnectorKind = "MicrosoftDefenderAdvancedThreatProtection" - DataConnectorKindMicrosoftThreatIntelligence DataConnectorKind = "MicrosoftThreatIntelligence" - DataConnectorKindMicrosoftThreatProtection DataConnectorKind = "MicrosoftThreatProtection" - DataConnectorKindOffice365 DataConnectorKind = "Office365" - DataConnectorKindOffice365Project DataConnectorKind = "Office365Project" - DataConnectorKindOfficeATP DataConnectorKind = "OfficeATP" - DataConnectorKindOfficeIRM DataConnectorKind = "OfficeIRM" - DataConnectorKindOfficePowerBI DataConnectorKind = "OfficePowerBI" - DataConnectorKindThreatIntelligence DataConnectorKind = "ThreatIntelligence" - DataConnectorKindThreatIntelligenceTaxii DataConnectorKind = "ThreatIntelligenceTaxii" + DataConnectorKindAmazonWebServicesCloudTrail DataConnectorKind = "AmazonWebServicesCloudTrail" + DataConnectorKindAzureActiveDirectory DataConnectorKind = "AzureActiveDirectory" + DataConnectorKindAzureAdvancedThreatProtection DataConnectorKind = "AzureAdvancedThreatProtection" + DataConnectorKindAzureSecurityCenter DataConnectorKind = "AzureSecurityCenter" + DataConnectorKindMicrosoftCloudAppSecurity DataConnectorKind = "MicrosoftCloudAppSecurity" + DataConnectorKindMicrosoftDefenderAdvancedThreatProtection DataConnectorKind = "MicrosoftDefenderAdvancedThreatProtection" + DataConnectorKindMicrosoftThreatIntelligence DataConnectorKind = "MicrosoftThreatIntelligence" + DataConnectorKindOffice365 DataConnectorKind = "Office365" + DataConnectorKindPremiumMicrosoftDefenderForThreatIntelligence DataConnectorKind = "PremiumMicrosoftDefenderForThreatIntelligence" + DataConnectorKindRestAPIPoller DataConnectorKind = "RestApiPoller" + DataConnectorKindThreatIntelligence DataConnectorKind = "ThreatIntelligence" ) // PossibleDataConnectorKindValues returns the possible values for the DataConnectorKind const type. func PossibleDataConnectorKindValues() []DataConnectorKind { return []DataConnectorKind{ - DataConnectorKindAPIPolling, DataConnectorKindAmazonWebServicesCloudTrail, - DataConnectorKindAmazonWebServicesS3, DataConnectorKindAzureActiveDirectory, DataConnectorKindAzureAdvancedThreatProtection, DataConnectorKindAzureSecurityCenter, - DataConnectorKindDynamics365, - DataConnectorKindGenericUI, - DataConnectorKindIOT, DataConnectorKindMicrosoftCloudAppSecurity, DataConnectorKindMicrosoftDefenderAdvancedThreatProtection, DataConnectorKindMicrosoftThreatIntelligence, - DataConnectorKindMicrosoftThreatProtection, DataConnectorKindOffice365, - DataConnectorKindOffice365Project, - DataConnectorKindOfficeATP, - DataConnectorKindOfficeIRM, - DataConnectorKindOfficePowerBI, + DataConnectorKindPremiumMicrosoftDefenderForThreatIntelligence, + DataConnectorKindRestAPIPoller, DataConnectorKindThreatIntelligence, - DataConnectorKindThreatIntelligenceTaxii, - } -} - -// DataConnectorLicenseState - Describes the state of user's license for a connector kind. -type DataConnectorLicenseState string - -const ( - DataConnectorLicenseStateInvalid DataConnectorLicenseState = "Invalid" - DataConnectorLicenseStateUnknown DataConnectorLicenseState = "Unknown" - DataConnectorLicenseStateValid DataConnectorLicenseState = "Valid" -) - -// PossibleDataConnectorLicenseStateValues returns the possible values for the DataConnectorLicenseState const type. -func PossibleDataConnectorLicenseStateValues() []DataConnectorLicenseState { - return []DataConnectorLicenseState{ - DataConnectorLicenseStateInvalid, - DataConnectorLicenseStateUnknown, - DataConnectorLicenseStateValid, } } @@ -806,27 +803,6 @@ func PossibleDataTypeStateValues() []DataTypeState { } } -// DeleteStatus - Indicates whether the file was deleted from the storage account. -type DeleteStatus string - -const ( - // DeleteStatusDeleted - The file was deleted. - DeleteStatusDeleted DeleteStatus = "Deleted" - // DeleteStatusNotDeleted - The file was not deleted. - DeleteStatusNotDeleted DeleteStatus = "NotDeleted" - // DeleteStatusUnspecified - Unspecified - DeleteStatusUnspecified DeleteStatus = "Unspecified" -) - -// PossibleDeleteStatusValues returns the possible values for the DeleteStatus const type. -func PossibleDeleteStatusValues() []DeleteStatus { - return []DeleteStatus{ - DeleteStatusDeleted, - DeleteStatusNotDeleted, - DeleteStatusUnspecified, - } -} - // DeliveryAction - The delivery action of this mail message like Delivered, Blocked, Replaced etc type DeliveryAction string @@ -949,30 +925,6 @@ func PossibleDeploymentStateValues() []DeploymentState { } } -// DeviceImportance - Device importance, determines if the device classified as 'crown jewel' -type DeviceImportance string - -const ( - // DeviceImportanceHigh - High - DeviceImportanceHigh DeviceImportance = "High" - // DeviceImportanceLow - Low - DeviceImportanceLow DeviceImportance = "Low" - // DeviceImportanceNormal - Normal - DeviceImportanceNormal DeviceImportance = "Normal" - // DeviceImportanceUnknown - Unknown - Default value - DeviceImportanceUnknown DeviceImportance = "Unknown" -) - -// PossibleDeviceImportanceValues returns the possible values for the DeviceImportance const type. -func PossibleDeviceImportanceValues() []DeviceImportance { - return []DeviceImportance{ - DeviceImportanceHigh, - DeviceImportanceLow, - DeviceImportanceNormal, - DeviceImportanceUnknown, - } -} - // ElevationToken - The elevation token associated with the process. type ElevationToken string @@ -994,95 +946,78 @@ func PossibleElevationTokenValues() []ElevationToken { } } -type EntityItemQueryKind string - -const ( - // EntityItemQueryKindInsight - insight - EntityItemQueryKindInsight EntityItemQueryKind = "Insight" -) - -// PossibleEntityItemQueryKindValues returns the possible values for the EntityItemQueryKind const type. -func PossibleEntityItemQueryKindValues() []EntityItemQueryKind { - return []EntityItemQueryKind{ - EntityItemQueryKindInsight, - } -} - -// EntityKind - The kind of the entity -type EntityKind string - -const ( - // EntityKindAccount - Entity represents account in the system. - EntityKindAccount EntityKind = "Account" - // EntityKindAzureResource - Entity represents azure resource in the system. - EntityKindAzureResource EntityKind = "AzureResource" - // EntityKindBookmark - Entity represents bookmark in the system. - EntityKindBookmark EntityKind = "Bookmark" - // EntityKindCloudApplication - Entity represents cloud application in the system. - EntityKindCloudApplication EntityKind = "CloudApplication" - // EntityKindDNSResolution - Entity represents dns resolution in the system. - EntityKindDNSResolution EntityKind = "DnsResolution" - // EntityKindFile - Entity represents file in the system. - EntityKindFile EntityKind = "File" - // EntityKindFileHash - Entity represents file hash in the system. - EntityKindFileHash EntityKind = "FileHash" - // EntityKindHost - Entity represents host in the system. - EntityKindHost EntityKind = "Host" - // EntityKindIP - Entity represents ip in the system. - EntityKindIP EntityKind = "Ip" - // EntityKindIoTDevice - Entity represents IoT device in the system. - EntityKindIoTDevice EntityKind = "IoTDevice" - // EntityKindMailCluster - Entity represents mail cluster in the system. - EntityKindMailCluster EntityKind = "MailCluster" - // EntityKindMailMessage - Entity represents mail message in the system. - EntityKindMailMessage EntityKind = "MailMessage" - // EntityKindMailbox - Entity represents mailbox in the system. - EntityKindMailbox EntityKind = "Mailbox" - // EntityKindMalware - Entity represents malware in the system. - EntityKindMalware EntityKind = "Malware" - // EntityKindNic - Entity represents network interface in the system. - EntityKindNic EntityKind = "Nic" - // EntityKindProcess - Entity represents process in the system. - EntityKindProcess EntityKind = "Process" - // EntityKindRegistryKey - Entity represents registry key in the system. - EntityKindRegistryKey EntityKind = "RegistryKey" - // EntityKindRegistryValue - Entity represents registry value in the system. - EntityKindRegistryValue EntityKind = "RegistryValue" - // EntityKindSecurityAlert - Entity represents security alert in the system. - EntityKindSecurityAlert EntityKind = "SecurityAlert" - // EntityKindSecurityGroup - Entity represents security group in the system. - EntityKindSecurityGroup EntityKind = "SecurityGroup" - // EntityKindSubmissionMail - Entity represents submission mail in the system. - EntityKindSubmissionMail EntityKind = "SubmissionMail" - // EntityKindURL - Entity represents url in the system. - EntityKindURL EntityKind = "Url" -) - -// PossibleEntityKindValues returns the possible values for the EntityKind const type. -func PossibleEntityKindValues() []EntityKind { - return []EntityKind{ - EntityKindAccount, - EntityKindAzureResource, - EntityKindBookmark, - EntityKindCloudApplication, - EntityKindDNSResolution, - EntityKindFile, - EntityKindFileHash, - EntityKindHost, - EntityKindIP, - EntityKindIoTDevice, - EntityKindMailCluster, - EntityKindMailMessage, - EntityKindMailbox, - EntityKindMalware, - EntityKindNic, - EntityKindProcess, - EntityKindRegistryKey, - EntityKindRegistryValue, - EntityKindSecurityAlert, - EntityKindSecurityGroup, - EntityKindSubmissionMail, - EntityKindURL, +// EntityKindEnum - The kind of the entity +type EntityKindEnum string + +const ( + // EntityKindEnumAccount - Entity represents account in the system. + EntityKindEnumAccount EntityKindEnum = "Account" + // EntityKindEnumAzureResource - Entity represents azure resource in the system. + EntityKindEnumAzureResource EntityKindEnum = "AzureResource" + // EntityKindEnumBookmark - Entity represents bookmark in the system. + EntityKindEnumBookmark EntityKindEnum = "Bookmark" + // EntityKindEnumCloudApplication - Entity represents cloud application in the system. + EntityKindEnumCloudApplication EntityKindEnum = "CloudApplication" + // EntityKindEnumDNSResolution - Entity represents dns resolution in the system. + EntityKindEnumDNSResolution EntityKindEnum = "DnsResolution" + // EntityKindEnumFile - Entity represents file in the system. + EntityKindEnumFile EntityKindEnum = "File" + // EntityKindEnumFileHash - Entity represents file hash in the system. + EntityKindEnumFileHash EntityKindEnum = "FileHash" + // EntityKindEnumHost - Entity represents host in the system. + EntityKindEnumHost EntityKindEnum = "Host" + // EntityKindEnumIP - Entity represents ip in the system. + EntityKindEnumIP EntityKindEnum = "Ip" + // EntityKindEnumIoTDevice - Entity represents IoT device in the system. + EntityKindEnumIoTDevice EntityKindEnum = "IoTDevice" + // EntityKindEnumMailCluster - Entity represents mail cluster in the system. + EntityKindEnumMailCluster EntityKindEnum = "MailCluster" + // EntityKindEnumMailMessage - Entity represents mail message in the system. + EntityKindEnumMailMessage EntityKindEnum = "MailMessage" + // EntityKindEnumMailbox - Entity represents mailbox in the system. + EntityKindEnumMailbox EntityKindEnum = "Mailbox" + // EntityKindEnumMalware - Entity represents malware in the system. + EntityKindEnumMalware EntityKindEnum = "Malware" + // EntityKindEnumProcess - Entity represents process in the system. + EntityKindEnumProcess EntityKindEnum = "Process" + // EntityKindEnumRegistryKey - Entity represents registry key in the system. + EntityKindEnumRegistryKey EntityKindEnum = "RegistryKey" + // EntityKindEnumRegistryValue - Entity represents registry value in the system. + EntityKindEnumRegistryValue EntityKindEnum = "RegistryValue" + // EntityKindEnumSecurityAlert - Entity represents security alert in the system. + EntityKindEnumSecurityAlert EntityKindEnum = "SecurityAlert" + // EntityKindEnumSecurityGroup - Entity represents security group in the system. + EntityKindEnumSecurityGroup EntityKindEnum = "SecurityGroup" + // EntityKindEnumSubmissionMail - Entity represents submission mail in the system. + EntityKindEnumSubmissionMail EntityKindEnum = "SubmissionMail" + // EntityKindEnumURL - Entity represents url in the system. + EntityKindEnumURL EntityKindEnum = "Url" +) + +// PossibleEntityKindEnumValues returns the possible values for the EntityKindEnum const type. +func PossibleEntityKindEnumValues() []EntityKindEnum { + return []EntityKindEnum{ + EntityKindEnumAccount, + EntityKindEnumAzureResource, + EntityKindEnumBookmark, + EntityKindEnumCloudApplication, + EntityKindEnumDNSResolution, + EntityKindEnumFile, + EntityKindEnumFileHash, + EntityKindEnumHost, + EntityKindEnumIP, + EntityKindEnumIoTDevice, + EntityKindEnumMailCluster, + EntityKindEnumMailMessage, + EntityKindEnumMailbox, + EntityKindEnumMalware, + EntityKindEnumProcess, + EntityKindEnumRegistryKey, + EntityKindEnumRegistryValue, + EntityKindEnumSecurityAlert, + EntityKindEnumSecurityGroup, + EntityKindEnumSubmissionMail, + EntityKindEnumURL, } } @@ -1152,184 +1087,6 @@ func PossibleEntityMappingTypeValues() []EntityMappingType { } } -// EntityProviders - The entity provider that is synced. -type EntityProviders string - -const ( - EntityProvidersActiveDirectory EntityProviders = "ActiveDirectory" - EntityProvidersAzureActiveDirectory EntityProviders = "AzureActiveDirectory" -) - -// PossibleEntityProvidersValues returns the possible values for the EntityProviders const type. -func PossibleEntityProvidersValues() []EntityProviders { - return []EntityProviders{ - EntityProvidersActiveDirectory, - EntityProvidersAzureActiveDirectory, - } -} - -// EntityQueryKind - The kind of the entity query -type EntityQueryKind string - -const ( - EntityQueryKindActivity EntityQueryKind = "Activity" - EntityQueryKindExpansion EntityQueryKind = "Expansion" - EntityQueryKindInsight EntityQueryKind = "Insight" -) - -// PossibleEntityQueryKindValues returns the possible values for the EntityQueryKind const type. -func PossibleEntityQueryKindValues() []EntityQueryKind { - return []EntityQueryKind{ - EntityQueryKindActivity, - EntityQueryKindExpansion, - EntityQueryKindInsight, - } -} - -// EntityQueryTemplateKind - The kind of the entity query template. -type EntityQueryTemplateKind string - -const ( - EntityQueryTemplateKindActivity EntityQueryTemplateKind = "Activity" -) - -// PossibleEntityQueryTemplateKindValues returns the possible values for the EntityQueryTemplateKind const type. -func PossibleEntityQueryTemplateKindValues() []EntityQueryTemplateKind { - return []EntityQueryTemplateKind{ - EntityQueryTemplateKindActivity, - } -} - -// EntityTimelineKind - The entity query kind -type EntityTimelineKind string - -const ( - // EntityTimelineKindActivity - activity - EntityTimelineKindActivity EntityTimelineKind = "Activity" - // EntityTimelineKindAnomaly - anomaly - EntityTimelineKindAnomaly EntityTimelineKind = "Anomaly" - // EntityTimelineKindBookmark - bookmarks - EntityTimelineKindBookmark EntityTimelineKind = "Bookmark" - // EntityTimelineKindSecurityAlert - security alerts - EntityTimelineKindSecurityAlert EntityTimelineKind = "SecurityAlert" -) - -// PossibleEntityTimelineKindValues returns the possible values for the EntityTimelineKind const type. -func PossibleEntityTimelineKindValues() []EntityTimelineKind { - return []EntityTimelineKind{ - EntityTimelineKindActivity, - EntityTimelineKindAnomaly, - EntityTimelineKindBookmark, - EntityTimelineKindSecurityAlert, - } -} - -// EntityType - The type of the entity -type EntityType string - -const ( - // EntityTypeAccount - Entity represents account in the system. - EntityTypeAccount EntityType = "Account" - // EntityTypeAzureResource - Entity represents azure resource in the system. - EntityTypeAzureResource EntityType = "AzureResource" - // EntityTypeCloudApplication - Entity represents cloud application in the system. - EntityTypeCloudApplication EntityType = "CloudApplication" - // EntityTypeDNS - Entity represents dns in the system. - EntityTypeDNS EntityType = "DNS" - // EntityTypeFile - Entity represents file in the system. - EntityTypeFile EntityType = "File" - // EntityTypeFileHash - Entity represents file hash in the system. - EntityTypeFileHash EntityType = "FileHash" - // EntityTypeHost - Entity represents host in the system. - EntityTypeHost EntityType = "Host" - // EntityTypeHuntingBookmark - Entity represents HuntingBookmark in the system. - EntityTypeHuntingBookmark EntityType = "HuntingBookmark" - // EntityTypeIP - Entity represents ip in the system. - EntityTypeIP EntityType = "IP" - // EntityTypeIoTDevice - Entity represents IoT device in the system. - EntityTypeIoTDevice EntityType = "IoTDevice" - // EntityTypeMailCluster - Entity represents mail cluster in the system. - EntityTypeMailCluster EntityType = "MailCluster" - // EntityTypeMailMessage - Entity represents mail message in the system. - EntityTypeMailMessage EntityType = "MailMessage" - // EntityTypeMailbox - Entity represents mailbox in the system. - EntityTypeMailbox EntityType = "Mailbox" - // EntityTypeMalware - Entity represents malware in the system. - EntityTypeMalware EntityType = "Malware" - // EntityTypeNic - Entity represents network interface in the system. - EntityTypeNic EntityType = "Nic" - // EntityTypeProcess - Entity represents process in the system. - EntityTypeProcess EntityType = "Process" - // EntityTypeRegistryKey - Entity represents registry key in the system. - EntityTypeRegistryKey EntityType = "RegistryKey" - // EntityTypeRegistryValue - Entity represents registry value in the system. - EntityTypeRegistryValue EntityType = "RegistryValue" - // EntityTypeSecurityAlert - Entity represents security alert in the system. - EntityTypeSecurityAlert EntityType = "SecurityAlert" - // EntityTypeSecurityGroup - Entity represents security group in the system. - EntityTypeSecurityGroup EntityType = "SecurityGroup" - // EntityTypeSubmissionMail - Entity represents submission mail in the system. - EntityTypeSubmissionMail EntityType = "SubmissionMail" - // EntityTypeURL - Entity represents url in the system. - EntityTypeURL EntityType = "URL" -) - -// PossibleEntityTypeValues returns the possible values for the EntityType const type. -func PossibleEntityTypeValues() []EntityType { - return []EntityType{ - EntityTypeAccount, - EntityTypeAzureResource, - EntityTypeCloudApplication, - EntityTypeDNS, - EntityTypeFile, - EntityTypeFileHash, - EntityTypeHost, - EntityTypeHuntingBookmark, - EntityTypeIP, - EntityTypeIoTDevice, - EntityTypeMailCluster, - EntityTypeMailMessage, - EntityTypeMailbox, - EntityTypeMalware, - EntityTypeNic, - EntityTypeProcess, - EntityTypeRegistryKey, - EntityTypeRegistryValue, - EntityTypeSecurityAlert, - EntityTypeSecurityGroup, - EntityTypeSubmissionMail, - EntityTypeURL, - } -} - -type Enum13 string - -const ( - Enum13Activity Enum13 = "Activity" - Enum13Expansion Enum13 = "Expansion" -) - -// PossibleEnum13Values returns the possible values for the Enum13 const type. -func PossibleEnum13Values() []Enum13 { - return []Enum13{ - Enum13Activity, - Enum13Expansion, - } -} - -type Enum15 string - -const ( - Enum15Activity Enum15 = "Activity" -) - -// PossibleEnum15Values returns the possible values for the Enum15 const type. -func PossibleEnum15Values() []Enum15 { - return []Enum15{ - Enum15Activity, - } -} - // EventGroupingAggregationKind - The event grouping aggregation kinds type EventGroupingAggregationKind string @@ -1346,27 +1103,6 @@ func PossibleEventGroupingAggregationKindValues() []EventGroupingAggregationKind } } -// FileFormat - The format of the file -type FileFormat string - -const ( - // FileFormatCSV - A CSV file. - FileFormatCSV FileFormat = "CSV" - // FileFormatJSON - A JSON file. - FileFormatJSON FileFormat = "JSON" - // FileFormatUnspecified - A file of other format. - FileFormatUnspecified FileFormat = "Unspecified" -) - -// PossibleFileFormatValues returns the possible values for the FileFormat const type. -func PossibleFileFormatValues() []FileFormat { - return []FileFormat{ - FileFormatCSV, - FileFormatJSON, - FileFormatUnspecified, - } -} - // FileHashAlgorithm - The hash algorithm type. type FileHashAlgorithm string @@ -1394,72 +1130,39 @@ func PossibleFileHashAlgorithmValues() []FileHashAlgorithm { } } -// FileImportContentType - The content type of this file. -type FileImportContentType string - -const ( - // FileImportContentTypeBasicIndicator - File containing records with the core fields of an indicator, plus the observables - // to construct the STIX pattern. - FileImportContentTypeBasicIndicator FileImportContentType = "BasicIndicator" - // FileImportContentTypeStixIndicator - File containing STIX indicators. - FileImportContentTypeStixIndicator FileImportContentType = "StixIndicator" - // FileImportContentTypeUnspecified - File containing other records. - FileImportContentTypeUnspecified FileImportContentType = "Unspecified" -) - -// PossibleFileImportContentTypeValues returns the possible values for the FileImportContentType const type. -func PossibleFileImportContentTypeValues() []FileImportContentType { - return []FileImportContentType{ - FileImportContentTypeBasicIndicator, - FileImportContentTypeStixIndicator, - FileImportContentTypeUnspecified, - } -} - -// FileImportState - The state of the file import. -type FileImportState string +// Flag - The boolean value the metadata is for. +type Flag string const ( - // FileImportStateFatalError - A fatal error has occurred while ingesting the file. - FileImportStateFatalError FileImportState = "FatalError" - // FileImportStateInProgress - The file ingestion is in progress. - FileImportStateInProgress FileImportState = "InProgress" - // FileImportStateIngested - The file has been ingested. - FileImportStateIngested FileImportState = "Ingested" - // FileImportStateIngestedWithErrors - The file has been ingested with errors. - FileImportStateIngestedWithErrors FileImportState = "IngestedWithErrors" - // FileImportStateInvalid - The file is invalid. - FileImportStateInvalid FileImportState = "Invalid" - // FileImportStateUnspecified - Unspecified state. - FileImportStateUnspecified FileImportState = "Unspecified" - // FileImportStateWaitingForUpload - Waiting for the file to be uploaded. - FileImportStateWaitingForUpload FileImportState = "WaitingForUpload" + FlagFalse Flag = "false" + FlagTrue Flag = "true" ) -// PossibleFileImportStateValues returns the possible values for the FileImportState const type. -func PossibleFileImportStateValues() []FileImportState { - return []FileImportState{ - FileImportStateFatalError, - FileImportStateInProgress, - FileImportStateIngested, - FileImportStateIngestedWithErrors, - FileImportStateInvalid, - FileImportStateUnspecified, - FileImportStateWaitingForUpload, +// PossibleFlagValues returns the possible values for the Flag const type. +func PossibleFlagValues() []Flag { + return []Flag{ + FlagFalse, + FlagTrue, } } -// GetInsightsError - the query kind -type GetInsightsError string +// HTTPMethodVerb - The HTTP method, default value GET. +type HTTPMethodVerb string const ( - GetInsightsErrorInsight GetInsightsError = "Insight" + HTTPMethodVerbDELETE HTTPMethodVerb = "DELETE" + HTTPMethodVerbGET HTTPMethodVerb = "GET" + HTTPMethodVerbPOST HTTPMethodVerb = "POST" + HTTPMethodVerbPUT HTTPMethodVerb = "PUT" ) -// PossibleGetInsightsErrorValues returns the possible values for the GetInsightsError const type. -func PossibleGetInsightsErrorValues() []GetInsightsError { - return []GetInsightsError{ - GetInsightsErrorInsight, +// PossibleHTTPMethodVerbValues returns the possible values for the HTTPMethodVerb const type. +func PossibleHTTPMethodVerbValues() []HTTPMethodVerb { + return []HTTPMethodVerb{ + HTTPMethodVerbDELETE, + HTTPMethodVerbGET, + HTTPMethodVerbPOST, + HTTPMethodVerbPUT, } } @@ -1574,24 +1277,21 @@ func PossibleIncidentStatusValues() []IncidentStatus { } } -// IngestionMode - Describes how to ingest the records in the file. -type IngestionMode string +// IncidentTaskStatus - The status of the task +type IncidentTaskStatus string const ( - // IngestionModeIngestAnyValidRecords - Valid records should still be ingested when invalid records are detected. - IngestionModeIngestAnyValidRecords IngestionMode = "IngestAnyValidRecords" - // IngestionModeIngestOnlyIfAllAreValid - No records should be ingested when invalid records are detected. - IngestionModeIngestOnlyIfAllAreValid IngestionMode = "IngestOnlyIfAllAreValid" - // IngestionModeUnspecified - Unspecified - IngestionModeUnspecified IngestionMode = "Unspecified" + // IncidentTaskStatusCompleted - A completed task + IncidentTaskStatusCompleted IncidentTaskStatus = "Completed" + // IncidentTaskStatusNew - A new task + IncidentTaskStatusNew IncidentTaskStatus = "New" ) -// PossibleIngestionModeValues returns the possible values for the IngestionMode const type. -func PossibleIngestionModeValues() []IngestionMode { - return []IngestionMode{ - IngestionModeIngestAnyValidRecords, - IngestionModeIngestOnlyIfAllAreValid, - IngestionModeUnspecified, +// PossibleIncidentTaskStatusValues returns the possible values for the IncidentTaskStatus const type. +func PossibleIncidentTaskStatusValues() []IncidentTaskStatus { + return []IncidentTaskStatus{ + IncidentTaskStatusCompleted, + IncidentTaskStatusNew, } } @@ -1756,13 +1456,11 @@ func PossibleMatchingMethodValues() []MatchingMethod { type MicrosoftSecurityProductName string const ( - MicrosoftSecurityProductNameAzureActiveDirectoryIdentityProtection MicrosoftSecurityProductName = "Azure Active Directory Identity Protection" - MicrosoftSecurityProductNameAzureAdvancedThreatProtection MicrosoftSecurityProductName = "Azure Advanced Threat Protection" - MicrosoftSecurityProductNameAzureSecurityCenter MicrosoftSecurityProductName = "Azure Security Center" - MicrosoftSecurityProductNameAzureSecurityCenterForIoT MicrosoftSecurityProductName = "Azure Security Center for IoT" - MicrosoftSecurityProductNameMicrosoftCloudAppSecurity MicrosoftSecurityProductName = "Microsoft Cloud App Security" - MicrosoftSecurityProductNameMicrosoftDefenderAdvancedThreatProtection MicrosoftSecurityProductName = "Microsoft Defender Advanced Threat Protection" - MicrosoftSecurityProductNameOffice365AdvancedThreatProtection MicrosoftSecurityProductName = "Office 365 Advanced Threat Protection" + MicrosoftSecurityProductNameAzureActiveDirectoryIdentityProtection MicrosoftSecurityProductName = "Azure Active Directory Identity Protection" + MicrosoftSecurityProductNameAzureAdvancedThreatProtection MicrosoftSecurityProductName = "Azure Advanced Threat Protection" + MicrosoftSecurityProductNameAzureSecurityCenter MicrosoftSecurityProductName = "Azure Security Center" + MicrosoftSecurityProductNameAzureSecurityCenterForIoT MicrosoftSecurityProductName = "Azure Security Center for IoT" + MicrosoftSecurityProductNameMicrosoftCloudAppSecurity MicrosoftSecurityProductName = "Microsoft Cloud App Security" ) // PossibleMicrosoftSecurityProductNameValues returns the possible values for the MicrosoftSecurityProductName const type. @@ -1773,8 +1471,6 @@ func PossibleMicrosoftSecurityProductNameValues() []MicrosoftSecurityProductName MicrosoftSecurityProductNameAzureSecurityCenter, MicrosoftSecurityProductNameAzureSecurityCenterForIoT, MicrosoftSecurityProductNameMicrosoftCloudAppSecurity, - MicrosoftSecurityProductNameMicrosoftDefenderAdvancedThreatProtection, - MicrosoftSecurityProductNameOffice365AdvancedThreatProtection, } } @@ -1821,26 +1517,6 @@ func PossibleOperatorValues() []Operator { } } -// OutputType - Insights Column type. -type OutputType string - -const ( - OutputTypeDate OutputType = "Date" - OutputTypeEntity OutputType = "Entity" - OutputTypeNumber OutputType = "Number" - OutputTypeString OutputType = "String" -) - -// PossibleOutputTypeValues returns the possible values for the OutputType const type. -func PossibleOutputTypeValues() []OutputType { - return []OutputType{ - OutputTypeDate, - OutputTypeEntity, - OutputTypeNumber, - OutputTypeString, - } -} - // OwnerType - The type of the owner the incident is assigned to. type OwnerType string @@ -1862,66 +1538,70 @@ func PossibleOwnerTypeValues() []OwnerType { } } -// PermissionProviderScope - Permission provider scope -type PermissionProviderScope string +// PackageKind - The package kind +type PackageKind string const ( - PermissionProviderScopeResourceGroup PermissionProviderScope = "ResourceGroup" - PermissionProviderScopeSubscription PermissionProviderScope = "Subscription" - PermissionProviderScopeWorkspace PermissionProviderScope = "Workspace" + PackageKindSolution PackageKind = "Solution" + PackageKindStandalone PackageKind = "Standalone" ) -// PossiblePermissionProviderScopeValues returns the possible values for the PermissionProviderScope const type. -func PossiblePermissionProviderScopeValues() []PermissionProviderScope { - return []PermissionProviderScope{ - PermissionProviderScopeResourceGroup, - PermissionProviderScopeSubscription, - PermissionProviderScopeWorkspace, +// PossiblePackageKindValues returns the possible values for the PackageKind const type. +func PossiblePackageKindValues() []PackageKind { + return []PackageKind{ + PackageKindSolution, + PackageKindStandalone, } } -// PollingFrequency - The polling frequency for the TAXII server. -type PollingFrequency string +// ProviderPermissionsScope - The scope on which the user should have permissions, in order to be able to create connections. +type ProviderPermissionsScope string const ( - // PollingFrequencyOnceADay - Once a day - PollingFrequencyOnceADay PollingFrequency = "OnceADay" - // PollingFrequencyOnceAMinute - Once a minute - PollingFrequencyOnceAMinute PollingFrequency = "OnceAMinute" - // PollingFrequencyOnceAnHour - Once an hour - PollingFrequencyOnceAnHour PollingFrequency = "OnceAnHour" + ProviderPermissionsScopeResourceGroup ProviderPermissionsScope = "ResourceGroup" + ProviderPermissionsScopeSubscription ProviderPermissionsScope = "Subscription" + ProviderPermissionsScopeWorkspace ProviderPermissionsScope = "Workspace" ) -// PossiblePollingFrequencyValues returns the possible values for the PollingFrequency const type. -func PossiblePollingFrequencyValues() []PollingFrequency { - return []PollingFrequency{ - PollingFrequencyOnceADay, - PollingFrequencyOnceAMinute, - PollingFrequencyOnceAnHour, +// PossibleProviderPermissionsScopeValues returns the possible values for the ProviderPermissionsScope const type. +func PossibleProviderPermissionsScopeValues() []ProviderPermissionsScope { + return []ProviderPermissionsScope{ + ProviderPermissionsScopeResourceGroup, + ProviderPermissionsScopeSubscription, + ProviderPermissionsScopeWorkspace, } } -// ProviderName - Provider name -type ProviderName string +// ProvisioningState - Describes provisioning state +type ProvisioningState string const ( - ProviderNameMicrosoftAadiamDiagnosticSettings ProviderName = "microsoft.aadiam/diagnosticSettings" - ProviderNameMicrosoftAuthorizationPolicyAssignments ProviderName = "Microsoft.Authorization/policyAssignments" - ProviderNameMicrosoftOperationalInsightsSolutions ProviderName = "Microsoft.OperationalInsights/solutions" - ProviderNameMicrosoftOperationalInsightsWorkspaces ProviderName = "Microsoft.OperationalInsights/workspaces" - ProviderNameMicrosoftOperationalInsightsWorkspacesDatasources ProviderName = "Microsoft.OperationalInsights/workspaces/datasources" - ProviderNameMicrosoftOperationalInsightsWorkspacesSharedKeys ProviderName = "Microsoft.OperationalInsights/workspaces/sharedKeys" + // ProvisioningStateCanceled - The Canceled provisioning state. + ProvisioningStateCanceled ProvisioningState = "Canceled" + // ProvisioningStateDeleting - The Deleting provisioning state. + ProvisioningStateDeleting ProvisioningState = "Deleting" + // ProvisioningStateFailed - The Failed provisioning state. + ProvisioningStateFailed ProvisioningState = "Failed" + // ProvisioningStateInProgress - The InProgress provisioning state. + ProvisioningStateInProgress ProvisioningState = "InProgress" + // ProvisioningStateNew - The New provisioning state. + ProvisioningStateNew ProvisioningState = "New" + // ProvisioningStateSucceeded - The Succeeded provisioning state. + ProvisioningStateSucceeded ProvisioningState = "Succeeded" + // ProvisioningStateUploading - The Uploading provisioning state. + ProvisioningStateUploading ProvisioningState = "Uploading" ) -// PossibleProviderNameValues returns the possible values for the ProviderName const type. -func PossibleProviderNameValues() []ProviderName { - return []ProviderName{ - ProviderNameMicrosoftAadiamDiagnosticSettings, - ProviderNameMicrosoftAuthorizationPolicyAssignments, - ProviderNameMicrosoftOperationalInsightsSolutions, - ProviderNameMicrosoftOperationalInsightsWorkspaces, - ProviderNameMicrosoftOperationalInsightsWorkspacesDatasources, - ProviderNameMicrosoftOperationalInsightsWorkspacesSharedKeys, +// PossibleProvisioningStateValues returns the possible values for the ProvisioningState const type. +func PossibleProvisioningStateValues() []ProvisioningState { + return []ProvisioningState{ + ProvisioningStateCanceled, + ProvisioningStateDeleting, + ProvisioningStateFailed, + ProvisioningStateInProgress, + ProvisioningStateNew, + ProvisioningStateSucceeded, + ProvisioningStateUploading, } } @@ -2008,67 +1688,73 @@ func PossibleRegistryValueKindValues() []RegistryValueKind { type RepoType string const ( - RepoTypeDevOps RepoType = "DevOps" - RepoTypeGithub RepoType = "Github" + RepoTypeAzureDevOps RepoType = "AzureDevOps" + RepoTypeGithub RepoType = "Github" ) // PossibleRepoTypeValues returns the possible values for the RepoType const type. func PossibleRepoTypeValues() []RepoType { return []RepoType{ - RepoTypeDevOps, + RepoTypeAzureDevOps, RepoTypeGithub, } } -// SecurityMLAnalyticsSettingsKind - The kind of security ML analytics settings -type SecurityMLAnalyticsSettingsKind string +// RepositoryAccessKind - The kind of repository access credentials +type RepositoryAccessKind string const ( - SecurityMLAnalyticsSettingsKindAnomaly SecurityMLAnalyticsSettingsKind = "Anomaly" + RepositoryAccessKindApp RepositoryAccessKind = "App" + RepositoryAccessKindOAuth RepositoryAccessKind = "OAuth" + RepositoryAccessKindPAT RepositoryAccessKind = "PAT" ) -// PossibleSecurityMLAnalyticsSettingsKindValues returns the possible values for the SecurityMLAnalyticsSettingsKind const type. -func PossibleSecurityMLAnalyticsSettingsKindValues() []SecurityMLAnalyticsSettingsKind { - return []SecurityMLAnalyticsSettingsKind{ - SecurityMLAnalyticsSettingsKindAnomaly, +// PossibleRepositoryAccessKindValues returns the possible values for the RepositoryAccessKind const type. +func PossibleRepositoryAccessKindValues() []RepositoryAccessKind { + return []RepositoryAccessKind{ + RepositoryAccessKindApp, + RepositoryAccessKindOAuth, + RepositoryAccessKindPAT, } } -// SettingKind - The kind of the setting -type SettingKind string +// RestAPIPollerRequestPagingKind - Type of paging +type RestAPIPollerRequestPagingKind string const ( - SettingKindAnomalies SettingKind = "Anomalies" - SettingKindEntityAnalytics SettingKind = "EntityAnalytics" - SettingKindEyesOn SettingKind = "EyesOn" - SettingKindUeba SettingKind = "Ueba" + RestAPIPollerRequestPagingKindCountBasedPaging RestAPIPollerRequestPagingKind = "CountBasedPaging" + RestAPIPollerRequestPagingKindLinkHeader RestAPIPollerRequestPagingKind = "LinkHeader" + RestAPIPollerRequestPagingKindNextPageToken RestAPIPollerRequestPagingKind = "NextPageToken" + RestAPIPollerRequestPagingKindNextPageURL RestAPIPollerRequestPagingKind = "NextPageUrl" + RestAPIPollerRequestPagingKindOffset RestAPIPollerRequestPagingKind = "Offset" + RestAPIPollerRequestPagingKindPersistentLinkHeader RestAPIPollerRequestPagingKind = "PersistentLinkHeader" + RestAPIPollerRequestPagingKindPersistentToken RestAPIPollerRequestPagingKind = "PersistentToken" ) -// PossibleSettingKindValues returns the possible values for the SettingKind const type. -func PossibleSettingKindValues() []SettingKind { - return []SettingKind{ - SettingKindAnomalies, - SettingKindEntityAnalytics, - SettingKindEyesOn, - SettingKindUeba, +// PossibleRestAPIPollerRequestPagingKindValues returns the possible values for the RestAPIPollerRequestPagingKind const type. +func PossibleRestAPIPollerRequestPagingKindValues() []RestAPIPollerRequestPagingKind { + return []RestAPIPollerRequestPagingKind{ + RestAPIPollerRequestPagingKindCountBasedPaging, + RestAPIPollerRequestPagingKindLinkHeader, + RestAPIPollerRequestPagingKindNextPageToken, + RestAPIPollerRequestPagingKindNextPageURL, + RestAPIPollerRequestPagingKindOffset, + RestAPIPollerRequestPagingKindPersistentLinkHeader, + RestAPIPollerRequestPagingKindPersistentToken, } } -// SettingType - The kind of the setting -type SettingType string +// SecurityMLAnalyticsSettingsKind - The kind of security ML analytics settings +type SecurityMLAnalyticsSettingsKind string const ( - SettingTypeCopyableLabel SettingType = "CopyableLabel" - SettingTypeInfoMessage SettingType = "InfoMessage" - SettingTypeInstructionStepsGroup SettingType = "InstructionStepsGroup" + SecurityMLAnalyticsSettingsKindAnomaly SecurityMLAnalyticsSettingsKind = "Anomaly" ) -// PossibleSettingTypeValues returns the possible values for the SettingType const type. -func PossibleSettingTypeValues() []SettingType { - return []SettingType{ - SettingTypeCopyableLabel, - SettingTypeInfoMessage, - SettingTypeInstructionStepsGroup, +// PossibleSecurityMLAnalyticsSettingsKindValues returns the possible values for the SecurityMLAnalyticsSettingsKind const type. +func PossibleSecurityMLAnalyticsSettingsKindValues() []SecurityMLAnalyticsSettingsKind { + return []SecurityMLAnalyticsSettingsKind{ + SecurityMLAnalyticsSettingsKindAnomaly, } } @@ -2114,7 +1800,9 @@ func PossibleSourceKindValues() []SourceKind { type SourceType string const ( - SourceTypeLocalFile SourceType = "Local file" + // SourceTypeLocalFile - The source from local file. + SourceTypeLocalFile SourceType = "Local file" + // SourceTypeRemoteStorage - The source from remote storage. SourceTypeRemoteStorage SourceType = "Remote storage" ) @@ -2126,6 +1814,22 @@ func PossibleSourceTypeValues() []SourceType { } } +// State - Status of the pull request. +type State string + +const ( + StateClosed State = "Closed" + StateOpen State = "Open" +) + +// PossibleStateValues returns the possible values for the State const type. +func PossibleStateValues() []State { + return []State{ + StateClosed, + StateOpen, + } +} + // SupportTier - Type of support for content item type SupportTier string @@ -2165,36 +1869,36 @@ func PossibleTemplateStatusValues() []TemplateStatus { } } -// ThreatIntelligenceResourceKindEnum - The kind of the threat intelligence entity -type ThreatIntelligenceResourceKindEnum string +// ThreatIntelligenceResourceInnerKind - The kind of the threat intelligence entity +type ThreatIntelligenceResourceInnerKind string const ( - // ThreatIntelligenceResourceKindEnumIndicator - Entity represents threat intelligence indicator in the system. - ThreatIntelligenceResourceKindEnumIndicator ThreatIntelligenceResourceKindEnum = "indicator" + // ThreatIntelligenceResourceInnerKindIndicator - Entity represents threat intelligence indicator in the system. + ThreatIntelligenceResourceInnerKindIndicator ThreatIntelligenceResourceInnerKind = "indicator" ) -// PossibleThreatIntelligenceResourceKindEnumValues returns the possible values for the ThreatIntelligenceResourceKindEnum const type. -func PossibleThreatIntelligenceResourceKindEnumValues() []ThreatIntelligenceResourceKindEnum { - return []ThreatIntelligenceResourceKindEnum{ - ThreatIntelligenceResourceKindEnumIndicator, +// PossibleThreatIntelligenceResourceInnerKindValues returns the possible values for the ThreatIntelligenceResourceInnerKind const type. +func PossibleThreatIntelligenceResourceInnerKindValues() []ThreatIntelligenceResourceInnerKind { + return []ThreatIntelligenceResourceInnerKind{ + ThreatIntelligenceResourceInnerKindIndicator, } } -// ThreatIntelligenceSortingCriteriaEnum - Sorting order (ascending/descending/unsorted). -type ThreatIntelligenceSortingCriteriaEnum string +// ThreatIntelligenceSortingOrder - Sorting order (ascending/descending/unsorted). +type ThreatIntelligenceSortingOrder string const ( - ThreatIntelligenceSortingCriteriaEnumAscending ThreatIntelligenceSortingCriteriaEnum = "ascending" - ThreatIntelligenceSortingCriteriaEnumDescending ThreatIntelligenceSortingCriteriaEnum = "descending" - ThreatIntelligenceSortingCriteriaEnumUnsorted ThreatIntelligenceSortingCriteriaEnum = "unsorted" + ThreatIntelligenceSortingOrderAscending ThreatIntelligenceSortingOrder = "ascending" + ThreatIntelligenceSortingOrderDescending ThreatIntelligenceSortingOrder = "descending" + ThreatIntelligenceSortingOrderUnsorted ThreatIntelligenceSortingOrder = "unsorted" ) -// PossibleThreatIntelligenceSortingCriteriaEnumValues returns the possible values for the ThreatIntelligenceSortingCriteriaEnum const type. -func PossibleThreatIntelligenceSortingCriteriaEnumValues() []ThreatIntelligenceSortingCriteriaEnum { - return []ThreatIntelligenceSortingCriteriaEnum{ - ThreatIntelligenceSortingCriteriaEnumAscending, - ThreatIntelligenceSortingCriteriaEnumDescending, - ThreatIntelligenceSortingCriteriaEnumUnsorted, +// PossibleThreatIntelligenceSortingOrderValues returns the possible values for the ThreatIntelligenceSortingOrder const type. +func PossibleThreatIntelligenceSortingOrderValues() []ThreatIntelligenceSortingOrder { + return []ThreatIntelligenceSortingOrder{ + ThreatIntelligenceSortingOrderAscending, + ThreatIntelligenceSortingOrderDescending, + ThreatIntelligenceSortingOrderUnsorted, } } @@ -2252,26 +1956,6 @@ func PossibleTriggersWhenValues() []TriggersWhen { } } -// UebaDataSources - The data source that enriched by ueba. -type UebaDataSources string - -const ( - UebaDataSourcesAuditLogs UebaDataSources = "AuditLogs" - UebaDataSourcesAzureActivity UebaDataSources = "AzureActivity" - UebaDataSourcesSecurityEvent UebaDataSources = "SecurityEvent" - UebaDataSourcesSigninLogs UebaDataSources = "SigninLogs" -) - -// PossibleUebaDataSourcesValues returns the possible values for the UebaDataSources const type. -func PossibleUebaDataSourcesValues() []UebaDataSources { - return []UebaDataSources{ - UebaDataSourcesAuditLogs, - UebaDataSourcesAzureActivity, - UebaDataSourcesSecurityEvent, - UebaDataSourcesSigninLogs, - } -} - // Version - The version of the source control. type Version string @@ -2287,3 +1971,25 @@ func PossibleVersionValues() []Version { VersionV2, } } + +// WarningCode - The type of repository. +type WarningCode string + +const ( + WarningCodeSourceControlDeletedWithWarnings WarningCode = "SourceControl_DeletedWithWarnings" + WarningCodeSourceControlWarningDeletePipelineFromAzureDevOps WarningCode = "SourceControlWarning_DeletePipelineFromAzureDevOps" + WarningCodeSourceControlWarningDeleteRoleAssignment WarningCode = "SourceControlWarning_DeleteRoleAssignment" + WarningCodeSourceControlWarningDeleteServicePrincipal WarningCode = "SourceControlWarning_DeleteServicePrincipal" + WarningCodeSourceControlWarningDeleteWorkflowAndSecretFromGitHub WarningCode = "SourceControlWarning_DeleteWorkflowAndSecretFromGitHub" +) + +// PossibleWarningCodeValues returns the possible values for the WarningCode const type. +func PossibleWarningCodeValues() []WarningCode { + return []WarningCode{ + WarningCodeSourceControlDeletedWithWarnings, + WarningCodeSourceControlWarningDeletePipelineFromAzureDevOps, + WarningCodeSourceControlWarningDeleteRoleAssignment, + WarningCodeSourceControlWarningDeleteServicePrincipal, + WarningCodeSourceControlWarningDeleteWorkflowAndSecretFromGitHub, + } +} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/contentpackage_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/contentpackage_client.go new file mode 100644 index 000000000000..3de32e35d33d --- /dev/null +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/contentpackage_client.go @@ -0,0 +1,177 @@ +//go:build go1.18 +// +build go1.18 + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See License.txt in the project root for license information. +// Code generated by Microsoft (R) AutoRest Code Generator. DO NOT EDIT. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +package armsecurityinsights + +import ( + "context" + "errors" + "github.com/Azure/azure-sdk-for-go/sdk/azcore" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/arm" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/policy" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime" + "net/http" + "net/url" + "strings" +) + +// ContentPackageClient contains the methods for the ContentPackage group. +// Don't use this type directly, use NewContentPackageClient() instead. +type ContentPackageClient struct { + internal *arm.Client + subscriptionID string +} + +// NewContentPackageClient creates a new instance of ContentPackageClient with the specified values. +// - subscriptionID - The ID of the target subscription. The value must be an UUID. +// - credential - used to authorize requests. Usually a credential from azidentity. +// - options - pass nil to accept the default values. +func NewContentPackageClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*ContentPackageClient, error) { + cl, err := arm.NewClient(moduleName, moduleVersion, credential, options) + if err != nil { + return nil, err + } + client := &ContentPackageClient{ + subscriptionID: subscriptionID, + internal: cl, + } + return client, nil +} + +// Install - Install a package to the workspace. +// If the operation fails it returns an *azcore.ResponseError type. +// +// Generated from API version 2024-09-01 +// - resourceGroupName - The name of the resource group. The name is case insensitive. +// - workspaceName - The name of the workspace. +// - packageID - package Id +// - packageInstallationProperties - Package installation properties +// - options - ContentPackageClientInstallOptions contains the optional parameters for the ContentPackageClient.Install method. +func (client *ContentPackageClient) Install(ctx context.Context, resourceGroupName string, workspaceName string, packageID string, packageInstallationProperties PackageModel, options *ContentPackageClientInstallOptions) (ContentPackageClientInstallResponse, error) { + var err error + const operationName = "ContentPackageClient.Install" + ctx = context.WithValue(ctx, runtime.CtxAPINameKey{}, operationName) + ctx, endSpan := runtime.StartSpan(ctx, operationName, client.internal.Tracer(), nil) + defer func() { endSpan(err) }() + req, err := client.installCreateRequest(ctx, resourceGroupName, workspaceName, packageID, packageInstallationProperties, options) + if err != nil { + return ContentPackageClientInstallResponse{}, err + } + httpResp, err := client.internal.Pipeline().Do(req) + if err != nil { + return ContentPackageClientInstallResponse{}, err + } + if !runtime.HasStatusCode(httpResp, http.StatusOK, http.StatusCreated) { + err = runtime.NewResponseError(httpResp) + return ContentPackageClientInstallResponse{}, err + } + resp, err := client.installHandleResponse(httpResp) + return resp, err +} + +// installCreateRequest creates the Install request. +func (client *ContentPackageClient) installCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, packageID string, packageInstallationProperties PackageModel, options *ContentPackageClientInstallOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentPackages/{packageId}" + if client.subscriptionID == "" { + return nil, errors.New("parameter client.subscriptionID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) + if resourceGroupName == "" { + return nil, errors.New("parameter resourceGroupName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) + if workspaceName == "" { + return nil, errors.New("parameter workspaceName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) + if packageID == "" { + return nil, errors.New("parameter packageID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{packageId}", url.PathEscape(packageID)) + req, err := runtime.NewRequest(ctx, http.MethodPut, runtime.JoinPaths(client.internal.Endpoint(), urlPath)) + if err != nil { + return nil, err + } + reqQP := req.Raw().URL.Query() + reqQP.Set("api-version", "2024-09-01") + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + if err := runtime.MarshalAsJSON(req, packageInstallationProperties); err != nil { + return nil, err + } + return req, nil +} + +// installHandleResponse handles the Install response. +func (client *ContentPackageClient) installHandleResponse(resp *http.Response) (ContentPackageClientInstallResponse, error) { + result := ContentPackageClientInstallResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result.PackageModel); err != nil { + return ContentPackageClientInstallResponse{}, err + } + return result, nil +} + +// Uninstall - Uninstall a package from the workspace. +// If the operation fails it returns an *azcore.ResponseError type. +// +// Generated from API version 2024-09-01 +// - resourceGroupName - The name of the resource group. The name is case insensitive. +// - workspaceName - The name of the workspace. +// - packageID - package Id +// - options - ContentPackageClientUninstallOptions contains the optional parameters for the ContentPackageClient.Uninstall +// method. +func (client *ContentPackageClient) Uninstall(ctx context.Context, resourceGroupName string, workspaceName string, packageID string, options *ContentPackageClientUninstallOptions) (ContentPackageClientUninstallResponse, error) { + var err error + const operationName = "ContentPackageClient.Uninstall" + ctx = context.WithValue(ctx, runtime.CtxAPINameKey{}, operationName) + ctx, endSpan := runtime.StartSpan(ctx, operationName, client.internal.Tracer(), nil) + defer func() { endSpan(err) }() + req, err := client.uninstallCreateRequest(ctx, resourceGroupName, workspaceName, packageID, options) + if err != nil { + return ContentPackageClientUninstallResponse{}, err + } + httpResp, err := client.internal.Pipeline().Do(req) + if err != nil { + return ContentPackageClientUninstallResponse{}, err + } + if !runtime.HasStatusCode(httpResp, http.StatusOK, http.StatusNoContent) { + err = runtime.NewResponseError(httpResp) + return ContentPackageClientUninstallResponse{}, err + } + return ContentPackageClientUninstallResponse{}, nil +} + +// uninstallCreateRequest creates the Uninstall request. +func (client *ContentPackageClient) uninstallCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, packageID string, options *ContentPackageClientUninstallOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentPackages/{packageId}" + if client.subscriptionID == "" { + return nil, errors.New("parameter client.subscriptionID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) + if resourceGroupName == "" { + return nil, errors.New("parameter resourceGroupName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) + if workspaceName == "" { + return nil, errors.New("parameter workspaceName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) + if packageID == "" { + return nil, errors.New("parameter packageID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{packageId}", url.PathEscape(packageID)) + req, err := runtime.NewRequest(ctx, http.MethodDelete, runtime.JoinPaths(client.internal.Endpoint(), urlPath)) + if err != nil { + return nil, err + } + reqQP := req.Raw().URL.Query() + reqQP.Set("api-version", "2024-09-01") + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + return req, nil +} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/entityquerytemplates_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/contentpackages_client.go similarity index 53% rename from sdk/resourcemanager/securityinsights/armsecurityinsights/entityquerytemplates_client.go rename to sdk/resourcemanager/securityinsights/armsecurityinsights/contentpackages_client.go index 7e309dbf45b1..d0ac119a9b4c 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/entityquerytemplates_client.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/contentpackages_client.go @@ -17,66 +17,66 @@ import ( "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime" "net/http" "net/url" + "strconv" "strings" ) -// EntityQueryTemplatesClient contains the methods for the EntityQueryTemplates group. -// Don't use this type directly, use NewEntityQueryTemplatesClient() instead. -type EntityQueryTemplatesClient struct { +// ContentPackagesClient contains the methods for the ContentPackages group. +// Don't use this type directly, use NewContentPackagesClient() instead. +type ContentPackagesClient struct { internal *arm.Client subscriptionID string } -// NewEntityQueryTemplatesClient creates a new instance of EntityQueryTemplatesClient with the specified values. -// - subscriptionID - The ID of the target subscription. +// NewContentPackagesClient creates a new instance of ContentPackagesClient with the specified values. +// - subscriptionID - The ID of the target subscription. The value must be an UUID. // - credential - used to authorize requests. Usually a credential from azidentity. // - options - pass nil to accept the default values. -func NewEntityQueryTemplatesClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*EntityQueryTemplatesClient, error) { +func NewContentPackagesClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*ContentPackagesClient, error) { cl, err := arm.NewClient(moduleName, moduleVersion, credential, options) if err != nil { return nil, err } - client := &EntityQueryTemplatesClient{ + client := &ContentPackagesClient{ subscriptionID: subscriptionID, internal: cl, } return client, nil } -// Get - Gets an entity query. +// Get - Gets an installed packages by its id. // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. -// - entityQueryTemplateID - entity query template ID -// - options - EntityQueryTemplatesClientGetOptions contains the optional parameters for the EntityQueryTemplatesClient.Get -// method. -func (client *EntityQueryTemplatesClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, entityQueryTemplateID string, options *EntityQueryTemplatesClientGetOptions) (EntityQueryTemplatesClientGetResponse, error) { +// - packageID - package Id +// - options - ContentPackagesClientGetOptions contains the optional parameters for the ContentPackagesClient.Get method. +func (client *ContentPackagesClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, packageID string, options *ContentPackagesClientGetOptions) (ContentPackagesClientGetResponse, error) { var err error - const operationName = "EntityQueryTemplatesClient.Get" + const operationName = "ContentPackagesClient.Get" ctx = context.WithValue(ctx, runtime.CtxAPINameKey{}, operationName) ctx, endSpan := runtime.StartSpan(ctx, operationName, client.internal.Tracer(), nil) defer func() { endSpan(err) }() - req, err := client.getCreateRequest(ctx, resourceGroupName, workspaceName, entityQueryTemplateID, options) + req, err := client.getCreateRequest(ctx, resourceGroupName, workspaceName, packageID, options) if err != nil { - return EntityQueryTemplatesClientGetResponse{}, err + return ContentPackagesClientGetResponse{}, err } httpResp, err := client.internal.Pipeline().Do(req) if err != nil { - return EntityQueryTemplatesClientGetResponse{}, err + return ContentPackagesClientGetResponse{}, err } if !runtime.HasStatusCode(httpResp, http.StatusOK) { err = runtime.NewResponseError(httpResp) - return EntityQueryTemplatesClientGetResponse{}, err + return ContentPackagesClientGetResponse{}, err } resp, err := client.getHandleResponse(httpResp) return resp, err } // getCreateRequest creates the Get request. -func (client *EntityQueryTemplatesClient) getCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, entityQueryTemplateID string, options *EntityQueryTemplatesClientGetOptions) (*policy.Request, error) { - urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueryTemplates/{entityQueryTemplateId}" +func (client *ContentPackagesClient) getCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, packageID string, options *ContentPackagesClientGetOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentPackages/{packageId}" if client.subscriptionID == "" { return nil, errors.New("parameter client.subscriptionID cannot be empty") } @@ -89,44 +89,44 @@ func (client *EntityQueryTemplatesClient) getCreateRequest(ctx context.Context, return nil, errors.New("parameter workspaceName cannot be empty") } urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) - if entityQueryTemplateID == "" { - return nil, errors.New("parameter entityQueryTemplateID cannot be empty") + if packageID == "" { + return nil, errors.New("parameter packageID cannot be empty") } - urlPath = strings.ReplaceAll(urlPath, "{entityQueryTemplateId}", url.PathEscape(entityQueryTemplateID)) + urlPath = strings.ReplaceAll(urlPath, "{packageId}", url.PathEscape(packageID)) req, err := runtime.NewRequest(ctx, http.MethodGet, runtime.JoinPaths(client.internal.Endpoint(), urlPath)) if err != nil { return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil } // getHandleResponse handles the Get response. -func (client *EntityQueryTemplatesClient) getHandleResponse(resp *http.Response) (EntityQueryTemplatesClientGetResponse, error) { - result := EntityQueryTemplatesClientGetResponse{} - if err := runtime.UnmarshalAsJSON(resp, &result); err != nil { - return EntityQueryTemplatesClientGetResponse{}, err +func (client *ContentPackagesClient) getHandleResponse(resp *http.Response) (ContentPackagesClientGetResponse, error) { + result := ContentPackagesClientGetResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result.PackageModel); err != nil { + return ContentPackagesClientGetResponse{}, err } return result, nil } -// NewListPager - Gets all entity query templates. +// NewListPager - Gets all installed packages. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. -// - options - EntityQueryTemplatesClientListOptions contains the optional parameters for the EntityQueryTemplatesClient.NewListPager +// - options - ContentPackagesClientListOptions contains the optional parameters for the ContentPackagesClient.NewListPager // method. -func (client *EntityQueryTemplatesClient) NewListPager(resourceGroupName string, workspaceName string, options *EntityQueryTemplatesClientListOptions) *runtime.Pager[EntityQueryTemplatesClientListResponse] { - return runtime.NewPager(runtime.PagingHandler[EntityQueryTemplatesClientListResponse]{ - More: func(page EntityQueryTemplatesClientListResponse) bool { +func (client *ContentPackagesClient) NewListPager(resourceGroupName string, workspaceName string, options *ContentPackagesClientListOptions) *runtime.Pager[ContentPackagesClientListResponse] { + return runtime.NewPager(runtime.PagingHandler[ContentPackagesClientListResponse]{ + More: func(page ContentPackagesClientListResponse) bool { return page.NextLink != nil && len(*page.NextLink) > 0 }, - Fetcher: func(ctx context.Context, page *EntityQueryTemplatesClientListResponse) (EntityQueryTemplatesClientListResponse, error) { - ctx = context.WithValue(ctx, runtime.CtxAPINameKey{}, "EntityQueryTemplatesClient.NewListPager") + Fetcher: func(ctx context.Context, page *ContentPackagesClientListResponse) (ContentPackagesClientListResponse, error) { + ctx = context.WithValue(ctx, runtime.CtxAPINameKey{}, "ContentPackagesClient.NewListPager") nextLink := "" if page != nil { nextLink = *page.NextLink @@ -135,7 +135,7 @@ func (client *EntityQueryTemplatesClient) NewListPager(resourceGroupName string, return client.listCreateRequest(ctx, resourceGroupName, workspaceName, options) }, nil) if err != nil { - return EntityQueryTemplatesClientListResponse{}, err + return ContentPackagesClientListResponse{}, err } return client.listHandleResponse(resp) }, @@ -144,8 +144,8 @@ func (client *EntityQueryTemplatesClient) NewListPager(resourceGroupName string, } // listCreateRequest creates the List request. -func (client *EntityQueryTemplatesClient) listCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, options *EntityQueryTemplatesClientListOptions) (*policy.Request, error) { - urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueryTemplates" +func (client *ContentPackagesClient) listCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, options *ContentPackagesClientListOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentPackages" if client.subscriptionID == "" { return nil, errors.New("parameter client.subscriptionID cannot be empty") } @@ -163,20 +163,38 @@ func (client *EntityQueryTemplatesClient) listCreateRequest(ctx context.Context, return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") - if options != nil && options.Kind != nil { - reqQP.Set("kind", string(*options.Kind)) + if options != nil && options.Count != nil { + reqQP.Set("$count", strconv.FormatBool(*options.Count)) + } + if options != nil && options.Filter != nil { + reqQP.Set("$filter", *options.Filter) + } + if options != nil && options.Orderby != nil { + reqQP.Set("$orderby", *options.Orderby) + } + if options != nil && options.Search != nil { + reqQP.Set("$search", *options.Search) + } + if options != nil && options.Skip != nil { + reqQP.Set("$skip", strconv.FormatInt(int64(*options.Skip), 10)) + } + if options != nil && options.SkipToken != nil { + reqQP.Set("$skipToken", *options.SkipToken) + } + if options != nil && options.Top != nil { + reqQP.Set("$top", strconv.FormatInt(int64(*options.Top), 10)) } + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil } // listHandleResponse handles the List response. -func (client *EntityQueryTemplatesClient) listHandleResponse(resp *http.Response) (EntityQueryTemplatesClientListResponse, error) { - result := EntityQueryTemplatesClientListResponse{} - if err := runtime.UnmarshalAsJSON(resp, &result.EntityQueryTemplateList); err != nil { - return EntityQueryTemplatesClientListResponse{}, err +func (client *ContentPackagesClient) listHandleResponse(resp *http.Response) (ContentPackagesClientListResponse, error) { + result := ContentPackagesClientListResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result.PackageList); err != nil { + return ContentPackagesClientListResponse{}, err } return result, nil } diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/contenttemplate_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/contenttemplate_client.go new file mode 100644 index 000000000000..0904dec6b118 --- /dev/null +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/contenttemplate_client.go @@ -0,0 +1,247 @@ +//go:build go1.18 +// +build go1.18 + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See License.txt in the project root for license information. +// Code generated by Microsoft (R) AutoRest Code Generator. DO NOT EDIT. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +package armsecurityinsights + +import ( + "context" + "errors" + "github.com/Azure/azure-sdk-for-go/sdk/azcore" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/arm" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/policy" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime" + "net/http" + "net/url" + "strings" +) + +// ContentTemplateClient contains the methods for the ContentTemplate group. +// Don't use this type directly, use NewContentTemplateClient() instead. +type ContentTemplateClient struct { + internal *arm.Client + subscriptionID string +} + +// NewContentTemplateClient creates a new instance of ContentTemplateClient with the specified values. +// - subscriptionID - The ID of the target subscription. The value must be an UUID. +// - credential - used to authorize requests. Usually a credential from azidentity. +// - options - pass nil to accept the default values. +func NewContentTemplateClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*ContentTemplateClient, error) { + cl, err := arm.NewClient(moduleName, moduleVersion, credential, options) + if err != nil { + return nil, err + } + client := &ContentTemplateClient{ + subscriptionID: subscriptionID, + internal: cl, + } + return client, nil +} + +// Delete - Delete an installed template. +// If the operation fails it returns an *azcore.ResponseError type. +// +// Generated from API version 2024-09-01 +// - resourceGroupName - The name of the resource group. The name is case insensitive. +// - workspaceName - The name of the workspace. +// - templateID - template Id +// - options - ContentTemplateClientDeleteOptions contains the optional parameters for the ContentTemplateClient.Delete method. +func (client *ContentTemplateClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, templateID string, options *ContentTemplateClientDeleteOptions) (ContentTemplateClientDeleteResponse, error) { + var err error + const operationName = "ContentTemplateClient.Delete" + ctx = context.WithValue(ctx, runtime.CtxAPINameKey{}, operationName) + ctx, endSpan := runtime.StartSpan(ctx, operationName, client.internal.Tracer(), nil) + defer func() { endSpan(err) }() + req, err := client.deleteCreateRequest(ctx, resourceGroupName, workspaceName, templateID, options) + if err != nil { + return ContentTemplateClientDeleteResponse{}, err + } + httpResp, err := client.internal.Pipeline().Do(req) + if err != nil { + return ContentTemplateClientDeleteResponse{}, err + } + if !runtime.HasStatusCode(httpResp, http.StatusOK, http.StatusNoContent) { + err = runtime.NewResponseError(httpResp) + return ContentTemplateClientDeleteResponse{}, err + } + return ContentTemplateClientDeleteResponse{}, nil +} + +// deleteCreateRequest creates the Delete request. +func (client *ContentTemplateClient) deleteCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, templateID string, options *ContentTemplateClientDeleteOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentTemplates/{templateId}" + if client.subscriptionID == "" { + return nil, errors.New("parameter client.subscriptionID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) + if resourceGroupName == "" { + return nil, errors.New("parameter resourceGroupName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) + if workspaceName == "" { + return nil, errors.New("parameter workspaceName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) + if templateID == "" { + return nil, errors.New("parameter templateID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{templateId}", url.PathEscape(templateID)) + req, err := runtime.NewRequest(ctx, http.MethodDelete, runtime.JoinPaths(client.internal.Endpoint(), urlPath)) + if err != nil { + return nil, err + } + reqQP := req.Raw().URL.Query() + reqQP.Set("api-version", "2024-09-01") + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + return req, nil +} + +// Get - Gets a template byt its identifier. Expandable properties: +// * properties/mainTemplate +// * properties/dependantTemplates +// If the operation fails it returns an *azcore.ResponseError type. +// +// Generated from API version 2024-09-01 +// - resourceGroupName - The name of the resource group. The name is case insensitive. +// - workspaceName - The name of the workspace. +// - templateID - template Id +// - options - ContentTemplateClientGetOptions contains the optional parameters for the ContentTemplateClient.Get method. +func (client *ContentTemplateClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, templateID string, options *ContentTemplateClientGetOptions) (ContentTemplateClientGetResponse, error) { + var err error + const operationName = "ContentTemplateClient.Get" + ctx = context.WithValue(ctx, runtime.CtxAPINameKey{}, operationName) + ctx, endSpan := runtime.StartSpan(ctx, operationName, client.internal.Tracer(), nil) + defer func() { endSpan(err) }() + req, err := client.getCreateRequest(ctx, resourceGroupName, workspaceName, templateID, options) + if err != nil { + return ContentTemplateClientGetResponse{}, err + } + httpResp, err := client.internal.Pipeline().Do(req) + if err != nil { + return ContentTemplateClientGetResponse{}, err + } + if !runtime.HasStatusCode(httpResp, http.StatusOK) { + err = runtime.NewResponseError(httpResp) + return ContentTemplateClientGetResponse{}, err + } + resp, err := client.getHandleResponse(httpResp) + return resp, err +} + +// getCreateRequest creates the Get request. +func (client *ContentTemplateClient) getCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, templateID string, options *ContentTemplateClientGetOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentTemplates/{templateId}" + if client.subscriptionID == "" { + return nil, errors.New("parameter client.subscriptionID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) + if resourceGroupName == "" { + return nil, errors.New("parameter resourceGroupName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) + if workspaceName == "" { + return nil, errors.New("parameter workspaceName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) + if templateID == "" { + return nil, errors.New("parameter templateID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{templateId}", url.PathEscape(templateID)) + req, err := runtime.NewRequest(ctx, http.MethodGet, runtime.JoinPaths(client.internal.Endpoint(), urlPath)) + if err != nil { + return nil, err + } + reqQP := req.Raw().URL.Query() + reqQP.Set("api-version", "2024-09-01") + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + return req, nil +} + +// getHandleResponse handles the Get response. +func (client *ContentTemplateClient) getHandleResponse(resp *http.Response) (ContentTemplateClientGetResponse, error) { + result := ContentTemplateClientGetResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result.TemplateModel); err != nil { + return ContentTemplateClientGetResponse{}, err + } + return result, nil +} + +// Install - Install a template. +// If the operation fails it returns an *azcore.ResponseError type. +// +// Generated from API version 2024-09-01 +// - resourceGroupName - The name of the resource group. The name is case insensitive. +// - workspaceName - The name of the workspace. +// - templateID - template Id +// - templateInstallationProperties - Template installation properties +// - options - ContentTemplateClientInstallOptions contains the optional parameters for the ContentTemplateClient.Install method. +func (client *ContentTemplateClient) Install(ctx context.Context, resourceGroupName string, workspaceName string, templateID string, templateInstallationProperties TemplateModel, options *ContentTemplateClientInstallOptions) (ContentTemplateClientInstallResponse, error) { + var err error + const operationName = "ContentTemplateClient.Install" + ctx = context.WithValue(ctx, runtime.CtxAPINameKey{}, operationName) + ctx, endSpan := runtime.StartSpan(ctx, operationName, client.internal.Tracer(), nil) + defer func() { endSpan(err) }() + req, err := client.installCreateRequest(ctx, resourceGroupName, workspaceName, templateID, templateInstallationProperties, options) + if err != nil { + return ContentTemplateClientInstallResponse{}, err + } + httpResp, err := client.internal.Pipeline().Do(req) + if err != nil { + return ContentTemplateClientInstallResponse{}, err + } + if !runtime.HasStatusCode(httpResp, http.StatusOK, http.StatusCreated) { + err = runtime.NewResponseError(httpResp) + return ContentTemplateClientInstallResponse{}, err + } + resp, err := client.installHandleResponse(httpResp) + return resp, err +} + +// installCreateRequest creates the Install request. +func (client *ContentTemplateClient) installCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, templateID string, templateInstallationProperties TemplateModel, options *ContentTemplateClientInstallOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentTemplates/{templateId}" + if client.subscriptionID == "" { + return nil, errors.New("parameter client.subscriptionID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) + if resourceGroupName == "" { + return nil, errors.New("parameter resourceGroupName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) + if workspaceName == "" { + return nil, errors.New("parameter workspaceName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) + if templateID == "" { + return nil, errors.New("parameter templateID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{templateId}", url.PathEscape(templateID)) + req, err := runtime.NewRequest(ctx, http.MethodPut, runtime.JoinPaths(client.internal.Endpoint(), urlPath)) + if err != nil { + return nil, err + } + reqQP := req.Raw().URL.Query() + reqQP.Set("api-version", "2024-09-01") + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + if err := runtime.MarshalAsJSON(req, templateInstallationProperties); err != nil { + return nil, err + } + return req, nil +} + +// installHandleResponse handles the Install response. +func (client *ContentTemplateClient) installHandleResponse(resp *http.Response) (ContentTemplateClientInstallResponse, error) { + result := ContentTemplateClientInstallResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result.TemplateModel); err != nil { + return ContentTemplateClientInstallResponse{}, err + } + return result, nil +} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/contenttemplates_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/contenttemplates_client.go new file mode 100644 index 000000000000..9cde17c218a7 --- /dev/null +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/contenttemplates_client.go @@ -0,0 +1,136 @@ +//go:build go1.18 +// +build go1.18 + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See License.txt in the project root for license information. +// Code generated by Microsoft (R) AutoRest Code Generator. DO NOT EDIT. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +package armsecurityinsights + +import ( + "context" + "errors" + "github.com/Azure/azure-sdk-for-go/sdk/azcore" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/arm" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/policy" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime" + "net/http" + "net/url" + "strconv" + "strings" +) + +// ContentTemplatesClient contains the methods for the ContentTemplates group. +// Don't use this type directly, use NewContentTemplatesClient() instead. +type ContentTemplatesClient struct { + internal *arm.Client + subscriptionID string +} + +// NewContentTemplatesClient creates a new instance of ContentTemplatesClient with the specified values. +// - subscriptionID - The ID of the target subscription. The value must be an UUID. +// - credential - used to authorize requests. Usually a credential from azidentity. +// - options - pass nil to accept the default values. +func NewContentTemplatesClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*ContentTemplatesClient, error) { + cl, err := arm.NewClient(moduleName, moduleVersion, credential, options) + if err != nil { + return nil, err + } + client := &ContentTemplatesClient{ + subscriptionID: subscriptionID, + internal: cl, + } + return client, nil +} + +// NewListPager - Gets all installed templates. Expandable properties: +// * properties/mainTemplate +// * properties/dependantTemplates +// +// Generated from API version 2024-09-01 +// - resourceGroupName - The name of the resource group. The name is case insensitive. +// - workspaceName - The name of the workspace. +// - options - ContentTemplatesClientListOptions contains the optional parameters for the ContentTemplatesClient.NewListPager +// method. +func (client *ContentTemplatesClient) NewListPager(resourceGroupName string, workspaceName string, options *ContentTemplatesClientListOptions) *runtime.Pager[ContentTemplatesClientListResponse] { + return runtime.NewPager(runtime.PagingHandler[ContentTemplatesClientListResponse]{ + More: func(page ContentTemplatesClientListResponse) bool { + return page.NextLink != nil && len(*page.NextLink) > 0 + }, + Fetcher: func(ctx context.Context, page *ContentTemplatesClientListResponse) (ContentTemplatesClientListResponse, error) { + ctx = context.WithValue(ctx, runtime.CtxAPINameKey{}, "ContentTemplatesClient.NewListPager") + nextLink := "" + if page != nil { + nextLink = *page.NextLink + } + resp, err := runtime.FetcherForNextLink(ctx, client.internal.Pipeline(), nextLink, func(ctx context.Context) (*policy.Request, error) { + return client.listCreateRequest(ctx, resourceGroupName, workspaceName, options) + }, nil) + if err != nil { + return ContentTemplatesClientListResponse{}, err + } + return client.listHandleResponse(resp) + }, + Tracer: client.internal.Tracer(), + }) +} + +// listCreateRequest creates the List request. +func (client *ContentTemplatesClient) listCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, options *ContentTemplatesClientListOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentTemplates" + if client.subscriptionID == "" { + return nil, errors.New("parameter client.subscriptionID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) + if resourceGroupName == "" { + return nil, errors.New("parameter resourceGroupName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) + if workspaceName == "" { + return nil, errors.New("parameter workspaceName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) + req, err := runtime.NewRequest(ctx, http.MethodGet, runtime.JoinPaths(client.internal.Endpoint(), urlPath)) + if err != nil { + return nil, err + } + reqQP := req.Raw().URL.Query() + if options != nil && options.Count != nil { + reqQP.Set("$count", strconv.FormatBool(*options.Count)) + } + if options != nil && options.Expand != nil { + reqQP.Set("$expand", *options.Expand) + } + if options != nil && options.Filter != nil { + reqQP.Set("$filter", *options.Filter) + } + if options != nil && options.Orderby != nil { + reqQP.Set("$orderby", *options.Orderby) + } + if options != nil && options.Search != nil { + reqQP.Set("$search", *options.Search) + } + if options != nil && options.Skip != nil { + reqQP.Set("$skip", strconv.FormatInt(int64(*options.Skip), 10)) + } + if options != nil && options.SkipToken != nil { + reqQP.Set("$skipToken", *options.SkipToken) + } + if options != nil && options.Top != nil { + reqQP.Set("$top", strconv.FormatInt(int64(*options.Top), 10)) + } + reqQP.Set("api-version", "2024-09-01") + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + return req, nil +} + +// listHandleResponse handles the List response. +func (client *ContentTemplatesClient) listHandleResponse(resp *http.Response) (ContentTemplatesClientListResponse, error) { + result := ContentTemplatesClientListResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result.TemplateList); err != nil { + return ContentTemplatesClientListResponse{}, err + } + return result, nil +} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/bookmarkrelations_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/dataconnectordefinitions_client.go similarity index 50% rename from sdk/resourcemanager/securityinsights/armsecurityinsights/bookmarkrelations_client.go rename to sdk/resourcemanager/securityinsights/armsecurityinsights/dataconnectordefinitions_client.go index 92c37d971da4..122ad5064a75 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/bookmarkrelations_client.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/dataconnectordefinitions_client.go @@ -17,69 +17,67 @@ import ( "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime" "net/http" "net/url" - "strconv" "strings" ) -// BookmarkRelationsClient contains the methods for the BookmarkRelations group. -// Don't use this type directly, use NewBookmarkRelationsClient() instead. -type BookmarkRelationsClient struct { +// DataConnectorDefinitionsClient contains the methods for the DataConnectorDefinitions group. +// Don't use this type directly, use NewDataConnectorDefinitionsClient() instead. +type DataConnectorDefinitionsClient struct { internal *arm.Client subscriptionID string } -// NewBookmarkRelationsClient creates a new instance of BookmarkRelationsClient with the specified values. -// - subscriptionID - The ID of the target subscription. +// NewDataConnectorDefinitionsClient creates a new instance of DataConnectorDefinitionsClient with the specified values. +// - subscriptionID - The ID of the target subscription. The value must be an UUID. // - credential - used to authorize requests. Usually a credential from azidentity. // - options - pass nil to accept the default values. -func NewBookmarkRelationsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*BookmarkRelationsClient, error) { +func NewDataConnectorDefinitionsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*DataConnectorDefinitionsClient, error) { cl, err := arm.NewClient(moduleName, moduleVersion, credential, options) if err != nil { return nil, err } - client := &BookmarkRelationsClient{ + client := &DataConnectorDefinitionsClient{ subscriptionID: subscriptionID, internal: cl, } return client, nil } -// CreateOrUpdate - Creates the bookmark relation. +// CreateOrUpdate - Creates or updates the data connector definition. // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. -// - bookmarkID - Bookmark ID -// - relationName - Relation Name -// - relation - The relation model -// - options - BookmarkRelationsClientCreateOrUpdateOptions contains the optional parameters for the BookmarkRelationsClient.CreateOrUpdate +// - dataConnectorDefinitionName - The data connector definition name. +// - connectorDefinitionInput - The data connector definition +// - options - DataConnectorDefinitionsClientCreateOrUpdateOptions contains the optional parameters for the DataConnectorDefinitionsClient.CreateOrUpdate // method. -func (client *BookmarkRelationsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string, relationName string, relation Relation, options *BookmarkRelationsClientCreateOrUpdateOptions) (BookmarkRelationsClientCreateOrUpdateResponse, error) { +func (client *DataConnectorDefinitionsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorDefinitionName string, connectorDefinitionInput DataConnectorDefinitionClassification, options *DataConnectorDefinitionsClientCreateOrUpdateOptions) (DataConnectorDefinitionsClientCreateOrUpdateResponse, error) { var err error - const operationName = "BookmarkRelationsClient.CreateOrUpdate" + const operationName = "DataConnectorDefinitionsClient.CreateOrUpdate" ctx = context.WithValue(ctx, runtime.CtxAPINameKey{}, operationName) ctx, endSpan := runtime.StartSpan(ctx, operationName, client.internal.Tracer(), nil) defer func() { endSpan(err) }() - req, err := client.createOrUpdateCreateRequest(ctx, resourceGroupName, workspaceName, bookmarkID, relationName, relation, options) + req, err := client.createOrUpdateCreateRequest(ctx, resourceGroupName, workspaceName, dataConnectorDefinitionName, connectorDefinitionInput, options) if err != nil { - return BookmarkRelationsClientCreateOrUpdateResponse{}, err + return DataConnectorDefinitionsClientCreateOrUpdateResponse{}, err } httpResp, err := client.internal.Pipeline().Do(req) if err != nil { - return BookmarkRelationsClientCreateOrUpdateResponse{}, err + return DataConnectorDefinitionsClientCreateOrUpdateResponse{}, err } if !runtime.HasStatusCode(httpResp, http.StatusOK, http.StatusCreated) { err = runtime.NewResponseError(httpResp) - return BookmarkRelationsClientCreateOrUpdateResponse{}, err + return DataConnectorDefinitionsClientCreateOrUpdateResponse{}, err } resp, err := client.createOrUpdateHandleResponse(httpResp) return resp, err } // createOrUpdateCreateRequest creates the CreateOrUpdate request. -func (client *BookmarkRelationsClient) createOrUpdateCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string, relationName string, relation Relation, options *BookmarkRelationsClientCreateOrUpdateOptions) (*policy.Request, error) { - urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations/{relationName}" +func (client *DataConnectorDefinitionsClient) createOrUpdateCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorDefinitionName string, connectorDefinitionInput DataConnectorDefinitionClassification, options *DataConnectorDefinitionsClientCreateOrUpdateOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorDefinitions/{dataConnectorDefinitionName}" if client.subscriptionID == "" { return nil, errors.New("parameter client.subscriptionID cannot be empty") } @@ -92,71 +90,66 @@ func (client *BookmarkRelationsClient) createOrUpdateCreateRequest(ctx context.C return nil, errors.New("parameter workspaceName cannot be empty") } urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) - if bookmarkID == "" { - return nil, errors.New("parameter bookmarkID cannot be empty") + if dataConnectorDefinitionName == "" { + return nil, errors.New("parameter dataConnectorDefinitionName cannot be empty") } - urlPath = strings.ReplaceAll(urlPath, "{bookmarkId}", url.PathEscape(bookmarkID)) - if relationName == "" { - return nil, errors.New("parameter relationName cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{relationName}", url.PathEscape(relationName)) + urlPath = strings.ReplaceAll(urlPath, "{dataConnectorDefinitionName}", url.PathEscape(dataConnectorDefinitionName)) req, err := runtime.NewRequest(ctx, http.MethodPut, runtime.JoinPaths(client.internal.Endpoint(), urlPath)) if err != nil { return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} - if err := runtime.MarshalAsJSON(req, relation); err != nil { + if err := runtime.MarshalAsJSON(req, connectorDefinitionInput); err != nil { return nil, err } return req, nil } // createOrUpdateHandleResponse handles the CreateOrUpdate response. -func (client *BookmarkRelationsClient) createOrUpdateHandleResponse(resp *http.Response) (BookmarkRelationsClientCreateOrUpdateResponse, error) { - result := BookmarkRelationsClientCreateOrUpdateResponse{} - if err := runtime.UnmarshalAsJSON(resp, &result.Relation); err != nil { - return BookmarkRelationsClientCreateOrUpdateResponse{}, err +func (client *DataConnectorDefinitionsClient) createOrUpdateHandleResponse(resp *http.Response) (DataConnectorDefinitionsClientCreateOrUpdateResponse, error) { + result := DataConnectorDefinitionsClientCreateOrUpdateResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result); err != nil { + return DataConnectorDefinitionsClientCreateOrUpdateResponse{}, err } return result, nil } -// Delete - Delete the bookmark relation. +// Delete - Delete the data connector definition. // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. -// - bookmarkID - Bookmark ID -// - relationName - Relation Name -// - options - BookmarkRelationsClientDeleteOptions contains the optional parameters for the BookmarkRelationsClient.Delete +// - dataConnectorDefinitionName - The data connector definition name. +// - options - DataConnectorDefinitionsClientDeleteOptions contains the optional parameters for the DataConnectorDefinitionsClient.Delete // method. -func (client *BookmarkRelationsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string, relationName string, options *BookmarkRelationsClientDeleteOptions) (BookmarkRelationsClientDeleteResponse, error) { +func (client *DataConnectorDefinitionsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorDefinitionName string, options *DataConnectorDefinitionsClientDeleteOptions) (DataConnectorDefinitionsClientDeleteResponse, error) { var err error - const operationName = "BookmarkRelationsClient.Delete" + const operationName = "DataConnectorDefinitionsClient.Delete" ctx = context.WithValue(ctx, runtime.CtxAPINameKey{}, operationName) ctx, endSpan := runtime.StartSpan(ctx, operationName, client.internal.Tracer(), nil) defer func() { endSpan(err) }() - req, err := client.deleteCreateRequest(ctx, resourceGroupName, workspaceName, bookmarkID, relationName, options) + req, err := client.deleteCreateRequest(ctx, resourceGroupName, workspaceName, dataConnectorDefinitionName, options) if err != nil { - return BookmarkRelationsClientDeleteResponse{}, err + return DataConnectorDefinitionsClientDeleteResponse{}, err } httpResp, err := client.internal.Pipeline().Do(req) if err != nil { - return BookmarkRelationsClientDeleteResponse{}, err + return DataConnectorDefinitionsClientDeleteResponse{}, err } if !runtime.HasStatusCode(httpResp, http.StatusOK, http.StatusNoContent) { err = runtime.NewResponseError(httpResp) - return BookmarkRelationsClientDeleteResponse{}, err + return DataConnectorDefinitionsClientDeleteResponse{}, err } - return BookmarkRelationsClientDeleteResponse{}, nil + return DataConnectorDefinitionsClientDeleteResponse{}, nil } // deleteCreateRequest creates the Delete request. -func (client *BookmarkRelationsClient) deleteCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string, relationName string, options *BookmarkRelationsClientDeleteOptions) (*policy.Request, error) { - urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations/{relationName}" +func (client *DataConnectorDefinitionsClient) deleteCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorDefinitionName string, options *DataConnectorDefinitionsClientDeleteOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorDefinitions/{dataConnectorDefinitionName}" if client.subscriptionID == "" { return nil, errors.New("parameter client.subscriptionID cannot be empty") } @@ -169,59 +162,55 @@ func (client *BookmarkRelationsClient) deleteCreateRequest(ctx context.Context, return nil, errors.New("parameter workspaceName cannot be empty") } urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) - if bookmarkID == "" { - return nil, errors.New("parameter bookmarkID cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{bookmarkId}", url.PathEscape(bookmarkID)) - if relationName == "" { - return nil, errors.New("parameter relationName cannot be empty") + if dataConnectorDefinitionName == "" { + return nil, errors.New("parameter dataConnectorDefinitionName cannot be empty") } - urlPath = strings.ReplaceAll(urlPath, "{relationName}", url.PathEscape(relationName)) + urlPath = strings.ReplaceAll(urlPath, "{dataConnectorDefinitionName}", url.PathEscape(dataConnectorDefinitionName)) req, err := runtime.NewRequest(ctx, http.MethodDelete, runtime.JoinPaths(client.internal.Endpoint(), urlPath)) if err != nil { return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil } -// Get - Gets a bookmark relation. +// Get - Gets a data connector definition. // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. -// - bookmarkID - Bookmark ID -// - relationName - Relation Name -// - options - BookmarkRelationsClientGetOptions contains the optional parameters for the BookmarkRelationsClient.Get method. -func (client *BookmarkRelationsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string, relationName string, options *BookmarkRelationsClientGetOptions) (BookmarkRelationsClientGetResponse, error) { +// - dataConnectorDefinitionName - The data connector definition name. +// - options - DataConnectorDefinitionsClientGetOptions contains the optional parameters for the DataConnectorDefinitionsClient.Get +// method. +func (client *DataConnectorDefinitionsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorDefinitionName string, options *DataConnectorDefinitionsClientGetOptions) (DataConnectorDefinitionsClientGetResponse, error) { var err error - const operationName = "BookmarkRelationsClient.Get" + const operationName = "DataConnectorDefinitionsClient.Get" ctx = context.WithValue(ctx, runtime.CtxAPINameKey{}, operationName) ctx, endSpan := runtime.StartSpan(ctx, operationName, client.internal.Tracer(), nil) defer func() { endSpan(err) }() - req, err := client.getCreateRequest(ctx, resourceGroupName, workspaceName, bookmarkID, relationName, options) + req, err := client.getCreateRequest(ctx, resourceGroupName, workspaceName, dataConnectorDefinitionName, options) if err != nil { - return BookmarkRelationsClientGetResponse{}, err + return DataConnectorDefinitionsClientGetResponse{}, err } httpResp, err := client.internal.Pipeline().Do(req) if err != nil { - return BookmarkRelationsClientGetResponse{}, err + return DataConnectorDefinitionsClientGetResponse{}, err } if !runtime.HasStatusCode(httpResp, http.StatusOK) { err = runtime.NewResponseError(httpResp) - return BookmarkRelationsClientGetResponse{}, err + return DataConnectorDefinitionsClientGetResponse{}, err } resp, err := client.getHandleResponse(httpResp) return resp, err } // getCreateRequest creates the Get request. -func (client *BookmarkRelationsClient) getCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string, relationName string, options *BookmarkRelationsClientGetOptions) (*policy.Request, error) { - urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations/{relationName}" +func (client *DataConnectorDefinitionsClient) getCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorDefinitionName string, options *DataConnectorDefinitionsClientGetOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorDefinitions/{dataConnectorDefinitionName}" if client.subscriptionID == "" { return nil, errors.New("parameter client.subscriptionID cannot be empty") } @@ -234,58 +223,53 @@ func (client *BookmarkRelationsClient) getCreateRequest(ctx context.Context, res return nil, errors.New("parameter workspaceName cannot be empty") } urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) - if bookmarkID == "" { - return nil, errors.New("parameter bookmarkID cannot be empty") + if dataConnectorDefinitionName == "" { + return nil, errors.New("parameter dataConnectorDefinitionName cannot be empty") } - urlPath = strings.ReplaceAll(urlPath, "{bookmarkId}", url.PathEscape(bookmarkID)) - if relationName == "" { - return nil, errors.New("parameter relationName cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{relationName}", url.PathEscape(relationName)) + urlPath = strings.ReplaceAll(urlPath, "{dataConnectorDefinitionName}", url.PathEscape(dataConnectorDefinitionName)) req, err := runtime.NewRequest(ctx, http.MethodGet, runtime.JoinPaths(client.internal.Endpoint(), urlPath)) if err != nil { return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil } // getHandleResponse handles the Get response. -func (client *BookmarkRelationsClient) getHandleResponse(resp *http.Response) (BookmarkRelationsClientGetResponse, error) { - result := BookmarkRelationsClientGetResponse{} - if err := runtime.UnmarshalAsJSON(resp, &result.Relation); err != nil { - return BookmarkRelationsClientGetResponse{}, err +func (client *DataConnectorDefinitionsClient) getHandleResponse(resp *http.Response) (DataConnectorDefinitionsClientGetResponse, error) { + result := DataConnectorDefinitionsClientGetResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result); err != nil { + return DataConnectorDefinitionsClientGetResponse{}, err } return result, nil } -// NewListPager - Gets all bookmark relations. +// NewListPager - Gets all data connector definitions. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. -// - bookmarkID - Bookmark ID -// - options - BookmarkRelationsClientListOptions contains the optional parameters for the BookmarkRelationsClient.NewListPager +// - options - DataConnectorDefinitionsClientListOptions contains the optional parameters for the DataConnectorDefinitionsClient.NewListPager // method. -func (client *BookmarkRelationsClient) NewListPager(resourceGroupName string, workspaceName string, bookmarkID string, options *BookmarkRelationsClientListOptions) *runtime.Pager[BookmarkRelationsClientListResponse] { - return runtime.NewPager(runtime.PagingHandler[BookmarkRelationsClientListResponse]{ - More: func(page BookmarkRelationsClientListResponse) bool { +func (client *DataConnectorDefinitionsClient) NewListPager(resourceGroupName string, workspaceName string, options *DataConnectorDefinitionsClientListOptions) *runtime.Pager[DataConnectorDefinitionsClientListResponse] { + return runtime.NewPager(runtime.PagingHandler[DataConnectorDefinitionsClientListResponse]{ + More: func(page DataConnectorDefinitionsClientListResponse) bool { return page.NextLink != nil && len(*page.NextLink) > 0 }, - Fetcher: func(ctx context.Context, page *BookmarkRelationsClientListResponse) (BookmarkRelationsClientListResponse, error) { - ctx = context.WithValue(ctx, runtime.CtxAPINameKey{}, "BookmarkRelationsClient.NewListPager") + Fetcher: func(ctx context.Context, page *DataConnectorDefinitionsClientListResponse) (DataConnectorDefinitionsClientListResponse, error) { + ctx = context.WithValue(ctx, runtime.CtxAPINameKey{}, "DataConnectorDefinitionsClient.NewListPager") nextLink := "" if page != nil { nextLink = *page.NextLink } resp, err := runtime.FetcherForNextLink(ctx, client.internal.Pipeline(), nextLink, func(ctx context.Context) (*policy.Request, error) { - return client.listCreateRequest(ctx, resourceGroupName, workspaceName, bookmarkID, options) + return client.listCreateRequest(ctx, resourceGroupName, workspaceName, options) }, nil) if err != nil { - return BookmarkRelationsClientListResponse{}, err + return DataConnectorDefinitionsClientListResponse{}, err } return client.listHandleResponse(resp) }, @@ -294,8 +278,8 @@ func (client *BookmarkRelationsClient) NewListPager(resourceGroupName string, wo } // listCreateRequest creates the List request. -func (client *BookmarkRelationsClient) listCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string, options *BookmarkRelationsClientListOptions) (*policy.Request, error) { - urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations" +func (client *DataConnectorDefinitionsClient) listCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, options *DataConnectorDefinitionsClientListOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorDefinitions" if client.subscriptionID == "" { return nil, errors.New("parameter client.subscriptionID cannot be empty") } @@ -308,38 +292,22 @@ func (client *BookmarkRelationsClient) listCreateRequest(ctx context.Context, re return nil, errors.New("parameter workspaceName cannot be empty") } urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) - if bookmarkID == "" { - return nil, errors.New("parameter bookmarkID cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{bookmarkId}", url.PathEscape(bookmarkID)) req, err := runtime.NewRequest(ctx, http.MethodGet, runtime.JoinPaths(client.internal.Endpoint(), urlPath)) if err != nil { return nil, err } reqQP := req.Raw().URL.Query() - if options != nil && options.Filter != nil { - reqQP.Set("$filter", *options.Filter) - } - if options != nil && options.Orderby != nil { - reqQP.Set("$orderby", *options.Orderby) - } - if options != nil && options.SkipToken != nil { - reqQP.Set("$skipToken", *options.SkipToken) - } - if options != nil && options.Top != nil { - reqQP.Set("$top", strconv.FormatInt(int64(*options.Top), 10)) - } - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil } // listHandleResponse handles the List response. -func (client *BookmarkRelationsClient) listHandleResponse(resp *http.Response) (BookmarkRelationsClientListResponse, error) { - result := BookmarkRelationsClientListResponse{} - if err := runtime.UnmarshalAsJSON(resp, &result.RelationList); err != nil { - return BookmarkRelationsClientListResponse{}, err +func (client *DataConnectorDefinitionsClient) listHandleResponse(resp *http.Response) (DataConnectorDefinitionsClientListResponse, error) { + result := DataConnectorDefinitionsClientListResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result.DataConnectorDefinitionArmCollectionWrapper); err != nil { + return DataConnectorDefinitionsClientListResponse{}, err } return result, nil } diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/dataconnectors_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/dataconnectors_client.go index 6c168df337bd..489af795e6c6 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/dataconnectors_client.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/dataconnectors_client.go @@ -28,7 +28,7 @@ type DataConnectorsClient struct { } // NewDataConnectorsClient creates a new instance of DataConnectorsClient with the specified values. -// - subscriptionID - The ID of the target subscription. +// - subscriptionID - The ID of the target subscription. The value must be an UUID. // - credential - used to authorize requests. Usually a credential from azidentity. // - options - pass nil to accept the default values. func NewDataConnectorsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*DataConnectorsClient, error) { @@ -43,73 +43,10 @@ func NewDataConnectorsClient(subscriptionID string, credential azcore.TokenCrede return client, nil } -// Connect - Connects a data connector. -// If the operation fails it returns an *azcore.ResponseError type. -// -// Generated from API version 2022-09-01-preview -// - resourceGroupName - The name of the resource group. The name is case insensitive. -// - workspaceName - The name of the workspace. -// - dataConnectorID - Connector ID -// - connectBody - The data connector -// - options - DataConnectorsClientConnectOptions contains the optional parameters for the DataConnectorsClient.Connect method. -func (client *DataConnectorsClient) Connect(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorID string, connectBody DataConnectorConnectBody, options *DataConnectorsClientConnectOptions) (DataConnectorsClientConnectResponse, error) { - var err error - const operationName = "DataConnectorsClient.Connect" - ctx = context.WithValue(ctx, runtime.CtxAPINameKey{}, operationName) - ctx, endSpan := runtime.StartSpan(ctx, operationName, client.internal.Tracer(), nil) - defer func() { endSpan(err) }() - req, err := client.connectCreateRequest(ctx, resourceGroupName, workspaceName, dataConnectorID, connectBody, options) - if err != nil { - return DataConnectorsClientConnectResponse{}, err - } - httpResp, err := client.internal.Pipeline().Do(req) - if err != nil { - return DataConnectorsClientConnectResponse{}, err - } - if !runtime.HasStatusCode(httpResp, http.StatusOK) { - err = runtime.NewResponseError(httpResp) - return DataConnectorsClientConnectResponse{}, err - } - return DataConnectorsClientConnectResponse{}, nil -} - -// connectCreateRequest creates the Connect request. -func (client *DataConnectorsClient) connectCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorID string, connectBody DataConnectorConnectBody, options *DataConnectorsClientConnectOptions) (*policy.Request, error) { - urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}/connect" - if client.subscriptionID == "" { - return nil, errors.New("parameter client.subscriptionID cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) - if resourceGroupName == "" { - return nil, errors.New("parameter resourceGroupName cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) - if workspaceName == "" { - return nil, errors.New("parameter workspaceName cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) - if dataConnectorID == "" { - return nil, errors.New("parameter dataConnectorID cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{dataConnectorId}", url.PathEscape(dataConnectorID)) - req, err := runtime.NewRequest(ctx, http.MethodPost, runtime.JoinPaths(client.internal.Endpoint(), urlPath)) - if err != nil { - return nil, err - } - reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") - req.Raw().URL.RawQuery = reqQP.Encode() - req.Raw().Header["Accept"] = []string{"application/json"} - if err := runtime.MarshalAsJSON(req, connectBody); err != nil { - return nil, err - } - return req, nil -} - // CreateOrUpdate - Creates or updates the data connector. // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. // - dataConnectorID - Connector ID @@ -162,7 +99,7 @@ func (client *DataConnectorsClient) createOrUpdateCreateRequest(ctx context.Cont return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} if err := runtime.MarshalAsJSON(req, dataConnector); err != nil { @@ -183,7 +120,7 @@ func (client *DataConnectorsClient) createOrUpdateHandleResponse(resp *http.Resp // Delete - Delete the data connector. // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. // - dataConnectorID - Connector ID @@ -233,67 +170,7 @@ func (client *DataConnectorsClient) deleteCreateRequest(ctx context.Context, res return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") - req.Raw().URL.RawQuery = reqQP.Encode() - req.Raw().Header["Accept"] = []string{"application/json"} - return req, nil -} - -// Disconnect - Disconnect a data connector. -// If the operation fails it returns an *azcore.ResponseError type. -// -// Generated from API version 2022-09-01-preview -// - resourceGroupName - The name of the resource group. The name is case insensitive. -// - workspaceName - The name of the workspace. -// - dataConnectorID - Connector ID -// - options - DataConnectorsClientDisconnectOptions contains the optional parameters for the DataConnectorsClient.Disconnect -// method. -func (client *DataConnectorsClient) Disconnect(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorID string, options *DataConnectorsClientDisconnectOptions) (DataConnectorsClientDisconnectResponse, error) { - var err error - const operationName = "DataConnectorsClient.Disconnect" - ctx = context.WithValue(ctx, runtime.CtxAPINameKey{}, operationName) - ctx, endSpan := runtime.StartSpan(ctx, operationName, client.internal.Tracer(), nil) - defer func() { endSpan(err) }() - req, err := client.disconnectCreateRequest(ctx, resourceGroupName, workspaceName, dataConnectorID, options) - if err != nil { - return DataConnectorsClientDisconnectResponse{}, err - } - httpResp, err := client.internal.Pipeline().Do(req) - if err != nil { - return DataConnectorsClientDisconnectResponse{}, err - } - if !runtime.HasStatusCode(httpResp, http.StatusOK) { - err = runtime.NewResponseError(httpResp) - return DataConnectorsClientDisconnectResponse{}, err - } - return DataConnectorsClientDisconnectResponse{}, nil -} - -// disconnectCreateRequest creates the Disconnect request. -func (client *DataConnectorsClient) disconnectCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorID string, options *DataConnectorsClientDisconnectOptions) (*policy.Request, error) { - urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}/disconnect" - if client.subscriptionID == "" { - return nil, errors.New("parameter client.subscriptionID cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) - if resourceGroupName == "" { - return nil, errors.New("parameter resourceGroupName cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) - if workspaceName == "" { - return nil, errors.New("parameter workspaceName cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) - if dataConnectorID == "" { - return nil, errors.New("parameter dataConnectorID cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{dataConnectorId}", url.PathEscape(dataConnectorID)) - req, err := runtime.NewRequest(ctx, http.MethodPost, runtime.JoinPaths(client.internal.Endpoint(), urlPath)) - if err != nil { - return nil, err - } - reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil @@ -302,7 +179,7 @@ func (client *DataConnectorsClient) disconnectCreateRequest(ctx context.Context, // Get - Gets a data connector. // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. // - dataConnectorID - Connector ID @@ -353,7 +230,7 @@ func (client *DataConnectorsClient) getCreateRequest(ctx context.Context, resour return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil @@ -370,7 +247,7 @@ func (client *DataConnectorsClient) getHandleResponse(resp *http.Response) (Data // NewListPager - Gets all data connectors. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. // - options - DataConnectorsClientListOptions contains the optional parameters for the DataConnectorsClient.NewListPager method. @@ -417,7 +294,7 @@ func (client *DataConnectorsClient) listCreateRequest(ctx context.Context, resou return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/dataconnectors_client_example_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/dataconnectors_client_example_test.go deleted file mode 100644 index e9df44a50f9e..000000000000 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/dataconnectors_client_example_test.go +++ /dev/null @@ -1,2500 +0,0 @@ -//go:build go1.18 -// +build go1.18 - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See License.txt in the project root for license information. -// Code generated by Microsoft (R) AutoRest Code Generator. -// Changes may cause incorrect behavior and will be lost if the code is regenerated. -// DO NOT EDIT. - -package armsecurityinsights_test - -import ( - "context" - "log" - - "time" - - "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" - "github.com/Azure/azure-sdk-for-go/sdk/azidentity" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" -) - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/GetDataConnectors.json -func ExampleDataConnectorsClient_NewListPager() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - pager := clientFactory.NewDataConnectorsClient().NewListPager("myRg", "myWorkspace", nil) - for pager.More() { - page, err := pager.NextPage(ctx) - if err != nil { - log.Fatalf("failed to advance page: %v", err) - } - for _, v := range page.Value { - // You could use page here. We use blank identifier for just demo purposes. - _ = v - } - // If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // page.DataConnectorList = armsecurityinsights.DataConnectorList{ - // Value: []armsecurityinsights.DataConnectorClassification{ - // &armsecurityinsights.ASCDataConnector{ - // Name: to.Ptr("763f9fa1-c2d3-4fa2-93e9-bccd4899aa12"), - // Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/763f9fa1-c2d3-4fa2-93e9-bccd4899aa12"), - // Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - // Kind: to.Ptr(armsecurityinsights.DataConnectorKindAzureSecurityCenter), - // Properties: &armsecurityinsights.ASCDataConnectorProperties{ - // DataTypes: &armsecurityinsights.AlertsDataTypeOfDataConnector{ - // Alerts: &armsecurityinsights.DataConnectorDataTypeCommon{ - // State: to.Ptr(armsecurityinsights.DataTypeStateEnabled), - // }, - // }, - // SubscriptionID: to.Ptr("d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"), - // }, - // }, - // &armsecurityinsights.TIDataConnector{ - // Name: to.Ptr("c345bf40-8509-4ed2-b947-50cb773aaf04"), - // Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04"), - // Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - // Kind: to.Ptr(armsecurityinsights.DataConnectorKindThreatIntelligence), - // Properties: &armsecurityinsights.TIDataConnectorProperties{ - // TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"), - // DataTypes: &armsecurityinsights.TIDataConnectorDataTypes{ - // Indicators: &armsecurityinsights.TIDataConnectorDataTypesIndicators{ - // State: to.Ptr(armsecurityinsights.DataTypeStateEnabled), - // }, - // }, - // }, - // }, - // &armsecurityinsights.TiTaxiiDataConnector{ - // Name: to.Ptr("c39bb458-02a7-4b3f-b0c8-71a1d2692652"), - // Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c39bb458-02a7-4b3f-b0c8-71a1d2692652"), - // Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - // Kind: to.Ptr(armsecurityinsights.DataConnectorKindThreatIntelligenceTaxii), - // Properties: &armsecurityinsights.TiTaxiiDataConnectorProperties{ - // TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"), - // CollectionID: to.Ptr("e0b1f32d-1188-48f7-a7a3-de71924e4b5e"), - // DataTypes: &armsecurityinsights.TiTaxiiDataConnectorDataTypes{ - // TaxiiClient: &armsecurityinsights.TiTaxiiDataConnectorDataTypesTaxiiClient{ - // State: to.Ptr(armsecurityinsights.DataTypeStateEnabled), - // }, - // }, - // FriendlyName: to.Ptr("My TI Taxii Connector"), - // Password: to.Ptr(""), - // PollingFrequency: to.Ptr(armsecurityinsights.PollingFrequencyOnceAMinute), - // TaxiiServer: to.Ptr("https://mytaxiiserver.com/taxiing/v2/api"), - // UserName: to.Ptr(""), - // WorkspaceID: to.Ptr("8b014a77-4695-4ef4-96bb-6623afb121a2"), - // }, - // }, - // &armsecurityinsights.AADDataConnector{ - // Name: to.Ptr("f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d"), - // Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d"), - // Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - // Kind: to.Ptr(armsecurityinsights.DataConnectorKindAzureActiveDirectory), - // Properties: &armsecurityinsights.AADDataConnectorProperties{ - // TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"), - // DataTypes: &armsecurityinsights.AlertsDataTypeOfDataConnector{ - // Alerts: &armsecurityinsights.DataConnectorDataTypeCommon{ - // State: to.Ptr(armsecurityinsights.DataTypeStateEnabled), - // }, - // }, - // }, - // }, - // &armsecurityinsights.OfficeDataConnector{ - // Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"), - // Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5"), - // Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - // Kind: to.Ptr(armsecurityinsights.DataConnectorKindOffice365), - // Properties: &armsecurityinsights.OfficeDataConnectorProperties{ - // TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"), - // DataTypes: &armsecurityinsights.OfficeDataConnectorDataTypes{ - // Exchange: &armsecurityinsights.OfficeDataConnectorDataTypesExchange{ - // State: to.Ptr(armsecurityinsights.DataTypeStateEnabled), - // }, - // SharePoint: &armsecurityinsights.OfficeDataConnectorDataTypesSharePoint{ - // State: to.Ptr(armsecurityinsights.DataTypeStateEnabled), - // }, - // Teams: &armsecurityinsights.OfficeDataConnectorDataTypesTeams{ - // State: to.Ptr(armsecurityinsights.DataTypeStateEnabled), - // }, - // }, - // }, - // }, - // &armsecurityinsights.MCASDataConnector{ - // Name: to.Ptr("b96d014d-b5c2-4a01-9aba-a8058f629d42"), - // Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/b96d014d-b5c2-4a01-9aba-a8058f629d42"), - // Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - // Kind: to.Ptr(armsecurityinsights.DataConnectorKindMicrosoftCloudAppSecurity), - // Properties: &armsecurityinsights.MCASDataConnectorProperties{ - // TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"), - // DataTypes: &armsecurityinsights.MCASDataConnectorDataTypes{ - // Alerts: &armsecurityinsights.DataConnectorDataTypeCommon{ - // State: to.Ptr(armsecurityinsights.DataTypeStateEnabled), - // }, - // DiscoveryLogs: &armsecurityinsights.DataConnectorDataTypeCommon{ - // State: to.Ptr(armsecurityinsights.DataTypeStateEnabled), - // }, - // }, - // }, - // }, - // &armsecurityinsights.AATPDataConnector{ - // Name: to.Ptr("07e42cb3-e658-4e90-801c-efa0f29d3d44"), - // Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/07e42cb3-e658-4e90-801c-efa0f29d3d44"), - // Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - // Kind: to.Ptr(armsecurityinsights.DataConnectorKindAzureAdvancedThreatProtection), - // Properties: &armsecurityinsights.AATPDataConnectorProperties{ - // TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"), - // DataTypes: &armsecurityinsights.AlertsDataTypeOfDataConnector{ - // Alerts: &armsecurityinsights.DataConnectorDataTypeCommon{ - // State: to.Ptr(armsecurityinsights.DataTypeStateEnabled), - // }, - // }, - // }, - // }, - // &armsecurityinsights.AwsCloudTrailDataConnector{ - // Name: to.Ptr("c345bf40-8509-4ed2-b947-50cb773aaf04"), - // Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04"), - // Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - // Kind: to.Ptr(armsecurityinsights.DataConnectorKindAmazonWebServicesCloudTrail), - // Properties: &armsecurityinsights.AwsCloudTrailDataConnectorProperties{ - // AwsRoleArn: to.Ptr("myAwsRoleArn"), - // DataTypes: &armsecurityinsights.AwsCloudTrailDataConnectorDataTypes{ - // Logs: &armsecurityinsights.AwsCloudTrailDataConnectorDataTypesLogs{ - // State: to.Ptr(armsecurityinsights.DataTypeStateEnabled), - // }, - // }, - // }, - // }, - // &armsecurityinsights.AwsS3DataConnector{ - // Name: to.Ptr("afef3743-0c88-469c-84ff-ca2e87dc1e48"), - // Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/afef3743-0c88-469c-84ff-ca2e87dc1e48"), - // Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - // Kind: to.Ptr(armsecurityinsights.DataConnectorKindAmazonWebServicesS3), - // Properties: &armsecurityinsights.AwsS3DataConnectorProperties{ - // DataTypes: &armsecurityinsights.AwsS3DataConnectorDataTypes{ - // Logs: &armsecurityinsights.AwsS3DataConnectorDataTypesLogs{ - // State: to.Ptr(armsecurityinsights.DataTypeStateEnabled), - // }, - // }, - // DestinationTable: to.Ptr("AWSVPCFlow"), - // RoleArn: to.Ptr("arn:aws:iam::072643944673:role/RoleName"), - // SqsUrls: []*string{ - // to.Ptr("https://sqs.us-west-1.amazonaws.com/111111111111/sqsTestName")}, - // }, - // }, - // &armsecurityinsights.MDATPDataConnector{ - // Name: to.Ptr("06b3ccb8-1384-4bcc-aec7-852f6d57161b"), - // Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/06b3ccb8-1384-4bcc-aec7-852f6d57161b"), - // Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - // Kind: to.Ptr(armsecurityinsights.DataConnectorKindMicrosoftDefenderAdvancedThreatProtection), - // Properties: &armsecurityinsights.MDATPDataConnectorProperties{ - // TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"), - // DataTypes: &armsecurityinsights.AlertsDataTypeOfDataConnector{ - // Alerts: &armsecurityinsights.DataConnectorDataTypeCommon{ - // State: to.Ptr(armsecurityinsights.DataTypeStateEnabled), - // }, - // }, - // }, - // }, - // &armsecurityinsights.OfficeATPDataConnector{ - // Name: to.Ptr("3d3e955e-33eb-401d-89a7-251c81ddd660"), - // Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660"), - // Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - // Kind: to.Ptr(armsecurityinsights.DataConnectorKindOfficeATP), - // Properties: &armsecurityinsights.OfficeATPDataConnectorProperties{ - // TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"), - // DataTypes: &armsecurityinsights.AlertsDataTypeOfDataConnector{ - // Alerts: &armsecurityinsights.DataConnectorDataTypeCommon{ - // State: to.Ptr(armsecurityinsights.DataTypeStateEnabled), - // }, - // }, - // }, - // }, - // &armsecurityinsights.Office365ProjectDataConnector{ - // Name: to.Ptr("3d3e955e-33eb-401d-89a7-251c81ddd660"), - // Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660"), - // Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - // Kind: to.Ptr(armsecurityinsights.DataConnectorKindOffice365Project), - // Properties: &armsecurityinsights.Office365ProjectDataConnectorProperties{ - // TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"), - // DataTypes: &armsecurityinsights.Office365ProjectConnectorDataTypes{ - // Logs: &armsecurityinsights.Office365ProjectConnectorDataTypesLogs{ - // State: to.Ptr(armsecurityinsights.DataTypeStateEnabled), - // }, - // }, - // }, - // }, - // &armsecurityinsights.OfficePowerBIDataConnector{ - // Name: to.Ptr("3d3e955e-33eb-401d-89a7-251c81ddd660"), - // Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660"), - // Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - // Kind: to.Ptr(armsecurityinsights.DataConnectorKindOfficePowerBI), - // Properties: &armsecurityinsights.OfficePowerBIDataConnectorProperties{ - // TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"), - // DataTypes: &armsecurityinsights.OfficePowerBIConnectorDataTypes{ - // Logs: &armsecurityinsights.OfficePowerBIConnectorDataTypesLogs{ - // State: to.Ptr(armsecurityinsights.DataTypeStateEnabled), - // }, - // }, - // }, - // }, - // &armsecurityinsights.Dynamics365DataConnector{ - // Name: to.Ptr("c2541efb-c9a6-47fe-9501-87d1017d1512"), - // Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660"), - // Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - // Kind: to.Ptr(armsecurityinsights.DataConnectorKindDynamics365), - // Properties: &armsecurityinsights.Dynamics365DataConnectorProperties{ - // TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"), - // DataTypes: &armsecurityinsights.Dynamics365DataConnectorDataTypes{ - // Dynamics365CdsActivities: &armsecurityinsights.Dynamics365DataConnectorDataTypesDynamics365CdsActivities{ - // State: to.Ptr(armsecurityinsights.DataTypeStateEnabled), - // }, - // }, - // }, - // }, - // &armsecurityinsights.CodelessUIDataConnector{ - // Name: to.Ptr("316ec55e-7138-4d63-ab18-90c8a60fd1c8"), - // Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8"), - // Etag: to.Ptr("\"1a00b074-0000-0100-0000-606ef5bd0000\""), - // Kind: to.Ptr(armsecurityinsights.DataConnectorKindGenericUI), - // Properties: &armsecurityinsights.CodelessParameters{ - // ConnectorUIConfig: &armsecurityinsights.CodelessUIConnectorConfigProperties{ - // Availability: &armsecurityinsights.Availability{ - // IsPreview: to.Ptr(true), - // Status: to.Ptr[int32](1), - // }, - // ConnectivityCriteria: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesConnectivityCriteriaItem{ - // { - // Type: to.Ptr(armsecurityinsights.ConnectivityTypeIsConnectedQuery), - // Value: []*string{ - // to.Ptr("{{graphQueriesTableName}}\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)")}, - // }}, - // CustomImage: to.Ptr("The image connector content"), - // DataTypes: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesDataTypesItem{ - // { - // Name: to.Ptr("{{graphQueriesTableName}}"), - // LastDataReceivedQuery: to.Ptr("{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"), - // }}, - // DescriptionMarkdown: to.Ptr("The [Qualys Vulnerability Management (VM)](https://www.qualys.com/apps/vulnerability-management/) data connector provides the capability to ingest vulnerability host detection data into Azure Sentinel through the Qualys API. The connector provides visibility into host detection data from vulerability scans. This connector provides Azure Sentinel the capability to view dashboards, create custom alerts, and improve investigation "), - // GraphQueries: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesGraphQueriesItem{ - // { - // BaseQuery: to.Ptr("{{graphQueriesTableName}}"), - // Legend: to.Ptr("{{graphQueriesTableName}}"), - // MetricName: to.Ptr("Total data received"), - // }}, - // GraphQueriesTableName: to.Ptr("QualysHostDetection_CL"), - // InstructionSteps: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesInstructionStepsItem{ - // { - // Description: to.Ptr(">**NOTE:** This connector uses Azure Functions to connect to Qualys VM to pull its logs into Azure Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details."), - // Title: to.Ptr(""), - // }, - // { - // Description: to.Ptr(">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App."), - // Title: to.Ptr(""), - // }, - // { - // Description: to.Ptr("**STEP 1 - Configuration steps for the Qualys VM API**\n\n1. Log into the Qualys Vulnerability Management console with an administrator account, select the **Users** tab and the **Users** subtab. \n2. Click on the **New** drop-down menu and select **Users..**\n3. Create a username and password for the API account. \n4. In the **User Roles** tab, ensure the account role is set to **Manager** and access is allowed to **GUI** and **API**\n4. Log out of the administrator account and log into the console with the new API credentials for validation, then log out of the API account. \n5. Log back into the console using an administrator account and modify the API accounts User Roles, removing access to **GUI**. \n6. Save all changes."), - // Title: to.Ptr(""), - // }, - // { - // Description: to.Ptr("**STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the Qualys VM connector, have the Workspace ID and Workspace Primary Key (can be copied from the following), as well as the Qualys VM API Authorization Key(s), readily available."), - // Instructions: []*armsecurityinsights.InstructionStepsInstructionsItem{ - // { - // Type: to.Ptr(armsecurityinsights.SettingTypeCopyableLabel), - // Parameters: map[string]any{ - // "fillWith":[]any{ - // "WorkspaceId", - // }, - // "label": "Workspace ID", - // }, - // }, - // { - // Type: to.Ptr(armsecurityinsights.SettingTypeCopyableLabel), - // Parameters: map[string]any{ - // "fillWith":[]any{ - // "PrimaryKey", - // }, - // "label": "Primary Key", - // }, - // }}, - // Title: to.Ptr(""), - // }, - // { - // Description: to.Ptr("Use this method for automated deployment of the Qualys VM connector using an ARM Tempate.\n\n1. Click the **Deploy to Azure** button below. \n\n [![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinelqualysvmazuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the **Workspace ID**, **Workspace Key**, **API Username**, **API Password** , update the **URI**, and any additional URI **Filter Parameters** (each filter should be separated by an \"&\" symbol, no spaces.) \n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348) -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format. \n - The default **Time Interval** is set to pull the last five (5) minutes of data. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly (in the function.json file, post deployment) to prevent overlapping data ingestion. \n> - Note: If using Azure Key Vault secrets for any of the values above, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details. \n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n5. Click **Purchase** to deploy."), - // Title: to.Ptr("Option 1 - Azure Resource Manager (ARM) Template"), - // }, - // { - // Description: to.Ptr("Use the following step-by-step instructions to deploy the Quayls VM connector manually with Azure Functions."), - // Title: to.Ptr("Option 2 - Manual Deployment of Azure Functions"), - // }, - // { - // Description: to.Ptr("**1. Create a Function App**\n\n1. From the Azure Portal, navigate to [Function App](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Web%2Fsites/kind/functionapp), and select **+ Add**.\n2. In the **Basics** tab, ensure Runtime stack is set to **Powershell Core**. \n3. In the **Hosting** tab, ensure the **Consumption (Serverless)** plan type is selected.\n4. Make other preferrable configuration changes, if needed, then click **Create**."), - // Title: to.Ptr(""), - // }, - // { - // Description: to.Ptr("**2. Import Function App Code**\n\n1. In the newly created Function App, select **Functions** on the left pane and click **+ New Function**.\n2. Select **Timer Trigger**.\n3. Enter a unique Function **Name** and leave the default cron schedule of every 5 minutes, then click **Create**.\n5. Click on **Code + Test** on the left pane. \n6. Copy the [Function App Code](https://aka.ms/sentinelqualysvmazurefunctioncode) and paste into the Function App `run.ps1` editor.\n7. Click **Save**."), - // Title: to.Ptr(""), - // }, - // { - // Description: to.Ptr("**3. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following seven (7) application settings individually, with their respective string values (case-sensitive): \n apiUsername\n apiPassword\n workspaceID\n workspaceKey\n uri\n filterParameters\n timeInterval\n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348). The `uri` value must follow the following schema: `https:///api/2.0/fo/asset/host/vm/detection/?action=list&vm_processed_after=` -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format.\n> - Add any additional filter parameters, for the `filterParameters` variable, that need to be appended to the URI. Each parameter should be seperated by an \"&\" symbol and should not include any spaces.\n> - Set the `timeInterval` (in minutes) to the value of `5` to correspond to the Timer Trigger of every `5` minutes. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly to prevent overlapping data ingestion.\n> - Note: If using Azure Key Vault, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details.\n4. Once all application settings have been entered, click **Save**."), - // Title: to.Ptr(""), - // }, - // { - // Description: to.Ptr("**4. Configure the host.json**.\n\nDue to the potentially large amount of Qualys host detection data being ingested, it can cause the execution time to surpass the default Function App timeout of five (5) minutes. Increase the default timeout duration to the maximum of ten (10) minutes, under the Consumption Plan, to allow more time for the Function App to execute.\n\n1. In the Function App, select the Function App Name and select the **App Service Editor** blade.\n2. Click **Go** to open the editor, then select the **host.json** file under the **wwwroot** directory.\n3. Add the line `\"functionTimeout\": \"00:10:00\",` above the `managedDependancy` line \n4. Ensure **SAVED** appears on the top right corner of the editor, then exit the editor.\n\n> NOTE: If a longer timeout duration is required, consider upgrading to an [App Service Plan](https://docs.microsoft.com/azure/azure-functions/functions-scale#timeout)"), - // Title: to.Ptr(""), - // }}, - // Permissions: &armsecurityinsights.Permissions{ - // Customs: []*armsecurityinsights.PermissionsCustomsItem{ - // { - // Name: to.Ptr("Microsoft.Web/sites permissions"), - // Description: to.Ptr("Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)."), - // }, - // { - // Name: to.Ptr("Qualys API Key"), - // Description: to.Ptr("A Qualys VM API username and password is required. [See the documentation to learn more about Qualys VM API](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf)."), - // }}, - // ResourceProvider: []*armsecurityinsights.PermissionsResourceProviderItem{ - // { - // PermissionsDisplayText: to.Ptr("read and write permissions on the workspace are required."), - // Provider: to.Ptr(armsecurityinsights.ProviderNameMicrosoftOperationalInsightsWorkspaces), - // ProviderDisplayName: to.Ptr("Workspace"), - // RequiredPermissions: &armsecurityinsights.RequiredPermissions{ - // Delete: to.Ptr(true), - // Read: to.Ptr(true), - // Write: to.Ptr(true), - // }, - // Scope: to.Ptr(armsecurityinsights.PermissionProviderScopeWorkspace), - // }, - // { - // PermissionsDisplayText: to.Ptr("read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key)."), - // Provider: to.Ptr(armsecurityinsights.ProviderNameMicrosoftOperationalInsightsWorkspacesSharedKeys), - // ProviderDisplayName: to.Ptr("Keys"), - // RequiredPermissions: &armsecurityinsights.RequiredPermissions{ - // Action: to.Ptr(true), - // }, - // Scope: to.Ptr(armsecurityinsights.PermissionProviderScopeWorkspace), - // }}, - // }, - // Publisher: to.Ptr("Qualys"), - // SampleQueries: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesSampleQueriesItem{ - // { - // Description: to.Ptr("Top 10 Vulerabilities detected"), - // Query: to.Ptr("{{graphQueriesTableName}}\n | mv-expand todynamic(Detections_s)\n | extend Vulnerability = tostring(Detections_s.Results)\n | summarize count() by Vulnerability\n | top 10 by count_"), - // }}, - // Title: to.Ptr("Qualys Vulnerability Management (CCP DEMO)"), - // }, - // }, - // }, - // &armsecurityinsights.CodelessAPIPollingDataConnector{ - // Name: to.Ptr("316ec55e-7138-4d63-ab18-90c8a60fd1c8"), - // Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8"), - // Etag: to.Ptr("\"1a00b074-0000-0100-0000-606ef5bd0000\""), - // Kind: to.Ptr(armsecurityinsights.DataConnectorKindAPIPolling), - // Properties: &armsecurityinsights.APIPollingParameters{ - // ConnectorUIConfig: &armsecurityinsights.CodelessUIConnectorConfigProperties{ - // Availability: &armsecurityinsights.Availability{ - // IsPreview: to.Ptr(true), - // Status: to.Ptr[int32](1), - // }, - // ConnectivityCriteria: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesConnectivityCriteriaItem{ - // { - // Type: to.Ptr(armsecurityinsights.ConnectivityType("SentinelKindsV2")), - // Value: []*string{ - // }, - // }}, - // DataTypes: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesDataTypesItem{ - // { - // Name: to.Ptr("{{graphQueriesTableName}}"), - // LastDataReceivedQuery: to.Ptr("{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"), - // }}, - // DescriptionMarkdown: to.Ptr("The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process."), - // GraphQueries: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesGraphQueriesItem{ - // { - // BaseQuery: to.Ptr("{{graphQueriesTableName}}"), - // Legend: to.Ptr("GitHub audit log events"), - // MetricName: to.Ptr("Total events received"), - // }}, - // GraphQueriesTableName: to.Ptr("GitHubAuditLogPolling_CL"), - // InstructionSteps: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesInstructionStepsItem{ - // { - // Description: to.Ptr("Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key"), - // Instructions: []*armsecurityinsights.InstructionStepsInstructionsItem{ - // { - // Type: to.Ptr(armsecurityinsights.SettingType("APIKey")), - // Parameters: map[string]any{ - // "enable": "true", - // "userRequestPlaceHoldersInput":[]any{ - // map[string]any{ - // "displayText": "Organization Name", - // "placeHolderName": "{{placeHolder1}}", - // "placeHolderValue": "", - // "requestObjectKey": "apiEndpoint", - // }, - // }, - // }, - // }}, - // Title: to.Ptr("Connect GitHub Enterprise Audit Log to Azure Sentinel"), - // }}, - // Permissions: &armsecurityinsights.Permissions{ - // Customs: []*armsecurityinsights.PermissionsCustomsItem{ - // { - // Name: to.Ptr("GitHub API personal token Key"), - // Description: to.Ptr("You need access to GitHub personal token, the key should have 'admin:org' scope"), - // }}, - // ResourceProvider: []*armsecurityinsights.PermissionsResourceProviderItem{ - // { - // PermissionsDisplayText: to.Ptr("read and write permissions are required."), - // Provider: to.Ptr(armsecurityinsights.ProviderNameMicrosoftOperationalInsightsWorkspaces), - // ProviderDisplayName: to.Ptr("Workspace"), - // RequiredPermissions: &armsecurityinsights.RequiredPermissions{ - // Delete: to.Ptr(true), - // Read: to.Ptr(true), - // Write: to.Ptr(true), - // }, - // Scope: to.Ptr(armsecurityinsights.PermissionProviderScopeWorkspace), - // }}, - // }, - // Publisher: to.Ptr("GitHub"), - // SampleQueries: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesSampleQueriesItem{ - // { - // Description: to.Ptr("All logs"), - // Query: to.Ptr("{{graphQueriesTableName}}\n | take 10 "), - // }}, - // Title: to.Ptr("GitHub Enterprise Audit Log"), - // }, - // PollingConfig: &armsecurityinsights.CodelessConnectorPollingConfigProperties{ - // Auth: &armsecurityinsights.CodelessConnectorPollingAuthProperties{ - // APIKeyIdentifier: to.Ptr("token"), - // APIKeyName: to.Ptr("Authorization"), - // AuthType: to.Ptr("APIKey"), - // }, - // Paging: &armsecurityinsights.CodelessConnectorPollingPagingProperties{ - // PageSizeParaName: to.Ptr("per_page"), - // PagingType: to.Ptr("LinkHeader"), - // }, - // Response: &armsecurityinsights.CodelessConnectorPollingResponseProperties{ - // EventsJSONPaths: []*string{ - // to.Ptr("$")}, - // }, - // Request: &armsecurityinsights.CodelessConnectorPollingRequestProperties{ - // APIEndpoint: to.Ptr("https://api.github.com/organizations/{{placeHolder1}}/audit-log"), - // Headers: map[string]any{ - // "Accept": "application/json", - // "User-Agent": "Scuba", - // }, - // HTTPMethod: to.Ptr("Get"), - // QueryParameters: map[string]any{ - // "phrase": "created:{_QueryWindowStartTime}..{_QueryWindowEndTime}", - // }, - // QueryTimeFormat: to.Ptr("yyyy-MM-ddTHH:mm:ssZ"), - // QueryWindowInMin: to.Ptr[int32](15), - // RateLimitQPS: to.Ptr[int32](50), - // RetryCount: to.Ptr[int32](2), - // TimeoutInSeconds: to.Ptr[int32](60), - // }, - // }, - // }, - // }}, - // } - } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/GetAPIPolling.json -func ExampleDataConnectorsClient_Get_getAApiPollingDataConnector() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewDataConnectorsClient().Get(ctx, "myRg", "myWorkspace", "316ec55e-7138-4d63-ab18-90c8a60fd1c8", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.DataConnectorsClientGetResponse{ - // DataConnectorClassification: &armsecurityinsights.CodelessAPIPollingDataConnector{ - // Name: to.Ptr("316ec55e-7138-4d63-ab18-90c8a60fd1c8"), - // Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8"), - // Etag: to.Ptr("\"1a00b074-0000-0100-0000-606ef5bd0000\""), - // Kind: to.Ptr(armsecurityinsights.DataConnectorKindAPIPolling), - // Properties: &armsecurityinsights.APIPollingParameters{ - // ConnectorUIConfig: &armsecurityinsights.CodelessUIConnectorConfigProperties{ - // Availability: &armsecurityinsights.Availability{ - // IsPreview: to.Ptr(true), - // Status: to.Ptr[int32](1), - // }, - // ConnectivityCriteria: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesConnectivityCriteriaItem{ - // { - // Type: to.Ptr(armsecurityinsights.ConnectivityType("SentinelKindsV2")), - // Value: []*string{ - // }, - // }}, - // CustomImage: to.Ptr("The image connector content"), - // DataTypes: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesDataTypesItem{ - // { - // Name: to.Ptr("{{graphQueriesTableName}}"), - // LastDataReceivedQuery: to.Ptr("{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"), - // }}, - // DescriptionMarkdown: to.Ptr("The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process."), - // GraphQueries: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesGraphQueriesItem{ - // { - // BaseQuery: to.Ptr("{{graphQueriesTableName}}"), - // Legend: to.Ptr("GitHub audit log events"), - // MetricName: to.Ptr("Total events received"), - // }}, - // GraphQueriesTableName: to.Ptr("GitHubAuditLogPolling_CL"), - // InstructionSteps: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesInstructionStepsItem{ - // { - // Description: to.Ptr("Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key"), - // Instructions: []*armsecurityinsights.InstructionStepsInstructionsItem{ - // { - // Type: to.Ptr(armsecurityinsights.SettingType("APIKey")), - // Parameters: map[string]any{ - // "enable": "true", - // "userRequestPlaceHoldersInput":[]any{ - // map[string]any{ - // "displayText": "Organization Name", - // "placeHolderName": "{{placeHolder1}}", - // "placeHolderValue": "", - // "requestObjectKey": "apiEndpoint", - // }, - // }, - // }, - // }}, - // Title: to.Ptr("Connect GitHub Enterprise Audit Log to Azure Sentinel"), - // }}, - // Permissions: &armsecurityinsights.Permissions{ - // Customs: []*armsecurityinsights.PermissionsCustomsItem{ - // { - // Name: to.Ptr("GitHub API personal token Key"), - // Description: to.Ptr("You need access to GitHub personal token, the key should have 'admin:org' scope"), - // }}, - // ResourceProvider: []*armsecurityinsights.PermissionsResourceProviderItem{ - // { - // PermissionsDisplayText: to.Ptr("read and write permissions are required."), - // Provider: to.Ptr(armsecurityinsights.ProviderNameMicrosoftOperationalInsightsWorkspaces), - // ProviderDisplayName: to.Ptr("Workspace"), - // RequiredPermissions: &armsecurityinsights.RequiredPermissions{ - // Delete: to.Ptr(true), - // Read: to.Ptr(true), - // Write: to.Ptr(true), - // }, - // Scope: to.Ptr(armsecurityinsights.PermissionProviderScopeWorkspace), - // }}, - // }, - // Publisher: to.Ptr("GitHub"), - // SampleQueries: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesSampleQueriesItem{ - // { - // Description: to.Ptr("All logs"), - // Query: to.Ptr("{{graphQueriesTableName}}\n | take 10 "), - // }}, - // Title: to.Ptr("GitHub Enterprise Audit Log"), - // }, - // PollingConfig: &armsecurityinsights.CodelessConnectorPollingConfigProperties{ - // Auth: &armsecurityinsights.CodelessConnectorPollingAuthProperties{ - // APIKeyIdentifier: to.Ptr("token"), - // APIKeyName: to.Ptr("Authorization"), - // AuthType: to.Ptr("APIKey"), - // }, - // Paging: &armsecurityinsights.CodelessConnectorPollingPagingProperties{ - // PageSizeParaName: to.Ptr("per_page"), - // PagingType: to.Ptr("LinkHeader"), - // }, - // Response: &armsecurityinsights.CodelessConnectorPollingResponseProperties{ - // EventsJSONPaths: []*string{ - // to.Ptr("$")}, - // }, - // Request: &armsecurityinsights.CodelessConnectorPollingRequestProperties{ - // APIEndpoint: to.Ptr("https://api.github.com/organizations/{{placeHolder1}}/audit-log"), - // Headers: map[string]any{ - // "Accept": "application/json", - // "User-Agent": "Scuba", - // }, - // HTTPMethod: to.Ptr("Get"), - // QueryParameters: map[string]any{ - // "phrase": "created:{_QueryWindowStartTime}..{_QueryWindowEndTime}", - // }, - // QueryTimeFormat: to.Ptr("yyyy-MM-ddTHH:mm:ssZ"), - // QueryWindowInMin: to.Ptr[int32](15), - // RateLimitQPS: to.Ptr[int32](50), - // RetryCount: to.Ptr[int32](2), - // TimeoutInSeconds: to.Ptr[int32](60), - // }, - // }, - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/GetAzureSecurityCenterById.json -func ExampleDataConnectorsClient_Get_getAAscDataConnector() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewDataConnectorsClient().Get(ctx, "myRg", "myWorkspace", "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.DataConnectorsClientGetResponse{ - // DataConnectorClassification: &armsecurityinsights.ASCDataConnector{ - // Name: to.Ptr("763f9fa1-c2d3-4fa2-93e9-bccd4899aa12"), - // Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/763f9fa1-c2d3-4fa2-93e9-bccd4899aa12"), - // Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - // Kind: to.Ptr(armsecurityinsights.DataConnectorKindAzureSecurityCenter), - // Properties: &armsecurityinsights.ASCDataConnectorProperties{ - // DataTypes: &armsecurityinsights.AlertsDataTypeOfDataConnector{ - // Alerts: &armsecurityinsights.DataConnectorDataTypeCommon{ - // State: to.Ptr(armsecurityinsights.DataTypeStateEnabled), - // }, - // }, - // SubscriptionID: to.Ptr("c0688291-89d7-4bed-87a2-a7b1bff43f4c"), - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/GetDynamics365DataConnectorById.json -func ExampleDataConnectorsClient_Get_getADynamics365DataConnector() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewDataConnectorsClient().Get(ctx, "myRg", "myWorkspace", "c2541efb-c9a6-47fe-9501-87d1017d1512", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.DataConnectorsClientGetResponse{ - // DataConnectorClassification: &armsecurityinsights.Dynamics365DataConnector{ - // Name: to.Ptr("c2541efb-c9a6-47fe-9501-87d1017d1512"), - // Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660"), - // Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - // Kind: to.Ptr(armsecurityinsights.DataConnectorKindDynamics365), - // Properties: &armsecurityinsights.Dynamics365DataConnectorProperties{ - // TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"), - // DataTypes: &armsecurityinsights.Dynamics365DataConnectorDataTypes{ - // Dynamics365CdsActivities: &armsecurityinsights.Dynamics365DataConnectorDataTypesDynamics365CdsActivities{ - // State: to.Ptr(armsecurityinsights.DataTypeStateEnabled), - // }, - // }, - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/GetGenericUI.json -func ExampleDataConnectorsClient_Get_getAGenericUiDataConnector() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewDataConnectorsClient().Get(ctx, "myRg", "myWorkspace", "316ec55e-7138-4d63-ab18-90c8a60fd1c8", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.DataConnectorsClientGetResponse{ - // DataConnectorClassification: &armsecurityinsights.CodelessUIDataConnector{ - // Name: to.Ptr("316ec55e-7138-4d63-ab18-90c8a60fd1c8"), - // Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8"), - // Etag: to.Ptr("\"1a00b074-0000-0100-0000-606ef5bd0000\""), - // Kind: to.Ptr(armsecurityinsights.DataConnectorKindGenericUI), - // Properties: &armsecurityinsights.CodelessParameters{ - // ConnectorUIConfig: &armsecurityinsights.CodelessUIConnectorConfigProperties{ - // Availability: &armsecurityinsights.Availability{ - // IsPreview: to.Ptr(true), - // Status: to.Ptr[int32](1), - // }, - // ConnectivityCriteria: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesConnectivityCriteriaItem{ - // { - // Type: to.Ptr(armsecurityinsights.ConnectivityTypeIsConnectedQuery), - // Value: []*string{ - // to.Ptr("{{graphQueriesTableName}}\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)")}, - // }}, - // CustomImage: to.Ptr("The image connector content"), - // DataTypes: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesDataTypesItem{ - // { - // Name: to.Ptr("{{graphQueriesTableName}}"), - // LastDataReceivedQuery: to.Ptr("{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"), - // }}, - // DescriptionMarkdown: to.Ptr("The [Qualys Vulnerability Management (VM)](https://www.qualys.com/apps/vulnerability-management/) data connector provides the capability to ingest vulnerability host detection data into Azure Sentinel through the Qualys API. The connector provides visibility into host detection data from vulerability scans. This connector provides Azure Sentinel the capability to view dashboards, create custom alerts, and improve investigation "), - // GraphQueries: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesGraphQueriesItem{ - // { - // BaseQuery: to.Ptr("{{graphQueriesTableName}}"), - // Legend: to.Ptr("{{graphQueriesTableName}}"), - // MetricName: to.Ptr("Total data received"), - // }}, - // GraphQueriesTableName: to.Ptr("QualysHostDetection_CL"), - // InstructionSteps: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesInstructionStepsItem{ - // { - // Description: to.Ptr(">**NOTE:** This connector uses Azure Functions to connect to Qualys VM to pull its logs into Azure Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details."), - // Title: to.Ptr(""), - // }, - // { - // Description: to.Ptr(">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App."), - // Title: to.Ptr(""), - // }, - // { - // Description: to.Ptr("**STEP 1 - Configuration steps for the Qualys VM API**\n\n1. Log into the Qualys Vulnerability Management console with an administrator account, select the **Users** tab and the **Users** subtab. \n2. Click on the **New** drop-down menu and select **Users..**\n3. Create a username and password for the API account. \n4. In the **User Roles** tab, ensure the account role is set to **Manager** and access is allowed to **GUI** and **API**\n4. Log out of the administrator account and log into the console with the new API credentials for validation, then log out of the API account. \n5. Log back into the console using an administrator account and modify the API accounts User Roles, removing access to **GUI**. \n6. Save all changes."), - // Title: to.Ptr(""), - // }, - // { - // Description: to.Ptr("**STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the Qualys VM connector, have the Workspace ID and Workspace Primary Key (can be copied from the following), as well as the Qualys VM API Authorization Key(s), readily available."), - // Instructions: []*armsecurityinsights.InstructionStepsInstructionsItem{ - // { - // Type: to.Ptr(armsecurityinsights.SettingTypeCopyableLabel), - // Parameters: map[string]any{ - // "fillWith":[]any{ - // "WorkspaceId", - // }, - // "label": "Workspace ID", - // }, - // }, - // { - // Type: to.Ptr(armsecurityinsights.SettingTypeCopyableLabel), - // Parameters: map[string]any{ - // "fillWith":[]any{ - // "PrimaryKey", - // }, - // "label": "Primary Key", - // }, - // }}, - // Title: to.Ptr(""), - // }, - // { - // Description: to.Ptr("Use this method for automated deployment of the Qualys VM connector using an ARM Tempate.\n\n1. Click the **Deploy to Azure** button below. \n\n [![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinelqualysvmazuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the **Workspace ID**, **Workspace Key**, **API Username**, **API Password** , update the **URI**, and any additional URI **Filter Parameters** (each filter should be separated by an \"&\" symbol, no spaces.) \n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348) -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format. \n - The default **Time Interval** is set to pull the last five (5) minutes of data. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly (in the function.json file, post deployment) to prevent overlapping data ingestion. \n> - Note: If using Azure Key Vault secrets for any of the values above, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details. \n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n5. Click **Purchase** to deploy."), - // Title: to.Ptr("Option 1 - Azure Resource Manager (ARM) Template"), - // }, - // { - // Description: to.Ptr("Use the following step-by-step instructions to deploy the Quayls VM connector manually with Azure Functions."), - // Title: to.Ptr("Option 2 - Manual Deployment of Azure Functions"), - // }, - // { - // Description: to.Ptr("**1. Create a Function App**\n\n1. From the Azure Portal, navigate to [Function App](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Web%2Fsites/kind/functionapp), and select **+ Add**.\n2. In the **Basics** tab, ensure Runtime stack is set to **Powershell Core**. \n3. In the **Hosting** tab, ensure the **Consumption (Serverless)** plan type is selected.\n4. Make other preferrable configuration changes, if needed, then click **Create**."), - // Title: to.Ptr(""), - // }, - // { - // Description: to.Ptr("**2. Import Function App Code**\n\n1. In the newly created Function App, select **Functions** on the left pane and click **+ New Function**.\n2. Select **Timer Trigger**.\n3. Enter a unique Function **Name** and leave the default cron schedule of every 5 minutes, then click **Create**.\n5. Click on **Code + Test** on the left pane. \n6. Copy the [Function App Code](https://aka.ms/sentinelqualysvmazurefunctioncode) and paste into the Function App `run.ps1` editor.\n7. Click **Save**."), - // Title: to.Ptr(""), - // }, - // { - // Description: to.Ptr("**3. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following seven (7) application settings individually, with their respective string values (case-sensitive): \n apiUsername\n apiPassword\n workspaceID\n workspaceKey\n uri\n filterParameters\n timeInterval\n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348). The `uri` value must follow the following schema: `https:///api/2.0/fo/asset/host/vm/detection/?action=list&vm_processed_after=` -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format.\n> - Add any additional filter parameters, for the `filterParameters` variable, that need to be appended to the URI. Each parameter should be seperated by an \"&\" symbol and should not include any spaces.\n> - Set the `timeInterval` (in minutes) to the value of `5` to correspond to the Timer Trigger of every `5` minutes. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly to prevent overlapping data ingestion.\n> - Note: If using Azure Key Vault, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details.\n4. Once all application settings have been entered, click **Save**."), - // Title: to.Ptr(""), - // }, - // { - // Description: to.Ptr("**4. Configure the host.json**.\n\nDue to the potentially large amount of Qualys host detection data being ingested, it can cause the execution time to surpass the default Function App timeout of five (5) minutes. Increase the default timeout duration to the maximum of ten (10) minutes, under the Consumption Plan, to allow more time for the Function App to execute.\n\n1. In the Function App, select the Function App Name and select the **App Service Editor** blade.\n2. Click **Go** to open the editor, then select the **host.json** file under the **wwwroot** directory.\n3. Add the line `\"functionTimeout\": \"00:10:00\",` above the `managedDependancy` line \n4. Ensure **SAVED** appears on the top right corner of the editor, then exit the editor.\n\n> NOTE: If a longer timeout duration is required, consider upgrading to an [App Service Plan](https://docs.microsoft.com/azure/azure-functions/functions-scale#timeout)"), - // Title: to.Ptr(""), - // }}, - // Permissions: &armsecurityinsights.Permissions{ - // Customs: []*armsecurityinsights.PermissionsCustomsItem{ - // { - // Name: to.Ptr("Microsoft.Web/sites permissions"), - // Description: to.Ptr("Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)."), - // }, - // { - // Name: to.Ptr("Qualys API Key"), - // Description: to.Ptr("A Qualys VM API username and password is required. [See the documentation to learn more about Qualys VM API](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf)."), - // }}, - // ResourceProvider: []*armsecurityinsights.PermissionsResourceProviderItem{ - // { - // PermissionsDisplayText: to.Ptr("read and write permissions on the workspace are required."), - // Provider: to.Ptr(armsecurityinsights.ProviderNameMicrosoftOperationalInsightsWorkspaces), - // ProviderDisplayName: to.Ptr("Workspace"), - // RequiredPermissions: &armsecurityinsights.RequiredPermissions{ - // Delete: to.Ptr(true), - // Read: to.Ptr(true), - // Write: to.Ptr(true), - // }, - // Scope: to.Ptr(armsecurityinsights.PermissionProviderScopeWorkspace), - // }, - // { - // PermissionsDisplayText: to.Ptr("read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key)."), - // Provider: to.Ptr(armsecurityinsights.ProviderNameMicrosoftOperationalInsightsWorkspacesSharedKeys), - // ProviderDisplayName: to.Ptr("Keys"), - // RequiredPermissions: &armsecurityinsights.RequiredPermissions{ - // Action: to.Ptr(true), - // }, - // Scope: to.Ptr(armsecurityinsights.PermissionProviderScopeWorkspace), - // }}, - // }, - // Publisher: to.Ptr("Qualys"), - // SampleQueries: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesSampleQueriesItem{ - // { - // Description: to.Ptr("Top 10 Vulerabilities detected"), - // Query: to.Ptr("{{graphQueriesTableName}}\n | mv-expand todynamic(Detections_s)\n | extend Vulnerability = tostring(Detections_s.Results)\n | summarize count() by Vulnerability\n | top 10 by count_"), - // }}, - // Title: to.Ptr("Qualys Vulnerability Management (CCP DEMO)"), - // }, - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/GetIoTById.json -func ExampleDataConnectorsClient_Get_getAIoTDataConnector() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewDataConnectorsClient().Get(ctx, "myRg", "myWorkspace", "d2e5dc7a-f3a2-429d-954b-939fa8c2932e", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.DataConnectorsClientGetResponse{ - // DataConnectorClassification: &armsecurityinsights.IoTDataConnector{ - // Name: to.Ptr("d2e5dc7a-f3a2-429d-954b-939fa8c2932e"), - // Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/d2e5dc7a-f3a2-429d-954b-939fa8c2932e"), - // Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - // Kind: to.Ptr(armsecurityinsights.DataConnectorKindIOT), - // Properties: &armsecurityinsights.IoTDataConnectorProperties{ - // DataTypes: &armsecurityinsights.AlertsDataTypeOfDataConnector{ - // Alerts: &armsecurityinsights.DataConnectorDataTypeCommon{ - // State: to.Ptr(armsecurityinsights.DataTypeStateEnabled), - // }, - // }, - // SubscriptionID: to.Ptr("c0688291-89d7-4bed-87a2-a7b1bff43f4c"), - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json -func ExampleDataConnectorsClient_Get_getAMcasDataConnector() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewDataConnectorsClient().Get(ctx, "myRg", "myWorkspace", "b96d014d-b5c2-4a01-9aba-a8058f629d42", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.DataConnectorsClientGetResponse{ - // DataConnectorClassification: &armsecurityinsights.MCASDataConnector{ - // Name: to.Ptr("b96d014d-b5c2-4a01-9aba-a8058f629d42"), - // Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/b96d014d-b5c2-4a01-9aba-a8058f629d42"), - // Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - // Kind: to.Ptr(armsecurityinsights.DataConnectorKindMicrosoftCloudAppSecurity), - // Properties: &armsecurityinsights.MCASDataConnectorProperties{ - // TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"), - // DataTypes: &armsecurityinsights.MCASDataConnectorDataTypes{ - // Alerts: &armsecurityinsights.DataConnectorDataTypeCommon{ - // State: to.Ptr(armsecurityinsights.DataTypeStateEnabled), - // }, - // DiscoveryLogs: &armsecurityinsights.DataConnectorDataTypeCommon{ - // State: to.Ptr(armsecurityinsights.DataTypeStateEnabled), - // }, - // }, - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json -func ExampleDataConnectorsClient_Get_getAMdatpDataConnector() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewDataConnectorsClient().Get(ctx, "myRg", "myWorkspace", "06b3ccb8-1384-4bcc-aec7-852f6d57161b", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.DataConnectorsClientGetResponse{ - // DataConnectorClassification: &armsecurityinsights.MDATPDataConnector{ - // Name: to.Ptr("06b3ccb8-1384-4bcc-aec7-852f6d57161b"), - // Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/06b3ccb8-1384-4bcc-aec7-852f6d57161b"), - // Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - // Kind: to.Ptr(armsecurityinsights.DataConnectorKindMicrosoftDefenderAdvancedThreatProtection), - // Properties: &armsecurityinsights.MDATPDataConnectorProperties{ - // TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"), - // DataTypes: &armsecurityinsights.AlertsDataTypeOfDataConnector{ - // Alerts: &armsecurityinsights.DataConnectorDataTypeCommon{ - // State: to.Ptr(armsecurityinsights.DataTypeStateEnabled), - // }, - // }, - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json -func ExampleDataConnectorsClient_Get_getAMicrosoftThreatIntelligenceDataConnector() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewDataConnectorsClient().Get(ctx, "myRg", "myWorkspace", "c345bf40-8509-4ed2-b947-50cb773aaf04", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.DataConnectorsClientGetResponse{ - // DataConnectorClassification: &armsecurityinsights.MSTIDataConnector{ - // Name: to.Ptr("c345bf40-8509-4ed2-b947-50cb773aaf04"), - // Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04"), - // Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - // Kind: to.Ptr(armsecurityinsights.DataConnectorKindMicrosoftThreatIntelligence), - // Properties: &armsecurityinsights.MSTIDataConnectorProperties{ - // TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"), - // DataTypes: &armsecurityinsights.MSTIDataConnectorDataTypes{ - // BingSafetyPhishingURL: &armsecurityinsights.MSTIDataConnectorDataTypesBingSafetyPhishingURL{ - // State: to.Ptr(armsecurityinsights.DataTypeStateEnabled), - // LookbackPeriod: to.Ptr("example ??"), - // }, - // MicrosoftEmergingThreatFeed: &armsecurityinsights.MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed{ - // State: to.Ptr(armsecurityinsights.DataTypeStateEnabled), - // LookbackPeriod: to.Ptr("example"), - // }, - // }, - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/GetMicrosoftThreatProtectionById.json -func ExampleDataConnectorsClient_Get_getAMicrosoftThreatProtectionDataConnector() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewDataConnectorsClient().Get(ctx, "myRg", "myWorkspace", "c345bf40-8509-4ed2-b947-50cb773aaf04", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.DataConnectorsClientGetResponse{ - // DataConnectorClassification: &armsecurityinsights.MTPDataConnector{ - // Name: to.Ptr("c345bf40-8509-4ed2-b947-50cb773aaf04"), - // Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04"), - // Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - // Kind: to.Ptr(armsecurityinsights.DataConnectorKindMicrosoftThreatProtection), - // Properties: &armsecurityinsights.MTPDataConnectorProperties{ - // TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"), - // DataTypes: &armsecurityinsights.MTPDataConnectorDataTypes{ - // Incidents: &armsecurityinsights.MTPDataConnectorDataTypesIncidents{ - // State: to.Ptr(armsecurityinsights.DataTypeStateEnabled), - // }, - // }, - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/GetThreatIntelligenceTaxiiById.json -func ExampleDataConnectorsClient_Get_getATiTaxiiDataConnector() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewDataConnectorsClient().Get(ctx, "myRg", "myWorkspace", "c39bb458-02a7-4b3f-b0c8-71a1d2692652", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.DataConnectorsClientGetResponse{ - // DataConnectorClassification: &armsecurityinsights.TiTaxiiDataConnector{ - // Name: to.Ptr("c39bb458-02a7-4b3f-b0c8-71a1d2692652"), - // Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c39bb458-02a7-4b3f-b0c8-71a1d2692652"), - // Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - // Kind: to.Ptr(armsecurityinsights.DataConnectorKindThreatIntelligenceTaxii), - // Properties: &armsecurityinsights.TiTaxiiDataConnectorProperties{ - // TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"), - // CollectionID: to.Ptr("e0b1f32d-1188-48f7-a7a3-de71924e4b5e"), - // DataTypes: &armsecurityinsights.TiTaxiiDataConnectorDataTypes{ - // TaxiiClient: &armsecurityinsights.TiTaxiiDataConnectorDataTypesTaxiiClient{ - // State: to.Ptr(armsecurityinsights.DataTypeStateEnabled), - // }, - // }, - // FriendlyName: to.Ptr("My TI Taxii Connector"), - // Password: to.Ptr(""), - // PollingFrequency: to.Ptr(armsecurityinsights.PollingFrequencyOnceADay), - // TaxiiLookbackPeriod: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-01-01T13:00:30.123Z"); return t}()), - // TaxiiServer: to.Ptr("https://mytaxiiserver.com/taxiing/v2/api"), - // UserName: to.Ptr(""), - // WorkspaceID: to.Ptr("8b014a77-4695-4ef4-96bb-6623afb121a2"), - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/GetThreatIntelligenceById.json -func ExampleDataConnectorsClient_Get_getATiDataConnector() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewDataConnectorsClient().Get(ctx, "myRg", "myWorkspace", "c345bf40-8509-4ed2-b947-50cb773aaf04", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.DataConnectorsClientGetResponse{ - // DataConnectorClassification: &armsecurityinsights.TIDataConnector{ - // Name: to.Ptr("c345bf40-8509-4ed2-b947-50cb773aaf04"), - // Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04"), - // Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - // Kind: to.Ptr(armsecurityinsights.DataConnectorKindThreatIntelligence), - // Properties: &armsecurityinsights.TIDataConnectorProperties{ - // TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"), - // DataTypes: &armsecurityinsights.TIDataConnectorDataTypes{ - // Indicators: &armsecurityinsights.TIDataConnectorDataTypesIndicators{ - // State: to.Ptr(armsecurityinsights.DataTypeStateEnabled), - // }, - // }, - // TipLookbackPeriod: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-01-01T13:00:30.123Z"); return t}()), - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/GetAzureActiveDirectoryById.json -func ExampleDataConnectorsClient_Get_getAnAadDataConnector() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewDataConnectorsClient().Get(ctx, "myRg", "myWorkspace", "f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.DataConnectorsClientGetResponse{ - // DataConnectorClassification: &armsecurityinsights.AADDataConnector{ - // Name: to.Ptr("f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d"), - // Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d"), - // Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - // Kind: to.Ptr(armsecurityinsights.DataConnectorKindAzureActiveDirectory), - // Properties: &armsecurityinsights.AADDataConnectorProperties{ - // TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"), - // DataTypes: &armsecurityinsights.AlertsDataTypeOfDataConnector{ - // Alerts: &armsecurityinsights.DataConnectorDataTypeCommon{ - // State: to.Ptr(armsecurityinsights.DataTypeStateEnabled), - // }, - // }, - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json -func ExampleDataConnectorsClient_Get_getAnAatpDataConnector() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewDataConnectorsClient().Get(ctx, "myRg", "myWorkspace", "07e42cb3-e658-4e90-801c-efa0f29d3d44", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.DataConnectorsClientGetResponse{ - // DataConnectorClassification: &armsecurityinsights.AATPDataConnector{ - // Name: to.Ptr("07e42cb3-e658-4e90-801c-efa0f29d3d44"), - // Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/07e42cb3-e658-4e90-801c-efa0f29d3d44"), - // Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - // Kind: to.Ptr(armsecurityinsights.DataConnectorKindAzureAdvancedThreatProtection), - // Properties: &armsecurityinsights.AATPDataConnectorProperties{ - // TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"), - // DataTypes: &armsecurityinsights.AlertsDataTypeOfDataConnector{ - // Alerts: &armsecurityinsights.DataConnectorDataTypeCommon{ - // State: to.Ptr(armsecurityinsights.DataTypeStateEnabled), - // }, - // }, - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/GetAmazonWebServicesS3ById.json -func ExampleDataConnectorsClient_Get_getAnAwsS3DataConnector() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewDataConnectorsClient().Get(ctx, "myRg", "myWorkspace", "afef3743-0c88-469c-84ff-ca2e87dc1e48", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.DataConnectorsClientGetResponse{ - // DataConnectorClassification: &armsecurityinsights.AwsS3DataConnector{ - // Name: to.Ptr("afef3743-0c88-469c-84ff-ca2e87dc1e48"), - // Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/afef3743-0c88-469c-84ff-ca2e87dc1e48"), - // Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - // Kind: to.Ptr(armsecurityinsights.DataConnectorKindAmazonWebServicesS3), - // Properties: &armsecurityinsights.AwsS3DataConnectorProperties{ - // DataTypes: &armsecurityinsights.AwsS3DataConnectorDataTypes{ - // Logs: &armsecurityinsights.AwsS3DataConnectorDataTypesLogs{ - // State: to.Ptr(armsecurityinsights.DataTypeStateEnabled), - // }, - // }, - // DestinationTable: to.Ptr("AWSVPCFlow"), - // RoleArn: to.Ptr("arn:aws:iam::072643944673:role/RoleName"), - // SqsUrls: []*string{ - // to.Ptr("https://sqs.us-west-1.amazonaws.com/111111111111/sqsTestName")}, - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json -func ExampleDataConnectorsClient_Get_getAnAwsCloudTrailDataConnector() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewDataConnectorsClient().Get(ctx, "myRg", "myWorkspace", "c345bf40-8509-4ed2-b947-50cb773aaf04", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.DataConnectorsClientGetResponse{ - // DataConnectorClassification: &armsecurityinsights.AwsCloudTrailDataConnector{ - // Name: to.Ptr("c345bf40-8509-4ed2-b947-50cb773aaf04"), - // Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04"), - // Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - // Kind: to.Ptr(armsecurityinsights.DataConnectorKindAmazonWebServicesCloudTrail), - // Properties: &armsecurityinsights.AwsCloudTrailDataConnectorProperties{ - // AwsRoleArn: to.Ptr("myAwsRoleArn"), - // DataTypes: &armsecurityinsights.AwsCloudTrailDataConnectorDataTypes{ - // Logs: &armsecurityinsights.AwsCloudTrailDataConnectorDataTypesLogs{ - // State: to.Ptr(armsecurityinsights.DataTypeStateEnabled), - // }, - // }, - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/GetOffice365AdvancedThreatProtectionById.json -func ExampleDataConnectorsClient_Get_getAnOfficeAtpDataConnector() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewDataConnectorsClient().Get(ctx, "myRg", "myWorkspace", "3d3e955e-33eb-401d-89a7-251c81ddd660", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.DataConnectorsClientGetResponse{ - // DataConnectorClassification: &armsecurityinsights.OfficeATPDataConnector{ - // Name: to.Ptr("3d3e955e-33eb-401d-89a7-251c81ddd660"), - // Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660"), - // Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - // Kind: to.Ptr(armsecurityinsights.DataConnectorKindOfficeATP), - // Properties: &armsecurityinsights.OfficeATPDataConnectorProperties{ - // TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"), - // DataTypes: &armsecurityinsights.AlertsDataTypeOfDataConnector{ - // Alerts: &armsecurityinsights.DataConnectorDataTypeCommon{ - // State: to.Ptr(armsecurityinsights.DataTypeStateEnabled), - // }, - // }, - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/GetMicrosoftInsiderRiskManagementById.json -func ExampleDataConnectorsClient_Get_getAnOfficeIrmDataConnector() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewDataConnectorsClient().Get(ctx, "myRg", "myWorkspace", "3d3e955e-33eb-401d-89a7-251c81ddd660", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.DataConnectorsClientGetResponse{ - // DataConnectorClassification: &armsecurityinsights.OfficeIRMDataConnector{ - // Name: to.Ptr("3d3e955e-33eb-401d-89a7-251c81ddd660"), - // Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660"), - // Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - // Kind: to.Ptr(armsecurityinsights.DataConnectorKindOfficeIRM), - // Properties: &armsecurityinsights.OfficeIRMDataConnectorProperties{ - // TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"), - // DataTypes: &armsecurityinsights.AlertsDataTypeOfDataConnector{ - // Alerts: &armsecurityinsights.DataConnectorDataTypeCommon{ - // State: to.Ptr(armsecurityinsights.DataTypeStateEnabled), - // }, - // }, - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/GetOfficePowerBIDataConnetorById.json -func ExampleDataConnectorsClient_Get_getAnOffice365PowerBiDataConnector() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewDataConnectorsClient().Get(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.DataConnectorsClientGetResponse{ - // DataConnectorClassification: &armsecurityinsights.OfficePowerBIDataConnector{ - // Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"), - // Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5"), - // Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - // Kind: to.Ptr(armsecurityinsights.DataConnectorKindOfficePowerBI), - // Properties: &armsecurityinsights.OfficePowerBIDataConnectorProperties{ - // TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"), - // DataTypes: &armsecurityinsights.OfficePowerBIConnectorDataTypes{ - // Logs: &armsecurityinsights.OfficePowerBIConnectorDataTypesLogs{ - // State: to.Ptr(armsecurityinsights.DataTypeStateEnabled), - // }, - // }, - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/GetOffice365ProjectDataConnetorById.json -func ExampleDataConnectorsClient_Get_getAnOffice365ProjectDataConnector() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewDataConnectorsClient().Get(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.DataConnectorsClientGetResponse{ - // DataConnectorClassification: &armsecurityinsights.Office365ProjectDataConnector{ - // Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"), - // Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5"), - // Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - // Kind: to.Ptr(armsecurityinsights.DataConnectorKindOffice365Project), - // Properties: &armsecurityinsights.Office365ProjectDataConnectorProperties{ - // TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"), - // DataTypes: &armsecurityinsights.Office365ProjectConnectorDataTypes{ - // Logs: &armsecurityinsights.Office365ProjectConnectorDataTypesLogs{ - // State: to.Ptr(armsecurityinsights.DataTypeStateEnabled), - // }, - // }, - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/GetOfficeDataConnetorById.json -func ExampleDataConnectorsClient_Get_getAnOffice365DataConnector() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewDataConnectorsClient().Get(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.DataConnectorsClientGetResponse{ - // DataConnectorClassification: &armsecurityinsights.OfficeDataConnector{ - // Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"), - // Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5"), - // Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - // Kind: to.Ptr(armsecurityinsights.DataConnectorKindOffice365), - // Properties: &armsecurityinsights.OfficeDataConnectorProperties{ - // TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"), - // DataTypes: &armsecurityinsights.OfficeDataConnectorDataTypes{ - // Exchange: &armsecurityinsights.OfficeDataConnectorDataTypesExchange{ - // State: to.Ptr(armsecurityinsights.DataTypeStateEnabled), - // }, - // SharePoint: &armsecurityinsights.OfficeDataConnectorDataTypesSharePoint{ - // State: to.Ptr(armsecurityinsights.DataTypeStateEnabled), - // }, - // Teams: &armsecurityinsights.OfficeDataConnectorDataTypesTeams{ - // State: to.Ptr(armsecurityinsights.DataTypeStateEnabled), - // }, - // }, - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/CreateAPIPolling.json -func ExampleDataConnectorsClient_CreateOrUpdate_createsOrUpdatesAApiPollingDataConnector() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewDataConnectorsClient().CreateOrUpdate(ctx, "myRg", "myWorkspace", "316ec55e-7138-4d63-ab18-90c8a60fd1c8", &armsecurityinsights.CodelessAPIPollingDataConnector{ - Kind: to.Ptr(armsecurityinsights.DataConnectorKindAPIPolling), - Properties: &armsecurityinsights.APIPollingParameters{ - ConnectorUIConfig: &armsecurityinsights.CodelessUIConnectorConfigProperties{ - Availability: &armsecurityinsights.Availability{ - IsPreview: to.Ptr(true), - Status: to.Ptr[int32](1), - }, - ConnectivityCriteria: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesConnectivityCriteriaItem{ - { - Type: to.Ptr(armsecurityinsights.ConnectivityType("SentinelKindsV2")), - Value: []*string{}, - }}, - DataTypes: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesDataTypesItem{ - { - Name: to.Ptr("{{graphQueriesTableName}}"), - LastDataReceivedQuery: to.Ptr("{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"), - }}, - DescriptionMarkdown: to.Ptr("The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process."), - GraphQueries: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesGraphQueriesItem{ - { - BaseQuery: to.Ptr("{{graphQueriesTableName}}"), - Legend: to.Ptr("GitHub audit log events"), - MetricName: to.Ptr("Total events received"), - }}, - GraphQueriesTableName: to.Ptr("GitHubAuditLogPolling_CL"), - InstructionSteps: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesInstructionStepsItem{ - { - Description: to.Ptr("Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key"), - Instructions: []*armsecurityinsights.InstructionStepsInstructionsItem{ - { - Type: to.Ptr(armsecurityinsights.SettingType("APIKey")), - Parameters: map[string]any{ - "enable": "true", - "userRequestPlaceHoldersInput": []any{ - map[string]any{ - "displayText": "Organization Name", - "placeHolderName": "{{placeHolder1}}", - "placeHolderValue": "", - "requestObjectKey": "apiEndpoint", - }, - }, - }, - }}, - Title: to.Ptr("Connect GitHub Enterprise Audit Log to Azure Sentinel"), - }}, - Permissions: &armsecurityinsights.Permissions{ - Customs: []*armsecurityinsights.PermissionsCustomsItem{ - { - Name: to.Ptr("GitHub API personal token Key"), - Description: to.Ptr("You need access to GitHub personal token, the key should have 'admin:org' scope"), - }}, - ResourceProvider: []*armsecurityinsights.PermissionsResourceProviderItem{ - { - PermissionsDisplayText: to.Ptr("read and write permissions are required."), - Provider: to.Ptr(armsecurityinsights.ProviderNameMicrosoftOperationalInsightsWorkspaces), - ProviderDisplayName: to.Ptr("Workspace"), - RequiredPermissions: &armsecurityinsights.RequiredPermissions{ - Delete: to.Ptr(true), - Read: to.Ptr(true), - Write: to.Ptr(true), - }, - Scope: to.Ptr(armsecurityinsights.PermissionProviderScopeWorkspace), - }}, - }, - Publisher: to.Ptr("GitHub"), - SampleQueries: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesSampleQueriesItem{ - { - Description: to.Ptr("All logs"), - Query: to.Ptr("{{graphQueriesTableName}}\n | take 10 "), - }}, - Title: to.Ptr("GitHub Enterprise Audit Log"), - }, - PollingConfig: &armsecurityinsights.CodelessConnectorPollingConfigProperties{ - Auth: &armsecurityinsights.CodelessConnectorPollingAuthProperties{ - APIKeyIdentifier: to.Ptr("token"), - APIKeyName: to.Ptr("Authorization"), - AuthType: to.Ptr("APIKey"), - }, - Paging: &armsecurityinsights.CodelessConnectorPollingPagingProperties{ - PageSizeParaName: to.Ptr("per_page"), - PagingType: to.Ptr("LinkHeader"), - }, - Response: &armsecurityinsights.CodelessConnectorPollingResponseProperties{ - EventsJSONPaths: []*string{ - to.Ptr("$")}, - }, - Request: &armsecurityinsights.CodelessConnectorPollingRequestProperties{ - APIEndpoint: to.Ptr("https://api.github.com/organizations/{{placeHolder1}}/audit-log"), - Headers: map[string]any{ - "Accept": "application/json", - "User-Agent": "Scuba", - }, - HTTPMethod: to.Ptr("Get"), - QueryParameters: map[string]any{ - "phrase": "created:{_QueryWindowStartTime}..{_QueryWindowEndTime}", - }, - QueryTimeFormat: to.Ptr("yyyy-MM-ddTHH:mm:ssZ"), - QueryWindowInMin: to.Ptr[int32](15), - RateLimitQPS: to.Ptr[int32](50), - RetryCount: to.Ptr[int32](2), - TimeoutInSeconds: to.Ptr[int32](60), - }, - }, - }, - }, nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.DataConnectorsClientCreateOrUpdateResponse{ - // DataConnectorClassification: &armsecurityinsights.CodelessAPIPollingDataConnector{ - // Name: to.Ptr("316ec55e-7138-4d63-ab18-90c8a60fd1c8"), - // Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8"), - // Etag: to.Ptr("\"1a00b074-0000-0100-0000-606ef5bd0000\""), - // Kind: to.Ptr(armsecurityinsights.DataConnectorKindAPIPolling), - // Properties: &armsecurityinsights.APIPollingParameters{ - // ConnectorUIConfig: &armsecurityinsights.CodelessUIConnectorConfigProperties{ - // Availability: &armsecurityinsights.Availability{ - // IsPreview: to.Ptr(true), - // Status: to.Ptr[int32](1), - // }, - // ConnectivityCriteria: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesConnectivityCriteriaItem{ - // { - // Type: to.Ptr(armsecurityinsights.ConnectivityType("SentinelKindsV2")), - // Value: []*string{ - // }, - // }}, - // DataTypes: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesDataTypesItem{ - // { - // Name: to.Ptr("{{graphQueriesTableName}}"), - // LastDataReceivedQuery: to.Ptr("{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"), - // }}, - // DescriptionMarkdown: to.Ptr("The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process."), - // GraphQueries: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesGraphQueriesItem{ - // { - // BaseQuery: to.Ptr("{{graphQueriesTableName}}"), - // Legend: to.Ptr("GitHub audit log events"), - // MetricName: to.Ptr("Total events received"), - // }}, - // GraphQueriesTableName: to.Ptr("GitHubAuditLogPolling_CL"), - // InstructionSteps: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesInstructionStepsItem{ - // { - // Description: to.Ptr("Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key"), - // Instructions: []*armsecurityinsights.InstructionStepsInstructionsItem{ - // { - // Type: to.Ptr(armsecurityinsights.SettingType("APIKey")), - // Parameters: map[string]any{ - // "enable": "true", - // "userRequestPlaceHoldersInput":[]any{ - // map[string]any{ - // "displayText": "Organization Name", - // "placeHolderName": "{{placeHolder1}}", - // "placeHolderValue": "", - // "requestObjectKey": "apiEndpoint", - // }, - // }, - // }, - // }}, - // Title: to.Ptr("Connect GitHub Enterprise Audit Log to Azure Sentinel"), - // }}, - // Permissions: &armsecurityinsights.Permissions{ - // Customs: []*armsecurityinsights.PermissionsCustomsItem{ - // { - // Name: to.Ptr("GitHub API personal token Key"), - // Description: to.Ptr("You need access to GitHub personal token, the key should have 'admin:org' scope"), - // }}, - // ResourceProvider: []*armsecurityinsights.PermissionsResourceProviderItem{ - // { - // PermissionsDisplayText: to.Ptr("read and write permissions are required."), - // Provider: to.Ptr(armsecurityinsights.ProviderNameMicrosoftOperationalInsightsWorkspaces), - // ProviderDisplayName: to.Ptr("Workspace"), - // RequiredPermissions: &armsecurityinsights.RequiredPermissions{ - // Delete: to.Ptr(true), - // Read: to.Ptr(true), - // Write: to.Ptr(true), - // }, - // Scope: to.Ptr(armsecurityinsights.PermissionProviderScopeWorkspace), - // }}, - // }, - // Publisher: to.Ptr("GitHub"), - // SampleQueries: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesSampleQueriesItem{ - // { - // Description: to.Ptr("All logs"), - // Query: to.Ptr("{{graphQueriesTableName}}\n | take 10 "), - // }}, - // Title: to.Ptr("GitHub Enterprise Audit Log"), - // }, - // PollingConfig: &armsecurityinsights.CodelessConnectorPollingConfigProperties{ - // Auth: &armsecurityinsights.CodelessConnectorPollingAuthProperties{ - // APIKeyIdentifier: to.Ptr("token"), - // APIKeyName: to.Ptr("Authorization"), - // AuthType: to.Ptr("APIKey"), - // }, - // Paging: &armsecurityinsights.CodelessConnectorPollingPagingProperties{ - // PageSizeParaName: to.Ptr("per_page"), - // PagingType: to.Ptr("LinkHeader"), - // }, - // Response: &armsecurityinsights.CodelessConnectorPollingResponseProperties{ - // EventsJSONPaths: []*string{ - // to.Ptr("$")}, - // }, - // Request: &armsecurityinsights.CodelessConnectorPollingRequestProperties{ - // APIEndpoint: to.Ptr("https://api.github.com/organizations/{{placeHolder1}}/audit-log"), - // Headers: map[string]any{ - // "Accept": "application/json", - // "User-Agent": "Scuba", - // }, - // HTTPMethod: to.Ptr("Get"), - // QueryParameters: map[string]any{ - // "phrase": "created:{_QueryWindowStartTime}..{_QueryWindowEndTime}", - // }, - // QueryTimeFormat: to.Ptr("yyyy-MM-ddTHH:mm:ssZ"), - // QueryWindowInMin: to.Ptr[int32](15), - // RateLimitQPS: to.Ptr[int32](50), - // RetryCount: to.Ptr[int32](2), - // TimeoutInSeconds: to.Ptr[int32](60), - // }, - // }, - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/CreateDynamics365DataConnetor.json -func ExampleDataConnectorsClient_CreateOrUpdate_createsOrUpdatesADynamics365DataConnector() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewDataConnectorsClient().CreateOrUpdate(ctx, "myRg", "myWorkspace", "c2541efb-c9a6-47fe-9501-87d1017d1512", &armsecurityinsights.Dynamics365DataConnector{ - Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - Kind: to.Ptr(armsecurityinsights.DataConnectorKindDynamics365), - Properties: &armsecurityinsights.Dynamics365DataConnectorProperties{ - TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"), - DataTypes: &armsecurityinsights.Dynamics365DataConnectorDataTypes{ - Dynamics365CdsActivities: &armsecurityinsights.Dynamics365DataConnectorDataTypesDynamics365CdsActivities{ - State: to.Ptr(armsecurityinsights.DataTypeStateEnabled), - }, - }, - }, - }, nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.DataConnectorsClientCreateOrUpdateResponse{ - // DataConnectorClassification: &armsecurityinsights.Dynamics365DataConnector{ - // Name: to.Ptr("c2541efb-c9a6-47fe-9501-87d1017d1512"), - // Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5"), - // Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - // Kind: to.Ptr(armsecurityinsights.DataConnectorKindDynamics365), - // Properties: &armsecurityinsights.Dynamics365DataConnectorProperties{ - // TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"), - // DataTypes: &armsecurityinsights.Dynamics365DataConnectorDataTypes{ - // Dynamics365CdsActivities: &armsecurityinsights.Dynamics365DataConnectorDataTypesDynamics365CdsActivities{ - // State: to.Ptr(armsecurityinsights.DataTypeStateEnabled), - // }, - // }, - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/CreateGenericUI.json -func ExampleDataConnectorsClient_CreateOrUpdate_createsOrUpdatesAGenericUiDataConnector() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewDataConnectorsClient().CreateOrUpdate(ctx, "myRg", "myWorkspace", "316ec55e-7138-4d63-ab18-90c8a60fd1c8", &armsecurityinsights.CodelessUIDataConnector{ - Kind: to.Ptr(armsecurityinsights.DataConnectorKindGenericUI), - Properties: &armsecurityinsights.CodelessParameters{ - ConnectorUIConfig: &armsecurityinsights.CodelessUIConnectorConfigProperties{ - Availability: &armsecurityinsights.Availability{ - IsPreview: to.Ptr(true), - Status: to.Ptr[int32](1), - }, - ConnectivityCriteria: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesConnectivityCriteriaItem{ - { - Type: to.Ptr(armsecurityinsights.ConnectivityTypeIsConnectedQuery), - Value: []*string{ - to.Ptr("{{graphQueriesTableName}}\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)")}, - }}, - DataTypes: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesDataTypesItem{ - { - Name: to.Ptr("{{graphQueriesTableName}}"), - LastDataReceivedQuery: to.Ptr("{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"), - }}, - DescriptionMarkdown: to.Ptr("The [Qualys Vulnerability Management (VM)](https://www.qualys.com/apps/vulnerability-management/) data connector provides the capability to ingest vulnerability host detection data into Azure Sentinel through the Qualys API. The connector provides visibility into host detection data from vulerability scans. This connector provides Azure Sentinel the capability to view dashboards, create custom alerts, and improve investigation "), - GraphQueries: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesGraphQueriesItem{ - { - BaseQuery: to.Ptr("{{graphQueriesTableName}}"), - Legend: to.Ptr("{{graphQueriesTableName}}"), - MetricName: to.Ptr("Total data received"), - }}, - GraphQueriesTableName: to.Ptr("QualysHostDetection_CL"), - InstructionSteps: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesInstructionStepsItem{ - { - Description: to.Ptr(">**NOTE:** This connector uses Azure Functions to connect to Qualys VM to pull its logs into Azure Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details."), - Title: to.Ptr(""), - }, - { - Description: to.Ptr(">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App."), - Title: to.Ptr(""), - }, - { - Description: to.Ptr("**STEP 1 - Configuration steps for the Qualys VM API**\n\n1. Log into the Qualys Vulnerability Management console with an administrator account, select the **Users** tab and the **Users** subtab. \n2. Click on the **New** drop-down menu and select **Users..**\n3. Create a username and password for the API account. \n4. In the **User Roles** tab, ensure the account role is set to **Manager** and access is allowed to **GUI** and **API**\n4. Log out of the administrator account and log into the console with the new API credentials for validation, then log out of the API account. \n5. Log back into the console using an administrator account and modify the API accounts User Roles, removing access to **GUI**. \n6. Save all changes."), - Title: to.Ptr(""), - }, - { - Description: to.Ptr("**STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the Qualys VM connector, have the Workspace ID and Workspace Primary Key (can be copied from the following), as well as the Qualys VM API Authorization Key(s), readily available."), - Instructions: []*armsecurityinsights.InstructionStepsInstructionsItem{ - { - Type: to.Ptr(armsecurityinsights.SettingTypeCopyableLabel), - Parameters: map[string]any{ - "fillWith": []any{ - "WorkspaceId", - }, - "label": "Workspace ID", - }, - }, - { - Type: to.Ptr(armsecurityinsights.SettingTypeCopyableLabel), - Parameters: map[string]any{ - "fillWith": []any{ - "PrimaryKey", - }, - "label": "Primary Key", - }, - }}, - Title: to.Ptr(""), - }, - { - Description: to.Ptr("Use this method for automated deployment of the Qualys VM connector using an ARM Tempate.\n\n1. Click the **Deploy to Azure** button below. \n\n [![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinelqualysvmazuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the **Workspace ID**, **Workspace Key**, **API Username**, **API Password** , update the **URI**, and any additional URI **Filter Parameters** (each filter should be separated by an \"&\" symbol, no spaces.) \n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348) -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format. \n - The default **Time Interval** is set to pull the last five (5) minutes of data. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly (in the function.json file, post deployment) to prevent overlapping data ingestion. \n> - Note: If using Azure Key Vault secrets for any of the values above, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details. \n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n5. Click **Purchase** to deploy."), - Title: to.Ptr("Option 1 - Azure Resource Manager (ARM) Template"), - }, - { - Description: to.Ptr("Use the following step-by-step instructions to deploy the Quayls VM connector manually with Azure Functions."), - Title: to.Ptr("Option 2 - Manual Deployment of Azure Functions"), - }, - { - Description: to.Ptr("**1. Create a Function App**\n\n1. From the Azure Portal, navigate to [Function App](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Web%2Fsites/kind/functionapp), and select **+ Add**.\n2. In the **Basics** tab, ensure Runtime stack is set to **Powershell Core**. \n3. In the **Hosting** tab, ensure the **Consumption (Serverless)** plan type is selected.\n4. Make other preferrable configuration changes, if needed, then click **Create**."), - Title: to.Ptr(""), - }, - { - Description: to.Ptr("**2. Import Function App Code**\n\n1. In the newly created Function App, select **Functions** on the left pane and click **+ New Function**.\n2. Select **Timer Trigger**.\n3. Enter a unique Function **Name** and leave the default cron schedule of every 5 minutes, then click **Create**.\n5. Click on **Code + Test** on the left pane. \n6. Copy the [Function App Code](https://aka.ms/sentinelqualysvmazurefunctioncode) and paste into the Function App `run.ps1` editor.\n7. Click **Save**."), - Title: to.Ptr(""), - }, - { - Description: to.Ptr("**3. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following seven (7) application settings individually, with their respective string values (case-sensitive): \n apiUsername\n apiPassword\n workspaceID\n workspaceKey\n uri\n filterParameters\n timeInterval\n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348). The `uri` value must follow the following schema: `https:///api/2.0/fo/asset/host/vm/detection/?action=list&vm_processed_after=` -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format.\n> - Add any additional filter parameters, for the `filterParameters` variable, that need to be appended to the URI. Each parameter should be seperated by an \"&\" symbol and should not include any spaces.\n> - Set the `timeInterval` (in minutes) to the value of `5` to correspond to the Timer Trigger of every `5` minutes. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly to prevent overlapping data ingestion.\n> - Note: If using Azure Key Vault, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details.\n4. Once all application settings have been entered, click **Save**."), - Title: to.Ptr(""), - }, - { - Description: to.Ptr("**4. Configure the host.json**.\n\nDue to the potentially large amount of Qualys host detection data being ingested, it can cause the execution time to surpass the default Function App timeout of five (5) minutes. Increase the default timeout duration to the maximum of ten (10) minutes, under the Consumption Plan, to allow more time for the Function App to execute.\n\n1. In the Function App, select the Function App Name and select the **App Service Editor** blade.\n2. Click **Go** to open the editor, then select the **host.json** file under the **wwwroot** directory.\n3. Add the line `\"functionTimeout\": \"00:10:00\",` above the `managedDependancy` line \n4. Ensure **SAVED** appears on the top right corner of the editor, then exit the editor.\n\n> NOTE: If a longer timeout duration is required, consider upgrading to an [App Service Plan](https://docs.microsoft.com/azure/azure-functions/functions-scale#timeout)"), - Title: to.Ptr(""), - }}, - Permissions: &armsecurityinsights.Permissions{ - Customs: []*armsecurityinsights.PermissionsCustomsItem{ - { - Name: to.Ptr("Microsoft.Web/sites permissions"), - Description: to.Ptr("Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)."), - }, - { - Name: to.Ptr("Qualys API Key"), - Description: to.Ptr("A Qualys VM API username and password is required. [See the documentation to learn more about Qualys VM API](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf)."), - }}, - ResourceProvider: []*armsecurityinsights.PermissionsResourceProviderItem{ - { - PermissionsDisplayText: to.Ptr("read and write permissions on the workspace are required."), - Provider: to.Ptr(armsecurityinsights.ProviderNameMicrosoftOperationalInsightsWorkspaces), - ProviderDisplayName: to.Ptr("Workspace"), - RequiredPermissions: &armsecurityinsights.RequiredPermissions{ - Delete: to.Ptr(true), - Read: to.Ptr(true), - Write: to.Ptr(true), - }, - Scope: to.Ptr(armsecurityinsights.PermissionProviderScopeWorkspace), - }, - { - PermissionsDisplayText: to.Ptr("read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key)."), - Provider: to.Ptr(armsecurityinsights.ProviderNameMicrosoftOperationalInsightsWorkspacesSharedKeys), - ProviderDisplayName: to.Ptr("Keys"), - RequiredPermissions: &armsecurityinsights.RequiredPermissions{ - Action: to.Ptr(true), - }, - Scope: to.Ptr(armsecurityinsights.PermissionProviderScopeWorkspace), - }}, - }, - Publisher: to.Ptr("Qualys"), - SampleQueries: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesSampleQueriesItem{ - { - Description: to.Ptr("Top 10 Vulerabilities detected"), - Query: to.Ptr("{{graphQueriesTableName}}\n | mv-expand todynamic(Detections_s)\n | extend Vulnerability = tostring(Detections_s.Results)\n | summarize count() by Vulnerability\n | top 10 by count_"), - }}, - Title: to.Ptr("Qualys Vulnerability Management (CCP DEMO)"), - }, - }, - }, nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.DataConnectorsClientCreateOrUpdateResponse{ - // DataConnectorClassification: &armsecurityinsights.CodelessUIDataConnector{ - // Name: to.Ptr("316ec55e-7138-4d63-ab18-90c8a60fd1c8"), - // Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8"), - // Etag: to.Ptr("\"1a00b074-0000-0100-0000-606ef5bd0000\""), - // Kind: to.Ptr(armsecurityinsights.DataConnectorKindGenericUI), - // Properties: &armsecurityinsights.CodelessParameters{ - // ConnectorUIConfig: &armsecurityinsights.CodelessUIConnectorConfigProperties{ - // Availability: &armsecurityinsights.Availability{ - // IsPreview: to.Ptr(true), - // Status: to.Ptr[int32](1), - // }, - // ConnectivityCriteria: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesConnectivityCriteriaItem{ - // { - // Type: to.Ptr(armsecurityinsights.ConnectivityTypeIsConnectedQuery), - // Value: []*string{ - // to.Ptr("{{graphQueriesTableName}}\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)")}, - // }}, - // DataTypes: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesDataTypesItem{ - // { - // Name: to.Ptr("{{graphQueriesTableName}}"), - // LastDataReceivedQuery: to.Ptr("{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"), - // }}, - // DescriptionMarkdown: to.Ptr("The [Qualys Vulnerability Management (VM)](https://www.qualys.com/apps/vulnerability-management/) data connector provides the capability to ingest vulnerability host detection data into Azure Sentinel through the Qualys API. The connector provides visibility into host detection data from vulerability scans. This connector provides Azure Sentinel the capability to view dashboards, create custom alerts, and improve investigation "), - // GraphQueries: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesGraphQueriesItem{ - // { - // BaseQuery: to.Ptr("{{graphQueriesTableName}}"), - // Legend: to.Ptr("{{graphQueriesTableName}}"), - // MetricName: to.Ptr("Total data received"), - // }}, - // GraphQueriesTableName: to.Ptr("QualysHostDetection_CL"), - // InstructionSteps: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesInstructionStepsItem{ - // { - // Description: to.Ptr(">**NOTE:** This connector uses Azure Functions to connect to Qualys VM to pull its logs into Azure Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details."), - // Title: to.Ptr(""), - // }, - // { - // Description: to.Ptr(">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App."), - // Title: to.Ptr(""), - // }, - // { - // Description: to.Ptr("**STEP 1 - Configuration steps for the Qualys VM API**\n\n1. Log into the Qualys Vulnerability Management console with an administrator account, select the **Users** tab and the **Users** subtab. \n2. Click on the **New** drop-down menu and select **Users..**\n3. Create a username and password for the API account. \n4. In the **User Roles** tab, ensure the account role is set to **Manager** and access is allowed to **GUI** and **API**\n4. Log out of the administrator account and log into the console with the new API credentials for validation, then log out of the API account. \n5. Log back into the console using an administrator account and modify the API accounts User Roles, removing access to **GUI**. \n6. Save all changes."), - // Title: to.Ptr(""), - // }, - // { - // Description: to.Ptr("**STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the Qualys VM connector, have the Workspace ID and Workspace Primary Key (can be copied from the following), as well as the Qualys VM API Authorization Key(s), readily available."), - // Instructions: []*armsecurityinsights.InstructionStepsInstructionsItem{ - // { - // Type: to.Ptr(armsecurityinsights.SettingTypeCopyableLabel), - // Parameters: map[string]any{ - // "fillWith":[]any{ - // "WorkspaceId", - // }, - // "label": "Workspace ID", - // }, - // }, - // { - // Type: to.Ptr(armsecurityinsights.SettingTypeCopyableLabel), - // Parameters: map[string]any{ - // "fillWith":[]any{ - // "PrimaryKey", - // }, - // "label": "Primary Key", - // }, - // }}, - // Title: to.Ptr(""), - // }, - // { - // Description: to.Ptr("Use this method for automated deployment of the Qualys VM connector using an ARM Tempate.\n\n1. Click the **Deploy to Azure** button below. \n\n [![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinelqualysvmazuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the **Workspace ID**, **Workspace Key**, **API Username**, **API Password** , update the **URI**, and any additional URI **Filter Parameters** (each filter should be separated by an \"&\" symbol, no spaces.) \n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348) -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format. \n - The default **Time Interval** is set to pull the last five (5) minutes of data. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly (in the function.json file, post deployment) to prevent overlapping data ingestion. \n> - Note: If using Azure Key Vault secrets for any of the values above, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details. \n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n5. Click **Purchase** to deploy."), - // Title: to.Ptr("Option 1 - Azure Resource Manager (ARM) Template"), - // }, - // { - // Description: to.Ptr("Use the following step-by-step instructions to deploy the Quayls VM connector manually with Azure Functions."), - // Title: to.Ptr("Option 2 - Manual Deployment of Azure Functions"), - // }, - // { - // Description: to.Ptr("**1. Create a Function App**\n\n1. From the Azure Portal, navigate to [Function App](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Web%2Fsites/kind/functionapp), and select **+ Add**.\n2. In the **Basics** tab, ensure Runtime stack is set to **Powershell Core**. \n3. In the **Hosting** tab, ensure the **Consumption (Serverless)** plan type is selected.\n4. Make other preferrable configuration changes, if needed, then click **Create**."), - // Title: to.Ptr(""), - // }, - // { - // Description: to.Ptr("**2. Import Function App Code**\n\n1. In the newly created Function App, select **Functions** on the left pane and click **+ New Function**.\n2. Select **Timer Trigger**.\n3. Enter a unique Function **Name** and leave the default cron schedule of every 5 minutes, then click **Create**.\n5. Click on **Code + Test** on the left pane. \n6. Copy the [Function App Code](https://aka.ms/sentinelqualysvmazurefunctioncode) and paste into the Function App `run.ps1` editor.\n7. Click **Save**."), - // Title: to.Ptr(""), - // }, - // { - // Description: to.Ptr("**3. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following seven (7) application settings individually, with their respective string values (case-sensitive): \n apiUsername\n apiPassword\n workspaceID\n workspaceKey\n uri\n filterParameters\n timeInterval\n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348). The `uri` value must follow the following schema: `https:///api/2.0/fo/asset/host/vm/detection/?action=list&vm_processed_after=` -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format.\n> - Add any additional filter parameters, for the `filterParameters` variable, that need to be appended to the URI. Each parameter should be seperated by an \"&\" symbol and should not include any spaces.\n> - Set the `timeInterval` (in minutes) to the value of `5` to correspond to the Timer Trigger of every `5` minutes. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly to prevent overlapping data ingestion.\n> - Note: If using Azure Key Vault, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details.\n4. Once all application settings have been entered, click **Save**."), - // Title: to.Ptr(""), - // }, - // { - // Description: to.Ptr("**4. Configure the host.json**.\n\nDue to the potentially large amount of Qualys host detection data being ingested, it can cause the execution time to surpass the default Function App timeout of five (5) minutes. Increase the default timeout duration to the maximum of ten (10) minutes, under the Consumption Plan, to allow more time for the Function App to execute.\n\n1. In the Function App, select the Function App Name and select the **App Service Editor** blade.\n2. Click **Go** to open the editor, then select the **host.json** file under the **wwwroot** directory.\n3. Add the line `\"functionTimeout\": \"00:10:00\",` above the `managedDependancy` line \n4. Ensure **SAVED** appears on the top right corner of the editor, then exit the editor.\n\n> NOTE: If a longer timeout duration is required, consider upgrading to an [App Service Plan](https://docs.microsoft.com/azure/azure-functions/functions-scale#timeout)"), - // Title: to.Ptr(""), - // }}, - // Permissions: &armsecurityinsights.Permissions{ - // Customs: []*armsecurityinsights.PermissionsCustomsItem{ - // { - // Name: to.Ptr("Microsoft.Web/sites permissions"), - // Description: to.Ptr("Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)."), - // }, - // { - // Name: to.Ptr("Qualys API Key"), - // Description: to.Ptr("A Qualys VM API username and password is required. [See the documentation to learn more about Qualys VM API](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf)."), - // }}, - // ResourceProvider: []*armsecurityinsights.PermissionsResourceProviderItem{ - // { - // PermissionsDisplayText: to.Ptr("read and write permissions on the workspace are required."), - // Provider: to.Ptr(armsecurityinsights.ProviderNameMicrosoftOperationalInsightsWorkspaces), - // ProviderDisplayName: to.Ptr("Workspace"), - // RequiredPermissions: &armsecurityinsights.RequiredPermissions{ - // Delete: to.Ptr(true), - // Read: to.Ptr(true), - // Write: to.Ptr(true), - // }, - // Scope: to.Ptr(armsecurityinsights.PermissionProviderScopeWorkspace), - // }, - // { - // PermissionsDisplayText: to.Ptr("read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key)."), - // Provider: to.Ptr(armsecurityinsights.ProviderNameMicrosoftOperationalInsightsWorkspacesSharedKeys), - // ProviderDisplayName: to.Ptr("Keys"), - // RequiredPermissions: &armsecurityinsights.RequiredPermissions{ - // Action: to.Ptr(true), - // }, - // Scope: to.Ptr(armsecurityinsights.PermissionProviderScopeWorkspace), - // }}, - // }, - // Publisher: to.Ptr("Qualys"), - // SampleQueries: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesSampleQueriesItem{ - // { - // Description: to.Ptr("Top 10 Vulerabilities detected"), - // Query: to.Ptr("{{graphQueriesTableName}}\n | mv-expand todynamic(Detections_s)\n | extend Vulnerability = tostring(Detections_s.Results)\n | summarize count() by Vulnerability\n | top 10 by count_"), - // }}, - // Title: to.Ptr("Qualys Vulnerability Management (CCP DEMO)"), - // }, - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json -func ExampleDataConnectorsClient_CreateOrUpdate_createsOrUpdatesAThreatIntelligenceTaxiiDataConnector() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewDataConnectorsClient().CreateOrUpdate(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", &armsecurityinsights.TiTaxiiDataConnector{ - Etag: to.Ptr("d12423f6-a60b-4ca5-88c0-feb1a182d0f0"), - Kind: to.Ptr(armsecurityinsights.DataConnectorKindThreatIntelligenceTaxii), - Properties: &armsecurityinsights.TiTaxiiDataConnectorProperties{ - TenantID: to.Ptr("06b3ccb8-1384-4bcc-aec7-852f6d57161b"), - CollectionID: to.Ptr("135"), - DataTypes: &armsecurityinsights.TiTaxiiDataConnectorDataTypes{ - TaxiiClient: &armsecurityinsights.TiTaxiiDataConnectorDataTypesTaxiiClient{ - State: to.Ptr(armsecurityinsights.DataTypeStateEnabled), - }, - }, - FriendlyName: to.Ptr("testTaxii"), - Password: to.Ptr("--"), - PollingFrequency: to.Ptr(armsecurityinsights.PollingFrequencyOnceADay), - TaxiiLookbackPeriod: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-01-01T13:00:30.123Z"); return t }()), - TaxiiServer: to.Ptr("https://limo.anomali.com/api/v1/taxii2/feeds"), - UserName: to.Ptr("--"), - WorkspaceID: to.Ptr("dd124572-4962-4495-9bd2-9dade12314b4"), - }, - }, nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.DataConnectorsClientCreateOrUpdateResponse{ - // DataConnectorClassification: &armsecurityinsights.TiTaxiiDataConnector{ - // Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"), - // Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5"), - // Etag: to.Ptr("d12423f6-a60b-4ca5-88c0-feb1a182d0f0"), - // Kind: to.Ptr(armsecurityinsights.DataConnectorKindThreatIntelligenceTaxii), - // Properties: &armsecurityinsights.TiTaxiiDataConnectorProperties{ - // TenantID: to.Ptr("06b3ccb8-1384-4bcc-aec7-852f6d57161b"), - // CollectionID: to.Ptr("135"), - // DataTypes: &armsecurityinsights.TiTaxiiDataConnectorDataTypes{ - // TaxiiClient: &armsecurityinsights.TiTaxiiDataConnectorDataTypesTaxiiClient{ - // State: to.Ptr(armsecurityinsights.DataTypeStateEnabled), - // }, - // }, - // FriendlyName: to.Ptr("testTaxii"), - // PollingFrequency: to.Ptr(armsecurityinsights.PollingFrequencyOnceADay), - // TaxiiLookbackPeriod: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-01-01T13:00:30.123Z"); return t}()), - // TaxiiServer: to.Ptr("https://limo.anomali.com/api/v1/taxii2/feeds"), - // WorkspaceID: to.Ptr("28e5f051-34cb-4208-9037-693e5342a871"), - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/CreateOfficePowerBIDataConnector.json -func ExampleDataConnectorsClient_CreateOrUpdate_createsOrUpdatesAnOfficePowerBiDataConnector() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewDataConnectorsClient().CreateOrUpdate(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", &armsecurityinsights.OfficePowerBIDataConnector{ - Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - Kind: to.Ptr(armsecurityinsights.DataConnectorKindOfficePowerBI), - Properties: &armsecurityinsights.OfficePowerBIDataConnectorProperties{ - TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"), - DataTypes: &armsecurityinsights.OfficePowerBIConnectorDataTypes{ - Logs: &armsecurityinsights.OfficePowerBIConnectorDataTypesLogs{ - State: to.Ptr(armsecurityinsights.DataTypeStateEnabled), - }, - }, - }, - }, nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.DataConnectorsClientCreateOrUpdateResponse{ - // DataConnectorClassification: &armsecurityinsights.OfficePowerBIDataConnector{ - // Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"), - // Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5"), - // Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - // Kind: to.Ptr(armsecurityinsights.DataConnectorKindOfficePowerBI), - // Properties: &armsecurityinsights.OfficePowerBIDataConnectorProperties{ - // TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"), - // DataTypes: &armsecurityinsights.OfficePowerBIConnectorDataTypes{ - // Logs: &armsecurityinsights.OfficePowerBIConnectorDataTypesLogs{ - // State: to.Ptr(armsecurityinsights.DataTypeStateEnabled), - // }, - // }, - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/CreateOffice365ProjectDataConnetor.json -func ExampleDataConnectorsClient_CreateOrUpdate_createsOrUpdatesAnOffice365ProjectDataConnector() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewDataConnectorsClient().CreateOrUpdate(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", &armsecurityinsights.Office365ProjectDataConnector{ - Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - Kind: to.Ptr(armsecurityinsights.DataConnectorKindOffice365Project), - Properties: &armsecurityinsights.Office365ProjectDataConnectorProperties{ - TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"), - DataTypes: &armsecurityinsights.Office365ProjectConnectorDataTypes{ - Logs: &armsecurityinsights.Office365ProjectConnectorDataTypesLogs{ - State: to.Ptr(armsecurityinsights.DataTypeStateEnabled), - }, - }, - }, - }, nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.DataConnectorsClientCreateOrUpdateResponse{ - // DataConnectorClassification: &armsecurityinsights.Office365ProjectDataConnector{ - // Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"), - // Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5"), - // Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - // Kind: to.Ptr(armsecurityinsights.DataConnectorKindOffice365Project), - // Properties: &armsecurityinsights.Office365ProjectDataConnectorProperties{ - // TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"), - // DataTypes: &armsecurityinsights.Office365ProjectConnectorDataTypes{ - // Logs: &armsecurityinsights.Office365ProjectConnectorDataTypesLogs{ - // State: to.Ptr(armsecurityinsights.DataTypeStateEnabled), - // }, - // }, - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/CreateOfficeDataConnetor.json -func ExampleDataConnectorsClient_CreateOrUpdate_createsOrUpdatesAnOffice365DataConnector() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewDataConnectorsClient().CreateOrUpdate(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", &armsecurityinsights.OfficeDataConnector{ - Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - Kind: to.Ptr(armsecurityinsights.DataConnectorKindOffice365), - Properties: &armsecurityinsights.OfficeDataConnectorProperties{ - TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"), - DataTypes: &armsecurityinsights.OfficeDataConnectorDataTypes{ - Exchange: &armsecurityinsights.OfficeDataConnectorDataTypesExchange{ - State: to.Ptr(armsecurityinsights.DataTypeStateEnabled), - }, - SharePoint: &armsecurityinsights.OfficeDataConnectorDataTypesSharePoint{ - State: to.Ptr(armsecurityinsights.DataTypeStateEnabled), - }, - Teams: &armsecurityinsights.OfficeDataConnectorDataTypesTeams{ - State: to.Ptr(armsecurityinsights.DataTypeStateEnabled), - }, - }, - }, - }, nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.DataConnectorsClientCreateOrUpdateResponse{ - // DataConnectorClassification: &armsecurityinsights.OfficeDataConnector{ - // Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"), - // Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5"), - // Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - // Kind: to.Ptr(armsecurityinsights.DataConnectorKindOffice365), - // Properties: &armsecurityinsights.OfficeDataConnectorProperties{ - // TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"), - // DataTypes: &armsecurityinsights.OfficeDataConnectorDataTypes{ - // Exchange: &armsecurityinsights.OfficeDataConnectorDataTypesExchange{ - // State: to.Ptr(armsecurityinsights.DataTypeStateEnabled), - // }, - // SharePoint: &armsecurityinsights.OfficeDataConnectorDataTypesSharePoint{ - // State: to.Ptr(armsecurityinsights.DataTypeStateEnabled), - // }, - // Teams: &armsecurityinsights.OfficeDataConnectorDataTypesTeams{ - // State: to.Ptr(armsecurityinsights.DataTypeStateEnabled), - // }, - // }, - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json -func ExampleDataConnectorsClient_CreateOrUpdate_createsOrUpdatesAnThreatIntelligencePlatformDataConnector() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewDataConnectorsClient().CreateOrUpdate(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", &armsecurityinsights.TIDataConnector{ - Kind: to.Ptr(armsecurityinsights.DataConnectorKindThreatIntelligence), - Properties: &armsecurityinsights.TIDataConnectorProperties{ - TenantID: to.Ptr("06b3ccb8-1384-4bcc-aec7-852f6d57161b"), - DataTypes: &armsecurityinsights.TIDataConnectorDataTypes{ - Indicators: &armsecurityinsights.TIDataConnectorDataTypesIndicators{ - State: to.Ptr(armsecurityinsights.DataTypeStateEnabled), - }, - }, - TipLookbackPeriod: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-01-01T13:00:30.123Z"); return t }()), - }, - }, nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.DataConnectorsClientCreateOrUpdateResponse{ - // DataConnectorClassification: &armsecurityinsights.TIDataConnector{ - // Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"), - // Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5"), - // Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - // Kind: to.Ptr(armsecurityinsights.DataConnectorKindThreatIntelligence), - // Properties: &armsecurityinsights.TIDataConnectorProperties{ - // TenantID: to.Ptr("06b3ccb8-1384-4bcc-aec7-852f6d57161b"), - // DataTypes: &armsecurityinsights.TIDataConnectorDataTypes{ - // Indicators: &armsecurityinsights.TIDataConnectorDataTypesIndicators{ - // State: to.Ptr(armsecurityinsights.DataTypeStateEnabled), - // }, - // }, - // TipLookbackPeriod: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-01-01T13:00:30.123Z"); return t}()), - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/DeleteAPIPolling.json -func ExampleDataConnectorsClient_Delete_deleteAApiPollingDataConnector() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - _, err = clientFactory.NewDataConnectorsClient().Delete(ctx, "myRg", "myWorkspace", "316ec55e-7138-4d63-ab18-90c8a60fd1c8", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/DeleteGenericUI.json -func ExampleDataConnectorsClient_Delete_deleteAGenericUiDataConnector() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - _, err = clientFactory.NewDataConnectorsClient().Delete(ctx, "myRg", "myWorkspace", "316ec55e-7138-4d63-ab18-90c8a60fd1c8", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/DeleteOfficePowerBIDataConnetor.json -func ExampleDataConnectorsClient_Delete_deleteAnOfficePowerBiDataConnector() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - _, err = clientFactory.NewDataConnectorsClient().Delete(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/DeleteOffice365ProjectDataConnetor.json -func ExampleDataConnectorsClient_Delete_deleteAnOffice365ProjectDataConnector() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - _, err = clientFactory.NewDataConnectorsClient().Delete(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/DeleteOfficeDataConnetor.json -func ExampleDataConnectorsClient_Delete_deleteAnOffice365DataConnector() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - _, err = clientFactory.NewDataConnectorsClient().Delete(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/ConnectAPIPollingV2Logs.json -func ExampleDataConnectorsClient_Connect_connectAnApiPollingV2LogsDataConnector() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - _, err = clientFactory.NewDataConnectorsClient().Connect(ctx, "myRg", "myWorkspace", "316ec55e-7138-4d63-ab18-90c8a60fd1c8", armsecurityinsights.DataConnectorConnectBody{ - APIKey: to.Ptr("123456789"), - DataCollectionEndpoint: to.Ptr("https://test.eastus.ingest.monitor.azure.com"), - DataCollectionRuleImmutableID: to.Ptr("dcr-34adsj9o7d6f9de204478b9cgb43b631"), - Kind: to.Ptr(armsecurityinsights.ConnectAuthKindAPIKey), - OutputStream: to.Ptr("Custom-MyTableRawData"), - RequestConfigUserInputValues: []any{ - map[string]any{ - "displayText": "Organization Name", - "placeHolderName": "{{placeHolder1}}", - "placeHolderValue": "somePlaceHolderValue", - "requestObjectKey": "apiEndpoint", - }}, - }, nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/ConnectAPIPolling.json -func ExampleDataConnectorsClient_Connect_connectAnApiPollingDataConnector() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - _, err = clientFactory.NewDataConnectorsClient().Connect(ctx, "myRg", "myWorkspace", "316ec55e-7138-4d63-ab18-90c8a60fd1c8", armsecurityinsights.DataConnectorConnectBody{ - APIKey: to.Ptr("123456789"), - Kind: to.Ptr(armsecurityinsights.ConnectAuthKindAPIKey), - RequestConfigUserInputValues: []any{ - map[string]any{ - "displayText": "Organization Name", - "placeHolderName": "{{placeHolder1}}", - "placeHolderValue": "somePlaceHolderValue", - "requestObjectKey": "apiEndpoint", - }}, - }, nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/DisconnectAPIPolling.json -func ExampleDataConnectorsClient_Disconnect() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - _, err = clientFactory.NewDataConnectorsClient().Disconnect(ctx, "myRg", "myWorkspace", "316ec55e-7138-4d63-ab18-90c8a60fd1c8", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } -} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/dataconnectorscheckrequirements_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/dataconnectorscheckrequirements_client.go deleted file mode 100644 index 3230728b88d2..000000000000 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/dataconnectorscheckrequirements_client.go +++ /dev/null @@ -1,113 +0,0 @@ -//go:build go1.18 -// +build go1.18 - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See License.txt in the project root for license information. -// Code generated by Microsoft (R) AutoRest Code Generator. DO NOT EDIT. -// Changes may cause incorrect behavior and will be lost if the code is regenerated. - -package armsecurityinsights - -import ( - "context" - "errors" - "github.com/Azure/azure-sdk-for-go/sdk/azcore" - "github.com/Azure/azure-sdk-for-go/sdk/azcore/arm" - "github.com/Azure/azure-sdk-for-go/sdk/azcore/policy" - "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime" - "net/http" - "net/url" - "strings" -) - -// DataConnectorsCheckRequirementsClient contains the methods for the DataConnectorsCheckRequirements group. -// Don't use this type directly, use NewDataConnectorsCheckRequirementsClient() instead. -type DataConnectorsCheckRequirementsClient struct { - internal *arm.Client - subscriptionID string -} - -// NewDataConnectorsCheckRequirementsClient creates a new instance of DataConnectorsCheckRequirementsClient with the specified values. -// - subscriptionID - The ID of the target subscription. -// - credential - used to authorize requests. Usually a credential from azidentity. -// - options - pass nil to accept the default values. -func NewDataConnectorsCheckRequirementsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*DataConnectorsCheckRequirementsClient, error) { - cl, err := arm.NewClient(moduleName, moduleVersion, credential, options) - if err != nil { - return nil, err - } - client := &DataConnectorsCheckRequirementsClient{ - subscriptionID: subscriptionID, - internal: cl, - } - return client, nil -} - -// Post - Get requirements state for a data connector type. -// If the operation fails it returns an *azcore.ResponseError type. -// -// Generated from API version 2022-09-01-preview -// - resourceGroupName - The name of the resource group. The name is case insensitive. -// - workspaceName - The name of the workspace. -// - dataConnectorsCheckRequirements - The parameters for requirements check message -// - options - DataConnectorsCheckRequirementsClientPostOptions contains the optional parameters for the DataConnectorsCheckRequirementsClient.Post -// method. -func (client *DataConnectorsCheckRequirementsClient) Post(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorsCheckRequirements DataConnectorsCheckRequirementsClassification, options *DataConnectorsCheckRequirementsClientPostOptions) (DataConnectorsCheckRequirementsClientPostResponse, error) { - var err error - const operationName = "DataConnectorsCheckRequirementsClient.Post" - ctx = context.WithValue(ctx, runtime.CtxAPINameKey{}, operationName) - ctx, endSpan := runtime.StartSpan(ctx, operationName, client.internal.Tracer(), nil) - defer func() { endSpan(err) }() - req, err := client.postCreateRequest(ctx, resourceGroupName, workspaceName, dataConnectorsCheckRequirements, options) - if err != nil { - return DataConnectorsCheckRequirementsClientPostResponse{}, err - } - httpResp, err := client.internal.Pipeline().Do(req) - if err != nil { - return DataConnectorsCheckRequirementsClientPostResponse{}, err - } - if !runtime.HasStatusCode(httpResp, http.StatusOK) { - err = runtime.NewResponseError(httpResp) - return DataConnectorsCheckRequirementsClientPostResponse{}, err - } - resp, err := client.postHandleResponse(httpResp) - return resp, err -} - -// postCreateRequest creates the Post request. -func (client *DataConnectorsCheckRequirementsClient) postCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorsCheckRequirements DataConnectorsCheckRequirementsClassification, options *DataConnectorsCheckRequirementsClientPostOptions) (*policy.Request, error) { - urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorsCheckRequirements" - if client.subscriptionID == "" { - return nil, errors.New("parameter client.subscriptionID cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) - if resourceGroupName == "" { - return nil, errors.New("parameter resourceGroupName cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) - if workspaceName == "" { - return nil, errors.New("parameter workspaceName cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) - req, err := runtime.NewRequest(ctx, http.MethodPost, runtime.JoinPaths(client.internal.Endpoint(), urlPath)) - if err != nil { - return nil, err - } - reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") - req.Raw().URL.RawQuery = reqQP.Encode() - req.Raw().Header["Accept"] = []string{"application/json"} - if err := runtime.MarshalAsJSON(req, dataConnectorsCheckRequirements); err != nil { - return nil, err - } - return req, nil -} - -// postHandleResponse handles the Post response. -func (client *DataConnectorsCheckRequirementsClient) postHandleResponse(resp *http.Response) (DataConnectorsCheckRequirementsClientPostResponse, error) { - result := DataConnectorsCheckRequirementsClientPostResponse{} - if err := runtime.UnmarshalAsJSON(resp, &result.DataConnectorRequirementsState); err != nil { - return DataConnectorsCheckRequirementsClientPostResponse{}, err - } - return result, nil -} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/dataconnectorscheckrequirements_client_example_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/dataconnectorscheckrequirements_client_example_test.go deleted file mode 100644 index 24046c5890a2..000000000000 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/dataconnectorscheckrequirements_client_example_test.go +++ /dev/null @@ -1,483 +0,0 @@ -//go:build go1.18 -// +build go1.18 - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See License.txt in the project root for license information. -// Code generated by Microsoft (R) AutoRest Code Generator. -// Changes may cause incorrect behavior and will be lost if the code is regenerated. -// DO NOT EDIT. - -package armsecurityinsights_test - -import ( - "context" - "log" - - "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" - "github.com/Azure/azure-sdk-for-go/sdk/azidentity" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" -) - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoAuthorization.json -func ExampleDataConnectorsCheckRequirementsClient_Post_checkRequirementsForAadNoAuthorization() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewDataConnectorsCheckRequirementsClient().Post(ctx, "myRg", "myWorkspace", &armsecurityinsights.AADCheckRequirements{ - Kind: to.Ptr(armsecurityinsights.DataConnectorKindAzureActiveDirectory), - Properties: &armsecurityinsights.AADCheckRequirementsProperties{ - TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"), - }, - }, nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res.DataConnectorRequirementsState = armsecurityinsights.DataConnectorRequirementsState{ - // AuthorizationState: to.Ptr(armsecurityinsights.DataConnectorAuthorizationStateValid), - // LicenseState: to.Ptr(armsecurityinsights.DataConnectorLicenseStateValid), - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoLicense.json -func ExampleDataConnectorsCheckRequirementsClient_Post_checkRequirementsForAadNoLicense() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewDataConnectorsCheckRequirementsClient().Post(ctx, "myRg", "myWorkspace", &armsecurityinsights.AADCheckRequirements{ - Kind: to.Ptr(armsecurityinsights.DataConnectorKindAzureActiveDirectory), - Properties: &armsecurityinsights.AADCheckRequirementsProperties{ - TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"), - }, - }, nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res.DataConnectorRequirementsState = armsecurityinsights.DataConnectorRequirementsState{ - // AuthorizationState: to.Ptr(armsecurityinsights.DataConnectorAuthorizationStateValid), - // LicenseState: to.Ptr(armsecurityinsights.DataConnectorLicenseStateValid), - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectory.json -func ExampleDataConnectorsCheckRequirementsClient_Post_checkRequirementsForAad() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewDataConnectorsCheckRequirementsClient().Post(ctx, "myRg", "myWorkspace", &armsecurityinsights.AADCheckRequirements{ - Kind: to.Ptr(armsecurityinsights.DataConnectorKindAzureActiveDirectory), - Properties: &armsecurityinsights.AADCheckRequirementsProperties{ - TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"), - }, - }, nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res.DataConnectorRequirementsState = armsecurityinsights.DataConnectorRequirementsState{ - // AuthorizationState: to.Ptr(armsecurityinsights.DataConnectorAuthorizationStateValid), - // LicenseState: to.Ptr(armsecurityinsights.DataConnectorLicenseStateValid), - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/CheckRequirementsAzureSecurityCenter.json -func ExampleDataConnectorsCheckRequirementsClient_Post_checkRequirementsForAsc() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewDataConnectorsCheckRequirementsClient().Post(ctx, "myRg", "myWorkspace", &armsecurityinsights.ASCCheckRequirements{ - Kind: to.Ptr(armsecurityinsights.DataConnectorKindAzureSecurityCenter), - Properties: &armsecurityinsights.ASCCheckRequirementsProperties{ - SubscriptionID: to.Ptr("c0688291-89d7-4bed-87a2-a7b1bff43f4c"), - }, - }, nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res.DataConnectorRequirementsState = armsecurityinsights.DataConnectorRequirementsState{ - // AuthorizationState: to.Ptr(armsecurityinsights.DataConnectorAuthorizationStateValid), - // LicenseState: to.Ptr(armsecurityinsights.DataConnectorLicenseStateValid), - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/CheckRequirementsDynamics365.json -func ExampleDataConnectorsCheckRequirementsClient_Post_checkRequirementsForDynamics365() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewDataConnectorsCheckRequirementsClient().Post(ctx, "myRg", "myWorkspace", &armsecurityinsights.Dynamics365CheckRequirements{ - Kind: to.Ptr(armsecurityinsights.DataConnectorKindDynamics365), - Properties: &armsecurityinsights.Dynamics365CheckRequirementsProperties{ - TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"), - }, - }, nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res.DataConnectorRequirementsState = armsecurityinsights.DataConnectorRequirementsState{ - // AuthorizationState: to.Ptr(armsecurityinsights.DataConnectorAuthorizationStateValid), - // LicenseState: to.Ptr(armsecurityinsights.DataConnectorLicenseStateValid), - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/CheckRequirementsIoT.json -func ExampleDataConnectorsCheckRequirementsClient_Post_checkRequirementsForIoT() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewDataConnectorsCheckRequirementsClient().Post(ctx, "myRg", "myWorkspace", &armsecurityinsights.IoTCheckRequirements{ - Kind: to.Ptr(armsecurityinsights.DataConnectorKindIOT), - Properties: &armsecurityinsights.IoTCheckRequirementsProperties{ - SubscriptionID: to.Ptr("c0688291-89d7-4bed-87a2-a7b1bff43f4c"), - }, - }, nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res.DataConnectorRequirementsState = armsecurityinsights.DataConnectorRequirementsState{ - // AuthorizationState: to.Ptr(armsecurityinsights.DataConnectorAuthorizationStateValid), - // LicenseState: to.Ptr(armsecurityinsights.DataConnectorLicenseStateValid), - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftCloudAppSecurity.json -func ExampleDataConnectorsCheckRequirementsClient_Post_checkRequirementsForMcas() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewDataConnectorsCheckRequirementsClient().Post(ctx, "myRg", "myWorkspace", &armsecurityinsights.MCASCheckRequirements{ - Kind: to.Ptr(armsecurityinsights.DataConnectorKindMicrosoftCloudAppSecurity), - Properties: &armsecurityinsights.MCASCheckRequirementsProperties{ - TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"), - }, - }, nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res.DataConnectorRequirementsState = armsecurityinsights.DataConnectorRequirementsState{ - // AuthorizationState: to.Ptr(armsecurityinsights.DataConnectorAuthorizationStateValid), - // LicenseState: to.Ptr(armsecurityinsights.DataConnectorLicenseStateValid), - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/CheckRequirementsMdatp.json -func ExampleDataConnectorsCheckRequirementsClient_Post_checkRequirementsForMdatp() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewDataConnectorsCheckRequirementsClient().Post(ctx, "myRg", "myWorkspace", &armsecurityinsights.MCASCheckRequirements{ - Kind: to.Ptr(armsecurityinsights.DataConnectorKindMicrosoftCloudAppSecurity), - Properties: &armsecurityinsights.MCASCheckRequirementsProperties{ - TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"), - }, - }, nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res.DataConnectorRequirementsState = armsecurityinsights.DataConnectorRequirementsState{ - // AuthorizationState: to.Ptr(armsecurityinsights.DataConnectorAuthorizationStateValid), - // LicenseState: to.Ptr(armsecurityinsights.DataConnectorLicenseStateValid), - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatIntelligence.json -func ExampleDataConnectorsCheckRequirementsClient_Post_checkRequirementsForMicrosoftThreatIntelligence() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewDataConnectorsCheckRequirementsClient().Post(ctx, "myRg", "myWorkspace", &armsecurityinsights.MSTICheckRequirements{ - Kind: to.Ptr(armsecurityinsights.DataConnectorKindMicrosoftThreatIntelligence), - Properties: &armsecurityinsights.MSTICheckRequirementsProperties{ - TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"), - }, - }, nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res.DataConnectorRequirementsState = armsecurityinsights.DataConnectorRequirementsState{ - // AuthorizationState: to.Ptr(armsecurityinsights.DataConnectorAuthorizationStateValid), - // LicenseState: to.Ptr(armsecurityinsights.DataConnectorLicenseStateValid), - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatProtection.json -func ExampleDataConnectorsCheckRequirementsClient_Post_checkRequirementsForMicrosoftThreatProtection() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewDataConnectorsCheckRequirementsClient().Post(ctx, "myRg", "myWorkspace", &armsecurityinsights.MtpCheckRequirements{ - Kind: to.Ptr(armsecurityinsights.DataConnectorKindMicrosoftThreatProtection), - Properties: &armsecurityinsights.MTPCheckRequirementsProperties{ - TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"), - }, - }, nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res.DataConnectorRequirementsState = armsecurityinsights.DataConnectorRequirementsState{ - // AuthorizationState: to.Ptr(armsecurityinsights.DataConnectorAuthorizationStateValid), - // LicenseState: to.Ptr(armsecurityinsights.DataConnectorLicenseStateValid), - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/CheckRequirementsOffice365Project.json -func ExampleDataConnectorsCheckRequirementsClient_Post_checkRequirementsForOffice365Project() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewDataConnectorsCheckRequirementsClient().Post(ctx, "myRg", "myWorkspace", &armsecurityinsights.Office365ProjectCheckRequirements{ - Kind: to.Ptr(armsecurityinsights.DataConnectorKindOffice365Project), - Properties: &armsecurityinsights.Office365ProjectCheckRequirementsProperties{ - TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"), - }, - }, nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res.DataConnectorRequirementsState = armsecurityinsights.DataConnectorRequirementsState{ - // AuthorizationState: to.Ptr(armsecurityinsights.DataConnectorAuthorizationStateValid), - // LicenseState: to.Ptr(armsecurityinsights.DataConnectorLicenseStateValid), - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/CheckRequirementsOfficeATP.json -func ExampleDataConnectorsCheckRequirementsClient_Post_checkRequirementsForOfficeAtp() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewDataConnectorsCheckRequirementsClient().Post(ctx, "myRg", "myWorkspace", &armsecurityinsights.OfficeATPCheckRequirements{ - Kind: to.Ptr(armsecurityinsights.DataConnectorKindOfficeATP), - Properties: &armsecurityinsights.OfficeATPCheckRequirementsProperties{ - TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"), - }, - }, nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res.DataConnectorRequirementsState = armsecurityinsights.DataConnectorRequirementsState{ - // AuthorizationState: to.Ptr(armsecurityinsights.DataConnectorAuthorizationStateValid), - // LicenseState: to.Ptr(armsecurityinsights.DataConnectorLicenseStateValid), - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/CheckRequirementsOfficeIRM.json -func ExampleDataConnectorsCheckRequirementsClient_Post_checkRequirementsForOfficeIrm() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewDataConnectorsCheckRequirementsClient().Post(ctx, "myRg", "myWorkspace", &armsecurityinsights.OfficeIRMCheckRequirements{ - Kind: to.Ptr(armsecurityinsights.DataConnectorKindOfficeIRM), - Properties: &armsecurityinsights.OfficeIRMCheckRequirementsProperties{ - TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"), - }, - }, nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res.DataConnectorRequirementsState = armsecurityinsights.DataConnectorRequirementsState{ - // AuthorizationState: to.Ptr(armsecurityinsights.DataConnectorAuthorizationStateValid), - // LicenseState: to.Ptr(armsecurityinsights.DataConnectorLicenseStateValid), - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/CheckRequirementsOfficePowerBI.json -func ExampleDataConnectorsCheckRequirementsClient_Post_checkRequirementsForOfficePowerBi() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewDataConnectorsCheckRequirementsClient().Post(ctx, "myRg", "myWorkspace", &armsecurityinsights.OfficePowerBICheckRequirements{ - Kind: to.Ptr(armsecurityinsights.DataConnectorKindOfficePowerBI), - Properties: &armsecurityinsights.OfficePowerBICheckRequirementsProperties{ - TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"), - }, - }, nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res.DataConnectorRequirementsState = armsecurityinsights.DataConnectorRequirementsState{ - // AuthorizationState: to.Ptr(armsecurityinsights.DataConnectorAuthorizationStateValid), - // LicenseState: to.Ptr(armsecurityinsights.DataConnectorLicenseStateValid), - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligenceTaxii.json -func ExampleDataConnectorsCheckRequirementsClient_Post_checkRequirementsForTiTaxii() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewDataConnectorsCheckRequirementsClient().Post(ctx, "myRg", "myWorkspace", &armsecurityinsights.TiTaxiiCheckRequirements{ - Kind: to.Ptr(armsecurityinsights.DataConnectorKindThreatIntelligenceTaxii), - Properties: &armsecurityinsights.TiTaxiiCheckRequirementsProperties{ - TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"), - }, - }, nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res.DataConnectorRequirementsState = armsecurityinsights.DataConnectorRequirementsState{ - // AuthorizationState: to.Ptr(armsecurityinsights.DataConnectorAuthorizationStateValid), - // LicenseState: to.Ptr(armsecurityinsights.DataConnectorLicenseStateValid), - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligence.json -func ExampleDataConnectorsCheckRequirementsClient_Post_checkRequirementsForTi() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewDataConnectorsCheckRequirementsClient().Post(ctx, "myRg", "myWorkspace", &armsecurityinsights.TICheckRequirements{ - Kind: to.Ptr(armsecurityinsights.DataConnectorKindThreatIntelligence), - Properties: &armsecurityinsights.TICheckRequirementsProperties{ - TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"), - }, - }, nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res.DataConnectorRequirementsState = armsecurityinsights.DataConnectorRequirementsState{ - // AuthorizationState: to.Ptr(armsecurityinsights.DataConnectorAuthorizationStateValid), - // LicenseState: to.Ptr(armsecurityinsights.DataConnectorLicenseStateValid), - // } -} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/domainwhois_client_example_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/domainwhois_client_example_test.go deleted file mode 100644 index e9b595f785e2..000000000000 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/domainwhois_client_example_test.go +++ /dev/null @@ -1,99 +0,0 @@ -//go:build go1.18 -// +build go1.18 - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See License.txt in the project root for license information. -// Code generated by Microsoft (R) AutoRest Code Generator. -// Changes may cause incorrect behavior and will be lost if the code is regenerated. -// DO NOT EDIT. - -package armsecurityinsights_test - -import ( - "context" - "log" - - "github.com/Azure/azure-sdk-for-go/sdk/azidentity" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" -) - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/enrichment/GetWhoisByDomainName.json -func ExampleDomainWhoisClient_Get() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewDomainWhoisClient().Get(ctx, "myRg", "microsoft.com", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res.EnrichmentDomainWhois = armsecurityinsights.EnrichmentDomainWhois{ - // Created: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T16:15:01.187Z"); return t}()), - // Domain: to.Ptr("microsoft.com"), - // ParsedWhois: &armsecurityinsights.EnrichmentDomainWhoisDetails{ - // Contacts: &armsecurityinsights.EnrichmentDomainWhoisContacts{ - // Admin: &armsecurityinsights.EnrichmentDomainWhoisContact{ - // Name: to.Ptr("Administrator"), - // Country: to.Ptr("United States"), - // Email: to.Ptr("mail@microsoft.com"), - // Org: to.Ptr("Microsoft"), - // Phone: to.Ptr("1-800-555-1234"), - // Postal: to.Ptr("98052"), - // State: to.Ptr("WA"), - // Street: []*string{ - // to.Ptr("One Microsoft Way")}, - // }, - // Billing: &armsecurityinsights.EnrichmentDomainWhoisContact{ - // Name: to.Ptr("Administrator"), - // Country: to.Ptr("United States"), - // Email: to.Ptr("mail@microsoft.com"), - // Org: to.Ptr("Microsoft"), - // Phone: to.Ptr("1-800-555-1234"), - // Postal: to.Ptr("98052"), - // State: to.Ptr("WA"), - // Street: []*string{ - // to.Ptr("One Microsoft Way")}, - // }, - // Tech: &armsecurityinsights.EnrichmentDomainWhoisContact{ - // Name: to.Ptr("Administrator"), - // Country: to.Ptr("United States"), - // Email: to.Ptr("mail@microsoft.com"), - // Org: to.Ptr("Microsoft"), - // Phone: to.Ptr("1-800-555-1234"), - // Postal: to.Ptr("98052"), - // State: to.Ptr("WA"), - // Street: []*string{ - // to.Ptr("One Microsoft Way")}, - // }, - // }, - // NameServers: []*string{ - // to.Ptr("ns1-205.azure-dns.com"), - // to.Ptr("ns2-205.azure-dns.net"), - // to.Ptr("ns3-205.azure-dns.org"), - // to.Ptr("ns4-205.azure-dns.info")}, - // Registrar: &armsecurityinsights.EnrichmentDomainWhoisRegistrarDetails{ - // Name: to.Ptr("MarkMonitor, Inc"), - // AbuseContactEmail: to.Ptr("abuse@microsoft.com"), - // AbuseContactPhone: to.Ptr("12083895770"), - // URL: to.Ptr("http://www.markmonitor.com"), - // WhoisServer: to.Ptr("whois.markmonitor.com"), - // }, - // Statuses: []*string{ - // to.Ptr("clientUpdateProhibited"), - // to.Ptr("clientTransferProhibited"), - // to.Ptr("clientDeleteProhibited"), - // to.Ptr("serverUpdateProhibited"), - // to.Ptr("serverTransferProhibited"), - // to.Ptr("serverDeleteProhibited")}, - // }, - // Updated: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T16:15:01.187Z"); return t}()), - // } -} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/entities_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/entities_client.go index f3112c804776..8969f6d1941e 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/entities_client.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/entities_client.go @@ -28,7 +28,7 @@ type EntitiesClient struct { } // NewEntitiesClient creates a new instance of EntitiesClient with the specified values. -// - subscriptionID - The ID of the target subscription. +// - subscriptionID - The ID of the target subscription. The value must be an UUID. // - credential - used to authorize requests. Usually a credential from azidentity. // - options - pass nil to accept the default values. func NewEntitiesClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*EntitiesClient, error) { @@ -43,40 +43,38 @@ func NewEntitiesClient(subscriptionID string, credential azcore.TokenCredential, return client, nil } -// Expand - Expands an entity. +// RunPlaybook - Triggers playbook on a specific entity. // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. -// - entityID - entity ID -// - parameters - The parameters required to execute an expand operation on the given entity. -// - options - EntitiesClientExpandOptions contains the optional parameters for the EntitiesClient.Expand method. -func (client *EntitiesClient) Expand(ctx context.Context, resourceGroupName string, workspaceName string, entityID string, parameters EntityExpandParameters, options *EntitiesClientExpandOptions) (EntitiesClientExpandResponse, error) { +// - entityIdentifier - Entity ID +// - options - EntitiesClientRunPlaybookOptions contains the optional parameters for the EntitiesClient.RunPlaybook method. +func (client *EntitiesClient) RunPlaybook(ctx context.Context, resourceGroupName string, workspaceName string, entityIdentifier string, options *EntitiesClientRunPlaybookOptions) (EntitiesClientRunPlaybookResponse, error) { var err error - const operationName = "EntitiesClient.Expand" + const operationName = "EntitiesClient.RunPlaybook" ctx = context.WithValue(ctx, runtime.CtxAPINameKey{}, operationName) ctx, endSpan := runtime.StartSpan(ctx, operationName, client.internal.Tracer(), nil) defer func() { endSpan(err) }() - req, err := client.expandCreateRequest(ctx, resourceGroupName, workspaceName, entityID, parameters, options) + req, err := client.runPlaybookCreateRequest(ctx, resourceGroupName, workspaceName, entityIdentifier, options) if err != nil { - return EntitiesClientExpandResponse{}, err + return EntitiesClientRunPlaybookResponse{}, err } httpResp, err := client.internal.Pipeline().Do(req) if err != nil { - return EntitiesClientExpandResponse{}, err + return EntitiesClientRunPlaybookResponse{}, err } - if !runtime.HasStatusCode(httpResp, http.StatusOK) { + if !runtime.HasStatusCode(httpResp, http.StatusNoContent) { err = runtime.NewResponseError(httpResp) - return EntitiesClientExpandResponse{}, err + return EntitiesClientRunPlaybookResponse{}, err } - resp, err := client.expandHandleResponse(httpResp) - return resp, err + return EntitiesClientRunPlaybookResponse{}, nil } -// expandCreateRequest creates the Expand request. -func (client *EntitiesClient) expandCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, entityID string, parameters EntityExpandParameters, options *EntitiesClientExpandOptions) (*policy.Request, error) { - urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/expand" +// runPlaybookCreateRequest creates the RunPlaybook request. +func (client *EntitiesClient) runPlaybookCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, entityIdentifier string, options *EntitiesClientRunPlaybookOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityIdentifier}/runPlaybook" if client.subscriptionID == "" { return nil, errors.New("parameter client.subscriptionID cannot be empty") } @@ -89,306 +87,23 @@ func (client *EntitiesClient) expandCreateRequest(ctx context.Context, resourceG return nil, errors.New("parameter workspaceName cannot be empty") } urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) - if entityID == "" { - return nil, errors.New("parameter entityID cannot be empty") + if entityIdentifier == "" { + return nil, errors.New("parameter entityIdentifier cannot be empty") } - urlPath = strings.ReplaceAll(urlPath, "{entityId}", url.PathEscape(entityID)) + urlPath = strings.ReplaceAll(urlPath, "{entityIdentifier}", url.PathEscape(entityIdentifier)) req, err := runtime.NewRequest(ctx, http.MethodPost, runtime.JoinPaths(client.internal.Endpoint(), urlPath)) if err != nil { return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} - if err := runtime.MarshalAsJSON(req, parameters); err != nil { - return nil, err - } - return req, nil -} - -// expandHandleResponse handles the Expand response. -func (client *EntitiesClient) expandHandleResponse(resp *http.Response) (EntitiesClientExpandResponse, error) { - result := EntitiesClientExpandResponse{} - if err := runtime.UnmarshalAsJSON(resp, &result.EntityExpandResponse); err != nil { - return EntitiesClientExpandResponse{}, err - } - return result, nil -} - -// Get - Gets an entity. -// If the operation fails it returns an *azcore.ResponseError type. -// -// Generated from API version 2022-09-01-preview -// - resourceGroupName - The name of the resource group. The name is case insensitive. -// - workspaceName - The name of the workspace. -// - entityID - entity ID -// - options - EntitiesClientGetOptions contains the optional parameters for the EntitiesClient.Get method. -func (client *EntitiesClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, entityID string, options *EntitiesClientGetOptions) (EntitiesClientGetResponse, error) { - var err error - const operationName = "EntitiesClient.Get" - ctx = context.WithValue(ctx, runtime.CtxAPINameKey{}, operationName) - ctx, endSpan := runtime.StartSpan(ctx, operationName, client.internal.Tracer(), nil) - defer func() { endSpan(err) }() - req, err := client.getCreateRequest(ctx, resourceGroupName, workspaceName, entityID, options) - if err != nil { - return EntitiesClientGetResponse{}, err - } - httpResp, err := client.internal.Pipeline().Do(req) - if err != nil { - return EntitiesClientGetResponse{}, err - } - if !runtime.HasStatusCode(httpResp, http.StatusOK) { - err = runtime.NewResponseError(httpResp) - return EntitiesClientGetResponse{}, err - } - resp, err := client.getHandleResponse(httpResp) - return resp, err -} - -// getCreateRequest creates the Get request. -func (client *EntitiesClient) getCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, entityID string, options *EntitiesClientGetOptions) (*policy.Request, error) { - urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}" - if client.subscriptionID == "" { - return nil, errors.New("parameter client.subscriptionID cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) - if resourceGroupName == "" { - return nil, errors.New("parameter resourceGroupName cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) - if workspaceName == "" { - return nil, errors.New("parameter workspaceName cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) - if entityID == "" { - return nil, errors.New("parameter entityID cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{entityId}", url.PathEscape(entityID)) - req, err := runtime.NewRequest(ctx, http.MethodGet, runtime.JoinPaths(client.internal.Endpoint(), urlPath)) - if err != nil { - return nil, err - } - reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") - req.Raw().URL.RawQuery = reqQP.Encode() - req.Raw().Header["Accept"] = []string{"application/json"} - return req, nil -} - -// getHandleResponse handles the Get response. -func (client *EntitiesClient) getHandleResponse(resp *http.Response) (EntitiesClientGetResponse, error) { - result := EntitiesClientGetResponse{} - if err := runtime.UnmarshalAsJSON(resp, &result); err != nil { - return EntitiesClientGetResponse{}, err - } - return result, nil -} - -// GetInsights - Execute Insights for an entity. -// If the operation fails it returns an *azcore.ResponseError type. -// -// Generated from API version 2022-09-01-preview -// - resourceGroupName - The name of the resource group. The name is case insensitive. -// - workspaceName - The name of the workspace. -// - entityID - entity ID -// - parameters - The parameters required to execute insights on the given entity. -// - options - EntitiesClientGetInsightsOptions contains the optional parameters for the EntitiesClient.GetInsights method. -func (client *EntitiesClient) GetInsights(ctx context.Context, resourceGroupName string, workspaceName string, entityID string, parameters EntityGetInsightsParameters, options *EntitiesClientGetInsightsOptions) (EntitiesClientGetInsightsResponse, error) { - var err error - const operationName = "EntitiesClient.GetInsights" - ctx = context.WithValue(ctx, runtime.CtxAPINameKey{}, operationName) - ctx, endSpan := runtime.StartSpan(ctx, operationName, client.internal.Tracer(), nil) - defer func() { endSpan(err) }() - req, err := client.getInsightsCreateRequest(ctx, resourceGroupName, workspaceName, entityID, parameters, options) - if err != nil { - return EntitiesClientGetInsightsResponse{}, err - } - httpResp, err := client.internal.Pipeline().Do(req) - if err != nil { - return EntitiesClientGetInsightsResponse{}, err - } - if !runtime.HasStatusCode(httpResp, http.StatusOK) { - err = runtime.NewResponseError(httpResp) - return EntitiesClientGetInsightsResponse{}, err - } - resp, err := client.getInsightsHandleResponse(httpResp) - return resp, err -} - -// getInsightsCreateRequest creates the GetInsights request. -func (client *EntitiesClient) getInsightsCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, entityID string, parameters EntityGetInsightsParameters, options *EntitiesClientGetInsightsOptions) (*policy.Request, error) { - urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/getInsights" - if client.subscriptionID == "" { - return nil, errors.New("parameter client.subscriptionID cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) - if resourceGroupName == "" { - return nil, errors.New("parameter resourceGroupName cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) - if workspaceName == "" { - return nil, errors.New("parameter workspaceName cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) - if entityID == "" { - return nil, errors.New("parameter entityID cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{entityId}", url.PathEscape(entityID)) - req, err := runtime.NewRequest(ctx, http.MethodPost, runtime.JoinPaths(client.internal.Endpoint(), urlPath)) - if err != nil { - return nil, err - } - reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") - req.Raw().URL.RawQuery = reqQP.Encode() - req.Raw().Header["Accept"] = []string{"application/json"} - if err := runtime.MarshalAsJSON(req, parameters); err != nil { - return nil, err + if options != nil && options.RequestBody != nil { + if err := runtime.MarshalAsJSON(req, *options.RequestBody); err != nil { + return nil, err + } + return req, nil } return req, nil } - -// getInsightsHandleResponse handles the GetInsights response. -func (client *EntitiesClient) getInsightsHandleResponse(resp *http.Response) (EntitiesClientGetInsightsResponse, error) { - result := EntitiesClientGetInsightsResponse{} - if err := runtime.UnmarshalAsJSON(resp, &result.EntityGetInsightsResponse); err != nil { - return EntitiesClientGetInsightsResponse{}, err - } - return result, nil -} - -// NewListPager - Gets all entities. -// -// Generated from API version 2022-09-01-preview -// - resourceGroupName - The name of the resource group. The name is case insensitive. -// - workspaceName - The name of the workspace. -// - options - EntitiesClientListOptions contains the optional parameters for the EntitiesClient.NewListPager method. -func (client *EntitiesClient) NewListPager(resourceGroupName string, workspaceName string, options *EntitiesClientListOptions) *runtime.Pager[EntitiesClientListResponse] { - return runtime.NewPager(runtime.PagingHandler[EntitiesClientListResponse]{ - More: func(page EntitiesClientListResponse) bool { - return page.NextLink != nil && len(*page.NextLink) > 0 - }, - Fetcher: func(ctx context.Context, page *EntitiesClientListResponse) (EntitiesClientListResponse, error) { - ctx = context.WithValue(ctx, runtime.CtxAPINameKey{}, "EntitiesClient.NewListPager") - nextLink := "" - if page != nil { - nextLink = *page.NextLink - } - resp, err := runtime.FetcherForNextLink(ctx, client.internal.Pipeline(), nextLink, func(ctx context.Context) (*policy.Request, error) { - return client.listCreateRequest(ctx, resourceGroupName, workspaceName, options) - }, nil) - if err != nil { - return EntitiesClientListResponse{}, err - } - return client.listHandleResponse(resp) - }, - Tracer: client.internal.Tracer(), - }) -} - -// listCreateRequest creates the List request. -func (client *EntitiesClient) listCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, options *EntitiesClientListOptions) (*policy.Request, error) { - urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities" - if client.subscriptionID == "" { - return nil, errors.New("parameter client.subscriptionID cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) - if resourceGroupName == "" { - return nil, errors.New("parameter resourceGroupName cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) - if workspaceName == "" { - return nil, errors.New("parameter workspaceName cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) - req, err := runtime.NewRequest(ctx, http.MethodGet, runtime.JoinPaths(client.internal.Endpoint(), urlPath)) - if err != nil { - return nil, err - } - reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") - req.Raw().URL.RawQuery = reqQP.Encode() - req.Raw().Header["Accept"] = []string{"application/json"} - return req, nil -} - -// listHandleResponse handles the List response. -func (client *EntitiesClient) listHandleResponse(resp *http.Response) (EntitiesClientListResponse, error) { - result := EntitiesClientListResponse{} - if err := runtime.UnmarshalAsJSON(resp, &result.EntityList); err != nil { - return EntitiesClientListResponse{}, err - } - return result, nil -} - -// Queries - Get Insights and Activities for an entity. -// If the operation fails it returns an *azcore.ResponseError type. -// -// Generated from API version 2022-09-01-preview -// - resourceGroupName - The name of the resource group. The name is case insensitive. -// - workspaceName - The name of the workspace. -// - entityID - entity ID -// - kind - The Kind parameter for queries -// - options - EntitiesClientQueriesOptions contains the optional parameters for the EntitiesClient.Queries method. -func (client *EntitiesClient) Queries(ctx context.Context, resourceGroupName string, workspaceName string, entityID string, kind EntityItemQueryKind, options *EntitiesClientQueriesOptions) (EntitiesClientQueriesResponse, error) { - var err error - const operationName = "EntitiesClient.Queries" - ctx = context.WithValue(ctx, runtime.CtxAPINameKey{}, operationName) - ctx, endSpan := runtime.StartSpan(ctx, operationName, client.internal.Tracer(), nil) - defer func() { endSpan(err) }() - req, err := client.queriesCreateRequest(ctx, resourceGroupName, workspaceName, entityID, kind, options) - if err != nil { - return EntitiesClientQueriesResponse{}, err - } - httpResp, err := client.internal.Pipeline().Do(req) - if err != nil { - return EntitiesClientQueriesResponse{}, err - } - if !runtime.HasStatusCode(httpResp, http.StatusOK) { - err = runtime.NewResponseError(httpResp) - return EntitiesClientQueriesResponse{}, err - } - resp, err := client.queriesHandleResponse(httpResp) - return resp, err -} - -// queriesCreateRequest creates the Queries request. -func (client *EntitiesClient) queriesCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, entityID string, kind EntityItemQueryKind, options *EntitiesClientQueriesOptions) (*policy.Request, error) { - urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/queries" - if client.subscriptionID == "" { - return nil, errors.New("parameter client.subscriptionID cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) - if resourceGroupName == "" { - return nil, errors.New("parameter resourceGroupName cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) - if workspaceName == "" { - return nil, errors.New("parameter workspaceName cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) - if entityID == "" { - return nil, errors.New("parameter entityID cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{entityId}", url.PathEscape(entityID)) - req, err := runtime.NewRequest(ctx, http.MethodGet, runtime.JoinPaths(client.internal.Endpoint(), urlPath)) - if err != nil { - return nil, err - } - reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") - reqQP.Set("kind", string(kind)) - req.Raw().URL.RawQuery = reqQP.Encode() - req.Raw().Header["Accept"] = []string{"application/json"} - return req, nil -} - -// queriesHandleResponse handles the Queries response. -func (client *EntitiesClient) queriesHandleResponse(resp *http.Response) (EntitiesClientQueriesResponse, error) { - result := EntitiesClientQueriesResponse{} - if err := runtime.UnmarshalAsJSON(resp, &result.GetQueriesResponse); err != nil { - return EntitiesClientQueriesResponse{}, err - } - return result, nil -} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/entities_client_example_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/entities_client_example_test.go deleted file mode 100644 index 171435888d01..000000000000 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/entities_client_example_test.go +++ /dev/null @@ -1,1442 +0,0 @@ -//go:build go1.18 -// +build go1.18 - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See License.txt in the project root for license information. -// Code generated by Microsoft (R) AutoRest Code Generator. -// Changes may cause incorrect behavior and will be lost if the code is regenerated. -// DO NOT EDIT. - -package armsecurityinsights_test - -import ( - "context" - "log" - - "time" - - "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" - "github.com/Azure/azure-sdk-for-go/sdk/azidentity" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" -) - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entities/GetEntities.json -func ExampleEntitiesClient_NewListPager() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - pager := clientFactory.NewEntitiesClient().NewListPager("myRg", "myWorkspace", nil) - for pager.More() { - page, err := pager.NextPage(ctx) - if err != nil { - log.Fatalf("failed to advance page: %v", err) - } - for _, v := range page.Value { - // You could use page here. We use blank identifier for just demo purposes. - _ = v - } - // If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // page.EntityList = armsecurityinsights.EntityList{ - // Value: []armsecurityinsights.EntityClassification{ - // &armsecurityinsights.AccountEntity{ - // Name: to.Ptr("e1d3d618-e11f-478b-98e3-bb381539a8e1"), - // Type: to.Ptr("Microsoft.SecurityInsights/entities"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1"), - // Kind: to.Ptr(armsecurityinsights.EntityKindAccount), - // Properties: &armsecurityinsights.AccountEntityProperties{ - // FriendlyName: to.Ptr("administrator"), - // AADTenantID: to.Ptr("70fbdad0-7441-4564-b2b5-2b8862d0fee0"), - // AADUserID: to.Ptr("f7033626-2572-46b1-bba0-06646f4f95b3"), - // AccountName: to.Ptr("administrator"), - // IsDomainJoined: to.Ptr(true), - // NtDomain: to.Ptr("domain"), - // ObjectGUID: to.Ptr("11227b78-3c6e-436e-a2a2-02fc7662eca0"), - // Puid: to.Ptr("ee3cb2d8-14ba-45ef-8009-d6f1cacfa04d"), - // Sid: to.Ptr("S-1-5-18"), - // UpnSuffix: to.Ptr("contoso"), - // }, - // }, - // &armsecurityinsights.HostEntity{ - // Name: to.Ptr("fed9fe89-dce8-40f2-bf44-70f23fe93b3c"), - // Type: to.Ptr("Microsoft.SecurityInsights/entities"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/fed9fe89-dce8-40f2-bf44-70f23fe93b3c"), - // Kind: to.Ptr(armsecurityinsights.EntityKindHost), - // Properties: &armsecurityinsights.HostEntityProperties{ - // FriendlyName: to.Ptr("vm1"), - // AzureID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachines/vm1"), - // DNSDomain: to.Ptr("contoso"), - // HostName: to.Ptr("vm1"), - // IsDomainJoined: to.Ptr(true), - // NetBiosName: to.Ptr("contoso"), - // NtDomain: to.Ptr("domain"), - // OmsAgentID: to.Ptr("70fbdad0-7441-4564-b2b5-2b8862d0fee0"), - // OSFamily: to.Ptr(armsecurityinsights.OSFamilyWindows), - // OSVersion: to.Ptr("1.0"), - // }, - // }, - // &armsecurityinsights.FileEntity{ - // Name: to.Ptr("af378b21-b4aa-4fe7-bc70-13f8621a322f"), - // Type: to.Ptr("Microsoft.SecurityInsights/entities"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/af378b21-b4aa-4fe7-bc70-13f8621a322f"), - // Kind: to.Ptr(armsecurityinsights.EntityKindFile), - // Properties: &armsecurityinsights.FileEntityProperties{ - // FriendlyName: to.Ptr("cmd.exe"), - // Directory: to.Ptr("C:\\Windows\\System32"), - // FileName: to.Ptr("cmd.exe"), - // }, - // }}, - // } - } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entities/GetCloudApplicationEntityById.json -func ExampleEntitiesClient_Get_getACloudApplicationEntity() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewEntitiesClient().Get(ctx, "myRg", "myWorkspace", "e1d3d618-e11f-478b-98e3-bb381539a8e1", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.EntitiesClientGetResponse{ - // EntityClassification: &armsecurityinsights.CloudApplicationEntity{ - // Name: to.Ptr("e1d3d618-e11f-478b-98e3-bb381539a8e1"), - // Type: to.Ptr("Microsoft.SecurityInsights/entities"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1"), - // Kind: to.Ptr(armsecurityinsights.EntityKindCloudApplication), - // Properties: &armsecurityinsights.CloudApplicationEntityProperties{ - // FriendlyName: to.Ptr("AppName"), - // AppID: to.Ptr[int32](1), - // AppName: to.Ptr("AppName"), - // InstanceName: to.Ptr("InstanceName"), - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entities/GetDnsEntityById.json -func ExampleEntitiesClient_Get_getADnsEntity() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewEntitiesClient().Get(ctx, "myRg", "myWorkspace", "f4e74920-f2c0-4412-a45f-66d94fdf01f8", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.EntitiesClientGetResponse{ - // EntityClassification: &armsecurityinsights.DNSEntity{ - // Name: to.Ptr("f4e74920-f2c0-4412-a45f-66d94fdf01f8"), - // Type: to.Ptr("Microsoft.SecurityInsights/entities"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/f4e74920-f2c0-4412-a45f-66d94fdf01f8"), - // Kind: to.Ptr(armsecurityinsights.EntityKindDNSResolution), - // Properties: &armsecurityinsights.DNSEntityProperties{ - // FriendlyName: to.Ptr("domain"), - // DomainName: to.Ptr("domain"), - // IPAddressEntityIDs: []*string{ - // to.Ptr("475d3120-33e0-4841-9f1c-a8f15a801d19")}, - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entities/GetFileEntityById.json -func ExampleEntitiesClient_Get_getAFileEntity() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewEntitiesClient().Get(ctx, "myRg", "myWorkspace", "af378b21-b4aa-4fe7-bc70-13f8621a322f", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.EntitiesClientGetResponse{ - // EntityClassification: &armsecurityinsights.FileEntity{ - // Name: to.Ptr("af378b21-b4aa-4fe7-bc70-13f8621a322f"), - // Type: to.Ptr("Microsoft.SecurityInsights/entities"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/af378b21-b4aa-4fe7-bc70-13f8621a322f"), - // Kind: to.Ptr(armsecurityinsights.EntityKindFile), - // Properties: &armsecurityinsights.FileEntityProperties{ - // FriendlyName: to.Ptr("cmd.exe"), - // Directory: to.Ptr("C:\\Windows\\System32"), - // FileName: to.Ptr("cmd.exe"), - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entities/GetFileHashEntityById.json -func ExampleEntitiesClient_Get_getAFileHashEntity() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewEntitiesClient().Get(ctx, "myRg", "myWorkspace", "ea359fa6-c1e5-f878-e105-6344f3e399a1", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.EntitiesClientGetResponse{ - // EntityClassification: &armsecurityinsights.FileHashEntity{ - // Name: to.Ptr("ea359fa6-c1e5-f878-e105-6344f3e399a1"), - // Type: to.Ptr("Microsoft.SecurityInsights/entities"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/ea359fa6-c1e5-f878-e105-6344f3e399a1"), - // Kind: to.Ptr(armsecurityinsights.EntityKindFileHash), - // Properties: &armsecurityinsights.FileHashEntityProperties{ - // FriendlyName: to.Ptr("E923636F1093C414AAB39F846E9D7A372BEEFA7B628B28179197E539C56AA0F0(SHA256)"), - // Algorithm: to.Ptr(armsecurityinsights.FileHashAlgorithmSHA256), - // HashValue: to.Ptr("E923636F1093C414AAB39F846E9D7A372BEEFA7B628B28179197E539C56AA0F0"), - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entities/GetHostEntityById.json -func ExampleEntitiesClient_Get_getAHostEntity() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewEntitiesClient().Get(ctx, "myRg", "myWorkspace", "e1d3d618-e11f-478b-98e3-bb381539a8e1", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.EntitiesClientGetResponse{ - // EntityClassification: &armsecurityinsights.HostEntity{ - // Name: to.Ptr("e1d3d618-e11f-478b-98e3-bb381539a8e1"), - // Type: to.Ptr("Microsoft.SecurityInsights/entities"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1"), - // Kind: to.Ptr(armsecurityinsights.EntityKindHost), - // Properties: &armsecurityinsights.HostEntityProperties{ - // FriendlyName: to.Ptr("vm1"), - // AzureID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachines/vm1"), - // DNSDomain: to.Ptr("contoso"), - // HostName: to.Ptr("vm1"), - // IsDomainJoined: to.Ptr(true), - // NetBiosName: to.Ptr("contoso"), - // NtDomain: to.Ptr("domain"), - // OmsAgentID: to.Ptr("70fbdad0-7441-4564-b2b5-2b8862d0fee0"), - // OSFamily: to.Ptr(armsecurityinsights.OSFamilyWindows), - // OSVersion: to.Ptr("1.0"), - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entities/GetMailClusterEntityById.json -func ExampleEntitiesClient_Get_getAMailClusterEntity() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewEntitiesClient().Get(ctx, "myRg", "myWorkspace", "e1d3d618-e11f-478b-98e3-bb381539a8e1", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.EntitiesClientGetResponse{ - // EntityClassification: &armsecurityinsights.MailClusterEntity{ - // Name: to.Ptr("e1d3d618-e11f-478b-98e3-bb381539a8e1"), - // Type: to.Ptr("Microsoft.SecurityInsights/entities"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1"), - // Kind: to.Ptr(armsecurityinsights.EntityKindMailCluster), - // Properties: &armsecurityinsights.MailClusterEntityProperties{ - // FriendlyName: to.Ptr("ClusterSourceIdentifier"), - // ClusterGroup: to.Ptr("cluster group"), - // ClusterSourceIdentifier: to.Ptr("cluster source identifier"), - // ClusterSourceType: to.Ptr("Similarity"), - // CountByDeliveryStatus: map[string]any{ - // "deliveryStatus": float64(5), - // }, - // CountByProtectionStatus: map[string]any{ - // "protectionStatus": float64(65), - // }, - // CountByThreatType: map[string]any{ - // "threatType": float64(6), - // }, - // NetworkMessageIDs: []*string{ - // to.Ptr("ccfce855-e02f-491b-a1cc-5bafb371ad0c")}, - // Query: to.Ptr("kqlFilter"), - // QueryTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T01:42:01.602Z"); return t}()), - // Source: to.Ptr("ClusterSourceIdentifier"), - // Threats: []*string{ - // to.Ptr("thrreat1"), - // to.Ptr("thread2")}, - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entities/GetMailMessageEntityById.json -func ExampleEntitiesClient_Get_getAMailMessageEntity() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewEntitiesClient().Get(ctx, "myRg", "myWorkspace", "e1d3d618-e11f-478b-98e3-bb381539a8e1", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.EntitiesClientGetResponse{ - // EntityClassification: &armsecurityinsights.MailMessageEntity{ - // Name: to.Ptr("e1d3d618-e11f-478b-98e3-bb381539a8e1"), - // Type: to.Ptr("Microsoft.SecurityInsights/entities"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1"), - // Kind: to.Ptr(armsecurityinsights.EntityKindMailMessage), - // Properties: &armsecurityinsights.MailMessageEntityProperties{ - // FriendlyName: to.Ptr("cmd.exe"), - // DeliveryAction: to.Ptr(armsecurityinsights.DeliveryActionBlocked), - // FileEntityIDs: []*string{ - // to.Ptr("ccfce855-e02f-491b-a1cc-5bafb371ad0c")}, - // InternetMessageID: to.Ptr("message id"), - // P1Sender: to.Ptr("email@fake.com"), - // P1SenderDisplayName: to.Ptr("p1 sender display name"), - // P1SenderDomain: to.Ptr("p1 sender domain"), - // P2Sender: to.Ptr("the sender"), - // P2SenderDisplayName: to.Ptr("p2 sender display name"), - // P2SenderDomain: to.Ptr("p2 Sender Domain"), - // Recipient: to.Ptr("recipient"), - // SenderIP: to.Ptr("1.23.34.43"), - // Subject: to.Ptr("subject"), - // ThreatDetectionMethods: []*string{ - // to.Ptr("thrreat1"), - // to.Ptr("thread2")}, - // Threats: []*string{ - // to.Ptr("thrreat1"), - // to.Ptr("thread2")}, - // Urls: []*string{ - // to.Ptr("http://moqbrarcwmnk.banxhdcojlg.biz")}, - // Language: to.Ptr("language"), - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entities/GetMailboxEntityById.json -func ExampleEntitiesClient_Get_getAMailboxEntity() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewEntitiesClient().Get(ctx, "myRg", "myWorkspace", "e1d3d618-e11f-478b-98e3-bb381539a8e1", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.EntitiesClientGetResponse{ - // EntityClassification: &armsecurityinsights.MailboxEntity{ - // Name: to.Ptr("e1d3d618-e11f-478b-98e3-bb381539a8e1"), - // Type: to.Ptr("Microsoft.SecurityInsights/entities"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1"), - // Kind: to.Ptr(armsecurityinsights.EntityKindMailbox), - // Properties: &armsecurityinsights.MailboxEntityProperties{ - // FriendlyName: to.Ptr("emailAddress1"), - // DisplayName: to.Ptr("display name"), - // ExternalDirectoryObjectID: to.Ptr("18cc8fdc-e169-4451-983a-bd027db286eb"), - // MailboxPrimaryAddress: to.Ptr("emailAddress1"), - // Upn: to.Ptr("upn1"), - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entities/GetMalwareEntityById.json -func ExampleEntitiesClient_Get_getAMalwareEntity() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewEntitiesClient().Get(ctx, "myRg", "myWorkspace", "af378b21-b4aa-4fe7-bc70-13f8621a322f", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.EntitiesClientGetResponse{ - // EntityClassification: &armsecurityinsights.MalwareEntity{ - // Name: to.Ptr("af378b21-b4aa-4fe7-bc70-13f8621a322f"), - // Type: to.Ptr("Microsoft.SecurityInsights/entities"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/af378b21-b4aa-4fe7-bc70-13f8621a322f"), - // Kind: to.Ptr(armsecurityinsights.EntityKindMalware), - // Properties: &armsecurityinsights.MalwareEntityProperties{ - // FriendlyName: to.Ptr("Win32/Toga!rfn"), - // Category: to.Ptr("Trojan"), - // MalwareName: to.Ptr("Win32/Toga!rfn"), - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entities/GetProcessEntityById.json -func ExampleEntitiesClient_Get_getAProcessEntity() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewEntitiesClient().Get(ctx, "myRg", "myWorkspace", "7264685c-038c-42c6-948c-38e14ef1fb98", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.EntitiesClientGetResponse{ - // EntityClassification: &armsecurityinsights.ProcessEntity{ - // Name: to.Ptr("7264685c-038c-42c6-948c-38e14ef1fb98"), - // Type: to.Ptr("Microsoft.SecurityInsights/entities"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/7264685c-038c-42c6-948c-38e14ef1fb98"), - // Kind: to.Ptr(armsecurityinsights.EntityKindProcess), - // Properties: &armsecurityinsights.ProcessEntityProperties{ - // FriendlyName: to.Ptr("cmd.exe"), - // CommandLine: to.Ptr("\"cmd\""), - // ImageFileEntityID: to.Ptr("bba7b47b-c1c1-4021-b568-5b07b9292f5e"), - // ProcessID: to.Ptr("0x2aa48"), - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entities/GetRegistryKeyEntityById.json -func ExampleEntitiesClient_Get_getARegistryKeyEntity() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewEntitiesClient().Get(ctx, "myRg", "myWorkspace", "e1d3d618-e11f-478b-98e3-bb381539a8e1", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.EntitiesClientGetResponse{ - // EntityClassification: &armsecurityinsights.RegistryKeyEntity{ - // Name: to.Ptr("e1d3d618-e11f-478b-98e3-bb381539a8e1"), - // Type: to.Ptr("Microsoft.SecurityInsights/entities"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1"), - // Kind: to.Ptr(armsecurityinsights.EntityKindRegistryKey), - // Properties: &armsecurityinsights.RegistryKeyEntityProperties{ - // FriendlyName: to.Ptr("SOFTWARE"), - // Hive: to.Ptr(armsecurityinsights.RegistryHiveHKEYLOCALMACHINE), - // Key: to.Ptr("SOFTWARE"), - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entities/GetRegistryValueEntityById.json -func ExampleEntitiesClient_Get_getARegistryValueEntity() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewEntitiesClient().Get(ctx, "myRg", "myWorkspace", "dc44bd11-b348-4d76-ad29-37bf7aa41356", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.EntitiesClientGetResponse{ - // EntityClassification: &armsecurityinsights.RegistryValueEntity{ - // Name: to.Ptr("dc44bd11-b348-4d76-ad29-37bf7aa41356"), - // Type: to.Ptr("Microsoft.SecurityInsights/entities"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/dc44bd11-b348-4d76-ad29-37bf7aa41356"), - // Kind: to.Ptr(armsecurityinsights.EntityKindRegistryValue), - // Properties: &armsecurityinsights.RegistryValueEntityProperties{ - // FriendlyName: to.Ptr("Data"), - // KeyEntityID: to.Ptr("e1d3d618-e11f-478b-98e3-bb381539a8e1"), - // ValueData: to.Ptr("Data"), - // ValueName: to.Ptr("Name"), - // ValueType: to.Ptr(armsecurityinsights.RegistryValueKindString), - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entities/GetSecurityAlertEntityById.json -func ExampleEntitiesClient_Get_getASecurityAlertEntity() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewEntitiesClient().Get(ctx, "myRg", "myWorkspace", "4aa486e0-6f85-41af-99ea-7acdce7be6c8", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.EntitiesClientGetResponse{ - // EntityClassification: &armsecurityinsights.SecurityAlert{ - // Name: to.Ptr("e1d3d618-e11f-478b-98e3-bb381539a8e1"), - // Type: to.Ptr("Microsoft.SecurityInsights/entities"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/4aa486e0-6f85-41af-99ea-7acdce7be6c8"), - // Kind: to.Ptr(armsecurityinsights.EntityKindSecurityAlert), - // Properties: &armsecurityinsights.SecurityAlertProperties{ - // AdditionalData: map[string]any{ - // "Query": "Heartbeat \n| extend AccountCustomEntity = \"administrator\"", - // "Query Period": "05:00:00", - // "Search Query Results Overall Count": "203", - // "Total Account Entities": "1", - // "Trigger Operator": "GreaterThan", - // "Trigger Threshold": "200", - // }, - // FriendlyName: to.Ptr("Suspicious account detected"), - // Description: to.Ptr(""), - // AlertDisplayName: to.Ptr("Suspicious account detected"), - // AlertLink: to.Ptr("https://portal.azure.com/#blade/Microsoft_Azure_Security/AlertBlade/alertId/2518119885989999999_4aa486e0-6f85-41af-99ea-7acdce7be6c8/subscriptionId/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/myRg/myWorkspace/referencedFrom/alertDeepLink/location/centralus"), - // AlertType: to.Ptr("c8c99641-985d-4e4e-8e91-fb3466cd0e5b_46c7b6c0-ff43-44dd-8b4d-ceffff7aa7df"), - // ConfidenceLevel: to.Ptr(armsecurityinsights.ConfidenceLevelUnknown), - // EndTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T13:21:45.926Z"); return t}()), - // Intent: to.Ptr(armsecurityinsights.KillChainIntentUnknown), - // ProcessingEndTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-07-06T13:56:53.539Z"); return t}()), - // ProductComponentName: to.Ptr("Scheduled Alerts"), - // ProductName: to.Ptr("Azure Sentinel"), - // ProviderAlertID: to.Ptr("c2bafff9-fb31-41d0-a177-ecbff7a02ffe"), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), - // StartTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T08:21:45.926Z"); return t}()), - // Status: to.Ptr(armsecurityinsights.AlertStatusNew), - // SystemAlertID: to.Ptr("4aa486e0-6f85-41af-99ea-7acdce7be6c8"), - // Tactics: []*armsecurityinsights.AttackTactic{ - // to.Ptr(armsecurityinsights.AttackTacticPersistence), - // to.Ptr(armsecurityinsights.AttackTacticLateralMovement)}, - // TimeGenerated: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T13:56:53.539Z"); return t}()), - // VendorName: to.Ptr("Microsoft"), - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entities/GetSecurityGroupEntityById.json -func ExampleEntitiesClient_Get_getASecurityGroupEntity() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewEntitiesClient().Get(ctx, "myRg", "myWorkspace", "e1d3d618-e11f-478b-98e3-bb381539a8e1", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.EntitiesClientGetResponse{ - // EntityClassification: &armsecurityinsights.SecurityGroupEntity{ - // Name: to.Ptr("e1d3d618-e11f-478b-98e3-bb381539a8e1"), - // Type: to.Ptr("Microsoft.SecurityInsights/entities"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1"), - // Kind: to.Ptr(armsecurityinsights.EntityKindSecurityGroup), - // Properties: &armsecurityinsights.SecurityGroupEntityProperties{ - // FriendlyName: to.Ptr("Name"), - // DistinguishedName: to.Ptr("Name"), - // ObjectGUID: to.Ptr("fb1b8e04-d944-4986-b39a-1ce9adedcd98"), - // Sid: to.Ptr("Sid"), - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entities/GetSubmissionMailEntityById.json -func ExampleEntitiesClient_Get_getASubmissionMailEntity() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewEntitiesClient().Get(ctx, "myRg", "myWorkspace", "e1d3d618-e11f-478b-98e3-bb381539a8e1", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.EntitiesClientGetResponse{ - // EntityClassification: &armsecurityinsights.SubmissionMailEntity{ - // Name: to.Ptr("e1d3d618-e11f-478b-98e3-bb381539a8e1"), - // Type: to.Ptr("Microsoft.SecurityInsights/entities"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1"), - // Kind: to.Ptr(armsecurityinsights.EntityKindSubmissionMail), - // Properties: &armsecurityinsights.SubmissionMailEntityProperties{ - // FriendlyName: to.Ptr("recipient"), - // Recipient: to.Ptr("recipient"), - // ReportType: to.Ptr("report type"), - // Sender: to.Ptr("sender"), - // SenderIP: to.Ptr("1.4.35.34"), - // Subject: to.Ptr("subject"), - // SubmissionID: to.Ptr("5bb3d8fe-54bc-499c-bc21-86fe8df2a184"), - // Submitter: to.Ptr("submitter"), - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entities/GetUrlEntityById.json -func ExampleEntitiesClient_Get_getAUrlEntity() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewEntitiesClient().Get(ctx, "myRg", "myWorkspace", "e1d3d618-e11f-478b-98e3-bb381539a8e1", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.EntitiesClientGetResponse{ - // EntityClassification: &armsecurityinsights.URLEntity{ - // Name: to.Ptr("e1d3d618-e11f-478b-98e3-bb381539a8e1"), - // Type: to.Ptr("Microsoft.SecurityInsights/entities"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1"), - // Kind: to.Ptr(armsecurityinsights.EntityKindURL), - // Properties: &armsecurityinsights.URLEntityProperties{ - // FriendlyName: to.Ptr("https://bing.com"), - // URL: to.Ptr("https://bing.com"), - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entities/GetIoTDeviceEntityById.json -func ExampleEntitiesClient_Get_getAnIoTDeviceEntity() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewEntitiesClient().Get(ctx, "myRg", "myWorkspace", "e1d3d618-e11f-478b-98e3-bb381539a8e1", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.EntitiesClientGetResponse{ - // EntityClassification: &armsecurityinsights.IoTDeviceEntity{ - // Name: to.Ptr("e1d3d618-e11f-478b-98e3-bb381539a8e1"), - // Type: to.Ptr("Microsoft.SecurityInsights/entities"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1"), - // Kind: to.Ptr(armsecurityinsights.EntityKindIoTDevice), - // Properties: &armsecurityinsights.IoTDeviceEntityProperties{ - // FriendlyName: to.Ptr("device1"), - // DeviceID: to.Ptr("device1"), - // DeviceName: to.Ptr("device1"), - // DeviceType: to.Ptr("Industrial"), - // FirmwareVersion: to.Ptr("20.11"), - // Importance: to.Ptr(armsecurityinsights.DeviceImportanceNormal), - // IotHubEntityID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/8b2d9401-f953-e89d-2583-be9b4975870c"), - // IsAuthorized: to.Ptr(true), - // IsProgramming: to.Ptr(false), - // IsScanner: to.Ptr(false), - // Model: to.Ptr("demo-model"), - // NicEntityIDs: []*string{ - // to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/6ee379bd-ace8-44cf-ab10-ee669a1b71e2")}, - // OperatingSystem: to.Ptr("Windows"), - // Protocols: []*string{ - // to.Ptr("CIP"), - // to.Ptr("EtherNet/IP")}, - // PurdueLayer: to.Ptr("ProcessControl"), - // Sensor: to.Ptr("demo-sensor"), - // Site: to.Ptr("demo-site"), - // Vendor: to.Ptr("demo-vendor"), - // Zone: to.Ptr("zone"), - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entities/GetAccountEntityById.json -func ExampleEntitiesClient_Get_getAnAccountEntity() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewEntitiesClient().Get(ctx, "myRg", "myWorkspace", "e1d3d618-e11f-478b-98e3-bb381539a8e1", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.EntitiesClientGetResponse{ - // EntityClassification: &armsecurityinsights.AccountEntity{ - // Name: to.Ptr("e1d3d618-e11f-478b-98e3-bb381539a8e1"), - // Type: to.Ptr("Microsoft.SecurityInsights/entities"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1"), - // Kind: to.Ptr(armsecurityinsights.EntityKindAccount), - // Properties: &armsecurityinsights.AccountEntityProperties{ - // FriendlyName: to.Ptr("administrator"), - // AADTenantID: to.Ptr("70fbdad0-7441-4564-b2b5-2b8862d0fee0"), - // AADUserID: to.Ptr("f7033626-2572-46b1-bba0-06646f4f95b3"), - // AccountName: to.Ptr("administrator"), - // DNSDomain: to.Ptr("contoso.com"), - // IsDomainJoined: to.Ptr(true), - // NtDomain: to.Ptr("domain"), - // ObjectGUID: to.Ptr("11227b78-3c6e-436e-a2a2-02fc7662eca0"), - // Puid: to.Ptr("ee3cb2d8-14ba-45ef-8009-d6f1cacfa04d"), - // Sid: to.Ptr("S-1-5-18"), - // UpnSuffix: to.Ptr("contoso"), - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entities/GetAzureResourceEntityById.json -func ExampleEntitiesClient_Get_getAnAzureResourceEntity() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewEntitiesClient().Get(ctx, "myRg", "myWorkspace", "e1d3d618-e11f-478b-98e3-bb381539a8e1", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.EntitiesClientGetResponse{ - // EntityClassification: &armsecurityinsights.AzureResourceEntity{ - // Name: to.Ptr("e1d3d618-e11f-478b-98e3-bb381539a8e1"), - // Type: to.Ptr("Microsoft.SecurityInsights/entities"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1"), - // Kind: to.Ptr(armsecurityinsights.EntityKindAzureResource), - // Properties: &armsecurityinsights.AzureResourceEntityProperties{ - // FriendlyName: to.Ptr("vm1"), - // ResourceID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachines/vm1"), - // SubscriptionID: to.Ptr("d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"), - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entities/GetIpEntityById.json -func ExampleEntitiesClient_Get_getAnIpEntity() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewEntitiesClient().Get(ctx, "myRg", "myWorkspace", "e1d3d618-e11f-478b-98e3-bb381539a8e1", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.EntitiesClientGetResponse{ - // EntityClassification: &armsecurityinsights.IPEntity{ - // Name: to.Ptr("e1d3d618-e11f-478b-98e3-bb381539a8e1"), - // Type: to.Ptr("Microsoft.SecurityInsights/entities"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1"), - // Kind: to.Ptr(armsecurityinsights.EntityKindIP), - // Properties: &armsecurityinsights.IPEntityProperties{ - // FriendlyName: to.Ptr("10.3.2.8"), - // Address: to.Ptr("10.3.2.8"), - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entities/expand/PostExpandEntity.json -func ExampleEntitiesClient_Expand() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewEntitiesClient().Expand(ctx, "myRg", "myWorkspace", "e1d3d618-e11f-478b-98e3-bb381539a8e1", armsecurityinsights.EntityExpandParameters{ - EndTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-05-26T00:00:00.000Z"); return t }()), - ExpansionID: to.Ptr("a77992f3-25e9-4d01-99a4-5ff606cc410a"), - StartTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-04-25T00:00:00.000Z"); return t }()), - }, nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res.EntityExpandResponse = armsecurityinsights.EntityExpandResponse{ - // MetaData: &armsecurityinsights.ExpansionResultsMetadata{ - // Aggregations: []*armsecurityinsights.ExpansionResultAggregation{ - // { - // Count: to.Ptr[int32](1), - // EntityKind: to.Ptr(armsecurityinsights.EntityKindAccount), - // }}, - // }, - // Value: &armsecurityinsights.EntityExpandResponseValue{ - // Edges: []*armsecurityinsights.EntityEdges{ - // { - // AdditionalData: map[string]any{ - // "EpochTimestamp": "1608289949", - // "FirstSeen": "2021-09-01T11:12:29.597Z", - // "Source": "Heartbeat", - // }, - // TargetEntityID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/c1d60d86-5988-11eb-ae93-0242ac130002"), - // }}, - // Entities: []armsecurityinsights.EntityClassification{ - // &armsecurityinsights.IPEntity{ - // Name: to.Ptr("e1d3d618-e11f-478b-98e3-bb381539a8e1"), - // Type: to.Ptr("Microsoft.SecurityInsights/entities"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1"), - // Kind: to.Ptr(armsecurityinsights.EntityKindIP), - // Properties: &armsecurityinsights.IPEntityProperties{ - // FriendlyName: to.Ptr("13.89.108.248"), - // Address: to.Ptr("13.89.108.248"), - // }, - // }}, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entities/GetQueries.json -func ExampleEntitiesClient_Queries() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewEntitiesClient().Queries(ctx, "myRg", "myWorkspace", "e1d3d618-e11f-478b-98e3-bb381539a8e1", armsecurityinsights.EntityItemQueryKindInsight, nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res.GetQueriesResponse = armsecurityinsights.GetQueriesResponse{ - // Value: []armsecurityinsights.EntityQueryItemClassification{ - // &armsecurityinsights.InsightQueryItem{ - // Name: to.Ptr("6db7f5d1-f41e-46c2-b935-230b36a569e6"), - // Type: to.Ptr("Microsoft.SecurityInsights/entities/queries"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1/queries/6db7f5d1-f41e-46c2-b935-230b36a569e6"), - // Kind: to.Ptr(armsecurityinsights.EntityQueryKindInsight), - // Properties: &armsecurityinsights.InsightQueryItemProperties{ - // DataTypes: []*armsecurityinsights.EntityQueryItemPropertiesDataTypesItem{ - // { - // DataType: to.Ptr("AuditLogs"), - // }, - // { - // DataType: to.Ptr("SecurityEvent"), - // }}, - // EntitiesFilter: map[string]any{ - // }, - // InputEntityType: to.Ptr(armsecurityinsights.EntityTypeAccount), - // RequiredInputFieldsSets: [][]*string{ - // []*string{ - // to.Ptr("Account_Name"), - // to.Ptr("Account_NTDomain")}, - // []*string{ - // to.Ptr("Account_Name"), - // to.Ptr("Account_UPNSuffix")}, - // []*string{ - // to.Ptr("Account_AADUserId")}, - // []*string{ - // to.Ptr("Account_SID")}}, - // Description: to.Ptr("Summary of actions taken on the specified account, grouped by action: password resets and changes, account lockouts (policy or admin), account creation and deletion, account enabled and disabled\n"), - // AdditionalQuery: &armsecurityinsights.InsightQueryItemPropertiesAdditionalQuery{ - // Query: to.Ptr("project TimeGenerated, UserPrincipalName, Account_Name, OperationName, Activity, DisableUser, TargetSid, AADUserId, InitiatedBy, AADTenantId, AccountType, Computer, SubjectAccount, SubjectUserSid, EventData"), - // Text: to.Ptr("See all account activity"), - // }, - // BaseQuery: to.Ptr("let GetAccountActions = (v_Account_Name:string, v_Account_NTDomain:string, v_Account_UPNSuffix:string, v_Account_AADUserId:string, v_Account_SID:string){\nAuditLogs\n| where OperationName in~ ('Delete user', 'Change user password', 'Reset user password', 'Change password (self-service)', 'Reset password (by admin)', 'Reset password (self-service)', 'Update user')\n| extend UserPrincipalName = tostring(TargetResources[0].userPrincipalName)\n| extend Account_Name = tostring(split(UserPrincipalName, '@')[0])\n| extend Account_UPNSuffix = tostring(split(UserPrincipalName, '@')[1])\n| extend Action = tostring(parse_json(tostring(parse_json(tostring(TargetResources[0].modifiedProperties))[0])))\n| extend ModifiedProperty = parse_json(Action).displayName\n| extend ModifiedValue = parse_json(Action).newValue\n| extend Account_AADUserId = tostring(TargetResources[0].id)\n| extend DisableUser = iif(ModifiedProperty =~ 'AccountEnabled' and ModifiedValue =~ '[false]', 'True', 'False')\n| union isfuzzy=true (\nSecurityEvent\n| where EventID in (4720, 4722, 4723, 4724, 4725, 4726, 4740)\n| extend OperationName = tostring(EventID)\n| where AccountType =~ \"user\" or isempty(AccountType)\n| extend Account_Name = TargetUserName, Account_NTDomain = TargetDomainName, Account_SID = TargetSid\n)\n| where (Account_Name =~ v_Account_Name and (Account_UPNSuffix =~ v_Account_UPNSuffix or Account_NTDomain =~ v_Account_NTDomain)) or Account_AADUserId =~ v_Account_AADUserId or Account_SID =~ v_Account_SID\n};\nGetAccountActions('CTFFUser4', '', 'seccxp.ninja', '', '')\n"), - // ChartQuery: map[string]any{ - // "type": "BarChart", - // "dataSets":[]any{ - // map[string]any{ - // "legendColumnName": "OperationName", - // "query": "summarize Count = count() by bin(TimeGenerated, 1h), OperationName", - // "xColumnName": "TimeGenerated", - // "yColumnName": "Count", - // }, - // }, - // "title": "Actions by type", - // }, - // DefaultTimeRange: &armsecurityinsights.InsightQueryItemPropertiesDefaultTimeRange{ - // AfterRange: to.Ptr("12h"), - // BeforeRange: to.Ptr("12h"), - // }, - // DisplayName: to.Ptr("Actions on account"), - // TableQuery: &armsecurityinsights.InsightQueryItemPropertiesTableQuery{ - // ColumnsDefinitions: []*armsecurityinsights.InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem{ - // { - // Header: to.Ptr("Action"), - // OutputType: to.Ptr(armsecurityinsights.OutputTypeString), - // SupportDeepLink: to.Ptr(false), - // }, - // { - // Header: to.Ptr("Most Recent"), - // OutputType: to.Ptr(armsecurityinsights.OutputTypeDate), - // SupportDeepLink: to.Ptr(false), - // }, - // { - // Header: to.Ptr("Count"), - // OutputType: to.Ptr(armsecurityinsights.OutputTypeNumber), - // SupportDeepLink: to.Ptr(true), - // }}, - // QueriesDefinitions: []*armsecurityinsights.InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem{ - // { - // Filter: to.Ptr("where OperationName in~ ('Change user password', 'Reset user password', 'Change password (self-service)', 'Reset password (by admin)', 'Reset password (self-service)', '4724', '4723')"), - // LinkColumnsDefinitions: []*armsecurityinsights.InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem{ - // { - // Query: to.Ptr("{{BaseQuery}} | "), - // ProjectedName: to.Ptr("Count"), - // }}, - // Project: to.Ptr("project Title = OperationName, MostRecent, Count"), - // Summarize: to.Ptr("summarize MostRecent = max(TimeGenerated), Count = count() by OperationName"), - // }, - // { - // Filter: to.Ptr("where OperationName in~ ('Blocked from self-service password reset', '4740')"), - // LinkColumnsDefinitions: []*armsecurityinsights.InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem{ - // { - // Query: to.Ptr("{{BaseQuery}} | "), - // ProjectedName: to.Ptr("Count"), - // }}, - // Project: to.Ptr("project Title = OperationName, MostRecent, Count"), - // Summarize: to.Ptr("summarize MostRecent = max(TimeGenerated), Count = count() by OperationName"), - // }, - // { - // Filter: to.Ptr("where OperationName == '4725' or (OperationName =~ 'Update user' and DisableUser =~ 'True')"), - // LinkColumnsDefinitions: []*armsecurityinsights.InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem{ - // { - // Query: to.Ptr("{{BaseQuery}} | "), - // ProjectedName: to.Ptr("Count"), - // }}, - // Project: to.Ptr("project Title = OperationName, MostRecent, Count"), - // Summarize: to.Ptr("summarize MostRecent = max(TimeGenerated), Count = count() by OperationName"), - // }, - // { - // Filter: to.Ptr("where OperationName in~ ('Add user', '4720')"), - // LinkColumnsDefinitions: []*armsecurityinsights.InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem{ - // { - // Query: to.Ptr("{{BaseQuery}} | "), - // ProjectedName: to.Ptr("Count"), - // }}, - // Project: to.Ptr("project Title = OperationName, MostRecent, Count"), - // Summarize: to.Ptr("summarize MostRecent = max(TimeGenerated), Count = count() by OperationName"), - // }, - // { - // Filter: to.Ptr("where OperationName in~ ('Delete user', '4726')"), - // LinkColumnsDefinitions: []*armsecurityinsights.InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem{ - // { - // Query: to.Ptr("{{BaseQuery}} | "), - // ProjectedName: to.Ptr("Count"), - // }}, - // Project: to.Ptr("project Title = OperationName, MostRecent, Count"), - // Summarize: to.Ptr("summarize MostRecent = max(TimeGenerated), Count = count() by OperationName"), - // }, - // { - // Filter: to.Ptr("where OperationName in~ ('4725', 'Blocked from self-service password reset', '4740') or (OperationName =~ 'Update user' and DisableUser =~ 'True')"), - // LinkColumnsDefinitions: []*armsecurityinsights.InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem{ - // { - // Query: to.Ptr("{{BaseQuery}} | "), - // ProjectedName: to.Ptr("Count"), - // }}, - // Project: to.Ptr("project Title = OperationName, MostRecent, Count"), - // Summarize: to.Ptr("summarize MostRecent = max(TimeGenerated), Count = count() by OperationName"), - // }, - // { - // Filter: to.Ptr("where OperationName in~ ('4722', '4767') or (OperationName =~ 'Update user' and DisableUser =~ 'False')"), - // LinkColumnsDefinitions: []*armsecurityinsights.InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem{ - // { - // Query: to.Ptr("{{BaseQuery}} | "), - // ProjectedName: to.Ptr("Count"), - // }}, - // Project: to.Ptr("project Title = OperationName, MostRecent, Count"), - // Summarize: to.Ptr("summarize MostRecent = max(TimeGenerated), Count = count() by OperationName"), - // }, - // { - // Filter: to.Ptr("where OperationName in~ ('Update user','4738')"), - // LinkColumnsDefinitions: []*armsecurityinsights.InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem{ - // { - // Query: to.Ptr("{{BaseQuery}} | "), - // ProjectedName: to.Ptr("Count"), - // }}, - // Project: to.Ptr("project Title = OperationName, MostRecent, Count"), - // Summarize: to.Ptr("summarize MostRecent = max(TimeGenerated), Count = count() by OperationName"), - // }}, - // }, - // }, - // }, - // &armsecurityinsights.InsightQueryItem{ - // Name: to.Ptr("0a5d7b14-b485-450a-a0ac-4100c860ac32"), - // Type: to.Ptr("Microsoft.SecurityInsights/entities/queries"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1/queries/0a5d7b14-b485-450a-a0ac-4100c860ac32"), - // Kind: to.Ptr(armsecurityinsights.EntityQueryKindInsight), - // Properties: &armsecurityinsights.InsightQueryItemProperties{ - // DataTypes: []*armsecurityinsights.EntityQueryItemPropertiesDataTypesItem{ - // { - // DataType: to.Ptr("OfficeActivity"), - // }}, - // EntitiesFilter: map[string]any{ - // }, - // InputEntityType: to.Ptr(armsecurityinsights.EntityTypeAccount), - // RequiredInputFieldsSets: [][]*string{ - // []*string{ - // to.Ptr("Account_Name"), - // to.Ptr("Account_UPNSuffix")}}, - // Description: to.Ptr("Highlight office operations of the user with anomalously high count compared to those observed in the preceding 14 days."), - // AdditionalQuery: &armsecurityinsights.InsightQueryItemPropertiesAdditionalQuery{ - // Query: to.Ptr("make-series count() default=0 on TimeGenerated from (StartTime - BeforeRange) to EndTime step 1d by Operation \n| extend (anomalies,anomalyScore, expectedCount)=series_decompose_anomalies(count_,AScoreThresh,7,'linefit',numDays, 'ctukey') \n| extend count1=count_, TimeGenerated1=TimeGenerated, anomalyScore1=anomalyScore\n| mv-apply count1 to typeof(long), TimeGenerated1 to typeof(datetime), anomalyScore1 to typeof(double), anomalies to typeof(long) on (summarize totAnomalies=sumif(abs(anomalies), TimeGenerated1 < StartTime), baseStd=stdevif(count1, TimeGenerated1 < StartTime), baseAvg=avgif(count1, TimeGenerated1 < StartTime), maxCountPost=maxif(count1,TimeGenerated1 >= StartTime), maxAnomalyScorePost = maxif(anomalyScore1, TimeGenerated1 >= StartTime)) \n| extend count1=count_\n| mv-apply count1 to typeof(long), anomalyScore to typeof(double), expectedCount to typeof(double) on ( summarize (dummy, postExpectedCount, postActualCount)=arg_min(abs(anomalyScore - maxAnomalyScorePost), expectedCount, count1) ) \n| where totAnomalies < maxAnomalies\n| extend postAnomalyScore=iff(baseStd == 0 and maxCountPost > tolong(count_[0]),1000.0,maxAnomalyScorePost), postExpectedCount=iff(postExpectedCount < 0,0.0,postExpectedCount) \n| where maxAnomalyScorePost > AScoreThresh | order by maxAnomalyScorePost desc \n| project Operation, expectedCount=round(postExpectedCount,2), actualCount=postActualCount, anomalyScore=round(postAnomalyScore,2)\n"), - // Text: to.Ptr("Query all anomalous operations"), - // }, - // BaseQuery: to.Ptr("let AScoreThresh = 3; \nlet maxAnomalies = 3;\nlet BeforeRange = 12d; \nlet EndTime = todatetime('{{EndTimeUTC}}'); \nlet StartTime = todatetime('{{StartTimeUTC}}');\nlet numDays = tolong((EndTime-StartTime)/1d); \nlet userData = (v_Account_Name:string, v_Account_UPNSuffix:string) { \n OfficeActivity \n | extend splitUserId=split(UserId, '@')\n | extend Account_Name = tostring(splitUserId[0]), Account_UPNSuffix = tostring(splitUserId[1])\n | where Account_Name =~ v_Account_Name and Account_UPNSuffix =~ v_Account_UPNSuffix }; \nuserData('CTFFUser4', 'seccxp.ninja')\n"), - // ChartQuery: map[string]any{ - // "type": "LineChart", - // "dataSets":[]any{ - // map[string]any{ - // "legendColumnName": "Operation", - // "query": "make-series count() default=0 on TimeGenerated from (StartTime - BeforeRange) to EndTime step 1d by Operation \n| extend (anomalies,anomalyScore, expectedCount)=series_decompose_anomalies(count_,AScoreThresh,7,'linefit',numDays, 'ctukey') \n| extend count1=count_, TimeGenerated1=TimeGenerated, anomalyScore1=anomalyScore\n| mv-apply count1 to typeof(long), TimeGenerated1 to typeof(datetime), anomalyScore1 to typeof(double), anomalies to typeof(long) on (summarize totAnomalies=sumif(abs(anomalies), TimeGenerated1 < StartTime), baseStd=stdevif(count1, TimeGenerated1 < StartTime), baseAvg=avgif(count1, TimeGenerated1 < StartTime), maxCountPost=maxif(count1,TimeGenerated1 >= StartTime), maxAnomalyScorePost=maxif(anomalyScore1, TimeGenerated1 >= StartTime)) \n| extend count1=count_ \n| mv-apply count1 to typeof(long), anomalyScore to typeof(double), expectedCount to typeof(double) on ( summarize (dummy, postExpectedCount, postActualCount)=arg_min(abs(anomalyScore-maxAnomalyScorePost), expectedCount, count1) ) \n| where totAnomalies < maxAnomalies \n| extend postAnomalyScore=iff(baseStd == 0 and maxCountPost > tolong(count_[0]),1000.0,maxAnomalyScorePost), postExpectedCount=iff(postExpectedCount < 0,0.0,round(postExpectedCount,2)) \n| where maxAnomalyScorePost > AScoreThresh \n| order by maxAnomalyScorePost desc \n| take 1 \n| project Operation, TimeGenerated, count_\n| mvexpand TimeGenerated, count_ | project todatetime(TimeGenerated), toint(count_), Operation\n", - // "xColumnName": "TimeGenerated", - // "yColumnName": "count_", - // }, - // }, - // "title": "Anomalous operation timeline", - // }, - // DefaultTimeRange: &armsecurityinsights.InsightQueryItemPropertiesDefaultTimeRange{ - // AfterRange: to.Ptr("0d"), - // BeforeRange: to.Ptr("1d"), - // }, - // DisplayName: to.Ptr("Anomalously high office operation count"), - // ReferenceTimeRange: &armsecurityinsights.InsightQueryItemPropertiesReferenceTimeRange{ - // BeforeRange: to.Ptr("12d"), - // }, - // TableQuery: &armsecurityinsights.InsightQueryItemPropertiesTableQuery{ - // ColumnsDefinitions: []*armsecurityinsights.InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem{ - // { - // Header: to.Ptr("Operation"), - // OutputType: to.Ptr(armsecurityinsights.OutputTypeString), - // SupportDeepLink: to.Ptr(true), - // }, - // { - // Header: to.Ptr("Expected Count"), - // OutputType: to.Ptr(armsecurityinsights.OutputTypeNumber), - // SupportDeepLink: to.Ptr(false), - // }, - // { - // Header: to.Ptr("Actual Count"), - // OutputType: to.Ptr(armsecurityinsights.OutputTypeNumber), - // SupportDeepLink: to.Ptr(false), - // }}, - // QueriesDefinitions: []*armsecurityinsights.InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem{ - // { - // Filter: to.Ptr("make-series count() default=0 on TimeGenerated from (StartTime - BeforeRange) to EndTime step 1d by Operation \n| extend (anomalies,anomalyScore, expectedCount)=series_decompose_anomalies(count_,AScoreThresh,7,'linefit',numDays, 'ctukey') \n| extend count1=count_, TimeGenerated1=TimeGenerated, anomalyScore1=anomalyScore\n| mv-apply count1 to typeof(long), TimeGenerated1 to typeof(datetime), anomalyScore1 to typeof(double), anomalies to typeof(long) on (summarize totAnomalies=sumif(abs(anomalies), TimeGenerated1 < StartTime), baseStd=stdevif(count1, TimeGenerated1 < StartTime), baseAvg=avgif(count1, TimeGenerated1 < StartTime), maxCountPost=maxif(count1,TimeGenerated1 >= StartTime), maxAnomalyScorePost=maxif(anomalyScore1, TimeGenerated1 >= StartTime)) \n| extend count1=count_ \n| mv-apply count1 to typeof(long), anomalyScore to typeof(double), expectedCount to typeof(double) on ( summarize (dummy, postExpectedCount, postActualCount)=arg_min(abs(anomalyScore-maxAnomalyScorePost), expectedCount, count1) ) \n| where totAnomalies < maxAnomalies \n| extend postAnomalyScore=iff(baseStd == 0 and maxCountPost > tolong(count_[0]),1000.0,maxAnomalyScorePost), postExpectedCount=iff(postExpectedCount < 0,0.0,postExpectedCount) \n| where maxAnomalyScorePost > AScoreThresh \n| order by maxAnomalyScorePost desc\n"), - // LinkColumnsDefinitions: []*armsecurityinsights.InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem{ - // { - // Query: to.Ptr("{{BaseQuery}} \n| where TimeGenerated between (StartTime .. EndTime) \n| where Operation == ''\n"), - // ProjectedName: to.Ptr("Operation"), - // }}, - // Project: to.Ptr("project Operation, expectedCount=round(postExpectedCount,2), actualCount=postActualCount, anomalyScore=round(postAnomalyScore,2)"), - // Summarize: to.Ptr("take 1"), - // }}, - // }, - // }, - // }, - // &armsecurityinsights.InsightQueryItem{ - // Name: to.Ptr("e6cf68e6-1eca-4fbb-9fad-6280f2a9476e"), - // Type: to.Ptr("Microsoft.SecurityInsights/entities/queries"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1/queries/e6cf68e6-1eca-4fbb-9fad-6280f2a9476e"), - // Kind: to.Ptr(armsecurityinsights.EntityQueryKindInsight), - // Properties: &armsecurityinsights.InsightQueryItemProperties{ - // DataTypes: []*armsecurityinsights.EntityQueryItemPropertiesDataTypesItem{ - // { - // DataType: to.Ptr("OfficeActivity"), - // }}, - // EntitiesFilter: map[string]any{ - // }, - // InputEntityType: to.Ptr(armsecurityinsights.EntityTypeAccount), - // RequiredInputFieldsSets: [][]*string{ - // []*string{ - // to.Ptr("Account_Name"), - // to.Ptr("Account_UPNSuffix")}, - // []*string{ - // to.Ptr("Account_AADUserId")}}, - // Description: to.Ptr("Provides the count and distinct resource accesses by a given user account\n"), - // AdditionalQuery: &armsecurityinsights.InsightQueryItemPropertiesAdditionalQuery{ - // Query: to.Ptr("where Operation in~ (Operations)"), - // Text: to.Ptr("See all resource activity"), - // }, - // BaseQuery: to.Ptr("let Operations = dynamic([\"FileDownloaded\", \"FileUploaded\"]);\nlet UserOperationToSharePoint = (v_Account_Name:string, v_Account_UPNSuffix:string) {\nOfficeActivity\n// Select sharepoint activity that is relevant\n| where RecordType in~ ('SharePointFileOperation')\n| where Operation in~ (Operations)\n| extend Account_Name = tostring(split(UserId, '@')[0])\n| extend Account_UPNSuffix = tostring(split(UserId, '@')[1])\n| where Account_Name =~ v_Account_Name and Account_UPNSuffix =~ v_Account_UPNSuffix\n| project TimeGenerated, Account_Name, Account_UPNSuffix, UserId, OfficeId, RecordType, Operation, OrganizationId, UserType, UserKey, OfficeWorkload, OfficeObjectId, ClientIP, ItemType, UserAgent, Site_Url, SourceRelativeUrl, SourceFileName, SourceFileExtension , Start_Time , ElevationTime , TenantId, SourceSystem , Type\n};\nUserOperationToSharePoint ('CTFFUser4','seccxp.ninja')\n"), - // ChartQuery: map[string]any{ - // "type": "LineChart", - // "dataSets":[]any{ - // map[string]any{ - // "legendColumnName": "Legend", - // "query": "summarize DistinctResources = dcountif(Operation, Operation =~ 'FileUploaded'), TotalResources = countif(Operation =~ 'FileUploaded') by bin(TimeGenerated, 1h) | extend Legend = 'File Uploads'", - // "xColumnName": "TimeGenerated", - // "yColumnName": "TotalResources", - // }, - // map[string]any{ - // "legendColumnName": "Legend", - // "query": "summarize DistinctResources = dcountif(Operation, Operation =~ 'FileDownloaded'), TotalResources = countif(Operation =~ 'FileDownloaded') by bin(TimeGenerated, 1h) | extend Legend = 'File Downloads'", - // "xColumnName": "TimeGenerated", - // "yColumnName": "TotalResources", - // }, - // }, - // "title": "Resource access over time", - // }, - // DefaultTimeRange: &armsecurityinsights.InsightQueryItemPropertiesDefaultTimeRange{ - // AfterRange: to.Ptr("12h"), - // BeforeRange: to.Ptr("12h"), - // }, - // DisplayName: to.Ptr("Resource access"), - // TableQuery: &armsecurityinsights.InsightQueryItemPropertiesTableQuery{ - // ColumnsDefinitions: []*armsecurityinsights.InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem{ - // { - // Header: to.Ptr("Resource Type"), - // OutputType: to.Ptr(armsecurityinsights.OutputTypeString), - // SupportDeepLink: to.Ptr(false), - // }, - // { - // Header: to.Ptr("Distinct Resources"), - // OutputType: to.Ptr(armsecurityinsights.OutputTypeNumber), - // SupportDeepLink: to.Ptr(true), - // }, - // { - // Header: to.Ptr("Total Resources"), - // OutputType: to.Ptr(armsecurityinsights.OutputTypeNumber), - // SupportDeepLink: to.Ptr(true), - // }, - // { - // Header: to.Ptr("IPAddress(es)"), - // OutputType: to.Ptr(armsecurityinsights.OutputTypeString), - // SupportDeepLink: to.Ptr(false), - // }}, - // QueriesDefinitions: []*armsecurityinsights.InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem{ - // { - // Filter: to.Ptr("where Operation =~ 'FileUploaded'"), - // LinkColumnsDefinitions: []*armsecurityinsights.InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem{ - // { - // Query: to.Ptr("{{BaseQuery}} | "), - // ProjectedName: to.Ptr("DistinctResources"), - // }, - // { - // Query: to.Ptr("{{BaseQuery}} | "), - // ProjectedName: to.Ptr("TotalResources"), - // }}, - // Project: to.Ptr("project Title = Operation, DistinctResources, TotalResources, IPAddresses = case(array_length(IPAddresses) == 1, tostring(IPAddresses[0]), array_length(IPAddresses) > 1, 'Many', 'None')"), - // Summarize: to.Ptr("summarize DistinctResources = dcount(SourceFileName), TotalResources = count(SourceFileName), IPAddresses = make_set(ClientIP) by Operation"), - // }, - // { - // Filter: to.Ptr("where Operation =~ 'FileDownloaded'"), - // LinkColumnsDefinitions: []*armsecurityinsights.InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem{ - // { - // Query: to.Ptr("{{BaseQuery}} | "), - // ProjectedName: to.Ptr("DistinctResources"), - // }, - // { - // Query: to.Ptr("{{BaseQuery}} | "), - // ProjectedName: to.Ptr("TotalResources"), - // }}, - // Project: to.Ptr("project Title = Operation, DistinctResources, TotalResources, IPAddresses = case(array_length(IPAddresses) == 1, tostring(IPAddresses[0]), array_length(IPAddresses) > 1, 'Many', 'None')"), - // Summarize: to.Ptr("summarize DistinctResources = dcount(SourceFileName), TotalResources = count(SourceFileName), IPAddresses = make_set(ClientIP) by Operation"), - // }}, - // }, - // }, - // }, - // &armsecurityinsights.InsightQueryItem{ - // Name: to.Ptr("cae8d0aa-aa45-4d53-8d88-17dd64ffd4e4"), - // Type: to.Ptr("Microsoft.SecurityInsights/entities/queries"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1/queries/cae8d0aa-aa45-4d53-8d88-17dd64ffd4e4"), - // Kind: to.Ptr(armsecurityinsights.EntityQueryKindInsight), - // Properties: &armsecurityinsights.InsightQueryItemProperties{ - // DataTypes: []*armsecurityinsights.EntityQueryItemPropertiesDataTypesItem{ - // { - // DataType: to.Ptr("SigninLogs"), - // }}, - // EntitiesFilter: map[string]any{ - // }, - // InputEntityType: to.Ptr(armsecurityinsights.EntityTypeAccount), - // RequiredInputFieldsSets: [][]*string{ - // []*string{ - // to.Ptr("Account_Name"), - // to.Ptr("Account_UPNSuffix")}, - // []*string{ - // to.Ptr("Account_AADUserId")}}, - // Description: to.Ptr("Highlight Azure sign-in results by the user principal with anomalously high count compared to those observed in the preceding 14 days."), - // AdditionalQuery: &armsecurityinsights.InsightQueryItemPropertiesAdditionalQuery{ - // Query: to.Ptr("make-series count() default=0 on TimeGenerated from (StartTime - BeforeRange) to EndTime step 1d by ResultDescription \n| extend (anomalies,anomalyScore, expectedCount)=series_decompose_anomalies(count_,AScoreThresh,7,'linefit',numDays, 'ctukey') \n| extend count1=count_, TimeGenerated1=TimeGenerated, anomalyScore1=anomalyScore\n| mv-apply count1 to typeof(long), TimeGenerated1 to typeof(datetime), anomalyScore1 to typeof(double), anomalies to typeof(long) on (summarize totAnomalies=sumif(abs(anomalies), TimeGenerated1 < StartTime), baseStd=stdevif(count1, TimeGenerated1 < StartTime), baseAvg=avgif(count1, TimeGenerated1 < StartTime), maxCountPost=maxif(count1,TimeGenerated1 >= StartTime), maxAnomalyScorePost = maxif(anomalyScore1, TimeGenerated1 >= StartTime)) \n| extend count1=count_\n| mv-apply count1 to typeof(long), anomalyScore to typeof(double), expectedCount to typeof(double) on ( summarize (dummy, postExpectedCount, postActualCount)=arg_min(abs(anomalyScore - maxAnomalyScorePost), expectedCount, count1) ) \n| where totAnomalies < maxAnomalies\n| extend postAnomalyScore=iff(baseStd == 0 and maxCountPost > tolong(count_[0]),1000.0,maxAnomalyScorePost), postExpectedCount=iff(postExpectedCount < 0,0.0,postExpectedCount) \n| where maxAnomalyScorePost > AScoreThresh \n| order by maxAnomalyScorePost desc \n| project ResultDescription, expectedCount=round(postExpectedCount,2), actualCount=postActualCount, anomalyScore=round(postAnomalyScore,2)\n"), - // Text: to.Ptr("Query all anomalous sign-in results"), - // }, - // BaseQuery: to.Ptr("let AScoreThresh=3; \nlet maxAnomalies=3; \nlet BeforeRange = 12d; \nlet EndTime=todatetime('{{EndTimeUTC}}');\nlet StartTime = todatetime('{{StartTimeUTC}}'); \nlet numDays = tolong((EndTime-StartTime)/1d); \nlet userData = (v_Account_Name:string, v_Account_UPNSuffix:string, v_Account_AADUserId:string) { \n SigninLogs \n | where TimeGenerated between ((StartTime-BeforeRange) .. EndTime)\n | extend splitUserId=split(UserPrincipalName, '@')\n | extend Account_Name = tostring(splitUserId[0]), Account_UPNSuffix = tostring(splitUserId[1])\n | where (Account_Name =~ v_Account_Name and Account_UPNSuffix =~ v_Account_UPNSuffix) or UserId =~ v_Account_AADUserId };\nuserData('CTFFUser4', 'seccxp.ninja', '')\n"), - // ChartQuery: map[string]any{ - // "type": "LineChart", - // "dataSets":[]any{ - // map[string]any{ - // "legendColumnName": "ResultDescription", - // "query": "make-series count() default=0 on TimeGenerated from (StartTime - BeforeRange) to EndTime step 1d by ResultDescription \n| extend (anomalies,anomalyScore, expectedCount)=series_decompose_anomalies(count_,AScoreThresh,7,'linefit',numDays, 'ctukey') \n| extend count1=count_, TimeGenerated1=TimeGenerated, anomalyScore1=anomalyScore\n| mv-apply count1 to typeof(long), TimeGenerated1 to typeof(datetime), anomalyScore1 to typeof(double), anomalies to typeof(long) on (summarize totAnomalies=sumif(abs(anomalies), TimeGenerated1 < StartTime), baseStd=stdevif(count1, TimeGenerated1 < StartTime), baseAvg=avgif(count1, TimeGenerated1 < StartTime), maxCountPost=maxif(count1,TimeGenerated1 >= StartTime), maxAnomalyScorePost = maxif(anomalyScore1, TimeGenerated1 >= StartTime)) \n| extend count1=count_ \n| mv-apply count1 to typeof(long), anomalyScore to typeof(double), expectedCount to typeof(double) on ( summarize (dummy, postExpectedCount, postActualCount)=arg_min(abs(anomalyScore - maxAnomalyScorePost), expectedCount, count1) ) \n| where totAnomalies < maxAnomalies \n| extend postAnomalyScore=iff(baseStd == 0 and maxCountPost > tolong(count_[0]),1000.0,maxAnomalyScorePost), postExpectedCount=iff(postExpectedCount < 0,0.0,round(postExpectedCount,2)) \n| where maxAnomalyScorePost > AScoreThresh \n| order by maxAnomalyScorePost desc \n| take 1 \n| project ResultDescription, TimeGenerated, count_ \n| mvexpand TimeGenerated, count_ \n| project todatetime(TimeGenerated), toint(count_), ResultDescription \n", - // "xColumnName": "TimeGenerated", - // "yColumnName": "count_", - // }, - // }, - // "title": "Anomalous sign-in result timeline", - // }, - // DefaultTimeRange: &armsecurityinsights.InsightQueryItemPropertiesDefaultTimeRange{ - // AfterRange: to.Ptr("0d"), - // BeforeRange: to.Ptr("1d"), - // }, - // DisplayName: to.Ptr("Anomalously high Azure sign-in result count"), - // ReferenceTimeRange: &armsecurityinsights.InsightQueryItemPropertiesReferenceTimeRange{ - // BeforeRange: to.Ptr("12d"), - // }, - // TableQuery: &armsecurityinsights.InsightQueryItemPropertiesTableQuery{ - // ColumnsDefinitions: []*armsecurityinsights.InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem{ - // { - // Header: to.Ptr("Result Description"), - // OutputType: to.Ptr(armsecurityinsights.OutputTypeString), - // SupportDeepLink: to.Ptr(true), - // }, - // { - // Header: to.Ptr("Expected Count"), - // OutputType: to.Ptr(armsecurityinsights.OutputTypeNumber), - // SupportDeepLink: to.Ptr(false), - // }, - // { - // Header: to.Ptr("Actual Count"), - // OutputType: to.Ptr(armsecurityinsights.OutputTypeNumber), - // SupportDeepLink: to.Ptr(false), - // }}, - // QueriesDefinitions: []*armsecurityinsights.InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem{ - // { - // Filter: to.Ptr("make-series count() default=0 on TimeGenerated from (StartTime - BeforeRange) to EndTime step 1d by ResultDescription \n| extend (anomalies,anomalyScore, expectedCount)=series_decompose_anomalies(count_,AScoreThresh,7,'linefit',numDays, 'ctukey') \n| extend count1=count_, TimeGenerated1=TimeGenerated, anomalyScore1=anomalyScore\n| mv-apply count1 to typeof(long), TimeGenerated1 to typeof(datetime), anomalyScore1 to typeof(double), anomalies to typeof(long) on (summarize totAnomalies=sumif(abs(anomalies), TimeGenerated1 < StartTime), baseStd=stdevif(count1, TimeGenerated1 < StartTime), baseAvg=avgif(count1, TimeGenerated1 < StartTime), maxCountPost=maxif(count1,TimeGenerated1 >= StartTime), maxAnomalyScorePost = maxif(anomalyScore1, TimeGenerated1 >= StartTime)) \n| extend count1=count_ \n| mv-apply count1 to typeof(long), anomalyScore to typeof(double), expectedCount to typeof(double) on ( summarize (dummy, postExpectedCount, postActualCount)=arg_min(abs(anomalyScore - maxAnomalyScorePost), expectedCount, count1) ) \n| where totAnomalies < maxAnomalies \n| extend postAnomalyScore=iff(baseStd == 0 and maxCountPost > tolong(count_[0]),1000.0,maxAnomalyScorePost), postExpectedCount=iff(postExpectedCount < 0,0.0,postExpectedCount) \n| where maxAnomalyScorePost > AScoreThresh \n| order by maxAnomalyScorePost desc\n"), - // LinkColumnsDefinitions: []*armsecurityinsights.InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem{ - // { - // Query: to.Ptr("{{BaseQuery}} \n| where TimeGenerated between (StartTime .. EndTime) \n| where ResultDescription == ''\n"), - // ProjectedName: to.Ptr("ResultDescription"), - // }}, - // Project: to.Ptr("project ResultDescription, expectedCount=round(postExpectedCount,2), actualCount=postActualCount, anomalyScore=round(postAnomalyScore,2)"), - // Summarize: to.Ptr("take 1"), - // }}, - // }, - // }, - // }}, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entities/insights/PostGetInsights.json -func ExampleEntitiesClient_GetInsights() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewEntitiesClient().GetInsights(ctx, "myRg", "myWorkspace", "e1d3d618-e11f-478b-98e3-bb381539a8e1", armsecurityinsights.EntityGetInsightsParameters{ - AddDefaultExtendedTimeRange: to.Ptr(false), - EndTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-10-01T00:00:00.000Z"); return t }()), - InsightQueryIDs: []*string{ - to.Ptr("cae8d0aa-aa45-4d53-8d88-17dd64ffd4e4")}, - StartTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T00:00:00.000Z"); return t }()), - }, nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res.EntityGetInsightsResponse = armsecurityinsights.EntityGetInsightsResponse{ - // MetaData: &armsecurityinsights.GetInsightsResultsMetadata{ - // Errors: []*armsecurityinsights.GetInsightsErrorKind{ - // { - // ErrorMessage: to.Ptr("Internal server error"), - // Kind: to.Ptr(armsecurityinsights.GetInsightsErrorInsight), - // QueryID: to.Ptr("4a70a63d-25c4-6312-b73e-4f302a90c06a"), - // }}, - // TotalCount: to.Ptr[int32](7), - // }, - // Value: []*armsecurityinsights.EntityInsightItem{ - // { - // ChartQueryResults: []*armsecurityinsights.InsightsTableResult{ - // { - // Columns: []*armsecurityinsights.InsightsTableResultColumnsItem{ - // { - // Name: to.Ptr("TimeGenerated"), - // Type: to.Ptr("datetime"), - // }, - // { - // Name: to.Ptr("Count"), - // Type: to.Ptr("long"), - // }, - // { - // Name: to.Ptr("Legend"), - // Type: to.Ptr("string"), - // }}, - // Rows: [][]*string{ - // []*string{ - // to.Ptr("2021-09-01T00:00:00.000Z"), - // to.Ptr("55"), - // to.Ptr("SomeLegend")}}, - // }}, - // QueryID: to.Ptr("e29ee1ef-7445-455e-85f1-269f2d536d61"), - // QueryTimeInterval: &armsecurityinsights.EntityInsightItemQueryTimeInterval{ - // EndTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T23:35:20.000Z"); return t}()), - // StartTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T23:35:20.000Z"); return t}()), - // }, - // TableQueryResults: &armsecurityinsights.InsightsTableResult{ - // Columns: []*armsecurityinsights.InsightsTableResultColumnsItem{ - // { - // Name: to.Ptr("Title"), - // Type: to.Ptr("string"), - // }, - // { - // Name: to.Ptr("NameCount"), - // Type: to.Ptr("long"), - // }, - // { - // Name: to.Ptr("SIDCount"), - // Type: to.Ptr("long"), - // }, - // { - // Name: to.Ptr("InternalOrder"), - // Type: to.Ptr("long"), - // }, - // { - // Name: to.Ptr("Index"), - // Type: to.Ptr("long"), - // }}, - // Rows: [][]*string{ - // []*string{ - // to.Ptr("MyTitle"), - // to.Ptr("15"), - // to.Ptr("SID"), - // to.Ptr("1"), - // to.Ptr("1")}}, - // }, - // }}, - // } -} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/entitiesgettimeline_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/entitiesgettimeline_client.go deleted file mode 100644 index 7b586d5896d0..000000000000 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/entitiesgettimeline_client.go +++ /dev/null @@ -1,118 +0,0 @@ -//go:build go1.18 -// +build go1.18 - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See License.txt in the project root for license information. -// Code generated by Microsoft (R) AutoRest Code Generator. DO NOT EDIT. -// Changes may cause incorrect behavior and will be lost if the code is regenerated. - -package armsecurityinsights - -import ( - "context" - "errors" - "github.com/Azure/azure-sdk-for-go/sdk/azcore" - "github.com/Azure/azure-sdk-for-go/sdk/azcore/arm" - "github.com/Azure/azure-sdk-for-go/sdk/azcore/policy" - "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime" - "net/http" - "net/url" - "strings" -) - -// EntitiesGetTimelineClient contains the methods for the EntitiesGetTimeline group. -// Don't use this type directly, use NewEntitiesGetTimelineClient() instead. -type EntitiesGetTimelineClient struct { - internal *arm.Client - subscriptionID string -} - -// NewEntitiesGetTimelineClient creates a new instance of EntitiesGetTimelineClient with the specified values. -// - subscriptionID - The ID of the target subscription. -// - credential - used to authorize requests. Usually a credential from azidentity. -// - options - pass nil to accept the default values. -func NewEntitiesGetTimelineClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*EntitiesGetTimelineClient, error) { - cl, err := arm.NewClient(moduleName, moduleVersion, credential, options) - if err != nil { - return nil, err - } - client := &EntitiesGetTimelineClient{ - subscriptionID: subscriptionID, - internal: cl, - } - return client, nil -} - -// List - Timeline for an entity. -// If the operation fails it returns an *azcore.ResponseError type. -// -// Generated from API version 2022-09-01-preview -// - resourceGroupName - The name of the resource group. The name is case insensitive. -// - workspaceName - The name of the workspace. -// - entityID - entity ID -// - parameters - The parameters required to execute an timeline operation on the given entity. -// - options - EntitiesGetTimelineClientListOptions contains the optional parameters for the EntitiesGetTimelineClient.List -// method. -func (client *EntitiesGetTimelineClient) List(ctx context.Context, resourceGroupName string, workspaceName string, entityID string, parameters EntityTimelineParameters, options *EntitiesGetTimelineClientListOptions) (EntitiesGetTimelineClientListResponse, error) { - var err error - const operationName = "EntitiesGetTimelineClient.List" - ctx = context.WithValue(ctx, runtime.CtxAPINameKey{}, operationName) - ctx, endSpan := runtime.StartSpan(ctx, operationName, client.internal.Tracer(), nil) - defer func() { endSpan(err) }() - req, err := client.listCreateRequest(ctx, resourceGroupName, workspaceName, entityID, parameters, options) - if err != nil { - return EntitiesGetTimelineClientListResponse{}, err - } - httpResp, err := client.internal.Pipeline().Do(req) - if err != nil { - return EntitiesGetTimelineClientListResponse{}, err - } - if !runtime.HasStatusCode(httpResp, http.StatusOK) { - err = runtime.NewResponseError(httpResp) - return EntitiesGetTimelineClientListResponse{}, err - } - resp, err := client.listHandleResponse(httpResp) - return resp, err -} - -// listCreateRequest creates the List request. -func (client *EntitiesGetTimelineClient) listCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, entityID string, parameters EntityTimelineParameters, options *EntitiesGetTimelineClientListOptions) (*policy.Request, error) { - urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/getTimeline" - if client.subscriptionID == "" { - return nil, errors.New("parameter client.subscriptionID cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) - if resourceGroupName == "" { - return nil, errors.New("parameter resourceGroupName cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) - if workspaceName == "" { - return nil, errors.New("parameter workspaceName cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) - if entityID == "" { - return nil, errors.New("parameter entityID cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{entityId}", url.PathEscape(entityID)) - req, err := runtime.NewRequest(ctx, http.MethodPost, runtime.JoinPaths(client.internal.Endpoint(), urlPath)) - if err != nil { - return nil, err - } - reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") - req.Raw().URL.RawQuery = reqQP.Encode() - req.Raw().Header["Accept"] = []string{"application/json"} - if err := runtime.MarshalAsJSON(req, parameters); err != nil { - return nil, err - } - return req, nil -} - -// listHandleResponse handles the List response. -func (client *EntitiesGetTimelineClient) listHandleResponse(resp *http.Response) (EntitiesGetTimelineClientListResponse, error) { - result := EntitiesGetTimelineClientListResponse{} - if err := runtime.UnmarshalAsJSON(resp, &result.EntityTimelineResponse); err != nil { - return EntitiesGetTimelineClientListResponse{}, err - } - return result, nil -} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/entitiesgettimeline_client_example_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/entitiesgettimeline_client_example_test.go deleted file mode 100644 index 4454d1154e5c..000000000000 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/entitiesgettimeline_client_example_test.go +++ /dev/null @@ -1,113 +0,0 @@ -//go:build go1.18 -// +build go1.18 - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See License.txt in the project root for license information. -// Code generated by Microsoft (R) AutoRest Code Generator. -// Changes may cause incorrect behavior and will be lost if the code is regenerated. -// DO NOT EDIT. - -package armsecurityinsights_test - -import ( - "context" - "log" - - "time" - - "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" - "github.com/Azure/azure-sdk-for-go/sdk/azidentity" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" -) - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entities/timeline/PostTimelineEntity.json -func ExampleEntitiesGetTimelineClient_List() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewEntitiesGetTimelineClient().List(ctx, "myRg", "myWorkspace", "e1d3d618-e11f-478b-98e3-bb381539a8e1", armsecurityinsights.EntityTimelineParameters{ - EndTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-10-01T00:00:00.000Z"); return t }()), - NumberOfBucket: to.Ptr[int32](4), - StartTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T00:00:00.000Z"); return t }()), - }, nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res.EntityTimelineResponse = armsecurityinsights.EntityTimelineResponse{ - // MetaData: &armsecurityinsights.TimelineResultsMetadata{ - // Aggregations: []*armsecurityinsights.TimelineAggregation{ - // { - // Count: to.Ptr[int32](4), - // Kind: to.Ptr(armsecurityinsights.EntityTimelineKindActivity), - // }, - // { - // Count: to.Ptr[int32](2), - // Kind: to.Ptr(armsecurityinsights.EntityTimelineKindSecurityAlert), - // }, - // { - // Count: to.Ptr[int32](1), - // Kind: to.Ptr(armsecurityinsights.EntityTimelineKindAnomaly), - // }}, - // Errors: []*armsecurityinsights.TimelineError{ - // { - // ErrorMessage: to.Ptr("syntax error"), - // Kind: to.Ptr(armsecurityinsights.EntityTimelineKindActivity), - // QueryID: to.Ptr("11067f9f-d6a7-4488-887f-0ba564268879"), - // }, - // { - // ErrorMessage: to.Ptr("internal server error"), - // Kind: to.Ptr(armsecurityinsights.EntityTimelineKindSecurityAlert), - // }}, - // TotalCount: to.Ptr[int32](6), - // }, - // Value: []armsecurityinsights.EntityTimelineItemClassification{ - // &armsecurityinsights.SecurityAlertTimelineItem{ - // Kind: to.Ptr(armsecurityinsights.EntityTimelineKindSecurityAlert), - // Description: to.Ptr("The alert description"), - // AlertType: to.Ptr("4467341f-fb73-4f99-a9b3-29473532cf5a_c93bf33e-055e-4972-9e7d-f84fe3fb61ae"), - // AzureResourceID: to.Ptr("4467341f-fb73-4f99-a9b3-29473532cf5a_bf7c3a2f-b743-6410-3ff0-ec64b5995d50"), - // DisplayName: to.Ptr("Alert display name"), - // EndTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T23:31:28.020Z"); return t}()), - // ProductName: to.Ptr("Azure Sentinel"), - // Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium), - // StartTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T23:32:28.010Z"); return t}()), - // TimeGenerated: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T23:37:25.813Z"); return t}()), - // }, - // &armsecurityinsights.ActivityTimelineItem{ - // Kind: to.Ptr(armsecurityinsights.EntityTimelineKindActivity), - // BucketEndTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T23:31:28.020Z"); return t}()), - // BucketStartTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T21:31:28.020Z"); return t}()), - // Content: to.Ptr("he user has deleted the account 3 time(s)"), - // FirstActivityTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T21:35:28.020Z"); return t}()), - // LastActivityTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T21:35:28.020Z"); return t}()), - // QueryID: to.Ptr("e0459780-ac9d-4b72-8bd4-fecf6b46a0a1"), - // Title: to.Ptr("The user has deleted an account"), - // }, - // &armsecurityinsights.AnomalyTimelineItem{ - // Kind: to.Ptr(armsecurityinsights.EntityTimelineKindAnomaly), - // Description: to.Ptr("Anomalous private to public port scanning activity with high destination port count along with low port ratio. The ratios are normalized by multiplying them by 10,000 to get them to a more usable value between 0.0 and 1.0."), - // AzureResourceID: to.Ptr("4467341f-fb73-4f99-a9b3-29473532cf5a_d56430ef-f421-2c9c-0b7d-d082285843c6"), - // DisplayName: to.Ptr("(Preview) Anomalous scanning activity"), - // EndTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T23:31:28.020Z"); return t}()), - // Intent: to.Ptr("Discovery"), - // ProductName: to.Ptr("Azure Sentinel"), - // Reasons: []*string{ - // to.Ptr("High destination port count"), - // to.Ptr("Low port ratio")}, - // StartTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T23:32:28.010Z"); return t}()), - // Techniques: []*string{ - // to.Ptr("T1046")}, - // TimeGenerated: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T23:37:25.813Z"); return t}()), - // Vendor: to.Ptr("Microsoft"), - // }}, - // } -} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/entitiesrelations_client_example_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/entitiesrelations_client_example_test.go deleted file mode 100644 index 8e780504294d..000000000000 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/entitiesrelations_client_example_test.go +++ /dev/null @@ -1,61 +0,0 @@ -//go:build go1.18 -// +build go1.18 - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See License.txt in the project root for license information. -// Code generated by Microsoft (R) AutoRest Code Generator. -// Changes may cause incorrect behavior and will be lost if the code is regenerated. -// DO NOT EDIT. - -package armsecurityinsights_test - -import ( - "context" - "log" - - "github.com/Azure/azure-sdk-for-go/sdk/azidentity" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" -) - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entities/relations/GetAllEntityRelations.json -func ExampleEntitiesRelationsClient_NewListPager() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - pager := clientFactory.NewEntitiesRelationsClient().NewListPager("myRg", "myWorkspace", "afbd324f-6c48-459c-8710-8d1e1cd03812", &armsecurityinsights.EntitiesRelationsClientListOptions{Filter: nil, - Orderby: nil, - Top: nil, - SkipToken: nil, - }) - for pager.More() { - page, err := pager.NextPage(ctx) - if err != nil { - log.Fatalf("failed to advance page: %v", err) - } - for _, v := range page.Value { - // You could use page here. We use blank identifier for just demo purposes. - _ = v - } - // If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // page.RelationList = armsecurityinsights.RelationList{ - // Value: []*armsecurityinsights.Relation{ - // { - // Name: to.Ptr("4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"), - // Type: to.Ptr("Microsoft.SecurityInsights/entities/relations"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"), - // Etag: to.Ptr("190057d0-0000-0d00-0000-5c6f5adb0000"), - // Properties: &armsecurityinsights.RelationProperties{ - // RelatedResourceID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/2216d0e1-91e3-4902-89fd-d2df8c535096"), - // RelatedResourceName: to.Ptr("2216d0e1-91e3-4902-89fd-d2df8c535096"), - // RelatedResourceType: to.Ptr("Microsoft.SecurityInsights/incidents"), - // }, - // }}, - // } - } -} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/entityqueries_client_example_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/entityqueries_client_example_test.go deleted file mode 100644 index 22bf401bfbb2..000000000000 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/entityqueries_client_example_test.go +++ /dev/null @@ -1,276 +0,0 @@ -//go:build go1.18 -// +build go1.18 - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See License.txt in the project root for license information. -// Code generated by Microsoft (R) AutoRest Code Generator. -// Changes may cause incorrect behavior and will be lost if the code is regenerated. -// DO NOT EDIT. - -package armsecurityinsights_test - -import ( - "context" - "log" - - "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" - "github.com/Azure/azure-sdk-for-go/sdk/azidentity" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" -) - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entityQueries/GetEntityQueries.json -func ExampleEntityQueriesClient_NewListPager() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - pager := clientFactory.NewEntityQueriesClient().NewListPager("myRg", "myWorkspace", &armsecurityinsights.EntityQueriesClientListOptions{Kind: to.Ptr(armsecurityinsights.Enum13Expansion)}) - for pager.More() { - page, err := pager.NextPage(ctx) - if err != nil { - log.Fatalf("failed to advance page: %v", err) - } - for _, v := range page.Value { - // You could use page here. We use blank identifier for just demo purposes. - _ = v - } - // If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // page.EntityQueryList = armsecurityinsights.EntityQueryList{ - // Value: []armsecurityinsights.EntityQueryClassification{ - // &armsecurityinsights.ExpansionEntityQuery{ - // Name: to.Ptr("37ca3555-c135-4a73-a65e-9c1d00323f5d"), - // Type: to.Ptr("Microsoft.SecurityInsights/entityQueries"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueries/37ca3555-c135-4a73-a65e-9c1d00323f5d"), - // Kind: to.Ptr(armsecurityinsights.EntityQueryKindExpansion), - // Properties: &armsecurityinsights.ExpansionEntityQueriesProperties{ - // DataSources: []*string{ - // to.Ptr("AzureActivity")}, - // DisplayName: to.Ptr("Least active accounts on Azure from this IP"), - // InputEntityType: to.Ptr(armsecurityinsights.EntityTypeIP), - // InputFields: []*string{ - // to.Ptr("address")}, - // OutputEntityTypes: []*armsecurityinsights.EntityType{ - // to.Ptr(armsecurityinsights.EntityTypeAccount)}, - // QueryTemplate: to.Ptr("let AccountActivity_byIP = (v_IP_Address:string){\r\n AzureActivity\r\n | where Caller != '' and CallerIpAddress == v_IP_Address\r\n | summarize Account_Aux_StartTime = min(TimeGenerated), Account_Aux_EndTime = max(TimeGenerated), Count = count() by Caller, TenantId\r\n | top 10 by Count asc nulls last \r\n | extend UPN = iff(Caller contains '@', Caller, ''), Account_AadUserId = iff(Caller !contains '@', Caller,'')\r\n | extend Account_Name = split(UPN,'@')[0] , Account_UPNSuffix = split(UPN,'@')[1]\r\n | project Account_Name, Account_UPNSuffix, Account_AadUserId, Account_AadTenantId=TenantId, Account_Aux_StartTime , Account_Aux_EndTime};\r\n AccountActivity_byIP('
')"), - // }, - // }, - // &armsecurityinsights.ExpansionEntityQuery{ - // Name: to.Ptr("97a1d515-abf2-4231-9a35-985f9de0bb91"), - // Type: to.Ptr("Microsoft.SecurityInsights/entityQueries"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueries/97a1d515-abf2-4231-9a35-985f9de0bb91"), - // Kind: to.Ptr(armsecurityinsights.EntityQueryKindExpansion), - // Properties: &armsecurityinsights.ExpansionEntityQueriesProperties{ - // DataSources: []*string{ - // to.Ptr("AzureActivity")}, - // DisplayName: to.Ptr("Most active accounts on Azure from this IP"), - // InputEntityType: to.Ptr(armsecurityinsights.EntityTypeIP), - // InputFields: []*string{ - // to.Ptr("address")}, - // OutputEntityTypes: []*armsecurityinsights.EntityType{ - // to.Ptr(armsecurityinsights.EntityTypeAccount)}, - // QueryTemplate: to.Ptr("let AccountActivity_byIP = (v_IP_Address:string){\r\n AzureActivity\r\n | where Caller != '' and CallerIpAddress == v_IP_Address\r\n | summarize Account_Aux_StartTime = min(TimeGenerated), Account_Aux_EndTime = max(TimeGenerated), Count = count() by Caller, TenantId\r\n | top 10 by Count desc nulls last \r\n | extend UPN = iff(Caller contains '@', Caller, ''), Account_AadUserId = iff(Caller !contains '@', Caller,'')\r\n | extend Account_Name = split(UPN,'@')[0] , Account_UPNSuffix = split(UPN,'@')[1]\r\n | project Account_Name, Account_UPNSuffix, Account_AadUserId, Account_AadTenantId=TenantId, Account_Aux_StartTime , Account_Aux_EndTime};\r\n AccountActivity_byIP('
')"), - // }, - // }}, - // } - } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entityQueries/GetActivityEntityQueryById.json -func ExampleEntityQueriesClient_Get_getAnActivityEntityQuery() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewEntityQueriesClient().Get(ctx, "myRg", "myWorkspace", "07da3cc8-c8ad-4710-a44e-334cdcb7882b", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.EntityQueriesClientGetResponse{ - // EntityQueryClassification: &armsecurityinsights.ActivityEntityQuery{ - // Name: to.Ptr("07da3cc8-c8ad-4710-a44e-334cdcb7882b"), - // Type: to.Ptr("Microsoft.SecurityInsights/entityQueries"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueries/07da3cc8-c8ad-4710-a44e-334cdcb7882b"), - // Kind: to.Ptr(armsecurityinsights.EntityQueryKindActivity), - // Properties: &armsecurityinsights.ActivityEntityQueriesProperties{ - // Description: to.Ptr("Account deleted on host"), - // Content: to.Ptr("On '{{Computer}}' the account '{{TargetAccount}}' was deleted by '{{AddedBy}}'"), - // CreatedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:15:30.000Z"); return t}()), - // Enabled: to.Ptr(true), - // EntitiesFilter: map[string][]*string{ - // "Host_OsFamily": []*string{ - // to.Ptr("Windows")}, - // }, - // InputEntityType: to.Ptr(armsecurityinsights.EntityTypeHost), - // LastModifiedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:15:30.000Z"); return t}()), - // QueryDefinitions: &armsecurityinsights.ActivityEntityQueriesPropertiesQueryDefinitions{ - // Query: to.Ptr("let GetAccountActions = (v_Host_Name:string, v_Host_NTDomain:string, v_Host_DnsDomain:string, v_Host_AzureID:string, v_Host_OMSAgentID:string){\nSecurityEvent\n| where EventID in (4725, 4726, 4767, 4720, 4722, 4723, 4724)\n// parsing for Host to handle variety of conventions coming from data\n| extend Host_HostName = case(\nComputer has '@', tostring(split(Computer, '@')[0]),\nComputer has '\\\\', tostring(split(Computer, '\\\\')[1]),\nComputer has '.', tostring(split(Computer, '.')[0]),\nComputer\n)\n| extend Host_NTDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', tostring(split(Computer, '.')[-2]), \nComputer\n)\n| extend Host_DnsDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', strcat_array(array_slice(split(Computer,'.'),-2,-1),'.'), \nComputer\n)\n| where (Host_HostName =~ v_Host_Name and Host_NTDomain =~ v_Host_NTDomain) \nor (Host_HostName =~ v_Host_Name and Host_DnsDomain =~ v_Host_DnsDomain) \nor v_Host_AzureID =~ _ResourceId \nor v_Host_OMSAgentID == SourceComputerId\n| project TimeGenerated, EventID, Activity, Computer, TargetAccount, TargetUserName, TargetDomainName, TargetSid, SubjectUserName, SubjectUserSid, _ResourceId, SourceComputerId\n| extend AddedBy = SubjectUserName\n// Future support for Activities\n| extend timestamp = TimeGenerated, HostCustomEntity = Computer, AccountCustomEntity = TargetAccount\n};\nGetAccountActions('{{Host_HostName}}', '{{Host_NTDomain}}', '{{Host_DnsDomain}}', '{{Host_AzureID}}', '{{Host_OMSAgentID}}')\n \n| where EventID == 4726 "), - // }, - // RequiredInputFieldsSets: [][]*string{ - // []*string{ - // to.Ptr("Host_HostName"), - // to.Ptr("Host_NTDomain")}, - // []*string{ - // to.Ptr("Host_HostName"), - // to.Ptr("Host_DnsDomain")}, - // []*string{ - // to.Ptr("Host_AzureID")}, - // []*string{ - // to.Ptr("Host_OMSAgentID")}}, - // Title: to.Ptr("An account was deleted on this host"), - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entityQueries/GetExpansionEntityQueryById.json -func ExampleEntityQueriesClient_Get_getAnExpansionEntityQuery() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewEntityQueriesClient().Get(ctx, "myRg", "myWorkspace", "07da3cc8-c8ad-4710-a44e-334cdcb7882b", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.EntityQueriesClientGetResponse{ - // EntityQueryClassification: &armsecurityinsights.ExpansionEntityQuery{ - // Name: to.Ptr("07da3cc8-c8ad-4710-a44e-334cdcb7882b"), - // Type: to.Ptr("Microsoft.SecurityInsights/entityQueries"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueries/07da3cc8-c8ad-4710-a44e-334cdcb7882b"), - // Kind: to.Ptr(armsecurityinsights.EntityQueryKindExpansion), - // Properties: &armsecurityinsights.ExpansionEntityQueriesProperties{ - // DataSources: []*string{ - // to.Ptr("SecurityEvent")}, - // DisplayName: to.Ptr("Parent processes running on host"), - // InputEntityType: to.Ptr(armsecurityinsights.EntityTypeHost), - // InputFields: []*string{ - // to.Ptr("hostName")}, - // OutputEntityTypes: []*armsecurityinsights.EntityType{ - // to.Ptr(armsecurityinsights.EntityTypeProcess)}, - // QueryTemplate: to.Ptr("let GetParentProcessesOnHost = (v_Host_HostName:string){\r\n SecurityEvent \r\n | where EventID == 4688 \r\n | where isnotempty(ParentProcessName)\r\n | where NewProcessName !contains ':\\\\Windows\\\\System32\\\\conhost.exe' and ParentProcessName !contains ':\\\\Windows\\\\System32\\\\conhost.exe'\r\n and NewProcessName !contains ':\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v2.0.50727\\\\csc.exe' and ParentProcessName !contains ':\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v2.0.50727\\\\csc.exe'\r\n and NewProcessName !contains ':\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v2.0.50727\\\\cvtres.exe' and ParentProcessName !contains ':\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v2.0.50727\\\\cvtres.exe'\r\n and NewProcessName!contains ':\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe' and ParentProcessName !contains ':\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe'\r\n and ParentProcessName !contains ':\\\\Windows\\\\CCM\\\\CcmExec.exe'\r\n | where(ParentProcessName !contains ':\\\\Windows\\\\System32\\\\svchost.exe' and (NewProcessName !contains ':\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe' or NewProcessName !contains ':\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe'))\r\n | where(ParentProcessName !contains ':\\\\Windows\\\\System32\\\\services.exe' and NewProcessName !contains ':\\\\Windows\\\\servicing\\\\TrustedInstaller.exe')\r\n | where toupper(Computer) contains v_Host_HostName or toupper(WorkstationName) contains v_Host_HostName\r\n | summarize min(TimeGenerated), max(TimeGenerated) by Account, Computer, ParentProcessName, NewProcessName, CommandLine, ProcessId\r\n | project min_TimeGenerated, max_TimeGenerated, Account, Computer, ParentProcessName, NewProcessName, CommandLine, ProcessId\r\n | project-rename Process_Host_UnstructuredName=Computer, Process_Account_UnstructuredName=Account, Process_CommandLine=CommandLine, Process_ProcessId=ProcessId, Process_ImageFile_FullPath=NewProcessName, Process_ParentProcess_ImageFile_FullPath=ParentProcessName\r\n | top 10 by min_TimeGenerated asc};\r\n GetParentProcessesOnHost(toupper(''))"), - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entityQueries/CreateEntityQueryActivity.json -func ExampleEntityQueriesClient_CreateOrUpdate() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewEntityQueriesClient().CreateOrUpdate(ctx, "myRg", "myWorkspace", "07da3cc8-c8ad-4710-a44e-334cdcb7882b", &armsecurityinsights.ActivityCustomEntityQuery{ - Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - Kind: to.Ptr(armsecurityinsights.CustomEntityQueryKindActivity), - Properties: &armsecurityinsights.ActivityEntityQueriesProperties{ - Description: to.Ptr("Account deleted on host"), - Content: to.Ptr("On '{{Computer}}' the account '{{TargetAccount}}' was deleted by '{{AddedBy}}'"), - Enabled: to.Ptr(true), - EntitiesFilter: map[string][]*string{ - "Host_OsFamily": { - to.Ptr("Windows")}, - }, - InputEntityType: to.Ptr(armsecurityinsights.EntityTypeHost), - QueryDefinitions: &armsecurityinsights.ActivityEntityQueriesPropertiesQueryDefinitions{ - Query: to.Ptr("let GetAccountActions = (v_Host_Name:string, v_Host_NTDomain:string, v_Host_DnsDomain:string, v_Host_AzureID:string, v_Host_OMSAgentID:string){\nSecurityEvent\n| where EventID in (4725, 4726, 4767, 4720, 4722, 4723, 4724)\n// parsing for Host to handle variety of conventions coming from data\n| extend Host_HostName = case(\nComputer has '@', tostring(split(Computer, '@')[0]),\nComputer has '\\\\', tostring(split(Computer, '\\\\')[1]),\nComputer has '.', tostring(split(Computer, '.')[0]),\nComputer\n)\n| extend Host_NTDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', tostring(split(Computer, '.')[-2]), \nComputer\n)\n| extend Host_DnsDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', strcat_array(array_slice(split(Computer,'.'),-2,-1),'.'), \nComputer\n)\n| where (Host_HostName =~ v_Host_Name and Host_NTDomain =~ v_Host_NTDomain) \nor (Host_HostName =~ v_Host_Name and Host_DnsDomain =~ v_Host_DnsDomain) \nor v_Host_AzureID =~ _ResourceId \nor v_Host_OMSAgentID == SourceComputerId\n| project TimeGenerated, EventID, Activity, Computer, TargetAccount, TargetUserName, TargetDomainName, TargetSid, SubjectUserName, SubjectUserSid, _ResourceId, SourceComputerId\n| extend AddedBy = SubjectUserName\n// Future support for Activities\n| extend timestamp = TimeGenerated, HostCustomEntity = Computer, AccountCustomEntity = TargetAccount\n};\nGetAccountActions('{{Host_HostName}}', '{{Host_NTDomain}}', '{{Host_DnsDomain}}', '{{Host_AzureID}}', '{{Host_OMSAgentID}}')\n \n| where EventID == 4726 "), - }, - RequiredInputFieldsSets: [][]*string{ - { - to.Ptr("Host_HostName"), - to.Ptr("Host_NTDomain")}, - { - to.Ptr("Host_HostName"), - to.Ptr("Host_DnsDomain")}, - { - to.Ptr("Host_AzureID")}, - { - to.Ptr("Host_OMSAgentID")}}, - Title: to.Ptr("An account was deleted on this host"), - }, - }, nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.EntityQueriesClientCreateOrUpdateResponse{ - // EntityQueryClassification: &armsecurityinsights.ActivityEntityQuery{ - // Name: to.Ptr("07da3cc8-c8ad-4710-a44e-334cdcb7882b"), - // Type: to.Ptr("Microsoft.SecurityInsights/entityQueries"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueries/07da3cc8-c8ad-4710-a44e-334cdcb7882b"), - // Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - // Kind: to.Ptr(armsecurityinsights.EntityQueryKindActivity), - // Properties: &armsecurityinsights.ActivityEntityQueriesProperties{ - // Description: to.Ptr("Account deleted on host"), - // Content: to.Ptr("On '{{Computer}}' the account '{{TargetAccount}}' was deleted by '{{AddedBy}}'"), - // CreatedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:15:30.000Z"); return t}()), - // Enabled: to.Ptr(true), - // EntitiesFilter: map[string][]*string{ - // "Host_OsFamily": []*string{ - // to.Ptr("Windows")}, - // }, - // InputEntityType: to.Ptr(armsecurityinsights.EntityTypeHost), - // LastModifiedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:15:30.000Z"); return t}()), - // QueryDefinitions: &armsecurityinsights.ActivityEntityQueriesPropertiesQueryDefinitions{ - // Query: to.Ptr("let GetAccountActions = (v_Host_Name:string, v_Host_NTDomain:string, v_Host_DnsDomain:string, v_Host_AzureID:string, v_Host_OMSAgentID:string){\nSecurityEvent\n| where EventID in (4725, 4726, 4767, 4720, 4722, 4723, 4724)\n// parsing for Host to handle variety of conventions coming from data\n| extend Host_HostName = case(\nComputer has '@', tostring(split(Computer, '@')[0]),\nComputer has '\\\\', tostring(split(Computer, '\\\\')[1]),\nComputer has '.', tostring(split(Computer, '.')[0]),\nComputer\n)\n| extend Host_NTDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', tostring(split(Computer, '.')[-2]), \nComputer\n)\n| extend Host_DnsDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', strcat_array(array_slice(split(Computer,'.'),-2,-1),'.'), \nComputer\n)\n| where (Host_HostName =~ v_Host_Name and Host_NTDomain =~ v_Host_NTDomain) \nor (Host_HostName =~ v_Host_Name and Host_DnsDomain =~ v_Host_DnsDomain) \nor v_Host_AzureID =~ _ResourceId \nor v_Host_OMSAgentID == SourceComputerId\n| project TimeGenerated, EventID, Activity, Computer, TargetAccount, TargetUserName, TargetDomainName, TargetSid, SubjectUserName, SubjectUserSid, _ResourceId, SourceComputerId\n| extend AddedBy = SubjectUserName\n// Future support for Activities\n| extend timestamp = TimeGenerated, HostCustomEntity = Computer, AccountCustomEntity = TargetAccount\n};\nGetAccountActions('{{Host_HostName}}', '{{Host_NTDomain}}', '{{Host_DnsDomain}}', '{{Host_AzureID}}', '{{Host_OMSAgentID}}')\n \n| where EventID == 4726 "), - // }, - // RequiredInputFieldsSets: [][]*string{ - // []*string{ - // to.Ptr("Host_HostName"), - // to.Ptr("Host_NTDomain")}, - // []*string{ - // to.Ptr("Host_HostName"), - // to.Ptr("Host_DnsDomain")}, - // []*string{ - // to.Ptr("Host_AzureID")}, - // []*string{ - // to.Ptr("Host_OMSAgentID")}}, - // Title: to.Ptr("An account was deleted on this host"), - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entityQueries/DeleteEntityQuery.json -func ExampleEntityQueriesClient_Delete() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - _, err = clientFactory.NewEntityQueriesClient().Delete(ctx, "myRg", "myWorkspace", "07da3cc8-c8ad-4710-a44e-334cdcb7882b", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } -} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/entityquerytemplates_client_example_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/entityquerytemplates_client_example_test.go deleted file mode 100644 index a4a5af17a8b1..000000000000 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/entityquerytemplates_client_example_test.go +++ /dev/null @@ -1,180 +0,0 @@ -//go:build go1.18 -// +build go1.18 - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See License.txt in the project root for license information. -// Code generated by Microsoft (R) AutoRest Code Generator. -// Changes may cause incorrect behavior and will be lost if the code is regenerated. -// DO NOT EDIT. - -package armsecurityinsights_test - -import ( - "context" - "log" - - "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" - "github.com/Azure/azure-sdk-for-go/sdk/azidentity" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" -) - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entityQueryTemplates/GetEntityQueryTemplates.json -func ExampleEntityQueryTemplatesClient_NewListPager() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - pager := clientFactory.NewEntityQueryTemplatesClient().NewListPager("myRg", "myWorkspace", &armsecurityinsights.EntityQueryTemplatesClientListOptions{Kind: to.Ptr(armsecurityinsights.Enum15Activity)}) - for pager.More() { - page, err := pager.NextPage(ctx) - if err != nil { - log.Fatalf("failed to advance page: %v", err) - } - for _, v := range page.Value { - // You could use page here. We use blank identifier for just demo purposes. - _ = v - } - // If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // page.EntityQueryTemplateList = armsecurityinsights.EntityQueryTemplateList{ - // Value: []armsecurityinsights.EntityQueryTemplateClassification{ - // &armsecurityinsights.ActivityEntityQueryTemplate{ - // Name: to.Ptr("37ca3555-c135-4a73-a65e-9c1d00323f5d"), - // Type: to.Ptr("Microsoft.SecurityInsights/entityQueryTemplates"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueryTemplates/37ca3555-c135-4a73-a65e-9c1d00323f5d"), - // Kind: to.Ptr(armsecurityinsights.EntityQueryTemplateKindActivity), - // Properties: &armsecurityinsights.ActivityEntityQueryTemplateProperties{ - // Description: to.Ptr("Account deleted on host"), - // Content: to.Ptr("On '{{Computer}}' the account '{{TargetAccount}}' was deleted by '{{AddedBy}}'"), - // DataTypes: []*armsecurityinsights.DataTypeDefinitions{ - // { - // DataType: to.Ptr("AuditLogs"), - // }, - // { - // DataType: to.Ptr("SecurityEvent"), - // }}, - // EntitiesFilter: map[string][]*string{ - // "Host_OsFamily": []*string{ - // to.Ptr("Windows")}, - // }, - // InputEntityType: to.Ptr(armsecurityinsights.EntityTypeHost), - // QueryDefinitions: &armsecurityinsights.ActivityEntityQueryTemplatePropertiesQueryDefinitions{ - // Query: to.Ptr("let GetAccountActions = (v_Host_Name:string, v_Host_NTDomain:string, v_Host_DnsDomain:string, v_Host_AzureID:string, v_Host_OMSAgentID:string){\nSecurityEvent\n| where EventID in (4725, 4726, 4767, 4720, 4722, 4723, 4724)\n// parsing for Host to handle variety of conventions coming from data\n| extend Host_HostName = case(\nComputer has '@', tostring(split(Computer, '@')[0]),\nComputer has '\\\\', tostring(split(Computer, '\\\\')[1]),\nComputer has '.', tostring(split(Computer, '.')[0]),\nComputer\n)\n| extend Host_NTDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', tostring(split(Computer, '.')[-2]), \nComputer\n)\n| extend Host_DnsDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', strcat_array(array_slice(split(Computer,'.'),-2,-1),'.'), \nComputer\n)\n| where (Host_HostName =~ v_Host_Name and Host_NTDomain =~ v_Host_NTDomain) \nor (Host_HostName =~ v_Host_Name and Host_DnsDomain =~ v_Host_DnsDomain) \nor v_Host_AzureID =~ _ResourceId \nor v_Host_OMSAgentID == SourceComputerId\n| project TimeGenerated, EventID, Activity, Computer, TargetAccount, TargetUserName, TargetDomainName, TargetSid, SubjectUserName, SubjectUserSid, _ResourceId, SourceComputerId\n| extend AddedBy = SubjectUserName\n// Future support for Activities\n| extend timestamp = TimeGenerated, HostCustomEntity = Computer, AccountCustomEntity = TargetAccount\n};\nGetAccountActions('{{Host_HostName}}', '{{Host_NTDomain}}', '{{Host_DnsDomain}}', '{{Host_AzureID}}', '{{Host_OMSAgentID}}')\n \n| where EventID == 4726 "), - // }, - // RequiredInputFieldsSets: [][]*string{ - // []*string{ - // to.Ptr("Host_HostName"), - // to.Ptr("Host_NTDomain")}, - // []*string{ - // to.Ptr("Host_HostName"), - // to.Ptr("Host_DnsDomain")}, - // []*string{ - // to.Ptr("Host_AzureID")}, - // []*string{ - // to.Ptr("Host_OMSAgentID")}}, - // Title: to.Ptr("An account was deleted on this host"), - // }, - // }, - // &armsecurityinsights.ActivityEntityQueryTemplate{ - // Name: to.Ptr("97a1d515-abf2-4231-9a35-985f9de0bb91"), - // Type: to.Ptr("Microsoft.SecurityInsights/entityQueryTemplates"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueryTemplates/97a1d515-abf2-4231-9a35-985f9de0bb91"), - // Kind: to.Ptr(armsecurityinsights.EntityQueryTemplateKindActivity), - // Properties: &armsecurityinsights.ActivityEntityQueryTemplateProperties{ - // Description: to.Ptr("Account deleted on host"), - // Content: to.Ptr("On '{{Computer}}' the account '{{TargetAccount}}' was deleted by '{{AddedBy}}'"), - // DataTypes: []*armsecurityinsights.DataTypeDefinitions{ - // { - // DataType: to.Ptr("AuditLogs"), - // }, - // { - // DataType: to.Ptr("SecurityEvent"), - // }}, - // EntitiesFilter: map[string][]*string{ - // "Host_OsFamily": []*string{ - // to.Ptr("Windows")}, - // }, - // InputEntityType: to.Ptr(armsecurityinsights.EntityTypeHost), - // QueryDefinitions: &armsecurityinsights.ActivityEntityQueryTemplatePropertiesQueryDefinitions{ - // Query: to.Ptr("let GetAccountActions = (v_Host_Name:string, v_Host_NTDomain:string, v_Host_DnsDomain:string, v_Host_AzureID:string, v_Host_OMSAgentID:string){\nSecurityEvent\n| where EventID in (4725, 4726, 4767, 4720, 4722, 4723, 4724)\n// parsing for Host to handle variety of conventions coming from data\n| extend Host_HostName = case(\nComputer has '@', tostring(split(Computer, '@')[0]),\nComputer has '\\\\', tostring(split(Computer, '\\\\')[1]),\nComputer has '.', tostring(split(Computer, '.')[0]),\nComputer\n)\n| extend Host_NTDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', tostring(split(Computer, '.')[-2]), \nComputer\n)\n| extend Host_DnsDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', strcat_array(array_slice(split(Computer,'.'),-2,-1),'.'), \nComputer\n)\n| where (Host_HostName =~ v_Host_Name and Host_NTDomain =~ v_Host_NTDomain) \nor (Host_HostName =~ v_Host_Name and Host_DnsDomain =~ v_Host_DnsDomain) \nor v_Host_AzureID =~ _ResourceId \nor v_Host_OMSAgentID == SourceComputerId\n| project TimeGenerated, EventID, Activity, Computer, TargetAccount, TargetUserName, TargetDomainName, TargetSid, SubjectUserName, SubjectUserSid, _ResourceId, SourceComputerId\n| extend AddedBy = SubjectUserName\n// Future support for Activities\n| extend timestamp = TimeGenerated, HostCustomEntity = Computer, AccountCustomEntity = TargetAccount\n};\nGetAccountActions('{{Host_HostName}}', '{{Host_NTDomain}}', '{{Host_DnsDomain}}', '{{Host_AzureID}}', '{{Host_OMSAgentID}}')\n \n| where EventID == 4726 "), - // }, - // RequiredInputFieldsSets: [][]*string{ - // []*string{ - // to.Ptr("Host_HostName"), - // to.Ptr("Host_NTDomain")}, - // []*string{ - // to.Ptr("Host_HostName"), - // to.Ptr("Host_DnsDomain")}, - // []*string{ - // to.Ptr("Host_AzureID")}, - // []*string{ - // to.Ptr("Host_OMSAgentID")}}, - // Title: to.Ptr("An account was deleted on this host"), - // }, - // }}, - // } - } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entityQueryTemplates/GetActivityEntityQueryTemplateById.json -func ExampleEntityQueryTemplatesClient_Get() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewEntityQueryTemplatesClient().Get(ctx, "myRg", "myWorkspace", "07da3cc8-c8ad-4710-a44e-334cdcb7882b", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.EntityQueryTemplatesClientGetResponse{ - // EntityQueryTemplateClassification: &armsecurityinsights.ActivityEntityQueryTemplate{ - // Name: to.Ptr("07da3cc8-c8ad-4710-a44e-334cdcb7882b"), - // Type: to.Ptr("Microsoft.SecurityInsights/entityQueryTemplate"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueryTemplates/07da3cc8-c8ad-4710-a44e-334cdcb7882b"), - // Kind: to.Ptr(armsecurityinsights.EntityQueryTemplateKindActivity), - // Properties: &armsecurityinsights.ActivityEntityQueryTemplateProperties{ - // Description: to.Ptr("Account deleted on host"), - // Content: to.Ptr("On '{{Computer}}' the account '{{TargetAccount}}' was deleted by '{{AddedBy}}'"), - // DataTypes: []*armsecurityinsights.DataTypeDefinitions{ - // { - // DataType: to.Ptr("AuditLogs"), - // }, - // { - // DataType: to.Ptr("SecurityEvent"), - // }}, - // EntitiesFilter: map[string][]*string{ - // "Host_OsFamily": []*string{ - // to.Ptr("Windows")}, - // }, - // InputEntityType: to.Ptr(armsecurityinsights.EntityTypeHost), - // QueryDefinitions: &armsecurityinsights.ActivityEntityQueryTemplatePropertiesQueryDefinitions{ - // Query: to.Ptr("let GetAccountActions = (v_Host_Name:string, v_Host_NTDomain:string, v_Host_DnsDomain:string, v_Host_AzureID:string, v_Host_OMSAgentID:string){\nSecurityEvent\n| where EventID in (4725, 4726, 4767, 4720, 4722, 4723, 4724)\n// parsing for Host to handle variety of conventions coming from data\n| extend Host_HostName = case(\nComputer has '@', tostring(split(Computer, '@')[0]),\nComputer has '\\\\', tostring(split(Computer, '\\\\')[1]),\nComputer has '.', tostring(split(Computer, '.')[0]),\nComputer\n)\n| extend Host_NTDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', tostring(split(Computer, '.')[-2]), \nComputer\n)\n| extend Host_DnsDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', strcat_array(array_slice(split(Computer,'.'),-2,-1),'.'), \nComputer\n)\n| where (Host_HostName =~ v_Host_Name and Host_NTDomain =~ v_Host_NTDomain) \nor (Host_HostName =~ v_Host_Name and Host_DnsDomain =~ v_Host_DnsDomain) \nor v_Host_AzureID =~ _ResourceId \nor v_Host_OMSAgentID == SourceComputerId\n| project TimeGenerated, EventID, Activity, Computer, TargetAccount, TargetUserName, TargetDomainName, TargetSid, SubjectUserName, SubjectUserSid, _ResourceId, SourceComputerId\n| extend AddedBy = SubjectUserName\n// Future support for Activities\n| extend timestamp = TimeGenerated, HostCustomEntity = Computer, AccountCustomEntity = TargetAccount\n};\nGetAccountActions('{{Host_HostName}}', '{{Host_NTDomain}}', '{{Host_DnsDomain}}', '{{Host_AzureID}}', '{{Host_OMSAgentID}}')\n \n| where EventID == 4726 "), - // }, - // RequiredInputFieldsSets: [][]*string{ - // []*string{ - // to.Ptr("Host_HostName"), - // to.Ptr("Host_NTDomain")}, - // []*string{ - // to.Ptr("Host_HostName"), - // to.Ptr("Host_DnsDomain")}, - // []*string{ - // to.Ptr("Host_AzureID")}, - // []*string{ - // to.Ptr("Host_OMSAgentID")}}, - // Title: to.Ptr("An account was deleted on this host"), - // }, - // }, - // } -} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/entityrelations_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/entityrelations_client.go deleted file mode 100644 index 4dc731209d9e..000000000000 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/entityrelations_client.go +++ /dev/null @@ -1,119 +0,0 @@ -//go:build go1.18 -// +build go1.18 - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See License.txt in the project root for license information. -// Code generated by Microsoft (R) AutoRest Code Generator. DO NOT EDIT. -// Changes may cause incorrect behavior and will be lost if the code is regenerated. - -package armsecurityinsights - -import ( - "context" - "errors" - "github.com/Azure/azure-sdk-for-go/sdk/azcore" - "github.com/Azure/azure-sdk-for-go/sdk/azcore/arm" - "github.com/Azure/azure-sdk-for-go/sdk/azcore/policy" - "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime" - "net/http" - "net/url" - "strings" -) - -// EntityRelationsClient contains the methods for the EntityRelations group. -// Don't use this type directly, use NewEntityRelationsClient() instead. -type EntityRelationsClient struct { - internal *arm.Client - subscriptionID string -} - -// NewEntityRelationsClient creates a new instance of EntityRelationsClient with the specified values. -// - subscriptionID - The ID of the target subscription. -// - credential - used to authorize requests. Usually a credential from azidentity. -// - options - pass nil to accept the default values. -func NewEntityRelationsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*EntityRelationsClient, error) { - cl, err := arm.NewClient(moduleName, moduleVersion, credential, options) - if err != nil { - return nil, err - } - client := &EntityRelationsClient{ - subscriptionID: subscriptionID, - internal: cl, - } - return client, nil -} - -// GetRelation - Gets an entity relation. -// If the operation fails it returns an *azcore.ResponseError type. -// -// Generated from API version 2022-09-01-preview -// - resourceGroupName - The name of the resource group. The name is case insensitive. -// - workspaceName - The name of the workspace. -// - entityID - entity ID -// - relationName - Relation Name -// - options - EntityRelationsClientGetRelationOptions contains the optional parameters for the EntityRelationsClient.GetRelation -// method. -func (client *EntityRelationsClient) GetRelation(ctx context.Context, resourceGroupName string, workspaceName string, entityID string, relationName string, options *EntityRelationsClientGetRelationOptions) (EntityRelationsClientGetRelationResponse, error) { - var err error - const operationName = "EntityRelationsClient.GetRelation" - ctx = context.WithValue(ctx, runtime.CtxAPINameKey{}, operationName) - ctx, endSpan := runtime.StartSpan(ctx, operationName, client.internal.Tracer(), nil) - defer func() { endSpan(err) }() - req, err := client.getRelationCreateRequest(ctx, resourceGroupName, workspaceName, entityID, relationName, options) - if err != nil { - return EntityRelationsClientGetRelationResponse{}, err - } - httpResp, err := client.internal.Pipeline().Do(req) - if err != nil { - return EntityRelationsClientGetRelationResponse{}, err - } - if !runtime.HasStatusCode(httpResp, http.StatusOK) { - err = runtime.NewResponseError(httpResp) - return EntityRelationsClientGetRelationResponse{}, err - } - resp, err := client.getRelationHandleResponse(httpResp) - return resp, err -} - -// getRelationCreateRequest creates the GetRelation request. -func (client *EntityRelationsClient) getRelationCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, entityID string, relationName string, options *EntityRelationsClientGetRelationOptions) (*policy.Request, error) { - urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/relations/{relationName}" - if client.subscriptionID == "" { - return nil, errors.New("parameter client.subscriptionID cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) - if resourceGroupName == "" { - return nil, errors.New("parameter resourceGroupName cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) - if workspaceName == "" { - return nil, errors.New("parameter workspaceName cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) - if entityID == "" { - return nil, errors.New("parameter entityID cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{entityId}", url.PathEscape(entityID)) - if relationName == "" { - return nil, errors.New("parameter relationName cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{relationName}", url.PathEscape(relationName)) - req, err := runtime.NewRequest(ctx, http.MethodGet, runtime.JoinPaths(client.internal.Endpoint(), urlPath)) - if err != nil { - return nil, err - } - reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") - req.Raw().URL.RawQuery = reqQP.Encode() - req.Raw().Header["Accept"] = []string{"application/json"} - return req, nil -} - -// getRelationHandleResponse handles the GetRelation response. -func (client *EntityRelationsClient) getRelationHandleResponse(resp *http.Response) (EntityRelationsClientGetRelationResponse, error) { - result := EntityRelationsClientGetRelationResponse{} - if err := runtime.UnmarshalAsJSON(resp, &result.Relation); err != nil { - return EntityRelationsClientGetRelationResponse{}, err - } - return result, nil -} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/entityrelations_client_example_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/entityrelations_client_example_test.go deleted file mode 100644 index e34f6031dbb8..000000000000 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/entityrelations_client_example_test.go +++ /dev/null @@ -1,49 +0,0 @@ -//go:build go1.18 -// +build go1.18 - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See License.txt in the project root for license information. -// Code generated by Microsoft (R) AutoRest Code Generator. -// Changes may cause incorrect behavior and will be lost if the code is regenerated. -// DO NOT EDIT. - -package armsecurityinsights_test - -import ( - "context" - "log" - - "github.com/Azure/azure-sdk-for-go/sdk/azidentity" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" -) - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entities/relations/GetEntityRelationByName.json -func ExampleEntityRelationsClient_GetRelation() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewEntityRelationsClient().GetRelation(ctx, "myRg", "myWorkspace", "afbd324f-6c48-459c-8710-8d1e1cd03812", "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res.Relation = armsecurityinsights.Relation{ - // Name: to.Ptr("4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"), - // Type: to.Ptr("Microsoft.SecurityInsights/entities/relations"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"), - // Etag: to.Ptr("190057d0-0000-0d00-0000-5c6f5adb0000"), - // Properties: &armsecurityinsights.RelationProperties{ - // RelatedResourceID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/2216d0e1-91e3-4902-89fd-d2df8c535096"), - // RelatedResourceName: to.Ptr("2216d0e1-91e3-4902-89fd-d2df8c535096"), - // RelatedResourceType: to.Ptr("Microsoft.SecurityInsights/incidents"), - // }, - // } -} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/contentpackage_server.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/contentpackage_server.go new file mode 100644 index 000000000000..fc9ee084fa16 --- /dev/null +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/contentpackage_server.go @@ -0,0 +1,151 @@ +//go:build go1.18 +// +build go1.18 + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See License.txt in the project root for license information. +// Code generated by Microsoft (R) AutoRest Code Generator. DO NOT EDIT. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +package fake + +import ( + "context" + "errors" + "fmt" + azfake "github.com/Azure/azure-sdk-for-go/sdk/azcore/fake" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/fake/server" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" + "net/http" + "net/url" + "regexp" +) + +// ContentPackageServer is a fake server for instances of the armsecurityinsights.ContentPackageClient type. +type ContentPackageServer struct { + // Install is the fake for method ContentPackageClient.Install + // HTTP status codes to indicate success: http.StatusOK, http.StatusCreated + Install func(ctx context.Context, resourceGroupName string, workspaceName string, packageID string, packageInstallationProperties armsecurityinsights.PackageModel, options *armsecurityinsights.ContentPackageClientInstallOptions) (resp azfake.Responder[armsecurityinsights.ContentPackageClientInstallResponse], errResp azfake.ErrorResponder) + + // Uninstall is the fake for method ContentPackageClient.Uninstall + // HTTP status codes to indicate success: http.StatusOK, http.StatusNoContent + Uninstall func(ctx context.Context, resourceGroupName string, workspaceName string, packageID string, options *armsecurityinsights.ContentPackageClientUninstallOptions) (resp azfake.Responder[armsecurityinsights.ContentPackageClientUninstallResponse], errResp azfake.ErrorResponder) +} + +// NewContentPackageServerTransport creates a new instance of ContentPackageServerTransport with the provided implementation. +// The returned ContentPackageServerTransport instance is connected to an instance of armsecurityinsights.ContentPackageClient via the +// azcore.ClientOptions.Transporter field in the client's constructor parameters. +func NewContentPackageServerTransport(srv *ContentPackageServer) *ContentPackageServerTransport { + return &ContentPackageServerTransport{srv: srv} +} + +// ContentPackageServerTransport connects instances of armsecurityinsights.ContentPackageClient to instances of ContentPackageServer. +// Don't use this type directly, use NewContentPackageServerTransport instead. +type ContentPackageServerTransport struct { + srv *ContentPackageServer +} + +// Do implements the policy.Transporter interface for ContentPackageServerTransport. +func (c *ContentPackageServerTransport) Do(req *http.Request) (*http.Response, error) { + rawMethod := req.Context().Value(runtime.CtxAPINameKey{}) + method, ok := rawMethod.(string) + if !ok { + return nil, nonRetriableError{errors.New("unable to dispatch request, missing value for CtxAPINameKey")} + } + + var resp *http.Response + var err error + + switch method { + case "ContentPackageClient.Install": + resp, err = c.dispatchInstall(req) + case "ContentPackageClient.Uninstall": + resp, err = c.dispatchUninstall(req) + default: + err = fmt.Errorf("unhandled API %s", method) + } + + if err != nil { + return nil, err + } + + return resp, nil +} + +func (c *ContentPackageServerTransport) dispatchInstall(req *http.Request) (*http.Response, error) { + if c.srv.Install == nil { + return nil, &nonRetriableError{errors.New("fake for method Install not implemented")} + } + const regexStr = `/subscriptions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/resourceGroups/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.OperationalInsights/workspaces/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.SecurityInsights/contentPackages/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)` + regex := regexp.MustCompile(regexStr) + matches := regex.FindStringSubmatch(req.URL.EscapedPath()) + if matches == nil || len(matches) < 4 { + return nil, fmt.Errorf("failed to parse path %s", req.URL.Path) + } + body, err := server.UnmarshalRequestAsJSON[armsecurityinsights.PackageModel](req) + if err != nil { + return nil, err + } + resourceGroupNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("resourceGroupName")]) + if err != nil { + return nil, err + } + workspaceNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("workspaceName")]) + if err != nil { + return nil, err + } + packageIDParam, err := url.PathUnescape(matches[regex.SubexpIndex("packageId")]) + if err != nil { + return nil, err + } + respr, errRespr := c.srv.Install(req.Context(), resourceGroupNameParam, workspaceNameParam, packageIDParam, body, nil) + if respErr := server.GetError(errRespr, req); respErr != nil { + return nil, respErr + } + respContent := server.GetResponseContent(respr) + if !contains([]int{http.StatusOK, http.StatusCreated}, respContent.HTTPStatus) { + return nil, &nonRetriableError{fmt.Errorf("unexpected status code %d. acceptable values are http.StatusOK, http.StatusCreated", respContent.HTTPStatus)} + } + resp, err := server.MarshalResponseAsJSON(respContent, server.GetResponse(respr).PackageModel, req) + if err != nil { + return nil, err + } + return resp, nil +} + +func (c *ContentPackageServerTransport) dispatchUninstall(req *http.Request) (*http.Response, error) { + if c.srv.Uninstall == nil { + return nil, &nonRetriableError{errors.New("fake for method Uninstall not implemented")} + } + const regexStr = `/subscriptions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/resourceGroups/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.OperationalInsights/workspaces/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.SecurityInsights/contentPackages/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)` + regex := regexp.MustCompile(regexStr) + matches := regex.FindStringSubmatch(req.URL.EscapedPath()) + if matches == nil || len(matches) < 4 { + return nil, fmt.Errorf("failed to parse path %s", req.URL.Path) + } + resourceGroupNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("resourceGroupName")]) + if err != nil { + return nil, err + } + workspaceNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("workspaceName")]) + if err != nil { + return nil, err + } + packageIDParam, err := url.PathUnescape(matches[regex.SubexpIndex("packageId")]) + if err != nil { + return nil, err + } + respr, errRespr := c.srv.Uninstall(req.Context(), resourceGroupNameParam, workspaceNameParam, packageIDParam, nil) + if respErr := server.GetError(errRespr, req); respErr != nil { + return nil, respErr + } + respContent := server.GetResponseContent(respr) + if !contains([]int{http.StatusOK, http.StatusNoContent}, respContent.HTTPStatus) { + return nil, &nonRetriableError{fmt.Errorf("unexpected status code %d. acceptable values are http.StatusOK, http.StatusNoContent", respContent.HTTPStatus)} + } + resp, err := server.NewResponse(respContent, req, nil) + if err != nil { + return nil, err + } + return resp, nil +} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/contentpackages_server.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/contentpackages_server.go new file mode 100644 index 000000000000..87450b812f70 --- /dev/null +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/contentpackages_server.go @@ -0,0 +1,226 @@ +//go:build go1.18 +// +build go1.18 + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See License.txt in the project root for license information. +// Code generated by Microsoft (R) AutoRest Code Generator. DO NOT EDIT. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +package fake + +import ( + "context" + "errors" + "fmt" + azfake "github.com/Azure/azure-sdk-for-go/sdk/azcore/fake" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/fake/server" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" + "net/http" + "net/url" + "regexp" + "strconv" +) + +// ContentPackagesServer is a fake server for instances of the armsecurityinsights.ContentPackagesClient type. +type ContentPackagesServer struct { + // Get is the fake for method ContentPackagesClient.Get + // HTTP status codes to indicate success: http.StatusOK + Get func(ctx context.Context, resourceGroupName string, workspaceName string, packageID string, options *armsecurityinsights.ContentPackagesClientGetOptions) (resp azfake.Responder[armsecurityinsights.ContentPackagesClientGetResponse], errResp azfake.ErrorResponder) + + // NewListPager is the fake for method ContentPackagesClient.NewListPager + // HTTP status codes to indicate success: http.StatusOK + NewListPager func(resourceGroupName string, workspaceName string, options *armsecurityinsights.ContentPackagesClientListOptions) (resp azfake.PagerResponder[armsecurityinsights.ContentPackagesClientListResponse]) +} + +// NewContentPackagesServerTransport creates a new instance of ContentPackagesServerTransport with the provided implementation. +// The returned ContentPackagesServerTransport instance is connected to an instance of armsecurityinsights.ContentPackagesClient via the +// azcore.ClientOptions.Transporter field in the client's constructor parameters. +func NewContentPackagesServerTransport(srv *ContentPackagesServer) *ContentPackagesServerTransport { + return &ContentPackagesServerTransport{ + srv: srv, + newListPager: newTracker[azfake.PagerResponder[armsecurityinsights.ContentPackagesClientListResponse]](), + } +} + +// ContentPackagesServerTransport connects instances of armsecurityinsights.ContentPackagesClient to instances of ContentPackagesServer. +// Don't use this type directly, use NewContentPackagesServerTransport instead. +type ContentPackagesServerTransport struct { + srv *ContentPackagesServer + newListPager *tracker[azfake.PagerResponder[armsecurityinsights.ContentPackagesClientListResponse]] +} + +// Do implements the policy.Transporter interface for ContentPackagesServerTransport. +func (c *ContentPackagesServerTransport) Do(req *http.Request) (*http.Response, error) { + rawMethod := req.Context().Value(runtime.CtxAPINameKey{}) + method, ok := rawMethod.(string) + if !ok { + return nil, nonRetriableError{errors.New("unable to dispatch request, missing value for CtxAPINameKey")} + } + + var resp *http.Response + var err error + + switch method { + case "ContentPackagesClient.Get": + resp, err = c.dispatchGet(req) + case "ContentPackagesClient.NewListPager": + resp, err = c.dispatchNewListPager(req) + default: + err = fmt.Errorf("unhandled API %s", method) + } + + if err != nil { + return nil, err + } + + return resp, nil +} + +func (c *ContentPackagesServerTransport) dispatchGet(req *http.Request) (*http.Response, error) { + if c.srv.Get == nil { + return nil, &nonRetriableError{errors.New("fake for method Get not implemented")} + } + const regexStr = `/subscriptions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/resourceGroups/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.OperationalInsights/workspaces/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.SecurityInsights/contentPackages/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)` + regex := regexp.MustCompile(regexStr) + matches := regex.FindStringSubmatch(req.URL.EscapedPath()) + if matches == nil || len(matches) < 4 { + return nil, fmt.Errorf("failed to parse path %s", req.URL.Path) + } + resourceGroupNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("resourceGroupName")]) + if err != nil { + return nil, err + } + workspaceNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("workspaceName")]) + if err != nil { + return nil, err + } + packageIDParam, err := url.PathUnescape(matches[regex.SubexpIndex("packageId")]) + if err != nil { + return nil, err + } + respr, errRespr := c.srv.Get(req.Context(), resourceGroupNameParam, workspaceNameParam, packageIDParam, nil) + if respErr := server.GetError(errRespr, req); respErr != nil { + return nil, respErr + } + respContent := server.GetResponseContent(respr) + if !contains([]int{http.StatusOK}, respContent.HTTPStatus) { + return nil, &nonRetriableError{fmt.Errorf("unexpected status code %d. acceptable values are http.StatusOK", respContent.HTTPStatus)} + } + resp, err := server.MarshalResponseAsJSON(respContent, server.GetResponse(respr).PackageModel, req) + if err != nil { + return nil, err + } + return resp, nil +} + +func (c *ContentPackagesServerTransport) dispatchNewListPager(req *http.Request) (*http.Response, error) { + if c.srv.NewListPager == nil { + return nil, &nonRetriableError{errors.New("fake for method NewListPager not implemented")} + } + newListPager := c.newListPager.get(req) + if newListPager == nil { + const regexStr = `/subscriptions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/resourceGroups/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.OperationalInsights/workspaces/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.SecurityInsights/contentPackages` + regex := regexp.MustCompile(regexStr) + matches := regex.FindStringSubmatch(req.URL.EscapedPath()) + if matches == nil || len(matches) < 3 { + return nil, fmt.Errorf("failed to parse path %s", req.URL.Path) + } + qp := req.URL.Query() + resourceGroupNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("resourceGroupName")]) + if err != nil { + return nil, err + } + workspaceNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("workspaceName")]) + if err != nil { + return nil, err + } + filterUnescaped, err := url.QueryUnescape(qp.Get("$filter")) + if err != nil { + return nil, err + } + filterParam := getOptional(filterUnescaped) + orderbyUnescaped, err := url.QueryUnescape(qp.Get("$orderby")) + if err != nil { + return nil, err + } + orderbyParam := getOptional(orderbyUnescaped) + searchUnescaped, err := url.QueryUnescape(qp.Get("$search")) + if err != nil { + return nil, err + } + searchParam := getOptional(searchUnescaped) + countUnescaped, err := url.QueryUnescape(qp.Get("$count")) + if err != nil { + return nil, err + } + countParam, err := parseOptional(countUnescaped, strconv.ParseBool) + if err != nil { + return nil, err + } + topUnescaped, err := url.QueryUnescape(qp.Get("$top")) + if err != nil { + return nil, err + } + topParam, err := parseOptional(topUnescaped, func(v string) (int32, error) { + p, parseErr := strconv.ParseInt(v, 10, 32) + if parseErr != nil { + return 0, parseErr + } + return int32(p), nil + }) + if err != nil { + return nil, err + } + skipUnescaped, err := url.QueryUnescape(qp.Get("$skip")) + if err != nil { + return nil, err + } + skipParam, err := parseOptional(skipUnescaped, func(v string) (int32, error) { + p, parseErr := strconv.ParseInt(v, 10, 32) + if parseErr != nil { + return 0, parseErr + } + return int32(p), nil + }) + if err != nil { + return nil, err + } + skipTokenUnescaped, err := url.QueryUnescape(qp.Get("$skipToken")) + if err != nil { + return nil, err + } + skipTokenParam := getOptional(skipTokenUnescaped) + var options *armsecurityinsights.ContentPackagesClientListOptions + if filterParam != nil || orderbyParam != nil || searchParam != nil || countParam != nil || topParam != nil || skipParam != nil || skipTokenParam != nil { + options = &armsecurityinsights.ContentPackagesClientListOptions{ + Filter: filterParam, + Orderby: orderbyParam, + Search: searchParam, + Count: countParam, + Top: topParam, + Skip: skipParam, + SkipToken: skipTokenParam, + } + } + resp := c.srv.NewListPager(resourceGroupNameParam, workspaceNameParam, options) + newListPager = &resp + c.newListPager.add(req, newListPager) + server.PagerResponderInjectNextLinks(newListPager, req, func(page *armsecurityinsights.ContentPackagesClientListResponse, createLink func() string) { + page.NextLink = to.Ptr(createLink()) + }) + } + resp, err := server.PagerResponderNext(newListPager, req) + if err != nil { + return nil, err + } + if !contains([]int{http.StatusOK}, resp.StatusCode) { + c.newListPager.remove(req) + return nil, &nonRetriableError{fmt.Errorf("unexpected status code %d. acceptable values are http.StatusOK", resp.StatusCode)} + } + if !server.PagerResponderMore(newListPager) { + c.newListPager.remove(req) + } + return resp, nil +} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/contenttemplate_server.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/contenttemplate_server.go new file mode 100644 index 000000000000..3a5814b5bc1f --- /dev/null +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/contenttemplate_server.go @@ -0,0 +1,194 @@ +//go:build go1.18 +// +build go1.18 + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See License.txt in the project root for license information. +// Code generated by Microsoft (R) AutoRest Code Generator. DO NOT EDIT. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +package fake + +import ( + "context" + "errors" + "fmt" + azfake "github.com/Azure/azure-sdk-for-go/sdk/azcore/fake" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/fake/server" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" + "net/http" + "net/url" + "regexp" +) + +// ContentTemplateServer is a fake server for instances of the armsecurityinsights.ContentTemplateClient type. +type ContentTemplateServer struct { + // Delete is the fake for method ContentTemplateClient.Delete + // HTTP status codes to indicate success: http.StatusOK, http.StatusNoContent + Delete func(ctx context.Context, resourceGroupName string, workspaceName string, templateID string, options *armsecurityinsights.ContentTemplateClientDeleteOptions) (resp azfake.Responder[armsecurityinsights.ContentTemplateClientDeleteResponse], errResp azfake.ErrorResponder) + + // Get is the fake for method ContentTemplateClient.Get + // HTTP status codes to indicate success: http.StatusOK + Get func(ctx context.Context, resourceGroupName string, workspaceName string, templateID string, options *armsecurityinsights.ContentTemplateClientGetOptions) (resp azfake.Responder[armsecurityinsights.ContentTemplateClientGetResponse], errResp azfake.ErrorResponder) + + // Install is the fake for method ContentTemplateClient.Install + // HTTP status codes to indicate success: http.StatusOK, http.StatusCreated + Install func(ctx context.Context, resourceGroupName string, workspaceName string, templateID string, templateInstallationProperties armsecurityinsights.TemplateModel, options *armsecurityinsights.ContentTemplateClientInstallOptions) (resp azfake.Responder[armsecurityinsights.ContentTemplateClientInstallResponse], errResp azfake.ErrorResponder) +} + +// NewContentTemplateServerTransport creates a new instance of ContentTemplateServerTransport with the provided implementation. +// The returned ContentTemplateServerTransport instance is connected to an instance of armsecurityinsights.ContentTemplateClient via the +// azcore.ClientOptions.Transporter field in the client's constructor parameters. +func NewContentTemplateServerTransport(srv *ContentTemplateServer) *ContentTemplateServerTransport { + return &ContentTemplateServerTransport{srv: srv} +} + +// ContentTemplateServerTransport connects instances of armsecurityinsights.ContentTemplateClient to instances of ContentTemplateServer. +// Don't use this type directly, use NewContentTemplateServerTransport instead. +type ContentTemplateServerTransport struct { + srv *ContentTemplateServer +} + +// Do implements the policy.Transporter interface for ContentTemplateServerTransport. +func (c *ContentTemplateServerTransport) Do(req *http.Request) (*http.Response, error) { + rawMethod := req.Context().Value(runtime.CtxAPINameKey{}) + method, ok := rawMethod.(string) + if !ok { + return nil, nonRetriableError{errors.New("unable to dispatch request, missing value for CtxAPINameKey")} + } + + var resp *http.Response + var err error + + switch method { + case "ContentTemplateClient.Delete": + resp, err = c.dispatchDelete(req) + case "ContentTemplateClient.Get": + resp, err = c.dispatchGet(req) + case "ContentTemplateClient.Install": + resp, err = c.dispatchInstall(req) + default: + err = fmt.Errorf("unhandled API %s", method) + } + + if err != nil { + return nil, err + } + + return resp, nil +} + +func (c *ContentTemplateServerTransport) dispatchDelete(req *http.Request) (*http.Response, error) { + if c.srv.Delete == nil { + return nil, &nonRetriableError{errors.New("fake for method Delete not implemented")} + } + const regexStr = `/subscriptions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/resourceGroups/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.OperationalInsights/workspaces/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.SecurityInsights/contentTemplates/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)` + regex := regexp.MustCompile(regexStr) + matches := regex.FindStringSubmatch(req.URL.EscapedPath()) + if matches == nil || len(matches) < 4 { + return nil, fmt.Errorf("failed to parse path %s", req.URL.Path) + } + resourceGroupNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("resourceGroupName")]) + if err != nil { + return nil, err + } + workspaceNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("workspaceName")]) + if err != nil { + return nil, err + } + templateIDParam, err := url.PathUnescape(matches[regex.SubexpIndex("templateId")]) + if err != nil { + return nil, err + } + respr, errRespr := c.srv.Delete(req.Context(), resourceGroupNameParam, workspaceNameParam, templateIDParam, nil) + if respErr := server.GetError(errRespr, req); respErr != nil { + return nil, respErr + } + respContent := server.GetResponseContent(respr) + if !contains([]int{http.StatusOK, http.StatusNoContent}, respContent.HTTPStatus) { + return nil, &nonRetriableError{fmt.Errorf("unexpected status code %d. acceptable values are http.StatusOK, http.StatusNoContent", respContent.HTTPStatus)} + } + resp, err := server.NewResponse(respContent, req, nil) + if err != nil { + return nil, err + } + return resp, nil +} + +func (c *ContentTemplateServerTransport) dispatchGet(req *http.Request) (*http.Response, error) { + if c.srv.Get == nil { + return nil, &nonRetriableError{errors.New("fake for method Get not implemented")} + } + const regexStr = `/subscriptions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/resourceGroups/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.OperationalInsights/workspaces/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.SecurityInsights/contentTemplates/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)` + regex := regexp.MustCompile(regexStr) + matches := regex.FindStringSubmatch(req.URL.EscapedPath()) + if matches == nil || len(matches) < 4 { + return nil, fmt.Errorf("failed to parse path %s", req.URL.Path) + } + resourceGroupNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("resourceGroupName")]) + if err != nil { + return nil, err + } + workspaceNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("workspaceName")]) + if err != nil { + return nil, err + } + templateIDParam, err := url.PathUnescape(matches[regex.SubexpIndex("templateId")]) + if err != nil { + return nil, err + } + respr, errRespr := c.srv.Get(req.Context(), resourceGroupNameParam, workspaceNameParam, templateIDParam, nil) + if respErr := server.GetError(errRespr, req); respErr != nil { + return nil, respErr + } + respContent := server.GetResponseContent(respr) + if !contains([]int{http.StatusOK}, respContent.HTTPStatus) { + return nil, &nonRetriableError{fmt.Errorf("unexpected status code %d. acceptable values are http.StatusOK", respContent.HTTPStatus)} + } + resp, err := server.MarshalResponseAsJSON(respContent, server.GetResponse(respr).TemplateModel, req) + if err != nil { + return nil, err + } + return resp, nil +} + +func (c *ContentTemplateServerTransport) dispatchInstall(req *http.Request) (*http.Response, error) { + if c.srv.Install == nil { + return nil, &nonRetriableError{errors.New("fake for method Install not implemented")} + } + const regexStr = `/subscriptions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/resourceGroups/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.OperationalInsights/workspaces/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.SecurityInsights/contentTemplates/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)` + regex := regexp.MustCompile(regexStr) + matches := regex.FindStringSubmatch(req.URL.EscapedPath()) + if matches == nil || len(matches) < 4 { + return nil, fmt.Errorf("failed to parse path %s", req.URL.Path) + } + body, err := server.UnmarshalRequestAsJSON[armsecurityinsights.TemplateModel](req) + if err != nil { + return nil, err + } + resourceGroupNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("resourceGroupName")]) + if err != nil { + return nil, err + } + workspaceNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("workspaceName")]) + if err != nil { + return nil, err + } + templateIDParam, err := url.PathUnescape(matches[regex.SubexpIndex("templateId")]) + if err != nil { + return nil, err + } + respr, errRespr := c.srv.Install(req.Context(), resourceGroupNameParam, workspaceNameParam, templateIDParam, body, nil) + if respErr := server.GetError(errRespr, req); respErr != nil { + return nil, respErr + } + respContent := server.GetResponseContent(respr) + if !contains([]int{http.StatusOK, http.StatusCreated}, respContent.HTTPStatus) { + return nil, &nonRetriableError{fmt.Errorf("unexpected status code %d. acceptable values are http.StatusOK, http.StatusCreated", respContent.HTTPStatus)} + } + resp, err := server.MarshalResponseAsJSON(respContent, server.GetResponse(respr).TemplateModel, req) + if err != nil { + return nil, err + } + return resp, nil +} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/contenttemplates_server.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/contenttemplates_server.go new file mode 100644 index 000000000000..14effa38e018 --- /dev/null +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/contenttemplates_server.go @@ -0,0 +1,188 @@ +//go:build go1.18 +// +build go1.18 + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See License.txt in the project root for license information. +// Code generated by Microsoft (R) AutoRest Code Generator. DO NOT EDIT. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +package fake + +import ( + "errors" + "fmt" + azfake "github.com/Azure/azure-sdk-for-go/sdk/azcore/fake" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/fake/server" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" + "net/http" + "net/url" + "regexp" + "strconv" +) + +// ContentTemplatesServer is a fake server for instances of the armsecurityinsights.ContentTemplatesClient type. +type ContentTemplatesServer struct { + // NewListPager is the fake for method ContentTemplatesClient.NewListPager + // HTTP status codes to indicate success: http.StatusOK + NewListPager func(resourceGroupName string, workspaceName string, options *armsecurityinsights.ContentTemplatesClientListOptions) (resp azfake.PagerResponder[armsecurityinsights.ContentTemplatesClientListResponse]) +} + +// NewContentTemplatesServerTransport creates a new instance of ContentTemplatesServerTransport with the provided implementation. +// The returned ContentTemplatesServerTransport instance is connected to an instance of armsecurityinsights.ContentTemplatesClient via the +// azcore.ClientOptions.Transporter field in the client's constructor parameters. +func NewContentTemplatesServerTransport(srv *ContentTemplatesServer) *ContentTemplatesServerTransport { + return &ContentTemplatesServerTransport{ + srv: srv, + newListPager: newTracker[azfake.PagerResponder[armsecurityinsights.ContentTemplatesClientListResponse]](), + } +} + +// ContentTemplatesServerTransport connects instances of armsecurityinsights.ContentTemplatesClient to instances of ContentTemplatesServer. +// Don't use this type directly, use NewContentTemplatesServerTransport instead. +type ContentTemplatesServerTransport struct { + srv *ContentTemplatesServer + newListPager *tracker[azfake.PagerResponder[armsecurityinsights.ContentTemplatesClientListResponse]] +} + +// Do implements the policy.Transporter interface for ContentTemplatesServerTransport. +func (c *ContentTemplatesServerTransport) Do(req *http.Request) (*http.Response, error) { + rawMethod := req.Context().Value(runtime.CtxAPINameKey{}) + method, ok := rawMethod.(string) + if !ok { + return nil, nonRetriableError{errors.New("unable to dispatch request, missing value for CtxAPINameKey")} + } + + var resp *http.Response + var err error + + switch method { + case "ContentTemplatesClient.NewListPager": + resp, err = c.dispatchNewListPager(req) + default: + err = fmt.Errorf("unhandled API %s", method) + } + + if err != nil { + return nil, err + } + + return resp, nil +} + +func (c *ContentTemplatesServerTransport) dispatchNewListPager(req *http.Request) (*http.Response, error) { + if c.srv.NewListPager == nil { + return nil, &nonRetriableError{errors.New("fake for method NewListPager not implemented")} + } + newListPager := c.newListPager.get(req) + if newListPager == nil { + const regexStr = `/subscriptions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/resourceGroups/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.OperationalInsights/workspaces/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.SecurityInsights/contentTemplates` + regex := regexp.MustCompile(regexStr) + matches := regex.FindStringSubmatch(req.URL.EscapedPath()) + if matches == nil || len(matches) < 3 { + return nil, fmt.Errorf("failed to parse path %s", req.URL.Path) + } + qp := req.URL.Query() + resourceGroupNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("resourceGroupName")]) + if err != nil { + return nil, err + } + workspaceNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("workspaceName")]) + if err != nil { + return nil, err + } + filterUnescaped, err := url.QueryUnescape(qp.Get("$filter")) + if err != nil { + return nil, err + } + filterParam := getOptional(filterUnescaped) + orderbyUnescaped, err := url.QueryUnescape(qp.Get("$orderby")) + if err != nil { + return nil, err + } + orderbyParam := getOptional(orderbyUnescaped) + expandUnescaped, err := url.QueryUnescape(qp.Get("$expand")) + if err != nil { + return nil, err + } + expandParam := getOptional(expandUnescaped) + searchUnescaped, err := url.QueryUnescape(qp.Get("$search")) + if err != nil { + return nil, err + } + searchParam := getOptional(searchUnescaped) + countUnescaped, err := url.QueryUnescape(qp.Get("$count")) + if err != nil { + return nil, err + } + countParam, err := parseOptional(countUnescaped, strconv.ParseBool) + if err != nil { + return nil, err + } + topUnescaped, err := url.QueryUnescape(qp.Get("$top")) + if err != nil { + return nil, err + } + topParam, err := parseOptional(topUnescaped, func(v string) (int32, error) { + p, parseErr := strconv.ParseInt(v, 10, 32) + if parseErr != nil { + return 0, parseErr + } + return int32(p), nil + }) + if err != nil { + return nil, err + } + skipUnescaped, err := url.QueryUnescape(qp.Get("$skip")) + if err != nil { + return nil, err + } + skipParam, err := parseOptional(skipUnescaped, func(v string) (int32, error) { + p, parseErr := strconv.ParseInt(v, 10, 32) + if parseErr != nil { + return 0, parseErr + } + return int32(p), nil + }) + if err != nil { + return nil, err + } + skipTokenUnescaped, err := url.QueryUnescape(qp.Get("$skipToken")) + if err != nil { + return nil, err + } + skipTokenParam := getOptional(skipTokenUnescaped) + var options *armsecurityinsights.ContentTemplatesClientListOptions + if filterParam != nil || orderbyParam != nil || expandParam != nil || searchParam != nil || countParam != nil || topParam != nil || skipParam != nil || skipTokenParam != nil { + options = &armsecurityinsights.ContentTemplatesClientListOptions{ + Filter: filterParam, + Orderby: orderbyParam, + Expand: expandParam, + Search: searchParam, + Count: countParam, + Top: topParam, + Skip: skipParam, + SkipToken: skipTokenParam, + } + } + resp := c.srv.NewListPager(resourceGroupNameParam, workspaceNameParam, options) + newListPager = &resp + c.newListPager.add(req, newListPager) + server.PagerResponderInjectNextLinks(newListPager, req, func(page *armsecurityinsights.ContentTemplatesClientListResponse, createLink func() string) { + page.NextLink = to.Ptr(createLink()) + }) + } + resp, err := server.PagerResponderNext(newListPager, req) + if err != nil { + return nil, err + } + if !contains([]int{http.StatusOK}, resp.StatusCode) { + c.newListPager.remove(req) + return nil, &nonRetriableError{fmt.Errorf("unexpected status code %d. acceptable values are http.StatusOK", resp.StatusCode)} + } + if !server.PagerResponderMore(newListPager) { + c.newListPager.remove(req) + } + return resp, nil +} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/bookmarkrelations_server.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/dataconnectordefinitions_server.go similarity index 51% rename from sdk/resourcemanager/securityinsights/armsecurityinsights/fake/bookmarkrelations_server.go rename to sdk/resourcemanager/securityinsights/armsecurityinsights/fake/dataconnectordefinitions_server.go index e97bb37915f4..ae645ae365a7 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/bookmarkrelations_server.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/dataconnectordefinitions_server.go @@ -20,47 +20,46 @@ import ( "net/http" "net/url" "regexp" - "strconv" ) -// BookmarkRelationsServer is a fake server for instances of the armsecurityinsights.BookmarkRelationsClient type. -type BookmarkRelationsServer struct { - // CreateOrUpdate is the fake for method BookmarkRelationsClient.CreateOrUpdate +// DataConnectorDefinitionsServer is a fake server for instances of the armsecurityinsights.DataConnectorDefinitionsClient type. +type DataConnectorDefinitionsServer struct { + // CreateOrUpdate is the fake for method DataConnectorDefinitionsClient.CreateOrUpdate // HTTP status codes to indicate success: http.StatusOK, http.StatusCreated - CreateOrUpdate func(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string, relationName string, relation armsecurityinsights.Relation, options *armsecurityinsights.BookmarkRelationsClientCreateOrUpdateOptions) (resp azfake.Responder[armsecurityinsights.BookmarkRelationsClientCreateOrUpdateResponse], errResp azfake.ErrorResponder) + CreateOrUpdate func(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorDefinitionName string, connectorDefinitionInput armsecurityinsights.DataConnectorDefinitionClassification, options *armsecurityinsights.DataConnectorDefinitionsClientCreateOrUpdateOptions) (resp azfake.Responder[armsecurityinsights.DataConnectorDefinitionsClientCreateOrUpdateResponse], errResp azfake.ErrorResponder) - // Delete is the fake for method BookmarkRelationsClient.Delete + // Delete is the fake for method DataConnectorDefinitionsClient.Delete // HTTP status codes to indicate success: http.StatusOK, http.StatusNoContent - Delete func(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string, relationName string, options *armsecurityinsights.BookmarkRelationsClientDeleteOptions) (resp azfake.Responder[armsecurityinsights.BookmarkRelationsClientDeleteResponse], errResp azfake.ErrorResponder) + Delete func(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorDefinitionName string, options *armsecurityinsights.DataConnectorDefinitionsClientDeleteOptions) (resp azfake.Responder[armsecurityinsights.DataConnectorDefinitionsClientDeleteResponse], errResp azfake.ErrorResponder) - // Get is the fake for method BookmarkRelationsClient.Get + // Get is the fake for method DataConnectorDefinitionsClient.Get // HTTP status codes to indicate success: http.StatusOK - Get func(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string, relationName string, options *armsecurityinsights.BookmarkRelationsClientGetOptions) (resp azfake.Responder[armsecurityinsights.BookmarkRelationsClientGetResponse], errResp azfake.ErrorResponder) + Get func(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorDefinitionName string, options *armsecurityinsights.DataConnectorDefinitionsClientGetOptions) (resp azfake.Responder[armsecurityinsights.DataConnectorDefinitionsClientGetResponse], errResp azfake.ErrorResponder) - // NewListPager is the fake for method BookmarkRelationsClient.NewListPager + // NewListPager is the fake for method DataConnectorDefinitionsClient.NewListPager // HTTP status codes to indicate success: http.StatusOK - NewListPager func(resourceGroupName string, workspaceName string, bookmarkID string, options *armsecurityinsights.BookmarkRelationsClientListOptions) (resp azfake.PagerResponder[armsecurityinsights.BookmarkRelationsClientListResponse]) + NewListPager func(resourceGroupName string, workspaceName string, options *armsecurityinsights.DataConnectorDefinitionsClientListOptions) (resp azfake.PagerResponder[armsecurityinsights.DataConnectorDefinitionsClientListResponse]) } -// NewBookmarkRelationsServerTransport creates a new instance of BookmarkRelationsServerTransport with the provided implementation. -// The returned BookmarkRelationsServerTransport instance is connected to an instance of armsecurityinsights.BookmarkRelationsClient via the +// NewDataConnectorDefinitionsServerTransport creates a new instance of DataConnectorDefinitionsServerTransport with the provided implementation. +// The returned DataConnectorDefinitionsServerTransport instance is connected to an instance of armsecurityinsights.DataConnectorDefinitionsClient via the // azcore.ClientOptions.Transporter field in the client's constructor parameters. -func NewBookmarkRelationsServerTransport(srv *BookmarkRelationsServer) *BookmarkRelationsServerTransport { - return &BookmarkRelationsServerTransport{ +func NewDataConnectorDefinitionsServerTransport(srv *DataConnectorDefinitionsServer) *DataConnectorDefinitionsServerTransport { + return &DataConnectorDefinitionsServerTransport{ srv: srv, - newListPager: newTracker[azfake.PagerResponder[armsecurityinsights.BookmarkRelationsClientListResponse]](), + newListPager: newTracker[azfake.PagerResponder[armsecurityinsights.DataConnectorDefinitionsClientListResponse]](), } } -// BookmarkRelationsServerTransport connects instances of armsecurityinsights.BookmarkRelationsClient to instances of BookmarkRelationsServer. -// Don't use this type directly, use NewBookmarkRelationsServerTransport instead. -type BookmarkRelationsServerTransport struct { - srv *BookmarkRelationsServer - newListPager *tracker[azfake.PagerResponder[armsecurityinsights.BookmarkRelationsClientListResponse]] +// DataConnectorDefinitionsServerTransport connects instances of armsecurityinsights.DataConnectorDefinitionsClient to instances of DataConnectorDefinitionsServer. +// Don't use this type directly, use NewDataConnectorDefinitionsServerTransport instead. +type DataConnectorDefinitionsServerTransport struct { + srv *DataConnectorDefinitionsServer + newListPager *tracker[azfake.PagerResponder[armsecurityinsights.DataConnectorDefinitionsClientListResponse]] } -// Do implements the policy.Transporter interface for BookmarkRelationsServerTransport. -func (b *BookmarkRelationsServerTransport) Do(req *http.Request) (*http.Response, error) { +// Do implements the policy.Transporter interface for DataConnectorDefinitionsServerTransport. +func (d *DataConnectorDefinitionsServerTransport) Do(req *http.Request) (*http.Response, error) { rawMethod := req.Context().Value(runtime.CtxAPINameKey{}) method, ok := rawMethod.(string) if !ok { @@ -71,14 +70,14 @@ func (b *BookmarkRelationsServerTransport) Do(req *http.Request) (*http.Response var err error switch method { - case "BookmarkRelationsClient.CreateOrUpdate": - resp, err = b.dispatchCreateOrUpdate(req) - case "BookmarkRelationsClient.Delete": - resp, err = b.dispatchDelete(req) - case "BookmarkRelationsClient.Get": - resp, err = b.dispatchGet(req) - case "BookmarkRelationsClient.NewListPager": - resp, err = b.dispatchNewListPager(req) + case "DataConnectorDefinitionsClient.CreateOrUpdate": + resp, err = d.dispatchCreateOrUpdate(req) + case "DataConnectorDefinitionsClient.Delete": + resp, err = d.dispatchDelete(req) + case "DataConnectorDefinitionsClient.Get": + resp, err = d.dispatchGet(req) + case "DataConnectorDefinitionsClient.NewListPager": + resp, err = d.dispatchNewListPager(req) default: err = fmt.Errorf("unhandled API %s", method) } @@ -90,37 +89,37 @@ func (b *BookmarkRelationsServerTransport) Do(req *http.Request) (*http.Response return resp, nil } -func (b *BookmarkRelationsServerTransport) dispatchCreateOrUpdate(req *http.Request) (*http.Response, error) { - if b.srv.CreateOrUpdate == nil { +func (d *DataConnectorDefinitionsServerTransport) dispatchCreateOrUpdate(req *http.Request) (*http.Response, error) { + if d.srv.CreateOrUpdate == nil { return nil, &nonRetriableError{errors.New("fake for method CreateOrUpdate not implemented")} } - const regexStr = `/subscriptions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/resourceGroups/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.OperationalInsights/workspaces/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.SecurityInsights/bookmarks/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/relations/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)` + const regexStr = `/subscriptions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/resourceGroups/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.OperationalInsights/workspaces/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.SecurityInsights/dataConnectorDefinitions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)` regex := regexp.MustCompile(regexStr) matches := regex.FindStringSubmatch(req.URL.EscapedPath()) - if matches == nil || len(matches) < 5 { + if matches == nil || len(matches) < 4 { return nil, fmt.Errorf("failed to parse path %s", req.URL.Path) } - body, err := server.UnmarshalRequestAsJSON[armsecurityinsights.Relation](req) + raw, err := readRequestBody(req) if err != nil { return nil, err } - resourceGroupNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("resourceGroupName")]) + body, err := unmarshalDataConnectorDefinitionClassification(raw) if err != nil { return nil, err } - workspaceNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("workspaceName")]) + resourceGroupNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("resourceGroupName")]) if err != nil { return nil, err } - bookmarkIDParam, err := url.PathUnescape(matches[regex.SubexpIndex("bookmarkId")]) + workspaceNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("workspaceName")]) if err != nil { return nil, err } - relationNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("relationName")]) + dataConnectorDefinitionNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("dataConnectorDefinitionName")]) if err != nil { return nil, err } - respr, errRespr := b.srv.CreateOrUpdate(req.Context(), resourceGroupNameParam, workspaceNameParam, bookmarkIDParam, relationNameParam, body, nil) + respr, errRespr := d.srv.CreateOrUpdate(req.Context(), resourceGroupNameParam, workspaceNameParam, dataConnectorDefinitionNameParam, body, nil) if respErr := server.GetError(errRespr, req); respErr != nil { return nil, respErr } @@ -128,21 +127,21 @@ func (b *BookmarkRelationsServerTransport) dispatchCreateOrUpdate(req *http.Requ if !contains([]int{http.StatusOK, http.StatusCreated}, respContent.HTTPStatus) { return nil, &nonRetriableError{fmt.Errorf("unexpected status code %d. acceptable values are http.StatusOK, http.StatusCreated", respContent.HTTPStatus)} } - resp, err := server.MarshalResponseAsJSON(respContent, server.GetResponse(respr).Relation, req) + resp, err := server.MarshalResponseAsJSON(respContent, server.GetResponse(respr).DataConnectorDefinitionClassification, req) if err != nil { return nil, err } return resp, nil } -func (b *BookmarkRelationsServerTransport) dispatchDelete(req *http.Request) (*http.Response, error) { - if b.srv.Delete == nil { +func (d *DataConnectorDefinitionsServerTransport) dispatchDelete(req *http.Request) (*http.Response, error) { + if d.srv.Delete == nil { return nil, &nonRetriableError{errors.New("fake for method Delete not implemented")} } - const regexStr = `/subscriptions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/resourceGroups/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.OperationalInsights/workspaces/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.SecurityInsights/bookmarks/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/relations/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)` + const regexStr = `/subscriptions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/resourceGroups/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.OperationalInsights/workspaces/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.SecurityInsights/dataConnectorDefinitions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)` regex := regexp.MustCompile(regexStr) matches := regex.FindStringSubmatch(req.URL.EscapedPath()) - if matches == nil || len(matches) < 5 { + if matches == nil || len(matches) < 4 { return nil, fmt.Errorf("failed to parse path %s", req.URL.Path) } resourceGroupNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("resourceGroupName")]) @@ -153,15 +152,11 @@ func (b *BookmarkRelationsServerTransport) dispatchDelete(req *http.Request) (*h if err != nil { return nil, err } - bookmarkIDParam, err := url.PathUnescape(matches[regex.SubexpIndex("bookmarkId")]) + dataConnectorDefinitionNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("dataConnectorDefinitionName")]) if err != nil { return nil, err } - relationNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("relationName")]) - if err != nil { - return nil, err - } - respr, errRespr := b.srv.Delete(req.Context(), resourceGroupNameParam, workspaceNameParam, bookmarkIDParam, relationNameParam, nil) + respr, errRespr := d.srv.Delete(req.Context(), resourceGroupNameParam, workspaceNameParam, dataConnectorDefinitionNameParam, nil) if respErr := server.GetError(errRespr, req); respErr != nil { return nil, respErr } @@ -176,14 +171,14 @@ func (b *BookmarkRelationsServerTransport) dispatchDelete(req *http.Request) (*h return resp, nil } -func (b *BookmarkRelationsServerTransport) dispatchGet(req *http.Request) (*http.Response, error) { - if b.srv.Get == nil { +func (d *DataConnectorDefinitionsServerTransport) dispatchGet(req *http.Request) (*http.Response, error) { + if d.srv.Get == nil { return nil, &nonRetriableError{errors.New("fake for method Get not implemented")} } - const regexStr = `/subscriptions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/resourceGroups/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.OperationalInsights/workspaces/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.SecurityInsights/bookmarks/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/relations/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)` + const regexStr = `/subscriptions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/resourceGroups/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.OperationalInsights/workspaces/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.SecurityInsights/dataConnectorDefinitions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)` regex := regexp.MustCompile(regexStr) matches := regex.FindStringSubmatch(req.URL.EscapedPath()) - if matches == nil || len(matches) < 5 { + if matches == nil || len(matches) < 4 { return nil, fmt.Errorf("failed to parse path %s", req.URL.Path) } resourceGroupNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("resourceGroupName")]) @@ -194,15 +189,11 @@ func (b *BookmarkRelationsServerTransport) dispatchGet(req *http.Request) (*http if err != nil { return nil, err } - bookmarkIDParam, err := url.PathUnescape(matches[regex.SubexpIndex("bookmarkId")]) + dataConnectorDefinitionNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("dataConnectorDefinitionName")]) if err != nil { return nil, err } - relationNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("relationName")]) - if err != nil { - return nil, err - } - respr, errRespr := b.srv.Get(req.Context(), resourceGroupNameParam, workspaceNameParam, bookmarkIDParam, relationNameParam, nil) + respr, errRespr := d.srv.Get(req.Context(), resourceGroupNameParam, workspaceNameParam, dataConnectorDefinitionNameParam, nil) if respErr := server.GetError(errRespr, req); respErr != nil { return nil, respErr } @@ -210,26 +201,25 @@ func (b *BookmarkRelationsServerTransport) dispatchGet(req *http.Request) (*http if !contains([]int{http.StatusOK}, respContent.HTTPStatus) { return nil, &nonRetriableError{fmt.Errorf("unexpected status code %d. acceptable values are http.StatusOK", respContent.HTTPStatus)} } - resp, err := server.MarshalResponseAsJSON(respContent, server.GetResponse(respr).Relation, req) + resp, err := server.MarshalResponseAsJSON(respContent, server.GetResponse(respr).DataConnectorDefinitionClassification, req) if err != nil { return nil, err } return resp, nil } -func (b *BookmarkRelationsServerTransport) dispatchNewListPager(req *http.Request) (*http.Response, error) { - if b.srv.NewListPager == nil { +func (d *DataConnectorDefinitionsServerTransport) dispatchNewListPager(req *http.Request) (*http.Response, error) { + if d.srv.NewListPager == nil { return nil, &nonRetriableError{errors.New("fake for method NewListPager not implemented")} } - newListPager := b.newListPager.get(req) + newListPager := d.newListPager.get(req) if newListPager == nil { - const regexStr = `/subscriptions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/resourceGroups/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.OperationalInsights/workspaces/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.SecurityInsights/bookmarks/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/relations` + const regexStr = `/subscriptions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/resourceGroups/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.OperationalInsights/workspaces/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.SecurityInsights/dataConnectorDefinitions` regex := regexp.MustCompile(regexStr) matches := regex.FindStringSubmatch(req.URL.EscapedPath()) - if matches == nil || len(matches) < 4 { + if matches == nil || len(matches) < 3 { return nil, fmt.Errorf("failed to parse path %s", req.URL.Path) } - qp := req.URL.Query() resourceGroupNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("resourceGroupName")]) if err != nil { return nil, err @@ -238,52 +228,10 @@ func (b *BookmarkRelationsServerTransport) dispatchNewListPager(req *http.Reques if err != nil { return nil, err } - bookmarkIDParam, err := url.PathUnescape(matches[regex.SubexpIndex("bookmarkId")]) - if err != nil { - return nil, err - } - filterUnescaped, err := url.QueryUnescape(qp.Get("$filter")) - if err != nil { - return nil, err - } - filterParam := getOptional(filterUnescaped) - orderbyUnescaped, err := url.QueryUnescape(qp.Get("$orderby")) - if err != nil { - return nil, err - } - orderbyParam := getOptional(orderbyUnescaped) - topUnescaped, err := url.QueryUnescape(qp.Get("$top")) - if err != nil { - return nil, err - } - topParam, err := parseOptional(topUnescaped, func(v string) (int32, error) { - p, parseErr := strconv.ParseInt(v, 10, 32) - if parseErr != nil { - return 0, parseErr - } - return int32(p), nil - }) - if err != nil { - return nil, err - } - skipTokenUnescaped, err := url.QueryUnescape(qp.Get("$skipToken")) - if err != nil { - return nil, err - } - skipTokenParam := getOptional(skipTokenUnescaped) - var options *armsecurityinsights.BookmarkRelationsClientListOptions - if filterParam != nil || orderbyParam != nil || topParam != nil || skipTokenParam != nil { - options = &armsecurityinsights.BookmarkRelationsClientListOptions{ - Filter: filterParam, - Orderby: orderbyParam, - Top: topParam, - SkipToken: skipTokenParam, - } - } - resp := b.srv.NewListPager(resourceGroupNameParam, workspaceNameParam, bookmarkIDParam, options) + resp := d.srv.NewListPager(resourceGroupNameParam, workspaceNameParam, nil) newListPager = &resp - b.newListPager.add(req, newListPager) - server.PagerResponderInjectNextLinks(newListPager, req, func(page *armsecurityinsights.BookmarkRelationsClientListResponse, createLink func() string) { + d.newListPager.add(req, newListPager) + server.PagerResponderInjectNextLinks(newListPager, req, func(page *armsecurityinsights.DataConnectorDefinitionsClientListResponse, createLink func() string) { page.NextLink = to.Ptr(createLink()) }) } @@ -292,11 +240,11 @@ func (b *BookmarkRelationsServerTransport) dispatchNewListPager(req *http.Reques return nil, err } if !contains([]int{http.StatusOK}, resp.StatusCode) { - b.newListPager.remove(req) + d.newListPager.remove(req) return nil, &nonRetriableError{fmt.Errorf("unexpected status code %d. acceptable values are http.StatusOK", resp.StatusCode)} } if !server.PagerResponderMore(newListPager) { - b.newListPager.remove(req) + d.newListPager.remove(req) } return resp, nil } diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/dataconnectors_server.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/dataconnectors_server.go index 920432830b0c..1f6afe156162 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/dataconnectors_server.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/dataconnectors_server.go @@ -24,10 +24,6 @@ import ( // DataConnectorsServer is a fake server for instances of the armsecurityinsights.DataConnectorsClient type. type DataConnectorsServer struct { - // Connect is the fake for method DataConnectorsClient.Connect - // HTTP status codes to indicate success: http.StatusOK - Connect func(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorID string, connectBody armsecurityinsights.DataConnectorConnectBody, options *armsecurityinsights.DataConnectorsClientConnectOptions) (resp azfake.Responder[armsecurityinsights.DataConnectorsClientConnectResponse], errResp azfake.ErrorResponder) - // CreateOrUpdate is the fake for method DataConnectorsClient.CreateOrUpdate // HTTP status codes to indicate success: http.StatusOK, http.StatusCreated CreateOrUpdate func(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorID string, dataConnector armsecurityinsights.DataConnectorClassification, options *armsecurityinsights.DataConnectorsClientCreateOrUpdateOptions) (resp azfake.Responder[armsecurityinsights.DataConnectorsClientCreateOrUpdateResponse], errResp azfake.ErrorResponder) @@ -36,10 +32,6 @@ type DataConnectorsServer struct { // HTTP status codes to indicate success: http.StatusOK, http.StatusNoContent Delete func(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorID string, options *armsecurityinsights.DataConnectorsClientDeleteOptions) (resp azfake.Responder[armsecurityinsights.DataConnectorsClientDeleteResponse], errResp azfake.ErrorResponder) - // Disconnect is the fake for method DataConnectorsClient.Disconnect - // HTTP status codes to indicate success: http.StatusOK - Disconnect func(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorID string, options *armsecurityinsights.DataConnectorsClientDisconnectOptions) (resp azfake.Responder[armsecurityinsights.DataConnectorsClientDisconnectResponse], errResp azfake.ErrorResponder) - // Get is the fake for method DataConnectorsClient.Get // HTTP status codes to indicate success: http.StatusOK Get func(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorID string, options *armsecurityinsights.DataConnectorsClientGetOptions) (resp azfake.Responder[armsecurityinsights.DataConnectorsClientGetResponse], errResp azfake.ErrorResponder) @@ -78,14 +70,10 @@ func (d *DataConnectorsServerTransport) Do(req *http.Request) (*http.Response, e var err error switch method { - case "DataConnectorsClient.Connect": - resp, err = d.dispatchConnect(req) case "DataConnectorsClient.CreateOrUpdate": resp, err = d.dispatchCreateOrUpdate(req) case "DataConnectorsClient.Delete": resp, err = d.dispatchDelete(req) - case "DataConnectorsClient.Disconnect": - resp, err = d.dispatchDisconnect(req) case "DataConnectorsClient.Get": resp, err = d.dispatchGet(req) case "DataConnectorsClient.NewListPager": @@ -101,47 +89,6 @@ func (d *DataConnectorsServerTransport) Do(req *http.Request) (*http.Response, e return resp, nil } -func (d *DataConnectorsServerTransport) dispatchConnect(req *http.Request) (*http.Response, error) { - if d.srv.Connect == nil { - return nil, &nonRetriableError{errors.New("fake for method Connect not implemented")} - } - const regexStr = `/subscriptions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/resourceGroups/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.OperationalInsights/workspaces/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.SecurityInsights/dataConnectors/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/connect` - regex := regexp.MustCompile(regexStr) - matches := regex.FindStringSubmatch(req.URL.EscapedPath()) - if matches == nil || len(matches) < 4 { - return nil, fmt.Errorf("failed to parse path %s", req.URL.Path) - } - body, err := server.UnmarshalRequestAsJSON[armsecurityinsights.DataConnectorConnectBody](req) - if err != nil { - return nil, err - } - resourceGroupNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("resourceGroupName")]) - if err != nil { - return nil, err - } - workspaceNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("workspaceName")]) - if err != nil { - return nil, err - } - dataConnectorIDParam, err := url.PathUnescape(matches[regex.SubexpIndex("dataConnectorId")]) - if err != nil { - return nil, err - } - respr, errRespr := d.srv.Connect(req.Context(), resourceGroupNameParam, workspaceNameParam, dataConnectorIDParam, body, nil) - if respErr := server.GetError(errRespr, req); respErr != nil { - return nil, respErr - } - respContent := server.GetResponseContent(respr) - if !contains([]int{http.StatusOK}, respContent.HTTPStatus) { - return nil, &nonRetriableError{fmt.Errorf("unexpected status code %d. acceptable values are http.StatusOK", respContent.HTTPStatus)} - } - resp, err := server.NewResponse(respContent, req, nil) - if err != nil { - return nil, err - } - return resp, nil -} - func (d *DataConnectorsServerTransport) dispatchCreateOrUpdate(req *http.Request) (*http.Response, error) { if d.srv.CreateOrUpdate == nil { return nil, &nonRetriableError{errors.New("fake for method CreateOrUpdate not implemented")} @@ -224,43 +171,6 @@ func (d *DataConnectorsServerTransport) dispatchDelete(req *http.Request) (*http return resp, nil } -func (d *DataConnectorsServerTransport) dispatchDisconnect(req *http.Request) (*http.Response, error) { - if d.srv.Disconnect == nil { - return nil, &nonRetriableError{errors.New("fake for method Disconnect not implemented")} - } - const regexStr = `/subscriptions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/resourceGroups/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.OperationalInsights/workspaces/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.SecurityInsights/dataConnectors/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/disconnect` - regex := regexp.MustCompile(regexStr) - matches := regex.FindStringSubmatch(req.URL.EscapedPath()) - if matches == nil || len(matches) < 4 { - return nil, fmt.Errorf("failed to parse path %s", req.URL.Path) - } - resourceGroupNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("resourceGroupName")]) - if err != nil { - return nil, err - } - workspaceNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("workspaceName")]) - if err != nil { - return nil, err - } - dataConnectorIDParam, err := url.PathUnescape(matches[regex.SubexpIndex("dataConnectorId")]) - if err != nil { - return nil, err - } - respr, errRespr := d.srv.Disconnect(req.Context(), resourceGroupNameParam, workspaceNameParam, dataConnectorIDParam, nil) - if respErr := server.GetError(errRespr, req); respErr != nil { - return nil, respErr - } - respContent := server.GetResponseContent(respr) - if !contains([]int{http.StatusOK}, respContent.HTTPStatus) { - return nil, &nonRetriableError{fmt.Errorf("unexpected status code %d. acceptable values are http.StatusOK", respContent.HTTPStatus)} - } - resp, err := server.NewResponse(respContent, req, nil) - if err != nil { - return nil, err - } - return resp, nil -} - func (d *DataConnectorsServerTransport) dispatchGet(req *http.Request) (*http.Response, error) { if d.srv.Get == nil { return nil, &nonRetriableError{errors.New("fake for method Get not implemented")} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/dataconnectorscheckrequirements_server.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/dataconnectorscheckrequirements_server.go deleted file mode 100644 index 1874731e603f..000000000000 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/dataconnectorscheckrequirements_server.go +++ /dev/null @@ -1,108 +0,0 @@ -//go:build go1.18 -// +build go1.18 - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See License.txt in the project root for license information. -// Code generated by Microsoft (R) AutoRest Code Generator. DO NOT EDIT. -// Changes may cause incorrect behavior and will be lost if the code is regenerated. - -package fake - -import ( - "context" - "errors" - "fmt" - azfake "github.com/Azure/azure-sdk-for-go/sdk/azcore/fake" - "github.com/Azure/azure-sdk-for-go/sdk/azcore/fake/server" - "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" - "net/http" - "net/url" - "regexp" -) - -// DataConnectorsCheckRequirementsServer is a fake server for instances of the armsecurityinsights.DataConnectorsCheckRequirementsClient type. -type DataConnectorsCheckRequirementsServer struct { - // Post is the fake for method DataConnectorsCheckRequirementsClient.Post - // HTTP status codes to indicate success: http.StatusOK - Post func(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorsCheckRequirements armsecurityinsights.DataConnectorsCheckRequirementsClassification, options *armsecurityinsights.DataConnectorsCheckRequirementsClientPostOptions) (resp azfake.Responder[armsecurityinsights.DataConnectorsCheckRequirementsClientPostResponse], errResp azfake.ErrorResponder) -} - -// NewDataConnectorsCheckRequirementsServerTransport creates a new instance of DataConnectorsCheckRequirementsServerTransport with the provided implementation. -// The returned DataConnectorsCheckRequirementsServerTransport instance is connected to an instance of armsecurityinsights.DataConnectorsCheckRequirementsClient via the -// azcore.ClientOptions.Transporter field in the client's constructor parameters. -func NewDataConnectorsCheckRequirementsServerTransport(srv *DataConnectorsCheckRequirementsServer) *DataConnectorsCheckRequirementsServerTransport { - return &DataConnectorsCheckRequirementsServerTransport{srv: srv} -} - -// DataConnectorsCheckRequirementsServerTransport connects instances of armsecurityinsights.DataConnectorsCheckRequirementsClient to instances of DataConnectorsCheckRequirementsServer. -// Don't use this type directly, use NewDataConnectorsCheckRequirementsServerTransport instead. -type DataConnectorsCheckRequirementsServerTransport struct { - srv *DataConnectorsCheckRequirementsServer -} - -// Do implements the policy.Transporter interface for DataConnectorsCheckRequirementsServerTransport. -func (d *DataConnectorsCheckRequirementsServerTransport) Do(req *http.Request) (*http.Response, error) { - rawMethod := req.Context().Value(runtime.CtxAPINameKey{}) - method, ok := rawMethod.(string) - if !ok { - return nil, nonRetriableError{errors.New("unable to dispatch request, missing value for CtxAPINameKey")} - } - - var resp *http.Response - var err error - - switch method { - case "DataConnectorsCheckRequirementsClient.Post": - resp, err = d.dispatchPost(req) - default: - err = fmt.Errorf("unhandled API %s", method) - } - - if err != nil { - return nil, err - } - - return resp, nil -} - -func (d *DataConnectorsCheckRequirementsServerTransport) dispatchPost(req *http.Request) (*http.Response, error) { - if d.srv.Post == nil { - return nil, &nonRetriableError{errors.New("fake for method Post not implemented")} - } - const regexStr = `/subscriptions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/resourceGroups/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.OperationalInsights/workspaces/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.SecurityInsights/dataConnectorsCheckRequirements` - regex := regexp.MustCompile(regexStr) - matches := regex.FindStringSubmatch(req.URL.EscapedPath()) - if matches == nil || len(matches) < 3 { - return nil, fmt.Errorf("failed to parse path %s", req.URL.Path) - } - raw, err := readRequestBody(req) - if err != nil { - return nil, err - } - body, err := unmarshalDataConnectorsCheckRequirementsClassification(raw) - if err != nil { - return nil, err - } - resourceGroupNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("resourceGroupName")]) - if err != nil { - return nil, err - } - workspaceNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("workspaceName")]) - if err != nil { - return nil, err - } - respr, errRespr := d.srv.Post(req.Context(), resourceGroupNameParam, workspaceNameParam, body, nil) - if respErr := server.GetError(errRespr, req); respErr != nil { - return nil, respErr - } - respContent := server.GetResponseContent(respr) - if !contains([]int{http.StatusOK}, respContent.HTTPStatus) { - return nil, &nonRetriableError{fmt.Errorf("unexpected status code %d. acceptable values are http.StatusOK", respContent.HTTPStatus)} - } - resp, err := server.MarshalResponseAsJSON(respContent, server.GetResponse(respr).DataConnectorRequirementsState, req) - if err != nil { - return nil, err - } - return resp, nil -} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/domainwhois_server.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/domainwhois_server.go deleted file mode 100644 index eadbede0efd2..000000000000 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/domainwhois_server.go +++ /dev/null @@ -1,101 +0,0 @@ -//go:build go1.18 -// +build go1.18 - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See License.txt in the project root for license information. -// Code generated by Microsoft (R) AutoRest Code Generator. DO NOT EDIT. -// Changes may cause incorrect behavior and will be lost if the code is regenerated. - -package fake - -import ( - "context" - "errors" - "fmt" - azfake "github.com/Azure/azure-sdk-for-go/sdk/azcore/fake" - "github.com/Azure/azure-sdk-for-go/sdk/azcore/fake/server" - "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" - "net/http" - "net/url" - "regexp" -) - -// DomainWhoisServer is a fake server for instances of the armsecurityinsights.DomainWhoisClient type. -type DomainWhoisServer struct { - // Get is the fake for method DomainWhoisClient.Get - // HTTP status codes to indicate success: http.StatusOK - Get func(ctx context.Context, resourceGroupName string, domain string, options *armsecurityinsights.DomainWhoisClientGetOptions) (resp azfake.Responder[armsecurityinsights.DomainWhoisClientGetResponse], errResp azfake.ErrorResponder) -} - -// NewDomainWhoisServerTransport creates a new instance of DomainWhoisServerTransport with the provided implementation. -// The returned DomainWhoisServerTransport instance is connected to an instance of armsecurityinsights.DomainWhoisClient via the -// azcore.ClientOptions.Transporter field in the client's constructor parameters. -func NewDomainWhoisServerTransport(srv *DomainWhoisServer) *DomainWhoisServerTransport { - return &DomainWhoisServerTransport{srv: srv} -} - -// DomainWhoisServerTransport connects instances of armsecurityinsights.DomainWhoisClient to instances of DomainWhoisServer. -// Don't use this type directly, use NewDomainWhoisServerTransport instead. -type DomainWhoisServerTransport struct { - srv *DomainWhoisServer -} - -// Do implements the policy.Transporter interface for DomainWhoisServerTransport. -func (d *DomainWhoisServerTransport) Do(req *http.Request) (*http.Response, error) { - rawMethod := req.Context().Value(runtime.CtxAPINameKey{}) - method, ok := rawMethod.(string) - if !ok { - return nil, nonRetriableError{errors.New("unable to dispatch request, missing value for CtxAPINameKey")} - } - - var resp *http.Response - var err error - - switch method { - case "DomainWhoisClient.Get": - resp, err = d.dispatchGet(req) - default: - err = fmt.Errorf("unhandled API %s", method) - } - - if err != nil { - return nil, err - } - - return resp, nil -} - -func (d *DomainWhoisServerTransport) dispatchGet(req *http.Request) (*http.Response, error) { - if d.srv.Get == nil { - return nil, &nonRetriableError{errors.New("fake for method Get not implemented")} - } - const regexStr = `/subscriptions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/resourceGroups/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.SecurityInsights/enrichment/domain/whois/` - regex := regexp.MustCompile(regexStr) - matches := regex.FindStringSubmatch(req.URL.EscapedPath()) - if matches == nil || len(matches) < 2 { - return nil, fmt.Errorf("failed to parse path %s", req.URL.Path) - } - qp := req.URL.Query() - resourceGroupNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("resourceGroupName")]) - if err != nil { - return nil, err - } - domainParam, err := url.QueryUnescape(qp.Get("domain")) - if err != nil { - return nil, err - } - respr, errRespr := d.srv.Get(req.Context(), resourceGroupNameParam, domainParam, nil) - if respErr := server.GetError(errRespr, req); respErr != nil { - return nil, respErr - } - respContent := server.GetResponseContent(respr) - if !contains([]int{http.StatusOK}, respContent.HTTPStatus) { - return nil, &nonRetriableError{fmt.Errorf("unexpected status code %d. acceptable values are http.StatusOK", respContent.HTTPStatus)} - } - resp, err := server.MarshalResponseAsJSON(respContent, server.GetResponse(respr).EnrichmentDomainWhois, req) - if err != nil { - return nil, err - } - return resp, nil -} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/entities_server.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/entities_server.go index eb825171dc27..a2f205949006 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/entities_server.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/entities_server.go @@ -15,51 +15,31 @@ import ( azfake "github.com/Azure/azure-sdk-for-go/sdk/azcore/fake" "github.com/Azure/azure-sdk-for-go/sdk/azcore/fake/server" "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime" - "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" "net/http" "net/url" + "reflect" "regexp" ) // EntitiesServer is a fake server for instances of the armsecurityinsights.EntitiesClient type. type EntitiesServer struct { - // Expand is the fake for method EntitiesClient.Expand - // HTTP status codes to indicate success: http.StatusOK - Expand func(ctx context.Context, resourceGroupName string, workspaceName string, entityID string, parameters armsecurityinsights.EntityExpandParameters, options *armsecurityinsights.EntitiesClientExpandOptions) (resp azfake.Responder[armsecurityinsights.EntitiesClientExpandResponse], errResp azfake.ErrorResponder) - - // Get is the fake for method EntitiesClient.Get - // HTTP status codes to indicate success: http.StatusOK - Get func(ctx context.Context, resourceGroupName string, workspaceName string, entityID string, options *armsecurityinsights.EntitiesClientGetOptions) (resp azfake.Responder[armsecurityinsights.EntitiesClientGetResponse], errResp azfake.ErrorResponder) - - // GetInsights is the fake for method EntitiesClient.GetInsights - // HTTP status codes to indicate success: http.StatusOK - GetInsights func(ctx context.Context, resourceGroupName string, workspaceName string, entityID string, parameters armsecurityinsights.EntityGetInsightsParameters, options *armsecurityinsights.EntitiesClientGetInsightsOptions) (resp azfake.Responder[armsecurityinsights.EntitiesClientGetInsightsResponse], errResp azfake.ErrorResponder) - - // NewListPager is the fake for method EntitiesClient.NewListPager - // HTTP status codes to indicate success: http.StatusOK - NewListPager func(resourceGroupName string, workspaceName string, options *armsecurityinsights.EntitiesClientListOptions) (resp azfake.PagerResponder[armsecurityinsights.EntitiesClientListResponse]) - - // Queries is the fake for method EntitiesClient.Queries - // HTTP status codes to indicate success: http.StatusOK - Queries func(ctx context.Context, resourceGroupName string, workspaceName string, entityID string, kind armsecurityinsights.EntityItemQueryKind, options *armsecurityinsights.EntitiesClientQueriesOptions) (resp azfake.Responder[armsecurityinsights.EntitiesClientQueriesResponse], errResp azfake.ErrorResponder) + // RunPlaybook is the fake for method EntitiesClient.RunPlaybook + // HTTP status codes to indicate success: http.StatusNoContent + RunPlaybook func(ctx context.Context, resourceGroupName string, workspaceName string, entityIdentifier string, options *armsecurityinsights.EntitiesClientRunPlaybookOptions) (resp azfake.Responder[armsecurityinsights.EntitiesClientRunPlaybookResponse], errResp azfake.ErrorResponder) } // NewEntitiesServerTransport creates a new instance of EntitiesServerTransport with the provided implementation. // The returned EntitiesServerTransport instance is connected to an instance of armsecurityinsights.EntitiesClient via the // azcore.ClientOptions.Transporter field in the client's constructor parameters. func NewEntitiesServerTransport(srv *EntitiesServer) *EntitiesServerTransport { - return &EntitiesServerTransport{ - srv: srv, - newListPager: newTracker[azfake.PagerResponder[armsecurityinsights.EntitiesClientListResponse]](), - } + return &EntitiesServerTransport{srv: srv} } // EntitiesServerTransport connects instances of armsecurityinsights.EntitiesClient to instances of EntitiesServer. // Don't use this type directly, use NewEntitiesServerTransport instead. type EntitiesServerTransport struct { - srv *EntitiesServer - newListPager *tracker[azfake.PagerResponder[armsecurityinsights.EntitiesClientListResponse]] + srv *EntitiesServer } // Do implements the policy.Transporter interface for EntitiesServerTransport. @@ -74,16 +54,8 @@ func (e *EntitiesServerTransport) Do(req *http.Request) (*http.Response, error) var err error switch method { - case "EntitiesClient.Expand": - resp, err = e.dispatchExpand(req) - case "EntitiesClient.Get": - resp, err = e.dispatchGet(req) - case "EntitiesClient.GetInsights": - resp, err = e.dispatchGetInsights(req) - case "EntitiesClient.NewListPager": - resp, err = e.dispatchNewListPager(req) - case "EntitiesClient.Queries": - resp, err = e.dispatchQueries(req) + case "EntitiesClient.RunPlaybook": + resp, err = e.dispatchRunPlaybook(req) default: err = fmt.Errorf("unhandled API %s", method) } @@ -95,57 +67,20 @@ func (e *EntitiesServerTransport) Do(req *http.Request) (*http.Response, error) return resp, nil } -func (e *EntitiesServerTransport) dispatchExpand(req *http.Request) (*http.Response, error) { - if e.srv.Expand == nil { - return nil, &nonRetriableError{errors.New("fake for method Expand not implemented")} +func (e *EntitiesServerTransport) dispatchRunPlaybook(req *http.Request) (*http.Response, error) { + if e.srv.RunPlaybook == nil { + return nil, &nonRetriableError{errors.New("fake for method RunPlaybook not implemented")} } - const regexStr = `/subscriptions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/resourceGroups/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.OperationalInsights/workspaces/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.SecurityInsights/entities/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/expand` + const regexStr = `/subscriptions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/resourceGroups/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.OperationalInsights/workspaces/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.SecurityInsights/entities/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/runPlaybook` regex := regexp.MustCompile(regexStr) matches := regex.FindStringSubmatch(req.URL.EscapedPath()) if matches == nil || len(matches) < 4 { return nil, fmt.Errorf("failed to parse path %s", req.URL.Path) } - body, err := server.UnmarshalRequestAsJSON[armsecurityinsights.EntityExpandParameters](req) - if err != nil { - return nil, err - } - resourceGroupNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("resourceGroupName")]) + body, err := server.UnmarshalRequestAsJSON[armsecurityinsights.EntityManualTriggerRequestBody](req) if err != nil { return nil, err } - workspaceNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("workspaceName")]) - if err != nil { - return nil, err - } - entityIDParam, err := url.PathUnescape(matches[regex.SubexpIndex("entityId")]) - if err != nil { - return nil, err - } - respr, errRespr := e.srv.Expand(req.Context(), resourceGroupNameParam, workspaceNameParam, entityIDParam, body, nil) - if respErr := server.GetError(errRespr, req); respErr != nil { - return nil, respErr - } - respContent := server.GetResponseContent(respr) - if !contains([]int{http.StatusOK}, respContent.HTTPStatus) { - return nil, &nonRetriableError{fmt.Errorf("unexpected status code %d. acceptable values are http.StatusOK", respContent.HTTPStatus)} - } - resp, err := server.MarshalResponseAsJSON(respContent, server.GetResponse(respr).EntityExpandResponse, req) - if err != nil { - return nil, err - } - return resp, nil -} - -func (e *EntitiesServerTransport) dispatchGet(req *http.Request) (*http.Response, error) { - if e.srv.Get == nil { - return nil, &nonRetriableError{errors.New("fake for method Get not implemented")} - } - const regexStr = `/subscriptions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/resourceGroups/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.OperationalInsights/workspaces/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.SecurityInsights/entities/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)` - regex := regexp.MustCompile(regexStr) - matches := regex.FindStringSubmatch(req.URL.EscapedPath()) - if matches == nil || len(matches) < 4 { - return nil, fmt.Errorf("failed to parse path %s", req.URL.Path) - } resourceGroupNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("resourceGroupName")]) if err != nil { return nil, err @@ -154,149 +89,25 @@ func (e *EntitiesServerTransport) dispatchGet(req *http.Request) (*http.Response if err != nil { return nil, err } - entityIDParam, err := url.PathUnescape(matches[regex.SubexpIndex("entityId")]) - if err != nil { - return nil, err - } - respr, errRespr := e.srv.Get(req.Context(), resourceGroupNameParam, workspaceNameParam, entityIDParam, nil) - if respErr := server.GetError(errRespr, req); respErr != nil { - return nil, respErr - } - respContent := server.GetResponseContent(respr) - if !contains([]int{http.StatusOK}, respContent.HTTPStatus) { - return nil, &nonRetriableError{fmt.Errorf("unexpected status code %d. acceptable values are http.StatusOK", respContent.HTTPStatus)} - } - resp, err := server.MarshalResponseAsJSON(respContent, server.GetResponse(respr).EntityClassification, req) + entityIdentifierParam, err := url.PathUnescape(matches[regex.SubexpIndex("entityIdentifier")]) if err != nil { return nil, err } - return resp, nil -} - -func (e *EntitiesServerTransport) dispatchGetInsights(req *http.Request) (*http.Response, error) { - if e.srv.GetInsights == nil { - return nil, &nonRetriableError{errors.New("fake for method GetInsights not implemented")} - } - const regexStr = `/subscriptions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/resourceGroups/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.OperationalInsights/workspaces/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.SecurityInsights/entities/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/getInsights` - regex := regexp.MustCompile(regexStr) - matches := regex.FindStringSubmatch(req.URL.EscapedPath()) - if matches == nil || len(matches) < 4 { - return nil, fmt.Errorf("failed to parse path %s", req.URL.Path) - } - body, err := server.UnmarshalRequestAsJSON[armsecurityinsights.EntityGetInsightsParameters](req) - if err != nil { - return nil, err - } - resourceGroupNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("resourceGroupName")]) - if err != nil { - return nil, err - } - workspaceNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("workspaceName")]) - if err != nil { - return nil, err - } - entityIDParam, err := url.PathUnescape(matches[regex.SubexpIndex("entityId")]) - if err != nil { - return nil, err - } - respr, errRespr := e.srv.GetInsights(req.Context(), resourceGroupNameParam, workspaceNameParam, entityIDParam, body, nil) - if respErr := server.GetError(errRespr, req); respErr != nil { - return nil, respErr - } - respContent := server.GetResponseContent(respr) - if !contains([]int{http.StatusOK}, respContent.HTTPStatus) { - return nil, &nonRetriableError{fmt.Errorf("unexpected status code %d. acceptable values are http.StatusOK", respContent.HTTPStatus)} - } - resp, err := server.MarshalResponseAsJSON(respContent, server.GetResponse(respr).EntityGetInsightsResponse, req) - if err != nil { - return nil, err - } - return resp, nil -} - -func (e *EntitiesServerTransport) dispatchNewListPager(req *http.Request) (*http.Response, error) { - if e.srv.NewListPager == nil { - return nil, &nonRetriableError{errors.New("fake for method NewListPager not implemented")} - } - newListPager := e.newListPager.get(req) - if newListPager == nil { - const regexStr = `/subscriptions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/resourceGroups/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.OperationalInsights/workspaces/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.SecurityInsights/entities` - regex := regexp.MustCompile(regexStr) - matches := regex.FindStringSubmatch(req.URL.EscapedPath()) - if matches == nil || len(matches) < 3 { - return nil, fmt.Errorf("failed to parse path %s", req.URL.Path) - } - resourceGroupNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("resourceGroupName")]) - if err != nil { - return nil, err - } - workspaceNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("workspaceName")]) - if err != nil { - return nil, err + var options *armsecurityinsights.EntitiesClientRunPlaybookOptions + if !reflect.ValueOf(body).IsZero() { + options = &armsecurityinsights.EntitiesClientRunPlaybookOptions{ + RequestBody: &body, } - resp := e.srv.NewListPager(resourceGroupNameParam, workspaceNameParam, nil) - newListPager = &resp - e.newListPager.add(req, newListPager) - server.PagerResponderInjectNextLinks(newListPager, req, func(page *armsecurityinsights.EntitiesClientListResponse, createLink func() string) { - page.NextLink = to.Ptr(createLink()) - }) - } - resp, err := server.PagerResponderNext(newListPager, req) - if err != nil { - return nil, err - } - if !contains([]int{http.StatusOK}, resp.StatusCode) { - e.newListPager.remove(req) - return nil, &nonRetriableError{fmt.Errorf("unexpected status code %d. acceptable values are http.StatusOK", resp.StatusCode)} - } - if !server.PagerResponderMore(newListPager) { - e.newListPager.remove(req) - } - return resp, nil -} - -func (e *EntitiesServerTransport) dispatchQueries(req *http.Request) (*http.Response, error) { - if e.srv.Queries == nil { - return nil, &nonRetriableError{errors.New("fake for method Queries not implemented")} - } - const regexStr = `/subscriptions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/resourceGroups/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.OperationalInsights/workspaces/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.SecurityInsights/entities/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/queries` - regex := regexp.MustCompile(regexStr) - matches := regex.FindStringSubmatch(req.URL.EscapedPath()) - if matches == nil || len(matches) < 4 { - return nil, fmt.Errorf("failed to parse path %s", req.URL.Path) - } - qp := req.URL.Query() - resourceGroupNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("resourceGroupName")]) - if err != nil { - return nil, err - } - workspaceNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("workspaceName")]) - if err != nil { - return nil, err - } - entityIDParam, err := url.PathUnescape(matches[regex.SubexpIndex("entityId")]) - if err != nil { - return nil, err - } - kindParam, err := parseWithCast(qp.Get("kind"), func(v string) (armsecurityinsights.EntityItemQueryKind, error) { - p, unescapeErr := url.QueryUnescape(v) - if unescapeErr != nil { - return "", unescapeErr - } - return armsecurityinsights.EntityItemQueryKind(p), nil - }) - if err != nil { - return nil, err } - respr, errRespr := e.srv.Queries(req.Context(), resourceGroupNameParam, workspaceNameParam, entityIDParam, kindParam, nil) + respr, errRespr := e.srv.RunPlaybook(req.Context(), resourceGroupNameParam, workspaceNameParam, entityIdentifierParam, options) if respErr := server.GetError(errRespr, req); respErr != nil { return nil, respErr } respContent := server.GetResponseContent(respr) - if !contains([]int{http.StatusOK}, respContent.HTTPStatus) { - return nil, &nonRetriableError{fmt.Errorf("unexpected status code %d. acceptable values are http.StatusOK", respContent.HTTPStatus)} + if !contains([]int{http.StatusNoContent}, respContent.HTTPStatus) { + return nil, &nonRetriableError{fmt.Errorf("unexpected status code %d. acceptable values are http.StatusNoContent", respContent.HTTPStatus)} } - resp, err := server.MarshalResponseAsJSON(respContent, server.GetResponse(respr).GetQueriesResponse, req) + resp, err := server.NewResponse(respContent, req, nil) if err != nil { return nil, err } diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/entitiesgettimeline_server.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/entitiesgettimeline_server.go deleted file mode 100644 index 8a1ebde044b4..000000000000 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/entitiesgettimeline_server.go +++ /dev/null @@ -1,108 +0,0 @@ -//go:build go1.18 -// +build go1.18 - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See License.txt in the project root for license information. -// Code generated by Microsoft (R) AutoRest Code Generator. DO NOT EDIT. -// Changes may cause incorrect behavior and will be lost if the code is regenerated. - -package fake - -import ( - "context" - "errors" - "fmt" - azfake "github.com/Azure/azure-sdk-for-go/sdk/azcore/fake" - "github.com/Azure/azure-sdk-for-go/sdk/azcore/fake/server" - "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" - "net/http" - "net/url" - "regexp" -) - -// EntitiesGetTimelineServer is a fake server for instances of the armsecurityinsights.EntitiesGetTimelineClient type. -type EntitiesGetTimelineServer struct { - // List is the fake for method EntitiesGetTimelineClient.List - // HTTP status codes to indicate success: http.StatusOK - List func(ctx context.Context, resourceGroupName string, workspaceName string, entityID string, parameters armsecurityinsights.EntityTimelineParameters, options *armsecurityinsights.EntitiesGetTimelineClientListOptions) (resp azfake.Responder[armsecurityinsights.EntitiesGetTimelineClientListResponse], errResp azfake.ErrorResponder) -} - -// NewEntitiesGetTimelineServerTransport creates a new instance of EntitiesGetTimelineServerTransport with the provided implementation. -// The returned EntitiesGetTimelineServerTransport instance is connected to an instance of armsecurityinsights.EntitiesGetTimelineClient via the -// azcore.ClientOptions.Transporter field in the client's constructor parameters. -func NewEntitiesGetTimelineServerTransport(srv *EntitiesGetTimelineServer) *EntitiesGetTimelineServerTransport { - return &EntitiesGetTimelineServerTransport{srv: srv} -} - -// EntitiesGetTimelineServerTransport connects instances of armsecurityinsights.EntitiesGetTimelineClient to instances of EntitiesGetTimelineServer. -// Don't use this type directly, use NewEntitiesGetTimelineServerTransport instead. -type EntitiesGetTimelineServerTransport struct { - srv *EntitiesGetTimelineServer -} - -// Do implements the policy.Transporter interface for EntitiesGetTimelineServerTransport. -func (e *EntitiesGetTimelineServerTransport) Do(req *http.Request) (*http.Response, error) { - rawMethod := req.Context().Value(runtime.CtxAPINameKey{}) - method, ok := rawMethod.(string) - if !ok { - return nil, nonRetriableError{errors.New("unable to dispatch request, missing value for CtxAPINameKey")} - } - - var resp *http.Response - var err error - - switch method { - case "EntitiesGetTimelineClient.List": - resp, err = e.dispatchList(req) - default: - err = fmt.Errorf("unhandled API %s", method) - } - - if err != nil { - return nil, err - } - - return resp, nil -} - -func (e *EntitiesGetTimelineServerTransport) dispatchList(req *http.Request) (*http.Response, error) { - if e.srv.List == nil { - return nil, &nonRetriableError{errors.New("fake for method List not implemented")} - } - const regexStr = `/subscriptions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/resourceGroups/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.OperationalInsights/workspaces/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.SecurityInsights/entities/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/getTimeline` - regex := regexp.MustCompile(regexStr) - matches := regex.FindStringSubmatch(req.URL.EscapedPath()) - if matches == nil || len(matches) < 4 { - return nil, fmt.Errorf("failed to parse path %s", req.URL.Path) - } - body, err := server.UnmarshalRequestAsJSON[armsecurityinsights.EntityTimelineParameters](req) - if err != nil { - return nil, err - } - resourceGroupNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("resourceGroupName")]) - if err != nil { - return nil, err - } - workspaceNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("workspaceName")]) - if err != nil { - return nil, err - } - entityIDParam, err := url.PathUnescape(matches[regex.SubexpIndex("entityId")]) - if err != nil { - return nil, err - } - respr, errRespr := e.srv.List(req.Context(), resourceGroupNameParam, workspaceNameParam, entityIDParam, body, nil) - if respErr := server.GetError(errRespr, req); respErr != nil { - return nil, respErr - } - respContent := server.GetResponseContent(respr) - if !contains([]int{http.StatusOK}, respContent.HTTPStatus) { - return nil, &nonRetriableError{fmt.Errorf("unexpected status code %d. acceptable values are http.StatusOK", respContent.HTTPStatus)} - } - resp, err := server.MarshalResponseAsJSON(respContent, server.GetResponse(respr).EntityTimelineResponse, req) - if err != nil { - return nil, err - } - return resp, nil -} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/entityquerytemplates_server.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/entityquerytemplates_server.go deleted file mode 100644 index ec5c4c5da8fd..000000000000 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/entityquerytemplates_server.go +++ /dev/null @@ -1,168 +0,0 @@ -//go:build go1.18 -// +build go1.18 - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See License.txt in the project root for license information. -// Code generated by Microsoft (R) AutoRest Code Generator. DO NOT EDIT. -// Changes may cause incorrect behavior and will be lost if the code is regenerated. - -package fake - -import ( - "context" - "errors" - "fmt" - azfake "github.com/Azure/azure-sdk-for-go/sdk/azcore/fake" - "github.com/Azure/azure-sdk-for-go/sdk/azcore/fake/server" - "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime" - "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" - "net/http" - "net/url" - "regexp" -) - -// EntityQueryTemplatesServer is a fake server for instances of the armsecurityinsights.EntityQueryTemplatesClient type. -type EntityQueryTemplatesServer struct { - // Get is the fake for method EntityQueryTemplatesClient.Get - // HTTP status codes to indicate success: http.StatusOK - Get func(ctx context.Context, resourceGroupName string, workspaceName string, entityQueryTemplateID string, options *armsecurityinsights.EntityQueryTemplatesClientGetOptions) (resp azfake.Responder[armsecurityinsights.EntityQueryTemplatesClientGetResponse], errResp azfake.ErrorResponder) - - // NewListPager is the fake for method EntityQueryTemplatesClient.NewListPager - // HTTP status codes to indicate success: http.StatusOK - NewListPager func(resourceGroupName string, workspaceName string, options *armsecurityinsights.EntityQueryTemplatesClientListOptions) (resp azfake.PagerResponder[armsecurityinsights.EntityQueryTemplatesClientListResponse]) -} - -// NewEntityQueryTemplatesServerTransport creates a new instance of EntityQueryTemplatesServerTransport with the provided implementation. -// The returned EntityQueryTemplatesServerTransport instance is connected to an instance of armsecurityinsights.EntityQueryTemplatesClient via the -// azcore.ClientOptions.Transporter field in the client's constructor parameters. -func NewEntityQueryTemplatesServerTransport(srv *EntityQueryTemplatesServer) *EntityQueryTemplatesServerTransport { - return &EntityQueryTemplatesServerTransport{ - srv: srv, - newListPager: newTracker[azfake.PagerResponder[armsecurityinsights.EntityQueryTemplatesClientListResponse]](), - } -} - -// EntityQueryTemplatesServerTransport connects instances of armsecurityinsights.EntityQueryTemplatesClient to instances of EntityQueryTemplatesServer. -// Don't use this type directly, use NewEntityQueryTemplatesServerTransport instead. -type EntityQueryTemplatesServerTransport struct { - srv *EntityQueryTemplatesServer - newListPager *tracker[azfake.PagerResponder[armsecurityinsights.EntityQueryTemplatesClientListResponse]] -} - -// Do implements the policy.Transporter interface for EntityQueryTemplatesServerTransport. -func (e *EntityQueryTemplatesServerTransport) Do(req *http.Request) (*http.Response, error) { - rawMethod := req.Context().Value(runtime.CtxAPINameKey{}) - method, ok := rawMethod.(string) - if !ok { - return nil, nonRetriableError{errors.New("unable to dispatch request, missing value for CtxAPINameKey")} - } - - var resp *http.Response - var err error - - switch method { - case "EntityQueryTemplatesClient.Get": - resp, err = e.dispatchGet(req) - case "EntityQueryTemplatesClient.NewListPager": - resp, err = e.dispatchNewListPager(req) - default: - err = fmt.Errorf("unhandled API %s", method) - } - - if err != nil { - return nil, err - } - - return resp, nil -} - -func (e *EntityQueryTemplatesServerTransport) dispatchGet(req *http.Request) (*http.Response, error) { - if e.srv.Get == nil { - return nil, &nonRetriableError{errors.New("fake for method Get not implemented")} - } - const regexStr = `/subscriptions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/resourceGroups/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.OperationalInsights/workspaces/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.SecurityInsights/entityQueryTemplates/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)` - regex := regexp.MustCompile(regexStr) - matches := regex.FindStringSubmatch(req.URL.EscapedPath()) - if matches == nil || len(matches) < 4 { - return nil, fmt.Errorf("failed to parse path %s", req.URL.Path) - } - resourceGroupNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("resourceGroupName")]) - if err != nil { - return nil, err - } - workspaceNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("workspaceName")]) - if err != nil { - return nil, err - } - entityQueryTemplateIDParam, err := url.PathUnescape(matches[regex.SubexpIndex("entityQueryTemplateId")]) - if err != nil { - return nil, err - } - respr, errRespr := e.srv.Get(req.Context(), resourceGroupNameParam, workspaceNameParam, entityQueryTemplateIDParam, nil) - if respErr := server.GetError(errRespr, req); respErr != nil { - return nil, respErr - } - respContent := server.GetResponseContent(respr) - if !contains([]int{http.StatusOK}, respContent.HTTPStatus) { - return nil, &nonRetriableError{fmt.Errorf("unexpected status code %d. acceptable values are http.StatusOK", respContent.HTTPStatus)} - } - resp, err := server.MarshalResponseAsJSON(respContent, server.GetResponse(respr).EntityQueryTemplateClassification, req) - if err != nil { - return nil, err - } - return resp, nil -} - -func (e *EntityQueryTemplatesServerTransport) dispatchNewListPager(req *http.Request) (*http.Response, error) { - if e.srv.NewListPager == nil { - return nil, &nonRetriableError{errors.New("fake for method NewListPager not implemented")} - } - newListPager := e.newListPager.get(req) - if newListPager == nil { - const regexStr = `/subscriptions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/resourceGroups/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.OperationalInsights/workspaces/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.SecurityInsights/entityQueryTemplates` - regex := regexp.MustCompile(regexStr) - matches := regex.FindStringSubmatch(req.URL.EscapedPath()) - if matches == nil || len(matches) < 3 { - return nil, fmt.Errorf("failed to parse path %s", req.URL.Path) - } - qp := req.URL.Query() - kindUnescaped, err := url.QueryUnescape(qp.Get("kind")) - if err != nil { - return nil, err - } - kindParam := getOptional(armsecurityinsights.Enum15(kindUnescaped)) - resourceGroupNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("resourceGroupName")]) - if err != nil { - return nil, err - } - workspaceNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("workspaceName")]) - if err != nil { - return nil, err - } - var options *armsecurityinsights.EntityQueryTemplatesClientListOptions - if kindParam != nil { - options = &armsecurityinsights.EntityQueryTemplatesClientListOptions{ - Kind: kindParam, - } - } - resp := e.srv.NewListPager(resourceGroupNameParam, workspaceNameParam, options) - newListPager = &resp - e.newListPager.add(req, newListPager) - server.PagerResponderInjectNextLinks(newListPager, req, func(page *armsecurityinsights.EntityQueryTemplatesClientListResponse, createLink func() string) { - page.NextLink = to.Ptr(createLink()) - }) - } - resp, err := server.PagerResponderNext(newListPager, req) - if err != nil { - return nil, err - } - if !contains([]int{http.StatusOK}, resp.StatusCode) { - e.newListPager.remove(req) - return nil, &nonRetriableError{fmt.Errorf("unexpected status code %d. acceptable values are http.StatusOK", resp.StatusCode)} - } - if !server.PagerResponderMore(newListPager) { - e.newListPager.remove(req) - } - return resp, nil -} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/fileimports_server.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/fileimports_server.go deleted file mode 100644 index e60d2229974d..000000000000 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/fileimports_server.go +++ /dev/null @@ -1,299 +0,0 @@ -//go:build go1.18 -// +build go1.18 - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See License.txt in the project root for license information. -// Code generated by Microsoft (R) AutoRest Code Generator. DO NOT EDIT. -// Changes may cause incorrect behavior and will be lost if the code is regenerated. - -package fake - -import ( - "context" - "errors" - "fmt" - azfake "github.com/Azure/azure-sdk-for-go/sdk/azcore/fake" - "github.com/Azure/azure-sdk-for-go/sdk/azcore/fake/server" - "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime" - "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" - "net/http" - "net/url" - "regexp" - "strconv" -) - -// FileImportsServer is a fake server for instances of the armsecurityinsights.FileImportsClient type. -type FileImportsServer struct { - // Create is the fake for method FileImportsClient.Create - // HTTP status codes to indicate success: http.StatusCreated - Create func(ctx context.Context, resourceGroupName string, workspaceName string, fileImportID string, fileImport armsecurityinsights.FileImport, options *armsecurityinsights.FileImportsClientCreateOptions) (resp azfake.Responder[armsecurityinsights.FileImportsClientCreateResponse], errResp azfake.ErrorResponder) - - // BeginDelete is the fake for method FileImportsClient.BeginDelete - // HTTP status codes to indicate success: http.StatusAccepted, http.StatusNoContent - BeginDelete func(ctx context.Context, resourceGroupName string, workspaceName string, fileImportID string, options *armsecurityinsights.FileImportsClientBeginDeleteOptions) (resp azfake.PollerResponder[armsecurityinsights.FileImportsClientDeleteResponse], errResp azfake.ErrorResponder) - - // Get is the fake for method FileImportsClient.Get - // HTTP status codes to indicate success: http.StatusOK - Get func(ctx context.Context, resourceGroupName string, workspaceName string, fileImportID string, options *armsecurityinsights.FileImportsClientGetOptions) (resp azfake.Responder[armsecurityinsights.FileImportsClientGetResponse], errResp azfake.ErrorResponder) - - // NewListPager is the fake for method FileImportsClient.NewListPager - // HTTP status codes to indicate success: http.StatusOK - NewListPager func(resourceGroupName string, workspaceName string, options *armsecurityinsights.FileImportsClientListOptions) (resp azfake.PagerResponder[armsecurityinsights.FileImportsClientListResponse]) -} - -// NewFileImportsServerTransport creates a new instance of FileImportsServerTransport with the provided implementation. -// The returned FileImportsServerTransport instance is connected to an instance of armsecurityinsights.FileImportsClient via the -// azcore.ClientOptions.Transporter field in the client's constructor parameters. -func NewFileImportsServerTransport(srv *FileImportsServer) *FileImportsServerTransport { - return &FileImportsServerTransport{ - srv: srv, - beginDelete: newTracker[azfake.PollerResponder[armsecurityinsights.FileImportsClientDeleteResponse]](), - newListPager: newTracker[azfake.PagerResponder[armsecurityinsights.FileImportsClientListResponse]](), - } -} - -// FileImportsServerTransport connects instances of armsecurityinsights.FileImportsClient to instances of FileImportsServer. -// Don't use this type directly, use NewFileImportsServerTransport instead. -type FileImportsServerTransport struct { - srv *FileImportsServer - beginDelete *tracker[azfake.PollerResponder[armsecurityinsights.FileImportsClientDeleteResponse]] - newListPager *tracker[azfake.PagerResponder[armsecurityinsights.FileImportsClientListResponse]] -} - -// Do implements the policy.Transporter interface for FileImportsServerTransport. -func (f *FileImportsServerTransport) Do(req *http.Request) (*http.Response, error) { - rawMethod := req.Context().Value(runtime.CtxAPINameKey{}) - method, ok := rawMethod.(string) - if !ok { - return nil, nonRetriableError{errors.New("unable to dispatch request, missing value for CtxAPINameKey")} - } - - var resp *http.Response - var err error - - switch method { - case "FileImportsClient.Create": - resp, err = f.dispatchCreate(req) - case "FileImportsClient.BeginDelete": - resp, err = f.dispatchBeginDelete(req) - case "FileImportsClient.Get": - resp, err = f.dispatchGet(req) - case "FileImportsClient.NewListPager": - resp, err = f.dispatchNewListPager(req) - default: - err = fmt.Errorf("unhandled API %s", method) - } - - if err != nil { - return nil, err - } - - return resp, nil -} - -func (f *FileImportsServerTransport) dispatchCreate(req *http.Request) (*http.Response, error) { - if f.srv.Create == nil { - return nil, &nonRetriableError{errors.New("fake for method Create not implemented")} - } - const regexStr = `/subscriptions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/resourceGroups/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.OperationalInsights/workspaces/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.SecurityInsights/fileImports/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)` - regex := regexp.MustCompile(regexStr) - matches := regex.FindStringSubmatch(req.URL.EscapedPath()) - if matches == nil || len(matches) < 4 { - return nil, fmt.Errorf("failed to parse path %s", req.URL.Path) - } - body, err := server.UnmarshalRequestAsJSON[armsecurityinsights.FileImport](req) - if err != nil { - return nil, err - } - resourceGroupNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("resourceGroupName")]) - if err != nil { - return nil, err - } - workspaceNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("workspaceName")]) - if err != nil { - return nil, err - } - fileImportIDParam, err := url.PathUnescape(matches[regex.SubexpIndex("fileImportId")]) - if err != nil { - return nil, err - } - respr, errRespr := f.srv.Create(req.Context(), resourceGroupNameParam, workspaceNameParam, fileImportIDParam, body, nil) - if respErr := server.GetError(errRespr, req); respErr != nil { - return nil, respErr - } - respContent := server.GetResponseContent(respr) - if !contains([]int{http.StatusCreated}, respContent.HTTPStatus) { - return nil, &nonRetriableError{fmt.Errorf("unexpected status code %d. acceptable values are http.StatusCreated", respContent.HTTPStatus)} - } - resp, err := server.MarshalResponseAsJSON(respContent, server.GetResponse(respr).FileImport, req) - if err != nil { - return nil, err - } - return resp, nil -} - -func (f *FileImportsServerTransport) dispatchBeginDelete(req *http.Request) (*http.Response, error) { - if f.srv.BeginDelete == nil { - return nil, &nonRetriableError{errors.New("fake for method BeginDelete not implemented")} - } - beginDelete := f.beginDelete.get(req) - if beginDelete == nil { - const regexStr = `/subscriptions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/resourceGroups/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.OperationalInsights/workspaces/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.SecurityInsights/fileImports/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)` - regex := regexp.MustCompile(regexStr) - matches := regex.FindStringSubmatch(req.URL.EscapedPath()) - if matches == nil || len(matches) < 4 { - return nil, fmt.Errorf("failed to parse path %s", req.URL.Path) - } - resourceGroupNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("resourceGroupName")]) - if err != nil { - return nil, err - } - workspaceNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("workspaceName")]) - if err != nil { - return nil, err - } - fileImportIDParam, err := url.PathUnescape(matches[regex.SubexpIndex("fileImportId")]) - if err != nil { - return nil, err - } - respr, errRespr := f.srv.BeginDelete(req.Context(), resourceGroupNameParam, workspaceNameParam, fileImportIDParam, nil) - if respErr := server.GetError(errRespr, req); respErr != nil { - return nil, respErr - } - beginDelete = &respr - f.beginDelete.add(req, beginDelete) - } - - resp, err := server.PollerResponderNext(beginDelete, req) - if err != nil { - return nil, err - } - - if !contains([]int{http.StatusAccepted, http.StatusNoContent}, resp.StatusCode) { - f.beginDelete.remove(req) - return nil, &nonRetriableError{fmt.Errorf("unexpected status code %d. acceptable values are http.StatusAccepted, http.StatusNoContent", resp.StatusCode)} - } - if !server.PollerResponderMore(beginDelete) { - f.beginDelete.remove(req) - } - - return resp, nil -} - -func (f *FileImportsServerTransport) dispatchGet(req *http.Request) (*http.Response, error) { - if f.srv.Get == nil { - return nil, &nonRetriableError{errors.New("fake for method Get not implemented")} - } - const regexStr = `/subscriptions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/resourceGroups/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.OperationalInsights/workspaces/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.SecurityInsights/fileImports/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)` - regex := regexp.MustCompile(regexStr) - matches := regex.FindStringSubmatch(req.URL.EscapedPath()) - if matches == nil || len(matches) < 4 { - return nil, fmt.Errorf("failed to parse path %s", req.URL.Path) - } - resourceGroupNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("resourceGroupName")]) - if err != nil { - return nil, err - } - workspaceNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("workspaceName")]) - if err != nil { - return nil, err - } - fileImportIDParam, err := url.PathUnescape(matches[regex.SubexpIndex("fileImportId")]) - if err != nil { - return nil, err - } - respr, errRespr := f.srv.Get(req.Context(), resourceGroupNameParam, workspaceNameParam, fileImportIDParam, nil) - if respErr := server.GetError(errRespr, req); respErr != nil { - return nil, respErr - } - respContent := server.GetResponseContent(respr) - if !contains([]int{http.StatusOK}, respContent.HTTPStatus) { - return nil, &nonRetriableError{fmt.Errorf("unexpected status code %d. acceptable values are http.StatusOK", respContent.HTTPStatus)} - } - resp, err := server.MarshalResponseAsJSON(respContent, server.GetResponse(respr).FileImport, req) - if err != nil { - return nil, err - } - return resp, nil -} - -func (f *FileImportsServerTransport) dispatchNewListPager(req *http.Request) (*http.Response, error) { - if f.srv.NewListPager == nil { - return nil, &nonRetriableError{errors.New("fake for method NewListPager not implemented")} - } - newListPager := f.newListPager.get(req) - if newListPager == nil { - const regexStr = `/subscriptions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/resourceGroups/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.OperationalInsights/workspaces/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.SecurityInsights/fileImports` - regex := regexp.MustCompile(regexStr) - matches := regex.FindStringSubmatch(req.URL.EscapedPath()) - if matches == nil || len(matches) < 3 { - return nil, fmt.Errorf("failed to parse path %s", req.URL.Path) - } - qp := req.URL.Query() - resourceGroupNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("resourceGroupName")]) - if err != nil { - return nil, err - } - workspaceNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("workspaceName")]) - if err != nil { - return nil, err - } - filterUnescaped, err := url.QueryUnescape(qp.Get("$filter")) - if err != nil { - return nil, err - } - filterParam := getOptional(filterUnescaped) - orderbyUnescaped, err := url.QueryUnescape(qp.Get("$orderby")) - if err != nil { - return nil, err - } - orderbyParam := getOptional(orderbyUnescaped) - topUnescaped, err := url.QueryUnescape(qp.Get("$top")) - if err != nil { - return nil, err - } - topParam, err := parseOptional(topUnescaped, func(v string) (int32, error) { - p, parseErr := strconv.ParseInt(v, 10, 32) - if parseErr != nil { - return 0, parseErr - } - return int32(p), nil - }) - if err != nil { - return nil, err - } - skipTokenUnescaped, err := url.QueryUnescape(qp.Get("$skipToken")) - if err != nil { - return nil, err - } - skipTokenParam := getOptional(skipTokenUnescaped) - var options *armsecurityinsights.FileImportsClientListOptions - if filterParam != nil || orderbyParam != nil || topParam != nil || skipTokenParam != nil { - options = &armsecurityinsights.FileImportsClientListOptions{ - Filter: filterParam, - Orderby: orderbyParam, - Top: topParam, - SkipToken: skipTokenParam, - } - } - resp := f.srv.NewListPager(resourceGroupNameParam, workspaceNameParam, options) - newListPager = &resp - f.newListPager.add(req, newListPager) - server.PagerResponderInjectNextLinks(newListPager, req, func(page *armsecurityinsights.FileImportsClientListResponse, createLink func() string) { - page.NextLink = to.Ptr(createLink()) - }) - } - resp, err := server.PagerResponderNext(newListPager, req) - if err != nil { - return nil, err - } - if !contains([]int{http.StatusOK}, resp.StatusCode) { - f.newListPager.remove(req) - return nil, &nonRetriableError{fmt.Errorf("unexpected status code %d. acceptable values are http.StatusOK", resp.StatusCode)} - } - if !server.PagerResponderMore(newListPager) { - f.newListPager.remove(req) - } - return resp, nil -} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/incidents_server.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/incidents_server.go index 56fa35ef8417..899c57233541 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/incidents_server.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/incidents_server.go @@ -30,10 +30,6 @@ type IncidentsServer struct { // HTTP status codes to indicate success: http.StatusOK, http.StatusCreated CreateOrUpdate func(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, incident armsecurityinsights.Incident, options *armsecurityinsights.IncidentsClientCreateOrUpdateOptions) (resp azfake.Responder[armsecurityinsights.IncidentsClientCreateOrUpdateResponse], errResp azfake.ErrorResponder) - // CreateTeam is the fake for method IncidentsClient.CreateTeam - // HTTP status codes to indicate success: http.StatusOK - CreateTeam func(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, teamProperties armsecurityinsights.TeamProperties, options *armsecurityinsights.IncidentsClientCreateTeamOptions) (resp azfake.Responder[armsecurityinsights.IncidentsClientCreateTeamResponse], errResp azfake.ErrorResponder) - // Delete is the fake for method IncidentsClient.Delete // HTTP status codes to indicate success: http.StatusOK, http.StatusNoContent Delete func(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, options *armsecurityinsights.IncidentsClientDeleteOptions) (resp azfake.Responder[armsecurityinsights.IncidentsClientDeleteResponse], errResp azfake.ErrorResponder) @@ -94,8 +90,6 @@ func (i *IncidentsServerTransport) Do(req *http.Request) (*http.Response, error) switch method { case "IncidentsClient.CreateOrUpdate": resp, err = i.dispatchCreateOrUpdate(req) - case "IncidentsClient.CreateTeam": - resp, err = i.dispatchCreateTeam(req) case "IncidentsClient.Delete": resp, err = i.dispatchDelete(req) case "IncidentsClient.Get": @@ -162,47 +156,6 @@ func (i *IncidentsServerTransport) dispatchCreateOrUpdate(req *http.Request) (*h return resp, nil } -func (i *IncidentsServerTransport) dispatchCreateTeam(req *http.Request) (*http.Response, error) { - if i.srv.CreateTeam == nil { - return nil, &nonRetriableError{errors.New("fake for method CreateTeam not implemented")} - } - const regexStr = `/subscriptions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/resourceGroups/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.OperationalInsights/workspaces/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.SecurityInsights/incidents/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/createTeam` - regex := regexp.MustCompile(regexStr) - matches := regex.FindStringSubmatch(req.URL.EscapedPath()) - if matches == nil || len(matches) < 4 { - return nil, fmt.Errorf("failed to parse path %s", req.URL.Path) - } - body, err := server.UnmarshalRequestAsJSON[armsecurityinsights.TeamProperties](req) - if err != nil { - return nil, err - } - resourceGroupNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("resourceGroupName")]) - if err != nil { - return nil, err - } - workspaceNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("workspaceName")]) - if err != nil { - return nil, err - } - incidentIDParam, err := url.PathUnescape(matches[regex.SubexpIndex("incidentId")]) - if err != nil { - return nil, err - } - respr, errRespr := i.srv.CreateTeam(req.Context(), resourceGroupNameParam, workspaceNameParam, incidentIDParam, body, nil) - if respErr := server.GetError(errRespr, req); respErr != nil { - return nil, respErr - } - respContent := server.GetResponseContent(respr) - if !contains([]int{http.StatusOK}, respContent.HTTPStatus) { - return nil, &nonRetriableError{fmt.Errorf("unexpected status code %d. acceptable values are http.StatusOK", respContent.HTTPStatus)} - } - resp, err := server.MarshalResponseAsJSON(respContent, server.GetResponse(respr).TeamInformation, req) - if err != nil { - return nil, err - } - return resp, nil -} - func (i *IncidentsServerTransport) dispatchDelete(req *http.Request) (*http.Response, error) { if i.srv.Delete == nil { return nil, &nonRetriableError{errors.New("fake for method Delete not implemented")} @@ -508,7 +461,7 @@ func (i *IncidentsServerTransport) dispatchRunPlaybook(req *http.Request) (*http if !contains([]int{http.StatusNoContent}, respContent.HTTPStatus) { return nil, &nonRetriableError{fmt.Errorf("unexpected status code %d. acceptable values are http.StatusNoContent", respContent.HTTPStatus)} } - resp, err := server.MarshalResponseAsJSON(respContent, server.GetResponse(respr).Interface, req) + resp, err := server.NewResponse(respContent, req, nil) if err != nil { return nil, err } diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/entityqueries_server.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/incidenttasks_server.go similarity index 59% rename from sdk/resourcemanager/securityinsights/armsecurityinsights/fake/entityqueries_server.go rename to sdk/resourcemanager/securityinsights/armsecurityinsights/fake/incidenttasks_server.go index 54a361bc9e98..470daf6c9eac 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/entityqueries_server.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/incidenttasks_server.go @@ -22,44 +22,44 @@ import ( "regexp" ) -// EntityQueriesServer is a fake server for instances of the armsecurityinsights.EntityQueriesClient type. -type EntityQueriesServer struct { - // CreateOrUpdate is the fake for method EntityQueriesClient.CreateOrUpdate +// IncidentTasksServer is a fake server for instances of the armsecurityinsights.IncidentTasksClient type. +type IncidentTasksServer struct { + // CreateOrUpdate is the fake for method IncidentTasksClient.CreateOrUpdate // HTTP status codes to indicate success: http.StatusOK, http.StatusCreated - CreateOrUpdate func(ctx context.Context, resourceGroupName string, workspaceName string, entityQueryID string, entityQuery armsecurityinsights.CustomEntityQueryClassification, options *armsecurityinsights.EntityQueriesClientCreateOrUpdateOptions) (resp azfake.Responder[armsecurityinsights.EntityQueriesClientCreateOrUpdateResponse], errResp azfake.ErrorResponder) + CreateOrUpdate func(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, incidentTaskID string, incidentTask armsecurityinsights.IncidentTask, options *armsecurityinsights.IncidentTasksClientCreateOrUpdateOptions) (resp azfake.Responder[armsecurityinsights.IncidentTasksClientCreateOrUpdateResponse], errResp azfake.ErrorResponder) - // Delete is the fake for method EntityQueriesClient.Delete + // Delete is the fake for method IncidentTasksClient.Delete // HTTP status codes to indicate success: http.StatusOK, http.StatusNoContent - Delete func(ctx context.Context, resourceGroupName string, workspaceName string, entityQueryID string, options *armsecurityinsights.EntityQueriesClientDeleteOptions) (resp azfake.Responder[armsecurityinsights.EntityQueriesClientDeleteResponse], errResp azfake.ErrorResponder) + Delete func(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, incidentTaskID string, options *armsecurityinsights.IncidentTasksClientDeleteOptions) (resp azfake.Responder[armsecurityinsights.IncidentTasksClientDeleteResponse], errResp azfake.ErrorResponder) - // Get is the fake for method EntityQueriesClient.Get + // Get is the fake for method IncidentTasksClient.Get // HTTP status codes to indicate success: http.StatusOK - Get func(ctx context.Context, resourceGroupName string, workspaceName string, entityQueryID string, options *armsecurityinsights.EntityQueriesClientGetOptions) (resp azfake.Responder[armsecurityinsights.EntityQueriesClientGetResponse], errResp azfake.ErrorResponder) + Get func(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, incidentTaskID string, options *armsecurityinsights.IncidentTasksClientGetOptions) (resp azfake.Responder[armsecurityinsights.IncidentTasksClientGetResponse], errResp azfake.ErrorResponder) - // NewListPager is the fake for method EntityQueriesClient.NewListPager + // NewListPager is the fake for method IncidentTasksClient.NewListPager // HTTP status codes to indicate success: http.StatusOK - NewListPager func(resourceGroupName string, workspaceName string, options *armsecurityinsights.EntityQueriesClientListOptions) (resp azfake.PagerResponder[armsecurityinsights.EntityQueriesClientListResponse]) + NewListPager func(resourceGroupName string, workspaceName string, incidentID string, options *armsecurityinsights.IncidentTasksClientListOptions) (resp azfake.PagerResponder[armsecurityinsights.IncidentTasksClientListResponse]) } -// NewEntityQueriesServerTransport creates a new instance of EntityQueriesServerTransport with the provided implementation. -// The returned EntityQueriesServerTransport instance is connected to an instance of armsecurityinsights.EntityQueriesClient via the +// NewIncidentTasksServerTransport creates a new instance of IncidentTasksServerTransport with the provided implementation. +// The returned IncidentTasksServerTransport instance is connected to an instance of armsecurityinsights.IncidentTasksClient via the // azcore.ClientOptions.Transporter field in the client's constructor parameters. -func NewEntityQueriesServerTransport(srv *EntityQueriesServer) *EntityQueriesServerTransport { - return &EntityQueriesServerTransport{ +func NewIncidentTasksServerTransport(srv *IncidentTasksServer) *IncidentTasksServerTransport { + return &IncidentTasksServerTransport{ srv: srv, - newListPager: newTracker[azfake.PagerResponder[armsecurityinsights.EntityQueriesClientListResponse]](), + newListPager: newTracker[azfake.PagerResponder[armsecurityinsights.IncidentTasksClientListResponse]](), } } -// EntityQueriesServerTransport connects instances of armsecurityinsights.EntityQueriesClient to instances of EntityQueriesServer. -// Don't use this type directly, use NewEntityQueriesServerTransport instead. -type EntityQueriesServerTransport struct { - srv *EntityQueriesServer - newListPager *tracker[azfake.PagerResponder[armsecurityinsights.EntityQueriesClientListResponse]] +// IncidentTasksServerTransport connects instances of armsecurityinsights.IncidentTasksClient to instances of IncidentTasksServer. +// Don't use this type directly, use NewIncidentTasksServerTransport instead. +type IncidentTasksServerTransport struct { + srv *IncidentTasksServer + newListPager *tracker[azfake.PagerResponder[armsecurityinsights.IncidentTasksClientListResponse]] } -// Do implements the policy.Transporter interface for EntityQueriesServerTransport. -func (e *EntityQueriesServerTransport) Do(req *http.Request) (*http.Response, error) { +// Do implements the policy.Transporter interface for IncidentTasksServerTransport. +func (i *IncidentTasksServerTransport) Do(req *http.Request) (*http.Response, error) { rawMethod := req.Context().Value(runtime.CtxAPINameKey{}) method, ok := rawMethod.(string) if !ok { @@ -70,14 +70,14 @@ func (e *EntityQueriesServerTransport) Do(req *http.Request) (*http.Response, er var err error switch method { - case "EntityQueriesClient.CreateOrUpdate": - resp, err = e.dispatchCreateOrUpdate(req) - case "EntityQueriesClient.Delete": - resp, err = e.dispatchDelete(req) - case "EntityQueriesClient.Get": - resp, err = e.dispatchGet(req) - case "EntityQueriesClient.NewListPager": - resp, err = e.dispatchNewListPager(req) + case "IncidentTasksClient.CreateOrUpdate": + resp, err = i.dispatchCreateOrUpdate(req) + case "IncidentTasksClient.Delete": + resp, err = i.dispatchDelete(req) + case "IncidentTasksClient.Get": + resp, err = i.dispatchGet(req) + case "IncidentTasksClient.NewListPager": + resp, err = i.dispatchNewListPager(req) default: err = fmt.Errorf("unhandled API %s", method) } @@ -89,37 +89,37 @@ func (e *EntityQueriesServerTransport) Do(req *http.Request) (*http.Response, er return resp, nil } -func (e *EntityQueriesServerTransport) dispatchCreateOrUpdate(req *http.Request) (*http.Response, error) { - if e.srv.CreateOrUpdate == nil { +func (i *IncidentTasksServerTransport) dispatchCreateOrUpdate(req *http.Request) (*http.Response, error) { + if i.srv.CreateOrUpdate == nil { return nil, &nonRetriableError{errors.New("fake for method CreateOrUpdate not implemented")} } - const regexStr = `/subscriptions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/resourceGroups/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.OperationalInsights/workspaces/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.SecurityInsights/entityQueries/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)` + const regexStr = `/subscriptions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/resourceGroups/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.OperationalInsights/workspaces/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.SecurityInsights/incidents/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/tasks/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)` regex := regexp.MustCompile(regexStr) matches := regex.FindStringSubmatch(req.URL.EscapedPath()) - if matches == nil || len(matches) < 4 { + if matches == nil || len(matches) < 5 { return nil, fmt.Errorf("failed to parse path %s", req.URL.Path) } - raw, err := readRequestBody(req) + body, err := server.UnmarshalRequestAsJSON[armsecurityinsights.IncidentTask](req) if err != nil { return nil, err } - body, err := unmarshalCustomEntityQueryClassification(raw) + resourceGroupNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("resourceGroupName")]) if err != nil { return nil, err } - resourceGroupNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("resourceGroupName")]) + workspaceNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("workspaceName")]) if err != nil { return nil, err } - workspaceNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("workspaceName")]) + incidentIDParam, err := url.PathUnescape(matches[regex.SubexpIndex("incidentId")]) if err != nil { return nil, err } - entityQueryIDParam, err := url.PathUnescape(matches[regex.SubexpIndex("entityQueryId")]) + incidentTaskIDParam, err := url.PathUnescape(matches[regex.SubexpIndex("incidentTaskId")]) if err != nil { return nil, err } - respr, errRespr := e.srv.CreateOrUpdate(req.Context(), resourceGroupNameParam, workspaceNameParam, entityQueryIDParam, body, nil) + respr, errRespr := i.srv.CreateOrUpdate(req.Context(), resourceGroupNameParam, workspaceNameParam, incidentIDParam, incidentTaskIDParam, body, nil) if respErr := server.GetError(errRespr, req); respErr != nil { return nil, respErr } @@ -127,21 +127,21 @@ func (e *EntityQueriesServerTransport) dispatchCreateOrUpdate(req *http.Request) if !contains([]int{http.StatusOK, http.StatusCreated}, respContent.HTTPStatus) { return nil, &nonRetriableError{fmt.Errorf("unexpected status code %d. acceptable values are http.StatusOK, http.StatusCreated", respContent.HTTPStatus)} } - resp, err := server.MarshalResponseAsJSON(respContent, server.GetResponse(respr).EntityQueryClassification, req) + resp, err := server.MarshalResponseAsJSON(respContent, server.GetResponse(respr).IncidentTask, req) if err != nil { return nil, err } return resp, nil } -func (e *EntityQueriesServerTransport) dispatchDelete(req *http.Request) (*http.Response, error) { - if e.srv.Delete == nil { +func (i *IncidentTasksServerTransport) dispatchDelete(req *http.Request) (*http.Response, error) { + if i.srv.Delete == nil { return nil, &nonRetriableError{errors.New("fake for method Delete not implemented")} } - const regexStr = `/subscriptions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/resourceGroups/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.OperationalInsights/workspaces/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.SecurityInsights/entityQueries/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)` + const regexStr = `/subscriptions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/resourceGroups/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.OperationalInsights/workspaces/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.SecurityInsights/incidents/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/tasks/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)` regex := regexp.MustCompile(regexStr) matches := regex.FindStringSubmatch(req.URL.EscapedPath()) - if matches == nil || len(matches) < 4 { + if matches == nil || len(matches) < 5 { return nil, fmt.Errorf("failed to parse path %s", req.URL.Path) } resourceGroupNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("resourceGroupName")]) @@ -152,11 +152,15 @@ func (e *EntityQueriesServerTransport) dispatchDelete(req *http.Request) (*http. if err != nil { return nil, err } - entityQueryIDParam, err := url.PathUnescape(matches[regex.SubexpIndex("entityQueryId")]) + incidentIDParam, err := url.PathUnescape(matches[regex.SubexpIndex("incidentId")]) if err != nil { return nil, err } - respr, errRespr := e.srv.Delete(req.Context(), resourceGroupNameParam, workspaceNameParam, entityQueryIDParam, nil) + incidentTaskIDParam, err := url.PathUnescape(matches[regex.SubexpIndex("incidentTaskId")]) + if err != nil { + return nil, err + } + respr, errRespr := i.srv.Delete(req.Context(), resourceGroupNameParam, workspaceNameParam, incidentIDParam, incidentTaskIDParam, nil) if respErr := server.GetError(errRespr, req); respErr != nil { return nil, respErr } @@ -171,14 +175,14 @@ func (e *EntityQueriesServerTransport) dispatchDelete(req *http.Request) (*http. return resp, nil } -func (e *EntityQueriesServerTransport) dispatchGet(req *http.Request) (*http.Response, error) { - if e.srv.Get == nil { +func (i *IncidentTasksServerTransport) dispatchGet(req *http.Request) (*http.Response, error) { + if i.srv.Get == nil { return nil, &nonRetriableError{errors.New("fake for method Get not implemented")} } - const regexStr = `/subscriptions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/resourceGroups/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.OperationalInsights/workspaces/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.SecurityInsights/entityQueries/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)` + const regexStr = `/subscriptions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/resourceGroups/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.OperationalInsights/workspaces/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.SecurityInsights/incidents/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/tasks/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)` regex := regexp.MustCompile(regexStr) matches := regex.FindStringSubmatch(req.URL.EscapedPath()) - if matches == nil || len(matches) < 4 { + if matches == nil || len(matches) < 5 { return nil, fmt.Errorf("failed to parse path %s", req.URL.Path) } resourceGroupNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("resourceGroupName")]) @@ -189,11 +193,15 @@ func (e *EntityQueriesServerTransport) dispatchGet(req *http.Request) (*http.Res if err != nil { return nil, err } - entityQueryIDParam, err := url.PathUnescape(matches[regex.SubexpIndex("entityQueryId")]) + incidentIDParam, err := url.PathUnescape(matches[regex.SubexpIndex("incidentId")]) if err != nil { return nil, err } - respr, errRespr := e.srv.Get(req.Context(), resourceGroupNameParam, workspaceNameParam, entityQueryIDParam, nil) + incidentTaskIDParam, err := url.PathUnescape(matches[regex.SubexpIndex("incidentTaskId")]) + if err != nil { + return nil, err + } + respr, errRespr := i.srv.Get(req.Context(), resourceGroupNameParam, workspaceNameParam, incidentIDParam, incidentTaskIDParam, nil) if respErr := server.GetError(errRespr, req); respErr != nil { return nil, respErr } @@ -201,31 +209,25 @@ func (e *EntityQueriesServerTransport) dispatchGet(req *http.Request) (*http.Res if !contains([]int{http.StatusOK}, respContent.HTTPStatus) { return nil, &nonRetriableError{fmt.Errorf("unexpected status code %d. acceptable values are http.StatusOK", respContent.HTTPStatus)} } - resp, err := server.MarshalResponseAsJSON(respContent, server.GetResponse(respr).EntityQueryClassification, req) + resp, err := server.MarshalResponseAsJSON(respContent, server.GetResponse(respr).IncidentTask, req) if err != nil { return nil, err } return resp, nil } -func (e *EntityQueriesServerTransport) dispatchNewListPager(req *http.Request) (*http.Response, error) { - if e.srv.NewListPager == nil { +func (i *IncidentTasksServerTransport) dispatchNewListPager(req *http.Request) (*http.Response, error) { + if i.srv.NewListPager == nil { return nil, &nonRetriableError{errors.New("fake for method NewListPager not implemented")} } - newListPager := e.newListPager.get(req) + newListPager := i.newListPager.get(req) if newListPager == nil { - const regexStr = `/subscriptions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/resourceGroups/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.OperationalInsights/workspaces/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.SecurityInsights/entityQueries` + const regexStr = `/subscriptions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/resourceGroups/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.OperationalInsights/workspaces/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.SecurityInsights/incidents/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/tasks` regex := regexp.MustCompile(regexStr) matches := regex.FindStringSubmatch(req.URL.EscapedPath()) - if matches == nil || len(matches) < 3 { + if matches == nil || len(matches) < 4 { return nil, fmt.Errorf("failed to parse path %s", req.URL.Path) } - qp := req.URL.Query() - kindUnescaped, err := url.QueryUnescape(qp.Get("kind")) - if err != nil { - return nil, err - } - kindParam := getOptional(armsecurityinsights.Enum13(kindUnescaped)) resourceGroupNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("resourceGroupName")]) if err != nil { return nil, err @@ -234,16 +236,14 @@ func (e *EntityQueriesServerTransport) dispatchNewListPager(req *http.Request) ( if err != nil { return nil, err } - var options *armsecurityinsights.EntityQueriesClientListOptions - if kindParam != nil { - options = &armsecurityinsights.EntityQueriesClientListOptions{ - Kind: kindParam, - } + incidentIDParam, err := url.PathUnescape(matches[regex.SubexpIndex("incidentId")]) + if err != nil { + return nil, err } - resp := e.srv.NewListPager(resourceGroupNameParam, workspaceNameParam, options) + resp := i.srv.NewListPager(resourceGroupNameParam, workspaceNameParam, incidentIDParam, nil) newListPager = &resp - e.newListPager.add(req, newListPager) - server.PagerResponderInjectNextLinks(newListPager, req, func(page *armsecurityinsights.EntityQueriesClientListResponse, createLink func() string) { + i.newListPager.add(req, newListPager) + server.PagerResponderInjectNextLinks(newListPager, req, func(page *armsecurityinsights.IncidentTasksClientListResponse, createLink func() string) { page.NextLink = to.Ptr(createLink()) }) } @@ -252,11 +252,11 @@ func (e *EntityQueriesServerTransport) dispatchNewListPager(req *http.Request) ( return nil, err } if !contains([]int{http.StatusOK}, resp.StatusCode) { - e.newListPager.remove(req) + i.newListPager.remove(req) return nil, &nonRetriableError{fmt.Errorf("unexpected status code %d. acceptable values are http.StatusOK", resp.StatusCode)} } if !server.PagerResponderMore(newListPager) { - e.newListPager.remove(req) + i.newListPager.remove(req) } return resp, nil } diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/internal.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/internal.go index 40041750dbe9..689bea93e1ec 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/internal.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/internal.go @@ -51,14 +51,6 @@ func parseOptional[T any](v string, parse func(v string) (T, error)) (*T, error) return &t, err } -func parseWithCast[T any](v string, parse func(v string) (T, error)) (T, error) { - t, err := parse(v) - if err != nil { - return *new(T), err - } - return t, err -} - func readRequestBody(req *http.Request) ([]byte, error) { if req.Body == nil { return nil, nil diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/ipgeodata_server.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/ipgeodata_server.go deleted file mode 100644 index 5061bb3e244c..000000000000 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/ipgeodata_server.go +++ /dev/null @@ -1,101 +0,0 @@ -//go:build go1.18 -// +build go1.18 - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See License.txt in the project root for license information. -// Code generated by Microsoft (R) AutoRest Code Generator. DO NOT EDIT. -// Changes may cause incorrect behavior and will be lost if the code is regenerated. - -package fake - -import ( - "context" - "errors" - "fmt" - azfake "github.com/Azure/azure-sdk-for-go/sdk/azcore/fake" - "github.com/Azure/azure-sdk-for-go/sdk/azcore/fake/server" - "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" - "net/http" - "net/url" - "regexp" -) - -// IPGeodataServer is a fake server for instances of the armsecurityinsights.IPGeodataClient type. -type IPGeodataServer struct { - // Get is the fake for method IPGeodataClient.Get - // HTTP status codes to indicate success: http.StatusOK - Get func(ctx context.Context, resourceGroupName string, ipAddress string, options *armsecurityinsights.IPGeodataClientGetOptions) (resp azfake.Responder[armsecurityinsights.IPGeodataClientGetResponse], errResp azfake.ErrorResponder) -} - -// NewIPGeodataServerTransport creates a new instance of IPGeodataServerTransport with the provided implementation. -// The returned IPGeodataServerTransport instance is connected to an instance of armsecurityinsights.IPGeodataClient via the -// azcore.ClientOptions.Transporter field in the client's constructor parameters. -func NewIPGeodataServerTransport(srv *IPGeodataServer) *IPGeodataServerTransport { - return &IPGeodataServerTransport{srv: srv} -} - -// IPGeodataServerTransport connects instances of armsecurityinsights.IPGeodataClient to instances of IPGeodataServer. -// Don't use this type directly, use NewIPGeodataServerTransport instead. -type IPGeodataServerTransport struct { - srv *IPGeodataServer -} - -// Do implements the policy.Transporter interface for IPGeodataServerTransport. -func (i *IPGeodataServerTransport) Do(req *http.Request) (*http.Response, error) { - rawMethod := req.Context().Value(runtime.CtxAPINameKey{}) - method, ok := rawMethod.(string) - if !ok { - return nil, nonRetriableError{errors.New("unable to dispatch request, missing value for CtxAPINameKey")} - } - - var resp *http.Response - var err error - - switch method { - case "IPGeodataClient.Get": - resp, err = i.dispatchGet(req) - default: - err = fmt.Errorf("unhandled API %s", method) - } - - if err != nil { - return nil, err - } - - return resp, nil -} - -func (i *IPGeodataServerTransport) dispatchGet(req *http.Request) (*http.Response, error) { - if i.srv.Get == nil { - return nil, &nonRetriableError{errors.New("fake for method Get not implemented")} - } - const regexStr = `/subscriptions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/resourceGroups/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.SecurityInsights/enrichment/ip/geodata/` - regex := regexp.MustCompile(regexStr) - matches := regex.FindStringSubmatch(req.URL.EscapedPath()) - if matches == nil || len(matches) < 2 { - return nil, fmt.Errorf("failed to parse path %s", req.URL.Path) - } - qp := req.URL.Query() - resourceGroupNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("resourceGroupName")]) - if err != nil { - return nil, err - } - ipAddressParam, err := url.QueryUnescape(qp.Get("ipAddress")) - if err != nil { - return nil, err - } - respr, errRespr := i.srv.Get(req.Context(), resourceGroupNameParam, ipAddressParam, nil) - if respErr := server.GetError(errRespr, req); respErr != nil { - return nil, respErr - } - respContent := server.GetResponseContent(respr) - if !contains([]int{http.StatusOK}, respContent.HTTPStatus) { - return nil, &nonRetriableError{fmt.Errorf("unexpected status code %d. acceptable values are http.StatusOK", respContent.HTTPStatus)} - } - resp, err := server.MarshalResponseAsJSON(respContent, server.GetResponse(respr).EnrichmentIPGeodata, req) - if err != nil { - return nil, err - } - return resp, nil -} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/officeconsents_server.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/officeconsents_server.go deleted file mode 100644 index 819c595f3d81..000000000000 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/officeconsents_server.go +++ /dev/null @@ -1,199 +0,0 @@ -//go:build go1.18 -// +build go1.18 - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See License.txt in the project root for license information. -// Code generated by Microsoft (R) AutoRest Code Generator. DO NOT EDIT. -// Changes may cause incorrect behavior and will be lost if the code is regenerated. - -package fake - -import ( - "context" - "errors" - "fmt" - azfake "github.com/Azure/azure-sdk-for-go/sdk/azcore/fake" - "github.com/Azure/azure-sdk-for-go/sdk/azcore/fake/server" - "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime" - "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" - "net/http" - "net/url" - "regexp" -) - -// OfficeConsentsServer is a fake server for instances of the armsecurityinsights.OfficeConsentsClient type. -type OfficeConsentsServer struct { - // Delete is the fake for method OfficeConsentsClient.Delete - // HTTP status codes to indicate success: http.StatusOK, http.StatusNoContent - Delete func(ctx context.Context, resourceGroupName string, workspaceName string, consentID string, options *armsecurityinsights.OfficeConsentsClientDeleteOptions) (resp azfake.Responder[armsecurityinsights.OfficeConsentsClientDeleteResponse], errResp azfake.ErrorResponder) - - // Get is the fake for method OfficeConsentsClient.Get - // HTTP status codes to indicate success: http.StatusOK - Get func(ctx context.Context, resourceGroupName string, workspaceName string, consentID string, options *armsecurityinsights.OfficeConsentsClientGetOptions) (resp azfake.Responder[armsecurityinsights.OfficeConsentsClientGetResponse], errResp azfake.ErrorResponder) - - // NewListPager is the fake for method OfficeConsentsClient.NewListPager - // HTTP status codes to indicate success: http.StatusOK - NewListPager func(resourceGroupName string, workspaceName string, options *armsecurityinsights.OfficeConsentsClientListOptions) (resp azfake.PagerResponder[armsecurityinsights.OfficeConsentsClientListResponse]) -} - -// NewOfficeConsentsServerTransport creates a new instance of OfficeConsentsServerTransport with the provided implementation. -// The returned OfficeConsentsServerTransport instance is connected to an instance of armsecurityinsights.OfficeConsentsClient via the -// azcore.ClientOptions.Transporter field in the client's constructor parameters. -func NewOfficeConsentsServerTransport(srv *OfficeConsentsServer) *OfficeConsentsServerTransport { - return &OfficeConsentsServerTransport{ - srv: srv, - newListPager: newTracker[azfake.PagerResponder[armsecurityinsights.OfficeConsentsClientListResponse]](), - } -} - -// OfficeConsentsServerTransport connects instances of armsecurityinsights.OfficeConsentsClient to instances of OfficeConsentsServer. -// Don't use this type directly, use NewOfficeConsentsServerTransport instead. -type OfficeConsentsServerTransport struct { - srv *OfficeConsentsServer - newListPager *tracker[azfake.PagerResponder[armsecurityinsights.OfficeConsentsClientListResponse]] -} - -// Do implements the policy.Transporter interface for OfficeConsentsServerTransport. -func (o *OfficeConsentsServerTransport) Do(req *http.Request) (*http.Response, error) { - rawMethod := req.Context().Value(runtime.CtxAPINameKey{}) - method, ok := rawMethod.(string) - if !ok { - return nil, nonRetriableError{errors.New("unable to dispatch request, missing value for CtxAPINameKey")} - } - - var resp *http.Response - var err error - - switch method { - case "OfficeConsentsClient.Delete": - resp, err = o.dispatchDelete(req) - case "OfficeConsentsClient.Get": - resp, err = o.dispatchGet(req) - case "OfficeConsentsClient.NewListPager": - resp, err = o.dispatchNewListPager(req) - default: - err = fmt.Errorf("unhandled API %s", method) - } - - if err != nil { - return nil, err - } - - return resp, nil -} - -func (o *OfficeConsentsServerTransport) dispatchDelete(req *http.Request) (*http.Response, error) { - if o.srv.Delete == nil { - return nil, &nonRetriableError{errors.New("fake for method Delete not implemented")} - } - const regexStr = `/subscriptions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/resourceGroups/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.OperationalInsights/workspaces/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.SecurityInsights/officeConsents/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)` - regex := regexp.MustCompile(regexStr) - matches := regex.FindStringSubmatch(req.URL.EscapedPath()) - if matches == nil || len(matches) < 4 { - return nil, fmt.Errorf("failed to parse path %s", req.URL.Path) - } - resourceGroupNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("resourceGroupName")]) - if err != nil { - return nil, err - } - workspaceNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("workspaceName")]) - if err != nil { - return nil, err - } - consentIDParam, err := url.PathUnescape(matches[regex.SubexpIndex("consentId")]) - if err != nil { - return nil, err - } - respr, errRespr := o.srv.Delete(req.Context(), resourceGroupNameParam, workspaceNameParam, consentIDParam, nil) - if respErr := server.GetError(errRespr, req); respErr != nil { - return nil, respErr - } - respContent := server.GetResponseContent(respr) - if !contains([]int{http.StatusOK, http.StatusNoContent}, respContent.HTTPStatus) { - return nil, &nonRetriableError{fmt.Errorf("unexpected status code %d. acceptable values are http.StatusOK, http.StatusNoContent", respContent.HTTPStatus)} - } - resp, err := server.NewResponse(respContent, req, nil) - if err != nil { - return nil, err - } - return resp, nil -} - -func (o *OfficeConsentsServerTransport) dispatchGet(req *http.Request) (*http.Response, error) { - if o.srv.Get == nil { - return nil, &nonRetriableError{errors.New("fake for method Get not implemented")} - } - const regexStr = `/subscriptions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/resourceGroups/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.OperationalInsights/workspaces/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.SecurityInsights/officeConsents/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)` - regex := regexp.MustCompile(regexStr) - matches := regex.FindStringSubmatch(req.URL.EscapedPath()) - if matches == nil || len(matches) < 4 { - return nil, fmt.Errorf("failed to parse path %s", req.URL.Path) - } - resourceGroupNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("resourceGroupName")]) - if err != nil { - return nil, err - } - workspaceNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("workspaceName")]) - if err != nil { - return nil, err - } - consentIDParam, err := url.PathUnescape(matches[regex.SubexpIndex("consentId")]) - if err != nil { - return nil, err - } - respr, errRespr := o.srv.Get(req.Context(), resourceGroupNameParam, workspaceNameParam, consentIDParam, nil) - if respErr := server.GetError(errRespr, req); respErr != nil { - return nil, respErr - } - respContent := server.GetResponseContent(respr) - if !contains([]int{http.StatusOK}, respContent.HTTPStatus) { - return nil, &nonRetriableError{fmt.Errorf("unexpected status code %d. acceptable values are http.StatusOK", respContent.HTTPStatus)} - } - resp, err := server.MarshalResponseAsJSON(respContent, server.GetResponse(respr).OfficeConsent, req) - if err != nil { - return nil, err - } - return resp, nil -} - -func (o *OfficeConsentsServerTransport) dispatchNewListPager(req *http.Request) (*http.Response, error) { - if o.srv.NewListPager == nil { - return nil, &nonRetriableError{errors.New("fake for method NewListPager not implemented")} - } - newListPager := o.newListPager.get(req) - if newListPager == nil { - const regexStr = `/subscriptions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/resourceGroups/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.OperationalInsights/workspaces/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.SecurityInsights/officeConsents` - regex := regexp.MustCompile(regexStr) - matches := regex.FindStringSubmatch(req.URL.EscapedPath()) - if matches == nil || len(matches) < 3 { - return nil, fmt.Errorf("failed to parse path %s", req.URL.Path) - } - resourceGroupNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("resourceGroupName")]) - if err != nil { - return nil, err - } - workspaceNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("workspaceName")]) - if err != nil { - return nil, err - } - resp := o.srv.NewListPager(resourceGroupNameParam, workspaceNameParam, nil) - newListPager = &resp - o.newListPager.add(req, newListPager) - server.PagerResponderInjectNextLinks(newListPager, req, func(page *armsecurityinsights.OfficeConsentsClientListResponse, createLink func() string) { - page.NextLink = to.Ptr(createLink()) - }) - } - resp, err := server.PagerResponderNext(newListPager, req) - if err != nil { - return nil, err - } - if !contains([]int{http.StatusOK}, resp.StatusCode) { - o.newListPager.remove(req) - return nil, &nonRetriableError{fmt.Errorf("unexpected status code %d. acceptable values are http.StatusOK", resp.StatusCode)} - } - if !server.PagerResponderMore(newListPager) { - o.newListPager.remove(req) - } - return resp, nil -} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/polymorphic_helpers.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/polymorphic_helpers.go index f58543fe9858..fd7f9e60800e 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/polymorphic_helpers.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/polymorphic_helpers.go @@ -25,16 +25,10 @@ func unmarshalAlertRuleClassification(rawMsg json.RawMessage) (armsecurityinsigh switch m["kind"] { case string(armsecurityinsights.AlertRuleKindFusion): b = &armsecurityinsights.FusionAlertRule{} - case string(armsecurityinsights.AlertRuleKindMLBehaviorAnalytics): - b = &armsecurityinsights.MLBehaviorAnalyticsAlertRule{} case string(armsecurityinsights.AlertRuleKindMicrosoftSecurityIncidentCreation): b = &armsecurityinsights.MicrosoftSecurityIncidentCreationAlertRule{} - case string(armsecurityinsights.AlertRuleKindNRT): - b = &armsecurityinsights.NrtAlertRule{} case string(armsecurityinsights.AlertRuleKindScheduled): b = &armsecurityinsights.ScheduledAlertRule{} - case string(armsecurityinsights.AlertRuleKindThreatIntelligence): - b = &armsecurityinsights.ThreatIntelligenceAlertRule{} default: b = &armsecurityinsights.AlertRule{} } @@ -44,27 +38,6 @@ func unmarshalAlertRuleClassification(rawMsg json.RawMessage) (armsecurityinsigh return b, nil } -func unmarshalCustomEntityQueryClassification(rawMsg json.RawMessage) (armsecurityinsights.CustomEntityQueryClassification, error) { - if rawMsg == nil || string(rawMsg) == "null" { - return nil, nil - } - var m map[string]any - if err := json.Unmarshal(rawMsg, &m); err != nil { - return nil, err - } - var b armsecurityinsights.CustomEntityQueryClassification - switch m["kind"] { - case string(armsecurityinsights.CustomEntityQueryKindActivity): - b = &armsecurityinsights.ActivityCustomEntityQuery{} - default: - b = &armsecurityinsights.CustomEntityQuery{} - } - if err := json.Unmarshal(rawMsg, b); err != nil { - return nil, err - } - return b, nil -} - func unmarshalDataConnectorClassification(rawMsg json.RawMessage) (armsecurityinsights.DataConnectorClassification, error) { if rawMsg == nil || string(rawMsg) == "null" { return nil, nil @@ -75,46 +48,28 @@ func unmarshalDataConnectorClassification(rawMsg json.RawMessage) (armsecurityin } var b armsecurityinsights.DataConnectorClassification switch m["kind"] { - case string(armsecurityinsights.DataConnectorKindAPIPolling): - b = &armsecurityinsights.CodelessAPIPollingDataConnector{} case string(armsecurityinsights.DataConnectorKindAmazonWebServicesCloudTrail): b = &armsecurityinsights.AwsCloudTrailDataConnector{} - case string(armsecurityinsights.DataConnectorKindAmazonWebServicesS3): - b = &armsecurityinsights.AwsS3DataConnector{} case string(armsecurityinsights.DataConnectorKindAzureActiveDirectory): b = &armsecurityinsights.AADDataConnector{} case string(armsecurityinsights.DataConnectorKindAzureAdvancedThreatProtection): b = &armsecurityinsights.AATPDataConnector{} case string(armsecurityinsights.DataConnectorKindAzureSecurityCenter): b = &armsecurityinsights.ASCDataConnector{} - case string(armsecurityinsights.DataConnectorKindDynamics365): - b = &armsecurityinsights.Dynamics365DataConnector{} - case string(armsecurityinsights.DataConnectorKindGenericUI): - b = &armsecurityinsights.CodelessUIDataConnector{} - case string(armsecurityinsights.DataConnectorKindIOT): - b = &armsecurityinsights.IoTDataConnector{} case string(armsecurityinsights.DataConnectorKindMicrosoftCloudAppSecurity): b = &armsecurityinsights.MCASDataConnector{} case string(armsecurityinsights.DataConnectorKindMicrosoftDefenderAdvancedThreatProtection): b = &armsecurityinsights.MDATPDataConnector{} case string(armsecurityinsights.DataConnectorKindMicrosoftThreatIntelligence): b = &armsecurityinsights.MSTIDataConnector{} - case string(armsecurityinsights.DataConnectorKindMicrosoftThreatProtection): - b = &armsecurityinsights.MTPDataConnector{} case string(armsecurityinsights.DataConnectorKindOffice365): b = &armsecurityinsights.OfficeDataConnector{} - case string(armsecurityinsights.DataConnectorKindOffice365Project): - b = &armsecurityinsights.Office365ProjectDataConnector{} - case string(armsecurityinsights.DataConnectorKindOfficeATP): - b = &armsecurityinsights.OfficeATPDataConnector{} - case string(armsecurityinsights.DataConnectorKindOfficeIRM): - b = &armsecurityinsights.OfficeIRMDataConnector{} - case string(armsecurityinsights.DataConnectorKindOfficePowerBI): - b = &armsecurityinsights.OfficePowerBIDataConnector{} + case string(armsecurityinsights.DataConnectorKindPremiumMicrosoftDefenderForThreatIntelligence): + b = &armsecurityinsights.PremiumMicrosoftDefenderForThreatIntelligence{} + case string(armsecurityinsights.DataConnectorKindRestAPIPoller): + b = &armsecurityinsights.RestAPIPollerDataConnector{} case string(armsecurityinsights.DataConnectorKindThreatIntelligence): b = &armsecurityinsights.TIDataConnector{} - case string(armsecurityinsights.DataConnectorKindThreatIntelligenceTaxii): - b = &armsecurityinsights.TiTaxiiDataConnector{} default: b = &armsecurityinsights.DataConnector{} } @@ -124,7 +79,7 @@ func unmarshalDataConnectorClassification(rawMsg json.RawMessage) (armsecurityin return b, nil } -func unmarshalDataConnectorsCheckRequirementsClassification(rawMsg json.RawMessage) (armsecurityinsights.DataConnectorsCheckRequirementsClassification, error) { +func unmarshalDataConnectorDefinitionClassification(rawMsg json.RawMessage) (armsecurityinsights.DataConnectorDefinitionClassification, error) { if rawMsg == nil || string(rawMsg) == "null" { return nil, nil } @@ -132,44 +87,12 @@ func unmarshalDataConnectorsCheckRequirementsClassification(rawMsg json.RawMessa if err := json.Unmarshal(rawMsg, &m); err != nil { return nil, err } - var b armsecurityinsights.DataConnectorsCheckRequirementsClassification + var b armsecurityinsights.DataConnectorDefinitionClassification switch m["kind"] { - case string(armsecurityinsights.DataConnectorKindAmazonWebServicesCloudTrail): - b = &armsecurityinsights.AwsCloudTrailCheckRequirements{} - case string(armsecurityinsights.DataConnectorKindAmazonWebServicesS3): - b = &armsecurityinsights.AwsS3CheckRequirements{} - case string(armsecurityinsights.DataConnectorKindAzureActiveDirectory): - b = &armsecurityinsights.AADCheckRequirements{} - case string(armsecurityinsights.DataConnectorKindAzureAdvancedThreatProtection): - b = &armsecurityinsights.AATPCheckRequirements{} - case string(armsecurityinsights.DataConnectorKindAzureSecurityCenter): - b = &armsecurityinsights.ASCCheckRequirements{} - case string(armsecurityinsights.DataConnectorKindDynamics365): - b = &armsecurityinsights.Dynamics365CheckRequirements{} - case string(armsecurityinsights.DataConnectorKindIOT): - b = &armsecurityinsights.IoTCheckRequirements{} - case string(armsecurityinsights.DataConnectorKindMicrosoftCloudAppSecurity): - b = &armsecurityinsights.MCASCheckRequirements{} - case string(armsecurityinsights.DataConnectorKindMicrosoftDefenderAdvancedThreatProtection): - b = &armsecurityinsights.MDATPCheckRequirements{} - case string(armsecurityinsights.DataConnectorKindMicrosoftThreatIntelligence): - b = &armsecurityinsights.MSTICheckRequirements{} - case string(armsecurityinsights.DataConnectorKindMicrosoftThreatProtection): - b = &armsecurityinsights.MtpCheckRequirements{} - case string(armsecurityinsights.DataConnectorKindOffice365Project): - b = &armsecurityinsights.Office365ProjectCheckRequirements{} - case string(armsecurityinsights.DataConnectorKindOfficeATP): - b = &armsecurityinsights.OfficeATPCheckRequirements{} - case string(armsecurityinsights.DataConnectorKindOfficeIRM): - b = &armsecurityinsights.OfficeIRMCheckRequirements{} - case string(armsecurityinsights.DataConnectorKindOfficePowerBI): - b = &armsecurityinsights.OfficePowerBICheckRequirements{} - case string(armsecurityinsights.DataConnectorKindThreatIntelligence): - b = &armsecurityinsights.TICheckRequirements{} - case string(armsecurityinsights.DataConnectorKindThreatIntelligenceTaxii): - b = &armsecurityinsights.TiTaxiiCheckRequirements{} + case string(armsecurityinsights.DataConnectorDefinitionKindCustomizable): + b = &armsecurityinsights.CustomizableConnectorDefinition{} default: - b = &armsecurityinsights.DataConnectorsCheckRequirements{} + b = &armsecurityinsights.DataConnectorDefinition{} } if err := json.Unmarshal(rawMsg, b); err != nil { return nil, err @@ -197,30 +120,3 @@ func unmarshalSecurityMLAnalyticsSettingClassification(rawMsg json.RawMessage) ( } return b, nil } - -func unmarshalSettingsClassification(rawMsg json.RawMessage) (armsecurityinsights.SettingsClassification, error) { - if rawMsg == nil || string(rawMsg) == "null" { - return nil, nil - } - var m map[string]any - if err := json.Unmarshal(rawMsg, &m); err != nil { - return nil, err - } - var b armsecurityinsights.SettingsClassification - switch m["kind"] { - case string(armsecurityinsights.SettingKindAnomalies): - b = &armsecurityinsights.Anomalies{} - case string(armsecurityinsights.SettingKindEntityAnalytics): - b = &armsecurityinsights.EntityAnalytics{} - case string(armsecurityinsights.SettingKindEyesOn): - b = &armsecurityinsights.EyesOn{} - case string(armsecurityinsights.SettingKindUeba): - b = &armsecurityinsights.Ueba{} - default: - b = &armsecurityinsights.Settings{} - } - if err := json.Unmarshal(rawMsg, b); err != nil { - return nil, err - } - return b, nil -} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/bookmark_server.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/productpackage_server.go similarity index 55% rename from sdk/resourcemanager/securityinsights/armsecurityinsights/fake/bookmark_server.go rename to sdk/resourcemanager/securityinsights/armsecurityinsights/fake/productpackage_server.go index e005536c606a..721713b19d8c 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/bookmark_server.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/productpackage_server.go @@ -21,28 +21,28 @@ import ( "regexp" ) -// BookmarkServer is a fake server for instances of the armsecurityinsights.BookmarkClient type. -type BookmarkServer struct { - // Expand is the fake for method BookmarkClient.Expand +// ProductPackageServer is a fake server for instances of the armsecurityinsights.ProductPackageClient type. +type ProductPackageServer struct { + // Get is the fake for method ProductPackageClient.Get // HTTP status codes to indicate success: http.StatusOK - Expand func(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string, parameters armsecurityinsights.BookmarkExpandParameters, options *armsecurityinsights.BookmarkClientExpandOptions) (resp azfake.Responder[armsecurityinsights.BookmarkClientExpandResponse], errResp azfake.ErrorResponder) + Get func(ctx context.Context, resourceGroupName string, workspaceName string, packageID string, options *armsecurityinsights.ProductPackageClientGetOptions) (resp azfake.Responder[armsecurityinsights.ProductPackageClientGetResponse], errResp azfake.ErrorResponder) } -// NewBookmarkServerTransport creates a new instance of BookmarkServerTransport with the provided implementation. -// The returned BookmarkServerTransport instance is connected to an instance of armsecurityinsights.BookmarkClient via the +// NewProductPackageServerTransport creates a new instance of ProductPackageServerTransport with the provided implementation. +// The returned ProductPackageServerTransport instance is connected to an instance of armsecurityinsights.ProductPackageClient via the // azcore.ClientOptions.Transporter field in the client's constructor parameters. -func NewBookmarkServerTransport(srv *BookmarkServer) *BookmarkServerTransport { - return &BookmarkServerTransport{srv: srv} +func NewProductPackageServerTransport(srv *ProductPackageServer) *ProductPackageServerTransport { + return &ProductPackageServerTransport{srv: srv} } -// BookmarkServerTransport connects instances of armsecurityinsights.BookmarkClient to instances of BookmarkServer. -// Don't use this type directly, use NewBookmarkServerTransport instead. -type BookmarkServerTransport struct { - srv *BookmarkServer +// ProductPackageServerTransport connects instances of armsecurityinsights.ProductPackageClient to instances of ProductPackageServer. +// Don't use this type directly, use NewProductPackageServerTransport instead. +type ProductPackageServerTransport struct { + srv *ProductPackageServer } -// Do implements the policy.Transporter interface for BookmarkServerTransport. -func (b *BookmarkServerTransport) Do(req *http.Request) (*http.Response, error) { +// Do implements the policy.Transporter interface for ProductPackageServerTransport. +func (p *ProductPackageServerTransport) Do(req *http.Request) (*http.Response, error) { rawMethod := req.Context().Value(runtime.CtxAPINameKey{}) method, ok := rawMethod.(string) if !ok { @@ -53,8 +53,8 @@ func (b *BookmarkServerTransport) Do(req *http.Request) (*http.Response, error) var err error switch method { - case "BookmarkClient.Expand": - resp, err = b.dispatchExpand(req) + case "ProductPackageClient.Get": + resp, err = p.dispatchGet(req) default: err = fmt.Errorf("unhandled API %s", method) } @@ -66,20 +66,16 @@ func (b *BookmarkServerTransport) Do(req *http.Request) (*http.Response, error) return resp, nil } -func (b *BookmarkServerTransport) dispatchExpand(req *http.Request) (*http.Response, error) { - if b.srv.Expand == nil { - return nil, &nonRetriableError{errors.New("fake for method Expand not implemented")} +func (p *ProductPackageServerTransport) dispatchGet(req *http.Request) (*http.Response, error) { + if p.srv.Get == nil { + return nil, &nonRetriableError{errors.New("fake for method Get not implemented")} } - const regexStr = `/subscriptions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/resourceGroups/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.OperationalInsights/workspaces/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.SecurityInsights/bookmarks/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/expand` + const regexStr = `/subscriptions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/resourceGroups/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.OperationalInsights/workspaces/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.SecurityInsights/contentProductPackages/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)` regex := regexp.MustCompile(regexStr) matches := regex.FindStringSubmatch(req.URL.EscapedPath()) if matches == nil || len(matches) < 4 { return nil, fmt.Errorf("failed to parse path %s", req.URL.Path) } - body, err := server.UnmarshalRequestAsJSON[armsecurityinsights.BookmarkExpandParameters](req) - if err != nil { - return nil, err - } resourceGroupNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("resourceGroupName")]) if err != nil { return nil, err @@ -88,11 +84,11 @@ func (b *BookmarkServerTransport) dispatchExpand(req *http.Request) (*http.Respo if err != nil { return nil, err } - bookmarkIDParam, err := url.PathUnescape(matches[regex.SubexpIndex("bookmarkId")]) + packageIDParam, err := url.PathUnescape(matches[regex.SubexpIndex("packageId")]) if err != nil { return nil, err } - respr, errRespr := b.srv.Expand(req.Context(), resourceGroupNameParam, workspaceNameParam, bookmarkIDParam, body, nil) + respr, errRespr := p.srv.Get(req.Context(), resourceGroupNameParam, workspaceNameParam, packageIDParam, nil) if respErr := server.GetError(errRespr, req); respErr != nil { return nil, respErr } @@ -100,7 +96,7 @@ func (b *BookmarkServerTransport) dispatchExpand(req *http.Request) (*http.Respo if !contains([]int{http.StatusOK}, respContent.HTTPStatus) { return nil, &nonRetriableError{fmt.Errorf("unexpected status code %d. acceptable values are http.StatusOK", respContent.HTTPStatus)} } - resp, err := server.MarshalResponseAsJSON(respContent, server.GetResponse(respr).BookmarkExpandResponse, req) + resp, err := server.MarshalResponseAsJSON(respContent, server.GetResponse(respr).ProductPackageModel, req) if err != nil { return nil, err } diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/entitiesrelations_server.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/productpackages_server.go similarity index 62% rename from sdk/resourcemanager/securityinsights/armsecurityinsights/fake/entitiesrelations_server.go rename to sdk/resourcemanager/securityinsights/armsecurityinsights/fake/productpackages_server.go index ee3b5d06a027..b517ef6cb3d4 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/entitiesrelations_server.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/productpackages_server.go @@ -22,32 +22,32 @@ import ( "strconv" ) -// EntitiesRelationsServer is a fake server for instances of the armsecurityinsights.EntitiesRelationsClient type. -type EntitiesRelationsServer struct { - // NewListPager is the fake for method EntitiesRelationsClient.NewListPager +// ProductPackagesServer is a fake server for instances of the armsecurityinsights.ProductPackagesClient type. +type ProductPackagesServer struct { + // NewListPager is the fake for method ProductPackagesClient.NewListPager // HTTP status codes to indicate success: http.StatusOK - NewListPager func(resourceGroupName string, workspaceName string, entityID string, options *armsecurityinsights.EntitiesRelationsClientListOptions) (resp azfake.PagerResponder[armsecurityinsights.EntitiesRelationsClientListResponse]) + NewListPager func(resourceGroupName string, workspaceName string, options *armsecurityinsights.ProductPackagesClientListOptions) (resp azfake.PagerResponder[armsecurityinsights.ProductPackagesClientListResponse]) } -// NewEntitiesRelationsServerTransport creates a new instance of EntitiesRelationsServerTransport with the provided implementation. -// The returned EntitiesRelationsServerTransport instance is connected to an instance of armsecurityinsights.EntitiesRelationsClient via the +// NewProductPackagesServerTransport creates a new instance of ProductPackagesServerTransport with the provided implementation. +// The returned ProductPackagesServerTransport instance is connected to an instance of armsecurityinsights.ProductPackagesClient via the // azcore.ClientOptions.Transporter field in the client's constructor parameters. -func NewEntitiesRelationsServerTransport(srv *EntitiesRelationsServer) *EntitiesRelationsServerTransport { - return &EntitiesRelationsServerTransport{ +func NewProductPackagesServerTransport(srv *ProductPackagesServer) *ProductPackagesServerTransport { + return &ProductPackagesServerTransport{ srv: srv, - newListPager: newTracker[azfake.PagerResponder[armsecurityinsights.EntitiesRelationsClientListResponse]](), + newListPager: newTracker[azfake.PagerResponder[armsecurityinsights.ProductPackagesClientListResponse]](), } } -// EntitiesRelationsServerTransport connects instances of armsecurityinsights.EntitiesRelationsClient to instances of EntitiesRelationsServer. -// Don't use this type directly, use NewEntitiesRelationsServerTransport instead. -type EntitiesRelationsServerTransport struct { - srv *EntitiesRelationsServer - newListPager *tracker[azfake.PagerResponder[armsecurityinsights.EntitiesRelationsClientListResponse]] +// ProductPackagesServerTransport connects instances of armsecurityinsights.ProductPackagesClient to instances of ProductPackagesServer. +// Don't use this type directly, use NewProductPackagesServerTransport instead. +type ProductPackagesServerTransport struct { + srv *ProductPackagesServer + newListPager *tracker[azfake.PagerResponder[armsecurityinsights.ProductPackagesClientListResponse]] } -// Do implements the policy.Transporter interface for EntitiesRelationsServerTransport. -func (e *EntitiesRelationsServerTransport) Do(req *http.Request) (*http.Response, error) { +// Do implements the policy.Transporter interface for ProductPackagesServerTransport. +func (p *ProductPackagesServerTransport) Do(req *http.Request) (*http.Response, error) { rawMethod := req.Context().Value(runtime.CtxAPINameKey{}) method, ok := rawMethod.(string) if !ok { @@ -58,8 +58,8 @@ func (e *EntitiesRelationsServerTransport) Do(req *http.Request) (*http.Response var err error switch method { - case "EntitiesRelationsClient.NewListPager": - resp, err = e.dispatchNewListPager(req) + case "ProductPackagesClient.NewListPager": + resp, err = p.dispatchNewListPager(req) default: err = fmt.Errorf("unhandled API %s", method) } @@ -71,16 +71,16 @@ func (e *EntitiesRelationsServerTransport) Do(req *http.Request) (*http.Response return resp, nil } -func (e *EntitiesRelationsServerTransport) dispatchNewListPager(req *http.Request) (*http.Response, error) { - if e.srv.NewListPager == nil { +func (p *ProductPackagesServerTransport) dispatchNewListPager(req *http.Request) (*http.Response, error) { + if p.srv.NewListPager == nil { return nil, &nonRetriableError{errors.New("fake for method NewListPager not implemented")} } - newListPager := e.newListPager.get(req) + newListPager := p.newListPager.get(req) if newListPager == nil { - const regexStr = `/subscriptions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/resourceGroups/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.OperationalInsights/workspaces/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.SecurityInsights/entities/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/relations` + const regexStr = `/subscriptions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/resourceGroups/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.OperationalInsights/workspaces/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.SecurityInsights/contentProductPackages` regex := regexp.MustCompile(regexStr) matches := regex.FindStringSubmatch(req.URL.EscapedPath()) - if matches == nil || len(matches) < 4 { + if matches == nil || len(matches) < 3 { return nil, fmt.Errorf("failed to parse path %s", req.URL.Path) } qp := req.URL.Query() @@ -92,10 +92,6 @@ func (e *EntitiesRelationsServerTransport) dispatchNewListPager(req *http.Reques if err != nil { return nil, err } - entityIDParam, err := url.PathUnescape(matches[regex.SubexpIndex("entityId")]) - if err != nil { - return nil, err - } filterUnescaped, err := url.QueryUnescape(qp.Get("$filter")) if err != nil { return nil, err @@ -125,19 +121,19 @@ func (e *EntitiesRelationsServerTransport) dispatchNewListPager(req *http.Reques return nil, err } skipTokenParam := getOptional(skipTokenUnescaped) - var options *armsecurityinsights.EntitiesRelationsClientListOptions + var options *armsecurityinsights.ProductPackagesClientListOptions if filterParam != nil || orderbyParam != nil || topParam != nil || skipTokenParam != nil { - options = &armsecurityinsights.EntitiesRelationsClientListOptions{ + options = &armsecurityinsights.ProductPackagesClientListOptions{ Filter: filterParam, Orderby: orderbyParam, Top: topParam, SkipToken: skipTokenParam, } } - resp := e.srv.NewListPager(resourceGroupNameParam, workspaceNameParam, entityIDParam, options) + resp := p.srv.NewListPager(resourceGroupNameParam, workspaceNameParam, options) newListPager = &resp - e.newListPager.add(req, newListPager) - server.PagerResponderInjectNextLinks(newListPager, req, func(page *armsecurityinsights.EntitiesRelationsClientListResponse, createLink func() string) { + p.newListPager.add(req, newListPager) + server.PagerResponderInjectNextLinks(newListPager, req, func(page *armsecurityinsights.ProductPackagesClientListResponse, createLink func() string) { page.NextLink = to.Ptr(createLink()) }) } @@ -146,11 +142,11 @@ func (e *EntitiesRelationsServerTransport) dispatchNewListPager(req *http.Reques return nil, err } if !contains([]int{http.StatusOK}, resp.StatusCode) { - e.newListPager.remove(req) + p.newListPager.remove(req) return nil, &nonRetriableError{fmt.Errorf("unexpected status code %d. acceptable values are http.StatusOK", resp.StatusCode)} } if !server.PagerResponderMore(newListPager) { - e.newListPager.remove(req) + p.newListPager.remove(req) } return resp, nil } diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/productsettings_server.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/productsettings_server.go deleted file mode 100644 index 7f79620a1305..000000000000 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/productsettings_server.go +++ /dev/null @@ -1,237 +0,0 @@ -//go:build go1.18 -// +build go1.18 - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See License.txt in the project root for license information. -// Code generated by Microsoft (R) AutoRest Code Generator. DO NOT EDIT. -// Changes may cause incorrect behavior and will be lost if the code is regenerated. - -package fake - -import ( - "context" - "errors" - "fmt" - azfake "github.com/Azure/azure-sdk-for-go/sdk/azcore/fake" - "github.com/Azure/azure-sdk-for-go/sdk/azcore/fake/server" - "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" - "net/http" - "net/url" - "regexp" -) - -// ProductSettingsServer is a fake server for instances of the armsecurityinsights.ProductSettingsClient type. -type ProductSettingsServer struct { - // Delete is the fake for method ProductSettingsClient.Delete - // HTTP status codes to indicate success: http.StatusOK, http.StatusNoContent - Delete func(ctx context.Context, resourceGroupName string, workspaceName string, settingsName string, options *armsecurityinsights.ProductSettingsClientDeleteOptions) (resp azfake.Responder[armsecurityinsights.ProductSettingsClientDeleteResponse], errResp azfake.ErrorResponder) - - // Get is the fake for method ProductSettingsClient.Get - // HTTP status codes to indicate success: http.StatusOK - Get func(ctx context.Context, resourceGroupName string, workspaceName string, settingsName string, options *armsecurityinsights.ProductSettingsClientGetOptions) (resp azfake.Responder[armsecurityinsights.ProductSettingsClientGetResponse], errResp azfake.ErrorResponder) - - // List is the fake for method ProductSettingsClient.List - // HTTP status codes to indicate success: http.StatusOK - List func(ctx context.Context, resourceGroupName string, workspaceName string, options *armsecurityinsights.ProductSettingsClientListOptions) (resp azfake.Responder[armsecurityinsights.ProductSettingsClientListResponse], errResp azfake.ErrorResponder) - - // Update is the fake for method ProductSettingsClient.Update - // HTTP status codes to indicate success: http.StatusOK - Update func(ctx context.Context, resourceGroupName string, workspaceName string, settingsName string, settings armsecurityinsights.SettingsClassification, options *armsecurityinsights.ProductSettingsClientUpdateOptions) (resp azfake.Responder[armsecurityinsights.ProductSettingsClientUpdateResponse], errResp azfake.ErrorResponder) -} - -// NewProductSettingsServerTransport creates a new instance of ProductSettingsServerTransport with the provided implementation. -// The returned ProductSettingsServerTransport instance is connected to an instance of armsecurityinsights.ProductSettingsClient via the -// azcore.ClientOptions.Transporter field in the client's constructor parameters. -func NewProductSettingsServerTransport(srv *ProductSettingsServer) *ProductSettingsServerTransport { - return &ProductSettingsServerTransport{srv: srv} -} - -// ProductSettingsServerTransport connects instances of armsecurityinsights.ProductSettingsClient to instances of ProductSettingsServer. -// Don't use this type directly, use NewProductSettingsServerTransport instead. -type ProductSettingsServerTransport struct { - srv *ProductSettingsServer -} - -// Do implements the policy.Transporter interface for ProductSettingsServerTransport. -func (p *ProductSettingsServerTransport) Do(req *http.Request) (*http.Response, error) { - rawMethod := req.Context().Value(runtime.CtxAPINameKey{}) - method, ok := rawMethod.(string) - if !ok { - return nil, nonRetriableError{errors.New("unable to dispatch request, missing value for CtxAPINameKey")} - } - - var resp *http.Response - var err error - - switch method { - case "ProductSettingsClient.Delete": - resp, err = p.dispatchDelete(req) - case "ProductSettingsClient.Get": - resp, err = p.dispatchGet(req) - case "ProductSettingsClient.List": - resp, err = p.dispatchList(req) - case "ProductSettingsClient.Update": - resp, err = p.dispatchUpdate(req) - default: - err = fmt.Errorf("unhandled API %s", method) - } - - if err != nil { - return nil, err - } - - return resp, nil -} - -func (p *ProductSettingsServerTransport) dispatchDelete(req *http.Request) (*http.Response, error) { - if p.srv.Delete == nil { - return nil, &nonRetriableError{errors.New("fake for method Delete not implemented")} - } - const regexStr = `/subscriptions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/resourceGroups/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.OperationalInsights/workspaces/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.SecurityInsights/settings/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)` - regex := regexp.MustCompile(regexStr) - matches := regex.FindStringSubmatch(req.URL.EscapedPath()) - if matches == nil || len(matches) < 4 { - return nil, fmt.Errorf("failed to parse path %s", req.URL.Path) - } - resourceGroupNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("resourceGroupName")]) - if err != nil { - return nil, err - } - workspaceNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("workspaceName")]) - if err != nil { - return nil, err - } - settingsNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("settingsName")]) - if err != nil { - return nil, err - } - respr, errRespr := p.srv.Delete(req.Context(), resourceGroupNameParam, workspaceNameParam, settingsNameParam, nil) - if respErr := server.GetError(errRespr, req); respErr != nil { - return nil, respErr - } - respContent := server.GetResponseContent(respr) - if !contains([]int{http.StatusOK, http.StatusNoContent}, respContent.HTTPStatus) { - return nil, &nonRetriableError{fmt.Errorf("unexpected status code %d. acceptable values are http.StatusOK, http.StatusNoContent", respContent.HTTPStatus)} - } - resp, err := server.NewResponse(respContent, req, nil) - if err != nil { - return nil, err - } - return resp, nil -} - -func (p *ProductSettingsServerTransport) dispatchGet(req *http.Request) (*http.Response, error) { - if p.srv.Get == nil { - return nil, &nonRetriableError{errors.New("fake for method Get not implemented")} - } - const regexStr = `/subscriptions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/resourceGroups/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.OperationalInsights/workspaces/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.SecurityInsights/settings/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)` - regex := regexp.MustCompile(regexStr) - matches := regex.FindStringSubmatch(req.URL.EscapedPath()) - if matches == nil || len(matches) < 4 { - return nil, fmt.Errorf("failed to parse path %s", req.URL.Path) - } - resourceGroupNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("resourceGroupName")]) - if err != nil { - return nil, err - } - workspaceNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("workspaceName")]) - if err != nil { - return nil, err - } - settingsNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("settingsName")]) - if err != nil { - return nil, err - } - respr, errRespr := p.srv.Get(req.Context(), resourceGroupNameParam, workspaceNameParam, settingsNameParam, nil) - if respErr := server.GetError(errRespr, req); respErr != nil { - return nil, respErr - } - respContent := server.GetResponseContent(respr) - if !contains([]int{http.StatusOK}, respContent.HTTPStatus) { - return nil, &nonRetriableError{fmt.Errorf("unexpected status code %d. acceptable values are http.StatusOK", respContent.HTTPStatus)} - } - resp, err := server.MarshalResponseAsJSON(respContent, server.GetResponse(respr).SettingsClassification, req) - if err != nil { - return nil, err - } - return resp, nil -} - -func (p *ProductSettingsServerTransport) dispatchList(req *http.Request) (*http.Response, error) { - if p.srv.List == nil { - return nil, &nonRetriableError{errors.New("fake for method List not implemented")} - } - const regexStr = `/subscriptions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/resourceGroups/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.OperationalInsights/workspaces/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.SecurityInsights/settings` - regex := regexp.MustCompile(regexStr) - matches := regex.FindStringSubmatch(req.URL.EscapedPath()) - if matches == nil || len(matches) < 3 { - return nil, fmt.Errorf("failed to parse path %s", req.URL.Path) - } - resourceGroupNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("resourceGroupName")]) - if err != nil { - return nil, err - } - workspaceNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("workspaceName")]) - if err != nil { - return nil, err - } - respr, errRespr := p.srv.List(req.Context(), resourceGroupNameParam, workspaceNameParam, nil) - if respErr := server.GetError(errRespr, req); respErr != nil { - return nil, respErr - } - respContent := server.GetResponseContent(respr) - if !contains([]int{http.StatusOK}, respContent.HTTPStatus) { - return nil, &nonRetriableError{fmt.Errorf("unexpected status code %d. acceptable values are http.StatusOK", respContent.HTTPStatus)} - } - resp, err := server.MarshalResponseAsJSON(respContent, server.GetResponse(respr).SettingList, req) - if err != nil { - return nil, err - } - return resp, nil -} - -func (p *ProductSettingsServerTransport) dispatchUpdate(req *http.Request) (*http.Response, error) { - if p.srv.Update == nil { - return nil, &nonRetriableError{errors.New("fake for method Update not implemented")} - } - const regexStr = `/subscriptions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/resourceGroups/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.OperationalInsights/workspaces/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.SecurityInsights/settings/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)` - regex := regexp.MustCompile(regexStr) - matches := regex.FindStringSubmatch(req.URL.EscapedPath()) - if matches == nil || len(matches) < 4 { - return nil, fmt.Errorf("failed to parse path %s", req.URL.Path) - } - raw, err := readRequestBody(req) - if err != nil { - return nil, err - } - body, err := unmarshalSettingsClassification(raw) - if err != nil { - return nil, err - } - resourceGroupNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("resourceGroupName")]) - if err != nil { - return nil, err - } - workspaceNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("workspaceName")]) - if err != nil { - return nil, err - } - settingsNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("settingsName")]) - if err != nil { - return nil, err - } - respr, errRespr := p.srv.Update(req.Context(), resourceGroupNameParam, workspaceNameParam, settingsNameParam, body, nil) - if respErr := server.GetError(errRespr, req); respErr != nil { - return nil, respErr - } - respContent := server.GetResponseContent(respr) - if !contains([]int{http.StatusOK}, respContent.HTTPStatus) { - return nil, &nonRetriableError{fmt.Errorf("unexpected status code %d. acceptable values are http.StatusOK", respContent.HTTPStatus)} - } - resp, err := server.MarshalResponseAsJSON(respContent, server.GetResponse(respr).SettingsClassification, req) - if err != nil { - return nil, err - } - return resp, nil -} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/entityrelations_server.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/producttemplate_server.go similarity index 54% rename from sdk/resourcemanager/securityinsights/armsecurityinsights/fake/entityrelations_server.go rename to sdk/resourcemanager/securityinsights/armsecurityinsights/fake/producttemplate_server.go index 07f5d3c8c8a6..e25b4e877256 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/entityrelations_server.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/producttemplate_server.go @@ -21,28 +21,28 @@ import ( "regexp" ) -// EntityRelationsServer is a fake server for instances of the armsecurityinsights.EntityRelationsClient type. -type EntityRelationsServer struct { - // GetRelation is the fake for method EntityRelationsClient.GetRelation +// ProductTemplateServer is a fake server for instances of the armsecurityinsights.ProductTemplateClient type. +type ProductTemplateServer struct { + // Get is the fake for method ProductTemplateClient.Get // HTTP status codes to indicate success: http.StatusOK - GetRelation func(ctx context.Context, resourceGroupName string, workspaceName string, entityID string, relationName string, options *armsecurityinsights.EntityRelationsClientGetRelationOptions) (resp azfake.Responder[armsecurityinsights.EntityRelationsClientGetRelationResponse], errResp azfake.ErrorResponder) + Get func(ctx context.Context, resourceGroupName string, workspaceName string, templateID string, options *armsecurityinsights.ProductTemplateClientGetOptions) (resp azfake.Responder[armsecurityinsights.ProductTemplateClientGetResponse], errResp azfake.ErrorResponder) } -// NewEntityRelationsServerTransport creates a new instance of EntityRelationsServerTransport with the provided implementation. -// The returned EntityRelationsServerTransport instance is connected to an instance of armsecurityinsights.EntityRelationsClient via the +// NewProductTemplateServerTransport creates a new instance of ProductTemplateServerTransport with the provided implementation. +// The returned ProductTemplateServerTransport instance is connected to an instance of armsecurityinsights.ProductTemplateClient via the // azcore.ClientOptions.Transporter field in the client's constructor parameters. -func NewEntityRelationsServerTransport(srv *EntityRelationsServer) *EntityRelationsServerTransport { - return &EntityRelationsServerTransport{srv: srv} +func NewProductTemplateServerTransport(srv *ProductTemplateServer) *ProductTemplateServerTransport { + return &ProductTemplateServerTransport{srv: srv} } -// EntityRelationsServerTransport connects instances of armsecurityinsights.EntityRelationsClient to instances of EntityRelationsServer. -// Don't use this type directly, use NewEntityRelationsServerTransport instead. -type EntityRelationsServerTransport struct { - srv *EntityRelationsServer +// ProductTemplateServerTransport connects instances of armsecurityinsights.ProductTemplateClient to instances of ProductTemplateServer. +// Don't use this type directly, use NewProductTemplateServerTransport instead. +type ProductTemplateServerTransport struct { + srv *ProductTemplateServer } -// Do implements the policy.Transporter interface for EntityRelationsServerTransport. -func (e *EntityRelationsServerTransport) Do(req *http.Request) (*http.Response, error) { +// Do implements the policy.Transporter interface for ProductTemplateServerTransport. +func (p *ProductTemplateServerTransport) Do(req *http.Request) (*http.Response, error) { rawMethod := req.Context().Value(runtime.CtxAPINameKey{}) method, ok := rawMethod.(string) if !ok { @@ -53,8 +53,8 @@ func (e *EntityRelationsServerTransport) Do(req *http.Request) (*http.Response, var err error switch method { - case "EntityRelationsClient.GetRelation": - resp, err = e.dispatchGetRelation(req) + case "ProductTemplateClient.Get": + resp, err = p.dispatchGet(req) default: err = fmt.Errorf("unhandled API %s", method) } @@ -66,14 +66,14 @@ func (e *EntityRelationsServerTransport) Do(req *http.Request) (*http.Response, return resp, nil } -func (e *EntityRelationsServerTransport) dispatchGetRelation(req *http.Request) (*http.Response, error) { - if e.srv.GetRelation == nil { - return nil, &nonRetriableError{errors.New("fake for method GetRelation not implemented")} +func (p *ProductTemplateServerTransport) dispatchGet(req *http.Request) (*http.Response, error) { + if p.srv.Get == nil { + return nil, &nonRetriableError{errors.New("fake for method Get not implemented")} } - const regexStr = `/subscriptions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/resourceGroups/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.OperationalInsights/workspaces/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.SecurityInsights/entities/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/relations/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)` + const regexStr = `/subscriptions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/resourceGroups/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.OperationalInsights/workspaces/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.SecurityInsights/contentproducttemplates/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)` regex := regexp.MustCompile(regexStr) matches := regex.FindStringSubmatch(req.URL.EscapedPath()) - if matches == nil || len(matches) < 5 { + if matches == nil || len(matches) < 4 { return nil, fmt.Errorf("failed to parse path %s", req.URL.Path) } resourceGroupNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("resourceGroupName")]) @@ -84,15 +84,11 @@ func (e *EntityRelationsServerTransport) dispatchGetRelation(req *http.Request) if err != nil { return nil, err } - entityIDParam, err := url.PathUnescape(matches[regex.SubexpIndex("entityId")]) + templateIDParam, err := url.PathUnescape(matches[regex.SubexpIndex("templateId")]) if err != nil { return nil, err } - relationNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("relationName")]) - if err != nil { - return nil, err - } - respr, errRespr := e.srv.GetRelation(req.Context(), resourceGroupNameParam, workspaceNameParam, entityIDParam, relationNameParam, nil) + respr, errRespr := p.srv.Get(req.Context(), resourceGroupNameParam, workspaceNameParam, templateIDParam, nil) if respErr := server.GetError(errRespr, req); respErr != nil { return nil, respErr } @@ -100,7 +96,7 @@ func (e *EntityRelationsServerTransport) dispatchGetRelation(req *http.Request) if !contains([]int{http.StatusOK}, respContent.HTTPStatus) { return nil, &nonRetriableError{fmt.Errorf("unexpected status code %d. acceptable values are http.StatusOK", respContent.HTTPStatus)} } - resp, err := server.MarshalResponseAsJSON(respContent, server.GetResponse(respr).Relation, req) + resp, err := server.MarshalResponseAsJSON(respContent, server.GetResponse(respr).ProductTemplateModel, req) if err != nil { return nil, err } diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/producttemplates_server.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/producttemplates_server.go new file mode 100644 index 000000000000..05823ced6a8f --- /dev/null +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/producttemplates_server.go @@ -0,0 +1,182 @@ +//go:build go1.18 +// +build go1.18 + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See License.txt in the project root for license information. +// Code generated by Microsoft (R) AutoRest Code Generator. DO NOT EDIT. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +package fake + +import ( + "errors" + "fmt" + azfake "github.com/Azure/azure-sdk-for-go/sdk/azcore/fake" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/fake/server" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" + "net/http" + "net/url" + "regexp" + "strconv" +) + +// ProductTemplatesServer is a fake server for instances of the armsecurityinsights.ProductTemplatesClient type. +type ProductTemplatesServer struct { + // NewListPager is the fake for method ProductTemplatesClient.NewListPager + // HTTP status codes to indicate success: http.StatusOK + NewListPager func(resourceGroupName string, workspaceName string, options *armsecurityinsights.ProductTemplatesClientListOptions) (resp azfake.PagerResponder[armsecurityinsights.ProductTemplatesClientListResponse]) +} + +// NewProductTemplatesServerTransport creates a new instance of ProductTemplatesServerTransport with the provided implementation. +// The returned ProductTemplatesServerTransport instance is connected to an instance of armsecurityinsights.ProductTemplatesClient via the +// azcore.ClientOptions.Transporter field in the client's constructor parameters. +func NewProductTemplatesServerTransport(srv *ProductTemplatesServer) *ProductTemplatesServerTransport { + return &ProductTemplatesServerTransport{ + srv: srv, + newListPager: newTracker[azfake.PagerResponder[armsecurityinsights.ProductTemplatesClientListResponse]](), + } +} + +// ProductTemplatesServerTransport connects instances of armsecurityinsights.ProductTemplatesClient to instances of ProductTemplatesServer. +// Don't use this type directly, use NewProductTemplatesServerTransport instead. +type ProductTemplatesServerTransport struct { + srv *ProductTemplatesServer + newListPager *tracker[azfake.PagerResponder[armsecurityinsights.ProductTemplatesClientListResponse]] +} + +// Do implements the policy.Transporter interface for ProductTemplatesServerTransport. +func (p *ProductTemplatesServerTransport) Do(req *http.Request) (*http.Response, error) { + rawMethod := req.Context().Value(runtime.CtxAPINameKey{}) + method, ok := rawMethod.(string) + if !ok { + return nil, nonRetriableError{errors.New("unable to dispatch request, missing value for CtxAPINameKey")} + } + + var resp *http.Response + var err error + + switch method { + case "ProductTemplatesClient.NewListPager": + resp, err = p.dispatchNewListPager(req) + default: + err = fmt.Errorf("unhandled API %s", method) + } + + if err != nil { + return nil, err + } + + return resp, nil +} + +func (p *ProductTemplatesServerTransport) dispatchNewListPager(req *http.Request) (*http.Response, error) { + if p.srv.NewListPager == nil { + return nil, &nonRetriableError{errors.New("fake for method NewListPager not implemented")} + } + newListPager := p.newListPager.get(req) + if newListPager == nil { + const regexStr = `/subscriptions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/resourceGroups/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.OperationalInsights/workspaces/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.SecurityInsights/contentProductTemplates` + regex := regexp.MustCompile(regexStr) + matches := regex.FindStringSubmatch(req.URL.EscapedPath()) + if matches == nil || len(matches) < 3 { + return nil, fmt.Errorf("failed to parse path %s", req.URL.Path) + } + qp := req.URL.Query() + resourceGroupNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("resourceGroupName")]) + if err != nil { + return nil, err + } + workspaceNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("workspaceName")]) + if err != nil { + return nil, err + } + filterUnescaped, err := url.QueryUnescape(qp.Get("$filter")) + if err != nil { + return nil, err + } + filterParam := getOptional(filterUnescaped) + orderbyUnescaped, err := url.QueryUnescape(qp.Get("$orderby")) + if err != nil { + return nil, err + } + orderbyParam := getOptional(orderbyUnescaped) + searchUnescaped, err := url.QueryUnescape(qp.Get("$search")) + if err != nil { + return nil, err + } + searchParam := getOptional(searchUnescaped) + countUnescaped, err := url.QueryUnescape(qp.Get("$count")) + if err != nil { + return nil, err + } + countParam, err := parseOptional(countUnescaped, strconv.ParseBool) + if err != nil { + return nil, err + } + topUnescaped, err := url.QueryUnescape(qp.Get("$top")) + if err != nil { + return nil, err + } + topParam, err := parseOptional(topUnescaped, func(v string) (int32, error) { + p, parseErr := strconv.ParseInt(v, 10, 32) + if parseErr != nil { + return 0, parseErr + } + return int32(p), nil + }) + if err != nil { + return nil, err + } + skipUnescaped, err := url.QueryUnescape(qp.Get("$skip")) + if err != nil { + return nil, err + } + skipParam, err := parseOptional(skipUnescaped, func(v string) (int32, error) { + p, parseErr := strconv.ParseInt(v, 10, 32) + if parseErr != nil { + return 0, parseErr + } + return int32(p), nil + }) + if err != nil { + return nil, err + } + skipTokenUnescaped, err := url.QueryUnescape(qp.Get("$skipToken")) + if err != nil { + return nil, err + } + skipTokenParam := getOptional(skipTokenUnescaped) + var options *armsecurityinsights.ProductTemplatesClientListOptions + if filterParam != nil || orderbyParam != nil || searchParam != nil || countParam != nil || topParam != nil || skipParam != nil || skipTokenParam != nil { + options = &armsecurityinsights.ProductTemplatesClientListOptions{ + Filter: filterParam, + Orderby: orderbyParam, + Search: searchParam, + Count: countParam, + Top: topParam, + Skip: skipParam, + SkipToken: skipTokenParam, + } + } + resp := p.srv.NewListPager(resourceGroupNameParam, workspaceNameParam, options) + newListPager = &resp + p.newListPager.add(req, newListPager) + server.PagerResponderInjectNextLinks(newListPager, req, func(page *armsecurityinsights.ProductTemplatesClientListResponse, createLink func() string) { + page.NextLink = to.Ptr(createLink()) + }) + } + resp, err := server.PagerResponderNext(newListPager, req) + if err != nil { + return nil, err + } + if !contains([]int{http.StatusOK}, resp.StatusCode) { + p.newListPager.remove(req) + return nil, &nonRetriableError{fmt.Errorf("unexpected status code %d. acceptable values are http.StatusOK", resp.StatusCode)} + } + if !server.PagerResponderMore(newListPager) { + p.newListPager.remove(req) + } + return resp, nil +} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/server_factory.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/server_factory.go index 2adc83b81ccd..3b48a9d319e4 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/server_factory.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/server_factory.go @@ -23,27 +23,24 @@ type ServerFactory struct { AlertRuleTemplatesServer AlertRuleTemplatesServer AlertRulesServer AlertRulesServer AutomationRulesServer AutomationRulesServer - BookmarkServer BookmarkServer - BookmarkRelationsServer BookmarkRelationsServer BookmarksServer BookmarksServer - DataConnectorsCheckRequirementsServer DataConnectorsCheckRequirementsServer + ContentPackageServer ContentPackageServer + ContentPackagesServer ContentPackagesServer + ContentTemplateServer ContentTemplateServer + ContentTemplatesServer ContentTemplatesServer + DataConnectorDefinitionsServer DataConnectorDefinitionsServer DataConnectorsServer DataConnectorsServer - DomainWhoisServer DomainWhoisServer EntitiesServer EntitiesServer - EntitiesGetTimelineServer EntitiesGetTimelineServer - EntitiesRelationsServer EntitiesRelationsServer - EntityQueriesServer EntityQueriesServer - EntityQueryTemplatesServer EntityQueryTemplatesServer - EntityRelationsServer EntityRelationsServer - FileImportsServer FileImportsServer - IPGeodataServer IPGeodataServer IncidentCommentsServer IncidentCommentsServer IncidentRelationsServer IncidentRelationsServer + IncidentTasksServer IncidentTasksServer IncidentsServer IncidentsServer MetadataServer MetadataServer - OfficeConsentsServer OfficeConsentsServer OperationsServer OperationsServer - ProductSettingsServer ProductSettingsServer + ProductPackageServer ProductPackageServer + ProductPackagesServer ProductPackagesServer + ProductTemplateServer ProductTemplateServer + ProductTemplatesServer ProductTemplatesServer SecurityMLAnalyticsSettingsServer SecurityMLAnalyticsSettingsServer SentinelOnboardingStatesServer SentinelOnboardingStatesServer SourceControlServer SourceControlServer @@ -73,27 +70,24 @@ type ServerFactoryTransport struct { trAlertRuleTemplatesServer *AlertRuleTemplatesServerTransport trAlertRulesServer *AlertRulesServerTransport trAutomationRulesServer *AutomationRulesServerTransport - trBookmarkServer *BookmarkServerTransport - trBookmarkRelationsServer *BookmarkRelationsServerTransport trBookmarksServer *BookmarksServerTransport - trDataConnectorsCheckRequirementsServer *DataConnectorsCheckRequirementsServerTransport + trContentPackageServer *ContentPackageServerTransport + trContentPackagesServer *ContentPackagesServerTransport + trContentTemplateServer *ContentTemplateServerTransport + trContentTemplatesServer *ContentTemplatesServerTransport + trDataConnectorDefinitionsServer *DataConnectorDefinitionsServerTransport trDataConnectorsServer *DataConnectorsServerTransport - trDomainWhoisServer *DomainWhoisServerTransport trEntitiesServer *EntitiesServerTransport - trEntitiesGetTimelineServer *EntitiesGetTimelineServerTransport - trEntitiesRelationsServer *EntitiesRelationsServerTransport - trEntityQueriesServer *EntityQueriesServerTransport - trEntityQueryTemplatesServer *EntityQueryTemplatesServerTransport - trEntityRelationsServer *EntityRelationsServerTransport - trFileImportsServer *FileImportsServerTransport - trIPGeodataServer *IPGeodataServerTransport trIncidentCommentsServer *IncidentCommentsServerTransport trIncidentRelationsServer *IncidentRelationsServerTransport + trIncidentTasksServer *IncidentTasksServerTransport trIncidentsServer *IncidentsServerTransport trMetadataServer *MetadataServerTransport - trOfficeConsentsServer *OfficeConsentsServerTransport trOperationsServer *OperationsServerTransport - trProductSettingsServer *ProductSettingsServerTransport + trProductPackageServer *ProductPackageServerTransport + trProductPackagesServer *ProductPackagesServerTransport + trProductTemplateServer *ProductTemplateServerTransport + trProductTemplatesServer *ProductTemplatesServerTransport trSecurityMLAnalyticsSettingsServer *SecurityMLAnalyticsSettingsServerTransport trSentinelOnboardingStatesServer *SentinelOnboardingStatesServerTransport trSourceControlServer *SourceControlServerTransport @@ -134,64 +128,42 @@ func (s *ServerFactoryTransport) Do(req *http.Request) (*http.Response, error) { return NewAutomationRulesServerTransport(&s.srv.AutomationRulesServer) }) resp, err = s.trAutomationRulesServer.Do(req) - case "BookmarkClient": - initServer(s, &s.trBookmarkServer, func() *BookmarkServerTransport { return NewBookmarkServerTransport(&s.srv.BookmarkServer) }) - resp, err = s.trBookmarkServer.Do(req) - case "BookmarkRelationsClient": - initServer(s, &s.trBookmarkRelationsServer, func() *BookmarkRelationsServerTransport { - return NewBookmarkRelationsServerTransport(&s.srv.BookmarkRelationsServer) - }) - resp, err = s.trBookmarkRelationsServer.Do(req) case "BookmarksClient": initServer(s, &s.trBookmarksServer, func() *BookmarksServerTransport { return NewBookmarksServerTransport(&s.srv.BookmarksServer) }) resp, err = s.trBookmarksServer.Do(req) - case "DataConnectorsCheckRequirementsClient": - initServer(s, &s.trDataConnectorsCheckRequirementsServer, func() *DataConnectorsCheckRequirementsServerTransport { - return NewDataConnectorsCheckRequirementsServerTransport(&s.srv.DataConnectorsCheckRequirementsServer) + case "ContentPackageClient": + initServer(s, &s.trContentPackageServer, func() *ContentPackageServerTransport { + return NewContentPackageServerTransport(&s.srv.ContentPackageServer) + }) + resp, err = s.trContentPackageServer.Do(req) + case "ContentPackagesClient": + initServer(s, &s.trContentPackagesServer, func() *ContentPackagesServerTransport { + return NewContentPackagesServerTransport(&s.srv.ContentPackagesServer) + }) + resp, err = s.trContentPackagesServer.Do(req) + case "ContentTemplateClient": + initServer(s, &s.trContentTemplateServer, func() *ContentTemplateServerTransport { + return NewContentTemplateServerTransport(&s.srv.ContentTemplateServer) + }) + resp, err = s.trContentTemplateServer.Do(req) + case "ContentTemplatesClient": + initServer(s, &s.trContentTemplatesServer, func() *ContentTemplatesServerTransport { + return NewContentTemplatesServerTransport(&s.srv.ContentTemplatesServer) }) - resp, err = s.trDataConnectorsCheckRequirementsServer.Do(req) + resp, err = s.trContentTemplatesServer.Do(req) + case "DataConnectorDefinitionsClient": + initServer(s, &s.trDataConnectorDefinitionsServer, func() *DataConnectorDefinitionsServerTransport { + return NewDataConnectorDefinitionsServerTransport(&s.srv.DataConnectorDefinitionsServer) + }) + resp, err = s.trDataConnectorDefinitionsServer.Do(req) case "DataConnectorsClient": initServer(s, &s.trDataConnectorsServer, func() *DataConnectorsServerTransport { return NewDataConnectorsServerTransport(&s.srv.DataConnectorsServer) }) resp, err = s.trDataConnectorsServer.Do(req) - case "DomainWhoisClient": - initServer(s, &s.trDomainWhoisServer, func() *DomainWhoisServerTransport { return NewDomainWhoisServerTransport(&s.srv.DomainWhoisServer) }) - resp, err = s.trDomainWhoisServer.Do(req) case "EntitiesClient": initServer(s, &s.trEntitiesServer, func() *EntitiesServerTransport { return NewEntitiesServerTransport(&s.srv.EntitiesServer) }) resp, err = s.trEntitiesServer.Do(req) - case "EntitiesGetTimelineClient": - initServer(s, &s.trEntitiesGetTimelineServer, func() *EntitiesGetTimelineServerTransport { - return NewEntitiesGetTimelineServerTransport(&s.srv.EntitiesGetTimelineServer) - }) - resp, err = s.trEntitiesGetTimelineServer.Do(req) - case "EntitiesRelationsClient": - initServer(s, &s.trEntitiesRelationsServer, func() *EntitiesRelationsServerTransport { - return NewEntitiesRelationsServerTransport(&s.srv.EntitiesRelationsServer) - }) - resp, err = s.trEntitiesRelationsServer.Do(req) - case "EntityQueriesClient": - initServer(s, &s.trEntityQueriesServer, func() *EntityQueriesServerTransport { - return NewEntityQueriesServerTransport(&s.srv.EntityQueriesServer) - }) - resp, err = s.trEntityQueriesServer.Do(req) - case "EntityQueryTemplatesClient": - initServer(s, &s.trEntityQueryTemplatesServer, func() *EntityQueryTemplatesServerTransport { - return NewEntityQueryTemplatesServerTransport(&s.srv.EntityQueryTemplatesServer) - }) - resp, err = s.trEntityQueryTemplatesServer.Do(req) - case "EntityRelationsClient": - initServer(s, &s.trEntityRelationsServer, func() *EntityRelationsServerTransport { - return NewEntityRelationsServerTransport(&s.srv.EntityRelationsServer) - }) - resp, err = s.trEntityRelationsServer.Do(req) - case "FileImportsClient": - initServer(s, &s.trFileImportsServer, func() *FileImportsServerTransport { return NewFileImportsServerTransport(&s.srv.FileImportsServer) }) - resp, err = s.trFileImportsServer.Do(req) - case "IPGeodataClient": - initServer(s, &s.trIPGeodataServer, func() *IPGeodataServerTransport { return NewIPGeodataServerTransport(&s.srv.IPGeodataServer) }) - resp, err = s.trIPGeodataServer.Do(req) case "IncidentCommentsClient": initServer(s, &s.trIncidentCommentsServer, func() *IncidentCommentsServerTransport { return NewIncidentCommentsServerTransport(&s.srv.IncidentCommentsServer) @@ -202,25 +174,40 @@ func (s *ServerFactoryTransport) Do(req *http.Request) (*http.Response, error) { return NewIncidentRelationsServerTransport(&s.srv.IncidentRelationsServer) }) resp, err = s.trIncidentRelationsServer.Do(req) + case "IncidentTasksClient": + initServer(s, &s.trIncidentTasksServer, func() *IncidentTasksServerTransport { + return NewIncidentTasksServerTransport(&s.srv.IncidentTasksServer) + }) + resp, err = s.trIncidentTasksServer.Do(req) case "IncidentsClient": initServer(s, &s.trIncidentsServer, func() *IncidentsServerTransport { return NewIncidentsServerTransport(&s.srv.IncidentsServer) }) resp, err = s.trIncidentsServer.Do(req) case "MetadataClient": initServer(s, &s.trMetadataServer, func() *MetadataServerTransport { return NewMetadataServerTransport(&s.srv.MetadataServer) }) resp, err = s.trMetadataServer.Do(req) - case "OfficeConsentsClient": - initServer(s, &s.trOfficeConsentsServer, func() *OfficeConsentsServerTransport { - return NewOfficeConsentsServerTransport(&s.srv.OfficeConsentsServer) - }) - resp, err = s.trOfficeConsentsServer.Do(req) case "OperationsClient": initServer(s, &s.trOperationsServer, func() *OperationsServerTransport { return NewOperationsServerTransport(&s.srv.OperationsServer) }) resp, err = s.trOperationsServer.Do(req) - case "ProductSettingsClient": - initServer(s, &s.trProductSettingsServer, func() *ProductSettingsServerTransport { - return NewProductSettingsServerTransport(&s.srv.ProductSettingsServer) + case "ProductPackageClient": + initServer(s, &s.trProductPackageServer, func() *ProductPackageServerTransport { + return NewProductPackageServerTransport(&s.srv.ProductPackageServer) + }) + resp, err = s.trProductPackageServer.Do(req) + case "ProductPackagesClient": + initServer(s, &s.trProductPackagesServer, func() *ProductPackagesServerTransport { + return NewProductPackagesServerTransport(&s.srv.ProductPackagesServer) + }) + resp, err = s.trProductPackagesServer.Do(req) + case "ProductTemplateClient": + initServer(s, &s.trProductTemplateServer, func() *ProductTemplateServerTransport { + return NewProductTemplateServerTransport(&s.srv.ProductTemplateServer) + }) + resp, err = s.trProductTemplateServer.Do(req) + case "ProductTemplatesClient": + initServer(s, &s.trProductTemplatesServer, func() *ProductTemplatesServerTransport { + return NewProductTemplatesServerTransport(&s.srv.ProductTemplatesServer) }) - resp, err = s.trProductSettingsServer.Do(req) + resp, err = s.trProductTemplatesServer.Do(req) case "SecurityMLAnalyticsSettingsClient": initServer(s, &s.trSecurityMLAnalyticsSettingsServer, func() *SecurityMLAnalyticsSettingsServerTransport { return NewSecurityMLAnalyticsSettingsServerTransport(&s.srv.SecurityMLAnalyticsSettingsServer) diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/sourcecontrol_server.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/sourcecontrol_server.go index 8f8f11d5b931..77c6d098c754 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/sourcecontrol_server.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/sourcecontrol_server.go @@ -25,7 +25,7 @@ import ( type SourceControlServer struct { // NewListRepositoriesPager is the fake for method SourceControlClient.NewListRepositoriesPager // HTTP status codes to indicate success: http.StatusOK - NewListRepositoriesPager func(resourceGroupName string, workspaceName string, repoType armsecurityinsights.RepoType, options *armsecurityinsights.SourceControlClientListRepositoriesOptions) (resp azfake.PagerResponder[armsecurityinsights.SourceControlClientListRepositoriesResponse]) + NewListRepositoriesPager func(resourceGroupName string, workspaceName string, repositoryAccess armsecurityinsights.RepositoryAccessProperties, options *armsecurityinsights.SourceControlClientListRepositoriesOptions) (resp azfake.PagerResponder[armsecurityinsights.SourceControlClientListRepositoriesResponse]) } // NewSourceControlServerTransport creates a new instance of SourceControlServerTransport with the provided implementation. @@ -82,7 +82,7 @@ func (s *SourceControlServerTransport) dispatchNewListRepositoriesPager(req *htt if matches == nil || len(matches) < 3 { return nil, fmt.Errorf("failed to parse path %s", req.URL.Path) } - body, err := server.UnmarshalRequestAsJSON[armsecurityinsights.RepoType](req) + body, err := server.UnmarshalRequestAsJSON[armsecurityinsights.RepositoryAccessProperties](req) if err != nil { return nil, err } diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/sourcecontrols_server.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/sourcecontrols_server.go index 7b13fa09f450..2200979250f5 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/sourcecontrols_server.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/sourcecontrols_server.go @@ -29,8 +29,8 @@ type SourceControlsServer struct { Create func(ctx context.Context, resourceGroupName string, workspaceName string, sourceControlID string, sourceControl armsecurityinsights.SourceControl, options *armsecurityinsights.SourceControlsClientCreateOptions) (resp azfake.Responder[armsecurityinsights.SourceControlsClientCreateResponse], errResp azfake.ErrorResponder) // Delete is the fake for method SourceControlsClient.Delete - // HTTP status codes to indicate success: http.StatusOK, http.StatusNoContent - Delete func(ctx context.Context, resourceGroupName string, workspaceName string, sourceControlID string, options *armsecurityinsights.SourceControlsClientDeleteOptions) (resp azfake.Responder[armsecurityinsights.SourceControlsClientDeleteResponse], errResp azfake.ErrorResponder) + // HTTP status codes to indicate success: http.StatusOK + Delete func(ctx context.Context, resourceGroupName string, workspaceName string, sourceControlID string, repositoryAccess armsecurityinsights.RepositoryAccessProperties, options *armsecurityinsights.SourceControlsClientDeleteOptions) (resp azfake.Responder[armsecurityinsights.SourceControlsClientDeleteResponse], errResp azfake.ErrorResponder) // Get is the fake for method SourceControlsClient.Get // HTTP status codes to indicate success: http.StatusOK @@ -134,12 +134,16 @@ func (s *SourceControlsServerTransport) dispatchDelete(req *http.Request) (*http if s.srv.Delete == nil { return nil, &nonRetriableError{errors.New("fake for method Delete not implemented")} } - const regexStr = `/subscriptions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/resourceGroups/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.OperationalInsights/workspaces/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.SecurityInsights/sourcecontrols/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)` + const regexStr = `/subscriptions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/resourceGroups/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.OperationalInsights/workspaces/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.SecurityInsights/sourcecontrols/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/delete` regex := regexp.MustCompile(regexStr) matches := regex.FindStringSubmatch(req.URL.EscapedPath()) if matches == nil || len(matches) < 4 { return nil, fmt.Errorf("failed to parse path %s", req.URL.Path) } + body, err := server.UnmarshalRequestAsJSON[armsecurityinsights.RepositoryAccessProperties](req) + if err != nil { + return nil, err + } resourceGroupNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("resourceGroupName")]) if err != nil { return nil, err @@ -152,15 +156,15 @@ func (s *SourceControlsServerTransport) dispatchDelete(req *http.Request) (*http if err != nil { return nil, err } - respr, errRespr := s.srv.Delete(req.Context(), resourceGroupNameParam, workspaceNameParam, sourceControlIDParam, nil) + respr, errRespr := s.srv.Delete(req.Context(), resourceGroupNameParam, workspaceNameParam, sourceControlIDParam, body, nil) if respErr := server.GetError(errRespr, req); respErr != nil { return nil, respErr } respContent := server.GetResponseContent(respr) - if !contains([]int{http.StatusOK, http.StatusNoContent}, respContent.HTTPStatus) { - return nil, &nonRetriableError{fmt.Errorf("unexpected status code %d. acceptable values are http.StatusOK, http.StatusNoContent", respContent.HTTPStatus)} + if !contains([]int{http.StatusOK}, respContent.HTTPStatus) { + return nil, &nonRetriableError{fmt.Errorf("unexpected status code %d. acceptable values are http.StatusOK", respContent.HTTPStatus)} } - resp, err := server.NewResponse(respContent, req, nil) + resp, err := server.MarshalResponseAsJSON(respContent, server.GetResponse(respr).Warning, req) if err != nil { return nil, err } diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/threatintelligenceindicators_server.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/threatintelligenceindicators_server.go index f7c7bffdbd79..1e9fc07434a9 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/threatintelligenceindicators_server.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/threatintelligenceindicators_server.go @@ -97,11 +97,6 @@ func (t *ThreatIntelligenceIndicatorsServerTransport) dispatchNewListPager(req * return nil, err } filterParam := getOptional(filterUnescaped) - orderbyUnescaped, err := url.QueryUnescape(qp.Get("$orderby")) - if err != nil { - return nil, err - } - orderbyParam := getOptional(orderbyUnescaped) topUnescaped, err := url.QueryUnescape(qp.Get("$top")) if err != nil { return nil, err @@ -121,13 +116,18 @@ func (t *ThreatIntelligenceIndicatorsServerTransport) dispatchNewListPager(req * return nil, err } skipTokenParam := getOptional(skipTokenUnescaped) + orderbyUnescaped, err := url.QueryUnescape(qp.Get("$orderby")) + if err != nil { + return nil, err + } + orderbyParam := getOptional(orderbyUnescaped) var options *armsecurityinsights.ThreatIntelligenceIndicatorsClientListOptions - if filterParam != nil || orderbyParam != nil || topParam != nil || skipTokenParam != nil { + if filterParam != nil || topParam != nil || skipTokenParam != nil || orderbyParam != nil { options = &armsecurityinsights.ThreatIntelligenceIndicatorsClientListOptions{ Filter: filterParam, - Orderby: orderbyParam, Top: topParam, SkipToken: skipTokenParam, + Orderby: orderbyParam, } } resp := t.srv.NewListPager(resourceGroupNameParam, workspaceNameParam, options) diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/watchlistitems_server.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/watchlistitems_server.go index 232fb7d36c9f..652fa1e2a321 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/watchlistitems_server.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/watchlistitems_server.go @@ -237,15 +237,15 @@ func (w *WatchlistItemsServerTransport) dispatchNewListPager(req *http.Request) if err != nil { return nil, err } - skipTokenUnescaped, err := url.QueryUnescape(qp.Get("$skipToken")) + watchlistAliasParam, err := url.PathUnescape(matches[regex.SubexpIndex("watchlistAlias")]) if err != nil { return nil, err } - skipTokenParam := getOptional(skipTokenUnescaped) - watchlistAliasParam, err := url.PathUnescape(matches[regex.SubexpIndex("watchlistAlias")]) + skipTokenUnescaped, err := url.QueryUnescape(qp.Get("$skipToken")) if err != nil { return nil, err } + skipTokenParam := getOptional(skipTokenUnescaped) var options *armsecurityinsights.WatchlistItemsClientListOptions if skipTokenParam != nil { options = &armsecurityinsights.WatchlistItemsClientListOptions{ diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/watchlists_server.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/watchlists_server.go index 5be204935ce8..4ab936dd09ee 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/watchlists_server.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/fake/watchlists_server.go @@ -24,13 +24,13 @@ import ( // WatchlistsServer is a fake server for instances of the armsecurityinsights.WatchlistsClient type. type WatchlistsServer struct { - // CreateOrUpdate is the fake for method WatchlistsClient.CreateOrUpdate + // BeginCreateOrUpdate is the fake for method WatchlistsClient.BeginCreateOrUpdate // HTTP status codes to indicate success: http.StatusOK, http.StatusCreated - CreateOrUpdate func(ctx context.Context, resourceGroupName string, workspaceName string, watchlistAlias string, watchlist armsecurityinsights.Watchlist, options *armsecurityinsights.WatchlistsClientCreateOrUpdateOptions) (resp azfake.Responder[armsecurityinsights.WatchlistsClientCreateOrUpdateResponse], errResp azfake.ErrorResponder) + BeginCreateOrUpdate func(ctx context.Context, resourceGroupName string, workspaceName string, watchlistAlias string, watchlist armsecurityinsights.Watchlist, options *armsecurityinsights.WatchlistsClientBeginCreateOrUpdateOptions) (resp azfake.PollerResponder[armsecurityinsights.WatchlistsClientCreateOrUpdateResponse], errResp azfake.ErrorResponder) - // Delete is the fake for method WatchlistsClient.Delete - // HTTP status codes to indicate success: http.StatusOK, http.StatusNoContent - Delete func(ctx context.Context, resourceGroupName string, workspaceName string, watchlistAlias string, options *armsecurityinsights.WatchlistsClientDeleteOptions) (resp azfake.Responder[armsecurityinsights.WatchlistsClientDeleteResponse], errResp azfake.ErrorResponder) + // BeginDelete is the fake for method WatchlistsClient.BeginDelete + // HTTP status codes to indicate success: http.StatusAccepted, http.StatusNoContent + BeginDelete func(ctx context.Context, resourceGroupName string, workspaceName string, watchlistAlias string, options *armsecurityinsights.WatchlistsClientBeginDeleteOptions) (resp azfake.PollerResponder[armsecurityinsights.WatchlistsClientDeleteResponse], errResp azfake.ErrorResponder) // Get is the fake for method WatchlistsClient.Get // HTTP status codes to indicate success: http.StatusOK @@ -46,16 +46,20 @@ type WatchlistsServer struct { // azcore.ClientOptions.Transporter field in the client's constructor parameters. func NewWatchlistsServerTransport(srv *WatchlistsServer) *WatchlistsServerTransport { return &WatchlistsServerTransport{ - srv: srv, - newListPager: newTracker[azfake.PagerResponder[armsecurityinsights.WatchlistsClientListResponse]](), + srv: srv, + beginCreateOrUpdate: newTracker[azfake.PollerResponder[armsecurityinsights.WatchlistsClientCreateOrUpdateResponse]](), + beginDelete: newTracker[azfake.PollerResponder[armsecurityinsights.WatchlistsClientDeleteResponse]](), + newListPager: newTracker[azfake.PagerResponder[armsecurityinsights.WatchlistsClientListResponse]](), } } // WatchlistsServerTransport connects instances of armsecurityinsights.WatchlistsClient to instances of WatchlistsServer. // Don't use this type directly, use NewWatchlistsServerTransport instead. type WatchlistsServerTransport struct { - srv *WatchlistsServer - newListPager *tracker[azfake.PagerResponder[armsecurityinsights.WatchlistsClientListResponse]] + srv *WatchlistsServer + beginCreateOrUpdate *tracker[azfake.PollerResponder[armsecurityinsights.WatchlistsClientCreateOrUpdateResponse]] + beginDelete *tracker[azfake.PollerResponder[armsecurityinsights.WatchlistsClientDeleteResponse]] + newListPager *tracker[azfake.PagerResponder[armsecurityinsights.WatchlistsClientListResponse]] } // Do implements the policy.Transporter interface for WatchlistsServerTransport. @@ -70,10 +74,10 @@ func (w *WatchlistsServerTransport) Do(req *http.Request) (*http.Response, error var err error switch method { - case "WatchlistsClient.CreateOrUpdate": - resp, err = w.dispatchCreateOrUpdate(req) - case "WatchlistsClient.Delete": - resp, err = w.dispatchDelete(req) + case "WatchlistsClient.BeginCreateOrUpdate": + resp, err = w.dispatchBeginCreateOrUpdate(req) + case "WatchlistsClient.BeginDelete": + resp, err = w.dispatchBeginDelete(req) case "WatchlistsClient.Get": resp, err = w.dispatchGet(req) case "WatchlistsClient.NewListPager": @@ -89,87 +93,103 @@ func (w *WatchlistsServerTransport) Do(req *http.Request) (*http.Response, error return resp, nil } -func (w *WatchlistsServerTransport) dispatchCreateOrUpdate(req *http.Request) (*http.Response, error) { - if w.srv.CreateOrUpdate == nil { - return nil, &nonRetriableError{errors.New("fake for method CreateOrUpdate not implemented")} +func (w *WatchlistsServerTransport) dispatchBeginCreateOrUpdate(req *http.Request) (*http.Response, error) { + if w.srv.BeginCreateOrUpdate == nil { + return nil, &nonRetriableError{errors.New("fake for method BeginCreateOrUpdate not implemented")} } - const regexStr = `/subscriptions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/resourceGroups/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.OperationalInsights/workspaces/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.SecurityInsights/watchlists/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)` - regex := regexp.MustCompile(regexStr) - matches := regex.FindStringSubmatch(req.URL.EscapedPath()) - if matches == nil || len(matches) < 4 { - return nil, fmt.Errorf("failed to parse path %s", req.URL.Path) - } - body, err := server.UnmarshalRequestAsJSON[armsecurityinsights.Watchlist](req) - if err != nil { - return nil, err - } - resourceGroupNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("resourceGroupName")]) - if err != nil { - return nil, err - } - workspaceNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("workspaceName")]) - if err != nil { - return nil, err + beginCreateOrUpdate := w.beginCreateOrUpdate.get(req) + if beginCreateOrUpdate == nil { + const regexStr = `/subscriptions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/resourceGroups/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.OperationalInsights/workspaces/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.SecurityInsights/watchlists/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)` + regex := regexp.MustCompile(regexStr) + matches := regex.FindStringSubmatch(req.URL.EscapedPath()) + if matches == nil || len(matches) < 4 { + return nil, fmt.Errorf("failed to parse path %s", req.URL.Path) + } + body, err := server.UnmarshalRequestAsJSON[armsecurityinsights.Watchlist](req) + if err != nil { + return nil, err + } + resourceGroupNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("resourceGroupName")]) + if err != nil { + return nil, err + } + workspaceNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("workspaceName")]) + if err != nil { + return nil, err + } + watchlistAliasParam, err := url.PathUnescape(matches[regex.SubexpIndex("watchlistAlias")]) + if err != nil { + return nil, err + } + respr, errRespr := w.srv.BeginCreateOrUpdate(req.Context(), resourceGroupNameParam, workspaceNameParam, watchlistAliasParam, body, nil) + if respErr := server.GetError(errRespr, req); respErr != nil { + return nil, respErr + } + beginCreateOrUpdate = &respr + w.beginCreateOrUpdate.add(req, beginCreateOrUpdate) } - watchlistAliasParam, err := url.PathUnescape(matches[regex.SubexpIndex("watchlistAlias")]) + + resp, err := server.PollerResponderNext(beginCreateOrUpdate, req) if err != nil { return nil, err } - respr, errRespr := w.srv.CreateOrUpdate(req.Context(), resourceGroupNameParam, workspaceNameParam, watchlistAliasParam, body, nil) - if respErr := server.GetError(errRespr, req); respErr != nil { - return nil, respErr - } - respContent := server.GetResponseContent(respr) - if !contains([]int{http.StatusOK, http.StatusCreated}, respContent.HTTPStatus) { - return nil, &nonRetriableError{fmt.Errorf("unexpected status code %d. acceptable values are http.StatusOK, http.StatusCreated", respContent.HTTPStatus)} - } - resp, err := server.MarshalResponseAsJSON(respContent, server.GetResponse(respr).Watchlist, req) - if err != nil { - return nil, err + + if !contains([]int{http.StatusOK, http.StatusCreated}, resp.StatusCode) { + w.beginCreateOrUpdate.remove(req) + return nil, &nonRetriableError{fmt.Errorf("unexpected status code %d. acceptable values are http.StatusOK, http.StatusCreated", resp.StatusCode)} } - if val := server.GetResponse(respr).AzureAsyncOperation; val != nil { - resp.Header.Set("Azure-AsyncOperation", *val) + if !server.PollerResponderMore(beginCreateOrUpdate) { + w.beginCreateOrUpdate.remove(req) } + return resp, nil } -func (w *WatchlistsServerTransport) dispatchDelete(req *http.Request) (*http.Response, error) { - if w.srv.Delete == nil { - return nil, &nonRetriableError{errors.New("fake for method Delete not implemented")} - } - const regexStr = `/subscriptions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/resourceGroups/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.OperationalInsights/workspaces/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.SecurityInsights/watchlists/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)` - regex := regexp.MustCompile(regexStr) - matches := regex.FindStringSubmatch(req.URL.EscapedPath()) - if matches == nil || len(matches) < 4 { - return nil, fmt.Errorf("failed to parse path %s", req.URL.Path) - } - resourceGroupNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("resourceGroupName")]) - if err != nil { - return nil, err +func (w *WatchlistsServerTransport) dispatchBeginDelete(req *http.Request) (*http.Response, error) { + if w.srv.BeginDelete == nil { + return nil, &nonRetriableError{errors.New("fake for method BeginDelete not implemented")} } - workspaceNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("workspaceName")]) - if err != nil { - return nil, err + beginDelete := w.beginDelete.get(req) + if beginDelete == nil { + const regexStr = `/subscriptions/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/resourceGroups/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.OperationalInsights/workspaces/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)/providers/Microsoft\.SecurityInsights/watchlists/(?P[!#&$-;=?-\[\]_a-zA-Z0-9~%@]+)` + regex := regexp.MustCompile(regexStr) + matches := regex.FindStringSubmatch(req.URL.EscapedPath()) + if matches == nil || len(matches) < 4 { + return nil, fmt.Errorf("failed to parse path %s", req.URL.Path) + } + resourceGroupNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("resourceGroupName")]) + if err != nil { + return nil, err + } + workspaceNameParam, err := url.PathUnescape(matches[regex.SubexpIndex("workspaceName")]) + if err != nil { + return nil, err + } + watchlistAliasParam, err := url.PathUnescape(matches[regex.SubexpIndex("watchlistAlias")]) + if err != nil { + return nil, err + } + respr, errRespr := w.srv.BeginDelete(req.Context(), resourceGroupNameParam, workspaceNameParam, watchlistAliasParam, nil) + if respErr := server.GetError(errRespr, req); respErr != nil { + return nil, respErr + } + beginDelete = &respr + w.beginDelete.add(req, beginDelete) } - watchlistAliasParam, err := url.PathUnescape(matches[regex.SubexpIndex("watchlistAlias")]) + + resp, err := server.PollerResponderNext(beginDelete, req) if err != nil { return nil, err } - respr, errRespr := w.srv.Delete(req.Context(), resourceGroupNameParam, workspaceNameParam, watchlistAliasParam, nil) - if respErr := server.GetError(errRespr, req); respErr != nil { - return nil, respErr - } - respContent := server.GetResponseContent(respr) - if !contains([]int{http.StatusOK, http.StatusNoContent}, respContent.HTTPStatus) { - return nil, &nonRetriableError{fmt.Errorf("unexpected status code %d. acceptable values are http.StatusOK, http.StatusNoContent", respContent.HTTPStatus)} - } - resp, err := server.NewResponse(respContent, req, nil) - if err != nil { - return nil, err + + if !contains([]int{http.StatusAccepted, http.StatusNoContent}, resp.StatusCode) { + w.beginDelete.remove(req) + return nil, &nonRetriableError{fmt.Errorf("unexpected status code %d. acceptable values are http.StatusAccepted, http.StatusNoContent", resp.StatusCode)} } - if val := server.GetResponse(respr).AzureAsyncOperation; val != nil { - resp.Header.Set("Azure-AsyncOperation", *val) + if !server.PollerResponderMore(beginDelete) { + w.beginDelete.remove(req) } + return resp, nil } diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/fileimports_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/fileimports_client.go deleted file mode 100644 index 2b1471af04e7..000000000000 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/fileimports_client.go +++ /dev/null @@ -1,344 +0,0 @@ -//go:build go1.18 -// +build go1.18 - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See License.txt in the project root for license information. -// Code generated by Microsoft (R) AutoRest Code Generator. DO NOT EDIT. -// Changes may cause incorrect behavior and will be lost if the code is regenerated. - -package armsecurityinsights - -import ( - "context" - "errors" - "github.com/Azure/azure-sdk-for-go/sdk/azcore" - "github.com/Azure/azure-sdk-for-go/sdk/azcore/arm" - "github.com/Azure/azure-sdk-for-go/sdk/azcore/policy" - "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime" - "net/http" - "net/url" - "strconv" - "strings" -) - -// FileImportsClient contains the methods for the FileImports group. -// Don't use this type directly, use NewFileImportsClient() instead. -type FileImportsClient struct { - internal *arm.Client - subscriptionID string -} - -// NewFileImportsClient creates a new instance of FileImportsClient with the specified values. -// - subscriptionID - The ID of the target subscription. -// - credential - used to authorize requests. Usually a credential from azidentity. -// - options - pass nil to accept the default values. -func NewFileImportsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*FileImportsClient, error) { - cl, err := arm.NewClient(moduleName, moduleVersion, credential, options) - if err != nil { - return nil, err - } - client := &FileImportsClient{ - subscriptionID: subscriptionID, - internal: cl, - } - return client, nil -} - -// Create - Creates the file import. -// If the operation fails it returns an *azcore.ResponseError type. -// -// Generated from API version 2022-09-01-preview -// - resourceGroupName - The name of the resource group. The name is case insensitive. -// - workspaceName - The name of the workspace. -// - fileImportID - File import ID -// - fileImport - The file import -// - options - FileImportsClientCreateOptions contains the optional parameters for the FileImportsClient.Create method. -func (client *FileImportsClient) Create(ctx context.Context, resourceGroupName string, workspaceName string, fileImportID string, fileImport FileImport, options *FileImportsClientCreateOptions) (FileImportsClientCreateResponse, error) { - var err error - const operationName = "FileImportsClient.Create" - ctx = context.WithValue(ctx, runtime.CtxAPINameKey{}, operationName) - ctx, endSpan := runtime.StartSpan(ctx, operationName, client.internal.Tracer(), nil) - defer func() { endSpan(err) }() - req, err := client.createCreateRequest(ctx, resourceGroupName, workspaceName, fileImportID, fileImport, options) - if err != nil { - return FileImportsClientCreateResponse{}, err - } - httpResp, err := client.internal.Pipeline().Do(req) - if err != nil { - return FileImportsClientCreateResponse{}, err - } - if !runtime.HasStatusCode(httpResp, http.StatusCreated) { - err = runtime.NewResponseError(httpResp) - return FileImportsClientCreateResponse{}, err - } - resp, err := client.createHandleResponse(httpResp) - return resp, err -} - -// createCreateRequest creates the Create request. -func (client *FileImportsClient) createCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, fileImportID string, fileImport FileImport, options *FileImportsClientCreateOptions) (*policy.Request, error) { - urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/fileImports/{fileImportId}" - if client.subscriptionID == "" { - return nil, errors.New("parameter client.subscriptionID cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) - if resourceGroupName == "" { - return nil, errors.New("parameter resourceGroupName cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) - if workspaceName == "" { - return nil, errors.New("parameter workspaceName cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) - if fileImportID == "" { - return nil, errors.New("parameter fileImportID cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{fileImportId}", url.PathEscape(fileImportID)) - req, err := runtime.NewRequest(ctx, http.MethodPut, runtime.JoinPaths(client.internal.Endpoint(), urlPath)) - if err != nil { - return nil, err - } - reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") - req.Raw().URL.RawQuery = reqQP.Encode() - req.Raw().Header["Accept"] = []string{"application/json"} - if err := runtime.MarshalAsJSON(req, fileImport); err != nil { - return nil, err - } - return req, nil -} - -// createHandleResponse handles the Create response. -func (client *FileImportsClient) createHandleResponse(resp *http.Response) (FileImportsClientCreateResponse, error) { - result := FileImportsClientCreateResponse{} - if err := runtime.UnmarshalAsJSON(resp, &result.FileImport); err != nil { - return FileImportsClientCreateResponse{}, err - } - return result, nil -} - -// BeginDelete - Delete the file import. -// If the operation fails it returns an *azcore.ResponseError type. -// -// Generated from API version 2022-09-01-preview -// - resourceGroupName - The name of the resource group. The name is case insensitive. -// - workspaceName - The name of the workspace. -// - fileImportID - File import ID -// - options - FileImportsClientBeginDeleteOptions contains the optional parameters for the FileImportsClient.BeginDelete method. -func (client *FileImportsClient) BeginDelete(ctx context.Context, resourceGroupName string, workspaceName string, fileImportID string, options *FileImportsClientBeginDeleteOptions) (*runtime.Poller[FileImportsClientDeleteResponse], error) { - if options == nil || options.ResumeToken == "" { - resp, err := client.deleteOperation(ctx, resourceGroupName, workspaceName, fileImportID, options) - if err != nil { - return nil, err - } - poller, err := runtime.NewPoller(resp, client.internal.Pipeline(), &runtime.NewPollerOptions[FileImportsClientDeleteResponse]{ - FinalStateVia: runtime.FinalStateViaLocation, - Tracer: client.internal.Tracer(), - }) - return poller, err - } else { - return runtime.NewPollerFromResumeToken(options.ResumeToken, client.internal.Pipeline(), &runtime.NewPollerFromResumeTokenOptions[FileImportsClientDeleteResponse]{ - Tracer: client.internal.Tracer(), - }) - } -} - -// Delete - Delete the file import. -// If the operation fails it returns an *azcore.ResponseError type. -// -// Generated from API version 2022-09-01-preview -func (client *FileImportsClient) deleteOperation(ctx context.Context, resourceGroupName string, workspaceName string, fileImportID string, options *FileImportsClientBeginDeleteOptions) (*http.Response, error) { - var err error - const operationName = "FileImportsClient.BeginDelete" - ctx = context.WithValue(ctx, runtime.CtxAPINameKey{}, operationName) - ctx, endSpan := runtime.StartSpan(ctx, operationName, client.internal.Tracer(), nil) - defer func() { endSpan(err) }() - req, err := client.deleteCreateRequest(ctx, resourceGroupName, workspaceName, fileImportID, options) - if err != nil { - return nil, err - } - httpResp, err := client.internal.Pipeline().Do(req) - if err != nil { - return nil, err - } - if !runtime.HasStatusCode(httpResp, http.StatusAccepted, http.StatusNoContent) { - err = runtime.NewResponseError(httpResp) - return nil, err - } - return httpResp, nil -} - -// deleteCreateRequest creates the Delete request. -func (client *FileImportsClient) deleteCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, fileImportID string, options *FileImportsClientBeginDeleteOptions) (*policy.Request, error) { - urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/fileImports/{fileImportId}" - if client.subscriptionID == "" { - return nil, errors.New("parameter client.subscriptionID cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) - if resourceGroupName == "" { - return nil, errors.New("parameter resourceGroupName cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) - if workspaceName == "" { - return nil, errors.New("parameter workspaceName cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) - if fileImportID == "" { - return nil, errors.New("parameter fileImportID cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{fileImportId}", url.PathEscape(fileImportID)) - req, err := runtime.NewRequest(ctx, http.MethodDelete, runtime.JoinPaths(client.internal.Endpoint(), urlPath)) - if err != nil { - return nil, err - } - reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") - req.Raw().URL.RawQuery = reqQP.Encode() - req.Raw().Header["Accept"] = []string{"application/json"} - return req, nil -} - -// Get - Gets a file import. -// If the operation fails it returns an *azcore.ResponseError type. -// -// Generated from API version 2022-09-01-preview -// - resourceGroupName - The name of the resource group. The name is case insensitive. -// - workspaceName - The name of the workspace. -// - fileImportID - File import ID -// - options - FileImportsClientGetOptions contains the optional parameters for the FileImportsClient.Get method. -func (client *FileImportsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, fileImportID string, options *FileImportsClientGetOptions) (FileImportsClientGetResponse, error) { - var err error - const operationName = "FileImportsClient.Get" - ctx = context.WithValue(ctx, runtime.CtxAPINameKey{}, operationName) - ctx, endSpan := runtime.StartSpan(ctx, operationName, client.internal.Tracer(), nil) - defer func() { endSpan(err) }() - req, err := client.getCreateRequest(ctx, resourceGroupName, workspaceName, fileImportID, options) - if err != nil { - return FileImportsClientGetResponse{}, err - } - httpResp, err := client.internal.Pipeline().Do(req) - if err != nil { - return FileImportsClientGetResponse{}, err - } - if !runtime.HasStatusCode(httpResp, http.StatusOK) { - err = runtime.NewResponseError(httpResp) - return FileImportsClientGetResponse{}, err - } - resp, err := client.getHandleResponse(httpResp) - return resp, err -} - -// getCreateRequest creates the Get request. -func (client *FileImportsClient) getCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, fileImportID string, options *FileImportsClientGetOptions) (*policy.Request, error) { - urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/fileImports/{fileImportId}" - if client.subscriptionID == "" { - return nil, errors.New("parameter client.subscriptionID cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) - if resourceGroupName == "" { - return nil, errors.New("parameter resourceGroupName cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) - if workspaceName == "" { - return nil, errors.New("parameter workspaceName cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) - if fileImportID == "" { - return nil, errors.New("parameter fileImportID cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{fileImportId}", url.PathEscape(fileImportID)) - req, err := runtime.NewRequest(ctx, http.MethodGet, runtime.JoinPaths(client.internal.Endpoint(), urlPath)) - if err != nil { - return nil, err - } - reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") - req.Raw().URL.RawQuery = reqQP.Encode() - req.Raw().Header["Accept"] = []string{"application/json"} - return req, nil -} - -// getHandleResponse handles the Get response. -func (client *FileImportsClient) getHandleResponse(resp *http.Response) (FileImportsClientGetResponse, error) { - result := FileImportsClientGetResponse{} - if err := runtime.UnmarshalAsJSON(resp, &result.FileImport); err != nil { - return FileImportsClientGetResponse{}, err - } - return result, nil -} - -// NewListPager - Gets all file imports. -// -// Generated from API version 2022-09-01-preview -// - resourceGroupName - The name of the resource group. The name is case insensitive. -// - workspaceName - The name of the workspace. -// - options - FileImportsClientListOptions contains the optional parameters for the FileImportsClient.NewListPager method. -func (client *FileImportsClient) NewListPager(resourceGroupName string, workspaceName string, options *FileImportsClientListOptions) *runtime.Pager[FileImportsClientListResponse] { - return runtime.NewPager(runtime.PagingHandler[FileImportsClientListResponse]{ - More: func(page FileImportsClientListResponse) bool { - return page.NextLink != nil && len(*page.NextLink) > 0 - }, - Fetcher: func(ctx context.Context, page *FileImportsClientListResponse) (FileImportsClientListResponse, error) { - ctx = context.WithValue(ctx, runtime.CtxAPINameKey{}, "FileImportsClient.NewListPager") - nextLink := "" - if page != nil { - nextLink = *page.NextLink - } - resp, err := runtime.FetcherForNextLink(ctx, client.internal.Pipeline(), nextLink, func(ctx context.Context) (*policy.Request, error) { - return client.listCreateRequest(ctx, resourceGroupName, workspaceName, options) - }, nil) - if err != nil { - return FileImportsClientListResponse{}, err - } - return client.listHandleResponse(resp) - }, - Tracer: client.internal.Tracer(), - }) -} - -// listCreateRequest creates the List request. -func (client *FileImportsClient) listCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, options *FileImportsClientListOptions) (*policy.Request, error) { - urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/fileImports" - if client.subscriptionID == "" { - return nil, errors.New("parameter client.subscriptionID cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) - if resourceGroupName == "" { - return nil, errors.New("parameter resourceGroupName cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) - if workspaceName == "" { - return nil, errors.New("parameter workspaceName cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) - req, err := runtime.NewRequest(ctx, http.MethodGet, runtime.JoinPaths(client.internal.Endpoint(), urlPath)) - if err != nil { - return nil, err - } - reqQP := req.Raw().URL.Query() - if options != nil && options.Filter != nil { - reqQP.Set("$filter", *options.Filter) - } - if options != nil && options.Orderby != nil { - reqQP.Set("$orderby", *options.Orderby) - } - if options != nil && options.SkipToken != nil { - reqQP.Set("$skipToken", *options.SkipToken) - } - if options != nil && options.Top != nil { - reqQP.Set("$top", strconv.FormatInt(int64(*options.Top), 10)) - } - reqQP.Set("api-version", "2022-09-01-preview") - req.Raw().URL.RawQuery = reqQP.Encode() - req.Raw().Header["Accept"] = []string{"application/json"} - return req, nil -} - -// listHandleResponse handles the List response. -func (client *FileImportsClient) listHandleResponse(resp *http.Response) (FileImportsClientListResponse, error) { - result := FileImportsClientListResponse{} - if err := runtime.UnmarshalAsJSON(resp, &result.FileImportList); err != nil { - return FileImportsClientListResponse{}, err - } - return result, nil -} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/fileimports_client_example_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/fileimports_client_example_test.go deleted file mode 100644 index 6f412f657165..000000000000 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/fileimports_client_example_test.go +++ /dev/null @@ -1,167 +0,0 @@ -//go:build go1.18 -// +build go1.18 - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See License.txt in the project root for license information. -// Code generated by Microsoft (R) AutoRest Code Generator. -// Changes may cause incorrect behavior and will be lost if the code is regenerated. -// DO NOT EDIT. - -package armsecurityinsights_test - -import ( - "context" - "log" - - "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" - "github.com/Azure/azure-sdk-for-go/sdk/azidentity" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" -) - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/fileImports/GetFileImports.json -func ExampleFileImportsClient_NewListPager() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - pager := clientFactory.NewFileImportsClient().NewListPager("myRg", "myWorkspace", &armsecurityinsights.FileImportsClientListOptions{Filter: nil, - Orderby: to.Ptr("properties/createdTimeUtc desc"), - Top: to.Ptr[int32](1), - SkipToken: nil, - }) - for pager.More() { - page, err := pager.NextPage(ctx) - if err != nil { - log.Fatalf("failed to advance page: %v", err) - } - for _, v := range page.Value { - // You could use page here. We use blank identifier for just demo purposes. - _ = v - } - // If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // page.FileImportList = armsecurityinsights.FileImportList{ - // Value: []*armsecurityinsights.FileImport{ - // { - // Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"), - // Type: to.Ptr("Microsoft.SecurityInsights/FileImports"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/FileImports/73e01a99-5cd7-4139-a149-9f2736ff2ab5"), - // Properties: &armsecurityinsights.FileImportProperties{ - // ContentType: to.Ptr(armsecurityinsights.FileImportContentTypeStixIndicator), - // CreatedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-03-25T21:02:38.835Z"); return t}()), - // FilesValidUntilTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-03-26T21:02:38.835Z"); return t}()), - // ImportFile: &armsecurityinsights.FileMetadata{ - // DeleteStatus: to.Ptr(armsecurityinsights.DeleteStatusNotDeleted), - // FileFormat: to.Ptr(armsecurityinsights.FileFormatJSON), - // FileName: to.Ptr("fileName.json"), - // FileSize: to.Ptr[int32](5146), - // }, - // ImportValidUntilTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-04-24T21:02:38.835Z"); return t}()), - // IngestedRecordCount: to.Ptr[int32](5), - // IngestionMode: to.Ptr(armsecurityinsights.IngestionModeIngestAnyValidRecords), - // Source: to.Ptr("mySource"), - // State: to.Ptr(armsecurityinsights.FileImportStateIngested), - // TotalRecordCount: to.Ptr[int32](5), - // ValidRecordCount: to.Ptr[int32](5), - // }, - // }}, - // } - } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/fileImports/GetFileImportById.json -func ExampleFileImportsClient_Get() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewFileImportsClient().Get(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res.FileImport = armsecurityinsights.FileImport{ - // Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"), - // Type: to.Ptr("Microsoft.SecurityInsights/FileImports"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/FileImports/73e01a99-5cd7-4139-a149-9f2736ff2ab5"), - // Properties: &armsecurityinsights.FileImportProperties{ - // ContentType: to.Ptr(armsecurityinsights.FileImportContentTypeStixIndicator), - // CreatedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-03-25T21:02:38.835Z"); return t}()), - // FilesValidUntilTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-03-26T21:02:38.835Z"); return t}()), - // ImportFile: &armsecurityinsights.FileMetadata{ - // DeleteStatus: to.Ptr(armsecurityinsights.DeleteStatusNotDeleted), - // FileContentURI: to.Ptr("https://sentinelimportswus2.blob.core.windows.net/78c2e51a-3cd3-4ca0-a2d4-e7effb9a05fe/43967a5e-47a7-474e-afb8-2081e9b99ca1/myFile.json?skoid=40ca3ff4-ed1d-4c65-a409-8c6caff8a6d5&sktid=72f988bf-86f1-41af-91ab-2d7cd011db47&skt=2022-03-25T21%3A12%3A51Z&ske=2022-03-25T22%3A12%3A51Z&sks=b&skv=2020-10-02&sv=2020-08-04&st=2022-03-25T21%3A12%3A51Z&se=2022-03-25T22%3A12%3A51Z&sr=b&sp=c&sig=5n0D%2FERS6ZOQdfdO2adleeSVOM4b6mQeds%2FWYCGm9pU%3D"), - // FileFormat: to.Ptr(armsecurityinsights.FileFormatJSON), - // FileName: to.Ptr("myFile.json"), - // FileSize: to.Ptr[int32](5146), - // }, - // ImportValidUntilTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-04-24T21:02:38.835Z"); return t}()), - // IngestedRecordCount: to.Ptr[int32](5), - // IngestionMode: to.Ptr(armsecurityinsights.IngestionModeIngestAnyValidRecords), - // Source: to.Ptr("mySource"), - // State: to.Ptr(armsecurityinsights.FileImportStateIngested), - // TotalRecordCount: to.Ptr[int32](5), - // ValidRecordCount: to.Ptr[int32](5), - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/fileImports/CreateFileImport.json -func ExampleFileImportsClient_Create() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - _, err = clientFactory.NewFileImportsClient().Create(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", armsecurityinsights.FileImport{ - Properties: &armsecurityinsights.FileImportProperties{ - ContentType: to.Ptr(armsecurityinsights.FileImportContentTypeStixIndicator), - ImportFile: &armsecurityinsights.FileMetadata{ - FileFormat: to.Ptr(armsecurityinsights.FileFormatJSON), - FileName: to.Ptr("myFile.json"), - FileSize: to.Ptr[int32](4653), - }, - IngestionMode: to.Ptr(armsecurityinsights.IngestionModeIngestAnyValidRecords), - Source: to.Ptr("mySource"), - }, - }, nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/fileImports/DeleteFileImport.json -func ExampleFileImportsClient_BeginDelete() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - poller, err := clientFactory.NewFileImportsClient().BeginDelete(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - _, err = poller.PollUntilDone(ctx, nil) - if err != nil { - log.Fatalf("failed to pull the result: %v", err) - } -} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/go.mod b/sdk/resourcemanager/securityinsights/armsecurityinsights/go.mod index 024d78472fae..a6a9cad03fcc 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/go.mod +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/go.mod @@ -2,20 +2,10 @@ module github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/ar go 1.18 -require ( - github.com/Azure/azure-sdk-for-go/sdk/azcore v1.13.0 - github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 -) +require github.com/Azure/azure-sdk-for-go/sdk/azcore v1.13.0 require ( github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect - github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect - github.com/golang-jwt/jwt/v5 v5.2.1 // indirect - github.com/google/uuid v1.6.0 // indirect - github.com/kylelemons/godebug v1.1.0 // indirect - github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect - golang.org/x/crypto v0.25.0 // indirect golang.org/x/net v0.27.0 // indirect - golang.org/x/sys v0.22.0 // indirect golang.org/x/text v0.16.0 // indirect ) diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/go.sum b/sdk/resourcemanager/securityinsights/armsecurityinsights/go.sum index 09d275cb9a37..917448a001b7 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/go.sum +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/go.sum @@ -1,29 +1,12 @@ github.com/Azure/azure-sdk-for-go/sdk/azcore v1.13.0 h1:GJHeeA2N7xrG3q30L2UXDyuWRzDM900/65j70wcM4Ww= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.13.0/go.mod h1:l38EPgmsp71HHLq9j7De57JcKOWPyhrsW1Awm1JS6K0= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 h1:tfLQ34V6F7tVSwoTf/4lH5sE0o6eCJuNDTmH09nDpbc= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0/go.mod h1:9kIvujWAA58nmPmWB1m23fyWic1kYZMxD9CxaWn4Qpg= github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 h1:ywEEhmNahHBihViHepv3xPBn1663uRv2t2q/ESv9seY= github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0/go.mod h1:iZDifYGJTIgIIkYRNWPENUnqx6bJ2xnSDFI2tjwZNuY= -github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 h1:XHOnouVk1mxXfQidrMEnLlPk9UMeRtyBTnEFtxkV0kU= -github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= -github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk= -github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= -github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= -github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= -github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= -github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ= -github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= -golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30= -golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys= golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE= -golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI= -golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/incidentcomments_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/incidentcomments_client.go index 148c62c1878c..15ae12d971f9 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/incidentcomments_client.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/incidentcomments_client.go @@ -29,7 +29,7 @@ type IncidentCommentsClient struct { } // NewIncidentCommentsClient creates a new instance of IncidentCommentsClient with the specified values. -// - subscriptionID - The ID of the target subscription. +// - subscriptionID - The ID of the target subscription. The value must be an UUID. // - credential - used to authorize requests. Usually a credential from azidentity. // - options - pass nil to accept the default values. func NewIncidentCommentsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*IncidentCommentsClient, error) { @@ -44,10 +44,10 @@ func NewIncidentCommentsClient(subscriptionID string, credential azcore.TokenCre return client, nil } -// CreateOrUpdate - Creates or updates the incident comment. +// CreateOrUpdate - Creates or updates a comment for a given incident. // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. // - incidentID - Incident ID @@ -105,7 +105,7 @@ func (client *IncidentCommentsClient) createOrUpdateCreateRequest(ctx context.Co return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} if err := runtime.MarshalAsJSON(req, incidentComment); err != nil { @@ -123,10 +123,10 @@ func (client *IncidentCommentsClient) createOrUpdateHandleResponse(resp *http.Re return result, nil } -// Delete - Delete the incident comment. +// Delete - Deletes a comment for a given incident. // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. // - incidentID - Incident ID @@ -181,16 +181,16 @@ func (client *IncidentCommentsClient) deleteCreateRequest(ctx context.Context, r return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil } -// Get - Gets an incident comment. +// Get - Gets a comment for a given incident. // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. // - incidentID - Incident ID @@ -246,7 +246,7 @@ func (client *IncidentCommentsClient) getCreateRequest(ctx context.Context, reso return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil @@ -261,9 +261,9 @@ func (client *IncidentCommentsClient) getHandleResponse(resp *http.Response) (In return result, nil } -// NewListPager - Gets all incident comments. +// NewListPager - Gets all comments for a given incident. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. // - incidentID - Incident ID @@ -328,7 +328,7 @@ func (client *IncidentCommentsClient) listCreateRequest(ctx context.Context, res if options != nil && options.Top != nil { reqQP.Set("$top", strconv.FormatInt(int64(*options.Top), 10)) } - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/incidentcomments_client_example_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/incidentcomments_client_example_test.go deleted file mode 100644 index 83bb0d1e1eaf..000000000000 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/incidentcomments_client_example_test.go +++ /dev/null @@ -1,163 +0,0 @@ -//go:build go1.18 -// +build go1.18 - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See License.txt in the project root for license information. -// Code generated by Microsoft (R) AutoRest Code Generator. -// Changes may cause incorrect behavior and will be lost if the code is regenerated. -// DO NOT EDIT. - -package armsecurityinsights_test - -import ( - "context" - "log" - - "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" - "github.com/Azure/azure-sdk-for-go/sdk/azidentity" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" -) - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/incidents/comments/GetAllIncidentComments.json -func ExampleIncidentCommentsClient_NewListPager() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - pager := clientFactory.NewIncidentCommentsClient().NewListPager("myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", &armsecurityinsights.IncidentCommentsClientListOptions{Filter: nil, - Orderby: nil, - Top: nil, - SkipToken: nil, - }) - for pager.More() { - page, err := pager.NextPage(ctx) - if err != nil { - log.Fatalf("failed to advance page: %v", err) - } - for _, v := range page.Value { - // You could use page here. We use blank identifier for just demo purposes. - _ = v - } - // If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // page.IncidentCommentList = armsecurityinsights.IncidentCommentList{ - // Value: []*armsecurityinsights.IncidentComment{ - // { - // Name: to.Ptr("4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"), - // Type: to.Ptr("Microsoft.SecurityInsights/incidents/comments"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"), - // Etag: to.Ptr("190057d0-0000-0d00-0000-5c6f5adb0000"), - // Properties: &armsecurityinsights.IncidentCommentProperties{ - // Author: &armsecurityinsights.ClientInfo{ - // Name: to.Ptr("john doe"), - // Email: to.Ptr("john.doe@contoso.com"), - // ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"), - // UserPrincipalName: to.Ptr("john@contoso.com"), - // }, - // CreatedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:15:30.000Z"); return t}()), - // LastModifiedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-03T11:10:30.000Z"); return t}()), - // Message: to.Ptr("Some message"), - // }, - // }}, - // } - } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/incidents/comments/GetIncidentCommentById.json -func ExampleIncidentCommentsClient_Get() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewIncidentCommentsClient().Get(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res.IncidentComment = armsecurityinsights.IncidentComment{ - // Name: to.Ptr("4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"), - // Type: to.Ptr("Microsoft.SecurityInsights/incidents/comments"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"), - // Etag: to.Ptr("190057d0-0000-0d00-0000-5c6f5adb0000"), - // Properties: &armsecurityinsights.IncidentCommentProperties{ - // Author: &armsecurityinsights.ClientInfo{ - // Name: to.Ptr("john doe"), - // Email: to.Ptr("john.doe@contoso.com"), - // ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"), - // UserPrincipalName: to.Ptr("john@contoso.com"), - // }, - // CreatedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:15:30.000Z"); return t}()), - // LastModifiedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-03T11:10:30.000Z"); return t}()), - // Message: to.Ptr("Some message"), - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/incidents/comments/CreateIncidentComment.json -func ExampleIncidentCommentsClient_CreateOrUpdate() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewIncidentCommentsClient().CreateOrUpdate(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", armsecurityinsights.IncidentComment{ - Properties: &armsecurityinsights.IncidentCommentProperties{ - Message: to.Ptr("Some message"), - }, - }, nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res.IncidentComment = armsecurityinsights.IncidentComment{ - // Name: to.Ptr("4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"), - // Type: to.Ptr("Microsoft.SecurityInsights/incidents/comments"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"), - // Etag: to.Ptr("190057d0-0000-0d00-0000-5c6f5adb0000"), - // Properties: &armsecurityinsights.IncidentCommentProperties{ - // Author: &armsecurityinsights.ClientInfo{ - // Name: to.Ptr("john doe"), - // Email: to.Ptr("john.doe@contoso.com"), - // ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"), - // UserPrincipalName: to.Ptr("john@contoso.com"), - // }, - // CreatedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:15:30.000Z"); return t}()), - // LastModifiedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-03T11:10:30.000Z"); return t}()), - // Message: to.Ptr("Some message"), - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/incidents/comments/DeleteIncidentComment.json -func ExampleIncidentCommentsClient_Delete() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - _, err = clientFactory.NewIncidentCommentsClient().Delete(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } -} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/incidentrelations_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/incidentrelations_client.go index c2af227460e3..8d05c7ea0747 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/incidentrelations_client.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/incidentrelations_client.go @@ -29,7 +29,7 @@ type IncidentRelationsClient struct { } // NewIncidentRelationsClient creates a new instance of IncidentRelationsClient with the specified values. -// - subscriptionID - The ID of the target subscription. +// - subscriptionID - The ID of the target subscription. The value must be an UUID. // - credential - used to authorize requests. Usually a credential from azidentity. // - options - pass nil to accept the default values. func NewIncidentRelationsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*IncidentRelationsClient, error) { @@ -44,10 +44,10 @@ func NewIncidentRelationsClient(subscriptionID string, credential azcore.TokenCr return client, nil } -// CreateOrUpdate - Creates or updates the incident relation. +// CreateOrUpdate - Creates or updates a relation for a given incident. // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. // - incidentID - Incident ID @@ -105,7 +105,7 @@ func (client *IncidentRelationsClient) createOrUpdateCreateRequest(ctx context.C return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} if err := runtime.MarshalAsJSON(req, relation); err != nil { @@ -123,10 +123,10 @@ func (client *IncidentRelationsClient) createOrUpdateHandleResponse(resp *http.R return result, nil } -// Delete - Delete the incident relation. +// Delete - Deletes a relation for a given incident. // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. // - incidentID - Incident ID @@ -182,16 +182,16 @@ func (client *IncidentRelationsClient) deleteCreateRequest(ctx context.Context, return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil } -// Get - Gets an incident relation. +// Get - Gets a relation for a given incident. // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. // - incidentID - Incident ID @@ -247,7 +247,7 @@ func (client *IncidentRelationsClient) getCreateRequest(ctx context.Context, res return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil @@ -262,9 +262,9 @@ func (client *IncidentRelationsClient) getHandleResponse(resp *http.Response) (I return result, nil } -// NewListPager - Gets all incident relations. +// NewListPager - Gets all relations for a given incident. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. // - incidentID - Incident ID @@ -329,7 +329,7 @@ func (client *IncidentRelationsClient) listCreateRequest(ctx context.Context, re if options != nil && options.Top != nil { reqQP.Set("$top", strconv.FormatInt(int64(*options.Top), 10)) } - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/incidentrelations_client_example_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/incidentrelations_client_example_test.go deleted file mode 100644 index b64d91f183de..000000000000 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/incidentrelations_client_example_test.go +++ /dev/null @@ -1,157 +0,0 @@ -//go:build go1.18 -// +build go1.18 - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See License.txt in the project root for license information. -// Code generated by Microsoft (R) AutoRest Code Generator. -// Changes may cause incorrect behavior and will be lost if the code is regenerated. -// DO NOT EDIT. - -package armsecurityinsights_test - -import ( - "context" - "log" - - "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" - "github.com/Azure/azure-sdk-for-go/sdk/azidentity" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" -) - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/incidents/relations/GetAllIncidentRelations.json -func ExampleIncidentRelationsClient_NewListPager() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - pager := clientFactory.NewIncidentRelationsClient().NewListPager("myRg", "myWorkspace", "afbd324f-6c48-459c-8710-8d1e1cd03812", &armsecurityinsights.IncidentRelationsClientListOptions{Filter: nil, - Orderby: nil, - Top: nil, - SkipToken: nil, - }) - for pager.More() { - page, err := pager.NextPage(ctx) - if err != nil { - log.Fatalf("failed to advance page: %v", err) - } - for _, v := range page.Value { - // You could use page here. We use blank identifier for just demo purposes. - _ = v - } - // If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // page.RelationList = armsecurityinsights.RelationList{ - // Value: []*armsecurityinsights.Relation{ - // { - // Name: to.Ptr("4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"), - // Type: to.Ptr("Microsoft.SecurityInsights/incidents/relations"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"), - // Etag: to.Ptr("190057d0-0000-0d00-0000-5c6f5adb0000"), - // Properties: &armsecurityinsights.RelationProperties{ - // RelatedResourceID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096"), - // RelatedResourceName: to.Ptr("2216d0e1-91e3-4902-89fd-d2df8c535096"), - // RelatedResourceType: to.Ptr("Microsoft.SecurityInsights/bookmarks"), - // }, - // }, - // { - // Name: to.Ptr("9673a17d-8bc7-4ca6-88ee-38a4f3efc032"), - // Type: to.Ptr("Microsoft.SecurityInsights/incidents/relations"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/9673a17d-8bc7-4ca6-88ee-38a4f3efc032"), - // Etag: to.Ptr("6f714025-dd7c-46aa-b5d0-b9857488d060"), - // Properties: &armsecurityinsights.RelationProperties{ - // RelatedResourceID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/1dd267cd-8a1f-4f6f-b92c-da43ac8819af"), - // RelatedResourceKind: to.Ptr("SecurityAlert"), - // RelatedResourceName: to.Ptr("1dd267cd-8a1f-4f6f-b92c-da43ac8819af"), - // RelatedResourceType: to.Ptr("Microsoft.SecurityInsights/entities"), - // }, - // }}, - // } - } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/incidents/relations/GetIncidentRelationByName.json -func ExampleIncidentRelationsClient_Get() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewIncidentRelationsClient().Get(ctx, "myRg", "myWorkspace", "afbd324f-6c48-459c-8710-8d1e1cd03812", "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res.Relation = armsecurityinsights.Relation{ - // Name: to.Ptr("4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"), - // Type: to.Ptr("Microsoft.SecurityInsights/incidents/relations"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"), - // Etag: to.Ptr("190057d0-0000-0d00-0000-5c6f5adb0000"), - // Properties: &armsecurityinsights.RelationProperties{ - // RelatedResourceID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096"), - // RelatedResourceName: to.Ptr("2216d0e1-91e3-4902-89fd-d2df8c535096"), - // RelatedResourceType: to.Ptr("Microsoft.SecurityInsights/bookmarks"), - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/incidents/relations/CreateIncidentRelation.json -func ExampleIncidentRelationsClient_CreateOrUpdate() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewIncidentRelationsClient().CreateOrUpdate(ctx, "myRg", "myWorkspace", "afbd324f-6c48-459c-8710-8d1e1cd03812", "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", armsecurityinsights.Relation{ - Properties: &armsecurityinsights.RelationProperties{ - RelatedResourceID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096"), - }, - }, nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res.Relation = armsecurityinsights.Relation{ - // Name: to.Ptr("4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"), - // Type: to.Ptr("Microsoft.SecurityInsights/incidents/relations"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"), - // Etag: to.Ptr("190057d0-0000-0d00-0000-5c6f5adb0000"), - // Properties: &armsecurityinsights.RelationProperties{ - // RelatedResourceID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096"), - // RelatedResourceName: to.Ptr("2216d0e1-91e3-4902-89fd-d2df8c535096"), - // RelatedResourceType: to.Ptr("Microsoft.SecurityInsights/bookmarks"), - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/incidents/relations/DeleteIncidentRelation.json -func ExampleIncidentRelationsClient_Delete() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - _, err = clientFactory.NewIncidentRelationsClient().Delete(ctx, "myRg", "myWorkspace", "afbd324f-6c48-459c-8710-8d1e1cd03812", "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } -} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/incidents_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/incidents_client.go index aaf0c006499c..baf158682666 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/incidents_client.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/incidents_client.go @@ -29,7 +29,7 @@ type IncidentsClient struct { } // NewIncidentsClient creates a new instance of IncidentsClient with the specified values. -// - subscriptionID - The ID of the target subscription. +// - subscriptionID - The ID of the target subscription. The value must be an UUID. // - credential - used to authorize requests. Usually a credential from azidentity. // - options - pass nil to accept the default values. func NewIncidentsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*IncidentsClient, error) { @@ -44,10 +44,10 @@ func NewIncidentsClient(subscriptionID string, credential azcore.TokenCredential return client, nil } -// CreateOrUpdate - Creates or updates the incident. +// CreateOrUpdate - Creates or updates an incident. // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. // - incidentID - Incident ID @@ -100,7 +100,7 @@ func (client *IncidentsClient) createOrUpdateCreateRequest(ctx context.Context, return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} if err := runtime.MarshalAsJSON(req, incident); err != nil { @@ -118,83 +118,10 @@ func (client *IncidentsClient) createOrUpdateHandleResponse(resp *http.Response) return result, nil } -// CreateTeam - Creates a Microsoft team to investigate the incident by sharing information and insights between participants. +// Delete - Deletes a given incident. // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview -// - resourceGroupName - The name of the resource group. The name is case insensitive. -// - workspaceName - The name of the workspace. -// - incidentID - Incident ID -// - teamProperties - Team properties -// - options - IncidentsClientCreateTeamOptions contains the optional parameters for the IncidentsClient.CreateTeam method. -func (client *IncidentsClient) CreateTeam(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, teamProperties TeamProperties, options *IncidentsClientCreateTeamOptions) (IncidentsClientCreateTeamResponse, error) { - var err error - const operationName = "IncidentsClient.CreateTeam" - ctx = context.WithValue(ctx, runtime.CtxAPINameKey{}, operationName) - ctx, endSpan := runtime.StartSpan(ctx, operationName, client.internal.Tracer(), nil) - defer func() { endSpan(err) }() - req, err := client.createTeamCreateRequest(ctx, resourceGroupName, workspaceName, incidentID, teamProperties, options) - if err != nil { - return IncidentsClientCreateTeamResponse{}, err - } - httpResp, err := client.internal.Pipeline().Do(req) - if err != nil { - return IncidentsClientCreateTeamResponse{}, err - } - if !runtime.HasStatusCode(httpResp, http.StatusOK) { - err = runtime.NewResponseError(httpResp) - return IncidentsClientCreateTeamResponse{}, err - } - resp, err := client.createTeamHandleResponse(httpResp) - return resp, err -} - -// createTeamCreateRequest creates the CreateTeam request. -func (client *IncidentsClient) createTeamCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, teamProperties TeamProperties, options *IncidentsClientCreateTeamOptions) (*policy.Request, error) { - urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/createTeam" - if client.subscriptionID == "" { - return nil, errors.New("parameter client.subscriptionID cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) - if resourceGroupName == "" { - return nil, errors.New("parameter resourceGroupName cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) - if workspaceName == "" { - return nil, errors.New("parameter workspaceName cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) - if incidentID == "" { - return nil, errors.New("parameter incidentID cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{incidentId}", url.PathEscape(incidentID)) - req, err := runtime.NewRequest(ctx, http.MethodPost, runtime.JoinPaths(client.internal.Endpoint(), urlPath)) - if err != nil { - return nil, err - } - reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") - req.Raw().URL.RawQuery = reqQP.Encode() - req.Raw().Header["Accept"] = []string{"application/json"} - if err := runtime.MarshalAsJSON(req, teamProperties); err != nil { - return nil, err - } - return req, nil -} - -// createTeamHandleResponse handles the CreateTeam response. -func (client *IncidentsClient) createTeamHandleResponse(resp *http.Response) (IncidentsClientCreateTeamResponse, error) { - result := IncidentsClientCreateTeamResponse{} - if err := runtime.UnmarshalAsJSON(resp, &result.TeamInformation); err != nil { - return IncidentsClientCreateTeamResponse{}, err - } - return result, nil -} - -// Delete - Delete the incident. -// If the operation fails it returns an *azcore.ResponseError type. -// -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. // - incidentID - Incident ID @@ -244,16 +171,16 @@ func (client *IncidentsClient) deleteCreateRequest(ctx context.Context, resource return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil } -// Get - Gets an incident. +// Get - Gets a given incident. // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. // - incidentID - Incident ID @@ -304,7 +231,7 @@ func (client *IncidentsClient) getCreateRequest(ctx context.Context, resourceGro return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil @@ -321,7 +248,7 @@ func (client *IncidentsClient) getHandleResponse(resp *http.Response) (Incidents // NewListPager - Gets all incidents. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. // - options - IncidentsClientListOptions contains the optional parameters for the IncidentsClient.NewListPager method. @@ -380,7 +307,7 @@ func (client *IncidentsClient) listCreateRequest(ctx context.Context, resourceGr if options != nil && options.Top != nil { reqQP.Set("$top", strconv.FormatInt(int64(*options.Top), 10)) } - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil @@ -395,10 +322,10 @@ func (client *IncidentsClient) listHandleResponse(resp *http.Response) (Incident return result, nil } -// ListAlerts - Gets all incident alerts. +// ListAlerts - Gets all alerts for an incident. // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. // - incidentID - Incident ID @@ -449,7 +376,7 @@ func (client *IncidentsClient) listAlertsCreateRequest(ctx context.Context, reso return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil @@ -464,10 +391,10 @@ func (client *IncidentsClient) listAlertsHandleResponse(resp *http.Response) (In return result, nil } -// ListBookmarks - Gets all incident bookmarks. +// ListBookmarks - Gets all bookmarks for an incident. // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. // - incidentID - Incident ID @@ -518,7 +445,7 @@ func (client *IncidentsClient) listBookmarksCreateRequest(ctx context.Context, r return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil @@ -533,10 +460,10 @@ func (client *IncidentsClient) listBookmarksHandleResponse(resp *http.Response) return result, nil } -// ListEntities - Gets all incident related entities. +// ListEntities - Gets all entities for an incident. // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. // - incidentID - Incident ID @@ -587,7 +514,7 @@ func (client *IncidentsClient) listEntitiesCreateRequest(ctx context.Context, re return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil @@ -605,9 +532,10 @@ func (client *IncidentsClient) listEntitiesHandleResponse(resp *http.Response) ( // RunPlaybook - Triggers playbook on a specific incident // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. +// - incidentIdentifier - Incident ID // - options - IncidentsClientRunPlaybookOptions contains the optional parameters for the IncidentsClient.RunPlaybook method. func (client *IncidentsClient) RunPlaybook(ctx context.Context, resourceGroupName string, workspaceName string, incidentIdentifier string, options *IncidentsClientRunPlaybookOptions) (IncidentsClientRunPlaybookResponse, error) { var err error @@ -627,8 +555,7 @@ func (client *IncidentsClient) RunPlaybook(ctx context.Context, resourceGroupNam err = runtime.NewResponseError(httpResp) return IncidentsClientRunPlaybookResponse{}, err } - resp, err := client.runPlaybookHandleResponse(httpResp) - return resp, err + return IncidentsClientRunPlaybookResponse{}, nil } // runPlaybookCreateRequest creates the RunPlaybook request. @@ -655,7 +582,7 @@ func (client *IncidentsClient) runPlaybookCreateRequest(ctx context.Context, res return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} if options != nil && options.RequestBody != nil { @@ -666,12 +593,3 @@ func (client *IncidentsClient) runPlaybookCreateRequest(ctx context.Context, res } return req, nil } - -// runPlaybookHandleResponse handles the RunPlaybook response. -func (client *IncidentsClient) runPlaybookHandleResponse(resp *http.Response) (IncidentsClientRunPlaybookResponse, error) { - result := IncidentsClientRunPlaybookResponse{} - if err := runtime.UnmarshalAsJSON(resp, &result.Interface); err != nil { - return IncidentsClientRunPlaybookResponse{}, err - } - return result, nil -} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/incidents_client_example_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/incidents_client_example_test.go deleted file mode 100644 index 67a3f4106603..000000000000 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/incidents_client_example_test.go +++ /dev/null @@ -1,495 +0,0 @@ -//go:build go1.18 -// +build go1.18 - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See License.txt in the project root for license information. -// Code generated by Microsoft (R) AutoRest Code Generator. -// Changes may cause incorrect behavior and will be lost if the code is regenerated. -// DO NOT EDIT. - -package armsecurityinsights_test - -import ( - "context" - "log" - - "time" - - "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" - "github.com/Azure/azure-sdk-for-go/sdk/azidentity" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" -) - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/manualTrigger/Incidents_RunPlaybook.json -func ExampleIncidentsClient_RunPlaybook() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - _, err = clientFactory.NewIncidentsClient().RunPlaybook(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ar4", &armsecurityinsights.IncidentsClientRunPlaybookOptions{RequestBody: nil}) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/incidents/GetIncidents.json -func ExampleIncidentsClient_NewListPager() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - pager := clientFactory.NewIncidentsClient().NewListPager("myRg", "myWorkspace", &armsecurityinsights.IncidentsClientListOptions{Filter: nil, - Orderby: to.Ptr("properties/createdTimeUtc desc"), - Top: to.Ptr[int32](1), - SkipToken: nil, - }) - for pager.More() { - page, err := pager.NextPage(ctx) - if err != nil { - log.Fatalf("failed to advance page: %v", err) - } - for _, v := range page.Value { - // You could use page here. We use blank identifier for just demo purposes. - _ = v - } - // If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // page.IncidentList = armsecurityinsights.IncidentList{ - // Value: []*armsecurityinsights.Incident{ - // { - // Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"), - // Type: to.Ptr("Microsoft.SecurityInsights/incidents"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5"), - // Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - // Properties: &armsecurityinsights.IncidentProperties{ - // Description: to.Ptr("This is a demo incident"), - // AdditionalData: &armsecurityinsights.IncidentAdditionalData{ - // AlertProductNames: []*string{ - // }, - // AlertsCount: to.Ptr[int32](0), - // BookmarksCount: to.Ptr[int32](0), - // CommentsCount: to.Ptr[int32](3), - // ProviderIncidentURL: to.Ptr("https://security.microsoft.com/incidents/3177?tid=5b5a146c-eba8-46af-96f8-e31b50d15a3f"), - // Tactics: []*armsecurityinsights.AttackTactic{ - // to.Ptr(armsecurityinsights.AttackTacticPersistence)}, - // Techniques: []*string{ - // to.Ptr("T1053")}, - // }, - // Classification: to.Ptr(armsecurityinsights.IncidentClassificationFalsePositive), - // ClassificationComment: to.Ptr("Not a malicious activity"), - // ClassificationReason: to.Ptr(armsecurityinsights.IncidentClassificationReasonIncorrectAlertLogic), - // CreatedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:15:30.000Z"); return t}()), - // FirstActivityTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:00:30.000Z"); return t}()), - // IncidentNumber: to.Ptr[int32](3177), - // IncidentURL: to.Ptr("https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5"), - // Labels: []*armsecurityinsights.IncidentLabel{ - // }, - // LastActivityTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:05:30.000Z"); return t}()), - // LastModifiedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:15:30.000Z"); return t}()), - // Owner: &armsecurityinsights.IncidentOwnerInfo{ - // AssignedTo: to.Ptr("john doe"), - // Email: to.Ptr("john.doe@contoso.com"), - // ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"), - // OwnerType: to.Ptr(armsecurityinsights.OwnerTypeUser), - // UserPrincipalName: to.Ptr("john@contoso.com"), - // }, - // ProviderIncidentID: to.Ptr("3177"), - // ProviderName: to.Ptr("Azure Sentinel"), - // RelatedAnalyticRuleIDs: []*string{ - // to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7"), - // to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a")}, - // Severity: to.Ptr(armsecurityinsights.IncidentSeverityHigh), - // Status: to.Ptr(armsecurityinsights.IncidentStatusClosed), - // Title: to.Ptr("My incident"), - // }, - // }}, - // } - } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/incidents/GetIncidentById.json -func ExampleIncidentsClient_Get() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewIncidentsClient().Get(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res.Incident = armsecurityinsights.Incident{ - // Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"), - // Type: to.Ptr("Microsoft.SecurityInsights/incidents"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5"), - // Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - // Properties: &armsecurityinsights.IncidentProperties{ - // Description: to.Ptr("This is a demo incident"), - // AdditionalData: &armsecurityinsights.IncidentAdditionalData{ - // AlertProductNames: []*string{ - // }, - // AlertsCount: to.Ptr[int32](0), - // BookmarksCount: to.Ptr[int32](0), - // CommentsCount: to.Ptr[int32](3), - // ProviderIncidentURL: to.Ptr("https://security.microsoft.com/incidents/3177?tid=5b5a146c-eba8-46af-96f8-e31b50d15a3f"), - // Tactics: []*armsecurityinsights.AttackTactic{ - // to.Ptr(armsecurityinsights.AttackTacticInitialAccess), - // to.Ptr(armsecurityinsights.AttackTacticPersistence)}, - // Techniques: []*string{ - // to.Ptr("T1091"), - // to.Ptr("T1133"), - // to.Ptr("T1053")}, - // }, - // Classification: to.Ptr(armsecurityinsights.IncidentClassificationFalsePositive), - // ClassificationComment: to.Ptr("Not a malicious activity"), - // ClassificationReason: to.Ptr(armsecurityinsights.IncidentClassificationReasonInaccurateData), - // CreatedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:15:30.000Z"); return t}()), - // FirstActivityTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:00:30.000Z"); return t}()), - // IncidentNumber: to.Ptr[int32](3177), - // IncidentURL: to.Ptr("https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5"), - // Labels: []*armsecurityinsights.IncidentLabel{ - // }, - // LastActivityTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:05:30.000Z"); return t}()), - // LastModifiedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:15:30.000Z"); return t}()), - // Owner: &armsecurityinsights.IncidentOwnerInfo{ - // AssignedTo: to.Ptr("john doe"), - // Email: to.Ptr("john.doe@contoso.com"), - // ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"), - // OwnerType: to.Ptr(armsecurityinsights.OwnerTypeUser), - // UserPrincipalName: to.Ptr("john@contoso.com"), - // }, - // ProviderIncidentID: to.Ptr("3177"), - // ProviderName: to.Ptr("Azure Sentinel"), - // RelatedAnalyticRuleIDs: []*string{ - // to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7")}, - // Severity: to.Ptr(armsecurityinsights.IncidentSeverityHigh), - // Status: to.Ptr(armsecurityinsights.IncidentStatusClosed), - // Title: to.Ptr("My incident"), - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/incidents/CreateIncident.json -func ExampleIncidentsClient_CreateOrUpdate() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewIncidentsClient().CreateOrUpdate(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", armsecurityinsights.Incident{ - Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - Properties: &armsecurityinsights.IncidentProperties{ - Description: to.Ptr("This is a demo incident"), - Classification: to.Ptr(armsecurityinsights.IncidentClassificationFalsePositive), - ClassificationComment: to.Ptr("Not a malicious activity"), - ClassificationReason: to.Ptr(armsecurityinsights.IncidentClassificationReasonIncorrectAlertLogic), - FirstActivityTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:00:30.000Z"); return t }()), - LastActivityTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:05:30.000Z"); return t }()), - Owner: &armsecurityinsights.IncidentOwnerInfo{ - ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"), - }, - Severity: to.Ptr(armsecurityinsights.IncidentSeverityHigh), - Status: to.Ptr(armsecurityinsights.IncidentStatusClosed), - Title: to.Ptr("My incident"), - }, - }, nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res.Incident = armsecurityinsights.Incident{ - // Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"), - // Type: to.Ptr("Microsoft.SecurityInsights/incidents"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5"), - // Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0001\""), - // Properties: &armsecurityinsights.IncidentProperties{ - // Description: to.Ptr("This is a demo incident"), - // AdditionalData: &armsecurityinsights.IncidentAdditionalData{ - // AlertProductNames: []*string{ - // }, - // AlertsCount: to.Ptr[int32](0), - // BookmarksCount: to.Ptr[int32](0), - // CommentsCount: to.Ptr[int32](3), - // ProviderIncidentURL: to.Ptr("https://security.microsoft.com/incidents/3177?tid=5b5a146c-eba8-46af-96f8-e31b50d15a3f"), - // Tactics: []*armsecurityinsights.AttackTactic{ - // }, - // Techniques: []*string{ - // }, - // }, - // Classification: to.Ptr(armsecurityinsights.IncidentClassificationFalsePositive), - // ClassificationComment: to.Ptr("Not a malicious activity"), - // ClassificationReason: to.Ptr(armsecurityinsights.IncidentClassificationReasonIncorrectAlertLogic), - // CreatedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:15:30.000Z"); return t}()), - // FirstActivityTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:00:30.000Z"); return t}()), - // IncidentNumber: to.Ptr[int32](3177), - // IncidentURL: to.Ptr("https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5"), - // Labels: []*armsecurityinsights.IncidentLabel{ - // }, - // LastActivityTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:05:30.000Z"); return t}()), - // LastModifiedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:15:30.000Z"); return t}()), - // Owner: &armsecurityinsights.IncidentOwnerInfo{ - // AssignedTo: to.Ptr("john doe"), - // Email: to.Ptr("john.doe@contoso.com"), - // ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"), - // OwnerType: to.Ptr(armsecurityinsights.OwnerTypeUser), - // UserPrincipalName: to.Ptr("john@contoso.com"), - // }, - // ProviderIncidentID: to.Ptr("3177"), - // ProviderName: to.Ptr("Azure Sentinel"), - // RelatedAnalyticRuleIDs: []*string{ - // }, - // Severity: to.Ptr(armsecurityinsights.IncidentSeverityHigh), - // Status: to.Ptr(armsecurityinsights.IncidentStatusClosed), - // Title: to.Ptr("My incident"), - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/incidents/DeleteIncident.json -func ExampleIncidentsClient_Delete() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - _, err = clientFactory.NewIncidentsClient().Delete(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/incidents/CreateTeam.json -func ExampleIncidentsClient_CreateTeam() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewIncidentsClient().CreateTeam(ctx, "ambawolvese5resourcegroup", "AmbaE5WestCentralUS", "69a30280-6a4c-4aa7-9af0-5d63f335d600", armsecurityinsights.TeamProperties{ - TeamDescription: to.Ptr("Team description"), - TeamName: to.Ptr("Team name"), - }, nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res.TeamInformation = armsecurityinsights.TeamInformation{ - // Name: to.Ptr("Team name"), - // Description: to.Ptr("Team description"), - // PrimaryChannelURL: to.Ptr("https://teams.microsoft.com/l/team/19:80bf3b25485b4067b7d2dc4eec9e1578%40thread.tacv2/conversations?groupId=99978838-9bda-4ad4-8f93-4cf7ebc50ca5&tenantId=5b5a146c-eba8-46af-96f8-e31b50d15a3f"), - // TeamCreationTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-15T15:08:21.995Z"); return t}()), - // TeamID: to.Ptr("99978838-9bda-4ad4-8f93-4cf7ebc50ca5"), - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/incidents/GetAllIncidentAlerts.json -func ExampleIncidentsClient_ListAlerts() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewIncidentsClient().ListAlerts(ctx, "myRg", "myWorkspace", "afbd324f-6c48-459c-8710-8d1e1cd03812", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res.IncidentAlertList = armsecurityinsights.IncidentAlertList{ - // Value: []*armsecurityinsights.SecurityAlert{ - // { - // Name: to.Ptr("baa8a239-6fde-4ab7-a093-d09f7b75c58c"), - // Type: to.Ptr("Microsoft.SecurityInsights/Entities"), - // ID: to.Ptr("/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRG/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Entities/baa8a239-6fde-4ab7-a093-d09f7b75c58c"), - // Kind: to.Ptr(armsecurityinsights.EntityKindSecurityAlert), - // Properties: &armsecurityinsights.SecurityAlertProperties{ - // AdditionalData: map[string]any{ - // "AlertMessageEnqueueTime": "2020-07-20T18:21:57.304Z", - // }, - // FriendlyName: to.Ptr("myAlert"), - // AlertDisplayName: to.Ptr("myAlert"), - // AlertType: to.Ptr("myAlert"), - // ConfidenceLevel: to.Ptr(armsecurityinsights.ConfidenceLevelUnknown), - // EndTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-07-20T18:21:53.615Z"); return t}()), - // ProcessingEndTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-07-20T18:21:53.615Z"); return t}()), - // ProductName: to.Ptr("Azure Security Center"), - // ResourceIdentifiers: []any{ - // map[string]any{ - // "type": "LogAnalytics", - // "resourceGroup": "myRG", - // "subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a", - // "workspaceId": "c8c99641-985d-4e4e-8e91-fb3466cd0e5b", - // }}, - // Severity: to.Ptr(armsecurityinsights.AlertSeverityLow), - // StartTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-07-20T18:21:53.615Z"); return t}()), - // Status: to.Ptr(armsecurityinsights.AlertStatusNew), - // SystemAlertID: to.Ptr("baa8a239-6fde-4ab7-a093-d09f7b75c58c"), - // Tactics: []*armsecurityinsights.AttackTactic{ - // }, - // TimeGenerated: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-07-20T18:21:53.615Z"); return t}()), - // VendorName: to.Ptr("Microsoft"), - // }, - // }}, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/incidents/GetAllIncidentBookmarks.json -func ExampleIncidentsClient_ListBookmarks() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewIncidentsClient().ListBookmarks(ctx, "myRg", "myWorkspace", "afbd324f-6c48-459c-8710-8d1e1cd03812", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res.IncidentBookmarkList = armsecurityinsights.IncidentBookmarkList{ - // Value: []*armsecurityinsights.HuntingBookmark{ - // { - // Name: to.Ptr("afbd324f-6c48-459c-8710-8d1e1cd03812"), - // Type: to.Ptr("Microsoft.SecurityInsights/Entities"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/afbd324f-6c48-459c-8710-8d1e1cd03812"), - // Kind: to.Ptr(armsecurityinsights.EntityKindBookmark), - // Properties: &armsecurityinsights.HuntingBookmarkProperties{ - // AdditionalData: map[string]any{ - // "ETag": "\"3b00acab-0000-0d00-0000-5f15e4ed0000\"", - // "EntityId": "afbd324f-6c48-459c-8710-8d1e1cd03812", - // }, - // FriendlyName: to.Ptr("SecurityEvent - 868f40f4698d"), - // Created: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-06-17T15:34:01.426Z"); return t}()), - // CreatedBy: &armsecurityinsights.UserInfo{ - // Name: to.Ptr("user"), - // Email: to.Ptr("user@microsoft.com"), - // ObjectID: to.Ptr("b03ca914-5eb6-45e5-9417-fe0797c372fd"), - // }, - // DisplayName: to.Ptr("SecurityEvent - 868f40f4698d"), - // EventTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-06-17T15:34:01.426Z"); return t}()), - // Labels: []*string{ - // }, - // Query: to.Ptr("SecurityEvent\r\n| take 1\n"), - // QueryResult: to.Ptr("{\"TimeGenerated\":\"2020-05-24T01:24:25.67Z\",\"Account\":\"\\\\ADMINISTRATOR\",\"AccountType\":\"User\",\"Computer\":\"SecurityEvents\",\"EventSourceName\":\"Microsoft-Windows-Security-Auditing\",\"Channel\":\"Security\",\"Task\":12544,\"Level\":\"16\",\"EventID\":4625,\"Activity\":\"4625 - An account failed to log on.\",\"AuthenticationPackageName\":\"NTLM\",\"FailureReason\":\"%%2313\",\"IpAddress\":\"176.113.115.73\",\"IpPort\":\"0\",\"LmPackageName\":\"-\",\"LogonProcessName\":\"NtLmSsp \",\"LogonType\":3,\"LogonTypeName\":\"3 - Network\",\"Process\":\"-\",\"ProcessId\":\"0x0\",\"__entityMapping\":{\"\\\\ADMINISTRATOR\":\"Account\",\"SecurityEvents\":\"Host\"}}"), - // Updated: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-06-17T15:34:01.426Z"); return t}()), - // UpdatedBy: &armsecurityinsights.UserInfo{ - // Name: to.Ptr("user"), - // Email: to.Ptr("user@microsoft.com"), - // ObjectID: to.Ptr("b03ca914-5eb6-45e5-9417-fe0797c372fd"), - // }, - // }, - // }, - // { - // Name: to.Ptr("bbbd324f-6c48-459c-8710-8d1e1cd03812"), - // Type: to.Ptr("Microsoft.SecurityInsights/Entities"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/bbbd324f-6c48-459c-8710-8d1e1cd03812"), - // Kind: to.Ptr(armsecurityinsights.EntityKindBookmark), - // Properties: &armsecurityinsights.HuntingBookmarkProperties{ - // AdditionalData: map[string]any{ - // "ETag": "\"3b00acab-0000-0d00-0000-5f15e4ed0000\"", - // "EntityId": "afbd324f-6c48-459c-8710-8d1e1cd03812", - // }, - // FriendlyName: to.Ptr("SecurityEvent - 868f40f4698d"), - // Created: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-06-17T15:34:01.426Z"); return t}()), - // CreatedBy: &armsecurityinsights.UserInfo{ - // Name: to.Ptr("user"), - // Email: to.Ptr("user@microsoft.com"), - // ObjectID: to.Ptr("303ca914-5eb6-45e5-9417-fe0797c372fd"), - // }, - // DisplayName: to.Ptr("SecurityEvent - 868f40f4698d"), - // EventTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-06-17T15:34:01.426Z"); return t}()), - // Labels: []*string{ - // }, - // Query: to.Ptr("SecurityEvent\r\n| take 1\n"), - // QueryResult: to.Ptr("{\"TimeGenerated\":\"2020-05-24T01:24:25.67Z\",\"Account\":\"\\\\ADMINISTRATOR\",\"AccountType\":\"User\",\"Computer\":\"SecurityEvents\",\"EventSourceName\":\"Microsoft-Windows-Security-Auditing\",\"Channel\":\"Security\",\"Task\":12544,\"Level\":\"16\",\"EventID\":4625,\"Activity\":\"4625 - An account failed to log on.\",\"AuthenticationPackageName\":\"NTLM\",\"FailureReason\":\"%%2313\",\"IpAddress\":\"176.113.115.73\",\"IpPort\":\"0\",\"LmPackageName\":\"-\",\"LogonProcessName\":\"NtLmSsp \",\"LogonType\":3,\"LogonTypeName\":\"3 - Network\",\"Process\":\"-\",\"ProcessId\":\"0x0\",\"__entityMapping\":{\"\\\\ADMINISTRATOR\":\"Account\",\"SecurityEvents\":\"Host\"}}"), - // Updated: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-06-17T15:34:01.426Z"); return t}()), - // UpdatedBy: &armsecurityinsights.UserInfo{ - // Name: to.Ptr("user"), - // Email: to.Ptr("user@microsoft.com"), - // ObjectID: to.Ptr("b03ca914-5eb6-45e5-9417-fe0797c372fd"), - // }, - // }, - // }}, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/incidents/entities/GetAllIncidentEntities.json -func ExampleIncidentsClient_ListEntities() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewIncidentsClient().ListEntities(ctx, "myRg", "myWorkspace", "afbd324f-6c48-459c-8710-8d1e1cd03812", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res.IncidentEntitiesResponse = armsecurityinsights.IncidentEntitiesResponse{ - // Entities: []armsecurityinsights.EntityClassification{ - // &armsecurityinsights.AccountEntity{ - // Name: to.Ptr("e1d3d618-e11f-478b-98e3-bb381539a8e1"), - // Type: to.Ptr("Microsoft.SecurityInsights/Entities"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Entities/e1d3d618-e11f-478b-98e3-bb381539a8e1"), - // Kind: to.Ptr(armsecurityinsights.EntityKindAccount), - // Properties: &armsecurityinsights.AccountEntityProperties{ - // FriendlyName: to.Ptr("administrator"), - // AccountName: to.Ptr("administrator"), - // NtDomain: to.Ptr("domain"), - // }, - // }}, - // MetaData: []*armsecurityinsights.IncidentEntitiesResultsMetadata{ - // { - // Count: to.Ptr[int32](1), - // EntityKind: to.Ptr(armsecurityinsights.EntityKindAccount), - // }}, - // } -} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/entityqueries_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/incidenttasks_client.go similarity index 53% rename from sdk/resourcemanager/securityinsights/armsecurityinsights/entityqueries_client.go rename to sdk/resourcemanager/securityinsights/armsecurityinsights/incidenttasks_client.go index 7716fa1050ae..aaabc0c909bc 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/entityqueries_client.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/incidenttasks_client.go @@ -20,64 +20,65 @@ import ( "strings" ) -// EntityQueriesClient contains the methods for the EntityQueries group. -// Don't use this type directly, use NewEntityQueriesClient() instead. -type EntityQueriesClient struct { +// IncidentTasksClient contains the methods for the IncidentTasks group. +// Don't use this type directly, use NewIncidentTasksClient() instead. +type IncidentTasksClient struct { internal *arm.Client subscriptionID string } -// NewEntityQueriesClient creates a new instance of EntityQueriesClient with the specified values. -// - subscriptionID - The ID of the target subscription. +// NewIncidentTasksClient creates a new instance of IncidentTasksClient with the specified values. +// - subscriptionID - The ID of the target subscription. The value must be an UUID. // - credential - used to authorize requests. Usually a credential from azidentity. // - options - pass nil to accept the default values. -func NewEntityQueriesClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*EntityQueriesClient, error) { +func NewIncidentTasksClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*IncidentTasksClient, error) { cl, err := arm.NewClient(moduleName, moduleVersion, credential, options) if err != nil { return nil, err } - client := &EntityQueriesClient{ + client := &IncidentTasksClient{ subscriptionID: subscriptionID, internal: cl, } return client, nil } -// CreateOrUpdate - Creates or updates the entity query. +// CreateOrUpdate - Creates or updates the incident task. // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. -// - entityQueryID - entity query ID -// - entityQuery - The entity query we want to create or update -// - options - EntityQueriesClientCreateOrUpdateOptions contains the optional parameters for the EntityQueriesClient.CreateOrUpdate +// - incidentID - Incident ID +// - incidentTaskID - Incident task ID +// - incidentTask - The incident task +// - options - IncidentTasksClientCreateOrUpdateOptions contains the optional parameters for the IncidentTasksClient.CreateOrUpdate // method. -func (client *EntityQueriesClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, entityQueryID string, entityQuery CustomEntityQueryClassification, options *EntityQueriesClientCreateOrUpdateOptions) (EntityQueriesClientCreateOrUpdateResponse, error) { +func (client *IncidentTasksClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, incidentTaskID string, incidentTask IncidentTask, options *IncidentTasksClientCreateOrUpdateOptions) (IncidentTasksClientCreateOrUpdateResponse, error) { var err error - const operationName = "EntityQueriesClient.CreateOrUpdate" + const operationName = "IncidentTasksClient.CreateOrUpdate" ctx = context.WithValue(ctx, runtime.CtxAPINameKey{}, operationName) ctx, endSpan := runtime.StartSpan(ctx, operationName, client.internal.Tracer(), nil) defer func() { endSpan(err) }() - req, err := client.createOrUpdateCreateRequest(ctx, resourceGroupName, workspaceName, entityQueryID, entityQuery, options) + req, err := client.createOrUpdateCreateRequest(ctx, resourceGroupName, workspaceName, incidentID, incidentTaskID, incidentTask, options) if err != nil { - return EntityQueriesClientCreateOrUpdateResponse{}, err + return IncidentTasksClientCreateOrUpdateResponse{}, err } httpResp, err := client.internal.Pipeline().Do(req) if err != nil { - return EntityQueriesClientCreateOrUpdateResponse{}, err + return IncidentTasksClientCreateOrUpdateResponse{}, err } if !runtime.HasStatusCode(httpResp, http.StatusOK, http.StatusCreated) { err = runtime.NewResponseError(httpResp) - return EntityQueriesClientCreateOrUpdateResponse{}, err + return IncidentTasksClientCreateOrUpdateResponse{}, err } resp, err := client.createOrUpdateHandleResponse(httpResp) return resp, err } // createOrUpdateCreateRequest creates the CreateOrUpdate request. -func (client *EntityQueriesClient) createOrUpdateCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, entityQueryID string, entityQuery CustomEntityQueryClassification, options *EntityQueriesClientCreateOrUpdateOptions) (*policy.Request, error) { - urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueries/{entityQueryId}" +func (client *IncidentTasksClient) createOrUpdateCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, incidentTaskID string, incidentTask IncidentTask, options *IncidentTasksClientCreateOrUpdateOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/tasks/{incidentTaskId}" if client.subscriptionID == "" { return nil, errors.New("parameter client.subscriptionID cannot be empty") } @@ -90,65 +91,70 @@ func (client *EntityQueriesClient) createOrUpdateCreateRequest(ctx context.Conte return nil, errors.New("parameter workspaceName cannot be empty") } urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) - if entityQueryID == "" { - return nil, errors.New("parameter entityQueryID cannot be empty") + if incidentID == "" { + return nil, errors.New("parameter incidentID cannot be empty") } - urlPath = strings.ReplaceAll(urlPath, "{entityQueryId}", url.PathEscape(entityQueryID)) + urlPath = strings.ReplaceAll(urlPath, "{incidentId}", url.PathEscape(incidentID)) + if incidentTaskID == "" { + return nil, errors.New("parameter incidentTaskID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{incidentTaskId}", url.PathEscape(incidentTaskID)) req, err := runtime.NewRequest(ctx, http.MethodPut, runtime.JoinPaths(client.internal.Endpoint(), urlPath)) if err != nil { return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} - if err := runtime.MarshalAsJSON(req, entityQuery); err != nil { + if err := runtime.MarshalAsJSON(req, incidentTask); err != nil { return nil, err } return req, nil } // createOrUpdateHandleResponse handles the CreateOrUpdate response. -func (client *EntityQueriesClient) createOrUpdateHandleResponse(resp *http.Response) (EntityQueriesClientCreateOrUpdateResponse, error) { - result := EntityQueriesClientCreateOrUpdateResponse{} - if err := runtime.UnmarshalAsJSON(resp, &result); err != nil { - return EntityQueriesClientCreateOrUpdateResponse{}, err +func (client *IncidentTasksClient) createOrUpdateHandleResponse(resp *http.Response) (IncidentTasksClientCreateOrUpdateResponse, error) { + result := IncidentTasksClientCreateOrUpdateResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result.IncidentTask); err != nil { + return IncidentTasksClientCreateOrUpdateResponse{}, err } return result, nil } -// Delete - Delete the entity query. +// Delete - Delete the incident task. // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. -// - entityQueryID - entity query ID -// - options - EntityQueriesClientDeleteOptions contains the optional parameters for the EntityQueriesClient.Delete method. -func (client *EntityQueriesClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, entityQueryID string, options *EntityQueriesClientDeleteOptions) (EntityQueriesClientDeleteResponse, error) { +// - incidentID - Incident ID +// - incidentTaskID - Incident task ID +// - options - IncidentTasksClientDeleteOptions contains the optional parameters for the IncidentTasksClient.Delete method. +func (client *IncidentTasksClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, incidentTaskID string, options *IncidentTasksClientDeleteOptions) (IncidentTasksClientDeleteResponse, error) { var err error - const operationName = "EntityQueriesClient.Delete" + const operationName = "IncidentTasksClient.Delete" ctx = context.WithValue(ctx, runtime.CtxAPINameKey{}, operationName) ctx, endSpan := runtime.StartSpan(ctx, operationName, client.internal.Tracer(), nil) defer func() { endSpan(err) }() - req, err := client.deleteCreateRequest(ctx, resourceGroupName, workspaceName, entityQueryID, options) + req, err := client.deleteCreateRequest(ctx, resourceGroupName, workspaceName, incidentID, incidentTaskID, options) if err != nil { - return EntityQueriesClientDeleteResponse{}, err + return IncidentTasksClientDeleteResponse{}, err } httpResp, err := client.internal.Pipeline().Do(req) if err != nil { - return EntityQueriesClientDeleteResponse{}, err + return IncidentTasksClientDeleteResponse{}, err } if !runtime.HasStatusCode(httpResp, http.StatusOK, http.StatusNoContent) { err = runtime.NewResponseError(httpResp) - return EntityQueriesClientDeleteResponse{}, err + return IncidentTasksClientDeleteResponse{}, err } - return EntityQueriesClientDeleteResponse{}, nil + return IncidentTasksClientDeleteResponse{}, nil } // deleteCreateRequest creates the Delete request. -func (client *EntityQueriesClient) deleteCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, entityQueryID string, options *EntityQueriesClientDeleteOptions) (*policy.Request, error) { - urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueries/{entityQueryId}" +func (client *IncidentTasksClient) deleteCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, incidentTaskID string, options *IncidentTasksClientDeleteOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/tasks/{incidentTaskId}" if client.subscriptionID == "" { return nil, errors.New("parameter client.subscriptionID cannot be empty") } @@ -161,54 +167,59 @@ func (client *EntityQueriesClient) deleteCreateRequest(ctx context.Context, reso return nil, errors.New("parameter workspaceName cannot be empty") } urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) - if entityQueryID == "" { - return nil, errors.New("parameter entityQueryID cannot be empty") + if incidentID == "" { + return nil, errors.New("parameter incidentID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{incidentId}", url.PathEscape(incidentID)) + if incidentTaskID == "" { + return nil, errors.New("parameter incidentTaskID cannot be empty") } - urlPath = strings.ReplaceAll(urlPath, "{entityQueryId}", url.PathEscape(entityQueryID)) + urlPath = strings.ReplaceAll(urlPath, "{incidentTaskId}", url.PathEscape(incidentTaskID)) req, err := runtime.NewRequest(ctx, http.MethodDelete, runtime.JoinPaths(client.internal.Endpoint(), urlPath)) if err != nil { return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil } -// Get - Gets an entity query. +// Get - Gets an incident task. // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. -// - entityQueryID - entity query ID -// - options - EntityQueriesClientGetOptions contains the optional parameters for the EntityQueriesClient.Get method. -func (client *EntityQueriesClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, entityQueryID string, options *EntityQueriesClientGetOptions) (EntityQueriesClientGetResponse, error) { +// - incidentID - Incident ID +// - incidentTaskID - Incident task ID +// - options - IncidentTasksClientGetOptions contains the optional parameters for the IncidentTasksClient.Get method. +func (client *IncidentTasksClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, incidentTaskID string, options *IncidentTasksClientGetOptions) (IncidentTasksClientGetResponse, error) { var err error - const operationName = "EntityQueriesClient.Get" + const operationName = "IncidentTasksClient.Get" ctx = context.WithValue(ctx, runtime.CtxAPINameKey{}, operationName) ctx, endSpan := runtime.StartSpan(ctx, operationName, client.internal.Tracer(), nil) defer func() { endSpan(err) }() - req, err := client.getCreateRequest(ctx, resourceGroupName, workspaceName, entityQueryID, options) + req, err := client.getCreateRequest(ctx, resourceGroupName, workspaceName, incidentID, incidentTaskID, options) if err != nil { - return EntityQueriesClientGetResponse{}, err + return IncidentTasksClientGetResponse{}, err } httpResp, err := client.internal.Pipeline().Do(req) if err != nil { - return EntityQueriesClientGetResponse{}, err + return IncidentTasksClientGetResponse{}, err } if !runtime.HasStatusCode(httpResp, http.StatusOK) { err = runtime.NewResponseError(httpResp) - return EntityQueriesClientGetResponse{}, err + return IncidentTasksClientGetResponse{}, err } resp, err := client.getHandleResponse(httpResp) return resp, err } // getCreateRequest creates the Get request. -func (client *EntityQueriesClient) getCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, entityQueryID string, options *EntityQueriesClientGetOptions) (*policy.Request, error) { - urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueries/{entityQueryId}" +func (client *IncidentTasksClient) getCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, incidentTaskID string, options *IncidentTasksClientGetOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/tasks/{incidentTaskId}" if client.subscriptionID == "" { return nil, errors.New("parameter client.subscriptionID cannot be empty") } @@ -221,52 +232,57 @@ func (client *EntityQueriesClient) getCreateRequest(ctx context.Context, resourc return nil, errors.New("parameter workspaceName cannot be empty") } urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) - if entityQueryID == "" { - return nil, errors.New("parameter entityQueryID cannot be empty") + if incidentID == "" { + return nil, errors.New("parameter incidentID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{incidentId}", url.PathEscape(incidentID)) + if incidentTaskID == "" { + return nil, errors.New("parameter incidentTaskID cannot be empty") } - urlPath = strings.ReplaceAll(urlPath, "{entityQueryId}", url.PathEscape(entityQueryID)) + urlPath = strings.ReplaceAll(urlPath, "{incidentTaskId}", url.PathEscape(incidentTaskID)) req, err := runtime.NewRequest(ctx, http.MethodGet, runtime.JoinPaths(client.internal.Endpoint(), urlPath)) if err != nil { return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil } // getHandleResponse handles the Get response. -func (client *EntityQueriesClient) getHandleResponse(resp *http.Response) (EntityQueriesClientGetResponse, error) { - result := EntityQueriesClientGetResponse{} - if err := runtime.UnmarshalAsJSON(resp, &result); err != nil { - return EntityQueriesClientGetResponse{}, err +func (client *IncidentTasksClient) getHandleResponse(resp *http.Response) (IncidentTasksClientGetResponse, error) { + result := IncidentTasksClientGetResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result.IncidentTask); err != nil { + return IncidentTasksClientGetResponse{}, err } return result, nil } -// NewListPager - Gets all entity queries. +// NewListPager - Gets all incident tasks. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. -// - options - EntityQueriesClientListOptions contains the optional parameters for the EntityQueriesClient.NewListPager method. -func (client *EntityQueriesClient) NewListPager(resourceGroupName string, workspaceName string, options *EntityQueriesClientListOptions) *runtime.Pager[EntityQueriesClientListResponse] { - return runtime.NewPager(runtime.PagingHandler[EntityQueriesClientListResponse]{ - More: func(page EntityQueriesClientListResponse) bool { +// - incidentID - Incident ID +// - options - IncidentTasksClientListOptions contains the optional parameters for the IncidentTasksClient.NewListPager method. +func (client *IncidentTasksClient) NewListPager(resourceGroupName string, workspaceName string, incidentID string, options *IncidentTasksClientListOptions) *runtime.Pager[IncidentTasksClientListResponse] { + return runtime.NewPager(runtime.PagingHandler[IncidentTasksClientListResponse]{ + More: func(page IncidentTasksClientListResponse) bool { return page.NextLink != nil && len(*page.NextLink) > 0 }, - Fetcher: func(ctx context.Context, page *EntityQueriesClientListResponse) (EntityQueriesClientListResponse, error) { - ctx = context.WithValue(ctx, runtime.CtxAPINameKey{}, "EntityQueriesClient.NewListPager") + Fetcher: func(ctx context.Context, page *IncidentTasksClientListResponse) (IncidentTasksClientListResponse, error) { + ctx = context.WithValue(ctx, runtime.CtxAPINameKey{}, "IncidentTasksClient.NewListPager") nextLink := "" if page != nil { nextLink = *page.NextLink } resp, err := runtime.FetcherForNextLink(ctx, client.internal.Pipeline(), nextLink, func(ctx context.Context) (*policy.Request, error) { - return client.listCreateRequest(ctx, resourceGroupName, workspaceName, options) + return client.listCreateRequest(ctx, resourceGroupName, workspaceName, incidentID, options) }, nil) if err != nil { - return EntityQueriesClientListResponse{}, err + return IncidentTasksClientListResponse{}, err } return client.listHandleResponse(resp) }, @@ -275,8 +291,8 @@ func (client *EntityQueriesClient) NewListPager(resourceGroupName string, worksp } // listCreateRequest creates the List request. -func (client *EntityQueriesClient) listCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, options *EntityQueriesClientListOptions) (*policy.Request, error) { - urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueries" +func (client *IncidentTasksClient) listCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, options *IncidentTasksClientListOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/tasks" if client.subscriptionID == "" { return nil, errors.New("parameter client.subscriptionID cannot be empty") } @@ -289,25 +305,26 @@ func (client *EntityQueriesClient) listCreateRequest(ctx context.Context, resour return nil, errors.New("parameter workspaceName cannot be empty") } urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) + if incidentID == "" { + return nil, errors.New("parameter incidentID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{incidentId}", url.PathEscape(incidentID)) req, err := runtime.NewRequest(ctx, http.MethodGet, runtime.JoinPaths(client.internal.Endpoint(), urlPath)) if err != nil { return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") - if options != nil && options.Kind != nil { - reqQP.Set("kind", string(*options.Kind)) - } + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil } // listHandleResponse handles the List response. -func (client *EntityQueriesClient) listHandleResponse(resp *http.Response) (EntityQueriesClientListResponse, error) { - result := EntityQueriesClientListResponse{} - if err := runtime.UnmarshalAsJSON(resp, &result.EntityQueryList); err != nil { - return EntityQueriesClientListResponse{}, err +func (client *IncidentTasksClient) listHandleResponse(resp *http.Response) (IncidentTasksClientListResponse, error) { + result := IncidentTasksClientListResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result.IncidentTaskList); err != nil { + return IncidentTasksClientListResponse{}, err } return result, nil } diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/interfaces.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/interfaces.go index 34b3a60002c9..ce9983471849 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/interfaces.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/interfaces.go @@ -11,8 +11,7 @@ package armsecurityinsights // AlertRuleClassification provides polymorphic access to related types. // Call the interface's GetAlertRule() method to access the common type. // Use a type switch to determine the concrete type. The possible types are: -// - *AlertRule, *FusionAlertRule, *MLBehaviorAnalyticsAlertRule, *MicrosoftSecurityIncidentCreationAlertRule, *NrtAlertRule, -// - *ScheduledAlertRule, *ThreatIntelligenceAlertRule +// - *AlertRule, *FusionAlertRule, *MicrosoftSecurityIncidentCreationAlertRule, *ScheduledAlertRule type AlertRuleClassification interface { // GetAlertRule returns the AlertRule content of the underlying type. GetAlertRule() *AlertRule @@ -21,8 +20,7 @@ type AlertRuleClassification interface { // AlertRuleTemplateClassification provides polymorphic access to related types. // Call the interface's GetAlertRuleTemplate() method to access the common type. // Use a type switch to determine the concrete type. The possible types are: -// - *AlertRuleTemplate, *FusionAlertRuleTemplate, *MLBehaviorAnalyticsAlertRuleTemplate, *MicrosoftSecurityIncidentCreationAlertRuleTemplate, -// - *NrtAlertRuleTemplate, *ScheduledAlertRuleTemplate, *ThreatIntelligenceAlertRuleTemplate +// - *AlertRuleTemplate, *FusionAlertRuleTemplate, *MicrosoftSecurityIncidentCreationAlertRuleTemplate, *ScheduledAlertRuleTemplate type AlertRuleTemplateClassification interface { // GetAlertRuleTemplate returns the AlertRuleTemplate content of the underlying type. GetAlertRuleTemplate() *AlertRuleTemplate @@ -31,7 +29,7 @@ type AlertRuleTemplateClassification interface { // AutomationRuleActionClassification provides polymorphic access to related types. // Call the interface's GetAutomationRuleAction() method to access the common type. // Use a type switch to determine the concrete type. The possible types are: -// - *AutomationRuleAction, *AutomationRuleModifyPropertiesAction, *AutomationRuleRunPlaybookAction +// - *AutomationRuleAction, *AutomationRuleAddIncidentTaskAction, *AutomationRuleModifyPropertiesAction, *AutomationRuleRunPlaybookAction type AutomationRuleActionClassification interface { // GetAutomationRuleAction returns the AutomationRuleAction content of the underlying type. GetAutomationRuleAction() *AutomationRuleAction @@ -47,37 +45,34 @@ type AutomationRuleConditionClassification interface { GetAutomationRuleCondition() *AutomationRuleCondition } -// CustomEntityQueryClassification provides polymorphic access to related types. -// Call the interface's GetCustomEntityQuery() method to access the common type. +// CcpAuthConfigClassification provides polymorphic access to related types. +// Call the interface's GetCcpAuthConfig() method to access the common type. // Use a type switch to determine the concrete type. The possible types are: -// - *ActivityCustomEntityQuery, *CustomEntityQuery -type CustomEntityQueryClassification interface { - // GetCustomEntityQuery returns the CustomEntityQuery content of the underlying type. - GetCustomEntityQuery() *CustomEntityQuery +// - *APIKeyAuthModel, *AWSAuthModel, *BasicAuthModel, *CcpAuthConfig, *GCPAuthModel, *GenericBlobSbsAuthModel, *GitHubAuthModel, +// - *JwtAuthModel, *NoneAuthModel, *OAuthModel, *OracleAuthModel, *SessionAuthModel +type CcpAuthConfigClassification interface { + // GetCcpAuthConfig returns the CcpAuthConfig content of the underlying type. + GetCcpAuthConfig() *CcpAuthConfig } // DataConnectorClassification provides polymorphic access to related types. // Call the interface's GetDataConnector() method to access the common type. // Use a type switch to determine the concrete type. The possible types are: -// - *AADDataConnector, *AATPDataConnector, *ASCDataConnector, *AwsCloudTrailDataConnector, *AwsS3DataConnector, *CodelessAPIPollingDataConnector, -// - *CodelessUIDataConnector, *DataConnector, *Dynamics365DataConnector, *IoTDataConnector, *MCASDataConnector, *MDATPDataConnector, -// - *MSTIDataConnector, *MTPDataConnector, *Office365ProjectDataConnector, *OfficeATPDataConnector, *OfficeDataConnector, -// - *OfficeIRMDataConnector, *OfficePowerBIDataConnector, *TIDataConnector, *TiTaxiiDataConnector +// - *AADDataConnector, *AATPDataConnector, *ASCDataConnector, *AwsCloudTrailDataConnector, *DataConnector, *MCASDataConnector, +// - *MDATPDataConnector, *MSTIDataConnector, *OfficeDataConnector, *PremiumMicrosoftDefenderForThreatIntelligence, *RestAPIPollerDataConnector, +// - *TIDataConnector type DataConnectorClassification interface { // GetDataConnector returns the DataConnector content of the underlying type. GetDataConnector() *DataConnector } -// DataConnectorsCheckRequirementsClassification provides polymorphic access to related types. -// Call the interface's GetDataConnectorsCheckRequirements() method to access the common type. +// DataConnectorDefinitionClassification provides polymorphic access to related types. +// Call the interface's GetDataConnectorDefinition() method to access the common type. // Use a type switch to determine the concrete type. The possible types are: -// - *AADCheckRequirements, *AATPCheckRequirements, *ASCCheckRequirements, *AwsCloudTrailCheckRequirements, *AwsS3CheckRequirements, -// - *DataConnectorsCheckRequirements, *Dynamics365CheckRequirements, *IoTCheckRequirements, *MCASCheckRequirements, *MDATPCheckRequirements, -// - *MSTICheckRequirements, *MtpCheckRequirements, *Office365ProjectCheckRequirements, *OfficeATPCheckRequirements, *OfficeIRMCheckRequirements, -// - *OfficePowerBICheckRequirements, *TICheckRequirements, *TiTaxiiCheckRequirements -type DataConnectorsCheckRequirementsClassification interface { - // GetDataConnectorsCheckRequirements returns the DataConnectorsCheckRequirements content of the underlying type. - GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements +// - *CustomizableConnectorDefinition, *DataConnectorDefinition +type DataConnectorDefinitionClassification interface { + // GetDataConnectorDefinition returns the DataConnectorDefinition content of the underlying type. + GetDataConnectorDefinition() *DataConnectorDefinition } // EntityClassification provides polymorphic access to related types. @@ -85,49 +80,13 @@ type DataConnectorsCheckRequirementsClassification interface { // Use a type switch to determine the concrete type. The possible types are: // - *AccountEntity, *AzureResourceEntity, *CloudApplicationEntity, *DNSEntity, *Entity, *FileEntity, *FileHashEntity, *HostEntity, // - *HuntingBookmark, *IPEntity, *IoTDeviceEntity, *MailClusterEntity, *MailMessageEntity, *MailboxEntity, *MalwareEntity, -// - *NicEntity, *ProcessEntity, *RegistryKeyEntity, *RegistryValueEntity, *SecurityAlert, *SecurityGroupEntity, *SubmissionMailEntity, +// - *ProcessEntity, *RegistryKeyEntity, *RegistryValueEntity, *SecurityAlert, *SecurityGroupEntity, *SubmissionMailEntity, // - *URLEntity type EntityClassification interface { // GetEntity returns the Entity content of the underlying type. GetEntity() *Entity } -// EntityQueryClassification provides polymorphic access to related types. -// Call the interface's GetEntityQuery() method to access the common type. -// Use a type switch to determine the concrete type. The possible types are: -// - *ActivityEntityQuery, *EntityQuery, *ExpansionEntityQuery -type EntityQueryClassification interface { - // GetEntityQuery returns the EntityQuery content of the underlying type. - GetEntityQuery() *EntityQuery -} - -// EntityQueryItemClassification provides polymorphic access to related types. -// Call the interface's GetEntityQueryItem() method to access the common type. -// Use a type switch to determine the concrete type. The possible types are: -// - *EntityQueryItem, *InsightQueryItem -type EntityQueryItemClassification interface { - // GetEntityQueryItem returns the EntityQueryItem content of the underlying type. - GetEntityQueryItem() *EntityQueryItem -} - -// EntityQueryTemplateClassification provides polymorphic access to related types. -// Call the interface's GetEntityQueryTemplate() method to access the common type. -// Use a type switch to determine the concrete type. The possible types are: -// - *ActivityEntityQueryTemplate, *EntityQueryTemplate -type EntityQueryTemplateClassification interface { - // GetEntityQueryTemplate returns the EntityQueryTemplate content of the underlying type. - GetEntityQueryTemplate() *EntityQueryTemplate -} - -// EntityTimelineItemClassification provides polymorphic access to related types. -// Call the interface's GetEntityTimelineItem() method to access the common type. -// Use a type switch to determine the concrete type. The possible types are: -// - *ActivityTimelineItem, *AnomalyTimelineItem, *BookmarkTimelineItem, *EntityTimelineItem, *SecurityAlertTimelineItem -type EntityTimelineItemClassification interface { - // GetEntityTimelineItem returns the EntityTimelineItem content of the underlying type. - GetEntityTimelineItem() *EntityTimelineItem -} - // SecurityMLAnalyticsSettingClassification provides polymorphic access to related types. // Call the interface's GetSecurityMLAnalyticsSetting() method to access the common type. // Use a type switch to determine the concrete type. The possible types are: @@ -137,15 +96,6 @@ type SecurityMLAnalyticsSettingClassification interface { GetSecurityMLAnalyticsSetting() *SecurityMLAnalyticsSetting } -// SettingsClassification provides polymorphic access to related types. -// Call the interface's GetSettings() method to access the common type. -// Use a type switch to determine the concrete type. The possible types are: -// - *Anomalies, *EntityAnalytics, *EyesOn, *Settings, *Ueba -type SettingsClassification interface { - // GetSettings returns the Settings content of the underlying type. - GetSettings() *Settings -} - // ThreatIntelligenceInformationClassification provides polymorphic access to related types. // Call the interface's GetThreatIntelligenceInformation() method to access the common type. // Use a type switch to determine the concrete type. The possible types are: diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/ipgeodata_client_example_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/ipgeodata_client_example_test.go deleted file mode 100644 index 0a0dbcc5ad45..000000000000 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/ipgeodata_client_example_test.go +++ /dev/null @@ -1,56 +0,0 @@ -//go:build go1.18 -// +build go1.18 - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See License.txt in the project root for license information. -// Code generated by Microsoft (R) AutoRest Code Generator. -// Changes may cause incorrect behavior and will be lost if the code is regenerated. -// DO NOT EDIT. - -package armsecurityinsights_test - -import ( - "context" - "log" - - "github.com/Azure/azure-sdk-for-go/sdk/azidentity" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" -) - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/enrichment/GetGeodataByIp.json -func ExampleIPGeodataClient_Get() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewIPGeodataClient().Get(ctx, "myRg", "1.2.3.4", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res.EnrichmentIPGeodata = armsecurityinsights.EnrichmentIPGeodata{ - // Asn: to.Ptr("12345"), - // Carrier: to.Ptr("Microsoft"), - // City: to.Ptr("Redmond"), - // CityCf: to.Ptr[int32](90), - // Continent: to.Ptr("north america"), - // Country: to.Ptr("united states"), - // CountryCf: to.Ptr[int32](99), - // IPAddr: to.Ptr("1.2.3.4"), - // IPRoutingType: to.Ptr("fixed"), - // Latitude: to.Ptr("40.2436"), - // Longitude: to.Ptr("-100.8891"), - // Organization: to.Ptr("Microsoft"), - // OrganizationType: to.Ptr("tech"), - // Region: to.Ptr("western usa"), - // State: to.Ptr("washington"), - // StateCode: to.Ptr("wa"), - // } -} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/metadata_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/metadata_client.go index 5ea8e0c8c51c..1573caefe8e9 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/metadata_client.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/metadata_client.go @@ -29,7 +29,7 @@ type MetadataClient struct { } // NewMetadataClient creates a new instance of MetadataClient with the specified values. -// - subscriptionID - The ID of the target subscription. +// - subscriptionID - The ID of the target subscription. The value must be an UUID. // - credential - used to authorize requests. Usually a credential from azidentity. // - options - pass nil to accept the default values. func NewMetadataClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*MetadataClient, error) { @@ -47,7 +47,7 @@ func NewMetadataClient(subscriptionID string, credential azcore.TokenCredential, // Create - Create a Metadata. // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. // - metadataName - The Metadata name. @@ -99,7 +99,7 @@ func (client *MetadataClient) createCreateRequest(ctx context.Context, resourceG return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} if err := runtime.MarshalAsJSON(req, metadata); err != nil { @@ -120,7 +120,7 @@ func (client *MetadataClient) createHandleResponse(resp *http.Response) (Metadat // Delete - Delete a Metadata. // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. // - metadataName - The Metadata name. @@ -170,7 +170,7 @@ func (client *MetadataClient) deleteCreateRequest(ctx context.Context, resourceG return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil @@ -179,7 +179,7 @@ func (client *MetadataClient) deleteCreateRequest(ctx context.Context, resourceG // Get - Get a Metadata. // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. // - metadataName - The Metadata name. @@ -230,7 +230,7 @@ func (client *MetadataClient) getCreateRequest(ctx context.Context, resourceGrou return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil @@ -247,7 +247,7 @@ func (client *MetadataClient) getHandleResponse(resp *http.Response) (MetadataCl // NewListPager - List of all metadata // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. // - options - MetadataClientListOptions contains the optional parameters for the MetadataClient.NewListPager method. @@ -306,7 +306,7 @@ func (client *MetadataClient) listCreateRequest(ctx context.Context, resourceGro if options != nil && options.Top != nil { reqQP.Set("$top", strconv.FormatInt(int64(*options.Top), 10)) } - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil @@ -324,7 +324,7 @@ func (client *MetadataClient) listHandleResponse(resp *http.Response) (MetadataC // Update - Update an existing Metadata. // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. // - metadataName - The Metadata name. @@ -376,7 +376,7 @@ func (client *MetadataClient) updateCreateRequest(ctx context.Context, resourceG return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} if err := runtime.MarshalAsJSON(req, metadataPatch); err != nil { diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/metadata_client_example_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/metadata_client_example_test.go deleted file mode 100644 index c414d062409d..000000000000 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/metadata_client_example_test.go +++ /dev/null @@ -1,541 +0,0 @@ -//go:build go1.18 -// +build go1.18 - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See License.txt in the project root for license information. -// Code generated by Microsoft (R) AutoRest Code Generator. -// Changes may cause incorrect behavior and will be lost if the code is regenerated. -// DO NOT EDIT. - -package armsecurityinsights_test - -import ( - "context" - "log" - - "time" - - "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" - "github.com/Azure/azure-sdk-for-go/sdk/azidentity" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" -) - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/metadata/GetAllMetadataOData.json -func ExampleMetadataClient_NewListPager_getAllMetadataWithODataFilterOrderbySkipTop() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - pager := clientFactory.NewMetadataClient().NewListPager("myRg", "myWorkspace", &armsecurityinsights.MetadataClientListOptions{Filter: nil, - Orderby: nil, - Top: nil, - Skip: nil, - }) - for pager.More() { - page, err := pager.NextPage(ctx) - if err != nil { - log.Fatalf("failed to advance page: %v", err) - } - for _, v := range page.Value { - // You could use page here. We use blank identifier for just demo purposes. - _ = v - } - // If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // page.MetadataList = armsecurityinsights.MetadataList{ - // Value: []*armsecurityinsights.MetadataModel{ - // { - // Name: to.Ptr("metadataName1"), - // Type: to.Ptr("Microsoft.SecurityInsights/metadata"), - // ID: to.Ptr("/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName1"), - // Properties: &armsecurityinsights.MetadataProperties{ - // ContentID: to.Ptr("c00ee137-7475-47c8-9cce-ec6f0f1bedd0"), - // Kind: to.Ptr(armsecurityinsights.KindAnalyticsRule), - // ParentID: to.Ptr("/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName1"), - // Source: &armsecurityinsights.MetadataSource{ - // Name: to.Ptr("Contoso Solution 1.0"), - // Kind: to.Ptr(armsecurityinsights.SourceKindSolution), - // SourceID: to.Ptr("b688a130-76f4-4a07-bf57-762222a3cadf"), - // }, - // Version: to.Ptr("1.0.0.0"), - // }, - // }, - // { - // Name: to.Ptr("metadataName2"), - // Type: to.Ptr("Microsoft.SecurityInsights/metadata"), - // ID: to.Ptr("/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName2"), - // Properties: &armsecurityinsights.MetadataProperties{ - // ContentID: to.Ptr("f5160682-0e10-4e23-8fcf-df3df49c5522"), - // Kind: to.Ptr(armsecurityinsights.KindAnalyticsRule), - // ParentID: to.Ptr("/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName2"), - // Source: &armsecurityinsights.MetadataSource{ - // Name: to.Ptr("Contoso Solution 1.0"), - // Kind: to.Ptr(armsecurityinsights.SourceKindSolution), - // SourceID: to.Ptr("b688a130-76f4-4a07-bf57-762222a3cadf"), - // }, - // Version: to.Ptr("1.0.0.0"), - // }, - // }}, - // } - } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/metadata/GetAllMetadata.json -func ExampleMetadataClient_NewListPager_getAllMetadata() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - pager := clientFactory.NewMetadataClient().NewListPager("myRg", "myWorkspace", &armsecurityinsights.MetadataClientListOptions{Filter: nil, - Orderby: nil, - Top: nil, - Skip: nil, - }) - for pager.More() { - page, err := pager.NextPage(ctx) - if err != nil { - log.Fatalf("failed to advance page: %v", err) - } - for _, v := range page.Value { - // You could use page here. We use blank identifier for just demo purposes. - _ = v - } - // If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // page.MetadataList = armsecurityinsights.MetadataList{ - // Value: []*armsecurityinsights.MetadataModel{ - // { - // Name: to.Ptr("metadataName1"), - // Type: to.Ptr("Microsoft.SecurityInsights/metadata"), - // ID: to.Ptr("/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName1"), - // Properties: &armsecurityinsights.MetadataProperties{ - // ContentID: to.Ptr("c00ee137-7475-47c8-9cce-ec6f0f1bedd0"), - // Kind: to.Ptr(armsecurityinsights.KindAnalyticsRule), - // ParentID: to.Ptr("/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName"), - // Source: &armsecurityinsights.MetadataSource{ - // Name: to.Ptr("Contoso Solution 1.0"), - // Kind: to.Ptr(armsecurityinsights.SourceKindSolution), - // SourceID: to.Ptr("b688a130-76f4-4a07-bf57-762222a3cadf"), - // }, - // Version: to.Ptr("1.0.0.0"), - // }, - // }, - // { - // Name: to.Ptr("metadataName2"), - // Type: to.Ptr("Microsoft.SecurityInsights/metadata"), - // ID: to.Ptr("/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName2"), - // Properties: &armsecurityinsights.MetadataProperties{ - // ContentID: to.Ptr("f5160682-0e10-4e23-8fcf-df3df49c5522"), - // Kind: to.Ptr(armsecurityinsights.KindAnalyticsRule), - // ParentID: to.Ptr("/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName2"), - // Source: &armsecurityinsights.MetadataSource{ - // Name: to.Ptr("Contoso Solution 1.0"), - // Kind: to.Ptr(armsecurityinsights.SourceKindSolution), - // SourceID: to.Ptr("b688a130-76f4-4a07-bf57-762222a3cadf"), - // }, - // Version: to.Ptr("1.0.0.0"), - // }, - // }, - // { - // Name: to.Ptr("metadataName3"), - // Type: to.Ptr("Microsoft.SecurityInsights/metadata"), - // ID: to.Ptr("/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.Insights/workbooks/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName3"), - // Properties: &armsecurityinsights.MetadataProperties{ - // ContentID: to.Ptr("f593501d-ec01-4057-8146-a1de35c461ef"), - // Kind: to.Ptr(armsecurityinsights.KindWorkbook), - // ParentID: to.Ptr("/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.Insights/workbooks/workbookName"), - // Source: &armsecurityinsights.MetadataSource{ - // Name: to.Ptr("Contoso Solution 1.0"), - // Kind: to.Ptr(armsecurityinsights.SourceKindSolution), - // SourceID: to.Ptr("b688a130-76f4-4a07-bf57-762222a3cadf"), - // }, - // Version: to.Ptr("1.0.0.0"), - // }, - // }}, - // } - } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/metadata/GetMetadata.json -func ExampleMetadataClient_Get() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewMetadataClient().Get(ctx, "myRg", "myWorkspace", "metadataName", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res.MetadataModel = armsecurityinsights.MetadataModel{ - // Name: to.Ptr("metadataName"), - // Type: to.Ptr("Microsoft.SecurityInsights/metadata"), - // ID: to.Ptr("/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName"), - // Properties: &armsecurityinsights.MetadataProperties{ - // Author: &armsecurityinsights.MetadataAuthor{ - // Name: to.Ptr("User Name"), - // Email: to.Ptr("email@microsoft.com"), - // }, - // Categories: &armsecurityinsights.MetadataCategories{ - // Domains: []*string{ - // to.Ptr("Application"), - // to.Ptr("Security – Insider Threat")}, - // Verticals: []*string{ - // to.Ptr("Healthcare")}, - // }, - // ContentID: to.Ptr("c00ee137-7475-47c8-9cce-ec6f0f1bedd0"), - // ContentSchemaVersion: to.Ptr("2.0"), - // CustomVersion: to.Ptr("1.0"), - // Dependencies: &armsecurityinsights.MetadataDependencies{ - // Criteria: []*armsecurityinsights.MetadataDependencies{ - // { - // Criteria: []*armsecurityinsights.MetadataDependencies{ - // { - // ContentID: to.Ptr("045d06d0-ee72-4794-aba4-cf5646e4c756"), - // Kind: to.Ptr(armsecurityinsights.KindDataConnector), - // }, - // { - // ContentID: to.Ptr("dbfcb2cc-d782-40ef-8d94-fe7af58a6f2d"), - // Kind: to.Ptr(armsecurityinsights.KindDataConnector), - // }, - // { - // ContentID: to.Ptr("de4dca9b-eb37-47d6-a56f-b8b06b261593"), - // Kind: to.Ptr(armsecurityinsights.KindDataConnector), - // Version: to.Ptr("2.0"), - // }}, - // Operator: to.Ptr(armsecurityinsights.OperatorOR), - // }, - // { - // ContentID: to.Ptr("31ee11cc-9989-4de8-b176-5e0ef5c4dbab"), - // Kind: to.Ptr(armsecurityinsights.KindPlaybook), - // Version: to.Ptr("1.0"), - // }, - // { - // ContentID: to.Ptr("21ba424a-9438-4444-953a-7059539a7a1b"), - // Kind: to.Ptr(armsecurityinsights.KindParser), - // }}, - // Operator: to.Ptr(armsecurityinsights.OperatorAND), - // }, - // FirstPublishDate: to.Ptr(func() time.Time { t, _ := time.Parse("2006-01-02", "2021-05-18"); return t}()), - // Kind: to.Ptr(armsecurityinsights.KindAnalyticsRule), - // LastPublishDate: to.Ptr(func() time.Time { t, _ := time.Parse("2006-01-02", "2021-05-18"); return t}()), - // ParentID: to.Ptr("/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName"), - // PreviewImages: []*string{ - // to.Ptr("firstImage.png"), - // to.Ptr("secondImage.jpeg")}, - // PreviewImagesDark: []*string{ - // to.Ptr("firstImageDark.png"), - // to.Ptr("secondImageDark.jpeg")}, - // Providers: []*string{ - // to.Ptr("Amazon"), - // to.Ptr("Microsoft")}, - // Source: &armsecurityinsights.MetadataSource{ - // Name: to.Ptr("Contoso Solution 1.0"), - // Kind: to.Ptr(armsecurityinsights.SourceKindSolution), - // SourceID: to.Ptr("b688a130-76f4-4a07-bf57-762222a3cadf"), - // }, - // Support: &armsecurityinsights.MetadataSupport{ - // Name: to.Ptr("Microsoft"), - // Email: to.Ptr("support@microsoft.com"), - // Link: to.Ptr("https://support.microsoft.com/"), - // Tier: to.Ptr(armsecurityinsights.SupportTierPartner), - // }, - // ThreatAnalysisTactics: []*string{ - // to.Ptr("reconnaissance"), - // to.Ptr("commandandcontrol")}, - // ThreatAnalysisTechniques: []*string{ - // to.Ptr("T1548"), - // to.Ptr("T1548.001")}, - // Version: to.Ptr("1.0.0.0"), - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/metadata/DeleteMetadata.json -func ExampleMetadataClient_Delete() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - _, err = clientFactory.NewMetadataClient().Delete(ctx, "myRg", "myWorkspace", "metadataName", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/metadata/PutMetadata.json -func ExampleMetadataClient_Create_createUpdateFullMetadata() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewMetadataClient().Create(ctx, "myRg", "myWorkspace", "metadataName", armsecurityinsights.MetadataModel{ - Properties: &armsecurityinsights.MetadataProperties{ - Author: &armsecurityinsights.MetadataAuthor{ - Name: to.Ptr("User Name"), - Email: to.Ptr("email@microsoft.com"), - }, - Categories: &armsecurityinsights.MetadataCategories{ - Domains: []*string{ - to.Ptr("Application"), - to.Ptr("Security – Insider Threat")}, - Verticals: []*string{ - to.Ptr("Healthcare")}, - }, - ContentID: to.Ptr("c00ee137-7475-47c8-9cce-ec6f0f1bedd0"), - ContentSchemaVersion: to.Ptr("2.0"), - CustomVersion: to.Ptr("1.0"), - Dependencies: &armsecurityinsights.MetadataDependencies{ - Criteria: []*armsecurityinsights.MetadataDependencies{ - { - Criteria: []*armsecurityinsights.MetadataDependencies{ - { - Name: to.Ptr("Microsoft Defender for Endpoint"), - ContentID: to.Ptr("045d06d0-ee72-4794-aba4-cf5646e4c756"), - Kind: to.Ptr(armsecurityinsights.KindDataConnector), - }, - { - ContentID: to.Ptr("dbfcb2cc-d782-40ef-8d94-fe7af58a6f2d"), - Kind: to.Ptr(armsecurityinsights.KindDataConnector), - }, - { - ContentID: to.Ptr("de4dca9b-eb37-47d6-a56f-b8b06b261593"), - Kind: to.Ptr(armsecurityinsights.KindDataConnector), - Version: to.Ptr("2.0"), - }}, - Operator: to.Ptr(armsecurityinsights.OperatorOR), - }, - { - ContentID: to.Ptr("31ee11cc-9989-4de8-b176-5e0ef5c4dbab"), - Kind: to.Ptr(armsecurityinsights.KindPlaybook), - Version: to.Ptr("1.0"), - }, - { - ContentID: to.Ptr("21ba424a-9438-4444-953a-7059539a7a1b"), - Kind: to.Ptr(armsecurityinsights.KindParser), - }}, - Operator: to.Ptr(armsecurityinsights.OperatorAND), - }, - FirstPublishDate: to.Ptr(func() time.Time { t, _ := time.Parse("2006-01-02", "2021-05-18"); return t }()), - Kind: to.Ptr(armsecurityinsights.KindAnalyticsRule), - LastPublishDate: to.Ptr(func() time.Time { t, _ := time.Parse("2006-01-02", "2021-05-18"); return t }()), - ParentID: to.Ptr("/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName"), - PreviewImages: []*string{ - to.Ptr("firstImage.png"), - to.Ptr("secondImage.jpeg")}, - PreviewImagesDark: []*string{ - to.Ptr("firstImageDark.png"), - to.Ptr("secondImageDark.jpeg")}, - Providers: []*string{ - to.Ptr("Amazon"), - to.Ptr("Microsoft")}, - Source: &armsecurityinsights.MetadataSource{ - Name: to.Ptr("Contoso Solution 1.0"), - Kind: to.Ptr(armsecurityinsights.SourceKindSolution), - SourceID: to.Ptr("b688a130-76f4-4a07-bf57-762222a3cadf"), - }, - Support: &armsecurityinsights.MetadataSupport{ - Name: to.Ptr("Microsoft"), - Email: to.Ptr("support@microsoft.com"), - Link: to.Ptr("https://support.microsoft.com/"), - Tier: to.Ptr(armsecurityinsights.SupportTierPartner), - }, - ThreatAnalysisTactics: []*string{ - to.Ptr("reconnaissance"), - to.Ptr("commandandcontrol")}, - ThreatAnalysisTechniques: []*string{ - to.Ptr("T1548"), - to.Ptr("T1548.001")}, - Version: to.Ptr("1.0.0.0"), - }, - }, nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res.MetadataModel = armsecurityinsights.MetadataModel{ - // Name: to.Ptr("metadataName"), - // Type: to.Ptr("Microsoft.SecurityInsights/metadata"), - // ID: to.Ptr("/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName"), - // Properties: &armsecurityinsights.MetadataProperties{ - // Author: &armsecurityinsights.MetadataAuthor{ - // Name: to.Ptr("User Name"), - // Email: to.Ptr("email@microsoft.com"), - // }, - // Categories: &armsecurityinsights.MetadataCategories{ - // Domains: []*string{ - // to.Ptr("Application"), - // to.Ptr("Security – Insider Threat")}, - // Verticals: []*string{ - // to.Ptr("Healthcare")}, - // }, - // ContentID: to.Ptr("c00ee137-7475-47c8-9cce-ec6f0f1bedd0"), - // ContentSchemaVersion: to.Ptr("2.0"), - // CustomVersion: to.Ptr("1.0"), - // Dependencies: &armsecurityinsights.MetadataDependencies{ - // Criteria: []*armsecurityinsights.MetadataDependencies{ - // { - // Criteria: []*armsecurityinsights.MetadataDependencies{ - // { - // ContentID: to.Ptr("045d06d0-ee72-4794-aba4-cf5646e4c756"), - // Kind: to.Ptr(armsecurityinsights.KindDataConnector), - // }, - // { - // ContentID: to.Ptr("dbfcb2cc-d782-40ef-8d94-fe7af58a6f2d"), - // Kind: to.Ptr(armsecurityinsights.KindDataConnector), - // }, - // { - // ContentID: to.Ptr("de4dca9b-eb37-47d6-a56f-b8b06b261593"), - // Kind: to.Ptr(armsecurityinsights.KindDataConnector), - // Version: to.Ptr("2.0"), - // }}, - // Operator: to.Ptr(armsecurityinsights.OperatorOR), - // }, - // { - // ContentID: to.Ptr("31ee11cc-9989-4de8-b176-5e0ef5c4dbab"), - // Kind: to.Ptr(armsecurityinsights.KindPlaybook), - // Version: to.Ptr("1.0"), - // }, - // { - // ContentID: to.Ptr("21ba424a-9438-4444-953a-7059539a7a1b"), - // Kind: to.Ptr(armsecurityinsights.KindParser), - // }}, - // Operator: to.Ptr(armsecurityinsights.OperatorAND), - // }, - // FirstPublishDate: to.Ptr(func() time.Time { t, _ := time.Parse("2006-01-02", "2021-05-18"); return t}()), - // Kind: to.Ptr(armsecurityinsights.KindAnalyticsRule), - // LastPublishDate: to.Ptr(func() time.Time { t, _ := time.Parse("2006-01-02", "2021-05-18"); return t}()), - // ParentID: to.Ptr("/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName"), - // PreviewImages: []*string{ - // to.Ptr("firstImage.png"), - // to.Ptr("secondImage.jpeg")}, - // PreviewImagesDark: []*string{ - // to.Ptr("firstImageDark.png"), - // to.Ptr("secondImageDark.jpeg")}, - // Providers: []*string{ - // to.Ptr("Amazon"), - // to.Ptr("Microsoft")}, - // Source: &armsecurityinsights.MetadataSource{ - // Name: to.Ptr("Contoso Solution 1.0"), - // Kind: to.Ptr(armsecurityinsights.SourceKindSolution), - // SourceID: to.Ptr("b688a130-76f4-4a07-bf57-762222a3cadf"), - // }, - // Support: &armsecurityinsights.MetadataSupport{ - // Name: to.Ptr("Microsoft"), - // Email: to.Ptr("support@microsoft.com"), - // Link: to.Ptr("https://support.microsoft.com/"), - // Tier: to.Ptr(armsecurityinsights.SupportTierPartner), - // }, - // ThreatAnalysisTactics: []*string{ - // to.Ptr("reconnaissance"), - // to.Ptr("commandandcontrol")}, - // ThreatAnalysisTechniques: []*string{ - // to.Ptr("T1548"), - // to.Ptr("T1548.001")}, - // Version: to.Ptr("1.0.0.0"), - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/metadata/PutMetadataMinimal.json -func ExampleMetadataClient_Create_createUpdateMinimalMetadata() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewMetadataClient().Create(ctx, "myRg", "myWorkspace", "metadataName", armsecurityinsights.MetadataModel{ - Properties: &armsecurityinsights.MetadataProperties{ - ContentID: to.Ptr("c00ee137-7475-47c8-9cce-ec6f0f1bedd0"), - Kind: to.Ptr(armsecurityinsights.KindAnalyticsRule), - ParentID: to.Ptr("/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName"), - }, - }, nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res.MetadataModel = armsecurityinsights.MetadataModel{ - // Name: to.Ptr("metadataName"), - // Type: to.Ptr("Microsoft.SecurityInsights/metadata"), - // ID: to.Ptr("/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName"), - // Properties: &armsecurityinsights.MetadataProperties{ - // Kind: to.Ptr(armsecurityinsights.KindAnalyticsRule), - // ParentID: to.Ptr("/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName"), - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/metadata/PatchMetadata.json -func ExampleMetadataClient_Update() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewMetadataClient().Update(ctx, "myRg", "myWorkspace", "metadataName", armsecurityinsights.MetadataPatch{ - Properties: &armsecurityinsights.MetadataPropertiesPatch{ - Author: &armsecurityinsights.MetadataAuthor{ - Name: to.Ptr("User Name"), - Email: to.Ptr("email@microsoft.com"), - }, - }, - }, nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res.MetadataModel = armsecurityinsights.MetadataModel{ - // Name: to.Ptr("metadataName"), - // Type: to.Ptr("Microsoft.SecurityInsights/metadata"), - // ID: to.Ptr("/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName"), - // Properties: &armsecurityinsights.MetadataProperties{ - // Author: &armsecurityinsights.MetadataAuthor{ - // Name: to.Ptr("User Name"), - // Email: to.Ptr("email@microsoft.com"), - // }, - // ContentID: to.Ptr("c00ee137-7475-47c8-9cce-ec6f0f1bedd0"), - // Kind: to.Ptr(armsecurityinsights.KindAnalyticsRule), - // ParentID: to.Ptr("/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName"), - // }, - // } -} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/models.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/models.go index aa263f3a7aa2..7b502706ab95 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/models.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/models.go @@ -10,28 +10,6 @@ package armsecurityinsights import "time" -// AADCheckRequirements - Represents AAD (Azure Active Directory) requirements check request. -type AADCheckRequirements struct { - // REQUIRED; Describes the kind of connector to be checked. - Kind *DataConnectorKind - - // AAD (Azure Active Directory) requirements check properties. - Properties *AADCheckRequirementsProperties -} - -// GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type AADCheckRequirements. -func (a *AADCheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements { - return &DataConnectorsCheckRequirements{ - Kind: a.Kind, - } -} - -// AADCheckRequirementsProperties - AAD (Azure Active Directory) requirements check properties. -type AADCheckRequirementsProperties struct { - // REQUIRED; The tenant id to connect to, and get the data from. - TenantID *string -} - // AADDataConnector - Represents AAD (Azure Active Directory) data connector. type AADDataConnector struct { // REQUIRED; The data connector kind @@ -43,7 +21,7 @@ type AADDataConnector struct { // AAD (Azure Active Directory) data connector properties. Properties *AADDataConnectorProperties - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" ID *string // READ-ONLY; The name of the resource @@ -70,32 +48,10 @@ func (a *AADDataConnector) GetDataConnector() *DataConnector { // AADDataConnectorProperties - AAD (Azure Active Directory) data connector properties. type AADDataConnectorProperties struct { - // REQUIRED; The tenant id to connect to, and get the data from. - TenantID *string - // The available data types for the connector. DataTypes *AlertsDataTypeOfDataConnector -} - -// AATPCheckRequirements - Represents AATP (Azure Advanced Threat Protection) requirements check request. -type AATPCheckRequirements struct { - // REQUIRED; Describes the kind of connector to be checked. - Kind *DataConnectorKind - - // AATP (Azure Advanced Threat Protection) requirements check properties. - Properties *AATPCheckRequirementsProperties -} - -// GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type AATPCheckRequirements. -func (a *AATPCheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements { - return &DataConnectorsCheckRequirements{ - Kind: a.Kind, - } -} -// AATPCheckRequirementsProperties - AATP (Azure Advanced Threat Protection) requirements check properties. -type AATPCheckRequirementsProperties struct { - // REQUIRED; The tenant id to connect to, and get the data from. + // The tenant id to connect to, and get the data from. TenantID *string } @@ -110,7 +66,7 @@ type AATPDataConnector struct { // AATP (Azure Advanced Threat Protection) data connector properties. Properties *AATPDataConnectorProperties - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" ID *string // READ-ONLY; The name of the resource @@ -137,42 +93,38 @@ func (a *AATPDataConnector) GetDataConnector() *DataConnector { // AATPDataConnectorProperties - AATP (Azure Advanced Threat Protection) data connector properties. type AATPDataConnectorProperties struct { - // REQUIRED; The tenant id to connect to, and get the data from. - TenantID *string - // The available data types for the connector. DataTypes *AlertsDataTypeOfDataConnector + + // The tenant id to connect to, and get the data from. + TenantID *string } -// APIPollingParameters - Represents Codeless API Polling data connector -type APIPollingParameters struct { - // Config to describe the instructions blade - ConnectorUIConfig *CodelessUIConnectorConfigProperties +// APIKeyAuthModel - Model for authentication with the API Key. Will result in additional header on the request (default behavior) +// to the remote server: 'ApiKeyName: ApiKeyIdentifier ApiKey'. If 'IsApiKeyInPostPayload' is +// true it will send it in the body of the request and not the header. +type APIKeyAuthModel struct { + // REQUIRED; API Key for the user secret key credential + APIKey *string - // Config to describe the polling instructions - PollingConfig *CodelessConnectorPollingConfigProperties -} + // REQUIRED; API Key name + APIKeyName *string -// ASCCheckRequirements - Represents ASC (Azure Security Center) requirements check request. -type ASCCheckRequirements struct { - // REQUIRED; Describes the kind of connector to be checked. - Kind *DataConnectorKind + // REQUIRED; The auth type + Type *CcpAuthType - // ASC (Azure Security Center) requirements check properties. - Properties *ASCCheckRequirementsProperties -} + // API Key Identifier + APIKeyIdentifier *string -// GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type ASCCheckRequirements. -func (a *ASCCheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements { - return &DataConnectorsCheckRequirements{ - Kind: a.Kind, - } + // Flag to indicate if API key is set in HTTP POST payload + IsAPIKeyInPostPayload *bool } -// ASCCheckRequirementsProperties - ASC (Azure Security Center) requirements check properties. -type ASCCheckRequirementsProperties struct { - // The subscription id to connect to, and get the data from. - SubscriptionID *string +// GetCcpAuthConfig implements the CcpAuthConfigClassification interface for type APIKeyAuthModel. +func (a *APIKeyAuthModel) GetCcpAuthConfig() *CcpAuthConfig { + return &CcpAuthConfig{ + Type: a.Type, + } } // ASCDataConnector - Represents ASC (Azure Security Center) data connector. @@ -186,7 +138,7 @@ type ASCDataConnector struct { // ASC (Azure Security Center) data connector properties. Properties *ASCDataConnectorProperties - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" ID *string // READ-ONLY; The name of the resource @@ -220,15 +172,34 @@ type ASCDataConnectorProperties struct { SubscriptionID *string } +// AWSAuthModel - Model for API authentication with AWS. +type AWSAuthModel struct { + // REQUIRED; AWS STS assume role ARN + RoleArn *string + + // REQUIRED; The auth type + Type *CcpAuthType + + // AWS STS assume role external ID. This is used to prevent the confused deputy problem: 'https://docs.aws.amazon.com/IAM/latest/UserGuide/confused-deputy.html' + ExternalID *string +} + +// GetCcpAuthConfig implements the CcpAuthConfigClassification interface for type AWSAuthModel. +func (a *AWSAuthModel) GetCcpAuthConfig() *CcpAuthConfig { + return &CcpAuthConfig{ + Type: a.Type, + } +} + // AccountEntity - Represents an account entity. type AccountEntity struct { // REQUIRED; The kind of the entity. - Kind *EntityKind + Kind *EntityKindEnum // Account entity properties Properties *AccountEntityProperties - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" ID *string // READ-ONLY; The name of the resource @@ -282,7 +253,7 @@ type AccountEntityProperties struct { // READ-ONLY; Determines whether this is a domain account. IsDomainJoined *bool - // READ-ONLY; The NetBIOS domain name as it appears in the alert format domain/username. Examples: NT AUTHORITY. + // READ-ONLY; The NetBIOS domain name as it appears in the alert format - domain\username. Examples: NT AUTHORITY. NtDomain *string // READ-ONLY; The objectGUID attribute is a single-value attribute that is the unique identifier for the object, assigned @@ -307,7 +278,7 @@ type ActionRequest struct { // Action properties for put request Properties *ActionRequestProperties - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" ID *string // READ-ONLY; The name of the resource @@ -331,13 +302,13 @@ type ActionRequestProperties struct { // ActionResponse - Action for alert rule. type ActionResponse struct { - // Etag of the azure resource + // Etag of the action. Etag *string // Action properties for get request Properties *ActionResponseProperties - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" ID *string // READ-ONLY; The name of the resource @@ -368,220 +339,13 @@ type ActionsList struct { NextLink *string } -// ActivityCustomEntityQuery - Represents Activity entity query. -type ActivityCustomEntityQuery struct { - // REQUIRED; the entity query kind - Kind *CustomEntityQueryKind - - // Etag of the azure resource - Etag *string - - // Activity entity query properties - Properties *ActivityEntityQueriesProperties - - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} - ID *string - - // READ-ONLY; The name of the resource - Name *string - - // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. - SystemData *SystemData - - // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" - Type *string -} - -// GetCustomEntityQuery implements the CustomEntityQueryClassification interface for type ActivityCustomEntityQuery. -func (a *ActivityCustomEntityQuery) GetCustomEntityQuery() *CustomEntityQuery { - return &CustomEntityQuery{ - Etag: a.Etag, - ID: a.ID, - Kind: a.Kind, - Name: a.Name, - SystemData: a.SystemData, - Type: a.Type, - } -} - -// ActivityEntityQueriesProperties - Describes activity entity query properties -type ActivityEntityQueriesProperties struct { - // The entity query content to display in timeline - Content *string - - // The entity query description - Description *string - - // Determines whether this activity is enabled or disabled. - Enabled *bool - - // The query applied only to entities matching to all filters - EntitiesFilter map[string][]*string - - // The type of the query's source entity - InputEntityType *EntityType - - // The Activity query definitions - QueryDefinitions *ActivityEntityQueriesPropertiesQueryDefinitions - - // List of the fields of the source entity that are required to run the query - RequiredInputFieldsSets [][]*string - - // The template id this activity was created from - TemplateName *string - - // The entity query title +// AddIncidentTaskActionProperties - Describes an automation rule action to add a task to an incident. +type AddIncidentTaskActionProperties struct { + // REQUIRED; The title of the task. Title *string - // READ-ONLY; The time the activity was created - CreatedTimeUTC *time.Time - - // READ-ONLY; The last time the activity was updated - LastModifiedTimeUTC *time.Time -} - -// ActivityEntityQueriesPropertiesQueryDefinitions - The Activity query definitions -type ActivityEntityQueriesPropertiesQueryDefinitions struct { - // The Activity query to run on a given entity - Query *string -} - -// ActivityEntityQuery - Represents Activity entity query. -type ActivityEntityQuery struct { - // REQUIRED; the entity query kind - Kind *EntityQueryKind - - // Etag of the azure resource - Etag *string - - // Activity entity query properties - Properties *ActivityEntityQueriesProperties - - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} - ID *string - - // READ-ONLY; The name of the resource - Name *string - - // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. - SystemData *SystemData - - // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" - Type *string -} - -// GetEntityQuery implements the EntityQueryClassification interface for type ActivityEntityQuery. -func (a *ActivityEntityQuery) GetEntityQuery() *EntityQuery { - return &EntityQuery{ - Etag: a.Etag, - ID: a.ID, - Kind: a.Kind, - Name: a.Name, - SystemData: a.SystemData, - Type: a.Type, - } -} - -// ActivityEntityQueryTemplate - Represents Activity entity query. -type ActivityEntityQueryTemplate struct { - // REQUIRED; the entity query template kind - Kind *EntityQueryTemplateKind - - // Activity entity query properties - Properties *ActivityEntityQueryTemplateProperties - - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} - ID *string - - // READ-ONLY; The name of the resource - Name *string - - // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. - SystemData *SystemData - - // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" - Type *string -} - -// GetEntityQueryTemplate implements the EntityQueryTemplateClassification interface for type ActivityEntityQueryTemplate. -func (a *ActivityEntityQueryTemplate) GetEntityQueryTemplate() *EntityQueryTemplate { - return &EntityQueryTemplate{ - ID: a.ID, - Kind: a.Kind, - Name: a.Name, - SystemData: a.SystemData, - Type: a.Type, - } -} - -// ActivityEntityQueryTemplateProperties - Describes activity entity query properties -type ActivityEntityQueryTemplateProperties struct { - // The entity query content to display in timeline - Content *string - - // List of required data types for the given entity query template - DataTypes []*DataTypeDefinitions - - // The entity query description + // The description of the task. Description *string - - // The query applied only to entities matching to all filters - EntitiesFilter map[string][]*string - - // The type of the query's source entity - InputEntityType *EntityType - - // The Activity query definitions - QueryDefinitions *ActivityEntityQueryTemplatePropertiesQueryDefinitions - - // List of the fields of the source entity that are required to run the query - RequiredInputFieldsSets [][]*string - - // The entity query title - Title *string -} - -// ActivityEntityQueryTemplatePropertiesQueryDefinitions - The Activity query definitions -type ActivityEntityQueryTemplatePropertiesQueryDefinitions struct { - // The Activity query to run on a given entity - Query *string - - // The dimensions we want to summarize the timeline results on, this is comma separated list - SummarizeBy *string -} - -// ActivityTimelineItem - Represents Activity timeline item. -type ActivityTimelineItem struct { - // REQUIRED; The grouping bucket end time. - BucketEndTimeUTC *time.Time - - // REQUIRED; The grouping bucket start time. - BucketStartTimeUTC *time.Time - - // REQUIRED; The activity timeline content. - Content *string - - // REQUIRED; The time of the first activity in the grouping bucket. - FirstActivityTimeUTC *time.Time - - // REQUIRED; The entity query kind type. - Kind *EntityTimelineKind - - // REQUIRED; The time of the last activity in the grouping bucket. - LastActivityTimeUTC *time.Time - - // REQUIRED; The activity query id. - QueryID *string - - // REQUIRED; The activity timeline title. - Title *string -} - -// GetEntityTimelineItem implements the EntityTimelineItemClassification interface for type ActivityTimelineItem. -func (a *ActivityTimelineItem) GetEntityTimelineItem() *EntityTimelineItem { - return &EntityTimelineItem{ - Kind: a.Kind, - } } // AlertDetailsOverride - Settings for how to dynamically override alert static details @@ -592,6 +356,9 @@ type AlertDetailsOverride struct { // the format containing columns name(s) to override the alert name AlertDisplayNameFormat *string + // List of additional dynamic properties to override + AlertDynamicProperties []*AlertPropertyMapping + // the column name to take the alert severity from AlertSeverityColumnName *string @@ -599,15 +366,24 @@ type AlertDetailsOverride struct { AlertTacticsColumnName *string } +// AlertPropertyMapping - A single alert property mapping to override +type AlertPropertyMapping struct { + // The V3 alert property + AlertProperty *AlertProperty + + // the column name to use to override this property + Value *string +} + // AlertRule - Alert rule. type AlertRule struct { - // REQUIRED; The kind of the alert rule + // REQUIRED; The alert rule kind Kind *AlertRuleKind // Etag of the azure resource Etag *string - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" ID *string // READ-ONLY; The name of the resource @@ -625,10 +401,10 @@ func (a *AlertRule) GetAlertRule() *AlertRule { return a } // AlertRuleTemplate - Alert rule template. type AlertRuleTemplate struct { - // REQUIRED; The kind of the alert rule + // REQUIRED; The alert rule kind Kind *AlertRuleKind - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" ID *string // READ-ONLY; The name of the resource @@ -673,52 +449,10 @@ type AlertRulesList struct { // AlertsDataTypeOfDataConnector - Alerts data type for data connectors. type AlertsDataTypeOfDataConnector struct { - // REQUIRED; Alerts data type connection. + // Alerts data type connection. Alerts *DataConnectorDataTypeCommon } -// Anomalies - Settings with single toggle. -type Anomalies struct { - // REQUIRED; The kind of the setting - Kind *SettingKind - - // Etag of the azure resource - Etag *string - - // Anomalies properties - Properties *AnomaliesSettingsProperties - - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} - ID *string - - // READ-ONLY; The name of the resource - Name *string - - // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. - SystemData *SystemData - - // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" - Type *string -} - -// GetSettings implements the SettingsClassification interface for type Anomalies. -func (a *Anomalies) GetSettings() *Settings { - return &Settings{ - Etag: a.Etag, - ID: a.ID, - Kind: a.Kind, - Name: a.Name, - SystemData: a.SystemData, - Type: a.Type, - } -} - -// AnomaliesSettingsProperties - Anomalies property bag. -type AnomaliesSettingsProperties struct { - // READ-ONLY; Determines whether the setting is enable or disabled. - IsEnabled *bool -} - // AnomalySecurityMLAnalyticsSettings - Represents Anomaly Security ML Analytics Settings type AnomalySecurityMLAnalyticsSettings struct { // REQUIRED; The kind of security ML Analytics Settings @@ -730,7 +464,7 @@ type AnomalySecurityMLAnalyticsSettings struct { // Anomaly Security ML Analytics Settings properties Properties *AnomalySecurityMLAnalyticsSettingsProperties - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" ID *string // READ-ONLY; The name of the resource @@ -801,52 +535,6 @@ type AnomalySecurityMLAnalyticsSettingsProperties struct { LastModifiedUTC *time.Time } -// AnomalyTimelineItem - Represents anomaly timeline item. -type AnomalyTimelineItem struct { - // REQUIRED; The anomaly azure resource id. - AzureResourceID *string - - // REQUIRED; The anomaly name. - DisplayName *string - - // REQUIRED; The anomaly end time. - EndTimeUTC *time.Time - - // REQUIRED; The entity query kind type. - Kind *EntityTimelineKind - - // REQUIRED; The anomaly start time. - StartTimeUTC *time.Time - - // REQUIRED; The anomaly generated time. - TimeGenerated *time.Time - - // The anomaly description. - Description *string - - // The intent of the anomaly. - Intent *string - - // The anomaly product name. - ProductName *string - - // The reasons that cause the anomaly. - Reasons []*string - - // The techniques of the anomaly. - Techniques []*string - - // The name of the anomaly vendor. - Vendor *string -} - -// GetEntityTimelineItem implements the EntityTimelineItemClassification interface for type AnomalyTimelineItem. -func (a *AnomalyTimelineItem) GetEntityTimelineItem() *EntityTimelineItem { - return &EntityTimelineItem{ - Kind: a.Kind, - } -} - type AutomationRule struct { // REQUIRED; Automation rule properties Properties *AutomationRuleProperties @@ -854,7 +542,7 @@ type AutomationRule struct { // Etag of the azure resource Etag *string - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" ID *string // READ-ONLY; The name of the resource @@ -879,9 +567,32 @@ type AutomationRuleAction struct { // GetAutomationRuleAction implements the AutomationRuleActionClassification interface for type AutomationRuleAction. func (a *AutomationRuleAction) GetAutomationRuleAction() *AutomationRuleAction { return a } +// AutomationRuleAddIncidentTaskAction - Describes an automation rule action to add a task to an incident +type AutomationRuleAddIncidentTaskAction struct { + // REQUIRED; The type of the automation rule action. + ActionType *ActionType + + // REQUIRED + Order *int32 + + // Describes an automation rule action to add a task to an incident. + ActionConfiguration *AddIncidentTaskActionProperties +} + +// GetAutomationRuleAction implements the AutomationRuleActionClassification interface for type AutomationRuleAddIncidentTaskAction. +func (a *AutomationRuleAddIncidentTaskAction) GetAutomationRuleAction() *AutomationRuleAction { + return &AutomationRuleAction{ + ActionType: a.ActionType, + Order: a.Order, + } +} + +// AutomationRuleBooleanCondition - Describes an automation rule condition with boolean operators. type AutomationRuleBooleanCondition struct { InnerConditions []AutomationRuleConditionClassification - Operator *AutomationRuleBooleanConditionSupportedOperator + + // Describes a boolean condition operator. + Operator *AutomationRuleBooleanConditionSupportedOperator } // AutomationRuleCondition - Describes an automation rule condition. @@ -943,10 +654,14 @@ type AutomationRulePropertyArrayChangedValuesCondition struct { ChangeType *AutomationRulePropertyArrayChangedConditionSupportedChangeType } +// AutomationRulePropertyArrayValuesCondition - Describes an automation rule condition on array properties. type AutomationRulePropertyArrayValuesCondition struct { + // Describes an array condition evaluation type. ArrayConditionType *AutomationRulePropertyArrayConditionSupportedArrayConditionType - ArrayType *AutomationRulePropertyArrayConditionSupportedArrayType - ItemConditions []AutomationRuleConditionClassification + + // Describes an array condition evaluated array type. + ArrayType *AutomationRulePropertyArrayConditionSupportedArrayType + ItemConditions []AutomationRuleConditionClassification } type AutomationRulePropertyValuesChangedCondition struct { @@ -1005,28 +720,6 @@ type AutomationRulesList struct { Value []*AutomationRule } -// Availability - Connector Availability Status -type Availability struct { - // Set connector as preview - IsPreview *bool - - // The connector Availability Status - Status *int32 -} - -// AwsCloudTrailCheckRequirements - Amazon Web Services CloudTrail requirements check request. -type AwsCloudTrailCheckRequirements struct { - // REQUIRED; Describes the kind of connector to be checked. - Kind *DataConnectorKind -} - -// GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type AwsCloudTrailCheckRequirements. -func (a *AwsCloudTrailCheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements { - return &DataConnectorsCheckRequirements{ - Kind: a.Kind, - } -} - // AwsCloudTrailDataConnector - Represents Amazon Web Services CloudTrail data connector. type AwsCloudTrailDataConnector struct { // REQUIRED; The data connector kind @@ -1038,7 +731,7 @@ type AwsCloudTrailDataConnector struct { // Amazon Web Services CloudTrail data connector properties. Properties *AwsCloudTrailDataConnectorProperties - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" ID *string // READ-ONLY; The name of the resource @@ -1065,99 +758,23 @@ func (a *AwsCloudTrailDataConnector) GetDataConnector() *DataConnector { // AwsCloudTrailDataConnectorDataTypes - The available data types for Amazon Web Services CloudTrail data connector. type AwsCloudTrailDataConnectorDataTypes struct { - // REQUIRED; Logs data type. + // Logs data type. Logs *AwsCloudTrailDataConnectorDataTypesLogs } // AwsCloudTrailDataConnectorDataTypesLogs - Logs data type. type AwsCloudTrailDataConnectorDataTypesLogs struct { - // REQUIRED; Describe whether this data type connection is enabled or not. + // Describe whether this data type connection is enabled or not. State *DataTypeState } // AwsCloudTrailDataConnectorProperties - Amazon Web Services CloudTrail data connector properties. type AwsCloudTrailDataConnectorProperties struct { - // REQUIRED; The available data types for the connector. - DataTypes *AwsCloudTrailDataConnectorDataTypes - // The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access the Aws account. AwsRoleArn *string -} -// AwsS3CheckRequirements - Amazon Web Services S3 requirements check request. -type AwsS3CheckRequirements struct { - // REQUIRED; Describes the kind of connector to be checked. - Kind *DataConnectorKind -} - -// GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type AwsS3CheckRequirements. -func (a *AwsS3CheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements { - return &DataConnectorsCheckRequirements{ - Kind: a.Kind, - } -} - -// AwsS3DataConnector - Represents Amazon Web Services S3 data connector. -type AwsS3DataConnector struct { - // REQUIRED; The data connector kind - Kind *DataConnectorKind - - // Etag of the azure resource - Etag *string - - // Amazon Web Services S3 data connector properties. - Properties *AwsS3DataConnectorProperties - - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} - ID *string - - // READ-ONLY; The name of the resource - Name *string - - // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. - SystemData *SystemData - - // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" - Type *string -} - -// GetDataConnector implements the DataConnectorClassification interface for type AwsS3DataConnector. -func (a *AwsS3DataConnector) GetDataConnector() *DataConnector { - return &DataConnector{ - Etag: a.Etag, - ID: a.ID, - Kind: a.Kind, - Name: a.Name, - SystemData: a.SystemData, - Type: a.Type, - } -} - -// AwsS3DataConnectorDataTypes - The available data types for Amazon Web Services S3 data connector. -type AwsS3DataConnectorDataTypes struct { - // REQUIRED; Logs data type. - Logs *AwsS3DataConnectorDataTypesLogs -} - -// AwsS3DataConnectorDataTypesLogs - Logs data type. -type AwsS3DataConnectorDataTypesLogs struct { - // REQUIRED; Describe whether this data type connection is enabled or not. - State *DataTypeState -} - -// AwsS3DataConnectorProperties - Amazon Web Services S3 data connector properties. -type AwsS3DataConnectorProperties struct { - // REQUIRED; The available data types for the connector. - DataTypes *AwsS3DataConnectorDataTypes - - // REQUIRED; The logs destination table name in LogAnalytics. - DestinationTable *string - - // REQUIRED; The Aws Role Arn that is used to access the Aws account. - RoleArn *string - - // REQUIRED; The AWS sqs urls for the connector. - SqsUrls []*string + // The available data types for the connector. + DataTypes *AwsCloudTrailDataConnectorDataTypes } // AzureDevOpsResourceInfo - Resources created in Azure DevOps repository. @@ -1172,12 +789,12 @@ type AzureDevOpsResourceInfo struct { // AzureResourceEntity - Represents an azure resource entity. type AzureResourceEntity struct { // REQUIRED; The kind of the entity. - Kind *EntityKind + Kind *EntityKindEnum // AzureResource entity properties Properties *AzureResourceEntityProperties - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" ID *string // READ-ONLY; The name of the resource @@ -1217,6 +834,25 @@ type AzureResourceEntityProperties struct { SubscriptionID *string } +// BasicAuthModel - Model for API authentication with basic flow - user name + password. +type BasicAuthModel struct { + // REQUIRED; The password + Password *string + + // REQUIRED; The auth type + Type *CcpAuthType + + // REQUIRED; The user name. + UserName *string +} + +// GetCcpAuthConfig implements the CcpAuthConfigClassification interface for type BasicAuthModel. +func (b *BasicAuthModel) GetCcpAuthConfig() *CcpAuthConfig { + return &CcpAuthConfig{ + Type: b.Type, + } +} + // Bookmark - Represents a bookmark in Azure Security Insights. type Bookmark struct { // Etag of the azure resource @@ -1225,7 +861,7 @@ type Bookmark struct { // Bookmark properties Properties *BookmarkProperties - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" ID *string // READ-ONLY; The name of the resource @@ -1238,51 +874,12 @@ type Bookmark struct { Type *string } -// BookmarkEntityMappings - Describes the entity mappings of a single entity -type BookmarkEntityMappings struct { - // The entity type - EntityType *string - - // Array of fields mapping for that entity type - FieldMappings []*EntityFieldMapping -} - -// BookmarkExpandParameters - The parameters required to execute an expand operation on the given bookmark. -type BookmarkExpandParameters struct { - // The end date filter, so the only expansion results returned are before this date. - EndTime *time.Time - - // The Id of the expansion to perform. - ExpansionID *string - - // The start date filter, so the only expansion results returned are after this date. - StartTime *time.Time -} - -// BookmarkExpandResponse - The entity expansion result operation response. -type BookmarkExpandResponse struct { - // The metadata from the expansion operation results. - MetaData *ExpansionResultsMetadata - - // The expansion result values. - Value *BookmarkExpandResponseValue -} - -// BookmarkExpandResponseValue - The expansion result values. -type BookmarkExpandResponseValue struct { - // Array of expansion result connected entities - Edges []*ConnectedEntity - - // Array of the expansion result entities. - Entities []EntityClassification -} - // BookmarkList - List all the bookmarks. type BookmarkList struct { // REQUIRED; Array of bookmarks. Value []*Bookmark - // READ-ONLY; URL to fetch the next set of bookmarks. + // READ-ONLY; URL to fetch the next set of cases. NextLink *string } @@ -1300,9 +897,6 @@ type BookmarkProperties struct { // Describes a user that created the bookmark CreatedBy *UserInfo - // Describes the entity mappings of the bookmark - EntityMappings []*BookmarkEntityMappings - // The bookmark event time EventTime *time.Time @@ -1324,12 +918,6 @@ type BookmarkProperties struct { // The start time for the query QueryStartTime *time.Time - // A list of relevant mitre attacks - Tactics []*AttackTactic - - // A list of relevant mitre techniques - Techniques []*string - // The last time the bookmark was updated Updated *time.Time @@ -1337,47 +925,12 @@ type BookmarkProperties struct { UpdatedBy *UserInfo } -// BookmarkTimelineItem - Represents bookmark timeline item. -type BookmarkTimelineItem struct { - // REQUIRED; The bookmark azure resource id. - AzureResourceID *string - - // REQUIRED; The entity query kind type. - Kind *EntityTimelineKind - - // Describes a user that created the bookmark - CreatedBy *UserInfo - - // The bookmark display name. - DisplayName *string - - // The bookmark end time. - EndTimeUTC *time.Time - - // The bookmark event time. - EventTime *time.Time - - // List of labels relevant to this bookmark - Labels []*string - - // The notes of the bookmark - Notes *string - - // The bookmark start time. - StartTimeUTC *time.Time -} - -// GetEntityTimelineItem implements the EntityTimelineItemClassification interface for type BookmarkTimelineItem. -func (b *BookmarkTimelineItem) GetEntityTimelineItem() *EntityTimelineItem { - return &EntityTimelineItem{ - Kind: b.Kind, - } -} - // BooleanConditionProperties - Describes an automation rule condition that applies a boolean operator (e.g AND, OR) to conditions type BooleanConditionProperties struct { // REQUIRED - ConditionType *ConditionType + ConditionType *ConditionType + + // Describes an automation rule condition with boolean operators. ConditionProperties *AutomationRuleBooleanCondition } @@ -1388,6 +941,53 @@ func (b *BooleanConditionProperties) GetAutomationRuleCondition() *AutomationRul } } +// CcpAuthConfig - Base Model for API authentication. +type CcpAuthConfig struct { + // REQUIRED; The auth type + Type *CcpAuthType +} + +// GetCcpAuthConfig implements the CcpAuthConfigClassification interface for type CcpAuthConfig. +func (c *CcpAuthConfig) GetCcpAuthConfig() *CcpAuthConfig { return c } + +// CcpResponseConfig - A custom response configuration for a rule. +type CcpResponseConfig struct { + // REQUIRED; The json paths, '$' char is the json root. + EventsJSONPaths []*string + + // The csv delimiter, in case the response format is CSV. + CSVDelimiter *string + + // Th character used to escape characters in CSV. + CSVEscape *string + + // The compression algorithm. + CompressionAlgo *string + + // The a value indicating whether the response isn't an array of events / logs. By setting this flag to true it means the + // remote server will response with an object which each property has as a value an + // array of events / logs. + ConvertChildPropertiesToArray *bool + + // The response format. possible values are json,csv,xml + Format *string + + // The value indicating whether the response has CSV boundary in case the response in CSV format. + HasCSVBoundary *bool + + // The value indicating whether the response has headers in case the response in CSV format. + HasCSVHeader *bool + + // The value indicating whether the remote server support Gzip and we should expect Gzip response. + IsGzipCompressed *bool + + // The value where the status message/code should appear in the response. + SuccessStatusJSONPath *string + + // The the status value. + SuccessStatusValue *string +} + // ClientInfo - Information on the client (user or application) that made some action type ClientInfo struct { // The email of the client. @@ -1406,12 +1006,12 @@ type ClientInfo struct { // CloudApplicationEntity - Represents a cloud application entity. type CloudApplicationEntity struct { // REQUIRED; The kind of the entity. - Kind *EntityKind + Kind *EntityKindEnum // CloudApplication entity properties Properties *CloudApplicationEntityProperties - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" ID *string // READ-ONLY; The name of the resource @@ -1455,18 +1055,102 @@ type CloudApplicationEntityProperties struct { InstanceName *string } -// CodelessAPIPollingDataConnector - Represents Codeless API Polling data connector. -type CodelessAPIPollingDataConnector struct { +// ConnectivityCriterion - The criteria by which we determine whether the connector is connected or not. For Example, use +// a KQL query to check if the expected data type is flowing). +type ConnectivityCriterion struct { + // REQUIRED; Gets or sets the type of connectivity. + Type *string + + // Gets or sets the queries for checking connectivity. + Value []*string +} + +// ConnectorDataType - The data type which is created by the connector, including a query indicated when was the last time +// that data type was received in the workspace. +type ConnectorDataType struct { + // REQUIRED; Gets or sets the query to indicate when relevant data was last received in the workspace. + LastDataReceivedQuery *string + + // REQUIRED; Gets or sets the name of the data type to show in the graph. + Name *string +} + +// ConnectorDefinitionsAvailability - The exposure status of the connector to the customers. +type ConnectorDefinitionsAvailability struct { + // Gets or sets a value indicating whether the connector is preview. + IsPreview *bool + + // The exposure status of the connector to the customers. Available values are 0-4 (0=None, 1=Available, 2=FeatureFlag, 3=Internal). + Status *int32 +} + +// ConnectorDefinitionsPermissions - The required Permissions for the connector. +type ConnectorDefinitionsPermissions struct { + // Gets or sets the customs permissions required for the user to create connections. + Customs []*CustomPermissionDetails + + // Gets or sets the required licenses for the user to create connections. + Licenses []*string + + // Gets or sets the resource provider permissions required for the user to create connections. + ResourceProvider []*ConnectorDefinitionsResourceProvider + + // Gets or sets the required tenant permissions for the connector. + Tenant []*string +} + +// ConnectorDefinitionsResourceProvider - The resource provider details include the required permissions for the user to create +// connections. The user should have the required permissions(Read\Write, ..) in the specified scope +// ProviderPermissionsScope against the specified resource provider. +type ConnectorDefinitionsResourceProvider struct { + // REQUIRED; Gets or sets the permissions description text. + PermissionsDisplayText *string + + // REQUIRED; Gets or sets the provider name. + Provider *string + + // REQUIRED; Gets or sets the permissions provider display name. + ProviderDisplayName *string + + // REQUIRED; Required permissions for the connector resource provider that define in ResourceProviders. For more information + // about the permissions see here. + RequiredPermissions *ResourceProviderRequiredPermissions + + // REQUIRED; The scope on which the user should have permissions, in order to be able to create connections. + Scope *ProviderPermissionsScope +} + +// CustomPermissionDetails - The Custom permissions required for the connector. +type CustomPermissionDetails struct { + // REQUIRED; Gets or sets the custom permissions description. + Description *string + + // REQUIRED; Gets or sets the custom permissions name. + Name *string +} + +// CustomizableConnectionsConfig - The UiConfig for 'Customizable' connector definition kind. +type CustomizableConnectionsConfig struct { + // REQUIRED; Gets or sets the template name. The template includes ARM templates that can be created by the connector, usually + // it will be the dataConnectors ARM templates. + TemplateSpecName *string + + // REQUIRED; Gets or sets the template version. + TemplateSpecVersion *string +} + +// CustomizableConnectorDefinition - Connector definition for kind 'Customizable'. +type CustomizableConnectorDefinition struct { // REQUIRED; The data connector kind - Kind *DataConnectorKind + Kind *DataConnectorDefinitionKind // Etag of the azure resource Etag *string - // Codeless poling data connector properties - Properties *APIPollingParameters + // Customizable properties. + Properties *CustomizableConnectorDefinitionProperties - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" ID *string // READ-ONLY; The name of the resource @@ -1479,9 +1163,9 @@ type CodelessAPIPollingDataConnector struct { Type *string } -// GetDataConnector implements the DataConnectorClassification interface for type CodelessAPIPollingDataConnector. -func (c *CodelessAPIPollingDataConnector) GetDataConnector() *DataConnector { - return &DataConnector{ +// GetDataConnectorDefinition implements the DataConnectorDefinitionClassification interface for type CustomizableConnectorDefinition. +func (c *CustomizableConnectorDefinition) GetDataConnectorDefinition() *DataConnectorDefinition { + return &DataConnectorDefinition{ Etag: c.Etag, ID: c.ID, Kind: c.Kind, @@ -1491,1077 +1175,233 @@ func (c *CodelessAPIPollingDataConnector) GetDataConnector() *DataConnector { } } -// CodelessConnectorPollingAuthProperties - Describe the authentication properties needed to successfully authenticate with -// the server -type CodelessConnectorPollingAuthProperties struct { - // REQUIRED; The authentication type - AuthType *string - - // A prefix send in the header before the actual token - APIKeyIdentifier *string - - // The header name which the token is sent with - APIKeyName *string +// CustomizableConnectorDefinitionProperties - The UiConfig for 'Customizable' connector definition kind. +type CustomizableConnectorDefinitionProperties struct { + // REQUIRED; The UiConfig for 'Customizable' connector definition kind. + ConnectorUIConfig *CustomizableConnectorUIConfig - // The endpoint used to authorize the user, used in Oauth 2.0 flow - AuthorizationEndpoint *string + // The UiConfig for 'Customizable' connector definition kind. + ConnectionsConfig *CustomizableConnectionsConfig - // The query parameters used in authorization request, used in Oauth 2.0 flow - AuthorizationEndpointQueryParameters any + // Gets or sets the connector definition created date in UTC format. + CreatedTimeUTC *time.Time - // Describes the flow name, for example 'AuthCode' for Oauth 2.0 - FlowName *string + // Gets or sets the connector definition last modified date in UTC format. + LastModifiedUTC *time.Time +} - // Marks if the key should sent in header - IsAPIKeyInPostPayload *string +// CustomizableConnectorUIConfig - The UiConfig for 'Customizable' connector definition kind. +type CustomizableConnectorUIConfig struct { + // REQUIRED; Gets or sets the way the connector checks whether the connector is connected. + ConnectivityCriteria []*ConnectivityCriterion - // Marks if we should send the client secret in header or payload, used in Oauth 2.0 flow - IsClientSecretInHeader *bool + // REQUIRED; Gets or sets the data types to check for last data received. + DataTypes []*ConnectorDataType - // The redirect endpoint where we will get the authorization code, used in Oauth 2.0 flow - RedirectionEndpoint *string + // REQUIRED; Gets or sets the connector description in markdown format. + DescriptionMarkdown *string - // The OAuth token scope - Scope *string + // REQUIRED; Gets or sets the graph queries to show the current data volume over time. + GraphQueries []*GraphQuery - // The endpoint used to issue a token, used in Oauth 2.0 flow - TokenEndpoint *string + // REQUIRED; Gets or sets the instruction steps to enable the connector. + InstructionSteps []*InstructionStep - // The query headers used in token request, used in Oauth 2.0 flow - TokenEndpointHeaders any + // REQUIRED; The required Permissions for the connector. + Permissions *ConnectorDefinitionsPermissions - // The query parameters used in token request, used in Oauth 2.0 flow - TokenEndpointQueryParameters any -} + // REQUIRED; Gets or sets the connector publisher name. + Publisher *string -// CodelessConnectorPollingConfigProperties - Config to describe the polling config for API poller connector -type CodelessConnectorPollingConfigProperties struct { - // REQUIRED; Describe the authentication type of the poller - Auth *CodelessConnectorPollingAuthProperties + // REQUIRED; Gets or sets the connector blade title. + Title *string - // REQUIRED; Describe the poll request config parameters of the poller - Request *CodelessConnectorPollingRequestProperties + // The exposure status of the connector to the customers. + Availability *ConnectorDefinitionsAvailability - // The poller active status - IsActive *bool + // Gets or sets custom connector id. optional field. + ID *string - // Describe the poll request paging config of the poller - Paging *CodelessConnectorPollingPagingProperties + // Gets or sets a value indicating whether to use 'OR'(SOME) or 'AND' between ConnectivityCriteria items. + IsConnectivityCriteriasMatchSome *bool - // Describe the response config parameters of the poller - Response *CodelessConnectorPollingResponseProperties + // Gets or sets the connector logo to be used when displaying the connector within Azure Sentinel's connector's gallery. The + // logo value should be in SVG format. + Logo *string } -// CodelessConnectorPollingPagingProperties - Describe the properties needed to make a pagination call -type CodelessConnectorPollingPagingProperties struct { - // REQUIRED; Describes the type. could be 'None', 'PageToken', 'PageCount', 'TimeStamp' - PagingType *string +// DCRConfiguration - The configuration of the destination of the data. +type DCRConfiguration struct { + // REQUIRED; Represents the data collection ingestion endpoint in log analytics. + DataCollectionEndpoint *string - // Defines the name of a next page attribute - NextPageParaName *string + // REQUIRED; The data collection rule immutable id, the rule defines the transformation and data destination. + DataCollectionRuleImmutableID *string - // Defines the path to a next page token JSON - NextPageTokenJSONPath *string + // REQUIRED; The stream we are sending the data to. + StreamName *string +} - // Defines the path to a page count attribute - PageCountAttributePath *string +// DNSEntity - Represents a dns entity. +type DNSEntity struct { + // REQUIRED; The kind of the entity. + Kind *EntityKindEnum - // Defines the paging size - PageSize *int32 + // Dns entity properties + Properties *DNSEntityProperties - // Defines the name of the page size parameter - PageSizeParaName *string + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" + ID *string - // Defines the path to a paging time stamp attribute - PageTimeStampAttributePath *string + // READ-ONLY; The name of the resource + Name *string - // Defines the path to a page total count attribute - PageTotalCountAttributePath *string + // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. + SystemData *SystemData - // Determines whether to search for the latest time stamp in the events list - SearchTheLatestTimeStampFromEventsList *string + // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" + Type *string } -// CodelessConnectorPollingRequestProperties - Describe the request properties needed to successfully pull from the server -type CodelessConnectorPollingRequestProperties struct { - // REQUIRED; Describe the endpoint we should pull the data from - APIEndpoint *string - - // REQUIRED; The http method type we will use in the poll request, GET or POST - HTTPMethod *string +// GetEntity implements the EntityClassification interface for type DNSEntity. +func (d *DNSEntity) GetEntity() *Entity { + return &Entity{ + ID: d.ID, + Kind: d.Kind, + Name: d.Name, + SystemData: d.SystemData, + Type: d.Type, + } +} - // REQUIRED; The time format will be used the query events in a specific window - QueryTimeFormat *string +// DNSEntityProperties - Dns entity property bag. +type DNSEntityProperties struct { + // READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]any - // REQUIRED; The window interval we will use the pull the data - QueryWindowInMin *int32 + // READ-ONLY; An ip entity id for the dns server resolving the request + DNSServerIPEntityID *string - // This will be used the query events from the end of the time window - EndTimeAttributeName *string + // READ-ONLY; The name of the dns record associated with the alert + DomainName *string - // Describe the headers sent in the poll request - Headers any + // READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property + // is optional and might be system generated. + FriendlyName *string - // Describe the query parameters sent in the poll request - QueryParameters any + // READ-ONLY; An ip entity id for the dns request client + HostIPAddressEntityID *string - // For advanced scenarios for example user name/password embedded in nested JSON payload - QueryParametersTemplate *string + // READ-ONLY; Ip entity identifiers for the resolved ip address. + IPAddressEntityIDs []*string +} - // Defines the rate limit QPS - RateLimitQPS *int32 +// DataConnector - Data connector. +type DataConnector struct { + // REQUIRED; The data connector kind + Kind *DataConnectorKind - // Describe the amount of time we should try and poll the data in case of failure - RetryCount *int32 + // Etag of the azure resource + Etag *string - // This will be used the query events from a start of the time window - StartTimeAttributeName *string + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" + ID *string - // The number of seconds we will consider as a request timeout - TimeoutInSeconds *int32 -} + // READ-ONLY; The name of the resource + Name *string -// CodelessConnectorPollingResponseProperties - Describes the response from the external server -type CodelessConnectorPollingResponseProperties struct { - // REQUIRED; Describes the path we should extract the data in the response - EventsJSONPaths []*string + // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. + SystemData *SystemData - // Describes if the data in the response is Gzip - IsGzipCompressed *bool + // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" + Type *string +} - // Describes the path we should extract the status code in the response - SuccessStatusJSONPath *string +// GetDataConnector implements the DataConnectorClassification interface for type DataConnector. +func (d *DataConnector) GetDataConnector() *DataConnector { return d } - // Describes the path we should extract the status value in the response - SuccessStatusValue *string +// DataConnectorDataTypeCommon - Common field for data type in data connectors. +type DataConnectorDataTypeCommon struct { + // Describe whether this data type connection is enabled or not. + State *DataTypeState } -// CodelessParameters - Represents Codeless UI data connector -type CodelessParameters struct { - // Config to describe the instructions blade - ConnectorUIConfig *CodelessUIConnectorConfigProperties -} +// DataConnectorDefinition - An Azure resource, which encapsulate the entire info requires to display a data connector page +// in Azure portal, and the info required to define data connections. +type DataConnectorDefinition struct { + // REQUIRED; The data connector kind + Kind *DataConnectorDefinitionKind -// CodelessUIConnectorConfigProperties - Config to describe the instructions blade -type CodelessUIConnectorConfigProperties struct { - // REQUIRED; Connector Availability Status - Availability *Availability + // Etag of the azure resource + Etag *string - // REQUIRED; Define the way the connector check connectivity - ConnectivityCriteria []*CodelessUIConnectorConfigPropertiesConnectivityCriteriaItem + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" + ID *string - // REQUIRED; Data types to check for last data received - DataTypes []*CodelessUIConnectorConfigPropertiesDataTypesItem + // READ-ONLY; The name of the resource + Name *string - // REQUIRED; Connector description - DescriptionMarkdown *string - - // REQUIRED; The graph query to show the current data status - GraphQueries []*CodelessUIConnectorConfigPropertiesGraphQueriesItem - - // REQUIRED; Name of the table the connector will insert the data to - GraphQueriesTableName *string - - // REQUIRED; Instruction steps to enable the connector - InstructionSteps []*CodelessUIConnectorConfigPropertiesInstructionStepsItem - - // REQUIRED; Permissions required for the connector - Permissions *Permissions - - // REQUIRED; Connector publisher name - Publisher *string - - // REQUIRED; The sample queries for the connector - SampleQueries []*CodelessUIConnectorConfigPropertiesSampleQueriesItem - - // REQUIRED; Connector blade title - Title *string - - // An optional custom image to be used when displaying the connector within Azure Sentinel's connector's gallery - CustomImage *string -} - -type CodelessUIConnectorConfigPropertiesConnectivityCriteriaItem struct { - // type of connectivity - Type *ConnectivityType - - // Queries for checking connectivity - Value []*string -} - -type CodelessUIConnectorConfigPropertiesDataTypesItem struct { - // Query for indicate last data received - LastDataReceivedQuery *string - - // Name of the data type to show in the graph. can be use with {{graphQueriesTableName}} placeholder - Name *string -} - -type CodelessUIConnectorConfigPropertiesGraphQueriesItem struct { - // The base query for the graph - BaseQuery *string - - // The legend for the graph - Legend *string - - // the metric that the query is checking - MetricName *string -} - -type CodelessUIConnectorConfigPropertiesInstructionStepsItem struct { - // Instruction step description - Description *string - - // Instruction step details - Instructions []*InstructionStepsInstructionsItem - - // Instruction step title - Title *string -} - -type CodelessUIConnectorConfigPropertiesSampleQueriesItem struct { - // The sample query description - Description *string - - // the sample query - Query *string -} - -// CodelessUIDataConnector - Represents Codeless UI data connector. -type CodelessUIDataConnector struct { - // REQUIRED; The data connector kind - Kind *DataConnectorKind - - // Etag of the azure resource - Etag *string - - // Codeless UI data connector properties - Properties *CodelessParameters - - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} - ID *string - - // READ-ONLY; The name of the resource - Name *string - - // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. - SystemData *SystemData + // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. + SystemData *SystemData // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string } -// GetDataConnector implements the DataConnectorClassification interface for type CodelessUIDataConnector. -func (c *CodelessUIDataConnector) GetDataConnector() *DataConnector { - return &DataConnector{ - Etag: c.Etag, - ID: c.ID, - Kind: c.Kind, - Name: c.Name, - SystemData: c.SystemData, - Type: c.Type, - } -} - -// ConnectedEntity - Expansion result connected entities -type ConnectedEntity struct { - // key-value pairs for a connected entity mapping - AdditionalData any - - // Entity Id of the connected entity - TargetEntityID *string -} - -// ContentPathMap - The mapping of content type to a repo path. -type ContentPathMap struct { - // Content type. - ContentType *ContentType - - // The path to the content. - Path *string -} - -// CustomEntityQuery - Specific entity query that supports put requests. -type CustomEntityQuery struct { - // REQUIRED; the entity query kind - Kind *CustomEntityQueryKind - - // Etag of the azure resource - Etag *string - - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} - ID *string - - // READ-ONLY; The name of the resource - Name *string - - // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. - SystemData *SystemData - - // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" - Type *string -} - -// GetCustomEntityQuery implements the CustomEntityQueryClassification interface for type CustomEntityQuery. -func (c *CustomEntityQuery) GetCustomEntityQuery() *CustomEntityQuery { return c } - -// DNSEntity - Represents a dns entity. -type DNSEntity struct { - // REQUIRED; The kind of the entity. - Kind *EntityKind - - // Dns entity properties - Properties *DNSEntityProperties - - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} - ID *string - - // READ-ONLY; The name of the resource - Name *string - - // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. - SystemData *SystemData - - // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" - Type *string -} - -// GetEntity implements the EntityClassification interface for type DNSEntity. -func (d *DNSEntity) GetEntity() *Entity { - return &Entity{ - ID: d.ID, - Kind: d.Kind, - Name: d.Name, - SystemData: d.SystemData, - Type: d.Type, - } -} - -// DNSEntityProperties - Dns entity property bag. -type DNSEntityProperties struct { - // READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. - AdditionalData map[string]any - - // READ-ONLY; An ip entity id for the dns server resolving the request - DNSServerIPEntityID *string - - // READ-ONLY; The name of the dns record associated with the alert - DomainName *string - - // READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property - // is optional and might be system generated. - FriendlyName *string - - // READ-ONLY; An ip entity id for the dns request client - HostIPAddressEntityID *string - - // READ-ONLY; Ip entity identifiers for the resolved ip address. - IPAddressEntityIDs []*string -} - -// DataConnector - Data connector -type DataConnector struct { - // REQUIRED; The data connector kind - Kind *DataConnectorKind - - // Etag of the azure resource - Etag *string - - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} - ID *string - - // READ-ONLY; The name of the resource - Name *string - - // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. - SystemData *SystemData - - // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" - Type *string -} - -// GetDataConnector implements the DataConnectorClassification interface for type DataConnector. -func (d *DataConnector) GetDataConnector() *DataConnector { return d } - -// DataConnectorConnectBody - Represents Codeless API Polling data connector. -type DataConnectorConnectBody struct { - // The API key of the audit server. - APIKey *string - - // The authorization code used in OAuth 2.0 code flow to issue a token. - AuthorizationCode *string - - // The client id of the OAuth 2.0 application. - ClientID *string - - // The client secret of the OAuth 2.0 application. - ClientSecret *string - - // Used in v2 logs connector. Represents the data collection ingestion endpoint in log analytics. - DataCollectionEndpoint *string - - // Used in v2 logs connector. The data collection rule immutable id, the rule defines the transformation and data destination. - DataCollectionRuleImmutableID *string - - // The authentication kind used to poll the data - Kind *ConnectAuthKind - - // Used in v2 logs connector. The stream we are sending the data to, this is the name of the streamDeclarations defined in - // the DCR. - OutputStream *string - - // The user password in the audit log server. - Password *string - RequestConfigUserInputValues []any - - // The user name in the audit log server. - UserName *string -} - -// DataConnectorDataTypeCommon - Common field for data type in data connectors. -type DataConnectorDataTypeCommon struct { - // REQUIRED; Describe whether this data type connection is enabled or not. - State *DataTypeState -} - -// DataConnectorList - List all the data connectors. -type DataConnectorList struct { - // REQUIRED; Array of data connectors. - Value []DataConnectorClassification - - // READ-ONLY; URL to fetch the next set of data connectors. - NextLink *string -} - -// DataConnectorRequirementsState - Data connector requirements status. -type DataConnectorRequirementsState struct { - // Authorization state for this connector - AuthorizationState *DataConnectorAuthorizationState - - // License state for this connector - LicenseState *DataConnectorLicenseState -} - -// DataConnectorsCheckRequirements - Data connector requirements properties. -type DataConnectorsCheckRequirements struct { - // REQUIRED; Describes the kind of connector to be checked. - Kind *DataConnectorKind -} - -// GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type DataConnectorsCheckRequirements. -func (d *DataConnectorsCheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements { - return d -} - -// DataTypeDefinitions - The data type definition -type DataTypeDefinitions struct { - // The data type name - DataType *string -} - -// Deployment - Description about a deployment. -type Deployment struct { - // Deployment identifier. - DeploymentID *string - - // Url to access repository action logs. - DeploymentLogsURL *string - - // The outcome of the deployment. - DeploymentResult *DeploymentResult - - // Current status of the deployment. - DeploymentState *DeploymentState - - // The time when the deployment finished. - DeploymentTime *time.Time -} - -// DeploymentInfo - Information regarding a deployment. -type DeploymentInfo struct { - // Deployment information. - Deployment *Deployment - - // Status while fetching the last deployment. - DeploymentFetchStatus *DeploymentFetchStatus - - // Additional details about the deployment that can be shown to the user. - Message *string -} - -// Dynamics365CheckRequirements - Represents Dynamics365 requirements check request. -type Dynamics365CheckRequirements struct { - // REQUIRED; Describes the kind of connector to be checked. - Kind *DataConnectorKind - - // Dynamics365 requirements check properties. - Properties *Dynamics365CheckRequirementsProperties -} - -// GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type Dynamics365CheckRequirements. -func (d *Dynamics365CheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements { - return &DataConnectorsCheckRequirements{ - Kind: d.Kind, - } -} - -// Dynamics365CheckRequirementsProperties - Dynamics365 requirements check properties. -type Dynamics365CheckRequirementsProperties struct { - // REQUIRED; The tenant id to connect to, and get the data from. - TenantID *string -} - -// Dynamics365DataConnector - Represents Dynamics365 data connector. -type Dynamics365DataConnector struct { - // REQUIRED; The data connector kind - Kind *DataConnectorKind - - // Etag of the azure resource - Etag *string - - // Dynamics365 data connector properties. - Properties *Dynamics365DataConnectorProperties - - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} - ID *string - - // READ-ONLY; The name of the resource - Name *string - - // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. - SystemData *SystemData - - // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" - Type *string -} - -// GetDataConnector implements the DataConnectorClassification interface for type Dynamics365DataConnector. -func (d *Dynamics365DataConnector) GetDataConnector() *DataConnector { - return &DataConnector{ - Etag: d.Etag, - ID: d.ID, - Kind: d.Kind, - Name: d.Name, - SystemData: d.SystemData, - Type: d.Type, - } -} - -// Dynamics365DataConnectorDataTypes - The available data types for Dynamics365 data connector. -type Dynamics365DataConnectorDataTypes struct { - // REQUIRED; Common Data Service data type connection. - Dynamics365CdsActivities *Dynamics365DataConnectorDataTypesDynamics365CdsActivities -} - -// Dynamics365DataConnectorDataTypesDynamics365CdsActivities - Common Data Service data type connection. -type Dynamics365DataConnectorDataTypesDynamics365CdsActivities struct { - // REQUIRED; Describe whether this data type connection is enabled or not. - State *DataTypeState -} - -// Dynamics365DataConnectorProperties - Dynamics365 data connector properties. -type Dynamics365DataConnectorProperties struct { - // REQUIRED; The available data types for the connector. - DataTypes *Dynamics365DataConnectorDataTypes - - // REQUIRED; The tenant id to connect to, and get the data from. - TenantID *string -} - -// EnrichmentDomainWhois - Whois information for a given domain and associated metadata -type EnrichmentDomainWhois struct { - // The timestamp at which this record was created - Created *time.Time - - // The domain for this whois record - Domain *string - - // The timestamp at which this record will expire - Expires *time.Time - - // The whois record for a given domain - ParsedWhois *EnrichmentDomainWhoisDetails - - // The hostname of this registrar's whois server - Server *string - - // The timestamp at which this record was last updated - Updated *time.Time -} - -// EnrichmentDomainWhoisContact - An individual contact associated with this domain -type EnrichmentDomainWhoisContact struct { - // The city for this contact - City *string - - // The country for this contact - Country *string - - // The email address for this contact - Email *string - - // The fax number for this contact - Fax *string - - // The name of this contact - Name *string - - // The organization for this contact - Org *string - - // The phone number for this contact - Phone *string - - // The postal code for this contact - Postal *string - - // The state for this contact - State *string - - // A list describing the street address for this contact - Street []*string -} - -// EnrichmentDomainWhoisContacts - The set of contacts associated with this domain -type EnrichmentDomainWhoisContacts struct { - // The admin contact for this whois record - Admin *EnrichmentDomainWhoisContact - - // The billing contact for this whois record - Billing *EnrichmentDomainWhoisContact - - // The registrant contact for this whois record - Registrant *EnrichmentDomainWhoisContact - - // The technical contact for this whois record - Tech *EnrichmentDomainWhoisContact -} - -// EnrichmentDomainWhoisDetails - The whois record for a given domain -type EnrichmentDomainWhoisDetails struct { - // The set of contacts associated with this domain - Contacts *EnrichmentDomainWhoisContacts - - // A list of name servers associated with this domain - NameServers []*string - - // The registrar associated with this domain - Registrar *EnrichmentDomainWhoisRegistrarDetails - - // The set of status flags for this whois record - Statuses []*string -} - -// EnrichmentDomainWhoisRegistrarDetails - The registrar associated with this domain -type EnrichmentDomainWhoisRegistrarDetails struct { - // This registrar's abuse contact email - AbuseContactEmail *string - - // This registrar's abuse contact phone number - AbuseContactPhone *string - - // This registrar's Internet Assigned Numbers Authority id - IanaID *string - - // The name of this registrar - Name *string - - // This registrar's URL - URL *string - - // The hostname of this registrar's whois server - WhoisServer *string -} - -// EnrichmentIPGeodata - Geodata information for a given IP address -type EnrichmentIPGeodata struct { - // The autonomous system number associated with this IP address - Asn *string - - // The name of the carrier for this IP address - Carrier *string - - // The city this IP address is located in - City *string - - // A numeric rating of confidence that the value in the 'city' field is correct, on a scale of 0-100 - CityCf *int32 - - // The continent this IP address is located on - Continent *string - - // The county this IP address is located in - Country *string - - // A numeric rating of confidence that the value in the 'country' field is correct on a scale of 0-100 - CountryCf *int32 - - // The dotted-decimal or colon-separated string representation of the IP address - IPAddr *string - - // A description of the connection type of this IP address - IPRoutingType *string - - // The latitude of this IP address - Latitude *string - - // The longitude of this IP address - Longitude *string - - // The name of the organization for this IP address - Organization *string - - // The type of the organization for this IP address - OrganizationType *string - - // The geographic region this IP address is located in - Region *string - - // The state this IP address is located in - State *string - - // A numeric rating of confidence that the value in the 'state' field is correct on a scale of 0-100 - StateCf *int32 - - // The abbreviated name for the state this IP address is located in - StateCode *string -} - -// Entity - Specific entity. -type Entity struct { - // REQUIRED; The kind of the entity. - Kind *EntityKind - - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} - ID *string - - // READ-ONLY; The name of the resource - Name *string - - // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. - SystemData *SystemData - - // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" - Type *string -} - -// GetEntity implements the EntityClassification interface for type Entity. -func (e *Entity) GetEntity() *Entity { return e } - -// EntityAnalytics - Settings with single toggle. -type EntityAnalytics struct { - // REQUIRED; The kind of the setting - Kind *SettingKind - - // Etag of the azure resource - Etag *string - - // EntityAnalytics properties - Properties *EntityAnalyticsProperties - - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} - ID *string - - // READ-ONLY; The name of the resource - Name *string - - // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. - SystemData *SystemData - - // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" - Type *string -} - -// GetSettings implements the SettingsClassification interface for type EntityAnalytics. -func (e *EntityAnalytics) GetSettings() *Settings { - return &Settings{ - Etag: e.Etag, - ID: e.ID, - Kind: e.Kind, - Name: e.Name, - SystemData: e.SystemData, - Type: e.Type, - } -} - -// EntityAnalyticsProperties - EntityAnalytics property bag. -type EntityAnalyticsProperties struct { - // The relevant entity providers that are synced - EntityProviders []*EntityProviders -} - -// EntityEdges - The edge that connects the entity to the other entity. -type EntityEdges struct { - // A bag of custom fields that should be part of the entity and will be presented to the user. - AdditionalData map[string]any - - // The target entity Id. - TargetEntityID *string -} - -// EntityExpandParameters - The parameters required to execute an expand operation on the given entity. -type EntityExpandParameters struct { - // The end date filter, so the only expansion results returned are before this date. - EndTime *time.Time - - // The Id of the expansion to perform. - ExpansionID *string - - // The start date filter, so the only expansion results returned are after this date. - StartTime *time.Time -} - -// EntityExpandResponse - The entity expansion result operation response. -type EntityExpandResponse struct { - // The metadata from the expansion operation results. - MetaData *ExpansionResultsMetadata - - // The expansion result values. - Value *EntityExpandResponseValue -} - -// EntityExpandResponseValue - The expansion result values. -type EntityExpandResponseValue struct { - // Array of edges that connects the entity to the list of entities. - Edges []*EntityEdges - - // Array of the expansion result entities. - Entities []EntityClassification -} - -// EntityFieldMapping - Map identifiers of a single entity -type EntityFieldMapping struct { - // Alert V3 identifier - Identifier *string - - // The value of the identifier - Value *string -} - -// EntityGetInsightsParameters - The parameters required to execute insights operation on the given entity. -type EntityGetInsightsParameters struct { - // REQUIRED; The end timeline date, so the results returned are before this date. - EndTime *time.Time - - // REQUIRED; The start timeline date, so the results returned are after this date. - StartTime *time.Time - - // Indicates if query time range should be extended with default time range of the query. Default value is false - AddDefaultExtendedTimeRange *bool - - // List of Insights Query Id. If empty, default value is all insights of this entity - InsightQueryIDs []*string -} - -// EntityGetInsightsResponse - The Get Insights result operation response. -type EntityGetInsightsResponse struct { - // The metadata from the get insights operation results. - MetaData *GetInsightsResultsMetadata - - // The insights result values. - Value []*EntityInsightItem -} - -// EntityInsightItem - Entity insight Item. -type EntityInsightItem struct { - // Query results for table insights query. - ChartQueryResults []*InsightsTableResult - - // The query id of the insight - QueryID *string - - // The Time interval that the query actually executed on. - QueryTimeInterval *EntityInsightItemQueryTimeInterval - - // Query results for table insights query. - TableQueryResults *InsightsTableResult -} - -// EntityInsightItemQueryTimeInterval - The Time interval that the query actually executed on. -type EntityInsightItemQueryTimeInterval struct { - // Insight query end time - EndTime *time.Time - - // Insight query start time - StartTime *time.Time -} - -// EntityList - List of all the entities. -type EntityList struct { - // REQUIRED; Array of entities. - Value []EntityClassification - - // READ-ONLY; URL to fetch the next set of entities. - NextLink *string -} - -// EntityMapping - Single entity mapping for the alert rule -type EntityMapping struct { - // The V3 type of the mapped entity - EntityType *EntityMappingType - - // array of field mappings for the given entity mapping - FieldMappings []*FieldMapping -} - -// EntityQuery - Specific entity query. -type EntityQuery struct { - // REQUIRED; the entity query kind - Kind *EntityQueryKind - - // Etag of the azure resource - Etag *string - - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} - ID *string - - // READ-ONLY; The name of the resource - Name *string - - // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. - SystemData *SystemData - - // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" - Type *string -} - -// GetEntityQuery implements the EntityQueryClassification interface for type EntityQuery. -func (e *EntityQuery) GetEntityQuery() *EntityQuery { return e } - -// EntityQueryItem - An abstract Query item for entity -type EntityQueryItem struct { - // REQUIRED; The kind of the entity query - Kind *EntityQueryKind - - // Query Template ARM Name - Name *string - - // ARM Type - Type *string - - // READ-ONLY; Query Template ARM ID - ID *string -} - -// GetEntityQueryItem implements the EntityQueryItemClassification interface for type EntityQueryItem. -func (e *EntityQueryItem) GetEntityQueryItem() *EntityQueryItem { return e } - -type EntityQueryItemPropertiesDataTypesItem struct { - // Data type name - DataType *string -} - -// EntityQueryList - List of all the entity queries. -type EntityQueryList struct { - // REQUIRED; Array of entity queries. - Value []EntityQueryClassification - - // READ-ONLY; URL to fetch the next set of entity queries. - NextLink *string -} - -// EntityQueryTemplate - Specific entity query template. -type EntityQueryTemplate struct { - // REQUIRED; the entity query template kind - Kind *EntityQueryTemplateKind - - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} - ID *string - - // READ-ONLY; The name of the resource - Name *string - - // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. - SystemData *SystemData - - // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" - Type *string -} - -// GetEntityQueryTemplate implements the EntityQueryTemplateClassification interface for type EntityQueryTemplate. -func (e *EntityQueryTemplate) GetEntityQueryTemplate() *EntityQueryTemplate { return e } - -// EntityQueryTemplateList - List of all the entity query templates. -type EntityQueryTemplateList struct { - // REQUIRED; Array of entity query templates. - Value []EntityQueryTemplateClassification +// GetDataConnectorDefinition implements the DataConnectorDefinitionClassification interface for type DataConnectorDefinition. +func (d *DataConnectorDefinition) GetDataConnectorDefinition() *DataConnectorDefinition { return d } - // READ-ONLY; URL to fetch the next set of entity query templates. +// DataConnectorDefinitionArmCollectionWrapper - Encapsulate the data connector definition object +type DataConnectorDefinitionArmCollectionWrapper struct { NextLink *string + Value []DataConnectorDefinitionClassification } -// EntityTimelineItem - Entity timeline Item. -type EntityTimelineItem struct { - // REQUIRED; The entity query kind type. - Kind *EntityTimelineKind -} - -// GetEntityTimelineItem implements the EntityTimelineItemClassification interface for type EntityTimelineItem. -func (e *EntityTimelineItem) GetEntityTimelineItem() *EntityTimelineItem { return e } - -// EntityTimelineParameters - The parameters required to execute s timeline operation on the given entity. -type EntityTimelineParameters struct { - // REQUIRED; The end timeline date, so the results returned are before this date. - EndTime *time.Time - - // REQUIRED; The start timeline date, so the results returned are after this date. - StartTime *time.Time - - // Array of timeline Item kinds. - Kinds []*EntityTimelineKind +// DataConnectorList - List all the data connectors. +type DataConnectorList struct { + // REQUIRED; Array of data connectors. + Value []DataConnectorClassification - // The number of bucket for timeline queries aggregation. - NumberOfBucket *int32 + // READ-ONLY; URL to fetch the next set of data connectors. + NextLink *string } -// EntityTimelineResponse - The entity timeline result operation response. -type EntityTimelineResponse struct { - // The metadata from the timeline operation results. - MetaData *TimelineResultsMetadata - - // The timeline result values. - Value []EntityTimelineItemClassification -} +// Deployment - Description about a deployment. +type Deployment struct { + // Deployment identifier. + DeploymentID *string -// EventGroupingSettings - Event grouping settings property bag. -type EventGroupingSettings struct { - // The event grouping aggregation kinds - AggregationKind *EventGroupingAggregationKind -} + // Url to access repository action logs. + DeploymentLogsURL *string -// ExpansionEntityQueriesProperties - Describes expansion entity query properties -type ExpansionEntityQueriesProperties struct { - // List of the data sources that are required to run the query - DataSources []*string + // The outcome of the deployment. + DeploymentResult *DeploymentResult - // The query display name - DisplayName *string + // Current status of the deployment. + DeploymentState *DeploymentState - // The type of the query's source entity - InputEntityType *EntityType + // The time when the deployment finished. + DeploymentTime *time.Time +} - // List of the fields of the source entity that are required to run the query - InputFields []*string +// DeploymentInfo - Information regarding a deployment. +type DeploymentInfo struct { + // Deployment information. + Deployment *Deployment - // List of the desired output types to be constructed from the result - OutputEntityTypes []*EntityType + // Status while fetching the last deployment. + DeploymentFetchStatus *DeploymentFetchStatus - // The template query string to be parsed and formatted - QueryTemplate *string + // Additional details about the deployment that can be shown to the user. + Message *string } -// ExpansionEntityQuery - Represents Expansion entity query. -type ExpansionEntityQuery struct { - // REQUIRED; the entity query kind - Kind *EntityQueryKind - - // Etag of the azure resource - Etag *string - - // Expansion entity query properties - Properties *ExpansionEntityQueriesProperties +// Entity - Specific entity. +type Entity struct { + // REQUIRED; The kind of the entity. + Kind *EntityKindEnum - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" ID *string // READ-ONLY; The name of the resource @@ -2574,79 +1414,34 @@ type ExpansionEntityQuery struct { Type *string } -// GetEntityQuery implements the EntityQueryClassification interface for type ExpansionEntityQuery. -func (e *ExpansionEntityQuery) GetEntityQuery() *EntityQuery { - return &EntityQuery{ - Etag: e.Etag, - ID: e.ID, - Kind: e.Kind, - Name: e.Name, - SystemData: e.SystemData, - Type: e.Type, - } -} - -// ExpansionResultAggregation - Information of a specific aggregation in the expansion result. -type ExpansionResultAggregation struct { - // REQUIRED; Total number of aggregations of the given kind (and aggregationType if given) in the expansion result. - Count *int32 - - // REQUIRED; The kind of the aggregated entity. - EntityKind *EntityKind +// GetEntity implements the EntityClassification interface for type Entity. +func (e *Entity) GetEntity() *Entity { return e } - // The common type of the aggregation. (for e.g. entity field name) - AggregationType *string +// EntityManualTriggerRequestBody - Describes the request body for triggering a playbook on an entity. +type EntityManualTriggerRequestBody struct { + // REQUIRED; The resource id of the playbook resource. + LogicAppsResourceID *string - // The display name of the aggregation by type. - DisplayName *string -} + // The incident id to associate the entity with. + IncidentArmID *string -// ExpansionResultsMetadata - Expansion result metadata. -type ExpansionResultsMetadata struct { - // Information of the aggregated nodes in the expansion result. - Aggregations []*ExpansionResultAggregation + // The tenant id of the playbook resource. + TenantID *string } -// EyesOn - Settings with single toggle. -type EyesOn struct { - // REQUIRED; The kind of the setting - Kind *SettingKind - - // Etag of the azure resource - Etag *string - - // EyesOn properties - Properties *EyesOnSettingsProperties - - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} - ID *string - - // READ-ONLY; The name of the resource - Name *string - - // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. - SystemData *SystemData - - // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" - Type *string -} +// EntityMapping - Single entity mapping for the alert rule +type EntityMapping struct { + // The V3 type of the mapped entity + EntityType *EntityMappingType -// GetSettings implements the SettingsClassification interface for type EyesOn. -func (e *EyesOn) GetSettings() *Settings { - return &Settings{ - Etag: e.Etag, - ID: e.ID, - Kind: e.Kind, - Name: e.Name, - SystemData: e.SystemData, - Type: e.Type, - } + // array of field mappings for the given entity mapping + FieldMappings []*FieldMapping } -// EyesOnSettingsProperties - EyesOn property bag. -type EyesOnSettingsProperties struct { - // READ-ONLY; Determines whether the setting is enable or disabled. - IsEnabled *bool +// EventGroupingSettings - Event grouping settings property bag. +type EventGroupingSettings struct { + // The event grouping aggregation kinds + AggregationKind *EventGroupingAggregationKind } // FieldMapping - A single field mapping of the mapped entity @@ -2661,12 +1456,12 @@ type FieldMapping struct { // FileEntity - Represents a file entity. type FileEntity struct { // REQUIRED; The kind of the entity. - Kind *EntityKind + Kind *EntityKindEnum // File entity properties Properties *FileEntityProperties - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" ID *string // READ-ONLY; The name of the resource @@ -2715,12 +1510,12 @@ type FileEntityProperties struct { // FileHashEntity - Represents a file hash entity. type FileHashEntity struct { // REQUIRED; The kind of the entity. - Kind *EntityKind + Kind *EntityKindEnum // FileHash entity properties Properties *FileHashEntityProperties - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" ID *string // READ-ONLY; The name of the resource @@ -2760,96 +1555,9 @@ type FileHashEntityProperties struct { HashValue *string } -// FileImport - Represents a file import in Azure Security Insights. -type FileImport struct { - // File import properties - Properties *FileImportProperties - - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} - ID *string - - // READ-ONLY; The name of the resource - Name *string - - // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. - SystemData *SystemData - - // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" - Type *string -} - -// FileImportList - List all the file imports. -type FileImportList struct { - // REQUIRED; Array of file imports. - Value []*FileImport - - // READ-ONLY; URL to fetch the next set of file imports. - NextLink *string -} - -// FileImportProperties - Describes the FileImport's properties -type FileImportProperties struct { - // REQUIRED; The content type of this file. - ContentType *FileImportContentType - - // REQUIRED; Represents the imported file. - ImportFile *FileMetadata - - // REQUIRED; Describes how to ingest the records in the file. - IngestionMode *IngestionMode - - // REQUIRED; The source for the data in the file. - Source *string - - // READ-ONLY; The time the file was imported. - CreatedTimeUTC *time.Time - - // READ-ONLY; Represents the error file (if the import was ingested with errors or failed the validation). - ErrorFile *FileMetadata - - // READ-ONLY; An ordered list of some of the errors that were encountered during validation. - ErrorsPreview []*ValidationError - - // READ-ONLY; The time the files associated with this import are deleted from the storage account. - FilesValidUntilTimeUTC *time.Time - - // READ-ONLY; The time the file import record is soft deleted from the database and history. - ImportValidUntilTimeUTC *time.Time - - // READ-ONLY; The number of records that have been successfully ingested. - IngestedRecordCount *int32 - - // READ-ONLY; The state of the file import. - State *FileImportState - - // READ-ONLY; The number of records in the file. - TotalRecordCount *int32 - - // READ-ONLY; The number of records that have passed validation. - ValidRecordCount *int32 -} - -// FileMetadata - Represents a file. -type FileMetadata struct { - // The format of the file - FileFormat *FileFormat - - // The name of the file. - FileName *string - - // The size of the file. - FileSize *int32 - - // READ-ONLY; Indicates whether the file was deleted from the storage account. - DeleteStatus *DeleteStatus - - // READ-ONLY; A URI with a valid SAS token to allow uploading / downloading the file. - FileContentURI *string -} - // FusionAlertRule - Represents Fusion alert rule. type FusionAlertRule struct { - // REQUIRED; The kind of the alert rule + // REQUIRED; The alert rule kind Kind *AlertRuleKind // Etag of the azure resource @@ -2858,7 +1566,7 @@ type FusionAlertRule struct { // Fusion alert rule properties Properties *FusionAlertRuleProperties - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" ID *string // READ-ONLY; The name of the resource @@ -2891,12 +1599,6 @@ type FusionAlertRuleProperties struct { // REQUIRED; Determines whether this alert rule is enabled or disabled. Enabled *bool - // Configuration to exclude scenarios in fusion detection. - ScenarioExclusionPatterns []*FusionScenarioExclusionPattern - - // Configuration for all supported source signals in fusion detection. - SourceSettings []*FusionSourceSettings - // READ-ONLY; The description of the alert rule. Description *string @@ -2918,13 +1620,13 @@ type FusionAlertRuleProperties struct { // FusionAlertRuleTemplate - Represents Fusion alert rule template. type FusionAlertRuleTemplate struct { - // REQUIRED; The kind of the alert rule + // REQUIRED; The alert rule kind Kind *AlertRuleKind // Fusion alert rule template properties Properties *FusionAlertRuleTemplateProperties - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" ID *string // READ-ONLY; The name of the resource @@ -2948,7 +1650,7 @@ func (f *FusionAlertRuleTemplate) GetAlertRuleTemplate() *AlertRuleTemplate { } } -// FusionAlertRuleTemplateProperties - Fusion alert rule template properties +// FusionAlertRuleTemplateProperties - Represents Fusion alert rule template properties type FusionAlertRuleTemplateProperties struct { // the number of alert rules that were created by this template AlertRulesCreatedByTemplateCount *int32 @@ -2965,16 +1667,13 @@ type FusionAlertRuleTemplateProperties struct { // The severity for alerts created by this alert rule. Severity *AlertSeverity - // All supported source signal configurations consumed in fusion detection. - SourceSettings []*FusionTemplateSourceSetting - // The alert rule template status. Status *TemplateStatus // The tactics of the alert rule template Tactics []*AttackTactic - // The techniques of the alert rule + // The techniques of the alert rule template Techniques []*string // READ-ONLY; The time that this alert rule template has been added. @@ -2984,90 +1683,45 @@ type FusionAlertRuleTemplateProperties struct { LastUpdatedDateUTC *time.Time } -// FusionScenarioExclusionPattern - Represents a Fusion scenario exclusion patterns in Fusion detection. -type FusionScenarioExclusionPattern struct { - // REQUIRED; DateTime when scenario exclusion pattern is added in UTC. - DateAddedInUTC *string - - // REQUIRED; Scenario exclusion pattern. - ExclusionPattern *string -} - -// FusionSourceSettings - Represents a supported source signal configuration in Fusion detection. -type FusionSourceSettings struct { - // REQUIRED; Determines whether this source signal is enabled or disabled in Fusion detection. - Enabled *bool - - // REQUIRED; Name of the Fusion source signal. Refer to Fusion alert rule template for supported values. - SourceName *string - - // Configuration for all source subtypes under this source signal consumed in fusion detection. - SourceSubTypes []*FusionSourceSubTypeSetting -} - -// FusionSourceSubTypeSetting - Represents a supported source subtype configuration under a source signal in Fusion detection. -type FusionSourceSubTypeSetting struct { - // REQUIRED; Determines whether this source subtype under source signal is enabled or disabled in Fusion detection. - Enabled *bool - - // REQUIRED; Severity configuration for a source subtype consumed in fusion detection. - SeverityFilters *FusionSubTypeSeverityFilter - - // REQUIRED; The Name of the source subtype under a given source signal in Fusion detection. Refer to Fusion alert rule template - // for supported values. - SourceSubTypeName *string - - // READ-ONLY; The display name of source subtype under a source signal consumed in Fusion detection. - SourceSubTypeDisplayName *string -} - -// FusionSubTypeSeverityFilter - Represents severity configuration for a source subtype consumed in Fusion detection. -type FusionSubTypeSeverityFilter struct { - // Individual Severity configuration settings for a given source subtype consumed in Fusion detection. - Filters []*FusionSubTypeSeverityFiltersItem +// GCPAuthModel - Model for API authentication for all GCP kind connectors. +type GCPAuthModel struct { + // REQUIRED; GCP Project Number + ProjectNumber *string - // READ-ONLY; Determines whether this source subtype supports severity configuration or not. - IsSupported *bool -} + // REQUIRED; GCP Service Account Email + ServiceAccountEmail *string -// FusionSubTypeSeverityFiltersItem - Represents a Severity filter setting for a given source subtype consumed in Fusion detection. -type FusionSubTypeSeverityFiltersItem struct { - // REQUIRED; Determines whether this severity is enabled or disabled for this source subtype consumed in Fusion detection. - Enabled *bool + // REQUIRED; The auth type + Type *CcpAuthType - // REQUIRED; The Severity for a given source subtype consumed in Fusion detection. - Severity *AlertSeverity + // REQUIRED; GCP Workload Identity Provider ID + WorkloadIdentityProviderID *string } -// FusionTemplateSourceSetting - Represents a source signal consumed in Fusion detection. -type FusionTemplateSourceSetting struct { - // REQUIRED; The name of a source signal consumed in Fusion detection. - SourceName *string - - // All supported source subtypes under this source signal consumed in fusion detection. - SourceSubTypes []*FusionTemplateSourceSubType +// GetCcpAuthConfig implements the CcpAuthConfigClassification interface for type GCPAuthModel. +func (g *GCPAuthModel) GetCcpAuthConfig() *CcpAuthConfig { + return &CcpAuthConfig{ + Type: g.Type, + } } -// FusionTemplateSourceSubType - Represents a source subtype under a source signal consumed in Fusion detection. -type FusionTemplateSourceSubType struct { - // REQUIRED; Severity configuration available for a source subtype consumed in fusion detection. - SeverityFilter *FusionTemplateSubTypeSeverityFilter +// GenericBlobSbsAuthModel - Model for API authentication for working with service bus or storage account. +type GenericBlobSbsAuthModel struct { + // REQUIRED; The auth type + Type *CcpAuthType - // REQUIRED; The name of source subtype under a source signal consumed in Fusion detection. - SourceSubTypeName *string + // Credentials for service bus namespace, keyvault uri for access key + CredentialsConfig map[string]*string - // READ-ONLY; The display name of source subtype under a source signal consumed in Fusion detection. - SourceSubTypeDisplayName *string + // Credentials for storage account, keyvault uri for access key + StorageAccountCredentialsConfig map[string]*string } -// FusionTemplateSubTypeSeverityFilter - Represents severity configurations available for a source subtype consumed in Fusion -// detection. -type FusionTemplateSubTypeSeverityFilter struct { - // REQUIRED; Determines whether severity configuration is supported for this source subtype consumed in Fusion detection. - IsSupported *bool - - // List of all supported severities for this source subtype consumed in Fusion detection. - SeverityFilters []*AlertSeverity +// GetCcpAuthConfig implements the CcpAuthConfigClassification interface for type GenericBlobSbsAuthModel. +func (g *GenericBlobSbsAuthModel) GetCcpAuthConfig() *CcpAuthConfig { + return &CcpAuthConfig{ + Type: g.Type, + } } // GeoLocation - The geo-location context attached to the ip entity @@ -3098,31 +1752,22 @@ type GeoLocation struct { State *string } -// GetInsightsErrorKind - GetInsights Query Errors. -type GetInsightsErrorKind struct { - // REQUIRED; the error message - ErrorMessage *string - - // REQUIRED; the query kind - Kind *GetInsightsError - - // the query id - QueryID *string -} - -// GetInsightsResultsMetadata - Get Insights result metadata. -type GetInsightsResultsMetadata struct { - // REQUIRED; the total items found for the insights request - TotalCount *int32 +// GitHubAuthModel - Model for API authentication for GitHub. For this authentication first we need to approve the Router +// app (Microsoft Security DevOps) to access the GitHub account, Then we only need the InstallationId +// to get the access token from https://api.github.com/app/installations/{installId}/access_tokens. +type GitHubAuthModel struct { + // REQUIRED; The auth type + Type *CcpAuthType - // information about the failed queries - Errors []*GetInsightsErrorKind + // The GitHubApp auth installation id. + InstallationID *string } -// GetQueriesResponse - Retrieve queries for entity result operation response. -type GetQueriesResponse struct { - // The query result values. - Value []EntityQueryItemClassification +// GetCcpAuthConfig implements the CcpAuthConfigClassification interface for type GitHubAuthModel. +func (g *GitHubAuthModel) GetCcpAuthConfig() *CcpAuthConfig { + return &CcpAuthConfig{ + Type: g.Type, + } } // GitHubResourceInfo - Resources created in GitHub repository. @@ -3131,6 +1776,19 @@ type GitHubResourceInfo struct { AppInstallationID *string } +// GraphQuery - The graph query to show the volume of data arriving into the workspace over time. +type GraphQuery struct { + // REQUIRED; Gets or sets the base query for the graph. The base query is wrapped by Sentinel UI infra with a KQL query, that + // measures the volume over time. + BaseQuery *string + + // REQUIRED; Gets or sets the legend for the graph. + Legend *string + + // REQUIRED; Gets or sets the metric name that the query is checking. For example: 'Total data receive'. + MetricName *string +} + // GroupingConfiguration - Grouping configuration property bag. type GroupingConfiguration struct { // REQUIRED; Grouping enabled @@ -3161,12 +1819,12 @@ type GroupingConfiguration struct { // HostEntity - Represents a host entity. type HostEntity struct { // REQUIRED; The kind of the entity. - Kind *EntityKind + Kind *EntityKindEnum // Host entity properties Properties *HostEntityProperties - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" ID *string // READ-ONLY; The name of the resource @@ -3231,12 +1889,12 @@ type HostEntityProperties struct { // HuntingBookmark - Represents a Hunting bookmark entity. type HuntingBookmark struct { // REQUIRED; The kind of the entity. - Kind *EntityKind + Kind *EntityKindEnum // HuntingBookmark entity properties Properties *HuntingBookmarkProperties - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" ID *string // READ-ONLY; The name of the resource @@ -3306,12 +1964,12 @@ type HuntingBookmarkProperties struct { // IPEntity - Represents an ip entity. type IPEntity struct { // REQUIRED; The kind of the entity. - Kind *EntityKind + Kind *EntityKindEnum // Ip entity properties Properties *IPEntityProperties - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" ID *string // READ-ONLY; The name of the resource @@ -3362,7 +2020,7 @@ type Incident struct { // Incident properties Properties *IncidentProperties - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" ID *string // READ-ONLY; The name of the resource @@ -3394,9 +2052,6 @@ type IncidentAdditionalData struct { // READ-ONLY; The tactics associated with incident Tactics []*AttackTactic - - // READ-ONLY; The techniques associated with incident's tactics' - Techniques []*string } // IncidentAlertList - List of incident alerts. @@ -3419,7 +2074,7 @@ type IncidentComment struct { // Incident comment properties Properties *IncidentCommentProperties - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" ID *string // READ-ONLY; The name of the resource @@ -3480,7 +2135,7 @@ type IncidentEntitiesResultsMetadata struct { Count *int32 // REQUIRED; The kind of the aggregated entity. - EntityKind *EntityKind + EntityKind *EntityKindEnum } // IncidentInfo - Describes related incident information for the bookmark @@ -3569,15 +2224,6 @@ type IncidentProperties struct { // Describes a user that the incident is assigned to Owner *IncidentOwnerInfo - // The incident ID assigned by the incident provider - ProviderIncidentID *string - - // The name of the source provider that generated the incident - ProviderName *string - - // Describes a team for the incident - TeamInformation *TeamInformation - // READ-ONLY; Additional data on the incident AdditionalData *IncidentAdditionalData @@ -3593,6 +2239,12 @@ type IncidentProperties struct { // READ-ONLY; The last time the incident was updated LastModifiedTimeUTC *time.Time + // READ-ONLY; The incident ID assigned by the incident provider + ProviderIncidentID *string + + // READ-ONLY; The name of the source provider that generated the incident + ProviderName *string + // READ-ONLY; List of resource ids of Analytic rules related to the incident RelatedAnalyticRuleIDs []*string } @@ -3604,214 +2256,31 @@ type IncidentPropertiesAction struct { // Describes the reason the incident was closed. ClassificationComment *string - // The classification reason the incident was closed with - ClassificationReason *IncidentClassificationReason - - // List of labels to add to the incident. - Labels []*IncidentLabel - - // Information on the user an incident is assigned to - Owner *IncidentOwnerInfo - - // The severity of the incident - Severity *IncidentSeverity - - // The status of the incident - Status *IncidentStatus -} - -// InsightQueryItem - Represents Insight Query. -type InsightQueryItem struct { - // REQUIRED; The kind of the entity query - Kind *EntityQueryKind - - // Query Template ARM Name - Name *string - - // Properties bag for InsightQueryItem - Properties *InsightQueryItemProperties - - // ARM Type - Type *string - - // READ-ONLY; Query Template ARM ID - ID *string -} - -// GetEntityQueryItem implements the EntityQueryItemClassification interface for type InsightQueryItem. -func (i *InsightQueryItem) GetEntityQueryItem() *EntityQueryItem { - return &EntityQueryItem{ - ID: i.ID, - Kind: i.Kind, - Name: i.Name, - Type: i.Type, - } -} - -// InsightQueryItemProperties - Represents Insight Query. -type InsightQueryItemProperties struct { - // The activity query definitions. - AdditionalQuery *InsightQueryItemPropertiesAdditionalQuery - - // The base query of the insight. - BaseQuery *string - - // The insight chart query. - ChartQuery any - - // Data types for template - DataTypes []*EntityQueryItemPropertiesDataTypesItem - - // The insight chart query. - DefaultTimeRange *InsightQueryItemPropertiesDefaultTimeRange - - // The insight description. - Description *string - - // The insight display name. - DisplayName *string - - // The query applied only to entities matching to all filters - EntitiesFilter any - - // The type of the entity - InputEntityType *EntityType - - // The insight chart query. - ReferenceTimeRange *InsightQueryItemPropertiesReferenceTimeRange - - // Data types for template - RequiredInputFieldsSets [][]*string - - // The insight table query. - TableQuery *InsightQueryItemPropertiesTableQuery -} - -// InsightQueryItemPropertiesAdditionalQuery - The activity query definitions. -type InsightQueryItemPropertiesAdditionalQuery struct { - // The insight query. - Query *string - - // The insight text. - Text *string -} - -// InsightQueryItemPropertiesDefaultTimeRange - The insight chart query. -type InsightQueryItemPropertiesDefaultTimeRange struct { - // The padding for the end time of the query. - AfterRange *string - - // The padding for the start time of the query. - BeforeRange *string -} - -// InsightQueryItemPropertiesReferenceTimeRange - The insight chart query. -type InsightQueryItemPropertiesReferenceTimeRange struct { - // Additional query time for looking back. - BeforeRange *string -} - -// InsightQueryItemPropertiesTableQuery - The insight table query. -type InsightQueryItemPropertiesTableQuery struct { - // List of insight column definitions. - ColumnsDefinitions []*InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem - - // List of insight queries definitions. - QueriesDefinitions []*InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem -} - -type InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem struct { - // Insight column header. - Header *string - - // Insights Column type. - OutputType *OutputType - - // Is query supports deep-link. - SupportDeepLink *bool -} - -type InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem struct { - // Insight column header. - Filter *string - - // Insight column header. - LinkColumnsDefinitions []*InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem - - // Insight column header. - Project *string - - // Insight column header. - Summarize *string -} - -type InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem struct { - // Insight Link Definition Projected Name. - ProjectedName *string - - // Insight Link Definition Query. - Query *string -} - -// InsightsTableResult - Query results for table insights query. -type InsightsTableResult struct { - // Columns Metadata of the table - Columns []*InsightsTableResultColumnsItem - - // Rows data of the table - Rows [][]*string -} - -type InsightsTableResultColumnsItem struct { - // the name of the colum - Name *string - - // the type of the colum - Type *string -} - -type InstructionStepsInstructionsItem struct { - // REQUIRED; The kind of the setting - Type *SettingType - - // The parameters for the setting - Parameters any -} + // The classification reason the incident was closed with + ClassificationReason *IncidentClassificationReason -// IoTCheckRequirements - Represents IoT requirements check request. -type IoTCheckRequirements struct { - // REQUIRED; Describes the kind of connector to be checked. - Kind *DataConnectorKind + // List of labels to add to the incident. + Labels []*IncidentLabel - // IoT requirements check properties. - Properties *IoTCheckRequirementsProperties -} + // Information on the user an incident is assigned to + Owner *IncidentOwnerInfo -// GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type IoTCheckRequirements. -func (i *IoTCheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements { - return &DataConnectorsCheckRequirements{ - Kind: i.Kind, - } -} + // The severity of the incident + Severity *IncidentSeverity -// IoTCheckRequirementsProperties - IoT requirements check properties. -type IoTCheckRequirementsProperties struct { - // The subscription id to connect to, and get the data from. - SubscriptionID *string + // The status of the incident + Status *IncidentStatus } -// IoTDataConnector - Represents IoT data connector. -type IoTDataConnector struct { - // REQUIRED; The data connector kind - Kind *DataConnectorKind +// IncidentTask - Describes incident task properties +type IncidentTask struct { + // REQUIRED; Describes the properties of an incident task + Properties *IncidentTaskProperties // Etag of the azure resource Etag *string - // IoT data connector properties. - Properties *IoTDataConnectorProperties - - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" ID *string // READ-ONLY; The name of the resource @@ -3824,36 +2293,71 @@ type IoTDataConnector struct { Type *string } -// GetDataConnector implements the DataConnectorClassification interface for type IoTDataConnector. -func (i *IoTDataConnector) GetDataConnector() *DataConnector { - return &DataConnector{ - Etag: i.Etag, - ID: i.ID, - Kind: i.Kind, - Name: i.Name, - SystemData: i.SystemData, - Type: i.Type, - } +// IncidentTaskList - List of incident tasks +type IncidentTaskList struct { + NextLink *string + Value []*IncidentTask } -// IoTDataConnectorProperties - IoT data connector properties. -type IoTDataConnectorProperties struct { - // The available data types for the connector. - DataTypes *AlertsDataTypeOfDataConnector +// IncidentTaskProperties - Describes the properties of an incident task +type IncidentTaskProperties struct { + // REQUIRED; The status of the task + Status *IncidentTaskStatus - // The subscription id to connect to, and get the data from. - SubscriptionID *string + // REQUIRED; The title of the task + Title *string + + // Information on the client (user or application) that made some action + CreatedBy *ClientInfo + + // The description of the task + Description *string + + // Information on the client (user or application) that made some action + LastModifiedBy *ClientInfo + + // READ-ONLY; The time the task was created + CreatedTimeUTC *time.Time + + // READ-ONLY; The last time the task was updated + LastModifiedTimeUTC *time.Time +} + +// InstructionStep - Instruction steps to enable the connector. +type InstructionStep struct { + // Gets or sets the instruction step description. + Description *string + + // Gets or sets the inner instruction steps details. Foe Example: instruction step 1 might contain inner instruction steps: + // [instruction step 1.1, instruction step 1.2]. + InnerSteps []*InstructionStep + + // Gets or sets the instruction step details. + Instructions []*InstructionStepDetails + + // Gets or sets the instruction step title. + Title *string +} + +// InstructionStepDetails - Instruction step details, to be displayed in the Instructions steps section in the connector's +// page in Sentinel Portal. +type InstructionStepDetails struct { + // REQUIRED; Gets or sets the instruction type parameters settings. + Parameters any + + // REQUIRED; Gets or sets the instruction type name. + Type *string } // IoTDeviceEntity - Represents an IoT device entity. type IoTDeviceEntity struct { // REQUIRED; The kind of the entity. - Kind *EntityKind + Kind *EntityKindEnum // IoTDevice entity properties Properties *IoTDeviceEntityProperties - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" ID *string // READ-ONLY; The name of the resource @@ -3879,9 +2383,6 @@ func (i *IoTDeviceEntity) GetEntity() *Entity { // IoTDeviceEntityProperties - IoTDevice entity property bag. type IoTDeviceEntityProperties struct { - // Device importance, determines if the device classified as 'crown jewel' - Importance *DeviceImportance - // READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]any @@ -3891,9 +2392,6 @@ type IoTDeviceEntityProperties struct { // READ-ONLY; The friendly name of the device DeviceName *string - // READ-ONLY; The subType of the device ('PLC', 'HMI', 'EWS', etc.) - DeviceSubType *string - // READ-ONLY; The type of the device DeviceType *string @@ -3919,45 +2417,21 @@ type IoTDeviceEntityProperties struct { // READ-ONLY; The ID of the security agent running on the device IotSecurityAgentID *string - // READ-ONLY; Determines whether the device classified as authorized device - IsAuthorized *bool - - // READ-ONLY; Determines whether the device classified as programming device - IsProgramming *bool - - // READ-ONLY; Is the device classified as a scanner device - IsScanner *bool - // READ-ONLY; The MAC address of the device MacAddress *string // READ-ONLY; The model of the device Model *string - // READ-ONLY; A list of Nic entity ids of the IoTDevice entity. - NicEntityIDs []*string - // READ-ONLY; The operating system of the device OperatingSystem *string - // READ-ONLY; A list of owners of the IoTDevice entity. - Owners []*string - // READ-ONLY; A list of protocols of the IoTDevice entity. Protocols []*string - // READ-ONLY; The Purdue Layer of the device - PurdueLayer *string - - // READ-ONLY; The sensor the device is monitored by - Sensor *string - // READ-ONLY; The serial number of the device SerialNumber *string - // READ-ONLY; The site of the device - Site *string - // READ-ONLY; The source of the device Source *string @@ -3966,31 +2440,46 @@ type IoTDeviceEntityProperties struct { // READ-ONLY; The vendor of the device Vendor *string - - // READ-ONLY; The zone location of the device within a site - Zone *string } -// MCASCheckRequirements - Represents MCAS (Microsoft Cloud App Security) requirements check request. -type MCASCheckRequirements struct { - // REQUIRED; Describes the kind of connector to be checked. - Kind *DataConnectorKind +// JwtAuthModel - Model for API authentication with JWT. Simple exchange between user name + password to access token. +type JwtAuthModel struct { + // REQUIRED; The password + Password map[string]*string - // MCAS (Microsoft Cloud App Security) requirements check properties. - Properties *MCASCheckRequirementsProperties -} + // REQUIRED; Token endpoint to request JWT + TokenEndpoint *string -// GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type MCASCheckRequirements. -func (m *MCASCheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements { - return &DataConnectorsCheckRequirements{ - Kind: m.Kind, - } + // REQUIRED; The auth type + Type *CcpAuthType + + // REQUIRED; The user name. If user name and password sent in header request we only need to populate the value property with + // the user name (Same as basic auth). If user name and password sent in body request we + // need to specify the Key and Value. + UserName map[string]*string + + // The custom headers we want to add once we send request to token endpoint. + Headers map[string]*string + + // Flag indicating whether we want to send the user name and password to token endpoint in the headers. + IsCredentialsInHeaders *bool + + // Flag indicating whether the body request is JSON (header Content-Type = application/json), meaning its a Form URL encoded + // request (header Content-Type = application/x-www-form-urlencoded). + IsJSONRequest *bool + + // The custom query parameter we want to add once we send request to token endpoint. + QueryParameters map[string]*string + + // Request timeout in seconds. + RequestTimeoutInSeconds *int32 } -// MCASCheckRequirementsProperties - MCAS (Microsoft Cloud App Security) requirements check properties. -type MCASCheckRequirementsProperties struct { - // REQUIRED; The tenant id to connect to, and get the data from. - TenantID *string +// GetCcpAuthConfig implements the CcpAuthConfigClassification interface for type JwtAuthModel. +func (j *JwtAuthModel) GetCcpAuthConfig() *CcpAuthConfig { + return &CcpAuthConfig{ + Type: j.Type, + } } // MCASDataConnector - Represents MCAS (Microsoft Cloud App Security) data connector. @@ -4004,7 +2493,7 @@ type MCASDataConnector struct { // MCAS (Microsoft Cloud App Security) data connector properties. Properties *MCASDataConnectorProperties - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" ID *string // READ-ONLY; The name of the resource @@ -4031,7 +2520,7 @@ func (m *MCASDataConnector) GetDataConnector() *DataConnector { // MCASDataConnectorDataTypes - The available data types for MCAS (Microsoft Cloud App Security) data connector. type MCASDataConnectorDataTypes struct { - // REQUIRED; Alerts data type connection. + // Alerts data type connection. Alerts *DataConnectorDataTypeCommon // Discovery log data type connection. @@ -4040,32 +2529,10 @@ type MCASDataConnectorDataTypes struct { // MCASDataConnectorProperties - MCAS (Microsoft Cloud App Security) data connector properties. type MCASDataConnectorProperties struct { - // REQUIRED; The available data types for the connector. + // The available data types for the connector. DataTypes *MCASDataConnectorDataTypes - // REQUIRED; The tenant id to connect to, and get the data from. - TenantID *string -} - -// MDATPCheckRequirements - Represents MDATP (Microsoft Defender Advanced Threat Protection) requirements check request. -type MDATPCheckRequirements struct { - // REQUIRED; Describes the kind of connector to be checked. - Kind *DataConnectorKind - - // MDATP (Microsoft Defender Advanced Threat Protection) requirements check properties. - Properties *MDATPCheckRequirementsProperties -} - -// GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type MDATPCheckRequirements. -func (m *MDATPCheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements { - return &DataConnectorsCheckRequirements{ - Kind: m.Kind, - } -} - -// MDATPCheckRequirementsProperties - MDATP (Microsoft Defender Advanced Threat Protection) requirements check properties. -type MDATPCheckRequirementsProperties struct { - // REQUIRED; The tenant id to connect to, and get the data from. + // The tenant id to connect to, and get the data from. TenantID *string } @@ -4080,7 +2547,7 @@ type MDATPDataConnector struct { // MDATP (Microsoft Defender Advanced Threat Protection) data connector properties. Properties *MDATPDataConnectorProperties - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" ID *string // READ-ONLY; The name of the resource @@ -4107,160 +2574,10 @@ func (m *MDATPDataConnector) GetDataConnector() *DataConnector { // MDATPDataConnectorProperties - MDATP (Microsoft Defender Advanced Threat Protection) data connector properties. type MDATPDataConnectorProperties struct { - // REQUIRED; The tenant id to connect to, and get the data from. - TenantID *string - // The available data types for the connector. DataTypes *AlertsDataTypeOfDataConnector -} - -// MLBehaviorAnalyticsAlertRule - Represents MLBehaviorAnalytics alert rule. -type MLBehaviorAnalyticsAlertRule struct { - // REQUIRED; The kind of the alert rule - Kind *AlertRuleKind - - // Etag of the azure resource - Etag *string - - // MLBehaviorAnalytics alert rule properties - Properties *MLBehaviorAnalyticsAlertRuleProperties - - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} - ID *string - - // READ-ONLY; The name of the resource - Name *string - - // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. - SystemData *SystemData - - // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" - Type *string -} - -// GetAlertRule implements the AlertRuleClassification interface for type MLBehaviorAnalyticsAlertRule. -func (m *MLBehaviorAnalyticsAlertRule) GetAlertRule() *AlertRule { - return &AlertRule{ - Etag: m.Etag, - ID: m.ID, - Kind: m.Kind, - Name: m.Name, - SystemData: m.SystemData, - Type: m.Type, - } -} - -// MLBehaviorAnalyticsAlertRuleProperties - MLBehaviorAnalytics alert rule base property bag. -type MLBehaviorAnalyticsAlertRuleProperties struct { - // REQUIRED; The Name of the alert rule template used to create this rule. - AlertRuleTemplateName *string - - // REQUIRED; Determines whether this alert rule is enabled or disabled. - Enabled *bool - // READ-ONLY; The description of the alert rule. - Description *string - - // READ-ONLY; The display name for alerts created by this alert rule. - DisplayName *string - - // READ-ONLY; The last time that this alert rule has been modified. - LastModifiedUTC *time.Time - - // READ-ONLY; The severity for alerts created by this alert rule. - Severity *AlertSeverity - - // READ-ONLY; The tactics of the alert rule - Tactics []*AttackTactic - - // READ-ONLY; The techniques of the alert rule - Techniques []*string -} - -// MLBehaviorAnalyticsAlertRuleTemplate - Represents MLBehaviorAnalytics alert rule template. -type MLBehaviorAnalyticsAlertRuleTemplate struct { - // REQUIRED; The kind of the alert rule - Kind *AlertRuleKind - - // MLBehaviorAnalytics alert rule template properties. - Properties *MLBehaviorAnalyticsAlertRuleTemplateProperties - - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} - ID *string - - // READ-ONLY; The name of the resource - Name *string - - // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. - SystemData *SystemData - - // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" - Type *string -} - -// GetAlertRuleTemplate implements the AlertRuleTemplateClassification interface for type MLBehaviorAnalyticsAlertRuleTemplate. -func (m *MLBehaviorAnalyticsAlertRuleTemplate) GetAlertRuleTemplate() *AlertRuleTemplate { - return &AlertRuleTemplate{ - ID: m.ID, - Kind: m.Kind, - Name: m.Name, - SystemData: m.SystemData, - Type: m.Type, - } -} - -// MLBehaviorAnalyticsAlertRuleTemplateProperties - MLBehaviorAnalytics alert rule template properties. -type MLBehaviorAnalyticsAlertRuleTemplateProperties struct { - // REQUIRED; The severity for alerts created by this alert rule. - Severity *AlertSeverity - - // the number of alert rules that were created by this template - AlertRulesCreatedByTemplateCount *int32 - - // The description of the alert rule template. - Description *string - - // The display name for alert rule template. - DisplayName *string - - // The required data sources for this template - RequiredDataConnectors []*AlertRuleTemplateDataSource - - // The alert rule template status. - Status *TemplateStatus - - // The tactics of the alert rule - Tactics []*AttackTactic - - // The techniques of the alert rule - Techniques []*string - - // READ-ONLY; The time that this alert rule template has been added. - CreatedDateUTC *time.Time - - // READ-ONLY; The last time that this alert rule template has been updated. - LastUpdatedDateUTC *time.Time -} - -// MSTICheckRequirements - Represents Microsoft Threat Intelligence requirements check request. -type MSTICheckRequirements struct { - // REQUIRED; Describes the kind of connector to be checked. - Kind *DataConnectorKind - - // Microsoft Threat Intelligence requirements check properties. - Properties *MSTICheckRequirementsProperties -} - -// GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type MSTICheckRequirements. -func (m *MSTICheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements { - return &DataConnectorsCheckRequirements{ - Kind: m.Kind, - } -} - -// MSTICheckRequirementsProperties - Microsoft Threat Intelligence requirements check properties. -type MSTICheckRequirementsProperties struct { - // REQUIRED; The tenant id to connect to, and get the data from. + // The tenant id to connect to, and get the data from. TenantID *string } @@ -4275,7 +2592,7 @@ type MSTIDataConnector struct { // Microsoft Threat Intelligence data connector properties. Properties *MSTIDataConnectorProperties - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" ID *string // READ-ONLY; The name of the resource @@ -4300,30 +2617,18 @@ func (m *MSTIDataConnector) GetDataConnector() *DataConnector { } } -// MSTIDataConnectorDataTypes - The available data types for Microsoft Threat Intelligence Platforms data connector. +// MSTIDataConnectorDataTypes - The available data types for Microsoft Threat Intelligence data connector. type MSTIDataConnectorDataTypes struct { - // REQUIRED; Data type for Microsoft Threat Intelligence Platforms data connector. - BingSafetyPhishingURL *MSTIDataConnectorDataTypesBingSafetyPhishingURL - - // REQUIRED; Data type for Microsoft Threat Intelligence Platforms data connector. + // REQUIRED; Data type for Microsoft Threat Intelligence data connector. MicrosoftEmergingThreatFeed *MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed } -// MSTIDataConnectorDataTypesBingSafetyPhishingURL - Data type for Microsoft Threat Intelligence Platforms data connector. -type MSTIDataConnectorDataTypesBingSafetyPhishingURL struct { - // REQUIRED; lookback period - LookbackPeriod *string - - // REQUIRED; Describe whether this data type connection is enabled or not. - State *DataTypeState -} - -// MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed - Data type for Microsoft Threat Intelligence Platforms data connector. +// MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed - Data type for Microsoft Threat Intelligence data connector. type MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed struct { - // REQUIRED; lookback period + // REQUIRED; The lookback period for the feed to be imported. LookbackPeriod *string - // REQUIRED; Describe whether this data type connection is enabled or not. + // Describe whether this data type connection is enabled or not. State *DataTypeState } @@ -4332,82 +2637,19 @@ type MSTIDataConnectorProperties struct { // REQUIRED; The available data types for the connector. DataTypes *MSTIDataConnectorDataTypes - // REQUIRED; The tenant id to connect to, and get the data from. - TenantID *string -} - -// MTPCheckRequirementsProperties - MTP (Microsoft Threat Protection) requirements check properties. -type MTPCheckRequirementsProperties struct { - // REQUIRED; The tenant id to connect to, and get the data from. - TenantID *string -} - -// MTPDataConnector - Represents MTP (Microsoft Threat Protection) data connector. -type MTPDataConnector struct { - // REQUIRED; The data connector kind - Kind *DataConnectorKind - - // Etag of the azure resource - Etag *string - - // MTP (Microsoft Threat Protection) data connector properties. - Properties *MTPDataConnectorProperties - - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} - ID *string - - // READ-ONLY; The name of the resource - Name *string - - // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. - SystemData *SystemData - - // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" - Type *string -} - -// GetDataConnector implements the DataConnectorClassification interface for type MTPDataConnector. -func (m *MTPDataConnector) GetDataConnector() *DataConnector { - return &DataConnector{ - Etag: m.Etag, - ID: m.ID, - Kind: m.Kind, - Name: m.Name, - SystemData: m.SystemData, - Type: m.Type, - } -} - -// MTPDataConnectorDataTypes - The available data types for Microsoft Threat Protection Platforms data connector. -type MTPDataConnectorDataTypes struct { - // REQUIRED; Data type for Microsoft Threat Protection Platforms data connector. - Incidents *MTPDataConnectorDataTypesIncidents -} - -// MTPDataConnectorDataTypesIncidents - Data type for Microsoft Threat Protection Platforms data connector. -type MTPDataConnectorDataTypesIncidents struct { - // REQUIRED; Describe whether this data type connection is enabled or not. - State *DataTypeState -} - -// MTPDataConnectorProperties - MTP (Microsoft Threat Protection) data connector properties. -type MTPDataConnectorProperties struct { - // REQUIRED; The available data types for the connector. - DataTypes *MTPDataConnectorDataTypes - - // REQUIRED; The tenant id to connect to, and get the data from. + // The tenant id to connect to, and get the data from. TenantID *string } // MailClusterEntity - Represents a mail cluster entity. type MailClusterEntity struct { // REQUIRED; The kind of the entity. - Kind *EntityKind + Kind *EntityKindEnum // Mail cluster entity properties Properties *MailClusterEntityProperties - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" ID *string // READ-ONLY; The name of the resource @@ -4489,12 +2731,12 @@ type MailClusterEntityProperties struct { // MailMessageEntity - Represents a mail message entity. type MailMessageEntity struct { // REQUIRED; The kind of the entity. - Kind *EntityKind + Kind *EntityKindEnum // Mail message entity properties Properties *MailMessageEntityProperties - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" ID *string // READ-ONLY; The name of the resource @@ -4607,12 +2849,12 @@ type MailMessageEntityProperties struct { // MailboxEntity - Represents a mailbox entity. type MailboxEntity struct { // REQUIRED; The kind of the entity. - Kind *EntityKind + Kind *EntityKindEnum // Mailbox entity properties Properties *MailboxEntityProperties - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" ID *string // READ-ONLY; The name of the resource @@ -4662,12 +2904,12 @@ type MailboxEntityProperties struct { // MalwareEntity - Represents a malware entity. type MalwareEntity struct { // REQUIRED; The kind of the entity. - Kind *EntityKind + Kind *EntityKindEnum // File entity properties Properties *MalwareEntityProperties - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" ID *string // READ-ONLY; The name of the resource @@ -4713,10 +2955,13 @@ type MalwareEntityProperties struct { ProcessEntityIDs []*string } +// ManualTriggerRequestBody - Describes the request body for triggering a playbook on an incident. type ManualTriggerRequestBody struct { - // REQUIRED + // REQUIRED; The resource id of the playbook resource. LogicAppsResourceID *string - TenantID *string + + // The tenant id of the playbook resource. + TenantID *string } // MetadataAuthor - Publisher or creator of the content item. @@ -4782,7 +3027,7 @@ type MetadataModel struct { // Metadata properties Properties *MetadataProperties - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" ID *string // READ-ONLY; The name of the resource @@ -4797,29 +3042,14 @@ type MetadataModel struct { // MetadataPatch - Metadata patch request body. type MetadataPatch struct { - // Etag of the azure resource - Etag *string - // Metadata patch request body Properties *MetadataPropertiesPatch - - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} - ID *string - - // READ-ONLY; The name of the resource - Name *string - - // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. - SystemData *SystemData - - // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" - Type *string } // MetadataProperties - Metadata property bag. type MetadataProperties struct { // REQUIRED; The kind of content the metadata is for. - Kind *Kind + Kind *string // REQUIRED; Full parent resource ID of the content item the metadata is for. This is the full resource ID including the scope // (subscription and resource group) @@ -4915,7 +3145,7 @@ type MetadataPropertiesPatch struct { Icon *string // The kind of content the metadata is for. - Kind *Kind + Kind *string // last publish date for the solution content item LastPublishDate *time.Time @@ -4980,7 +3210,7 @@ type MetadataSupport struct { // MicrosoftSecurityIncidentCreationAlertRule - Represents MicrosoftSecurityIncidentCreation rule. type MicrosoftSecurityIncidentCreationAlertRule struct { - // REQUIRED; The kind of the alert rule + // REQUIRED; The alert rule kind Kind *AlertRuleKind // Etag of the azure resource @@ -4989,7 +3219,7 @@ type MicrosoftSecurityIncidentCreationAlertRule struct { // MicrosoftSecurityIncidentCreation rule properties Properties *MicrosoftSecurityIncidentCreationAlertRuleProperties - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" ID *string // READ-ONLY; The name of the resource @@ -5046,13 +3276,13 @@ type MicrosoftSecurityIncidentCreationAlertRuleProperties struct { // MicrosoftSecurityIncidentCreationAlertRuleTemplate - Represents MicrosoftSecurityIncidentCreation rule template. type MicrosoftSecurityIncidentCreationAlertRuleTemplate struct { - // REQUIRED; The kind of the alert rule + // REQUIRED; The alert rule kind Kind *AlertRuleKind // MicrosoftSecurityIncidentCreation rule template properties Properties *MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" ID *string // READ-ONLY; The name of the resource @@ -5096,7 +3326,7 @@ type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties struct { // The alerts' productName on which the cases will be generated ProductFilter *MicrosoftSecurityProductName - // The required data sources for this template + // The required data connectors for this template RequiredDataConnectors []*AlertRuleTemplateDataSource // the alerts' severities on which the cases will be generated @@ -5108,176 +3338,93 @@ type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties struct { // READ-ONLY; The time that this alert rule template has been added. CreatedDateUTC *time.Time - // READ-ONLY; The last time that this alert rule template has been updated. + // READ-ONLY; The time that this alert rule template was last updated. LastUpdatedDateUTC *time.Time } -// MtpCheckRequirements - Represents MTP (Microsoft Threat Protection) requirements check request. -type MtpCheckRequirements struct { - // REQUIRED; Describes the kind of connector to be checked. - Kind *DataConnectorKind - - // MTP (Microsoft Threat Protection) requirements check properties. - Properties *MTPCheckRequirementsProperties +// NoneAuthModel - Model for API authentication with no authentication method - public API. +type NoneAuthModel struct { + // REQUIRED; The auth type + Type *CcpAuthType } -// GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type MtpCheckRequirements. -func (m *MtpCheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements { - return &DataConnectorsCheckRequirements{ - Kind: m.Kind, +// GetCcpAuthConfig implements the CcpAuthConfigClassification interface for type NoneAuthModel. +func (n *NoneAuthModel) GetCcpAuthConfig() *CcpAuthConfig { + return &CcpAuthConfig{ + Type: n.Type, } } -// NicEntity - Represents an network interface entity. -type NicEntity struct { - // REQUIRED; The kind of the entity. - Kind *EntityKind - - // Network interface entity properties - Properties *NicEntityProperties - - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} - ID *string - - // READ-ONLY; The name of the resource - Name *string +// OAuthModel - Model for API authentication with OAuth2. +type OAuthModel struct { + // REQUIRED; The Application (client) ID that the OAuth provider assigned to your app. + ClientID *string - // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. - SystemData *SystemData + // REQUIRED; The Application (client) secret that the OAuth provider assigned to your app. + ClientSecret *string - // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" - Type *string -} + // REQUIRED; The grant type, usually will be 'authorization code'. + GrantType *string -// GetEntity implements the EntityClassification interface for type NicEntity. -func (n *NicEntity) GetEntity() *Entity { - return &Entity{ - ID: n.ID, - Kind: n.Kind, - Name: n.Name, - SystemData: n.SystemData, - Type: n.Type, - } -} + // REQUIRED; The token endpoint. Defines the OAuth2 refresh token. + TokenEndpoint *string -// NicEntityProperties - Nic entity property bag. -type NicEntityProperties struct { - // READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. - AdditionalData map[string]any + // REQUIRED; The auth type + Type *CcpAuthType - // READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property - // is optional and might be system generated. - FriendlyName *string + // Access token prepend. Default is 'Bearer'. + AccessTokenPrepend *string - // READ-ONLY; The IP entity id of this network interface - IPAddressEntityID *string + // The user's authorization code. + AuthorizationCode *string - // READ-ONLY; The MAC address of this network interface - MacAddress *string + // The authorization endpoint. + AuthorizationEndpoint *string - // READ-ONLY; A list of VLANs of the network interface entity. - Vlans []*string -} + // The authorization endpoint headers. + AuthorizationEndpointHeaders map[string]*string -// NrtAlertRule - Represents NRT alert rule. -type NrtAlertRule struct { - // REQUIRED; The kind of the alert rule - Kind *AlertRuleKind + // The authorization endpoint query parameters. + AuthorizationEndpointQueryParameters map[string]*string - // Etag of the azure resource - Etag *string + // Indicating whether we want to send the clientId and clientSecret to token endpoint in the headers. + IsCredentialsInHeaders *bool - // NRT alert rule properties - Properties *NrtAlertRuleProperties + // A value indicating whether it's a JWT flow. + IsJwtBearerFlow *bool - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} - ID *string + // The Application redirect url that the user config in the OAuth provider. + RedirectURI *string - // READ-ONLY; The name of the resource - Name *string + // The Application (client) Scope that the OAuth provider assigned to your app. + Scope *string - // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. - SystemData *SystemData + // The token endpoint headers. + TokenEndpointHeaders map[string]*string - // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" - Type *string + // The token endpoint query parameters. + TokenEndpointQueryParameters map[string]*string } -// GetAlertRule implements the AlertRuleClassification interface for type NrtAlertRule. -func (n *NrtAlertRule) GetAlertRule() *AlertRule { - return &AlertRule{ - Etag: n.Etag, - ID: n.ID, - Kind: n.Kind, - Name: n.Name, - SystemData: n.SystemData, - Type: n.Type, +// GetCcpAuthConfig implements the CcpAuthConfigClassification interface for type OAuthModel. +func (o *OAuthModel) GetCcpAuthConfig() *CcpAuthConfig { + return &CcpAuthConfig{ + Type: o.Type, } } -// NrtAlertRuleProperties - Nrt alert rule base property bag. -type NrtAlertRuleProperties struct { - // REQUIRED; The display name for alerts created by this alert rule. - DisplayName *string - - // REQUIRED; Determines whether this alert rule is enabled or disabled. - Enabled *bool - - // REQUIRED; The query that creates alerts for this rule. - Query *string - - // REQUIRED; The severity for alerts created by this alert rule. - Severity *AlertSeverity - - // REQUIRED; The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered. - SuppressionDuration *string - - // REQUIRED; Determines whether the suppression for this alert rule is enabled or disabled. - SuppressionEnabled *bool - - // The alert details override settings - AlertDetailsOverride *AlertDetailsOverride - - // The Name of the alert rule template used to create this rule. - AlertRuleTemplateName *string - - // Dictionary of string key-value pairs of columns to be attached to the alert - CustomDetails map[string]*string - - // The description of the alert rule. - Description *string - - // Array of the entity mappings of the alert rule - EntityMappings []*EntityMapping - - // The event grouping settings. - EventGroupingSettings *EventGroupingSettings - - // The settings of the incidents that created from alerts triggered by this analytics rule - IncidentConfiguration *IncidentConfiguration - - // The tactics of the alert rule - Tactics []*AttackTactic - - // The techniques of the alert rule - Techniques []*string - - // The version of the alert rule template used to create this rule - in format , where all are numbers, for example 0 - TemplateVersion *string - - // READ-ONLY; The last time that this alert rule has been modified. - LastModifiedUTC *time.Time -} +// OfficeDataConnector - Represents office data connector. +type OfficeDataConnector struct { + // REQUIRED; The data connector kind + Kind *DataConnectorKind -// NrtAlertRuleTemplate - Represents NRT alert rule template. -type NrtAlertRuleTemplate struct { - // REQUIRED; The kind of the alert rule - Kind *AlertRuleKind + // Etag of the azure resource + Etag *string - // NRT alert rule template properties - Properties *NrtAlertRuleTemplateProperties + // Office data connector properties. + Properties *OfficeDataConnectorProperties - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" ID *string // READ-ONLY; The name of the resource @@ -5290,181 +3437,139 @@ type NrtAlertRuleTemplate struct { Type *string } -// GetAlertRuleTemplate implements the AlertRuleTemplateClassification interface for type NrtAlertRuleTemplate. -func (n *NrtAlertRuleTemplate) GetAlertRuleTemplate() *AlertRuleTemplate { - return &AlertRuleTemplate{ - ID: n.ID, - Kind: n.Kind, - Name: n.Name, - SystemData: n.SystemData, - Type: n.Type, +// GetDataConnector implements the DataConnectorClassification interface for type OfficeDataConnector. +func (o *OfficeDataConnector) GetDataConnector() *DataConnector { + return &DataConnector{ + Etag: o.Etag, + ID: o.ID, + Kind: o.Kind, + Name: o.Name, + SystemData: o.SystemData, + Type: o.Type, } } -// NrtAlertRuleTemplateProperties - NRT alert rule template properties -type NrtAlertRuleTemplateProperties struct { - // The alert details override settings - AlertDetailsOverride *AlertDetailsOverride - - // the number of alert rules that were created by this template - AlertRulesCreatedByTemplateCount *int32 - - // Dictionary of string key-value pairs of columns to be attached to the alert - CustomDetails map[string]*string - - // The description of the alert rule template. - Description *string - - // The display name for alert rule template. - DisplayName *string - - // Array of the entity mappings of the alert rule - EntityMappings []*EntityMapping - - // The event grouping settings. - EventGroupingSettings *EventGroupingSettings - - // The query that creates alerts for this rule. - Query *string - - // The required data sources for this template - RequiredDataConnectors []*AlertRuleTemplateDataSource - - // The severity for alerts created by this alert rule. - Severity *AlertSeverity - - // The alert rule template status. - Status *TemplateStatus - - // The tactics of the alert rule - Tactics []*AttackTactic - - // The techniques of the alert rule - Techniques []*string - - // The version of this template - in format , where all are numbers. For example . - Version *string +// OfficeDataConnectorDataTypes - The available data types for office data connector. +type OfficeDataConnectorDataTypes struct { + // Exchange data type connection. + Exchange *OfficeDataConnectorDataTypesExchange - // READ-ONLY; The time that this alert rule template has been added. - CreatedDateUTC *time.Time + // SharePoint data type connection. + SharePoint *OfficeDataConnectorDataTypesSharePoint - // READ-ONLY; The last time that this alert rule template has been updated. - LastUpdatedDateUTC *time.Time + // Teams data type connection. + Teams *OfficeDataConnectorDataTypesTeams } -// Office365ProjectCheckRequirements - Represents Office365 Project requirements check request. -type Office365ProjectCheckRequirements struct { - // REQUIRED; Describes the kind of connector to be checked. - Kind *DataConnectorKind - - // Office365 Project requirements check properties. - Properties *Office365ProjectCheckRequirementsProperties +// OfficeDataConnectorDataTypesExchange - Exchange data type connection. +type OfficeDataConnectorDataTypesExchange struct { + // Describe whether this data type connection is enabled or not. + State *DataTypeState } -// GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type Office365ProjectCheckRequirements. -func (o *Office365ProjectCheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements { - return &DataConnectorsCheckRequirements{ - Kind: o.Kind, - } +// OfficeDataConnectorDataTypesSharePoint - SharePoint data type connection. +type OfficeDataConnectorDataTypesSharePoint struct { + // Describe whether this data type connection is enabled or not. + State *DataTypeState } -// Office365ProjectCheckRequirementsProperties - Office365 Project requirements check properties. -type Office365ProjectCheckRequirementsProperties struct { - // REQUIRED; The tenant id to connect to, and get the data from. - TenantID *string +// OfficeDataConnectorDataTypesTeams - Teams data type connection. +type OfficeDataConnectorDataTypesTeams struct { + // Describe whether this data type connection is enabled or not. + State *DataTypeState } -// Office365ProjectConnectorDataTypes - The available data types for Office Microsoft Project data connector. -type Office365ProjectConnectorDataTypes struct { - // REQUIRED; Logs data type. - Logs *Office365ProjectConnectorDataTypesLogs -} +// OfficeDataConnectorProperties - Office data connector properties. +type OfficeDataConnectorProperties struct { + // The available data types for the connector. + DataTypes *OfficeDataConnectorDataTypes -// Office365ProjectConnectorDataTypesLogs - Logs data type. -type Office365ProjectConnectorDataTypesLogs struct { - // REQUIRED; Describe whether this data type connection is enabled or not. - State *DataTypeState + // The tenant id to connect to, and get the data from. + TenantID *string } -// Office365ProjectDataConnector - Represents Office Microsoft Project data connector. -type Office365ProjectDataConnector struct { - // REQUIRED; The data connector kind - Kind *DataConnectorKind +// Operation provided by provider +type Operation struct { + // Properties of the operation + Display *OperationDisplay - // Etag of the azure resource - Etag *string + // Indicates whether the operation is a data action + IsDataAction *bool - // Office Microsoft Project data connector properties. - Properties *Office365ProjectDataConnectorProperties + // Name of the operation + Name *string - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} - ID *string + // The origin of the operation + Origin *string +} - // READ-ONLY; The name of the resource - Name *string +// OperationDisplay - Properties of the operation +type OperationDisplay struct { + // Description of the operation + Description *string - // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. - SystemData *SystemData + // Operation name + Operation *string - // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" - Type *string + // Provider name + Provider *string + + // Resource name + Resource *string } -// GetDataConnector implements the DataConnectorClassification interface for type Office365ProjectDataConnector. -func (o *Office365ProjectDataConnector) GetDataConnector() *DataConnector { - return &DataConnector{ - Etag: o.Etag, - ID: o.ID, - Kind: o.Kind, - Name: o.Name, - SystemData: o.SystemData, - Type: o.Type, - } +// OperationsList - Lists the operations available in the SecurityInsights RP. +type OperationsList struct { + // REQUIRED; Array of operations + Value []*Operation + + // READ-ONLY; URL to fetch the next set of operations. + NextLink *string } -// Office365ProjectDataConnectorProperties - Office Microsoft Project data connector properties. -type Office365ProjectDataConnectorProperties struct { - // REQUIRED; The available data types for the connector. - DataTypes *Office365ProjectConnectorDataTypes +// OracleAuthModel - Model for API authentication for Oracle. +type OracleAuthModel struct { + // REQUIRED; Content of the PRM file + PemFile *string + + // REQUIRED; Public Fingerprint + PublicFingerprint *string - // REQUIRED; The tenant id to connect to, and get the data from. + // REQUIRED; Oracle tenant ID TenantID *string -} -// OfficeATPCheckRequirements - Represents OfficeATP (Office 365 Advanced Threat Protection) requirements check request. -type OfficeATPCheckRequirements struct { - // REQUIRED; Describes the kind of connector to be checked. - Kind *DataConnectorKind + // REQUIRED; The auth type + Type *CcpAuthType - // OfficeATP (Office 365 Advanced Threat Protection) requirements check properties. - Properties *OfficeATPCheckRequirementsProperties + // REQUIRED; Oracle user ID + UserID *string } -// GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type OfficeATPCheckRequirements. -func (o *OfficeATPCheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements { - return &DataConnectorsCheckRequirements{ - Kind: o.Kind, +// GetCcpAuthConfig implements the CcpAuthConfigClassification interface for type OracleAuthModel. +func (o *OracleAuthModel) GetCcpAuthConfig() *CcpAuthConfig { + return &CcpAuthConfig{ + Type: o.Type, } } -// OfficeATPCheckRequirementsProperties - OfficeATP (Office 365 Advanced Threat Protection) requirements check properties. -type OfficeATPCheckRequirementsProperties struct { - // REQUIRED; The tenant id to connect to, and get the data from. - TenantID *string -} +// PackageList - List available packages. +type PackageList struct { + // REQUIRED; Array of packages. + Value []*PackageModel -// OfficeATPDataConnector - Represents OfficeATP (Office 365 Advanced Threat Protection) data connector. -type OfficeATPDataConnector struct { - // REQUIRED; The data connector kind - Kind *DataConnectorKind + // READ-ONLY; URL to fetch the next set of packages. + NextLink *string +} +// PackageModel - Represents a Package in Azure Security Insights. +type PackageModel struct { // Etag of the azure resource Etag *string - // OfficeATP (Office 365 Advanced Threat Protection) data connector properties. - Properties *OfficeATPDataConnectorProperties + // package properties + Properties *PackageProperties - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" ID *string // READ-ONLY; The name of the resource @@ -5477,172 +3582,126 @@ type OfficeATPDataConnector struct { Type *string } -// GetDataConnector implements the DataConnectorClassification interface for type OfficeATPDataConnector. -func (o *OfficeATPDataConnector) GetDataConnector() *DataConnector { - return &DataConnector{ - Etag: o.Etag, - ID: o.ID, - Kind: o.Kind, - Name: o.Name, - SystemData: o.SystemData, - Type: o.Type, - } -} +// PackageProperties - Describes package properties +type PackageProperties struct { + // The author of the package + Author *MetadataAuthor -// OfficeATPDataConnectorProperties - OfficeATP (Office 365 Advanced Threat Protection) data connector properties. -type OfficeATPDataConnectorProperties struct { - // REQUIRED; The tenant id to connect to, and get the data from. - TenantID *string + // The categories of the package + Categories *MetadataCategories - // The available data types for the connector. - DataTypes *AlertsDataTypeOfDataConnector -} + // The content id of the package + ContentID *string -// OfficeConsent - Consent for Office365 tenant that already made. -type OfficeConsent struct { - // Office consent properties - Properties *OfficeConsentProperties + // The package kind + ContentKind *PackageKind - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} - ID *string + // Unique ID for the content. It should be generated based on the contentId, contentKind and the contentVersion of the package + ContentProductID *string - // READ-ONLY; The name of the resource - Name *string + // The version of the content schema. + ContentSchemaVersion *string - // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. - SystemData *SystemData + // The support tier of the package + Dependencies *MetadataDependencies - // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" - Type *string -} + // The description of the package + Description *string -// OfficeConsentList - List of all the office365 consents. -type OfficeConsentList struct { - // REQUIRED; Array of the consents. - Value []*OfficeConsent + // The display name of the package + DisplayName *string - // READ-ONLY; URL to fetch the next set of office consents. - NextLink *string -} + // first publish date package item + FirstPublishDate *time.Time -// OfficeConsentProperties - Consent property bag. -type OfficeConsentProperties struct { - // Help to easily cascade among the data layers. - ConsentID *string + // the icon identifier. this id can later be fetched from the content metadata + Icon *string - // The tenantId of the Office365 with the consent. - TenantID *string -} + // Flag indicates if this template is deprecated + IsDeprecated *Flag -// OfficeDataConnector - Represents office data connector. -type OfficeDataConnector struct { - // REQUIRED; The data connector kind - Kind *DataConnectorKind + // Flag indicates if this package is among the featured list. + IsFeatured *Flag - // Etag of the azure resource - Etag *string + // Flag indicates if this is a newly published package. + IsNew *Flag - // Office data connector properties. - Properties *OfficeDataConnectorProperties + // Flag indicates if this package is in preview. + IsPreview *Flag - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} - ID *string + // last publish date for the package item + LastPublishDate *time.Time - // READ-ONLY; The name of the resource - Name *string + // Providers for the package item + Providers []*string - // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. - SystemData *SystemData + // The publisher display name of the package + PublisherDisplayName *string - // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" - Type *string -} + // The source of the package + Source *MetadataSource -// GetDataConnector implements the DataConnectorClassification interface for type OfficeDataConnector. -func (o *OfficeDataConnector) GetDataConnector() *DataConnector { - return &DataConnector{ - Etag: o.Etag, - ID: o.ID, - Kind: o.Kind, - Name: o.Name, - SystemData: o.SystemData, - Type: o.Type, - } -} + // The support tier of the package + Support *MetadataSupport -// OfficeDataConnectorDataTypes - The available data types for office data connector. -type OfficeDataConnectorDataTypes struct { - // REQUIRED; Exchange data type connection. - Exchange *OfficeDataConnectorDataTypesExchange + // the tactics the resource covers + ThreatAnalysisTactics []*string - // REQUIRED; SharePoint data type connection. - SharePoint *OfficeDataConnectorDataTypesSharePoint + // the techniques the resource covers, these have to be aligned with the tactics being used + ThreatAnalysisTechniques []*string - // REQUIRED; Teams data type connection. - Teams *OfficeDataConnectorDataTypesTeams + // the latest version number of the package + Version *string } -// OfficeDataConnectorDataTypesExchange - Exchange data type connection. -type OfficeDataConnectorDataTypesExchange struct { - // REQUIRED; Describe whether this data type connection is enabled or not. - State *DataTypeState +type PlaybookActionProperties struct { + // REQUIRED; The resource id of the playbook resource. + LogicAppResourceID *string + + // The tenant id of the playbook resource. + TenantID *string } -// OfficeDataConnectorDataTypesSharePoint - SharePoint data type connection. -type OfficeDataConnectorDataTypesSharePoint struct { - // REQUIRED; Describe whether this data type connection is enabled or not. - State *DataTypeState +// PremiumMdtiDataConnectorDataTypes - The available data types for Premium Microsoft Defender for Threat Intelligence data +// connector. +type PremiumMdtiDataConnectorDataTypes struct { + // REQUIRED; Data type for Premium Microsoft Defender for Threat Intelligence data connector. + Connector *PremiumMdtiDataConnectorDataTypesConnector } -// OfficeDataConnectorDataTypesTeams - Teams data type connection. -type OfficeDataConnectorDataTypesTeams struct { - // REQUIRED; Describe whether this data type connection is enabled or not. +// PremiumMdtiDataConnectorDataTypesConnector - Data type for Premium Microsoft Defender for Threat Intelligence data connector. +type PremiumMdtiDataConnectorDataTypesConnector struct { + // Describe whether this data type connection is enabled or not. State *DataTypeState } -// OfficeDataConnectorProperties - Office data connector properties. -type OfficeDataConnectorProperties struct { +// PremiumMdtiDataConnectorProperties - Premium Microsoft Defender for Threat Intelligence data connector properties. +type PremiumMdtiDataConnectorProperties struct { // REQUIRED; The available data types for the connector. - DataTypes *OfficeDataConnectorDataTypes - - // REQUIRED; The tenant id to connect to, and get the data from. - TenantID *string -} - -// OfficeIRMCheckRequirements - Represents OfficeIRM (Microsoft Insider Risk Management) requirements check request. -type OfficeIRMCheckRequirements struct { - // REQUIRED; Describes the kind of connector to be checked. - Kind *DataConnectorKind + DataTypes *PremiumMdtiDataConnectorDataTypes - // OfficeIRM (Microsoft Insider Risk Management) requirements check properties. - Properties *OfficeIRMCheckRequirementsProperties -} + // REQUIRED; The lookback period for the feed to be imported. + LookbackPeriod *string -// GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type OfficeIRMCheckRequirements. -func (o *OfficeIRMCheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements { - return &DataConnectorsCheckRequirements{ - Kind: o.Kind, - } -} + // The flag to indicate whether the tenant has the premium SKU required to access this connector. + RequiredSKUsPresent *bool -// OfficeIRMCheckRequirementsProperties - OfficeIRM (Microsoft Insider Risk Management) requirements check properties. -type OfficeIRMCheckRequirementsProperties struct { - // REQUIRED; The tenant id to connect to, and get the data from. + // The tenant id to connect to, and get the data from. TenantID *string } -// OfficeIRMDataConnector - Represents OfficeIRM (Microsoft Insider Risk Management) data connector. -type OfficeIRMDataConnector struct { +// PremiumMicrosoftDefenderForThreatIntelligence - Represents Premium Microsoft Defender for Threat Intelligence data connector. +type PremiumMicrosoftDefenderForThreatIntelligence struct { // REQUIRED; The data connector kind Kind *DataConnectorKind // Etag of the azure resource Etag *string - // OfficeIRM (Microsoft Insider Risk Management) data connector properties. - Properties *OfficeIRMDataConnectorProperties + // Premium Microsoft Defender for Threat Intelligence data connector properties. + Properties *PremiumMdtiDataConnectorProperties - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" ID *string // READ-ONLY; The name of the resource @@ -5655,73 +3714,105 @@ type OfficeIRMDataConnector struct { Type *string } -// GetDataConnector implements the DataConnectorClassification interface for type OfficeIRMDataConnector. -func (o *OfficeIRMDataConnector) GetDataConnector() *DataConnector { +// GetDataConnector implements the DataConnectorClassification interface for type PremiumMicrosoftDefenderForThreatIntelligence. +func (p *PremiumMicrosoftDefenderForThreatIntelligence) GetDataConnector() *DataConnector { return &DataConnector{ - Etag: o.Etag, - ID: o.ID, - Kind: o.Kind, - Name: o.Name, - SystemData: o.SystemData, - Type: o.Type, + Etag: p.Etag, + ID: p.ID, + Kind: p.Kind, + Name: p.Name, + SystemData: p.SystemData, + Type: p.Type, } } -// OfficeIRMDataConnectorProperties - OfficeIRM (Microsoft Insider Risk Management) data connector properties. -type OfficeIRMDataConnectorProperties struct { - // REQUIRED; The tenant id to connect to, and get the data from. - TenantID *string +// ProcessEntity - Represents a process entity. +type ProcessEntity struct { + // REQUIRED; The kind of the entity. + Kind *EntityKindEnum - // The available data types for the connector. - DataTypes *AlertsDataTypeOfDataConnector -} + // Process entity properties + Properties *ProcessEntityProperties -// OfficePowerBICheckRequirements - Represents Office PowerBI requirements check request. -type OfficePowerBICheckRequirements struct { - // REQUIRED; Describes the kind of connector to be checked. - Kind *DataConnectorKind + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" + ID *string + + // READ-ONLY; The name of the resource + Name *string + + // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. + SystemData *SystemData - // Office Power BI requirements check properties. - Properties *OfficePowerBICheckRequirementsProperties + // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" + Type *string } -// GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type OfficePowerBICheckRequirements. -func (o *OfficePowerBICheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements { - return &DataConnectorsCheckRequirements{ - Kind: o.Kind, +// GetEntity implements the EntityClassification interface for type ProcessEntity. +func (p *ProcessEntity) GetEntity() *Entity { + return &Entity{ + ID: p.ID, + Kind: p.Kind, + Name: p.Name, + SystemData: p.SystemData, + Type: p.Type, } } -// OfficePowerBICheckRequirementsProperties - Office PowerBI requirements check properties. -type OfficePowerBICheckRequirementsProperties struct { - // REQUIRED; The tenant id to connect to, and get the data from. - TenantID *string -} +// ProcessEntityProperties - Process entity property bag. +type ProcessEntityProperties struct { + // The elevation token associated with the process. + ElevationToken *ElevationToken -// OfficePowerBIConnectorDataTypes - The available data types for Office Microsoft PowerBI data connector. -type OfficePowerBIConnectorDataTypes struct { - // REQUIRED; Logs data type. - Logs *OfficePowerBIConnectorDataTypesLogs -} + // READ-ONLY; The account entity id running the processes. + AccountEntityID *string -// OfficePowerBIConnectorDataTypesLogs - Logs data type. -type OfficePowerBIConnectorDataTypesLogs struct { - // REQUIRED; Describe whether this data type connection is enabled or not. - State *DataTypeState + // READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. + AdditionalData map[string]any + + // READ-ONLY; The command line used to create the process + CommandLine *string + + // READ-ONLY; The time when the process started to run + CreationTimeUTC *time.Time + + // READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property + // is optional and might be system generated. + FriendlyName *string + + // READ-ONLY; The host entity id on which the process was running + HostEntityID *string + + // READ-ONLY; The session entity id in which the process was running + HostLogonSessionEntityID *string + + // READ-ONLY; Image file entity id + ImageFileEntityID *string + + // READ-ONLY; The parent process entity id. + ParentProcessEntityID *string + + // READ-ONLY; The process ID + ProcessID *string } -// OfficePowerBIDataConnector - Represents Office Microsoft PowerBI data connector. -type OfficePowerBIDataConnector struct { - // REQUIRED; The data connector kind - Kind *DataConnectorKind +// ProductPackageList - List available packages. +type ProductPackageList struct { + // REQUIRED; Array of packages. + Value []*ProductPackageModel + + // READ-ONLY; URL to fetch the next set of packages. + NextLink *string +} +// ProductPackageModel - Represents a Package in Azure Security Insights. +type ProductPackageModel struct { // Etag of the azure resource Etag *string - // Office Microsoft PowerBI data connector properties. - Properties *OfficePowerBIDataConnectorProperties + // package properties + Properties *ProductPackageProperties - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" ID *string // READ-ONLY; The name of the resource @@ -5734,117 +3825,105 @@ type OfficePowerBIDataConnector struct { Type *string } -// GetDataConnector implements the DataConnectorClassification interface for type OfficePowerBIDataConnector. -func (o *OfficePowerBIDataConnector) GetDataConnector() *DataConnector { - return &DataConnector{ - Etag: o.Etag, - ID: o.ID, - Kind: o.Kind, - Name: o.Name, - SystemData: o.SystemData, - Type: o.Type, - } -} +// ProductPackageProperties - Describes package properties +type ProductPackageProperties struct { + // The author of the package + Author *MetadataAuthor -// OfficePowerBIDataConnectorProperties - Office Microsoft PowerBI data connector properties. -type OfficePowerBIDataConnectorProperties struct { - // REQUIRED; The available data types for the connector. - DataTypes *OfficePowerBIConnectorDataTypes + // The categories of the package + Categories *MetadataCategories - // REQUIRED; The tenant id to connect to, and get the data from. - TenantID *string -} + // The content id of the package + ContentID *string -// Operation provided by provider -type Operation struct { - // Properties of the operation - Display *OperationDisplay + // The package kind + ContentKind *PackageKind - // Indicates whether the operation is a data action - IsDataAction *bool + // Unique ID for the content. It should be generated based on the contentId, contentKind and the contentVersion of the package + ContentProductID *string - // Name of the operation - Name *string + // The version of the content schema. + ContentSchemaVersion *string - // The origin of the operation - Origin *string -} + // The support tier of the package + Dependencies *MetadataDependencies -// OperationDisplay - Properties of the operation -type OperationDisplay struct { - // Description of the operation + // The description of the package Description *string - // Operation name - Operation *string + // The display name of the package + DisplayName *string - // Provider name - Provider *string + // first publish date package item + FirstPublishDate *time.Time - // Resource name - Resource *string -} + // the icon identifier. this id can later be fetched from the content metadata + Icon *string -// OperationsList - Lists the operations available in the SecurityInsights RP. -type OperationsList struct { - // REQUIRED; Array of operations - Value []*Operation + // The version of the installed package, null or absent means not installed. + InstalledVersion *string - // READ-ONLY; URL to fetch the next set of operations. - NextLink *string -} + // Flag indicates if this template is deprecated + IsDeprecated *Flag -// Permissions required for the connector -type Permissions struct { - // Customs permissions required for the connector - Customs []*PermissionsCustomsItem + // Flag indicates if this package is among the featured list. + IsFeatured *Flag - // Resource provider permissions required for the connector - ResourceProvider []*PermissionsResourceProviderItem -} + // Flag indicates if this is a newly published package. + IsNew *Flag -type PermissionsCustomsItem struct { - // Customs permissions description - Description *string + // Flag indicates if this package is in preview. + IsPreview *Flag - // Customs permissions name - Name *string -} + // last publish date for the package item + LastPublishDate *time.Time -type PermissionsResourceProviderItem struct { - // Permission description text - PermissionsDisplayText *string + // The metadata resource id. + MetadataResourceID *string - // Provider name - Provider *ProviderName + // The json of the ARM template to deploy. Expandable. + PackagedContent any - // Permission provider display name - ProviderDisplayName *string + // Providers for the package item + Providers []*string + + // The publisher display name of the package + PublisherDisplayName *string + + // The source of the package + Source *MetadataSource - // Required permissions for the connector - RequiredPermissions *RequiredPermissions + // The support tier of the package + Support *MetadataSupport + + // the tactics the resource covers + ThreatAnalysisTactics []*string - // Permission provider scope - Scope *PermissionProviderScope + // the techniques the resource covers, these have to be aligned with the tactics being used + ThreatAnalysisTechniques []*string + + // the latest version number of the package + Version *string } -type PlaybookActionProperties struct { - // The resource id of the playbook resource. - LogicAppResourceID *string +// ProductTemplateList - List of all the template. +type ProductTemplateList struct { + // REQUIRED; Array of templates. + Value []*ProductTemplateModel - // The tenant id of the playbook resource. - TenantID *string + // READ-ONLY; URL to fetch the next page of template. + NextLink *string } -// ProcessEntity - Represents a process entity. -type ProcessEntity struct { - // REQUIRED; The kind of the entity. - Kind *EntityKind +// ProductTemplateModel - Template resource definition. +type ProductTemplateModel struct { + // Etag of the azure resource + Etag *string - // Process entity properties - Properties *ProcessEntityProperties + // template properties + Properties *ProductTemplateProperties - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" ID *string // READ-ONLY; The name of the resource @@ -5857,52 +3936,94 @@ type ProcessEntity struct { Type *string } -// GetEntity implements the EntityClassification interface for type ProcessEntity. -func (p *ProcessEntity) GetEntity() *Entity { - return &Entity{ - ID: p.ID, - Kind: p.Kind, - Name: p.Name, - SystemData: p.SystemData, - Type: p.Type, - } -} +// ProductTemplateProperties - Template property bag. +type ProductTemplateProperties struct { + // The creator of the content item. + Author *MetadataAuthor -// ProcessEntityProperties - Process entity property bag. -type ProcessEntityProperties struct { - // The elevation token associated with the process. - ElevationToken *ElevationToken + // Categories for the item + Categories *MetadataCategories - // READ-ONLY; The account entity id running the processes. - AccountEntityID *string + // Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for + // out of the box content and solutions. Dynamic for user-created. This is the + // resource name + ContentID *string - // READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. - AdditionalData map[string]any + // The kind of content the template is for. + ContentKind *Kind - // READ-ONLY; The command line used to create the process - CommandLine *string + // Unique ID for the content. It should be generated based on the contentId of the package, contentId of the template, contentKind + // of the template and the contentVersion of the template + ContentProductID *string - // READ-ONLY; The time when the process started to run - CreationTimeUTC *time.Time + // Schema version of the content. Can be used to distinguish between different flow based on the schema version + ContentSchemaVersion *string - // READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property - // is optional and might be system generated. - FriendlyName *string + // The custom version of the content. A optional free text + CustomVersion *string - // READ-ONLY; The host entity id on which the process was running - HostEntityID *string + // Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies + // using a recursive/nested structure. For a single dependency an id/kind/version + // can be supplied or operator/criteria for complex formats. + Dependencies *MetadataDependencies - // READ-ONLY; The session entity id in which the process was running - HostLogonSessionEntityID *string + // The display name of the template + DisplayName *string - // READ-ONLY; Image file entity id - ImageFileEntityID *string + // first publish date content item + FirstPublishDate *time.Time - // READ-ONLY; The parent process entity id. - ParentProcessEntityID *string + // the icon identifier. this id can later be fetched from the content metadata + Icon *string - // READ-ONLY; The process ID - ProcessID *string + // last publish date for the content item + LastPublishDate *time.Time + + // the package Id contains this template + PackageID *string + + // the packageKind of the package contains this template + PackageKind *PackageKind + + // the name of the package contains this template + PackageName *string + + // Version of the package. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata + // best practices. Can also be any string, but then we cannot guarantee any version + // checks + PackageVersion *string + + // The json of the ARM template to deploy + PackagedContent any + + // preview image file names. These will be taken from the solution artifacts + PreviewImages []*string + + // preview image file names. These will be taken from the solution artifacts. used for dark theme support + PreviewImagesDark []*string + + // Providers for the content item + Providers []*string + + // Source of the content. This is where/how it was created. + Source *MetadataSource + + // Support information for the template - type, name, contact information + Support *MetadataSupport + + // the tactics the resource covers + ThreatAnalysisTactics []*string + + // the techniques the resource covers, these have to be aligned with the tactics being used + ThreatAnalysisTechniques []*string + + // Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata + // best practices. Can also be any string, but then we cannot guarantee any version + // checks + Version *string + + // READ-ONLY; Flag indicates if this template is deprecated + IsDeprecated *Flag } // PropertyArrayChangedConditionProperties - Describes an automation rule condition that evaluates an array property's value @@ -5923,7 +4044,9 @@ func (p *PropertyArrayChangedConditionProperties) GetAutomationRuleCondition() * // PropertyArrayConditionProperties - Describes an automation rule condition that evaluates an array property's value type PropertyArrayConditionProperties struct { // REQUIRED - ConditionType *ConditionType + ConditionType *ConditionType + + // Describes an automation rule condition on array properties. ConditionProperties *AutomationRulePropertyArrayValuesCondition } @@ -5962,15 +4085,24 @@ func (p *PropertyConditionProperties) GetAutomationRuleCondition() *AutomationRu } } +// PullRequest - Information regarding pull request for protected branches. +type PullRequest struct { + // READ-ONLY; State of the pull request + State *State + + // READ-ONLY; URL of pull request + URL *string +} + // RegistryKeyEntity - Represents a registry key entity. type RegistryKeyEntity struct { // REQUIRED; The kind of the entity. - Kind *EntityKind + Kind *EntityKindEnum // RegistryKey entity properties Properties *RegistryKeyEntityProperties - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" ID *string // READ-ONLY; The name of the resource @@ -6013,12 +4145,12 @@ type RegistryKeyEntityProperties struct { // RegistryValueEntity - Represents a registry value entity. type RegistryValueEntity struct { // REQUIRED; The kind of the entity. - Kind *EntityKind + Kind *EntityKindEnum // RegistryKey entity properties Properties *RegistryValueEntityProperties - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" ID *string // READ-ONLY; The name of the resource @@ -6073,7 +4205,7 @@ type Relation struct { // Relation properties Properties *RelationProperties - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" ID *string // READ-ONLY; The name of the resource @@ -6118,6 +4250,9 @@ type Repo struct { // The name of the repository. FullName *string + // The installation id of the repository. + InstallationID *int64 + // The url to access the repository. URL *string } @@ -6133,52 +4268,215 @@ type RepoList struct { // Repository - metadata of a repository. type Repository struct { - // Branch name of repository. + // REQUIRED; Branch name of repository. Branch *string - // Url to access repository action logs. - DeploymentLogsURL *string + // REQUIRED; Url of repository. + URL *string // Display url of repository. DisplayURL *string - // Dictionary of source control content type and path mapping. - PathMapping []*ContentPathMap + // READ-ONLY; Url to access repository action logs. + DeploymentLogsURL *string +} - // Url of repository. - URL *string +// RepositoryAccess - Credentials to access repository. +type RepositoryAccess struct { + // REQUIRED; The kind of repository access credentials + Kind *RepositoryAccessKind + + // OAuth ClientId. Required when kind is OAuth + ClientID *string + + // OAuth Code. Required when kind is OAuth + Code *string + + // Application installation ID. Required when kind is App. Supported by GitHub only. + InstallationID *string + + // OAuth State. Required when kind is OAuth + State *string + + // Personal Access Token. Required when kind is PAT + Token *string +} + +// RepositoryAccessObject - Credentials to access repository. +type RepositoryAccessObject struct { + // REQUIRED; RepositoryAccess properties + RepositoryAccess *RepositoryAccess +} + +// RepositoryAccessProperties - Credentials to access repository. +type RepositoryAccessProperties struct { + // REQUIRED; RepositoryAccess properties + Properties *RepositoryAccessObject } // RepositoryResourceInfo - Resources created in user's repository for the source-control. type RepositoryResourceInfo struct { - // Resources created in Azure DevOps for this source-control. + // The webhook object created for the source-control. + Webhook *Webhook + + // READ-ONLY; Resources created in Azure DevOps for this source-control. AzureDevOpsResourceInfo *AzureDevOpsResourceInfo - // Resources created in GitHub for this source-control. + // READ-ONLY; Resources created in GitHub for this source-control. GitHubResourceInfo *GitHubResourceInfo - - // The webhook object created for the source-control. - Webhook *Webhook } -// RequiredPermissions - Required permissions for the connector -type RequiredPermissions struct { - // action permission +// ResourceProviderRequiredPermissions - Required permissions for the connector resource provider that define in ResourceProviders. +// For more information about the permissions see here. +type ResourceProviderRequiredPermissions struct { + // Gets or sets a value indicating whether the permission is custom actions (POST). Action *bool - // delete permission + // Gets or sets a value indicating whether the permission is delete action (DELETE). Delete *bool - // read permission + // Gets or sets a value indicating whether the permission is read action (GET). Read *bool - // write permission + // Gets or sets a value indicating whether the permission is write action (PUT or PATCH). Write *bool } +// RestAPIPollerDataConnector - Represents Rest Api Poller data connector. +type RestAPIPollerDataConnector struct { + // REQUIRED; The data connector kind + Kind *DataConnectorKind + + // Etag of the azure resource + Etag *string + + // Rest Api Poller data connector properties. + Properties *RestAPIPollerDataConnectorProperties + + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" + ID *string + + // READ-ONLY; The name of the resource + Name *string + + // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. + SystemData *SystemData + + // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" + Type *string +} + +// GetDataConnector implements the DataConnectorClassification interface for type RestAPIPollerDataConnector. +func (r *RestAPIPollerDataConnector) GetDataConnector() *DataConnector { + return &DataConnector{ + Etag: r.Etag, + ID: r.ID, + Kind: r.Kind, + Name: r.Name, + SystemData: r.SystemData, + Type: r.Type, + } +} + +// RestAPIPollerDataConnectorProperties - Rest Api Poller data connector properties. +type RestAPIPollerDataConnectorProperties struct { + // REQUIRED; The a authentication model. + Auth CcpAuthConfigClassification + + // REQUIRED; The connector definition name (the dataConnectorDefinition resource id). + ConnectorDefinitionName *string + + // REQUIRED; The request configuration. + Request *RestAPIPollerRequestConfig + + // The add on attributes. The key name will become attribute name (a column) and the value will become the attribute value + // in the payload. + AddOnAttributes map[string]*string + + // The Log Analytics table destination. + DataType *string + + // The DCR related properties. + DcrConfig *DCRConfiguration + + // Indicates whether the connector is active or not. + IsActive *bool + + // The paging configuration. + Paging *RestAPIPollerRequestPagingConfig + + // The response configuration. + Response *CcpResponseConfig +} + +// RestAPIPollerRequestConfig - The request configuration. +type RestAPIPollerRequestConfig struct { + // REQUIRED; The API endpoint. + APIEndpoint *string + + // The query parameter name which the remote server expect to end query. This property goes hand to hand with startTimeAttributeName + EndTimeAttributeName *string + + // The HTTP method, default value GET. + HTTPMethod *HTTPMethodVerb + + // The header for the request for the remote server. + Headers map[string]*string + + // Flag to indicate if HTTP POST payload is in JSON format (vs form-urlencoded). + IsPostPayloadJSON *bool + + // The HTTP query parameters to RESTful API. + QueryParameters map[string]any + + // the query parameters template. Defines the query parameters template to use when passing query parameters in advanced scenarios. + QueryParametersTemplate *string + + // The query time format. A remote server can have a query to pull data from range 'start' to 'end'. This property indicate + // what is the expected time format the remote server know to parse. + QueryTimeFormat *string + + // The query parameter name which we need to send the server for query logs in time interval. Should be defined with queryTimeIntervalPrepend + // and queryTimeIntervalDelimiter + QueryTimeIntervalAttributeName *string + + // The delimiter string between 2 QueryTimeFormat in the query parameter queryTimeIntervalAttributeName. + QueryTimeIntervalDelimiter *string + + // The string prepend to the value of the query parameter in queryTimeIntervalAttributeName. + QueryTimeIntervalPrepend *string + + // The query window in minutes for the request. + QueryWindowInMin *int32 + + // The Rate limit queries per second for the request.. + RateLimitQPS *int32 + + // The retry count. + RetryCount *int32 + + // The query parameter name which the remote server expect to start query. This property goes hand to hand with endTimeAttributeName. + StartTimeAttributeName *string + + // The timeout in seconds. + TimeoutInSeconds *int32 +} + +// RestAPIPollerRequestPagingConfig - The request paging configuration. +type RestAPIPollerRequestPagingConfig struct { + // REQUIRED; Type of paging + PagingType *RestAPIPollerRequestPagingKind + + // Page size + PageSize *int32 + + // Page size parameter name + PageSizeParameterName *string +} + // ScheduledAlertRule - Represents scheduled alert rule. type ScheduledAlertRule struct { - // REQUIRED; The kind of the alert rule + // REQUIRED; The alert rule kind Kind *AlertRuleKind // Etag of the azure resource @@ -6187,7 +4485,7 @@ type ScheduledAlertRule struct { // Scheduled alert rule properties Properties *ScheduledAlertRuleProperties - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" ID *string // READ-ONLY; The name of the resource @@ -6280,13 +4578,13 @@ type ScheduledAlertRuleProperties struct { // ScheduledAlertRuleTemplate - Represents scheduled alert rule template. type ScheduledAlertRuleTemplate struct { - // REQUIRED; The kind of the alert rule + // REQUIRED; The alert rule kind Kind *AlertRuleKind // Scheduled alert rule template properties Properties *ScheduledAlertRuleTemplateProperties - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" ID *string // READ-ONLY; The name of the resource @@ -6354,7 +4652,7 @@ type ScheduledAlertRuleTemplateProperties struct { // The tactics of the alert rule template Tactics []*AttackTactic - // The techniques of the alert rule + // The techniques of the alert rule template Techniques []*string // The operation against the threshold that triggers alert rule. @@ -6376,12 +4674,12 @@ type ScheduledAlertRuleTemplateProperties struct { // SecurityAlert - Represents a security alert entity. type SecurityAlert struct { // REQUIRED; The kind of the entity. - Kind *EntityKind + Kind *EntityKindEnum // SecurityAlert entity properties Properties *SecurityAlertProperties - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" ID *string // READ-ONLY; The name of the resource @@ -6500,55 +4798,15 @@ type SecurityAlertPropertiesConfidenceReasonsItem struct { ReasonType *string } -// SecurityAlertTimelineItem - Represents security alert timeline item. -type SecurityAlertTimelineItem struct { - // REQUIRED; The name of the alert type. - AlertType *string - - // REQUIRED; The alert azure resource id. - AzureResourceID *string - - // REQUIRED; The alert name. - DisplayName *string - - // REQUIRED; The alert end time. - EndTimeUTC *time.Time - - // REQUIRED; The entity query kind type. - Kind *EntityTimelineKind - - // REQUIRED; The alert severity. - Severity *AlertSeverity - - // REQUIRED; The alert start time. - StartTimeUTC *time.Time - - // REQUIRED; The alert generated time. - TimeGenerated *time.Time - - // The alert description. - Description *string - - // The alert product name. - ProductName *string -} - -// GetEntityTimelineItem implements the EntityTimelineItemClassification interface for type SecurityAlertTimelineItem. -func (s *SecurityAlertTimelineItem) GetEntityTimelineItem() *EntityTimelineItem { - return &EntityTimelineItem{ - Kind: s.Kind, - } -} - // SecurityGroupEntity - Represents a security group entity. type SecurityGroupEntity struct { // REQUIRED; The kind of the entity. - Kind *EntityKind + Kind *EntityKindEnum // SecurityGroup entity properties Properties *SecurityGroupEntityProperties - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" ID *string // READ-ONLY; The name of the resource @@ -6599,7 +4857,7 @@ type SecurityMLAnalyticsSetting struct { // Etag of the azure resource Etag *string - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" ID *string // READ-ONLY; The name of the resource @@ -6643,7 +4901,7 @@ type SentinelOnboardingState struct { // The Sentinel onboarding state object Properties *SentinelOnboardingStateProperties - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" ID *string // READ-ONLY; The name of the resource @@ -6668,45 +4926,67 @@ type SentinelOnboardingStatesList struct { Value []*SentinelOnboardingState } -// SettingList - List of all the settings. -type SettingList struct { - // REQUIRED; Array of settings. - Value []SettingsClassification +// ServicePrincipal - Service principal metadata. +type ServicePrincipal struct { + // Expiration time of service principal credentials. + CredentialsExpireOn *time.Time + + // READ-ONLY; App id of service principal. + AppID *string + + // READ-ONLY; Id of service principal. + ID *string + + // READ-ONLY; Tenant id of service principal. + TenantID *string } -// Settings - The Setting. -type Settings struct { - // REQUIRED; The kind of the setting - Kind *SettingKind +// SessionAuthModel - Model for API authentication with session cookie. +type SessionAuthModel struct { + // REQUIRED; The password attribute name. + Password map[string]*string - // Etag of the azure resource - Etag *string + // REQUIRED; The auth type + Type *CcpAuthType - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} - ID *string + // REQUIRED; The user name attribute key value. + UserName map[string]*string - // READ-ONLY; The name of the resource - Name *string + // HTTP request headers to session service endpoint. + Headers map[string]*string - // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. - SystemData *SystemData + // Indicating whether API key is set in HTTP POST payload. + IsPostPayloadJSON *bool - // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" - Type *string + // Query parameters to session service endpoint. + QueryParameters map[string]any + + // Session id attribute name from HTTP response header. + SessionIDName *string + + // HTTP request URL to session service endpoint. + SessionLoginRequestURI *string + + // Session timeout in minutes. + SessionTimeoutInMinutes *int32 } -// GetSettings implements the SettingsClassification interface for type Settings. -func (s *Settings) GetSettings() *Settings { return s } +// GetCcpAuthConfig implements the CcpAuthConfigClassification interface for type SessionAuthModel. +func (s *SessionAuthModel) GetCcpAuthConfig() *CcpAuthConfig { + return &CcpAuthConfig{ + Type: s.Type, + } +} // SourceControl - Represents a SourceControl in Azure Security Insights. type SourceControl struct { + // REQUIRED; source control properties + Properties *SourceControlProperties + // Etag of the azure resource Etag *string - // source control properties - Properties *SourceControlProperties - - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" ID *string // READ-ONLY; The name of the resource @@ -6745,28 +5025,37 @@ type SourceControlProperties struct { // A description of the source control Description *string - // The id (a Guid) of the source control + // Repository access credentials. This is write-only object and it never returns back to a user. + RepositoryAccess *RepositoryAccess + + // Information regarding the resources created in user's repository. + RepositoryResourceInfo *RepositoryResourceInfo + + // Service principal metadata. + ServicePrincipal *ServicePrincipal + + // READ-ONLY; The id (a Guid) of the source control ID *string - // Information regarding the latest deployment for the source control. + // READ-ONLY; Information regarding the latest deployment for the source control. LastDeploymentInfo *DeploymentInfo - // Information regarding the resources created in user's repository. - RepositoryResourceInfo *RepositoryResourceInfo + // READ-ONLY; Information regarding the pull request of the source control. + PullRequest *PullRequest - // The version number associated with the source control + // READ-ONLY; The version number associated with the source control Version *Version } // SubmissionMailEntity - Represents a submission mail entity. type SubmissionMailEntity struct { // REQUIRED; The kind of the entity. - Kind *EntityKind + Kind *EntityKindEnum // Submission mail entity properties Properties *SubmissionMailEntityProperties - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" ID *string // READ-ONLY; The name of the resource @@ -6848,29 +5137,7 @@ type SystemData struct { LastModifiedBy *string // The type of identity that last modified the resource. - LastModifiedByType *CreatedByType -} - -// TICheckRequirements - Threat Intelligence Platforms data connector check requirements -type TICheckRequirements struct { - // REQUIRED; Describes the kind of connector to be checked. - Kind *DataConnectorKind - - // Threat Intelligence Platforms data connector check required properties - Properties *TICheckRequirementsProperties -} - -// GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type TICheckRequirements. -func (t *TICheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements { - return &DataConnectorsCheckRequirements{ - Kind: t.Kind, - } -} - -// TICheckRequirementsProperties - Threat Intelligence Platforms data connector required properties. -type TICheckRequirementsProperties struct { - // REQUIRED; The tenant id to connect to, and get the data from. - TenantID *string + LastModifiedByType *CreatedByType } // TIDataConnector - Represents threat intelligence data connector. @@ -6884,7 +5151,7 @@ type TIDataConnector struct { // TI (Threat Intelligence) data connector properties. Properties *TIDataConnectorProperties - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" ID *string // READ-ONLY; The name of the resource @@ -6911,94 +5178,46 @@ func (t *TIDataConnector) GetDataConnector() *DataConnector { // TIDataConnectorDataTypes - The available data types for TI (Threat Intelligence) data connector. type TIDataConnectorDataTypes struct { - // REQUIRED; Data type for indicators connection. + // Data type for indicators connection. Indicators *TIDataConnectorDataTypesIndicators } // TIDataConnectorDataTypesIndicators - Data type for indicators connection. type TIDataConnectorDataTypesIndicators struct { - // REQUIRED; Describe whether this data type connection is enabled or not. + // Describe whether this data type connection is enabled or not. State *DataTypeState } // TIDataConnectorProperties - TI (Threat Intelligence) data connector properties. type TIDataConnectorProperties struct { - // REQUIRED; The available data types for the connector. + // The available data types for the connector. DataTypes *TIDataConnectorDataTypes - // REQUIRED; The tenant id to connect to, and get the data from. + // The tenant id to connect to, and get the data from. TenantID *string // The lookback period for the feed to be imported. TipLookbackPeriod *time.Time } -// TeamInformation - Describes team information -type TeamInformation struct { - // READ-ONLY; The description of the team - Description *string - - // READ-ONLY; The name of the team - Name *string - - // READ-ONLY; The primary channel URL of the team - PrimaryChannelURL *string - - // READ-ONLY; The time the team was created - TeamCreationTimeUTC *time.Time - - // READ-ONLY; Team ID - TeamID *string -} - -// TeamProperties - Describes team properties -type TeamProperties struct { - // REQUIRED; The name of the team - TeamName *string - - // List of group IDs to add their members to the team - GroupIDs []*string - - // List of member IDs to add to the team - MemberIDs []*string - - // The description of the team - TeamDescription *string -} - -// ThreatIntelligence property bag. -type ThreatIntelligence struct { - // READ-ONLY; Confidence (must be between 0 and 1) - Confidence *float64 - - // READ-ONLY; Name of the provider from whom this Threat Intelligence information was received - ProviderName *string - - // READ-ONLY; Report link - ReportLink *string - - // READ-ONLY; Threat description (free text) - ThreatDescription *string - - // READ-ONLY; Threat name (e.g. "Jedobot malware") - ThreatName *string +// TemplateList - List of all the template. +type TemplateList struct { + // REQUIRED; Array of templates. + Value []*TemplateModel - // READ-ONLY; Threat type (e.g. "Botnet") - ThreatType *string + // READ-ONLY; URL to fetch the next page of template. + NextLink *string } -// ThreatIntelligenceAlertRule - Represents Threat Intelligence alert rule. -type ThreatIntelligenceAlertRule struct { - // REQUIRED; The kind of the alert rule - Kind *AlertRuleKind - +// TemplateModel - Template resource definition. +type TemplateModel struct { // Etag of the azure resource Etag *string - // Threat Intelligence alert rule properties - Properties *ThreatIntelligenceAlertRuleProperties + // template properties + Properties *TemplateProperties - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" ID *string // READ-ONLY; The name of the resource @@ -7011,108 +5230,118 @@ type ThreatIntelligenceAlertRule struct { Type *string } -// GetAlertRule implements the AlertRuleClassification interface for type ThreatIntelligenceAlertRule. -func (t *ThreatIntelligenceAlertRule) GetAlertRule() *AlertRule { - return &AlertRule{ - Etag: t.Etag, - ID: t.ID, - Kind: t.Kind, - Name: t.Name, - SystemData: t.SystemData, - Type: t.Type, - } -} +// TemplateProperties - Template property bag. +type TemplateProperties struct { + // The creator of the content item. + Author *MetadataAuthor -// ThreatIntelligenceAlertRuleProperties - Threat Intelligence alert rule base property bag. -type ThreatIntelligenceAlertRuleProperties struct { - // REQUIRED; The Name of the alert rule template used to create this rule. - AlertRuleTemplateName *string + // Categories for the item + Categories *MetadataCategories - // REQUIRED; Determines whether this alert rule is enabled or disabled. - Enabled *bool + // Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for + // out of the box content and solutions. Dynamic for user-created. This is the + // resource name + ContentID *string - // READ-ONLY; The description of the alert rule. - Description *string + // The kind of content the template is for. + ContentKind *Kind - // READ-ONLY; The display name for alerts created by this alert rule. + // Unique ID for the content. It should be generated based on the contentId of the package, contentId of the template, contentKind + // of the template and the contentVersion of the template + ContentProductID *string + + // Schema version of the content. Can be used to distinguish between different flow based on the schema version + ContentSchemaVersion *string + + // The custom version of the content. A optional free text + CustomVersion *string + + // Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies + // using a recursive/nested structure. For a single dependency an id/kind/version + // can be supplied or operator/criteria for complex formats. + Dependencies *MetadataDependencies + + // The display name of the template DisplayName *string - // READ-ONLY; The last time that this alert has been modified. - LastModifiedUTC *time.Time + // first publish date content item + FirstPublishDate *time.Time - // READ-ONLY; The severity for alerts created by this alert rule. - Severity *AlertSeverity + // the icon identifier. this id can later be fetched from the content metadata + Icon *string - // READ-ONLY; The tactics of the alert rule - Tactics []*AttackTactic + // last publish date for the content item + LastPublishDate *time.Time - // READ-ONLY; The techniques of the alert rule - Techniques []*string -} + // The JSON of the ARM template to deploy active content. Expandable. + MainTemplate any -// ThreatIntelligenceAlertRuleTemplate - Represents Threat Intelligence alert rule template. -type ThreatIntelligenceAlertRuleTemplate struct { - // REQUIRED; The kind of the alert rule - Kind *AlertRuleKind + // the package Id contains this template + PackageID *string - // Threat Intelligence alert rule template properties - Properties *ThreatIntelligenceAlertRuleTemplateProperties + // the packageKind of the package contains this template + PackageKind *PackageKind - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} - ID *string + // the name of the package contains this template + PackageName *string - // READ-ONLY; The name of the resource - Name *string + // Version of the package. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata + // best practices. Can also be any string, but then we cannot guarantee any version + // checks + PackageVersion *string - // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. - SystemData *SystemData + // preview image file names. These will be taken from the solution artifacts + PreviewImages []*string - // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" - Type *string -} + // preview image file names. These will be taken from the solution artifacts. used for dark theme support + PreviewImagesDark []*string -// GetAlertRuleTemplate implements the AlertRuleTemplateClassification interface for type ThreatIntelligenceAlertRuleTemplate. -func (t *ThreatIntelligenceAlertRuleTemplate) GetAlertRuleTemplate() *AlertRuleTemplate { - return &AlertRuleTemplate{ - ID: t.ID, - Kind: t.Kind, - Name: t.Name, - SystemData: t.SystemData, - Type: t.Type, - } -} + // Providers for the content item + Providers []*string -// ThreatIntelligenceAlertRuleTemplateProperties - Threat Intelligence alert rule template properties -type ThreatIntelligenceAlertRuleTemplateProperties struct { - // REQUIRED; The severity for alerts created by this alert rule. - Severity *AlertSeverity + // Source of the content. This is where/how it was created. + Source *MetadataSource - // the number of alert rules that were created by this template - AlertRulesCreatedByTemplateCount *int32 + // Support information for the template - type, name, contact information + Support *MetadataSupport - // The description of the alert rule template. - Description *string + // the tactics the resource covers + ThreatAnalysisTactics []*string - // The display name for alert rule template. - DisplayName *string + // the techniques the resource covers, these have to be aligned with the tactics being used + ThreatAnalysisTechniques []*string - // The required data sources for this template - RequiredDataConnectors []*AlertRuleTemplateDataSource + // Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM metadata + // best practices. Can also be any string, but then we cannot guarantee any version + // checks + Version *string - // The alert rule template status. - Status *TemplateStatus + // READ-ONLY; Dependant templates. Expandable. + DependantTemplates []*TemplateProperties - // The tactics of the alert rule - Tactics []*AttackTactic + // READ-ONLY; Flag indicates if this template is deprecated + IsDeprecated *Flag +} - // The techniques of the alert rule - Techniques []*string +// ThreatIntelligence property bag. +type ThreatIntelligence struct { + // READ-ONLY; Confidence (must be between 0 and 1) + Confidence *float64 - // READ-ONLY; The time that this alert rule template has been added. - CreatedDateUTC *time.Time + // READ-ONLY; Name of the provider from whom this Threat Intelligence information was received + ProviderName *string - // READ-ONLY; The last time that this alert rule template has been updated. - LastUpdatedDateUTC *time.Time + // READ-ONLY; Report link + ReportLink *string + + // READ-ONLY; Threat description (free text) + ThreatDescription *string + + // READ-ONLY; Threat name (e.g. "Jedobot malware") + ThreatName *string + + // READ-ONLY; Threat type (e.g. "Botnet") + ThreatType *string } // ThreatIntelligenceAppendTags - Array of tags to be appended to the threat intelligence indicator. @@ -7196,7 +5425,7 @@ type ThreatIntelligenceGranularMarkingModel struct { // ThreatIntelligenceIndicatorModel - Threat intelligence indicator entity. type ThreatIntelligenceIndicatorModel struct { // REQUIRED; The kind of the entity. - Kind *ThreatIntelligenceResourceKindEnum + Kind *ThreatIntelligenceResourceInnerKind // Etag of the azure resource Etag *string @@ -7204,7 +5433,7 @@ type ThreatIntelligenceIndicatorModel struct { // Threat Intelligence Entity properties Properties *ThreatIntelligenceIndicatorProperties - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" ID *string // READ-ONLY; The name of the resource @@ -7326,12 +5555,12 @@ type ThreatIntelligenceIndicatorProperties struct { // ThreatIntelligenceInformation - Threat intelligence information object. type ThreatIntelligenceInformation struct { // REQUIRED; The kind of the entity. - Kind *ThreatIntelligenceResourceKindEnum + Kind *ThreatIntelligenceResourceInnerKind // Etag of the azure resource Etag *string - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" ID *string // READ-ONLY; The name of the resource @@ -7427,154 +5656,18 @@ type ThreatIntelligenceSortingCriteria struct { ItemKey *string // Sorting order (ascending/descending/unsorted). - SortOrder *ThreatIntelligenceSortingCriteriaEnum -} - -// TiTaxiiCheckRequirements - Threat Intelligence TAXII data connector check requirements -type TiTaxiiCheckRequirements struct { - // REQUIRED; Describes the kind of connector to be checked. - Kind *DataConnectorKind - - // Threat Intelligence TAXII check required properties. - Properties *TiTaxiiCheckRequirementsProperties -} - -// GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type TiTaxiiCheckRequirements. -func (t *TiTaxiiCheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements { - return &DataConnectorsCheckRequirements{ - Kind: t.Kind, - } -} - -// TiTaxiiCheckRequirementsProperties - Threat Intelligence TAXII data connector required properties. -type TiTaxiiCheckRequirementsProperties struct { - // REQUIRED; The tenant id to connect to, and get the data from. - TenantID *string -} - -// TiTaxiiDataConnector - Data connector to pull Threat intelligence data from TAXII 2.0/2.1 server -type TiTaxiiDataConnector struct { - // REQUIRED; The data connector kind - Kind *DataConnectorKind - - // Etag of the azure resource - Etag *string - - // Threat intelligence TAXII data connector properties. - Properties *TiTaxiiDataConnectorProperties - - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} - ID *string - - // READ-ONLY; The name of the resource - Name *string - - // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. - SystemData *SystemData - - // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" - Type *string -} - -// GetDataConnector implements the DataConnectorClassification interface for type TiTaxiiDataConnector. -func (t *TiTaxiiDataConnector) GetDataConnector() *DataConnector { - return &DataConnector{ - Etag: t.Etag, - ID: t.ID, - Kind: t.Kind, - Name: t.Name, - SystemData: t.SystemData, - Type: t.Type, - } -} - -// TiTaxiiDataConnectorDataTypes - The available data types for Threat Intelligence TAXII data connector. -type TiTaxiiDataConnectorDataTypes struct { - // REQUIRED; Data type for TAXII connector. - TaxiiClient *TiTaxiiDataConnectorDataTypesTaxiiClient -} - -// TiTaxiiDataConnectorDataTypesTaxiiClient - Data type for TAXII connector. -type TiTaxiiDataConnectorDataTypesTaxiiClient struct { - // REQUIRED; Describe whether this data type connection is enabled or not. - State *DataTypeState -} - -// TiTaxiiDataConnectorProperties - Threat Intelligence TAXII data connector properties. -type TiTaxiiDataConnectorProperties struct { - // REQUIRED; The available data types for Threat Intelligence TAXII data connector. - DataTypes *TiTaxiiDataConnectorDataTypes - - // REQUIRED; The polling frequency for the TAXII server. - PollingFrequency *PollingFrequency - - // REQUIRED; The tenant id to connect to, and get the data from. - TenantID *string - - // The collection id of the TAXII server. - CollectionID *string - - // The friendly name for the TAXII server. - FriendlyName *string - - // The password for the TAXII server. - Password *string - - // The lookback period for the TAXII server. - TaxiiLookbackPeriod *time.Time - - // The API root for the TAXII server. - TaxiiServer *string - - // The userName for the TAXII server. - UserName *string - - // The workspace id. - WorkspaceID *string -} - -// TimelineAggregation - timeline aggregation information per kind -type TimelineAggregation struct { - // REQUIRED; the total items found for a kind - Count *int32 - - // REQUIRED; the query kind - Kind *EntityTimelineKind -} - -// TimelineError - Timeline Query Errors. -type TimelineError struct { - // REQUIRED; the error message - ErrorMessage *string - - // REQUIRED; the query kind - Kind *EntityTimelineKind - - // the query id - QueryID *string -} - -// TimelineResultsMetadata - Expansion result metadata. -type TimelineResultsMetadata struct { - // REQUIRED; timeline aggregation per kind - Aggregations []*TimelineAggregation - - // REQUIRED; the total items found for the timeline request - TotalCount *int32 - - // information about the failure queries - Errors []*TimelineError + SortOrder *ThreatIntelligenceSortingOrder } // URLEntity - Represents a url entity. type URLEntity struct { // REQUIRED; The kind of the entity. - Kind *EntityKind + Kind *EntityKindEnum // Url entity properties Properties *URLEntityProperties - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" ID *string // READ-ONLY; The name of the resource @@ -7611,48 +5704,6 @@ type URLEntityProperties struct { URL *string } -// Ueba - Settings with single toggle. -type Ueba struct { - // REQUIRED; The kind of the setting - Kind *SettingKind - - // Etag of the azure resource - Etag *string - - // Ueba properties - Properties *UebaProperties - - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} - ID *string - - // READ-ONLY; The name of the resource - Name *string - - // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. - SystemData *SystemData - - // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" - Type *string -} - -// GetSettings implements the SettingsClassification interface for type Ueba. -func (u *Ueba) GetSettings() *Settings { - return &Settings{ - Etag: u.Etag, - ID: u.ID, - Kind: u.Kind, - Name: u.Name, - SystemData: u.SystemData, - Type: u.Type, - } -} - -// UebaProperties - Ueba property bag. -type UebaProperties struct { - // The relevant data sources that enriched by ueba - DataSources []*UebaDataSources -} - // UserInfo - User information that made some action type UserInfo struct { // The object id of the user. @@ -7665,13 +5716,22 @@ type UserInfo struct { Name *string } -// ValidationError - Describes an error encountered in the file during validation. -type ValidationError struct { - // The number of the record that has the error. - RecordIndex *int32 +// Warning response structure. +type Warning struct { + // READ-ONLY; Warning data. + Warning *WarningBody +} + +// WarningBody - Warning details. +type WarningBody struct { + // READ-ONLY; An identifier for the warning. Codes are invariant and are intended to be consumed programmatically. + Code *WarningCode + + // READ-ONLY + Details []*WarningBody - // READ-ONLY; A list of descriptions of the error. - ErrorMessages []*string + // READ-ONLY; A message describing the warning, intended to be suitable for display in a user interface. + Message *string } // Watchlist - Represents a Watchlist in Azure Security Insights. @@ -7682,7 +5742,7 @@ type Watchlist struct { // Watchlist properties Properties *WatchlistProperties - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" ID *string // READ-ONLY; The name of the resource @@ -7695,7 +5755,7 @@ type Watchlist struct { Type *string } -// WatchlistItem - Represents a Watchlist item in Azure Security Insights. +// WatchlistItem - Represents a Watchlist Item in Azure Security Insights. type WatchlistItem struct { // Etag of the azure resource Etag *string @@ -7703,7 +5763,7 @@ type WatchlistItem struct { // Watchlist Item properties Properties *WatchlistItemProperties - // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + // READ-ONLY; Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" ID *string // READ-ONLY; The name of the resource @@ -7721,14 +5781,14 @@ type WatchlistItemList struct { // REQUIRED; Array of watchlist items. Value []*WatchlistItem - // READ-ONLY; URL to fetch the next set of watchlist item. + // READ-ONLY; URL to fetch the next set of watchlist items. NextLink *string } // WatchlistItemProperties - Describes watchlist item properties type WatchlistItemProperties struct { // REQUIRED; key-value pairs for a watchlist item - ItemsKeyValue map[string]any + ItemsKeyValue any // The time the watchlist item was created Created *time.Time @@ -7737,7 +5797,7 @@ type WatchlistItemProperties struct { CreatedBy *UserInfo // key-value pairs for a watchlist item entity mapping - EntityMapping map[string]any + EntityMapping any // A flag that indicates if the watchlist item is deleted or not IsDeleted *bool @@ -7823,8 +5883,8 @@ type WatchlistProperties struct { // Describes a user that updated the watchlist UpdatedBy *UserInfo - // The status of the Watchlist upload : New, InProgress or Complete. Pls note : When a Watchlist upload status is equal to - // InProgress, the Watchlist cannot be deleted + // The status of the Watchlist upload : New, InProgress or Complete. Note : When a Watchlist upload status is InProgress, + // the Watchlist cannot be deleted UploadStatus *string // The alias of the watchlist @@ -7835,6 +5895,9 @@ type WatchlistProperties struct { // The type of the watchlist WatchlistType *string + + // READ-ONLY; Describes provisioning state + ProvisioningState *ProvisioningState } // Webhook - Detail about the webhook object. @@ -7842,12 +5905,12 @@ type Webhook struct { // A flag to instruct the backend service to rotate webhook secret. RotateWebhookSecret *bool - // Unique identifier for the webhook. + // READ-ONLY; Unique identifier for the webhook. WebhookID *string - // Time when the webhook secret was updated. - WebhookSecretUpdateTime *string + // READ-ONLY; Time when the webhook secret was updated. + WebhookSecretUpdateTime *time.Time - // URL that gets invoked by the webhook. + // READ-ONLY; URL that gets invoked by the webhook. WebhookURL *string } diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/models_serde.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/models_serde.go index 26b859816022..240550ad39d9 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/models_serde.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/models_serde.go @@ -15,64 +15,6 @@ import ( "reflect" ) -// MarshalJSON implements the json.Marshaller interface for type AADCheckRequirements. -func (a AADCheckRequirements) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - objectMap["kind"] = DataConnectorKindAzureActiveDirectory - populate(objectMap, "properties", a.Properties) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type AADCheckRequirements. -func (a *AADCheckRequirements) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", a, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "kind": - err = unpopulate(val, "Kind", &a.Kind) - delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &a.Properties) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", a, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type AADCheckRequirementsProperties. -func (a AADCheckRequirementsProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "tenantId", a.TenantID) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type AADCheckRequirementsProperties. -func (a *AADCheckRequirementsProperties) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", a, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "tenantId": - err = unpopulate(val, "TenantID", &a.TenantID) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", a, err) - } - } - return nil -} - // MarshalJSON implements the json.Marshaller interface for type AADDataConnector. func (a AADDataConnector) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) @@ -155,64 +97,6 @@ func (a *AADDataConnectorProperties) UnmarshalJSON(data []byte) error { return nil } -// MarshalJSON implements the json.Marshaller interface for type AATPCheckRequirements. -func (a AATPCheckRequirements) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - objectMap["kind"] = DataConnectorKindAzureAdvancedThreatProtection - populate(objectMap, "properties", a.Properties) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type AATPCheckRequirements. -func (a *AATPCheckRequirements) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", a, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "kind": - err = unpopulate(val, "Kind", &a.Kind) - delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &a.Properties) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", a, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type AATPCheckRequirementsProperties. -func (a AATPCheckRequirementsProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "tenantId", a.TenantID) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type AATPCheckRequirementsProperties. -func (a *AATPCheckRequirementsProperties) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", a, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "tenantId": - err = unpopulate(val, "TenantID", &a.TenantID) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", a, err) - } - } - return nil -} - // MarshalJSON implements the json.Marshaller interface for type AATPDataConnector. func (a AATPDataConnector) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) @@ -295,16 +179,19 @@ func (a *AATPDataConnectorProperties) UnmarshalJSON(data []byte) error { return nil } -// MarshalJSON implements the json.Marshaller interface for type APIPollingParameters. -func (a APIPollingParameters) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type APIKeyAuthModel. +func (a APIKeyAuthModel) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "connectorUiConfig", a.ConnectorUIConfig) - populate(objectMap, "pollingConfig", a.PollingConfig) + populate(objectMap, "apiKey", a.APIKey) + populate(objectMap, "apiKeyIdentifier", a.APIKeyIdentifier) + populate(objectMap, "apiKeyName", a.APIKeyName) + populate(objectMap, "isApiKeyInPostPayload", a.IsAPIKeyInPostPayload) + objectMap["type"] = CcpAuthTypeAPIKey return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type APIPollingParameters. -func (a *APIPollingParameters) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type APIKeyAuthModel. +func (a *APIKeyAuthModel) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", a, err) @@ -312,69 +199,20 @@ func (a *APIPollingParameters) UnmarshalJSON(data []byte) error { for key, val := range rawMsg { var err error switch key { - case "connectorUiConfig": - err = unpopulate(val, "ConnectorUIConfig", &a.ConnectorUIConfig) + case "apiKey": + err = unpopulate(val, "APIKey", &a.APIKey) delete(rawMsg, key) - case "pollingConfig": - err = unpopulate(val, "PollingConfig", &a.PollingConfig) + case "apiKeyIdentifier": + err = unpopulate(val, "APIKeyIdentifier", &a.APIKeyIdentifier) delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", a, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type ASCCheckRequirements. -func (a ASCCheckRequirements) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - objectMap["kind"] = DataConnectorKindAzureSecurityCenter - populate(objectMap, "properties", a.Properties) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type ASCCheckRequirements. -func (a *ASCCheckRequirements) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", a, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "kind": - err = unpopulate(val, "Kind", &a.Kind) + case "apiKeyName": + err = unpopulate(val, "APIKeyName", &a.APIKeyName) delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &a.Properties) + case "isApiKeyInPostPayload": + err = unpopulate(val, "IsAPIKeyInPostPayload", &a.IsAPIKeyInPostPayload) delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", a, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type ASCCheckRequirementsProperties. -func (a ASCCheckRequirementsProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "subscriptionId", a.SubscriptionID) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type ASCCheckRequirementsProperties. -func (a *ASCCheckRequirementsProperties) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", a, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "subscriptionId": - err = unpopulate(val, "SubscriptionID", &a.SubscriptionID) + case "type": + err = unpopulate(val, "Type", &a.Type) delete(rawMsg, key) } if err != nil { @@ -466,11 +304,46 @@ func (a *ASCDataConnectorProperties) UnmarshalJSON(data []byte) error { return nil } +// MarshalJSON implements the json.Marshaller interface for type AWSAuthModel. +func (a AWSAuthModel) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]any) + populate(objectMap, "externalId", a.ExternalID) + populate(objectMap, "roleArn", a.RoleArn) + objectMap["type"] = CcpAuthTypeAWS + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type AWSAuthModel. +func (a *AWSAuthModel) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", a, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "externalId": + err = unpopulate(val, "ExternalID", &a.ExternalID) + delete(rawMsg, key) + case "roleArn": + err = unpopulate(val, "RoleArn", &a.RoleArn) + delete(rawMsg, key) + case "type": + err = unpopulate(val, "Type", &a.Type) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", a, err) + } + } + return nil +} + // MarshalJSON implements the json.Marshaller interface for type AccountEntity. func (a AccountEntity) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) populate(objectMap, "id", a.ID) - objectMap["kind"] = EntityKindAccount + objectMap["kind"] = EntityKindEnumAccount populate(objectMap, "name", a.Name) populate(objectMap, "properties", a.Properties) populate(objectMap, "systemData", a.SystemData) @@ -779,21 +652,16 @@ func (a *ActionsList) UnmarshalJSON(data []byte) error { return nil } -// MarshalJSON implements the json.Marshaller interface for type ActivityCustomEntityQuery. -func (a ActivityCustomEntityQuery) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type AddIncidentTaskActionProperties. +func (a AddIncidentTaskActionProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "etag", a.Etag) - populate(objectMap, "id", a.ID) - objectMap["kind"] = CustomEntityQueryKindActivity - populate(objectMap, "name", a.Name) - populate(objectMap, "properties", a.Properties) - populate(objectMap, "systemData", a.SystemData) - populate(objectMap, "type", a.Type) + populate(objectMap, "description", a.Description) + populate(objectMap, "title", a.Title) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type ActivityCustomEntityQuery. -func (a *ActivityCustomEntityQuery) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type AddIncidentTaskActionProperties. +func (a *AddIncidentTaskActionProperties) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", a, err) @@ -801,26 +669,11 @@ func (a *ActivityCustomEntityQuery) UnmarshalJSON(data []byte) error { for key, val := range rawMsg { var err error switch key { - case "etag": - err = unpopulate(val, "Etag", &a.Etag) - delete(rawMsg, key) - case "id": - err = unpopulate(val, "ID", &a.ID) - delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &a.Kind) - delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &a.Name) - delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &a.Properties) - delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &a.SystemData) + case "description": + err = unpopulate(val, "Description", &a.Description) delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &a.Type) + case "title": + err = unpopulate(val, "Title", &a.Title) delete(rawMsg, key) } if err != nil { @@ -830,25 +683,19 @@ func (a *ActivityCustomEntityQuery) UnmarshalJSON(data []byte) error { return nil } -// MarshalJSON implements the json.Marshaller interface for type ActivityEntityQueriesProperties. -func (a ActivityEntityQueriesProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type AlertDetailsOverride. +func (a AlertDetailsOverride) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "content", a.Content) - populateDateTimeRFC3339(objectMap, "createdTimeUtc", a.CreatedTimeUTC) - populate(objectMap, "description", a.Description) - populate(objectMap, "enabled", a.Enabled) - populate(objectMap, "entitiesFilter", a.EntitiesFilter) - populate(objectMap, "inputEntityType", a.InputEntityType) - populateDateTimeRFC3339(objectMap, "lastModifiedTimeUtc", a.LastModifiedTimeUTC) - populate(objectMap, "queryDefinitions", a.QueryDefinitions) - populate(objectMap, "requiredInputFieldsSets", a.RequiredInputFieldsSets) - populate(objectMap, "templateName", a.TemplateName) - populate(objectMap, "title", a.Title) + populate(objectMap, "alertDescriptionFormat", a.AlertDescriptionFormat) + populate(objectMap, "alertDisplayNameFormat", a.AlertDisplayNameFormat) + populate(objectMap, "alertDynamicProperties", a.AlertDynamicProperties) + populate(objectMap, "alertSeverityColumnName", a.AlertSeverityColumnName) + populate(objectMap, "alertTacticsColumnName", a.AlertTacticsColumnName) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type ActivityEntityQueriesProperties. -func (a *ActivityEntityQueriesProperties) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type AlertDetailsOverride. +func (a *AlertDetailsOverride) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", a, err) @@ -856,38 +703,20 @@ func (a *ActivityEntityQueriesProperties) UnmarshalJSON(data []byte) error { for key, val := range rawMsg { var err error switch key { - case "content": - err = unpopulate(val, "Content", &a.Content) - delete(rawMsg, key) - case "createdTimeUtc": - err = unpopulateDateTimeRFC3339(val, "CreatedTimeUTC", &a.CreatedTimeUTC) - delete(rawMsg, key) - case "description": - err = unpopulate(val, "Description", &a.Description) - delete(rawMsg, key) - case "enabled": - err = unpopulate(val, "Enabled", &a.Enabled) - delete(rawMsg, key) - case "entitiesFilter": - err = unpopulate(val, "EntitiesFilter", &a.EntitiesFilter) - delete(rawMsg, key) - case "inputEntityType": - err = unpopulate(val, "InputEntityType", &a.InputEntityType) - delete(rawMsg, key) - case "lastModifiedTimeUtc": - err = unpopulateDateTimeRFC3339(val, "LastModifiedTimeUTC", &a.LastModifiedTimeUTC) + case "alertDescriptionFormat": + err = unpopulate(val, "AlertDescriptionFormat", &a.AlertDescriptionFormat) delete(rawMsg, key) - case "queryDefinitions": - err = unpopulate(val, "QueryDefinitions", &a.QueryDefinitions) + case "alertDisplayNameFormat": + err = unpopulate(val, "AlertDisplayNameFormat", &a.AlertDisplayNameFormat) delete(rawMsg, key) - case "requiredInputFieldsSets": - err = unpopulate(val, "RequiredInputFieldsSets", &a.RequiredInputFieldsSets) + case "alertDynamicProperties": + err = unpopulate(val, "AlertDynamicProperties", &a.AlertDynamicProperties) delete(rawMsg, key) - case "templateName": - err = unpopulate(val, "TemplateName", &a.TemplateName) + case "alertSeverityColumnName": + err = unpopulate(val, "AlertSeverityColumnName", &a.AlertSeverityColumnName) delete(rawMsg, key) - case "title": - err = unpopulate(val, "Title", &a.Title) + case "alertTacticsColumnName": + err = unpopulate(val, "AlertTacticsColumnName", &a.AlertTacticsColumnName) delete(rawMsg, key) } if err != nil { @@ -897,15 +726,16 @@ func (a *ActivityEntityQueriesProperties) UnmarshalJSON(data []byte) error { return nil } -// MarshalJSON implements the json.Marshaller interface for type ActivityEntityQueriesPropertiesQueryDefinitions. -func (a ActivityEntityQueriesPropertiesQueryDefinitions) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type AlertPropertyMapping. +func (a AlertPropertyMapping) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "query", a.Query) + populate(objectMap, "alertProperty", a.AlertProperty) + populate(objectMap, "value", a.Value) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type ActivityEntityQueriesPropertiesQueryDefinitions. -func (a *ActivityEntityQueriesPropertiesQueryDefinitions) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type AlertPropertyMapping. +func (a *AlertPropertyMapping) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", a, err) @@ -913,8 +743,11 @@ func (a *ActivityEntityQueriesPropertiesQueryDefinitions) UnmarshalJSON(data []b for key, val := range rawMsg { var err error switch key { - case "query": - err = unpopulate(val, "Query", &a.Query) + case "alertProperty": + err = unpopulate(val, "AlertProperty", &a.AlertProperty) + delete(rawMsg, key) + case "value": + err = unpopulate(val, "Value", &a.Value) delete(rawMsg, key) } if err != nil { @@ -924,21 +757,20 @@ func (a *ActivityEntityQueriesPropertiesQueryDefinitions) UnmarshalJSON(data []b return nil } -// MarshalJSON implements the json.Marshaller interface for type ActivityEntityQuery. -func (a ActivityEntityQuery) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) +// MarshalJSON implements the json.Marshaller interface for type AlertRule. +func (a AlertRule) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]any) populate(objectMap, "etag", a.Etag) populate(objectMap, "id", a.ID) - objectMap["kind"] = EntityQueryKindActivity + objectMap["kind"] = a.Kind populate(objectMap, "name", a.Name) - populate(objectMap, "properties", a.Properties) populate(objectMap, "systemData", a.SystemData) populate(objectMap, "type", a.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type ActivityEntityQuery. -func (a *ActivityEntityQuery) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type AlertRule. +func (a *AlertRule) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", a, err) @@ -958,9 +790,6 @@ func (a *ActivityEntityQuery) UnmarshalJSON(data []byte) error { case "name": err = unpopulate(val, "Name", &a.Name) delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &a.Properties) - delete(rawMsg, key) case "systemData": err = unpopulate(val, "SystemData", &a.SystemData) delete(rawMsg, key) @@ -975,20 +804,19 @@ func (a *ActivityEntityQuery) UnmarshalJSON(data []byte) error { return nil } -// MarshalJSON implements the json.Marshaller interface for type ActivityEntityQueryTemplate. -func (a ActivityEntityQueryTemplate) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type AlertRuleTemplate. +func (a AlertRuleTemplate) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) populate(objectMap, "id", a.ID) - objectMap["kind"] = EntityQueryTemplateKindActivity + objectMap["kind"] = a.Kind populate(objectMap, "name", a.Name) - populate(objectMap, "properties", a.Properties) populate(objectMap, "systemData", a.SystemData) populate(objectMap, "type", a.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type ActivityEntityQueryTemplate. -func (a *ActivityEntityQueryTemplate) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type AlertRuleTemplate. +func (a *AlertRuleTemplate) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", a, err) @@ -1005,9 +833,6 @@ func (a *ActivityEntityQueryTemplate) UnmarshalJSON(data []byte) error { case "name": err = unpopulate(val, "Name", &a.Name) delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &a.Properties) - delete(rawMsg, key) case "systemData": err = unpopulate(val, "SystemData", &a.SystemData) delete(rawMsg, key) @@ -1022,22 +847,16 @@ func (a *ActivityEntityQueryTemplate) UnmarshalJSON(data []byte) error { return nil } -// MarshalJSON implements the json.Marshaller interface for type ActivityEntityQueryTemplateProperties. -func (a ActivityEntityQueryTemplateProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type AlertRuleTemplateDataSource. +func (a AlertRuleTemplateDataSource) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "content", a.Content) + populate(objectMap, "connectorId", a.ConnectorID) populate(objectMap, "dataTypes", a.DataTypes) - populate(objectMap, "description", a.Description) - populate(objectMap, "entitiesFilter", a.EntitiesFilter) - populate(objectMap, "inputEntityType", a.InputEntityType) - populate(objectMap, "queryDefinitions", a.QueryDefinitions) - populate(objectMap, "requiredInputFieldsSets", a.RequiredInputFieldsSets) - populate(objectMap, "title", a.Title) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type ActivityEntityQueryTemplateProperties. -func (a *ActivityEntityQueryTemplateProperties) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type AlertRuleTemplateDataSource. +func (a *AlertRuleTemplateDataSource) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", a, err) @@ -1045,30 +864,12 @@ func (a *ActivityEntityQueryTemplateProperties) UnmarshalJSON(data []byte) error for key, val := range rawMsg { var err error switch key { - case "content": - err = unpopulate(val, "Content", &a.Content) + case "connectorId": + err = unpopulate(val, "ConnectorID", &a.ConnectorID) delete(rawMsg, key) case "dataTypes": err = unpopulate(val, "DataTypes", &a.DataTypes) delete(rawMsg, key) - case "description": - err = unpopulate(val, "Description", &a.Description) - delete(rawMsg, key) - case "entitiesFilter": - err = unpopulate(val, "EntitiesFilter", &a.EntitiesFilter) - delete(rawMsg, key) - case "inputEntityType": - err = unpopulate(val, "InputEntityType", &a.InputEntityType) - delete(rawMsg, key) - case "queryDefinitions": - err = unpopulate(val, "QueryDefinitions", &a.QueryDefinitions) - delete(rawMsg, key) - case "requiredInputFieldsSets": - err = unpopulate(val, "RequiredInputFieldsSets", &a.RequiredInputFieldsSets) - delete(rawMsg, key) - case "title": - err = unpopulate(val, "Title", &a.Title) - delete(rawMsg, key) } if err != nil { return fmt.Errorf("unmarshalling type %T: %v", a, err) @@ -1077,16 +878,16 @@ func (a *ActivityEntityQueryTemplateProperties) UnmarshalJSON(data []byte) error return nil } -// MarshalJSON implements the json.Marshaller interface for type ActivityEntityQueryTemplatePropertiesQueryDefinitions. -func (a ActivityEntityQueryTemplatePropertiesQueryDefinitions) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type AlertRuleTemplatesList. +func (a AlertRuleTemplatesList) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "query", a.Query) - populate(objectMap, "summarizeBy", a.SummarizeBy) + populate(objectMap, "nextLink", a.NextLink) + populate(objectMap, "value", a.Value) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type ActivityEntityQueryTemplatePropertiesQueryDefinitions. -func (a *ActivityEntityQueryTemplatePropertiesQueryDefinitions) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type AlertRuleTemplatesList. +func (a *AlertRuleTemplatesList) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", a, err) @@ -1094,11 +895,11 @@ func (a *ActivityEntityQueryTemplatePropertiesQueryDefinitions) UnmarshalJSON(da for key, val := range rawMsg { var err error switch key { - case "query": - err = unpopulate(val, "Query", &a.Query) + case "nextLink": + err = unpopulate(val, "NextLink", &a.NextLink) delete(rawMsg, key) - case "summarizeBy": - err = unpopulate(val, "SummarizeBy", &a.SummarizeBy) + case "value": + a.Value, err = unmarshalAlertRuleTemplateClassificationArray(val) delete(rawMsg, key) } if err != nil { @@ -1108,22 +909,16 @@ func (a *ActivityEntityQueryTemplatePropertiesQueryDefinitions) UnmarshalJSON(da return nil } -// MarshalJSON implements the json.Marshaller interface for type ActivityTimelineItem. -func (a ActivityTimelineItem) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type AlertRulesList. +func (a AlertRulesList) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populateDateTimeRFC3339(objectMap, "bucketEndTimeUTC", a.BucketEndTimeUTC) - populateDateTimeRFC3339(objectMap, "bucketStartTimeUTC", a.BucketStartTimeUTC) - populate(objectMap, "content", a.Content) - populateDateTimeRFC3339(objectMap, "firstActivityTimeUTC", a.FirstActivityTimeUTC) - objectMap["kind"] = EntityTimelineKindActivity - populateDateTimeRFC3339(objectMap, "lastActivityTimeUTC", a.LastActivityTimeUTC) - populate(objectMap, "queryId", a.QueryID) - populate(objectMap, "title", a.Title) + populate(objectMap, "nextLink", a.NextLink) + populate(objectMap, "value", a.Value) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type ActivityTimelineItem. -func (a *ActivityTimelineItem) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type AlertRulesList. +func (a *AlertRulesList) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", a, err) @@ -1131,29 +926,11 @@ func (a *ActivityTimelineItem) UnmarshalJSON(data []byte) error { for key, val := range rawMsg { var err error switch key { - case "bucketEndTimeUTC": - err = unpopulateDateTimeRFC3339(val, "BucketEndTimeUTC", &a.BucketEndTimeUTC) - delete(rawMsg, key) - case "bucketStartTimeUTC": - err = unpopulateDateTimeRFC3339(val, "BucketStartTimeUTC", &a.BucketStartTimeUTC) - delete(rawMsg, key) - case "content": - err = unpopulate(val, "Content", &a.Content) - delete(rawMsg, key) - case "firstActivityTimeUTC": - err = unpopulateDateTimeRFC3339(val, "FirstActivityTimeUTC", &a.FirstActivityTimeUTC) - delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &a.Kind) - delete(rawMsg, key) - case "lastActivityTimeUTC": - err = unpopulateDateTimeRFC3339(val, "LastActivityTimeUTC", &a.LastActivityTimeUTC) - delete(rawMsg, key) - case "queryId": - err = unpopulate(val, "QueryID", &a.QueryID) + case "nextLink": + err = unpopulate(val, "NextLink", &a.NextLink) delete(rawMsg, key) - case "title": - err = unpopulate(val, "Title", &a.Title) + case "value": + a.Value, err = unmarshalAlertRuleClassificationArray(val) delete(rawMsg, key) } if err != nil { @@ -1163,18 +940,15 @@ func (a *ActivityTimelineItem) UnmarshalJSON(data []byte) error { return nil } -// MarshalJSON implements the json.Marshaller interface for type AlertDetailsOverride. -func (a AlertDetailsOverride) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type AlertsDataTypeOfDataConnector. +func (a AlertsDataTypeOfDataConnector) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "alertDescriptionFormat", a.AlertDescriptionFormat) - populate(objectMap, "alertDisplayNameFormat", a.AlertDisplayNameFormat) - populate(objectMap, "alertSeverityColumnName", a.AlertSeverityColumnName) - populate(objectMap, "alertTacticsColumnName", a.AlertTacticsColumnName) + populate(objectMap, "alerts", a.Alerts) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type AlertDetailsOverride. -func (a *AlertDetailsOverride) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type AlertsDataTypeOfDataConnector. +func (a *AlertsDataTypeOfDataConnector) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", a, err) @@ -1182,17 +956,8 @@ func (a *AlertDetailsOverride) UnmarshalJSON(data []byte) error { for key, val := range rawMsg { var err error switch key { - case "alertDescriptionFormat": - err = unpopulate(val, "AlertDescriptionFormat", &a.AlertDescriptionFormat) - delete(rawMsg, key) - case "alertDisplayNameFormat": - err = unpopulate(val, "AlertDisplayNameFormat", &a.AlertDisplayNameFormat) - delete(rawMsg, key) - case "alertSeverityColumnName": - err = unpopulate(val, "AlertSeverityColumnName", &a.AlertSeverityColumnName) - delete(rawMsg, key) - case "alertTacticsColumnName": - err = unpopulate(val, "AlertTacticsColumnName", &a.AlertTacticsColumnName) + case "alerts": + err = unpopulate(val, "Alerts", &a.Alerts) delete(rawMsg, key) } if err != nil { @@ -1202,20 +967,21 @@ func (a *AlertDetailsOverride) UnmarshalJSON(data []byte) error { return nil } -// MarshalJSON implements the json.Marshaller interface for type AlertRule. -func (a AlertRule) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type AnomalySecurityMLAnalyticsSettings. +func (a AnomalySecurityMLAnalyticsSettings) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) populate(objectMap, "etag", a.Etag) populate(objectMap, "id", a.ID) - objectMap["kind"] = a.Kind + objectMap["kind"] = SecurityMLAnalyticsSettingsKindAnomaly populate(objectMap, "name", a.Name) + populate(objectMap, "properties", a.Properties) populate(objectMap, "systemData", a.SystemData) populate(objectMap, "type", a.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type AlertRule. -func (a *AlertRule) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type AnomalySecurityMLAnalyticsSettings. +func (a *AnomalySecurityMLAnalyticsSettings) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", a, err) @@ -1235,6 +1001,9 @@ func (a *AlertRule) UnmarshalJSON(data []byte) error { case "name": err = unpopulate(val, "Name", &a.Name) delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &a.Properties) + delete(rawMsg, key) case "systemData": err = unpopulate(val, "SystemData", &a.SystemData) delete(rawMsg, key) @@ -1249,19 +1018,99 @@ func (a *AlertRule) UnmarshalJSON(data []byte) error { return nil } -// MarshalJSON implements the json.Marshaller interface for type AlertRuleTemplate. -func (a AlertRuleTemplate) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type AnomalySecurityMLAnalyticsSettingsProperties. +func (a AnomalySecurityMLAnalyticsSettingsProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]any) + populate(objectMap, "anomalySettingsVersion", a.AnomalySettingsVersion) + populate(objectMap, "anomalyVersion", a.AnomalyVersion) + populateAny(objectMap, "customizableObservations", a.CustomizableObservations) + populate(objectMap, "description", a.Description) + populate(objectMap, "displayName", a.DisplayName) + populate(objectMap, "enabled", a.Enabled) + populate(objectMap, "frequency", a.Frequency) + populate(objectMap, "isDefaultSettings", a.IsDefaultSettings) + populateDateTimeRFC3339(objectMap, "lastModifiedUtc", a.LastModifiedUTC) + populate(objectMap, "requiredDataConnectors", a.RequiredDataConnectors) + populate(objectMap, "settingsDefinitionId", a.SettingsDefinitionID) + populate(objectMap, "settingsStatus", a.SettingsStatus) + populate(objectMap, "tactics", a.Tactics) + populate(objectMap, "techniques", a.Techniques) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type AnomalySecurityMLAnalyticsSettingsProperties. +func (a *AnomalySecurityMLAnalyticsSettingsProperties) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", a, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "anomalySettingsVersion": + err = unpopulate(val, "AnomalySettingsVersion", &a.AnomalySettingsVersion) + delete(rawMsg, key) + case "anomalyVersion": + err = unpopulate(val, "AnomalyVersion", &a.AnomalyVersion) + delete(rawMsg, key) + case "customizableObservations": + err = unpopulate(val, "CustomizableObservations", &a.CustomizableObservations) + delete(rawMsg, key) + case "description": + err = unpopulate(val, "Description", &a.Description) + delete(rawMsg, key) + case "displayName": + err = unpopulate(val, "DisplayName", &a.DisplayName) + delete(rawMsg, key) + case "enabled": + err = unpopulate(val, "Enabled", &a.Enabled) + delete(rawMsg, key) + case "frequency": + err = unpopulate(val, "Frequency", &a.Frequency) + delete(rawMsg, key) + case "isDefaultSettings": + err = unpopulate(val, "IsDefaultSettings", &a.IsDefaultSettings) + delete(rawMsg, key) + case "lastModifiedUtc": + err = unpopulateDateTimeRFC3339(val, "LastModifiedUTC", &a.LastModifiedUTC) + delete(rawMsg, key) + case "requiredDataConnectors": + err = unpopulate(val, "RequiredDataConnectors", &a.RequiredDataConnectors) + delete(rawMsg, key) + case "settingsDefinitionId": + err = unpopulate(val, "SettingsDefinitionID", &a.SettingsDefinitionID) + delete(rawMsg, key) + case "settingsStatus": + err = unpopulate(val, "SettingsStatus", &a.SettingsStatus) + delete(rawMsg, key) + case "tactics": + err = unpopulate(val, "Tactics", &a.Tactics) + delete(rawMsg, key) + case "techniques": + err = unpopulate(val, "Techniques", &a.Techniques) + delete(rawMsg, key) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", a, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type AutomationRule. +func (a AutomationRule) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) + populate(objectMap, "etag", a.Etag) populate(objectMap, "id", a.ID) - objectMap["kind"] = a.Kind populate(objectMap, "name", a.Name) + populate(objectMap, "properties", a.Properties) populate(objectMap, "systemData", a.SystemData) populate(objectMap, "type", a.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type AlertRuleTemplate. -func (a *AlertRuleTemplate) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRule. +func (a *AutomationRule) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", a, err) @@ -1269,15 +1118,18 @@ func (a *AlertRuleTemplate) UnmarshalJSON(data []byte) error { for key, val := range rawMsg { var err error switch key { + case "etag": + err = unpopulate(val, "Etag", &a.Etag) + delete(rawMsg, key) case "id": err = unpopulate(val, "ID", &a.ID) delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &a.Kind) - delete(rawMsg, key) case "name": err = unpopulate(val, "Name", &a.Name) delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &a.Properties) + delete(rawMsg, key) case "systemData": err = unpopulate(val, "SystemData", &a.SystemData) delete(rawMsg, key) @@ -1292,16 +1144,16 @@ func (a *AlertRuleTemplate) UnmarshalJSON(data []byte) error { return nil } -// MarshalJSON implements the json.Marshaller interface for type AlertRuleTemplateDataSource. -func (a AlertRuleTemplateDataSource) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type AutomationRuleAction. +func (a AutomationRuleAction) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "connectorId", a.ConnectorID) - populate(objectMap, "dataTypes", a.DataTypes) + objectMap["actionType"] = a.ActionType + populate(objectMap, "order", a.Order) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type AlertRuleTemplateDataSource. -func (a *AlertRuleTemplateDataSource) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRuleAction. +func (a *AutomationRuleAction) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", a, err) @@ -1309,11 +1161,11 @@ func (a *AlertRuleTemplateDataSource) UnmarshalJSON(data []byte) error { for key, val := range rawMsg { var err error switch key { - case "connectorId": - err = unpopulate(val, "ConnectorID", &a.ConnectorID) + case "actionType": + err = unpopulate(val, "ActionType", &a.ActionType) delete(rawMsg, key) - case "dataTypes": - err = unpopulate(val, "DataTypes", &a.DataTypes) + case "order": + err = unpopulate(val, "Order", &a.Order) delete(rawMsg, key) } if err != nil { @@ -1323,16 +1175,17 @@ func (a *AlertRuleTemplateDataSource) UnmarshalJSON(data []byte) error { return nil } -// MarshalJSON implements the json.Marshaller interface for type AlertRuleTemplatesList. -func (a AlertRuleTemplatesList) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type AutomationRuleAddIncidentTaskAction. +func (a AutomationRuleAddIncidentTaskAction) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "nextLink", a.NextLink) - populate(objectMap, "value", a.Value) + populate(objectMap, "actionConfiguration", a.ActionConfiguration) + objectMap["actionType"] = ActionTypeAddIncidentTask + populate(objectMap, "order", a.Order) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type AlertRuleTemplatesList. -func (a *AlertRuleTemplatesList) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRuleAddIncidentTaskAction. +func (a *AutomationRuleAddIncidentTaskAction) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", a, err) @@ -1340,11 +1193,14 @@ func (a *AlertRuleTemplatesList) UnmarshalJSON(data []byte) error { for key, val := range rawMsg { var err error switch key { - case "nextLink": - err = unpopulate(val, "NextLink", &a.NextLink) + case "actionConfiguration": + err = unpopulate(val, "ActionConfiguration", &a.ActionConfiguration) delete(rawMsg, key) - case "value": - a.Value, err = unmarshalAlertRuleTemplateClassificationArray(val) + case "actionType": + err = unpopulate(val, "ActionType", &a.ActionType) + delete(rawMsg, key) + case "order": + err = unpopulate(val, "Order", &a.Order) delete(rawMsg, key) } if err != nil { @@ -1354,16 +1210,16 @@ func (a *AlertRuleTemplatesList) UnmarshalJSON(data []byte) error { return nil } -// MarshalJSON implements the json.Marshaller interface for type AlertRulesList. -func (a AlertRulesList) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type AutomationRuleBooleanCondition. +func (a AutomationRuleBooleanCondition) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "nextLink", a.NextLink) - populate(objectMap, "value", a.Value) + populate(objectMap, "innerConditions", a.InnerConditions) + populate(objectMap, "operator", a.Operator) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type AlertRulesList. -func (a *AlertRulesList) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRuleBooleanCondition. +func (a *AutomationRuleBooleanCondition) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", a, err) @@ -1371,11 +1227,11 @@ func (a *AlertRulesList) UnmarshalJSON(data []byte) error { for key, val := range rawMsg { var err error switch key { - case "nextLink": - err = unpopulate(val, "NextLink", &a.NextLink) + case "innerConditions": + a.InnerConditions, err = unmarshalAutomationRuleConditionClassificationArray(val) delete(rawMsg, key) - case "value": - a.Value, err = unmarshalAlertRuleClassificationArray(val) + case "operator": + err = unpopulate(val, "Operator", &a.Operator) delete(rawMsg, key) } if err != nil { @@ -1385,15 +1241,15 @@ func (a *AlertRulesList) UnmarshalJSON(data []byte) error { return nil } -// MarshalJSON implements the json.Marshaller interface for type AlertsDataTypeOfDataConnector. -func (a AlertsDataTypeOfDataConnector) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type AutomationRuleCondition. +func (a AutomationRuleCondition) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "alerts", a.Alerts) + objectMap["conditionType"] = a.ConditionType return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type AlertsDataTypeOfDataConnector. -func (a *AlertsDataTypeOfDataConnector) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRuleCondition. +func (a *AutomationRuleCondition) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", a, err) @@ -1401,8 +1257,8 @@ func (a *AlertsDataTypeOfDataConnector) UnmarshalJSON(data []byte) error { for key, val := range rawMsg { var err error switch key { - case "alerts": - err = unpopulate(val, "Alerts", &a.Alerts) + case "conditionType": + err = unpopulate(val, "ConditionType", &a.ConditionType) delete(rawMsg, key) } if err != nil { @@ -1412,21 +1268,17 @@ func (a *AlertsDataTypeOfDataConnector) UnmarshalJSON(data []byte) error { return nil } -// MarshalJSON implements the json.Marshaller interface for type Anomalies. -func (a Anomalies) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type AutomationRuleModifyPropertiesAction. +func (a AutomationRuleModifyPropertiesAction) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "etag", a.Etag) - populate(objectMap, "id", a.ID) - objectMap["kind"] = SettingKindAnomalies - populate(objectMap, "name", a.Name) - populate(objectMap, "properties", a.Properties) - populate(objectMap, "systemData", a.SystemData) - populate(objectMap, "type", a.Type) + populate(objectMap, "actionConfiguration", a.ActionConfiguration) + objectMap["actionType"] = ActionTypeModifyProperties + populate(objectMap, "order", a.Order) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type Anomalies. -func (a *Anomalies) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRuleModifyPropertiesAction. +func (a *AutomationRuleModifyPropertiesAction) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", a, err) @@ -1434,26 +1286,14 @@ func (a *Anomalies) UnmarshalJSON(data []byte) error { for key, val := range rawMsg { var err error switch key { - case "etag": - err = unpopulate(val, "Etag", &a.Etag) - delete(rawMsg, key) - case "id": - err = unpopulate(val, "ID", &a.ID) - delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &a.Kind) - delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &a.Name) - delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &a.Properties) + case "actionConfiguration": + err = unpopulate(val, "ActionConfiguration", &a.ActionConfiguration) delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &a.SystemData) + case "actionType": + err = unpopulate(val, "ActionType", &a.ActionType) delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &a.Type) + case "order": + err = unpopulate(val, "Order", &a.Order) delete(rawMsg, key) } if err != nil { @@ -1463,15 +1303,22 @@ func (a *Anomalies) UnmarshalJSON(data []byte) error { return nil } -// MarshalJSON implements the json.Marshaller interface for type AnomaliesSettingsProperties. -func (a AnomaliesSettingsProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type AutomationRuleProperties. +func (a AutomationRuleProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "isEnabled", a.IsEnabled) + populate(objectMap, "actions", a.Actions) + populate(objectMap, "createdBy", a.CreatedBy) + populateDateTimeRFC3339(objectMap, "createdTimeUtc", a.CreatedTimeUTC) + populate(objectMap, "displayName", a.DisplayName) + populate(objectMap, "lastModifiedBy", a.LastModifiedBy) + populateDateTimeRFC3339(objectMap, "lastModifiedTimeUtc", a.LastModifiedTimeUTC) + populate(objectMap, "order", a.Order) + populate(objectMap, "triggeringLogic", a.TriggeringLogic) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type AnomaliesSettingsProperties. -func (a *AnomaliesSettingsProperties) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRuleProperties. +func (a *AutomationRuleProperties) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", a, err) @@ -1479,8 +1326,29 @@ func (a *AnomaliesSettingsProperties) UnmarshalJSON(data []byte) error { for key, val := range rawMsg { var err error switch key { - case "isEnabled": - err = unpopulate(val, "IsEnabled", &a.IsEnabled) + case "actions": + a.Actions, err = unmarshalAutomationRuleActionClassificationArray(val) + delete(rawMsg, key) + case "createdBy": + err = unpopulate(val, "CreatedBy", &a.CreatedBy) + delete(rawMsg, key) + case "createdTimeUtc": + err = unpopulateDateTimeRFC3339(val, "CreatedTimeUTC", &a.CreatedTimeUTC) + delete(rawMsg, key) + case "displayName": + err = unpopulate(val, "DisplayName", &a.DisplayName) + delete(rawMsg, key) + case "lastModifiedBy": + err = unpopulate(val, "LastModifiedBy", &a.LastModifiedBy) + delete(rawMsg, key) + case "lastModifiedTimeUtc": + err = unpopulateDateTimeRFC3339(val, "LastModifiedTimeUTC", &a.LastModifiedTimeUTC) + delete(rawMsg, key) + case "order": + err = unpopulate(val, "Order", &a.Order) + delete(rawMsg, key) + case "triggeringLogic": + err = unpopulate(val, "TriggeringLogic", &a.TriggeringLogic) delete(rawMsg, key) } if err != nil { @@ -1490,21 +1358,16 @@ func (a *AnomaliesSettingsProperties) UnmarshalJSON(data []byte) error { return nil } -// MarshalJSON implements the json.Marshaller interface for type AnomalySecurityMLAnalyticsSettings. -func (a AnomalySecurityMLAnalyticsSettings) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type AutomationRulePropertyArrayChangedValuesCondition. +func (a AutomationRulePropertyArrayChangedValuesCondition) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "etag", a.Etag) - populate(objectMap, "id", a.ID) - objectMap["kind"] = SecurityMLAnalyticsSettingsKindAnomaly - populate(objectMap, "name", a.Name) - populate(objectMap, "properties", a.Properties) - populate(objectMap, "systemData", a.SystemData) - populate(objectMap, "type", a.Type) + populate(objectMap, "arrayType", a.ArrayType) + populate(objectMap, "changeType", a.ChangeType) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type AnomalySecurityMLAnalyticsSettings. -func (a *AnomalySecurityMLAnalyticsSettings) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRulePropertyArrayChangedValuesCondition. +func (a *AutomationRulePropertyArrayChangedValuesCondition) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", a, err) @@ -1512,26 +1375,11 @@ func (a *AnomalySecurityMLAnalyticsSettings) UnmarshalJSON(data []byte) error { for key, val := range rawMsg { var err error switch key { - case "etag": - err = unpopulate(val, "Etag", &a.Etag) - delete(rawMsg, key) - case "id": - err = unpopulate(val, "ID", &a.ID) - delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &a.Kind) - delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &a.Name) - delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &a.Properties) - delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &a.SystemData) + case "arrayType": + err = unpopulate(val, "ArrayType", &a.ArrayType) delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &a.Type) + case "changeType": + err = unpopulate(val, "ChangeType", &a.ChangeType) delete(rawMsg, key) } if err != nil { @@ -1541,28 +1389,17 @@ func (a *AnomalySecurityMLAnalyticsSettings) UnmarshalJSON(data []byte) error { return nil } -// MarshalJSON implements the json.Marshaller interface for type AnomalySecurityMLAnalyticsSettingsProperties. -func (a AnomalySecurityMLAnalyticsSettingsProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type AutomationRulePropertyArrayValuesCondition. +func (a AutomationRulePropertyArrayValuesCondition) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "anomalySettingsVersion", a.AnomalySettingsVersion) - populate(objectMap, "anomalyVersion", a.AnomalyVersion) - populateAny(objectMap, "customizableObservations", a.CustomizableObservations) - populate(objectMap, "description", a.Description) - populate(objectMap, "displayName", a.DisplayName) - populate(objectMap, "enabled", a.Enabled) - populate(objectMap, "frequency", a.Frequency) - populate(objectMap, "isDefaultSettings", a.IsDefaultSettings) - populateDateTimeRFC3339(objectMap, "lastModifiedUtc", a.LastModifiedUTC) - populate(objectMap, "requiredDataConnectors", a.RequiredDataConnectors) - populate(objectMap, "settingsDefinitionId", a.SettingsDefinitionID) - populate(objectMap, "settingsStatus", a.SettingsStatus) - populate(objectMap, "tactics", a.Tactics) - populate(objectMap, "techniques", a.Techniques) + populate(objectMap, "arrayConditionType", a.ArrayConditionType) + populate(objectMap, "arrayType", a.ArrayType) + populate(objectMap, "itemConditions", a.ItemConditions) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type AnomalySecurityMLAnalyticsSettingsProperties. -func (a *AnomalySecurityMLAnalyticsSettingsProperties) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRulePropertyArrayValuesCondition. +func (a *AutomationRulePropertyArrayValuesCondition) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", a, err) @@ -1570,47 +1407,14 @@ func (a *AnomalySecurityMLAnalyticsSettingsProperties) UnmarshalJSON(data []byte for key, val := range rawMsg { var err error switch key { - case "anomalySettingsVersion": - err = unpopulate(val, "AnomalySettingsVersion", &a.AnomalySettingsVersion) - delete(rawMsg, key) - case "anomalyVersion": - err = unpopulate(val, "AnomalyVersion", &a.AnomalyVersion) - delete(rawMsg, key) - case "customizableObservations": - err = unpopulate(val, "CustomizableObservations", &a.CustomizableObservations) - delete(rawMsg, key) - case "description": - err = unpopulate(val, "Description", &a.Description) - delete(rawMsg, key) - case "displayName": - err = unpopulate(val, "DisplayName", &a.DisplayName) - delete(rawMsg, key) - case "enabled": - err = unpopulate(val, "Enabled", &a.Enabled) - delete(rawMsg, key) - case "frequency": - err = unpopulate(val, "Frequency", &a.Frequency) - delete(rawMsg, key) - case "isDefaultSettings": - err = unpopulate(val, "IsDefaultSettings", &a.IsDefaultSettings) - delete(rawMsg, key) - case "lastModifiedUtc": - err = unpopulateDateTimeRFC3339(val, "LastModifiedUTC", &a.LastModifiedUTC) - delete(rawMsg, key) - case "requiredDataConnectors": - err = unpopulate(val, "RequiredDataConnectors", &a.RequiredDataConnectors) - delete(rawMsg, key) - case "settingsDefinitionId": - err = unpopulate(val, "SettingsDefinitionID", &a.SettingsDefinitionID) - delete(rawMsg, key) - case "settingsStatus": - err = unpopulate(val, "SettingsStatus", &a.SettingsStatus) + case "arrayConditionType": + err = unpopulate(val, "ArrayConditionType", &a.ArrayConditionType) delete(rawMsg, key) - case "tactics": - err = unpopulate(val, "Tactics", &a.Tactics) + case "arrayType": + err = unpopulate(val, "ArrayType", &a.ArrayType) delete(rawMsg, key) - case "techniques": - err = unpopulate(val, "Techniques", &a.Techniques) + case "itemConditions": + a.ItemConditions, err = unmarshalAutomationRuleConditionClassificationArray(val) delete(rawMsg, key) } if err != nil { @@ -1620,26 +1424,18 @@ func (a *AnomalySecurityMLAnalyticsSettingsProperties) UnmarshalJSON(data []byte return nil } -// MarshalJSON implements the json.Marshaller interface for type AnomalyTimelineItem. -func (a AnomalyTimelineItem) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type AutomationRulePropertyValuesChangedCondition. +func (a AutomationRulePropertyValuesChangedCondition) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "azureResourceId", a.AzureResourceID) - populate(objectMap, "description", a.Description) - populate(objectMap, "displayName", a.DisplayName) - populateDateTimeRFC3339(objectMap, "endTimeUtc", a.EndTimeUTC) - populate(objectMap, "intent", a.Intent) - objectMap["kind"] = EntityTimelineKindAnomaly - populate(objectMap, "productName", a.ProductName) - populate(objectMap, "reasons", a.Reasons) - populateDateTimeRFC3339(objectMap, "startTimeUtc", a.StartTimeUTC) - populate(objectMap, "techniques", a.Techniques) - populateDateTimeRFC3339(objectMap, "timeGenerated", a.TimeGenerated) - populate(objectMap, "vendor", a.Vendor) + populate(objectMap, "changeType", a.ChangeType) + populate(objectMap, "operator", a.Operator) + populate(objectMap, "propertyName", a.PropertyName) + populate(objectMap, "propertyValues", a.PropertyValues) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type AnomalyTimelineItem. -func (a *AnomalyTimelineItem) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRulePropertyValuesChangedCondition. +func (a *AutomationRulePropertyValuesChangedCondition) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", a, err) @@ -1647,41 +1443,17 @@ func (a *AnomalyTimelineItem) UnmarshalJSON(data []byte) error { for key, val := range rawMsg { var err error switch key { - case "azureResourceId": - err = unpopulate(val, "AzureResourceID", &a.AzureResourceID) - delete(rawMsg, key) - case "description": - err = unpopulate(val, "Description", &a.Description) - delete(rawMsg, key) - case "displayName": - err = unpopulate(val, "DisplayName", &a.DisplayName) - delete(rawMsg, key) - case "endTimeUtc": - err = unpopulateDateTimeRFC3339(val, "EndTimeUTC", &a.EndTimeUTC) - delete(rawMsg, key) - case "intent": - err = unpopulate(val, "Intent", &a.Intent) - delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &a.Kind) - delete(rawMsg, key) - case "productName": - err = unpopulate(val, "ProductName", &a.ProductName) - delete(rawMsg, key) - case "reasons": - err = unpopulate(val, "Reasons", &a.Reasons) - delete(rawMsg, key) - case "startTimeUtc": - err = unpopulateDateTimeRFC3339(val, "StartTimeUTC", &a.StartTimeUTC) + case "changeType": + err = unpopulate(val, "ChangeType", &a.ChangeType) delete(rawMsg, key) - case "techniques": - err = unpopulate(val, "Techniques", &a.Techniques) + case "operator": + err = unpopulate(val, "Operator", &a.Operator) delete(rawMsg, key) - case "timeGenerated": - err = unpopulateDateTimeRFC3339(val, "TimeGenerated", &a.TimeGenerated) + case "propertyName": + err = unpopulate(val, "PropertyName", &a.PropertyName) delete(rawMsg, key) - case "vendor": - err = unpopulate(val, "Vendor", &a.Vendor) + case "propertyValues": + err = unpopulate(val, "PropertyValues", &a.PropertyValues) delete(rawMsg, key) } if err != nil { @@ -1691,20 +1463,17 @@ func (a *AnomalyTimelineItem) UnmarshalJSON(data []byte) error { return nil } -// MarshalJSON implements the json.Marshaller interface for type AutomationRule. -func (a AutomationRule) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type AutomationRulePropertyValuesCondition. +func (a AutomationRulePropertyValuesCondition) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "etag", a.Etag) - populate(objectMap, "id", a.ID) - populate(objectMap, "name", a.Name) - populate(objectMap, "properties", a.Properties) - populate(objectMap, "systemData", a.SystemData) - populate(objectMap, "type", a.Type) + populate(objectMap, "operator", a.Operator) + populate(objectMap, "propertyName", a.PropertyName) + populate(objectMap, "propertyValues", a.PropertyValues) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRule. -func (a *AutomationRule) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRulePropertyValuesCondition. +func (a *AutomationRulePropertyValuesCondition) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", a, err) @@ -1712,23 +1481,14 @@ func (a *AutomationRule) UnmarshalJSON(data []byte) error { for key, val := range rawMsg { var err error switch key { - case "etag": - err = unpopulate(val, "Etag", &a.Etag) - delete(rawMsg, key) - case "id": - err = unpopulate(val, "ID", &a.ID) - delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &a.Name) - delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &a.Properties) + case "operator": + err = unpopulate(val, "Operator", &a.Operator) delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &a.SystemData) + case "propertyName": + err = unpopulate(val, "PropertyName", &a.PropertyName) delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &a.Type) + case "propertyValues": + err = unpopulate(val, "PropertyValues", &a.PropertyValues) delete(rawMsg, key) } if err != nil { @@ -1738,16 +1498,17 @@ func (a *AutomationRule) UnmarshalJSON(data []byte) error { return nil } -// MarshalJSON implements the json.Marshaller interface for type AutomationRuleAction. -func (a AutomationRuleAction) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type AutomationRuleRunPlaybookAction. +func (a AutomationRuleRunPlaybookAction) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - objectMap["actionType"] = a.ActionType + populate(objectMap, "actionConfiguration", a.ActionConfiguration) + objectMap["actionType"] = ActionTypeRunPlaybook populate(objectMap, "order", a.Order) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRuleAction. -func (a *AutomationRuleAction) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRuleRunPlaybookAction. +func (a *AutomationRuleRunPlaybookAction) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", a, err) @@ -1755,6 +1516,9 @@ func (a *AutomationRuleAction) UnmarshalJSON(data []byte) error { for key, val := range rawMsg { var err error switch key { + case "actionConfiguration": + err = unpopulate(val, "ActionConfiguration", &a.ActionConfiguration) + delete(rawMsg, key) case "actionType": err = unpopulate(val, "ActionType", &a.ActionType) delete(rawMsg, key) @@ -1769,16 +1533,19 @@ func (a *AutomationRuleAction) UnmarshalJSON(data []byte) error { return nil } -// MarshalJSON implements the json.Marshaller interface for type AutomationRuleBooleanCondition. -func (a AutomationRuleBooleanCondition) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type AutomationRuleTriggeringLogic. +func (a AutomationRuleTriggeringLogic) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "innerConditions", a.InnerConditions) - populate(objectMap, "operator", a.Operator) + populate(objectMap, "conditions", a.Conditions) + populateDateTimeRFC3339(objectMap, "expirationTimeUtc", a.ExpirationTimeUTC) + populate(objectMap, "isEnabled", a.IsEnabled) + populate(objectMap, "triggersOn", a.TriggersOn) + populate(objectMap, "triggersWhen", a.TriggersWhen) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRuleBooleanCondition. -func (a *AutomationRuleBooleanCondition) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRuleTriggeringLogic. +func (a *AutomationRuleTriggeringLogic) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", a, err) @@ -1786,11 +1553,20 @@ func (a *AutomationRuleBooleanCondition) UnmarshalJSON(data []byte) error { for key, val := range rawMsg { var err error switch key { - case "innerConditions": - a.InnerConditions, err = unmarshalAutomationRuleConditionClassificationArray(val) + case "conditions": + a.Conditions, err = unmarshalAutomationRuleConditionClassificationArray(val) delete(rawMsg, key) - case "operator": - err = unpopulate(val, "Operator", &a.Operator) + case "expirationTimeUtc": + err = unpopulateDateTimeRFC3339(val, "ExpirationTimeUTC", &a.ExpirationTimeUTC) + delete(rawMsg, key) + case "isEnabled": + err = unpopulate(val, "IsEnabled", &a.IsEnabled) + delete(rawMsg, key) + case "triggersOn": + err = unpopulate(val, "TriggersOn", &a.TriggersOn) + delete(rawMsg, key) + case "triggersWhen": + err = unpopulate(val, "TriggersWhen", &a.TriggersWhen) delete(rawMsg, key) } if err != nil { @@ -1800,15 +1576,16 @@ func (a *AutomationRuleBooleanCondition) UnmarshalJSON(data []byte) error { return nil } -// MarshalJSON implements the json.Marshaller interface for type AutomationRuleCondition. -func (a AutomationRuleCondition) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type AutomationRulesList. +func (a AutomationRulesList) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - objectMap["conditionType"] = a.ConditionType + populate(objectMap, "nextLink", a.NextLink) + populate(objectMap, "value", a.Value) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRuleCondition. -func (a *AutomationRuleCondition) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRulesList. +func (a *AutomationRulesList) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", a, err) @@ -1816,8 +1593,11 @@ func (a *AutomationRuleCondition) UnmarshalJSON(data []byte) error { for key, val := range rawMsg { var err error switch key { - case "conditionType": - err = unpopulate(val, "ConditionType", &a.ConditionType) + case "nextLink": + err = unpopulate(val, "NextLink", &a.NextLink) + delete(rawMsg, key) + case "value": + err = unpopulate(val, "Value", &a.Value) delete(rawMsg, key) } if err != nil { @@ -1827,17 +1607,21 @@ func (a *AutomationRuleCondition) UnmarshalJSON(data []byte) error { return nil } -// MarshalJSON implements the json.Marshaller interface for type AutomationRuleModifyPropertiesAction. -func (a AutomationRuleModifyPropertiesAction) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type AwsCloudTrailDataConnector. +func (a AwsCloudTrailDataConnector) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "actionConfiguration", a.ActionConfiguration) - objectMap["actionType"] = ActionTypeModifyProperties - populate(objectMap, "order", a.Order) + populate(objectMap, "etag", a.Etag) + populate(objectMap, "id", a.ID) + objectMap["kind"] = DataConnectorKindAmazonWebServicesCloudTrail + populate(objectMap, "name", a.Name) + populate(objectMap, "properties", a.Properties) + populate(objectMap, "systemData", a.SystemData) + populate(objectMap, "type", a.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRuleModifyPropertiesAction. -func (a *AutomationRuleModifyPropertiesAction) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type AwsCloudTrailDataConnector. +func (a *AwsCloudTrailDataConnector) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", a, err) @@ -1845,14 +1629,26 @@ func (a *AutomationRuleModifyPropertiesAction) UnmarshalJSON(data []byte) error for key, val := range rawMsg { var err error switch key { - case "actionConfiguration": - err = unpopulate(val, "ActionConfiguration", &a.ActionConfiguration) + case "etag": + err = unpopulate(val, "Etag", &a.Etag) delete(rawMsg, key) - case "actionType": - err = unpopulate(val, "ActionType", &a.ActionType) + case "id": + err = unpopulate(val, "ID", &a.ID) delete(rawMsg, key) - case "order": - err = unpopulate(val, "Order", &a.Order) + case "kind": + err = unpopulate(val, "Kind", &a.Kind) + delete(rawMsg, key) + case "name": + err = unpopulate(val, "Name", &a.Name) + delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &a.Properties) + delete(rawMsg, key) + case "systemData": + err = unpopulate(val, "SystemData", &a.SystemData) + delete(rawMsg, key) + case "type": + err = unpopulate(val, "Type", &a.Type) delete(rawMsg, key) } if err != nil { @@ -1862,22 +1658,15 @@ func (a *AutomationRuleModifyPropertiesAction) UnmarshalJSON(data []byte) error return nil } -// MarshalJSON implements the json.Marshaller interface for type AutomationRuleProperties. -func (a AutomationRuleProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type AwsCloudTrailDataConnectorDataTypes. +func (a AwsCloudTrailDataConnectorDataTypes) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "actions", a.Actions) - populate(objectMap, "createdBy", a.CreatedBy) - populateDateTimeRFC3339(objectMap, "createdTimeUtc", a.CreatedTimeUTC) - populate(objectMap, "displayName", a.DisplayName) - populate(objectMap, "lastModifiedBy", a.LastModifiedBy) - populateDateTimeRFC3339(objectMap, "lastModifiedTimeUtc", a.LastModifiedTimeUTC) - populate(objectMap, "order", a.Order) - populate(objectMap, "triggeringLogic", a.TriggeringLogic) + populate(objectMap, "logs", a.Logs) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRuleProperties. -func (a *AutomationRuleProperties) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type AwsCloudTrailDataConnectorDataTypes. +func (a *AwsCloudTrailDataConnectorDataTypes) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", a, err) @@ -1885,29 +1674,8 @@ func (a *AutomationRuleProperties) UnmarshalJSON(data []byte) error { for key, val := range rawMsg { var err error switch key { - case "actions": - a.Actions, err = unmarshalAutomationRuleActionClassificationArray(val) - delete(rawMsg, key) - case "createdBy": - err = unpopulate(val, "CreatedBy", &a.CreatedBy) - delete(rawMsg, key) - case "createdTimeUtc": - err = unpopulateDateTimeRFC3339(val, "CreatedTimeUTC", &a.CreatedTimeUTC) - delete(rawMsg, key) - case "displayName": - err = unpopulate(val, "DisplayName", &a.DisplayName) - delete(rawMsg, key) - case "lastModifiedBy": - err = unpopulate(val, "LastModifiedBy", &a.LastModifiedBy) - delete(rawMsg, key) - case "lastModifiedTimeUtc": - err = unpopulateDateTimeRFC3339(val, "LastModifiedTimeUTC", &a.LastModifiedTimeUTC) - delete(rawMsg, key) - case "order": - err = unpopulate(val, "Order", &a.Order) - delete(rawMsg, key) - case "triggeringLogic": - err = unpopulate(val, "TriggeringLogic", &a.TriggeringLogic) + case "logs": + err = unpopulate(val, "Logs", &a.Logs) delete(rawMsg, key) } if err != nil { @@ -1917,16 +1685,15 @@ func (a *AutomationRuleProperties) UnmarshalJSON(data []byte) error { return nil } -// MarshalJSON implements the json.Marshaller interface for type AutomationRulePropertyArrayChangedValuesCondition. -func (a AutomationRulePropertyArrayChangedValuesCondition) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type AwsCloudTrailDataConnectorDataTypesLogs. +func (a AwsCloudTrailDataConnectorDataTypesLogs) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "arrayType", a.ArrayType) - populate(objectMap, "changeType", a.ChangeType) + populate(objectMap, "state", a.State) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRulePropertyArrayChangedValuesCondition. -func (a *AutomationRulePropertyArrayChangedValuesCondition) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type AwsCloudTrailDataConnectorDataTypesLogs. +func (a *AwsCloudTrailDataConnectorDataTypesLogs) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", a, err) @@ -1934,11 +1701,8 @@ func (a *AutomationRulePropertyArrayChangedValuesCondition) UnmarshalJSON(data [ for key, val := range rawMsg { var err error switch key { - case "arrayType": - err = unpopulate(val, "ArrayType", &a.ArrayType) - delete(rawMsg, key) - case "changeType": - err = unpopulate(val, "ChangeType", &a.ChangeType) + case "state": + err = unpopulate(val, "State", &a.State) delete(rawMsg, key) } if err != nil { @@ -1948,17 +1712,16 @@ func (a *AutomationRulePropertyArrayChangedValuesCondition) UnmarshalJSON(data [ return nil } -// MarshalJSON implements the json.Marshaller interface for type AutomationRulePropertyArrayValuesCondition. -func (a AutomationRulePropertyArrayValuesCondition) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type AwsCloudTrailDataConnectorProperties. +func (a AwsCloudTrailDataConnectorProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "arrayConditionType", a.ArrayConditionType) - populate(objectMap, "arrayType", a.ArrayType) - populate(objectMap, "itemConditions", a.ItemConditions) + populate(objectMap, "awsRoleArn", a.AwsRoleArn) + populate(objectMap, "dataTypes", a.DataTypes) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRulePropertyArrayValuesCondition. -func (a *AutomationRulePropertyArrayValuesCondition) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type AwsCloudTrailDataConnectorProperties. +func (a *AwsCloudTrailDataConnectorProperties) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", a, err) @@ -1966,14 +1729,11 @@ func (a *AutomationRulePropertyArrayValuesCondition) UnmarshalJSON(data []byte) for key, val := range rawMsg { var err error switch key { - case "arrayConditionType": - err = unpopulate(val, "ArrayConditionType", &a.ArrayConditionType) - delete(rawMsg, key) - case "arrayType": - err = unpopulate(val, "ArrayType", &a.ArrayType) + case "awsRoleArn": + err = unpopulate(val, "AwsRoleArn", &a.AwsRoleArn) delete(rawMsg, key) - case "itemConditions": - a.ItemConditions, err = unmarshalAutomationRuleConditionClassificationArray(val) + case "dataTypes": + err = unpopulate(val, "DataTypes", &a.DataTypes) delete(rawMsg, key) } if err != nil { @@ -1983,18 +1743,16 @@ func (a *AutomationRulePropertyArrayValuesCondition) UnmarshalJSON(data []byte) return nil } -// MarshalJSON implements the json.Marshaller interface for type AutomationRulePropertyValuesChangedCondition. -func (a AutomationRulePropertyValuesChangedCondition) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type AzureDevOpsResourceInfo. +func (a AzureDevOpsResourceInfo) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "changeType", a.ChangeType) - populate(objectMap, "operator", a.Operator) - populate(objectMap, "propertyName", a.PropertyName) - populate(objectMap, "propertyValues", a.PropertyValues) + populate(objectMap, "pipelineId", a.PipelineID) + populate(objectMap, "serviceConnectionId", a.ServiceConnectionID) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRulePropertyValuesChangedCondition. -func (a *AutomationRulePropertyValuesChangedCondition) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type AzureDevOpsResourceInfo. +func (a *AzureDevOpsResourceInfo) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", a, err) @@ -2002,17 +1760,11 @@ func (a *AutomationRulePropertyValuesChangedCondition) UnmarshalJSON(data []byte for key, val := range rawMsg { var err error switch key { - case "changeType": - err = unpopulate(val, "ChangeType", &a.ChangeType) - delete(rawMsg, key) - case "operator": - err = unpopulate(val, "Operator", &a.Operator) - delete(rawMsg, key) - case "propertyName": - err = unpopulate(val, "PropertyName", &a.PropertyName) + case "pipelineId": + err = unpopulate(val, "PipelineID", &a.PipelineID) delete(rawMsg, key) - case "propertyValues": - err = unpopulate(val, "PropertyValues", &a.PropertyValues) + case "serviceConnectionId": + err = unpopulate(val, "ServiceConnectionID", &a.ServiceConnectionID) delete(rawMsg, key) } if err != nil { @@ -2022,17 +1774,20 @@ func (a *AutomationRulePropertyValuesChangedCondition) UnmarshalJSON(data []byte return nil } -// MarshalJSON implements the json.Marshaller interface for type AutomationRulePropertyValuesCondition. -func (a AutomationRulePropertyValuesCondition) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type AzureResourceEntity. +func (a AzureResourceEntity) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "operator", a.Operator) - populate(objectMap, "propertyName", a.PropertyName) - populate(objectMap, "propertyValues", a.PropertyValues) + populate(objectMap, "id", a.ID) + objectMap["kind"] = EntityKindEnumAzureResource + populate(objectMap, "name", a.Name) + populate(objectMap, "properties", a.Properties) + populate(objectMap, "systemData", a.SystemData) + populate(objectMap, "type", a.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRulePropertyValuesCondition. -func (a *AutomationRulePropertyValuesCondition) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type AzureResourceEntity. +func (a *AzureResourceEntity) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", a, err) @@ -2040,14 +1795,23 @@ func (a *AutomationRulePropertyValuesCondition) UnmarshalJSON(data []byte) error for key, val := range rawMsg { var err error switch key { - case "operator": - err = unpopulate(val, "Operator", &a.Operator) + case "id": + err = unpopulate(val, "ID", &a.ID) delete(rawMsg, key) - case "propertyName": - err = unpopulate(val, "PropertyName", &a.PropertyName) + case "kind": + err = unpopulate(val, "Kind", &a.Kind) delete(rawMsg, key) - case "propertyValues": - err = unpopulate(val, "PropertyValues", &a.PropertyValues) + case "name": + err = unpopulate(val, "Name", &a.Name) + delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &a.Properties) + delete(rawMsg, key) + case "systemData": + err = unpopulate(val, "SystemData", &a.SystemData) + delete(rawMsg, key) + case "type": + err = unpopulate(val, "Type", &a.Type) delete(rawMsg, key) } if err != nil { @@ -2057,17 +1821,18 @@ func (a *AutomationRulePropertyValuesCondition) UnmarshalJSON(data []byte) error return nil } -// MarshalJSON implements the json.Marshaller interface for type AutomationRuleRunPlaybookAction. -func (a AutomationRuleRunPlaybookAction) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type AzureResourceEntityProperties. +func (a AzureResourceEntityProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "actionConfiguration", a.ActionConfiguration) - objectMap["actionType"] = ActionTypeRunPlaybook - populate(objectMap, "order", a.Order) + populate(objectMap, "additionalData", a.AdditionalData) + populate(objectMap, "friendlyName", a.FriendlyName) + populate(objectMap, "resourceId", a.ResourceID) + populate(objectMap, "subscriptionId", a.SubscriptionID) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRuleRunPlaybookAction. -func (a *AutomationRuleRunPlaybookAction) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type AzureResourceEntityProperties. +func (a *AzureResourceEntityProperties) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", a, err) @@ -2075,14 +1840,17 @@ func (a *AutomationRuleRunPlaybookAction) UnmarshalJSON(data []byte) error { for key, val := range rawMsg { var err error switch key { - case "actionConfiguration": - err = unpopulate(val, "ActionConfiguration", &a.ActionConfiguration) + case "additionalData": + err = unpopulate(val, "AdditionalData", &a.AdditionalData) delete(rawMsg, key) - case "actionType": - err = unpopulate(val, "ActionType", &a.ActionType) + case "friendlyName": + err = unpopulate(val, "FriendlyName", &a.FriendlyName) delete(rawMsg, key) - case "order": - err = unpopulate(val, "Order", &a.Order) + case "resourceId": + err = unpopulate(val, "ResourceID", &a.ResourceID) + delete(rawMsg, key) + case "subscriptionId": + err = unpopulate(val, "SubscriptionID", &a.SubscriptionID) delete(rawMsg, key) } if err != nil { @@ -2092,12157 +1860,7373 @@ func (a *AutomationRuleRunPlaybookAction) UnmarshalJSON(data []byte) error { return nil } -// MarshalJSON implements the json.Marshaller interface for type AutomationRuleTriggeringLogic. -func (a AutomationRuleTriggeringLogic) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type BasicAuthModel. +func (b BasicAuthModel) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "conditions", a.Conditions) - populateDateTimeRFC3339(objectMap, "expirationTimeUtc", a.ExpirationTimeUTC) - populate(objectMap, "isEnabled", a.IsEnabled) - populate(objectMap, "triggersOn", a.TriggersOn) - populate(objectMap, "triggersWhen", a.TriggersWhen) + populate(objectMap, "password", b.Password) + objectMap["type"] = CcpAuthTypeBasic + populate(objectMap, "userName", b.UserName) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRuleTriggeringLogic. -func (a *AutomationRuleTriggeringLogic) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type BasicAuthModel. +func (b *BasicAuthModel) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", a, err) + return fmt.Errorf("unmarshalling type %T: %v", b, err) } for key, val := range rawMsg { var err error switch key { - case "conditions": - a.Conditions, err = unmarshalAutomationRuleConditionClassificationArray(val) - delete(rawMsg, key) - case "expirationTimeUtc": - err = unpopulateDateTimeRFC3339(val, "ExpirationTimeUTC", &a.ExpirationTimeUTC) - delete(rawMsg, key) - case "isEnabled": - err = unpopulate(val, "IsEnabled", &a.IsEnabled) + case "password": + err = unpopulate(val, "Password", &b.Password) delete(rawMsg, key) - case "triggersOn": - err = unpopulate(val, "TriggersOn", &a.TriggersOn) + case "type": + err = unpopulate(val, "Type", &b.Type) delete(rawMsg, key) - case "triggersWhen": - err = unpopulate(val, "TriggersWhen", &a.TriggersWhen) + case "userName": + err = unpopulate(val, "UserName", &b.UserName) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", a, err) + return fmt.Errorf("unmarshalling type %T: %v", b, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type AutomationRulesList. -func (a AutomationRulesList) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type Bookmark. +func (b Bookmark) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "nextLink", a.NextLink) - populate(objectMap, "value", a.Value) + populate(objectMap, "etag", b.Etag) + populate(objectMap, "id", b.ID) + populate(objectMap, "name", b.Name) + populate(objectMap, "properties", b.Properties) + populate(objectMap, "systemData", b.SystemData) + populate(objectMap, "type", b.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRulesList. -func (a *AutomationRulesList) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type Bookmark. +func (b *Bookmark) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", a, err) + return fmt.Errorf("unmarshalling type %T: %v", b, err) } for key, val := range rawMsg { var err error switch key { - case "nextLink": - err = unpopulate(val, "NextLink", &a.NextLink) + case "etag": + err = unpopulate(val, "Etag", &b.Etag) delete(rawMsg, key) - case "value": - err = unpopulate(val, "Value", &a.Value) + case "id": + err = unpopulate(val, "ID", &b.ID) + delete(rawMsg, key) + case "name": + err = unpopulate(val, "Name", &b.Name) + delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &b.Properties) + delete(rawMsg, key) + case "systemData": + err = unpopulate(val, "SystemData", &b.SystemData) + delete(rawMsg, key) + case "type": + err = unpopulate(val, "Type", &b.Type) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", a, err) + return fmt.Errorf("unmarshalling type %T: %v", b, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type Availability. -func (a Availability) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type BookmarkList. +func (b BookmarkList) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "isPreview", a.IsPreview) - objectMap["status"] = int32(1) + populate(objectMap, "nextLink", b.NextLink) + populate(objectMap, "value", b.Value) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type Availability. -func (a *Availability) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type BookmarkList. +func (b *BookmarkList) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", a, err) + return fmt.Errorf("unmarshalling type %T: %v", b, err) } for key, val := range rawMsg { var err error switch key { - case "isPreview": - err = unpopulate(val, "IsPreview", &a.IsPreview) + case "nextLink": + err = unpopulate(val, "NextLink", &b.NextLink) delete(rawMsg, key) - case "status": - err = unpopulate(val, "Status", &a.Status) + case "value": + err = unpopulate(val, "Value", &b.Value) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", a, err) + return fmt.Errorf("unmarshalling type %T: %v", b, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type AwsCloudTrailCheckRequirements. -func (a AwsCloudTrailCheckRequirements) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type BookmarkProperties. +func (b BookmarkProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - objectMap["kind"] = DataConnectorKindAmazonWebServicesCloudTrail + populateDateTimeRFC3339(objectMap, "created", b.Created) + populate(objectMap, "createdBy", b.CreatedBy) + populate(objectMap, "displayName", b.DisplayName) + populateDateTimeRFC3339(objectMap, "eventTime", b.EventTime) + populate(objectMap, "incidentInfo", b.IncidentInfo) + populate(objectMap, "labels", b.Labels) + populate(objectMap, "notes", b.Notes) + populate(objectMap, "query", b.Query) + populateDateTimeRFC3339(objectMap, "queryEndTime", b.QueryEndTime) + populate(objectMap, "queryResult", b.QueryResult) + populateDateTimeRFC3339(objectMap, "queryStartTime", b.QueryStartTime) + populateDateTimeRFC3339(objectMap, "updated", b.Updated) + populate(objectMap, "updatedBy", b.UpdatedBy) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type AwsCloudTrailCheckRequirements. -func (a *AwsCloudTrailCheckRequirements) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type BookmarkProperties. +func (b *BookmarkProperties) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", a, err) + return fmt.Errorf("unmarshalling type %T: %v", b, err) } for key, val := range rawMsg { var err error switch key { - case "kind": - err = unpopulate(val, "Kind", &a.Kind) + case "created": + err = unpopulateDateTimeRFC3339(val, "Created", &b.Created) + delete(rawMsg, key) + case "createdBy": + err = unpopulate(val, "CreatedBy", &b.CreatedBy) + delete(rawMsg, key) + case "displayName": + err = unpopulate(val, "DisplayName", &b.DisplayName) + delete(rawMsg, key) + case "eventTime": + err = unpopulateDateTimeRFC3339(val, "EventTime", &b.EventTime) + delete(rawMsg, key) + case "incidentInfo": + err = unpopulate(val, "IncidentInfo", &b.IncidentInfo) + delete(rawMsg, key) + case "labels": + err = unpopulate(val, "Labels", &b.Labels) + delete(rawMsg, key) + case "notes": + err = unpopulate(val, "Notes", &b.Notes) + delete(rawMsg, key) + case "query": + err = unpopulate(val, "Query", &b.Query) + delete(rawMsg, key) + case "queryEndTime": + err = unpopulateDateTimeRFC3339(val, "QueryEndTime", &b.QueryEndTime) + delete(rawMsg, key) + case "queryResult": + err = unpopulate(val, "QueryResult", &b.QueryResult) + delete(rawMsg, key) + case "queryStartTime": + err = unpopulateDateTimeRFC3339(val, "QueryStartTime", &b.QueryStartTime) + delete(rawMsg, key) + case "updated": + err = unpopulateDateTimeRFC3339(val, "Updated", &b.Updated) + delete(rawMsg, key) + case "updatedBy": + err = unpopulate(val, "UpdatedBy", &b.UpdatedBy) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", a, err) + return fmt.Errorf("unmarshalling type %T: %v", b, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type AwsCloudTrailDataConnector. -func (a AwsCloudTrailDataConnector) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type BooleanConditionProperties. +func (b BooleanConditionProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "etag", a.Etag) - populate(objectMap, "id", a.ID) - objectMap["kind"] = DataConnectorKindAmazonWebServicesCloudTrail - populate(objectMap, "name", a.Name) - populate(objectMap, "properties", a.Properties) - populate(objectMap, "systemData", a.SystemData) - populate(objectMap, "type", a.Type) + populate(objectMap, "conditionProperties", b.ConditionProperties) + objectMap["conditionType"] = ConditionTypeBoolean return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type AwsCloudTrailDataConnector. -func (a *AwsCloudTrailDataConnector) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type BooleanConditionProperties. +func (b *BooleanConditionProperties) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", a, err) + return fmt.Errorf("unmarshalling type %T: %v", b, err) } for key, val := range rawMsg { var err error switch key { - case "etag": - err = unpopulate(val, "Etag", &a.Etag) - delete(rawMsg, key) - case "id": - err = unpopulate(val, "ID", &a.ID) - delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &a.Kind) - delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &a.Name) - delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &a.Properties) - delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &a.SystemData) + case "conditionProperties": + err = unpopulate(val, "ConditionProperties", &b.ConditionProperties) delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &a.Type) + case "conditionType": + err = unpopulate(val, "ConditionType", &b.ConditionType) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", a, err) + return fmt.Errorf("unmarshalling type %T: %v", b, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type AwsCloudTrailDataConnectorDataTypes. -func (a AwsCloudTrailDataConnectorDataTypes) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type CcpAuthConfig. +func (c CcpAuthConfig) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "logs", a.Logs) + objectMap["type"] = c.Type return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type AwsCloudTrailDataConnectorDataTypes. -func (a *AwsCloudTrailDataConnectorDataTypes) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type CcpAuthConfig. +func (c *CcpAuthConfig) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", a, err) + return fmt.Errorf("unmarshalling type %T: %v", c, err) } for key, val := range rawMsg { var err error switch key { - case "logs": - err = unpopulate(val, "Logs", &a.Logs) + case "type": + err = unpopulate(val, "Type", &c.Type) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", a, err) + return fmt.Errorf("unmarshalling type %T: %v", c, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type AwsCloudTrailDataConnectorDataTypesLogs. -func (a AwsCloudTrailDataConnectorDataTypesLogs) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type CcpResponseConfig. +func (c CcpResponseConfig) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "state", a.State) + populate(objectMap, "csvDelimiter", c.CSVDelimiter) + populate(objectMap, "csvEscape", c.CSVEscape) + populate(objectMap, "compressionAlgo", c.CompressionAlgo) + populate(objectMap, "convertChildPropertiesToArray", c.ConvertChildPropertiesToArray) + populate(objectMap, "eventsJsonPaths", c.EventsJSONPaths) + populate(objectMap, "format", c.Format) + populate(objectMap, "hasCsvBoundary", c.HasCSVBoundary) + populate(objectMap, "hasCsvHeader", c.HasCSVHeader) + populate(objectMap, "isGzipCompressed", c.IsGzipCompressed) + populate(objectMap, "successStatusJsonPath", c.SuccessStatusJSONPath) + populate(objectMap, "successStatusValue", c.SuccessStatusValue) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type AwsCloudTrailDataConnectorDataTypesLogs. -func (a *AwsCloudTrailDataConnectorDataTypesLogs) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type CcpResponseConfig. +func (c *CcpResponseConfig) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", a, err) + return fmt.Errorf("unmarshalling type %T: %v", c, err) } for key, val := range rawMsg { var err error switch key { - case "state": - err = unpopulate(val, "State", &a.State) + case "csvDelimiter": + err = unpopulate(val, "CSVDelimiter", &c.CSVDelimiter) + delete(rawMsg, key) + case "csvEscape": + err = unpopulate(val, "CSVEscape", &c.CSVEscape) + delete(rawMsg, key) + case "compressionAlgo": + err = unpopulate(val, "CompressionAlgo", &c.CompressionAlgo) + delete(rawMsg, key) + case "convertChildPropertiesToArray": + err = unpopulate(val, "ConvertChildPropertiesToArray", &c.ConvertChildPropertiesToArray) + delete(rawMsg, key) + case "eventsJsonPaths": + err = unpopulate(val, "EventsJSONPaths", &c.EventsJSONPaths) + delete(rawMsg, key) + case "format": + err = unpopulate(val, "Format", &c.Format) + delete(rawMsg, key) + case "hasCsvBoundary": + err = unpopulate(val, "HasCSVBoundary", &c.HasCSVBoundary) + delete(rawMsg, key) + case "hasCsvHeader": + err = unpopulate(val, "HasCSVHeader", &c.HasCSVHeader) + delete(rawMsg, key) + case "isGzipCompressed": + err = unpopulate(val, "IsGzipCompressed", &c.IsGzipCompressed) + delete(rawMsg, key) + case "successStatusJsonPath": + err = unpopulate(val, "SuccessStatusJSONPath", &c.SuccessStatusJSONPath) + delete(rawMsg, key) + case "successStatusValue": + err = unpopulate(val, "SuccessStatusValue", &c.SuccessStatusValue) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", a, err) + return fmt.Errorf("unmarshalling type %T: %v", c, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type AwsCloudTrailDataConnectorProperties. -func (a AwsCloudTrailDataConnectorProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type ClientInfo. +func (c ClientInfo) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "awsRoleArn", a.AwsRoleArn) - populate(objectMap, "dataTypes", a.DataTypes) + populate(objectMap, "email", c.Email) + populate(objectMap, "name", c.Name) + populate(objectMap, "objectId", c.ObjectID) + populate(objectMap, "userPrincipalName", c.UserPrincipalName) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type AwsCloudTrailDataConnectorProperties. -func (a *AwsCloudTrailDataConnectorProperties) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type ClientInfo. +func (c *ClientInfo) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", a, err) + return fmt.Errorf("unmarshalling type %T: %v", c, err) } for key, val := range rawMsg { var err error switch key { - case "awsRoleArn": - err = unpopulate(val, "AwsRoleArn", &a.AwsRoleArn) + case "email": + err = unpopulate(val, "Email", &c.Email) delete(rawMsg, key) - case "dataTypes": - err = unpopulate(val, "DataTypes", &a.DataTypes) + case "name": + err = unpopulate(val, "Name", &c.Name) + delete(rawMsg, key) + case "objectId": + err = unpopulate(val, "ObjectID", &c.ObjectID) + delete(rawMsg, key) + case "userPrincipalName": + err = unpopulate(val, "UserPrincipalName", &c.UserPrincipalName) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", a, err) + return fmt.Errorf("unmarshalling type %T: %v", c, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type AwsS3CheckRequirements. -func (a AwsS3CheckRequirements) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type CloudApplicationEntity. +func (c CloudApplicationEntity) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - objectMap["kind"] = DataConnectorKindAmazonWebServicesS3 + populate(objectMap, "id", c.ID) + objectMap["kind"] = EntityKindEnumCloudApplication + populate(objectMap, "name", c.Name) + populate(objectMap, "properties", c.Properties) + populate(objectMap, "systemData", c.SystemData) + populate(objectMap, "type", c.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type AwsS3CheckRequirements. -func (a *AwsS3CheckRequirements) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type CloudApplicationEntity. +func (c *CloudApplicationEntity) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", a, err) + return fmt.Errorf("unmarshalling type %T: %v", c, err) } for key, val := range rawMsg { var err error switch key { + case "id": + err = unpopulate(val, "ID", &c.ID) + delete(rawMsg, key) case "kind": - err = unpopulate(val, "Kind", &a.Kind) + err = unpopulate(val, "Kind", &c.Kind) + delete(rawMsg, key) + case "name": + err = unpopulate(val, "Name", &c.Name) + delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &c.Properties) + delete(rawMsg, key) + case "systemData": + err = unpopulate(val, "SystemData", &c.SystemData) + delete(rawMsg, key) + case "type": + err = unpopulate(val, "Type", &c.Type) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", a, err) + return fmt.Errorf("unmarshalling type %T: %v", c, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type AwsS3DataConnector. -func (a AwsS3DataConnector) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type CloudApplicationEntityProperties. +func (c CloudApplicationEntityProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "etag", a.Etag) - populate(objectMap, "id", a.ID) - objectMap["kind"] = DataConnectorKindAmazonWebServicesS3 - populate(objectMap, "name", a.Name) - populate(objectMap, "properties", a.Properties) - populate(objectMap, "systemData", a.SystemData) - populate(objectMap, "type", a.Type) + populate(objectMap, "additionalData", c.AdditionalData) + populate(objectMap, "appId", c.AppID) + populate(objectMap, "appName", c.AppName) + populate(objectMap, "friendlyName", c.FriendlyName) + populate(objectMap, "instanceName", c.InstanceName) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type AwsS3DataConnector. -func (a *AwsS3DataConnector) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type CloudApplicationEntityProperties. +func (c *CloudApplicationEntityProperties) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", a, err) + return fmt.Errorf("unmarshalling type %T: %v", c, err) } for key, val := range rawMsg { var err error switch key { - case "etag": - err = unpopulate(val, "Etag", &a.Etag) - delete(rawMsg, key) - case "id": - err = unpopulate(val, "ID", &a.ID) - delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &a.Kind) + case "additionalData": + err = unpopulate(val, "AdditionalData", &c.AdditionalData) delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &a.Name) + case "appId": + err = unpopulate(val, "AppID", &c.AppID) delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &a.Properties) + case "appName": + err = unpopulate(val, "AppName", &c.AppName) delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &a.SystemData) + case "friendlyName": + err = unpopulate(val, "FriendlyName", &c.FriendlyName) delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &a.Type) + case "instanceName": + err = unpopulate(val, "InstanceName", &c.InstanceName) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", a, err) + return fmt.Errorf("unmarshalling type %T: %v", c, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type AwsS3DataConnectorDataTypes. -func (a AwsS3DataConnectorDataTypes) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type ConnectivityCriterion. +func (c ConnectivityCriterion) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "logs", a.Logs) + populate(objectMap, "type", c.Type) + populate(objectMap, "value", c.Value) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type AwsS3DataConnectorDataTypes. -func (a *AwsS3DataConnectorDataTypes) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type ConnectivityCriterion. +func (c *ConnectivityCriterion) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", a, err) + return fmt.Errorf("unmarshalling type %T: %v", c, err) } for key, val := range rawMsg { var err error switch key { - case "logs": - err = unpopulate(val, "Logs", &a.Logs) + case "type": + err = unpopulate(val, "Type", &c.Type) + delete(rawMsg, key) + case "value": + err = unpopulate(val, "Value", &c.Value) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", a, err) + return fmt.Errorf("unmarshalling type %T: %v", c, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type AwsS3DataConnectorDataTypesLogs. -func (a AwsS3DataConnectorDataTypesLogs) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type ConnectorDataType. +func (c ConnectorDataType) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "state", a.State) + populate(objectMap, "lastDataReceivedQuery", c.LastDataReceivedQuery) + populate(objectMap, "name", c.Name) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type AwsS3DataConnectorDataTypesLogs. -func (a *AwsS3DataConnectorDataTypesLogs) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type ConnectorDataType. +func (c *ConnectorDataType) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", a, err) + return fmt.Errorf("unmarshalling type %T: %v", c, err) } for key, val := range rawMsg { var err error switch key { - case "state": - err = unpopulate(val, "State", &a.State) + case "lastDataReceivedQuery": + err = unpopulate(val, "LastDataReceivedQuery", &c.LastDataReceivedQuery) + delete(rawMsg, key) + case "name": + err = unpopulate(val, "Name", &c.Name) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", a, err) + return fmt.Errorf("unmarshalling type %T: %v", c, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type AwsS3DataConnectorProperties. -func (a AwsS3DataConnectorProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type ConnectorDefinitionsAvailability. +func (c ConnectorDefinitionsAvailability) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "dataTypes", a.DataTypes) - populate(objectMap, "destinationTable", a.DestinationTable) - populate(objectMap, "roleArn", a.RoleArn) - populate(objectMap, "sqsUrls", a.SqsUrls) + populate(objectMap, "isPreview", c.IsPreview) + populate(objectMap, "status", c.Status) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type AwsS3DataConnectorProperties. -func (a *AwsS3DataConnectorProperties) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type ConnectorDefinitionsAvailability. +func (c *ConnectorDefinitionsAvailability) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", a, err) + return fmt.Errorf("unmarshalling type %T: %v", c, err) } for key, val := range rawMsg { var err error switch key { - case "dataTypes": - err = unpopulate(val, "DataTypes", &a.DataTypes) - delete(rawMsg, key) - case "destinationTable": - err = unpopulate(val, "DestinationTable", &a.DestinationTable) - delete(rawMsg, key) - case "roleArn": - err = unpopulate(val, "RoleArn", &a.RoleArn) + case "isPreview": + err = unpopulate(val, "IsPreview", &c.IsPreview) delete(rawMsg, key) - case "sqsUrls": - err = unpopulate(val, "SqsUrls", &a.SqsUrls) + case "status": + err = unpopulate(val, "Status", &c.Status) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", a, err) + return fmt.Errorf("unmarshalling type %T: %v", c, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type AzureDevOpsResourceInfo. -func (a AzureDevOpsResourceInfo) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type ConnectorDefinitionsPermissions. +func (c ConnectorDefinitionsPermissions) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "pipelineId", a.PipelineID) - populate(objectMap, "serviceConnectionId", a.ServiceConnectionID) + populate(objectMap, "customs", c.Customs) + populate(objectMap, "licenses", c.Licenses) + populate(objectMap, "resourceProvider", c.ResourceProvider) + populate(objectMap, "tenant", c.Tenant) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type AzureDevOpsResourceInfo. -func (a *AzureDevOpsResourceInfo) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type ConnectorDefinitionsPermissions. +func (c *ConnectorDefinitionsPermissions) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", a, err) + return fmt.Errorf("unmarshalling type %T: %v", c, err) } for key, val := range rawMsg { var err error switch key { - case "pipelineId": - err = unpopulate(val, "PipelineID", &a.PipelineID) + case "customs": + err = unpopulate(val, "Customs", &c.Customs) delete(rawMsg, key) - case "serviceConnectionId": - err = unpopulate(val, "ServiceConnectionID", &a.ServiceConnectionID) + case "licenses": + err = unpopulate(val, "Licenses", &c.Licenses) + delete(rawMsg, key) + case "resourceProvider": + err = unpopulate(val, "ResourceProvider", &c.ResourceProvider) + delete(rawMsg, key) + case "tenant": + err = unpopulate(val, "Tenant", &c.Tenant) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", a, err) + return fmt.Errorf("unmarshalling type %T: %v", c, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type AzureResourceEntity. -func (a AzureResourceEntity) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type ConnectorDefinitionsResourceProvider. +func (c ConnectorDefinitionsResourceProvider) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "id", a.ID) - objectMap["kind"] = EntityKindAzureResource - populate(objectMap, "name", a.Name) - populate(objectMap, "properties", a.Properties) - populate(objectMap, "systemData", a.SystemData) - populate(objectMap, "type", a.Type) + populate(objectMap, "permissionsDisplayText", c.PermissionsDisplayText) + populate(objectMap, "provider", c.Provider) + populate(objectMap, "providerDisplayName", c.ProviderDisplayName) + populate(objectMap, "requiredPermissions", c.RequiredPermissions) + populate(objectMap, "scope", c.Scope) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type AzureResourceEntity. -func (a *AzureResourceEntity) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type ConnectorDefinitionsResourceProvider. +func (c *ConnectorDefinitionsResourceProvider) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", a, err) + return fmt.Errorf("unmarshalling type %T: %v", c, err) } for key, val := range rawMsg { var err error switch key { - case "id": - err = unpopulate(val, "ID", &a.ID) - delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &a.Kind) + case "permissionsDisplayText": + err = unpopulate(val, "PermissionsDisplayText", &c.PermissionsDisplayText) delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &a.Name) + case "provider": + err = unpopulate(val, "Provider", &c.Provider) delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &a.Properties) + case "providerDisplayName": + err = unpopulate(val, "ProviderDisplayName", &c.ProviderDisplayName) delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &a.SystemData) + case "requiredPermissions": + err = unpopulate(val, "RequiredPermissions", &c.RequiredPermissions) delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &a.Type) + case "scope": + err = unpopulate(val, "Scope", &c.Scope) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", a, err) + return fmt.Errorf("unmarshalling type %T: %v", c, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type AzureResourceEntityProperties. -func (a AzureResourceEntityProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type CustomPermissionDetails. +func (c CustomPermissionDetails) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "additionalData", a.AdditionalData) - populate(objectMap, "friendlyName", a.FriendlyName) - populate(objectMap, "resourceId", a.ResourceID) - populate(objectMap, "subscriptionId", a.SubscriptionID) + populate(objectMap, "description", c.Description) + populate(objectMap, "name", c.Name) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type AzureResourceEntityProperties. -func (a *AzureResourceEntityProperties) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type CustomPermissionDetails. +func (c *CustomPermissionDetails) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", a, err) + return fmt.Errorf("unmarshalling type %T: %v", c, err) } for key, val := range rawMsg { var err error switch key { - case "additionalData": - err = unpopulate(val, "AdditionalData", &a.AdditionalData) + case "description": + err = unpopulate(val, "Description", &c.Description) delete(rawMsg, key) - case "friendlyName": - err = unpopulate(val, "FriendlyName", &a.FriendlyName) + case "name": + err = unpopulate(val, "Name", &c.Name) delete(rawMsg, key) - case "resourceId": - err = unpopulate(val, "ResourceID", &a.ResourceID) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", c, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type CustomizableConnectionsConfig. +func (c CustomizableConnectionsConfig) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]any) + populate(objectMap, "templateSpecName", c.TemplateSpecName) + populate(objectMap, "templateSpecVersion", c.TemplateSpecVersion) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type CustomizableConnectionsConfig. +func (c *CustomizableConnectionsConfig) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", c, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "templateSpecName": + err = unpopulate(val, "TemplateSpecName", &c.TemplateSpecName) delete(rawMsg, key) - case "subscriptionId": - err = unpopulate(val, "SubscriptionID", &a.SubscriptionID) + case "templateSpecVersion": + err = unpopulate(val, "TemplateSpecVersion", &c.TemplateSpecVersion) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", a, err) + return fmt.Errorf("unmarshalling type %T: %v", c, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type Bookmark. -func (b Bookmark) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type CustomizableConnectorDefinition. +func (c CustomizableConnectorDefinition) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "etag", b.Etag) - populate(objectMap, "id", b.ID) - populate(objectMap, "name", b.Name) - populate(objectMap, "properties", b.Properties) - populate(objectMap, "systemData", b.SystemData) - populate(objectMap, "type", b.Type) + populate(objectMap, "etag", c.Etag) + populate(objectMap, "id", c.ID) + objectMap["kind"] = DataConnectorDefinitionKindCustomizable + populate(objectMap, "name", c.Name) + populate(objectMap, "properties", c.Properties) + populate(objectMap, "systemData", c.SystemData) + populate(objectMap, "type", c.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type Bookmark. -func (b *Bookmark) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type CustomizableConnectorDefinition. +func (c *CustomizableConnectorDefinition) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", b, err) + return fmt.Errorf("unmarshalling type %T: %v", c, err) } for key, val := range rawMsg { var err error switch key { case "etag": - err = unpopulate(val, "Etag", &b.Etag) + err = unpopulate(val, "Etag", &c.Etag) delete(rawMsg, key) case "id": - err = unpopulate(val, "ID", &b.ID) + err = unpopulate(val, "ID", &c.ID) + delete(rawMsg, key) + case "kind": + err = unpopulate(val, "Kind", &c.Kind) delete(rawMsg, key) case "name": - err = unpopulate(val, "Name", &b.Name) + err = unpopulate(val, "Name", &c.Name) delete(rawMsg, key) case "properties": - err = unpopulate(val, "Properties", &b.Properties) + err = unpopulate(val, "Properties", &c.Properties) delete(rawMsg, key) case "systemData": - err = unpopulate(val, "SystemData", &b.SystemData) + err = unpopulate(val, "SystemData", &c.SystemData) delete(rawMsg, key) case "type": - err = unpopulate(val, "Type", &b.Type) + err = unpopulate(val, "Type", &c.Type) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", b, err) + return fmt.Errorf("unmarshalling type %T: %v", c, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type BookmarkEntityMappings. -func (b BookmarkEntityMappings) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type CustomizableConnectorDefinitionProperties. +func (c CustomizableConnectorDefinitionProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "entityType", b.EntityType) - populate(objectMap, "fieldMappings", b.FieldMappings) + populate(objectMap, "connectionsConfig", c.ConnectionsConfig) + populate(objectMap, "connectorUiConfig", c.ConnectorUIConfig) + populateDateTimeRFC3339(objectMap, "createdTimeUtc", c.CreatedTimeUTC) + populateDateTimeRFC3339(objectMap, "lastModifiedUtc", c.LastModifiedUTC) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type BookmarkEntityMappings. -func (b *BookmarkEntityMappings) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type CustomizableConnectorDefinitionProperties. +func (c *CustomizableConnectorDefinitionProperties) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", b, err) + return fmt.Errorf("unmarshalling type %T: %v", c, err) } for key, val := range rawMsg { var err error switch key { - case "entityType": - err = unpopulate(val, "EntityType", &b.EntityType) + case "connectionsConfig": + err = unpopulate(val, "ConnectionsConfig", &c.ConnectionsConfig) delete(rawMsg, key) - case "fieldMappings": - err = unpopulate(val, "FieldMappings", &b.FieldMappings) + case "connectorUiConfig": + err = unpopulate(val, "ConnectorUIConfig", &c.ConnectorUIConfig) + delete(rawMsg, key) + case "createdTimeUtc": + err = unpopulateDateTimeRFC3339(val, "CreatedTimeUTC", &c.CreatedTimeUTC) + delete(rawMsg, key) + case "lastModifiedUtc": + err = unpopulateDateTimeRFC3339(val, "LastModifiedUTC", &c.LastModifiedUTC) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", b, err) + return fmt.Errorf("unmarshalling type %T: %v", c, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type BookmarkExpandParameters. -func (b BookmarkExpandParameters) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type CustomizableConnectorUIConfig. +func (c CustomizableConnectorUIConfig) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populateDateTimeRFC3339(objectMap, "endTime", b.EndTime) - populate(objectMap, "expansionId", b.ExpansionID) - populateDateTimeRFC3339(objectMap, "startTime", b.StartTime) + populate(objectMap, "availability", c.Availability) + populate(objectMap, "connectivityCriteria", c.ConnectivityCriteria) + populate(objectMap, "dataTypes", c.DataTypes) + populate(objectMap, "descriptionMarkdown", c.DescriptionMarkdown) + populate(objectMap, "graphQueries", c.GraphQueries) + populate(objectMap, "id", c.ID) + populate(objectMap, "instructionSteps", c.InstructionSteps) + populate(objectMap, "isConnectivityCriteriasMatchSome", c.IsConnectivityCriteriasMatchSome) + populate(objectMap, "logo", c.Logo) + populate(objectMap, "permissions", c.Permissions) + populate(objectMap, "publisher", c.Publisher) + populate(objectMap, "title", c.Title) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type BookmarkExpandParameters. -func (b *BookmarkExpandParameters) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type CustomizableConnectorUIConfig. +func (c *CustomizableConnectorUIConfig) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", b, err) + return fmt.Errorf("unmarshalling type %T: %v", c, err) } for key, val := range rawMsg { var err error switch key { - case "endTime": - err = unpopulateDateTimeRFC3339(val, "EndTime", &b.EndTime) + case "availability": + err = unpopulate(val, "Availability", &c.Availability) + delete(rawMsg, key) + case "connectivityCriteria": + err = unpopulate(val, "ConnectivityCriteria", &c.ConnectivityCriteria) + delete(rawMsg, key) + case "dataTypes": + err = unpopulate(val, "DataTypes", &c.DataTypes) + delete(rawMsg, key) + case "descriptionMarkdown": + err = unpopulate(val, "DescriptionMarkdown", &c.DescriptionMarkdown) + delete(rawMsg, key) + case "graphQueries": + err = unpopulate(val, "GraphQueries", &c.GraphQueries) + delete(rawMsg, key) + case "id": + err = unpopulate(val, "ID", &c.ID) + delete(rawMsg, key) + case "instructionSteps": + err = unpopulate(val, "InstructionSteps", &c.InstructionSteps) + delete(rawMsg, key) + case "isConnectivityCriteriasMatchSome": + err = unpopulate(val, "IsConnectivityCriteriasMatchSome", &c.IsConnectivityCriteriasMatchSome) + delete(rawMsg, key) + case "logo": + err = unpopulate(val, "Logo", &c.Logo) + delete(rawMsg, key) + case "permissions": + err = unpopulate(val, "Permissions", &c.Permissions) delete(rawMsg, key) - case "expansionId": - err = unpopulate(val, "ExpansionID", &b.ExpansionID) + case "publisher": + err = unpopulate(val, "Publisher", &c.Publisher) delete(rawMsg, key) - case "startTime": - err = unpopulateDateTimeRFC3339(val, "StartTime", &b.StartTime) + case "title": + err = unpopulate(val, "Title", &c.Title) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", b, err) + return fmt.Errorf("unmarshalling type %T: %v", c, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type BookmarkExpandResponse. -func (b BookmarkExpandResponse) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type DCRConfiguration. +func (d DCRConfiguration) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "metaData", b.MetaData) - populate(objectMap, "value", b.Value) + populate(objectMap, "dataCollectionEndpoint", d.DataCollectionEndpoint) + populate(objectMap, "dataCollectionRuleImmutableId", d.DataCollectionRuleImmutableID) + populate(objectMap, "streamName", d.StreamName) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type BookmarkExpandResponse. -func (b *BookmarkExpandResponse) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type DCRConfiguration. +func (d *DCRConfiguration) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", b, err) + return fmt.Errorf("unmarshalling type %T: %v", d, err) } for key, val := range rawMsg { var err error switch key { - case "metaData": - err = unpopulate(val, "MetaData", &b.MetaData) + case "dataCollectionEndpoint": + err = unpopulate(val, "DataCollectionEndpoint", &d.DataCollectionEndpoint) delete(rawMsg, key) - case "value": - err = unpopulate(val, "Value", &b.Value) + case "dataCollectionRuleImmutableId": + err = unpopulate(val, "DataCollectionRuleImmutableID", &d.DataCollectionRuleImmutableID) + delete(rawMsg, key) + case "streamName": + err = unpopulate(val, "StreamName", &d.StreamName) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", b, err) + return fmt.Errorf("unmarshalling type %T: %v", d, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type BookmarkExpandResponseValue. -func (b BookmarkExpandResponseValue) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type DNSEntity. +func (d DNSEntity) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "edges", b.Edges) - populate(objectMap, "entities", b.Entities) + populate(objectMap, "id", d.ID) + objectMap["kind"] = EntityKindEnumDNSResolution + populate(objectMap, "name", d.Name) + populate(objectMap, "properties", d.Properties) + populate(objectMap, "systemData", d.SystemData) + populate(objectMap, "type", d.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type BookmarkExpandResponseValue. -func (b *BookmarkExpandResponseValue) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type DNSEntity. +func (d *DNSEntity) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", b, err) + return fmt.Errorf("unmarshalling type %T: %v", d, err) } for key, val := range rawMsg { var err error switch key { - case "edges": - err = unpopulate(val, "Edges", &b.Edges) + case "id": + err = unpopulate(val, "ID", &d.ID) delete(rawMsg, key) - case "entities": - b.Entities, err = unmarshalEntityClassificationArray(val) + case "kind": + err = unpopulate(val, "Kind", &d.Kind) + delete(rawMsg, key) + case "name": + err = unpopulate(val, "Name", &d.Name) + delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &d.Properties) + delete(rawMsg, key) + case "systemData": + err = unpopulate(val, "SystemData", &d.SystemData) + delete(rawMsg, key) + case "type": + err = unpopulate(val, "Type", &d.Type) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", b, err) + return fmt.Errorf("unmarshalling type %T: %v", d, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type BookmarkList. -func (b BookmarkList) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type DNSEntityProperties. +func (d DNSEntityProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "nextLink", b.NextLink) - populate(objectMap, "value", b.Value) + populate(objectMap, "additionalData", d.AdditionalData) + populate(objectMap, "dnsServerIpEntityId", d.DNSServerIPEntityID) + populate(objectMap, "domainName", d.DomainName) + populate(objectMap, "friendlyName", d.FriendlyName) + populate(objectMap, "hostIpAddressEntityId", d.HostIPAddressEntityID) + populate(objectMap, "ipAddressEntityIds", d.IPAddressEntityIDs) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type BookmarkList. -func (b *BookmarkList) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type DNSEntityProperties. +func (d *DNSEntityProperties) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", b, err) + return fmt.Errorf("unmarshalling type %T: %v", d, err) } for key, val := range rawMsg { var err error switch key { - case "nextLink": - err = unpopulate(val, "NextLink", &b.NextLink) + case "additionalData": + err = unpopulate(val, "AdditionalData", &d.AdditionalData) delete(rawMsg, key) - case "value": - err = unpopulate(val, "Value", &b.Value) + case "dnsServerIpEntityId": + err = unpopulate(val, "DNSServerIPEntityID", &d.DNSServerIPEntityID) + delete(rawMsg, key) + case "domainName": + err = unpopulate(val, "DomainName", &d.DomainName) + delete(rawMsg, key) + case "friendlyName": + err = unpopulate(val, "FriendlyName", &d.FriendlyName) + delete(rawMsg, key) + case "hostIpAddressEntityId": + err = unpopulate(val, "HostIPAddressEntityID", &d.HostIPAddressEntityID) + delete(rawMsg, key) + case "ipAddressEntityIds": + err = unpopulate(val, "IPAddressEntityIDs", &d.IPAddressEntityIDs) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", b, err) + return fmt.Errorf("unmarshalling type %T: %v", d, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type BookmarkProperties. -func (b BookmarkProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type DataConnector. +func (d DataConnector) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populateDateTimeRFC3339(objectMap, "created", b.Created) - populate(objectMap, "createdBy", b.CreatedBy) - populate(objectMap, "displayName", b.DisplayName) - populate(objectMap, "entityMappings", b.EntityMappings) - populateDateTimeRFC3339(objectMap, "eventTime", b.EventTime) - populate(objectMap, "incidentInfo", b.IncidentInfo) - populate(objectMap, "labels", b.Labels) - populate(objectMap, "notes", b.Notes) - populate(objectMap, "query", b.Query) - populateDateTimeRFC3339(objectMap, "queryEndTime", b.QueryEndTime) - populate(objectMap, "queryResult", b.QueryResult) - populateDateTimeRFC3339(objectMap, "queryStartTime", b.QueryStartTime) - populate(objectMap, "tactics", b.Tactics) - populate(objectMap, "techniques", b.Techniques) - populateDateTimeRFC3339(objectMap, "updated", b.Updated) - populate(objectMap, "updatedBy", b.UpdatedBy) + populate(objectMap, "etag", d.Etag) + populate(objectMap, "id", d.ID) + objectMap["kind"] = d.Kind + populate(objectMap, "name", d.Name) + populate(objectMap, "systemData", d.SystemData) + populate(objectMap, "type", d.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type BookmarkProperties. -func (b *BookmarkProperties) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type DataConnector. +func (d *DataConnector) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", b, err) + return fmt.Errorf("unmarshalling type %T: %v", d, err) } for key, val := range rawMsg { var err error switch key { - case "created": - err = unpopulateDateTimeRFC3339(val, "Created", &b.Created) - delete(rawMsg, key) - case "createdBy": - err = unpopulate(val, "CreatedBy", &b.CreatedBy) + case "etag": + err = unpopulate(val, "Etag", &d.Etag) delete(rawMsg, key) - case "displayName": - err = unpopulate(val, "DisplayName", &b.DisplayName) + case "id": + err = unpopulate(val, "ID", &d.ID) delete(rawMsg, key) - case "entityMappings": - err = unpopulate(val, "EntityMappings", &b.EntityMappings) + case "kind": + err = unpopulate(val, "Kind", &d.Kind) delete(rawMsg, key) - case "eventTime": - err = unpopulateDateTimeRFC3339(val, "EventTime", &b.EventTime) + case "name": + err = unpopulate(val, "Name", &d.Name) delete(rawMsg, key) - case "incidentInfo": - err = unpopulate(val, "IncidentInfo", &b.IncidentInfo) - delete(rawMsg, key) - case "labels": - err = unpopulate(val, "Labels", &b.Labels) - delete(rawMsg, key) - case "notes": - err = unpopulate(val, "Notes", &b.Notes) - delete(rawMsg, key) - case "query": - err = unpopulate(val, "Query", &b.Query) - delete(rawMsg, key) - case "queryEndTime": - err = unpopulateDateTimeRFC3339(val, "QueryEndTime", &b.QueryEndTime) - delete(rawMsg, key) - case "queryResult": - err = unpopulate(val, "QueryResult", &b.QueryResult) - delete(rawMsg, key) - case "queryStartTime": - err = unpopulateDateTimeRFC3339(val, "QueryStartTime", &b.QueryStartTime) - delete(rawMsg, key) - case "tactics": - err = unpopulate(val, "Tactics", &b.Tactics) - delete(rawMsg, key) - case "techniques": - err = unpopulate(val, "Techniques", &b.Techniques) - delete(rawMsg, key) - case "updated": - err = unpopulateDateTimeRFC3339(val, "Updated", &b.Updated) + case "systemData": + err = unpopulate(val, "SystemData", &d.SystemData) delete(rawMsg, key) - case "updatedBy": - err = unpopulate(val, "UpdatedBy", &b.UpdatedBy) + case "type": + err = unpopulate(val, "Type", &d.Type) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", b, err) + return fmt.Errorf("unmarshalling type %T: %v", d, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type BookmarkTimelineItem. -func (b BookmarkTimelineItem) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type DataConnectorDataTypeCommon. +func (d DataConnectorDataTypeCommon) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "azureResourceId", b.AzureResourceID) - populate(objectMap, "createdBy", b.CreatedBy) - populate(objectMap, "displayName", b.DisplayName) - populateDateTimeRFC3339(objectMap, "endTimeUtc", b.EndTimeUTC) - populateDateTimeRFC3339(objectMap, "eventTime", b.EventTime) - objectMap["kind"] = EntityTimelineKindBookmark - populate(objectMap, "labels", b.Labels) - populate(objectMap, "notes", b.Notes) - populateDateTimeRFC3339(objectMap, "startTimeUtc", b.StartTimeUTC) + populate(objectMap, "state", d.State) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type BookmarkTimelineItem. -func (b *BookmarkTimelineItem) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type DataConnectorDataTypeCommon. +func (d *DataConnectorDataTypeCommon) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", b, err) + return fmt.Errorf("unmarshalling type %T: %v", d, err) } for key, val := range rawMsg { var err error switch key { - case "azureResourceId": - err = unpopulate(val, "AzureResourceID", &b.AzureResourceID) - delete(rawMsg, key) - case "createdBy": - err = unpopulate(val, "CreatedBy", &b.CreatedBy) - delete(rawMsg, key) - case "displayName": - err = unpopulate(val, "DisplayName", &b.DisplayName) + case "state": + err = unpopulate(val, "State", &d.State) delete(rawMsg, key) - case "endTimeUtc": - err = unpopulateDateTimeRFC3339(val, "EndTimeUTC", &b.EndTimeUTC) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", d, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type DataConnectorDefinition. +func (d DataConnectorDefinition) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]any) + populate(objectMap, "etag", d.Etag) + populate(objectMap, "id", d.ID) + objectMap["kind"] = d.Kind + populate(objectMap, "name", d.Name) + populate(objectMap, "systemData", d.SystemData) + populate(objectMap, "type", d.Type) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type DataConnectorDefinition. +func (d *DataConnectorDefinition) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", d, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "etag": + err = unpopulate(val, "Etag", &d.Etag) delete(rawMsg, key) - case "eventTime": - err = unpopulateDateTimeRFC3339(val, "EventTime", &b.EventTime) + case "id": + err = unpopulate(val, "ID", &d.ID) delete(rawMsg, key) case "kind": - err = unpopulate(val, "Kind", &b.Kind) + err = unpopulate(val, "Kind", &d.Kind) delete(rawMsg, key) - case "labels": - err = unpopulate(val, "Labels", &b.Labels) + case "name": + err = unpopulate(val, "Name", &d.Name) delete(rawMsg, key) - case "notes": - err = unpopulate(val, "Notes", &b.Notes) + case "systemData": + err = unpopulate(val, "SystemData", &d.SystemData) delete(rawMsg, key) - case "startTimeUtc": - err = unpopulateDateTimeRFC3339(val, "StartTimeUTC", &b.StartTimeUTC) + case "type": + err = unpopulate(val, "Type", &d.Type) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", b, err) + return fmt.Errorf("unmarshalling type %T: %v", d, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type BooleanConditionProperties. -func (b BooleanConditionProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type DataConnectorDefinitionArmCollectionWrapper. +func (d DataConnectorDefinitionArmCollectionWrapper) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "conditionProperties", b.ConditionProperties) - objectMap["conditionType"] = ConditionTypeBoolean + populate(objectMap, "nextLink", d.NextLink) + populate(objectMap, "value", d.Value) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type BooleanConditionProperties. -func (b *BooleanConditionProperties) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type DataConnectorDefinitionArmCollectionWrapper. +func (d *DataConnectorDefinitionArmCollectionWrapper) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", b, err) + return fmt.Errorf("unmarshalling type %T: %v", d, err) } for key, val := range rawMsg { var err error switch key { - case "conditionProperties": - err = unpopulate(val, "ConditionProperties", &b.ConditionProperties) + case "nextLink": + err = unpopulate(val, "NextLink", &d.NextLink) delete(rawMsg, key) - case "conditionType": - err = unpopulate(val, "ConditionType", &b.ConditionType) + case "value": + d.Value, err = unmarshalDataConnectorDefinitionClassificationArray(val) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", b, err) + return fmt.Errorf("unmarshalling type %T: %v", d, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type ClientInfo. -func (c ClientInfo) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type DataConnectorList. +func (d DataConnectorList) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "email", c.Email) - populate(objectMap, "name", c.Name) - populate(objectMap, "objectId", c.ObjectID) - populate(objectMap, "userPrincipalName", c.UserPrincipalName) + populate(objectMap, "nextLink", d.NextLink) + populate(objectMap, "value", d.Value) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type ClientInfo. -func (c *ClientInfo) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type DataConnectorList. +func (d *DataConnectorList) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", c, err) + return fmt.Errorf("unmarshalling type %T: %v", d, err) } for key, val := range rawMsg { var err error switch key { - case "email": - err = unpopulate(val, "Email", &c.Email) - delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &c.Name) - delete(rawMsg, key) - case "objectId": - err = unpopulate(val, "ObjectID", &c.ObjectID) + case "nextLink": + err = unpopulate(val, "NextLink", &d.NextLink) delete(rawMsg, key) - case "userPrincipalName": - err = unpopulate(val, "UserPrincipalName", &c.UserPrincipalName) + case "value": + d.Value, err = unmarshalDataConnectorClassificationArray(val) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", c, err) + return fmt.Errorf("unmarshalling type %T: %v", d, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type CloudApplicationEntity. -func (c CloudApplicationEntity) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type Deployment. +func (d Deployment) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "id", c.ID) - objectMap["kind"] = EntityKindCloudApplication - populate(objectMap, "name", c.Name) - populate(objectMap, "properties", c.Properties) - populate(objectMap, "systemData", c.SystemData) - populate(objectMap, "type", c.Type) + populate(objectMap, "deploymentId", d.DeploymentID) + populate(objectMap, "deploymentLogsUrl", d.DeploymentLogsURL) + populate(objectMap, "deploymentResult", d.DeploymentResult) + populate(objectMap, "deploymentState", d.DeploymentState) + populateDateTimeRFC3339(objectMap, "deploymentTime", d.DeploymentTime) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type CloudApplicationEntity. -func (c *CloudApplicationEntity) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type Deployment. +func (d *Deployment) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", c, err) + return fmt.Errorf("unmarshalling type %T: %v", d, err) } for key, val := range rawMsg { var err error switch key { - case "id": - err = unpopulate(val, "ID", &c.ID) - delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &c.Kind) + case "deploymentId": + err = unpopulate(val, "DeploymentID", &d.DeploymentID) delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &c.Name) + case "deploymentLogsUrl": + err = unpopulate(val, "DeploymentLogsURL", &d.DeploymentLogsURL) delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &c.Properties) + case "deploymentResult": + err = unpopulate(val, "DeploymentResult", &d.DeploymentResult) delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &c.SystemData) + case "deploymentState": + err = unpopulate(val, "DeploymentState", &d.DeploymentState) delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &c.Type) + case "deploymentTime": + err = unpopulateDateTimeRFC3339(val, "DeploymentTime", &d.DeploymentTime) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", c, err) + return fmt.Errorf("unmarshalling type %T: %v", d, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type CloudApplicationEntityProperties. -func (c CloudApplicationEntityProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type DeploymentInfo. +func (d DeploymentInfo) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "additionalData", c.AdditionalData) - populate(objectMap, "appId", c.AppID) - populate(objectMap, "appName", c.AppName) - populate(objectMap, "friendlyName", c.FriendlyName) - populate(objectMap, "instanceName", c.InstanceName) + populate(objectMap, "deployment", d.Deployment) + populate(objectMap, "deploymentFetchStatus", d.DeploymentFetchStatus) + populate(objectMap, "message", d.Message) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type CloudApplicationEntityProperties. -func (c *CloudApplicationEntityProperties) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type DeploymentInfo. +func (d *DeploymentInfo) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", c, err) + return fmt.Errorf("unmarshalling type %T: %v", d, err) } for key, val := range rawMsg { var err error switch key { - case "additionalData": - err = unpopulate(val, "AdditionalData", &c.AdditionalData) - delete(rawMsg, key) - case "appId": - err = unpopulate(val, "AppID", &c.AppID) - delete(rawMsg, key) - case "appName": - err = unpopulate(val, "AppName", &c.AppName) + case "deployment": + err = unpopulate(val, "Deployment", &d.Deployment) delete(rawMsg, key) - case "friendlyName": - err = unpopulate(val, "FriendlyName", &c.FriendlyName) + case "deploymentFetchStatus": + err = unpopulate(val, "DeploymentFetchStatus", &d.DeploymentFetchStatus) delete(rawMsg, key) - case "instanceName": - err = unpopulate(val, "InstanceName", &c.InstanceName) + case "message": + err = unpopulate(val, "Message", &d.Message) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", c, err) + return fmt.Errorf("unmarshalling type %T: %v", d, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type CodelessAPIPollingDataConnector. -func (c CodelessAPIPollingDataConnector) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type Entity. +func (e Entity) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "etag", c.Etag) - populate(objectMap, "id", c.ID) - objectMap["kind"] = DataConnectorKindAPIPolling - populate(objectMap, "name", c.Name) - populate(objectMap, "properties", c.Properties) - populate(objectMap, "systemData", c.SystemData) - populate(objectMap, "type", c.Type) + populate(objectMap, "id", e.ID) + objectMap["kind"] = e.Kind + populate(objectMap, "name", e.Name) + populate(objectMap, "systemData", e.SystemData) + populate(objectMap, "type", e.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type CodelessAPIPollingDataConnector. -func (c *CodelessAPIPollingDataConnector) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type Entity. +func (e *Entity) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", c, err) + return fmt.Errorf("unmarshalling type %T: %v", e, err) } for key, val := range rawMsg { var err error switch key { - case "etag": - err = unpopulate(val, "Etag", &c.Etag) - delete(rawMsg, key) case "id": - err = unpopulate(val, "ID", &c.ID) + err = unpopulate(val, "ID", &e.ID) delete(rawMsg, key) case "kind": - err = unpopulate(val, "Kind", &c.Kind) + err = unpopulate(val, "Kind", &e.Kind) delete(rawMsg, key) case "name": - err = unpopulate(val, "Name", &c.Name) - delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &c.Properties) + err = unpopulate(val, "Name", &e.Name) delete(rawMsg, key) case "systemData": - err = unpopulate(val, "SystemData", &c.SystemData) + err = unpopulate(val, "SystemData", &e.SystemData) delete(rawMsg, key) case "type": - err = unpopulate(val, "Type", &c.Type) + err = unpopulate(val, "Type", &e.Type) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", c, err) + return fmt.Errorf("unmarshalling type %T: %v", e, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type CodelessConnectorPollingAuthProperties. -func (c CodelessConnectorPollingAuthProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type EntityManualTriggerRequestBody. +func (e EntityManualTriggerRequestBody) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "apiKeyIdentifier", c.APIKeyIdentifier) - populate(objectMap, "apiKeyName", c.APIKeyName) - populate(objectMap, "authType", c.AuthType) - populate(objectMap, "authorizationEndpoint", c.AuthorizationEndpoint) - populateAny(objectMap, "authorizationEndpointQueryParameters", c.AuthorizationEndpointQueryParameters) - populate(objectMap, "flowName", c.FlowName) - populate(objectMap, "isApiKeyInPostPayload", c.IsAPIKeyInPostPayload) - populate(objectMap, "isClientSecretInHeader", c.IsClientSecretInHeader) - populate(objectMap, "redirectionEndpoint", c.RedirectionEndpoint) - populate(objectMap, "scope", c.Scope) - populate(objectMap, "tokenEndpoint", c.TokenEndpoint) - populateAny(objectMap, "tokenEndpointHeaders", c.TokenEndpointHeaders) - populateAny(objectMap, "tokenEndpointQueryParameters", c.TokenEndpointQueryParameters) + populate(objectMap, "incidentArmId", e.IncidentArmID) + populate(objectMap, "logicAppsResourceId", e.LogicAppsResourceID) + populate(objectMap, "tenantId", e.TenantID) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type CodelessConnectorPollingAuthProperties. -func (c *CodelessConnectorPollingAuthProperties) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type EntityManualTriggerRequestBody. +func (e *EntityManualTriggerRequestBody) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", c, err) + return fmt.Errorf("unmarshalling type %T: %v", e, err) } for key, val := range rawMsg { var err error switch key { - case "apiKeyIdentifier": - err = unpopulate(val, "APIKeyIdentifier", &c.APIKeyIdentifier) - delete(rawMsg, key) - case "apiKeyName": - err = unpopulate(val, "APIKeyName", &c.APIKeyName) - delete(rawMsg, key) - case "authType": - err = unpopulate(val, "AuthType", &c.AuthType) - delete(rawMsg, key) - case "authorizationEndpoint": - err = unpopulate(val, "AuthorizationEndpoint", &c.AuthorizationEndpoint) - delete(rawMsg, key) - case "authorizationEndpointQueryParameters": - err = unpopulate(val, "AuthorizationEndpointQueryParameters", &c.AuthorizationEndpointQueryParameters) - delete(rawMsg, key) - case "flowName": - err = unpopulate(val, "FlowName", &c.FlowName) - delete(rawMsg, key) - case "isApiKeyInPostPayload": - err = unpopulate(val, "IsAPIKeyInPostPayload", &c.IsAPIKeyInPostPayload) - delete(rawMsg, key) - case "isClientSecretInHeader": - err = unpopulate(val, "IsClientSecretInHeader", &c.IsClientSecretInHeader) - delete(rawMsg, key) - case "redirectionEndpoint": - err = unpopulate(val, "RedirectionEndpoint", &c.RedirectionEndpoint) - delete(rawMsg, key) - case "scope": - err = unpopulate(val, "Scope", &c.Scope) - delete(rawMsg, key) - case "tokenEndpoint": - err = unpopulate(val, "TokenEndpoint", &c.TokenEndpoint) + case "incidentArmId": + err = unpopulate(val, "IncidentArmID", &e.IncidentArmID) delete(rawMsg, key) - case "tokenEndpointHeaders": - err = unpopulate(val, "TokenEndpointHeaders", &c.TokenEndpointHeaders) + case "logicAppsResourceId": + err = unpopulate(val, "LogicAppsResourceID", &e.LogicAppsResourceID) delete(rawMsg, key) - case "tokenEndpointQueryParameters": - err = unpopulate(val, "TokenEndpointQueryParameters", &c.TokenEndpointQueryParameters) + case "tenantId": + err = unpopulate(val, "TenantID", &e.TenantID) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", c, err) + return fmt.Errorf("unmarshalling type %T: %v", e, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type CodelessConnectorPollingConfigProperties. -func (c CodelessConnectorPollingConfigProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type EntityMapping. +func (e EntityMapping) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "auth", c.Auth) - populate(objectMap, "isActive", c.IsActive) - populate(objectMap, "paging", c.Paging) - populate(objectMap, "request", c.Request) - populate(objectMap, "response", c.Response) + populate(objectMap, "entityType", e.EntityType) + populate(objectMap, "fieldMappings", e.FieldMappings) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type CodelessConnectorPollingConfigProperties. -func (c *CodelessConnectorPollingConfigProperties) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type EntityMapping. +func (e *EntityMapping) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", c, err) + return fmt.Errorf("unmarshalling type %T: %v", e, err) } for key, val := range rawMsg { var err error switch key { - case "auth": - err = unpopulate(val, "Auth", &c.Auth) - delete(rawMsg, key) - case "isActive": - err = unpopulate(val, "IsActive", &c.IsActive) - delete(rawMsg, key) - case "paging": - err = unpopulate(val, "Paging", &c.Paging) - delete(rawMsg, key) - case "request": - err = unpopulate(val, "Request", &c.Request) + case "entityType": + err = unpopulate(val, "EntityType", &e.EntityType) delete(rawMsg, key) - case "response": - err = unpopulate(val, "Response", &c.Response) + case "fieldMappings": + err = unpopulate(val, "FieldMappings", &e.FieldMappings) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", c, err) + return fmt.Errorf("unmarshalling type %T: %v", e, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type CodelessConnectorPollingPagingProperties. -func (c CodelessConnectorPollingPagingProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type EventGroupingSettings. +func (e EventGroupingSettings) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "nextPageParaName", c.NextPageParaName) - populate(objectMap, "nextPageTokenJsonPath", c.NextPageTokenJSONPath) - populate(objectMap, "pageCountAttributePath", c.PageCountAttributePath) - populate(objectMap, "pageSize", c.PageSize) - populate(objectMap, "pageSizeParaName", c.PageSizeParaName) - populate(objectMap, "pageTimeStampAttributePath", c.PageTimeStampAttributePath) - populate(objectMap, "pageTotalCountAttributePath", c.PageTotalCountAttributePath) - populate(objectMap, "pagingType", c.PagingType) - populate(objectMap, "searchTheLatestTimeStampFromEventsList", c.SearchTheLatestTimeStampFromEventsList) + populate(objectMap, "aggregationKind", e.AggregationKind) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type CodelessConnectorPollingPagingProperties. -func (c *CodelessConnectorPollingPagingProperties) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type EventGroupingSettings. +func (e *EventGroupingSettings) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", c, err) + return fmt.Errorf("unmarshalling type %T: %v", e, err) } for key, val := range rawMsg { var err error switch key { - case "nextPageParaName": - err = unpopulate(val, "NextPageParaName", &c.NextPageParaName) - delete(rawMsg, key) - case "nextPageTokenJsonPath": - err = unpopulate(val, "NextPageTokenJSONPath", &c.NextPageTokenJSONPath) - delete(rawMsg, key) - case "pageCountAttributePath": - err = unpopulate(val, "PageCountAttributePath", &c.PageCountAttributePath) - delete(rawMsg, key) - case "pageSize": - err = unpopulate(val, "PageSize", &c.PageSize) - delete(rawMsg, key) - case "pageSizeParaName": - err = unpopulate(val, "PageSizeParaName", &c.PageSizeParaName) - delete(rawMsg, key) - case "pageTimeStampAttributePath": - err = unpopulate(val, "PageTimeStampAttributePath", &c.PageTimeStampAttributePath) - delete(rawMsg, key) - case "pageTotalCountAttributePath": - err = unpopulate(val, "PageTotalCountAttributePath", &c.PageTotalCountAttributePath) - delete(rawMsg, key) - case "pagingType": - err = unpopulate(val, "PagingType", &c.PagingType) - delete(rawMsg, key) - case "searchTheLatestTimeStampFromEventsList": - err = unpopulate(val, "SearchTheLatestTimeStampFromEventsList", &c.SearchTheLatestTimeStampFromEventsList) + case "aggregationKind": + err = unpopulate(val, "AggregationKind", &e.AggregationKind) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", c, err) + return fmt.Errorf("unmarshalling type %T: %v", e, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type CodelessConnectorPollingRequestProperties. -func (c CodelessConnectorPollingRequestProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type FieldMapping. +func (f FieldMapping) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "apiEndpoint", c.APIEndpoint) - populate(objectMap, "endTimeAttributeName", c.EndTimeAttributeName) - populate(objectMap, "httpMethod", c.HTTPMethod) - populateAny(objectMap, "headers", c.Headers) - populateAny(objectMap, "queryParameters", c.QueryParameters) - populate(objectMap, "queryParametersTemplate", c.QueryParametersTemplate) - populate(objectMap, "queryTimeFormat", c.QueryTimeFormat) - populate(objectMap, "queryWindowInMin", c.QueryWindowInMin) - populate(objectMap, "rateLimitQps", c.RateLimitQPS) - populate(objectMap, "retryCount", c.RetryCount) - populate(objectMap, "startTimeAttributeName", c.StartTimeAttributeName) - populate(objectMap, "timeoutInSeconds", c.TimeoutInSeconds) + populate(objectMap, "columnName", f.ColumnName) + populate(objectMap, "identifier", f.Identifier) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type CodelessConnectorPollingRequestProperties. -func (c *CodelessConnectorPollingRequestProperties) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type FieldMapping. +func (f *FieldMapping) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", c, err) + return fmt.Errorf("unmarshalling type %T: %v", f, err) } for key, val := range rawMsg { var err error switch key { - case "apiEndpoint": - err = unpopulate(val, "APIEndpoint", &c.APIEndpoint) - delete(rawMsg, key) - case "endTimeAttributeName": - err = unpopulate(val, "EndTimeAttributeName", &c.EndTimeAttributeName) - delete(rawMsg, key) - case "httpMethod": - err = unpopulate(val, "HTTPMethod", &c.HTTPMethod) - delete(rawMsg, key) - case "headers": - err = unpopulate(val, "Headers", &c.Headers) - delete(rawMsg, key) - case "queryParameters": - err = unpopulate(val, "QueryParameters", &c.QueryParameters) - delete(rawMsg, key) - case "queryParametersTemplate": - err = unpopulate(val, "QueryParametersTemplate", &c.QueryParametersTemplate) - delete(rawMsg, key) - case "queryTimeFormat": - err = unpopulate(val, "QueryTimeFormat", &c.QueryTimeFormat) - delete(rawMsg, key) - case "queryWindowInMin": - err = unpopulate(val, "QueryWindowInMin", &c.QueryWindowInMin) - delete(rawMsg, key) - case "rateLimitQps": - err = unpopulate(val, "RateLimitQPS", &c.RateLimitQPS) - delete(rawMsg, key) - case "retryCount": - err = unpopulate(val, "RetryCount", &c.RetryCount) - delete(rawMsg, key) - case "startTimeAttributeName": - err = unpopulate(val, "StartTimeAttributeName", &c.StartTimeAttributeName) + case "columnName": + err = unpopulate(val, "ColumnName", &f.ColumnName) delete(rawMsg, key) - case "timeoutInSeconds": - err = unpopulate(val, "TimeoutInSeconds", &c.TimeoutInSeconds) + case "identifier": + err = unpopulate(val, "Identifier", &f.Identifier) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", c, err) + return fmt.Errorf("unmarshalling type %T: %v", f, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type CodelessConnectorPollingResponseProperties. -func (c CodelessConnectorPollingResponseProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type FileEntity. +func (f FileEntity) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "eventsJsonPaths", c.EventsJSONPaths) - populate(objectMap, "isGzipCompressed", c.IsGzipCompressed) - populate(objectMap, "successStatusJsonPath", c.SuccessStatusJSONPath) - populate(objectMap, "successStatusValue", c.SuccessStatusValue) + populate(objectMap, "id", f.ID) + objectMap["kind"] = EntityKindEnumFile + populate(objectMap, "name", f.Name) + populate(objectMap, "properties", f.Properties) + populate(objectMap, "systemData", f.SystemData) + populate(objectMap, "type", f.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type CodelessConnectorPollingResponseProperties. -func (c *CodelessConnectorPollingResponseProperties) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type FileEntity. +func (f *FileEntity) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", c, err) + return fmt.Errorf("unmarshalling type %T: %v", f, err) } for key, val := range rawMsg { var err error switch key { - case "eventsJsonPaths": - err = unpopulate(val, "EventsJSONPaths", &c.EventsJSONPaths) + case "id": + err = unpopulate(val, "ID", &f.ID) delete(rawMsg, key) - case "isGzipCompressed": - err = unpopulate(val, "IsGzipCompressed", &c.IsGzipCompressed) + case "kind": + err = unpopulate(val, "Kind", &f.Kind) delete(rawMsg, key) - case "successStatusJsonPath": - err = unpopulate(val, "SuccessStatusJSONPath", &c.SuccessStatusJSONPath) + case "name": + err = unpopulate(val, "Name", &f.Name) delete(rawMsg, key) - case "successStatusValue": - err = unpopulate(val, "SuccessStatusValue", &c.SuccessStatusValue) + case "properties": + err = unpopulate(val, "Properties", &f.Properties) + delete(rawMsg, key) + case "systemData": + err = unpopulate(val, "SystemData", &f.SystemData) + delete(rawMsg, key) + case "type": + err = unpopulate(val, "Type", &f.Type) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", c, err) + return fmt.Errorf("unmarshalling type %T: %v", f, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type CodelessParameters. -func (c CodelessParameters) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type FileEntityProperties. +func (f FileEntityProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "connectorUiConfig", c.ConnectorUIConfig) + populate(objectMap, "additionalData", f.AdditionalData) + populate(objectMap, "directory", f.Directory) + populate(objectMap, "fileHashEntityIds", f.FileHashEntityIDs) + populate(objectMap, "fileName", f.FileName) + populate(objectMap, "friendlyName", f.FriendlyName) + populate(objectMap, "hostEntityId", f.HostEntityID) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type CodelessParameters. -func (c *CodelessParameters) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type FileEntityProperties. +func (f *FileEntityProperties) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", c, err) + return fmt.Errorf("unmarshalling type %T: %v", f, err) } for key, val := range rawMsg { var err error switch key { - case "connectorUiConfig": - err = unpopulate(val, "ConnectorUIConfig", &c.ConnectorUIConfig) + case "additionalData": + err = unpopulate(val, "AdditionalData", &f.AdditionalData) + delete(rawMsg, key) + case "directory": + err = unpopulate(val, "Directory", &f.Directory) + delete(rawMsg, key) + case "fileHashEntityIds": + err = unpopulate(val, "FileHashEntityIDs", &f.FileHashEntityIDs) + delete(rawMsg, key) + case "fileName": + err = unpopulate(val, "FileName", &f.FileName) + delete(rawMsg, key) + case "friendlyName": + err = unpopulate(val, "FriendlyName", &f.FriendlyName) + delete(rawMsg, key) + case "hostEntityId": + err = unpopulate(val, "HostEntityID", &f.HostEntityID) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", c, err) + return fmt.Errorf("unmarshalling type %T: %v", f, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type CodelessUIConnectorConfigProperties. -func (c CodelessUIConnectorConfigProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type FileHashEntity. +func (f FileHashEntity) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "availability", c.Availability) - populate(objectMap, "connectivityCriteria", c.ConnectivityCriteria) - populate(objectMap, "customImage", c.CustomImage) - populate(objectMap, "dataTypes", c.DataTypes) - populate(objectMap, "descriptionMarkdown", c.DescriptionMarkdown) - populate(objectMap, "graphQueries", c.GraphQueries) - populate(objectMap, "graphQueriesTableName", c.GraphQueriesTableName) - populate(objectMap, "instructionSteps", c.InstructionSteps) - populate(objectMap, "permissions", c.Permissions) - populate(objectMap, "publisher", c.Publisher) - populate(objectMap, "sampleQueries", c.SampleQueries) - populate(objectMap, "title", c.Title) + populate(objectMap, "id", f.ID) + objectMap["kind"] = EntityKindEnumFileHash + populate(objectMap, "name", f.Name) + populate(objectMap, "properties", f.Properties) + populate(objectMap, "systemData", f.SystemData) + populate(objectMap, "type", f.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type CodelessUIConnectorConfigProperties. -func (c *CodelessUIConnectorConfigProperties) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type FileHashEntity. +func (f *FileHashEntity) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", c, err) + return fmt.Errorf("unmarshalling type %T: %v", f, err) } for key, val := range rawMsg { var err error switch key { - case "availability": - err = unpopulate(val, "Availability", &c.Availability) - delete(rawMsg, key) - case "connectivityCriteria": - err = unpopulate(val, "ConnectivityCriteria", &c.ConnectivityCriteria) - delete(rawMsg, key) - case "customImage": - err = unpopulate(val, "CustomImage", &c.CustomImage) - delete(rawMsg, key) - case "dataTypes": - err = unpopulate(val, "DataTypes", &c.DataTypes) - delete(rawMsg, key) - case "descriptionMarkdown": - err = unpopulate(val, "DescriptionMarkdown", &c.DescriptionMarkdown) - delete(rawMsg, key) - case "graphQueries": - err = unpopulate(val, "GraphQueries", &c.GraphQueries) - delete(rawMsg, key) - case "graphQueriesTableName": - err = unpopulate(val, "GraphQueriesTableName", &c.GraphQueriesTableName) + case "id": + err = unpopulate(val, "ID", &f.ID) delete(rawMsg, key) - case "instructionSteps": - err = unpopulate(val, "InstructionSteps", &c.InstructionSteps) + case "kind": + err = unpopulate(val, "Kind", &f.Kind) delete(rawMsg, key) - case "permissions": - err = unpopulate(val, "Permissions", &c.Permissions) + case "name": + err = unpopulate(val, "Name", &f.Name) delete(rawMsg, key) - case "publisher": - err = unpopulate(val, "Publisher", &c.Publisher) + case "properties": + err = unpopulate(val, "Properties", &f.Properties) delete(rawMsg, key) - case "sampleQueries": - err = unpopulate(val, "SampleQueries", &c.SampleQueries) + case "systemData": + err = unpopulate(val, "SystemData", &f.SystemData) delete(rawMsg, key) - case "title": - err = unpopulate(val, "Title", &c.Title) + case "type": + err = unpopulate(val, "Type", &f.Type) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", c, err) + return fmt.Errorf("unmarshalling type %T: %v", f, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type CodelessUIConnectorConfigPropertiesConnectivityCriteriaItem. -func (c CodelessUIConnectorConfigPropertiesConnectivityCriteriaItem) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type FileHashEntityProperties. +func (f FileHashEntityProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "type", c.Type) - populate(objectMap, "value", c.Value) - return json.Marshal(objectMap) -} + populate(objectMap, "additionalData", f.AdditionalData) + populate(objectMap, "algorithm", f.Algorithm) + populate(objectMap, "friendlyName", f.FriendlyName) + populate(objectMap, "hashValue", f.HashValue) + return json.Marshal(objectMap) +} -// UnmarshalJSON implements the json.Unmarshaller interface for type CodelessUIConnectorConfigPropertiesConnectivityCriteriaItem. -func (c *CodelessUIConnectorConfigPropertiesConnectivityCriteriaItem) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type FileHashEntityProperties. +func (f *FileHashEntityProperties) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", c, err) + return fmt.Errorf("unmarshalling type %T: %v", f, err) } for key, val := range rawMsg { var err error switch key { - case "type": - err = unpopulate(val, "Type", &c.Type) + case "additionalData": + err = unpopulate(val, "AdditionalData", &f.AdditionalData) delete(rawMsg, key) - case "value": - err = unpopulate(val, "Value", &c.Value) + case "algorithm": + err = unpopulate(val, "Algorithm", &f.Algorithm) + delete(rawMsg, key) + case "friendlyName": + err = unpopulate(val, "FriendlyName", &f.FriendlyName) + delete(rawMsg, key) + case "hashValue": + err = unpopulate(val, "HashValue", &f.HashValue) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", c, err) + return fmt.Errorf("unmarshalling type %T: %v", f, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type CodelessUIConnectorConfigPropertiesDataTypesItem. -func (c CodelessUIConnectorConfigPropertiesDataTypesItem) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type FusionAlertRule. +func (f FusionAlertRule) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "lastDataReceivedQuery", c.LastDataReceivedQuery) - populate(objectMap, "name", c.Name) + populate(objectMap, "etag", f.Etag) + populate(objectMap, "id", f.ID) + objectMap["kind"] = AlertRuleKindFusion + populate(objectMap, "name", f.Name) + populate(objectMap, "properties", f.Properties) + populate(objectMap, "systemData", f.SystemData) + populate(objectMap, "type", f.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type CodelessUIConnectorConfigPropertiesDataTypesItem. -func (c *CodelessUIConnectorConfigPropertiesDataTypesItem) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type FusionAlertRule. +func (f *FusionAlertRule) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", c, err) + return fmt.Errorf("unmarshalling type %T: %v", f, err) } for key, val := range rawMsg { var err error switch key { - case "lastDataReceivedQuery": - err = unpopulate(val, "LastDataReceivedQuery", &c.LastDataReceivedQuery) + case "etag": + err = unpopulate(val, "Etag", &f.Etag) + delete(rawMsg, key) + case "id": + err = unpopulate(val, "ID", &f.ID) + delete(rawMsg, key) + case "kind": + err = unpopulate(val, "Kind", &f.Kind) delete(rawMsg, key) case "name": - err = unpopulate(val, "Name", &c.Name) + err = unpopulate(val, "Name", &f.Name) delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", c, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type CodelessUIConnectorConfigPropertiesGraphQueriesItem. -func (c CodelessUIConnectorConfigPropertiesGraphQueriesItem) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "baseQuery", c.BaseQuery) - populate(objectMap, "legend", c.Legend) - populate(objectMap, "metricName", c.MetricName) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type CodelessUIConnectorConfigPropertiesGraphQueriesItem. -func (c *CodelessUIConnectorConfigPropertiesGraphQueriesItem) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", c, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "baseQuery": - err = unpopulate(val, "BaseQuery", &c.BaseQuery) + case "properties": + err = unpopulate(val, "Properties", &f.Properties) delete(rawMsg, key) - case "legend": - err = unpopulate(val, "Legend", &c.Legend) + case "systemData": + err = unpopulate(val, "SystemData", &f.SystemData) delete(rawMsg, key) - case "metricName": - err = unpopulate(val, "MetricName", &c.MetricName) + case "type": + err = unpopulate(val, "Type", &f.Type) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", c, err) + return fmt.Errorf("unmarshalling type %T: %v", f, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type CodelessUIConnectorConfigPropertiesInstructionStepsItem. -func (c CodelessUIConnectorConfigPropertiesInstructionStepsItem) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type FusionAlertRuleProperties. +func (f FusionAlertRuleProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "description", c.Description) - populate(objectMap, "instructions", c.Instructions) - populate(objectMap, "title", c.Title) + populate(objectMap, "alertRuleTemplateName", f.AlertRuleTemplateName) + populate(objectMap, "description", f.Description) + populate(objectMap, "displayName", f.DisplayName) + populate(objectMap, "enabled", f.Enabled) + populateDateTimeRFC3339(objectMap, "lastModifiedUtc", f.LastModifiedUTC) + populate(objectMap, "severity", f.Severity) + populate(objectMap, "tactics", f.Tactics) + populate(objectMap, "techniques", f.Techniques) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type CodelessUIConnectorConfigPropertiesInstructionStepsItem. -func (c *CodelessUIConnectorConfigPropertiesInstructionStepsItem) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type FusionAlertRuleProperties. +func (f *FusionAlertRuleProperties) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", c, err) + return fmt.Errorf("unmarshalling type %T: %v", f, err) } for key, val := range rawMsg { var err error switch key { + case "alertRuleTemplateName": + err = unpopulate(val, "AlertRuleTemplateName", &f.AlertRuleTemplateName) + delete(rawMsg, key) case "description": - err = unpopulate(val, "Description", &c.Description) + err = unpopulate(val, "Description", &f.Description) delete(rawMsg, key) - case "instructions": - err = unpopulate(val, "Instructions", &c.Instructions) + case "displayName": + err = unpopulate(val, "DisplayName", &f.DisplayName) delete(rawMsg, key) - case "title": - err = unpopulate(val, "Title", &c.Title) + case "enabled": + err = unpopulate(val, "Enabled", &f.Enabled) + delete(rawMsg, key) + case "lastModifiedUtc": + err = unpopulateDateTimeRFC3339(val, "LastModifiedUTC", &f.LastModifiedUTC) + delete(rawMsg, key) + case "severity": + err = unpopulate(val, "Severity", &f.Severity) + delete(rawMsg, key) + case "tactics": + err = unpopulate(val, "Tactics", &f.Tactics) + delete(rawMsg, key) + case "techniques": + err = unpopulate(val, "Techniques", &f.Techniques) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", c, err) + return fmt.Errorf("unmarshalling type %T: %v", f, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type CodelessUIConnectorConfigPropertiesSampleQueriesItem. -func (c CodelessUIConnectorConfigPropertiesSampleQueriesItem) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type FusionAlertRuleTemplate. +func (f FusionAlertRuleTemplate) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "description", c.Description) - populate(objectMap, "query", c.Query) + populate(objectMap, "id", f.ID) + objectMap["kind"] = AlertRuleKindFusion + populate(objectMap, "name", f.Name) + populate(objectMap, "properties", f.Properties) + populate(objectMap, "systemData", f.SystemData) + populate(objectMap, "type", f.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type CodelessUIConnectorConfigPropertiesSampleQueriesItem. -func (c *CodelessUIConnectorConfigPropertiesSampleQueriesItem) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type FusionAlertRuleTemplate. +func (f *FusionAlertRuleTemplate) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", c, err) + return fmt.Errorf("unmarshalling type %T: %v", f, err) } for key, val := range rawMsg { var err error switch key { - case "description": - err = unpopulate(val, "Description", &c.Description) + case "id": + err = unpopulate(val, "ID", &f.ID) delete(rawMsg, key) - case "query": - err = unpopulate(val, "Query", &c.Query) + case "kind": + err = unpopulate(val, "Kind", &f.Kind) + delete(rawMsg, key) + case "name": + err = unpopulate(val, "Name", &f.Name) + delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &f.Properties) + delete(rawMsg, key) + case "systemData": + err = unpopulate(val, "SystemData", &f.SystemData) + delete(rawMsg, key) + case "type": + err = unpopulate(val, "Type", &f.Type) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", c, err) + return fmt.Errorf("unmarshalling type %T: %v", f, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type CodelessUIDataConnector. -func (c CodelessUIDataConnector) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type FusionAlertRuleTemplateProperties. +func (f FusionAlertRuleTemplateProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "etag", c.Etag) - populate(objectMap, "id", c.ID) - objectMap["kind"] = DataConnectorKindGenericUI - populate(objectMap, "name", c.Name) - populate(objectMap, "properties", c.Properties) - populate(objectMap, "systemData", c.SystemData) - populate(objectMap, "type", c.Type) + populate(objectMap, "alertRulesCreatedByTemplateCount", f.AlertRulesCreatedByTemplateCount) + populateDateTimeRFC3339(objectMap, "createdDateUTC", f.CreatedDateUTC) + populate(objectMap, "description", f.Description) + populate(objectMap, "displayName", f.DisplayName) + populateDateTimeRFC3339(objectMap, "lastUpdatedDateUTC", f.LastUpdatedDateUTC) + populate(objectMap, "requiredDataConnectors", f.RequiredDataConnectors) + populate(objectMap, "severity", f.Severity) + populate(objectMap, "status", f.Status) + populate(objectMap, "tactics", f.Tactics) + populate(objectMap, "techniques", f.Techniques) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type CodelessUIDataConnector. -func (c *CodelessUIDataConnector) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type FusionAlertRuleTemplateProperties. +func (f *FusionAlertRuleTemplateProperties) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", c, err) + return fmt.Errorf("unmarshalling type %T: %v", f, err) } for key, val := range rawMsg { var err error switch key { - case "etag": - err = unpopulate(val, "Etag", &c.Etag) + case "alertRulesCreatedByTemplateCount": + err = unpopulate(val, "AlertRulesCreatedByTemplateCount", &f.AlertRulesCreatedByTemplateCount) delete(rawMsg, key) - case "id": - err = unpopulate(val, "ID", &c.ID) + case "createdDateUTC": + err = unpopulateDateTimeRFC3339(val, "CreatedDateUTC", &f.CreatedDateUTC) delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &c.Kind) + case "description": + err = unpopulate(val, "Description", &f.Description) delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &c.Name) + case "displayName": + err = unpopulate(val, "DisplayName", &f.DisplayName) delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &c.Properties) + case "lastUpdatedDateUTC": + err = unpopulateDateTimeRFC3339(val, "LastUpdatedDateUTC", &f.LastUpdatedDateUTC) delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &c.SystemData) + case "requiredDataConnectors": + err = unpopulate(val, "RequiredDataConnectors", &f.RequiredDataConnectors) delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &c.Type) + case "severity": + err = unpopulate(val, "Severity", &f.Severity) + delete(rawMsg, key) + case "status": + err = unpopulate(val, "Status", &f.Status) + delete(rawMsg, key) + case "tactics": + err = unpopulate(val, "Tactics", &f.Tactics) + delete(rawMsg, key) + case "techniques": + err = unpopulate(val, "Techniques", &f.Techniques) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", c, err) + return fmt.Errorf("unmarshalling type %T: %v", f, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type ConnectedEntity. -func (c ConnectedEntity) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type GCPAuthModel. +func (g GCPAuthModel) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populateAny(objectMap, "additionalData", c.AdditionalData) - populate(objectMap, "targetEntityId", c.TargetEntityID) + populate(objectMap, "projectNumber", g.ProjectNumber) + populate(objectMap, "serviceAccountEmail", g.ServiceAccountEmail) + objectMap["type"] = CcpAuthTypeGCP + populate(objectMap, "workloadIdentityProviderId", g.WorkloadIdentityProviderID) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type ConnectedEntity. -func (c *ConnectedEntity) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type GCPAuthModel. +func (g *GCPAuthModel) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", c, err) + return fmt.Errorf("unmarshalling type %T: %v", g, err) } for key, val := range rawMsg { var err error switch key { - case "additionalData": - err = unpopulate(val, "AdditionalData", &c.AdditionalData) + case "projectNumber": + err = unpopulate(val, "ProjectNumber", &g.ProjectNumber) delete(rawMsg, key) - case "targetEntityId": - err = unpopulate(val, "TargetEntityID", &c.TargetEntityID) + case "serviceAccountEmail": + err = unpopulate(val, "ServiceAccountEmail", &g.ServiceAccountEmail) + delete(rawMsg, key) + case "type": + err = unpopulate(val, "Type", &g.Type) + delete(rawMsg, key) + case "workloadIdentityProviderId": + err = unpopulate(val, "WorkloadIdentityProviderID", &g.WorkloadIdentityProviderID) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", c, err) + return fmt.Errorf("unmarshalling type %T: %v", g, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type ContentPathMap. -func (c ContentPathMap) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type GenericBlobSbsAuthModel. +func (g GenericBlobSbsAuthModel) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "contentType", c.ContentType) - populate(objectMap, "path", c.Path) + populate(objectMap, "credentialsConfig", g.CredentialsConfig) + populate(objectMap, "storageAccountCredentialsConfig", g.StorageAccountCredentialsConfig) + objectMap["type"] = CcpAuthTypeServiceBus return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type ContentPathMap. -func (c *ContentPathMap) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type GenericBlobSbsAuthModel. +func (g *GenericBlobSbsAuthModel) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", c, err) + return fmt.Errorf("unmarshalling type %T: %v", g, err) } for key, val := range rawMsg { var err error switch key { - case "contentType": - err = unpopulate(val, "ContentType", &c.ContentType) + case "credentialsConfig": + err = unpopulate(val, "CredentialsConfig", &g.CredentialsConfig) delete(rawMsg, key) - case "path": - err = unpopulate(val, "Path", &c.Path) + case "storageAccountCredentialsConfig": + err = unpopulate(val, "StorageAccountCredentialsConfig", &g.StorageAccountCredentialsConfig) + delete(rawMsg, key) + case "type": + err = unpopulate(val, "Type", &g.Type) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", c, err) + return fmt.Errorf("unmarshalling type %T: %v", g, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type CustomEntityQuery. -func (c CustomEntityQuery) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type GeoLocation. +func (g GeoLocation) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "etag", c.Etag) - populate(objectMap, "id", c.ID) - objectMap["kind"] = c.Kind - populate(objectMap, "name", c.Name) - populate(objectMap, "systemData", c.SystemData) - populate(objectMap, "type", c.Type) + populate(objectMap, "asn", g.Asn) + populate(objectMap, "city", g.City) + populate(objectMap, "countryCode", g.CountryCode) + populate(objectMap, "countryName", g.CountryName) + populate(objectMap, "latitude", g.Latitude) + populate(objectMap, "longitude", g.Longitude) + populate(objectMap, "state", g.State) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type CustomEntityQuery. -func (c *CustomEntityQuery) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type GeoLocation. +func (g *GeoLocation) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", c, err) + return fmt.Errorf("unmarshalling type %T: %v", g, err) } for key, val := range rawMsg { var err error switch key { - case "etag": - err = unpopulate(val, "Etag", &c.Etag) + case "asn": + err = unpopulate(val, "Asn", &g.Asn) delete(rawMsg, key) - case "id": - err = unpopulate(val, "ID", &c.ID) + case "city": + err = unpopulate(val, "City", &g.City) delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &c.Kind) + case "countryCode": + err = unpopulate(val, "CountryCode", &g.CountryCode) delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &c.Name) + case "countryName": + err = unpopulate(val, "CountryName", &g.CountryName) delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &c.SystemData) + case "latitude": + err = unpopulate(val, "Latitude", &g.Latitude) delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &c.Type) + case "longitude": + err = unpopulate(val, "Longitude", &g.Longitude) + delete(rawMsg, key) + case "state": + err = unpopulate(val, "State", &g.State) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", c, err) + return fmt.Errorf("unmarshalling type %T: %v", g, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type DNSEntity. -func (d DNSEntity) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type GitHubAuthModel. +func (g GitHubAuthModel) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "id", d.ID) - objectMap["kind"] = EntityKindDNSResolution - populate(objectMap, "name", d.Name) - populate(objectMap, "properties", d.Properties) - populate(objectMap, "systemData", d.SystemData) - populate(objectMap, "type", d.Type) + populate(objectMap, "installationId", g.InstallationID) + objectMap["type"] = CcpAuthTypeGitHub return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type DNSEntity. -func (d *DNSEntity) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type GitHubAuthModel. +func (g *GitHubAuthModel) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", d, err) + return fmt.Errorf("unmarshalling type %T: %v", g, err) } for key, val := range rawMsg { var err error switch key { - case "id": - err = unpopulate(val, "ID", &d.ID) - delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &d.Kind) - delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &d.Name) - delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &d.Properties) - delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &d.SystemData) + case "installationId": + err = unpopulate(val, "InstallationID", &g.InstallationID) delete(rawMsg, key) case "type": - err = unpopulate(val, "Type", &d.Type) + err = unpopulate(val, "Type", &g.Type) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", d, err) + return fmt.Errorf("unmarshalling type %T: %v", g, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type DNSEntityProperties. -func (d DNSEntityProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type GitHubResourceInfo. +func (g GitHubResourceInfo) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "additionalData", d.AdditionalData) - populate(objectMap, "dnsServerIpEntityId", d.DNSServerIPEntityID) - populate(objectMap, "domainName", d.DomainName) - populate(objectMap, "friendlyName", d.FriendlyName) - populate(objectMap, "hostIpAddressEntityId", d.HostIPAddressEntityID) - populate(objectMap, "ipAddressEntityIds", d.IPAddressEntityIDs) + populate(objectMap, "appInstallationId", g.AppInstallationID) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type DNSEntityProperties. -func (d *DNSEntityProperties) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type GitHubResourceInfo. +func (g *GitHubResourceInfo) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", d, err) + return fmt.Errorf("unmarshalling type %T: %v", g, err) } for key, val := range rawMsg { var err error switch key { - case "additionalData": - err = unpopulate(val, "AdditionalData", &d.AdditionalData) - delete(rawMsg, key) - case "dnsServerIpEntityId": - err = unpopulate(val, "DNSServerIPEntityID", &d.DNSServerIPEntityID) - delete(rawMsg, key) - case "domainName": - err = unpopulate(val, "DomainName", &d.DomainName) - delete(rawMsg, key) - case "friendlyName": - err = unpopulate(val, "FriendlyName", &d.FriendlyName) - delete(rawMsg, key) - case "hostIpAddressEntityId": - err = unpopulate(val, "HostIPAddressEntityID", &d.HostIPAddressEntityID) - delete(rawMsg, key) - case "ipAddressEntityIds": - err = unpopulate(val, "IPAddressEntityIDs", &d.IPAddressEntityIDs) + case "appInstallationId": + err = unpopulate(val, "AppInstallationID", &g.AppInstallationID) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", d, err) + return fmt.Errorf("unmarshalling type %T: %v", g, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type DataConnector. -func (d DataConnector) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type GraphQuery. +func (g GraphQuery) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "etag", d.Etag) - populate(objectMap, "id", d.ID) - objectMap["kind"] = d.Kind - populate(objectMap, "name", d.Name) - populate(objectMap, "systemData", d.SystemData) - populate(objectMap, "type", d.Type) + populate(objectMap, "baseQuery", g.BaseQuery) + populate(objectMap, "legend", g.Legend) + populate(objectMap, "metricName", g.MetricName) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type DataConnector. -func (d *DataConnector) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type GraphQuery. +func (g *GraphQuery) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", d, err) + return fmt.Errorf("unmarshalling type %T: %v", g, err) } for key, val := range rawMsg { var err error switch key { - case "etag": - err = unpopulate(val, "Etag", &d.Etag) - delete(rawMsg, key) - case "id": - err = unpopulate(val, "ID", &d.ID) - delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &d.Kind) - delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &d.Name) + case "baseQuery": + err = unpopulate(val, "BaseQuery", &g.BaseQuery) delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &d.SystemData) + case "legend": + err = unpopulate(val, "Legend", &g.Legend) delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &d.Type) + case "metricName": + err = unpopulate(val, "MetricName", &g.MetricName) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", d, err) + return fmt.Errorf("unmarshalling type %T: %v", g, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type DataConnectorConnectBody. -func (d DataConnectorConnectBody) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type GroupingConfiguration. +func (g GroupingConfiguration) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "apiKey", d.APIKey) - populate(objectMap, "authorizationCode", d.AuthorizationCode) - populate(objectMap, "clientId", d.ClientID) - populate(objectMap, "clientSecret", d.ClientSecret) - populate(objectMap, "dataCollectionEndpoint", d.DataCollectionEndpoint) - populate(objectMap, "dataCollectionRuleImmutableId", d.DataCollectionRuleImmutableID) - populate(objectMap, "kind", d.Kind) - populate(objectMap, "outputStream", d.OutputStream) - populate(objectMap, "password", d.Password) - populate(objectMap, "requestConfigUserInputValues", d.RequestConfigUserInputValues) - populate(objectMap, "userName", d.UserName) + populate(objectMap, "enabled", g.Enabled) + populate(objectMap, "groupByAlertDetails", g.GroupByAlertDetails) + populate(objectMap, "groupByCustomDetails", g.GroupByCustomDetails) + populate(objectMap, "groupByEntities", g.GroupByEntities) + populate(objectMap, "lookbackDuration", g.LookbackDuration) + populate(objectMap, "matchingMethod", g.MatchingMethod) + populate(objectMap, "reopenClosedIncident", g.ReopenClosedIncident) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type DataConnectorConnectBody. -func (d *DataConnectorConnectBody) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type GroupingConfiguration. +func (g *GroupingConfiguration) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", d, err) + return fmt.Errorf("unmarshalling type %T: %v", g, err) } for key, val := range rawMsg { var err error switch key { - case "apiKey": - err = unpopulate(val, "APIKey", &d.APIKey) - delete(rawMsg, key) - case "authorizationCode": - err = unpopulate(val, "AuthorizationCode", &d.AuthorizationCode) - delete(rawMsg, key) - case "clientId": - err = unpopulate(val, "ClientID", &d.ClientID) - delete(rawMsg, key) - case "clientSecret": - err = unpopulate(val, "ClientSecret", &d.ClientSecret) - delete(rawMsg, key) - case "dataCollectionEndpoint": - err = unpopulate(val, "DataCollectionEndpoint", &d.DataCollectionEndpoint) + case "enabled": + err = unpopulate(val, "Enabled", &g.Enabled) delete(rawMsg, key) - case "dataCollectionRuleImmutableId": - err = unpopulate(val, "DataCollectionRuleImmutableID", &d.DataCollectionRuleImmutableID) + case "groupByAlertDetails": + err = unpopulate(val, "GroupByAlertDetails", &g.GroupByAlertDetails) delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &d.Kind) + case "groupByCustomDetails": + err = unpopulate(val, "GroupByCustomDetails", &g.GroupByCustomDetails) delete(rawMsg, key) - case "outputStream": - err = unpopulate(val, "OutputStream", &d.OutputStream) + case "groupByEntities": + err = unpopulate(val, "GroupByEntities", &g.GroupByEntities) delete(rawMsg, key) - case "password": - err = unpopulate(val, "Password", &d.Password) + case "lookbackDuration": + err = unpopulate(val, "LookbackDuration", &g.LookbackDuration) delete(rawMsg, key) - case "requestConfigUserInputValues": - err = unpopulate(val, "RequestConfigUserInputValues", &d.RequestConfigUserInputValues) + case "matchingMethod": + err = unpopulate(val, "MatchingMethod", &g.MatchingMethod) delete(rawMsg, key) - case "userName": - err = unpopulate(val, "UserName", &d.UserName) + case "reopenClosedIncident": + err = unpopulate(val, "ReopenClosedIncident", &g.ReopenClosedIncident) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", d, err) + return fmt.Errorf("unmarshalling type %T: %v", g, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type DataConnectorDataTypeCommon. -func (d DataConnectorDataTypeCommon) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type HostEntity. +func (h HostEntity) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "state", d.State) + populate(objectMap, "id", h.ID) + objectMap["kind"] = EntityKindEnumHost + populate(objectMap, "name", h.Name) + populate(objectMap, "properties", h.Properties) + populate(objectMap, "systemData", h.SystemData) + populate(objectMap, "type", h.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type DataConnectorDataTypeCommon. -func (d *DataConnectorDataTypeCommon) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type HostEntity. +func (h *HostEntity) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", d, err) + return fmt.Errorf("unmarshalling type %T: %v", h, err) } for key, val := range rawMsg { var err error switch key { - case "state": - err = unpopulate(val, "State", &d.State) + case "id": + err = unpopulate(val, "ID", &h.ID) delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", d, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type DataConnectorList. -func (d DataConnectorList) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "nextLink", d.NextLink) - populate(objectMap, "value", d.Value) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type DataConnectorList. -func (d *DataConnectorList) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", d, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "nextLink": - err = unpopulate(val, "NextLink", &d.NextLink) + case "kind": + err = unpopulate(val, "Kind", &h.Kind) delete(rawMsg, key) - case "value": - d.Value, err = unmarshalDataConnectorClassificationArray(val) + case "name": + err = unpopulate(val, "Name", &h.Name) + delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &h.Properties) + delete(rawMsg, key) + case "systemData": + err = unpopulate(val, "SystemData", &h.SystemData) + delete(rawMsg, key) + case "type": + err = unpopulate(val, "Type", &h.Type) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", d, err) + return fmt.Errorf("unmarshalling type %T: %v", h, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type DataConnectorRequirementsState. -func (d DataConnectorRequirementsState) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type HostEntityProperties. +func (h HostEntityProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "authorizationState", d.AuthorizationState) - populate(objectMap, "licenseState", d.LicenseState) + populate(objectMap, "additionalData", h.AdditionalData) + populate(objectMap, "azureID", h.AzureID) + populate(objectMap, "dnsDomain", h.DNSDomain) + populate(objectMap, "friendlyName", h.FriendlyName) + populate(objectMap, "hostName", h.HostName) + populate(objectMap, "isDomainJoined", h.IsDomainJoined) + populate(objectMap, "netBiosName", h.NetBiosName) + populate(objectMap, "ntDomain", h.NtDomain) + populate(objectMap, "osFamily", h.OSFamily) + populate(objectMap, "osVersion", h.OSVersion) + populate(objectMap, "omsAgentID", h.OmsAgentID) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type DataConnectorRequirementsState. -func (d *DataConnectorRequirementsState) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type HostEntityProperties. +func (h *HostEntityProperties) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", d, err) + return fmt.Errorf("unmarshalling type %T: %v", h, err) } for key, val := range rawMsg { var err error switch key { - case "authorizationState": - err = unpopulate(val, "AuthorizationState", &d.AuthorizationState) - delete(rawMsg, key) - case "licenseState": - err = unpopulate(val, "LicenseState", &d.LicenseState) + case "additionalData": + err = unpopulate(val, "AdditionalData", &h.AdditionalData) + delete(rawMsg, key) + case "azureID": + err = unpopulate(val, "AzureID", &h.AzureID) + delete(rawMsg, key) + case "dnsDomain": + err = unpopulate(val, "DNSDomain", &h.DNSDomain) + delete(rawMsg, key) + case "friendlyName": + err = unpopulate(val, "FriendlyName", &h.FriendlyName) + delete(rawMsg, key) + case "hostName": + err = unpopulate(val, "HostName", &h.HostName) + delete(rawMsg, key) + case "isDomainJoined": + err = unpopulate(val, "IsDomainJoined", &h.IsDomainJoined) + delete(rawMsg, key) + case "netBiosName": + err = unpopulate(val, "NetBiosName", &h.NetBiosName) + delete(rawMsg, key) + case "ntDomain": + err = unpopulate(val, "NtDomain", &h.NtDomain) + delete(rawMsg, key) + case "osFamily": + err = unpopulate(val, "OSFamily", &h.OSFamily) + delete(rawMsg, key) + case "osVersion": + err = unpopulate(val, "OSVersion", &h.OSVersion) + delete(rawMsg, key) + case "omsAgentID": + err = unpopulate(val, "OmsAgentID", &h.OmsAgentID) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", d, err) + return fmt.Errorf("unmarshalling type %T: %v", h, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type DataConnectorsCheckRequirements. -func (d DataConnectorsCheckRequirements) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type HuntingBookmark. +func (h HuntingBookmark) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - objectMap["kind"] = d.Kind + populate(objectMap, "id", h.ID) + objectMap["kind"] = EntityKindEnumBookmark + populate(objectMap, "name", h.Name) + populate(objectMap, "properties", h.Properties) + populate(objectMap, "systemData", h.SystemData) + populate(objectMap, "type", h.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type DataConnectorsCheckRequirements. -func (d *DataConnectorsCheckRequirements) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type HuntingBookmark. +func (h *HuntingBookmark) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", d, err) + return fmt.Errorf("unmarshalling type %T: %v", h, err) } for key, val := range rawMsg { var err error switch key { + case "id": + err = unpopulate(val, "ID", &h.ID) + delete(rawMsg, key) case "kind": - err = unpopulate(val, "Kind", &d.Kind) + err = unpopulate(val, "Kind", &h.Kind) + delete(rawMsg, key) + case "name": + err = unpopulate(val, "Name", &h.Name) + delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &h.Properties) + delete(rawMsg, key) + case "systemData": + err = unpopulate(val, "SystemData", &h.SystemData) + delete(rawMsg, key) + case "type": + err = unpopulate(val, "Type", &h.Type) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", d, err) + return fmt.Errorf("unmarshalling type %T: %v", h, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type DataTypeDefinitions. -func (d DataTypeDefinitions) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type HuntingBookmarkProperties. +func (h HuntingBookmarkProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "dataType", d.DataType) + populate(objectMap, "additionalData", h.AdditionalData) + populateDateTimeRFC3339(objectMap, "created", h.Created) + populate(objectMap, "createdBy", h.CreatedBy) + populate(objectMap, "displayName", h.DisplayName) + populateDateTimeRFC3339(objectMap, "eventTime", h.EventTime) + populate(objectMap, "friendlyName", h.FriendlyName) + populate(objectMap, "incidentInfo", h.IncidentInfo) + populate(objectMap, "labels", h.Labels) + populate(objectMap, "notes", h.Notes) + populate(objectMap, "query", h.Query) + populate(objectMap, "queryResult", h.QueryResult) + populateDateTimeRFC3339(objectMap, "updated", h.Updated) + populate(objectMap, "updatedBy", h.UpdatedBy) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type DataTypeDefinitions. -func (d *DataTypeDefinitions) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type HuntingBookmarkProperties. +func (h *HuntingBookmarkProperties) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", d, err) + return fmt.Errorf("unmarshalling type %T: %v", h, err) } for key, val := range rawMsg { var err error switch key { - case "dataType": - err = unpopulate(val, "DataType", &d.DataType) + case "additionalData": + err = unpopulate(val, "AdditionalData", &h.AdditionalData) + delete(rawMsg, key) + case "created": + err = unpopulateDateTimeRFC3339(val, "Created", &h.Created) + delete(rawMsg, key) + case "createdBy": + err = unpopulate(val, "CreatedBy", &h.CreatedBy) + delete(rawMsg, key) + case "displayName": + err = unpopulate(val, "DisplayName", &h.DisplayName) + delete(rawMsg, key) + case "eventTime": + err = unpopulateDateTimeRFC3339(val, "EventTime", &h.EventTime) + delete(rawMsg, key) + case "friendlyName": + err = unpopulate(val, "FriendlyName", &h.FriendlyName) + delete(rawMsg, key) + case "incidentInfo": + err = unpopulate(val, "IncidentInfo", &h.IncidentInfo) + delete(rawMsg, key) + case "labels": + err = unpopulate(val, "Labels", &h.Labels) + delete(rawMsg, key) + case "notes": + err = unpopulate(val, "Notes", &h.Notes) + delete(rawMsg, key) + case "query": + err = unpopulate(val, "Query", &h.Query) + delete(rawMsg, key) + case "queryResult": + err = unpopulate(val, "QueryResult", &h.QueryResult) + delete(rawMsg, key) + case "updated": + err = unpopulateDateTimeRFC3339(val, "Updated", &h.Updated) + delete(rawMsg, key) + case "updatedBy": + err = unpopulate(val, "UpdatedBy", &h.UpdatedBy) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", d, err) + return fmt.Errorf("unmarshalling type %T: %v", h, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type Deployment. -func (d Deployment) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type IPEntity. +func (i IPEntity) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "deploymentId", d.DeploymentID) - populate(objectMap, "deploymentLogsUrl", d.DeploymentLogsURL) - populate(objectMap, "deploymentResult", d.DeploymentResult) - populate(objectMap, "deploymentState", d.DeploymentState) - populateDateTimeRFC3339(objectMap, "deploymentTime", d.DeploymentTime) + populate(objectMap, "id", i.ID) + objectMap["kind"] = EntityKindEnumIP + populate(objectMap, "name", i.Name) + populate(objectMap, "properties", i.Properties) + populate(objectMap, "systemData", i.SystemData) + populate(objectMap, "type", i.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type Deployment. -func (d *Deployment) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type IPEntity. +func (i *IPEntity) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", d, err) + return fmt.Errorf("unmarshalling type %T: %v", i, err) } for key, val := range rawMsg { var err error switch key { - case "deploymentId": - err = unpopulate(val, "DeploymentID", &d.DeploymentID) + case "id": + err = unpopulate(val, "ID", &i.ID) delete(rawMsg, key) - case "deploymentLogsUrl": - err = unpopulate(val, "DeploymentLogsURL", &d.DeploymentLogsURL) + case "kind": + err = unpopulate(val, "Kind", &i.Kind) delete(rawMsg, key) - case "deploymentResult": - err = unpopulate(val, "DeploymentResult", &d.DeploymentResult) + case "name": + err = unpopulate(val, "Name", &i.Name) delete(rawMsg, key) - case "deploymentState": - err = unpopulate(val, "DeploymentState", &d.DeploymentState) + case "properties": + err = unpopulate(val, "Properties", &i.Properties) delete(rawMsg, key) - case "deploymentTime": - err = unpopulateDateTimeRFC3339(val, "DeploymentTime", &d.DeploymentTime) + case "systemData": + err = unpopulate(val, "SystemData", &i.SystemData) + delete(rawMsg, key) + case "type": + err = unpopulate(val, "Type", &i.Type) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", d, err) + return fmt.Errorf("unmarshalling type %T: %v", i, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type DeploymentInfo. -func (d DeploymentInfo) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type IPEntityProperties. +func (i IPEntityProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "deployment", d.Deployment) - populate(objectMap, "deploymentFetchStatus", d.DeploymentFetchStatus) - populate(objectMap, "message", d.Message) + populate(objectMap, "additionalData", i.AdditionalData) + populate(objectMap, "address", i.Address) + populate(objectMap, "friendlyName", i.FriendlyName) + populate(objectMap, "location", i.Location) + populate(objectMap, "threatIntelligence", i.ThreatIntelligence) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type DeploymentInfo. -func (d *DeploymentInfo) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type IPEntityProperties. +func (i *IPEntityProperties) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", d, err) + return fmt.Errorf("unmarshalling type %T: %v", i, err) } for key, val := range rawMsg { var err error switch key { - case "deployment": - err = unpopulate(val, "Deployment", &d.Deployment) + case "additionalData": + err = unpopulate(val, "AdditionalData", &i.AdditionalData) delete(rawMsg, key) - case "deploymentFetchStatus": - err = unpopulate(val, "DeploymentFetchStatus", &d.DeploymentFetchStatus) + case "address": + err = unpopulate(val, "Address", &i.Address) delete(rawMsg, key) - case "message": - err = unpopulate(val, "Message", &d.Message) + case "friendlyName": + err = unpopulate(val, "FriendlyName", &i.FriendlyName) + delete(rawMsg, key) + case "location": + err = unpopulate(val, "Location", &i.Location) + delete(rawMsg, key) + case "threatIntelligence": + err = unpopulate(val, "ThreatIntelligence", &i.ThreatIntelligence) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", d, err) + return fmt.Errorf("unmarshalling type %T: %v", i, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type Dynamics365CheckRequirements. -func (d Dynamics365CheckRequirements) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type Incident. +func (i Incident) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - objectMap["kind"] = DataConnectorKindDynamics365 - populate(objectMap, "properties", d.Properties) + populate(objectMap, "etag", i.Etag) + populate(objectMap, "id", i.ID) + populate(objectMap, "name", i.Name) + populate(objectMap, "properties", i.Properties) + populate(objectMap, "systemData", i.SystemData) + populate(objectMap, "type", i.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type Dynamics365CheckRequirements. -func (d *Dynamics365CheckRequirements) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type Incident. +func (i *Incident) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", d, err) + return fmt.Errorf("unmarshalling type %T: %v", i, err) } for key, val := range rawMsg { var err error switch key { - case "kind": - err = unpopulate(val, "Kind", &d.Kind) + case "etag": + err = unpopulate(val, "Etag", &i.Etag) + delete(rawMsg, key) + case "id": + err = unpopulate(val, "ID", &i.ID) + delete(rawMsg, key) + case "name": + err = unpopulate(val, "Name", &i.Name) delete(rawMsg, key) case "properties": - err = unpopulate(val, "Properties", &d.Properties) + err = unpopulate(val, "Properties", &i.Properties) + delete(rawMsg, key) + case "systemData": + err = unpopulate(val, "SystemData", &i.SystemData) + delete(rawMsg, key) + case "type": + err = unpopulate(val, "Type", &i.Type) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", d, err) + return fmt.Errorf("unmarshalling type %T: %v", i, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type Dynamics365CheckRequirementsProperties. -func (d Dynamics365CheckRequirementsProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type IncidentAdditionalData. +func (i IncidentAdditionalData) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "tenantId", d.TenantID) + populate(objectMap, "alertProductNames", i.AlertProductNames) + populate(objectMap, "alertsCount", i.AlertsCount) + populate(objectMap, "bookmarksCount", i.BookmarksCount) + populate(objectMap, "commentsCount", i.CommentsCount) + populate(objectMap, "providerIncidentUrl", i.ProviderIncidentURL) + populate(objectMap, "tactics", i.Tactics) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type Dynamics365CheckRequirementsProperties. -func (d *Dynamics365CheckRequirementsProperties) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type IncidentAdditionalData. +func (i *IncidentAdditionalData) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", d, err) + return fmt.Errorf("unmarshalling type %T: %v", i, err) } for key, val := range rawMsg { var err error switch key { - case "tenantId": - err = unpopulate(val, "TenantID", &d.TenantID) + case "alertProductNames": + err = unpopulate(val, "AlertProductNames", &i.AlertProductNames) + delete(rawMsg, key) + case "alertsCount": + err = unpopulate(val, "AlertsCount", &i.AlertsCount) + delete(rawMsg, key) + case "bookmarksCount": + err = unpopulate(val, "BookmarksCount", &i.BookmarksCount) + delete(rawMsg, key) + case "commentsCount": + err = unpopulate(val, "CommentsCount", &i.CommentsCount) + delete(rawMsg, key) + case "providerIncidentUrl": + err = unpopulate(val, "ProviderIncidentURL", &i.ProviderIncidentURL) + delete(rawMsg, key) + case "tactics": + err = unpopulate(val, "Tactics", &i.Tactics) delete(rawMsg, key) } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", d, err) - } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", i, err) + } } return nil } -// MarshalJSON implements the json.Marshaller interface for type Dynamics365DataConnector. -func (d Dynamics365DataConnector) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type IncidentAlertList. +func (i IncidentAlertList) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "etag", d.Etag) - populate(objectMap, "id", d.ID) - objectMap["kind"] = DataConnectorKindDynamics365 - populate(objectMap, "name", d.Name) - populate(objectMap, "properties", d.Properties) - populate(objectMap, "systemData", d.SystemData) - populate(objectMap, "type", d.Type) + populate(objectMap, "value", i.Value) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type Dynamics365DataConnector. -func (d *Dynamics365DataConnector) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type IncidentAlertList. +func (i *IncidentAlertList) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", d, err) + return fmt.Errorf("unmarshalling type %T: %v", i, err) } for key, val := range rawMsg { var err error switch key { - case "etag": - err = unpopulate(val, "Etag", &d.Etag) - delete(rawMsg, key) - case "id": - err = unpopulate(val, "ID", &d.ID) - delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &d.Kind) - delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &d.Name) - delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &d.Properties) - delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &d.SystemData) - delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &d.Type) + case "value": + err = unpopulate(val, "Value", &i.Value) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", d, err) + return fmt.Errorf("unmarshalling type %T: %v", i, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type Dynamics365DataConnectorDataTypes. -func (d Dynamics365DataConnectorDataTypes) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type IncidentBookmarkList. +func (i IncidentBookmarkList) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "dynamics365CdsActivities", d.Dynamics365CdsActivities) + populate(objectMap, "value", i.Value) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type Dynamics365DataConnectorDataTypes. -func (d *Dynamics365DataConnectorDataTypes) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type IncidentBookmarkList. +func (i *IncidentBookmarkList) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", d, err) + return fmt.Errorf("unmarshalling type %T: %v", i, err) } for key, val := range rawMsg { var err error switch key { - case "dynamics365CdsActivities": - err = unpopulate(val, "Dynamics365CdsActivities", &d.Dynamics365CdsActivities) + case "value": + err = unpopulate(val, "Value", &i.Value) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", d, err) + return fmt.Errorf("unmarshalling type %T: %v", i, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type Dynamics365DataConnectorDataTypesDynamics365CdsActivities. -func (d Dynamics365DataConnectorDataTypesDynamics365CdsActivities) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type IncidentComment. +func (i IncidentComment) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "state", d.State) + populate(objectMap, "etag", i.Etag) + populate(objectMap, "id", i.ID) + populate(objectMap, "name", i.Name) + populate(objectMap, "properties", i.Properties) + populate(objectMap, "systemData", i.SystemData) + populate(objectMap, "type", i.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type Dynamics365DataConnectorDataTypesDynamics365CdsActivities. -func (d *Dynamics365DataConnectorDataTypesDynamics365CdsActivities) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type IncidentComment. +func (i *IncidentComment) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", d, err) + return fmt.Errorf("unmarshalling type %T: %v", i, err) } for key, val := range rawMsg { var err error switch key { - case "state": - err = unpopulate(val, "State", &d.State) + case "etag": + err = unpopulate(val, "Etag", &i.Etag) + delete(rawMsg, key) + case "id": + err = unpopulate(val, "ID", &i.ID) + delete(rawMsg, key) + case "name": + err = unpopulate(val, "Name", &i.Name) + delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &i.Properties) + delete(rawMsg, key) + case "systemData": + err = unpopulate(val, "SystemData", &i.SystemData) + delete(rawMsg, key) + case "type": + err = unpopulate(val, "Type", &i.Type) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", d, err) + return fmt.Errorf("unmarshalling type %T: %v", i, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type Dynamics365DataConnectorProperties. -func (d Dynamics365DataConnectorProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type IncidentCommentList. +func (i IncidentCommentList) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "dataTypes", d.DataTypes) - populate(objectMap, "tenantId", d.TenantID) + populate(objectMap, "nextLink", i.NextLink) + populate(objectMap, "value", i.Value) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type Dynamics365DataConnectorProperties. -func (d *Dynamics365DataConnectorProperties) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type IncidentCommentList. +func (i *IncidentCommentList) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", d, err) + return fmt.Errorf("unmarshalling type %T: %v", i, err) } for key, val := range rawMsg { var err error switch key { - case "dataTypes": - err = unpopulate(val, "DataTypes", &d.DataTypes) + case "nextLink": + err = unpopulate(val, "NextLink", &i.NextLink) delete(rawMsg, key) - case "tenantId": - err = unpopulate(val, "TenantID", &d.TenantID) + case "value": + err = unpopulate(val, "Value", &i.Value) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", d, err) + return fmt.Errorf("unmarshalling type %T: %v", i, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type EnrichmentDomainWhois. -func (e EnrichmentDomainWhois) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type IncidentCommentProperties. +func (i IncidentCommentProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populateDateTimeRFC3339(objectMap, "created", e.Created) - populate(objectMap, "domain", e.Domain) - populateDateTimeRFC3339(objectMap, "expires", e.Expires) - populate(objectMap, "parsedWhois", e.ParsedWhois) - populate(objectMap, "server", e.Server) - populateDateTimeRFC3339(objectMap, "updated", e.Updated) + populate(objectMap, "author", i.Author) + populateDateTimeRFC3339(objectMap, "createdTimeUtc", i.CreatedTimeUTC) + populateDateTimeRFC3339(objectMap, "lastModifiedTimeUtc", i.LastModifiedTimeUTC) + populate(objectMap, "message", i.Message) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type EnrichmentDomainWhois. -func (e *EnrichmentDomainWhois) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type IncidentCommentProperties. +func (i *IncidentCommentProperties) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) + return fmt.Errorf("unmarshalling type %T: %v", i, err) } for key, val := range rawMsg { var err error switch key { - case "created": - err = unpopulateDateTimeRFC3339(val, "Created", &e.Created) - delete(rawMsg, key) - case "domain": - err = unpopulate(val, "Domain", &e.Domain) - delete(rawMsg, key) - case "expires": - err = unpopulateDateTimeRFC3339(val, "Expires", &e.Expires) + case "author": + err = unpopulate(val, "Author", &i.Author) delete(rawMsg, key) - case "parsedWhois": - err = unpopulate(val, "ParsedWhois", &e.ParsedWhois) + case "createdTimeUtc": + err = unpopulateDateTimeRFC3339(val, "CreatedTimeUTC", &i.CreatedTimeUTC) delete(rawMsg, key) - case "server": - err = unpopulate(val, "Server", &e.Server) + case "lastModifiedTimeUtc": + err = unpopulateDateTimeRFC3339(val, "LastModifiedTimeUTC", &i.LastModifiedTimeUTC) delete(rawMsg, key) - case "updated": - err = unpopulateDateTimeRFC3339(val, "Updated", &e.Updated) + case "message": + err = unpopulate(val, "Message", &i.Message) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) + return fmt.Errorf("unmarshalling type %T: %v", i, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type EnrichmentDomainWhoisContact. -func (e EnrichmentDomainWhoisContact) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type IncidentConfiguration. +func (i IncidentConfiguration) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "city", e.City) - populate(objectMap, "country", e.Country) - populate(objectMap, "email", e.Email) - populate(objectMap, "fax", e.Fax) - populate(objectMap, "name", e.Name) - populate(objectMap, "org", e.Org) - populate(objectMap, "phone", e.Phone) - populate(objectMap, "postal", e.Postal) - populate(objectMap, "state", e.State) - populate(objectMap, "street", e.Street) + populate(objectMap, "createIncident", i.CreateIncident) + populate(objectMap, "groupingConfiguration", i.GroupingConfiguration) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type EnrichmentDomainWhoisContact. -func (e *EnrichmentDomainWhoisContact) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type IncidentConfiguration. +func (i *IncidentConfiguration) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) + return fmt.Errorf("unmarshalling type %T: %v", i, err) } for key, val := range rawMsg { var err error switch key { - case "city": - err = unpopulate(val, "City", &e.City) - delete(rawMsg, key) - case "country": - err = unpopulate(val, "Country", &e.Country) - delete(rawMsg, key) - case "email": - err = unpopulate(val, "Email", &e.Email) - delete(rawMsg, key) - case "fax": - err = unpopulate(val, "Fax", &e.Fax) - delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &e.Name) - delete(rawMsg, key) - case "org": - err = unpopulate(val, "Org", &e.Org) - delete(rawMsg, key) - case "phone": - err = unpopulate(val, "Phone", &e.Phone) - delete(rawMsg, key) - case "postal": - err = unpopulate(val, "Postal", &e.Postal) - delete(rawMsg, key) - case "state": - err = unpopulate(val, "State", &e.State) + case "createIncident": + err = unpopulate(val, "CreateIncident", &i.CreateIncident) delete(rawMsg, key) - case "street": - err = unpopulate(val, "Street", &e.Street) + case "groupingConfiguration": + err = unpopulate(val, "GroupingConfiguration", &i.GroupingConfiguration) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) + return fmt.Errorf("unmarshalling type %T: %v", i, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type EnrichmentDomainWhoisContacts. -func (e EnrichmentDomainWhoisContacts) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type IncidentEntitiesResponse. +func (i IncidentEntitiesResponse) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "admin", e.Admin) - populate(objectMap, "billing", e.Billing) - populate(objectMap, "registrant", e.Registrant) - populate(objectMap, "tech", e.Tech) + populate(objectMap, "entities", i.Entities) + populate(objectMap, "metaData", i.MetaData) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type EnrichmentDomainWhoisContacts. -func (e *EnrichmentDomainWhoisContacts) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type IncidentEntitiesResponse. +func (i *IncidentEntitiesResponse) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) + return fmt.Errorf("unmarshalling type %T: %v", i, err) } for key, val := range rawMsg { var err error switch key { - case "admin": - err = unpopulate(val, "Admin", &e.Admin) - delete(rawMsg, key) - case "billing": - err = unpopulate(val, "Billing", &e.Billing) - delete(rawMsg, key) - case "registrant": - err = unpopulate(val, "Registrant", &e.Registrant) + case "entities": + i.Entities, err = unmarshalEntityClassificationArray(val) delete(rawMsg, key) - case "tech": - err = unpopulate(val, "Tech", &e.Tech) + case "metaData": + err = unpopulate(val, "MetaData", &i.MetaData) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) + return fmt.Errorf("unmarshalling type %T: %v", i, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type EnrichmentDomainWhoisDetails. -func (e EnrichmentDomainWhoisDetails) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type IncidentEntitiesResultsMetadata. +func (i IncidentEntitiesResultsMetadata) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "contacts", e.Contacts) - populate(objectMap, "nameServers", e.NameServers) - populate(objectMap, "registrar", e.Registrar) - populate(objectMap, "statuses", e.Statuses) + populate(objectMap, "count", i.Count) + populate(objectMap, "entityKind", i.EntityKind) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type EnrichmentDomainWhoisDetails. -func (e *EnrichmentDomainWhoisDetails) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type IncidentEntitiesResultsMetadata. +func (i *IncidentEntitiesResultsMetadata) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) + return fmt.Errorf("unmarshalling type %T: %v", i, err) } for key, val := range rawMsg { var err error switch key { - case "contacts": - err = unpopulate(val, "Contacts", &e.Contacts) - delete(rawMsg, key) - case "nameServers": - err = unpopulate(val, "NameServers", &e.NameServers) - delete(rawMsg, key) - case "registrar": - err = unpopulate(val, "Registrar", &e.Registrar) + case "count": + err = unpopulate(val, "Count", &i.Count) delete(rawMsg, key) - case "statuses": - err = unpopulate(val, "Statuses", &e.Statuses) + case "entityKind": + err = unpopulate(val, "EntityKind", &i.EntityKind) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) + return fmt.Errorf("unmarshalling type %T: %v", i, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type EnrichmentDomainWhoisRegistrarDetails. -func (e EnrichmentDomainWhoisRegistrarDetails) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type IncidentInfo. +func (i IncidentInfo) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "abuseContactEmail", e.AbuseContactEmail) - populate(objectMap, "abuseContactPhone", e.AbuseContactPhone) - populate(objectMap, "ianaId", e.IanaID) - populate(objectMap, "name", e.Name) - populate(objectMap, "url", e.URL) - populate(objectMap, "whoisServer", e.WhoisServer) + populate(objectMap, "incidentId", i.IncidentID) + populate(objectMap, "relationName", i.RelationName) + populate(objectMap, "severity", i.Severity) + populate(objectMap, "title", i.Title) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type EnrichmentDomainWhoisRegistrarDetails. -func (e *EnrichmentDomainWhoisRegistrarDetails) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type IncidentInfo. +func (i *IncidentInfo) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) + return fmt.Errorf("unmarshalling type %T: %v", i, err) } for key, val := range rawMsg { var err error switch key { - case "abuseContactEmail": - err = unpopulate(val, "AbuseContactEmail", &e.AbuseContactEmail) - delete(rawMsg, key) - case "abuseContactPhone": - err = unpopulate(val, "AbuseContactPhone", &e.AbuseContactPhone) - delete(rawMsg, key) - case "ianaId": - err = unpopulate(val, "IanaID", &e.IanaID) + case "incidentId": + err = unpopulate(val, "IncidentID", &i.IncidentID) delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &e.Name) + case "relationName": + err = unpopulate(val, "RelationName", &i.RelationName) delete(rawMsg, key) - case "url": - err = unpopulate(val, "URL", &e.URL) + case "severity": + err = unpopulate(val, "Severity", &i.Severity) delete(rawMsg, key) - case "whoisServer": - err = unpopulate(val, "WhoisServer", &e.WhoisServer) + case "title": + err = unpopulate(val, "Title", &i.Title) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) + return fmt.Errorf("unmarshalling type %T: %v", i, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type EnrichmentIPGeodata. -func (e EnrichmentIPGeodata) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type IncidentLabel. +func (i IncidentLabel) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "asn", e.Asn) - populate(objectMap, "carrier", e.Carrier) - populate(objectMap, "city", e.City) - populate(objectMap, "cityCf", e.CityCf) - populate(objectMap, "continent", e.Continent) - populate(objectMap, "country", e.Country) - populate(objectMap, "countryCf", e.CountryCf) - populate(objectMap, "ipAddr", e.IPAddr) - populate(objectMap, "ipRoutingType", e.IPRoutingType) - populate(objectMap, "latitude", e.Latitude) - populate(objectMap, "longitude", e.Longitude) - populate(objectMap, "organization", e.Organization) - populate(objectMap, "organizationType", e.OrganizationType) - populate(objectMap, "region", e.Region) - populate(objectMap, "state", e.State) - populate(objectMap, "stateCf", e.StateCf) - populate(objectMap, "stateCode", e.StateCode) + populate(objectMap, "labelName", i.LabelName) + populate(objectMap, "labelType", i.LabelType) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type EnrichmentIPGeodata. -func (e *EnrichmentIPGeodata) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type IncidentLabel. +func (i *IncidentLabel) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) + return fmt.Errorf("unmarshalling type %T: %v", i, err) } for key, val := range rawMsg { var err error switch key { - case "asn": - err = unpopulate(val, "Asn", &e.Asn) - delete(rawMsg, key) - case "carrier": - err = unpopulate(val, "Carrier", &e.Carrier) - delete(rawMsg, key) - case "city": - err = unpopulate(val, "City", &e.City) - delete(rawMsg, key) - case "cityCf": - err = unpopulate(val, "CityCf", &e.CityCf) - delete(rawMsg, key) - case "continent": - err = unpopulate(val, "Continent", &e.Continent) - delete(rawMsg, key) - case "country": - err = unpopulate(val, "Country", &e.Country) - delete(rawMsg, key) - case "countryCf": - err = unpopulate(val, "CountryCf", &e.CountryCf) - delete(rawMsg, key) - case "ipAddr": - err = unpopulate(val, "IPAddr", &e.IPAddr) - delete(rawMsg, key) - case "ipRoutingType": - err = unpopulate(val, "IPRoutingType", &e.IPRoutingType) - delete(rawMsg, key) - case "latitude": - err = unpopulate(val, "Latitude", &e.Latitude) - delete(rawMsg, key) - case "longitude": - err = unpopulate(val, "Longitude", &e.Longitude) - delete(rawMsg, key) - case "organization": - err = unpopulate(val, "Organization", &e.Organization) - delete(rawMsg, key) - case "organizationType": - err = unpopulate(val, "OrganizationType", &e.OrganizationType) + case "labelName": + err = unpopulate(val, "LabelName", &i.LabelName) delete(rawMsg, key) - case "region": - err = unpopulate(val, "Region", &e.Region) - delete(rawMsg, key) - case "state": - err = unpopulate(val, "State", &e.State) - delete(rawMsg, key) - case "stateCf": - err = unpopulate(val, "StateCf", &e.StateCf) - delete(rawMsg, key) - case "stateCode": - err = unpopulate(val, "StateCode", &e.StateCode) + case "labelType": + err = unpopulate(val, "LabelType", &i.LabelType) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) + return fmt.Errorf("unmarshalling type %T: %v", i, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type Entity. -func (e Entity) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type IncidentList. +func (i IncidentList) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "id", e.ID) - objectMap["kind"] = e.Kind - populate(objectMap, "name", e.Name) - populate(objectMap, "systemData", e.SystemData) - populate(objectMap, "type", e.Type) + populate(objectMap, "nextLink", i.NextLink) + populate(objectMap, "value", i.Value) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type Entity. -func (e *Entity) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type IncidentList. +func (i *IncidentList) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) + return fmt.Errorf("unmarshalling type %T: %v", i, err) } for key, val := range rawMsg { var err error switch key { - case "id": - err = unpopulate(val, "ID", &e.ID) - delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &e.Kind) - delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &e.Name) - delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &e.SystemData) + case "nextLink": + err = unpopulate(val, "NextLink", &i.NextLink) delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &e.Type) + case "value": + err = unpopulate(val, "Value", &i.Value) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) + return fmt.Errorf("unmarshalling type %T: %v", i, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type EntityAnalytics. -func (e EntityAnalytics) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type IncidentOwnerInfo. +func (i IncidentOwnerInfo) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "etag", e.Etag) - populate(objectMap, "id", e.ID) - objectMap["kind"] = SettingKindEntityAnalytics - populate(objectMap, "name", e.Name) - populate(objectMap, "properties", e.Properties) - populate(objectMap, "systemData", e.SystemData) - populate(objectMap, "type", e.Type) + populate(objectMap, "assignedTo", i.AssignedTo) + populate(objectMap, "email", i.Email) + populate(objectMap, "objectId", i.ObjectID) + populate(objectMap, "ownerType", i.OwnerType) + populate(objectMap, "userPrincipalName", i.UserPrincipalName) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type EntityAnalytics. -func (e *EntityAnalytics) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type IncidentOwnerInfo. +func (i *IncidentOwnerInfo) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) + return fmt.Errorf("unmarshalling type %T: %v", i, err) } for key, val := range rawMsg { var err error switch key { - case "etag": - err = unpopulate(val, "Etag", &e.Etag) - delete(rawMsg, key) - case "id": - err = unpopulate(val, "ID", &e.ID) - delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &e.Kind) + case "assignedTo": + err = unpopulate(val, "AssignedTo", &i.AssignedTo) delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &e.Name) + case "email": + err = unpopulate(val, "Email", &i.Email) delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &e.Properties) + case "objectId": + err = unpopulate(val, "ObjectID", &i.ObjectID) delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &e.SystemData) + case "ownerType": + err = unpopulate(val, "OwnerType", &i.OwnerType) delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &e.Type) + case "userPrincipalName": + err = unpopulate(val, "UserPrincipalName", &i.UserPrincipalName) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) + return fmt.Errorf("unmarshalling type %T: %v", i, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type EntityAnalyticsProperties. -func (e EntityAnalyticsProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type IncidentProperties. +func (i IncidentProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "entityProviders", e.EntityProviders) + populate(objectMap, "additionalData", i.AdditionalData) + populate(objectMap, "classification", i.Classification) + populate(objectMap, "classificationComment", i.ClassificationComment) + populate(objectMap, "classificationReason", i.ClassificationReason) + populateDateTimeRFC3339(objectMap, "createdTimeUtc", i.CreatedTimeUTC) + populate(objectMap, "description", i.Description) + populateDateTimeRFC3339(objectMap, "firstActivityTimeUtc", i.FirstActivityTimeUTC) + populate(objectMap, "incidentNumber", i.IncidentNumber) + populate(objectMap, "incidentUrl", i.IncidentURL) + populate(objectMap, "labels", i.Labels) + populateDateTimeRFC3339(objectMap, "lastActivityTimeUtc", i.LastActivityTimeUTC) + populateDateTimeRFC3339(objectMap, "lastModifiedTimeUtc", i.LastModifiedTimeUTC) + populate(objectMap, "owner", i.Owner) + populate(objectMap, "providerIncidentId", i.ProviderIncidentID) + populate(objectMap, "providerName", i.ProviderName) + populate(objectMap, "relatedAnalyticRuleIds", i.RelatedAnalyticRuleIDs) + populate(objectMap, "severity", i.Severity) + populate(objectMap, "status", i.Status) + populate(objectMap, "title", i.Title) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type EntityAnalyticsProperties. -func (e *EntityAnalyticsProperties) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type IncidentProperties. +func (i *IncidentProperties) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) + return fmt.Errorf("unmarshalling type %T: %v", i, err) } for key, val := range rawMsg { var err error switch key { - case "entityProviders": - err = unpopulate(val, "EntityProviders", &e.EntityProviders) + case "additionalData": + err = unpopulate(val, "AdditionalData", &i.AdditionalData) + delete(rawMsg, key) + case "classification": + err = unpopulate(val, "Classification", &i.Classification) + delete(rawMsg, key) + case "classificationComment": + err = unpopulate(val, "ClassificationComment", &i.ClassificationComment) + delete(rawMsg, key) + case "classificationReason": + err = unpopulate(val, "ClassificationReason", &i.ClassificationReason) + delete(rawMsg, key) + case "createdTimeUtc": + err = unpopulateDateTimeRFC3339(val, "CreatedTimeUTC", &i.CreatedTimeUTC) + delete(rawMsg, key) + case "description": + err = unpopulate(val, "Description", &i.Description) + delete(rawMsg, key) + case "firstActivityTimeUtc": + err = unpopulateDateTimeRFC3339(val, "FirstActivityTimeUTC", &i.FirstActivityTimeUTC) + delete(rawMsg, key) + case "incidentNumber": + err = unpopulate(val, "IncidentNumber", &i.IncidentNumber) + delete(rawMsg, key) + case "incidentUrl": + err = unpopulate(val, "IncidentURL", &i.IncidentURL) + delete(rawMsg, key) + case "labels": + err = unpopulate(val, "Labels", &i.Labels) + delete(rawMsg, key) + case "lastActivityTimeUtc": + err = unpopulateDateTimeRFC3339(val, "LastActivityTimeUTC", &i.LastActivityTimeUTC) + delete(rawMsg, key) + case "lastModifiedTimeUtc": + err = unpopulateDateTimeRFC3339(val, "LastModifiedTimeUTC", &i.LastModifiedTimeUTC) + delete(rawMsg, key) + case "owner": + err = unpopulate(val, "Owner", &i.Owner) + delete(rawMsg, key) + case "providerIncidentId": + err = unpopulate(val, "ProviderIncidentID", &i.ProviderIncidentID) + delete(rawMsg, key) + case "providerName": + err = unpopulate(val, "ProviderName", &i.ProviderName) + delete(rawMsg, key) + case "relatedAnalyticRuleIds": + err = unpopulate(val, "RelatedAnalyticRuleIDs", &i.RelatedAnalyticRuleIDs) + delete(rawMsg, key) + case "severity": + err = unpopulate(val, "Severity", &i.Severity) + delete(rawMsg, key) + case "status": + err = unpopulate(val, "Status", &i.Status) + delete(rawMsg, key) + case "title": + err = unpopulate(val, "Title", &i.Title) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) + return fmt.Errorf("unmarshalling type %T: %v", i, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type EntityEdges. -func (e EntityEdges) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type IncidentPropertiesAction. +func (i IncidentPropertiesAction) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "additionalData", e.AdditionalData) - populate(objectMap, "targetEntityId", e.TargetEntityID) + populate(objectMap, "classification", i.Classification) + populate(objectMap, "classificationComment", i.ClassificationComment) + populate(objectMap, "classificationReason", i.ClassificationReason) + populate(objectMap, "labels", i.Labels) + populate(objectMap, "owner", i.Owner) + populate(objectMap, "severity", i.Severity) + populate(objectMap, "status", i.Status) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type EntityEdges. -func (e *EntityEdges) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type IncidentPropertiesAction. +func (i *IncidentPropertiesAction) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) + return fmt.Errorf("unmarshalling type %T: %v", i, err) } for key, val := range rawMsg { var err error switch key { - case "additionalData": - err = unpopulate(val, "AdditionalData", &e.AdditionalData) + case "classification": + err = unpopulate(val, "Classification", &i.Classification) + delete(rawMsg, key) + case "classificationComment": + err = unpopulate(val, "ClassificationComment", &i.ClassificationComment) + delete(rawMsg, key) + case "classificationReason": + err = unpopulate(val, "ClassificationReason", &i.ClassificationReason) + delete(rawMsg, key) + case "labels": + err = unpopulate(val, "Labels", &i.Labels) + delete(rawMsg, key) + case "owner": + err = unpopulate(val, "Owner", &i.Owner) + delete(rawMsg, key) + case "severity": + err = unpopulate(val, "Severity", &i.Severity) delete(rawMsg, key) - case "targetEntityId": - err = unpopulate(val, "TargetEntityID", &e.TargetEntityID) + case "status": + err = unpopulate(val, "Status", &i.Status) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) + return fmt.Errorf("unmarshalling type %T: %v", i, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type EntityExpandParameters. -func (e EntityExpandParameters) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type IncidentTask. +func (i IncidentTask) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populateDateTimeRFC3339(objectMap, "endTime", e.EndTime) - populate(objectMap, "expansionId", e.ExpansionID) - populateDateTimeRFC3339(objectMap, "startTime", e.StartTime) + populate(objectMap, "etag", i.Etag) + populate(objectMap, "id", i.ID) + populate(objectMap, "name", i.Name) + populate(objectMap, "properties", i.Properties) + populate(objectMap, "systemData", i.SystemData) + populate(objectMap, "type", i.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type EntityExpandParameters. -func (e *EntityExpandParameters) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type IncidentTask. +func (i *IncidentTask) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) + return fmt.Errorf("unmarshalling type %T: %v", i, err) } for key, val := range rawMsg { var err error switch key { - case "endTime": - err = unpopulateDateTimeRFC3339(val, "EndTime", &e.EndTime) + case "etag": + err = unpopulate(val, "Etag", &i.Etag) + delete(rawMsg, key) + case "id": + err = unpopulate(val, "ID", &i.ID) + delete(rawMsg, key) + case "name": + err = unpopulate(val, "Name", &i.Name) delete(rawMsg, key) - case "expansionId": - err = unpopulate(val, "ExpansionID", &e.ExpansionID) + case "properties": + err = unpopulate(val, "Properties", &i.Properties) + delete(rawMsg, key) + case "systemData": + err = unpopulate(val, "SystemData", &i.SystemData) delete(rawMsg, key) - case "startTime": - err = unpopulateDateTimeRFC3339(val, "StartTime", &e.StartTime) + case "type": + err = unpopulate(val, "Type", &i.Type) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) + return fmt.Errorf("unmarshalling type %T: %v", i, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type EntityExpandResponse. -func (e EntityExpandResponse) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type IncidentTaskList. +func (i IncidentTaskList) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "metaData", e.MetaData) - populate(objectMap, "value", e.Value) + populate(objectMap, "nextLink", i.NextLink) + populate(objectMap, "value", i.Value) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type EntityExpandResponse. -func (e *EntityExpandResponse) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type IncidentTaskList. +func (i *IncidentTaskList) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) + return fmt.Errorf("unmarshalling type %T: %v", i, err) } for key, val := range rawMsg { var err error switch key { - case "metaData": - err = unpopulate(val, "MetaData", &e.MetaData) + case "nextLink": + err = unpopulate(val, "NextLink", &i.NextLink) delete(rawMsg, key) case "value": - err = unpopulate(val, "Value", &e.Value) + err = unpopulate(val, "Value", &i.Value) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) + return fmt.Errorf("unmarshalling type %T: %v", i, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type EntityExpandResponseValue. -func (e EntityExpandResponseValue) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type IncidentTaskProperties. +func (i IncidentTaskProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "edges", e.Edges) - populate(objectMap, "entities", e.Entities) + populate(objectMap, "createdBy", i.CreatedBy) + populateDateTimeRFC3339(objectMap, "createdTimeUtc", i.CreatedTimeUTC) + populate(objectMap, "description", i.Description) + populate(objectMap, "lastModifiedBy", i.LastModifiedBy) + populateDateTimeRFC3339(objectMap, "lastModifiedTimeUtc", i.LastModifiedTimeUTC) + populate(objectMap, "status", i.Status) + populate(objectMap, "title", i.Title) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type EntityExpandResponseValue. -func (e *EntityExpandResponseValue) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type IncidentTaskProperties. +func (i *IncidentTaskProperties) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) + return fmt.Errorf("unmarshalling type %T: %v", i, err) } for key, val := range rawMsg { var err error switch key { - case "edges": - err = unpopulate(val, "Edges", &e.Edges) + case "createdBy": + err = unpopulate(val, "CreatedBy", &i.CreatedBy) delete(rawMsg, key) - case "entities": - e.Entities, err = unmarshalEntityClassificationArray(val) + case "createdTimeUtc": + err = unpopulateDateTimeRFC3339(val, "CreatedTimeUTC", &i.CreatedTimeUTC) delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type EntityFieldMapping. -func (e EntityFieldMapping) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "identifier", e.Identifier) - populate(objectMap, "value", e.Value) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type EntityFieldMapping. -func (e *EntityFieldMapping) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "identifier": - err = unpopulate(val, "Identifier", &e.Identifier) + case "description": + err = unpopulate(val, "Description", &i.Description) delete(rawMsg, key) - case "value": - err = unpopulate(val, "Value", &e.Value) + case "lastModifiedBy": + err = unpopulate(val, "LastModifiedBy", &i.LastModifiedBy) + delete(rawMsg, key) + case "lastModifiedTimeUtc": + err = unpopulateDateTimeRFC3339(val, "LastModifiedTimeUTC", &i.LastModifiedTimeUTC) + delete(rawMsg, key) + case "status": + err = unpopulate(val, "Status", &i.Status) + delete(rawMsg, key) + case "title": + err = unpopulate(val, "Title", &i.Title) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) + return fmt.Errorf("unmarshalling type %T: %v", i, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type EntityGetInsightsParameters. -func (e EntityGetInsightsParameters) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type InstructionStep. +func (i InstructionStep) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "addDefaultExtendedTimeRange", e.AddDefaultExtendedTimeRange) - populateDateTimeRFC3339(objectMap, "endTime", e.EndTime) - populate(objectMap, "insightQueryIds", e.InsightQueryIDs) - populateDateTimeRFC3339(objectMap, "startTime", e.StartTime) + populate(objectMap, "description", i.Description) + populate(objectMap, "innerSteps", i.InnerSteps) + populate(objectMap, "instructions", i.Instructions) + populate(objectMap, "title", i.Title) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type EntityGetInsightsParameters. -func (e *EntityGetInsightsParameters) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type InstructionStep. +func (i *InstructionStep) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) + return fmt.Errorf("unmarshalling type %T: %v", i, err) } for key, val := range rawMsg { var err error switch key { - case "addDefaultExtendedTimeRange": - err = unpopulate(val, "AddDefaultExtendedTimeRange", &e.AddDefaultExtendedTimeRange) + case "description": + err = unpopulate(val, "Description", &i.Description) delete(rawMsg, key) - case "endTime": - err = unpopulateDateTimeRFC3339(val, "EndTime", &e.EndTime) + case "innerSteps": + err = unpopulate(val, "InnerSteps", &i.InnerSteps) delete(rawMsg, key) - case "insightQueryIds": - err = unpopulate(val, "InsightQueryIDs", &e.InsightQueryIDs) + case "instructions": + err = unpopulate(val, "Instructions", &i.Instructions) delete(rawMsg, key) - case "startTime": - err = unpopulateDateTimeRFC3339(val, "StartTime", &e.StartTime) + case "title": + err = unpopulate(val, "Title", &i.Title) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) + return fmt.Errorf("unmarshalling type %T: %v", i, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type EntityGetInsightsResponse. -func (e EntityGetInsightsResponse) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type InstructionStepDetails. +func (i InstructionStepDetails) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "metaData", e.MetaData) - populate(objectMap, "value", e.Value) + populateAny(objectMap, "parameters", i.Parameters) + populate(objectMap, "type", i.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type EntityGetInsightsResponse. -func (e *EntityGetInsightsResponse) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type InstructionStepDetails. +func (i *InstructionStepDetails) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) + return fmt.Errorf("unmarshalling type %T: %v", i, err) } for key, val := range rawMsg { var err error switch key { - case "metaData": - err = unpopulate(val, "MetaData", &e.MetaData) + case "parameters": + err = unpopulate(val, "Parameters", &i.Parameters) delete(rawMsg, key) - case "value": - err = unpopulate(val, "Value", &e.Value) + case "type": + err = unpopulate(val, "Type", &i.Type) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) + return fmt.Errorf("unmarshalling type %T: %v", i, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type EntityInsightItem. -func (e EntityInsightItem) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type IoTDeviceEntity. +func (i IoTDeviceEntity) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "chartQueryResults", e.ChartQueryResults) - populate(objectMap, "queryId", e.QueryID) - populate(objectMap, "queryTimeInterval", e.QueryTimeInterval) - populate(objectMap, "tableQueryResults", e.TableQueryResults) + populate(objectMap, "id", i.ID) + objectMap["kind"] = EntityKindEnumIoTDevice + populate(objectMap, "name", i.Name) + populate(objectMap, "properties", i.Properties) + populate(objectMap, "systemData", i.SystemData) + populate(objectMap, "type", i.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type EntityInsightItem. -func (e *EntityInsightItem) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type IoTDeviceEntity. +func (i *IoTDeviceEntity) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) + return fmt.Errorf("unmarshalling type %T: %v", i, err) } for key, val := range rawMsg { var err error switch key { - case "chartQueryResults": - err = unpopulate(val, "ChartQueryResults", &e.ChartQueryResults) + case "id": + err = unpopulate(val, "ID", &i.ID) + delete(rawMsg, key) + case "kind": + err = unpopulate(val, "Kind", &i.Kind) delete(rawMsg, key) - case "queryId": - err = unpopulate(val, "QueryID", &e.QueryID) + case "name": + err = unpopulate(val, "Name", &i.Name) + delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &i.Properties) delete(rawMsg, key) - case "queryTimeInterval": - err = unpopulate(val, "QueryTimeInterval", &e.QueryTimeInterval) + case "systemData": + err = unpopulate(val, "SystemData", &i.SystemData) delete(rawMsg, key) - case "tableQueryResults": - err = unpopulate(val, "TableQueryResults", &e.TableQueryResults) + case "type": + err = unpopulate(val, "Type", &i.Type) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) + return fmt.Errorf("unmarshalling type %T: %v", i, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type EntityInsightItemQueryTimeInterval. -func (e EntityInsightItemQueryTimeInterval) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type IoTDeviceEntityProperties. +func (i IoTDeviceEntityProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populateDateTimeRFC3339(objectMap, "endTime", e.EndTime) - populateDateTimeRFC3339(objectMap, "startTime", e.StartTime) + populate(objectMap, "additionalData", i.AdditionalData) + populate(objectMap, "deviceId", i.DeviceID) + populate(objectMap, "deviceName", i.DeviceName) + populate(objectMap, "deviceType", i.DeviceType) + populate(objectMap, "edgeId", i.EdgeID) + populate(objectMap, "firmwareVersion", i.FirmwareVersion) + populate(objectMap, "friendlyName", i.FriendlyName) + populate(objectMap, "hostEntityId", i.HostEntityID) + populate(objectMap, "ipAddressEntityId", i.IPAddressEntityID) + populate(objectMap, "iotHubEntityId", i.IotHubEntityID) + populate(objectMap, "iotSecurityAgentId", i.IotSecurityAgentID) + populate(objectMap, "macAddress", i.MacAddress) + populate(objectMap, "model", i.Model) + populate(objectMap, "operatingSystem", i.OperatingSystem) + populate(objectMap, "protocols", i.Protocols) + populate(objectMap, "serialNumber", i.SerialNumber) + populate(objectMap, "source", i.Source) + populate(objectMap, "threatIntelligence", i.ThreatIntelligence) + populate(objectMap, "vendor", i.Vendor) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type EntityInsightItemQueryTimeInterval. -func (e *EntityInsightItemQueryTimeInterval) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type IoTDeviceEntityProperties. +func (i *IoTDeviceEntityProperties) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) + return fmt.Errorf("unmarshalling type %T: %v", i, err) } for key, val := range rawMsg { var err error switch key { - case "endTime": - err = unpopulateDateTimeRFC3339(val, "EndTime", &e.EndTime) + case "additionalData": + err = unpopulate(val, "AdditionalData", &i.AdditionalData) delete(rawMsg, key) - case "startTime": - err = unpopulateDateTimeRFC3339(val, "StartTime", &e.StartTime) + case "deviceId": + err = unpopulate(val, "DeviceID", &i.DeviceID) delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type EntityList. -func (e EntityList) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "nextLink", e.NextLink) - populate(objectMap, "value", e.Value) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type EntityList. -func (e *EntityList) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "nextLink": - err = unpopulate(val, "NextLink", &e.NextLink) + case "deviceName": + err = unpopulate(val, "DeviceName", &i.DeviceName) delete(rawMsg, key) - case "value": - e.Value, err = unmarshalEntityClassificationArray(val) + case "deviceType": + err = unpopulate(val, "DeviceType", &i.DeviceType) + delete(rawMsg, key) + case "edgeId": + err = unpopulate(val, "EdgeID", &i.EdgeID) + delete(rawMsg, key) + case "firmwareVersion": + err = unpopulate(val, "FirmwareVersion", &i.FirmwareVersion) + delete(rawMsg, key) + case "friendlyName": + err = unpopulate(val, "FriendlyName", &i.FriendlyName) + delete(rawMsg, key) + case "hostEntityId": + err = unpopulate(val, "HostEntityID", &i.HostEntityID) + delete(rawMsg, key) + case "ipAddressEntityId": + err = unpopulate(val, "IPAddressEntityID", &i.IPAddressEntityID) + delete(rawMsg, key) + case "iotHubEntityId": + err = unpopulate(val, "IotHubEntityID", &i.IotHubEntityID) + delete(rawMsg, key) + case "iotSecurityAgentId": + err = unpopulate(val, "IotSecurityAgentID", &i.IotSecurityAgentID) + delete(rawMsg, key) + case "macAddress": + err = unpopulate(val, "MacAddress", &i.MacAddress) + delete(rawMsg, key) + case "model": + err = unpopulate(val, "Model", &i.Model) + delete(rawMsg, key) + case "operatingSystem": + err = unpopulate(val, "OperatingSystem", &i.OperatingSystem) + delete(rawMsg, key) + case "protocols": + err = unpopulate(val, "Protocols", &i.Protocols) + delete(rawMsg, key) + case "serialNumber": + err = unpopulate(val, "SerialNumber", &i.SerialNumber) + delete(rawMsg, key) + case "source": + err = unpopulate(val, "Source", &i.Source) + delete(rawMsg, key) + case "threatIntelligence": + err = unpopulate(val, "ThreatIntelligence", &i.ThreatIntelligence) + delete(rawMsg, key) + case "vendor": + err = unpopulate(val, "Vendor", &i.Vendor) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) + return fmt.Errorf("unmarshalling type %T: %v", i, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type EntityMapping. -func (e EntityMapping) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type JwtAuthModel. +func (j JwtAuthModel) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "entityType", e.EntityType) - populate(objectMap, "fieldMappings", e.FieldMappings) + populate(objectMap, "headers", j.Headers) + populate(objectMap, "isCredentialsInHeaders", j.IsCredentialsInHeaders) + populate(objectMap, "isJsonRequest", j.IsJSONRequest) + populate(objectMap, "password", j.Password) + populate(objectMap, "queryParameters", j.QueryParameters) + populate(objectMap, "requestTimeoutInSeconds", j.RequestTimeoutInSeconds) + populate(objectMap, "tokenEndpoint", j.TokenEndpoint) + objectMap["type"] = CcpAuthTypeJwtToken + populate(objectMap, "userName", j.UserName) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type EntityMapping. -func (e *EntityMapping) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type JwtAuthModel. +func (j *JwtAuthModel) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) + return fmt.Errorf("unmarshalling type %T: %v", j, err) } for key, val := range rawMsg { var err error switch key { - case "entityType": - err = unpopulate(val, "EntityType", &e.EntityType) + case "headers": + err = unpopulate(val, "Headers", &j.Headers) delete(rawMsg, key) - case "fieldMappings": - err = unpopulate(val, "FieldMappings", &e.FieldMappings) + case "isCredentialsInHeaders": + err = unpopulate(val, "IsCredentialsInHeaders", &j.IsCredentialsInHeaders) + delete(rawMsg, key) + case "isJsonRequest": + err = unpopulate(val, "IsJSONRequest", &j.IsJSONRequest) + delete(rawMsg, key) + case "password": + err = unpopulate(val, "Password", &j.Password) + delete(rawMsg, key) + case "queryParameters": + err = unpopulate(val, "QueryParameters", &j.QueryParameters) + delete(rawMsg, key) + case "requestTimeoutInSeconds": + err = unpopulate(val, "RequestTimeoutInSeconds", &j.RequestTimeoutInSeconds) + delete(rawMsg, key) + case "tokenEndpoint": + err = unpopulate(val, "TokenEndpoint", &j.TokenEndpoint) + delete(rawMsg, key) + case "type": + err = unpopulate(val, "Type", &j.Type) + delete(rawMsg, key) + case "userName": + err = unpopulate(val, "UserName", &j.UserName) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) + return fmt.Errorf("unmarshalling type %T: %v", j, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type EntityQuery. -func (e EntityQuery) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type MCASDataConnector. +func (m MCASDataConnector) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "etag", e.Etag) - populate(objectMap, "id", e.ID) - objectMap["kind"] = e.Kind - populate(objectMap, "name", e.Name) - populate(objectMap, "systemData", e.SystemData) - populate(objectMap, "type", e.Type) + populate(objectMap, "etag", m.Etag) + populate(objectMap, "id", m.ID) + objectMap["kind"] = DataConnectorKindMicrosoftCloudAppSecurity + populate(objectMap, "name", m.Name) + populate(objectMap, "properties", m.Properties) + populate(objectMap, "systemData", m.SystemData) + populate(objectMap, "type", m.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type EntityQuery. -func (e *EntityQuery) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type MCASDataConnector. +func (m *MCASDataConnector) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } for key, val := range rawMsg { var err error switch key { case "etag": - err = unpopulate(val, "Etag", &e.Etag) + err = unpopulate(val, "Etag", &m.Etag) delete(rawMsg, key) case "id": - err = unpopulate(val, "ID", &e.ID) + err = unpopulate(val, "ID", &m.ID) delete(rawMsg, key) case "kind": - err = unpopulate(val, "Kind", &e.Kind) + err = unpopulate(val, "Kind", &m.Kind) delete(rawMsg, key) case "name": - err = unpopulate(val, "Name", &e.Name) + err = unpopulate(val, "Name", &m.Name) + delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &m.Properties) delete(rawMsg, key) case "systemData": - err = unpopulate(val, "SystemData", &e.SystemData) + err = unpopulate(val, "SystemData", &m.SystemData) delete(rawMsg, key) case "type": - err = unpopulate(val, "Type", &e.Type) + err = unpopulate(val, "Type", &m.Type) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type EntityQueryItem. -func (e EntityQueryItem) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type MCASDataConnectorDataTypes. +func (m MCASDataConnectorDataTypes) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "id", e.ID) - objectMap["kind"] = e.Kind - populate(objectMap, "name", e.Name) - populate(objectMap, "type", e.Type) + populate(objectMap, "alerts", m.Alerts) + populate(objectMap, "discoveryLogs", m.DiscoveryLogs) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type EntityQueryItem. -func (e *EntityQueryItem) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type MCASDataConnectorDataTypes. +func (m *MCASDataConnectorDataTypes) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } for key, val := range rawMsg { var err error switch key { - case "id": - err = unpopulate(val, "ID", &e.ID) + case "alerts": + err = unpopulate(val, "Alerts", &m.Alerts) delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &e.Kind) - delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &e.Name) - delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &e.Type) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type EntityQueryItemPropertiesDataTypesItem. -func (e EntityQueryItemPropertiesDataTypesItem) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "dataType", e.DataType) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type EntityQueryItemPropertiesDataTypesItem. -func (e *EntityQueryItemPropertiesDataTypesItem) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "dataType": - err = unpopulate(val, "DataType", &e.DataType) + case "discoveryLogs": + err = unpopulate(val, "DiscoveryLogs", &m.DiscoveryLogs) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type EntityQueryList. -func (e EntityQueryList) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type MCASDataConnectorProperties. +func (m MCASDataConnectorProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "nextLink", e.NextLink) - populate(objectMap, "value", e.Value) + populate(objectMap, "dataTypes", m.DataTypes) + populate(objectMap, "tenantId", m.TenantID) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type EntityQueryList. -func (e *EntityQueryList) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type MCASDataConnectorProperties. +func (m *MCASDataConnectorProperties) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } for key, val := range rawMsg { var err error switch key { - case "nextLink": - err = unpopulate(val, "NextLink", &e.NextLink) + case "dataTypes": + err = unpopulate(val, "DataTypes", &m.DataTypes) delete(rawMsg, key) - case "value": - e.Value, err = unmarshalEntityQueryClassificationArray(val) + case "tenantId": + err = unpopulate(val, "TenantID", &m.TenantID) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type EntityQueryTemplate. -func (e EntityQueryTemplate) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type MDATPDataConnector. +func (m MDATPDataConnector) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "id", e.ID) - objectMap["kind"] = e.Kind - populate(objectMap, "name", e.Name) - populate(objectMap, "systemData", e.SystemData) - populate(objectMap, "type", e.Type) + populate(objectMap, "etag", m.Etag) + populate(objectMap, "id", m.ID) + objectMap["kind"] = DataConnectorKindMicrosoftDefenderAdvancedThreatProtection + populate(objectMap, "name", m.Name) + populate(objectMap, "properties", m.Properties) + populate(objectMap, "systemData", m.SystemData) + populate(objectMap, "type", m.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type EntityQueryTemplate. -func (e *EntityQueryTemplate) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type MDATPDataConnector. +func (m *MDATPDataConnector) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } for key, val := range rawMsg { var err error switch key { + case "etag": + err = unpopulate(val, "Etag", &m.Etag) + delete(rawMsg, key) case "id": - err = unpopulate(val, "ID", &e.ID) + err = unpopulate(val, "ID", &m.ID) delete(rawMsg, key) case "kind": - err = unpopulate(val, "Kind", &e.Kind) + err = unpopulate(val, "Kind", &m.Kind) delete(rawMsg, key) case "name": - err = unpopulate(val, "Name", &e.Name) + err = unpopulate(val, "Name", &m.Name) + delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &m.Properties) delete(rawMsg, key) case "systemData": - err = unpopulate(val, "SystemData", &e.SystemData) + err = unpopulate(val, "SystemData", &m.SystemData) delete(rawMsg, key) case "type": - err = unpopulate(val, "Type", &e.Type) + err = unpopulate(val, "Type", &m.Type) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type EntityQueryTemplateList. -func (e EntityQueryTemplateList) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type MDATPDataConnectorProperties. +func (m MDATPDataConnectorProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "nextLink", e.NextLink) - populate(objectMap, "value", e.Value) + populate(objectMap, "dataTypes", m.DataTypes) + populate(objectMap, "tenantId", m.TenantID) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type EntityQueryTemplateList. -func (e *EntityQueryTemplateList) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type MDATPDataConnectorProperties. +func (m *MDATPDataConnectorProperties) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } for key, val := range rawMsg { var err error switch key { - case "nextLink": - err = unpopulate(val, "NextLink", &e.NextLink) + case "dataTypes": + err = unpopulate(val, "DataTypes", &m.DataTypes) delete(rawMsg, key) - case "value": - e.Value, err = unmarshalEntityQueryTemplateClassificationArray(val) + case "tenantId": + err = unpopulate(val, "TenantID", &m.TenantID) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type EntityTimelineItem. -func (e EntityTimelineItem) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type MSTIDataConnector. +func (m MSTIDataConnector) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - objectMap["kind"] = e.Kind + populate(objectMap, "etag", m.Etag) + populate(objectMap, "id", m.ID) + objectMap["kind"] = DataConnectorKindMicrosoftThreatIntelligence + populate(objectMap, "name", m.Name) + populate(objectMap, "properties", m.Properties) + populate(objectMap, "systemData", m.SystemData) + populate(objectMap, "type", m.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type EntityTimelineItem. -func (e *EntityTimelineItem) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type MSTIDataConnector. +func (m *MSTIDataConnector) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } for key, val := range rawMsg { var err error switch key { + case "etag": + err = unpopulate(val, "Etag", &m.Etag) + delete(rawMsg, key) + case "id": + err = unpopulate(val, "ID", &m.ID) + delete(rawMsg, key) case "kind": - err = unpopulate(val, "Kind", &e.Kind) + err = unpopulate(val, "Kind", &m.Kind) delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type EntityTimelineParameters. -func (e EntityTimelineParameters) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populateDateTimeRFC3339(objectMap, "endTime", e.EndTime) - populate(objectMap, "kinds", e.Kinds) - populate(objectMap, "numberOfBucket", e.NumberOfBucket) - populateDateTimeRFC3339(objectMap, "startTime", e.StartTime) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type EntityTimelineParameters. -func (e *EntityTimelineParameters) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "endTime": - err = unpopulateDateTimeRFC3339(val, "EndTime", &e.EndTime) + case "name": + err = unpopulate(val, "Name", &m.Name) delete(rawMsg, key) - case "kinds": - err = unpopulate(val, "Kinds", &e.Kinds) + case "properties": + err = unpopulate(val, "Properties", &m.Properties) delete(rawMsg, key) - case "numberOfBucket": - err = unpopulate(val, "NumberOfBucket", &e.NumberOfBucket) + case "systemData": + err = unpopulate(val, "SystemData", &m.SystemData) delete(rawMsg, key) - case "startTime": - err = unpopulateDateTimeRFC3339(val, "StartTime", &e.StartTime) + case "type": + err = unpopulate(val, "Type", &m.Type) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type EntityTimelineResponse. -func (e EntityTimelineResponse) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type MSTIDataConnectorDataTypes. +func (m MSTIDataConnectorDataTypes) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "metaData", e.MetaData) - populate(objectMap, "value", e.Value) + populate(objectMap, "microsoftEmergingThreatFeed", m.MicrosoftEmergingThreatFeed) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type EntityTimelineResponse. -func (e *EntityTimelineResponse) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type MSTIDataConnectorDataTypes. +func (m *MSTIDataConnectorDataTypes) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } for key, val := range rawMsg { var err error switch key { - case "metaData": - err = unpopulate(val, "MetaData", &e.MetaData) - delete(rawMsg, key) - case "value": - e.Value, err = unmarshalEntityTimelineItemClassificationArray(val) + case "microsoftEmergingThreatFeed": + err = unpopulate(val, "MicrosoftEmergingThreatFeed", &m.MicrosoftEmergingThreatFeed) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type EventGroupingSettings. -func (e EventGroupingSettings) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed. +func (m MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "aggregationKind", e.AggregationKind) + populate(objectMap, "lookbackPeriod", m.LookbackPeriod) + populate(objectMap, "state", m.State) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type EventGroupingSettings. -func (e *EventGroupingSettings) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed. +func (m *MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } for key, val := range rawMsg { var err error switch key { - case "aggregationKind": - err = unpopulate(val, "AggregationKind", &e.AggregationKind) + case "lookbackPeriod": + err = unpopulate(val, "LookbackPeriod", &m.LookbackPeriod) + delete(rawMsg, key) + case "state": + err = unpopulate(val, "State", &m.State) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type ExpansionEntityQueriesProperties. -func (e ExpansionEntityQueriesProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type MSTIDataConnectorProperties. +func (m MSTIDataConnectorProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "dataSources", e.DataSources) - populate(objectMap, "displayName", e.DisplayName) - populate(objectMap, "inputEntityType", e.InputEntityType) - populate(objectMap, "inputFields", e.InputFields) - populate(objectMap, "outputEntityTypes", e.OutputEntityTypes) - populate(objectMap, "queryTemplate", e.QueryTemplate) + populate(objectMap, "dataTypes", m.DataTypes) + populate(objectMap, "tenantId", m.TenantID) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type ExpansionEntityQueriesProperties. -func (e *ExpansionEntityQueriesProperties) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type MSTIDataConnectorProperties. +func (m *MSTIDataConnectorProperties) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } for key, val := range rawMsg { var err error switch key { - case "dataSources": - err = unpopulate(val, "DataSources", &e.DataSources) - delete(rawMsg, key) - case "displayName": - err = unpopulate(val, "DisplayName", &e.DisplayName) - delete(rawMsg, key) - case "inputEntityType": - err = unpopulate(val, "InputEntityType", &e.InputEntityType) - delete(rawMsg, key) - case "inputFields": - err = unpopulate(val, "InputFields", &e.InputFields) - delete(rawMsg, key) - case "outputEntityTypes": - err = unpopulate(val, "OutputEntityTypes", &e.OutputEntityTypes) + case "dataTypes": + err = unpopulate(val, "DataTypes", &m.DataTypes) delete(rawMsg, key) - case "queryTemplate": - err = unpopulate(val, "QueryTemplate", &e.QueryTemplate) + case "tenantId": + err = unpopulate(val, "TenantID", &m.TenantID) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type ExpansionEntityQuery. -func (e ExpansionEntityQuery) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type MailClusterEntity. +func (m MailClusterEntity) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "etag", e.Etag) - populate(objectMap, "id", e.ID) - objectMap["kind"] = EntityQueryKindExpansion - populate(objectMap, "name", e.Name) - populate(objectMap, "properties", e.Properties) - populate(objectMap, "systemData", e.SystemData) - populate(objectMap, "type", e.Type) + populate(objectMap, "id", m.ID) + objectMap["kind"] = EntityKindEnumMailCluster + populate(objectMap, "name", m.Name) + populate(objectMap, "properties", m.Properties) + populate(objectMap, "systemData", m.SystemData) + populate(objectMap, "type", m.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type ExpansionEntityQuery. -func (e *ExpansionEntityQuery) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type MailClusterEntity. +func (m *MailClusterEntity) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } for key, val := range rawMsg { var err error switch key { - case "etag": - err = unpopulate(val, "Etag", &e.Etag) - delete(rawMsg, key) case "id": - err = unpopulate(val, "ID", &e.ID) + err = unpopulate(val, "ID", &m.ID) delete(rawMsg, key) case "kind": - err = unpopulate(val, "Kind", &e.Kind) + err = unpopulate(val, "Kind", &m.Kind) delete(rawMsg, key) case "name": - err = unpopulate(val, "Name", &e.Name) + err = unpopulate(val, "Name", &m.Name) delete(rawMsg, key) case "properties": - err = unpopulate(val, "Properties", &e.Properties) + err = unpopulate(val, "Properties", &m.Properties) delete(rawMsg, key) case "systemData": - err = unpopulate(val, "SystemData", &e.SystemData) + err = unpopulate(val, "SystemData", &m.SystemData) delete(rawMsg, key) case "type": - err = unpopulate(val, "Type", &e.Type) + err = unpopulate(val, "Type", &m.Type) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type ExpansionResultAggregation. -func (e ExpansionResultAggregation) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type MailClusterEntityProperties. +func (m MailClusterEntityProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "aggregationType", e.AggregationType) - populate(objectMap, "count", e.Count) - populate(objectMap, "displayName", e.DisplayName) - populate(objectMap, "entityKind", e.EntityKind) + populate(objectMap, "additionalData", m.AdditionalData) + populate(objectMap, "clusterGroup", m.ClusterGroup) + populateDateTimeRFC3339(objectMap, "clusterQueryEndTime", m.ClusterQueryEndTime) + populateDateTimeRFC3339(objectMap, "clusterQueryStartTime", m.ClusterQueryStartTime) + populate(objectMap, "clusterSourceIdentifier", m.ClusterSourceIdentifier) + populate(objectMap, "clusterSourceType", m.ClusterSourceType) + populateAny(objectMap, "countByDeliveryStatus", m.CountByDeliveryStatus) + populateAny(objectMap, "countByProtectionStatus", m.CountByProtectionStatus) + populateAny(objectMap, "countByThreatType", m.CountByThreatType) + populate(objectMap, "friendlyName", m.FriendlyName) + populate(objectMap, "isVolumeAnomaly", m.IsVolumeAnomaly) + populate(objectMap, "mailCount", m.MailCount) + populate(objectMap, "networkMessageIds", m.NetworkMessageIDs) + populate(objectMap, "query", m.Query) + populateDateTimeRFC3339(objectMap, "queryTime", m.QueryTime) + populate(objectMap, "source", m.Source) + populate(objectMap, "threats", m.Threats) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type ExpansionResultAggregation. -func (e *ExpansionResultAggregation) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type MailClusterEntityProperties. +func (m *MailClusterEntityProperties) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } for key, val := range rawMsg { var err error switch key { - case "aggregationType": - err = unpopulate(val, "AggregationType", &e.AggregationType) - delete(rawMsg, key) - case "count": - err = unpopulate(val, "Count", &e.Count) + case "additionalData": + err = unpopulate(val, "AdditionalData", &m.AdditionalData) delete(rawMsg, key) - case "displayName": - err = unpopulate(val, "DisplayName", &e.DisplayName) + case "clusterGroup": + err = unpopulate(val, "ClusterGroup", &m.ClusterGroup) delete(rawMsg, key) - case "entityKind": - err = unpopulate(val, "EntityKind", &e.EntityKind) + case "clusterQueryEndTime": + err = unpopulateDateTimeRFC3339(val, "ClusterQueryEndTime", &m.ClusterQueryEndTime) delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type ExpansionResultsMetadata. -func (e ExpansionResultsMetadata) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "aggregations", e.Aggregations) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type ExpansionResultsMetadata. -func (e *ExpansionResultsMetadata) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "aggregations": - err = unpopulate(val, "Aggregations", &e.Aggregations) + case "clusterQueryStartTime": + err = unpopulateDateTimeRFC3339(val, "ClusterQueryStartTime", &m.ClusterQueryStartTime) + delete(rawMsg, key) + case "clusterSourceIdentifier": + err = unpopulate(val, "ClusterSourceIdentifier", &m.ClusterSourceIdentifier) + delete(rawMsg, key) + case "clusterSourceType": + err = unpopulate(val, "ClusterSourceType", &m.ClusterSourceType) + delete(rawMsg, key) + case "countByDeliveryStatus": + err = unpopulate(val, "CountByDeliveryStatus", &m.CountByDeliveryStatus) + delete(rawMsg, key) + case "countByProtectionStatus": + err = unpopulate(val, "CountByProtectionStatus", &m.CountByProtectionStatus) + delete(rawMsg, key) + case "countByThreatType": + err = unpopulate(val, "CountByThreatType", &m.CountByThreatType) + delete(rawMsg, key) + case "friendlyName": + err = unpopulate(val, "FriendlyName", &m.FriendlyName) + delete(rawMsg, key) + case "isVolumeAnomaly": + err = unpopulate(val, "IsVolumeAnomaly", &m.IsVolumeAnomaly) + delete(rawMsg, key) + case "mailCount": + err = unpopulate(val, "MailCount", &m.MailCount) + delete(rawMsg, key) + case "networkMessageIds": + err = unpopulate(val, "NetworkMessageIDs", &m.NetworkMessageIDs) + delete(rawMsg, key) + case "query": + err = unpopulate(val, "Query", &m.Query) + delete(rawMsg, key) + case "queryTime": + err = unpopulateDateTimeRFC3339(val, "QueryTime", &m.QueryTime) + delete(rawMsg, key) + case "source": + err = unpopulate(val, "Source", &m.Source) + delete(rawMsg, key) + case "threats": + err = unpopulate(val, "Threats", &m.Threats) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type EyesOn. -func (e EyesOn) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type MailMessageEntity. +func (m MailMessageEntity) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "etag", e.Etag) - populate(objectMap, "id", e.ID) - objectMap["kind"] = SettingKindEyesOn - populate(objectMap, "name", e.Name) - populate(objectMap, "properties", e.Properties) - populate(objectMap, "systemData", e.SystemData) - populate(objectMap, "type", e.Type) + populate(objectMap, "id", m.ID) + objectMap["kind"] = EntityKindEnumMailMessage + populate(objectMap, "name", m.Name) + populate(objectMap, "properties", m.Properties) + populate(objectMap, "systemData", m.SystemData) + populate(objectMap, "type", m.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type EyesOn. -func (e *EyesOn) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type MailMessageEntity. +func (m *MailMessageEntity) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } for key, val := range rawMsg { var err error switch key { - case "etag": - err = unpopulate(val, "Etag", &e.Etag) - delete(rawMsg, key) case "id": - err = unpopulate(val, "ID", &e.ID) + err = unpopulate(val, "ID", &m.ID) delete(rawMsg, key) case "kind": - err = unpopulate(val, "Kind", &e.Kind) + err = unpopulate(val, "Kind", &m.Kind) delete(rawMsg, key) case "name": - err = unpopulate(val, "Name", &e.Name) + err = unpopulate(val, "Name", &m.Name) delete(rawMsg, key) case "properties": - err = unpopulate(val, "Properties", &e.Properties) + err = unpopulate(val, "Properties", &m.Properties) delete(rawMsg, key) case "systemData": - err = unpopulate(val, "SystemData", &e.SystemData) + err = unpopulate(val, "SystemData", &m.SystemData) delete(rawMsg, key) case "type": - err = unpopulate(val, "Type", &e.Type) + err = unpopulate(val, "Type", &m.Type) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type EyesOnSettingsProperties. -func (e EyesOnSettingsProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type MailMessageEntityProperties. +func (m MailMessageEntityProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "isEnabled", e.IsEnabled) + populate(objectMap, "additionalData", m.AdditionalData) + populate(objectMap, "antispamDirection", m.AntispamDirection) + populate(objectMap, "bodyFingerprintBin1", m.BodyFingerprintBin1) + populate(objectMap, "bodyFingerprintBin2", m.BodyFingerprintBin2) + populate(objectMap, "bodyFingerprintBin3", m.BodyFingerprintBin3) + populate(objectMap, "bodyFingerprintBin4", m.BodyFingerprintBin4) + populate(objectMap, "bodyFingerprintBin5", m.BodyFingerprintBin5) + populate(objectMap, "deliveryAction", m.DeliveryAction) + populate(objectMap, "deliveryLocation", m.DeliveryLocation) + populate(objectMap, "fileEntityIds", m.FileEntityIDs) + populate(objectMap, "friendlyName", m.FriendlyName) + populate(objectMap, "internetMessageId", m.InternetMessageID) + populate(objectMap, "language", m.Language) + populate(objectMap, "networkMessageId", m.NetworkMessageID) + populate(objectMap, "p1Sender", m.P1Sender) + populate(objectMap, "p1SenderDisplayName", m.P1SenderDisplayName) + populate(objectMap, "p1SenderDomain", m.P1SenderDomain) + populate(objectMap, "p2Sender", m.P2Sender) + populate(objectMap, "p2SenderDisplayName", m.P2SenderDisplayName) + populate(objectMap, "p2SenderDomain", m.P2SenderDomain) + populateDateTimeRFC3339(objectMap, "receiveDate", m.ReceiveDate) + populate(objectMap, "recipient", m.Recipient) + populate(objectMap, "senderIP", m.SenderIP) + populate(objectMap, "subject", m.Subject) + populate(objectMap, "threatDetectionMethods", m.ThreatDetectionMethods) + populate(objectMap, "threats", m.Threats) + populate(objectMap, "urls", m.Urls) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type EyesOnSettingsProperties. -func (e *EyesOnSettingsProperties) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type MailMessageEntityProperties. +func (m *MailMessageEntityProperties) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } for key, val := range rawMsg { var err error switch key { - case "isEnabled": - err = unpopulate(val, "IsEnabled", &e.IsEnabled) + case "additionalData": + err = unpopulate(val, "AdditionalData", &m.AdditionalData) + delete(rawMsg, key) + case "antispamDirection": + err = unpopulate(val, "AntispamDirection", &m.AntispamDirection) + delete(rawMsg, key) + case "bodyFingerprintBin1": + err = unpopulate(val, "BodyFingerprintBin1", &m.BodyFingerprintBin1) + delete(rawMsg, key) + case "bodyFingerprintBin2": + err = unpopulate(val, "BodyFingerprintBin2", &m.BodyFingerprintBin2) + delete(rawMsg, key) + case "bodyFingerprintBin3": + err = unpopulate(val, "BodyFingerprintBin3", &m.BodyFingerprintBin3) + delete(rawMsg, key) + case "bodyFingerprintBin4": + err = unpopulate(val, "BodyFingerprintBin4", &m.BodyFingerprintBin4) + delete(rawMsg, key) + case "bodyFingerprintBin5": + err = unpopulate(val, "BodyFingerprintBin5", &m.BodyFingerprintBin5) + delete(rawMsg, key) + case "deliveryAction": + err = unpopulate(val, "DeliveryAction", &m.DeliveryAction) + delete(rawMsg, key) + case "deliveryLocation": + err = unpopulate(val, "DeliveryLocation", &m.DeliveryLocation) + delete(rawMsg, key) + case "fileEntityIds": + err = unpopulate(val, "FileEntityIDs", &m.FileEntityIDs) + delete(rawMsg, key) + case "friendlyName": + err = unpopulate(val, "FriendlyName", &m.FriendlyName) + delete(rawMsg, key) + case "internetMessageId": + err = unpopulate(val, "InternetMessageID", &m.InternetMessageID) + delete(rawMsg, key) + case "language": + err = unpopulate(val, "Language", &m.Language) + delete(rawMsg, key) + case "networkMessageId": + err = unpopulate(val, "NetworkMessageID", &m.NetworkMessageID) + delete(rawMsg, key) + case "p1Sender": + err = unpopulate(val, "P1Sender", &m.P1Sender) + delete(rawMsg, key) + case "p1SenderDisplayName": + err = unpopulate(val, "P1SenderDisplayName", &m.P1SenderDisplayName) + delete(rawMsg, key) + case "p1SenderDomain": + err = unpopulate(val, "P1SenderDomain", &m.P1SenderDomain) + delete(rawMsg, key) + case "p2Sender": + err = unpopulate(val, "P2Sender", &m.P2Sender) + delete(rawMsg, key) + case "p2SenderDisplayName": + err = unpopulate(val, "P2SenderDisplayName", &m.P2SenderDisplayName) + delete(rawMsg, key) + case "p2SenderDomain": + err = unpopulate(val, "P2SenderDomain", &m.P2SenderDomain) + delete(rawMsg, key) + case "receiveDate": + err = unpopulateDateTimeRFC3339(val, "ReceiveDate", &m.ReceiveDate) + delete(rawMsg, key) + case "recipient": + err = unpopulate(val, "Recipient", &m.Recipient) + delete(rawMsg, key) + case "senderIP": + err = unpopulate(val, "SenderIP", &m.SenderIP) + delete(rawMsg, key) + case "subject": + err = unpopulate(val, "Subject", &m.Subject) + delete(rawMsg, key) + case "threatDetectionMethods": + err = unpopulate(val, "ThreatDetectionMethods", &m.ThreatDetectionMethods) + delete(rawMsg, key) + case "threats": + err = unpopulate(val, "Threats", &m.Threats) + delete(rawMsg, key) + case "urls": + err = unpopulate(val, "Urls", &m.Urls) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", e, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type FieldMapping. -func (f FieldMapping) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type MailboxEntity. +func (m MailboxEntity) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "columnName", f.ColumnName) - populate(objectMap, "identifier", f.Identifier) + populate(objectMap, "id", m.ID) + objectMap["kind"] = EntityKindEnumMailbox + populate(objectMap, "name", m.Name) + populate(objectMap, "properties", m.Properties) + populate(objectMap, "systemData", m.SystemData) + populate(objectMap, "type", m.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type FieldMapping. -func (f *FieldMapping) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type MailboxEntity. +func (m *MailboxEntity) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", f, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } for key, val := range rawMsg { var err error switch key { - case "columnName": - err = unpopulate(val, "ColumnName", &f.ColumnName) + case "id": + err = unpopulate(val, "ID", &m.ID) delete(rawMsg, key) - case "identifier": - err = unpopulate(val, "Identifier", &f.Identifier) + case "kind": + err = unpopulate(val, "Kind", &m.Kind) + delete(rawMsg, key) + case "name": + err = unpopulate(val, "Name", &m.Name) + delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &m.Properties) + delete(rawMsg, key) + case "systemData": + err = unpopulate(val, "SystemData", &m.SystemData) + delete(rawMsg, key) + case "type": + err = unpopulate(val, "Type", &m.Type) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", f, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type FileEntity. -func (f FileEntity) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type MailboxEntityProperties. +func (m MailboxEntityProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "id", f.ID) - objectMap["kind"] = EntityKindFile - populate(objectMap, "name", f.Name) - populate(objectMap, "properties", f.Properties) - populate(objectMap, "systemData", f.SystemData) - populate(objectMap, "type", f.Type) + populate(objectMap, "additionalData", m.AdditionalData) + populate(objectMap, "displayName", m.DisplayName) + populate(objectMap, "externalDirectoryObjectId", m.ExternalDirectoryObjectID) + populate(objectMap, "friendlyName", m.FriendlyName) + populate(objectMap, "mailboxPrimaryAddress", m.MailboxPrimaryAddress) + populate(objectMap, "upn", m.Upn) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type FileEntity. -func (f *FileEntity) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type MailboxEntityProperties. +func (m *MailboxEntityProperties) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", f, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } for key, val := range rawMsg { var err error switch key { - case "id": - err = unpopulate(val, "ID", &f.ID) + case "additionalData": + err = unpopulate(val, "AdditionalData", &m.AdditionalData) delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &f.Kind) + case "displayName": + err = unpopulate(val, "DisplayName", &m.DisplayName) delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &f.Name) + case "externalDirectoryObjectId": + err = unpopulate(val, "ExternalDirectoryObjectID", &m.ExternalDirectoryObjectID) delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &f.Properties) + case "friendlyName": + err = unpopulate(val, "FriendlyName", &m.FriendlyName) delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &f.SystemData) + case "mailboxPrimaryAddress": + err = unpopulate(val, "MailboxPrimaryAddress", &m.MailboxPrimaryAddress) delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &f.Type) + case "upn": + err = unpopulate(val, "Upn", &m.Upn) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", f, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type FileEntityProperties. -func (f FileEntityProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type MalwareEntity. +func (m MalwareEntity) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "additionalData", f.AdditionalData) - populate(objectMap, "directory", f.Directory) - populate(objectMap, "fileHashEntityIds", f.FileHashEntityIDs) - populate(objectMap, "fileName", f.FileName) - populate(objectMap, "friendlyName", f.FriendlyName) - populate(objectMap, "hostEntityId", f.HostEntityID) + populate(objectMap, "id", m.ID) + objectMap["kind"] = EntityKindEnumMalware + populate(objectMap, "name", m.Name) + populate(objectMap, "properties", m.Properties) + populate(objectMap, "systemData", m.SystemData) + populate(objectMap, "type", m.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type FileEntityProperties. -func (f *FileEntityProperties) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type MalwareEntity. +func (m *MalwareEntity) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", f, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } for key, val := range rawMsg { var err error switch key { - case "additionalData": - err = unpopulate(val, "AdditionalData", &f.AdditionalData) + case "id": + err = unpopulate(val, "ID", &m.ID) delete(rawMsg, key) - case "directory": - err = unpopulate(val, "Directory", &f.Directory) + case "kind": + err = unpopulate(val, "Kind", &m.Kind) delete(rawMsg, key) - case "fileHashEntityIds": - err = unpopulate(val, "FileHashEntityIDs", &f.FileHashEntityIDs) + case "name": + err = unpopulate(val, "Name", &m.Name) delete(rawMsg, key) - case "fileName": - err = unpopulate(val, "FileName", &f.FileName) + case "properties": + err = unpopulate(val, "Properties", &m.Properties) delete(rawMsg, key) - case "friendlyName": - err = unpopulate(val, "FriendlyName", &f.FriendlyName) + case "systemData": + err = unpopulate(val, "SystemData", &m.SystemData) delete(rawMsg, key) - case "hostEntityId": - err = unpopulate(val, "HostEntityID", &f.HostEntityID) + case "type": + err = unpopulate(val, "Type", &m.Type) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", f, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type FileHashEntity. -func (f FileHashEntity) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type MalwareEntityProperties. +func (m MalwareEntityProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "id", f.ID) - objectMap["kind"] = EntityKindFileHash - populate(objectMap, "name", f.Name) - populate(objectMap, "properties", f.Properties) - populate(objectMap, "systemData", f.SystemData) - populate(objectMap, "type", f.Type) + populate(objectMap, "additionalData", m.AdditionalData) + populate(objectMap, "category", m.Category) + populate(objectMap, "fileEntityIds", m.FileEntityIDs) + populate(objectMap, "friendlyName", m.FriendlyName) + populate(objectMap, "malwareName", m.MalwareName) + populate(objectMap, "processEntityIds", m.ProcessEntityIDs) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type FileHashEntity. -func (f *FileHashEntity) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type MalwareEntityProperties. +func (m *MalwareEntityProperties) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", f, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } for key, val := range rawMsg { var err error switch key { - case "id": - err = unpopulate(val, "ID", &f.ID) + case "additionalData": + err = unpopulate(val, "AdditionalData", &m.AdditionalData) delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &f.Kind) + case "category": + err = unpopulate(val, "Category", &m.Category) delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &f.Name) + case "fileEntityIds": + err = unpopulate(val, "FileEntityIDs", &m.FileEntityIDs) delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &f.Properties) + case "friendlyName": + err = unpopulate(val, "FriendlyName", &m.FriendlyName) delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &f.SystemData) + case "malwareName": + err = unpopulate(val, "MalwareName", &m.MalwareName) delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &f.Type) + case "processEntityIds": + err = unpopulate(val, "ProcessEntityIDs", &m.ProcessEntityIDs) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", f, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type FileHashEntityProperties. -func (f FileHashEntityProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type ManualTriggerRequestBody. +func (m ManualTriggerRequestBody) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "additionalData", f.AdditionalData) - populate(objectMap, "algorithm", f.Algorithm) - populate(objectMap, "friendlyName", f.FriendlyName) - populate(objectMap, "hashValue", f.HashValue) + populate(objectMap, "logicAppsResourceId", m.LogicAppsResourceID) + populate(objectMap, "tenantId", m.TenantID) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type FileHashEntityProperties. -func (f *FileHashEntityProperties) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type ManualTriggerRequestBody. +func (m *ManualTriggerRequestBody) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", f, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } for key, val := range rawMsg { var err error switch key { - case "additionalData": - err = unpopulate(val, "AdditionalData", &f.AdditionalData) - delete(rawMsg, key) - case "algorithm": - err = unpopulate(val, "Algorithm", &f.Algorithm) - delete(rawMsg, key) - case "friendlyName": - err = unpopulate(val, "FriendlyName", &f.FriendlyName) + case "logicAppsResourceId": + err = unpopulate(val, "LogicAppsResourceID", &m.LogicAppsResourceID) delete(rawMsg, key) - case "hashValue": - err = unpopulate(val, "HashValue", &f.HashValue) + case "tenantId": + err = unpopulate(val, "TenantID", &m.TenantID) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", f, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type FileImport. -func (f FileImport) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type MetadataAuthor. +func (m MetadataAuthor) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "id", f.ID) - populate(objectMap, "name", f.Name) - populate(objectMap, "properties", f.Properties) - populate(objectMap, "systemData", f.SystemData) - populate(objectMap, "type", f.Type) + populate(objectMap, "email", m.Email) + populate(objectMap, "link", m.Link) + populate(objectMap, "name", m.Name) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type FileImport. -func (f *FileImport) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type MetadataAuthor. +func (m *MetadataAuthor) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", f, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } for key, val := range rawMsg { var err error switch key { - case "id": - err = unpopulate(val, "ID", &f.ID) - delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &f.Name) - delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &f.Properties) + case "email": + err = unpopulate(val, "Email", &m.Email) delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &f.SystemData) + case "link": + err = unpopulate(val, "Link", &m.Link) delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &f.Type) + case "name": + err = unpopulate(val, "Name", &m.Name) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", f, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type FileImportList. -func (f FileImportList) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type MetadataCategories. +func (m MetadataCategories) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "nextLink", f.NextLink) - populate(objectMap, "value", f.Value) + populate(objectMap, "domains", m.Domains) + populate(objectMap, "verticals", m.Verticals) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type FileImportList. -func (f *FileImportList) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type MetadataCategories. +func (m *MetadataCategories) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", f, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } for key, val := range rawMsg { var err error switch key { - case "nextLink": - err = unpopulate(val, "NextLink", &f.NextLink) + case "domains": + err = unpopulate(val, "Domains", &m.Domains) delete(rawMsg, key) - case "value": - err = unpopulate(val, "Value", &f.Value) + case "verticals": + err = unpopulate(val, "Verticals", &m.Verticals) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", f, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type FileImportProperties. -func (f FileImportProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type MetadataDependencies. +func (m MetadataDependencies) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "contentType", f.ContentType) - populateDateTimeRFC3339(objectMap, "createdTimeUTC", f.CreatedTimeUTC) - populate(objectMap, "errorFile", f.ErrorFile) - populate(objectMap, "errorsPreview", f.ErrorsPreview) - populateDateTimeRFC3339(objectMap, "filesValidUntilTimeUTC", f.FilesValidUntilTimeUTC) - populate(objectMap, "importFile", f.ImportFile) - populateDateTimeRFC3339(objectMap, "importValidUntilTimeUTC", f.ImportValidUntilTimeUTC) - populate(objectMap, "ingestedRecordCount", f.IngestedRecordCount) - populate(objectMap, "ingestionMode", f.IngestionMode) - populate(objectMap, "source", f.Source) - populate(objectMap, "state", f.State) - populate(objectMap, "totalRecordCount", f.TotalRecordCount) - populate(objectMap, "validRecordCount", f.ValidRecordCount) + populate(objectMap, "contentId", m.ContentID) + populate(objectMap, "criteria", m.Criteria) + populate(objectMap, "kind", m.Kind) + populate(objectMap, "name", m.Name) + populate(objectMap, "operator", m.Operator) + populate(objectMap, "version", m.Version) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type FileImportProperties. -func (f *FileImportProperties) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type MetadataDependencies. +func (m *MetadataDependencies) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", f, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } for key, val := range rawMsg { var err error switch key { - case "contentType": - err = unpopulate(val, "ContentType", &f.ContentType) - delete(rawMsg, key) - case "createdTimeUTC": - err = unpopulateDateTimeRFC3339(val, "CreatedTimeUTC", &f.CreatedTimeUTC) - delete(rawMsg, key) - case "errorFile": - err = unpopulate(val, "ErrorFile", &f.ErrorFile) - delete(rawMsg, key) - case "errorsPreview": - err = unpopulate(val, "ErrorsPreview", &f.ErrorsPreview) - delete(rawMsg, key) - case "filesValidUntilTimeUTC": - err = unpopulateDateTimeRFC3339(val, "FilesValidUntilTimeUTC", &f.FilesValidUntilTimeUTC) - delete(rawMsg, key) - case "importFile": - err = unpopulate(val, "ImportFile", &f.ImportFile) - delete(rawMsg, key) - case "importValidUntilTimeUTC": - err = unpopulateDateTimeRFC3339(val, "ImportValidUntilTimeUTC", &f.ImportValidUntilTimeUTC) + case "contentId": + err = unpopulate(val, "ContentID", &m.ContentID) delete(rawMsg, key) - case "ingestedRecordCount": - err = unpopulate(val, "IngestedRecordCount", &f.IngestedRecordCount) + case "criteria": + err = unpopulate(val, "Criteria", &m.Criteria) delete(rawMsg, key) - case "ingestionMode": - err = unpopulate(val, "IngestionMode", &f.IngestionMode) + case "kind": + err = unpopulate(val, "Kind", &m.Kind) delete(rawMsg, key) - case "source": - err = unpopulate(val, "Source", &f.Source) + case "name": + err = unpopulate(val, "Name", &m.Name) delete(rawMsg, key) - case "state": - err = unpopulate(val, "State", &f.State) + case "operator": + err = unpopulate(val, "Operator", &m.Operator) delete(rawMsg, key) - case "totalRecordCount": - err = unpopulate(val, "TotalRecordCount", &f.TotalRecordCount) - delete(rawMsg, key) - case "validRecordCount": - err = unpopulate(val, "ValidRecordCount", &f.ValidRecordCount) + case "version": + err = unpopulate(val, "Version", &m.Version) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", f, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type FileMetadata. -func (f FileMetadata) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type MetadataList. +func (m MetadataList) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "deleteStatus", f.DeleteStatus) - populate(objectMap, "fileContentUri", f.FileContentURI) - populate(objectMap, "fileFormat", f.FileFormat) - populate(objectMap, "fileName", f.FileName) - populate(objectMap, "fileSize", f.FileSize) + populate(objectMap, "nextLink", m.NextLink) + populate(objectMap, "value", m.Value) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type FileMetadata. -func (f *FileMetadata) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type MetadataList. +func (m *MetadataList) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", f, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } for key, val := range rawMsg { var err error switch key { - case "deleteStatus": - err = unpopulate(val, "DeleteStatus", &f.DeleteStatus) - delete(rawMsg, key) - case "fileContentUri": - err = unpopulate(val, "FileContentURI", &f.FileContentURI) - delete(rawMsg, key) - case "fileFormat": - err = unpopulate(val, "FileFormat", &f.FileFormat) - delete(rawMsg, key) - case "fileName": - err = unpopulate(val, "FileName", &f.FileName) + case "nextLink": + err = unpopulate(val, "NextLink", &m.NextLink) delete(rawMsg, key) - case "fileSize": - err = unpopulate(val, "FileSize", &f.FileSize) + case "value": + err = unpopulate(val, "Value", &m.Value) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", f, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type FusionAlertRule. -func (f FusionAlertRule) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type MetadataModel. +func (m MetadataModel) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "etag", f.Etag) - populate(objectMap, "id", f.ID) - objectMap["kind"] = AlertRuleKindFusion - populate(objectMap, "name", f.Name) - populate(objectMap, "properties", f.Properties) - populate(objectMap, "systemData", f.SystemData) - populate(objectMap, "type", f.Type) + populate(objectMap, "etag", m.Etag) + populate(objectMap, "id", m.ID) + populate(objectMap, "name", m.Name) + populate(objectMap, "properties", m.Properties) + populate(objectMap, "systemData", m.SystemData) + populate(objectMap, "type", m.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type FusionAlertRule. -func (f *FusionAlertRule) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type MetadataModel. +func (m *MetadataModel) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", f, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } for key, val := range rawMsg { var err error switch key { case "etag": - err = unpopulate(val, "Etag", &f.Etag) + err = unpopulate(val, "Etag", &m.Etag) delete(rawMsg, key) case "id": - err = unpopulate(val, "ID", &f.ID) - delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &f.Kind) + err = unpopulate(val, "ID", &m.ID) delete(rawMsg, key) case "name": - err = unpopulate(val, "Name", &f.Name) + err = unpopulate(val, "Name", &m.Name) delete(rawMsg, key) case "properties": - err = unpopulate(val, "Properties", &f.Properties) + err = unpopulate(val, "Properties", &m.Properties) delete(rawMsg, key) case "systemData": - err = unpopulate(val, "SystemData", &f.SystemData) + err = unpopulate(val, "SystemData", &m.SystemData) delete(rawMsg, key) case "type": - err = unpopulate(val, "Type", &f.Type) + err = unpopulate(val, "Type", &m.Type) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", f, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type FusionAlertRuleProperties. -func (f FusionAlertRuleProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type MetadataPatch. +func (m MetadataPatch) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "alertRuleTemplateName", f.AlertRuleTemplateName) - populate(objectMap, "description", f.Description) - populate(objectMap, "displayName", f.DisplayName) - populate(objectMap, "enabled", f.Enabled) - populateDateTimeRFC3339(objectMap, "lastModifiedUtc", f.LastModifiedUTC) - populate(objectMap, "scenarioExclusionPatterns", f.ScenarioExclusionPatterns) - populate(objectMap, "severity", f.Severity) - populate(objectMap, "sourceSettings", f.SourceSettings) - populate(objectMap, "tactics", f.Tactics) - populate(objectMap, "techniques", f.Techniques) + populate(objectMap, "properties", m.Properties) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type FusionAlertRuleProperties. -func (f *FusionAlertRuleProperties) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type MetadataPatch. +func (m *MetadataPatch) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", f, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } for key, val := range rawMsg { var err error switch key { - case "alertRuleTemplateName": - err = unpopulate(val, "AlertRuleTemplateName", &f.AlertRuleTemplateName) - delete(rawMsg, key) - case "description": - err = unpopulate(val, "Description", &f.Description) - delete(rawMsg, key) - case "displayName": - err = unpopulate(val, "DisplayName", &f.DisplayName) - delete(rawMsg, key) - case "enabled": - err = unpopulate(val, "Enabled", &f.Enabled) - delete(rawMsg, key) - case "lastModifiedUtc": - err = unpopulateDateTimeRFC3339(val, "LastModifiedUTC", &f.LastModifiedUTC) - delete(rawMsg, key) - case "scenarioExclusionPatterns": - err = unpopulate(val, "ScenarioExclusionPatterns", &f.ScenarioExclusionPatterns) - delete(rawMsg, key) - case "severity": - err = unpopulate(val, "Severity", &f.Severity) - delete(rawMsg, key) - case "sourceSettings": - err = unpopulate(val, "SourceSettings", &f.SourceSettings) - delete(rawMsg, key) - case "tactics": - err = unpopulate(val, "Tactics", &f.Tactics) - delete(rawMsg, key) - case "techniques": - err = unpopulate(val, "Techniques", &f.Techniques) + case "properties": + err = unpopulate(val, "Properties", &m.Properties) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", f, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type FusionAlertRuleTemplate. -func (f FusionAlertRuleTemplate) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type MetadataProperties. +func (m MetadataProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "id", f.ID) - objectMap["kind"] = AlertRuleKindFusion - populate(objectMap, "name", f.Name) - populate(objectMap, "properties", f.Properties) - populate(objectMap, "systemData", f.SystemData) - populate(objectMap, "type", f.Type) + populate(objectMap, "author", m.Author) + populate(objectMap, "categories", m.Categories) + populate(objectMap, "contentId", m.ContentID) + populate(objectMap, "contentSchemaVersion", m.ContentSchemaVersion) + populate(objectMap, "customVersion", m.CustomVersion) + populate(objectMap, "dependencies", m.Dependencies) + populateDateType(objectMap, "firstPublishDate", m.FirstPublishDate) + populate(objectMap, "icon", m.Icon) + populate(objectMap, "kind", m.Kind) + populateDateType(objectMap, "lastPublishDate", m.LastPublishDate) + populate(objectMap, "parentId", m.ParentID) + populate(objectMap, "previewImages", m.PreviewImages) + populate(objectMap, "previewImagesDark", m.PreviewImagesDark) + populate(objectMap, "providers", m.Providers) + populate(objectMap, "source", m.Source) + populate(objectMap, "support", m.Support) + populate(objectMap, "threatAnalysisTactics", m.ThreatAnalysisTactics) + populate(objectMap, "threatAnalysisTechniques", m.ThreatAnalysisTechniques) + populate(objectMap, "version", m.Version) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type FusionAlertRuleTemplate. -func (f *FusionAlertRuleTemplate) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type MetadataProperties. +func (m *MetadataProperties) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", f, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } for key, val := range rawMsg { var err error switch key { - case "id": - err = unpopulate(val, "ID", &f.ID) + case "author": + err = unpopulate(val, "Author", &m.Author) + delete(rawMsg, key) + case "categories": + err = unpopulate(val, "Categories", &m.Categories) + delete(rawMsg, key) + case "contentId": + err = unpopulate(val, "ContentID", &m.ContentID) + delete(rawMsg, key) + case "contentSchemaVersion": + err = unpopulate(val, "ContentSchemaVersion", &m.ContentSchemaVersion) + delete(rawMsg, key) + case "customVersion": + err = unpopulate(val, "CustomVersion", &m.CustomVersion) + delete(rawMsg, key) + case "dependencies": + err = unpopulate(val, "Dependencies", &m.Dependencies) + delete(rawMsg, key) + case "firstPublishDate": + err = unpopulateDateType(val, "FirstPublishDate", &m.FirstPublishDate) + delete(rawMsg, key) + case "icon": + err = unpopulate(val, "Icon", &m.Icon) delete(rawMsg, key) case "kind": - err = unpopulate(val, "Kind", &f.Kind) + err = unpopulate(val, "Kind", &m.Kind) delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &f.Name) + case "lastPublishDate": + err = unpopulateDateType(val, "LastPublishDate", &m.LastPublishDate) delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &f.Properties) + case "parentId": + err = unpopulate(val, "ParentID", &m.ParentID) delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &f.SystemData) + case "previewImages": + err = unpopulate(val, "PreviewImages", &m.PreviewImages) delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &f.Type) + case "previewImagesDark": + err = unpopulate(val, "PreviewImagesDark", &m.PreviewImagesDark) + delete(rawMsg, key) + case "providers": + err = unpopulate(val, "Providers", &m.Providers) + delete(rawMsg, key) + case "source": + err = unpopulate(val, "Source", &m.Source) + delete(rawMsg, key) + case "support": + err = unpopulate(val, "Support", &m.Support) + delete(rawMsg, key) + case "threatAnalysisTactics": + err = unpopulate(val, "ThreatAnalysisTactics", &m.ThreatAnalysisTactics) + delete(rawMsg, key) + case "threatAnalysisTechniques": + err = unpopulate(val, "ThreatAnalysisTechniques", &m.ThreatAnalysisTechniques) + delete(rawMsg, key) + case "version": + err = unpopulate(val, "Version", &m.Version) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", f, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type FusionAlertRuleTemplateProperties. -func (f FusionAlertRuleTemplateProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type MetadataPropertiesPatch. +func (m MetadataPropertiesPatch) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "alertRulesCreatedByTemplateCount", f.AlertRulesCreatedByTemplateCount) - populateDateTimeRFC3339(objectMap, "createdDateUTC", f.CreatedDateUTC) - populate(objectMap, "description", f.Description) - populate(objectMap, "displayName", f.DisplayName) - populateDateTimeRFC3339(objectMap, "lastUpdatedDateUTC", f.LastUpdatedDateUTC) - populate(objectMap, "requiredDataConnectors", f.RequiredDataConnectors) - populate(objectMap, "severity", f.Severity) - populate(objectMap, "sourceSettings", f.SourceSettings) - populate(objectMap, "status", f.Status) - populate(objectMap, "tactics", f.Tactics) - populate(objectMap, "techniques", f.Techniques) + populate(objectMap, "author", m.Author) + populate(objectMap, "categories", m.Categories) + populate(objectMap, "contentId", m.ContentID) + populate(objectMap, "contentSchemaVersion", m.ContentSchemaVersion) + populate(objectMap, "customVersion", m.CustomVersion) + populate(objectMap, "dependencies", m.Dependencies) + populateDateType(objectMap, "firstPublishDate", m.FirstPublishDate) + populate(objectMap, "icon", m.Icon) + populate(objectMap, "kind", m.Kind) + populateDateType(objectMap, "lastPublishDate", m.LastPublishDate) + populate(objectMap, "parentId", m.ParentID) + populate(objectMap, "previewImages", m.PreviewImages) + populate(objectMap, "previewImagesDark", m.PreviewImagesDark) + populate(objectMap, "providers", m.Providers) + populate(objectMap, "source", m.Source) + populate(objectMap, "support", m.Support) + populate(objectMap, "threatAnalysisTactics", m.ThreatAnalysisTactics) + populate(objectMap, "threatAnalysisTechniques", m.ThreatAnalysisTechniques) + populate(objectMap, "version", m.Version) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type FusionAlertRuleTemplateProperties. -func (f *FusionAlertRuleTemplateProperties) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type MetadataPropertiesPatch. +func (m *MetadataPropertiesPatch) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", f, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } for key, val := range rawMsg { var err error switch key { - case "alertRulesCreatedByTemplateCount": - err = unpopulate(val, "AlertRulesCreatedByTemplateCount", &f.AlertRulesCreatedByTemplateCount) + case "author": + err = unpopulate(val, "Author", &m.Author) delete(rawMsg, key) - case "createdDateUTC": - err = unpopulateDateTimeRFC3339(val, "CreatedDateUTC", &f.CreatedDateUTC) + case "categories": + err = unpopulate(val, "Categories", &m.Categories) delete(rawMsg, key) - case "description": - err = unpopulate(val, "Description", &f.Description) + case "contentId": + err = unpopulate(val, "ContentID", &m.ContentID) delete(rawMsg, key) - case "displayName": - err = unpopulate(val, "DisplayName", &f.DisplayName) + case "contentSchemaVersion": + err = unpopulate(val, "ContentSchemaVersion", &m.ContentSchemaVersion) delete(rawMsg, key) - case "lastUpdatedDateUTC": - err = unpopulateDateTimeRFC3339(val, "LastUpdatedDateUTC", &f.LastUpdatedDateUTC) + case "customVersion": + err = unpopulate(val, "CustomVersion", &m.CustomVersion) delete(rawMsg, key) - case "requiredDataConnectors": - err = unpopulate(val, "RequiredDataConnectors", &f.RequiredDataConnectors) + case "dependencies": + err = unpopulate(val, "Dependencies", &m.Dependencies) delete(rawMsg, key) - case "severity": - err = unpopulate(val, "Severity", &f.Severity) + case "firstPublishDate": + err = unpopulateDateType(val, "FirstPublishDate", &m.FirstPublishDate) delete(rawMsg, key) - case "sourceSettings": - err = unpopulate(val, "SourceSettings", &f.SourceSettings) + case "icon": + err = unpopulate(val, "Icon", &m.Icon) delete(rawMsg, key) - case "status": - err = unpopulate(val, "Status", &f.Status) + case "kind": + err = unpopulate(val, "Kind", &m.Kind) delete(rawMsg, key) - case "tactics": - err = unpopulate(val, "Tactics", &f.Tactics) + case "lastPublishDate": + err = unpopulateDateType(val, "LastPublishDate", &m.LastPublishDate) delete(rawMsg, key) - case "techniques": - err = unpopulate(val, "Techniques", &f.Techniques) + case "parentId": + err = unpopulate(val, "ParentID", &m.ParentID) delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", f, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type FusionScenarioExclusionPattern. -func (f FusionScenarioExclusionPattern) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "dateAddedInUTC", f.DateAddedInUTC) - populate(objectMap, "exclusionPattern", f.ExclusionPattern) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type FusionScenarioExclusionPattern. -func (f *FusionScenarioExclusionPattern) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", f, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "dateAddedInUTC": - err = unpopulate(val, "DateAddedInUTC", &f.DateAddedInUTC) + case "previewImages": + err = unpopulate(val, "PreviewImages", &m.PreviewImages) + delete(rawMsg, key) + case "previewImagesDark": + err = unpopulate(val, "PreviewImagesDark", &m.PreviewImagesDark) + delete(rawMsg, key) + case "providers": + err = unpopulate(val, "Providers", &m.Providers) + delete(rawMsg, key) + case "source": + err = unpopulate(val, "Source", &m.Source) delete(rawMsg, key) - case "exclusionPattern": - err = unpopulate(val, "ExclusionPattern", &f.ExclusionPattern) + case "support": + err = unpopulate(val, "Support", &m.Support) + delete(rawMsg, key) + case "threatAnalysisTactics": + err = unpopulate(val, "ThreatAnalysisTactics", &m.ThreatAnalysisTactics) + delete(rawMsg, key) + case "threatAnalysisTechniques": + err = unpopulate(val, "ThreatAnalysisTechniques", &m.ThreatAnalysisTechniques) + delete(rawMsg, key) + case "version": + err = unpopulate(val, "Version", &m.Version) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", f, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type FusionSourceSettings. -func (f FusionSourceSettings) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type MetadataSource. +func (m MetadataSource) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "enabled", f.Enabled) - populate(objectMap, "sourceName", f.SourceName) - populate(objectMap, "sourceSubTypes", f.SourceSubTypes) + populate(objectMap, "kind", m.Kind) + populate(objectMap, "name", m.Name) + populate(objectMap, "sourceId", m.SourceID) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type FusionSourceSettings. -func (f *FusionSourceSettings) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type MetadataSource. +func (m *MetadataSource) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", f, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } for key, val := range rawMsg { var err error switch key { - case "enabled": - err = unpopulate(val, "Enabled", &f.Enabled) + case "kind": + err = unpopulate(val, "Kind", &m.Kind) delete(rawMsg, key) - case "sourceName": - err = unpopulate(val, "SourceName", &f.SourceName) + case "name": + err = unpopulate(val, "Name", &m.Name) delete(rawMsg, key) - case "sourceSubTypes": - err = unpopulate(val, "SourceSubTypes", &f.SourceSubTypes) + case "sourceId": + err = unpopulate(val, "SourceID", &m.SourceID) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", f, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type FusionSourceSubTypeSetting. -func (f FusionSourceSubTypeSetting) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type MetadataSupport. +func (m MetadataSupport) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "enabled", f.Enabled) - populate(objectMap, "severityFilters", f.SeverityFilters) - populate(objectMap, "sourceSubTypeDisplayName", f.SourceSubTypeDisplayName) - populate(objectMap, "sourceSubTypeName", f.SourceSubTypeName) + populate(objectMap, "email", m.Email) + populate(objectMap, "link", m.Link) + populate(objectMap, "name", m.Name) + populate(objectMap, "tier", m.Tier) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type FusionSourceSubTypeSetting. -func (f *FusionSourceSubTypeSetting) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type MetadataSupport. +func (m *MetadataSupport) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", f, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } for key, val := range rawMsg { var err error switch key { - case "enabled": - err = unpopulate(val, "Enabled", &f.Enabled) + case "email": + err = unpopulate(val, "Email", &m.Email) delete(rawMsg, key) - case "severityFilters": - err = unpopulate(val, "SeverityFilters", &f.SeverityFilters) + case "link": + err = unpopulate(val, "Link", &m.Link) delete(rawMsg, key) - case "sourceSubTypeDisplayName": - err = unpopulate(val, "SourceSubTypeDisplayName", &f.SourceSubTypeDisplayName) + case "name": + err = unpopulate(val, "Name", &m.Name) delete(rawMsg, key) - case "sourceSubTypeName": - err = unpopulate(val, "SourceSubTypeName", &f.SourceSubTypeName) + case "tier": + err = unpopulate(val, "Tier", &m.Tier) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", f, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type FusionSubTypeSeverityFilter. -func (f FusionSubTypeSeverityFilter) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type MicrosoftSecurityIncidentCreationAlertRule. +func (m MicrosoftSecurityIncidentCreationAlertRule) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "filters", f.Filters) - populate(objectMap, "isSupported", f.IsSupported) + populate(objectMap, "etag", m.Etag) + populate(objectMap, "id", m.ID) + objectMap["kind"] = AlertRuleKindMicrosoftSecurityIncidentCreation + populate(objectMap, "name", m.Name) + populate(objectMap, "properties", m.Properties) + populate(objectMap, "systemData", m.SystemData) + populate(objectMap, "type", m.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type FusionSubTypeSeverityFilter. -func (f *FusionSubTypeSeverityFilter) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type MicrosoftSecurityIncidentCreationAlertRule. +func (m *MicrosoftSecurityIncidentCreationAlertRule) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", f, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } for key, val := range rawMsg { var err error switch key { - case "filters": - err = unpopulate(val, "Filters", &f.Filters) + case "etag": + err = unpopulate(val, "Etag", &m.Etag) + delete(rawMsg, key) + case "id": + err = unpopulate(val, "ID", &m.ID) + delete(rawMsg, key) + case "kind": + err = unpopulate(val, "Kind", &m.Kind) + delete(rawMsg, key) + case "name": + err = unpopulate(val, "Name", &m.Name) + delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &m.Properties) delete(rawMsg, key) - case "isSupported": - err = unpopulate(val, "IsSupported", &f.IsSupported) + case "systemData": + err = unpopulate(val, "SystemData", &m.SystemData) + delete(rawMsg, key) + case "type": + err = unpopulate(val, "Type", &m.Type) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", f, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type FusionSubTypeSeverityFiltersItem. -func (f FusionSubTypeSeverityFiltersItem) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type MicrosoftSecurityIncidentCreationAlertRuleProperties. +func (m MicrosoftSecurityIncidentCreationAlertRuleProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "enabled", f.Enabled) - populate(objectMap, "severity", f.Severity) + populate(objectMap, "alertRuleTemplateName", m.AlertRuleTemplateName) + populate(objectMap, "description", m.Description) + populate(objectMap, "displayName", m.DisplayName) + populate(objectMap, "displayNamesExcludeFilter", m.DisplayNamesExcludeFilter) + populate(objectMap, "displayNamesFilter", m.DisplayNamesFilter) + populate(objectMap, "enabled", m.Enabled) + populateDateTimeRFC3339(objectMap, "lastModifiedUtc", m.LastModifiedUTC) + populate(objectMap, "productFilter", m.ProductFilter) + populate(objectMap, "severitiesFilter", m.SeveritiesFilter) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type FusionSubTypeSeverityFiltersItem. -func (f *FusionSubTypeSeverityFiltersItem) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type MicrosoftSecurityIncidentCreationAlertRuleProperties. +func (m *MicrosoftSecurityIncidentCreationAlertRuleProperties) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", f, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } for key, val := range rawMsg { var err error switch key { + case "alertRuleTemplateName": + err = unpopulate(val, "AlertRuleTemplateName", &m.AlertRuleTemplateName) + delete(rawMsg, key) + case "description": + err = unpopulate(val, "Description", &m.Description) + delete(rawMsg, key) + case "displayName": + err = unpopulate(val, "DisplayName", &m.DisplayName) + delete(rawMsg, key) + case "displayNamesExcludeFilter": + err = unpopulate(val, "DisplayNamesExcludeFilter", &m.DisplayNamesExcludeFilter) + delete(rawMsg, key) + case "displayNamesFilter": + err = unpopulate(val, "DisplayNamesFilter", &m.DisplayNamesFilter) + delete(rawMsg, key) case "enabled": - err = unpopulate(val, "Enabled", &f.Enabled) + err = unpopulate(val, "Enabled", &m.Enabled) delete(rawMsg, key) - case "severity": - err = unpopulate(val, "Severity", &f.Severity) + case "lastModifiedUtc": + err = unpopulateDateTimeRFC3339(val, "LastModifiedUTC", &m.LastModifiedUTC) + delete(rawMsg, key) + case "productFilter": + err = unpopulate(val, "ProductFilter", &m.ProductFilter) + delete(rawMsg, key) + case "severitiesFilter": + err = unpopulate(val, "SeveritiesFilter", &m.SeveritiesFilter) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", f, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type FusionTemplateSourceSetting. -func (f FusionTemplateSourceSetting) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type MicrosoftSecurityIncidentCreationAlertRuleTemplate. +func (m MicrosoftSecurityIncidentCreationAlertRuleTemplate) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "sourceName", f.SourceName) - populate(objectMap, "sourceSubTypes", f.SourceSubTypes) + populate(objectMap, "id", m.ID) + objectMap["kind"] = AlertRuleKindMicrosoftSecurityIncidentCreation + populate(objectMap, "name", m.Name) + populate(objectMap, "properties", m.Properties) + populate(objectMap, "systemData", m.SystemData) + populate(objectMap, "type", m.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type FusionTemplateSourceSetting. -func (f *FusionTemplateSourceSetting) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type MicrosoftSecurityIncidentCreationAlertRuleTemplate. +func (m *MicrosoftSecurityIncidentCreationAlertRuleTemplate) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", f, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } for key, val := range rawMsg { var err error switch key { - case "sourceName": - err = unpopulate(val, "SourceName", &f.SourceName) + case "id": + err = unpopulate(val, "ID", &m.ID) + delete(rawMsg, key) + case "kind": + err = unpopulate(val, "Kind", &m.Kind) + delete(rawMsg, key) + case "name": + err = unpopulate(val, "Name", &m.Name) + delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &m.Properties) + delete(rawMsg, key) + case "systemData": + err = unpopulate(val, "SystemData", &m.SystemData) delete(rawMsg, key) - case "sourceSubTypes": - err = unpopulate(val, "SourceSubTypes", &f.SourceSubTypes) + case "type": + err = unpopulate(val, "Type", &m.Type) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", f, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type FusionTemplateSourceSubType. -func (f FusionTemplateSourceSubType) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties. +func (m MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "severityFilter", f.SeverityFilter) - populate(objectMap, "sourceSubTypeDisplayName", f.SourceSubTypeDisplayName) - populate(objectMap, "sourceSubTypeName", f.SourceSubTypeName) + populate(objectMap, "alertRulesCreatedByTemplateCount", m.AlertRulesCreatedByTemplateCount) + populateDateTimeRFC3339(objectMap, "createdDateUTC", m.CreatedDateUTC) + populate(objectMap, "description", m.Description) + populate(objectMap, "displayName", m.DisplayName) + populate(objectMap, "displayNamesExcludeFilter", m.DisplayNamesExcludeFilter) + populate(objectMap, "displayNamesFilter", m.DisplayNamesFilter) + populateDateTimeRFC3339(objectMap, "lastUpdatedDateUTC", m.LastUpdatedDateUTC) + populate(objectMap, "productFilter", m.ProductFilter) + populate(objectMap, "requiredDataConnectors", m.RequiredDataConnectors) + populate(objectMap, "severitiesFilter", m.SeveritiesFilter) + populate(objectMap, "status", m.Status) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type FusionTemplateSourceSubType. -func (f *FusionTemplateSourceSubType) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties. +func (m *MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", f, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } for key, val := range rawMsg { var err error switch key { - case "severityFilter": - err = unpopulate(val, "SeverityFilter", &f.SeverityFilter) + case "alertRulesCreatedByTemplateCount": + err = unpopulate(val, "AlertRulesCreatedByTemplateCount", &m.AlertRulesCreatedByTemplateCount) delete(rawMsg, key) - case "sourceSubTypeDisplayName": - err = unpopulate(val, "SourceSubTypeDisplayName", &f.SourceSubTypeDisplayName) + case "createdDateUTC": + err = unpopulateDateTimeRFC3339(val, "CreatedDateUTC", &m.CreatedDateUTC) delete(rawMsg, key) - case "sourceSubTypeName": - err = unpopulate(val, "SourceSubTypeName", &f.SourceSubTypeName) + case "description": + err = unpopulate(val, "Description", &m.Description) delete(rawMsg, key) - } + case "displayName": + err = unpopulate(val, "DisplayName", &m.DisplayName) + delete(rawMsg, key) + case "displayNamesExcludeFilter": + err = unpopulate(val, "DisplayNamesExcludeFilter", &m.DisplayNamesExcludeFilter) + delete(rawMsg, key) + case "displayNamesFilter": + err = unpopulate(val, "DisplayNamesFilter", &m.DisplayNamesFilter) + delete(rawMsg, key) + case "lastUpdatedDateUTC": + err = unpopulateDateTimeRFC3339(val, "LastUpdatedDateUTC", &m.LastUpdatedDateUTC) + delete(rawMsg, key) + case "productFilter": + err = unpopulate(val, "ProductFilter", &m.ProductFilter) + delete(rawMsg, key) + case "requiredDataConnectors": + err = unpopulate(val, "RequiredDataConnectors", &m.RequiredDataConnectors) + delete(rawMsg, key) + case "severitiesFilter": + err = unpopulate(val, "SeveritiesFilter", &m.SeveritiesFilter) + delete(rawMsg, key) + case "status": + err = unpopulate(val, "Status", &m.Status) + delete(rawMsg, key) + } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", f, err) + return fmt.Errorf("unmarshalling type %T: %v", m, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type FusionTemplateSubTypeSeverityFilter. -func (f FusionTemplateSubTypeSeverityFilter) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type NoneAuthModel. +func (n NoneAuthModel) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "isSupported", f.IsSupported) - populate(objectMap, "severityFilters", f.SeverityFilters) + objectMap["type"] = CcpAuthTypeNone return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type FusionTemplateSubTypeSeverityFilter. -func (f *FusionTemplateSubTypeSeverityFilter) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type NoneAuthModel. +func (n *NoneAuthModel) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", f, err) + return fmt.Errorf("unmarshalling type %T: %v", n, err) } for key, val := range rawMsg { var err error switch key { - case "isSupported": - err = unpopulate(val, "IsSupported", &f.IsSupported) - delete(rawMsg, key) - case "severityFilters": - err = unpopulate(val, "SeverityFilters", &f.SeverityFilters) + case "type": + err = unpopulate(val, "Type", &n.Type) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", f, err) + return fmt.Errorf("unmarshalling type %T: %v", n, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type GeoLocation. -func (g GeoLocation) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type OAuthModel. +func (o OAuthModel) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "asn", g.Asn) - populate(objectMap, "city", g.City) - populate(objectMap, "countryCode", g.CountryCode) - populate(objectMap, "countryName", g.CountryName) - populate(objectMap, "latitude", g.Latitude) - populate(objectMap, "longitude", g.Longitude) - populate(objectMap, "state", g.State) + populate(objectMap, "accessTokenPrepend", o.AccessTokenPrepend) + populate(objectMap, "authorizationCode", o.AuthorizationCode) + populate(objectMap, "authorizationEndpoint", o.AuthorizationEndpoint) + populate(objectMap, "authorizationEndpointHeaders", o.AuthorizationEndpointHeaders) + populate(objectMap, "authorizationEndpointQueryParameters", o.AuthorizationEndpointQueryParameters) + populate(objectMap, "clientId", o.ClientID) + populate(objectMap, "clientSecret", o.ClientSecret) + populate(objectMap, "grantType", o.GrantType) + populate(objectMap, "isCredentialsInHeaders", o.IsCredentialsInHeaders) + populate(objectMap, "isJwtBearerFlow", o.IsJwtBearerFlow) + populate(objectMap, "redirectUri", o.RedirectURI) + populate(objectMap, "scope", o.Scope) + populate(objectMap, "tokenEndpoint", o.TokenEndpoint) + populate(objectMap, "tokenEndpointHeaders", o.TokenEndpointHeaders) + populate(objectMap, "tokenEndpointQueryParameters", o.TokenEndpointQueryParameters) + objectMap["type"] = CcpAuthTypeOAuth2 return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type GeoLocation. -func (g *GeoLocation) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type OAuthModel. +func (o *OAuthModel) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", g, err) + return fmt.Errorf("unmarshalling type %T: %v", o, err) } for key, val := range rawMsg { var err error switch key { - case "asn": - err = unpopulate(val, "Asn", &g.Asn) + case "accessTokenPrepend": + err = unpopulate(val, "AccessTokenPrepend", &o.AccessTokenPrepend) delete(rawMsg, key) - case "city": - err = unpopulate(val, "City", &g.City) + case "authorizationCode": + err = unpopulate(val, "AuthorizationCode", &o.AuthorizationCode) delete(rawMsg, key) - case "countryCode": - err = unpopulate(val, "CountryCode", &g.CountryCode) + case "authorizationEndpoint": + err = unpopulate(val, "AuthorizationEndpoint", &o.AuthorizationEndpoint) delete(rawMsg, key) - case "countryName": - err = unpopulate(val, "CountryName", &g.CountryName) + case "authorizationEndpointHeaders": + err = unpopulate(val, "AuthorizationEndpointHeaders", &o.AuthorizationEndpointHeaders) delete(rawMsg, key) - case "latitude": - err = unpopulate(val, "Latitude", &g.Latitude) + case "authorizationEndpointQueryParameters": + err = unpopulate(val, "AuthorizationEndpointQueryParameters", &o.AuthorizationEndpointQueryParameters) delete(rawMsg, key) - case "longitude": - err = unpopulate(val, "Longitude", &g.Longitude) + case "clientId": + err = unpopulate(val, "ClientID", &o.ClientID) delete(rawMsg, key) - case "state": - err = unpopulate(val, "State", &g.State) + case "clientSecret": + err = unpopulate(val, "ClientSecret", &o.ClientSecret) + delete(rawMsg, key) + case "grantType": + err = unpopulate(val, "GrantType", &o.GrantType) + delete(rawMsg, key) + case "isCredentialsInHeaders": + err = unpopulate(val, "IsCredentialsInHeaders", &o.IsCredentialsInHeaders) + delete(rawMsg, key) + case "isJwtBearerFlow": + err = unpopulate(val, "IsJwtBearerFlow", &o.IsJwtBearerFlow) + delete(rawMsg, key) + case "redirectUri": + err = unpopulate(val, "RedirectURI", &o.RedirectURI) + delete(rawMsg, key) + case "scope": + err = unpopulate(val, "Scope", &o.Scope) + delete(rawMsg, key) + case "tokenEndpoint": + err = unpopulate(val, "TokenEndpoint", &o.TokenEndpoint) + delete(rawMsg, key) + case "tokenEndpointHeaders": + err = unpopulate(val, "TokenEndpointHeaders", &o.TokenEndpointHeaders) + delete(rawMsg, key) + case "tokenEndpointQueryParameters": + err = unpopulate(val, "TokenEndpointQueryParameters", &o.TokenEndpointQueryParameters) + delete(rawMsg, key) + case "type": + err = unpopulate(val, "Type", &o.Type) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", g, err) + return fmt.Errorf("unmarshalling type %T: %v", o, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type GetInsightsErrorKind. -func (g GetInsightsErrorKind) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type OfficeDataConnector. +func (o OfficeDataConnector) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "errorMessage", g.ErrorMessage) - populate(objectMap, "kind", g.Kind) - populate(objectMap, "queryId", g.QueryID) + populate(objectMap, "etag", o.Etag) + populate(objectMap, "id", o.ID) + objectMap["kind"] = DataConnectorKindOffice365 + populate(objectMap, "name", o.Name) + populate(objectMap, "properties", o.Properties) + populate(objectMap, "systemData", o.SystemData) + populate(objectMap, "type", o.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type GetInsightsErrorKind. -func (g *GetInsightsErrorKind) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type OfficeDataConnector. +func (o *OfficeDataConnector) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", g, err) + return fmt.Errorf("unmarshalling type %T: %v", o, err) } for key, val := range rawMsg { var err error switch key { - case "errorMessage": - err = unpopulate(val, "ErrorMessage", &g.ErrorMessage) + case "etag": + err = unpopulate(val, "Etag", &o.Etag) + delete(rawMsg, key) + case "id": + err = unpopulate(val, "ID", &o.ID) delete(rawMsg, key) case "kind": - err = unpopulate(val, "Kind", &g.Kind) + err = unpopulate(val, "Kind", &o.Kind) + delete(rawMsg, key) + case "name": + err = unpopulate(val, "Name", &o.Name) + delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &o.Properties) delete(rawMsg, key) - case "queryId": - err = unpopulate(val, "QueryID", &g.QueryID) + case "systemData": + err = unpopulate(val, "SystemData", &o.SystemData) + delete(rawMsg, key) + case "type": + err = unpopulate(val, "Type", &o.Type) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", g, err) + return fmt.Errorf("unmarshalling type %T: %v", o, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type GetInsightsResultsMetadata. -func (g GetInsightsResultsMetadata) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type OfficeDataConnectorDataTypes. +func (o OfficeDataConnectorDataTypes) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "errors", g.Errors) - populate(objectMap, "totalCount", g.TotalCount) + populate(objectMap, "exchange", o.Exchange) + populate(objectMap, "sharePoint", o.SharePoint) + populate(objectMap, "teams", o.Teams) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type GetInsightsResultsMetadata. -func (g *GetInsightsResultsMetadata) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type OfficeDataConnectorDataTypes. +func (o *OfficeDataConnectorDataTypes) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", g, err) + return fmt.Errorf("unmarshalling type %T: %v", o, err) } for key, val := range rawMsg { var err error switch key { - case "errors": - err = unpopulate(val, "Errors", &g.Errors) + case "exchange": + err = unpopulate(val, "Exchange", &o.Exchange) + delete(rawMsg, key) + case "sharePoint": + err = unpopulate(val, "SharePoint", &o.SharePoint) delete(rawMsg, key) - case "totalCount": - err = unpopulate(val, "TotalCount", &g.TotalCount) + case "teams": + err = unpopulate(val, "Teams", &o.Teams) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", g, err) + return fmt.Errorf("unmarshalling type %T: %v", o, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type GetQueriesResponse. -func (g GetQueriesResponse) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type OfficeDataConnectorDataTypesExchange. +func (o OfficeDataConnectorDataTypesExchange) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "value", g.Value) + populate(objectMap, "state", o.State) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type GetQueriesResponse. -func (g *GetQueriesResponse) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type OfficeDataConnectorDataTypesExchange. +func (o *OfficeDataConnectorDataTypesExchange) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", g, err) + return fmt.Errorf("unmarshalling type %T: %v", o, err) } for key, val := range rawMsg { var err error switch key { - case "value": - g.Value, err = unmarshalEntityQueryItemClassificationArray(val) + case "state": + err = unpopulate(val, "State", &o.State) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", g, err) + return fmt.Errorf("unmarshalling type %T: %v", o, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type GitHubResourceInfo. -func (g GitHubResourceInfo) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type OfficeDataConnectorDataTypesSharePoint. +func (o OfficeDataConnectorDataTypesSharePoint) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "appInstallationId", g.AppInstallationID) + populate(objectMap, "state", o.State) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type GitHubResourceInfo. -func (g *GitHubResourceInfo) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type OfficeDataConnectorDataTypesSharePoint. +func (o *OfficeDataConnectorDataTypesSharePoint) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", g, err) + return fmt.Errorf("unmarshalling type %T: %v", o, err) } for key, val := range rawMsg { var err error switch key { - case "appInstallationId": - err = unpopulate(val, "AppInstallationID", &g.AppInstallationID) + case "state": + err = unpopulate(val, "State", &o.State) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", g, err) + return fmt.Errorf("unmarshalling type %T: %v", o, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type GroupingConfiguration. -func (g GroupingConfiguration) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type OfficeDataConnectorDataTypesTeams. +func (o OfficeDataConnectorDataTypesTeams) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "enabled", g.Enabled) - populate(objectMap, "groupByAlertDetails", g.GroupByAlertDetails) - populate(objectMap, "groupByCustomDetails", g.GroupByCustomDetails) - populate(objectMap, "groupByEntities", g.GroupByEntities) - populate(objectMap, "lookbackDuration", g.LookbackDuration) - populate(objectMap, "matchingMethod", g.MatchingMethod) - populate(objectMap, "reopenClosedIncident", g.ReopenClosedIncident) + populate(objectMap, "state", o.State) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type GroupingConfiguration. -func (g *GroupingConfiguration) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type OfficeDataConnectorDataTypesTeams. +func (o *OfficeDataConnectorDataTypesTeams) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", g, err) + return fmt.Errorf("unmarshalling type %T: %v", o, err) } for key, val := range rawMsg { var err error switch key { - case "enabled": - err = unpopulate(val, "Enabled", &g.Enabled) - delete(rawMsg, key) - case "groupByAlertDetails": - err = unpopulate(val, "GroupByAlertDetails", &g.GroupByAlertDetails) - delete(rawMsg, key) - case "groupByCustomDetails": - err = unpopulate(val, "GroupByCustomDetails", &g.GroupByCustomDetails) - delete(rawMsg, key) - case "groupByEntities": - err = unpopulate(val, "GroupByEntities", &g.GroupByEntities) - delete(rawMsg, key) - case "lookbackDuration": - err = unpopulate(val, "LookbackDuration", &g.LookbackDuration) - delete(rawMsg, key) - case "matchingMethod": - err = unpopulate(val, "MatchingMethod", &g.MatchingMethod) - delete(rawMsg, key) - case "reopenClosedIncident": - err = unpopulate(val, "ReopenClosedIncident", &g.ReopenClosedIncident) + case "state": + err = unpopulate(val, "State", &o.State) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", g, err) + return fmt.Errorf("unmarshalling type %T: %v", o, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type HostEntity. -func (h HostEntity) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type OfficeDataConnectorProperties. +func (o OfficeDataConnectorProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "id", h.ID) - objectMap["kind"] = EntityKindHost - populate(objectMap, "name", h.Name) - populate(objectMap, "properties", h.Properties) - populate(objectMap, "systemData", h.SystemData) - populate(objectMap, "type", h.Type) + populate(objectMap, "dataTypes", o.DataTypes) + populate(objectMap, "tenantId", o.TenantID) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type HostEntity. -func (h *HostEntity) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type OfficeDataConnectorProperties. +func (o *OfficeDataConnectorProperties) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", h, err) + return fmt.Errorf("unmarshalling type %T: %v", o, err) } for key, val := range rawMsg { var err error switch key { - case "id": - err = unpopulate(val, "ID", &h.ID) - delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &h.Kind) - delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &h.Name) - delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &h.Properties) - delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &h.SystemData) + case "dataTypes": + err = unpopulate(val, "DataTypes", &o.DataTypes) delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &h.Type) + case "tenantId": + err = unpopulate(val, "TenantID", &o.TenantID) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", h, err) + return fmt.Errorf("unmarshalling type %T: %v", o, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type HostEntityProperties. -func (h HostEntityProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type Operation. +func (o Operation) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "additionalData", h.AdditionalData) - populate(objectMap, "azureID", h.AzureID) - populate(objectMap, "dnsDomain", h.DNSDomain) - populate(objectMap, "friendlyName", h.FriendlyName) - populate(objectMap, "hostName", h.HostName) - populate(objectMap, "isDomainJoined", h.IsDomainJoined) - populate(objectMap, "netBiosName", h.NetBiosName) - populate(objectMap, "ntDomain", h.NtDomain) - populate(objectMap, "osFamily", h.OSFamily) - populate(objectMap, "osVersion", h.OSVersion) - populate(objectMap, "omsAgentID", h.OmsAgentID) + populate(objectMap, "display", o.Display) + populate(objectMap, "isDataAction", o.IsDataAction) + populate(objectMap, "name", o.Name) + populate(objectMap, "origin", o.Origin) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type HostEntityProperties. -func (h *HostEntityProperties) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type Operation. +func (o *Operation) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", h, err) + return fmt.Errorf("unmarshalling type %T: %v", o, err) } for key, val := range rawMsg { var err error switch key { - case "additionalData": - err = unpopulate(val, "AdditionalData", &h.AdditionalData) - delete(rawMsg, key) - case "azureID": - err = unpopulate(val, "AzureID", &h.AzureID) - delete(rawMsg, key) - case "dnsDomain": - err = unpopulate(val, "DNSDomain", &h.DNSDomain) - delete(rawMsg, key) - case "friendlyName": - err = unpopulate(val, "FriendlyName", &h.FriendlyName) - delete(rawMsg, key) - case "hostName": - err = unpopulate(val, "HostName", &h.HostName) - delete(rawMsg, key) - case "isDomainJoined": - err = unpopulate(val, "IsDomainJoined", &h.IsDomainJoined) - delete(rawMsg, key) - case "netBiosName": - err = unpopulate(val, "NetBiosName", &h.NetBiosName) - delete(rawMsg, key) - case "ntDomain": - err = unpopulate(val, "NtDomain", &h.NtDomain) + case "display": + err = unpopulate(val, "Display", &o.Display) delete(rawMsg, key) - case "osFamily": - err = unpopulate(val, "OSFamily", &h.OSFamily) + case "isDataAction": + err = unpopulate(val, "IsDataAction", &o.IsDataAction) delete(rawMsg, key) - case "osVersion": - err = unpopulate(val, "OSVersion", &h.OSVersion) + case "name": + err = unpopulate(val, "Name", &o.Name) delete(rawMsg, key) - case "omsAgentID": - err = unpopulate(val, "OmsAgentID", &h.OmsAgentID) + case "origin": + err = unpopulate(val, "Origin", &o.Origin) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", h, err) + return fmt.Errorf("unmarshalling type %T: %v", o, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type HuntingBookmark. -func (h HuntingBookmark) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type OperationDisplay. +func (o OperationDisplay) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "id", h.ID) - objectMap["kind"] = EntityKindBookmark - populate(objectMap, "name", h.Name) - populate(objectMap, "properties", h.Properties) - populate(objectMap, "systemData", h.SystemData) - populate(objectMap, "type", h.Type) + populate(objectMap, "description", o.Description) + populate(objectMap, "operation", o.Operation) + populate(objectMap, "provider", o.Provider) + populate(objectMap, "resource", o.Resource) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type HuntingBookmark. -func (h *HuntingBookmark) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type OperationDisplay. +func (o *OperationDisplay) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", h, err) + return fmt.Errorf("unmarshalling type %T: %v", o, err) } for key, val := range rawMsg { var err error switch key { - case "id": - err = unpopulate(val, "ID", &h.ID) - delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &h.Kind) - delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &h.Name) + case "description": + err = unpopulate(val, "Description", &o.Description) delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &h.Properties) + case "operation": + err = unpopulate(val, "Operation", &o.Operation) delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &h.SystemData) + case "provider": + err = unpopulate(val, "Provider", &o.Provider) delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &h.Type) + case "resource": + err = unpopulate(val, "Resource", &o.Resource) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", h, err) + return fmt.Errorf("unmarshalling type %T: %v", o, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type HuntingBookmarkProperties. -func (h HuntingBookmarkProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type OperationsList. +func (o OperationsList) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "additionalData", h.AdditionalData) - populateDateTimeRFC3339(objectMap, "created", h.Created) - populate(objectMap, "createdBy", h.CreatedBy) - populate(objectMap, "displayName", h.DisplayName) - populateDateTimeRFC3339(objectMap, "eventTime", h.EventTime) - populate(objectMap, "friendlyName", h.FriendlyName) - populate(objectMap, "incidentInfo", h.IncidentInfo) - populate(objectMap, "labels", h.Labels) - populate(objectMap, "notes", h.Notes) - populate(objectMap, "query", h.Query) - populate(objectMap, "queryResult", h.QueryResult) - populateDateTimeRFC3339(objectMap, "updated", h.Updated) - populate(objectMap, "updatedBy", h.UpdatedBy) + populate(objectMap, "nextLink", o.NextLink) + populate(objectMap, "value", o.Value) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type HuntingBookmarkProperties. -func (h *HuntingBookmarkProperties) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type OperationsList. +func (o *OperationsList) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", h, err) + return fmt.Errorf("unmarshalling type %T: %v", o, err) } for key, val := range rawMsg { var err error switch key { - case "additionalData": - err = unpopulate(val, "AdditionalData", &h.AdditionalData) - delete(rawMsg, key) - case "created": - err = unpopulateDateTimeRFC3339(val, "Created", &h.Created) - delete(rawMsg, key) - case "createdBy": - err = unpopulate(val, "CreatedBy", &h.CreatedBy) - delete(rawMsg, key) - case "displayName": - err = unpopulate(val, "DisplayName", &h.DisplayName) - delete(rawMsg, key) - case "eventTime": - err = unpopulateDateTimeRFC3339(val, "EventTime", &h.EventTime) - delete(rawMsg, key) - case "friendlyName": - err = unpopulate(val, "FriendlyName", &h.FriendlyName) - delete(rawMsg, key) - case "incidentInfo": - err = unpopulate(val, "IncidentInfo", &h.IncidentInfo) - delete(rawMsg, key) - case "labels": - err = unpopulate(val, "Labels", &h.Labels) - delete(rawMsg, key) - case "notes": - err = unpopulate(val, "Notes", &h.Notes) - delete(rawMsg, key) - case "query": - err = unpopulate(val, "Query", &h.Query) - delete(rawMsg, key) - case "queryResult": - err = unpopulate(val, "QueryResult", &h.QueryResult) - delete(rawMsg, key) - case "updated": - err = unpopulateDateTimeRFC3339(val, "Updated", &h.Updated) + case "nextLink": + err = unpopulate(val, "NextLink", &o.NextLink) delete(rawMsg, key) - case "updatedBy": - err = unpopulate(val, "UpdatedBy", &h.UpdatedBy) + case "value": + err = unpopulate(val, "Value", &o.Value) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", h, err) + return fmt.Errorf("unmarshalling type %T: %v", o, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type IPEntity. -func (i IPEntity) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type OracleAuthModel. +func (o OracleAuthModel) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "id", i.ID) - objectMap["kind"] = EntityKindIP - populate(objectMap, "name", i.Name) - populate(objectMap, "properties", i.Properties) - populate(objectMap, "systemData", i.SystemData) - populate(objectMap, "type", i.Type) + populate(objectMap, "pemFile", o.PemFile) + populate(objectMap, "publicFingerprint", o.PublicFingerprint) + populate(objectMap, "tenantId", o.TenantID) + objectMap["type"] = CcpAuthTypeOracle + populate(objectMap, "userId", o.UserID) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type IPEntity. -func (i *IPEntity) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type OracleAuthModel. +func (o *OracleAuthModel) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", o, err) } for key, val := range rawMsg { var err error switch key { - case "id": - err = unpopulate(val, "ID", &i.ID) - delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &i.Kind) + case "pemFile": + err = unpopulate(val, "PemFile", &o.PemFile) delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &i.Name) - delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &i.Properties) + case "publicFingerprint": + err = unpopulate(val, "PublicFingerprint", &o.PublicFingerprint) delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &i.SystemData) + case "tenantId": + err = unpopulate(val, "TenantID", &o.TenantID) delete(rawMsg, key) case "type": - err = unpopulate(val, "Type", &i.Type) + err = unpopulate(val, "Type", &o.Type) + delete(rawMsg, key) + case "userId": + err = unpopulate(val, "UserID", &o.UserID) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", o, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type IPEntityProperties. -func (i IPEntityProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type PackageList. +func (p PackageList) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "additionalData", i.AdditionalData) - populate(objectMap, "address", i.Address) - populate(objectMap, "friendlyName", i.FriendlyName) - populate(objectMap, "location", i.Location) - populate(objectMap, "threatIntelligence", i.ThreatIntelligence) + populate(objectMap, "nextLink", p.NextLink) + populate(objectMap, "value", p.Value) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type IPEntityProperties. -func (i *IPEntityProperties) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type PackageList. +func (p *PackageList) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", p, err) } for key, val := range rawMsg { var err error switch key { - case "additionalData": - err = unpopulate(val, "AdditionalData", &i.AdditionalData) - delete(rawMsg, key) - case "address": - err = unpopulate(val, "Address", &i.Address) - delete(rawMsg, key) - case "friendlyName": - err = unpopulate(val, "FriendlyName", &i.FriendlyName) - delete(rawMsg, key) - case "location": - err = unpopulate(val, "Location", &i.Location) + case "nextLink": + err = unpopulate(val, "NextLink", &p.NextLink) delete(rawMsg, key) - case "threatIntelligence": - err = unpopulate(val, "ThreatIntelligence", &i.ThreatIntelligence) + case "value": + err = unpopulate(val, "Value", &p.Value) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", p, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type Incident. -func (i Incident) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type PackageModel. +func (p PackageModel) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "etag", i.Etag) - populate(objectMap, "id", i.ID) - populate(objectMap, "name", i.Name) - populate(objectMap, "properties", i.Properties) - populate(objectMap, "systemData", i.SystemData) - populate(objectMap, "type", i.Type) + populate(objectMap, "etag", p.Etag) + populate(objectMap, "id", p.ID) + populate(objectMap, "name", p.Name) + populate(objectMap, "properties", p.Properties) + populate(objectMap, "systemData", p.SystemData) + populate(objectMap, "type", p.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type Incident. -func (i *Incident) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type PackageModel. +func (p *PackageModel) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", p, err) } for key, val := range rawMsg { var err error switch key { case "etag": - err = unpopulate(val, "Etag", &i.Etag) + err = unpopulate(val, "Etag", &p.Etag) delete(rawMsg, key) case "id": - err = unpopulate(val, "ID", &i.ID) + err = unpopulate(val, "ID", &p.ID) delete(rawMsg, key) case "name": - err = unpopulate(val, "Name", &i.Name) + err = unpopulate(val, "Name", &p.Name) delete(rawMsg, key) case "properties": - err = unpopulate(val, "Properties", &i.Properties) + err = unpopulate(val, "Properties", &p.Properties) delete(rawMsg, key) case "systemData": - err = unpopulate(val, "SystemData", &i.SystemData) + err = unpopulate(val, "SystemData", &p.SystemData) delete(rawMsg, key) case "type": - err = unpopulate(val, "Type", &i.Type) + err = unpopulate(val, "Type", &p.Type) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", p, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type IncidentAdditionalData. -func (i IncidentAdditionalData) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type PackageProperties. +func (p PackageProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "alertProductNames", i.AlertProductNames) - populate(objectMap, "alertsCount", i.AlertsCount) - populate(objectMap, "bookmarksCount", i.BookmarksCount) - populate(objectMap, "commentsCount", i.CommentsCount) - populate(objectMap, "providerIncidentUrl", i.ProviderIncidentURL) - populate(objectMap, "tactics", i.Tactics) - populate(objectMap, "techniques", i.Techniques) + populate(objectMap, "author", p.Author) + populate(objectMap, "categories", p.Categories) + populate(objectMap, "contentId", p.ContentID) + populate(objectMap, "contentKind", p.ContentKind) + populate(objectMap, "contentProductId", p.ContentProductID) + populate(objectMap, "contentSchemaVersion", p.ContentSchemaVersion) + populate(objectMap, "dependencies", p.Dependencies) + populate(objectMap, "description", p.Description) + populate(objectMap, "displayName", p.DisplayName) + populateDateType(objectMap, "firstPublishDate", p.FirstPublishDate) + populate(objectMap, "icon", p.Icon) + populate(objectMap, "isDeprecated", p.IsDeprecated) + populate(objectMap, "isFeatured", p.IsFeatured) + populate(objectMap, "isNew", p.IsNew) + populate(objectMap, "isPreview", p.IsPreview) + populateDateType(objectMap, "lastPublishDate", p.LastPublishDate) + populate(objectMap, "providers", p.Providers) + populate(objectMap, "publisherDisplayName", p.PublisherDisplayName) + populate(objectMap, "source", p.Source) + populate(objectMap, "support", p.Support) + populate(objectMap, "threatAnalysisTactics", p.ThreatAnalysisTactics) + populate(objectMap, "threatAnalysisTechniques", p.ThreatAnalysisTechniques) + populate(objectMap, "version", p.Version) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type IncidentAdditionalData. -func (i *IncidentAdditionalData) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type PackageProperties. +func (p *PackageProperties) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", p, err) } for key, val := range rawMsg { var err error switch key { - case "alertProductNames": - err = unpopulate(val, "AlertProductNames", &i.AlertProductNames) + case "author": + err = unpopulate(val, "Author", &p.Author) delete(rawMsg, key) - case "alertsCount": - err = unpopulate(val, "AlertsCount", &i.AlertsCount) + case "categories": + err = unpopulate(val, "Categories", &p.Categories) delete(rawMsg, key) - case "bookmarksCount": - err = unpopulate(val, "BookmarksCount", &i.BookmarksCount) + case "contentId": + err = unpopulate(val, "ContentID", &p.ContentID) delete(rawMsg, key) - case "commentsCount": - err = unpopulate(val, "CommentsCount", &i.CommentsCount) + case "contentKind": + err = unpopulate(val, "ContentKind", &p.ContentKind) delete(rawMsg, key) - case "providerIncidentUrl": - err = unpopulate(val, "ProviderIncidentURL", &i.ProviderIncidentURL) + case "contentProductId": + err = unpopulate(val, "ContentProductID", &p.ContentProductID) delete(rawMsg, key) - case "tactics": - err = unpopulate(val, "Tactics", &i.Tactics) + case "contentSchemaVersion": + err = unpopulate(val, "ContentSchemaVersion", &p.ContentSchemaVersion) delete(rawMsg, key) - case "techniques": - err = unpopulate(val, "Techniques", &i.Techniques) + case "dependencies": + err = unpopulate(val, "Dependencies", &p.Dependencies) + delete(rawMsg, key) + case "description": + err = unpopulate(val, "Description", &p.Description) + delete(rawMsg, key) + case "displayName": + err = unpopulate(val, "DisplayName", &p.DisplayName) + delete(rawMsg, key) + case "firstPublishDate": + err = unpopulateDateType(val, "FirstPublishDate", &p.FirstPublishDate) + delete(rawMsg, key) + case "icon": + err = unpopulate(val, "Icon", &p.Icon) + delete(rawMsg, key) + case "isDeprecated": + err = unpopulate(val, "IsDeprecated", &p.IsDeprecated) + delete(rawMsg, key) + case "isFeatured": + err = unpopulate(val, "IsFeatured", &p.IsFeatured) + delete(rawMsg, key) + case "isNew": + err = unpopulate(val, "IsNew", &p.IsNew) + delete(rawMsg, key) + case "isPreview": + err = unpopulate(val, "IsPreview", &p.IsPreview) + delete(rawMsg, key) + case "lastPublishDate": + err = unpopulateDateType(val, "LastPublishDate", &p.LastPublishDate) + delete(rawMsg, key) + case "providers": + err = unpopulate(val, "Providers", &p.Providers) + delete(rawMsg, key) + case "publisherDisplayName": + err = unpopulate(val, "PublisherDisplayName", &p.PublisherDisplayName) + delete(rawMsg, key) + case "source": + err = unpopulate(val, "Source", &p.Source) + delete(rawMsg, key) + case "support": + err = unpopulate(val, "Support", &p.Support) + delete(rawMsg, key) + case "threatAnalysisTactics": + err = unpopulate(val, "ThreatAnalysisTactics", &p.ThreatAnalysisTactics) + delete(rawMsg, key) + case "threatAnalysisTechniques": + err = unpopulate(val, "ThreatAnalysisTechniques", &p.ThreatAnalysisTechniques) + delete(rawMsg, key) + case "version": + err = unpopulate(val, "Version", &p.Version) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", p, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type IncidentAlertList. -func (i IncidentAlertList) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type PlaybookActionProperties. +func (p PlaybookActionProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "value", i.Value) + populate(objectMap, "logicAppResourceId", p.LogicAppResourceID) + populate(objectMap, "tenantId", p.TenantID) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type IncidentAlertList. -func (i *IncidentAlertList) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type PlaybookActionProperties. +func (p *PlaybookActionProperties) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", p, err) } for key, val := range rawMsg { var err error switch key { - case "value": - err = unpopulate(val, "Value", &i.Value) + case "logicAppResourceId": + err = unpopulate(val, "LogicAppResourceID", &p.LogicAppResourceID) + delete(rawMsg, key) + case "tenantId": + err = unpopulate(val, "TenantID", &p.TenantID) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", p, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type IncidentBookmarkList. -func (i IncidentBookmarkList) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type PremiumMdtiDataConnectorDataTypes. +func (p PremiumMdtiDataConnectorDataTypes) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "value", i.Value) + populate(objectMap, "connector", p.Connector) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type IncidentBookmarkList. -func (i *IncidentBookmarkList) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type PremiumMdtiDataConnectorDataTypes. +func (p *PremiumMdtiDataConnectorDataTypes) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", p, err) } for key, val := range rawMsg { var err error switch key { - case "value": - err = unpopulate(val, "Value", &i.Value) + case "connector": + err = unpopulate(val, "Connector", &p.Connector) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", p, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type IncidentComment. -func (i IncidentComment) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type PremiumMdtiDataConnectorDataTypesConnector. +func (p PremiumMdtiDataConnectorDataTypesConnector) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "etag", i.Etag) - populate(objectMap, "id", i.ID) - populate(objectMap, "name", i.Name) - populate(objectMap, "properties", i.Properties) - populate(objectMap, "systemData", i.SystemData) - populate(objectMap, "type", i.Type) + populate(objectMap, "state", p.State) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type IncidentComment. -func (i *IncidentComment) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type PremiumMdtiDataConnectorDataTypesConnector. +func (p *PremiumMdtiDataConnectorDataTypesConnector) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", p, err) } for key, val := range rawMsg { var err error switch key { - case "etag": - err = unpopulate(val, "Etag", &i.Etag) - delete(rawMsg, key) - case "id": - err = unpopulate(val, "ID", &i.ID) - delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &i.Name) - delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &i.Properties) - delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &i.SystemData) - delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &i.Type) + case "state": + err = unpopulate(val, "State", &p.State) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", p, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type IncidentCommentList. -func (i IncidentCommentList) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type PremiumMdtiDataConnectorProperties. +func (p PremiumMdtiDataConnectorProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "nextLink", i.NextLink) - populate(objectMap, "value", i.Value) + populate(objectMap, "dataTypes", p.DataTypes) + populate(objectMap, "lookbackPeriod", p.LookbackPeriod) + populate(objectMap, "requiredSKUsPresent", p.RequiredSKUsPresent) + populate(objectMap, "tenantId", p.TenantID) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type IncidentCommentList. -func (i *IncidentCommentList) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type PremiumMdtiDataConnectorProperties. +func (p *PremiumMdtiDataConnectorProperties) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", p, err) } for key, val := range rawMsg { var err error switch key { - case "nextLink": - err = unpopulate(val, "NextLink", &i.NextLink) + case "dataTypes": + err = unpopulate(val, "DataTypes", &p.DataTypes) delete(rawMsg, key) - case "value": - err = unpopulate(val, "Value", &i.Value) + case "lookbackPeriod": + err = unpopulate(val, "LookbackPeriod", &p.LookbackPeriod) + delete(rawMsg, key) + case "requiredSKUsPresent": + err = unpopulate(val, "RequiredSKUsPresent", &p.RequiredSKUsPresent) + delete(rawMsg, key) + case "tenantId": + err = unpopulate(val, "TenantID", &p.TenantID) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", p, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type IncidentCommentProperties. -func (i IncidentCommentProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type PremiumMicrosoftDefenderForThreatIntelligence. +func (p PremiumMicrosoftDefenderForThreatIntelligence) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "author", i.Author) - populateDateTimeRFC3339(objectMap, "createdTimeUtc", i.CreatedTimeUTC) - populateDateTimeRFC3339(objectMap, "lastModifiedTimeUtc", i.LastModifiedTimeUTC) - populate(objectMap, "message", i.Message) + populate(objectMap, "etag", p.Etag) + populate(objectMap, "id", p.ID) + objectMap["kind"] = DataConnectorKindPremiumMicrosoftDefenderForThreatIntelligence + populate(objectMap, "name", p.Name) + populate(objectMap, "properties", p.Properties) + populate(objectMap, "systemData", p.SystemData) + populate(objectMap, "type", p.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type IncidentCommentProperties. -func (i *IncidentCommentProperties) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type PremiumMicrosoftDefenderForThreatIntelligence. +func (p *PremiumMicrosoftDefenderForThreatIntelligence) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", p, err) } for key, val := range rawMsg { var err error switch key { - case "author": - err = unpopulate(val, "Author", &i.Author) + case "etag": + err = unpopulate(val, "Etag", &p.Etag) delete(rawMsg, key) - case "createdTimeUtc": - err = unpopulateDateTimeRFC3339(val, "CreatedTimeUTC", &i.CreatedTimeUTC) + case "id": + err = unpopulate(val, "ID", &p.ID) delete(rawMsg, key) - case "lastModifiedTimeUtc": - err = unpopulateDateTimeRFC3339(val, "LastModifiedTimeUTC", &i.LastModifiedTimeUTC) + case "kind": + err = unpopulate(val, "Kind", &p.Kind) delete(rawMsg, key) - case "message": - err = unpopulate(val, "Message", &i.Message) + case "name": + err = unpopulate(val, "Name", &p.Name) + delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &p.Properties) + delete(rawMsg, key) + case "systemData": + err = unpopulate(val, "SystemData", &p.SystemData) + delete(rawMsg, key) + case "type": + err = unpopulate(val, "Type", &p.Type) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", p, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type IncidentConfiguration. -func (i IncidentConfiguration) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type ProcessEntity. +func (p ProcessEntity) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "createIncident", i.CreateIncident) - populate(objectMap, "groupingConfiguration", i.GroupingConfiguration) + populate(objectMap, "id", p.ID) + objectMap["kind"] = EntityKindEnumProcess + populate(objectMap, "name", p.Name) + populate(objectMap, "properties", p.Properties) + populate(objectMap, "systemData", p.SystemData) + populate(objectMap, "type", p.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type IncidentConfiguration. -func (i *IncidentConfiguration) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type ProcessEntity. +func (p *ProcessEntity) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", p, err) } for key, val := range rawMsg { var err error switch key { - case "createIncident": - err = unpopulate(val, "CreateIncident", &i.CreateIncident) + case "id": + err = unpopulate(val, "ID", &p.ID) delete(rawMsg, key) - case "groupingConfiguration": - err = unpopulate(val, "GroupingConfiguration", &i.GroupingConfiguration) + case "kind": + err = unpopulate(val, "Kind", &p.Kind) + delete(rawMsg, key) + case "name": + err = unpopulate(val, "Name", &p.Name) + delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &p.Properties) + delete(rawMsg, key) + case "systemData": + err = unpopulate(val, "SystemData", &p.SystemData) + delete(rawMsg, key) + case "type": + err = unpopulate(val, "Type", &p.Type) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", p, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type IncidentEntitiesResponse. -func (i IncidentEntitiesResponse) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type ProcessEntityProperties. +func (p ProcessEntityProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "entities", i.Entities) - populate(objectMap, "metaData", i.MetaData) + populate(objectMap, "accountEntityId", p.AccountEntityID) + populate(objectMap, "additionalData", p.AdditionalData) + populate(objectMap, "commandLine", p.CommandLine) + populateDateTimeRFC3339(objectMap, "creationTimeUtc", p.CreationTimeUTC) + populate(objectMap, "elevationToken", p.ElevationToken) + populate(objectMap, "friendlyName", p.FriendlyName) + populate(objectMap, "hostEntityId", p.HostEntityID) + populate(objectMap, "hostLogonSessionEntityId", p.HostLogonSessionEntityID) + populate(objectMap, "imageFileEntityId", p.ImageFileEntityID) + populate(objectMap, "parentProcessEntityId", p.ParentProcessEntityID) + populate(objectMap, "processId", p.ProcessID) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type IncidentEntitiesResponse. -func (i *IncidentEntitiesResponse) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type ProcessEntityProperties. +func (p *ProcessEntityProperties) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", p, err) } for key, val := range rawMsg { var err error switch key { - case "entities": - i.Entities, err = unmarshalEntityClassificationArray(val) + case "accountEntityId": + err = unpopulate(val, "AccountEntityID", &p.AccountEntityID) delete(rawMsg, key) - case "metaData": - err = unpopulate(val, "MetaData", &i.MetaData) + case "additionalData": + err = unpopulate(val, "AdditionalData", &p.AdditionalData) delete(rawMsg, key) - } + case "commandLine": + err = unpopulate(val, "CommandLine", &p.CommandLine) + delete(rawMsg, key) + case "creationTimeUtc": + err = unpopulateDateTimeRFC3339(val, "CreationTimeUTC", &p.CreationTimeUTC) + delete(rawMsg, key) + case "elevationToken": + err = unpopulate(val, "ElevationToken", &p.ElevationToken) + delete(rawMsg, key) + case "friendlyName": + err = unpopulate(val, "FriendlyName", &p.FriendlyName) + delete(rawMsg, key) + case "hostEntityId": + err = unpopulate(val, "HostEntityID", &p.HostEntityID) + delete(rawMsg, key) + case "hostLogonSessionEntityId": + err = unpopulate(val, "HostLogonSessionEntityID", &p.HostLogonSessionEntityID) + delete(rawMsg, key) + case "imageFileEntityId": + err = unpopulate(val, "ImageFileEntityID", &p.ImageFileEntityID) + delete(rawMsg, key) + case "parentProcessEntityId": + err = unpopulate(val, "ParentProcessEntityID", &p.ParentProcessEntityID) + delete(rawMsg, key) + case "processId": + err = unpopulate(val, "ProcessID", &p.ProcessID) + delete(rawMsg, key) + } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", p, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type IncidentEntitiesResultsMetadata. -func (i IncidentEntitiesResultsMetadata) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type ProductPackageList. +func (p ProductPackageList) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "count", i.Count) - populate(objectMap, "entityKind", i.EntityKind) + populate(objectMap, "nextLink", p.NextLink) + populate(objectMap, "value", p.Value) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type IncidentEntitiesResultsMetadata. -func (i *IncidentEntitiesResultsMetadata) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type ProductPackageList. +func (p *ProductPackageList) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", p, err) } for key, val := range rawMsg { var err error switch key { - case "count": - err = unpopulate(val, "Count", &i.Count) + case "nextLink": + err = unpopulate(val, "NextLink", &p.NextLink) delete(rawMsg, key) - case "entityKind": - err = unpopulate(val, "EntityKind", &i.EntityKind) + case "value": + err = unpopulate(val, "Value", &p.Value) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", p, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type IncidentInfo. -func (i IncidentInfo) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type ProductPackageModel. +func (p ProductPackageModel) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "incidentId", i.IncidentID) - populate(objectMap, "relationName", i.RelationName) - populate(objectMap, "severity", i.Severity) - populate(objectMap, "title", i.Title) + populate(objectMap, "etag", p.Etag) + populate(objectMap, "id", p.ID) + populate(objectMap, "name", p.Name) + populate(objectMap, "properties", p.Properties) + populate(objectMap, "systemData", p.SystemData) + populate(objectMap, "type", p.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type IncidentInfo. -func (i *IncidentInfo) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type ProductPackageModel. +func (p *ProductPackageModel) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", p, err) } for key, val := range rawMsg { var err error switch key { - case "incidentId": - err = unpopulate(val, "IncidentID", &i.IncidentID) + case "etag": + err = unpopulate(val, "Etag", &p.Etag) delete(rawMsg, key) - case "relationName": - err = unpopulate(val, "RelationName", &i.RelationName) + case "id": + err = unpopulate(val, "ID", &p.ID) delete(rawMsg, key) - case "severity": - err = unpopulate(val, "Severity", &i.Severity) + case "name": + err = unpopulate(val, "Name", &p.Name) delete(rawMsg, key) - case "title": - err = unpopulate(val, "Title", &i.Title) + case "properties": + err = unpopulate(val, "Properties", &p.Properties) + delete(rawMsg, key) + case "systemData": + err = unpopulate(val, "SystemData", &p.SystemData) + delete(rawMsg, key) + case "type": + err = unpopulate(val, "Type", &p.Type) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", p, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type IncidentLabel. -func (i IncidentLabel) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type ProductPackageProperties. +func (p ProductPackageProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "labelName", i.LabelName) - populate(objectMap, "labelType", i.LabelType) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type IncidentLabel. -func (i *IncidentLabel) UnmarshalJSON(data []byte) error { + populate(objectMap, "author", p.Author) + populate(objectMap, "categories", p.Categories) + populate(objectMap, "contentId", p.ContentID) + populate(objectMap, "contentKind", p.ContentKind) + populate(objectMap, "contentProductId", p.ContentProductID) + populate(objectMap, "contentSchemaVersion", p.ContentSchemaVersion) + populate(objectMap, "dependencies", p.Dependencies) + populate(objectMap, "description", p.Description) + populate(objectMap, "displayName", p.DisplayName) + populateDateType(objectMap, "firstPublishDate", p.FirstPublishDate) + populate(objectMap, "icon", p.Icon) + populate(objectMap, "installedVersion", p.InstalledVersion) + populate(objectMap, "isDeprecated", p.IsDeprecated) + populate(objectMap, "isFeatured", p.IsFeatured) + populate(objectMap, "isNew", p.IsNew) + populate(objectMap, "isPreview", p.IsPreview) + populateDateType(objectMap, "lastPublishDate", p.LastPublishDate) + populate(objectMap, "metadataResourceId", p.MetadataResourceID) + populateAny(objectMap, "packagedContent", p.PackagedContent) + populate(objectMap, "providers", p.Providers) + populate(objectMap, "publisherDisplayName", p.PublisherDisplayName) + populate(objectMap, "source", p.Source) + populate(objectMap, "support", p.Support) + populate(objectMap, "threatAnalysisTactics", p.ThreatAnalysisTactics) + populate(objectMap, "threatAnalysisTechniques", p.ThreatAnalysisTechniques) + populate(objectMap, "version", p.Version) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type ProductPackageProperties. +func (p *ProductPackageProperties) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", p, err) } for key, val := range rawMsg { var err error switch key { - case "labelName": - err = unpopulate(val, "LabelName", &i.LabelName) + case "author": + err = unpopulate(val, "Author", &p.Author) delete(rawMsg, key) - case "labelType": - err = unpopulate(val, "LabelType", &i.LabelType) + case "categories": + err = unpopulate(val, "Categories", &p.Categories) + delete(rawMsg, key) + case "contentId": + err = unpopulate(val, "ContentID", &p.ContentID) + delete(rawMsg, key) + case "contentKind": + err = unpopulate(val, "ContentKind", &p.ContentKind) + delete(rawMsg, key) + case "contentProductId": + err = unpopulate(val, "ContentProductID", &p.ContentProductID) + delete(rawMsg, key) + case "contentSchemaVersion": + err = unpopulate(val, "ContentSchemaVersion", &p.ContentSchemaVersion) + delete(rawMsg, key) + case "dependencies": + err = unpopulate(val, "Dependencies", &p.Dependencies) + delete(rawMsg, key) + case "description": + err = unpopulate(val, "Description", &p.Description) + delete(rawMsg, key) + case "displayName": + err = unpopulate(val, "DisplayName", &p.DisplayName) + delete(rawMsg, key) + case "firstPublishDate": + err = unpopulateDateType(val, "FirstPublishDate", &p.FirstPublishDate) + delete(rawMsg, key) + case "icon": + err = unpopulate(val, "Icon", &p.Icon) + delete(rawMsg, key) + case "installedVersion": + err = unpopulate(val, "InstalledVersion", &p.InstalledVersion) + delete(rawMsg, key) + case "isDeprecated": + err = unpopulate(val, "IsDeprecated", &p.IsDeprecated) + delete(rawMsg, key) + case "isFeatured": + err = unpopulate(val, "IsFeatured", &p.IsFeatured) + delete(rawMsg, key) + case "isNew": + err = unpopulate(val, "IsNew", &p.IsNew) + delete(rawMsg, key) + case "isPreview": + err = unpopulate(val, "IsPreview", &p.IsPreview) + delete(rawMsg, key) + case "lastPublishDate": + err = unpopulateDateType(val, "LastPublishDate", &p.LastPublishDate) + delete(rawMsg, key) + case "metadataResourceId": + err = unpopulate(val, "MetadataResourceID", &p.MetadataResourceID) + delete(rawMsg, key) + case "packagedContent": + err = unpopulate(val, "PackagedContent", &p.PackagedContent) + delete(rawMsg, key) + case "providers": + err = unpopulate(val, "Providers", &p.Providers) + delete(rawMsg, key) + case "publisherDisplayName": + err = unpopulate(val, "PublisherDisplayName", &p.PublisherDisplayName) + delete(rawMsg, key) + case "source": + err = unpopulate(val, "Source", &p.Source) + delete(rawMsg, key) + case "support": + err = unpopulate(val, "Support", &p.Support) + delete(rawMsg, key) + case "threatAnalysisTactics": + err = unpopulate(val, "ThreatAnalysisTactics", &p.ThreatAnalysisTactics) + delete(rawMsg, key) + case "threatAnalysisTechniques": + err = unpopulate(val, "ThreatAnalysisTechniques", &p.ThreatAnalysisTechniques) + delete(rawMsg, key) + case "version": + err = unpopulate(val, "Version", &p.Version) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", p, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type IncidentList. -func (i IncidentList) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type ProductTemplateList. +func (p ProductTemplateList) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "nextLink", i.NextLink) - populate(objectMap, "value", i.Value) + populate(objectMap, "nextLink", p.NextLink) + populate(objectMap, "value", p.Value) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type IncidentList. -func (i *IncidentList) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type ProductTemplateList. +func (p *ProductTemplateList) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", p, err) } for key, val := range rawMsg { var err error switch key { case "nextLink": - err = unpopulate(val, "NextLink", &i.NextLink) + err = unpopulate(val, "NextLink", &p.NextLink) delete(rawMsg, key) case "value": - err = unpopulate(val, "Value", &i.Value) + err = unpopulate(val, "Value", &p.Value) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", p, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type IncidentOwnerInfo. -func (i IncidentOwnerInfo) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type ProductTemplateModel. +func (p ProductTemplateModel) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "assignedTo", i.AssignedTo) - populate(objectMap, "email", i.Email) - populate(objectMap, "objectId", i.ObjectID) - populate(objectMap, "ownerType", i.OwnerType) - populate(objectMap, "userPrincipalName", i.UserPrincipalName) + populate(objectMap, "etag", p.Etag) + populate(objectMap, "id", p.ID) + populate(objectMap, "name", p.Name) + populate(objectMap, "properties", p.Properties) + populate(objectMap, "systemData", p.SystemData) + populate(objectMap, "type", p.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type IncidentOwnerInfo. -func (i *IncidentOwnerInfo) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type ProductTemplateModel. +func (p *ProductTemplateModel) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", p, err) } for key, val := range rawMsg { var err error switch key { - case "assignedTo": - err = unpopulate(val, "AssignedTo", &i.AssignedTo) + case "etag": + err = unpopulate(val, "Etag", &p.Etag) delete(rawMsg, key) - case "email": - err = unpopulate(val, "Email", &i.Email) + case "id": + err = unpopulate(val, "ID", &p.ID) delete(rawMsg, key) - case "objectId": - err = unpopulate(val, "ObjectID", &i.ObjectID) + case "name": + err = unpopulate(val, "Name", &p.Name) delete(rawMsg, key) - case "ownerType": - err = unpopulate(val, "OwnerType", &i.OwnerType) + case "properties": + err = unpopulate(val, "Properties", &p.Properties) delete(rawMsg, key) - case "userPrincipalName": - err = unpopulate(val, "UserPrincipalName", &i.UserPrincipalName) + case "systemData": + err = unpopulate(val, "SystemData", &p.SystemData) + delete(rawMsg, key) + case "type": + err = unpopulate(val, "Type", &p.Type) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", p, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type IncidentProperties. -func (i IncidentProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type ProductTemplateProperties. +func (p ProductTemplateProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "additionalData", i.AdditionalData) - populate(objectMap, "classification", i.Classification) - populate(objectMap, "classificationComment", i.ClassificationComment) - populate(objectMap, "classificationReason", i.ClassificationReason) - populateDateTimeRFC3339(objectMap, "createdTimeUtc", i.CreatedTimeUTC) - populate(objectMap, "description", i.Description) - populateDateTimeRFC3339(objectMap, "firstActivityTimeUtc", i.FirstActivityTimeUTC) - populate(objectMap, "incidentNumber", i.IncidentNumber) - populate(objectMap, "incidentUrl", i.IncidentURL) - populate(objectMap, "labels", i.Labels) - populateDateTimeRFC3339(objectMap, "lastActivityTimeUtc", i.LastActivityTimeUTC) - populateDateTimeRFC3339(objectMap, "lastModifiedTimeUtc", i.LastModifiedTimeUTC) - populate(objectMap, "owner", i.Owner) - populate(objectMap, "providerIncidentId", i.ProviderIncidentID) - populate(objectMap, "providerName", i.ProviderName) - populate(objectMap, "relatedAnalyticRuleIds", i.RelatedAnalyticRuleIDs) - populate(objectMap, "severity", i.Severity) - populate(objectMap, "status", i.Status) - populate(objectMap, "teamInformation", i.TeamInformation) - populate(objectMap, "title", i.Title) + populate(objectMap, "author", p.Author) + populate(objectMap, "categories", p.Categories) + populate(objectMap, "contentId", p.ContentID) + populate(objectMap, "contentKind", p.ContentKind) + populate(objectMap, "contentProductId", p.ContentProductID) + populate(objectMap, "contentSchemaVersion", p.ContentSchemaVersion) + populate(objectMap, "customVersion", p.CustomVersion) + populate(objectMap, "dependencies", p.Dependencies) + populate(objectMap, "displayName", p.DisplayName) + populateDateType(objectMap, "firstPublishDate", p.FirstPublishDate) + populate(objectMap, "icon", p.Icon) + populate(objectMap, "isDeprecated", p.IsDeprecated) + populateDateType(objectMap, "lastPublishDate", p.LastPublishDate) + populate(objectMap, "packageId", p.PackageID) + populate(objectMap, "packageKind", p.PackageKind) + populate(objectMap, "packageName", p.PackageName) + populate(objectMap, "packageVersion", p.PackageVersion) + populateAny(objectMap, "packagedContent", p.PackagedContent) + populate(objectMap, "previewImages", p.PreviewImages) + populate(objectMap, "previewImagesDark", p.PreviewImagesDark) + populate(objectMap, "providers", p.Providers) + populate(objectMap, "source", p.Source) + populate(objectMap, "support", p.Support) + populate(objectMap, "threatAnalysisTactics", p.ThreatAnalysisTactics) + populate(objectMap, "threatAnalysisTechniques", p.ThreatAnalysisTechniques) + populate(objectMap, "version", p.Version) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type IncidentProperties. -func (i *IncidentProperties) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type ProductTemplateProperties. +func (p *ProductTemplateProperties) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", p, err) } for key, val := range rawMsg { var err error switch key { - case "additionalData": - err = unpopulate(val, "AdditionalData", &i.AdditionalData) + case "author": + err = unpopulate(val, "Author", &p.Author) delete(rawMsg, key) - case "classification": - err = unpopulate(val, "Classification", &i.Classification) + case "categories": + err = unpopulate(val, "Categories", &p.Categories) delete(rawMsg, key) - case "classificationComment": - err = unpopulate(val, "ClassificationComment", &i.ClassificationComment) + case "contentId": + err = unpopulate(val, "ContentID", &p.ContentID) delete(rawMsg, key) - case "classificationReason": - err = unpopulate(val, "ClassificationReason", &i.ClassificationReason) + case "contentKind": + err = unpopulate(val, "ContentKind", &p.ContentKind) delete(rawMsg, key) - case "createdTimeUtc": - err = unpopulateDateTimeRFC3339(val, "CreatedTimeUTC", &i.CreatedTimeUTC) + case "contentProductId": + err = unpopulate(val, "ContentProductID", &p.ContentProductID) delete(rawMsg, key) - case "description": - err = unpopulate(val, "Description", &i.Description) + case "contentSchemaVersion": + err = unpopulate(val, "ContentSchemaVersion", &p.ContentSchemaVersion) delete(rawMsg, key) - case "firstActivityTimeUtc": - err = unpopulateDateTimeRFC3339(val, "FirstActivityTimeUTC", &i.FirstActivityTimeUTC) + case "customVersion": + err = unpopulate(val, "CustomVersion", &p.CustomVersion) delete(rawMsg, key) - case "incidentNumber": - err = unpopulate(val, "IncidentNumber", &i.IncidentNumber) + case "dependencies": + err = unpopulate(val, "Dependencies", &p.Dependencies) delete(rawMsg, key) - case "incidentUrl": - err = unpopulate(val, "IncidentURL", &i.IncidentURL) + case "displayName": + err = unpopulate(val, "DisplayName", &p.DisplayName) delete(rawMsg, key) - case "labels": - err = unpopulate(val, "Labels", &i.Labels) + case "firstPublishDate": + err = unpopulateDateType(val, "FirstPublishDate", &p.FirstPublishDate) delete(rawMsg, key) - case "lastActivityTimeUtc": - err = unpopulateDateTimeRFC3339(val, "LastActivityTimeUTC", &i.LastActivityTimeUTC) + case "icon": + err = unpopulate(val, "Icon", &p.Icon) delete(rawMsg, key) - case "lastModifiedTimeUtc": - err = unpopulateDateTimeRFC3339(val, "LastModifiedTimeUTC", &i.LastModifiedTimeUTC) + case "isDeprecated": + err = unpopulate(val, "IsDeprecated", &p.IsDeprecated) delete(rawMsg, key) - case "owner": - err = unpopulate(val, "Owner", &i.Owner) - delete(rawMsg, key) - case "providerIncidentId": - err = unpopulate(val, "ProviderIncidentID", &i.ProviderIncidentID) + case "lastPublishDate": + err = unpopulateDateType(val, "LastPublishDate", &p.LastPublishDate) delete(rawMsg, key) - case "providerName": - err = unpopulate(val, "ProviderName", &i.ProviderName) + case "packageId": + err = unpopulate(val, "PackageID", &p.PackageID) delete(rawMsg, key) - case "relatedAnalyticRuleIds": - err = unpopulate(val, "RelatedAnalyticRuleIDs", &i.RelatedAnalyticRuleIDs) + case "packageKind": + err = unpopulate(val, "PackageKind", &p.PackageKind) delete(rawMsg, key) - case "severity": - err = unpopulate(val, "Severity", &i.Severity) + case "packageName": + err = unpopulate(val, "PackageName", &p.PackageName) delete(rawMsg, key) - case "status": - err = unpopulate(val, "Status", &i.Status) + case "packageVersion": + err = unpopulate(val, "PackageVersion", &p.PackageVersion) delete(rawMsg, key) - case "teamInformation": - err = unpopulate(val, "TeamInformation", &i.TeamInformation) + case "packagedContent": + err = unpopulate(val, "PackagedContent", &p.PackagedContent) delete(rawMsg, key) - case "title": - err = unpopulate(val, "Title", &i.Title) + case "previewImages": + err = unpopulate(val, "PreviewImages", &p.PreviewImages) delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type IncidentPropertiesAction. -func (i IncidentPropertiesAction) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "classification", i.Classification) - populate(objectMap, "classificationComment", i.ClassificationComment) - populate(objectMap, "classificationReason", i.ClassificationReason) - populate(objectMap, "labels", i.Labels) - populate(objectMap, "owner", i.Owner) - populate(objectMap, "severity", i.Severity) - populate(objectMap, "status", i.Status) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type IncidentPropertiesAction. -func (i *IncidentPropertiesAction) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "classification": - err = unpopulate(val, "Classification", &i.Classification) + case "previewImagesDark": + err = unpopulate(val, "PreviewImagesDark", &p.PreviewImagesDark) delete(rawMsg, key) - case "classificationComment": - err = unpopulate(val, "ClassificationComment", &i.ClassificationComment) + case "providers": + err = unpopulate(val, "Providers", &p.Providers) delete(rawMsg, key) - case "classificationReason": - err = unpopulate(val, "ClassificationReason", &i.ClassificationReason) + case "source": + err = unpopulate(val, "Source", &p.Source) delete(rawMsg, key) - case "labels": - err = unpopulate(val, "Labels", &i.Labels) + case "support": + err = unpopulate(val, "Support", &p.Support) delete(rawMsg, key) - case "owner": - err = unpopulate(val, "Owner", &i.Owner) + case "threatAnalysisTactics": + err = unpopulate(val, "ThreatAnalysisTactics", &p.ThreatAnalysisTactics) delete(rawMsg, key) - case "severity": - err = unpopulate(val, "Severity", &i.Severity) + case "threatAnalysisTechniques": + err = unpopulate(val, "ThreatAnalysisTechniques", &p.ThreatAnalysisTechniques) delete(rawMsg, key) - case "status": - err = unpopulate(val, "Status", &i.Status) + case "version": + err = unpopulate(val, "Version", &p.Version) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", p, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type InsightQueryItem. -func (i InsightQueryItem) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type PropertyArrayChangedConditionProperties. +func (p PropertyArrayChangedConditionProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "id", i.ID) - objectMap["kind"] = EntityQueryKindInsight - populate(objectMap, "name", i.Name) - populate(objectMap, "properties", i.Properties) - populate(objectMap, "type", i.Type) + populate(objectMap, "conditionProperties", p.ConditionProperties) + objectMap["conditionType"] = ConditionTypePropertyArrayChanged return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type InsightQueryItem. -func (i *InsightQueryItem) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type PropertyArrayChangedConditionProperties. +func (p *PropertyArrayChangedConditionProperties) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", p, err) } for key, val := range rawMsg { var err error switch key { - case "id": - err = unpopulate(val, "ID", &i.ID) - delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &i.Kind) - delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &i.Name) - delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &i.Properties) + case "conditionProperties": + err = unpopulate(val, "ConditionProperties", &p.ConditionProperties) delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &i.Type) + case "conditionType": + err = unpopulate(val, "ConditionType", &p.ConditionType) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", p, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type InsightQueryItemProperties. -func (i InsightQueryItemProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type PropertyArrayConditionProperties. +func (p PropertyArrayConditionProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "additionalQuery", i.AdditionalQuery) - populate(objectMap, "baseQuery", i.BaseQuery) - populateAny(objectMap, "chartQuery", i.ChartQuery) - populate(objectMap, "dataTypes", i.DataTypes) - populate(objectMap, "defaultTimeRange", i.DefaultTimeRange) - populate(objectMap, "description", i.Description) - populate(objectMap, "displayName", i.DisplayName) - populateAny(objectMap, "entitiesFilter", i.EntitiesFilter) - populate(objectMap, "inputEntityType", i.InputEntityType) - populate(objectMap, "referenceTimeRange", i.ReferenceTimeRange) - populate(objectMap, "requiredInputFieldsSets", i.RequiredInputFieldsSets) - populate(objectMap, "tableQuery", i.TableQuery) + populate(objectMap, "conditionProperties", p.ConditionProperties) + objectMap["conditionType"] = ConditionTypePropertyArray return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type InsightQueryItemProperties. -func (i *InsightQueryItemProperties) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type PropertyArrayConditionProperties. +func (p *PropertyArrayConditionProperties) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", p, err) } for key, val := range rawMsg { var err error switch key { - case "additionalQuery": - err = unpopulate(val, "AdditionalQuery", &i.AdditionalQuery) - delete(rawMsg, key) - case "baseQuery": - err = unpopulate(val, "BaseQuery", &i.BaseQuery) - delete(rawMsg, key) - case "chartQuery": - err = unpopulate(val, "ChartQuery", &i.ChartQuery) - delete(rawMsg, key) - case "dataTypes": - err = unpopulate(val, "DataTypes", &i.DataTypes) - delete(rawMsg, key) - case "defaultTimeRange": - err = unpopulate(val, "DefaultTimeRange", &i.DefaultTimeRange) - delete(rawMsg, key) - case "description": - err = unpopulate(val, "Description", &i.Description) - delete(rawMsg, key) - case "displayName": - err = unpopulate(val, "DisplayName", &i.DisplayName) - delete(rawMsg, key) - case "entitiesFilter": - err = unpopulate(val, "EntitiesFilter", &i.EntitiesFilter) - delete(rawMsg, key) - case "inputEntityType": - err = unpopulate(val, "InputEntityType", &i.InputEntityType) - delete(rawMsg, key) - case "referenceTimeRange": - err = unpopulate(val, "ReferenceTimeRange", &i.ReferenceTimeRange) - delete(rawMsg, key) - case "requiredInputFieldsSets": - err = unpopulate(val, "RequiredInputFieldsSets", &i.RequiredInputFieldsSets) + case "conditionProperties": + err = unpopulate(val, "ConditionProperties", &p.ConditionProperties) delete(rawMsg, key) - case "tableQuery": - err = unpopulate(val, "TableQuery", &i.TableQuery) + case "conditionType": + err = unpopulate(val, "ConditionType", &p.ConditionType) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", p, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type InsightQueryItemPropertiesAdditionalQuery. -func (i InsightQueryItemPropertiesAdditionalQuery) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type PropertyChangedConditionProperties. +func (p PropertyChangedConditionProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "query", i.Query) - populate(objectMap, "text", i.Text) + populate(objectMap, "conditionProperties", p.ConditionProperties) + objectMap["conditionType"] = ConditionTypePropertyChanged return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type InsightQueryItemPropertiesAdditionalQuery. -func (i *InsightQueryItemPropertiesAdditionalQuery) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type PropertyChangedConditionProperties. +func (p *PropertyChangedConditionProperties) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", p, err) } for key, val := range rawMsg { var err error switch key { - case "query": - err = unpopulate(val, "Query", &i.Query) + case "conditionProperties": + err = unpopulate(val, "ConditionProperties", &p.ConditionProperties) delete(rawMsg, key) - case "text": - err = unpopulate(val, "Text", &i.Text) + case "conditionType": + err = unpopulate(val, "ConditionType", &p.ConditionType) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", p, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type InsightQueryItemPropertiesDefaultTimeRange. -func (i InsightQueryItemPropertiesDefaultTimeRange) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type PropertyConditionProperties. +func (p PropertyConditionProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "afterRange", i.AfterRange) - populate(objectMap, "beforeRange", i.BeforeRange) + populate(objectMap, "conditionProperties", p.ConditionProperties) + objectMap["conditionType"] = ConditionTypeProperty return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type InsightQueryItemPropertiesDefaultTimeRange. -func (i *InsightQueryItemPropertiesDefaultTimeRange) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type PropertyConditionProperties. +func (p *PropertyConditionProperties) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", p, err) } for key, val := range rawMsg { var err error switch key { - case "afterRange": - err = unpopulate(val, "AfterRange", &i.AfterRange) + case "conditionProperties": + err = unpopulate(val, "ConditionProperties", &p.ConditionProperties) delete(rawMsg, key) - case "beforeRange": - err = unpopulate(val, "BeforeRange", &i.BeforeRange) + case "conditionType": + err = unpopulate(val, "ConditionType", &p.ConditionType) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", p, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type InsightQueryItemPropertiesReferenceTimeRange. -func (i InsightQueryItemPropertiesReferenceTimeRange) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type PullRequest. +func (p PullRequest) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "beforeRange", i.BeforeRange) + populate(objectMap, "state", p.State) + populate(objectMap, "url", p.URL) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type InsightQueryItemPropertiesReferenceTimeRange. -func (i *InsightQueryItemPropertiesReferenceTimeRange) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type PullRequest. +func (p *PullRequest) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", p, err) } for key, val := range rawMsg { var err error switch key { - case "beforeRange": - err = unpopulate(val, "BeforeRange", &i.BeforeRange) + case "state": + err = unpopulate(val, "State", &p.State) + delete(rawMsg, key) + case "url": + err = unpopulate(val, "URL", &p.URL) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", p, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type InsightQueryItemPropertiesTableQuery. -func (i InsightQueryItemPropertiesTableQuery) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type RegistryKeyEntity. +func (r RegistryKeyEntity) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "columnsDefinitions", i.ColumnsDefinitions) - populate(objectMap, "queriesDefinitions", i.QueriesDefinitions) + populate(objectMap, "id", r.ID) + objectMap["kind"] = EntityKindEnumRegistryKey + populate(objectMap, "name", r.Name) + populate(objectMap, "properties", r.Properties) + populate(objectMap, "systemData", r.SystemData) + populate(objectMap, "type", r.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type InsightQueryItemPropertiesTableQuery. -func (i *InsightQueryItemPropertiesTableQuery) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type RegistryKeyEntity. +func (r *RegistryKeyEntity) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", r, err) } for key, val := range rawMsg { var err error switch key { - case "columnsDefinitions": - err = unpopulate(val, "ColumnsDefinitions", &i.ColumnsDefinitions) + case "id": + err = unpopulate(val, "ID", &r.ID) + delete(rawMsg, key) + case "kind": + err = unpopulate(val, "Kind", &r.Kind) + delete(rawMsg, key) + case "name": + err = unpopulate(val, "Name", &r.Name) delete(rawMsg, key) - case "queriesDefinitions": - err = unpopulate(val, "QueriesDefinitions", &i.QueriesDefinitions) + case "properties": + err = unpopulate(val, "Properties", &r.Properties) + delete(rawMsg, key) + case "systemData": + err = unpopulate(val, "SystemData", &r.SystemData) + delete(rawMsg, key) + case "type": + err = unpopulate(val, "Type", &r.Type) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", r, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem. -func (i InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type RegistryKeyEntityProperties. +func (r RegistryKeyEntityProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "header", i.Header) - populate(objectMap, "outputType", i.OutputType) - populate(objectMap, "supportDeepLink", i.SupportDeepLink) + populate(objectMap, "additionalData", r.AdditionalData) + populate(objectMap, "friendlyName", r.FriendlyName) + populate(objectMap, "hive", r.Hive) + populate(objectMap, "key", r.Key) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem. -func (i *InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type RegistryKeyEntityProperties. +func (r *RegistryKeyEntityProperties) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", r, err) } for key, val := range rawMsg { var err error switch key { - case "header": - err = unpopulate(val, "Header", &i.Header) + case "additionalData": + err = unpopulate(val, "AdditionalData", &r.AdditionalData) + delete(rawMsg, key) + case "friendlyName": + err = unpopulate(val, "FriendlyName", &r.FriendlyName) delete(rawMsg, key) - case "outputType": - err = unpopulate(val, "OutputType", &i.OutputType) + case "hive": + err = unpopulate(val, "Hive", &r.Hive) delete(rawMsg, key) - case "supportDeepLink": - err = unpopulate(val, "SupportDeepLink", &i.SupportDeepLink) + case "key": + err = unpopulate(val, "Key", &r.Key) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", r, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem. -func (i InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type RegistryValueEntity. +func (r RegistryValueEntity) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "filter", i.Filter) - populate(objectMap, "linkColumnsDefinitions", i.LinkColumnsDefinitions) - populate(objectMap, "project", i.Project) - populate(objectMap, "summarize", i.Summarize) + populate(objectMap, "id", r.ID) + objectMap["kind"] = EntityKindEnumRegistryValue + populate(objectMap, "name", r.Name) + populate(objectMap, "properties", r.Properties) + populate(objectMap, "systemData", r.SystemData) + populate(objectMap, "type", r.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem. -func (i *InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type RegistryValueEntity. +func (r *RegistryValueEntity) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", r, err) } for key, val := range rawMsg { var err error switch key { - case "filter": - err = unpopulate(val, "Filter", &i.Filter) + case "id": + err = unpopulate(val, "ID", &r.ID) + delete(rawMsg, key) + case "kind": + err = unpopulate(val, "Kind", &r.Kind) + delete(rawMsg, key) + case "name": + err = unpopulate(val, "Name", &r.Name) delete(rawMsg, key) - case "linkColumnsDefinitions": - err = unpopulate(val, "LinkColumnsDefinitions", &i.LinkColumnsDefinitions) + case "properties": + err = unpopulate(val, "Properties", &r.Properties) delete(rawMsg, key) - case "project": - err = unpopulate(val, "Project", &i.Project) + case "systemData": + err = unpopulate(val, "SystemData", &r.SystemData) delete(rawMsg, key) - case "summarize": - err = unpopulate(val, "Summarize", &i.Summarize) + case "type": + err = unpopulate(val, "Type", &r.Type) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", r, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem. -func (i InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type RegistryValueEntityProperties. +func (r RegistryValueEntityProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "projectedName", i.ProjectedName) - populate(objectMap, "Query", i.Query) + populate(objectMap, "additionalData", r.AdditionalData) + populate(objectMap, "friendlyName", r.FriendlyName) + populate(objectMap, "keyEntityId", r.KeyEntityID) + populate(objectMap, "valueData", r.ValueData) + populate(objectMap, "valueName", r.ValueName) + populate(objectMap, "valueType", r.ValueType) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem. -func (i *InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type RegistryValueEntityProperties. +func (r *RegistryValueEntityProperties) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", r, err) } for key, val := range rawMsg { var err error switch key { - case "projectedName": - err = unpopulate(val, "ProjectedName", &i.ProjectedName) + case "additionalData": + err = unpopulate(val, "AdditionalData", &r.AdditionalData) delete(rawMsg, key) - case "Query": - err = unpopulate(val, "Query", &i.Query) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type InsightsTableResult. -func (i InsightsTableResult) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "columns", i.Columns) - populate(objectMap, "rows", i.Rows) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type InsightsTableResult. -func (i *InsightsTableResult) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "columns": - err = unpopulate(val, "Columns", &i.Columns) - delete(rawMsg, key) - case "rows": - err = unpopulate(val, "Rows", &i.Rows) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type InsightsTableResultColumnsItem. -func (i InsightsTableResultColumnsItem) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "name", i.Name) - populate(objectMap, "type", i.Type) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type InsightsTableResultColumnsItem. -func (i *InsightsTableResultColumnsItem) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "name": - err = unpopulate(val, "Name", &i.Name) - delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &i.Type) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type InstructionStepsInstructionsItem. -func (i InstructionStepsInstructionsItem) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populateAny(objectMap, "parameters", i.Parameters) - populate(objectMap, "type", i.Type) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type InstructionStepsInstructionsItem. -func (i *InstructionStepsInstructionsItem) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "parameters": - err = unpopulate(val, "Parameters", &i.Parameters) + case "friendlyName": + err = unpopulate(val, "FriendlyName", &r.FriendlyName) delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &i.Type) + case "keyEntityId": + err = unpopulate(val, "KeyEntityID", &r.KeyEntityID) delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type IoTCheckRequirements. -func (i IoTCheckRequirements) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - objectMap["kind"] = DataConnectorKindIOT - populate(objectMap, "properties", i.Properties) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type IoTCheckRequirements. -func (i *IoTCheckRequirements) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "kind": - err = unpopulate(val, "Kind", &i.Kind) + case "valueData": + err = unpopulate(val, "ValueData", &r.ValueData) delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &i.Properties) + case "valueName": + err = unpopulate(val, "ValueName", &r.ValueName) delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type IoTCheckRequirementsProperties. -func (i IoTCheckRequirementsProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "subscriptionId", i.SubscriptionID) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type IoTCheckRequirementsProperties. -func (i *IoTCheckRequirementsProperties) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "subscriptionId": - err = unpopulate(val, "SubscriptionID", &i.SubscriptionID) + case "valueType": + err = unpopulate(val, "ValueType", &r.ValueType) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", r, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type IoTDataConnector. -func (i IoTDataConnector) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type Relation. +func (r Relation) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "etag", i.Etag) - populate(objectMap, "id", i.ID) - objectMap["kind"] = DataConnectorKindIOT - populate(objectMap, "name", i.Name) - populate(objectMap, "properties", i.Properties) - populate(objectMap, "systemData", i.SystemData) - populate(objectMap, "type", i.Type) + populate(objectMap, "etag", r.Etag) + populate(objectMap, "id", r.ID) + populate(objectMap, "name", r.Name) + populate(objectMap, "properties", r.Properties) + populate(objectMap, "systemData", r.SystemData) + populate(objectMap, "type", r.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type IoTDataConnector. -func (i *IoTDataConnector) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type Relation. +func (r *Relation) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", r, err) } for key, val := range rawMsg { var err error switch key { case "etag": - err = unpopulate(val, "Etag", &i.Etag) + err = unpopulate(val, "Etag", &r.Etag) delete(rawMsg, key) case "id": - err = unpopulate(val, "ID", &i.ID) - delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &i.Kind) + err = unpopulate(val, "ID", &r.ID) delete(rawMsg, key) case "name": - err = unpopulate(val, "Name", &i.Name) + err = unpopulate(val, "Name", &r.Name) delete(rawMsg, key) case "properties": - err = unpopulate(val, "Properties", &i.Properties) + err = unpopulate(val, "Properties", &r.Properties) delete(rawMsg, key) case "systemData": - err = unpopulate(val, "SystemData", &i.SystemData) + err = unpopulate(val, "SystemData", &r.SystemData) delete(rawMsg, key) case "type": - err = unpopulate(val, "Type", &i.Type) + err = unpopulate(val, "Type", &r.Type) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", r, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type IoTDataConnectorProperties. -func (i IoTDataConnectorProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type RelationList. +func (r RelationList) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "dataTypes", i.DataTypes) - populate(objectMap, "subscriptionId", i.SubscriptionID) + populate(objectMap, "nextLink", r.NextLink) + populate(objectMap, "value", r.Value) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type IoTDataConnectorProperties. -func (i *IoTDataConnectorProperties) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type RelationList. +func (r *RelationList) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", r, err) } for key, val := range rawMsg { var err error switch key { - case "dataTypes": - err = unpopulate(val, "DataTypes", &i.DataTypes) + case "nextLink": + err = unpopulate(val, "NextLink", &r.NextLink) delete(rawMsg, key) - case "subscriptionId": - err = unpopulate(val, "SubscriptionID", &i.SubscriptionID) + case "value": + err = unpopulate(val, "Value", &r.Value) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", r, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type IoTDeviceEntity. -func (i IoTDeviceEntity) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type RelationProperties. +func (r RelationProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "id", i.ID) - objectMap["kind"] = EntityKindIoTDevice - populate(objectMap, "name", i.Name) - populate(objectMap, "properties", i.Properties) - populate(objectMap, "systemData", i.SystemData) - populate(objectMap, "type", i.Type) + populate(objectMap, "relatedResourceId", r.RelatedResourceID) + populate(objectMap, "relatedResourceKind", r.RelatedResourceKind) + populate(objectMap, "relatedResourceName", r.RelatedResourceName) + populate(objectMap, "relatedResourceType", r.RelatedResourceType) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type IoTDeviceEntity. -func (i *IoTDeviceEntity) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type RelationProperties. +func (r *RelationProperties) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) + return fmt.Errorf("unmarshalling type %T: %v", r, err) } for key, val := range rawMsg { var err error switch key { - case "id": - err = unpopulate(val, "ID", &i.ID) - delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &i.Kind) - delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &i.Name) - delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &i.Properties) - delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &i.SystemData) - delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &i.Type) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type IoTDeviceEntityProperties. -func (i IoTDeviceEntityProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "additionalData", i.AdditionalData) - populate(objectMap, "deviceId", i.DeviceID) - populate(objectMap, "deviceName", i.DeviceName) - populate(objectMap, "deviceSubType", i.DeviceSubType) - populate(objectMap, "deviceType", i.DeviceType) - populate(objectMap, "edgeId", i.EdgeID) - populate(objectMap, "firmwareVersion", i.FirmwareVersion) - populate(objectMap, "friendlyName", i.FriendlyName) - populate(objectMap, "hostEntityId", i.HostEntityID) - populate(objectMap, "ipAddressEntityId", i.IPAddressEntityID) - populate(objectMap, "importance", i.Importance) - populate(objectMap, "iotHubEntityId", i.IotHubEntityID) - populate(objectMap, "iotSecurityAgentId", i.IotSecurityAgentID) - populate(objectMap, "isAuthorized", i.IsAuthorized) - populate(objectMap, "isProgramming", i.IsProgramming) - populate(objectMap, "isScanner", i.IsScanner) - populate(objectMap, "macAddress", i.MacAddress) - populate(objectMap, "model", i.Model) - populate(objectMap, "nicEntityIds", i.NicEntityIDs) - populate(objectMap, "operatingSystem", i.OperatingSystem) - populate(objectMap, "owners", i.Owners) - populate(objectMap, "protocols", i.Protocols) - populate(objectMap, "purdueLayer", i.PurdueLayer) - populate(objectMap, "sensor", i.Sensor) - populate(objectMap, "serialNumber", i.SerialNumber) - populate(objectMap, "site", i.Site) - populate(objectMap, "source", i.Source) - populate(objectMap, "threatIntelligence", i.ThreatIntelligence) - populate(objectMap, "vendor", i.Vendor) - populate(objectMap, "zone", i.Zone) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type IoTDeviceEntityProperties. -func (i *IoTDeviceEntityProperties) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "additionalData": - err = unpopulate(val, "AdditionalData", &i.AdditionalData) - delete(rawMsg, key) - case "deviceId": - err = unpopulate(val, "DeviceID", &i.DeviceID) - delete(rawMsg, key) - case "deviceName": - err = unpopulate(val, "DeviceName", &i.DeviceName) - delete(rawMsg, key) - case "deviceSubType": - err = unpopulate(val, "DeviceSubType", &i.DeviceSubType) - delete(rawMsg, key) - case "deviceType": - err = unpopulate(val, "DeviceType", &i.DeviceType) - delete(rawMsg, key) - case "edgeId": - err = unpopulate(val, "EdgeID", &i.EdgeID) - delete(rawMsg, key) - case "firmwareVersion": - err = unpopulate(val, "FirmwareVersion", &i.FirmwareVersion) - delete(rawMsg, key) - case "friendlyName": - err = unpopulate(val, "FriendlyName", &i.FriendlyName) - delete(rawMsg, key) - case "hostEntityId": - err = unpopulate(val, "HostEntityID", &i.HostEntityID) - delete(rawMsg, key) - case "ipAddressEntityId": - err = unpopulate(val, "IPAddressEntityID", &i.IPAddressEntityID) - delete(rawMsg, key) - case "importance": - err = unpopulate(val, "Importance", &i.Importance) - delete(rawMsg, key) - case "iotHubEntityId": - err = unpopulate(val, "IotHubEntityID", &i.IotHubEntityID) - delete(rawMsg, key) - case "iotSecurityAgentId": - err = unpopulate(val, "IotSecurityAgentID", &i.IotSecurityAgentID) - delete(rawMsg, key) - case "isAuthorized": - err = unpopulate(val, "IsAuthorized", &i.IsAuthorized) - delete(rawMsg, key) - case "isProgramming": - err = unpopulate(val, "IsProgramming", &i.IsProgramming) - delete(rawMsg, key) - case "isScanner": - err = unpopulate(val, "IsScanner", &i.IsScanner) - delete(rawMsg, key) - case "macAddress": - err = unpopulate(val, "MacAddress", &i.MacAddress) - delete(rawMsg, key) - case "model": - err = unpopulate(val, "Model", &i.Model) - delete(rawMsg, key) - case "nicEntityIds": - err = unpopulate(val, "NicEntityIDs", &i.NicEntityIDs) - delete(rawMsg, key) - case "operatingSystem": - err = unpopulate(val, "OperatingSystem", &i.OperatingSystem) - delete(rawMsg, key) - case "owners": - err = unpopulate(val, "Owners", &i.Owners) - delete(rawMsg, key) - case "protocols": - err = unpopulate(val, "Protocols", &i.Protocols) - delete(rawMsg, key) - case "purdueLayer": - err = unpopulate(val, "PurdueLayer", &i.PurdueLayer) - delete(rawMsg, key) - case "sensor": - err = unpopulate(val, "Sensor", &i.Sensor) - delete(rawMsg, key) - case "serialNumber": - err = unpopulate(val, "SerialNumber", &i.SerialNumber) - delete(rawMsg, key) - case "site": - err = unpopulate(val, "Site", &i.Site) - delete(rawMsg, key) - case "source": - err = unpopulate(val, "Source", &i.Source) - delete(rawMsg, key) - case "threatIntelligence": - err = unpopulate(val, "ThreatIntelligence", &i.ThreatIntelligence) - delete(rawMsg, key) - case "vendor": - err = unpopulate(val, "Vendor", &i.Vendor) - delete(rawMsg, key) - case "zone": - err = unpopulate(val, "Zone", &i.Zone) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", i, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type MCASCheckRequirements. -func (m MCASCheckRequirements) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - objectMap["kind"] = DataConnectorKindMicrosoftCloudAppSecurity - populate(objectMap, "properties", m.Properties) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type MCASCheckRequirements. -func (m *MCASCheckRequirements) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "kind": - err = unpopulate(val, "Kind", &m.Kind) - delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &m.Properties) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type MCASCheckRequirementsProperties. -func (m MCASCheckRequirementsProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "tenantId", m.TenantID) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type MCASCheckRequirementsProperties. -func (m *MCASCheckRequirementsProperties) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "tenantId": - err = unpopulate(val, "TenantID", &m.TenantID) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type MCASDataConnector. -func (m MCASDataConnector) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "etag", m.Etag) - populate(objectMap, "id", m.ID) - objectMap["kind"] = DataConnectorKindMicrosoftCloudAppSecurity - populate(objectMap, "name", m.Name) - populate(objectMap, "properties", m.Properties) - populate(objectMap, "systemData", m.SystemData) - populate(objectMap, "type", m.Type) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type MCASDataConnector. -func (m *MCASDataConnector) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "etag": - err = unpopulate(val, "Etag", &m.Etag) - delete(rawMsg, key) - case "id": - err = unpopulate(val, "ID", &m.ID) - delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &m.Kind) - delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &m.Name) - delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &m.Properties) - delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &m.SystemData) - delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &m.Type) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type MCASDataConnectorDataTypes. -func (m MCASDataConnectorDataTypes) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "alerts", m.Alerts) - populate(objectMap, "discoveryLogs", m.DiscoveryLogs) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type MCASDataConnectorDataTypes. -func (m *MCASDataConnectorDataTypes) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "alerts": - err = unpopulate(val, "Alerts", &m.Alerts) - delete(rawMsg, key) - case "discoveryLogs": - err = unpopulate(val, "DiscoveryLogs", &m.DiscoveryLogs) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type MCASDataConnectorProperties. -func (m MCASDataConnectorProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "dataTypes", m.DataTypes) - populate(objectMap, "tenantId", m.TenantID) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type MCASDataConnectorProperties. -func (m *MCASDataConnectorProperties) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "dataTypes": - err = unpopulate(val, "DataTypes", &m.DataTypes) - delete(rawMsg, key) - case "tenantId": - err = unpopulate(val, "TenantID", &m.TenantID) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type MDATPCheckRequirements. -func (m MDATPCheckRequirements) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - objectMap["kind"] = DataConnectorKindMicrosoftDefenderAdvancedThreatProtection - populate(objectMap, "properties", m.Properties) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type MDATPCheckRequirements. -func (m *MDATPCheckRequirements) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "kind": - err = unpopulate(val, "Kind", &m.Kind) - delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &m.Properties) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type MDATPCheckRequirementsProperties. -func (m MDATPCheckRequirementsProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "tenantId", m.TenantID) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type MDATPCheckRequirementsProperties. -func (m *MDATPCheckRequirementsProperties) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "tenantId": - err = unpopulate(val, "TenantID", &m.TenantID) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type MDATPDataConnector. -func (m MDATPDataConnector) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "etag", m.Etag) - populate(objectMap, "id", m.ID) - objectMap["kind"] = DataConnectorKindMicrosoftDefenderAdvancedThreatProtection - populate(objectMap, "name", m.Name) - populate(objectMap, "properties", m.Properties) - populate(objectMap, "systemData", m.SystemData) - populate(objectMap, "type", m.Type) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type MDATPDataConnector. -func (m *MDATPDataConnector) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "etag": - err = unpopulate(val, "Etag", &m.Etag) - delete(rawMsg, key) - case "id": - err = unpopulate(val, "ID", &m.ID) - delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &m.Kind) - delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &m.Name) - delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &m.Properties) - delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &m.SystemData) - delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &m.Type) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type MDATPDataConnectorProperties. -func (m MDATPDataConnectorProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "dataTypes", m.DataTypes) - populate(objectMap, "tenantId", m.TenantID) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type MDATPDataConnectorProperties. -func (m *MDATPDataConnectorProperties) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "dataTypes": - err = unpopulate(val, "DataTypes", &m.DataTypes) - delete(rawMsg, key) - case "tenantId": - err = unpopulate(val, "TenantID", &m.TenantID) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type MLBehaviorAnalyticsAlertRule. -func (m MLBehaviorAnalyticsAlertRule) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "etag", m.Etag) - populate(objectMap, "id", m.ID) - objectMap["kind"] = AlertRuleKindMLBehaviorAnalytics - populate(objectMap, "name", m.Name) - populate(objectMap, "properties", m.Properties) - populate(objectMap, "systemData", m.SystemData) - populate(objectMap, "type", m.Type) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type MLBehaviorAnalyticsAlertRule. -func (m *MLBehaviorAnalyticsAlertRule) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "etag": - err = unpopulate(val, "Etag", &m.Etag) - delete(rawMsg, key) - case "id": - err = unpopulate(val, "ID", &m.ID) - delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &m.Kind) - delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &m.Name) - delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &m.Properties) - delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &m.SystemData) - delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &m.Type) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type MLBehaviorAnalyticsAlertRuleProperties. -func (m MLBehaviorAnalyticsAlertRuleProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "alertRuleTemplateName", m.AlertRuleTemplateName) - populate(objectMap, "description", m.Description) - populate(objectMap, "displayName", m.DisplayName) - populate(objectMap, "enabled", m.Enabled) - populateDateTimeRFC3339(objectMap, "lastModifiedUtc", m.LastModifiedUTC) - populate(objectMap, "severity", m.Severity) - populate(objectMap, "tactics", m.Tactics) - populate(objectMap, "techniques", m.Techniques) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type MLBehaviorAnalyticsAlertRuleProperties. -func (m *MLBehaviorAnalyticsAlertRuleProperties) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "alertRuleTemplateName": - err = unpopulate(val, "AlertRuleTemplateName", &m.AlertRuleTemplateName) - delete(rawMsg, key) - case "description": - err = unpopulate(val, "Description", &m.Description) - delete(rawMsg, key) - case "displayName": - err = unpopulate(val, "DisplayName", &m.DisplayName) - delete(rawMsg, key) - case "enabled": - err = unpopulate(val, "Enabled", &m.Enabled) - delete(rawMsg, key) - case "lastModifiedUtc": - err = unpopulateDateTimeRFC3339(val, "LastModifiedUTC", &m.LastModifiedUTC) - delete(rawMsg, key) - case "severity": - err = unpopulate(val, "Severity", &m.Severity) - delete(rawMsg, key) - case "tactics": - err = unpopulate(val, "Tactics", &m.Tactics) - delete(rawMsg, key) - case "techniques": - err = unpopulate(val, "Techniques", &m.Techniques) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type MLBehaviorAnalyticsAlertRuleTemplate. -func (m MLBehaviorAnalyticsAlertRuleTemplate) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "id", m.ID) - objectMap["kind"] = AlertRuleKindMLBehaviorAnalytics - populate(objectMap, "name", m.Name) - populate(objectMap, "properties", m.Properties) - populate(objectMap, "systemData", m.SystemData) - populate(objectMap, "type", m.Type) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type MLBehaviorAnalyticsAlertRuleTemplate. -func (m *MLBehaviorAnalyticsAlertRuleTemplate) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "id": - err = unpopulate(val, "ID", &m.ID) - delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &m.Kind) - delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &m.Name) - delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &m.Properties) - delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &m.SystemData) - delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &m.Type) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type MLBehaviorAnalyticsAlertRuleTemplateProperties. -func (m MLBehaviorAnalyticsAlertRuleTemplateProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "alertRulesCreatedByTemplateCount", m.AlertRulesCreatedByTemplateCount) - populateDateTimeRFC3339(objectMap, "createdDateUTC", m.CreatedDateUTC) - populate(objectMap, "description", m.Description) - populate(objectMap, "displayName", m.DisplayName) - populateDateTimeRFC3339(objectMap, "lastUpdatedDateUTC", m.LastUpdatedDateUTC) - populate(objectMap, "requiredDataConnectors", m.RequiredDataConnectors) - populate(objectMap, "severity", m.Severity) - populate(objectMap, "status", m.Status) - populate(objectMap, "tactics", m.Tactics) - populate(objectMap, "techniques", m.Techniques) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type MLBehaviorAnalyticsAlertRuleTemplateProperties. -func (m *MLBehaviorAnalyticsAlertRuleTemplateProperties) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "alertRulesCreatedByTemplateCount": - err = unpopulate(val, "AlertRulesCreatedByTemplateCount", &m.AlertRulesCreatedByTemplateCount) - delete(rawMsg, key) - case "createdDateUTC": - err = unpopulateDateTimeRFC3339(val, "CreatedDateUTC", &m.CreatedDateUTC) - delete(rawMsg, key) - case "description": - err = unpopulate(val, "Description", &m.Description) - delete(rawMsg, key) - case "displayName": - err = unpopulate(val, "DisplayName", &m.DisplayName) - delete(rawMsg, key) - case "lastUpdatedDateUTC": - err = unpopulateDateTimeRFC3339(val, "LastUpdatedDateUTC", &m.LastUpdatedDateUTC) - delete(rawMsg, key) - case "requiredDataConnectors": - err = unpopulate(val, "RequiredDataConnectors", &m.RequiredDataConnectors) - delete(rawMsg, key) - case "severity": - err = unpopulate(val, "Severity", &m.Severity) - delete(rawMsg, key) - case "status": - err = unpopulate(val, "Status", &m.Status) - delete(rawMsg, key) - case "tactics": - err = unpopulate(val, "Tactics", &m.Tactics) - delete(rawMsg, key) - case "techniques": - err = unpopulate(val, "Techniques", &m.Techniques) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type MSTICheckRequirements. -func (m MSTICheckRequirements) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - objectMap["kind"] = DataConnectorKindMicrosoftThreatIntelligence - populate(objectMap, "properties", m.Properties) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type MSTICheckRequirements. -func (m *MSTICheckRequirements) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "kind": - err = unpopulate(val, "Kind", &m.Kind) - delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &m.Properties) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type MSTICheckRequirementsProperties. -func (m MSTICheckRequirementsProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "tenantId", m.TenantID) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type MSTICheckRequirementsProperties. -func (m *MSTICheckRequirementsProperties) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "tenantId": - err = unpopulate(val, "TenantID", &m.TenantID) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type MSTIDataConnector. -func (m MSTIDataConnector) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "etag", m.Etag) - populate(objectMap, "id", m.ID) - objectMap["kind"] = DataConnectorKindMicrosoftThreatIntelligence - populate(objectMap, "name", m.Name) - populate(objectMap, "properties", m.Properties) - populate(objectMap, "systemData", m.SystemData) - populate(objectMap, "type", m.Type) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type MSTIDataConnector. -func (m *MSTIDataConnector) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "etag": - err = unpopulate(val, "Etag", &m.Etag) - delete(rawMsg, key) - case "id": - err = unpopulate(val, "ID", &m.ID) - delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &m.Kind) - delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &m.Name) - delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &m.Properties) - delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &m.SystemData) - delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &m.Type) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type MSTIDataConnectorDataTypes. -func (m MSTIDataConnectorDataTypes) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "bingSafetyPhishingURL", m.BingSafetyPhishingURL) - populate(objectMap, "microsoftEmergingThreatFeed", m.MicrosoftEmergingThreatFeed) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type MSTIDataConnectorDataTypes. -func (m *MSTIDataConnectorDataTypes) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "bingSafetyPhishingURL": - err = unpopulate(val, "BingSafetyPhishingURL", &m.BingSafetyPhishingURL) - delete(rawMsg, key) - case "microsoftEmergingThreatFeed": - err = unpopulate(val, "MicrosoftEmergingThreatFeed", &m.MicrosoftEmergingThreatFeed) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type MSTIDataConnectorDataTypesBingSafetyPhishingURL. -func (m MSTIDataConnectorDataTypesBingSafetyPhishingURL) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "lookbackPeriod", m.LookbackPeriod) - populate(objectMap, "state", m.State) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type MSTIDataConnectorDataTypesBingSafetyPhishingURL. -func (m *MSTIDataConnectorDataTypesBingSafetyPhishingURL) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "lookbackPeriod": - err = unpopulate(val, "LookbackPeriod", &m.LookbackPeriod) - delete(rawMsg, key) - case "state": - err = unpopulate(val, "State", &m.State) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed. -func (m MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "lookbackPeriod", m.LookbackPeriod) - populate(objectMap, "state", m.State) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed. -func (m *MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "lookbackPeriod": - err = unpopulate(val, "LookbackPeriod", &m.LookbackPeriod) - delete(rawMsg, key) - case "state": - err = unpopulate(val, "State", &m.State) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type MSTIDataConnectorProperties. -func (m MSTIDataConnectorProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "dataTypes", m.DataTypes) - populate(objectMap, "tenantId", m.TenantID) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type MSTIDataConnectorProperties. -func (m *MSTIDataConnectorProperties) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "dataTypes": - err = unpopulate(val, "DataTypes", &m.DataTypes) - delete(rawMsg, key) - case "tenantId": - err = unpopulate(val, "TenantID", &m.TenantID) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type MTPCheckRequirementsProperties. -func (m MTPCheckRequirementsProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "tenantId", m.TenantID) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type MTPCheckRequirementsProperties. -func (m *MTPCheckRequirementsProperties) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "tenantId": - err = unpopulate(val, "TenantID", &m.TenantID) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type MTPDataConnector. -func (m MTPDataConnector) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "etag", m.Etag) - populate(objectMap, "id", m.ID) - objectMap["kind"] = DataConnectorKindMicrosoftThreatProtection - populate(objectMap, "name", m.Name) - populate(objectMap, "properties", m.Properties) - populate(objectMap, "systemData", m.SystemData) - populate(objectMap, "type", m.Type) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type MTPDataConnector. -func (m *MTPDataConnector) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "etag": - err = unpopulate(val, "Etag", &m.Etag) - delete(rawMsg, key) - case "id": - err = unpopulate(val, "ID", &m.ID) - delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &m.Kind) - delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &m.Name) - delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &m.Properties) - delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &m.SystemData) - delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &m.Type) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type MTPDataConnectorDataTypes. -func (m MTPDataConnectorDataTypes) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "incidents", m.Incidents) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type MTPDataConnectorDataTypes. -func (m *MTPDataConnectorDataTypes) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "incidents": - err = unpopulate(val, "Incidents", &m.Incidents) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type MTPDataConnectorDataTypesIncidents. -func (m MTPDataConnectorDataTypesIncidents) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "state", m.State) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type MTPDataConnectorDataTypesIncidents. -func (m *MTPDataConnectorDataTypesIncidents) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "state": - err = unpopulate(val, "State", &m.State) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type MTPDataConnectorProperties. -func (m MTPDataConnectorProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "dataTypes", m.DataTypes) - populate(objectMap, "tenantId", m.TenantID) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type MTPDataConnectorProperties. -func (m *MTPDataConnectorProperties) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "dataTypes": - err = unpopulate(val, "DataTypes", &m.DataTypes) - delete(rawMsg, key) - case "tenantId": - err = unpopulate(val, "TenantID", &m.TenantID) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type MailClusterEntity. -func (m MailClusterEntity) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "id", m.ID) - objectMap["kind"] = EntityKindMailCluster - populate(objectMap, "name", m.Name) - populate(objectMap, "properties", m.Properties) - populate(objectMap, "systemData", m.SystemData) - populate(objectMap, "type", m.Type) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type MailClusterEntity. -func (m *MailClusterEntity) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "id": - err = unpopulate(val, "ID", &m.ID) - delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &m.Kind) - delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &m.Name) - delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &m.Properties) - delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &m.SystemData) - delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &m.Type) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type MailClusterEntityProperties. -func (m MailClusterEntityProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "additionalData", m.AdditionalData) - populate(objectMap, "clusterGroup", m.ClusterGroup) - populateDateTimeRFC3339(objectMap, "clusterQueryEndTime", m.ClusterQueryEndTime) - populateDateTimeRFC3339(objectMap, "clusterQueryStartTime", m.ClusterQueryStartTime) - populate(objectMap, "clusterSourceIdentifier", m.ClusterSourceIdentifier) - populate(objectMap, "clusterSourceType", m.ClusterSourceType) - populateAny(objectMap, "countByDeliveryStatus", m.CountByDeliveryStatus) - populateAny(objectMap, "countByProtectionStatus", m.CountByProtectionStatus) - populateAny(objectMap, "countByThreatType", m.CountByThreatType) - populate(objectMap, "friendlyName", m.FriendlyName) - populate(objectMap, "isVolumeAnomaly", m.IsVolumeAnomaly) - populate(objectMap, "mailCount", m.MailCount) - populate(objectMap, "networkMessageIds", m.NetworkMessageIDs) - populate(objectMap, "query", m.Query) - populateDateTimeRFC3339(objectMap, "queryTime", m.QueryTime) - populate(objectMap, "source", m.Source) - populate(objectMap, "threats", m.Threats) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type MailClusterEntityProperties. -func (m *MailClusterEntityProperties) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "additionalData": - err = unpopulate(val, "AdditionalData", &m.AdditionalData) - delete(rawMsg, key) - case "clusterGroup": - err = unpopulate(val, "ClusterGroup", &m.ClusterGroup) - delete(rawMsg, key) - case "clusterQueryEndTime": - err = unpopulateDateTimeRFC3339(val, "ClusterQueryEndTime", &m.ClusterQueryEndTime) - delete(rawMsg, key) - case "clusterQueryStartTime": - err = unpopulateDateTimeRFC3339(val, "ClusterQueryStartTime", &m.ClusterQueryStartTime) - delete(rawMsg, key) - case "clusterSourceIdentifier": - err = unpopulate(val, "ClusterSourceIdentifier", &m.ClusterSourceIdentifier) - delete(rawMsg, key) - case "clusterSourceType": - err = unpopulate(val, "ClusterSourceType", &m.ClusterSourceType) - delete(rawMsg, key) - case "countByDeliveryStatus": - err = unpopulate(val, "CountByDeliveryStatus", &m.CountByDeliveryStatus) - delete(rawMsg, key) - case "countByProtectionStatus": - err = unpopulate(val, "CountByProtectionStatus", &m.CountByProtectionStatus) - delete(rawMsg, key) - case "countByThreatType": - err = unpopulate(val, "CountByThreatType", &m.CountByThreatType) - delete(rawMsg, key) - case "friendlyName": - err = unpopulate(val, "FriendlyName", &m.FriendlyName) - delete(rawMsg, key) - case "isVolumeAnomaly": - err = unpopulate(val, "IsVolumeAnomaly", &m.IsVolumeAnomaly) - delete(rawMsg, key) - case "mailCount": - err = unpopulate(val, "MailCount", &m.MailCount) - delete(rawMsg, key) - case "networkMessageIds": - err = unpopulate(val, "NetworkMessageIDs", &m.NetworkMessageIDs) - delete(rawMsg, key) - case "query": - err = unpopulate(val, "Query", &m.Query) - delete(rawMsg, key) - case "queryTime": - err = unpopulateDateTimeRFC3339(val, "QueryTime", &m.QueryTime) - delete(rawMsg, key) - case "source": - err = unpopulate(val, "Source", &m.Source) - delete(rawMsg, key) - case "threats": - err = unpopulate(val, "Threats", &m.Threats) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type MailMessageEntity. -func (m MailMessageEntity) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "id", m.ID) - objectMap["kind"] = EntityKindMailMessage - populate(objectMap, "name", m.Name) - populate(objectMap, "properties", m.Properties) - populate(objectMap, "systemData", m.SystemData) - populate(objectMap, "type", m.Type) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type MailMessageEntity. -func (m *MailMessageEntity) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "id": - err = unpopulate(val, "ID", &m.ID) - delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &m.Kind) - delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &m.Name) - delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &m.Properties) - delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &m.SystemData) - delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &m.Type) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type MailMessageEntityProperties. -func (m MailMessageEntityProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "additionalData", m.AdditionalData) - populate(objectMap, "antispamDirection", m.AntispamDirection) - populate(objectMap, "bodyFingerprintBin1", m.BodyFingerprintBin1) - populate(objectMap, "bodyFingerprintBin2", m.BodyFingerprintBin2) - populate(objectMap, "bodyFingerprintBin3", m.BodyFingerprintBin3) - populate(objectMap, "bodyFingerprintBin4", m.BodyFingerprintBin4) - populate(objectMap, "bodyFingerprintBin5", m.BodyFingerprintBin5) - populate(objectMap, "deliveryAction", m.DeliveryAction) - populate(objectMap, "deliveryLocation", m.DeliveryLocation) - populate(objectMap, "fileEntityIds", m.FileEntityIDs) - populate(objectMap, "friendlyName", m.FriendlyName) - populate(objectMap, "internetMessageId", m.InternetMessageID) - populate(objectMap, "language", m.Language) - populate(objectMap, "networkMessageId", m.NetworkMessageID) - populate(objectMap, "p1Sender", m.P1Sender) - populate(objectMap, "p1SenderDisplayName", m.P1SenderDisplayName) - populate(objectMap, "p1SenderDomain", m.P1SenderDomain) - populate(objectMap, "p2Sender", m.P2Sender) - populate(objectMap, "p2SenderDisplayName", m.P2SenderDisplayName) - populate(objectMap, "p2SenderDomain", m.P2SenderDomain) - populateDateTimeRFC3339(objectMap, "receiveDate", m.ReceiveDate) - populate(objectMap, "recipient", m.Recipient) - populate(objectMap, "senderIP", m.SenderIP) - populate(objectMap, "subject", m.Subject) - populate(objectMap, "threatDetectionMethods", m.ThreatDetectionMethods) - populate(objectMap, "threats", m.Threats) - populate(objectMap, "urls", m.Urls) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type MailMessageEntityProperties. -func (m *MailMessageEntityProperties) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "additionalData": - err = unpopulate(val, "AdditionalData", &m.AdditionalData) - delete(rawMsg, key) - case "antispamDirection": - err = unpopulate(val, "AntispamDirection", &m.AntispamDirection) - delete(rawMsg, key) - case "bodyFingerprintBin1": - err = unpopulate(val, "BodyFingerprintBin1", &m.BodyFingerprintBin1) - delete(rawMsg, key) - case "bodyFingerprintBin2": - err = unpopulate(val, "BodyFingerprintBin2", &m.BodyFingerprintBin2) - delete(rawMsg, key) - case "bodyFingerprintBin3": - err = unpopulate(val, "BodyFingerprintBin3", &m.BodyFingerprintBin3) - delete(rawMsg, key) - case "bodyFingerprintBin4": - err = unpopulate(val, "BodyFingerprintBin4", &m.BodyFingerprintBin4) - delete(rawMsg, key) - case "bodyFingerprintBin5": - err = unpopulate(val, "BodyFingerprintBin5", &m.BodyFingerprintBin5) - delete(rawMsg, key) - case "deliveryAction": - err = unpopulate(val, "DeliveryAction", &m.DeliveryAction) - delete(rawMsg, key) - case "deliveryLocation": - err = unpopulate(val, "DeliveryLocation", &m.DeliveryLocation) - delete(rawMsg, key) - case "fileEntityIds": - err = unpopulate(val, "FileEntityIDs", &m.FileEntityIDs) - delete(rawMsg, key) - case "friendlyName": - err = unpopulate(val, "FriendlyName", &m.FriendlyName) - delete(rawMsg, key) - case "internetMessageId": - err = unpopulate(val, "InternetMessageID", &m.InternetMessageID) - delete(rawMsg, key) - case "language": - err = unpopulate(val, "Language", &m.Language) - delete(rawMsg, key) - case "networkMessageId": - err = unpopulate(val, "NetworkMessageID", &m.NetworkMessageID) - delete(rawMsg, key) - case "p1Sender": - err = unpopulate(val, "P1Sender", &m.P1Sender) - delete(rawMsg, key) - case "p1SenderDisplayName": - err = unpopulate(val, "P1SenderDisplayName", &m.P1SenderDisplayName) - delete(rawMsg, key) - case "p1SenderDomain": - err = unpopulate(val, "P1SenderDomain", &m.P1SenderDomain) - delete(rawMsg, key) - case "p2Sender": - err = unpopulate(val, "P2Sender", &m.P2Sender) - delete(rawMsg, key) - case "p2SenderDisplayName": - err = unpopulate(val, "P2SenderDisplayName", &m.P2SenderDisplayName) - delete(rawMsg, key) - case "p2SenderDomain": - err = unpopulate(val, "P2SenderDomain", &m.P2SenderDomain) - delete(rawMsg, key) - case "receiveDate": - err = unpopulateDateTimeRFC3339(val, "ReceiveDate", &m.ReceiveDate) - delete(rawMsg, key) - case "recipient": - err = unpopulate(val, "Recipient", &m.Recipient) - delete(rawMsg, key) - case "senderIP": - err = unpopulate(val, "SenderIP", &m.SenderIP) - delete(rawMsg, key) - case "subject": - err = unpopulate(val, "Subject", &m.Subject) - delete(rawMsg, key) - case "threatDetectionMethods": - err = unpopulate(val, "ThreatDetectionMethods", &m.ThreatDetectionMethods) - delete(rawMsg, key) - case "threats": - err = unpopulate(val, "Threats", &m.Threats) - delete(rawMsg, key) - case "urls": - err = unpopulate(val, "Urls", &m.Urls) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type MailboxEntity. -func (m MailboxEntity) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "id", m.ID) - objectMap["kind"] = EntityKindMailbox - populate(objectMap, "name", m.Name) - populate(objectMap, "properties", m.Properties) - populate(objectMap, "systemData", m.SystemData) - populate(objectMap, "type", m.Type) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type MailboxEntity. -func (m *MailboxEntity) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "id": - err = unpopulate(val, "ID", &m.ID) - delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &m.Kind) - delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &m.Name) - delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &m.Properties) - delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &m.SystemData) - delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &m.Type) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type MailboxEntityProperties. -func (m MailboxEntityProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "additionalData", m.AdditionalData) - populate(objectMap, "displayName", m.DisplayName) - populate(objectMap, "externalDirectoryObjectId", m.ExternalDirectoryObjectID) - populate(objectMap, "friendlyName", m.FriendlyName) - populate(objectMap, "mailboxPrimaryAddress", m.MailboxPrimaryAddress) - populate(objectMap, "upn", m.Upn) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type MailboxEntityProperties. -func (m *MailboxEntityProperties) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "additionalData": - err = unpopulate(val, "AdditionalData", &m.AdditionalData) - delete(rawMsg, key) - case "displayName": - err = unpopulate(val, "DisplayName", &m.DisplayName) - delete(rawMsg, key) - case "externalDirectoryObjectId": - err = unpopulate(val, "ExternalDirectoryObjectID", &m.ExternalDirectoryObjectID) - delete(rawMsg, key) - case "friendlyName": - err = unpopulate(val, "FriendlyName", &m.FriendlyName) - delete(rawMsg, key) - case "mailboxPrimaryAddress": - err = unpopulate(val, "MailboxPrimaryAddress", &m.MailboxPrimaryAddress) - delete(rawMsg, key) - case "upn": - err = unpopulate(val, "Upn", &m.Upn) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type MalwareEntity. -func (m MalwareEntity) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "id", m.ID) - objectMap["kind"] = EntityKindMalware - populate(objectMap, "name", m.Name) - populate(objectMap, "properties", m.Properties) - populate(objectMap, "systemData", m.SystemData) - populate(objectMap, "type", m.Type) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type MalwareEntity. -func (m *MalwareEntity) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "id": - err = unpopulate(val, "ID", &m.ID) - delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &m.Kind) - delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &m.Name) - delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &m.Properties) - delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &m.SystemData) - delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &m.Type) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type MalwareEntityProperties. -func (m MalwareEntityProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "additionalData", m.AdditionalData) - populate(objectMap, "category", m.Category) - populate(objectMap, "fileEntityIds", m.FileEntityIDs) - populate(objectMap, "friendlyName", m.FriendlyName) - populate(objectMap, "malwareName", m.MalwareName) - populate(objectMap, "processEntityIds", m.ProcessEntityIDs) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type MalwareEntityProperties. -func (m *MalwareEntityProperties) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "additionalData": - err = unpopulate(val, "AdditionalData", &m.AdditionalData) - delete(rawMsg, key) - case "category": - err = unpopulate(val, "Category", &m.Category) - delete(rawMsg, key) - case "fileEntityIds": - err = unpopulate(val, "FileEntityIDs", &m.FileEntityIDs) - delete(rawMsg, key) - case "friendlyName": - err = unpopulate(val, "FriendlyName", &m.FriendlyName) - delete(rawMsg, key) - case "malwareName": - err = unpopulate(val, "MalwareName", &m.MalwareName) - delete(rawMsg, key) - case "processEntityIds": - err = unpopulate(val, "ProcessEntityIDs", &m.ProcessEntityIDs) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type ManualTriggerRequestBody. -func (m ManualTriggerRequestBody) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "logicAppsResourceId", m.LogicAppsResourceID) - populate(objectMap, "tenantId", m.TenantID) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type ManualTriggerRequestBody. -func (m *ManualTriggerRequestBody) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "logicAppsResourceId": - err = unpopulate(val, "LogicAppsResourceID", &m.LogicAppsResourceID) - delete(rawMsg, key) - case "tenantId": - err = unpopulate(val, "TenantID", &m.TenantID) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type MetadataAuthor. -func (m MetadataAuthor) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "email", m.Email) - populate(objectMap, "link", m.Link) - populate(objectMap, "name", m.Name) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type MetadataAuthor. -func (m *MetadataAuthor) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "email": - err = unpopulate(val, "Email", &m.Email) - delete(rawMsg, key) - case "link": - err = unpopulate(val, "Link", &m.Link) - delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &m.Name) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type MetadataCategories. -func (m MetadataCategories) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "domains", m.Domains) - populate(objectMap, "verticals", m.Verticals) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type MetadataCategories. -func (m *MetadataCategories) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "domains": - err = unpopulate(val, "Domains", &m.Domains) - delete(rawMsg, key) - case "verticals": - err = unpopulate(val, "Verticals", &m.Verticals) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type MetadataDependencies. -func (m MetadataDependencies) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "contentId", m.ContentID) - populate(objectMap, "criteria", m.Criteria) - populate(objectMap, "kind", m.Kind) - populate(objectMap, "name", m.Name) - populate(objectMap, "operator", m.Operator) - populate(objectMap, "version", m.Version) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type MetadataDependencies. -func (m *MetadataDependencies) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "contentId": - err = unpopulate(val, "ContentID", &m.ContentID) - delete(rawMsg, key) - case "criteria": - err = unpopulate(val, "Criteria", &m.Criteria) - delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &m.Kind) - delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &m.Name) - delete(rawMsg, key) - case "operator": - err = unpopulate(val, "Operator", &m.Operator) - delete(rawMsg, key) - case "version": - err = unpopulate(val, "Version", &m.Version) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type MetadataList. -func (m MetadataList) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "nextLink", m.NextLink) - populate(objectMap, "value", m.Value) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type MetadataList. -func (m *MetadataList) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "nextLink": - err = unpopulate(val, "NextLink", &m.NextLink) - delete(rawMsg, key) - case "value": - err = unpopulate(val, "Value", &m.Value) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type MetadataModel. -func (m MetadataModel) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "etag", m.Etag) - populate(objectMap, "id", m.ID) - populate(objectMap, "name", m.Name) - populate(objectMap, "properties", m.Properties) - populate(objectMap, "systemData", m.SystemData) - populate(objectMap, "type", m.Type) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type MetadataModel. -func (m *MetadataModel) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "etag": - err = unpopulate(val, "Etag", &m.Etag) - delete(rawMsg, key) - case "id": - err = unpopulate(val, "ID", &m.ID) - delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &m.Name) - delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &m.Properties) - delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &m.SystemData) - delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &m.Type) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type MetadataPatch. -func (m MetadataPatch) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "etag", m.Etag) - populate(objectMap, "id", m.ID) - populate(objectMap, "name", m.Name) - populate(objectMap, "properties", m.Properties) - populate(objectMap, "systemData", m.SystemData) - populate(objectMap, "type", m.Type) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type MetadataPatch. -func (m *MetadataPatch) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "etag": - err = unpopulate(val, "Etag", &m.Etag) - delete(rawMsg, key) - case "id": - err = unpopulate(val, "ID", &m.ID) - delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &m.Name) - delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &m.Properties) - delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &m.SystemData) - delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &m.Type) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type MetadataProperties. -func (m MetadataProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "author", m.Author) - populate(objectMap, "categories", m.Categories) - populate(objectMap, "contentId", m.ContentID) - populate(objectMap, "contentSchemaVersion", m.ContentSchemaVersion) - populate(objectMap, "customVersion", m.CustomVersion) - populate(objectMap, "dependencies", m.Dependencies) - populateDateType(objectMap, "firstPublishDate", m.FirstPublishDate) - populate(objectMap, "icon", m.Icon) - populate(objectMap, "kind", m.Kind) - populateDateType(objectMap, "lastPublishDate", m.LastPublishDate) - populate(objectMap, "parentId", m.ParentID) - populate(objectMap, "previewImages", m.PreviewImages) - populate(objectMap, "previewImagesDark", m.PreviewImagesDark) - populate(objectMap, "providers", m.Providers) - populate(objectMap, "source", m.Source) - populate(objectMap, "support", m.Support) - populate(objectMap, "threatAnalysisTactics", m.ThreatAnalysisTactics) - populate(objectMap, "threatAnalysisTechniques", m.ThreatAnalysisTechniques) - populate(objectMap, "version", m.Version) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type MetadataProperties. -func (m *MetadataProperties) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "author": - err = unpopulate(val, "Author", &m.Author) - delete(rawMsg, key) - case "categories": - err = unpopulate(val, "Categories", &m.Categories) - delete(rawMsg, key) - case "contentId": - err = unpopulate(val, "ContentID", &m.ContentID) - delete(rawMsg, key) - case "contentSchemaVersion": - err = unpopulate(val, "ContentSchemaVersion", &m.ContentSchemaVersion) - delete(rawMsg, key) - case "customVersion": - err = unpopulate(val, "CustomVersion", &m.CustomVersion) - delete(rawMsg, key) - case "dependencies": - err = unpopulate(val, "Dependencies", &m.Dependencies) - delete(rawMsg, key) - case "firstPublishDate": - err = unpopulateDateType(val, "FirstPublishDate", &m.FirstPublishDate) - delete(rawMsg, key) - case "icon": - err = unpopulate(val, "Icon", &m.Icon) - delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &m.Kind) - delete(rawMsg, key) - case "lastPublishDate": - err = unpopulateDateType(val, "LastPublishDate", &m.LastPublishDate) - delete(rawMsg, key) - case "parentId": - err = unpopulate(val, "ParentID", &m.ParentID) - delete(rawMsg, key) - case "previewImages": - err = unpopulate(val, "PreviewImages", &m.PreviewImages) - delete(rawMsg, key) - case "previewImagesDark": - err = unpopulate(val, "PreviewImagesDark", &m.PreviewImagesDark) - delete(rawMsg, key) - case "providers": - err = unpopulate(val, "Providers", &m.Providers) - delete(rawMsg, key) - case "source": - err = unpopulate(val, "Source", &m.Source) - delete(rawMsg, key) - case "support": - err = unpopulate(val, "Support", &m.Support) - delete(rawMsg, key) - case "threatAnalysisTactics": - err = unpopulate(val, "ThreatAnalysisTactics", &m.ThreatAnalysisTactics) - delete(rawMsg, key) - case "threatAnalysisTechniques": - err = unpopulate(val, "ThreatAnalysisTechniques", &m.ThreatAnalysisTechniques) - delete(rawMsg, key) - case "version": - err = unpopulate(val, "Version", &m.Version) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type MetadataPropertiesPatch. -func (m MetadataPropertiesPatch) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "author", m.Author) - populate(objectMap, "categories", m.Categories) - populate(objectMap, "contentId", m.ContentID) - populate(objectMap, "contentSchemaVersion", m.ContentSchemaVersion) - populate(objectMap, "customVersion", m.CustomVersion) - populate(objectMap, "dependencies", m.Dependencies) - populateDateType(objectMap, "firstPublishDate", m.FirstPublishDate) - populate(objectMap, "icon", m.Icon) - populate(objectMap, "kind", m.Kind) - populateDateType(objectMap, "lastPublishDate", m.LastPublishDate) - populate(objectMap, "parentId", m.ParentID) - populate(objectMap, "previewImages", m.PreviewImages) - populate(objectMap, "previewImagesDark", m.PreviewImagesDark) - populate(objectMap, "providers", m.Providers) - populate(objectMap, "source", m.Source) - populate(objectMap, "support", m.Support) - populate(objectMap, "threatAnalysisTactics", m.ThreatAnalysisTactics) - populate(objectMap, "threatAnalysisTechniques", m.ThreatAnalysisTechniques) - populate(objectMap, "version", m.Version) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type MetadataPropertiesPatch. -func (m *MetadataPropertiesPatch) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "author": - err = unpopulate(val, "Author", &m.Author) - delete(rawMsg, key) - case "categories": - err = unpopulate(val, "Categories", &m.Categories) - delete(rawMsg, key) - case "contentId": - err = unpopulate(val, "ContentID", &m.ContentID) - delete(rawMsg, key) - case "contentSchemaVersion": - err = unpopulate(val, "ContentSchemaVersion", &m.ContentSchemaVersion) - delete(rawMsg, key) - case "customVersion": - err = unpopulate(val, "CustomVersion", &m.CustomVersion) - delete(rawMsg, key) - case "dependencies": - err = unpopulate(val, "Dependencies", &m.Dependencies) - delete(rawMsg, key) - case "firstPublishDate": - err = unpopulateDateType(val, "FirstPublishDate", &m.FirstPublishDate) - delete(rawMsg, key) - case "icon": - err = unpopulate(val, "Icon", &m.Icon) - delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &m.Kind) - delete(rawMsg, key) - case "lastPublishDate": - err = unpopulateDateType(val, "LastPublishDate", &m.LastPublishDate) - delete(rawMsg, key) - case "parentId": - err = unpopulate(val, "ParentID", &m.ParentID) - delete(rawMsg, key) - case "previewImages": - err = unpopulate(val, "PreviewImages", &m.PreviewImages) - delete(rawMsg, key) - case "previewImagesDark": - err = unpopulate(val, "PreviewImagesDark", &m.PreviewImagesDark) - delete(rawMsg, key) - case "providers": - err = unpopulate(val, "Providers", &m.Providers) - delete(rawMsg, key) - case "source": - err = unpopulate(val, "Source", &m.Source) - delete(rawMsg, key) - case "support": - err = unpopulate(val, "Support", &m.Support) - delete(rawMsg, key) - case "threatAnalysisTactics": - err = unpopulate(val, "ThreatAnalysisTactics", &m.ThreatAnalysisTactics) - delete(rawMsg, key) - case "threatAnalysisTechniques": - err = unpopulate(val, "ThreatAnalysisTechniques", &m.ThreatAnalysisTechniques) - delete(rawMsg, key) - case "version": - err = unpopulate(val, "Version", &m.Version) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type MetadataSource. -func (m MetadataSource) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "kind", m.Kind) - populate(objectMap, "name", m.Name) - populate(objectMap, "sourceId", m.SourceID) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type MetadataSource. -func (m *MetadataSource) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "kind": - err = unpopulate(val, "Kind", &m.Kind) - delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &m.Name) - delete(rawMsg, key) - case "sourceId": - err = unpopulate(val, "SourceID", &m.SourceID) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type MetadataSupport. -func (m MetadataSupport) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "email", m.Email) - populate(objectMap, "link", m.Link) - populate(objectMap, "name", m.Name) - populate(objectMap, "tier", m.Tier) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type MetadataSupport. -func (m *MetadataSupport) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "email": - err = unpopulate(val, "Email", &m.Email) - delete(rawMsg, key) - case "link": - err = unpopulate(val, "Link", &m.Link) - delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &m.Name) - delete(rawMsg, key) - case "tier": - err = unpopulate(val, "Tier", &m.Tier) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type MicrosoftSecurityIncidentCreationAlertRule. -func (m MicrosoftSecurityIncidentCreationAlertRule) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "etag", m.Etag) - populate(objectMap, "id", m.ID) - objectMap["kind"] = AlertRuleKindMicrosoftSecurityIncidentCreation - populate(objectMap, "name", m.Name) - populate(objectMap, "properties", m.Properties) - populate(objectMap, "systemData", m.SystemData) - populate(objectMap, "type", m.Type) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type MicrosoftSecurityIncidentCreationAlertRule. -func (m *MicrosoftSecurityIncidentCreationAlertRule) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "etag": - err = unpopulate(val, "Etag", &m.Etag) - delete(rawMsg, key) - case "id": - err = unpopulate(val, "ID", &m.ID) - delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &m.Kind) - delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &m.Name) - delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &m.Properties) - delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &m.SystemData) - delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &m.Type) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type MicrosoftSecurityIncidentCreationAlertRuleProperties. -func (m MicrosoftSecurityIncidentCreationAlertRuleProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "alertRuleTemplateName", m.AlertRuleTemplateName) - populate(objectMap, "description", m.Description) - populate(objectMap, "displayName", m.DisplayName) - populate(objectMap, "displayNamesExcludeFilter", m.DisplayNamesExcludeFilter) - populate(objectMap, "displayNamesFilter", m.DisplayNamesFilter) - populate(objectMap, "enabled", m.Enabled) - populateDateTimeRFC3339(objectMap, "lastModifiedUtc", m.LastModifiedUTC) - populate(objectMap, "productFilter", m.ProductFilter) - populate(objectMap, "severitiesFilter", m.SeveritiesFilter) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type MicrosoftSecurityIncidentCreationAlertRuleProperties. -func (m *MicrosoftSecurityIncidentCreationAlertRuleProperties) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "alertRuleTemplateName": - err = unpopulate(val, "AlertRuleTemplateName", &m.AlertRuleTemplateName) - delete(rawMsg, key) - case "description": - err = unpopulate(val, "Description", &m.Description) - delete(rawMsg, key) - case "displayName": - err = unpopulate(val, "DisplayName", &m.DisplayName) - delete(rawMsg, key) - case "displayNamesExcludeFilter": - err = unpopulate(val, "DisplayNamesExcludeFilter", &m.DisplayNamesExcludeFilter) - delete(rawMsg, key) - case "displayNamesFilter": - err = unpopulate(val, "DisplayNamesFilter", &m.DisplayNamesFilter) - delete(rawMsg, key) - case "enabled": - err = unpopulate(val, "Enabled", &m.Enabled) - delete(rawMsg, key) - case "lastModifiedUtc": - err = unpopulateDateTimeRFC3339(val, "LastModifiedUTC", &m.LastModifiedUTC) - delete(rawMsg, key) - case "productFilter": - err = unpopulate(val, "ProductFilter", &m.ProductFilter) - delete(rawMsg, key) - case "severitiesFilter": - err = unpopulate(val, "SeveritiesFilter", &m.SeveritiesFilter) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type MicrosoftSecurityIncidentCreationAlertRuleTemplate. -func (m MicrosoftSecurityIncidentCreationAlertRuleTemplate) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "id", m.ID) - objectMap["kind"] = AlertRuleKindMicrosoftSecurityIncidentCreation - populate(objectMap, "name", m.Name) - populate(objectMap, "properties", m.Properties) - populate(objectMap, "systemData", m.SystemData) - populate(objectMap, "type", m.Type) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type MicrosoftSecurityIncidentCreationAlertRuleTemplate. -func (m *MicrosoftSecurityIncidentCreationAlertRuleTemplate) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "id": - err = unpopulate(val, "ID", &m.ID) - delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &m.Kind) - delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &m.Name) - delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &m.Properties) - delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &m.SystemData) - delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &m.Type) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties. -func (m MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "alertRulesCreatedByTemplateCount", m.AlertRulesCreatedByTemplateCount) - populateDateTimeRFC3339(objectMap, "createdDateUTC", m.CreatedDateUTC) - populate(objectMap, "description", m.Description) - populate(objectMap, "displayName", m.DisplayName) - populate(objectMap, "displayNamesExcludeFilter", m.DisplayNamesExcludeFilter) - populate(objectMap, "displayNamesFilter", m.DisplayNamesFilter) - populateDateTimeRFC3339(objectMap, "lastUpdatedDateUTC", m.LastUpdatedDateUTC) - populate(objectMap, "productFilter", m.ProductFilter) - populate(objectMap, "requiredDataConnectors", m.RequiredDataConnectors) - populate(objectMap, "severitiesFilter", m.SeveritiesFilter) - populate(objectMap, "status", m.Status) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties. -func (m *MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "alertRulesCreatedByTemplateCount": - err = unpopulate(val, "AlertRulesCreatedByTemplateCount", &m.AlertRulesCreatedByTemplateCount) - delete(rawMsg, key) - case "createdDateUTC": - err = unpopulateDateTimeRFC3339(val, "CreatedDateUTC", &m.CreatedDateUTC) - delete(rawMsg, key) - case "description": - err = unpopulate(val, "Description", &m.Description) - delete(rawMsg, key) - case "displayName": - err = unpopulate(val, "DisplayName", &m.DisplayName) - delete(rawMsg, key) - case "displayNamesExcludeFilter": - err = unpopulate(val, "DisplayNamesExcludeFilter", &m.DisplayNamesExcludeFilter) - delete(rawMsg, key) - case "displayNamesFilter": - err = unpopulate(val, "DisplayNamesFilter", &m.DisplayNamesFilter) - delete(rawMsg, key) - case "lastUpdatedDateUTC": - err = unpopulateDateTimeRFC3339(val, "LastUpdatedDateUTC", &m.LastUpdatedDateUTC) - delete(rawMsg, key) - case "productFilter": - err = unpopulate(val, "ProductFilter", &m.ProductFilter) - delete(rawMsg, key) - case "requiredDataConnectors": - err = unpopulate(val, "RequiredDataConnectors", &m.RequiredDataConnectors) - delete(rawMsg, key) - case "severitiesFilter": - err = unpopulate(val, "SeveritiesFilter", &m.SeveritiesFilter) - delete(rawMsg, key) - case "status": - err = unpopulate(val, "Status", &m.Status) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type MtpCheckRequirements. -func (m MtpCheckRequirements) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - objectMap["kind"] = DataConnectorKindMicrosoftThreatProtection - populate(objectMap, "properties", m.Properties) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type MtpCheckRequirements. -func (m *MtpCheckRequirements) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "kind": - err = unpopulate(val, "Kind", &m.Kind) - delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &m.Properties) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", m, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type NicEntity. -func (n NicEntity) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "id", n.ID) - objectMap["kind"] = EntityKindNic - populate(objectMap, "name", n.Name) - populate(objectMap, "properties", n.Properties) - populate(objectMap, "systemData", n.SystemData) - populate(objectMap, "type", n.Type) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type NicEntity. -func (n *NicEntity) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", n, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "id": - err = unpopulate(val, "ID", &n.ID) - delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &n.Kind) - delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &n.Name) - delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &n.Properties) - delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &n.SystemData) - delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &n.Type) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", n, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type NicEntityProperties. -func (n NicEntityProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "additionalData", n.AdditionalData) - populate(objectMap, "friendlyName", n.FriendlyName) - populate(objectMap, "ipAddressEntityId", n.IPAddressEntityID) - populate(objectMap, "macAddress", n.MacAddress) - populate(objectMap, "vlans", n.Vlans) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type NicEntityProperties. -func (n *NicEntityProperties) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", n, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "additionalData": - err = unpopulate(val, "AdditionalData", &n.AdditionalData) - delete(rawMsg, key) - case "friendlyName": - err = unpopulate(val, "FriendlyName", &n.FriendlyName) - delete(rawMsg, key) - case "ipAddressEntityId": - err = unpopulate(val, "IPAddressEntityID", &n.IPAddressEntityID) - delete(rawMsg, key) - case "macAddress": - err = unpopulate(val, "MacAddress", &n.MacAddress) - delete(rawMsg, key) - case "vlans": - err = unpopulate(val, "Vlans", &n.Vlans) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", n, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type NrtAlertRule. -func (n NrtAlertRule) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "etag", n.Etag) - populate(objectMap, "id", n.ID) - objectMap["kind"] = AlertRuleKindNRT - populate(objectMap, "name", n.Name) - populate(objectMap, "properties", n.Properties) - populate(objectMap, "systemData", n.SystemData) - populate(objectMap, "type", n.Type) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type NrtAlertRule. -func (n *NrtAlertRule) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", n, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "etag": - err = unpopulate(val, "Etag", &n.Etag) - delete(rawMsg, key) - case "id": - err = unpopulate(val, "ID", &n.ID) - delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &n.Kind) - delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &n.Name) - delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &n.Properties) - delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &n.SystemData) - delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &n.Type) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", n, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type NrtAlertRuleProperties. -func (n NrtAlertRuleProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "alertDetailsOverride", n.AlertDetailsOverride) - populate(objectMap, "alertRuleTemplateName", n.AlertRuleTemplateName) - populate(objectMap, "customDetails", n.CustomDetails) - populate(objectMap, "description", n.Description) - populate(objectMap, "displayName", n.DisplayName) - populate(objectMap, "enabled", n.Enabled) - populate(objectMap, "entityMappings", n.EntityMappings) - populate(objectMap, "eventGroupingSettings", n.EventGroupingSettings) - populate(objectMap, "incidentConfiguration", n.IncidentConfiguration) - populateDateTimeRFC3339(objectMap, "lastModifiedUtc", n.LastModifiedUTC) - populate(objectMap, "query", n.Query) - populate(objectMap, "severity", n.Severity) - populate(objectMap, "suppressionDuration", n.SuppressionDuration) - populate(objectMap, "suppressionEnabled", n.SuppressionEnabled) - populate(objectMap, "tactics", n.Tactics) - populate(objectMap, "techniques", n.Techniques) - populate(objectMap, "templateVersion", n.TemplateVersion) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type NrtAlertRuleProperties. -func (n *NrtAlertRuleProperties) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", n, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "alertDetailsOverride": - err = unpopulate(val, "AlertDetailsOverride", &n.AlertDetailsOverride) - delete(rawMsg, key) - case "alertRuleTemplateName": - err = unpopulate(val, "AlertRuleTemplateName", &n.AlertRuleTemplateName) - delete(rawMsg, key) - case "customDetails": - err = unpopulate(val, "CustomDetails", &n.CustomDetails) - delete(rawMsg, key) - case "description": - err = unpopulate(val, "Description", &n.Description) - delete(rawMsg, key) - case "displayName": - err = unpopulate(val, "DisplayName", &n.DisplayName) - delete(rawMsg, key) - case "enabled": - err = unpopulate(val, "Enabled", &n.Enabled) - delete(rawMsg, key) - case "entityMappings": - err = unpopulate(val, "EntityMappings", &n.EntityMappings) - delete(rawMsg, key) - case "eventGroupingSettings": - err = unpopulate(val, "EventGroupingSettings", &n.EventGroupingSettings) - delete(rawMsg, key) - case "incidentConfiguration": - err = unpopulate(val, "IncidentConfiguration", &n.IncidentConfiguration) - delete(rawMsg, key) - case "lastModifiedUtc": - err = unpopulateDateTimeRFC3339(val, "LastModifiedUTC", &n.LastModifiedUTC) - delete(rawMsg, key) - case "query": - err = unpopulate(val, "Query", &n.Query) - delete(rawMsg, key) - case "severity": - err = unpopulate(val, "Severity", &n.Severity) - delete(rawMsg, key) - case "suppressionDuration": - err = unpopulate(val, "SuppressionDuration", &n.SuppressionDuration) - delete(rawMsg, key) - case "suppressionEnabled": - err = unpopulate(val, "SuppressionEnabled", &n.SuppressionEnabled) - delete(rawMsg, key) - case "tactics": - err = unpopulate(val, "Tactics", &n.Tactics) - delete(rawMsg, key) - case "techniques": - err = unpopulate(val, "Techniques", &n.Techniques) - delete(rawMsg, key) - case "templateVersion": - err = unpopulate(val, "TemplateVersion", &n.TemplateVersion) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", n, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type NrtAlertRuleTemplate. -func (n NrtAlertRuleTemplate) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "id", n.ID) - objectMap["kind"] = AlertRuleKindNRT - populate(objectMap, "name", n.Name) - populate(objectMap, "properties", n.Properties) - populate(objectMap, "systemData", n.SystemData) - populate(objectMap, "type", n.Type) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type NrtAlertRuleTemplate. -func (n *NrtAlertRuleTemplate) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", n, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "id": - err = unpopulate(val, "ID", &n.ID) - delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &n.Kind) - delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &n.Name) - delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &n.Properties) - delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &n.SystemData) - delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &n.Type) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", n, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type NrtAlertRuleTemplateProperties. -func (n NrtAlertRuleTemplateProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "alertDetailsOverride", n.AlertDetailsOverride) - populate(objectMap, "alertRulesCreatedByTemplateCount", n.AlertRulesCreatedByTemplateCount) - populateDateTimeRFC3339(objectMap, "createdDateUTC", n.CreatedDateUTC) - populate(objectMap, "customDetails", n.CustomDetails) - populate(objectMap, "description", n.Description) - populate(objectMap, "displayName", n.DisplayName) - populate(objectMap, "entityMappings", n.EntityMappings) - populate(objectMap, "eventGroupingSettings", n.EventGroupingSettings) - populateDateTimeRFC3339(objectMap, "lastUpdatedDateUTC", n.LastUpdatedDateUTC) - populate(objectMap, "query", n.Query) - populate(objectMap, "requiredDataConnectors", n.RequiredDataConnectors) - populate(objectMap, "severity", n.Severity) - populate(objectMap, "status", n.Status) - populate(objectMap, "tactics", n.Tactics) - populate(objectMap, "techniques", n.Techniques) - populate(objectMap, "version", n.Version) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type NrtAlertRuleTemplateProperties. -func (n *NrtAlertRuleTemplateProperties) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", n, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "alertDetailsOverride": - err = unpopulate(val, "AlertDetailsOverride", &n.AlertDetailsOverride) - delete(rawMsg, key) - case "alertRulesCreatedByTemplateCount": - err = unpopulate(val, "AlertRulesCreatedByTemplateCount", &n.AlertRulesCreatedByTemplateCount) - delete(rawMsg, key) - case "createdDateUTC": - err = unpopulateDateTimeRFC3339(val, "CreatedDateUTC", &n.CreatedDateUTC) - delete(rawMsg, key) - case "customDetails": - err = unpopulate(val, "CustomDetails", &n.CustomDetails) - delete(rawMsg, key) - case "description": - err = unpopulate(val, "Description", &n.Description) - delete(rawMsg, key) - case "displayName": - err = unpopulate(val, "DisplayName", &n.DisplayName) - delete(rawMsg, key) - case "entityMappings": - err = unpopulate(val, "EntityMappings", &n.EntityMappings) - delete(rawMsg, key) - case "eventGroupingSettings": - err = unpopulate(val, "EventGroupingSettings", &n.EventGroupingSettings) - delete(rawMsg, key) - case "lastUpdatedDateUTC": - err = unpopulateDateTimeRFC3339(val, "LastUpdatedDateUTC", &n.LastUpdatedDateUTC) - delete(rawMsg, key) - case "query": - err = unpopulate(val, "Query", &n.Query) - delete(rawMsg, key) - case "requiredDataConnectors": - err = unpopulate(val, "RequiredDataConnectors", &n.RequiredDataConnectors) - delete(rawMsg, key) - case "severity": - err = unpopulate(val, "Severity", &n.Severity) - delete(rawMsg, key) - case "status": - err = unpopulate(val, "Status", &n.Status) - delete(rawMsg, key) - case "tactics": - err = unpopulate(val, "Tactics", &n.Tactics) - delete(rawMsg, key) - case "techniques": - err = unpopulate(val, "Techniques", &n.Techniques) - delete(rawMsg, key) - case "version": - err = unpopulate(val, "Version", &n.Version) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", n, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type Office365ProjectCheckRequirements. -func (o Office365ProjectCheckRequirements) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - objectMap["kind"] = DataConnectorKindOffice365Project - populate(objectMap, "properties", o.Properties) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type Office365ProjectCheckRequirements. -func (o *Office365ProjectCheckRequirements) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", o, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "kind": - err = unpopulate(val, "Kind", &o.Kind) - delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &o.Properties) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", o, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type Office365ProjectCheckRequirementsProperties. -func (o Office365ProjectCheckRequirementsProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "tenantId", o.TenantID) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type Office365ProjectCheckRequirementsProperties. -func (o *Office365ProjectCheckRequirementsProperties) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", o, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "tenantId": - err = unpopulate(val, "TenantID", &o.TenantID) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", o, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type Office365ProjectConnectorDataTypes. -func (o Office365ProjectConnectorDataTypes) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "logs", o.Logs) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type Office365ProjectConnectorDataTypes. -func (o *Office365ProjectConnectorDataTypes) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", o, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "logs": - err = unpopulate(val, "Logs", &o.Logs) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", o, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type Office365ProjectConnectorDataTypesLogs. -func (o Office365ProjectConnectorDataTypesLogs) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "state", o.State) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type Office365ProjectConnectorDataTypesLogs. -func (o *Office365ProjectConnectorDataTypesLogs) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", o, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "state": - err = unpopulate(val, "State", &o.State) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", o, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type Office365ProjectDataConnector. -func (o Office365ProjectDataConnector) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "etag", o.Etag) - populate(objectMap, "id", o.ID) - objectMap["kind"] = DataConnectorKindOffice365Project - populate(objectMap, "name", o.Name) - populate(objectMap, "properties", o.Properties) - populate(objectMap, "systemData", o.SystemData) - populate(objectMap, "type", o.Type) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type Office365ProjectDataConnector. -func (o *Office365ProjectDataConnector) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", o, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "etag": - err = unpopulate(val, "Etag", &o.Etag) - delete(rawMsg, key) - case "id": - err = unpopulate(val, "ID", &o.ID) - delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &o.Kind) - delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &o.Name) - delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &o.Properties) - delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &o.SystemData) - delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &o.Type) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", o, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type Office365ProjectDataConnectorProperties. -func (o Office365ProjectDataConnectorProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "dataTypes", o.DataTypes) - populate(objectMap, "tenantId", o.TenantID) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type Office365ProjectDataConnectorProperties. -func (o *Office365ProjectDataConnectorProperties) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", o, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "dataTypes": - err = unpopulate(val, "DataTypes", &o.DataTypes) - delete(rawMsg, key) - case "tenantId": - err = unpopulate(val, "TenantID", &o.TenantID) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", o, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type OfficeATPCheckRequirements. -func (o OfficeATPCheckRequirements) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - objectMap["kind"] = DataConnectorKindOfficeATP - populate(objectMap, "properties", o.Properties) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type OfficeATPCheckRequirements. -func (o *OfficeATPCheckRequirements) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", o, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "kind": - err = unpopulate(val, "Kind", &o.Kind) - delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &o.Properties) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", o, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type OfficeATPCheckRequirementsProperties. -func (o OfficeATPCheckRequirementsProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "tenantId", o.TenantID) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type OfficeATPCheckRequirementsProperties. -func (o *OfficeATPCheckRequirementsProperties) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", o, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "tenantId": - err = unpopulate(val, "TenantID", &o.TenantID) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", o, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type OfficeATPDataConnector. -func (o OfficeATPDataConnector) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "etag", o.Etag) - populate(objectMap, "id", o.ID) - objectMap["kind"] = DataConnectorKindOfficeATP - populate(objectMap, "name", o.Name) - populate(objectMap, "properties", o.Properties) - populate(objectMap, "systemData", o.SystemData) - populate(objectMap, "type", o.Type) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type OfficeATPDataConnector. -func (o *OfficeATPDataConnector) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", o, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "etag": - err = unpopulate(val, "Etag", &o.Etag) - delete(rawMsg, key) - case "id": - err = unpopulate(val, "ID", &o.ID) - delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &o.Kind) - delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &o.Name) - delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &o.Properties) - delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &o.SystemData) - delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &o.Type) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", o, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type OfficeATPDataConnectorProperties. -func (o OfficeATPDataConnectorProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "dataTypes", o.DataTypes) - populate(objectMap, "tenantId", o.TenantID) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type OfficeATPDataConnectorProperties. -func (o *OfficeATPDataConnectorProperties) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", o, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "dataTypes": - err = unpopulate(val, "DataTypes", &o.DataTypes) - delete(rawMsg, key) - case "tenantId": - err = unpopulate(val, "TenantID", &o.TenantID) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", o, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type OfficeConsent. -func (o OfficeConsent) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "id", o.ID) - populate(objectMap, "name", o.Name) - populate(objectMap, "properties", o.Properties) - populate(objectMap, "systemData", o.SystemData) - populate(objectMap, "type", o.Type) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type OfficeConsent. -func (o *OfficeConsent) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", o, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "id": - err = unpopulate(val, "ID", &o.ID) - delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &o.Name) - delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &o.Properties) - delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &o.SystemData) - delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &o.Type) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", o, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type OfficeConsentList. -func (o OfficeConsentList) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "nextLink", o.NextLink) - populate(objectMap, "value", o.Value) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type OfficeConsentList. -func (o *OfficeConsentList) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", o, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "nextLink": - err = unpopulate(val, "NextLink", &o.NextLink) - delete(rawMsg, key) - case "value": - err = unpopulate(val, "Value", &o.Value) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", o, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type OfficeConsentProperties. -func (o OfficeConsentProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "consentId", o.ConsentID) - populate(objectMap, "tenantId", o.TenantID) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type OfficeConsentProperties. -func (o *OfficeConsentProperties) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", o, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "consentId": - err = unpopulate(val, "ConsentID", &o.ConsentID) - delete(rawMsg, key) - case "tenantId": - err = unpopulate(val, "TenantID", &o.TenantID) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", o, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type OfficeDataConnector. -func (o OfficeDataConnector) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "etag", o.Etag) - populate(objectMap, "id", o.ID) - objectMap["kind"] = DataConnectorKindOffice365 - populate(objectMap, "name", o.Name) - populate(objectMap, "properties", o.Properties) - populate(objectMap, "systemData", o.SystemData) - populate(objectMap, "type", o.Type) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type OfficeDataConnector. -func (o *OfficeDataConnector) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", o, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "etag": - err = unpopulate(val, "Etag", &o.Etag) - delete(rawMsg, key) - case "id": - err = unpopulate(val, "ID", &o.ID) - delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &o.Kind) - delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &o.Name) - delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &o.Properties) - delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &o.SystemData) - delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &o.Type) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", o, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type OfficeDataConnectorDataTypes. -func (o OfficeDataConnectorDataTypes) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "exchange", o.Exchange) - populate(objectMap, "sharePoint", o.SharePoint) - populate(objectMap, "teams", o.Teams) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type OfficeDataConnectorDataTypes. -func (o *OfficeDataConnectorDataTypes) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", o, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "exchange": - err = unpopulate(val, "Exchange", &o.Exchange) - delete(rawMsg, key) - case "sharePoint": - err = unpopulate(val, "SharePoint", &o.SharePoint) - delete(rawMsg, key) - case "teams": - err = unpopulate(val, "Teams", &o.Teams) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", o, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type OfficeDataConnectorDataTypesExchange. -func (o OfficeDataConnectorDataTypesExchange) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "state", o.State) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type OfficeDataConnectorDataTypesExchange. -func (o *OfficeDataConnectorDataTypesExchange) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", o, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "state": - err = unpopulate(val, "State", &o.State) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", o, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type OfficeDataConnectorDataTypesSharePoint. -func (o OfficeDataConnectorDataTypesSharePoint) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "state", o.State) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type OfficeDataConnectorDataTypesSharePoint. -func (o *OfficeDataConnectorDataTypesSharePoint) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", o, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "state": - err = unpopulate(val, "State", &o.State) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", o, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type OfficeDataConnectorDataTypesTeams. -func (o OfficeDataConnectorDataTypesTeams) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "state", o.State) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type OfficeDataConnectorDataTypesTeams. -func (o *OfficeDataConnectorDataTypesTeams) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", o, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "state": - err = unpopulate(val, "State", &o.State) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", o, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type OfficeDataConnectorProperties. -func (o OfficeDataConnectorProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "dataTypes", o.DataTypes) - populate(objectMap, "tenantId", o.TenantID) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type OfficeDataConnectorProperties. -func (o *OfficeDataConnectorProperties) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", o, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "dataTypes": - err = unpopulate(val, "DataTypes", &o.DataTypes) - delete(rawMsg, key) - case "tenantId": - err = unpopulate(val, "TenantID", &o.TenantID) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", o, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type OfficeIRMCheckRequirements. -func (o OfficeIRMCheckRequirements) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - objectMap["kind"] = DataConnectorKindOfficeIRM - populate(objectMap, "properties", o.Properties) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type OfficeIRMCheckRequirements. -func (o *OfficeIRMCheckRequirements) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", o, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "kind": - err = unpopulate(val, "Kind", &o.Kind) - delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &o.Properties) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", o, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type OfficeIRMCheckRequirementsProperties. -func (o OfficeIRMCheckRequirementsProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "tenantId", o.TenantID) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type OfficeIRMCheckRequirementsProperties. -func (o *OfficeIRMCheckRequirementsProperties) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", o, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "tenantId": - err = unpopulate(val, "TenantID", &o.TenantID) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", o, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type OfficeIRMDataConnector. -func (o OfficeIRMDataConnector) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "etag", o.Etag) - populate(objectMap, "id", o.ID) - objectMap["kind"] = DataConnectorKindOfficeIRM - populate(objectMap, "name", o.Name) - populate(objectMap, "properties", o.Properties) - populate(objectMap, "systemData", o.SystemData) - populate(objectMap, "type", o.Type) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type OfficeIRMDataConnector. -func (o *OfficeIRMDataConnector) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", o, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "etag": - err = unpopulate(val, "Etag", &o.Etag) - delete(rawMsg, key) - case "id": - err = unpopulate(val, "ID", &o.ID) - delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &o.Kind) - delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &o.Name) - delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &o.Properties) - delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &o.SystemData) - delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &o.Type) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", o, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type OfficeIRMDataConnectorProperties. -func (o OfficeIRMDataConnectorProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "dataTypes", o.DataTypes) - populate(objectMap, "tenantId", o.TenantID) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type OfficeIRMDataConnectorProperties. -func (o *OfficeIRMDataConnectorProperties) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", o, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "dataTypes": - err = unpopulate(val, "DataTypes", &o.DataTypes) - delete(rawMsg, key) - case "tenantId": - err = unpopulate(val, "TenantID", &o.TenantID) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", o, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type OfficePowerBICheckRequirements. -func (o OfficePowerBICheckRequirements) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - objectMap["kind"] = DataConnectorKindOfficePowerBI - populate(objectMap, "properties", o.Properties) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type OfficePowerBICheckRequirements. -func (o *OfficePowerBICheckRequirements) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", o, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "kind": - err = unpopulate(val, "Kind", &o.Kind) - delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &o.Properties) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", o, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type OfficePowerBICheckRequirementsProperties. -func (o OfficePowerBICheckRequirementsProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "tenantId", o.TenantID) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type OfficePowerBICheckRequirementsProperties. -func (o *OfficePowerBICheckRequirementsProperties) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", o, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "tenantId": - err = unpopulate(val, "TenantID", &o.TenantID) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", o, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type OfficePowerBIConnectorDataTypes. -func (o OfficePowerBIConnectorDataTypes) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "logs", o.Logs) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type OfficePowerBIConnectorDataTypes. -func (o *OfficePowerBIConnectorDataTypes) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", o, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "logs": - err = unpopulate(val, "Logs", &o.Logs) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", o, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type OfficePowerBIConnectorDataTypesLogs. -func (o OfficePowerBIConnectorDataTypesLogs) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "state", o.State) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type OfficePowerBIConnectorDataTypesLogs. -func (o *OfficePowerBIConnectorDataTypesLogs) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", o, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "state": - err = unpopulate(val, "State", &o.State) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", o, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type OfficePowerBIDataConnector. -func (o OfficePowerBIDataConnector) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "etag", o.Etag) - populate(objectMap, "id", o.ID) - objectMap["kind"] = DataConnectorKindOfficePowerBI - populate(objectMap, "name", o.Name) - populate(objectMap, "properties", o.Properties) - populate(objectMap, "systemData", o.SystemData) - populate(objectMap, "type", o.Type) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type OfficePowerBIDataConnector. -func (o *OfficePowerBIDataConnector) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", o, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "etag": - err = unpopulate(val, "Etag", &o.Etag) - delete(rawMsg, key) - case "id": - err = unpopulate(val, "ID", &o.ID) - delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &o.Kind) - delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &o.Name) - delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &o.Properties) - delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &o.SystemData) - delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &o.Type) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", o, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type OfficePowerBIDataConnectorProperties. -func (o OfficePowerBIDataConnectorProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "dataTypes", o.DataTypes) - populate(objectMap, "tenantId", o.TenantID) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type OfficePowerBIDataConnectorProperties. -func (o *OfficePowerBIDataConnectorProperties) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", o, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "dataTypes": - err = unpopulate(val, "DataTypes", &o.DataTypes) - delete(rawMsg, key) - case "tenantId": - err = unpopulate(val, "TenantID", &o.TenantID) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", o, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type Operation. -func (o Operation) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "display", o.Display) - populate(objectMap, "isDataAction", o.IsDataAction) - populate(objectMap, "name", o.Name) - populate(objectMap, "origin", o.Origin) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type Operation. -func (o *Operation) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", o, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "display": - err = unpopulate(val, "Display", &o.Display) - delete(rawMsg, key) - case "isDataAction": - err = unpopulate(val, "IsDataAction", &o.IsDataAction) - delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &o.Name) - delete(rawMsg, key) - case "origin": - err = unpopulate(val, "Origin", &o.Origin) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", o, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type OperationDisplay. -func (o OperationDisplay) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "description", o.Description) - populate(objectMap, "operation", o.Operation) - populate(objectMap, "provider", o.Provider) - populate(objectMap, "resource", o.Resource) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type OperationDisplay. -func (o *OperationDisplay) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", o, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "description": - err = unpopulate(val, "Description", &o.Description) - delete(rawMsg, key) - case "operation": - err = unpopulate(val, "Operation", &o.Operation) - delete(rawMsg, key) - case "provider": - err = unpopulate(val, "Provider", &o.Provider) - delete(rawMsg, key) - case "resource": - err = unpopulate(val, "Resource", &o.Resource) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", o, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type OperationsList. -func (o OperationsList) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "nextLink", o.NextLink) - populate(objectMap, "value", o.Value) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type OperationsList. -func (o *OperationsList) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", o, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "nextLink": - err = unpopulate(val, "NextLink", &o.NextLink) - delete(rawMsg, key) - case "value": - err = unpopulate(val, "Value", &o.Value) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", o, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type Permissions. -func (p Permissions) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "customs", p.Customs) - populate(objectMap, "resourceProvider", p.ResourceProvider) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type Permissions. -func (p *Permissions) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", p, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "customs": - err = unpopulate(val, "Customs", &p.Customs) - delete(rawMsg, key) - case "resourceProvider": - err = unpopulate(val, "ResourceProvider", &p.ResourceProvider) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", p, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type PermissionsCustomsItem. -func (p PermissionsCustomsItem) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "description", p.Description) - populate(objectMap, "name", p.Name) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type PermissionsCustomsItem. -func (p *PermissionsCustomsItem) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", p, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "description": - err = unpopulate(val, "Description", &p.Description) - delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &p.Name) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", p, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type PermissionsResourceProviderItem. -func (p PermissionsResourceProviderItem) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "permissionsDisplayText", p.PermissionsDisplayText) - populate(objectMap, "provider", p.Provider) - populate(objectMap, "providerDisplayName", p.ProviderDisplayName) - populate(objectMap, "requiredPermissions", p.RequiredPermissions) - populate(objectMap, "scope", p.Scope) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type PermissionsResourceProviderItem. -func (p *PermissionsResourceProviderItem) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", p, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "permissionsDisplayText": - err = unpopulate(val, "PermissionsDisplayText", &p.PermissionsDisplayText) - delete(rawMsg, key) - case "provider": - err = unpopulate(val, "Provider", &p.Provider) - delete(rawMsg, key) - case "providerDisplayName": - err = unpopulate(val, "ProviderDisplayName", &p.ProviderDisplayName) - delete(rawMsg, key) - case "requiredPermissions": - err = unpopulate(val, "RequiredPermissions", &p.RequiredPermissions) - delete(rawMsg, key) - case "scope": - err = unpopulate(val, "Scope", &p.Scope) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", p, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type PlaybookActionProperties. -func (p PlaybookActionProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "logicAppResourceId", p.LogicAppResourceID) - populate(objectMap, "tenantId", p.TenantID) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type PlaybookActionProperties. -func (p *PlaybookActionProperties) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", p, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "logicAppResourceId": - err = unpopulate(val, "LogicAppResourceID", &p.LogicAppResourceID) - delete(rawMsg, key) - case "tenantId": - err = unpopulate(val, "TenantID", &p.TenantID) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", p, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type ProcessEntity. -func (p ProcessEntity) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "id", p.ID) - objectMap["kind"] = EntityKindProcess - populate(objectMap, "name", p.Name) - populate(objectMap, "properties", p.Properties) - populate(objectMap, "systemData", p.SystemData) - populate(objectMap, "type", p.Type) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type ProcessEntity. -func (p *ProcessEntity) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", p, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "id": - err = unpopulate(val, "ID", &p.ID) - delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &p.Kind) - delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &p.Name) - delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &p.Properties) - delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &p.SystemData) - delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &p.Type) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", p, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type ProcessEntityProperties. -func (p ProcessEntityProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "accountEntityId", p.AccountEntityID) - populate(objectMap, "additionalData", p.AdditionalData) - populate(objectMap, "commandLine", p.CommandLine) - populateDateTimeRFC3339(objectMap, "creationTimeUtc", p.CreationTimeUTC) - populate(objectMap, "elevationToken", p.ElevationToken) - populate(objectMap, "friendlyName", p.FriendlyName) - populate(objectMap, "hostEntityId", p.HostEntityID) - populate(objectMap, "hostLogonSessionEntityId", p.HostLogonSessionEntityID) - populate(objectMap, "imageFileEntityId", p.ImageFileEntityID) - populate(objectMap, "parentProcessEntityId", p.ParentProcessEntityID) - populate(objectMap, "processId", p.ProcessID) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type ProcessEntityProperties. -func (p *ProcessEntityProperties) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", p, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "accountEntityId": - err = unpopulate(val, "AccountEntityID", &p.AccountEntityID) - delete(rawMsg, key) - case "additionalData": - err = unpopulate(val, "AdditionalData", &p.AdditionalData) - delete(rawMsg, key) - case "commandLine": - err = unpopulate(val, "CommandLine", &p.CommandLine) - delete(rawMsg, key) - case "creationTimeUtc": - err = unpopulateDateTimeRFC3339(val, "CreationTimeUTC", &p.CreationTimeUTC) - delete(rawMsg, key) - case "elevationToken": - err = unpopulate(val, "ElevationToken", &p.ElevationToken) - delete(rawMsg, key) - case "friendlyName": - err = unpopulate(val, "FriendlyName", &p.FriendlyName) - delete(rawMsg, key) - case "hostEntityId": - err = unpopulate(val, "HostEntityID", &p.HostEntityID) - delete(rawMsg, key) - case "hostLogonSessionEntityId": - err = unpopulate(val, "HostLogonSessionEntityID", &p.HostLogonSessionEntityID) - delete(rawMsg, key) - case "imageFileEntityId": - err = unpopulate(val, "ImageFileEntityID", &p.ImageFileEntityID) - delete(rawMsg, key) - case "parentProcessEntityId": - err = unpopulate(val, "ParentProcessEntityID", &p.ParentProcessEntityID) - delete(rawMsg, key) - case "processId": - err = unpopulate(val, "ProcessID", &p.ProcessID) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", p, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type PropertyArrayChangedConditionProperties. -func (p PropertyArrayChangedConditionProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "conditionProperties", p.ConditionProperties) - objectMap["conditionType"] = ConditionTypePropertyArrayChanged - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type PropertyArrayChangedConditionProperties. -func (p *PropertyArrayChangedConditionProperties) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", p, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "conditionProperties": - err = unpopulate(val, "ConditionProperties", &p.ConditionProperties) - delete(rawMsg, key) - case "conditionType": - err = unpopulate(val, "ConditionType", &p.ConditionType) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", p, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type PropertyArrayConditionProperties. -func (p PropertyArrayConditionProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "conditionProperties", p.ConditionProperties) - objectMap["conditionType"] = ConditionTypePropertyArray - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type PropertyArrayConditionProperties. -func (p *PropertyArrayConditionProperties) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", p, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "conditionProperties": - err = unpopulate(val, "ConditionProperties", &p.ConditionProperties) - delete(rawMsg, key) - case "conditionType": - err = unpopulate(val, "ConditionType", &p.ConditionType) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", p, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type PropertyChangedConditionProperties. -func (p PropertyChangedConditionProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "conditionProperties", p.ConditionProperties) - objectMap["conditionType"] = ConditionTypePropertyChanged - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type PropertyChangedConditionProperties. -func (p *PropertyChangedConditionProperties) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", p, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "conditionProperties": - err = unpopulate(val, "ConditionProperties", &p.ConditionProperties) - delete(rawMsg, key) - case "conditionType": - err = unpopulate(val, "ConditionType", &p.ConditionType) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", p, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type PropertyConditionProperties. -func (p PropertyConditionProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "conditionProperties", p.ConditionProperties) - objectMap["conditionType"] = ConditionTypeProperty - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type PropertyConditionProperties. -func (p *PropertyConditionProperties) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", p, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "conditionProperties": - err = unpopulate(val, "ConditionProperties", &p.ConditionProperties) - delete(rawMsg, key) - case "conditionType": - err = unpopulate(val, "ConditionType", &p.ConditionType) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", p, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type RegistryKeyEntity. -func (r RegistryKeyEntity) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "id", r.ID) - objectMap["kind"] = EntityKindRegistryKey - populate(objectMap, "name", r.Name) - populate(objectMap, "properties", r.Properties) - populate(objectMap, "systemData", r.SystemData) - populate(objectMap, "type", r.Type) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type RegistryKeyEntity. -func (r *RegistryKeyEntity) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", r, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "id": - err = unpopulate(val, "ID", &r.ID) - delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &r.Kind) - delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &r.Name) - delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &r.Properties) - delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &r.SystemData) - delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &r.Type) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", r, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type RegistryKeyEntityProperties. -func (r RegistryKeyEntityProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "additionalData", r.AdditionalData) - populate(objectMap, "friendlyName", r.FriendlyName) - populate(objectMap, "hive", r.Hive) - populate(objectMap, "key", r.Key) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type RegistryKeyEntityProperties. -func (r *RegistryKeyEntityProperties) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", r, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "additionalData": - err = unpopulate(val, "AdditionalData", &r.AdditionalData) - delete(rawMsg, key) - case "friendlyName": - err = unpopulate(val, "FriendlyName", &r.FriendlyName) - delete(rawMsg, key) - case "hive": - err = unpopulate(val, "Hive", &r.Hive) - delete(rawMsg, key) - case "key": - err = unpopulate(val, "Key", &r.Key) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", r, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type RegistryValueEntity. -func (r RegistryValueEntity) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "id", r.ID) - objectMap["kind"] = EntityKindRegistryValue - populate(objectMap, "name", r.Name) - populate(objectMap, "properties", r.Properties) - populate(objectMap, "systemData", r.SystemData) - populate(objectMap, "type", r.Type) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type RegistryValueEntity. -func (r *RegistryValueEntity) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", r, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "id": - err = unpopulate(val, "ID", &r.ID) - delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &r.Kind) - delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &r.Name) - delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &r.Properties) - delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &r.SystemData) - delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &r.Type) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", r, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type RegistryValueEntityProperties. -func (r RegistryValueEntityProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "additionalData", r.AdditionalData) - populate(objectMap, "friendlyName", r.FriendlyName) - populate(objectMap, "keyEntityId", r.KeyEntityID) - populate(objectMap, "valueData", r.ValueData) - populate(objectMap, "valueName", r.ValueName) - populate(objectMap, "valueType", r.ValueType) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type RegistryValueEntityProperties. -func (r *RegistryValueEntityProperties) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", r, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "additionalData": - err = unpopulate(val, "AdditionalData", &r.AdditionalData) - delete(rawMsg, key) - case "friendlyName": - err = unpopulate(val, "FriendlyName", &r.FriendlyName) - delete(rawMsg, key) - case "keyEntityId": - err = unpopulate(val, "KeyEntityID", &r.KeyEntityID) - delete(rawMsg, key) - case "valueData": - err = unpopulate(val, "ValueData", &r.ValueData) - delete(rawMsg, key) - case "valueName": - err = unpopulate(val, "ValueName", &r.ValueName) - delete(rawMsg, key) - case "valueType": - err = unpopulate(val, "ValueType", &r.ValueType) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", r, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type Relation. -func (r Relation) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "etag", r.Etag) - populate(objectMap, "id", r.ID) - populate(objectMap, "name", r.Name) - populate(objectMap, "properties", r.Properties) - populate(objectMap, "systemData", r.SystemData) - populate(objectMap, "type", r.Type) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type Relation. -func (r *Relation) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", r, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "etag": - err = unpopulate(val, "Etag", &r.Etag) - delete(rawMsg, key) - case "id": - err = unpopulate(val, "ID", &r.ID) - delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &r.Name) - delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &r.Properties) - delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &r.SystemData) - delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &r.Type) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", r, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type RelationList. -func (r RelationList) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "nextLink", r.NextLink) - populate(objectMap, "value", r.Value) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type RelationList. -func (r *RelationList) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", r, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "nextLink": - err = unpopulate(val, "NextLink", &r.NextLink) - delete(rawMsg, key) - case "value": - err = unpopulate(val, "Value", &r.Value) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", r, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type RelationProperties. -func (r RelationProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "relatedResourceId", r.RelatedResourceID) - populate(objectMap, "relatedResourceKind", r.RelatedResourceKind) - populate(objectMap, "relatedResourceName", r.RelatedResourceName) - populate(objectMap, "relatedResourceType", r.RelatedResourceType) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type RelationProperties. -func (r *RelationProperties) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", r, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "relatedResourceId": - err = unpopulate(val, "RelatedResourceID", &r.RelatedResourceID) - delete(rawMsg, key) - case "relatedResourceKind": - err = unpopulate(val, "RelatedResourceKind", &r.RelatedResourceKind) - delete(rawMsg, key) - case "relatedResourceName": - err = unpopulate(val, "RelatedResourceName", &r.RelatedResourceName) - delete(rawMsg, key) - case "relatedResourceType": - err = unpopulate(val, "RelatedResourceType", &r.RelatedResourceType) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", r, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type Repo. -func (r Repo) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "branches", r.Branches) - populate(objectMap, "fullName", r.FullName) - populate(objectMap, "url", r.URL) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type Repo. -func (r *Repo) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", r, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "branches": - err = unpopulate(val, "Branches", &r.Branches) - delete(rawMsg, key) - case "fullName": - err = unpopulate(val, "FullName", &r.FullName) - delete(rawMsg, key) - case "url": - err = unpopulate(val, "URL", &r.URL) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", r, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type RepoList. -func (r RepoList) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "nextLink", r.NextLink) - populate(objectMap, "value", r.Value) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type RepoList. -func (r *RepoList) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", r, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "nextLink": - err = unpopulate(val, "NextLink", &r.NextLink) - delete(rawMsg, key) - case "value": - err = unpopulate(val, "Value", &r.Value) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", r, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type Repository. -func (r Repository) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "branch", r.Branch) - populate(objectMap, "deploymentLogsUrl", r.DeploymentLogsURL) - populate(objectMap, "displayUrl", r.DisplayURL) - populate(objectMap, "pathMapping", r.PathMapping) - populate(objectMap, "url", r.URL) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type Repository. -func (r *Repository) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", r, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "branch": - err = unpopulate(val, "Branch", &r.Branch) - delete(rawMsg, key) - case "deploymentLogsUrl": - err = unpopulate(val, "DeploymentLogsURL", &r.DeploymentLogsURL) - delete(rawMsg, key) - case "displayUrl": - err = unpopulate(val, "DisplayURL", &r.DisplayURL) - delete(rawMsg, key) - case "pathMapping": - err = unpopulate(val, "PathMapping", &r.PathMapping) - delete(rawMsg, key) - case "url": - err = unpopulate(val, "URL", &r.URL) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", r, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type RepositoryResourceInfo. -func (r RepositoryResourceInfo) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "azureDevOpsResourceInfo", r.AzureDevOpsResourceInfo) - populate(objectMap, "gitHubResourceInfo", r.GitHubResourceInfo) - populate(objectMap, "webhook", r.Webhook) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type RepositoryResourceInfo. -func (r *RepositoryResourceInfo) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", r, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "azureDevOpsResourceInfo": - err = unpopulate(val, "AzureDevOpsResourceInfo", &r.AzureDevOpsResourceInfo) - delete(rawMsg, key) - case "gitHubResourceInfo": - err = unpopulate(val, "GitHubResourceInfo", &r.GitHubResourceInfo) - delete(rawMsg, key) - case "webhook": - err = unpopulate(val, "Webhook", &r.Webhook) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", r, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type RequiredPermissions. -func (r RequiredPermissions) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "action", r.Action) - populate(objectMap, "delete", r.Delete) - populate(objectMap, "read", r.Read) - populate(objectMap, "write", r.Write) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type RequiredPermissions. -func (r *RequiredPermissions) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", r, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "action": - err = unpopulate(val, "Action", &r.Action) - delete(rawMsg, key) - case "delete": - err = unpopulate(val, "Delete", &r.Delete) - delete(rawMsg, key) - case "read": - err = unpopulate(val, "Read", &r.Read) - delete(rawMsg, key) - case "write": - err = unpopulate(val, "Write", &r.Write) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", r, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type ScheduledAlertRule. -func (s ScheduledAlertRule) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "etag", s.Etag) - populate(objectMap, "id", s.ID) - objectMap["kind"] = AlertRuleKindScheduled - populate(objectMap, "name", s.Name) - populate(objectMap, "properties", s.Properties) - populate(objectMap, "systemData", s.SystemData) - populate(objectMap, "type", s.Type) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type ScheduledAlertRule. -func (s *ScheduledAlertRule) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", s, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "etag": - err = unpopulate(val, "Etag", &s.Etag) - delete(rawMsg, key) - case "id": - err = unpopulate(val, "ID", &s.ID) - delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &s.Kind) - delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &s.Name) - delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &s.Properties) - delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &s.SystemData) - delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &s.Type) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", s, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type ScheduledAlertRuleProperties. -func (s ScheduledAlertRuleProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "alertDetailsOverride", s.AlertDetailsOverride) - populate(objectMap, "alertRuleTemplateName", s.AlertRuleTemplateName) - populate(objectMap, "customDetails", s.CustomDetails) - populate(objectMap, "description", s.Description) - populate(objectMap, "displayName", s.DisplayName) - populate(objectMap, "enabled", s.Enabled) - populate(objectMap, "entityMappings", s.EntityMappings) - populate(objectMap, "eventGroupingSettings", s.EventGroupingSettings) - populate(objectMap, "incidentConfiguration", s.IncidentConfiguration) - populateDateTimeRFC3339(objectMap, "lastModifiedUtc", s.LastModifiedUTC) - populate(objectMap, "query", s.Query) - populate(objectMap, "queryFrequency", s.QueryFrequency) - populate(objectMap, "queryPeriod", s.QueryPeriod) - populate(objectMap, "severity", s.Severity) - populate(objectMap, "suppressionDuration", s.SuppressionDuration) - populate(objectMap, "suppressionEnabled", s.SuppressionEnabled) - populate(objectMap, "tactics", s.Tactics) - populate(objectMap, "techniques", s.Techniques) - populate(objectMap, "templateVersion", s.TemplateVersion) - populate(objectMap, "triggerOperator", s.TriggerOperator) - populate(objectMap, "triggerThreshold", s.TriggerThreshold) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type ScheduledAlertRuleProperties. -func (s *ScheduledAlertRuleProperties) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", s, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "alertDetailsOverride": - err = unpopulate(val, "AlertDetailsOverride", &s.AlertDetailsOverride) - delete(rawMsg, key) - case "alertRuleTemplateName": - err = unpopulate(val, "AlertRuleTemplateName", &s.AlertRuleTemplateName) - delete(rawMsg, key) - case "customDetails": - err = unpopulate(val, "CustomDetails", &s.CustomDetails) - delete(rawMsg, key) - case "description": - err = unpopulate(val, "Description", &s.Description) - delete(rawMsg, key) - case "displayName": - err = unpopulate(val, "DisplayName", &s.DisplayName) - delete(rawMsg, key) - case "enabled": - err = unpopulate(val, "Enabled", &s.Enabled) - delete(rawMsg, key) - case "entityMappings": - err = unpopulate(val, "EntityMappings", &s.EntityMappings) - delete(rawMsg, key) - case "eventGroupingSettings": - err = unpopulate(val, "EventGroupingSettings", &s.EventGroupingSettings) - delete(rawMsg, key) - case "incidentConfiguration": - err = unpopulate(val, "IncidentConfiguration", &s.IncidentConfiguration) - delete(rawMsg, key) - case "lastModifiedUtc": - err = unpopulateDateTimeRFC3339(val, "LastModifiedUTC", &s.LastModifiedUTC) - delete(rawMsg, key) - case "query": - err = unpopulate(val, "Query", &s.Query) - delete(rawMsg, key) - case "queryFrequency": - err = unpopulate(val, "QueryFrequency", &s.QueryFrequency) - delete(rawMsg, key) - case "queryPeriod": - err = unpopulate(val, "QueryPeriod", &s.QueryPeriod) - delete(rawMsg, key) - case "severity": - err = unpopulate(val, "Severity", &s.Severity) - delete(rawMsg, key) - case "suppressionDuration": - err = unpopulate(val, "SuppressionDuration", &s.SuppressionDuration) - delete(rawMsg, key) - case "suppressionEnabled": - err = unpopulate(val, "SuppressionEnabled", &s.SuppressionEnabled) - delete(rawMsg, key) - case "tactics": - err = unpopulate(val, "Tactics", &s.Tactics) - delete(rawMsg, key) - case "techniques": - err = unpopulate(val, "Techniques", &s.Techniques) - delete(rawMsg, key) - case "templateVersion": - err = unpopulate(val, "TemplateVersion", &s.TemplateVersion) - delete(rawMsg, key) - case "triggerOperator": - err = unpopulate(val, "TriggerOperator", &s.TriggerOperator) - delete(rawMsg, key) - case "triggerThreshold": - err = unpopulate(val, "TriggerThreshold", &s.TriggerThreshold) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", s, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type ScheduledAlertRuleTemplate. -func (s ScheduledAlertRuleTemplate) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "id", s.ID) - objectMap["kind"] = AlertRuleKindScheduled - populate(objectMap, "name", s.Name) - populate(objectMap, "properties", s.Properties) - populate(objectMap, "systemData", s.SystemData) - populate(objectMap, "type", s.Type) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type ScheduledAlertRuleTemplate. -func (s *ScheduledAlertRuleTemplate) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", s, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "id": - err = unpopulate(val, "ID", &s.ID) - delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &s.Kind) - delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &s.Name) - delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &s.Properties) - delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &s.SystemData) - delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &s.Type) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", s, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type ScheduledAlertRuleTemplateProperties. -func (s ScheduledAlertRuleTemplateProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "alertDetailsOverride", s.AlertDetailsOverride) - populate(objectMap, "alertRulesCreatedByTemplateCount", s.AlertRulesCreatedByTemplateCount) - populateDateTimeRFC3339(objectMap, "createdDateUTC", s.CreatedDateUTC) - populate(objectMap, "customDetails", s.CustomDetails) - populate(objectMap, "description", s.Description) - populate(objectMap, "displayName", s.DisplayName) - populate(objectMap, "entityMappings", s.EntityMappings) - populate(objectMap, "eventGroupingSettings", s.EventGroupingSettings) - populateDateTimeRFC3339(objectMap, "lastUpdatedDateUTC", s.LastUpdatedDateUTC) - populate(objectMap, "query", s.Query) - populate(objectMap, "queryFrequency", s.QueryFrequency) - populate(objectMap, "queryPeriod", s.QueryPeriod) - populate(objectMap, "requiredDataConnectors", s.RequiredDataConnectors) - populate(objectMap, "severity", s.Severity) - populate(objectMap, "status", s.Status) - populate(objectMap, "tactics", s.Tactics) - populate(objectMap, "techniques", s.Techniques) - populate(objectMap, "triggerOperator", s.TriggerOperator) - populate(objectMap, "triggerThreshold", s.TriggerThreshold) - populate(objectMap, "version", s.Version) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type ScheduledAlertRuleTemplateProperties. -func (s *ScheduledAlertRuleTemplateProperties) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", s, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "alertDetailsOverride": - err = unpopulate(val, "AlertDetailsOverride", &s.AlertDetailsOverride) - delete(rawMsg, key) - case "alertRulesCreatedByTemplateCount": - err = unpopulate(val, "AlertRulesCreatedByTemplateCount", &s.AlertRulesCreatedByTemplateCount) - delete(rawMsg, key) - case "createdDateUTC": - err = unpopulateDateTimeRFC3339(val, "CreatedDateUTC", &s.CreatedDateUTC) - delete(rawMsg, key) - case "customDetails": - err = unpopulate(val, "CustomDetails", &s.CustomDetails) - delete(rawMsg, key) - case "description": - err = unpopulate(val, "Description", &s.Description) - delete(rawMsg, key) - case "displayName": - err = unpopulate(val, "DisplayName", &s.DisplayName) - delete(rawMsg, key) - case "entityMappings": - err = unpopulate(val, "EntityMappings", &s.EntityMappings) - delete(rawMsg, key) - case "eventGroupingSettings": - err = unpopulate(val, "EventGroupingSettings", &s.EventGroupingSettings) - delete(rawMsg, key) - case "lastUpdatedDateUTC": - err = unpopulateDateTimeRFC3339(val, "LastUpdatedDateUTC", &s.LastUpdatedDateUTC) - delete(rawMsg, key) - case "query": - err = unpopulate(val, "Query", &s.Query) - delete(rawMsg, key) - case "queryFrequency": - err = unpopulate(val, "QueryFrequency", &s.QueryFrequency) - delete(rawMsg, key) - case "queryPeriod": - err = unpopulate(val, "QueryPeriod", &s.QueryPeriod) - delete(rawMsg, key) - case "requiredDataConnectors": - err = unpopulate(val, "RequiredDataConnectors", &s.RequiredDataConnectors) - delete(rawMsg, key) - case "severity": - err = unpopulate(val, "Severity", &s.Severity) - delete(rawMsg, key) - case "status": - err = unpopulate(val, "Status", &s.Status) - delete(rawMsg, key) - case "tactics": - err = unpopulate(val, "Tactics", &s.Tactics) - delete(rawMsg, key) - case "techniques": - err = unpopulate(val, "Techniques", &s.Techniques) - delete(rawMsg, key) - case "triggerOperator": - err = unpopulate(val, "TriggerOperator", &s.TriggerOperator) - delete(rawMsg, key) - case "triggerThreshold": - err = unpopulate(val, "TriggerThreshold", &s.TriggerThreshold) - delete(rawMsg, key) - case "version": - err = unpopulate(val, "Version", &s.Version) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", s, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type SecurityAlert. -func (s SecurityAlert) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "id", s.ID) - objectMap["kind"] = EntityKindSecurityAlert - populate(objectMap, "name", s.Name) - populate(objectMap, "properties", s.Properties) - populate(objectMap, "systemData", s.SystemData) - populate(objectMap, "type", s.Type) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type SecurityAlert. -func (s *SecurityAlert) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", s, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "id": - err = unpopulate(val, "ID", &s.ID) - delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &s.Kind) - delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &s.Name) - delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &s.Properties) - delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &s.SystemData) - delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &s.Type) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", s, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type SecurityAlertProperties. -func (s SecurityAlertProperties) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "additionalData", s.AdditionalData) - populate(objectMap, "alertDisplayName", s.AlertDisplayName) - populate(objectMap, "alertLink", s.AlertLink) - populate(objectMap, "alertType", s.AlertType) - populate(objectMap, "compromisedEntity", s.CompromisedEntity) - populate(objectMap, "confidenceLevel", s.ConfidenceLevel) - populate(objectMap, "confidenceReasons", s.ConfidenceReasons) - populate(objectMap, "confidenceScore", s.ConfidenceScore) - populate(objectMap, "confidenceScoreStatus", s.ConfidenceScoreStatus) - populate(objectMap, "description", s.Description) - populateDateTimeRFC3339(objectMap, "endTimeUtc", s.EndTimeUTC) - populate(objectMap, "friendlyName", s.FriendlyName) - populate(objectMap, "intent", s.Intent) - populateDateTimeRFC3339(objectMap, "processingEndTime", s.ProcessingEndTime) - populate(objectMap, "productComponentName", s.ProductComponentName) - populate(objectMap, "productName", s.ProductName) - populate(objectMap, "productVersion", s.ProductVersion) - populate(objectMap, "providerAlertId", s.ProviderAlertID) - populate(objectMap, "remediationSteps", s.RemediationSteps) - populate(objectMap, "resourceIdentifiers", s.ResourceIdentifiers) - populate(objectMap, "severity", s.Severity) - populateDateTimeRFC3339(objectMap, "startTimeUtc", s.StartTimeUTC) - populate(objectMap, "status", s.Status) - populate(objectMap, "systemAlertId", s.SystemAlertID) - populate(objectMap, "tactics", s.Tactics) - populateDateTimeRFC3339(objectMap, "timeGenerated", s.TimeGenerated) - populate(objectMap, "vendorName", s.VendorName) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type SecurityAlertProperties. -func (s *SecurityAlertProperties) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", s, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "additionalData": - err = unpopulate(val, "AdditionalData", &s.AdditionalData) - delete(rawMsg, key) - case "alertDisplayName": - err = unpopulate(val, "AlertDisplayName", &s.AlertDisplayName) - delete(rawMsg, key) - case "alertLink": - err = unpopulate(val, "AlertLink", &s.AlertLink) - delete(rawMsg, key) - case "alertType": - err = unpopulate(val, "AlertType", &s.AlertType) - delete(rawMsg, key) - case "compromisedEntity": - err = unpopulate(val, "CompromisedEntity", &s.CompromisedEntity) - delete(rawMsg, key) - case "confidenceLevel": - err = unpopulate(val, "ConfidenceLevel", &s.ConfidenceLevel) - delete(rawMsg, key) - case "confidenceReasons": - err = unpopulate(val, "ConfidenceReasons", &s.ConfidenceReasons) - delete(rawMsg, key) - case "confidenceScore": - err = unpopulate(val, "ConfidenceScore", &s.ConfidenceScore) - delete(rawMsg, key) - case "confidenceScoreStatus": - err = unpopulate(val, "ConfidenceScoreStatus", &s.ConfidenceScoreStatus) - delete(rawMsg, key) - case "description": - err = unpopulate(val, "Description", &s.Description) - delete(rawMsg, key) - case "endTimeUtc": - err = unpopulateDateTimeRFC3339(val, "EndTimeUTC", &s.EndTimeUTC) - delete(rawMsg, key) - case "friendlyName": - err = unpopulate(val, "FriendlyName", &s.FriendlyName) - delete(rawMsg, key) - case "intent": - err = unpopulate(val, "Intent", &s.Intent) - delete(rawMsg, key) - case "processingEndTime": - err = unpopulateDateTimeRFC3339(val, "ProcessingEndTime", &s.ProcessingEndTime) - delete(rawMsg, key) - case "productComponentName": - err = unpopulate(val, "ProductComponentName", &s.ProductComponentName) - delete(rawMsg, key) - case "productName": - err = unpopulate(val, "ProductName", &s.ProductName) - delete(rawMsg, key) - case "productVersion": - err = unpopulate(val, "ProductVersion", &s.ProductVersion) - delete(rawMsg, key) - case "providerAlertId": - err = unpopulate(val, "ProviderAlertID", &s.ProviderAlertID) - delete(rawMsg, key) - case "remediationSteps": - err = unpopulate(val, "RemediationSteps", &s.RemediationSteps) - delete(rawMsg, key) - case "resourceIdentifiers": - err = unpopulate(val, "ResourceIdentifiers", &s.ResourceIdentifiers) + case "relatedResourceId": + err = unpopulate(val, "RelatedResourceID", &r.RelatedResourceID) delete(rawMsg, key) - case "severity": - err = unpopulate(val, "Severity", &s.Severity) + case "relatedResourceKind": + err = unpopulate(val, "RelatedResourceKind", &r.RelatedResourceKind) delete(rawMsg, key) - case "startTimeUtc": - err = unpopulateDateTimeRFC3339(val, "StartTimeUTC", &s.StartTimeUTC) + case "relatedResourceName": + err = unpopulate(val, "RelatedResourceName", &r.RelatedResourceName) delete(rawMsg, key) - case "status": - err = unpopulate(val, "Status", &s.Status) + case "relatedResourceType": + err = unpopulate(val, "RelatedResourceType", &r.RelatedResourceType) delete(rawMsg, key) - case "systemAlertId": - err = unpopulate(val, "SystemAlertID", &s.SystemAlertID) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", r, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type Repo. +func (r Repo) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]any) + populate(objectMap, "branches", r.Branches) + populate(objectMap, "fullName", r.FullName) + populate(objectMap, "installationId", r.InstallationID) + populate(objectMap, "url", r.URL) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type Repo. +func (r *Repo) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", r, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "branches": + err = unpopulate(val, "Branches", &r.Branches) delete(rawMsg, key) - case "tactics": - err = unpopulate(val, "Tactics", &s.Tactics) + case "fullName": + err = unpopulate(val, "FullName", &r.FullName) delete(rawMsg, key) - case "timeGenerated": - err = unpopulateDateTimeRFC3339(val, "TimeGenerated", &s.TimeGenerated) + case "installationId": + err = unpopulate(val, "InstallationID", &r.InstallationID) delete(rawMsg, key) - case "vendorName": - err = unpopulate(val, "VendorName", &s.VendorName) + case "url": + err = unpopulate(val, "URL", &r.URL) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", s, err) + return fmt.Errorf("unmarshalling type %T: %v", r, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type SecurityAlertPropertiesConfidenceReasonsItem. -func (s SecurityAlertPropertiesConfidenceReasonsItem) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type RepoList. +func (r RepoList) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "reason", s.Reason) - populate(objectMap, "reasonType", s.ReasonType) + populate(objectMap, "nextLink", r.NextLink) + populate(objectMap, "value", r.Value) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type SecurityAlertPropertiesConfidenceReasonsItem. -func (s *SecurityAlertPropertiesConfidenceReasonsItem) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type RepoList. +func (r *RepoList) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", s, err) + return fmt.Errorf("unmarshalling type %T: %v", r, err) } for key, val := range rawMsg { var err error switch key { - case "reason": - err = unpopulate(val, "Reason", &s.Reason) + case "nextLink": + err = unpopulate(val, "NextLink", &r.NextLink) delete(rawMsg, key) - case "reasonType": - err = unpopulate(val, "ReasonType", &s.ReasonType) + case "value": + err = unpopulate(val, "Value", &r.Value) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", s, err) + return fmt.Errorf("unmarshalling type %T: %v", r, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type SecurityAlertTimelineItem. -func (s SecurityAlertTimelineItem) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type Repository. +func (r Repository) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "alertType", s.AlertType) - populate(objectMap, "azureResourceId", s.AzureResourceID) - populate(objectMap, "description", s.Description) - populate(objectMap, "displayName", s.DisplayName) - populateDateTimeRFC3339(objectMap, "endTimeUtc", s.EndTimeUTC) - objectMap["kind"] = EntityTimelineKindSecurityAlert - populate(objectMap, "productName", s.ProductName) - populate(objectMap, "severity", s.Severity) - populateDateTimeRFC3339(objectMap, "startTimeUtc", s.StartTimeUTC) - populateDateTimeRFC3339(objectMap, "timeGenerated", s.TimeGenerated) + populate(objectMap, "branch", r.Branch) + populate(objectMap, "deploymentLogsUrl", r.DeploymentLogsURL) + populate(objectMap, "displayUrl", r.DisplayURL) + populate(objectMap, "url", r.URL) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type SecurityAlertTimelineItem. -func (s *SecurityAlertTimelineItem) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type Repository. +func (r *Repository) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", s, err) + return fmt.Errorf("unmarshalling type %T: %v", r, err) } for key, val := range rawMsg { var err error switch key { - case "alertType": - err = unpopulate(val, "AlertType", &s.AlertType) - delete(rawMsg, key) - case "azureResourceId": - err = unpopulate(val, "AzureResourceID", &s.AzureResourceID) - delete(rawMsg, key) - case "description": - err = unpopulate(val, "Description", &s.Description) - delete(rawMsg, key) - case "displayName": - err = unpopulate(val, "DisplayName", &s.DisplayName) - delete(rawMsg, key) - case "endTimeUtc": - err = unpopulateDateTimeRFC3339(val, "EndTimeUTC", &s.EndTimeUTC) - delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &s.Kind) - delete(rawMsg, key) - case "productName": - err = unpopulate(val, "ProductName", &s.ProductName) + case "branch": + err = unpopulate(val, "Branch", &r.Branch) delete(rawMsg, key) - case "severity": - err = unpopulate(val, "Severity", &s.Severity) + case "deploymentLogsUrl": + err = unpopulate(val, "DeploymentLogsURL", &r.DeploymentLogsURL) delete(rawMsg, key) - case "startTimeUtc": - err = unpopulateDateTimeRFC3339(val, "StartTimeUTC", &s.StartTimeUTC) + case "displayUrl": + err = unpopulate(val, "DisplayURL", &r.DisplayURL) delete(rawMsg, key) - case "timeGenerated": - err = unpopulateDateTimeRFC3339(val, "TimeGenerated", &s.TimeGenerated) + case "url": + err = unpopulate(val, "URL", &r.URL) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", s, err) + return fmt.Errorf("unmarshalling type %T: %v", r, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type SecurityGroupEntity. -func (s SecurityGroupEntity) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type RepositoryAccess. +func (r RepositoryAccess) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "id", s.ID) - objectMap["kind"] = EntityKindSecurityGroup - populate(objectMap, "name", s.Name) - populate(objectMap, "properties", s.Properties) - populate(objectMap, "systemData", s.SystemData) - populate(objectMap, "type", s.Type) + populate(objectMap, "clientId", r.ClientID) + populate(objectMap, "code", r.Code) + populate(objectMap, "installationId", r.InstallationID) + populate(objectMap, "kind", r.Kind) + populate(objectMap, "state", r.State) + populate(objectMap, "token", r.Token) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type SecurityGroupEntity. -func (s *SecurityGroupEntity) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type RepositoryAccess. +func (r *RepositoryAccess) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", s, err) + return fmt.Errorf("unmarshalling type %T: %v", r, err) } for key, val := range rawMsg { var err error switch key { - case "id": - err = unpopulate(val, "ID", &s.ID) + case "clientId": + err = unpopulate(val, "ClientID", &r.ClientID) delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &s.Kind) + case "code": + err = unpopulate(val, "Code", &r.Code) delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &s.Name) + case "installationId": + err = unpopulate(val, "InstallationID", &r.InstallationID) delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &s.Properties) + case "kind": + err = unpopulate(val, "Kind", &r.Kind) delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &s.SystemData) + case "state": + err = unpopulate(val, "State", &r.State) delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &s.Type) + case "token": + err = unpopulate(val, "Token", &r.Token) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", s, err) + return fmt.Errorf("unmarshalling type %T: %v", r, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type SecurityGroupEntityProperties. -func (s SecurityGroupEntityProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type RepositoryAccessObject. +func (r RepositoryAccessObject) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "additionalData", s.AdditionalData) - populate(objectMap, "distinguishedName", s.DistinguishedName) - populate(objectMap, "friendlyName", s.FriendlyName) - populate(objectMap, "objectGuid", s.ObjectGUID) - populate(objectMap, "sid", s.Sid) + populate(objectMap, "repositoryAccess", r.RepositoryAccess) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type SecurityGroupEntityProperties. -func (s *SecurityGroupEntityProperties) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type RepositoryAccessObject. +func (r *RepositoryAccessObject) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", s, err) + return fmt.Errorf("unmarshalling type %T: %v", r, err) } for key, val := range rawMsg { var err error switch key { - case "additionalData": - err = unpopulate(val, "AdditionalData", &s.AdditionalData) - delete(rawMsg, key) - case "distinguishedName": - err = unpopulate(val, "DistinguishedName", &s.DistinguishedName) - delete(rawMsg, key) - case "friendlyName": - err = unpopulate(val, "FriendlyName", &s.FriendlyName) - delete(rawMsg, key) - case "objectGuid": - err = unpopulate(val, "ObjectGUID", &s.ObjectGUID) - delete(rawMsg, key) - case "sid": - err = unpopulate(val, "Sid", &s.Sid) + case "repositoryAccess": + err = unpopulate(val, "RepositoryAccess", &r.RepositoryAccess) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", s, err) + return fmt.Errorf("unmarshalling type %T: %v", r, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type SecurityMLAnalyticsSetting. -func (s SecurityMLAnalyticsSetting) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type RepositoryAccessProperties. +func (r RepositoryAccessProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "etag", s.Etag) - populate(objectMap, "id", s.ID) - objectMap["kind"] = s.Kind - populate(objectMap, "name", s.Name) - populate(objectMap, "systemData", s.SystemData) - populate(objectMap, "type", s.Type) + populate(objectMap, "properties", r.Properties) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type SecurityMLAnalyticsSetting. -func (s *SecurityMLAnalyticsSetting) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type RepositoryAccessProperties. +func (r *RepositoryAccessProperties) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", s, err) + return fmt.Errorf("unmarshalling type %T: %v", r, err) } for key, val := range rawMsg { var err error switch key { - case "etag": - err = unpopulate(val, "Etag", &s.Etag) - delete(rawMsg, key) - case "id": - err = unpopulate(val, "ID", &s.ID) - delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &s.Kind) - delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &s.Name) - delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &s.SystemData) - delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &s.Type) + case "properties": + err = unpopulate(val, "Properties", &r.Properties) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", s, err) + return fmt.Errorf("unmarshalling type %T: %v", r, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type SecurityMLAnalyticsSettingsDataSource. -func (s SecurityMLAnalyticsSettingsDataSource) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type RepositoryResourceInfo. +func (r RepositoryResourceInfo) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "connectorId", s.ConnectorID) - populate(objectMap, "dataTypes", s.DataTypes) + populate(objectMap, "azureDevOpsResourceInfo", r.AzureDevOpsResourceInfo) + populate(objectMap, "gitHubResourceInfo", r.GitHubResourceInfo) + populate(objectMap, "webhook", r.Webhook) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type SecurityMLAnalyticsSettingsDataSource. -func (s *SecurityMLAnalyticsSettingsDataSource) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type RepositoryResourceInfo. +func (r *RepositoryResourceInfo) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", s, err) + return fmt.Errorf("unmarshalling type %T: %v", r, err) } for key, val := range rawMsg { var err error switch key { - case "connectorId": - err = unpopulate(val, "ConnectorID", &s.ConnectorID) + case "azureDevOpsResourceInfo": + err = unpopulate(val, "AzureDevOpsResourceInfo", &r.AzureDevOpsResourceInfo) delete(rawMsg, key) - case "dataTypes": - err = unpopulate(val, "DataTypes", &s.DataTypes) + case "gitHubResourceInfo": + err = unpopulate(val, "GitHubResourceInfo", &r.GitHubResourceInfo) + delete(rawMsg, key) + case "webhook": + err = unpopulate(val, "Webhook", &r.Webhook) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", s, err) + return fmt.Errorf("unmarshalling type %T: %v", r, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type SecurityMLAnalyticsSettingsList. -func (s SecurityMLAnalyticsSettingsList) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type ResourceProviderRequiredPermissions. +func (r ResourceProviderRequiredPermissions) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "nextLink", s.NextLink) - populate(objectMap, "value", s.Value) + populate(objectMap, "action", r.Action) + populate(objectMap, "delete", r.Delete) + populate(objectMap, "read", r.Read) + populate(objectMap, "write", r.Write) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type SecurityMLAnalyticsSettingsList. -func (s *SecurityMLAnalyticsSettingsList) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type ResourceProviderRequiredPermissions. +func (r *ResourceProviderRequiredPermissions) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", s, err) + return fmt.Errorf("unmarshalling type %T: %v", r, err) } for key, val := range rawMsg { var err error switch key { - case "nextLink": - err = unpopulate(val, "NextLink", &s.NextLink) + case "action": + err = unpopulate(val, "Action", &r.Action) delete(rawMsg, key) - case "value": - s.Value, err = unmarshalSecurityMLAnalyticsSettingClassificationArray(val) + case "delete": + err = unpopulate(val, "Delete", &r.Delete) + delete(rawMsg, key) + case "read": + err = unpopulate(val, "Read", &r.Read) + delete(rawMsg, key) + case "write": + err = unpopulate(val, "Write", &r.Write) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", s, err) + return fmt.Errorf("unmarshalling type %T: %v", r, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type SentinelOnboardingState. -func (s SentinelOnboardingState) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type RestAPIPollerDataConnector. +func (r RestAPIPollerDataConnector) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "etag", s.Etag) - populate(objectMap, "id", s.ID) - populate(objectMap, "name", s.Name) - populate(objectMap, "properties", s.Properties) - populate(objectMap, "systemData", s.SystemData) - populate(objectMap, "type", s.Type) + populate(objectMap, "etag", r.Etag) + populate(objectMap, "id", r.ID) + objectMap["kind"] = DataConnectorKindRestAPIPoller + populate(objectMap, "name", r.Name) + populate(objectMap, "properties", r.Properties) + populate(objectMap, "systemData", r.SystemData) + populate(objectMap, "type", r.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type SentinelOnboardingState. -func (s *SentinelOnboardingState) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type RestAPIPollerDataConnector. +func (r *RestAPIPollerDataConnector) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", s, err) + return fmt.Errorf("unmarshalling type %T: %v", r, err) } for key, val := range rawMsg { var err error switch key { case "etag": - err = unpopulate(val, "Etag", &s.Etag) + err = unpopulate(val, "Etag", &r.Etag) delete(rawMsg, key) case "id": - err = unpopulate(val, "ID", &s.ID) + err = unpopulate(val, "ID", &r.ID) + delete(rawMsg, key) + case "kind": + err = unpopulate(val, "Kind", &r.Kind) delete(rawMsg, key) case "name": - err = unpopulate(val, "Name", &s.Name) + err = unpopulate(val, "Name", &r.Name) delete(rawMsg, key) case "properties": - err = unpopulate(val, "Properties", &s.Properties) + err = unpopulate(val, "Properties", &r.Properties) delete(rawMsg, key) case "systemData": - err = unpopulate(val, "SystemData", &s.SystemData) + err = unpopulate(val, "SystemData", &r.SystemData) delete(rawMsg, key) case "type": - err = unpopulate(val, "Type", &s.Type) + err = unpopulate(val, "Type", &r.Type) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", s, err) + return fmt.Errorf("unmarshalling type %T: %v", r, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type SentinelOnboardingStateProperties. -func (s SentinelOnboardingStateProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type RestAPIPollerDataConnectorProperties. +func (r RestAPIPollerDataConnectorProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "customerManagedKey", s.CustomerManagedKey) + populate(objectMap, "addOnAttributes", r.AddOnAttributes) + populate(objectMap, "auth", r.Auth) + populate(objectMap, "connectorDefinitionName", r.ConnectorDefinitionName) + populate(objectMap, "dataType", r.DataType) + populate(objectMap, "dcrConfig", r.DcrConfig) + populate(objectMap, "isActive", r.IsActive) + populate(objectMap, "paging", r.Paging) + populate(objectMap, "request", r.Request) + populate(objectMap, "response", r.Response) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type SentinelOnboardingStateProperties. -func (s *SentinelOnboardingStateProperties) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type RestAPIPollerDataConnectorProperties. +func (r *RestAPIPollerDataConnectorProperties) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", s, err) + return fmt.Errorf("unmarshalling type %T: %v", r, err) } for key, val := range rawMsg { var err error switch key { - case "customerManagedKey": - err = unpopulate(val, "CustomerManagedKey", &s.CustomerManagedKey) + case "addOnAttributes": + err = unpopulate(val, "AddOnAttributes", &r.AddOnAttributes) + delete(rawMsg, key) + case "auth": + r.Auth, err = unmarshalCcpAuthConfigClassification(val) + delete(rawMsg, key) + case "connectorDefinitionName": + err = unpopulate(val, "ConnectorDefinitionName", &r.ConnectorDefinitionName) + delete(rawMsg, key) + case "dataType": + err = unpopulate(val, "DataType", &r.DataType) + delete(rawMsg, key) + case "dcrConfig": + err = unpopulate(val, "DcrConfig", &r.DcrConfig) + delete(rawMsg, key) + case "isActive": + err = unpopulate(val, "IsActive", &r.IsActive) + delete(rawMsg, key) + case "paging": + err = unpopulate(val, "Paging", &r.Paging) + delete(rawMsg, key) + case "request": + err = unpopulate(val, "Request", &r.Request) + delete(rawMsg, key) + case "response": + err = unpopulate(val, "Response", &r.Response) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", s, err) + return fmt.Errorf("unmarshalling type %T: %v", r, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type SentinelOnboardingStatesList. -func (s SentinelOnboardingStatesList) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type RestAPIPollerRequestConfig. +func (r RestAPIPollerRequestConfig) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "value", s.Value) + populate(objectMap, "apiEndpoint", r.APIEndpoint) + populate(objectMap, "endTimeAttributeName", r.EndTimeAttributeName) + populate(objectMap, "httpMethod", r.HTTPMethod) + populate(objectMap, "headers", r.Headers) + populate(objectMap, "isPostPayloadJson", r.IsPostPayloadJSON) + populate(objectMap, "queryParameters", r.QueryParameters) + populate(objectMap, "queryParametersTemplate", r.QueryParametersTemplate) + populate(objectMap, "queryTimeFormat", r.QueryTimeFormat) + populate(objectMap, "queryTimeIntervalAttributeName", r.QueryTimeIntervalAttributeName) + populate(objectMap, "queryTimeIntervalDelimiter", r.QueryTimeIntervalDelimiter) + populate(objectMap, "queryTimeIntervalPrepend", r.QueryTimeIntervalPrepend) + populate(objectMap, "queryWindowInMin", r.QueryWindowInMin) + populate(objectMap, "rateLimitQPS", r.RateLimitQPS) + populate(objectMap, "retryCount", r.RetryCount) + populate(objectMap, "startTimeAttributeName", r.StartTimeAttributeName) + populate(objectMap, "timeoutInSeconds", r.TimeoutInSeconds) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type SentinelOnboardingStatesList. -func (s *SentinelOnboardingStatesList) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type RestAPIPollerRequestConfig. +func (r *RestAPIPollerRequestConfig) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", s, err) + return fmt.Errorf("unmarshalling type %T: %v", r, err) } for key, val := range rawMsg { var err error switch key { - case "value": - err = unpopulate(val, "Value", &s.Value) + case "apiEndpoint": + err = unpopulate(val, "APIEndpoint", &r.APIEndpoint) + delete(rawMsg, key) + case "endTimeAttributeName": + err = unpopulate(val, "EndTimeAttributeName", &r.EndTimeAttributeName) + delete(rawMsg, key) + case "httpMethod": + err = unpopulate(val, "HTTPMethod", &r.HTTPMethod) + delete(rawMsg, key) + case "headers": + err = unpopulate(val, "Headers", &r.Headers) + delete(rawMsg, key) + case "isPostPayloadJson": + err = unpopulate(val, "IsPostPayloadJSON", &r.IsPostPayloadJSON) + delete(rawMsg, key) + case "queryParameters": + err = unpopulate(val, "QueryParameters", &r.QueryParameters) + delete(rawMsg, key) + case "queryParametersTemplate": + err = unpopulate(val, "QueryParametersTemplate", &r.QueryParametersTemplate) + delete(rawMsg, key) + case "queryTimeFormat": + err = unpopulate(val, "QueryTimeFormat", &r.QueryTimeFormat) + delete(rawMsg, key) + case "queryTimeIntervalAttributeName": + err = unpopulate(val, "QueryTimeIntervalAttributeName", &r.QueryTimeIntervalAttributeName) + delete(rawMsg, key) + case "queryTimeIntervalDelimiter": + err = unpopulate(val, "QueryTimeIntervalDelimiter", &r.QueryTimeIntervalDelimiter) + delete(rawMsg, key) + case "queryTimeIntervalPrepend": + err = unpopulate(val, "QueryTimeIntervalPrepend", &r.QueryTimeIntervalPrepend) + delete(rawMsg, key) + case "queryWindowInMin": + err = unpopulate(val, "QueryWindowInMin", &r.QueryWindowInMin) + delete(rawMsg, key) + case "rateLimitQPS": + err = unpopulate(val, "RateLimitQPS", &r.RateLimitQPS) + delete(rawMsg, key) + case "retryCount": + err = unpopulate(val, "RetryCount", &r.RetryCount) + delete(rawMsg, key) + case "startTimeAttributeName": + err = unpopulate(val, "StartTimeAttributeName", &r.StartTimeAttributeName) + delete(rawMsg, key) + case "timeoutInSeconds": + err = unpopulate(val, "TimeoutInSeconds", &r.TimeoutInSeconds) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", s, err) + return fmt.Errorf("unmarshalling type %T: %v", r, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type SettingList. -func (s SettingList) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type RestAPIPollerRequestPagingConfig. +func (r RestAPIPollerRequestPagingConfig) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "value", s.Value) + populate(objectMap, "pageSize", r.PageSize) + populate(objectMap, "pageSizeParameterName", r.PageSizeParameterName) + populate(objectMap, "pagingType", r.PagingType) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type SettingList. -func (s *SettingList) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type RestAPIPollerRequestPagingConfig. +func (r *RestAPIPollerRequestPagingConfig) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", s, err) + return fmt.Errorf("unmarshalling type %T: %v", r, err) } for key, val := range rawMsg { var err error switch key { - case "value": - s.Value, err = unmarshalSettingsClassificationArray(val) + case "pageSize": + err = unpopulate(val, "PageSize", &r.PageSize) + delete(rawMsg, key) + case "pageSizeParameterName": + err = unpopulate(val, "PageSizeParameterName", &r.PageSizeParameterName) + delete(rawMsg, key) + case "pagingType": + err = unpopulate(val, "PagingType", &r.PagingType) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", s, err) + return fmt.Errorf("unmarshalling type %T: %v", r, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type Settings. -func (s Settings) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type ScheduledAlertRule. +func (s ScheduledAlertRule) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) populate(objectMap, "etag", s.Etag) populate(objectMap, "id", s.ID) - objectMap["kind"] = s.Kind + objectMap["kind"] = AlertRuleKindScheduled populate(objectMap, "name", s.Name) + populate(objectMap, "properties", s.Properties) populate(objectMap, "systemData", s.SystemData) populate(objectMap, "type", s.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type Settings. -func (s *Settings) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type ScheduledAlertRule. +func (s *ScheduledAlertRule) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", s, err) @@ -14262,6 +9246,9 @@ func (s *Settings) UnmarshalJSON(data []byte) error { case "name": err = unpopulate(val, "Name", &s.Name) delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &s.Properties) + delete(rawMsg, key) case "systemData": err = unpopulate(val, "SystemData", &s.SystemData) delete(rawMsg, key) @@ -14276,20 +9263,35 @@ func (s *Settings) UnmarshalJSON(data []byte) error { return nil } -// MarshalJSON implements the json.Marshaller interface for type SourceControl. -func (s SourceControl) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type ScheduledAlertRuleProperties. +func (s ScheduledAlertRuleProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "etag", s.Etag) - populate(objectMap, "id", s.ID) - populate(objectMap, "name", s.Name) - populate(objectMap, "properties", s.Properties) - populate(objectMap, "systemData", s.SystemData) - populate(objectMap, "type", s.Type) + populate(objectMap, "alertDetailsOverride", s.AlertDetailsOverride) + populate(objectMap, "alertRuleTemplateName", s.AlertRuleTemplateName) + populate(objectMap, "customDetails", s.CustomDetails) + populate(objectMap, "description", s.Description) + populate(objectMap, "displayName", s.DisplayName) + populate(objectMap, "enabled", s.Enabled) + populate(objectMap, "entityMappings", s.EntityMappings) + populate(objectMap, "eventGroupingSettings", s.EventGroupingSettings) + populate(objectMap, "incidentConfiguration", s.IncidentConfiguration) + populateDateTimeRFC3339(objectMap, "lastModifiedUtc", s.LastModifiedUTC) + populate(objectMap, "query", s.Query) + populate(objectMap, "queryFrequency", s.QueryFrequency) + populate(objectMap, "queryPeriod", s.QueryPeriod) + populate(objectMap, "severity", s.Severity) + populate(objectMap, "suppressionDuration", s.SuppressionDuration) + populate(objectMap, "suppressionEnabled", s.SuppressionEnabled) + populate(objectMap, "tactics", s.Tactics) + populate(objectMap, "techniques", s.Techniques) + populate(objectMap, "templateVersion", s.TemplateVersion) + populate(objectMap, "triggerOperator", s.TriggerOperator) + populate(objectMap, "triggerThreshold", s.TriggerThreshold) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type SourceControl. -func (s *SourceControl) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type ScheduledAlertRuleProperties. +func (s *ScheduledAlertRuleProperties) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", s, err) @@ -14297,23 +9299,68 @@ func (s *SourceControl) UnmarshalJSON(data []byte) error { for key, val := range rawMsg { var err error switch key { - case "etag": - err = unpopulate(val, "Etag", &s.Etag) + case "alertDetailsOverride": + err = unpopulate(val, "AlertDetailsOverride", &s.AlertDetailsOverride) delete(rawMsg, key) - case "id": - err = unpopulate(val, "ID", &s.ID) + case "alertRuleTemplateName": + err = unpopulate(val, "AlertRuleTemplateName", &s.AlertRuleTemplateName) delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &s.Name) + case "customDetails": + err = unpopulate(val, "CustomDetails", &s.CustomDetails) delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &s.Properties) + case "description": + err = unpopulate(val, "Description", &s.Description) delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &s.SystemData) + case "displayName": + err = unpopulate(val, "DisplayName", &s.DisplayName) delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &s.Type) + case "enabled": + err = unpopulate(val, "Enabled", &s.Enabled) + delete(rawMsg, key) + case "entityMappings": + err = unpopulate(val, "EntityMappings", &s.EntityMappings) + delete(rawMsg, key) + case "eventGroupingSettings": + err = unpopulate(val, "EventGroupingSettings", &s.EventGroupingSettings) + delete(rawMsg, key) + case "incidentConfiguration": + err = unpopulate(val, "IncidentConfiguration", &s.IncidentConfiguration) + delete(rawMsg, key) + case "lastModifiedUtc": + err = unpopulateDateTimeRFC3339(val, "LastModifiedUTC", &s.LastModifiedUTC) + delete(rawMsg, key) + case "query": + err = unpopulate(val, "Query", &s.Query) + delete(rawMsg, key) + case "queryFrequency": + err = unpopulate(val, "QueryFrequency", &s.QueryFrequency) + delete(rawMsg, key) + case "queryPeriod": + err = unpopulate(val, "QueryPeriod", &s.QueryPeriod) + delete(rawMsg, key) + case "severity": + err = unpopulate(val, "Severity", &s.Severity) + delete(rawMsg, key) + case "suppressionDuration": + err = unpopulate(val, "SuppressionDuration", &s.SuppressionDuration) + delete(rawMsg, key) + case "suppressionEnabled": + err = unpopulate(val, "SuppressionEnabled", &s.SuppressionEnabled) + delete(rawMsg, key) + case "tactics": + err = unpopulate(val, "Tactics", &s.Tactics) + delete(rawMsg, key) + case "techniques": + err = unpopulate(val, "Techniques", &s.Techniques) + delete(rawMsg, key) + case "templateVersion": + err = unpopulate(val, "TemplateVersion", &s.TemplateVersion) + delete(rawMsg, key) + case "triggerOperator": + err = unpopulate(val, "TriggerOperator", &s.TriggerOperator) + delete(rawMsg, key) + case "triggerThreshold": + err = unpopulate(val, "TriggerThreshold", &s.TriggerThreshold) delete(rawMsg, key) } if err != nil { @@ -14323,16 +9370,20 @@ func (s *SourceControl) UnmarshalJSON(data []byte) error { return nil } -// MarshalJSON implements the json.Marshaller interface for type SourceControlList. -func (s SourceControlList) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type ScheduledAlertRuleTemplate. +func (s ScheduledAlertRuleTemplate) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "nextLink", s.NextLink) - populate(objectMap, "value", s.Value) + populate(objectMap, "id", s.ID) + objectMap["kind"] = AlertRuleKindScheduled + populate(objectMap, "name", s.Name) + populate(objectMap, "properties", s.Properties) + populate(objectMap, "systemData", s.SystemData) + populate(objectMap, "type", s.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type SourceControlList. -func (s *SourceControlList) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type ScheduledAlertRuleTemplate. +func (s *ScheduledAlertRuleTemplate) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", s, err) @@ -14340,11 +9391,23 @@ func (s *SourceControlList) UnmarshalJSON(data []byte) error { for key, val := range rawMsg { var err error switch key { - case "nextLink": - err = unpopulate(val, "NextLink", &s.NextLink) + case "id": + err = unpopulate(val, "ID", &s.ID) delete(rawMsg, key) - case "value": - err = unpopulate(val, "Value", &s.Value) + case "kind": + err = unpopulate(val, "Kind", &s.Kind) + delete(rawMsg, key) + case "name": + err = unpopulate(val, "Name", &s.Name) + delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &s.Properties) + delete(rawMsg, key) + case "systemData": + err = unpopulate(val, "SystemData", &s.SystemData) + delete(rawMsg, key) + case "type": + err = unpopulate(val, "Type", &s.Type) delete(rawMsg, key) } if err != nil { @@ -14354,23 +9417,34 @@ func (s *SourceControlList) UnmarshalJSON(data []byte) error { return nil } -// MarshalJSON implements the json.Marshaller interface for type SourceControlProperties. -func (s SourceControlProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type ScheduledAlertRuleTemplateProperties. +func (s ScheduledAlertRuleTemplateProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "contentTypes", s.ContentTypes) + populate(objectMap, "alertDetailsOverride", s.AlertDetailsOverride) + populate(objectMap, "alertRulesCreatedByTemplateCount", s.AlertRulesCreatedByTemplateCount) + populateDateTimeRFC3339(objectMap, "createdDateUTC", s.CreatedDateUTC) + populate(objectMap, "customDetails", s.CustomDetails) populate(objectMap, "description", s.Description) populate(objectMap, "displayName", s.DisplayName) - populate(objectMap, "id", s.ID) - populate(objectMap, "lastDeploymentInfo", s.LastDeploymentInfo) - populate(objectMap, "repoType", s.RepoType) - populate(objectMap, "repository", s.Repository) - populate(objectMap, "repositoryResourceInfo", s.RepositoryResourceInfo) + populate(objectMap, "entityMappings", s.EntityMappings) + populate(objectMap, "eventGroupingSettings", s.EventGroupingSettings) + populateDateTimeRFC3339(objectMap, "lastUpdatedDateUTC", s.LastUpdatedDateUTC) + populate(objectMap, "query", s.Query) + populate(objectMap, "queryFrequency", s.QueryFrequency) + populate(objectMap, "queryPeriod", s.QueryPeriod) + populate(objectMap, "requiredDataConnectors", s.RequiredDataConnectors) + populate(objectMap, "severity", s.Severity) + populate(objectMap, "status", s.Status) + populate(objectMap, "tactics", s.Tactics) + populate(objectMap, "techniques", s.Techniques) + populate(objectMap, "triggerOperator", s.TriggerOperator) + populate(objectMap, "triggerThreshold", s.TriggerThreshold) populate(objectMap, "version", s.Version) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type SourceControlProperties. -func (s *SourceControlProperties) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type ScheduledAlertRuleTemplateProperties. +func (s *ScheduledAlertRuleTemplateProperties) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", s, err) @@ -14378,8 +9452,17 @@ func (s *SourceControlProperties) UnmarshalJSON(data []byte) error { for key, val := range rawMsg { var err error switch key { - case "contentTypes": - err = unpopulate(val, "ContentTypes", &s.ContentTypes) + case "alertDetailsOverride": + err = unpopulate(val, "AlertDetailsOverride", &s.AlertDetailsOverride) + delete(rawMsg, key) + case "alertRulesCreatedByTemplateCount": + err = unpopulate(val, "AlertRulesCreatedByTemplateCount", &s.AlertRulesCreatedByTemplateCount) + delete(rawMsg, key) + case "createdDateUTC": + err = unpopulateDateTimeRFC3339(val, "CreatedDateUTC", &s.CreatedDateUTC) + delete(rawMsg, key) + case "customDetails": + err = unpopulate(val, "CustomDetails", &s.CustomDetails) delete(rawMsg, key) case "description": err = unpopulate(val, "Description", &s.Description) @@ -14387,20 +9470,44 @@ func (s *SourceControlProperties) UnmarshalJSON(data []byte) error { case "displayName": err = unpopulate(val, "DisplayName", &s.DisplayName) delete(rawMsg, key) - case "id": - err = unpopulate(val, "ID", &s.ID) + case "entityMappings": + err = unpopulate(val, "EntityMappings", &s.EntityMappings) delete(rawMsg, key) - case "lastDeploymentInfo": - err = unpopulate(val, "LastDeploymentInfo", &s.LastDeploymentInfo) + case "eventGroupingSettings": + err = unpopulate(val, "EventGroupingSettings", &s.EventGroupingSettings) delete(rawMsg, key) - case "repoType": - err = unpopulate(val, "RepoType", &s.RepoType) + case "lastUpdatedDateUTC": + err = unpopulateDateTimeRFC3339(val, "LastUpdatedDateUTC", &s.LastUpdatedDateUTC) delete(rawMsg, key) - case "repository": - err = unpopulate(val, "Repository", &s.Repository) + case "query": + err = unpopulate(val, "Query", &s.Query) delete(rawMsg, key) - case "repositoryResourceInfo": - err = unpopulate(val, "RepositoryResourceInfo", &s.RepositoryResourceInfo) + case "queryFrequency": + err = unpopulate(val, "QueryFrequency", &s.QueryFrequency) + delete(rawMsg, key) + case "queryPeriod": + err = unpopulate(val, "QueryPeriod", &s.QueryPeriod) + delete(rawMsg, key) + case "requiredDataConnectors": + err = unpopulate(val, "RequiredDataConnectors", &s.RequiredDataConnectors) + delete(rawMsg, key) + case "severity": + err = unpopulate(val, "Severity", &s.Severity) + delete(rawMsg, key) + case "status": + err = unpopulate(val, "Status", &s.Status) + delete(rawMsg, key) + case "tactics": + err = unpopulate(val, "Tactics", &s.Tactics) + delete(rawMsg, key) + case "techniques": + err = unpopulate(val, "Techniques", &s.Techniques) + delete(rawMsg, key) + case "triggerOperator": + err = unpopulate(val, "TriggerOperator", &s.TriggerOperator) + delete(rawMsg, key) + case "triggerThreshold": + err = unpopulate(val, "TriggerThreshold", &s.TriggerThreshold) delete(rawMsg, key) case "version": err = unpopulate(val, "Version", &s.Version) @@ -14413,11 +9520,11 @@ func (s *SourceControlProperties) UnmarshalJSON(data []byte) error { return nil } -// MarshalJSON implements the json.Marshaller interface for type SubmissionMailEntity. -func (s SubmissionMailEntity) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type SecurityAlert. +func (s SecurityAlert) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) populate(objectMap, "id", s.ID) - objectMap["kind"] = EntityKindSubmissionMail + objectMap["kind"] = EntityKindEnumSecurityAlert populate(objectMap, "name", s.Name) populate(objectMap, "properties", s.Properties) populate(objectMap, "systemData", s.SystemData) @@ -14425,8 +9532,8 @@ func (s SubmissionMailEntity) MarshalJSON() ([]byte, error) { return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type SubmissionMailEntity. -func (s *SubmissionMailEntity) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type SecurityAlert. +func (s *SecurityAlert) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", s, err) @@ -14460,26 +9567,41 @@ func (s *SubmissionMailEntity) UnmarshalJSON(data []byte) error { return nil } -// MarshalJSON implements the json.Marshaller interface for type SubmissionMailEntityProperties. -func (s SubmissionMailEntityProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type SecurityAlertProperties. +func (s SecurityAlertProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) populate(objectMap, "additionalData", s.AdditionalData) + populate(objectMap, "alertDisplayName", s.AlertDisplayName) + populate(objectMap, "alertLink", s.AlertLink) + populate(objectMap, "alertType", s.AlertType) + populate(objectMap, "compromisedEntity", s.CompromisedEntity) + populate(objectMap, "confidenceLevel", s.ConfidenceLevel) + populate(objectMap, "confidenceReasons", s.ConfidenceReasons) + populate(objectMap, "confidenceScore", s.ConfidenceScore) + populate(objectMap, "confidenceScoreStatus", s.ConfidenceScoreStatus) + populate(objectMap, "description", s.Description) + populateDateTimeRFC3339(objectMap, "endTimeUtc", s.EndTimeUTC) populate(objectMap, "friendlyName", s.FriendlyName) - populate(objectMap, "networkMessageId", s.NetworkMessageID) - populate(objectMap, "recipient", s.Recipient) - populate(objectMap, "reportType", s.ReportType) - populate(objectMap, "sender", s.Sender) - populate(objectMap, "senderIp", s.SenderIP) - populate(objectMap, "subject", s.Subject) - populateDateTimeRFC3339(objectMap, "submissionDate", s.SubmissionDate) - populate(objectMap, "submissionId", s.SubmissionID) - populate(objectMap, "submitter", s.Submitter) - populateDateTimeRFC3339(objectMap, "timestamp", s.Timestamp) + populate(objectMap, "intent", s.Intent) + populateDateTimeRFC3339(objectMap, "processingEndTime", s.ProcessingEndTime) + populate(objectMap, "productComponentName", s.ProductComponentName) + populate(objectMap, "productName", s.ProductName) + populate(objectMap, "productVersion", s.ProductVersion) + populate(objectMap, "providerAlertId", s.ProviderAlertID) + populate(objectMap, "remediationSteps", s.RemediationSteps) + populate(objectMap, "resourceIdentifiers", s.ResourceIdentifiers) + populate(objectMap, "severity", s.Severity) + populateDateTimeRFC3339(objectMap, "startTimeUtc", s.StartTimeUTC) + populate(objectMap, "status", s.Status) + populate(objectMap, "systemAlertId", s.SystemAlertID) + populate(objectMap, "tactics", s.Tactics) + populateDateTimeRFC3339(objectMap, "timeGenerated", s.TimeGenerated) + populate(objectMap, "vendorName", s.VendorName) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type SubmissionMailEntityProperties. -func (s *SubmissionMailEntityProperties) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type SecurityAlertProperties. +func (s *SecurityAlertProperties) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", s, err) @@ -14490,38 +9612,83 @@ func (s *SubmissionMailEntityProperties) UnmarshalJSON(data []byte) error { case "additionalData": err = unpopulate(val, "AdditionalData", &s.AdditionalData) delete(rawMsg, key) + case "alertDisplayName": + err = unpopulate(val, "AlertDisplayName", &s.AlertDisplayName) + delete(rawMsg, key) + case "alertLink": + err = unpopulate(val, "AlertLink", &s.AlertLink) + delete(rawMsg, key) + case "alertType": + err = unpopulate(val, "AlertType", &s.AlertType) + delete(rawMsg, key) + case "compromisedEntity": + err = unpopulate(val, "CompromisedEntity", &s.CompromisedEntity) + delete(rawMsg, key) + case "confidenceLevel": + err = unpopulate(val, "ConfidenceLevel", &s.ConfidenceLevel) + delete(rawMsg, key) + case "confidenceReasons": + err = unpopulate(val, "ConfidenceReasons", &s.ConfidenceReasons) + delete(rawMsg, key) + case "confidenceScore": + err = unpopulate(val, "ConfidenceScore", &s.ConfidenceScore) + delete(rawMsg, key) + case "confidenceScoreStatus": + err = unpopulate(val, "ConfidenceScoreStatus", &s.ConfidenceScoreStatus) + delete(rawMsg, key) + case "description": + err = unpopulate(val, "Description", &s.Description) + delete(rawMsg, key) + case "endTimeUtc": + err = unpopulateDateTimeRFC3339(val, "EndTimeUTC", &s.EndTimeUTC) + delete(rawMsg, key) case "friendlyName": err = unpopulate(val, "FriendlyName", &s.FriendlyName) delete(rawMsg, key) - case "networkMessageId": - err = unpopulate(val, "NetworkMessageID", &s.NetworkMessageID) + case "intent": + err = unpopulate(val, "Intent", &s.Intent) delete(rawMsg, key) - case "recipient": - err = unpopulate(val, "Recipient", &s.Recipient) + case "processingEndTime": + err = unpopulateDateTimeRFC3339(val, "ProcessingEndTime", &s.ProcessingEndTime) delete(rawMsg, key) - case "reportType": - err = unpopulate(val, "ReportType", &s.ReportType) + case "productComponentName": + err = unpopulate(val, "ProductComponentName", &s.ProductComponentName) delete(rawMsg, key) - case "sender": - err = unpopulate(val, "Sender", &s.Sender) + case "productName": + err = unpopulate(val, "ProductName", &s.ProductName) delete(rawMsg, key) - case "senderIp": - err = unpopulate(val, "SenderIP", &s.SenderIP) + case "productVersion": + err = unpopulate(val, "ProductVersion", &s.ProductVersion) delete(rawMsg, key) - case "subject": - err = unpopulate(val, "Subject", &s.Subject) + case "providerAlertId": + err = unpopulate(val, "ProviderAlertID", &s.ProviderAlertID) delete(rawMsg, key) - case "submissionDate": - err = unpopulateDateTimeRFC3339(val, "SubmissionDate", &s.SubmissionDate) + case "remediationSteps": + err = unpopulate(val, "RemediationSteps", &s.RemediationSteps) delete(rawMsg, key) - case "submissionId": - err = unpopulate(val, "SubmissionID", &s.SubmissionID) + case "resourceIdentifiers": + err = unpopulate(val, "ResourceIdentifiers", &s.ResourceIdentifiers) delete(rawMsg, key) - case "submitter": - err = unpopulate(val, "Submitter", &s.Submitter) + case "severity": + err = unpopulate(val, "Severity", &s.Severity) delete(rawMsg, key) - case "timestamp": - err = unpopulateDateTimeRFC3339(val, "Timestamp", &s.Timestamp) + case "startTimeUtc": + err = unpopulateDateTimeRFC3339(val, "StartTimeUTC", &s.StartTimeUTC) + delete(rawMsg, key) + case "status": + err = unpopulate(val, "Status", &s.Status) + delete(rawMsg, key) + case "systemAlertId": + err = unpopulate(val, "SystemAlertID", &s.SystemAlertID) + delete(rawMsg, key) + case "tactics": + err = unpopulate(val, "Tactics", &s.Tactics) + delete(rawMsg, key) + case "timeGenerated": + err = unpopulateDateTimeRFC3339(val, "TimeGenerated", &s.TimeGenerated) + delete(rawMsg, key) + case "vendorName": + err = unpopulate(val, "VendorName", &s.VendorName) delete(rawMsg, key) } if err != nil { @@ -14531,20 +9698,16 @@ func (s *SubmissionMailEntityProperties) UnmarshalJSON(data []byte) error { return nil } -// MarshalJSON implements the json.Marshaller interface for type SystemData. -func (s SystemData) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type SecurityAlertPropertiesConfidenceReasonsItem. +func (s SecurityAlertPropertiesConfidenceReasonsItem) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populateDateTimeRFC3339(objectMap, "createdAt", s.CreatedAt) - populate(objectMap, "createdBy", s.CreatedBy) - populate(objectMap, "createdByType", s.CreatedByType) - populateDateTimeRFC3339(objectMap, "lastModifiedAt", s.LastModifiedAt) - populate(objectMap, "lastModifiedBy", s.LastModifiedBy) - populate(objectMap, "lastModifiedByType", s.LastModifiedByType) + populate(objectMap, "reason", s.Reason) + populate(objectMap, "reasonType", s.ReasonType) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type SystemData. -func (s *SystemData) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type SecurityAlertPropertiesConfidenceReasonsItem. +func (s *SecurityAlertPropertiesConfidenceReasonsItem) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", s, err) @@ -14552,23 +9715,11 @@ func (s *SystemData) UnmarshalJSON(data []byte) error { for key, val := range rawMsg { var err error switch key { - case "createdAt": - err = unpopulateDateTimeRFC3339(val, "CreatedAt", &s.CreatedAt) - delete(rawMsg, key) - case "createdBy": - err = unpopulate(val, "CreatedBy", &s.CreatedBy) - delete(rawMsg, key) - case "createdByType": - err = unpopulate(val, "CreatedByType", &s.CreatedByType) - delete(rawMsg, key) - case "lastModifiedAt": - err = unpopulateDateTimeRFC3339(val, "LastModifiedAt", &s.LastModifiedAt) - delete(rawMsg, key) - case "lastModifiedBy": - err = unpopulate(val, "LastModifiedBy", &s.LastModifiedBy) + case "reason": + err = unpopulate(val, "Reason", &s.Reason) delete(rawMsg, key) - case "lastModifiedByType": - err = unpopulate(val, "LastModifiedByType", &s.LastModifiedByType) + case "reasonType": + err = unpopulate(val, "ReasonType", &s.ReasonType) delete(rawMsg, key) } if err != nil { @@ -14578,735 +9729,724 @@ func (s *SystemData) UnmarshalJSON(data []byte) error { return nil } -// MarshalJSON implements the json.Marshaller interface for type TICheckRequirements. -func (t TICheckRequirements) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type SecurityGroupEntity. +func (s SecurityGroupEntity) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - objectMap["kind"] = DataConnectorKindThreatIntelligence - populate(objectMap, "properties", t.Properties) + populate(objectMap, "id", s.ID) + objectMap["kind"] = EntityKindEnumSecurityGroup + populate(objectMap, "name", s.Name) + populate(objectMap, "properties", s.Properties) + populate(objectMap, "systemData", s.SystemData) + populate(objectMap, "type", s.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type TICheckRequirements. -func (t *TICheckRequirements) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type SecurityGroupEntity. +func (s *SecurityGroupEntity) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", t, err) + return fmt.Errorf("unmarshalling type %T: %v", s, err) } for key, val := range rawMsg { var err error switch key { + case "id": + err = unpopulate(val, "ID", &s.ID) + delete(rawMsg, key) case "kind": - err = unpopulate(val, "Kind", &t.Kind) + err = unpopulate(val, "Kind", &s.Kind) + delete(rawMsg, key) + case "name": + err = unpopulate(val, "Name", &s.Name) delete(rawMsg, key) case "properties": - err = unpopulate(val, "Properties", &t.Properties) + err = unpopulate(val, "Properties", &s.Properties) + delete(rawMsg, key) + case "systemData": + err = unpopulate(val, "SystemData", &s.SystemData) + delete(rawMsg, key) + case "type": + err = unpopulate(val, "Type", &s.Type) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", t, err) + return fmt.Errorf("unmarshalling type %T: %v", s, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type TICheckRequirementsProperties. -func (t TICheckRequirementsProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type SecurityGroupEntityProperties. +func (s SecurityGroupEntityProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "tenantId", t.TenantID) + populate(objectMap, "additionalData", s.AdditionalData) + populate(objectMap, "distinguishedName", s.DistinguishedName) + populate(objectMap, "friendlyName", s.FriendlyName) + populate(objectMap, "objectGuid", s.ObjectGUID) + populate(objectMap, "sid", s.Sid) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type TICheckRequirementsProperties. -func (t *TICheckRequirementsProperties) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type SecurityGroupEntityProperties. +func (s *SecurityGroupEntityProperties) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", t, err) + return fmt.Errorf("unmarshalling type %T: %v", s, err) } for key, val := range rawMsg { var err error switch key { - case "tenantId": - err = unpopulate(val, "TenantID", &t.TenantID) + case "additionalData": + err = unpopulate(val, "AdditionalData", &s.AdditionalData) + delete(rawMsg, key) + case "distinguishedName": + err = unpopulate(val, "DistinguishedName", &s.DistinguishedName) + delete(rawMsg, key) + case "friendlyName": + err = unpopulate(val, "FriendlyName", &s.FriendlyName) + delete(rawMsg, key) + case "objectGuid": + err = unpopulate(val, "ObjectGUID", &s.ObjectGUID) + delete(rawMsg, key) + case "sid": + err = unpopulate(val, "Sid", &s.Sid) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", t, err) + return fmt.Errorf("unmarshalling type %T: %v", s, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type TIDataConnector. -func (t TIDataConnector) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type SecurityMLAnalyticsSetting. +func (s SecurityMLAnalyticsSetting) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "etag", t.Etag) - populate(objectMap, "id", t.ID) - objectMap["kind"] = DataConnectorKindThreatIntelligence - populate(objectMap, "name", t.Name) - populate(objectMap, "properties", t.Properties) - populate(objectMap, "systemData", t.SystemData) - populate(objectMap, "type", t.Type) + populate(objectMap, "etag", s.Etag) + populate(objectMap, "id", s.ID) + objectMap["kind"] = s.Kind + populate(objectMap, "name", s.Name) + populate(objectMap, "systemData", s.SystemData) + populate(objectMap, "type", s.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type TIDataConnector. -func (t *TIDataConnector) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type SecurityMLAnalyticsSetting. +func (s *SecurityMLAnalyticsSetting) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", t, err) + return fmt.Errorf("unmarshalling type %T: %v", s, err) } for key, val := range rawMsg { var err error switch key { case "etag": - err = unpopulate(val, "Etag", &t.Etag) + err = unpopulate(val, "Etag", &s.Etag) delete(rawMsg, key) case "id": - err = unpopulate(val, "ID", &t.ID) + err = unpopulate(val, "ID", &s.ID) delete(rawMsg, key) case "kind": - err = unpopulate(val, "Kind", &t.Kind) + err = unpopulate(val, "Kind", &s.Kind) delete(rawMsg, key) case "name": - err = unpopulate(val, "Name", &t.Name) - delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &t.Properties) + err = unpopulate(val, "Name", &s.Name) delete(rawMsg, key) case "systemData": - err = unpopulate(val, "SystemData", &t.SystemData) + err = unpopulate(val, "SystemData", &s.SystemData) delete(rawMsg, key) case "type": - err = unpopulate(val, "Type", &t.Type) + err = unpopulate(val, "Type", &s.Type) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", t, err) + return fmt.Errorf("unmarshalling type %T: %v", s, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type TIDataConnectorDataTypes. -func (t TIDataConnectorDataTypes) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type SecurityMLAnalyticsSettingsDataSource. +func (s SecurityMLAnalyticsSettingsDataSource) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "indicators", t.Indicators) + populate(objectMap, "connectorId", s.ConnectorID) + populate(objectMap, "dataTypes", s.DataTypes) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type TIDataConnectorDataTypes. -func (t *TIDataConnectorDataTypes) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type SecurityMLAnalyticsSettingsDataSource. +func (s *SecurityMLAnalyticsSettingsDataSource) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", t, err) + return fmt.Errorf("unmarshalling type %T: %v", s, err) } for key, val := range rawMsg { var err error switch key { - case "indicators": - err = unpopulate(val, "Indicators", &t.Indicators) + case "connectorId": + err = unpopulate(val, "ConnectorID", &s.ConnectorID) delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", t, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type TIDataConnectorDataTypesIndicators. -func (t TIDataConnectorDataTypesIndicators) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "state", t.State) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type TIDataConnectorDataTypesIndicators. -func (t *TIDataConnectorDataTypesIndicators) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", t, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "state": - err = unpopulate(val, "State", &t.State) + case "dataTypes": + err = unpopulate(val, "DataTypes", &s.DataTypes) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", t, err) + return fmt.Errorf("unmarshalling type %T: %v", s, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type TIDataConnectorProperties. -func (t TIDataConnectorProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type SecurityMLAnalyticsSettingsList. +func (s SecurityMLAnalyticsSettingsList) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "dataTypes", t.DataTypes) - populate(objectMap, "tenantId", t.TenantID) - populateDateTimeRFC3339(objectMap, "tipLookbackPeriod", t.TipLookbackPeriod) + populate(objectMap, "nextLink", s.NextLink) + populate(objectMap, "value", s.Value) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type TIDataConnectorProperties. -func (t *TIDataConnectorProperties) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type SecurityMLAnalyticsSettingsList. +func (s *SecurityMLAnalyticsSettingsList) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", t, err) + return fmt.Errorf("unmarshalling type %T: %v", s, err) } for key, val := range rawMsg { var err error switch key { - case "dataTypes": - err = unpopulate(val, "DataTypes", &t.DataTypes) - delete(rawMsg, key) - case "tenantId": - err = unpopulate(val, "TenantID", &t.TenantID) + case "nextLink": + err = unpopulate(val, "NextLink", &s.NextLink) delete(rawMsg, key) - case "tipLookbackPeriod": - err = unpopulateDateTimeRFC3339(val, "TipLookbackPeriod", &t.TipLookbackPeriod) + case "value": + s.Value, err = unmarshalSecurityMLAnalyticsSettingClassificationArray(val) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", t, err) + return fmt.Errorf("unmarshalling type %T: %v", s, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type TeamInformation. -func (t TeamInformation) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type SentinelOnboardingState. +func (s SentinelOnboardingState) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "description", t.Description) - populate(objectMap, "name", t.Name) - populate(objectMap, "primaryChannelUrl", t.PrimaryChannelURL) - populateDateTimeRFC3339(objectMap, "teamCreationTimeUtc", t.TeamCreationTimeUTC) - populate(objectMap, "teamId", t.TeamID) + populate(objectMap, "etag", s.Etag) + populate(objectMap, "id", s.ID) + populate(objectMap, "name", s.Name) + populate(objectMap, "properties", s.Properties) + populate(objectMap, "systemData", s.SystemData) + populate(objectMap, "type", s.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type TeamInformation. -func (t *TeamInformation) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type SentinelOnboardingState. +func (s *SentinelOnboardingState) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", t, err) + return fmt.Errorf("unmarshalling type %T: %v", s, err) } for key, val := range rawMsg { var err error switch key { - case "description": - err = unpopulate(val, "Description", &t.Description) + case "etag": + err = unpopulate(val, "Etag", &s.Etag) + delete(rawMsg, key) + case "id": + err = unpopulate(val, "ID", &s.ID) delete(rawMsg, key) case "name": - err = unpopulate(val, "Name", &t.Name) + err = unpopulate(val, "Name", &s.Name) delete(rawMsg, key) - case "primaryChannelUrl": - err = unpopulate(val, "PrimaryChannelURL", &t.PrimaryChannelURL) + case "properties": + err = unpopulate(val, "Properties", &s.Properties) delete(rawMsg, key) - case "teamCreationTimeUtc": - err = unpopulateDateTimeRFC3339(val, "TeamCreationTimeUTC", &t.TeamCreationTimeUTC) + case "systemData": + err = unpopulate(val, "SystemData", &s.SystemData) delete(rawMsg, key) - case "teamId": - err = unpopulate(val, "TeamID", &t.TeamID) + case "type": + err = unpopulate(val, "Type", &s.Type) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", t, err) + return fmt.Errorf("unmarshalling type %T: %v", s, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type TeamProperties. -func (t TeamProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type SentinelOnboardingStateProperties. +func (s SentinelOnboardingStateProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "groupIds", t.GroupIDs) - populate(objectMap, "memberIds", t.MemberIDs) - populate(objectMap, "teamDescription", t.TeamDescription) - populate(objectMap, "teamName", t.TeamName) + populate(objectMap, "customerManagedKey", s.CustomerManagedKey) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type TeamProperties. -func (t *TeamProperties) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type SentinelOnboardingStateProperties. +func (s *SentinelOnboardingStateProperties) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", t, err) + return fmt.Errorf("unmarshalling type %T: %v", s, err) } for key, val := range rawMsg { var err error switch key { - case "groupIds": - err = unpopulate(val, "GroupIDs", &t.GroupIDs) - delete(rawMsg, key) - case "memberIds": - err = unpopulate(val, "MemberIDs", &t.MemberIDs) - delete(rawMsg, key) - case "teamDescription": - err = unpopulate(val, "TeamDescription", &t.TeamDescription) - delete(rawMsg, key) - case "teamName": - err = unpopulate(val, "TeamName", &t.TeamName) + case "customerManagedKey": + err = unpopulate(val, "CustomerManagedKey", &s.CustomerManagedKey) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", t, err) + return fmt.Errorf("unmarshalling type %T: %v", s, err) } } return nil } - -// MarshalJSON implements the json.Marshaller interface for type ThreatIntelligence. -func (t ThreatIntelligence) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "confidence", t.Confidence) - populate(objectMap, "providerName", t.ProviderName) - populate(objectMap, "reportLink", t.ReportLink) - populate(objectMap, "threatDescription", t.ThreatDescription) - populate(objectMap, "threatName", t.ThreatName) - populate(objectMap, "threatType", t.ThreatType) + +// MarshalJSON implements the json.Marshaller interface for type SentinelOnboardingStatesList. +func (s SentinelOnboardingStatesList) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]any) + populate(objectMap, "value", s.Value) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligence. -func (t *ThreatIntelligence) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type SentinelOnboardingStatesList. +func (s *SentinelOnboardingStatesList) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", t, err) + return fmt.Errorf("unmarshalling type %T: %v", s, err) } for key, val := range rawMsg { var err error switch key { - case "confidence": - err = unpopulate(val, "Confidence", &t.Confidence) - delete(rawMsg, key) - case "providerName": - err = unpopulate(val, "ProviderName", &t.ProviderName) - delete(rawMsg, key) - case "reportLink": - err = unpopulate(val, "ReportLink", &t.ReportLink) - delete(rawMsg, key) - case "threatDescription": - err = unpopulate(val, "ThreatDescription", &t.ThreatDescription) - delete(rawMsg, key) - case "threatName": - err = unpopulate(val, "ThreatName", &t.ThreatName) - delete(rawMsg, key) - case "threatType": - err = unpopulate(val, "ThreatType", &t.ThreatType) + case "value": + err = unpopulate(val, "Value", &s.Value) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", t, err) + return fmt.Errorf("unmarshalling type %T: %v", s, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceAlertRule. -func (t ThreatIntelligenceAlertRule) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type ServicePrincipal. +func (s ServicePrincipal) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "etag", t.Etag) - populate(objectMap, "id", t.ID) - objectMap["kind"] = AlertRuleKindThreatIntelligence - populate(objectMap, "name", t.Name) - populate(objectMap, "properties", t.Properties) - populate(objectMap, "systemData", t.SystemData) - populate(objectMap, "type", t.Type) + populate(objectMap, "appId", s.AppID) + populateDateTimeRFC3339(objectMap, "credentialsExpireOn", s.CredentialsExpireOn) + populate(objectMap, "id", s.ID) + populate(objectMap, "tenantId", s.TenantID) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceAlertRule. -func (t *ThreatIntelligenceAlertRule) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type ServicePrincipal. +func (s *ServicePrincipal) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", t, err) + return fmt.Errorf("unmarshalling type %T: %v", s, err) } for key, val := range rawMsg { var err error switch key { - case "etag": - err = unpopulate(val, "Etag", &t.Etag) - delete(rawMsg, key) - case "id": - err = unpopulate(val, "ID", &t.ID) - delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &t.Kind) - delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &t.Name) + case "appId": + err = unpopulate(val, "AppID", &s.AppID) delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &t.Properties) + case "credentialsExpireOn": + err = unpopulateDateTimeRFC3339(val, "CredentialsExpireOn", &s.CredentialsExpireOn) delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &t.SystemData) + case "id": + err = unpopulate(val, "ID", &s.ID) delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &t.Type) + case "tenantId": + err = unpopulate(val, "TenantID", &s.TenantID) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", t, err) + return fmt.Errorf("unmarshalling type %T: %v", s, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceAlertRuleProperties. -func (t ThreatIntelligenceAlertRuleProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type SessionAuthModel. +func (s SessionAuthModel) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "alertRuleTemplateName", t.AlertRuleTemplateName) - populate(objectMap, "description", t.Description) - populate(objectMap, "displayName", t.DisplayName) - populate(objectMap, "enabled", t.Enabled) - populateDateTimeRFC3339(objectMap, "lastModifiedUtc", t.LastModifiedUTC) - populate(objectMap, "severity", t.Severity) - populate(objectMap, "tactics", t.Tactics) - populate(objectMap, "techniques", t.Techniques) + populate(objectMap, "headers", s.Headers) + populate(objectMap, "isPostPayloadJson", s.IsPostPayloadJSON) + populate(objectMap, "password", s.Password) + populate(objectMap, "queryParameters", s.QueryParameters) + populate(objectMap, "sessionIdName", s.SessionIDName) + populate(objectMap, "sessionLoginRequestUri", s.SessionLoginRequestURI) + populate(objectMap, "sessionTimeoutInMinutes", s.SessionTimeoutInMinutes) + objectMap["type"] = CcpAuthTypeSession + populate(objectMap, "userName", s.UserName) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceAlertRuleProperties. -func (t *ThreatIntelligenceAlertRuleProperties) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type SessionAuthModel. +func (s *SessionAuthModel) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", t, err) + return fmt.Errorf("unmarshalling type %T: %v", s, err) } for key, val := range rawMsg { var err error switch key { - case "alertRuleTemplateName": - err = unpopulate(val, "AlertRuleTemplateName", &t.AlertRuleTemplateName) + case "headers": + err = unpopulate(val, "Headers", &s.Headers) delete(rawMsg, key) - case "description": - err = unpopulate(val, "Description", &t.Description) + case "isPostPayloadJson": + err = unpopulate(val, "IsPostPayloadJSON", &s.IsPostPayloadJSON) delete(rawMsg, key) - case "displayName": - err = unpopulate(val, "DisplayName", &t.DisplayName) + case "password": + err = unpopulate(val, "Password", &s.Password) delete(rawMsg, key) - case "enabled": - err = unpopulate(val, "Enabled", &t.Enabled) + case "queryParameters": + err = unpopulate(val, "QueryParameters", &s.QueryParameters) delete(rawMsg, key) - case "lastModifiedUtc": - err = unpopulateDateTimeRFC3339(val, "LastModifiedUTC", &t.LastModifiedUTC) + case "sessionIdName": + err = unpopulate(val, "SessionIDName", &s.SessionIDName) delete(rawMsg, key) - case "severity": - err = unpopulate(val, "Severity", &t.Severity) + case "sessionLoginRequestUri": + err = unpopulate(val, "SessionLoginRequestURI", &s.SessionLoginRequestURI) delete(rawMsg, key) - case "tactics": - err = unpopulate(val, "Tactics", &t.Tactics) + case "sessionTimeoutInMinutes": + err = unpopulate(val, "SessionTimeoutInMinutes", &s.SessionTimeoutInMinutes) delete(rawMsg, key) - case "techniques": - err = unpopulate(val, "Techniques", &t.Techniques) + case "type": + err = unpopulate(val, "Type", &s.Type) + delete(rawMsg, key) + case "userName": + err = unpopulate(val, "UserName", &s.UserName) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", t, err) + return fmt.Errorf("unmarshalling type %T: %v", s, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceAlertRuleTemplate. -func (t ThreatIntelligenceAlertRuleTemplate) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type SourceControl. +func (s SourceControl) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "id", t.ID) - objectMap["kind"] = AlertRuleKindThreatIntelligence - populate(objectMap, "name", t.Name) - populate(objectMap, "properties", t.Properties) - populate(objectMap, "systemData", t.SystemData) - populate(objectMap, "type", t.Type) + populate(objectMap, "etag", s.Etag) + populate(objectMap, "id", s.ID) + populate(objectMap, "name", s.Name) + populate(objectMap, "properties", s.Properties) + populate(objectMap, "systemData", s.SystemData) + populate(objectMap, "type", s.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceAlertRuleTemplate. -func (t *ThreatIntelligenceAlertRuleTemplate) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type SourceControl. +func (s *SourceControl) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", t, err) + return fmt.Errorf("unmarshalling type %T: %v", s, err) } for key, val := range rawMsg { var err error switch key { - case "id": - err = unpopulate(val, "ID", &t.ID) + case "etag": + err = unpopulate(val, "Etag", &s.Etag) delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &t.Kind) + case "id": + err = unpopulate(val, "ID", &s.ID) delete(rawMsg, key) case "name": - err = unpopulate(val, "Name", &t.Name) + err = unpopulate(val, "Name", &s.Name) delete(rawMsg, key) case "properties": - err = unpopulate(val, "Properties", &t.Properties) + err = unpopulate(val, "Properties", &s.Properties) delete(rawMsg, key) case "systemData": - err = unpopulate(val, "SystemData", &t.SystemData) + err = unpopulate(val, "SystemData", &s.SystemData) delete(rawMsg, key) case "type": - err = unpopulate(val, "Type", &t.Type) + err = unpopulate(val, "Type", &s.Type) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", t, err) + return fmt.Errorf("unmarshalling type %T: %v", s, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceAlertRuleTemplateProperties. -func (t ThreatIntelligenceAlertRuleTemplateProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type SourceControlList. +func (s SourceControlList) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "alertRulesCreatedByTemplateCount", t.AlertRulesCreatedByTemplateCount) - populateDateTimeRFC3339(objectMap, "createdDateUTC", t.CreatedDateUTC) - populate(objectMap, "description", t.Description) - populate(objectMap, "displayName", t.DisplayName) - populateDateTimeRFC3339(objectMap, "lastUpdatedDateUTC", t.LastUpdatedDateUTC) - populate(objectMap, "requiredDataConnectors", t.RequiredDataConnectors) - populate(objectMap, "severity", t.Severity) - populate(objectMap, "status", t.Status) - populate(objectMap, "tactics", t.Tactics) - populate(objectMap, "techniques", t.Techniques) + populate(objectMap, "nextLink", s.NextLink) + populate(objectMap, "value", s.Value) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceAlertRuleTemplateProperties. -func (t *ThreatIntelligenceAlertRuleTemplateProperties) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type SourceControlList. +func (s *SourceControlList) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", t, err) + return fmt.Errorf("unmarshalling type %T: %v", s, err) } for key, val := range rawMsg { var err error switch key { - case "alertRulesCreatedByTemplateCount": - err = unpopulate(val, "AlertRulesCreatedByTemplateCount", &t.AlertRulesCreatedByTemplateCount) - delete(rawMsg, key) - case "createdDateUTC": - err = unpopulateDateTimeRFC3339(val, "CreatedDateUTC", &t.CreatedDateUTC) - delete(rawMsg, key) - case "description": - err = unpopulate(val, "Description", &t.Description) - delete(rawMsg, key) - case "displayName": - err = unpopulate(val, "DisplayName", &t.DisplayName) - delete(rawMsg, key) - case "lastUpdatedDateUTC": - err = unpopulateDateTimeRFC3339(val, "LastUpdatedDateUTC", &t.LastUpdatedDateUTC) - delete(rawMsg, key) - case "requiredDataConnectors": - err = unpopulate(val, "RequiredDataConnectors", &t.RequiredDataConnectors) - delete(rawMsg, key) - case "severity": - err = unpopulate(val, "Severity", &t.Severity) - delete(rawMsg, key) - case "status": - err = unpopulate(val, "Status", &t.Status) - delete(rawMsg, key) - case "tactics": - err = unpopulate(val, "Tactics", &t.Tactics) + case "nextLink": + err = unpopulate(val, "NextLink", &s.NextLink) delete(rawMsg, key) - case "techniques": - err = unpopulate(val, "Techniques", &t.Techniques) + case "value": + err = unpopulate(val, "Value", &s.Value) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", t, err) + return fmt.Errorf("unmarshalling type %T: %v", s, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceAppendTags. -func (t ThreatIntelligenceAppendTags) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type SourceControlProperties. +func (s SourceControlProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "threatIntelligenceTags", t.ThreatIntelligenceTags) + populate(objectMap, "contentTypes", s.ContentTypes) + populate(objectMap, "description", s.Description) + populate(objectMap, "displayName", s.DisplayName) + populate(objectMap, "id", s.ID) + populate(objectMap, "lastDeploymentInfo", s.LastDeploymentInfo) + populate(objectMap, "pullRequest", s.PullRequest) + populate(objectMap, "repoType", s.RepoType) + populate(objectMap, "repository", s.Repository) + populate(objectMap, "repositoryAccess", s.RepositoryAccess) + populate(objectMap, "repositoryResourceInfo", s.RepositoryResourceInfo) + populate(objectMap, "servicePrincipal", s.ServicePrincipal) + populate(objectMap, "version", s.Version) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceAppendTags. -func (t *ThreatIntelligenceAppendTags) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type SourceControlProperties. +func (s *SourceControlProperties) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", t, err) + return fmt.Errorf("unmarshalling type %T: %v", s, err) } for key, val := range rawMsg { var err error switch key { - case "threatIntelligenceTags": - err = unpopulate(val, "ThreatIntelligenceTags", &t.ThreatIntelligenceTags) + case "contentTypes": + err = unpopulate(val, "ContentTypes", &s.ContentTypes) + delete(rawMsg, key) + case "description": + err = unpopulate(val, "Description", &s.Description) + delete(rawMsg, key) + case "displayName": + err = unpopulate(val, "DisplayName", &s.DisplayName) + delete(rawMsg, key) + case "id": + err = unpopulate(val, "ID", &s.ID) + delete(rawMsg, key) + case "lastDeploymentInfo": + err = unpopulate(val, "LastDeploymentInfo", &s.LastDeploymentInfo) + delete(rawMsg, key) + case "pullRequest": + err = unpopulate(val, "PullRequest", &s.PullRequest) + delete(rawMsg, key) + case "repoType": + err = unpopulate(val, "RepoType", &s.RepoType) + delete(rawMsg, key) + case "repository": + err = unpopulate(val, "Repository", &s.Repository) + delete(rawMsg, key) + case "repositoryAccess": + err = unpopulate(val, "RepositoryAccess", &s.RepositoryAccess) + delete(rawMsg, key) + case "repositoryResourceInfo": + err = unpopulate(val, "RepositoryResourceInfo", &s.RepositoryResourceInfo) + delete(rawMsg, key) + case "servicePrincipal": + err = unpopulate(val, "ServicePrincipal", &s.ServicePrincipal) + delete(rawMsg, key) + case "version": + err = unpopulate(val, "Version", &s.Version) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", t, err) + return fmt.Errorf("unmarshalling type %T: %v", s, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceExternalReference. -func (t ThreatIntelligenceExternalReference) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type SubmissionMailEntity. +func (s SubmissionMailEntity) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "description", t.Description) - populate(objectMap, "externalId", t.ExternalID) - populate(objectMap, "hashes", t.Hashes) - populate(objectMap, "sourceName", t.SourceName) - populate(objectMap, "url", t.URL) + populate(objectMap, "id", s.ID) + objectMap["kind"] = EntityKindEnumSubmissionMail + populate(objectMap, "name", s.Name) + populate(objectMap, "properties", s.Properties) + populate(objectMap, "systemData", s.SystemData) + populate(objectMap, "type", s.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceExternalReference. -func (t *ThreatIntelligenceExternalReference) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type SubmissionMailEntity. +func (s *SubmissionMailEntity) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", t, err) + return fmt.Errorf("unmarshalling type %T: %v", s, err) } for key, val := range rawMsg { var err error switch key { - case "description": - err = unpopulate(val, "Description", &t.Description) + case "id": + err = unpopulate(val, "ID", &s.ID) delete(rawMsg, key) - case "externalId": - err = unpopulate(val, "ExternalID", &t.ExternalID) + case "kind": + err = unpopulate(val, "Kind", &s.Kind) delete(rawMsg, key) - case "hashes": - err = unpopulate(val, "Hashes", &t.Hashes) + case "name": + err = unpopulate(val, "Name", &s.Name) delete(rawMsg, key) - case "sourceName": - err = unpopulate(val, "SourceName", &t.SourceName) + case "properties": + err = unpopulate(val, "Properties", &s.Properties) delete(rawMsg, key) - case "url": - err = unpopulate(val, "URL", &t.URL) + case "systemData": + err = unpopulate(val, "SystemData", &s.SystemData) + delete(rawMsg, key) + case "type": + err = unpopulate(val, "Type", &s.Type) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", t, err) + return fmt.Errorf("unmarshalling type %T: %v", s, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceFilteringCriteria. -func (t ThreatIntelligenceFilteringCriteria) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type SubmissionMailEntityProperties. +func (s SubmissionMailEntityProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "ids", t.IDs) - populate(objectMap, "includeDisabled", t.IncludeDisabled) - populate(objectMap, "keywords", t.Keywords) - populate(objectMap, "maxConfidence", t.MaxConfidence) - populate(objectMap, "maxValidUntil", t.MaxValidUntil) - populate(objectMap, "minConfidence", t.MinConfidence) - populate(objectMap, "minValidUntil", t.MinValidUntil) - populate(objectMap, "pageSize", t.PageSize) - populate(objectMap, "patternTypes", t.PatternTypes) - populate(objectMap, "skipToken", t.SkipToken) - populate(objectMap, "sortBy", t.SortBy) - populate(objectMap, "sources", t.Sources) - populate(objectMap, "threatTypes", t.ThreatTypes) + populate(objectMap, "additionalData", s.AdditionalData) + populate(objectMap, "friendlyName", s.FriendlyName) + populate(objectMap, "networkMessageId", s.NetworkMessageID) + populate(objectMap, "recipient", s.Recipient) + populate(objectMap, "reportType", s.ReportType) + populate(objectMap, "sender", s.Sender) + populate(objectMap, "senderIp", s.SenderIP) + populate(objectMap, "subject", s.Subject) + populateDateTimeRFC3339(objectMap, "submissionDate", s.SubmissionDate) + populate(objectMap, "submissionId", s.SubmissionID) + populate(objectMap, "submitter", s.Submitter) + populateDateTimeRFC3339(objectMap, "timestamp", s.Timestamp) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceFilteringCriteria. -func (t *ThreatIntelligenceFilteringCriteria) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type SubmissionMailEntityProperties. +func (s *SubmissionMailEntityProperties) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", t, err) + return fmt.Errorf("unmarshalling type %T: %v", s, err) } for key, val := range rawMsg { var err error switch key { - case "ids": - err = unpopulate(val, "IDs", &t.IDs) - delete(rawMsg, key) - case "includeDisabled": - err = unpopulate(val, "IncludeDisabled", &t.IncludeDisabled) + case "additionalData": + err = unpopulate(val, "AdditionalData", &s.AdditionalData) delete(rawMsg, key) - case "keywords": - err = unpopulate(val, "Keywords", &t.Keywords) + case "friendlyName": + err = unpopulate(val, "FriendlyName", &s.FriendlyName) delete(rawMsg, key) - case "maxConfidence": - err = unpopulate(val, "MaxConfidence", &t.MaxConfidence) + case "networkMessageId": + err = unpopulate(val, "NetworkMessageID", &s.NetworkMessageID) delete(rawMsg, key) - case "maxValidUntil": - err = unpopulate(val, "MaxValidUntil", &t.MaxValidUntil) + case "recipient": + err = unpopulate(val, "Recipient", &s.Recipient) delete(rawMsg, key) - case "minConfidence": - err = unpopulate(val, "MinConfidence", &t.MinConfidence) + case "reportType": + err = unpopulate(val, "ReportType", &s.ReportType) delete(rawMsg, key) - case "minValidUntil": - err = unpopulate(val, "MinValidUntil", &t.MinValidUntil) + case "sender": + err = unpopulate(val, "Sender", &s.Sender) delete(rawMsg, key) - case "pageSize": - err = unpopulate(val, "PageSize", &t.PageSize) + case "senderIp": + err = unpopulate(val, "SenderIP", &s.SenderIP) delete(rawMsg, key) - case "patternTypes": - err = unpopulate(val, "PatternTypes", &t.PatternTypes) + case "subject": + err = unpopulate(val, "Subject", &s.Subject) delete(rawMsg, key) - case "skipToken": - err = unpopulate(val, "SkipToken", &t.SkipToken) + case "submissionDate": + err = unpopulateDateTimeRFC3339(val, "SubmissionDate", &s.SubmissionDate) delete(rawMsg, key) - case "sortBy": - err = unpopulate(val, "SortBy", &t.SortBy) + case "submissionId": + err = unpopulate(val, "SubmissionID", &s.SubmissionID) delete(rawMsg, key) - case "sources": - err = unpopulate(val, "Sources", &t.Sources) + case "submitter": + err = unpopulate(val, "Submitter", &s.Submitter) delete(rawMsg, key) - case "threatTypes": - err = unpopulate(val, "ThreatTypes", &t.ThreatTypes) + case "timestamp": + err = unpopulateDateTimeRFC3339(val, "Timestamp", &s.Timestamp) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", t, err) + return fmt.Errorf("unmarshalling type %T: %v", s, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceGranularMarkingModel. -func (t ThreatIntelligenceGranularMarkingModel) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type SystemData. +func (s SystemData) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "language", t.Language) - populate(objectMap, "markingRef", t.MarkingRef) - populate(objectMap, "selectors", t.Selectors) + populateDateTimeRFC3339(objectMap, "createdAt", s.CreatedAt) + populate(objectMap, "createdBy", s.CreatedBy) + populate(objectMap, "createdByType", s.CreatedByType) + populateDateTimeRFC3339(objectMap, "lastModifiedAt", s.LastModifiedAt) + populate(objectMap, "lastModifiedBy", s.LastModifiedBy) + populate(objectMap, "lastModifiedByType", s.LastModifiedByType) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceGranularMarkingModel. -func (t *ThreatIntelligenceGranularMarkingModel) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type SystemData. +func (s *SystemData) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", t, err) + return fmt.Errorf("unmarshalling type %T: %v", s, err) } for key, val := range rawMsg { var err error switch key { - case "language": - err = unpopulate(val, "Language", &t.Language) + case "createdAt": + err = unpopulateDateTimeRFC3339(val, "CreatedAt", &s.CreatedAt) delete(rawMsg, key) - case "markingRef": - err = unpopulate(val, "MarkingRef", &t.MarkingRef) + case "createdBy": + err = unpopulate(val, "CreatedBy", &s.CreatedBy) delete(rawMsg, key) - case "selectors": - err = unpopulate(val, "Selectors", &t.Selectors) + case "createdByType": + err = unpopulate(val, "CreatedByType", &s.CreatedByType) + delete(rawMsg, key) + case "lastModifiedAt": + err = unpopulateDateTimeRFC3339(val, "LastModifiedAt", &s.LastModifiedAt) + delete(rawMsg, key) + case "lastModifiedBy": + err = unpopulate(val, "LastModifiedBy", &s.LastModifiedBy) + delete(rawMsg, key) + case "lastModifiedByType": + err = unpopulate(val, "LastModifiedByType", &s.LastModifiedByType) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", t, err) + return fmt.Errorf("unmarshalling type %T: %v", s, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceIndicatorModel. -func (t ThreatIntelligenceIndicatorModel) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type TIDataConnector. +func (t TIDataConnector) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) populate(objectMap, "etag", t.Etag) populate(objectMap, "id", t.ID) - objectMap["kind"] = ThreatIntelligenceResourceKindEnumIndicator + objectMap["kind"] = DataConnectorKindThreatIntelligence populate(objectMap, "name", t.Name) populate(objectMap, "properties", t.Properties) populate(objectMap, "systemData", t.SystemData) @@ -15314,8 +10454,8 @@ func (t ThreatIntelligenceIndicatorModel) MarshalJSON() ([]byte, error) { return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceIndicatorModel. -func (t *ThreatIntelligenceIndicatorModel) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type TIDataConnector. +func (t *TIDataConnector) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", t, err) @@ -15352,44 +10492,15 @@ func (t *ThreatIntelligenceIndicatorModel) UnmarshalJSON(data []byte) error { return nil } -// MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceIndicatorProperties. -func (t ThreatIntelligenceIndicatorProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type TIDataConnectorDataTypes. +func (t TIDataConnectorDataTypes) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "additionalData", t.AdditionalData) - populate(objectMap, "confidence", t.Confidence) - populate(objectMap, "created", t.Created) - populate(objectMap, "createdByRef", t.CreatedByRef) - populate(objectMap, "defanged", t.Defanged) - populate(objectMap, "description", t.Description) - populate(objectMap, "displayName", t.DisplayName) - populate(objectMap, "extensions", t.Extensions) - populate(objectMap, "externalId", t.ExternalID) - populate(objectMap, "externalLastUpdatedTimeUtc", t.ExternalLastUpdatedTimeUTC) - populate(objectMap, "externalReferences", t.ExternalReferences) - populate(objectMap, "friendlyName", t.FriendlyName) - populate(objectMap, "granularMarkings", t.GranularMarkings) - populate(objectMap, "indicatorTypes", t.IndicatorTypes) - populate(objectMap, "killChainPhases", t.KillChainPhases) - populate(objectMap, "labels", t.Labels) - populate(objectMap, "language", t.Language) - populate(objectMap, "lastUpdatedTimeUtc", t.LastUpdatedTimeUTC) - populate(objectMap, "modified", t.Modified) - populate(objectMap, "objectMarkingRefs", t.ObjectMarkingRefs) - populate(objectMap, "parsedPattern", t.ParsedPattern) - populate(objectMap, "pattern", t.Pattern) - populate(objectMap, "patternType", t.PatternType) - populate(objectMap, "patternVersion", t.PatternVersion) - populate(objectMap, "revoked", t.Revoked) - populate(objectMap, "source", t.Source) - populate(objectMap, "threatIntelligenceTags", t.ThreatIntelligenceTags) - populate(objectMap, "threatTypes", t.ThreatTypes) - populate(objectMap, "validFrom", t.ValidFrom) - populate(objectMap, "validUntil", t.ValidUntil) + populate(objectMap, "indicators", t.Indicators) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceIndicatorProperties. -func (t *ThreatIntelligenceIndicatorProperties) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type TIDataConnectorDataTypes. +func (t *TIDataConnectorDataTypes) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", t, err) @@ -15397,95 +10508,101 @@ func (t *ThreatIntelligenceIndicatorProperties) UnmarshalJSON(data []byte) error for key, val := range rawMsg { var err error switch key { - case "additionalData": - err = unpopulate(val, "AdditionalData", &t.AdditionalData) - delete(rawMsg, key) - case "confidence": - err = unpopulate(val, "Confidence", &t.Confidence) - delete(rawMsg, key) - case "created": - err = unpopulate(val, "Created", &t.Created) - delete(rawMsg, key) - case "createdByRef": - err = unpopulate(val, "CreatedByRef", &t.CreatedByRef) - delete(rawMsg, key) - case "defanged": - err = unpopulate(val, "Defanged", &t.Defanged) - delete(rawMsg, key) - case "description": - err = unpopulate(val, "Description", &t.Description) - delete(rawMsg, key) - case "displayName": - err = unpopulate(val, "DisplayName", &t.DisplayName) - delete(rawMsg, key) - case "extensions": - err = unpopulate(val, "Extensions", &t.Extensions) - delete(rawMsg, key) - case "externalId": - err = unpopulate(val, "ExternalID", &t.ExternalID) - delete(rawMsg, key) - case "externalLastUpdatedTimeUtc": - err = unpopulate(val, "ExternalLastUpdatedTimeUTC", &t.ExternalLastUpdatedTimeUTC) - delete(rawMsg, key) - case "externalReferences": - err = unpopulate(val, "ExternalReferences", &t.ExternalReferences) - delete(rawMsg, key) - case "friendlyName": - err = unpopulate(val, "FriendlyName", &t.FriendlyName) - delete(rawMsg, key) - case "granularMarkings": - err = unpopulate(val, "GranularMarkings", &t.GranularMarkings) - delete(rawMsg, key) - case "indicatorTypes": - err = unpopulate(val, "IndicatorTypes", &t.IndicatorTypes) - delete(rawMsg, key) - case "killChainPhases": - err = unpopulate(val, "KillChainPhases", &t.KillChainPhases) - delete(rawMsg, key) - case "labels": - err = unpopulate(val, "Labels", &t.Labels) - delete(rawMsg, key) - case "language": - err = unpopulate(val, "Language", &t.Language) - delete(rawMsg, key) - case "lastUpdatedTimeUtc": - err = unpopulate(val, "LastUpdatedTimeUTC", &t.LastUpdatedTimeUTC) - delete(rawMsg, key) - case "modified": - err = unpopulate(val, "Modified", &t.Modified) - delete(rawMsg, key) - case "objectMarkingRefs": - err = unpopulate(val, "ObjectMarkingRefs", &t.ObjectMarkingRefs) - delete(rawMsg, key) - case "parsedPattern": - err = unpopulate(val, "ParsedPattern", &t.ParsedPattern) - delete(rawMsg, key) - case "pattern": - err = unpopulate(val, "Pattern", &t.Pattern) - delete(rawMsg, key) - case "patternType": - err = unpopulate(val, "PatternType", &t.PatternType) - delete(rawMsg, key) - case "patternVersion": - err = unpopulate(val, "PatternVersion", &t.PatternVersion) + case "indicators": + err = unpopulate(val, "Indicators", &t.Indicators) delete(rawMsg, key) - case "revoked": - err = unpopulate(val, "Revoked", &t.Revoked) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", t, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type TIDataConnectorDataTypesIndicators. +func (t TIDataConnectorDataTypesIndicators) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]any) + populate(objectMap, "state", t.State) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type TIDataConnectorDataTypesIndicators. +func (t *TIDataConnectorDataTypesIndicators) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", t, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "state": + err = unpopulate(val, "State", &t.State) delete(rawMsg, key) - case "source": - err = unpopulate(val, "Source", &t.Source) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", t, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type TIDataConnectorProperties. +func (t TIDataConnectorProperties) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]any) + populate(objectMap, "dataTypes", t.DataTypes) + populate(objectMap, "tenantId", t.TenantID) + populateDateTimeRFC3339(objectMap, "tipLookbackPeriod", t.TipLookbackPeriod) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type TIDataConnectorProperties. +func (t *TIDataConnectorProperties) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", t, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "dataTypes": + err = unpopulate(val, "DataTypes", &t.DataTypes) delete(rawMsg, key) - case "threatIntelligenceTags": - err = unpopulate(val, "ThreatIntelligenceTags", &t.ThreatIntelligenceTags) + case "tenantId": + err = unpopulate(val, "TenantID", &t.TenantID) delete(rawMsg, key) - case "threatTypes": - err = unpopulate(val, "ThreatTypes", &t.ThreatTypes) + case "tipLookbackPeriod": + err = unpopulateDateTimeRFC3339(val, "TipLookbackPeriod", &t.TipLookbackPeriod) delete(rawMsg, key) - case "validFrom": - err = unpopulate(val, "ValidFrom", &t.ValidFrom) + } + if err != nil { + return fmt.Errorf("unmarshalling type %T: %v", t, err) + } + } + return nil +} + +// MarshalJSON implements the json.Marshaller interface for type TemplateList. +func (t TemplateList) MarshalJSON() ([]byte, error) { + objectMap := make(map[string]any) + populate(objectMap, "nextLink", t.NextLink) + populate(objectMap, "value", t.Value) + return json.Marshal(objectMap) +} + +// UnmarshalJSON implements the json.Unmarshaller interface for type TemplateList. +func (t *TemplateList) UnmarshalJSON(data []byte) error { + var rawMsg map[string]json.RawMessage + if err := json.Unmarshal(data, &rawMsg); err != nil { + return fmt.Errorf("unmarshalling type %T: %v", t, err) + } + for key, val := range rawMsg { + var err error + switch key { + case "nextLink": + err = unpopulate(val, "NextLink", &t.NextLink) delete(rawMsg, key) - case "validUntil": - err = unpopulate(val, "ValidUntil", &t.ValidUntil) + case "value": + err = unpopulate(val, "Value", &t.Value) delete(rawMsg, key) } if err != nil { @@ -15495,20 +10612,20 @@ func (t *ThreatIntelligenceIndicatorProperties) UnmarshalJSON(data []byte) error return nil } -// MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceInformation. -func (t ThreatIntelligenceInformation) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type TemplateModel. +func (t TemplateModel) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) populate(objectMap, "etag", t.Etag) populate(objectMap, "id", t.ID) - objectMap["kind"] = t.Kind populate(objectMap, "name", t.Name) + populate(objectMap, "properties", t.Properties) populate(objectMap, "systemData", t.SystemData) populate(objectMap, "type", t.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceInformation. -func (t *ThreatIntelligenceInformation) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type TemplateModel. +func (t *TemplateModel) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", t, err) @@ -15522,12 +10639,12 @@ func (t *ThreatIntelligenceInformation) UnmarshalJSON(data []byte) error { case "id": err = unpopulate(val, "ID", &t.ID) delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &t.Kind) - delete(rawMsg, key) case "name": err = unpopulate(val, "Name", &t.Name) delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &t.Properties) + delete(rawMsg, key) case "systemData": err = unpopulate(val, "SystemData", &t.SystemData) delete(rawMsg, key) @@ -15542,16 +10659,41 @@ func (t *ThreatIntelligenceInformation) UnmarshalJSON(data []byte) error { return nil } -// MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceInformationList. -func (t ThreatIntelligenceInformationList) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type TemplateProperties. +func (t TemplateProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "nextLink", t.NextLink) - populate(objectMap, "value", t.Value) + populate(objectMap, "author", t.Author) + populate(objectMap, "categories", t.Categories) + populate(objectMap, "contentId", t.ContentID) + populate(objectMap, "contentKind", t.ContentKind) + populate(objectMap, "contentProductId", t.ContentProductID) + populate(objectMap, "contentSchemaVersion", t.ContentSchemaVersion) + populate(objectMap, "customVersion", t.CustomVersion) + populate(objectMap, "dependantTemplates", t.DependantTemplates) + populate(objectMap, "dependencies", t.Dependencies) + populate(objectMap, "displayName", t.DisplayName) + populateDateType(objectMap, "firstPublishDate", t.FirstPublishDate) + populate(objectMap, "icon", t.Icon) + populate(objectMap, "isDeprecated", t.IsDeprecated) + populateDateType(objectMap, "lastPublishDate", t.LastPublishDate) + populateAny(objectMap, "mainTemplate", t.MainTemplate) + populate(objectMap, "packageId", t.PackageID) + populate(objectMap, "packageKind", t.PackageKind) + populate(objectMap, "packageName", t.PackageName) + populate(objectMap, "packageVersion", t.PackageVersion) + populate(objectMap, "previewImages", t.PreviewImages) + populate(objectMap, "previewImagesDark", t.PreviewImagesDark) + populate(objectMap, "providers", t.Providers) + populate(objectMap, "source", t.Source) + populate(objectMap, "support", t.Support) + populate(objectMap, "threatAnalysisTactics", t.ThreatAnalysisTactics) + populate(objectMap, "threatAnalysisTechniques", t.ThreatAnalysisTechniques) + populate(objectMap, "version", t.Version) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceInformationList. -func (t *ThreatIntelligenceInformationList) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type TemplateProperties. +func (t *TemplateProperties) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", t, err) @@ -15559,11 +10701,86 @@ func (t *ThreatIntelligenceInformationList) UnmarshalJSON(data []byte) error { for key, val := range rawMsg { var err error switch key { - case "nextLink": - err = unpopulate(val, "NextLink", &t.NextLink) + case "author": + err = unpopulate(val, "Author", &t.Author) delete(rawMsg, key) - case "value": - t.Value, err = unmarshalThreatIntelligenceInformationClassificationArray(val) + case "categories": + err = unpopulate(val, "Categories", &t.Categories) + delete(rawMsg, key) + case "contentId": + err = unpopulate(val, "ContentID", &t.ContentID) + delete(rawMsg, key) + case "contentKind": + err = unpopulate(val, "ContentKind", &t.ContentKind) + delete(rawMsg, key) + case "contentProductId": + err = unpopulate(val, "ContentProductID", &t.ContentProductID) + delete(rawMsg, key) + case "contentSchemaVersion": + err = unpopulate(val, "ContentSchemaVersion", &t.ContentSchemaVersion) + delete(rawMsg, key) + case "customVersion": + err = unpopulate(val, "CustomVersion", &t.CustomVersion) + delete(rawMsg, key) + case "dependantTemplates": + err = unpopulate(val, "DependantTemplates", &t.DependantTemplates) + delete(rawMsg, key) + case "dependencies": + err = unpopulate(val, "Dependencies", &t.Dependencies) + delete(rawMsg, key) + case "displayName": + err = unpopulate(val, "DisplayName", &t.DisplayName) + delete(rawMsg, key) + case "firstPublishDate": + err = unpopulateDateType(val, "FirstPublishDate", &t.FirstPublishDate) + delete(rawMsg, key) + case "icon": + err = unpopulate(val, "Icon", &t.Icon) + delete(rawMsg, key) + case "isDeprecated": + err = unpopulate(val, "IsDeprecated", &t.IsDeprecated) + delete(rawMsg, key) + case "lastPublishDate": + err = unpopulateDateType(val, "LastPublishDate", &t.LastPublishDate) + delete(rawMsg, key) + case "mainTemplate": + err = unpopulate(val, "MainTemplate", &t.MainTemplate) + delete(rawMsg, key) + case "packageId": + err = unpopulate(val, "PackageID", &t.PackageID) + delete(rawMsg, key) + case "packageKind": + err = unpopulate(val, "PackageKind", &t.PackageKind) + delete(rawMsg, key) + case "packageName": + err = unpopulate(val, "PackageName", &t.PackageName) + delete(rawMsg, key) + case "packageVersion": + err = unpopulate(val, "PackageVersion", &t.PackageVersion) + delete(rawMsg, key) + case "previewImages": + err = unpopulate(val, "PreviewImages", &t.PreviewImages) + delete(rawMsg, key) + case "previewImagesDark": + err = unpopulate(val, "PreviewImagesDark", &t.PreviewImagesDark) + delete(rawMsg, key) + case "providers": + err = unpopulate(val, "Providers", &t.Providers) + delete(rawMsg, key) + case "source": + err = unpopulate(val, "Source", &t.Source) + delete(rawMsg, key) + case "support": + err = unpopulate(val, "Support", &t.Support) + delete(rawMsg, key) + case "threatAnalysisTactics": + err = unpopulate(val, "ThreatAnalysisTactics", &t.ThreatAnalysisTactics) + delete(rawMsg, key) + case "threatAnalysisTechniques": + err = unpopulate(val, "ThreatAnalysisTechniques", &t.ThreatAnalysisTechniques) + delete(rawMsg, key) + case "version": + err = unpopulate(val, "Version", &t.Version) delete(rawMsg, key) } if err != nil { @@ -15573,16 +10790,20 @@ func (t *ThreatIntelligenceInformationList) UnmarshalJSON(data []byte) error { return nil } -// MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceKillChainPhase. -func (t ThreatIntelligenceKillChainPhase) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type ThreatIntelligence. +func (t ThreatIntelligence) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "killChainName", t.KillChainName) - populate(objectMap, "phaseName", t.PhaseName) + populate(objectMap, "confidence", t.Confidence) + populate(objectMap, "providerName", t.ProviderName) + populate(objectMap, "reportLink", t.ReportLink) + populate(objectMap, "threatDescription", t.ThreatDescription) + populate(objectMap, "threatName", t.ThreatName) + populate(objectMap, "threatType", t.ThreatType) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceKillChainPhase. -func (t *ThreatIntelligenceKillChainPhase) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligence. +func (t *ThreatIntelligence) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", t, err) @@ -15590,11 +10811,23 @@ func (t *ThreatIntelligenceKillChainPhase) UnmarshalJSON(data []byte) error { for key, val := range rawMsg { var err error switch key { - case "killChainName": - err = unpopulate(val, "KillChainName", &t.KillChainName) + case "confidence": + err = unpopulate(val, "Confidence", &t.Confidence) delete(rawMsg, key) - case "phaseName": - err = unpopulate(val, "PhaseName", &t.PhaseName) + case "providerName": + err = unpopulate(val, "ProviderName", &t.ProviderName) + delete(rawMsg, key) + case "reportLink": + err = unpopulate(val, "ReportLink", &t.ReportLink) + delete(rawMsg, key) + case "threatDescription": + err = unpopulate(val, "ThreatDescription", &t.ThreatDescription) + delete(rawMsg, key) + case "threatName": + err = unpopulate(val, "ThreatName", &t.ThreatName) + delete(rawMsg, key) + case "threatType": + err = unpopulate(val, "ThreatType", &t.ThreatType) delete(rawMsg, key) } if err != nil { @@ -15604,18 +10837,15 @@ func (t *ThreatIntelligenceKillChainPhase) UnmarshalJSON(data []byte) error { return nil } -// MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceMetric. -func (t ThreatIntelligenceMetric) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceAppendTags. +func (t ThreatIntelligenceAppendTags) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "lastUpdatedTimeUtc", t.LastUpdatedTimeUTC) - populate(objectMap, "patternTypeMetrics", t.PatternTypeMetrics) - populate(objectMap, "sourceMetrics", t.SourceMetrics) - populate(objectMap, "threatTypeMetrics", t.ThreatTypeMetrics) + populate(objectMap, "threatIntelligenceTags", t.ThreatIntelligenceTags) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceMetric. -func (t *ThreatIntelligenceMetric) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceAppendTags. +func (t *ThreatIntelligenceAppendTags) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", t, err) @@ -15623,17 +10853,8 @@ func (t *ThreatIntelligenceMetric) UnmarshalJSON(data []byte) error { for key, val := range rawMsg { var err error switch key { - case "lastUpdatedTimeUtc": - err = unpopulate(val, "LastUpdatedTimeUTC", &t.LastUpdatedTimeUTC) - delete(rawMsg, key) - case "patternTypeMetrics": - err = unpopulate(val, "PatternTypeMetrics", &t.PatternTypeMetrics) - delete(rawMsg, key) - case "sourceMetrics": - err = unpopulate(val, "SourceMetrics", &t.SourceMetrics) - delete(rawMsg, key) - case "threatTypeMetrics": - err = unpopulate(val, "ThreatTypeMetrics", &t.ThreatTypeMetrics) + case "threatIntelligenceTags": + err = unpopulate(val, "ThreatIntelligenceTags", &t.ThreatIntelligenceTags) delete(rawMsg, key) } if err != nil { @@ -15643,16 +10864,19 @@ func (t *ThreatIntelligenceMetric) UnmarshalJSON(data []byte) error { return nil } -// MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceMetricEntity. -func (t ThreatIntelligenceMetricEntity) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceExternalReference. +func (t ThreatIntelligenceExternalReference) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "metricName", t.MetricName) - populate(objectMap, "metricValue", t.MetricValue) + populate(objectMap, "description", t.Description) + populate(objectMap, "externalId", t.ExternalID) + populate(objectMap, "hashes", t.Hashes) + populate(objectMap, "sourceName", t.SourceName) + populate(objectMap, "url", t.URL) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceMetricEntity. -func (t *ThreatIntelligenceMetricEntity) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceExternalReference. +func (t *ThreatIntelligenceExternalReference) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", t, err) @@ -15660,11 +10884,20 @@ func (t *ThreatIntelligenceMetricEntity) UnmarshalJSON(data []byte) error { for key, val := range rawMsg { var err error switch key { - case "metricName": - err = unpopulate(val, "MetricName", &t.MetricName) + case "description": + err = unpopulate(val, "Description", &t.Description) delete(rawMsg, key) - case "metricValue": - err = unpopulate(val, "MetricValue", &t.MetricValue) + case "externalId": + err = unpopulate(val, "ExternalID", &t.ExternalID) + delete(rawMsg, key) + case "hashes": + err = unpopulate(val, "Hashes", &t.Hashes) + delete(rawMsg, key) + case "sourceName": + err = unpopulate(val, "SourceName", &t.SourceName) + delete(rawMsg, key) + case "url": + err = unpopulate(val, "URL", &t.URL) delete(rawMsg, key) } if err != nil { @@ -15674,15 +10907,27 @@ func (t *ThreatIntelligenceMetricEntity) UnmarshalJSON(data []byte) error { return nil } -// MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceMetrics. -func (t ThreatIntelligenceMetrics) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceFilteringCriteria. +func (t ThreatIntelligenceFilteringCriteria) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "properties", t.Properties) + populate(objectMap, "ids", t.IDs) + populate(objectMap, "includeDisabled", t.IncludeDisabled) + populate(objectMap, "keywords", t.Keywords) + populate(objectMap, "maxConfidence", t.MaxConfidence) + populate(objectMap, "maxValidUntil", t.MaxValidUntil) + populate(objectMap, "minConfidence", t.MinConfidence) + populate(objectMap, "minValidUntil", t.MinValidUntil) + populate(objectMap, "pageSize", t.PageSize) + populate(objectMap, "patternTypes", t.PatternTypes) + populate(objectMap, "skipToken", t.SkipToken) + populate(objectMap, "sortBy", t.SortBy) + populate(objectMap, "sources", t.Sources) + populate(objectMap, "threatTypes", t.ThreatTypes) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceMetrics. -func (t *ThreatIntelligenceMetrics) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceFilteringCriteria. +func (t *ThreatIntelligenceFilteringCriteria) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", t, err) @@ -15690,8 +10935,44 @@ func (t *ThreatIntelligenceMetrics) UnmarshalJSON(data []byte) error { for key, val := range rawMsg { var err error switch key { - case "properties": - err = unpopulate(val, "Properties", &t.Properties) + case "ids": + err = unpopulate(val, "IDs", &t.IDs) + delete(rawMsg, key) + case "includeDisabled": + err = unpopulate(val, "IncludeDisabled", &t.IncludeDisabled) + delete(rawMsg, key) + case "keywords": + err = unpopulate(val, "Keywords", &t.Keywords) + delete(rawMsg, key) + case "maxConfidence": + err = unpopulate(val, "MaxConfidence", &t.MaxConfidence) + delete(rawMsg, key) + case "maxValidUntil": + err = unpopulate(val, "MaxValidUntil", &t.MaxValidUntil) + delete(rawMsg, key) + case "minConfidence": + err = unpopulate(val, "MinConfidence", &t.MinConfidence) + delete(rawMsg, key) + case "minValidUntil": + err = unpopulate(val, "MinValidUntil", &t.MinValidUntil) + delete(rawMsg, key) + case "pageSize": + err = unpopulate(val, "PageSize", &t.PageSize) + delete(rawMsg, key) + case "patternTypes": + err = unpopulate(val, "PatternTypes", &t.PatternTypes) + delete(rawMsg, key) + case "skipToken": + err = unpopulate(val, "SkipToken", &t.SkipToken) + delete(rawMsg, key) + case "sortBy": + err = unpopulate(val, "SortBy", &t.SortBy) + delete(rawMsg, key) + case "sources": + err = unpopulate(val, "Sources", &t.Sources) + delete(rawMsg, key) + case "threatTypes": + err = unpopulate(val, "ThreatTypes", &t.ThreatTypes) delete(rawMsg, key) } if err != nil { @@ -15701,15 +10982,17 @@ func (t *ThreatIntelligenceMetrics) UnmarshalJSON(data []byte) error { return nil } -// MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceMetricsList. -func (t ThreatIntelligenceMetricsList) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceGranularMarkingModel. +func (t ThreatIntelligenceGranularMarkingModel) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "value", t.Value) + populate(objectMap, "language", t.Language) + populate(objectMap, "markingRef", t.MarkingRef) + populate(objectMap, "selectors", t.Selectors) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceMetricsList. -func (t *ThreatIntelligenceMetricsList) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceGranularMarkingModel. +func (t *ThreatIntelligenceGranularMarkingModel) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", t, err) @@ -15717,8 +11000,14 @@ func (t *ThreatIntelligenceMetricsList) UnmarshalJSON(data []byte) error { for key, val := range rawMsg { var err error switch key { - case "value": - err = unpopulate(val, "Value", &t.Value) + case "language": + err = unpopulate(val, "Language", &t.Language) + delete(rawMsg, key) + case "markingRef": + err = unpopulate(val, "MarkingRef", &t.MarkingRef) + delete(rawMsg, key) + case "selectors": + err = unpopulate(val, "Selectors", &t.Selectors) delete(rawMsg, key) } if err != nil { @@ -15728,16 +11017,21 @@ func (t *ThreatIntelligenceMetricsList) UnmarshalJSON(data []byte) error { return nil } -// MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceParsedPattern. -func (t ThreatIntelligenceParsedPattern) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceIndicatorModel. +func (t ThreatIntelligenceIndicatorModel) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "patternTypeKey", t.PatternTypeKey) - populate(objectMap, "patternTypeValues", t.PatternTypeValues) + populate(objectMap, "etag", t.Etag) + populate(objectMap, "id", t.ID) + objectMap["kind"] = ThreatIntelligenceResourceInnerKindIndicator + populate(objectMap, "name", t.Name) + populate(objectMap, "properties", t.Properties) + populate(objectMap, "systemData", t.SystemData) + populate(objectMap, "type", t.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceParsedPattern. -func (t *ThreatIntelligenceParsedPattern) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceIndicatorModel. +func (t *ThreatIntelligenceIndicatorModel) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", t, err) @@ -15745,11 +11039,26 @@ func (t *ThreatIntelligenceParsedPattern) UnmarshalJSON(data []byte) error { for key, val := range rawMsg { var err error switch key { - case "patternTypeKey": - err = unpopulate(val, "PatternTypeKey", &t.PatternTypeKey) + case "etag": + err = unpopulate(val, "Etag", &t.Etag) delete(rawMsg, key) - case "patternTypeValues": - err = unpopulate(val, "PatternTypeValues", &t.PatternTypeValues) + case "id": + err = unpopulate(val, "ID", &t.ID) + delete(rawMsg, key) + case "kind": + err = unpopulate(val, "Kind", &t.Kind) + delete(rawMsg, key) + case "name": + err = unpopulate(val, "Name", &t.Name) + delete(rawMsg, key) + case "properties": + err = unpopulate(val, "Properties", &t.Properties) + delete(rawMsg, key) + case "systemData": + err = unpopulate(val, "SystemData", &t.SystemData) + delete(rawMsg, key) + case "type": + err = unpopulate(val, "Type", &t.Type) delete(rawMsg, key) } if err != nil { @@ -15759,16 +11068,44 @@ func (t *ThreatIntelligenceParsedPattern) UnmarshalJSON(data []byte) error { return nil } -// MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceParsedPatternTypeValue. -func (t ThreatIntelligenceParsedPatternTypeValue) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceIndicatorProperties. +func (t ThreatIntelligenceIndicatorProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "value", t.Value) - populate(objectMap, "valueType", t.ValueType) + populate(objectMap, "additionalData", t.AdditionalData) + populate(objectMap, "confidence", t.Confidence) + populate(objectMap, "created", t.Created) + populate(objectMap, "createdByRef", t.CreatedByRef) + populate(objectMap, "defanged", t.Defanged) + populate(objectMap, "description", t.Description) + populate(objectMap, "displayName", t.DisplayName) + populate(objectMap, "extensions", t.Extensions) + populate(objectMap, "externalId", t.ExternalID) + populate(objectMap, "externalLastUpdatedTimeUtc", t.ExternalLastUpdatedTimeUTC) + populate(objectMap, "externalReferences", t.ExternalReferences) + populate(objectMap, "friendlyName", t.FriendlyName) + populate(objectMap, "granularMarkings", t.GranularMarkings) + populate(objectMap, "indicatorTypes", t.IndicatorTypes) + populate(objectMap, "killChainPhases", t.KillChainPhases) + populate(objectMap, "labels", t.Labels) + populate(objectMap, "language", t.Language) + populate(objectMap, "lastUpdatedTimeUtc", t.LastUpdatedTimeUTC) + populate(objectMap, "modified", t.Modified) + populate(objectMap, "objectMarkingRefs", t.ObjectMarkingRefs) + populate(objectMap, "parsedPattern", t.ParsedPattern) + populate(objectMap, "pattern", t.Pattern) + populate(objectMap, "patternType", t.PatternType) + populate(objectMap, "patternVersion", t.PatternVersion) + populate(objectMap, "revoked", t.Revoked) + populate(objectMap, "source", t.Source) + populate(objectMap, "threatIntelligenceTags", t.ThreatIntelligenceTags) + populate(objectMap, "threatTypes", t.ThreatTypes) + populate(objectMap, "validFrom", t.ValidFrom) + populate(objectMap, "validUntil", t.ValidUntil) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceParsedPatternTypeValue. -func (t *ThreatIntelligenceParsedPatternTypeValue) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceIndicatorProperties. +func (t *ThreatIntelligenceIndicatorProperties) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", t, err) @@ -15776,11 +11113,95 @@ func (t *ThreatIntelligenceParsedPatternTypeValue) UnmarshalJSON(data []byte) er for key, val := range rawMsg { var err error switch key { - case "value": - err = unpopulate(val, "Value", &t.Value) + case "additionalData": + err = unpopulate(val, "AdditionalData", &t.AdditionalData) delete(rawMsg, key) - case "valueType": - err = unpopulate(val, "ValueType", &t.ValueType) + case "confidence": + err = unpopulate(val, "Confidence", &t.Confidence) + delete(rawMsg, key) + case "created": + err = unpopulate(val, "Created", &t.Created) + delete(rawMsg, key) + case "createdByRef": + err = unpopulate(val, "CreatedByRef", &t.CreatedByRef) + delete(rawMsg, key) + case "defanged": + err = unpopulate(val, "Defanged", &t.Defanged) + delete(rawMsg, key) + case "description": + err = unpopulate(val, "Description", &t.Description) + delete(rawMsg, key) + case "displayName": + err = unpopulate(val, "DisplayName", &t.DisplayName) + delete(rawMsg, key) + case "extensions": + err = unpopulate(val, "Extensions", &t.Extensions) + delete(rawMsg, key) + case "externalId": + err = unpopulate(val, "ExternalID", &t.ExternalID) + delete(rawMsg, key) + case "externalLastUpdatedTimeUtc": + err = unpopulate(val, "ExternalLastUpdatedTimeUTC", &t.ExternalLastUpdatedTimeUTC) + delete(rawMsg, key) + case "externalReferences": + err = unpopulate(val, "ExternalReferences", &t.ExternalReferences) + delete(rawMsg, key) + case "friendlyName": + err = unpopulate(val, "FriendlyName", &t.FriendlyName) + delete(rawMsg, key) + case "granularMarkings": + err = unpopulate(val, "GranularMarkings", &t.GranularMarkings) + delete(rawMsg, key) + case "indicatorTypes": + err = unpopulate(val, "IndicatorTypes", &t.IndicatorTypes) + delete(rawMsg, key) + case "killChainPhases": + err = unpopulate(val, "KillChainPhases", &t.KillChainPhases) + delete(rawMsg, key) + case "labels": + err = unpopulate(val, "Labels", &t.Labels) + delete(rawMsg, key) + case "language": + err = unpopulate(val, "Language", &t.Language) + delete(rawMsg, key) + case "lastUpdatedTimeUtc": + err = unpopulate(val, "LastUpdatedTimeUTC", &t.LastUpdatedTimeUTC) + delete(rawMsg, key) + case "modified": + err = unpopulate(val, "Modified", &t.Modified) + delete(rawMsg, key) + case "objectMarkingRefs": + err = unpopulate(val, "ObjectMarkingRefs", &t.ObjectMarkingRefs) + delete(rawMsg, key) + case "parsedPattern": + err = unpopulate(val, "ParsedPattern", &t.ParsedPattern) + delete(rawMsg, key) + case "pattern": + err = unpopulate(val, "Pattern", &t.Pattern) + delete(rawMsg, key) + case "patternType": + err = unpopulate(val, "PatternType", &t.PatternType) + delete(rawMsg, key) + case "patternVersion": + err = unpopulate(val, "PatternVersion", &t.PatternVersion) + delete(rawMsg, key) + case "revoked": + err = unpopulate(val, "Revoked", &t.Revoked) + delete(rawMsg, key) + case "source": + err = unpopulate(val, "Source", &t.Source) + delete(rawMsg, key) + case "threatIntelligenceTags": + err = unpopulate(val, "ThreatIntelligenceTags", &t.ThreatIntelligenceTags) + delete(rawMsg, key) + case "threatTypes": + err = unpopulate(val, "ThreatTypes", &t.ThreatTypes) + delete(rawMsg, key) + case "validFrom": + err = unpopulate(val, "ValidFrom", &t.ValidFrom) + delete(rawMsg, key) + case "validUntil": + err = unpopulate(val, "ValidUntil", &t.ValidUntil) delete(rawMsg, key) } if err != nil { @@ -15790,16 +11211,20 @@ func (t *ThreatIntelligenceParsedPatternTypeValue) UnmarshalJSON(data []byte) er return nil } -// MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceSortingCriteria. -func (t ThreatIntelligenceSortingCriteria) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceInformation. +func (t ThreatIntelligenceInformation) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "itemKey", t.ItemKey) - populate(objectMap, "sortOrder", t.SortOrder) + populate(objectMap, "etag", t.Etag) + populate(objectMap, "id", t.ID) + objectMap["kind"] = t.Kind + populate(objectMap, "name", t.Name) + populate(objectMap, "systemData", t.SystemData) + populate(objectMap, "type", t.Type) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceSortingCriteria. -func (t *ThreatIntelligenceSortingCriteria) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceInformation. +func (t *ThreatIntelligenceInformation) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", t, err) @@ -15807,11 +11232,23 @@ func (t *ThreatIntelligenceSortingCriteria) UnmarshalJSON(data []byte) error { for key, val := range rawMsg { var err error switch key { - case "itemKey": - err = unpopulate(val, "ItemKey", &t.ItemKey) + case "etag": + err = unpopulate(val, "Etag", &t.Etag) delete(rawMsg, key) - case "sortOrder": - err = unpopulate(val, "SortOrder", &t.SortOrder) + case "id": + err = unpopulate(val, "ID", &t.ID) + delete(rawMsg, key) + case "kind": + err = unpopulate(val, "Kind", &t.Kind) + delete(rawMsg, key) + case "name": + err = unpopulate(val, "Name", &t.Name) + delete(rawMsg, key) + case "systemData": + err = unpopulate(val, "SystemData", &t.SystemData) + delete(rawMsg, key) + case "type": + err = unpopulate(val, "Type", &t.Type) delete(rawMsg, key) } if err != nil { @@ -15821,16 +11258,16 @@ func (t *ThreatIntelligenceSortingCriteria) UnmarshalJSON(data []byte) error { return nil } -// MarshalJSON implements the json.Marshaller interface for type TiTaxiiCheckRequirements. -func (t TiTaxiiCheckRequirements) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceInformationList. +func (t ThreatIntelligenceInformationList) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - objectMap["kind"] = DataConnectorKindThreatIntelligenceTaxii - populate(objectMap, "properties", t.Properties) + populate(objectMap, "nextLink", t.NextLink) + populate(objectMap, "value", t.Value) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type TiTaxiiCheckRequirements. -func (t *TiTaxiiCheckRequirements) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceInformationList. +func (t *ThreatIntelligenceInformationList) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", t, err) @@ -15838,11 +11275,11 @@ func (t *TiTaxiiCheckRequirements) UnmarshalJSON(data []byte) error { for key, val := range rawMsg { var err error switch key { - case "kind": - err = unpopulate(val, "Kind", &t.Kind) + case "nextLink": + err = unpopulate(val, "NextLink", &t.NextLink) delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &t.Properties) + case "value": + t.Value, err = unmarshalThreatIntelligenceInformationClassificationArray(val) delete(rawMsg, key) } if err != nil { @@ -15852,15 +11289,16 @@ func (t *TiTaxiiCheckRequirements) UnmarshalJSON(data []byte) error { return nil } -// MarshalJSON implements the json.Marshaller interface for type TiTaxiiCheckRequirementsProperties. -func (t TiTaxiiCheckRequirementsProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceKillChainPhase. +func (t ThreatIntelligenceKillChainPhase) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "tenantId", t.TenantID) + populate(objectMap, "killChainName", t.KillChainName) + populate(objectMap, "phaseName", t.PhaseName) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type TiTaxiiCheckRequirementsProperties. -func (t *TiTaxiiCheckRequirementsProperties) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceKillChainPhase. +func (t *ThreatIntelligenceKillChainPhase) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", t, err) @@ -15868,8 +11306,11 @@ func (t *TiTaxiiCheckRequirementsProperties) UnmarshalJSON(data []byte) error { for key, val := range rawMsg { var err error switch key { - case "tenantId": - err = unpopulate(val, "TenantID", &t.TenantID) + case "killChainName": + err = unpopulate(val, "KillChainName", &t.KillChainName) + delete(rawMsg, key) + case "phaseName": + err = unpopulate(val, "PhaseName", &t.PhaseName) delete(rawMsg, key) } if err != nil { @@ -15879,21 +11320,18 @@ func (t *TiTaxiiCheckRequirementsProperties) UnmarshalJSON(data []byte) error { return nil } -// MarshalJSON implements the json.Marshaller interface for type TiTaxiiDataConnector. -func (t TiTaxiiDataConnector) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceMetric. +func (t ThreatIntelligenceMetric) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "etag", t.Etag) - populate(objectMap, "id", t.ID) - objectMap["kind"] = DataConnectorKindThreatIntelligenceTaxii - populate(objectMap, "name", t.Name) - populate(objectMap, "properties", t.Properties) - populate(objectMap, "systemData", t.SystemData) - populate(objectMap, "type", t.Type) + populate(objectMap, "lastUpdatedTimeUtc", t.LastUpdatedTimeUTC) + populate(objectMap, "patternTypeMetrics", t.PatternTypeMetrics) + populate(objectMap, "sourceMetrics", t.SourceMetrics) + populate(objectMap, "threatTypeMetrics", t.ThreatTypeMetrics) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type TiTaxiiDataConnector. -func (t *TiTaxiiDataConnector) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceMetric. +func (t *ThreatIntelligenceMetric) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", t, err) @@ -15901,26 +11339,17 @@ func (t *TiTaxiiDataConnector) UnmarshalJSON(data []byte) error { for key, val := range rawMsg { var err error switch key { - case "etag": - err = unpopulate(val, "Etag", &t.Etag) - delete(rawMsg, key) - case "id": - err = unpopulate(val, "ID", &t.ID) - delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &t.Kind) - delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &t.Name) + case "lastUpdatedTimeUtc": + err = unpopulate(val, "LastUpdatedTimeUTC", &t.LastUpdatedTimeUTC) delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &t.Properties) + case "patternTypeMetrics": + err = unpopulate(val, "PatternTypeMetrics", &t.PatternTypeMetrics) delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &t.SystemData) + case "sourceMetrics": + err = unpopulate(val, "SourceMetrics", &t.SourceMetrics) delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &t.Type) + case "threatTypeMetrics": + err = unpopulate(val, "ThreatTypeMetrics", &t.ThreatTypeMetrics) delete(rawMsg, key) } if err != nil { @@ -15930,15 +11359,16 @@ func (t *TiTaxiiDataConnector) UnmarshalJSON(data []byte) error { return nil } -// MarshalJSON implements the json.Marshaller interface for type TiTaxiiDataConnectorDataTypes. -func (t TiTaxiiDataConnectorDataTypes) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceMetricEntity. +func (t ThreatIntelligenceMetricEntity) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "taxiiClient", t.TaxiiClient) + populate(objectMap, "metricName", t.MetricName) + populate(objectMap, "metricValue", t.MetricValue) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type TiTaxiiDataConnectorDataTypes. -func (t *TiTaxiiDataConnectorDataTypes) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceMetricEntity. +func (t *ThreatIntelligenceMetricEntity) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", t, err) @@ -15946,8 +11376,11 @@ func (t *TiTaxiiDataConnectorDataTypes) UnmarshalJSON(data []byte) error { for key, val := range rawMsg { var err error switch key { - case "taxiiClient": - err = unpopulate(val, "TaxiiClient", &t.TaxiiClient) + case "metricName": + err = unpopulate(val, "MetricName", &t.MetricName) + delete(rawMsg, key) + case "metricValue": + err = unpopulate(val, "MetricValue", &t.MetricValue) delete(rawMsg, key) } if err != nil { @@ -15957,15 +11390,15 @@ func (t *TiTaxiiDataConnectorDataTypes) UnmarshalJSON(data []byte) error { return nil } -// MarshalJSON implements the json.Marshaller interface for type TiTaxiiDataConnectorDataTypesTaxiiClient. -func (t TiTaxiiDataConnectorDataTypesTaxiiClient) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceMetrics. +func (t ThreatIntelligenceMetrics) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "state", t.State) + populate(objectMap, "properties", t.Properties) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type TiTaxiiDataConnectorDataTypesTaxiiClient. -func (t *TiTaxiiDataConnectorDataTypesTaxiiClient) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceMetrics. +func (t *ThreatIntelligenceMetrics) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", t, err) @@ -15973,8 +11406,8 @@ func (t *TiTaxiiDataConnectorDataTypesTaxiiClient) UnmarshalJSON(data []byte) er for key, val := range rawMsg { var err error switch key { - case "state": - err = unpopulate(val, "State", &t.State) + case "properties": + err = unpopulate(val, "Properties", &t.Properties) delete(rawMsg, key) } if err != nil { @@ -15984,24 +11417,15 @@ func (t *TiTaxiiDataConnectorDataTypesTaxiiClient) UnmarshalJSON(data []byte) er return nil } -// MarshalJSON implements the json.Marshaller interface for type TiTaxiiDataConnectorProperties. -func (t TiTaxiiDataConnectorProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceMetricsList. +func (t ThreatIntelligenceMetricsList) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "collectionId", t.CollectionID) - populate(objectMap, "dataTypes", t.DataTypes) - populate(objectMap, "friendlyName", t.FriendlyName) - populate(objectMap, "password", t.Password) - populate(objectMap, "pollingFrequency", t.PollingFrequency) - populateDateTimeRFC3339(objectMap, "taxiiLookbackPeriod", t.TaxiiLookbackPeriod) - populate(objectMap, "taxiiServer", t.TaxiiServer) - populate(objectMap, "tenantId", t.TenantID) - populate(objectMap, "userName", t.UserName) - populate(objectMap, "workspaceId", t.WorkspaceID) + populate(objectMap, "value", t.Value) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type TiTaxiiDataConnectorProperties. -func (t *TiTaxiiDataConnectorProperties) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceMetricsList. +func (t *ThreatIntelligenceMetricsList) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", t, err) @@ -16009,35 +11433,8 @@ func (t *TiTaxiiDataConnectorProperties) UnmarshalJSON(data []byte) error { for key, val := range rawMsg { var err error switch key { - case "collectionId": - err = unpopulate(val, "CollectionID", &t.CollectionID) - delete(rawMsg, key) - case "dataTypes": - err = unpopulate(val, "DataTypes", &t.DataTypes) - delete(rawMsg, key) - case "friendlyName": - err = unpopulate(val, "FriendlyName", &t.FriendlyName) - delete(rawMsg, key) - case "password": - err = unpopulate(val, "Password", &t.Password) - delete(rawMsg, key) - case "pollingFrequency": - err = unpopulate(val, "PollingFrequency", &t.PollingFrequency) - delete(rawMsg, key) - case "taxiiLookbackPeriod": - err = unpopulateDateTimeRFC3339(val, "TaxiiLookbackPeriod", &t.TaxiiLookbackPeriod) - delete(rawMsg, key) - case "taxiiServer": - err = unpopulate(val, "TaxiiServer", &t.TaxiiServer) - delete(rawMsg, key) - case "tenantId": - err = unpopulate(val, "TenantID", &t.TenantID) - delete(rawMsg, key) - case "userName": - err = unpopulate(val, "UserName", &t.UserName) - delete(rawMsg, key) - case "workspaceId": - err = unpopulate(val, "WorkspaceID", &t.WorkspaceID) + case "value": + err = unpopulate(val, "Value", &t.Value) delete(rawMsg, key) } if err != nil { @@ -16047,16 +11444,16 @@ func (t *TiTaxiiDataConnectorProperties) UnmarshalJSON(data []byte) error { return nil } -// MarshalJSON implements the json.Marshaller interface for type TimelineAggregation. -func (t TimelineAggregation) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceParsedPattern. +func (t ThreatIntelligenceParsedPattern) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "count", t.Count) - populate(objectMap, "kind", t.Kind) + populate(objectMap, "patternTypeKey", t.PatternTypeKey) + populate(objectMap, "patternTypeValues", t.PatternTypeValues) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type TimelineAggregation. -func (t *TimelineAggregation) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceParsedPattern. +func (t *ThreatIntelligenceParsedPattern) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", t, err) @@ -16064,11 +11461,11 @@ func (t *TimelineAggregation) UnmarshalJSON(data []byte) error { for key, val := range rawMsg { var err error switch key { - case "count": - err = unpopulate(val, "Count", &t.Count) + case "patternTypeKey": + err = unpopulate(val, "PatternTypeKey", &t.PatternTypeKey) delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &t.Kind) + case "patternTypeValues": + err = unpopulate(val, "PatternTypeValues", &t.PatternTypeValues) delete(rawMsg, key) } if err != nil { @@ -16078,17 +11475,16 @@ func (t *TimelineAggregation) UnmarshalJSON(data []byte) error { return nil } -// MarshalJSON implements the json.Marshaller interface for type TimelineError. -func (t TimelineError) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceParsedPatternTypeValue. +func (t ThreatIntelligenceParsedPatternTypeValue) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "errorMessage", t.ErrorMessage) - populate(objectMap, "kind", t.Kind) - populate(objectMap, "queryId", t.QueryID) + populate(objectMap, "value", t.Value) + populate(objectMap, "valueType", t.ValueType) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type TimelineError. -func (t *TimelineError) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceParsedPatternTypeValue. +func (t *ThreatIntelligenceParsedPatternTypeValue) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", t, err) @@ -16096,14 +11492,11 @@ func (t *TimelineError) UnmarshalJSON(data []byte) error { for key, val := range rawMsg { var err error switch key { - case "errorMessage": - err = unpopulate(val, "ErrorMessage", &t.ErrorMessage) - delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &t.Kind) + case "value": + err = unpopulate(val, "Value", &t.Value) delete(rawMsg, key) - case "queryId": - err = unpopulate(val, "QueryID", &t.QueryID) + case "valueType": + err = unpopulate(val, "ValueType", &t.ValueType) delete(rawMsg, key) } if err != nil { @@ -16113,17 +11506,16 @@ func (t *TimelineError) UnmarshalJSON(data []byte) error { return nil } -// MarshalJSON implements the json.Marshaller interface for type TimelineResultsMetadata. -func (t TimelineResultsMetadata) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceSortingCriteria. +func (t ThreatIntelligenceSortingCriteria) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "aggregations", t.Aggregations) - populate(objectMap, "errors", t.Errors) - populate(objectMap, "totalCount", t.TotalCount) + populate(objectMap, "itemKey", t.ItemKey) + populate(objectMap, "sortOrder", t.SortOrder) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type TimelineResultsMetadata. -func (t *TimelineResultsMetadata) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceSortingCriteria. +func (t *ThreatIntelligenceSortingCriteria) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", t, err) @@ -16131,14 +11523,11 @@ func (t *TimelineResultsMetadata) UnmarshalJSON(data []byte) error { for key, val := range rawMsg { var err error switch key { - case "aggregations": - err = unpopulate(val, "Aggregations", &t.Aggregations) - delete(rawMsg, key) - case "errors": - err = unpopulate(val, "Errors", &t.Errors) + case "itemKey": + err = unpopulate(val, "ItemKey", &t.ItemKey) delete(rawMsg, key) - case "totalCount": - err = unpopulate(val, "TotalCount", &t.TotalCount) + case "sortOrder": + err = unpopulate(val, "SortOrder", &t.SortOrder) delete(rawMsg, key) } if err != nil { @@ -16152,7 +11541,7 @@ func (t *TimelineResultsMetadata) UnmarshalJSON(data []byte) error { func (u URLEntity) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) populate(objectMap, "id", u.ID) - objectMap["kind"] = EntityKindURL + objectMap["kind"] = EntityKindEnumURL populate(objectMap, "name", u.Name) populate(objectMap, "properties", u.Properties) populate(objectMap, "systemData", u.SystemData) @@ -16230,21 +11619,17 @@ func (u *URLEntityProperties) UnmarshalJSON(data []byte) error { return nil } -// MarshalJSON implements the json.Marshaller interface for type Ueba. -func (u Ueba) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type UserInfo. +func (u UserInfo) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "etag", u.Etag) - populate(objectMap, "id", u.ID) - objectMap["kind"] = SettingKindUeba + populate(objectMap, "email", u.Email) populate(objectMap, "name", u.Name) - populate(objectMap, "properties", u.Properties) - populate(objectMap, "systemData", u.SystemData) - populate(objectMap, "type", u.Type) + populate(objectMap, "objectId", u.ObjectID) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type Ueba. -func (u *Ueba) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type UserInfo. +func (u *UserInfo) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { return fmt.Errorf("unmarshalling type %T: %v", u, err) @@ -16252,26 +11637,14 @@ func (u *Ueba) UnmarshalJSON(data []byte) error { for key, val := range rawMsg { var err error switch key { - case "etag": - err = unpopulate(val, "Etag", &u.Etag) - delete(rawMsg, key) - case "id": - err = unpopulate(val, "ID", &u.ID) - delete(rawMsg, key) - case "kind": - err = unpopulate(val, "Kind", &u.Kind) + case "email": + err = unpopulate(val, "Email", &u.Email) delete(rawMsg, key) case "name": err = unpopulate(val, "Name", &u.Name) delete(rawMsg, key) - case "properties": - err = unpopulate(val, "Properties", &u.Properties) - delete(rawMsg, key) - case "systemData": - err = unpopulate(val, "SystemData", &u.SystemData) - delete(rawMsg, key) - case "type": - err = unpopulate(val, "Type", &u.Type) + case "objectId": + err = unpopulate(val, "ObjectID", &u.ObjectID) delete(rawMsg, key) } if err != nil { @@ -16281,94 +11654,63 @@ func (u *Ueba) UnmarshalJSON(data []byte) error { return nil } -// MarshalJSON implements the json.Marshaller interface for type UebaProperties. -func (u UebaProperties) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type Warning. +func (w Warning) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "dataSources", u.DataSources) + populate(objectMap, "warning", w.Warning) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type UebaProperties. -func (u *UebaProperties) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type Warning. +func (w *Warning) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", u, err) + return fmt.Errorf("unmarshalling type %T: %v", w, err) } for key, val := range rawMsg { var err error switch key { - case "dataSources": - err = unpopulate(val, "DataSources", &u.DataSources) + case "warning": + err = unpopulate(val, "Warning", &w.Warning) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", u, err) + return fmt.Errorf("unmarshalling type %T: %v", w, err) } } return nil } -// MarshalJSON implements the json.Marshaller interface for type UserInfo. -func (u UserInfo) MarshalJSON() ([]byte, error) { +// MarshalJSON implements the json.Marshaller interface for type WarningBody. +func (w WarningBody) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) - populate(objectMap, "email", u.Email) - populate(objectMap, "name", u.Name) - populate(objectMap, "objectId", u.ObjectID) + populate(objectMap, "code", w.Code) + populate(objectMap, "details", w.Details) + populate(objectMap, "message", w.Message) return json.Marshal(objectMap) } -// UnmarshalJSON implements the json.Unmarshaller interface for type UserInfo. -func (u *UserInfo) UnmarshalJSON(data []byte) error { +// UnmarshalJSON implements the json.Unmarshaller interface for type WarningBody. +func (w *WarningBody) UnmarshalJSON(data []byte) error { var rawMsg map[string]json.RawMessage if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", u, err) + return fmt.Errorf("unmarshalling type %T: %v", w, err) } for key, val := range rawMsg { var err error switch key { - case "email": - err = unpopulate(val, "Email", &u.Email) - delete(rawMsg, key) - case "name": - err = unpopulate(val, "Name", &u.Name) + case "code": + err = unpopulate(val, "Code", &w.Code) delete(rawMsg, key) - case "objectId": - err = unpopulate(val, "ObjectID", &u.ObjectID) - delete(rawMsg, key) - } - if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", u, err) - } - } - return nil -} - -// MarshalJSON implements the json.Marshaller interface for type ValidationError. -func (v ValidationError) MarshalJSON() ([]byte, error) { - objectMap := make(map[string]any) - populate(objectMap, "errorMessages", v.ErrorMessages) - populate(objectMap, "recordIndex", v.RecordIndex) - return json.Marshal(objectMap) -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type ValidationError. -func (v *ValidationError) UnmarshalJSON(data []byte) error { - var rawMsg map[string]json.RawMessage - if err := json.Unmarshal(data, &rawMsg); err != nil { - return fmt.Errorf("unmarshalling type %T: %v", v, err) - } - for key, val := range rawMsg { - var err error - switch key { - case "errorMessages": - err = unpopulate(val, "ErrorMessages", &v.ErrorMessages) + case "details": + err = unpopulate(val, "Details", &w.Details) delete(rawMsg, key) - case "recordIndex": - err = unpopulate(val, "RecordIndex", &v.RecordIndex) + case "message": + err = unpopulate(val, "Message", &w.Message) delete(rawMsg, key) } if err != nil { - return fmt.Errorf("unmarshalling type %T: %v", v, err) + return fmt.Errorf("unmarshalling type %T: %v", w, err) } } return nil @@ -16504,9 +11846,9 @@ func (w WatchlistItemProperties) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) populateDateTimeRFC3339(objectMap, "created", w.Created) populate(objectMap, "createdBy", w.CreatedBy) - populate(objectMap, "entityMapping", w.EntityMapping) + populateAny(objectMap, "entityMapping", w.EntityMapping) populate(objectMap, "isDeleted", w.IsDeleted) - populate(objectMap, "itemsKeyValue", w.ItemsKeyValue) + populateAny(objectMap, "itemsKeyValue", w.ItemsKeyValue) populate(objectMap, "tenantId", w.TenantID) populateDateTimeRFC3339(objectMap, "updated", w.Updated) populate(objectMap, "updatedBy", w.UpdatedBy) @@ -16607,6 +11949,7 @@ func (w WatchlistProperties) MarshalJSON() ([]byte, error) { populate(objectMap, "labels", w.Labels) populate(objectMap, "numberOfLinesToSkip", w.NumberOfLinesToSkip) populate(objectMap, "provider", w.Provider) + populate(objectMap, "provisioningState", w.ProvisioningState) populate(objectMap, "rawContent", w.RawContent) populate(objectMap, "source", w.Source) populate(objectMap, "sourceType", w.SourceType) @@ -16662,6 +12005,9 @@ func (w *WatchlistProperties) UnmarshalJSON(data []byte) error { case "provider": err = unpopulate(val, "Provider", &w.Provider) delete(rawMsg, key) + case "provisioningState": + err = unpopulate(val, "ProvisioningState", &w.ProvisioningState) + delete(rawMsg, key) case "rawContent": err = unpopulate(val, "RawContent", &w.RawContent) delete(rawMsg, key) @@ -16705,7 +12051,7 @@ func (w Webhook) MarshalJSON() ([]byte, error) { objectMap := make(map[string]any) populate(objectMap, "rotateWebhookSecret", w.RotateWebhookSecret) populate(objectMap, "webhookId", w.WebhookID) - populate(objectMap, "webhookSecretUpdateTime", w.WebhookSecretUpdateTime) + populateDateTimeRFC3339(objectMap, "webhookSecretUpdateTime", w.WebhookSecretUpdateTime) populate(objectMap, "webhookUrl", w.WebhookURL) return json.Marshal(objectMap) } @@ -16726,7 +12072,7 @@ func (w *Webhook) UnmarshalJSON(data []byte) error { err = unpopulate(val, "WebhookID", &w.WebhookID) delete(rawMsg, key) case "webhookSecretUpdateTime": - err = unpopulate(val, "WebhookSecretUpdateTime", &w.WebhookSecretUpdateTime) + err = unpopulateDateTimeRFC3339(val, "WebhookSecretUpdateTime", &w.WebhookSecretUpdateTime) delete(rawMsg, key) case "webhookUrl": err = unpopulate(val, "WebhookURL", &w.WebhookURL) diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/officeconsents_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/officeconsents_client.go deleted file mode 100644 index bb99d89ea86b..000000000000 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/officeconsents_client.go +++ /dev/null @@ -1,236 +0,0 @@ -//go:build go1.18 -// +build go1.18 - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See License.txt in the project root for license information. -// Code generated by Microsoft (R) AutoRest Code Generator. DO NOT EDIT. -// Changes may cause incorrect behavior and will be lost if the code is regenerated. - -package armsecurityinsights - -import ( - "context" - "errors" - "github.com/Azure/azure-sdk-for-go/sdk/azcore" - "github.com/Azure/azure-sdk-for-go/sdk/azcore/arm" - "github.com/Azure/azure-sdk-for-go/sdk/azcore/policy" - "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime" - "net/http" - "net/url" - "strings" -) - -// OfficeConsentsClient contains the methods for the OfficeConsents group. -// Don't use this type directly, use NewOfficeConsentsClient() instead. -type OfficeConsentsClient struct { - internal *arm.Client - subscriptionID string -} - -// NewOfficeConsentsClient creates a new instance of OfficeConsentsClient with the specified values. -// - subscriptionID - The ID of the target subscription. -// - credential - used to authorize requests. Usually a credential from azidentity. -// - options - pass nil to accept the default values. -func NewOfficeConsentsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*OfficeConsentsClient, error) { - cl, err := arm.NewClient(moduleName, moduleVersion, credential, options) - if err != nil { - return nil, err - } - client := &OfficeConsentsClient{ - subscriptionID: subscriptionID, - internal: cl, - } - return client, nil -} - -// Delete - Delete the office365 consent. -// If the operation fails it returns an *azcore.ResponseError type. -// -// Generated from API version 2022-09-01-preview -// - resourceGroupName - The name of the resource group. The name is case insensitive. -// - workspaceName - The name of the workspace. -// - consentID - consent ID -// - options - OfficeConsentsClientDeleteOptions contains the optional parameters for the OfficeConsentsClient.Delete method. -func (client *OfficeConsentsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, consentID string, options *OfficeConsentsClientDeleteOptions) (OfficeConsentsClientDeleteResponse, error) { - var err error - const operationName = "OfficeConsentsClient.Delete" - ctx = context.WithValue(ctx, runtime.CtxAPINameKey{}, operationName) - ctx, endSpan := runtime.StartSpan(ctx, operationName, client.internal.Tracer(), nil) - defer func() { endSpan(err) }() - req, err := client.deleteCreateRequest(ctx, resourceGroupName, workspaceName, consentID, options) - if err != nil { - return OfficeConsentsClientDeleteResponse{}, err - } - httpResp, err := client.internal.Pipeline().Do(req) - if err != nil { - return OfficeConsentsClientDeleteResponse{}, err - } - if !runtime.HasStatusCode(httpResp, http.StatusOK, http.StatusNoContent) { - err = runtime.NewResponseError(httpResp) - return OfficeConsentsClientDeleteResponse{}, err - } - return OfficeConsentsClientDeleteResponse{}, nil -} - -// deleteCreateRequest creates the Delete request. -func (client *OfficeConsentsClient) deleteCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, consentID string, options *OfficeConsentsClientDeleteOptions) (*policy.Request, error) { - urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/officeConsents/{consentId}" - if client.subscriptionID == "" { - return nil, errors.New("parameter client.subscriptionID cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) - if resourceGroupName == "" { - return nil, errors.New("parameter resourceGroupName cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) - if workspaceName == "" { - return nil, errors.New("parameter workspaceName cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) - if consentID == "" { - return nil, errors.New("parameter consentID cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{consentId}", url.PathEscape(consentID)) - req, err := runtime.NewRequest(ctx, http.MethodDelete, runtime.JoinPaths(client.internal.Endpoint(), urlPath)) - if err != nil { - return nil, err - } - reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") - req.Raw().URL.RawQuery = reqQP.Encode() - req.Raw().Header["Accept"] = []string{"application/json"} - return req, nil -} - -// Get - Gets an office365 consent. -// If the operation fails it returns an *azcore.ResponseError type. -// -// Generated from API version 2022-09-01-preview -// - resourceGroupName - The name of the resource group. The name is case insensitive. -// - workspaceName - The name of the workspace. -// - consentID - consent ID -// - options - OfficeConsentsClientGetOptions contains the optional parameters for the OfficeConsentsClient.Get method. -func (client *OfficeConsentsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, consentID string, options *OfficeConsentsClientGetOptions) (OfficeConsentsClientGetResponse, error) { - var err error - const operationName = "OfficeConsentsClient.Get" - ctx = context.WithValue(ctx, runtime.CtxAPINameKey{}, operationName) - ctx, endSpan := runtime.StartSpan(ctx, operationName, client.internal.Tracer(), nil) - defer func() { endSpan(err) }() - req, err := client.getCreateRequest(ctx, resourceGroupName, workspaceName, consentID, options) - if err != nil { - return OfficeConsentsClientGetResponse{}, err - } - httpResp, err := client.internal.Pipeline().Do(req) - if err != nil { - return OfficeConsentsClientGetResponse{}, err - } - if !runtime.HasStatusCode(httpResp, http.StatusOK) { - err = runtime.NewResponseError(httpResp) - return OfficeConsentsClientGetResponse{}, err - } - resp, err := client.getHandleResponse(httpResp) - return resp, err -} - -// getCreateRequest creates the Get request. -func (client *OfficeConsentsClient) getCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, consentID string, options *OfficeConsentsClientGetOptions) (*policy.Request, error) { - urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/officeConsents/{consentId}" - if client.subscriptionID == "" { - return nil, errors.New("parameter client.subscriptionID cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) - if resourceGroupName == "" { - return nil, errors.New("parameter resourceGroupName cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) - if workspaceName == "" { - return nil, errors.New("parameter workspaceName cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) - if consentID == "" { - return nil, errors.New("parameter consentID cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{consentId}", url.PathEscape(consentID)) - req, err := runtime.NewRequest(ctx, http.MethodGet, runtime.JoinPaths(client.internal.Endpoint(), urlPath)) - if err != nil { - return nil, err - } - reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") - req.Raw().URL.RawQuery = reqQP.Encode() - req.Raw().Header["Accept"] = []string{"application/json"} - return req, nil -} - -// getHandleResponse handles the Get response. -func (client *OfficeConsentsClient) getHandleResponse(resp *http.Response) (OfficeConsentsClientGetResponse, error) { - result := OfficeConsentsClientGetResponse{} - if err := runtime.UnmarshalAsJSON(resp, &result.OfficeConsent); err != nil { - return OfficeConsentsClientGetResponse{}, err - } - return result, nil -} - -// NewListPager - Gets all office365 consents. -// -// Generated from API version 2022-09-01-preview -// - resourceGroupName - The name of the resource group. The name is case insensitive. -// - workspaceName - The name of the workspace. -// - options - OfficeConsentsClientListOptions contains the optional parameters for the OfficeConsentsClient.NewListPager method. -func (client *OfficeConsentsClient) NewListPager(resourceGroupName string, workspaceName string, options *OfficeConsentsClientListOptions) *runtime.Pager[OfficeConsentsClientListResponse] { - return runtime.NewPager(runtime.PagingHandler[OfficeConsentsClientListResponse]{ - More: func(page OfficeConsentsClientListResponse) bool { - return page.NextLink != nil && len(*page.NextLink) > 0 - }, - Fetcher: func(ctx context.Context, page *OfficeConsentsClientListResponse) (OfficeConsentsClientListResponse, error) { - ctx = context.WithValue(ctx, runtime.CtxAPINameKey{}, "OfficeConsentsClient.NewListPager") - nextLink := "" - if page != nil { - nextLink = *page.NextLink - } - resp, err := runtime.FetcherForNextLink(ctx, client.internal.Pipeline(), nextLink, func(ctx context.Context) (*policy.Request, error) { - return client.listCreateRequest(ctx, resourceGroupName, workspaceName, options) - }, nil) - if err != nil { - return OfficeConsentsClientListResponse{}, err - } - return client.listHandleResponse(resp) - }, - Tracer: client.internal.Tracer(), - }) -} - -// listCreateRequest creates the List request. -func (client *OfficeConsentsClient) listCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, options *OfficeConsentsClientListOptions) (*policy.Request, error) { - urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/officeConsents" - if client.subscriptionID == "" { - return nil, errors.New("parameter client.subscriptionID cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) - if resourceGroupName == "" { - return nil, errors.New("parameter resourceGroupName cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) - if workspaceName == "" { - return nil, errors.New("parameter workspaceName cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) - req, err := runtime.NewRequest(ctx, http.MethodGet, runtime.JoinPaths(client.internal.Endpoint(), urlPath)) - if err != nil { - return nil, err - } - reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") - req.Raw().URL.RawQuery = reqQP.Encode() - req.Raw().Header["Accept"] = []string{"application/json"} - return req, nil -} - -// listHandleResponse handles the List response. -func (client *OfficeConsentsClient) listHandleResponse(resp *http.Response) (OfficeConsentsClientListResponse, error) { - result := OfficeConsentsClientListResponse{} - if err := runtime.UnmarshalAsJSON(resp, &result.OfficeConsentList); err != nil { - return OfficeConsentsClientListResponse{}, err - } - return result, nil -} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/officeconsents_client_example_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/officeconsents_client_example_test.go deleted file mode 100644 index bbd70968f176..000000000000 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/officeconsents_client_example_test.go +++ /dev/null @@ -1,101 +0,0 @@ -//go:build go1.18 -// +build go1.18 - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See License.txt in the project root for license information. -// Code generated by Microsoft (R) AutoRest Code Generator. -// Changes may cause incorrect behavior and will be lost if the code is regenerated. -// DO NOT EDIT. - -package armsecurityinsights_test - -import ( - "context" - "log" - - "github.com/Azure/azure-sdk-for-go/sdk/azidentity" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" -) - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/officeConsents/GetOfficeConsents.json -func ExampleOfficeConsentsClient_NewListPager() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - pager := clientFactory.NewOfficeConsentsClient().NewListPager("myRg", "myWorkspace", nil) - for pager.More() { - page, err := pager.NextPage(ctx) - if err != nil { - log.Fatalf("failed to advance page: %v", err) - } - for _, v := range page.Value { - // You could use page here. We use blank identifier for just demo purposes. - _ = v - } - // If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // page.OfficeConsentList = armsecurityinsights.OfficeConsentList{ - // Value: []*armsecurityinsights.OfficeConsent{ - // { - // Name: to.Ptr("04e5fd05-ff86-4b97-b8d2-1c20933cb46c"), - // Type: to.Ptr("Microsoft.SecurityInsights/officeConsents"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/officeConsents/04e5fd05-ff86-4b97-b8d2-1c20933cb46c"), - // Properties: &armsecurityinsights.OfficeConsentProperties{ - // ConsentID: to.Ptr("04e5fd05-ff86-4b97-b8d2-1c20933cb46c"), - // TenantID: to.Ptr("5460b3d2-1e7b-4757-ad54-c858c7e3f252"), - // }, - // }}, - // } - } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/officeConsents/GetOfficeConsentsById.json -func ExampleOfficeConsentsClient_Get() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewOfficeConsentsClient().Get(ctx, "myRg", "myWorkspace", "04e5fd05-ff86-4b97-b8d2-1c20933cb46c", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res.OfficeConsent = armsecurityinsights.OfficeConsent{ - // Name: to.Ptr("04e5fd05-ff86-4b97-b8d2-1c20933cb46c"), - // Type: to.Ptr("Microsoft.SecurityInsights/officeConsents"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/officeConsents/04e5fd05-ff86-4b97-b8d2-1c20933cb46c"), - // Properties: &armsecurityinsights.OfficeConsentProperties{ - // ConsentID: to.Ptr("04e5fd05-ff86-4b97-b8d2-1c20933cb46c"), - // TenantID: to.Ptr("5460b3d2-1e7b-4757-ad54-c858c7e3f252"), - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/officeConsents/DeleteOfficeConsents.json -func ExampleOfficeConsentsClient_Delete() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - _, err = clientFactory.NewOfficeConsentsClient().Delete(ctx, "myRg", "myWorkspace", "04e5fd05-ff86-4b97-b8d2-1c20933cb46c", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } -} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/operations_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/operations_client.go index 024315048d31..879f17c99309 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/operations_client.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/operations_client.go @@ -39,7 +39,7 @@ func NewOperationsClient(credential azcore.TokenCredential, options *arm.ClientO // NewListPager - Lists all operations available Azure Security Insights Resource Provider. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - options - OperationsClientListOptions contains the optional parameters for the OperationsClient.NewListPager method. func (client *OperationsClient) NewListPager(options *OperationsClientListOptions) *runtime.Pager[OperationsClientListResponse] { return runtime.NewPager(runtime.PagingHandler[OperationsClientListResponse]{ @@ -72,7 +72,7 @@ func (client *OperationsClient) listCreateRequest(ctx context.Context, options * return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/operations_client_example_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/operations_client_example_test.go deleted file mode 100644 index 4c92cbb544b0..000000000000 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/operations_client_example_test.go +++ /dev/null @@ -1,596 +0,0 @@ -//go:build go1.18 -// +build go1.18 - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See License.txt in the project root for license information. -// Code generated by Microsoft (R) AutoRest Code Generator. -// Changes may cause incorrect behavior and will be lost if the code is regenerated. -// DO NOT EDIT. - -package armsecurityinsights_test - -import ( - "context" - "log" - - "github.com/Azure/azure-sdk-for-go/sdk/azidentity" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" -) - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/operations/ListOperations.json -func ExampleOperationsClient_NewListPager() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - pager := clientFactory.NewOperationsClient().NewListPager(nil) - for pager.More() { - page, err := pager.NextPage(ctx) - if err != nil { - log.Fatalf("failed to advance page: %v", err) - } - for _, v := range page.Value { - // You could use page here. We use blank identifier for just demo purposes. - _ = v - } - // If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // page.OperationsList = armsecurityinsights.OperationsList{ - // Value: []*armsecurityinsights.Operation{ - // { - // Name: to.Ptr("Microsoft.SecurityInsights/operations/read"), - // Display: &armsecurityinsights.OperationDisplay{ - // Description: to.Ptr("Gets operations"), - // Operation: to.Ptr("Get Operations"), - // Provider: to.Ptr("Microsoft Security Insights"), - // Resource: to.Ptr("Operations"), - // }, - // Origin: to.Ptr("user"), - // }, - // { - // Name: to.Ptr("Microsoft.SecurityInsights/automationRules/read"), - // Display: &armsecurityinsights.OperationDisplay{ - // Description: to.Ptr("Gets an automation rule"), - // Operation: to.Ptr("Get Automation Rules"), - // Provider: to.Ptr("Microsoft Security Insights"), - // Resource: to.Ptr("AutomationRules"), - // }, - // Origin: to.Ptr("user"), - // }, - // { - // Name: to.Ptr("Microsoft.SecurityInsights/automationRules/write"), - // Display: &armsecurityinsights.OperationDisplay{ - // Description: to.Ptr("Updates an automation rule"), - // Operation: to.Ptr("Update Automation Rules"), - // Provider: to.Ptr("Microsoft Security Insights"), - // Resource: to.Ptr("AutomationRules"), - // }, - // Origin: to.Ptr("user"), - // }, - // { - // Name: to.Ptr("Microsoft.SecurityInsights/automationRules/delete"), - // Display: &armsecurityinsights.OperationDisplay{ - // Description: to.Ptr("Deletes an automation rule"), - // Operation: to.Ptr("Delete Automation Rules"), - // Provider: to.Ptr("Microsoft Security Insights"), - // Resource: to.Ptr("AutomationRules"), - // }, - // Origin: to.Ptr("user"), - // }, - // { - // Name: to.Ptr("Microsoft.SecurityInsights/Bookmarks/read"), - // Display: &armsecurityinsights.OperationDisplay{ - // Description: to.Ptr("Gets bookmarks"), - // Operation: to.Ptr("Get Bookmarks"), - // Provider: to.Ptr("Microsoft Security Insights"), - // Resource: to.Ptr("Bookmarks"), - // }, - // Origin: to.Ptr("user"), - // }, - // { - // Name: to.Ptr("Microsoft.SecurityInsights/Bookmarks/write"), - // Display: &armsecurityinsights.OperationDisplay{ - // Description: to.Ptr("Updates bookmarks"), - // Operation: to.Ptr("Update Bookmarks"), - // Provider: to.Ptr("Microsoft Security Insights"), - // Resource: to.Ptr("Bookmarks"), - // }, - // Origin: to.Ptr("user"), - // }, - // { - // Name: to.Ptr("Microsoft.SecurityInsights/Bookmarks/delete"), - // Display: &armsecurityinsights.OperationDisplay{ - // Description: to.Ptr("Deletes bookmarks"), - // Operation: to.Ptr("Delete Bookmarks"), - // Provider: to.Ptr("Microsoft Security Insights"), - // Resource: to.Ptr("Bookmarks"), - // }, - // Origin: to.Ptr("user"), - // }, - // { - // Name: to.Ptr("Microsoft.SecurityInsights/Bookmarks/expand/action"), - // Display: &armsecurityinsights.OperationDisplay{ - // Description: to.Ptr("Gets related entities of an entity by a specific expansion"), - // Operation: to.Ptr("Expand on entity"), - // Provider: to.Ptr("Microsoft Security Insights"), - // Resource: to.Ptr("Bookmarks"), - // }, - // Origin: to.Ptr("user"), - // }, - // { - // Name: to.Ptr("Microsoft.SecurityInsights/bookmarks/relations/read"), - // Display: &armsecurityinsights.OperationDisplay{ - // Description: to.Ptr("Gets a bookmark relation"), - // Operation: to.Ptr("Get Bookmark Relations"), - // Provider: to.Ptr("Microsoft Security Insights"), - // Resource: to.Ptr("Bookmark Relations"), - // }, - // Origin: to.Ptr("user"), - // }, - // { - // Name: to.Ptr("Microsoft.SecurityInsights/bookmarks/relations/write"), - // Display: &armsecurityinsights.OperationDisplay{ - // Description: to.Ptr("Updates a bookmark relation"), - // Operation: to.Ptr("Update Bookmark Relations"), - // Provider: to.Ptr("Microsoft Security Insights"), - // Resource: to.Ptr("Bookmark Relations"), - // }, - // Origin: to.Ptr("user"), - // }, - // { - // Name: to.Ptr("Microsoft.SecurityInsights/bookmarks/relations/delete"), - // Display: &armsecurityinsights.OperationDisplay{ - // Description: to.Ptr("Deletes a bookmark relation"), - // Operation: to.Ptr("Delete Bookmark Relations"), - // Provider: to.Ptr("Microsoft Security Insights"), - // Resource: to.Ptr("Bookmark Relations"), - // }, - // Origin: to.Ptr("user"), - // }, - // { - // Name: to.Ptr("Microsoft.SecurityInsights/alertRules/read"), - // Display: &armsecurityinsights.OperationDisplay{ - // Description: to.Ptr("Gets the alert rules"), - // Operation: to.Ptr("Get Alert Rules"), - // Provider: to.Ptr("Microsoft Security Insights"), - // Resource: to.Ptr("Alert Rules"), - // }, - // Origin: to.Ptr("user"), - // }, - // { - // Name: to.Ptr("Microsoft.SecurityInsights/alertRules/write"), - // Display: &armsecurityinsights.OperationDisplay{ - // Description: to.Ptr("Updates alert rules"), - // Operation: to.Ptr("Update Alert Rules"), - // Provider: to.Ptr("Microsoft Security Insights"), - // Resource: to.Ptr("Alert Rules"), - // }, - // Origin: to.Ptr("user"), - // }, - // { - // Name: to.Ptr("Microsoft.SecurityInsights/alertRules/delete"), - // Display: &armsecurityinsights.OperationDisplay{ - // Description: to.Ptr("Deletes alert rules"), - // Operation: to.Ptr("Delete Alert Rules"), - // Provider: to.Ptr("Microsoft Security Insights"), - // Resource: to.Ptr("Alert Rules"), - // }, - // Origin: to.Ptr("user"), - // }, - // { - // Name: to.Ptr("Microsoft.SecurityInsights/alertRules/actions/read"), - // Display: &armsecurityinsights.OperationDisplay{ - // Description: to.Ptr("Gets the response actions of an alert rule"), - // Operation: to.Ptr("Get Alert Rule Response Actions"), - // Provider: to.Ptr("Microsoft Security Insights"), - // Resource: to.Ptr("Alert Rules Actions"), - // }, - // Origin: to.Ptr("user"), - // }, - // { - // Name: to.Ptr("Microsoft.SecurityInsights/alertRules/actions/write"), - // Display: &armsecurityinsights.OperationDisplay{ - // Description: to.Ptr("Updates the response actions of an alert rule"), - // Operation: to.Ptr("Update Alert Rule Response Actions"), - // Provider: to.Ptr("Microsoft Security Insights"), - // Resource: to.Ptr("Alert Rules Actions"), - // }, - // Origin: to.Ptr("user"), - // }, - // { - // Name: to.Ptr("Microsoft.SecurityInsights/alertRules/actions/delete"), - // Display: &armsecurityinsights.OperationDisplay{ - // Description: to.Ptr("Deletes the response actions of an alert rule"), - // Operation: to.Ptr("Delete Alert Rule Response Actions"), - // Provider: to.Ptr("Microsoft Security Insights"), - // Resource: to.Ptr("Alert Rules Actions"), - // }, - // Origin: to.Ptr("user"), - // }, - // { - // Name: to.Ptr("Microsoft.SecurityInsights/dataConnectors/read"), - // Display: &armsecurityinsights.OperationDisplay{ - // Description: to.Ptr("Gets the data connectors"), - // Operation: to.Ptr("Get Data Connectors"), - // Provider: to.Ptr("Microsoft Security Insights"), - // Resource: to.Ptr("DataConnectors"), - // }, - // Origin: to.Ptr("user"), - // }, - // { - // Name: to.Ptr("Microsoft.SecurityInsights/dataConnectors/write"), - // Display: &armsecurityinsights.OperationDisplay{ - // Description: to.Ptr("Updates a data connector"), - // Operation: to.Ptr("Update Data Connectors"), - // Provider: to.Ptr("Microsoft Security Insights"), - // Resource: to.Ptr("DataConnectors"), - // }, - // Origin: to.Ptr("user"), - // }, - // { - // Name: to.Ptr("Microsoft.SecurityInsights/dataConnectors/delete"), - // Display: &armsecurityinsights.OperationDisplay{ - // Description: to.Ptr("Deletes a data connector"), - // Operation: to.Ptr("Delete a Data Connector"), - // Provider: to.Ptr("Microsoft Security Insights"), - // Resource: to.Ptr("DataConnectors"), - // }, - // Origin: to.Ptr("user"), - // }, - // { - // Name: to.Ptr("Microsoft.SecurityInsights/dataConnectorsCheckRequirements/action"), - // Display: &armsecurityinsights.OperationDisplay{ - // Description: to.Ptr("Check user authorization and license"), - // Operation: to.Ptr("Check user authorization and license"), - // Provider: to.Ptr("Microsoft Security Insights"), - // Resource: to.Ptr("DataConnectorsCheckRequirements"), - // }, - // Origin: to.Ptr("user"), - // }, - // { - // Name: to.Ptr("Microsoft.SecurityInsights/incidents/read"), - // Display: &armsecurityinsights.OperationDisplay{ - // Description: to.Ptr("Gets an incident"), - // Operation: to.Ptr("Get Incidents"), - // Provider: to.Ptr("Microsoft Security Insights"), - // Resource: to.Ptr("Incidents"), - // }, - // Origin: to.Ptr("user"), - // }, - // { - // Name: to.Ptr("Microsoft.SecurityInsights/incidents/write"), - // Display: &armsecurityinsights.OperationDisplay{ - // Description: to.Ptr("Updates an incident"), - // Operation: to.Ptr("Update Incidents"), - // Provider: to.Ptr("Microsoft Security Insights"), - // Resource: to.Ptr("Incidents"), - // }, - // Origin: to.Ptr("user"), - // }, - // { - // Name: to.Ptr("Microsoft.SecurityInsights/incidents/delete"), - // Display: &armsecurityinsights.OperationDisplay{ - // Description: to.Ptr("Deletes an incident"), - // Operation: to.Ptr("Delete Incidents"), - // Provider: to.Ptr("Microsoft Security Insights"), - // Resource: to.Ptr("Incidents"), - // }, - // Origin: to.Ptr("user"), - // }, - // { - // Name: to.Ptr("Microsoft.SecurityInsights/incidents/comments/read"), - // Display: &armsecurityinsights.OperationDisplay{ - // Description: to.Ptr("Gets the incident comments"), - // Operation: to.Ptr("Get Incident Comments"), - // Provider: to.Ptr("Microsoft Security Insights"), - // Resource: to.Ptr("Incident Comments"), - // }, - // Origin: to.Ptr("user"), - // }, - // { - // Name: to.Ptr("Microsoft.SecurityInsights/incidents/comments/write"), - // Display: &armsecurityinsights.OperationDisplay{ - // Description: to.Ptr("Creates a comment on the incident"), - // Operation: to.Ptr("Create Incident Comments"), - // Provider: to.Ptr("Microsoft Security Insights"), - // Resource: to.Ptr("Incident Comments"), - // }, - // Origin: to.Ptr("user"), - // }, - // { - // Name: to.Ptr("Microsoft.SecurityInsights/incidents/comments/delete"), - // Display: &armsecurityinsights.OperationDisplay{ - // Description: to.Ptr("Deletes a comment on the incident"), - // Operation: to.Ptr("Delete Incident Comment"), - // Provider: to.Ptr("Microsoft Security Insights"), - // Resource: to.Ptr("Incident Comments"), - // }, - // Origin: to.Ptr("user"), - // }, - // { - // Name: to.Ptr("Microsoft.SecurityInsights/incidents/relations/read"), - // Display: &armsecurityinsights.OperationDisplay{ - // Description: to.Ptr("Gets a relation between the incident and related resources"), - // Operation: to.Ptr("Get Incident Relations"), - // Provider: to.Ptr("Microsoft Security Insights"), - // Resource: to.Ptr("Incident Relations"), - // }, - // Origin: to.Ptr("user"), - // }, - // { - // Name: to.Ptr("Microsoft.SecurityInsights/incidents/relations/write"), - // Display: &armsecurityinsights.OperationDisplay{ - // Description: to.Ptr("Updates a relation between the incident and related resources"), - // Operation: to.Ptr("Update Incident Relations"), - // Provider: to.Ptr("Microsoft Security Insights"), - // Resource: to.Ptr("Incident Relations"), - // }, - // Origin: to.Ptr("user"), - // }, - // { - // Name: to.Ptr("Microsoft.SecurityInsights/incidents/relations/delete"), - // Display: &armsecurityinsights.OperationDisplay{ - // Description: to.Ptr("Deletes a relation between the incident and related resources"), - // Operation: to.Ptr("Delete Incident Relations"), - // Provider: to.Ptr("Microsoft Security Insights"), - // Resource: to.Ptr("Incident Relations"), - // }, - // Origin: to.Ptr("user"), - // }, - // { - // Name: to.Ptr("Microsoft.SecurityInsights/threatintelligence/read"), - // Display: &armsecurityinsights.OperationDisplay{ - // Description: to.Ptr("Gets Threat Intelligence"), - // Operation: to.Ptr("Get Threat Intelligence"), - // Provider: to.Ptr("Microsoft Security Insights"), - // Resource: to.Ptr("ThreatIntelligence"), - // }, - // Origin: to.Ptr("user"), - // }, - // { - // Name: to.Ptr("Microsoft.SecurityInsights/threatintelligence/write"), - // Display: &armsecurityinsights.OperationDisplay{ - // Description: to.Ptr("Updates Threat Intelligence"), - // Operation: to.Ptr("Update Threat Intelligence"), - // Provider: to.Ptr("Microsoft Security Insights"), - // Resource: to.Ptr("ThreatIntelligence"), - // }, - // Origin: to.Ptr("user"), - // }, - // { - // Name: to.Ptr("Microsoft.SecurityInsights/threatintelligence/delete"), - // Display: &armsecurityinsights.OperationDisplay{ - // Description: to.Ptr("Deletes Threat Intelligence"), - // Operation: to.Ptr("Delete Threat Intelligence"), - // Provider: to.Ptr("Microsoft Security Insights"), - // Resource: to.Ptr("ThreatIntelligence"), - // }, - // Origin: to.Ptr("user"), - // }, - // { - // Name: to.Ptr("Microsoft.SecurityInsights/threatintelligence/query/action"), - // Display: &armsecurityinsights.OperationDisplay{ - // Description: to.Ptr("Query Threat Intelligence"), - // Operation: to.Ptr("Query Threat Intelligence"), - // Provider: to.Ptr("Microsoft Security Insights"), - // Resource: to.Ptr("ThreatIntelligence"), - // }, - // Origin: to.Ptr("user"), - // }, - // { - // Name: to.Ptr("Microsoft.SecurityInsights/threatintelligence/metrics/action"), - // Display: &armsecurityinsights.OperationDisplay{ - // Description: to.Ptr("Collect Threat Intelligence Metrics"), - // Operation: to.Ptr("Collect Threat Intelligence Metrics"), - // Provider: to.Ptr("Microsoft Security Insights"), - // Resource: to.Ptr("ThreatIntelligence"), - // }, - // Origin: to.Ptr("user"), - // }, - // { - // Name: to.Ptr("Microsoft.SecurityInsights/threatintelligence/bulkDelete/action"), - // Display: &armsecurityinsights.OperationDisplay{ - // Description: to.Ptr("Bulk Delete Threat Intelligence"), - // Operation: to.Ptr("Bulk Delete Threat Intelligence"), - // Provider: to.Ptr("Microsoft Security Insights"), - // Resource: to.Ptr("ThreatIntelligence"), - // }, - // Origin: to.Ptr("user"), - // }, - // { - // Name: to.Ptr("Microsoft.SecurityInsights/threatintelligence/bulkTag/action"), - // Display: &armsecurityinsights.OperationDisplay{ - // Description: to.Ptr("Bulk Tags Threat Intelligence"), - // Operation: to.Ptr("Bulk Tags Threat Intelligence"), - // Provider: to.Ptr("Microsoft Security Insights"), - // Resource: to.Ptr("ThreatIntelligence"), - // }, - // Origin: to.Ptr("user"), - // }, - // { - // Name: to.Ptr("Microsoft.SecurityInsights/threatintelligence/indicators/write"), - // Display: &armsecurityinsights.OperationDisplay{ - // Description: to.Ptr("Updates Threat Intelligence Indicators"), - // Operation: to.Ptr("Update Threat Intelligence Indicators"), - // Provider: to.Ptr("Microsoft Security Insights"), - // Resource: to.Ptr("ThreatIntelligence"), - // }, - // Origin: to.Ptr("user"), - // }, - // { - // Name: to.Ptr("Microsoft.SecurityInsights/threatintelligence/indicators/delete"), - // Display: &armsecurityinsights.OperationDisplay{ - // Description: to.Ptr("Deletes Threat Intelligence Indicators"), - // Operation: to.Ptr("Delete Threat Intelligence Indicators"), - // Provider: to.Ptr("Microsoft Security Insights"), - // Resource: to.Ptr("ThreatIntelligence"), - // }, - // Origin: to.Ptr("user"), - // }, - // { - // Name: to.Ptr("Microsoft.SecurityInsights/threatintelligence/indicators/query/action"), - // Display: &armsecurityinsights.OperationDisplay{ - // Description: to.Ptr("Query Threat Intelligence Indicators"), - // Operation: to.Ptr("Query Threat Intelligence Indicators"), - // Provider: to.Ptr("Microsoft Security Insights"), - // Resource: to.Ptr("ThreatIntelligence"), - // }, - // Origin: to.Ptr("user"), - // }, - // { - // Name: to.Ptr("Microsoft.SecurityInsights/threatintelligence/indicators/metrics/action"), - // Display: &armsecurityinsights.OperationDisplay{ - // Description: to.Ptr("Get Threat Intelligence Indicator Metrics"), - // Operation: to.Ptr("Get Threat Intelligence Indicator Metrics"), - // Provider: to.Ptr("Microsoft Security Insights"), - // Resource: to.Ptr("ThreatIntelligence"), - // }, - // Origin: to.Ptr("user"), - // }, - // { - // Name: to.Ptr("Microsoft.SecurityInsights/threatintelligence/indicators/bulkDelete/action"), - // Display: &armsecurityinsights.OperationDisplay{ - // Description: to.Ptr("Bulk Delete Threat Intelligence Indicators"), - // Operation: to.Ptr("Bulk Delete Threat Intelligence Indicators"), - // Provider: to.Ptr("Microsoft Security Insights"), - // Resource: to.Ptr("ThreatIntelligence"), - // }, - // Origin: to.Ptr("user"), - // }, - // { - // Name: to.Ptr("Microsoft.SecurityInsights/threatintelligence/indicators/bulkTag/action"), - // Display: &armsecurityinsights.OperationDisplay{ - // Description: to.Ptr("Bulk Tags Threat Intelligence Indicators"), - // Operation: to.Ptr("Bulk Tags Threat Intelligence Indicators"), - // Provider: to.Ptr("Microsoft Security Insights"), - // Resource: to.Ptr("ThreatIntelligence"), - // }, - // Origin: to.Ptr("user"), - // }, - // { - // Name: to.Ptr("Microsoft.SecurityInsights/threatintelligence/indicators/read"), - // Display: &armsecurityinsights.OperationDisplay{ - // Description: to.Ptr("Gets Threat Intelligence Indicators"), - // Operation: to.Ptr("Get Threat Intelligence Indicators"), - // Provider: to.Ptr("Microsoft Security Insights"), - // Resource: to.Ptr("ThreatIntelligence"), - // }, - // Origin: to.Ptr("user"), - // }, - // { - // Name: to.Ptr("Microsoft.SecurityInsights/threatintelligence/metrics/read"), - // Display: &armsecurityinsights.OperationDisplay{ - // Description: to.Ptr("Collect Threat Intelligence Metrics"), - // Operation: to.Ptr("Collect Threat Intelligence Metrics"), - // Provider: to.Ptr("Microsoft Security Insights"), - // Resource: to.Ptr("ThreatIntelligence"), - // }, - // Origin: to.Ptr("user"), - // }, - // { - // Name: to.Ptr("Microsoft.SecurityInsights/threatintelligence/createIndicator/action"), - // Display: &armsecurityinsights.OperationDisplay{ - // Description: to.Ptr("Create Threat Intelligence Indicator"), - // Operation: to.Ptr("Create Threat Intelligence Indicator"), - // Provider: to.Ptr("Microsoft Security Insights"), - // Resource: to.Ptr("ThreatIntelligence"), - // }, - // Origin: to.Ptr("user"), - // }, - // { - // Name: to.Ptr("Microsoft.SecurityInsights/threatintelligence/indicators/appendTags/action"), - // Display: &armsecurityinsights.OperationDisplay{ - // Description: to.Ptr("Append tags to Threat Intelligence Indicator"), - // Operation: to.Ptr("Append tags to Threat Intelligence Indicator"), - // Provider: to.Ptr("Microsoft Security Insights"), - // Resource: to.Ptr("ThreatIntelligence"), - // }, - // Origin: to.Ptr("user"), - // }, - // { - // Name: to.Ptr("Microsoft.SecurityInsights/threatintelligence/indicators/replaceTags/action"), - // Display: &armsecurityinsights.OperationDisplay{ - // Description: to.Ptr("Replace Tags of Threat Intelligence Indicator"), - // Operation: to.Ptr("Replace Tags of Threat Intelligence Indicator"), - // Provider: to.Ptr("Microsoft Security Insights"), - // Resource: to.Ptr("ThreatIntelligence"), - // }, - // Origin: to.Ptr("user"), - // }, - // { - // Name: to.Ptr("Microsoft.SecurityInsights/threatintelligence/queryIndicators/action"), - // Display: &armsecurityinsights.OperationDisplay{ - // Description: to.Ptr("Query Threat Intelligence Indicators"), - // Operation: to.Ptr("Query Threat Intelligence Indicators"), - // Provider: to.Ptr("Microsoft Security Insights"), - // Resource: to.Ptr("ThreatIntelligence"), - // }, - // Origin: to.Ptr("user"), - // }, - // { - // Name: to.Ptr("Microsoft.SecurityInsights/Watchlists/read"), - // Display: &armsecurityinsights.OperationDisplay{ - // Description: to.Ptr("Gets Watchlists"), - // Operation: to.Ptr("Get Watchlists"), - // Provider: to.Ptr("Microsoft Security Insights"), - // Resource: to.Ptr("Watchlists"), - // }, - // Origin: to.Ptr("user"), - // }, - // { - // Name: to.Ptr("Microsoft.SecurityInsights/Watchlists/write"), - // Display: &armsecurityinsights.OperationDisplay{ - // Description: to.Ptr("Create Watchlists"), - // Operation: to.Ptr("Create Watchlists"), - // Provider: to.Ptr("Microsoft Security Insights"), - // Resource: to.Ptr("Watchlists"), - // }, - // Origin: to.Ptr("user"), - // }, - // { - // Name: to.Ptr("Microsoft.SecurityInsights/Watchlists/delete"), - // Display: &armsecurityinsights.OperationDisplay{ - // Description: to.Ptr("Deletes Watchlists"), - // Operation: to.Ptr("Delete Watchlists"), - // Provider: to.Ptr("Microsoft Security Insights"), - // Resource: to.Ptr("Watchlists"), - // }, - // Origin: to.Ptr("user"), - // }, - // { - // Name: to.Ptr("Microsoft.SecurityInsights/onboardingStates/read"), - // Display: &armsecurityinsights.OperationDisplay{ - // Description: to.Ptr("Gets an onboarding state"), - // Operation: to.Ptr("Get Onboarding States"), - // Provider: to.Ptr("Microsoft Security Insights"), - // Resource: to.Ptr("Onboarding States"), - // }, - // Origin: to.Ptr("user"), - // }, - // { - // Name: to.Ptr("Microsoft.SecurityInsights/onboardingStates/write"), - // Display: &armsecurityinsights.OperationDisplay{ - // Description: to.Ptr("Updates an onboarding state"), - // Operation: to.Ptr("Update Onboarding States"), - // Provider: to.Ptr("Microsoft Security Insights"), - // Resource: to.Ptr("Onboarding States"), - // }, - // Origin: to.Ptr("user"), - // }, - // { - // Name: to.Ptr("Microsoft.SecurityInsights/onboardingStates/delete"), - // Display: &armsecurityinsights.OperationDisplay{ - // Description: to.Ptr("Deletes an onboarding state"), - // Operation: to.Ptr("Delete Onboarding States"), - // Provider: to.Ptr("Microsoft Security Insights"), - // Resource: to.Ptr("Onboarding States"), - // }, - // Origin: to.Ptr("user"), - // }}, - // } - } -} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/options.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/options.go index c52cb198c860..a1e5ca0e9b90 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/options.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/options.go @@ -80,44 +80,6 @@ type AutomationRulesClientListOptions struct { // placeholder for future optional parameters } -// BookmarkClientExpandOptions contains the optional parameters for the BookmarkClient.Expand method. -type BookmarkClientExpandOptions struct { - // placeholder for future optional parameters -} - -// BookmarkRelationsClientCreateOrUpdateOptions contains the optional parameters for the BookmarkRelationsClient.CreateOrUpdate -// method. -type BookmarkRelationsClientCreateOrUpdateOptions struct { - // placeholder for future optional parameters -} - -// BookmarkRelationsClientDeleteOptions contains the optional parameters for the BookmarkRelationsClient.Delete method. -type BookmarkRelationsClientDeleteOptions struct { - // placeholder for future optional parameters -} - -// BookmarkRelationsClientGetOptions contains the optional parameters for the BookmarkRelationsClient.Get method. -type BookmarkRelationsClientGetOptions struct { - // placeholder for future optional parameters -} - -// BookmarkRelationsClientListOptions contains the optional parameters for the BookmarkRelationsClient.NewListPager method. -type BookmarkRelationsClientListOptions struct { - // Filters the results, based on a Boolean condition. Optional. - Filter *string - - // Sorts the results. Optional. - Orderby *string - - // Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, - // the value of the nextLink element will include a skiptoken parameter that - // specifies a starting point to use for subsequent calls. Optional. - SkipToken *string - - // Returns only the first n results. Optional. - Top *int32 -} - // BookmarksClientCreateOrUpdateOptions contains the optional parameters for the BookmarksClient.CreateOrUpdate method. type BookmarksClientCreateOrUpdateOptions struct { // placeholder for future optional parameters @@ -138,86 +100,82 @@ type BookmarksClientListOptions struct { // placeholder for future optional parameters } -// DataConnectorsCheckRequirementsClientPostOptions contains the optional parameters for the DataConnectorsCheckRequirementsClient.Post -// method. -type DataConnectorsCheckRequirementsClientPostOptions struct { +// ContentPackageClientInstallOptions contains the optional parameters for the ContentPackageClient.Install method. +type ContentPackageClientInstallOptions struct { // placeholder for future optional parameters } -// DataConnectorsClientConnectOptions contains the optional parameters for the DataConnectorsClient.Connect method. -type DataConnectorsClientConnectOptions struct { +// ContentPackageClientUninstallOptions contains the optional parameters for the ContentPackageClient.Uninstall method. +type ContentPackageClientUninstallOptions struct { // placeholder for future optional parameters } -// DataConnectorsClientCreateOrUpdateOptions contains the optional parameters for the DataConnectorsClient.CreateOrUpdate -// method. -type DataConnectorsClientCreateOrUpdateOptions struct { +// ContentPackagesClientGetOptions contains the optional parameters for the ContentPackagesClient.Get method. +type ContentPackagesClientGetOptions struct { // placeholder for future optional parameters } -// DataConnectorsClientDeleteOptions contains the optional parameters for the DataConnectorsClient.Delete method. -type DataConnectorsClientDeleteOptions struct { - // placeholder for future optional parameters -} +// ContentPackagesClientListOptions contains the optional parameters for the ContentPackagesClient.NewListPager method. +type ContentPackagesClientListOptions struct { + // Instructs the server to return only object count without actual body. Optional. + Count *bool -// DataConnectorsClientDisconnectOptions contains the optional parameters for the DataConnectorsClient.Disconnect method. -type DataConnectorsClientDisconnectOptions struct { - // placeholder for future optional parameters -} + // Filters the results, based on a Boolean condition. Optional. + Filter *string -// DataConnectorsClientGetOptions contains the optional parameters for the DataConnectorsClient.Get method. -type DataConnectorsClientGetOptions struct { - // placeholder for future optional parameters -} + // Sorts the results. Optional. + Orderby *string -// DataConnectorsClientListOptions contains the optional parameters for the DataConnectorsClient.NewListPager method. -type DataConnectorsClientListOptions struct { - // placeholder for future optional parameters -} + // Searches for a substring in the response. Optional. + Search *string -// DomainWhoisClientGetOptions contains the optional parameters for the DomainWhoisClient.Get method. -type DomainWhoisClientGetOptions struct { - // placeholder for future optional parameters -} + // Used to skip n elements in the OData query (offset). Returns a nextLink to the next page of results if there are any left. + Skip *int32 -// EntitiesClientExpandOptions contains the optional parameters for the EntitiesClient.Expand method. -type EntitiesClientExpandOptions struct { - // placeholder for future optional parameters -} + // Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, + // the value of the nextLink element will include a skiptoken parameter that + // specifies a starting point to use for subsequent calls. Optional. + SkipToken *string -// EntitiesClientGetInsightsOptions contains the optional parameters for the EntitiesClient.GetInsights method. -type EntitiesClientGetInsightsOptions struct { - // placeholder for future optional parameters + // Returns only the first n results. Optional. + Top *int32 } -// EntitiesClientGetOptions contains the optional parameters for the EntitiesClient.Get method. -type EntitiesClientGetOptions struct { +// ContentTemplateClientDeleteOptions contains the optional parameters for the ContentTemplateClient.Delete method. +type ContentTemplateClientDeleteOptions struct { // placeholder for future optional parameters } -// EntitiesClientListOptions contains the optional parameters for the EntitiesClient.NewListPager method. -type EntitiesClientListOptions struct { +// ContentTemplateClientGetOptions contains the optional parameters for the ContentTemplateClient.Get method. +type ContentTemplateClientGetOptions struct { // placeholder for future optional parameters } -// EntitiesClientQueriesOptions contains the optional parameters for the EntitiesClient.Queries method. -type EntitiesClientQueriesOptions struct { +// ContentTemplateClientInstallOptions contains the optional parameters for the ContentTemplateClient.Install method. +type ContentTemplateClientInstallOptions struct { // placeholder for future optional parameters } -// EntitiesGetTimelineClientListOptions contains the optional parameters for the EntitiesGetTimelineClient.List method. -type EntitiesGetTimelineClientListOptions struct { - // placeholder for future optional parameters -} +// ContentTemplatesClientListOptions contains the optional parameters for the ContentTemplatesClient.NewListPager method. +type ContentTemplatesClientListOptions struct { + // Instructs the server to return only object count without actual body. Optional. + Count *bool + + // Expands the object with optional fiends that are not included by default. Optional. + Expand *string -// EntitiesRelationsClientListOptions contains the optional parameters for the EntitiesRelationsClient.NewListPager method. -type EntitiesRelationsClientListOptions struct { // Filters the results, based on a Boolean condition. Optional. Filter *string // Sorts the results. Optional. Orderby *string + // Searches for a substring in the response. Optional. + Search *string + + // Used to skip n elements in the OData query (offset). Returns a nextLink to the next page of results if there are any left. + Skip *int32 + // Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, // the value of the nextLink element will include a skiptoken parameter that // specifies a starting point to use for subsequent calls. Optional. @@ -227,80 +185,54 @@ type EntitiesRelationsClientListOptions struct { Top *int32 } -// EntityQueriesClientCreateOrUpdateOptions contains the optional parameters for the EntityQueriesClient.CreateOrUpdate method. -type EntityQueriesClientCreateOrUpdateOptions struct { +// DataConnectorDefinitionsClientCreateOrUpdateOptions contains the optional parameters for the DataConnectorDefinitionsClient.CreateOrUpdate +// method. +type DataConnectorDefinitionsClientCreateOrUpdateOptions struct { // placeholder for future optional parameters } -// EntityQueriesClientDeleteOptions contains the optional parameters for the EntityQueriesClient.Delete method. -type EntityQueriesClientDeleteOptions struct { +// DataConnectorDefinitionsClientDeleteOptions contains the optional parameters for the DataConnectorDefinitionsClient.Delete +// method. +type DataConnectorDefinitionsClientDeleteOptions struct { // placeholder for future optional parameters } -// EntityQueriesClientGetOptions contains the optional parameters for the EntityQueriesClient.Get method. -type EntityQueriesClientGetOptions struct { +// DataConnectorDefinitionsClientGetOptions contains the optional parameters for the DataConnectorDefinitionsClient.Get method. +type DataConnectorDefinitionsClientGetOptions struct { // placeholder for future optional parameters } -// EntityQueriesClientListOptions contains the optional parameters for the EntityQueriesClient.NewListPager method. -type EntityQueriesClientListOptions struct { - // The entity query kind we want to fetch - Kind *Enum13 -} - -// EntityQueryTemplatesClientGetOptions contains the optional parameters for the EntityQueryTemplatesClient.Get method. -type EntityQueryTemplatesClientGetOptions struct { +// DataConnectorDefinitionsClientListOptions contains the optional parameters for the DataConnectorDefinitionsClient.NewListPager +// method. +type DataConnectorDefinitionsClientListOptions struct { // placeholder for future optional parameters } -// EntityQueryTemplatesClientListOptions contains the optional parameters for the EntityQueryTemplatesClient.NewListPager +// DataConnectorsClientCreateOrUpdateOptions contains the optional parameters for the DataConnectorsClient.CreateOrUpdate // method. -type EntityQueryTemplatesClientListOptions struct { - // The entity template query kind we want to fetch - Kind *Enum15 -} - -// EntityRelationsClientGetRelationOptions contains the optional parameters for the EntityRelationsClient.GetRelation method. -type EntityRelationsClientGetRelationOptions struct { +type DataConnectorsClientCreateOrUpdateOptions struct { // placeholder for future optional parameters } -// FileImportsClientBeginDeleteOptions contains the optional parameters for the FileImportsClient.BeginDelete method. -type FileImportsClientBeginDeleteOptions struct { - // Resumes the LRO from the provided token. - ResumeToken string -} - -// FileImportsClientCreateOptions contains the optional parameters for the FileImportsClient.Create method. -type FileImportsClientCreateOptions struct { +// DataConnectorsClientDeleteOptions contains the optional parameters for the DataConnectorsClient.Delete method. +type DataConnectorsClientDeleteOptions struct { // placeholder for future optional parameters } -// FileImportsClientGetOptions contains the optional parameters for the FileImportsClient.Get method. -type FileImportsClientGetOptions struct { +// DataConnectorsClientGetOptions contains the optional parameters for the DataConnectorsClient.Get method. +type DataConnectorsClientGetOptions struct { // placeholder for future optional parameters } -// FileImportsClientListOptions contains the optional parameters for the FileImportsClient.NewListPager method. -type FileImportsClientListOptions struct { - // Filters the results, based on a Boolean condition. Optional. - Filter *string - - // Sorts the results. Optional. - Orderby *string - - // Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, - // the value of the nextLink element will include a skiptoken parameter that - // specifies a starting point to use for subsequent calls. Optional. - SkipToken *string - - // Returns only the first n results. Optional. - Top *int32 +// DataConnectorsClientListOptions contains the optional parameters for the DataConnectorsClient.NewListPager method. +type DataConnectorsClientListOptions struct { + // placeholder for future optional parameters } -// IPGeodataClientGetOptions contains the optional parameters for the IPGeodataClient.Get method. -type IPGeodataClientGetOptions struct { - // placeholder for future optional parameters +// EntitiesClientRunPlaybookOptions contains the optional parameters for the EntitiesClient.RunPlaybook method. +type EntitiesClientRunPlaybookOptions struct { + // Describes the request body for triggering a playbook on an entity. + RequestBody *EntityManualTriggerRequestBody } // IncidentCommentsClientCreateOrUpdateOptions contains the optional parameters for the IncidentCommentsClient.CreateOrUpdate @@ -369,13 +301,28 @@ type IncidentRelationsClientListOptions struct { Top *int32 } -// IncidentsClientCreateOrUpdateOptions contains the optional parameters for the IncidentsClient.CreateOrUpdate method. -type IncidentsClientCreateOrUpdateOptions struct { +// IncidentTasksClientCreateOrUpdateOptions contains the optional parameters for the IncidentTasksClient.CreateOrUpdate method. +type IncidentTasksClientCreateOrUpdateOptions struct { + // placeholder for future optional parameters +} + +// IncidentTasksClientDeleteOptions contains the optional parameters for the IncidentTasksClient.Delete method. +type IncidentTasksClientDeleteOptions struct { + // placeholder for future optional parameters +} + +// IncidentTasksClientGetOptions contains the optional parameters for the IncidentTasksClient.Get method. +type IncidentTasksClientGetOptions struct { + // placeholder for future optional parameters +} + +// IncidentTasksClientListOptions contains the optional parameters for the IncidentTasksClient.NewListPager method. +type IncidentTasksClientListOptions struct { // placeholder for future optional parameters } -// IncidentsClientCreateTeamOptions contains the optional parameters for the IncidentsClient.CreateTeam method. -type IncidentsClientCreateTeamOptions struct { +// IncidentsClientCreateOrUpdateOptions contains the optional parameters for the IncidentsClient.CreateOrUpdate method. +type IncidentsClientCreateOrUpdateOptions struct { // placeholder for future optional parameters } @@ -423,6 +370,7 @@ type IncidentsClientListOptions struct { // IncidentsClientRunPlaybookOptions contains the optional parameters for the IncidentsClient.RunPlaybook method. type IncidentsClientRunPlaybookOptions struct { + // Describes the request body for triggering a playbook on an incident. RequestBody *ManualTriggerRequestBody } @@ -461,44 +409,62 @@ type MetadataClientUpdateOptions struct { // placeholder for future optional parameters } -// OfficeConsentsClientDeleteOptions contains the optional parameters for the OfficeConsentsClient.Delete method. -type OfficeConsentsClientDeleteOptions struct { +// OperationsClientListOptions contains the optional parameters for the OperationsClient.NewListPager method. +type OperationsClientListOptions struct { // placeholder for future optional parameters } -// OfficeConsentsClientGetOptions contains the optional parameters for the OfficeConsentsClient.Get method. -type OfficeConsentsClientGetOptions struct { +// ProductPackageClientGetOptions contains the optional parameters for the ProductPackageClient.Get method. +type ProductPackageClientGetOptions struct { // placeholder for future optional parameters } -// OfficeConsentsClientListOptions contains the optional parameters for the OfficeConsentsClient.NewListPager method. -type OfficeConsentsClientListOptions struct { - // placeholder for future optional parameters -} +// ProductPackagesClientListOptions contains the optional parameters for the ProductPackagesClient.NewListPager method. +type ProductPackagesClientListOptions struct { + // Filters the results, based on a Boolean condition. Optional. + Filter *string -// OperationsClientListOptions contains the optional parameters for the OperationsClient.NewListPager method. -type OperationsClientListOptions struct { - // placeholder for future optional parameters -} + // Sorts the results. Optional. + Orderby *string -// ProductSettingsClientDeleteOptions contains the optional parameters for the ProductSettingsClient.Delete method. -type ProductSettingsClientDeleteOptions struct { - // placeholder for future optional parameters -} + // Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, + // the value of the nextLink element will include a skiptoken parameter that + // specifies a starting point to use for subsequent calls. Optional. + SkipToken *string -// ProductSettingsClientGetOptions contains the optional parameters for the ProductSettingsClient.Get method. -type ProductSettingsClientGetOptions struct { - // placeholder for future optional parameters + // Returns only the first n results. Optional. + Top *int32 } -// ProductSettingsClientListOptions contains the optional parameters for the ProductSettingsClient.List method. -type ProductSettingsClientListOptions struct { +// ProductTemplateClientGetOptions contains the optional parameters for the ProductTemplateClient.Get method. +type ProductTemplateClientGetOptions struct { // placeholder for future optional parameters } -// ProductSettingsClientUpdateOptions contains the optional parameters for the ProductSettingsClient.Update method. -type ProductSettingsClientUpdateOptions struct { - // placeholder for future optional parameters +// ProductTemplatesClientListOptions contains the optional parameters for the ProductTemplatesClient.NewListPager method. +type ProductTemplatesClientListOptions struct { + // Instructs the server to return only object count without actual body. Optional. + Count *bool + + // Filters the results, based on a Boolean condition. Optional. + Filter *string + + // Sorts the results. Optional. + Orderby *string + + // Searches for a substring in the response. Optional. + Search *string + + // Used to skip n elements in the OData query (offset). Returns a nextLink to the next page of results if there are any left. + Skip *int32 + + // Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, + // the value of the nextLink element will include a skiptoken parameter that + // specifies a starting point to use for subsequent calls. Optional. + SkipToken *string + + // Returns only the first n results. Optional. + Top *int32 } // SecurityMLAnalyticsSettingsClientCreateOrUpdateOptions contains the optional parameters for the SecurityMLAnalyticsSettingsClient.CreateOrUpdate @@ -665,14 +631,17 @@ type WatchlistItemsClientListOptions struct { SkipToken *string } -// WatchlistsClientCreateOrUpdateOptions contains the optional parameters for the WatchlistsClient.CreateOrUpdate method. -type WatchlistsClientCreateOrUpdateOptions struct { - // placeholder for future optional parameters +// WatchlistsClientBeginCreateOrUpdateOptions contains the optional parameters for the WatchlistsClient.BeginCreateOrUpdate +// method. +type WatchlistsClientBeginCreateOrUpdateOptions struct { + // Resumes the LRO from the provided token. + ResumeToken string } -// WatchlistsClientDeleteOptions contains the optional parameters for the WatchlistsClient.Delete method. -type WatchlistsClientDeleteOptions struct { - // placeholder for future optional parameters +// WatchlistsClientBeginDeleteOptions contains the optional parameters for the WatchlistsClient.BeginDelete method. +type WatchlistsClientBeginDeleteOptions struct { + // Resumes the LRO from the provided token. + ResumeToken string } // WatchlistsClientGetOptions contains the optional parameters for the WatchlistsClient.Get method. diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/polymorphic_helpers.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/polymorphic_helpers.go index 5a07d8b50e0f..8801d20ad090 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/polymorphic_helpers.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/polymorphic_helpers.go @@ -22,16 +22,10 @@ func unmarshalAlertRuleClassification(rawMsg json.RawMessage) (AlertRuleClassifi switch m["kind"] { case string(AlertRuleKindFusion): b = &FusionAlertRule{} - case string(AlertRuleKindMLBehaviorAnalytics): - b = &MLBehaviorAnalyticsAlertRule{} case string(AlertRuleKindMicrosoftSecurityIncidentCreation): b = &MicrosoftSecurityIncidentCreationAlertRule{} - case string(AlertRuleKindNRT): - b = &NrtAlertRule{} case string(AlertRuleKindScheduled): b = &ScheduledAlertRule{} - case string(AlertRuleKindThreatIntelligence): - b = &ThreatIntelligenceAlertRule{} default: b = &AlertRule{} } @@ -72,16 +66,10 @@ func unmarshalAlertRuleTemplateClassification(rawMsg json.RawMessage) (AlertRule switch m["kind"] { case string(AlertRuleKindFusion): b = &FusionAlertRuleTemplate{} - case string(AlertRuleKindMLBehaviorAnalytics): - b = &MLBehaviorAnalyticsAlertRuleTemplate{} case string(AlertRuleKindMicrosoftSecurityIncidentCreation): b = &MicrosoftSecurityIncidentCreationAlertRuleTemplate{} - case string(AlertRuleKindNRT): - b = &NrtAlertRuleTemplate{} case string(AlertRuleKindScheduled): b = &ScheduledAlertRuleTemplate{} - case string(AlertRuleKindThreatIntelligence): - b = &ThreatIntelligenceAlertRuleTemplate{} default: b = &AlertRuleTemplate{} } @@ -120,6 +108,8 @@ func unmarshalAutomationRuleActionClassification(rawMsg json.RawMessage) (Automa } var b AutomationRuleActionClassification switch m["actionType"] { + case string(ActionTypeAddIncidentTask): + b = &AutomationRuleAddIncidentTaskAction{} case string(ActionTypeModifyProperties): b = &AutomationRuleModifyPropertiesAction{} case string(ActionTypeRunPlaybook): @@ -200,6 +190,47 @@ func unmarshalAutomationRuleConditionClassificationArray(rawMsg json.RawMessage) return fArray, nil } +func unmarshalCcpAuthConfigClassification(rawMsg json.RawMessage) (CcpAuthConfigClassification, error) { + if rawMsg == nil || string(rawMsg) == "null" { + return nil, nil + } + var m map[string]any + if err := json.Unmarshal(rawMsg, &m); err != nil { + return nil, err + } + var b CcpAuthConfigClassification + switch m["type"] { + case string(CcpAuthTypeAPIKey): + b = &APIKeyAuthModel{} + case string(CcpAuthTypeAWS): + b = &AWSAuthModel{} + case string(CcpAuthTypeBasic): + b = &BasicAuthModel{} + case string(CcpAuthTypeGCP): + b = &GCPAuthModel{} + case string(CcpAuthTypeGitHub): + b = &GitHubAuthModel{} + case string(CcpAuthTypeJwtToken): + b = &JwtAuthModel{} + case string(CcpAuthTypeNone): + b = &NoneAuthModel{} + case string(CcpAuthTypeOAuth2): + b = &OAuthModel{} + case string(CcpAuthTypeOracle): + b = &OracleAuthModel{} + case string(CcpAuthTypeServiceBus): + b = &GenericBlobSbsAuthModel{} + case string(CcpAuthTypeSession): + b = &SessionAuthModel{} + default: + b = &CcpAuthConfig{} + } + if err := json.Unmarshal(rawMsg, b); err != nil { + return nil, err + } + return b, nil +} + func unmarshalDataConnectorClassification(rawMsg json.RawMessage) (DataConnectorClassification, error) { if rawMsg == nil || string(rawMsg) == "null" { return nil, nil @@ -210,46 +241,28 @@ func unmarshalDataConnectorClassification(rawMsg json.RawMessage) (DataConnector } var b DataConnectorClassification switch m["kind"] { - case string(DataConnectorKindAPIPolling): - b = &CodelessAPIPollingDataConnector{} case string(DataConnectorKindAmazonWebServicesCloudTrail): b = &AwsCloudTrailDataConnector{} - case string(DataConnectorKindAmazonWebServicesS3): - b = &AwsS3DataConnector{} case string(DataConnectorKindAzureActiveDirectory): b = &AADDataConnector{} case string(DataConnectorKindAzureAdvancedThreatProtection): b = &AATPDataConnector{} case string(DataConnectorKindAzureSecurityCenter): b = &ASCDataConnector{} - case string(DataConnectorKindDynamics365): - b = &Dynamics365DataConnector{} - case string(DataConnectorKindGenericUI): - b = &CodelessUIDataConnector{} - case string(DataConnectorKindIOT): - b = &IoTDataConnector{} case string(DataConnectorKindMicrosoftCloudAppSecurity): b = &MCASDataConnector{} case string(DataConnectorKindMicrosoftDefenderAdvancedThreatProtection): b = &MDATPDataConnector{} case string(DataConnectorKindMicrosoftThreatIntelligence): b = &MSTIDataConnector{} - case string(DataConnectorKindMicrosoftThreatProtection): - b = &MTPDataConnector{} case string(DataConnectorKindOffice365): b = &OfficeDataConnector{} - case string(DataConnectorKindOffice365Project): - b = &Office365ProjectDataConnector{} - case string(DataConnectorKindOfficeATP): - b = &OfficeATPDataConnector{} - case string(DataConnectorKindOfficeIRM): - b = &OfficeIRMDataConnector{} - case string(DataConnectorKindOfficePowerBI): - b = &OfficePowerBIDataConnector{} + case string(DataConnectorKindPremiumMicrosoftDefenderForThreatIntelligence): + b = &PremiumMicrosoftDefenderForThreatIntelligence{} + case string(DataConnectorKindRestAPIPoller): + b = &RestAPIPollerDataConnector{} case string(DataConnectorKindThreatIntelligence): b = &TIDataConnector{} - case string(DataConnectorKindThreatIntelligenceTaxii): - b = &TiTaxiiDataConnector{} default: b = &DataConnector{} } @@ -278,7 +291,7 @@ func unmarshalDataConnectorClassificationArray(rawMsg json.RawMessage) ([]DataCo return fArray, nil } -func unmarshalEntityClassification(rawMsg json.RawMessage) (EntityClassification, error) { +func unmarshalDataConnectorDefinitionClassification(rawMsg json.RawMessage) (DataConnectorDefinitionClassification, error) { if rawMsg == nil || string(rawMsg) == "null" { return nil, nil } @@ -286,54 +299,12 @@ func unmarshalEntityClassification(rawMsg json.RawMessage) (EntityClassification if err := json.Unmarshal(rawMsg, &m); err != nil { return nil, err } - var b EntityClassification + var b DataConnectorDefinitionClassification switch m["kind"] { - case string(EntityKindAccount): - b = &AccountEntity{} - case string(EntityKindAzureResource): - b = &AzureResourceEntity{} - case string(EntityKindBookmark): - b = &HuntingBookmark{} - case string(EntityKindCloudApplication): - b = &CloudApplicationEntity{} - case string(EntityKindDNSResolution): - b = &DNSEntity{} - case string(EntityKindFile): - b = &FileEntity{} - case string(EntityKindFileHash): - b = &FileHashEntity{} - case string(EntityKindHost): - b = &HostEntity{} - case string(EntityKindIoTDevice): - b = &IoTDeviceEntity{} - case string(EntityKindIP): - b = &IPEntity{} - case string(EntityKindMailCluster): - b = &MailClusterEntity{} - case string(EntityKindMailMessage): - b = &MailMessageEntity{} - case string(EntityKindMailbox): - b = &MailboxEntity{} - case string(EntityKindMalware): - b = &MalwareEntity{} - case string(EntityKindNic): - b = &NicEntity{} - case string(EntityKindProcess): - b = &ProcessEntity{} - case string(EntityKindRegistryKey): - b = &RegistryKeyEntity{} - case string(EntityKindRegistryValue): - b = &RegistryValueEntity{} - case string(EntityKindSecurityAlert): - b = &SecurityAlert{} - case string(EntityKindSecurityGroup): - b = &SecurityGroupEntity{} - case string(EntityKindSubmissionMail): - b = &SubmissionMailEntity{} - case string(EntityKindURL): - b = &URLEntity{} + case string(DataConnectorDefinitionKindCustomizable): + b = &CustomizableConnectorDefinition{} default: - b = &Entity{} + b = &DataConnectorDefinition{} } if err := json.Unmarshal(rawMsg, b); err != nil { return nil, err @@ -341,7 +312,7 @@ func unmarshalEntityClassification(rawMsg json.RawMessage) (EntityClassification return b, nil } -func unmarshalEntityClassificationArray(rawMsg json.RawMessage) ([]EntityClassification, error) { +func unmarshalDataConnectorDefinitionClassificationArray(rawMsg json.RawMessage) ([]DataConnectorDefinitionClassification, error) { if rawMsg == nil || string(rawMsg) == "null" { return nil, nil } @@ -349,9 +320,9 @@ func unmarshalEntityClassificationArray(rawMsg json.RawMessage) ([]EntityClassif if err := json.Unmarshal(rawMsg, &rawMessages); err != nil { return nil, err } - fArray := make([]EntityClassification, len(rawMessages)) + fArray := make([]DataConnectorDefinitionClassification, len(rawMessages)) for index, rawMessage := range rawMessages { - f, err := unmarshalEntityClassification(rawMessage) + f, err := unmarshalDataConnectorDefinitionClassification(rawMessage) if err != nil { return nil, err } @@ -360,129 +331,7 @@ func unmarshalEntityClassificationArray(rawMsg json.RawMessage) ([]EntityClassif return fArray, nil } -func unmarshalEntityQueryClassification(rawMsg json.RawMessage) (EntityQueryClassification, error) { - if rawMsg == nil || string(rawMsg) == "null" { - return nil, nil - } - var m map[string]any - if err := json.Unmarshal(rawMsg, &m); err != nil { - return nil, err - } - var b EntityQueryClassification - switch m["kind"] { - case string(EntityQueryKindActivity): - b = &ActivityEntityQuery{} - case string(EntityQueryKindExpansion): - b = &ExpansionEntityQuery{} - default: - b = &EntityQuery{} - } - if err := json.Unmarshal(rawMsg, b); err != nil { - return nil, err - } - return b, nil -} - -func unmarshalEntityQueryClassificationArray(rawMsg json.RawMessage) ([]EntityQueryClassification, error) { - if rawMsg == nil || string(rawMsg) == "null" { - return nil, nil - } - var rawMessages []json.RawMessage - if err := json.Unmarshal(rawMsg, &rawMessages); err != nil { - return nil, err - } - fArray := make([]EntityQueryClassification, len(rawMessages)) - for index, rawMessage := range rawMessages { - f, err := unmarshalEntityQueryClassification(rawMessage) - if err != nil { - return nil, err - } - fArray[index] = f - } - return fArray, nil -} - -func unmarshalEntityQueryItemClassification(rawMsg json.RawMessage) (EntityQueryItemClassification, error) { - if rawMsg == nil || string(rawMsg) == "null" { - return nil, nil - } - var m map[string]any - if err := json.Unmarshal(rawMsg, &m); err != nil { - return nil, err - } - var b EntityQueryItemClassification - switch m["kind"] { - case string(EntityQueryKindInsight): - b = &InsightQueryItem{} - default: - b = &EntityQueryItem{} - } - if err := json.Unmarshal(rawMsg, b); err != nil { - return nil, err - } - return b, nil -} - -func unmarshalEntityQueryItemClassificationArray(rawMsg json.RawMessage) ([]EntityQueryItemClassification, error) { - if rawMsg == nil || string(rawMsg) == "null" { - return nil, nil - } - var rawMessages []json.RawMessage - if err := json.Unmarshal(rawMsg, &rawMessages); err != nil { - return nil, err - } - fArray := make([]EntityQueryItemClassification, len(rawMessages)) - for index, rawMessage := range rawMessages { - f, err := unmarshalEntityQueryItemClassification(rawMessage) - if err != nil { - return nil, err - } - fArray[index] = f - } - return fArray, nil -} - -func unmarshalEntityQueryTemplateClassification(rawMsg json.RawMessage) (EntityQueryTemplateClassification, error) { - if rawMsg == nil || string(rawMsg) == "null" { - return nil, nil - } - var m map[string]any - if err := json.Unmarshal(rawMsg, &m); err != nil { - return nil, err - } - var b EntityQueryTemplateClassification - switch m["kind"] { - case string(EntityQueryTemplateKindActivity): - b = &ActivityEntityQueryTemplate{} - default: - b = &EntityQueryTemplate{} - } - if err := json.Unmarshal(rawMsg, b); err != nil { - return nil, err - } - return b, nil -} - -func unmarshalEntityQueryTemplateClassificationArray(rawMsg json.RawMessage) ([]EntityQueryTemplateClassification, error) { - if rawMsg == nil || string(rawMsg) == "null" { - return nil, nil - } - var rawMessages []json.RawMessage - if err := json.Unmarshal(rawMsg, &rawMessages); err != nil { - return nil, err - } - fArray := make([]EntityQueryTemplateClassification, len(rawMessages)) - for index, rawMessage := range rawMessages { - f, err := unmarshalEntityQueryTemplateClassification(rawMessage) - if err != nil { - return nil, err - } - fArray[index] = f - } - return fArray, nil -} - -func unmarshalEntityTimelineItemClassification(rawMsg json.RawMessage) (EntityTimelineItemClassification, error) { +func unmarshalEntityClassification(rawMsg json.RawMessage) (EntityClassification, error) { if rawMsg == nil || string(rawMsg) == "null" { return nil, nil } @@ -490,18 +339,52 @@ func unmarshalEntityTimelineItemClassification(rawMsg json.RawMessage) (EntityTi if err := json.Unmarshal(rawMsg, &m); err != nil { return nil, err } - var b EntityTimelineItemClassification + var b EntityClassification switch m["kind"] { - case string(EntityTimelineKindActivity): - b = &ActivityTimelineItem{} - case string(EntityTimelineKindAnomaly): - b = &AnomalyTimelineItem{} - case string(EntityTimelineKindBookmark): - b = &BookmarkTimelineItem{} - case string(EntityTimelineKindSecurityAlert): - b = &SecurityAlertTimelineItem{} + case string(EntityKindEnumAccount): + b = &AccountEntity{} + case string(EntityKindEnumAzureResource): + b = &AzureResourceEntity{} + case string(EntityKindEnumBookmark): + b = &HuntingBookmark{} + case string(EntityKindEnumCloudApplication): + b = &CloudApplicationEntity{} + case string(EntityKindEnumDNSResolution): + b = &DNSEntity{} + case string(EntityKindEnumFile): + b = &FileEntity{} + case string(EntityKindEnumFileHash): + b = &FileHashEntity{} + case string(EntityKindEnumHost): + b = &HostEntity{} + case string(EntityKindEnumIoTDevice): + b = &IoTDeviceEntity{} + case string(EntityKindEnumIP): + b = &IPEntity{} + case string(EntityKindEnumMailCluster): + b = &MailClusterEntity{} + case string(EntityKindEnumMailMessage): + b = &MailMessageEntity{} + case string(EntityKindEnumMailbox): + b = &MailboxEntity{} + case string(EntityKindEnumMalware): + b = &MalwareEntity{} + case string(EntityKindEnumProcess): + b = &ProcessEntity{} + case string(EntityKindEnumRegistryKey): + b = &RegistryKeyEntity{} + case string(EntityKindEnumRegistryValue): + b = &RegistryValueEntity{} + case string(EntityKindEnumSecurityAlert): + b = &SecurityAlert{} + case string(EntityKindEnumSecurityGroup): + b = &SecurityGroupEntity{} + case string(EntityKindEnumSubmissionMail): + b = &SubmissionMailEntity{} + case string(EntityKindEnumURL): + b = &URLEntity{} default: - b = &EntityTimelineItem{} + b = &Entity{} } if err := json.Unmarshal(rawMsg, b); err != nil { return nil, err @@ -509,7 +392,7 @@ func unmarshalEntityTimelineItemClassification(rawMsg json.RawMessage) (EntityTi return b, nil } -func unmarshalEntityTimelineItemClassificationArray(rawMsg json.RawMessage) ([]EntityTimelineItemClassification, error) { +func unmarshalEntityClassificationArray(rawMsg json.RawMessage) ([]EntityClassification, error) { if rawMsg == nil || string(rawMsg) == "null" { return nil, nil } @@ -517,9 +400,9 @@ func unmarshalEntityTimelineItemClassificationArray(rawMsg json.RawMessage) ([]E if err := json.Unmarshal(rawMsg, &rawMessages); err != nil { return nil, err } - fArray := make([]EntityTimelineItemClassification, len(rawMessages)) + fArray := make([]EntityClassification, len(rawMessages)) for index, rawMessage := range rawMessages { - f, err := unmarshalEntityTimelineItemClassification(rawMessage) + f, err := unmarshalEntityClassification(rawMessage) if err != nil { return nil, err } @@ -568,52 +451,6 @@ func unmarshalSecurityMLAnalyticsSettingClassificationArray(rawMsg json.RawMessa return fArray, nil } -func unmarshalSettingsClassification(rawMsg json.RawMessage) (SettingsClassification, error) { - if rawMsg == nil || string(rawMsg) == "null" { - return nil, nil - } - var m map[string]any - if err := json.Unmarshal(rawMsg, &m); err != nil { - return nil, err - } - var b SettingsClassification - switch m["kind"] { - case string(SettingKindAnomalies): - b = &Anomalies{} - case string(SettingKindEntityAnalytics): - b = &EntityAnalytics{} - case string(SettingKindEyesOn): - b = &EyesOn{} - case string(SettingKindUeba): - b = &Ueba{} - default: - b = &Settings{} - } - if err := json.Unmarshal(rawMsg, b); err != nil { - return nil, err - } - return b, nil -} - -func unmarshalSettingsClassificationArray(rawMsg json.RawMessage) ([]SettingsClassification, error) { - if rawMsg == nil || string(rawMsg) == "null" { - return nil, nil - } - var rawMessages []json.RawMessage - if err := json.Unmarshal(rawMsg, &rawMessages); err != nil { - return nil, err - } - fArray := make([]SettingsClassification, len(rawMessages)) - for index, rawMessage := range rawMessages { - f, err := unmarshalSettingsClassification(rawMessage) - if err != nil { - return nil, err - } - fArray[index] = f - } - return fArray, nil -} - func unmarshalThreatIntelligenceInformationClassification(rawMsg json.RawMessage) (ThreatIntelligenceInformationClassification, error) { if rawMsg == nil || string(rawMsg) == "null" { return nil, nil @@ -624,7 +461,7 @@ func unmarshalThreatIntelligenceInformationClassification(rawMsg json.RawMessage } var b ThreatIntelligenceInformationClassification switch m["kind"] { - case string(ThreatIntelligenceResourceKindEnumIndicator): + case string(ThreatIntelligenceResourceInnerKindIndicator): b = &ThreatIntelligenceIndicatorModel{} default: b = &ThreatIntelligenceInformation{} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/domainwhois_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/productpackage_client.go similarity index 51% rename from sdk/resourcemanager/securityinsights/armsecurityinsights/domainwhois_client.go rename to sdk/resourcemanager/securityinsights/armsecurityinsights/productpackage_client.go index eb31c33a5708..5d92698cf4c0 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/domainwhois_client.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/productpackage_client.go @@ -20,61 +20,62 @@ import ( "strings" ) -// DomainWhoisClient contains the methods for the DomainWhois group. -// Don't use this type directly, use NewDomainWhoisClient() instead. -type DomainWhoisClient struct { +// ProductPackageClient contains the methods for the ProductPackage group. +// Don't use this type directly, use NewProductPackageClient() instead. +type ProductPackageClient struct { internal *arm.Client subscriptionID string } -// NewDomainWhoisClient creates a new instance of DomainWhoisClient with the specified values. -// - subscriptionID - The ID of the target subscription. +// NewProductPackageClient creates a new instance of ProductPackageClient with the specified values. +// - subscriptionID - The ID of the target subscription. The value must be an UUID. // - credential - used to authorize requests. Usually a credential from azidentity. // - options - pass nil to accept the default values. -func NewDomainWhoisClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*DomainWhoisClient, error) { +func NewProductPackageClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*ProductPackageClient, error) { cl, err := arm.NewClient(moduleName, moduleVersion, credential, options) if err != nil { return nil, err } - client := &DomainWhoisClient{ + client := &ProductPackageClient{ subscriptionID: subscriptionID, internal: cl, } return client, nil } -// Get - Get whois information for a single domain name +// Get - Gets a package by its identifier from the catalog. // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. -// - domain - Domain name to be enriched -// - options - DomainWhoisClientGetOptions contains the optional parameters for the DomainWhoisClient.Get method. -func (client *DomainWhoisClient) Get(ctx context.Context, resourceGroupName string, domain string, options *DomainWhoisClientGetOptions) (DomainWhoisClientGetResponse, error) { +// - workspaceName - The name of the workspace. +// - packageID - package Id +// - options - ProductPackageClientGetOptions contains the optional parameters for the ProductPackageClient.Get method. +func (client *ProductPackageClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, packageID string, options *ProductPackageClientGetOptions) (ProductPackageClientGetResponse, error) { var err error - const operationName = "DomainWhoisClient.Get" + const operationName = "ProductPackageClient.Get" ctx = context.WithValue(ctx, runtime.CtxAPINameKey{}, operationName) ctx, endSpan := runtime.StartSpan(ctx, operationName, client.internal.Tracer(), nil) defer func() { endSpan(err) }() - req, err := client.getCreateRequest(ctx, resourceGroupName, domain, options) + req, err := client.getCreateRequest(ctx, resourceGroupName, workspaceName, packageID, options) if err != nil { - return DomainWhoisClientGetResponse{}, err + return ProductPackageClientGetResponse{}, err } httpResp, err := client.internal.Pipeline().Do(req) if err != nil { - return DomainWhoisClientGetResponse{}, err + return ProductPackageClientGetResponse{}, err } if !runtime.HasStatusCode(httpResp, http.StatusOK) { err = runtime.NewResponseError(httpResp) - return DomainWhoisClientGetResponse{}, err + return ProductPackageClientGetResponse{}, err } resp, err := client.getHandleResponse(httpResp) return resp, err } // getCreateRequest creates the Get request. -func (client *DomainWhoisClient) getCreateRequest(ctx context.Context, resourceGroupName string, domain string, options *DomainWhoisClientGetOptions) (*policy.Request, error) { - urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.SecurityInsights/enrichment/domain/whois/" +func (client *ProductPackageClient) getCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, packageID string, options *ProductPackageClientGetOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentProductPackages/{packageId}" if client.subscriptionID == "" { return nil, errors.New("parameter client.subscriptionID cannot be empty") } @@ -83,23 +84,30 @@ func (client *DomainWhoisClient) getCreateRequest(ctx context.Context, resourceG return nil, errors.New("parameter resourceGroupName cannot be empty") } urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) + if workspaceName == "" { + return nil, errors.New("parameter workspaceName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) + if packageID == "" { + return nil, errors.New("parameter packageID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{packageId}", url.PathEscape(packageID)) req, err := runtime.NewRequest(ctx, http.MethodGet, runtime.JoinPaths(client.internal.Endpoint(), urlPath)) if err != nil { return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") - reqQP.Set("domain", domain) + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil } // getHandleResponse handles the Get response. -func (client *DomainWhoisClient) getHandleResponse(resp *http.Response) (DomainWhoisClientGetResponse, error) { - result := DomainWhoisClientGetResponse{} - if err := runtime.UnmarshalAsJSON(resp, &result.EnrichmentDomainWhois); err != nil { - return DomainWhoisClientGetResponse{}, err +func (client *ProductPackageClient) getHandleResponse(resp *http.Response) (ProductPackageClientGetResponse, error) { + result := ProductPackageClientGetResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result.ProductPackageModel); err != nil { + return ProductPackageClientGetResponse{}, err } return result, nil } diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/entitiesrelations_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/productpackages_client.go similarity index 58% rename from sdk/resourcemanager/securityinsights/armsecurityinsights/entitiesrelations_client.go rename to sdk/resourcemanager/securityinsights/armsecurityinsights/productpackages_client.go index 1fbece7e7ea0..285b82b43069 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/entitiesrelations_client.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/productpackages_client.go @@ -21,53 +21,54 @@ import ( "strings" ) -// EntitiesRelationsClient contains the methods for the EntitiesRelations group. -// Don't use this type directly, use NewEntitiesRelationsClient() instead. -type EntitiesRelationsClient struct { +// ProductPackagesClient contains the methods for the ProductPackages group. +// Don't use this type directly, use NewProductPackagesClient() instead. +type ProductPackagesClient struct { internal *arm.Client subscriptionID string } -// NewEntitiesRelationsClient creates a new instance of EntitiesRelationsClient with the specified values. -// - subscriptionID - The ID of the target subscription. +// NewProductPackagesClient creates a new instance of ProductPackagesClient with the specified values. +// - subscriptionID - The ID of the target subscription. The value must be an UUID. // - credential - used to authorize requests. Usually a credential from azidentity. // - options - pass nil to accept the default values. -func NewEntitiesRelationsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*EntitiesRelationsClient, error) { +func NewProductPackagesClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*ProductPackagesClient, error) { cl, err := arm.NewClient(moduleName, moduleVersion, credential, options) if err != nil { return nil, err } - client := &EntitiesRelationsClient{ + client := &ProductPackagesClient{ subscriptionID: subscriptionID, internal: cl, } return client, nil } -// NewListPager - Gets all relations of an entity. +// NewListPager - Gets all packages from the catalog. Expandable properties: +// * properties/installed +// * properties/packagedContent // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. -// - entityID - entity ID -// - options - EntitiesRelationsClientListOptions contains the optional parameters for the EntitiesRelationsClient.NewListPager +// - options - ProductPackagesClientListOptions contains the optional parameters for the ProductPackagesClient.NewListPager // method. -func (client *EntitiesRelationsClient) NewListPager(resourceGroupName string, workspaceName string, entityID string, options *EntitiesRelationsClientListOptions) *runtime.Pager[EntitiesRelationsClientListResponse] { - return runtime.NewPager(runtime.PagingHandler[EntitiesRelationsClientListResponse]{ - More: func(page EntitiesRelationsClientListResponse) bool { +func (client *ProductPackagesClient) NewListPager(resourceGroupName string, workspaceName string, options *ProductPackagesClientListOptions) *runtime.Pager[ProductPackagesClientListResponse] { + return runtime.NewPager(runtime.PagingHandler[ProductPackagesClientListResponse]{ + More: func(page ProductPackagesClientListResponse) bool { return page.NextLink != nil && len(*page.NextLink) > 0 }, - Fetcher: func(ctx context.Context, page *EntitiesRelationsClientListResponse) (EntitiesRelationsClientListResponse, error) { - ctx = context.WithValue(ctx, runtime.CtxAPINameKey{}, "EntitiesRelationsClient.NewListPager") + Fetcher: func(ctx context.Context, page *ProductPackagesClientListResponse) (ProductPackagesClientListResponse, error) { + ctx = context.WithValue(ctx, runtime.CtxAPINameKey{}, "ProductPackagesClient.NewListPager") nextLink := "" if page != nil { nextLink = *page.NextLink } resp, err := runtime.FetcherForNextLink(ctx, client.internal.Pipeline(), nextLink, func(ctx context.Context) (*policy.Request, error) { - return client.listCreateRequest(ctx, resourceGroupName, workspaceName, entityID, options) + return client.listCreateRequest(ctx, resourceGroupName, workspaceName, options) }, nil) if err != nil { - return EntitiesRelationsClientListResponse{}, err + return ProductPackagesClientListResponse{}, err } return client.listHandleResponse(resp) }, @@ -76,8 +77,8 @@ func (client *EntitiesRelationsClient) NewListPager(resourceGroupName string, wo } // listCreateRequest creates the List request. -func (client *EntitiesRelationsClient) listCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, entityID string, options *EntitiesRelationsClientListOptions) (*policy.Request, error) { - urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/relations" +func (client *ProductPackagesClient) listCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, options *ProductPackagesClientListOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentProductPackages" if client.subscriptionID == "" { return nil, errors.New("parameter client.subscriptionID cannot be empty") } @@ -90,10 +91,6 @@ func (client *EntitiesRelationsClient) listCreateRequest(ctx context.Context, re return nil, errors.New("parameter workspaceName cannot be empty") } urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) - if entityID == "" { - return nil, errors.New("parameter entityID cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{entityId}", url.PathEscape(entityID)) req, err := runtime.NewRequest(ctx, http.MethodGet, runtime.JoinPaths(client.internal.Endpoint(), urlPath)) if err != nil { return nil, err @@ -111,17 +108,17 @@ func (client *EntitiesRelationsClient) listCreateRequest(ctx context.Context, re if options != nil && options.Top != nil { reqQP.Set("$top", strconv.FormatInt(int64(*options.Top), 10)) } - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil } // listHandleResponse handles the List response. -func (client *EntitiesRelationsClient) listHandleResponse(resp *http.Response) (EntitiesRelationsClientListResponse, error) { - result := EntitiesRelationsClientListResponse{} - if err := runtime.UnmarshalAsJSON(resp, &result.RelationList); err != nil { - return EntitiesRelationsClientListResponse{}, err +func (client *ProductPackagesClient) listHandleResponse(resp *http.Response) (ProductPackagesClientListResponse, error) { + result := ProductPackagesClientListResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result.ProductPackageList); err != nil { + return ProductPackagesClientListResponse{}, err } return result, nil } diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/productsettings_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/productsettings_client.go deleted file mode 100644 index 285f671f69aa..000000000000 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/productsettings_client.go +++ /dev/null @@ -1,309 +0,0 @@ -//go:build go1.18 -// +build go1.18 - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See License.txt in the project root for license information. -// Code generated by Microsoft (R) AutoRest Code Generator. DO NOT EDIT. -// Changes may cause incorrect behavior and will be lost if the code is regenerated. - -package armsecurityinsights - -import ( - "context" - "errors" - "github.com/Azure/azure-sdk-for-go/sdk/azcore" - "github.com/Azure/azure-sdk-for-go/sdk/azcore/arm" - "github.com/Azure/azure-sdk-for-go/sdk/azcore/policy" - "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime" - "net/http" - "net/url" - "strings" -) - -// ProductSettingsClient contains the methods for the ProductSettings group. -// Don't use this type directly, use NewProductSettingsClient() instead. -type ProductSettingsClient struct { - internal *arm.Client - subscriptionID string -} - -// NewProductSettingsClient creates a new instance of ProductSettingsClient with the specified values. -// - subscriptionID - The ID of the target subscription. -// - credential - used to authorize requests. Usually a credential from azidentity. -// - options - pass nil to accept the default values. -func NewProductSettingsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*ProductSettingsClient, error) { - cl, err := arm.NewClient(moduleName, moduleVersion, credential, options) - if err != nil { - return nil, err - } - client := &ProductSettingsClient{ - subscriptionID: subscriptionID, - internal: cl, - } - return client, nil -} - -// Delete - Delete setting of the product. -// If the operation fails it returns an *azcore.ResponseError type. -// -// Generated from API version 2022-09-01-preview -// - resourceGroupName - The name of the resource group. The name is case insensitive. -// - workspaceName - The name of the workspace. -// - settingsName - The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba -// - options - ProductSettingsClientDeleteOptions contains the optional parameters for the ProductSettingsClient.Delete method. -func (client *ProductSettingsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, settingsName string, options *ProductSettingsClientDeleteOptions) (ProductSettingsClientDeleteResponse, error) { - var err error - const operationName = "ProductSettingsClient.Delete" - ctx = context.WithValue(ctx, runtime.CtxAPINameKey{}, operationName) - ctx, endSpan := runtime.StartSpan(ctx, operationName, client.internal.Tracer(), nil) - defer func() { endSpan(err) }() - req, err := client.deleteCreateRequest(ctx, resourceGroupName, workspaceName, settingsName, options) - if err != nil { - return ProductSettingsClientDeleteResponse{}, err - } - httpResp, err := client.internal.Pipeline().Do(req) - if err != nil { - return ProductSettingsClientDeleteResponse{}, err - } - if !runtime.HasStatusCode(httpResp, http.StatusOK, http.StatusNoContent) { - err = runtime.NewResponseError(httpResp) - return ProductSettingsClientDeleteResponse{}, err - } - return ProductSettingsClientDeleteResponse{}, nil -} - -// deleteCreateRequest creates the Delete request. -func (client *ProductSettingsClient) deleteCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, settingsName string, options *ProductSettingsClientDeleteOptions) (*policy.Request, error) { - urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/settings/{settingsName}" - if client.subscriptionID == "" { - return nil, errors.New("parameter client.subscriptionID cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) - if resourceGroupName == "" { - return nil, errors.New("parameter resourceGroupName cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) - if workspaceName == "" { - return nil, errors.New("parameter workspaceName cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) - if settingsName == "" { - return nil, errors.New("parameter settingsName cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{settingsName}", url.PathEscape(settingsName)) - req, err := runtime.NewRequest(ctx, http.MethodDelete, runtime.JoinPaths(client.internal.Endpoint(), urlPath)) - if err != nil { - return nil, err - } - reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") - req.Raw().URL.RawQuery = reqQP.Encode() - req.Raw().Header["Accept"] = []string{"application/json"} - return req, nil -} - -// Get - Gets a setting. -// If the operation fails it returns an *azcore.ResponseError type. -// -// Generated from API version 2022-09-01-preview -// - resourceGroupName - The name of the resource group. The name is case insensitive. -// - workspaceName - The name of the workspace. -// - settingsName - The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba -// - options - ProductSettingsClientGetOptions contains the optional parameters for the ProductSettingsClient.Get method. -func (client *ProductSettingsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, settingsName string, options *ProductSettingsClientGetOptions) (ProductSettingsClientGetResponse, error) { - var err error - const operationName = "ProductSettingsClient.Get" - ctx = context.WithValue(ctx, runtime.CtxAPINameKey{}, operationName) - ctx, endSpan := runtime.StartSpan(ctx, operationName, client.internal.Tracer(), nil) - defer func() { endSpan(err) }() - req, err := client.getCreateRequest(ctx, resourceGroupName, workspaceName, settingsName, options) - if err != nil { - return ProductSettingsClientGetResponse{}, err - } - httpResp, err := client.internal.Pipeline().Do(req) - if err != nil { - return ProductSettingsClientGetResponse{}, err - } - if !runtime.HasStatusCode(httpResp, http.StatusOK) { - err = runtime.NewResponseError(httpResp) - return ProductSettingsClientGetResponse{}, err - } - resp, err := client.getHandleResponse(httpResp) - return resp, err -} - -// getCreateRequest creates the Get request. -func (client *ProductSettingsClient) getCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, settingsName string, options *ProductSettingsClientGetOptions) (*policy.Request, error) { - urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/settings/{settingsName}" - if client.subscriptionID == "" { - return nil, errors.New("parameter client.subscriptionID cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) - if resourceGroupName == "" { - return nil, errors.New("parameter resourceGroupName cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) - if workspaceName == "" { - return nil, errors.New("parameter workspaceName cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) - if settingsName == "" { - return nil, errors.New("parameter settingsName cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{settingsName}", url.PathEscape(settingsName)) - req, err := runtime.NewRequest(ctx, http.MethodGet, runtime.JoinPaths(client.internal.Endpoint(), urlPath)) - if err != nil { - return nil, err - } - reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") - req.Raw().URL.RawQuery = reqQP.Encode() - req.Raw().Header["Accept"] = []string{"application/json"} - return req, nil -} - -// getHandleResponse handles the Get response. -func (client *ProductSettingsClient) getHandleResponse(resp *http.Response) (ProductSettingsClientGetResponse, error) { - result := ProductSettingsClientGetResponse{} - if err := runtime.UnmarshalAsJSON(resp, &result); err != nil { - return ProductSettingsClientGetResponse{}, err - } - return result, nil -} - -// List - List of all the settings -// If the operation fails it returns an *azcore.ResponseError type. -// -// Generated from API version 2022-09-01-preview -// - resourceGroupName - The name of the resource group. The name is case insensitive. -// - workspaceName - The name of the workspace. -// - options - ProductSettingsClientListOptions contains the optional parameters for the ProductSettingsClient.List method. -func (client *ProductSettingsClient) List(ctx context.Context, resourceGroupName string, workspaceName string, options *ProductSettingsClientListOptions) (ProductSettingsClientListResponse, error) { - var err error - const operationName = "ProductSettingsClient.List" - ctx = context.WithValue(ctx, runtime.CtxAPINameKey{}, operationName) - ctx, endSpan := runtime.StartSpan(ctx, operationName, client.internal.Tracer(), nil) - defer func() { endSpan(err) }() - req, err := client.listCreateRequest(ctx, resourceGroupName, workspaceName, options) - if err != nil { - return ProductSettingsClientListResponse{}, err - } - httpResp, err := client.internal.Pipeline().Do(req) - if err != nil { - return ProductSettingsClientListResponse{}, err - } - if !runtime.HasStatusCode(httpResp, http.StatusOK) { - err = runtime.NewResponseError(httpResp) - return ProductSettingsClientListResponse{}, err - } - resp, err := client.listHandleResponse(httpResp) - return resp, err -} - -// listCreateRequest creates the List request. -func (client *ProductSettingsClient) listCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, options *ProductSettingsClientListOptions) (*policy.Request, error) { - urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/settings" - if client.subscriptionID == "" { - return nil, errors.New("parameter client.subscriptionID cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) - if resourceGroupName == "" { - return nil, errors.New("parameter resourceGroupName cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) - if workspaceName == "" { - return nil, errors.New("parameter workspaceName cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) - req, err := runtime.NewRequest(ctx, http.MethodGet, runtime.JoinPaths(client.internal.Endpoint(), urlPath)) - if err != nil { - return nil, err - } - reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") - req.Raw().URL.RawQuery = reqQP.Encode() - req.Raw().Header["Accept"] = []string{"application/json"} - return req, nil -} - -// listHandleResponse handles the List response. -func (client *ProductSettingsClient) listHandleResponse(resp *http.Response) (ProductSettingsClientListResponse, error) { - result := ProductSettingsClientListResponse{} - if err := runtime.UnmarshalAsJSON(resp, &result.SettingList); err != nil { - return ProductSettingsClientListResponse{}, err - } - return result, nil -} - -// Update - Updates setting. -// If the operation fails it returns an *azcore.ResponseError type. -// -// Generated from API version 2022-09-01-preview -// - resourceGroupName - The name of the resource group. The name is case insensitive. -// - workspaceName - The name of the workspace. -// - settingsName - The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba -// - settings - The setting -// - options - ProductSettingsClientUpdateOptions contains the optional parameters for the ProductSettingsClient.Update method. -func (client *ProductSettingsClient) Update(ctx context.Context, resourceGroupName string, workspaceName string, settingsName string, settings SettingsClassification, options *ProductSettingsClientUpdateOptions) (ProductSettingsClientUpdateResponse, error) { - var err error - const operationName = "ProductSettingsClient.Update" - ctx = context.WithValue(ctx, runtime.CtxAPINameKey{}, operationName) - ctx, endSpan := runtime.StartSpan(ctx, operationName, client.internal.Tracer(), nil) - defer func() { endSpan(err) }() - req, err := client.updateCreateRequest(ctx, resourceGroupName, workspaceName, settingsName, settings, options) - if err != nil { - return ProductSettingsClientUpdateResponse{}, err - } - httpResp, err := client.internal.Pipeline().Do(req) - if err != nil { - return ProductSettingsClientUpdateResponse{}, err - } - if !runtime.HasStatusCode(httpResp, http.StatusOK) { - err = runtime.NewResponseError(httpResp) - return ProductSettingsClientUpdateResponse{}, err - } - resp, err := client.updateHandleResponse(httpResp) - return resp, err -} - -// updateCreateRequest creates the Update request. -func (client *ProductSettingsClient) updateCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, settingsName string, settings SettingsClassification, options *ProductSettingsClientUpdateOptions) (*policy.Request, error) { - urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/settings/{settingsName}" - if client.subscriptionID == "" { - return nil, errors.New("parameter client.subscriptionID cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) - if resourceGroupName == "" { - return nil, errors.New("parameter resourceGroupName cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) - if workspaceName == "" { - return nil, errors.New("parameter workspaceName cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) - if settingsName == "" { - return nil, errors.New("parameter settingsName cannot be empty") - } - urlPath = strings.ReplaceAll(urlPath, "{settingsName}", url.PathEscape(settingsName)) - req, err := runtime.NewRequest(ctx, http.MethodPut, runtime.JoinPaths(client.internal.Endpoint(), urlPath)) - if err != nil { - return nil, err - } - reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") - req.Raw().URL.RawQuery = reqQP.Encode() - req.Raw().Header["Accept"] = []string{"application/json"} - if err := runtime.MarshalAsJSON(req, settings); err != nil { - return nil, err - } - return req, nil -} - -// updateHandleResponse handles the Update response. -func (client *ProductSettingsClient) updateHandleResponse(resp *http.Response) (ProductSettingsClientUpdateResponse, error) { - result := ProductSettingsClientUpdateResponse{} - if err := runtime.UnmarshalAsJSON(resp, &result); err != nil { - return ProductSettingsClientUpdateResponse{}, err - } - return result, nil -} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/productsettings_client_example_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/productsettings_client_example_test.go deleted file mode 100644 index af67c504d9dd..000000000000 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/productsettings_client_example_test.go +++ /dev/null @@ -1,135 +0,0 @@ -//go:build go1.18 -// +build go1.18 - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See License.txt in the project root for license information. -// Code generated by Microsoft (R) AutoRest Code Generator. -// Changes may cause incorrect behavior and will be lost if the code is regenerated. -// DO NOT EDIT. - -package armsecurityinsights_test - -import ( - "context" - "log" - - "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" - "github.com/Azure/azure-sdk-for-go/sdk/azidentity" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" -) - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/settings/GetAllSettings.json -func ExampleProductSettingsClient_List() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewProductSettingsClient().List(ctx, "myRg", "myWorkspace", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res.SettingList = armsecurityinsights.SettingList{ - // Value: []armsecurityinsights.SettingsClassification{ - // &armsecurityinsights.EyesOn{ - // Name: to.Ptr("EyesOn"), - // Type: to.Ptr("Microsoft.SecurityInsights/settings"), - // ID: to.Ptr("/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirInt/providers/Microsoft.SecurityInsights/settings/EyesOn"), - // Kind: to.Ptr(armsecurityinsights.SettingKindEyesOn), - // Properties: &armsecurityinsights.EyesOnSettingsProperties{ - // IsEnabled: to.Ptr(true), - // }, - // }}, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/settings/GetEyesOnSetting.json -func ExampleProductSettingsClient_Get() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewProductSettingsClient().Get(ctx, "myRg", "myWorkspace", "EyesOn", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.ProductSettingsClientGetResponse{ - // SettingsClassification: &armsecurityinsights.EyesOn{ - // Name: to.Ptr("EyesOn"), - // Type: to.Ptr("Microsoft.SecurityInsights/settings"), - // ID: to.Ptr("/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirInt/providers/Microsoft.SecurityInsights/settings/EyesOn"), - // Kind: to.Ptr(armsecurityinsights.SettingKindEyesOn), - // Properties: &armsecurityinsights.EyesOnSettingsProperties{ - // IsEnabled: to.Ptr(true), - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/settings/DeleteEyesOnSetting.json -func ExampleProductSettingsClient_Delete() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - _, err = clientFactory.NewProductSettingsClient().Delete(ctx, "myRg", "myWorkspace", "EyesOn", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/settings/UpdateEyesOnSetting.json -func ExampleProductSettingsClient_Update() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewProductSettingsClient().Update(ctx, "myRg", "myWorkspace", "EyesOn", &armsecurityinsights.EyesOn{ - Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - Kind: to.Ptr(armsecurityinsights.SettingKindEyesOn), - Properties: &armsecurityinsights.EyesOnSettingsProperties{}, - }, nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.ProductSettingsClientUpdateResponse{ - // SettingsClassification: &armsecurityinsights.EyesOn{ - // Name: to.Ptr("EyesOn"), - // Type: to.Ptr("Microsoft.SecurityInsights/settings"), - // ID: to.Ptr("/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirInt/providers/Microsoft.SecurityInsights/settings/EyesOn"), - // Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - // Kind: to.Ptr(armsecurityinsights.SettingKindEyesOn), - // Properties: &armsecurityinsights.EyesOnSettingsProperties{ - // IsEnabled: to.Ptr(true), - // }, - // }, - // } -} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/ipgeodata_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/producttemplate_client.go similarity index 51% rename from sdk/resourcemanager/securityinsights/armsecurityinsights/ipgeodata_client.go rename to sdk/resourcemanager/securityinsights/armsecurityinsights/producttemplate_client.go index 5b0a50973f67..644b93c13e5b 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/ipgeodata_client.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/producttemplate_client.go @@ -20,61 +20,62 @@ import ( "strings" ) -// IPGeodataClient contains the methods for the IPGeodata group. -// Don't use this type directly, use NewIPGeodataClient() instead. -type IPGeodataClient struct { +// ProductTemplateClient contains the methods for the ProductTemplate group. +// Don't use this type directly, use NewProductTemplateClient() instead. +type ProductTemplateClient struct { internal *arm.Client subscriptionID string } -// NewIPGeodataClient creates a new instance of IPGeodataClient with the specified values. -// - subscriptionID - The ID of the target subscription. +// NewProductTemplateClient creates a new instance of ProductTemplateClient with the specified values. +// - subscriptionID - The ID of the target subscription. The value must be an UUID. // - credential - used to authorize requests. Usually a credential from azidentity. // - options - pass nil to accept the default values. -func NewIPGeodataClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*IPGeodataClient, error) { +func NewProductTemplateClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*ProductTemplateClient, error) { cl, err := arm.NewClient(moduleName, moduleVersion, credential, options) if err != nil { return nil, err } - client := &IPGeodataClient{ + client := &ProductTemplateClient{ subscriptionID: subscriptionID, internal: cl, } return client, nil } -// Get - Get geodata for a single IP address +// Get - Gets a template by its identifier. // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. -// - ipAddress - IP address (v4 or v6) to be enriched -// - options - IPGeodataClientGetOptions contains the optional parameters for the IPGeodataClient.Get method. -func (client *IPGeodataClient) Get(ctx context.Context, resourceGroupName string, ipAddress string, options *IPGeodataClientGetOptions) (IPGeodataClientGetResponse, error) { +// - workspaceName - The name of the workspace. +// - templateID - template Id +// - options - ProductTemplateClientGetOptions contains the optional parameters for the ProductTemplateClient.Get method. +func (client *ProductTemplateClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, templateID string, options *ProductTemplateClientGetOptions) (ProductTemplateClientGetResponse, error) { var err error - const operationName = "IPGeodataClient.Get" + const operationName = "ProductTemplateClient.Get" ctx = context.WithValue(ctx, runtime.CtxAPINameKey{}, operationName) ctx, endSpan := runtime.StartSpan(ctx, operationName, client.internal.Tracer(), nil) defer func() { endSpan(err) }() - req, err := client.getCreateRequest(ctx, resourceGroupName, ipAddress, options) + req, err := client.getCreateRequest(ctx, resourceGroupName, workspaceName, templateID, options) if err != nil { - return IPGeodataClientGetResponse{}, err + return ProductTemplateClientGetResponse{}, err } httpResp, err := client.internal.Pipeline().Do(req) if err != nil { - return IPGeodataClientGetResponse{}, err + return ProductTemplateClientGetResponse{}, err } if !runtime.HasStatusCode(httpResp, http.StatusOK) { err = runtime.NewResponseError(httpResp) - return IPGeodataClientGetResponse{}, err + return ProductTemplateClientGetResponse{}, err } resp, err := client.getHandleResponse(httpResp) return resp, err } // getCreateRequest creates the Get request. -func (client *IPGeodataClient) getCreateRequest(ctx context.Context, resourceGroupName string, ipAddress string, options *IPGeodataClientGetOptions) (*policy.Request, error) { - urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.SecurityInsights/enrichment/ip/geodata/" +func (client *ProductTemplateClient) getCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, templateID string, options *ProductTemplateClientGetOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentproducttemplates/{templateId}" if client.subscriptionID == "" { return nil, errors.New("parameter client.subscriptionID cannot be empty") } @@ -83,23 +84,30 @@ func (client *IPGeodataClient) getCreateRequest(ctx context.Context, resourceGro return nil, errors.New("parameter resourceGroupName cannot be empty") } urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) + if workspaceName == "" { + return nil, errors.New("parameter workspaceName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) + if templateID == "" { + return nil, errors.New("parameter templateID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{templateId}", url.PathEscape(templateID)) req, err := runtime.NewRequest(ctx, http.MethodGet, runtime.JoinPaths(client.internal.Endpoint(), urlPath)) if err != nil { return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") - reqQP.Set("ipAddress", ipAddress) + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil } // getHandleResponse handles the Get response. -func (client *IPGeodataClient) getHandleResponse(resp *http.Response) (IPGeodataClientGetResponse, error) { - result := IPGeodataClientGetResponse{} - if err := runtime.UnmarshalAsJSON(resp, &result.EnrichmentIPGeodata); err != nil { - return IPGeodataClientGetResponse{}, err +func (client *ProductTemplateClient) getHandleResponse(resp *http.Response) (ProductTemplateClientGetResponse, error) { + result := ProductTemplateClientGetResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result.ProductTemplateModel); err != nil { + return ProductTemplateClientGetResponse{}, err } return result, nil } diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/producttemplates_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/producttemplates_client.go new file mode 100644 index 000000000000..f6b8a8ca7f80 --- /dev/null +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/producttemplates_client.go @@ -0,0 +1,131 @@ +//go:build go1.18 +// +build go1.18 + +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. See License.txt in the project root for license information. +// Code generated by Microsoft (R) AutoRest Code Generator. DO NOT EDIT. +// Changes may cause incorrect behavior and will be lost if the code is regenerated. + +package armsecurityinsights + +import ( + "context" + "errors" + "github.com/Azure/azure-sdk-for-go/sdk/azcore" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/arm" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/policy" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime" + "net/http" + "net/url" + "strconv" + "strings" +) + +// ProductTemplatesClient contains the methods for the ProductTemplates group. +// Don't use this type directly, use NewProductTemplatesClient() instead. +type ProductTemplatesClient struct { + internal *arm.Client + subscriptionID string +} + +// NewProductTemplatesClient creates a new instance of ProductTemplatesClient with the specified values. +// - subscriptionID - The ID of the target subscription. The value must be an UUID. +// - credential - used to authorize requests. Usually a credential from azidentity. +// - options - pass nil to accept the default values. +func NewProductTemplatesClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*ProductTemplatesClient, error) { + cl, err := arm.NewClient(moduleName, moduleVersion, credential, options) + if err != nil { + return nil, err + } + client := &ProductTemplatesClient{ + subscriptionID: subscriptionID, + internal: cl, + } + return client, nil +} + +// NewListPager - Gets all templates in the catalog. +// +// Generated from API version 2024-09-01 +// - resourceGroupName - The name of the resource group. The name is case insensitive. +// - workspaceName - The name of the workspace. +// - options - ProductTemplatesClientListOptions contains the optional parameters for the ProductTemplatesClient.NewListPager +// method. +func (client *ProductTemplatesClient) NewListPager(resourceGroupName string, workspaceName string, options *ProductTemplatesClientListOptions) *runtime.Pager[ProductTemplatesClientListResponse] { + return runtime.NewPager(runtime.PagingHandler[ProductTemplatesClientListResponse]{ + More: func(page ProductTemplatesClientListResponse) bool { + return page.NextLink != nil && len(*page.NextLink) > 0 + }, + Fetcher: func(ctx context.Context, page *ProductTemplatesClientListResponse) (ProductTemplatesClientListResponse, error) { + ctx = context.WithValue(ctx, runtime.CtxAPINameKey{}, "ProductTemplatesClient.NewListPager") + nextLink := "" + if page != nil { + nextLink = *page.NextLink + } + resp, err := runtime.FetcherForNextLink(ctx, client.internal.Pipeline(), nextLink, func(ctx context.Context) (*policy.Request, error) { + return client.listCreateRequest(ctx, resourceGroupName, workspaceName, options) + }, nil) + if err != nil { + return ProductTemplatesClientListResponse{}, err + } + return client.listHandleResponse(resp) + }, + Tracer: client.internal.Tracer(), + }) +} + +// listCreateRequest creates the List request. +func (client *ProductTemplatesClient) listCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, options *ProductTemplatesClientListOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/contentProductTemplates" + if client.subscriptionID == "" { + return nil, errors.New("parameter client.subscriptionID cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(client.subscriptionID)) + if resourceGroupName == "" { + return nil, errors.New("parameter resourceGroupName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{resourceGroupName}", url.PathEscape(resourceGroupName)) + if workspaceName == "" { + return nil, errors.New("parameter workspaceName cannot be empty") + } + urlPath = strings.ReplaceAll(urlPath, "{workspaceName}", url.PathEscape(workspaceName)) + req, err := runtime.NewRequest(ctx, http.MethodGet, runtime.JoinPaths(client.internal.Endpoint(), urlPath)) + if err != nil { + return nil, err + } + reqQP := req.Raw().URL.Query() + if options != nil && options.Count != nil { + reqQP.Set("$count", strconv.FormatBool(*options.Count)) + } + if options != nil && options.Filter != nil { + reqQP.Set("$filter", *options.Filter) + } + if options != nil && options.Orderby != nil { + reqQP.Set("$orderby", *options.Orderby) + } + if options != nil && options.Search != nil { + reqQP.Set("$search", *options.Search) + } + if options != nil && options.Skip != nil { + reqQP.Set("$skip", strconv.FormatInt(int64(*options.Skip), 10)) + } + if options != nil && options.SkipToken != nil { + reqQP.Set("$skipToken", *options.SkipToken) + } + if options != nil && options.Top != nil { + reqQP.Set("$top", strconv.FormatInt(int64(*options.Top), 10)) + } + reqQP.Set("api-version", "2024-09-01") + req.Raw().URL.RawQuery = reqQP.Encode() + req.Raw().Header["Accept"] = []string{"application/json"} + return req, nil +} + +// listHandleResponse handles the List response. +func (client *ProductTemplatesClient) listHandleResponse(resp *http.Response) (ProductTemplatesClientListResponse, error) { + result := ProductTemplatesClientListResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result.ProductTemplateList); err != nil { + return ProductTemplatesClientListResponse{}, err + } + return result, nil +} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/responses.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/responses.go index d6afad42cbd6..e739128d835a 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/responses.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/responses.go @@ -117,35 +117,6 @@ type AutomationRulesClientListResponse struct { AutomationRulesList } -// BookmarkClientExpandResponse contains the response from method BookmarkClient.Expand. -type BookmarkClientExpandResponse struct { - // The entity expansion result operation response. - BookmarkExpandResponse -} - -// BookmarkRelationsClientCreateOrUpdateResponse contains the response from method BookmarkRelationsClient.CreateOrUpdate. -type BookmarkRelationsClientCreateOrUpdateResponse struct { - // Represents a relation between two resources - Relation -} - -// BookmarkRelationsClientDeleteResponse contains the response from method BookmarkRelationsClient.Delete. -type BookmarkRelationsClientDeleteResponse struct { - // placeholder for future response values -} - -// BookmarkRelationsClientGetResponse contains the response from method BookmarkRelationsClient.Get. -type BookmarkRelationsClientGetResponse struct { - // Represents a relation between two resources - Relation -} - -// BookmarkRelationsClientListResponse contains the response from method BookmarkRelationsClient.NewListPager. -type BookmarkRelationsClientListResponse struct { - // List of relations. - RelationList -} - // BookmarksClientCreateOrUpdateResponse contains the response from method BookmarksClient.CreateOrUpdate. type BookmarksClientCreateOrUpdateResponse struct { // Represents a bookmark in Azure Security Insights. @@ -169,222 +140,143 @@ type BookmarksClientListResponse struct { BookmarkList } -// DataConnectorsCheckRequirementsClientPostResponse contains the response from method DataConnectorsCheckRequirementsClient.Post. -type DataConnectorsCheckRequirementsClientPostResponse struct { - // Data connector requirements status. - DataConnectorRequirementsState +// ContentPackageClientInstallResponse contains the response from method ContentPackageClient.Install. +type ContentPackageClientInstallResponse struct { + // Represents a Package in Azure Security Insights. + PackageModel } -// DataConnectorsClientConnectResponse contains the response from method DataConnectorsClient.Connect. -type DataConnectorsClientConnectResponse struct { +// ContentPackageClientUninstallResponse contains the response from method ContentPackageClient.Uninstall. +type ContentPackageClientUninstallResponse struct { // placeholder for future response values } -// DataConnectorsClientCreateOrUpdateResponse contains the response from method DataConnectorsClient.CreateOrUpdate. -type DataConnectorsClientCreateOrUpdateResponse struct { - // Data connector - DataConnectorClassification +// ContentPackagesClientGetResponse contains the response from method ContentPackagesClient.Get. +type ContentPackagesClientGetResponse struct { + // Represents a Package in Azure Security Insights. + PackageModel } -// UnmarshalJSON implements the json.Unmarshaller interface for type DataConnectorsClientCreateOrUpdateResponse. -func (d *DataConnectorsClientCreateOrUpdateResponse) UnmarshalJSON(data []byte) error { - res, err := unmarshalDataConnectorClassification(data) - if err != nil { - return err - } - d.DataConnectorClassification = res - return nil -} - -// DataConnectorsClientDeleteResponse contains the response from method DataConnectorsClient.Delete. -type DataConnectorsClientDeleteResponse struct { - // placeholder for future response values +// ContentPackagesClientListResponse contains the response from method ContentPackagesClient.NewListPager. +type ContentPackagesClientListResponse struct { + // List available packages. + PackageList } -// DataConnectorsClientDisconnectResponse contains the response from method DataConnectorsClient.Disconnect. -type DataConnectorsClientDisconnectResponse struct { +// ContentTemplateClientDeleteResponse contains the response from method ContentTemplateClient.Delete. +type ContentTemplateClientDeleteResponse struct { // placeholder for future response values } -// DataConnectorsClientGetResponse contains the response from method DataConnectorsClient.Get. -type DataConnectorsClientGetResponse struct { - // Data connector - DataConnectorClassification -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type DataConnectorsClientGetResponse. -func (d *DataConnectorsClientGetResponse) UnmarshalJSON(data []byte) error { - res, err := unmarshalDataConnectorClassification(data) - if err != nil { - return err - } - d.DataConnectorClassification = res - return nil -} - -// DataConnectorsClientListResponse contains the response from method DataConnectorsClient.NewListPager. -type DataConnectorsClientListResponse struct { - // List all the data connectors. - DataConnectorList -} - -// DomainWhoisClientGetResponse contains the response from method DomainWhoisClient.Get. -type DomainWhoisClientGetResponse struct { - // Whois information for a given domain and associated metadata - EnrichmentDomainWhois +// ContentTemplateClientGetResponse contains the response from method ContentTemplateClient.Get. +type ContentTemplateClientGetResponse struct { + // Template resource definition. + TemplateModel } -// EntitiesClientExpandResponse contains the response from method EntitiesClient.Expand. -type EntitiesClientExpandResponse struct { - // The entity expansion result operation response. - EntityExpandResponse +// ContentTemplateClientInstallResponse contains the response from method ContentTemplateClient.Install. +type ContentTemplateClientInstallResponse struct { + // Template resource definition. + TemplateModel } -// EntitiesClientGetInsightsResponse contains the response from method EntitiesClient.GetInsights. -type EntitiesClientGetInsightsResponse struct { - // The Get Insights result operation response. - EntityGetInsightsResponse +// ContentTemplatesClientListResponse contains the response from method ContentTemplatesClient.NewListPager. +type ContentTemplatesClientListResponse struct { + // List of all the template. + TemplateList } -// EntitiesClientGetResponse contains the response from method EntitiesClient.Get. -type EntitiesClientGetResponse struct { - // Specific entity. - EntityClassification +// DataConnectorDefinitionsClientCreateOrUpdateResponse contains the response from method DataConnectorDefinitionsClient.CreateOrUpdate. +type DataConnectorDefinitionsClientCreateOrUpdateResponse struct { + // An Azure resource, which encapsulate the entire info requires to display a data connector page in Azure portal, + // and the info required to define data connections. + DataConnectorDefinitionClassification } -// UnmarshalJSON implements the json.Unmarshaller interface for type EntitiesClientGetResponse. -func (e *EntitiesClientGetResponse) UnmarshalJSON(data []byte) error { - res, err := unmarshalEntityClassification(data) +// UnmarshalJSON implements the json.Unmarshaller interface for type DataConnectorDefinitionsClientCreateOrUpdateResponse. +func (d *DataConnectorDefinitionsClientCreateOrUpdateResponse) UnmarshalJSON(data []byte) error { + res, err := unmarshalDataConnectorDefinitionClassification(data) if err != nil { return err } - e.EntityClassification = res + d.DataConnectorDefinitionClassification = res return nil } -// EntitiesClientListResponse contains the response from method EntitiesClient.NewListPager. -type EntitiesClientListResponse struct { - // List of all the entities. - EntityList -} - -// EntitiesClientQueriesResponse contains the response from method EntitiesClient.Queries. -type EntitiesClientQueriesResponse struct { - // Retrieve queries for entity result operation response. - GetQueriesResponse -} - -// EntitiesGetTimelineClientListResponse contains the response from method EntitiesGetTimelineClient.List. -type EntitiesGetTimelineClientListResponse struct { - // The entity timeline result operation response. - EntityTimelineResponse -} - -// EntitiesRelationsClientListResponse contains the response from method EntitiesRelationsClient.NewListPager. -type EntitiesRelationsClientListResponse struct { - // List of relations. - RelationList +// DataConnectorDefinitionsClientDeleteResponse contains the response from method DataConnectorDefinitionsClient.Delete. +type DataConnectorDefinitionsClientDeleteResponse struct { + // placeholder for future response values } -// EntityQueriesClientCreateOrUpdateResponse contains the response from method EntityQueriesClient.CreateOrUpdate. -type EntityQueriesClientCreateOrUpdateResponse struct { - // Specific entity query. - EntityQueryClassification +// DataConnectorDefinitionsClientGetResponse contains the response from method DataConnectorDefinitionsClient.Get. +type DataConnectorDefinitionsClientGetResponse struct { + // An Azure resource, which encapsulate the entire info requires to display a data connector page in Azure portal, + // and the info required to define data connections. + DataConnectorDefinitionClassification } -// UnmarshalJSON implements the json.Unmarshaller interface for type EntityQueriesClientCreateOrUpdateResponse. -func (e *EntityQueriesClientCreateOrUpdateResponse) UnmarshalJSON(data []byte) error { - res, err := unmarshalEntityQueryClassification(data) +// UnmarshalJSON implements the json.Unmarshaller interface for type DataConnectorDefinitionsClientGetResponse. +func (d *DataConnectorDefinitionsClientGetResponse) UnmarshalJSON(data []byte) error { + res, err := unmarshalDataConnectorDefinitionClassification(data) if err != nil { return err } - e.EntityQueryClassification = res + d.DataConnectorDefinitionClassification = res return nil } -// EntityQueriesClientDeleteResponse contains the response from method EntityQueriesClient.Delete. -type EntityQueriesClientDeleteResponse struct { - // placeholder for future response values +// DataConnectorDefinitionsClientListResponse contains the response from method DataConnectorDefinitionsClient.NewListPager. +type DataConnectorDefinitionsClientListResponse struct { + // Encapsulate the data connector definition object + DataConnectorDefinitionArmCollectionWrapper } -// EntityQueriesClientGetResponse contains the response from method EntityQueriesClient.Get. -type EntityQueriesClientGetResponse struct { - // Specific entity query. - EntityQueryClassification +// DataConnectorsClientCreateOrUpdateResponse contains the response from method DataConnectorsClient.CreateOrUpdate. +type DataConnectorsClientCreateOrUpdateResponse struct { + // Data connector. + DataConnectorClassification } -// UnmarshalJSON implements the json.Unmarshaller interface for type EntityQueriesClientGetResponse. -func (e *EntityQueriesClientGetResponse) UnmarshalJSON(data []byte) error { - res, err := unmarshalEntityQueryClassification(data) +// UnmarshalJSON implements the json.Unmarshaller interface for type DataConnectorsClientCreateOrUpdateResponse. +func (d *DataConnectorsClientCreateOrUpdateResponse) UnmarshalJSON(data []byte) error { + res, err := unmarshalDataConnectorClassification(data) if err != nil { return err } - e.EntityQueryClassification = res + d.DataConnectorClassification = res return nil } -// EntityQueriesClientListResponse contains the response from method EntityQueriesClient.NewListPager. -type EntityQueriesClientListResponse struct { - // List of all the entity queries. - EntityQueryList +// DataConnectorsClientDeleteResponse contains the response from method DataConnectorsClient.Delete. +type DataConnectorsClientDeleteResponse struct { + // placeholder for future response values } -// EntityQueryTemplatesClientGetResponse contains the response from method EntityQueryTemplatesClient.Get. -type EntityQueryTemplatesClientGetResponse struct { - // Specific entity query template. - EntityQueryTemplateClassification +// DataConnectorsClientGetResponse contains the response from method DataConnectorsClient.Get. +type DataConnectorsClientGetResponse struct { + // Data connector. + DataConnectorClassification } -// UnmarshalJSON implements the json.Unmarshaller interface for type EntityQueryTemplatesClientGetResponse. -func (e *EntityQueryTemplatesClientGetResponse) UnmarshalJSON(data []byte) error { - res, err := unmarshalEntityQueryTemplateClassification(data) +// UnmarshalJSON implements the json.Unmarshaller interface for type DataConnectorsClientGetResponse. +func (d *DataConnectorsClientGetResponse) UnmarshalJSON(data []byte) error { + res, err := unmarshalDataConnectorClassification(data) if err != nil { return err } - e.EntityQueryTemplateClassification = res + d.DataConnectorClassification = res return nil } -// EntityQueryTemplatesClientListResponse contains the response from method EntityQueryTemplatesClient.NewListPager. -type EntityQueryTemplatesClientListResponse struct { - // List of all the entity query templates. - EntityQueryTemplateList -} - -// EntityRelationsClientGetRelationResponse contains the response from method EntityRelationsClient.GetRelation. -type EntityRelationsClientGetRelationResponse struct { - // Represents a relation between two resources - Relation -} - -// FileImportsClientCreateResponse contains the response from method FileImportsClient.Create. -type FileImportsClientCreateResponse struct { - // Represents a file import in Azure Security Insights. - FileImport -} - -// FileImportsClientDeleteResponse contains the response from method FileImportsClient.BeginDelete. -type FileImportsClientDeleteResponse struct { - // Represents a file import in Azure Security Insights. - FileImport -} - -// FileImportsClientGetResponse contains the response from method FileImportsClient.Get. -type FileImportsClientGetResponse struct { - // Represents a file import in Azure Security Insights. - FileImport -} - -// FileImportsClientListResponse contains the response from method FileImportsClient.NewListPager. -type FileImportsClientListResponse struct { - // List all the file imports. - FileImportList +// DataConnectorsClientListResponse contains the response from method DataConnectorsClient.NewListPager. +type DataConnectorsClientListResponse struct { + // List all the data connectors. + DataConnectorList } -// IPGeodataClientGetResponse contains the response from method IPGeodataClient.Get. -type IPGeodataClientGetResponse struct { - // Geodata information for a given IP address - EnrichmentIPGeodata +// EntitiesClientRunPlaybookResponse contains the response from method EntitiesClient.RunPlaybook. +type EntitiesClientRunPlaybookResponse struct { + // placeholder for future response values } // IncidentCommentsClientCreateOrUpdateResponse contains the response from method IncidentCommentsClient.CreateOrUpdate. @@ -433,18 +325,35 @@ type IncidentRelationsClientListResponse struct { RelationList } +// IncidentTasksClientCreateOrUpdateResponse contains the response from method IncidentTasksClient.CreateOrUpdate. +type IncidentTasksClientCreateOrUpdateResponse struct { + // Describes incident task properties + IncidentTask +} + +// IncidentTasksClientDeleteResponse contains the response from method IncidentTasksClient.Delete. +type IncidentTasksClientDeleteResponse struct { + // placeholder for future response values +} + +// IncidentTasksClientGetResponse contains the response from method IncidentTasksClient.Get. +type IncidentTasksClientGetResponse struct { + // Describes incident task properties + IncidentTask +} + +// IncidentTasksClientListResponse contains the response from method IncidentTasksClient.NewListPager. +type IncidentTasksClientListResponse struct { + // List of incident tasks + IncidentTaskList +} + // IncidentsClientCreateOrUpdateResponse contains the response from method IncidentsClient.CreateOrUpdate. type IncidentsClientCreateOrUpdateResponse struct { // Represents an incident in Azure Security Insights. Incident } -// IncidentsClientCreateTeamResponse contains the response from method IncidentsClient.CreateTeam. -type IncidentsClientCreateTeamResponse struct { - // Describes team information - TeamInformation -} - // IncidentsClientDeleteResponse contains the response from method IncidentsClient.Delete. type IncidentsClientDeleteResponse struct { // placeholder for future response values @@ -482,8 +391,7 @@ type IncidentsClientListResponse struct { // IncidentsClientRunPlaybookResponse contains the response from method IncidentsClient.RunPlaybook. type IncidentsClientRunPlaybookResponse struct { - // Anything - Interface any + // placeholder for future response values } // MetadataClientCreateResponse contains the response from method MetadataClient.Create. @@ -515,70 +423,34 @@ type MetadataClientUpdateResponse struct { MetadataModel } -// OfficeConsentsClientDeleteResponse contains the response from method OfficeConsentsClient.Delete. -type OfficeConsentsClientDeleteResponse struct { - // placeholder for future response values -} - -// OfficeConsentsClientGetResponse contains the response from method OfficeConsentsClient.Get. -type OfficeConsentsClientGetResponse struct { - // Consent for Office365 tenant that already made. - OfficeConsent -} - -// OfficeConsentsClientListResponse contains the response from method OfficeConsentsClient.NewListPager. -type OfficeConsentsClientListResponse struct { - // List of all the office365 consents. - OfficeConsentList -} - // OperationsClientListResponse contains the response from method OperationsClient.NewListPager. type OperationsClientListResponse struct { // Lists the operations available in the SecurityInsights RP. OperationsList } -// ProductSettingsClientDeleteResponse contains the response from method ProductSettingsClient.Delete. -type ProductSettingsClientDeleteResponse struct { - // placeholder for future response values -} - -// ProductSettingsClientGetResponse contains the response from method ProductSettingsClient.Get. -type ProductSettingsClientGetResponse struct { - // The Setting. - SettingsClassification -} - -// UnmarshalJSON implements the json.Unmarshaller interface for type ProductSettingsClientGetResponse. -func (p *ProductSettingsClientGetResponse) UnmarshalJSON(data []byte) error { - res, err := unmarshalSettingsClassification(data) - if err != nil { - return err - } - p.SettingsClassification = res - return nil +// ProductPackageClientGetResponse contains the response from method ProductPackageClient.Get. +type ProductPackageClientGetResponse struct { + // Represents a Package in Azure Security Insights. + ProductPackageModel } -// ProductSettingsClientListResponse contains the response from method ProductSettingsClient.List. -type ProductSettingsClientListResponse struct { - // List of all the settings. - SettingList +// ProductPackagesClientListResponse contains the response from method ProductPackagesClient.NewListPager. +type ProductPackagesClientListResponse struct { + // List available packages. + ProductPackageList } -// ProductSettingsClientUpdateResponse contains the response from method ProductSettingsClient.Update. -type ProductSettingsClientUpdateResponse struct { - // The Setting. - SettingsClassification +// ProductTemplateClientGetResponse contains the response from method ProductTemplateClient.Get. +type ProductTemplateClientGetResponse struct { + // Template resource definition. + ProductTemplateModel } -// UnmarshalJSON implements the json.Unmarshaller interface for type ProductSettingsClientUpdateResponse. -func (p *ProductSettingsClientUpdateResponse) UnmarshalJSON(data []byte) error { - res, err := unmarshalSettingsClassification(data) - if err != nil { - return err - } - p.SettingsClassification = res - return nil +// ProductTemplatesClientListResponse contains the response from method ProductTemplatesClient.NewListPager. +type ProductTemplatesClientListResponse struct { + // List of all the template. + ProductTemplateList } // SecurityMLAnalyticsSettingsClientCreateOrUpdateResponse contains the response from method SecurityMLAnalyticsSettingsClient.CreateOrUpdate. @@ -661,7 +533,8 @@ type SourceControlsClientCreateResponse struct { // SourceControlsClientDeleteResponse contains the response from method SourceControlsClient.Delete. type SourceControlsClientDeleteResponse struct { - // placeholder for future response values + // Warning response structure. + Warning } // SourceControlsClientGetResponse contains the response from method SourceControlsClient.Get. @@ -770,7 +643,7 @@ type ThreatIntelligenceIndicatorsClientListResponse struct { // WatchlistItemsClientCreateOrUpdateResponse contains the response from method WatchlistItemsClient.CreateOrUpdate. type WatchlistItemsClientCreateOrUpdateResponse struct { - // Represents a Watchlist item in Azure Security Insights. + // Represents a Watchlist Item in Azure Security Insights. WatchlistItem } @@ -781,7 +654,7 @@ type WatchlistItemsClientDeleteResponse struct { // WatchlistItemsClientGetResponse contains the response from method WatchlistItemsClient.Get. type WatchlistItemsClientGetResponse struct { - // Represents a Watchlist item in Azure Security Insights. + // Represents a Watchlist Item in Azure Security Insights. WatchlistItem } @@ -791,19 +664,15 @@ type WatchlistItemsClientListResponse struct { WatchlistItemList } -// WatchlistsClientCreateOrUpdateResponse contains the response from method WatchlistsClient.CreateOrUpdate. +// WatchlistsClientCreateOrUpdateResponse contains the response from method WatchlistsClient.BeginCreateOrUpdate. type WatchlistsClientCreateOrUpdateResponse struct { // Represents a Watchlist in Azure Security Insights. Watchlist - - // AzureAsyncOperation contains the information returned from the Azure-AsyncOperation header response. - AzureAsyncOperation *string } -// WatchlistsClientDeleteResponse contains the response from method WatchlistsClient.Delete. +// WatchlistsClientDeleteResponse contains the response from method WatchlistsClient.BeginDelete. type WatchlistsClientDeleteResponse struct { - // AzureAsyncOperation contains the information returned from the Azure-AsyncOperation header response. - AzureAsyncOperation *string + // placeholder for future response values } // WatchlistsClientGetResponse contains the response from method WatchlistsClient.Get. diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/securitymlanalyticssettings_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/securitymlanalyticssettings_client.go index 3a99d0e445ac..18e964de639f 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/securitymlanalyticssettings_client.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/securitymlanalyticssettings_client.go @@ -28,7 +28,7 @@ type SecurityMLAnalyticsSettingsClient struct { } // NewSecurityMLAnalyticsSettingsClient creates a new instance of SecurityMLAnalyticsSettingsClient with the specified values. -// - subscriptionID - The ID of the target subscription. +// - subscriptionID - The ID of the target subscription. The value must be an UUID. // - credential - used to authorize requests. Usually a credential from azidentity. // - options - pass nil to accept the default values. func NewSecurityMLAnalyticsSettingsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*SecurityMLAnalyticsSettingsClient, error) { @@ -46,7 +46,7 @@ func NewSecurityMLAnalyticsSettingsClient(subscriptionID string, credential azco // CreateOrUpdate - Creates or updates the Security ML Analytics Settings. // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. // - settingsResourceName - Security ML Analytics Settings resource name @@ -99,7 +99,7 @@ func (client *SecurityMLAnalyticsSettingsClient) createOrUpdateCreateRequest(ctx return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} if err := runtime.MarshalAsJSON(req, securityMLAnalyticsSetting); err != nil { @@ -120,7 +120,7 @@ func (client *SecurityMLAnalyticsSettingsClient) createOrUpdateHandleResponse(re // Delete - Delete the Security ML Analytics Settings. // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. // - settingsResourceName - Security ML Analytics Settings resource name @@ -171,7 +171,7 @@ func (client *SecurityMLAnalyticsSettingsClient) deleteCreateRequest(ctx context return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil @@ -180,7 +180,7 @@ func (client *SecurityMLAnalyticsSettingsClient) deleteCreateRequest(ctx context // Get - Gets the Security ML Analytics Settings. // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. // - settingsResourceName - Security ML Analytics Settings resource name @@ -232,7 +232,7 @@ func (client *SecurityMLAnalyticsSettingsClient) getCreateRequest(ctx context.Co return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil @@ -249,7 +249,7 @@ func (client *SecurityMLAnalyticsSettingsClient) getHandleResponse(resp *http.Re // NewListPager - Gets all Security ML Analytics Settings. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. // - options - SecurityMLAnalyticsSettingsClientListOptions contains the optional parameters for the SecurityMLAnalyticsSettingsClient.NewListPager @@ -297,7 +297,7 @@ func (client *SecurityMLAnalyticsSettingsClient) listCreateRequest(ctx context.C return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/securitymlanalyticssettings_client_example_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/securitymlanalyticssettings_client_example_test.go deleted file mode 100644 index 31e18e77befb..000000000000 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/securitymlanalyticssettings_client_example_test.go +++ /dev/null @@ -1,399 +0,0 @@ -//go:build go1.18 -// +build go1.18 - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See License.txt in the project root for license information. -// Code generated by Microsoft (R) AutoRest Code Generator. -// Changes may cause incorrect behavior and will be lost if the code is regenerated. -// DO NOT EDIT. - -package armsecurityinsights_test - -import ( - "context" - "log" - - "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" - "github.com/Azure/azure-sdk-for-go/sdk/azidentity" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" -) - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/securityMLAnalyticsSettings/GetAllSecurityMLAnalyticsSettings.json -func ExampleSecurityMLAnalyticsSettingsClient_NewListPager() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - pager := clientFactory.NewSecurityMLAnalyticsSettingsClient().NewListPager("myRg", "myWorkspace", nil) - for pager.More() { - page, err := pager.NextPage(ctx) - if err != nil { - log.Fatalf("failed to advance page: %v", err) - } - for _, v := range page.Value { - // You could use page here. We use blank identifier for just demo purposes. - _ = v - } - // If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // page.SecurityMLAnalyticsSettingsList = armsecurityinsights.SecurityMLAnalyticsSettingsList{ - // Value: []armsecurityinsights.SecurityMLAnalyticsSettingClassification{ - // &armsecurityinsights.AnomalySecurityMLAnalyticsSettings{ - // Name: to.Ptr("f209187f-1d17-4431-94af-c141bf5f23db"), - // Type: to.Ptr("Microsoft.SecurityInsights/securityMLAnalyticsSettings"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/f209187f-1d17-4431-94af-c141bf5f23db"), - // Etag: to.Ptr("\"260090e2-0000-0d00-0000-5d6fb8670000\""), - // Kind: to.Ptr(armsecurityinsights.SecurityMLAnalyticsSettingsKindAnomaly), - // Properties: &armsecurityinsights.AnomalySecurityMLAnalyticsSettingsProperties{ - // Description: to.Ptr("When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered."), - // AnomalySettingsVersion: to.Ptr[int32](0), - // AnomalyVersion: to.Ptr("1.0.5"), - // CustomizableObservations: map[string]any{ - // "multiSelectObservations": nil, - // "prioritizeExcludeObservations": nil, - // "singleSelectObservations":[]any{ - // map[string]any{ - // "name": "Device vendor", - // "description": "Select device vendor of network connection logs from CommonSecurityLog", - // "rerun": "RerunAlways", - // "sequenceNumber": float64(1), - // "supportedValues":[]any{ - // "Palo Alto Networks", - // "Fortinet", - // "Check Point", - // }, - // "supportedValuesKql": nil, - // "value":[]any{ - // "Palo Alto Networks", - // }, - // "valuesKql": nil, - // }, - // }, - // "singleValueObservations": nil, - // "thresholdObservations":[]any{ - // map[string]any{ - // "name": "Daily data transfer threshold in MB", - // "description": "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value", - // "maximum": "100", - // "minimum": "1", - // "rerun": "RerunAlways", - // "sequenceNumber": float64(1), - // "value": "25", - // }, - // map[string]any{ - // "name": "Number of standard deviations", - // "description": "Triggers anomalies when number of standard deviations is greater than the chosen value", - // "maximum": "10", - // "minimum": "2", - // "rerun": "RerunAlways", - // "sequenceNumber": float64(2), - // "value": "3", - // }, - // }, - // }, - // DisplayName: to.Ptr("Login from unusual region"), - // Enabled: to.Ptr(true), - // Frequency: to.Ptr("PT1H"), - // IsDefaultSettings: to.Ptr(true), - // LastModifiedUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-10-20T13:13:11.534Z"); return t}()), - // RequiredDataConnectors: []*armsecurityinsights.SecurityMLAnalyticsSettingsDataSource{ - // { - // ConnectorID: to.Ptr("AWS"), - // DataTypes: []*string{ - // to.Ptr("AWSCloudTrail")}, - // }}, - // SettingsDefinitionID: to.Ptr("f209187f-1d17-4431-94af-c141bf5f23db"), - // SettingsStatus: to.Ptr(armsecurityinsights.SettingsStatusProduction), - // Tactics: []*armsecurityinsights.AttackTactic{ - // to.Ptr(armsecurityinsights.AttackTacticExfiltration), - // to.Ptr(armsecurityinsights.AttackTacticCommandAndControl)}, - // Techniques: []*string{ - // to.Ptr("T1037"), - // to.Ptr("T1021")}, - // }, - // }}, - // } - } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/securityMLAnalyticsSettings/GetAnomalySecurityMLAnalyticsSetting.json -func ExampleSecurityMLAnalyticsSettingsClient_Get() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewSecurityMLAnalyticsSettingsClient().Get(ctx, "myRg", "myWorkspace", "myFirstAnomalySettings", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.SecurityMLAnalyticsSettingsClientGetResponse{ - // SecurityMLAnalyticsSettingClassification: &armsecurityinsights.AnomalySecurityMLAnalyticsSettings{ - // Name: to.Ptr("f209187f-1d17-4431-94af-c141bf5f23db"), - // Type: to.Ptr("Microsoft.SecurityInsights/securityMLAnalyticsSettings"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/f209187f-1d17-4431-94af-c141bf5f23db"), - // Etag: to.Ptr("\"260090e2-0000-0d00-0000-5d6fb8670000\""), - // Kind: to.Ptr(armsecurityinsights.SecurityMLAnalyticsSettingsKindAnomaly), - // Properties: &armsecurityinsights.AnomalySecurityMLAnalyticsSettingsProperties{ - // Description: to.Ptr("When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered."), - // AnomalySettingsVersion: to.Ptr[int32](0), - // AnomalyVersion: to.Ptr("1.0.5"), - // CustomizableObservations: map[string]any{ - // "multiSelectObservations": nil, - // "prioritizeExcludeObservations": nil, - // "singleSelectObservations":[]any{ - // map[string]any{ - // "name": "Device vendor", - // "description": "Select device vendor of network connection logs from CommonSecurityLog", - // "rerun": "RerunAlways", - // "sequenceNumber": float64(1), - // "supportedValues":[]any{ - // "Palo Alto Networks", - // "Fortinet", - // "Check Point", - // }, - // "supportedValuesKql": nil, - // "value":[]any{ - // "Palo Alto Networks", - // }, - // "valuesKql": nil, - // }, - // }, - // "singleValueObservations": nil, - // "thresholdObservations":[]any{ - // map[string]any{ - // "name": "Daily data transfer threshold in MB", - // "description": "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value", - // "maximum": "100", - // "minimum": "1", - // "rerun": "RerunAlways", - // "sequenceNumber": float64(1), - // "value": "25", - // }, - // map[string]any{ - // "name": "Number of standard deviations", - // "description": "Triggers anomalies when number of standard deviations is greater than the chosen value", - // "maximum": "10", - // "minimum": "2", - // "rerun": "RerunAlways", - // "sequenceNumber": float64(2), - // "value": "3", - // }, - // }, - // }, - // DisplayName: to.Ptr("Login from unusual region"), - // Enabled: to.Ptr(true), - // Frequency: to.Ptr("PT1H"), - // IsDefaultSettings: to.Ptr(true), - // LastModifiedUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-10-20T13:13:11.534Z"); return t}()), - // RequiredDataConnectors: []*armsecurityinsights.SecurityMLAnalyticsSettingsDataSource{ - // { - // ConnectorID: to.Ptr("AWS"), - // DataTypes: []*string{ - // to.Ptr("AWSCloudTrail")}, - // }}, - // SettingsDefinitionID: to.Ptr("f209187f-1d17-4431-94af-c141bf5f23db"), - // SettingsStatus: to.Ptr(armsecurityinsights.SettingsStatusProduction), - // Tactics: []*armsecurityinsights.AttackTactic{ - // to.Ptr(armsecurityinsights.AttackTacticExfiltration), - // to.Ptr(armsecurityinsights.AttackTacticCommandAndControl)}, - // Techniques: []*string{ - // to.Ptr("T1037"), - // to.Ptr("T1021")}, - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/securityMLAnalyticsSettings/CreateAnomalySecurityMLAnalyticsSetting.json -func ExampleSecurityMLAnalyticsSettingsClient_CreateOrUpdate() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewSecurityMLAnalyticsSettingsClient().CreateOrUpdate(ctx, "myRg", "myWorkspace", "f209187f-1d17-4431-94af-c141bf5f23db", &armsecurityinsights.AnomalySecurityMLAnalyticsSettings{ - Etag: to.Ptr("\"260090e2-0000-0d00-0000-5d6fb8670000\""), - Kind: to.Ptr(armsecurityinsights.SecurityMLAnalyticsSettingsKindAnomaly), - Properties: &armsecurityinsights.AnomalySecurityMLAnalyticsSettingsProperties{ - Description: to.Ptr("When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered."), - AnomalySettingsVersion: to.Ptr[int32](0), - AnomalyVersion: to.Ptr("1.0.5"), - CustomizableObservations: map[string]any{ - "multiSelectObservations": nil, - "prioritizeExcludeObservations": nil, - "singleSelectObservations": []any{ - map[string]any{ - "name": "Device vendor", - "description": "Select device vendor of network connection logs from CommonSecurityLog", - "rerun": "RerunAlways", - "sequenceNumber": float64(1), - "supportedValues": []any{ - "Palo Alto Networks", - "Fortinet", - "Check Point", - }, - "supportedValuesKql": nil, - "value": []any{ - "Palo Alto Networks", - }, - "valuesKql": nil, - }, - }, - "singleValueObservations": nil, - "thresholdObservations": []any{ - map[string]any{ - "name": "Daily data transfer threshold in MB", - "description": "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value", - "maximum": "100", - "minimum": "1", - "rerun": "RerunAlways", - "sequenceNumber": float64(1), - "value": "25", - }, - map[string]any{ - "name": "Number of standard deviations", - "description": "Triggers anomalies when number of standard deviations is greater than the chosen value", - "maximum": "10", - "minimum": "2", - "rerun": "RerunAlways", - "sequenceNumber": float64(2), - "value": "3", - }, - }, - }, - DisplayName: to.Ptr("Login from unusual region"), - Enabled: to.Ptr(true), - Frequency: to.Ptr("PT1H"), - IsDefaultSettings: to.Ptr(true), - RequiredDataConnectors: []*armsecurityinsights.SecurityMLAnalyticsSettingsDataSource{ - { - ConnectorID: to.Ptr("AWS"), - DataTypes: []*string{ - to.Ptr("AWSCloudTrail")}, - }}, - SettingsDefinitionID: to.Ptr("f209187f-1d17-4431-94af-c141bf5f23db"), - SettingsStatus: to.Ptr(armsecurityinsights.SettingsStatusProduction), - Tactics: []*armsecurityinsights.AttackTactic{ - to.Ptr(armsecurityinsights.AttackTacticExfiltration), - to.Ptr(armsecurityinsights.AttackTacticCommandAndControl)}, - Techniques: []*string{ - to.Ptr("T1037"), - to.Ptr("T1021")}, - }, - }, nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.SecurityMLAnalyticsSettingsClientCreateOrUpdateResponse{ - // SecurityMLAnalyticsSettingClassification: &armsecurityinsights.AnomalySecurityMLAnalyticsSettings{ - // Name: to.Ptr("f209187f-1d17-4431-94af-c141bf5f23db"), - // Type: to.Ptr("Microsoft.SecurityInsights/securityMLAnalyticsSettings"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/f209187f-1d17-4431-94af-c141bf5f23db"), - // Etag: to.Ptr("\"01005144-0000-0d00-0000-6058632c0000\""), - // Kind: to.Ptr(armsecurityinsights.SecurityMLAnalyticsSettingsKindAnomaly), - // Properties: &armsecurityinsights.AnomalySecurityMLAnalyticsSettingsProperties{ - // Description: to.Ptr("When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered."), - // AnomalySettingsVersion: to.Ptr[int32](0), - // AnomalyVersion: to.Ptr("1.0.5"), - // CustomizableObservations: map[string]any{ - // "multiSelectObservations": nil, - // "prioritizeExcludeObservations": nil, - // "singleSelectObservations":[]any{ - // map[string]any{ - // "name": "Device vendor", - // "description": "Select device vendor of network connection logs from CommonSecurityLog", - // "rerun": "RerunAlways", - // "sequenceNumber": float64(1), - // "supportedValues":[]any{ - // "Palo Alto Networks", - // "Fortinet", - // "Check Point", - // }, - // "supportedValuesKql": nil, - // "value":[]any{ - // "Palo Alto Networks", - // }, - // "valuesKql": nil, - // }, - // }, - // "singleValueObservations": nil, - // "thresholdObservations":[]any{ - // map[string]any{ - // "name": "Daily data transfer threshold in MB", - // "description": "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value", - // "maximum": "100", - // "minimum": "1", - // "rerun": "RerunAlways", - // "sequenceNumber": float64(1), - // "value": "25", - // }, - // map[string]any{ - // "name": "Number of standard deviations", - // "description": "Triggers anomalies when number of standard deviations is greater than the chosen value", - // "maximum": "10", - // "minimum": "2", - // "rerun": "RerunAlways", - // "sequenceNumber": float64(2), - // "value": "3", - // }, - // }, - // }, - // DisplayName: to.Ptr("Login from unusual region"), - // Enabled: to.Ptr(true), - // Frequency: to.Ptr("PT1H"), - // IsDefaultSettings: to.Ptr(true), - // LastModifiedUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-10-20T13:17:11.534Z"); return t}()), - // RequiredDataConnectors: []*armsecurityinsights.SecurityMLAnalyticsSettingsDataSource{ - // { - // ConnectorID: to.Ptr("AWS"), - // DataTypes: []*string{ - // to.Ptr("AWSCloudTrail")}, - // }}, - // SettingsDefinitionID: to.Ptr("f209187f-1d17-4431-94af-c141bf5f23db"), - // SettingsStatus: to.Ptr(armsecurityinsights.SettingsStatusProduction), - // Tactics: []*armsecurityinsights.AttackTactic{ - // to.Ptr(armsecurityinsights.AttackTacticExfiltration), - // to.Ptr(armsecurityinsights.AttackTacticCommandAndControl)}, - // Techniques: []*string{ - // to.Ptr("T1037"), - // to.Ptr("T1021")}, - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/securityMLAnalyticsSettings/DeleteSecurityMLAnalyticsSetting.json -func ExampleSecurityMLAnalyticsSettingsClient_Delete() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - _, err = clientFactory.NewSecurityMLAnalyticsSettingsClient().Delete(ctx, "myRg", "myWorkspace", "f209187f-1d17-4431-94af-c141bf5f23db", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } -} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/sentinelonboardingstates_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/sentinelonboardingstates_client.go index 024986c42c1a..62c657b514e3 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/sentinelonboardingstates_client.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/sentinelonboardingstates_client.go @@ -28,7 +28,7 @@ type SentinelOnboardingStatesClient struct { } // NewSentinelOnboardingStatesClient creates a new instance of SentinelOnboardingStatesClient with the specified values. -// - subscriptionID - The ID of the target subscription. +// - subscriptionID - The ID of the target subscription. The value must be an UUID. // - credential - used to authorize requests. Usually a credential from azidentity. // - options - pass nil to accept the default values. func NewSentinelOnboardingStatesClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*SentinelOnboardingStatesClient, error) { @@ -46,7 +46,7 @@ func NewSentinelOnboardingStatesClient(subscriptionID string, credential azcore. // Create - Create Sentinel onboarding state // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. // - sentinelOnboardingStateName - The Sentinel onboarding state name. Supports - default @@ -98,7 +98,7 @@ func (client *SentinelOnboardingStatesClient) createCreateRequest(ctx context.Co return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} if options != nil && options.SentinelOnboardingStateParameter != nil { @@ -122,7 +122,7 @@ func (client *SentinelOnboardingStatesClient) createHandleResponse(resp *http.Re // Delete - Delete Sentinel onboarding state // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. // - sentinelOnboardingStateName - The Sentinel onboarding state name. Supports - default @@ -173,7 +173,7 @@ func (client *SentinelOnboardingStatesClient) deleteCreateRequest(ctx context.Co return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil @@ -182,7 +182,7 @@ func (client *SentinelOnboardingStatesClient) deleteCreateRequest(ctx context.Co // Get - Get Sentinel onboarding state // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. // - sentinelOnboardingStateName - The Sentinel onboarding state name. Supports - default @@ -234,7 +234,7 @@ func (client *SentinelOnboardingStatesClient) getCreateRequest(ctx context.Conte return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil @@ -252,7 +252,7 @@ func (client *SentinelOnboardingStatesClient) getHandleResponse(resp *http.Respo // List - Gets all Sentinel onboarding states // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. // - options - SentinelOnboardingStatesClientListOptions contains the optional parameters for the SentinelOnboardingStatesClient.List @@ -299,7 +299,7 @@ func (client *SentinelOnboardingStatesClient) listCreateRequest(ctx context.Cont return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/sentinelonboardingstates_client_example_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/sentinelonboardingstates_client_example_test.go deleted file mode 100644 index aaaff2be9988..000000000000 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/sentinelonboardingstates_client_example_test.go +++ /dev/null @@ -1,128 +0,0 @@ -//go:build go1.18 -// +build go1.18 - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See License.txt in the project root for license information. -// Code generated by Microsoft (R) AutoRest Code Generator. -// Changes may cause incorrect behavior and will be lost if the code is regenerated. -// DO NOT EDIT. - -package armsecurityinsights_test - -import ( - "context" - "log" - - "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" - "github.com/Azure/azure-sdk-for-go/sdk/azidentity" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" -) - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/onboardingStates/GetSentinelOnboardingState.json -func ExampleSentinelOnboardingStatesClient_Get() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewSentinelOnboardingStatesClient().Get(ctx, "myRg", "myWorkspace", "default", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res.SentinelOnboardingState = armsecurityinsights.SentinelOnboardingState{ - // Name: to.Ptr("default"), - // Type: to.Ptr("Microsoft.SecurityInsights/onboardingStates"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/onboardingStates/default"), - // Properties: &armsecurityinsights.SentinelOnboardingStateProperties{ - // CustomerManagedKey: to.Ptr(false), - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/onboardingStates/CreateSentinelOnboardingState.json -func ExampleSentinelOnboardingStatesClient_Create() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewSentinelOnboardingStatesClient().Create(ctx, "myRg", "myWorkspace", "default", &armsecurityinsights.SentinelOnboardingStatesClientCreateOptions{SentinelOnboardingStateParameter: &armsecurityinsights.SentinelOnboardingState{ - Properties: &armsecurityinsights.SentinelOnboardingStateProperties{ - CustomerManagedKey: to.Ptr(false), - }, - }, - }) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res.SentinelOnboardingState = armsecurityinsights.SentinelOnboardingState{ - // Name: to.Ptr("default"), - // Type: to.Ptr("Microsoft.SecurityInsights/onboardingStates"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/onboardingStates/default"), - // Properties: &armsecurityinsights.SentinelOnboardingStateProperties{ - // CustomerManagedKey: to.Ptr(false), - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/onboardingStates/DeleteSentinelOnboardingState.json -func ExampleSentinelOnboardingStatesClient_Delete() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - _, err = clientFactory.NewSentinelOnboardingStatesClient().Delete(ctx, "myRg", "myWorkspace", "default", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/onboardingStates/GetAllSentinelOnboardingStates.json -func ExampleSentinelOnboardingStatesClient_List() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewSentinelOnboardingStatesClient().List(ctx, "myRg", "myWorkspace", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res.SentinelOnboardingStatesList = armsecurityinsights.SentinelOnboardingStatesList{ - // Value: []*armsecurityinsights.SentinelOnboardingState{ - // { - // Name: to.Ptr("default"), - // Type: to.Ptr("Microsoft.SecurityInsights/onboardingStates"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/onboardingStates/default"), - // Properties: &armsecurityinsights.SentinelOnboardingStateProperties{ - // CustomerManagedKey: to.Ptr(false), - // }, - // }}, - // } -} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/sourcecontrol_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/sourcecontrol_client.go index bce65ab3489b..1f614f4be270 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/sourcecontrol_client.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/sourcecontrol_client.go @@ -28,7 +28,7 @@ type SourceControlClient struct { } // NewSourceControlClient creates a new instance of SourceControlClient with the specified values. -// - subscriptionID - The ID of the target subscription. +// - subscriptionID - The ID of the target subscription. The value must be an UUID. // - credential - used to authorize requests. Usually a credential from azidentity. // - options - pass nil to accept the default values. func NewSourceControlClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*SourceControlClient, error) { @@ -45,13 +45,13 @@ func NewSourceControlClient(subscriptionID string, credential azcore.TokenCreden // NewListRepositoriesPager - Gets a list of repositories metadata. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. -// - repoType - The repo type. +// - repositoryAccess - The repository access credentials. // - options - SourceControlClientListRepositoriesOptions contains the optional parameters for the SourceControlClient.NewListRepositoriesPager // method. -func (client *SourceControlClient) NewListRepositoriesPager(resourceGroupName string, workspaceName string, repoType RepoType, options *SourceControlClientListRepositoriesOptions) *runtime.Pager[SourceControlClientListRepositoriesResponse] { +func (client *SourceControlClient) NewListRepositoriesPager(resourceGroupName string, workspaceName string, repositoryAccess RepositoryAccessProperties, options *SourceControlClientListRepositoriesOptions) *runtime.Pager[SourceControlClientListRepositoriesResponse] { return runtime.NewPager(runtime.PagingHandler[SourceControlClientListRepositoriesResponse]{ More: func(page SourceControlClientListRepositoriesResponse) bool { return page.NextLink != nil && len(*page.NextLink) > 0 @@ -63,7 +63,7 @@ func (client *SourceControlClient) NewListRepositoriesPager(resourceGroupName st nextLink = *page.NextLink } resp, err := runtime.FetcherForNextLink(ctx, client.internal.Pipeline(), nextLink, func(ctx context.Context) (*policy.Request, error) { - return client.listRepositoriesCreateRequest(ctx, resourceGroupName, workspaceName, repoType, options) + return client.listRepositoriesCreateRequest(ctx, resourceGroupName, workspaceName, repositoryAccess, options) }, nil) if err != nil { return SourceControlClientListRepositoriesResponse{}, err @@ -75,7 +75,7 @@ func (client *SourceControlClient) NewListRepositoriesPager(resourceGroupName st } // listRepositoriesCreateRequest creates the ListRepositories request. -func (client *SourceControlClient) listRepositoriesCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, repoType RepoType, options *SourceControlClientListRepositoriesOptions) (*policy.Request, error) { +func (client *SourceControlClient) listRepositoriesCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, repositoryAccess RepositoryAccessProperties, options *SourceControlClientListRepositoriesOptions) (*policy.Request, error) { urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/listRepositories" if client.subscriptionID == "" { return nil, errors.New("parameter client.subscriptionID cannot be empty") @@ -94,10 +94,10 @@ func (client *SourceControlClient) listRepositoriesCreateRequest(ctx context.Con return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} - if err := runtime.MarshalAsJSON(req, repoType); err != nil { + if err := runtime.MarshalAsJSON(req, repositoryAccess); err != nil { return nil, err } return req, nil diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/sourcecontrol_client_example_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/sourcecontrol_client_example_test.go deleted file mode 100644 index e1c98238cc2a..000000000000 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/sourcecontrol_client_example_test.go +++ /dev/null @@ -1,53 +0,0 @@ -//go:build go1.18 -// +build go1.18 - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See License.txt in the project root for license information. -// Code generated by Microsoft (R) AutoRest Code Generator. -// Changes may cause incorrect behavior and will be lost if the code is regenerated. -// DO NOT EDIT. - -package armsecurityinsights_test - -import ( - "context" - "log" - - "github.com/Azure/azure-sdk-for-go/sdk/azidentity" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" -) - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/repositories/GetRepositories.json -func ExampleSourceControlClient_NewListRepositoriesPager() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - pager := clientFactory.NewSourceControlClient().NewListRepositoriesPager("myRg", "myWorkspace", armsecurityinsights.RepoTypeGithub, nil) - for pager.More() { - page, err := pager.NextPage(ctx) - if err != nil { - log.Fatalf("failed to advance page: %v", err) - } - for _, v := range page.Value { - // You could use page here. We use blank identifier for just demo purposes. - _ = v - } - // If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // page.RepoList = armsecurityinsights.RepoList{ - // Value: []*armsecurityinsights.Repo{ - // { - // Branches: []*string{ - // to.Ptr("master"), - // to.Ptr("develop")}, - // FullName: to.Ptr("reponame"), - // URL: to.Ptr("https://api.github.com/repos/user/reponame"), - // }}, - // } - } -} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/sourcecontrols_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/sourcecontrols_client.go index f875f8633ad7..e55524b61381 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/sourcecontrols_client.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/sourcecontrols_client.go @@ -28,7 +28,7 @@ type SourceControlsClient struct { } // NewSourceControlsClient creates a new instance of SourceControlsClient with the specified values. -// - subscriptionID - The ID of the target subscription. +// - subscriptionID - The ID of the target subscription. The value must be an UUID. // - credential - used to authorize requests. Usually a credential from azidentity. // - options - pass nil to accept the default values. func NewSourceControlsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*SourceControlsClient, error) { @@ -46,7 +46,7 @@ func NewSourceControlsClient(subscriptionID string, credential azcore.TokenCrede // Create - Creates a source control. // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. // - sourceControlID - Source control Id @@ -98,7 +98,7 @@ func (client *SourceControlsClient) createCreateRequest(ctx context.Context, res return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} if err := runtime.MarshalAsJSON(req, sourceControl); err != nil { @@ -119,18 +119,19 @@ func (client *SourceControlsClient) createHandleResponse(resp *http.Response) (S // Delete - Delete a source control. // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. // - sourceControlID - Source control Id +// - repositoryAccess - The repository access credentials. // - options - SourceControlsClientDeleteOptions contains the optional parameters for the SourceControlsClient.Delete method. -func (client *SourceControlsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, sourceControlID string, options *SourceControlsClientDeleteOptions) (SourceControlsClientDeleteResponse, error) { +func (client *SourceControlsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, sourceControlID string, repositoryAccess RepositoryAccessProperties, options *SourceControlsClientDeleteOptions) (SourceControlsClientDeleteResponse, error) { var err error const operationName = "SourceControlsClient.Delete" ctx = context.WithValue(ctx, runtime.CtxAPINameKey{}, operationName) ctx, endSpan := runtime.StartSpan(ctx, operationName, client.internal.Tracer(), nil) defer func() { endSpan(err) }() - req, err := client.deleteCreateRequest(ctx, resourceGroupName, workspaceName, sourceControlID, options) + req, err := client.deleteCreateRequest(ctx, resourceGroupName, workspaceName, sourceControlID, repositoryAccess, options) if err != nil { return SourceControlsClientDeleteResponse{}, err } @@ -138,16 +139,17 @@ func (client *SourceControlsClient) Delete(ctx context.Context, resourceGroupNam if err != nil { return SourceControlsClientDeleteResponse{}, err } - if !runtime.HasStatusCode(httpResp, http.StatusOK, http.StatusNoContent) { + if !runtime.HasStatusCode(httpResp, http.StatusOK) { err = runtime.NewResponseError(httpResp) return SourceControlsClientDeleteResponse{}, err } - return SourceControlsClientDeleteResponse{}, nil + resp, err := client.deleteHandleResponse(httpResp) + return resp, err } // deleteCreateRequest creates the Delete request. -func (client *SourceControlsClient) deleteCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, sourceControlID string, options *SourceControlsClientDeleteOptions) (*policy.Request, error) { - urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}" +func (client *SourceControlsClient) deleteCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, sourceControlID string, repositoryAccess RepositoryAccessProperties, options *SourceControlsClientDeleteOptions) (*policy.Request, error) { + urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}/delete" if client.subscriptionID == "" { return nil, errors.New("parameter client.subscriptionID cannot be empty") } @@ -164,21 +166,33 @@ func (client *SourceControlsClient) deleteCreateRequest(ctx context.Context, res return nil, errors.New("parameter sourceControlID cannot be empty") } urlPath = strings.ReplaceAll(urlPath, "{sourceControlId}", url.PathEscape(sourceControlID)) - req, err := runtime.NewRequest(ctx, http.MethodDelete, runtime.JoinPaths(client.internal.Endpoint(), urlPath)) + req, err := runtime.NewRequest(ctx, http.MethodPost, runtime.JoinPaths(client.internal.Endpoint(), urlPath)) if err != nil { return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} + if err := runtime.MarshalAsJSON(req, repositoryAccess); err != nil { + return nil, err + } return req, nil } +// deleteHandleResponse handles the Delete response. +func (client *SourceControlsClient) deleteHandleResponse(resp *http.Response) (SourceControlsClientDeleteResponse, error) { + result := SourceControlsClientDeleteResponse{} + if err := runtime.UnmarshalAsJSON(resp, &result.Warning); err != nil { + return SourceControlsClientDeleteResponse{}, err + } + return result, nil +} + // Get - Gets a source control byt its identifier. // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. // - sourceControlID - Source control Id @@ -229,7 +243,7 @@ func (client *SourceControlsClient) getCreateRequest(ctx context.Context, resour return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil @@ -246,7 +260,7 @@ func (client *SourceControlsClient) getHandleResponse(resp *http.Response) (Sour // NewListPager - Gets all source controls, without source control items. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. // - options - SourceControlsClientListOptions contains the optional parameters for the SourceControlsClient.NewListPager method. @@ -293,7 +307,7 @@ func (client *SourceControlsClient) listCreateRequest(ctx context.Context, resou return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/sourcecontrols_client_example_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/sourcecontrols_client_example_test.go deleted file mode 100644 index 05496507b619..000000000000 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/sourcecontrols_client_example_test.go +++ /dev/null @@ -1,305 +0,0 @@ -//go:build go1.18 -// +build go1.18 - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See License.txt in the project root for license information. -// Code generated by Microsoft (R) AutoRest Code Generator. -// Changes may cause incorrect behavior and will be lost if the code is regenerated. -// DO NOT EDIT. - -package armsecurityinsights_test - -import ( - "context" - "log" - - "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" - "github.com/Azure/azure-sdk-for-go/sdk/azidentity" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" -) - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/sourcecontrols/GetSourceControls.json -func ExampleSourceControlsClient_NewListPager() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - pager := clientFactory.NewSourceControlsClient().NewListPager("myRg", "myWorkspace", nil) - for pager.More() { - page, err := pager.NextPage(ctx) - if err != nil { - log.Fatalf("failed to advance page: %v", err) - } - for _, v := range page.Value { - // You could use page here. We use blank identifier for just demo purposes. - _ = v - } - // If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // page.SourceControlList = armsecurityinsights.SourceControlList{ - // Value: []*armsecurityinsights.SourceControl{ - // { - // Name: to.Ptr("789e0c1f-4a3d-43ad-809c-e713b677b04a"), - // Type: to.Ptr("Microsoft.SecurityInsights/SourceControls"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/sourcecontrols/789e0c1f-4a3d-43ad-809c-e713b677b04a"), - // SystemData: &armsecurityinsights.SystemData{ - // CreatedAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-01-01T17:18:19.123Z"); return t}()), - // CreatedBy: to.Ptr("user1"), - // CreatedByType: to.Ptr(armsecurityinsights.CreatedByTypeUser), - // LastModifiedAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-01-02T17:18:19.123Z"); return t}()), - // LastModifiedBy: to.Ptr("user2"), - // LastModifiedByType: to.Ptr(armsecurityinsights.CreatedByTypeUser), - // }, - // Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - // Properties: &armsecurityinsights.SourceControlProperties{ - // Description: to.Ptr("this is a source control"), - // ContentTypes: []*armsecurityinsights.ContentType{ - // to.Ptr(armsecurityinsights.ContentType("AnalyticRules")), - // to.Ptr(armsecurityinsights.ContentTypeWorkbook)}, - // DisplayName: to.Ptr("My Source Control"), - // ID: to.Ptr("789e0c1f-4a3d-43ad-809c-e713b677b04a"), - // LastDeploymentInfo: &armsecurityinsights.DeploymentInfo{ - // Deployment: &armsecurityinsights.Deployment{ - // DeploymentID: to.Ptr("4985046420"), - // DeploymentLogsURL: to.Ptr("https://github.com/user/repo/actions"), - // DeploymentResult: to.Ptr(armsecurityinsights.DeploymentResultSuccess), - // DeploymentState: to.Ptr(armsecurityinsights.DeploymentStateCompleted), - // DeploymentTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-01-01T17:18:19.123Z"); return t}()), - // }, - // DeploymentFetchStatus: to.Ptr(armsecurityinsights.DeploymentFetchStatusSuccess), - // Message: to.Ptr("Successful deployment"), - // }, - // RepoType: to.Ptr(armsecurityinsights.RepoTypeGithub), - // Repository: &armsecurityinsights.Repository{ - // Branch: to.Ptr("master"), - // DeploymentLogsURL: to.Ptr("https://github.com/user/repo/actions"), - // DisplayURL: to.Ptr("https://github.com/user/repo"), - // PathMapping: []*armsecurityinsights.ContentPathMap{ - // { - // Path: to.Ptr("path/to/rules"), - // ContentType: to.Ptr(armsecurityinsights.ContentType("AnalyticRules")), - // }, - // { - // Path: to.Ptr("path/to/workbooks"), - // ContentType: to.Ptr(armsecurityinsights.ContentTypeWorkbook), - // }}, - // URL: to.Ptr("https://github.com/user/repo"), - // }, - // RepositoryResourceInfo: &armsecurityinsights.RepositoryResourceInfo{ - // GitHubResourceInfo: &armsecurityinsights.GitHubResourceInfo{ - // AppInstallationID: to.Ptr("123"), - // }, - // Webhook: &armsecurityinsights.Webhook{ - // WebhookID: to.Ptr("342768323"), - // WebhookSecretUpdateTime: to.Ptr("2021-01-01T17:18:19.1234567Z"), - // WebhookURL: to.Ptr("https://cac.sentinel.azure.com/workspaces/b7c525e9-1bfa-4435-88c0-817e13abb088/webhooks/ado/sourceControl/789e0c1f-4a3d-43ad-809c-e713b677b04a"), - // }, - // }, - // }, - // }}, - // } - } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/sourcecontrols/GetSourceControlById.json -func ExampleSourceControlsClient_Get() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewSourceControlsClient().Get(ctx, "myRg", "myWorkspace", "789e0c1f-4a3d-43ad-809c-e713b677b04a", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res.SourceControl = armsecurityinsights.SourceControl{ - // Name: to.Ptr("789e0c1f-4a3d-43ad-809c-e713b677b04a"), - // Type: to.Ptr("Microsoft.SecurityInsights/SourceControls"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/sourcecontrols/789e0c1f-4a3d-43ad-809c-e713b677b04a"), - // SystemData: &armsecurityinsights.SystemData{ - // CreatedAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-01-01T17:18:19.123Z"); return t}()), - // CreatedBy: to.Ptr("user1"), - // CreatedByType: to.Ptr(armsecurityinsights.CreatedByTypeUser), - // LastModifiedAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-01-02T17:18:19.123Z"); return t}()), - // LastModifiedBy: to.Ptr("user2"), - // LastModifiedByType: to.Ptr(armsecurityinsights.CreatedByTypeUser), - // }, - // Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - // Properties: &armsecurityinsights.SourceControlProperties{ - // Description: to.Ptr("this is a source control"), - // ContentTypes: []*armsecurityinsights.ContentType{ - // to.Ptr(armsecurityinsights.ContentType("AnalyticRules")), - // to.Ptr(armsecurityinsights.ContentTypeWorkbook)}, - // DisplayName: to.Ptr("My Source Control"), - // ID: to.Ptr("789e0c1f-4a3d-43ad-809c-e713b677b04a"), - // LastDeploymentInfo: &armsecurityinsights.DeploymentInfo{ - // Deployment: &armsecurityinsights.Deployment{ - // DeploymentID: to.Ptr("4985046420"), - // DeploymentLogsURL: to.Ptr("https://github.com/user/repo/actions"), - // DeploymentResult: to.Ptr(armsecurityinsights.DeploymentResultSuccess), - // DeploymentState: to.Ptr(armsecurityinsights.DeploymentStateCompleted), - // DeploymentTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-01-01T17:18:19.123Z"); return t}()), - // }, - // DeploymentFetchStatus: to.Ptr(armsecurityinsights.DeploymentFetchStatusSuccess), - // Message: to.Ptr("Successful deployment"), - // }, - // RepoType: to.Ptr(armsecurityinsights.RepoTypeGithub), - // Repository: &armsecurityinsights.Repository{ - // Branch: to.Ptr("master"), - // DeploymentLogsURL: to.Ptr("https://github.com/user/repo/actions"), - // DisplayURL: to.Ptr("https://github.com/user/repo"), - // PathMapping: []*armsecurityinsights.ContentPathMap{ - // { - // Path: to.Ptr("path/to/rules"), - // ContentType: to.Ptr(armsecurityinsights.ContentType("AnalyticRules")), - // }, - // { - // Path: to.Ptr("path/to/workbooks"), - // ContentType: to.Ptr(armsecurityinsights.ContentTypeWorkbook), - // }}, - // URL: to.Ptr("https://github.com/user/repo"), - // }, - // RepositoryResourceInfo: &armsecurityinsights.RepositoryResourceInfo{ - // GitHubResourceInfo: &armsecurityinsights.GitHubResourceInfo{ - // AppInstallationID: to.Ptr("123"), - // }, - // Webhook: &armsecurityinsights.Webhook{ - // WebhookID: to.Ptr("342768323"), - // WebhookSecretUpdateTime: to.Ptr("2021-01-01T17:18:19.1234567Z"), - // WebhookURL: to.Ptr("https://cac.sentinel.azure.com/workspaces/b7c525e9-1bfa-4435-88c0-817e13abb088/webhooks/ado/sourceControl/789e0c1f-4a3d-43ad-809c-e713b677b04a"), - // }, - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/sourcecontrols/DeleteSourceControl.json -func ExampleSourceControlsClient_Delete() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - _, err = clientFactory.NewSourceControlsClient().Delete(ctx, "myRg", "myWorkspace", "789e0c1f-4a3d-43ad-809c-e713b677b04a", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/sourcecontrols/CreateSourceControl.json -func ExampleSourceControlsClient_Create() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewSourceControlsClient().Create(ctx, "myRg", "myWorkspace", "789e0c1f-4a3d-43ad-809c-e713b677b04a", armsecurityinsights.SourceControl{ - Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - Properties: &armsecurityinsights.SourceControlProperties{ - Description: to.Ptr("This is a source control"), - ContentTypes: []*armsecurityinsights.ContentType{ - to.Ptr(armsecurityinsights.ContentType("AnalyticRules")), - to.Ptr(armsecurityinsights.ContentTypeWorkbook)}, - DisplayName: to.Ptr("My Source Control"), - RepoType: to.Ptr(armsecurityinsights.RepoTypeGithub), - Repository: &armsecurityinsights.Repository{ - Branch: to.Ptr("master"), - DisplayURL: to.Ptr("https://github.com/user/repo"), - PathMapping: []*armsecurityinsights.ContentPathMap{ - { - Path: to.Ptr("path/to/rules"), - ContentType: to.Ptr(armsecurityinsights.ContentType("AnalyticRules")), - }, - { - Path: to.Ptr("path/to/workbooks"), - ContentType: to.Ptr(armsecurityinsights.ContentTypeWorkbook), - }}, - URL: to.Ptr("https://github.com/user/repo"), - }, - }, - }, nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res.SourceControl = armsecurityinsights.SourceControl{ - // Name: to.Ptr("789e0c1f-4a3d-43ad-809c-e713b677b04a"), - // Type: to.Ptr("Microsoft.SecurityInsights/SourceControls"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/sourcecontrols/789e0c1f-4a3d-43ad-809c-e713b677b04a"), - // SystemData: &armsecurityinsights.SystemData{ - // CreatedAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-01-01T17:18:19.123Z"); return t}()), - // CreatedBy: to.Ptr("user1"), - // CreatedByType: to.Ptr(armsecurityinsights.CreatedByTypeUser), - // LastModifiedAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-01-02T17:18:19.123Z"); return t}()), - // LastModifiedBy: to.Ptr("user2"), - // LastModifiedByType: to.Ptr(armsecurityinsights.CreatedByTypeUser), - // }, - // Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - // Properties: &armsecurityinsights.SourceControlProperties{ - // Description: to.Ptr("this is a source control"), - // ContentTypes: []*armsecurityinsights.ContentType{ - // to.Ptr(armsecurityinsights.ContentType("AnalyticRules")), - // to.Ptr(armsecurityinsights.ContentTypeWorkbook)}, - // DisplayName: to.Ptr("My Source Control"), - // ID: to.Ptr("789e0c1f-4a3d-43ad-809c-e713b677b04a"), - // LastDeploymentInfo: &armsecurityinsights.DeploymentInfo{ - // Deployment: &armsecurityinsights.Deployment{ - // DeploymentID: to.Ptr("4985046420"), - // DeploymentLogsURL: to.Ptr("https://github.com/user/repo/actions"), - // DeploymentResult: to.Ptr(armsecurityinsights.DeploymentResultSuccess), - // DeploymentState: to.Ptr(armsecurityinsights.DeploymentStateCompleted), - // DeploymentTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-01-01T17:18:19.123Z"); return t}()), - // }, - // DeploymentFetchStatus: to.Ptr(armsecurityinsights.DeploymentFetchStatusSuccess), - // Message: to.Ptr("Successful deployment"), - // }, - // RepoType: to.Ptr(armsecurityinsights.RepoTypeGithub), - // Repository: &armsecurityinsights.Repository{ - // Branch: to.Ptr("master"), - // DeploymentLogsURL: to.Ptr("https://github.com/user/repo/actions"), - // DisplayURL: to.Ptr("https://github.com/user/repo"), - // PathMapping: []*armsecurityinsights.ContentPathMap{ - // { - // Path: to.Ptr("path/to/rules"), - // ContentType: to.Ptr(armsecurityinsights.ContentType("AnalyticRules")), - // }, - // { - // Path: to.Ptr("path/to/workbooks"), - // ContentType: to.Ptr(armsecurityinsights.ContentTypeWorkbook), - // }}, - // URL: to.Ptr("https://github.com/user/repo"), - // }, - // RepositoryResourceInfo: &armsecurityinsights.RepositoryResourceInfo{ - // GitHubResourceInfo: &armsecurityinsights.GitHubResourceInfo{ - // AppInstallationID: to.Ptr("123"), - // }, - // Webhook: &armsecurityinsights.Webhook{ - // WebhookID: to.Ptr("342768323"), - // WebhookSecretUpdateTime: to.Ptr("2021-01-01T17:18:19.1234567Z"), - // WebhookURL: to.Ptr("https://cac.sentinel.azure.com/workspaces/b7c525e9-1bfa-4435-88c0-817e13abb088/webhooks/ado/sourceControl/789e0c1f-4a3d-43ad-809c-e713b677b04a"), - // }, - // }, - // }, - // } -} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/threatintelligenceindicator_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/threatintelligenceindicator_client.go index 338e1e12bde0..5ee2c128512a 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/threatintelligenceindicator_client.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/threatintelligenceindicator_client.go @@ -28,7 +28,7 @@ type ThreatIntelligenceIndicatorClient struct { } // NewThreatIntelligenceIndicatorClient creates a new instance of ThreatIntelligenceIndicatorClient with the specified values. -// - subscriptionID - The ID of the target subscription. +// - subscriptionID - The ID of the target subscription. The value must be an UUID. // - credential - used to authorize requests. Usually a credential from azidentity. // - options - pass nil to accept the default values. func NewThreatIntelligenceIndicatorClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*ThreatIntelligenceIndicatorClient, error) { @@ -46,7 +46,7 @@ func NewThreatIntelligenceIndicatorClient(subscriptionID string, credential azco // AppendTags - Append tags to a threat intelligence indicator. // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. // - name - Threat intelligence indicator name field. @@ -98,7 +98,7 @@ func (client *ThreatIntelligenceIndicatorClient) appendTagsCreateRequest(ctx con return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} if err := runtime.MarshalAsJSON(req, threatIntelligenceAppendTags); err != nil { @@ -110,7 +110,7 @@ func (client *ThreatIntelligenceIndicatorClient) appendTagsCreateRequest(ctx con // Create - Update a threat Intelligence indicator. // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. // - name - Threat intelligence indicator name field. @@ -163,7 +163,7 @@ func (client *ThreatIntelligenceIndicatorClient) createCreateRequest(ctx context return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} if err := runtime.MarshalAsJSON(req, threatIntelligenceProperties); err != nil { @@ -184,7 +184,7 @@ func (client *ThreatIntelligenceIndicatorClient) createHandleResponse(resp *http // CreateIndicator - Create a new threat intelligence indicator. // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. // - threatIntelligenceProperties - Properties of threat intelligence indicators to create and update. @@ -232,7 +232,7 @@ func (client *ThreatIntelligenceIndicatorClient) createIndicatorCreateRequest(ct return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} if err := runtime.MarshalAsJSON(req, threatIntelligenceProperties); err != nil { @@ -253,7 +253,7 @@ func (client *ThreatIntelligenceIndicatorClient) createIndicatorHandleResponse(r // Delete - Delete a threat intelligence indicator. // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. // - name - Threat intelligence indicator name field. @@ -304,7 +304,7 @@ func (client *ThreatIntelligenceIndicatorClient) deleteCreateRequest(ctx context return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil @@ -313,7 +313,7 @@ func (client *ThreatIntelligenceIndicatorClient) deleteCreateRequest(ctx context // Get - View a threat intelligence indicator by name. // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. // - name - Threat intelligence indicator name field. @@ -365,7 +365,7 @@ func (client *ThreatIntelligenceIndicatorClient) getCreateRequest(ctx context.Co return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil @@ -382,7 +382,7 @@ func (client *ThreatIntelligenceIndicatorClient) getHandleResponse(resp *http.Re // NewQueryIndicatorsPager - Query threat intelligence indicators as per filtering criteria. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. // - threatIntelligenceFilteringCriteria - Filtering criteria for querying threat intelligence indicators. @@ -431,7 +431,7 @@ func (client *ThreatIntelligenceIndicatorClient) queryIndicatorsCreateRequest(ct return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} if err := runtime.MarshalAsJSON(req, threatIntelligenceFilteringCriteria); err != nil { @@ -452,7 +452,7 @@ func (client *ThreatIntelligenceIndicatorClient) queryIndicatorsHandleResponse(r // ReplaceTags - Replace tags added to a threat intelligence indicator. // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. // - name - Threat intelligence indicator name field. @@ -505,7 +505,7 @@ func (client *ThreatIntelligenceIndicatorClient) replaceTagsCreateRequest(ctx co return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} if err := runtime.MarshalAsJSON(req, threatIntelligenceReplaceTags); err != nil { diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/threatintelligenceindicator_client_example_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/threatintelligenceindicator_client_example_test.go deleted file mode 100644 index 580bd2d976e0..000000000000 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/threatintelligenceindicator_client_example_test.go +++ /dev/null @@ -1,438 +0,0 @@ -//go:build go1.18 -// +build go1.18 - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See License.txt in the project root for license information. -// Code generated by Microsoft (R) AutoRest Code Generator. -// Changes may cause incorrect behavior and will be lost if the code is regenerated. -// DO NOT EDIT. - -package armsecurityinsights_test - -import ( - "context" - "log" - - "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" - "github.com/Azure/azure-sdk-for-go/sdk/azidentity" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" -) - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/threatintelligence/CreateThreatIntelligence.json -func ExampleThreatIntelligenceIndicatorClient_CreateIndicator() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewThreatIntelligenceIndicatorClient().CreateIndicator(ctx, "myRg", "myWorkspace", armsecurityinsights.ThreatIntelligenceIndicatorModel{ - Kind: to.Ptr(armsecurityinsights.ThreatIntelligenceResourceKindEnumIndicator), - Properties: &armsecurityinsights.ThreatIntelligenceIndicatorProperties{ - Description: to.Ptr("debugging indicators"), - Confidence: to.Ptr[int32](78), - CreatedByRef: to.Ptr("contoso@contoso.com"), - DisplayName: to.Ptr("new schema"), - ExternalReferences: []*armsecurityinsights.ThreatIntelligenceExternalReference{}, - GranularMarkings: []*armsecurityinsights.ThreatIntelligenceGranularMarkingModel{}, - KillChainPhases: []*armsecurityinsights.ThreatIntelligenceKillChainPhase{}, - Labels: []*string{}, - Modified: to.Ptr(""), - Pattern: to.Ptr("[url:value = 'https://www.contoso.com']"), - PatternType: to.Ptr("url"), - Revoked: to.Ptr(false), - Source: to.Ptr("Azure Sentinel"), - ThreatIntelligenceTags: []*string{ - to.Ptr("new schema")}, - ThreatTypes: []*string{ - to.Ptr("compromised")}, - ValidFrom: to.Ptr("2021-09-15T17:44:00.114052Z"), - ValidUntil: to.Ptr(""), - }, - }, nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.ThreatIntelligenceIndicatorClientCreateIndicatorResponse{ - // ThreatIntelligenceInformationClassification: &armsecurityinsights.ThreatIntelligenceIndicatorModel{ - // Name: to.Ptr("180105c7-a28d-b1a2-4a78-234f6ec80fd6"), - // Type: to.Ptr("Microsoft.SecurityInsights/ThreatIntelligence"), - // ID: to.Ptr("/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/180105c7-a28d-b1a2-4a78-234f6ec80fd6"), - // Etag: to.Ptr("\"0000322c-0000-0800-0000-5e976c960000\""), - // Kind: to.Ptr(armsecurityinsights.ThreatIntelligenceResourceKindEnumIndicator), - // Properties: &armsecurityinsights.ThreatIntelligenceIndicatorProperties{ - // Description: to.Ptr("debugging indicators"), - // Confidence: to.Ptr[int32](78), - // Created: to.Ptr("2021-09-15T20:20:38.6160949Z"), - // CreatedByRef: to.Ptr("contoso@contoso.com"), - // DisplayName: to.Ptr("new schema"), - // ExternalID: to.Ptr("indicator--a2b6a95e-2108-4a38-bd49-ef95811bbcd7"), - // ExternalReferences: []*armsecurityinsights.ThreatIntelligenceExternalReference{ - // }, - // GranularMarkings: []*armsecurityinsights.ThreatIntelligenceGranularMarkingModel{ - // }, - // KillChainPhases: []*armsecurityinsights.ThreatIntelligenceKillChainPhase{ - // }, - // LastUpdatedTimeUTC: to.Ptr("2020-04-15T20:20:38.6161887Z"), - // Pattern: to.Ptr("[url:value = 'https://www.contoso.com']"), - // PatternType: to.Ptr("url"), - // Revoked: to.Ptr(false), - // Source: to.Ptr("Azure Sentinel"), - // ThreatIntelligenceTags: []*string{ - // to.Ptr("new schema")}, - // ThreatTypes: []*string{ - // to.Ptr("compromised")}, - // ValidFrom: to.Ptr("2021-09-15T17:44:00.114052Z"), - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/threatintelligence/GetThreatIntelligenceById.json -func ExampleThreatIntelligenceIndicatorClient_Get() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewThreatIntelligenceIndicatorClient().Get(ctx, "myRg", "myWorkspace", "e16ef847-962e-d7b6-9c8b-a33e4bd30e47", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.ThreatIntelligenceIndicatorClientGetResponse{ - // ThreatIntelligenceInformationClassification: &armsecurityinsights.ThreatIntelligenceIndicatorModel{ - // Name: to.Ptr("e16ef847-962e-d7b6-9c8b-a33e4bd30e47"), - // Type: to.Ptr("Microsoft.SecurityInsights/ThreatIntelligence"), - // ID: to.Ptr("/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/e16ef847-962e-d7b6-9c8b-a33e4bd30e47"), - // Etag: to.Ptr("\"00002a2c-0000-0800-0000-5e97683b0000\""), - // Kind: to.Ptr(armsecurityinsights.ThreatIntelligenceResourceKindEnumIndicator), - // Properties: &armsecurityinsights.ThreatIntelligenceIndicatorProperties{ - // Description: to.Ptr("debugging indicators"), - // Confidence: to.Ptr[int32](78), - // Created: to.Ptr("2021-04-15T19:51:17.1050923Z"), - // CreatedByRef: to.Ptr("aztestConnectors@dataconnector.ccsctp.net"), - // DisplayName: to.Ptr("updated indicator"), - // ExternalID: to.Ptr("indicator--73be1729-babb-4348-a6c4-94621cae2530"), - // ExternalReferences: []*armsecurityinsights.ThreatIntelligenceExternalReference{ - // }, - // GranularMarkings: []*armsecurityinsights.ThreatIntelligenceGranularMarkingModel{ - // }, - // KillChainPhases: []*armsecurityinsights.ThreatIntelligenceKillChainPhase{ - // }, - // LastUpdatedTimeUTC: to.Ptr("2021-04-15T20:18:49.2259902Z"), - // Pattern: to.Ptr("[url:value = 'https://abc.com']"), - // PatternType: to.Ptr("url"), - // Revoked: to.Ptr(false), - // Source: to.Ptr("Azure Sentinel"), - // ThreatIntelligenceTags: []*string{ - // to.Ptr("patching tags")}, - // ThreatTypes: []*string{ - // to.Ptr("compromised")}, - // ValidFrom: to.Ptr("2021-04-15T17:44:00.114052Z"), - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/threatintelligence/UpdateThreatIntelligence.json -func ExampleThreatIntelligenceIndicatorClient_Create() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewThreatIntelligenceIndicatorClient().Create(ctx, "myRg", "myWorkspace", "d9cd6f0b-96b9-3984-17cd-a779d1e15a93", armsecurityinsights.ThreatIntelligenceIndicatorModel{ - Kind: to.Ptr(armsecurityinsights.ThreatIntelligenceResourceKindEnumIndicator), - Properties: &armsecurityinsights.ThreatIntelligenceIndicatorProperties{ - Description: to.Ptr("debugging indicators"), - Confidence: to.Ptr[int32](78), - CreatedByRef: to.Ptr("contoso@contoso.com"), - DisplayName: to.Ptr("new schema"), - ExternalReferences: []*armsecurityinsights.ThreatIntelligenceExternalReference{}, - GranularMarkings: []*armsecurityinsights.ThreatIntelligenceGranularMarkingModel{}, - KillChainPhases: []*armsecurityinsights.ThreatIntelligenceKillChainPhase{}, - Labels: []*string{}, - Modified: to.Ptr(""), - Pattern: to.Ptr("[url:value = 'https://www.contoso.com']"), - PatternType: to.Ptr("url"), - Revoked: to.Ptr(false), - Source: to.Ptr("Azure Sentinel"), - ThreatIntelligenceTags: []*string{ - to.Ptr("new schema")}, - ThreatTypes: []*string{ - to.Ptr("compromised")}, - ValidFrom: to.Ptr("2020-04-15T17:44:00.114052Z"), - ValidUntil: to.Ptr(""), - }, - }, nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.ThreatIntelligenceIndicatorClientCreateResponse{ - // ThreatIntelligenceInformationClassification: &armsecurityinsights.ThreatIntelligenceIndicatorModel{ - // Name: to.Ptr("180105c7-a28d-b1a2-4a78-234f6ec80fd6"), - // Type: to.Ptr("Microsoft.SecurityInsights/ThreatIntelligence"), - // ID: to.Ptr("/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/180105c7-a28d-b1a2-4a78-234f6ec80fd6"), - // Etag: to.Ptr("\"0000322c-0000-0800-0000-5e976c960000\""), - // Kind: to.Ptr(armsecurityinsights.ThreatIntelligenceResourceKindEnumIndicator), - // Properties: &armsecurityinsights.ThreatIntelligenceIndicatorProperties{ - // Description: to.Ptr("debugging indicators"), - // Confidence: to.Ptr[int32](78), - // Created: to.Ptr("2021-04-15T20:20:38.6160949Z"), - // CreatedByRef: to.Ptr("contoso@contoso.com"), - // DisplayName: to.Ptr("new schema"), - // ExternalID: to.Ptr("indicator--a2b6a95e-2108-4a38-bd49-ef95811bbcd7"), - // ExternalReferences: []*armsecurityinsights.ThreatIntelligenceExternalReference{ - // }, - // GranularMarkings: []*armsecurityinsights.ThreatIntelligenceGranularMarkingModel{ - // }, - // KillChainPhases: []*armsecurityinsights.ThreatIntelligenceKillChainPhase{ - // }, - // LastUpdatedTimeUTC: to.Ptr("2020-04-15T20:20:38.6161887Z"), - // Pattern: to.Ptr("[url:value = 'https://www.contoso.com']"), - // PatternType: to.Ptr("url"), - // Revoked: to.Ptr(false), - // Source: to.Ptr("Azure Sentinel"), - // ThreatIntelligenceTags: []*string{ - // to.Ptr("new schema")}, - // ThreatTypes: []*string{ - // to.Ptr("compromised")}, - // ValidFrom: to.Ptr("2021-04-15T17:44:00.114052Z"), - // }, - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/threatintelligence/DeleteThreatIntelligence.json -func ExampleThreatIntelligenceIndicatorClient_Delete() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - _, err = clientFactory.NewThreatIntelligenceIndicatorClient().Delete(ctx, "myRg", "myWorkspace", "d9cd6f0b-96b9-3984-17cd-a779d1e15a93", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/threatintelligence/QueryThreatIntelligence.json -func ExampleThreatIntelligenceIndicatorClient_NewQueryIndicatorsPager() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - pager := clientFactory.NewThreatIntelligenceIndicatorClient().NewQueryIndicatorsPager("myRg", "myWorkspace", armsecurityinsights.ThreatIntelligenceFilteringCriteria{ - MaxConfidence: to.Ptr[int32](80), - MaxValidUntil: to.Ptr("2021-04-25T17:44:00.114052Z"), - MinConfidence: to.Ptr[int32](25), - MinValidUntil: to.Ptr("2021-04-05T17:44:00.114052Z"), - PageSize: to.Ptr[int32](100), - SortBy: []*armsecurityinsights.ThreatIntelligenceSortingCriteria{ - { - ItemKey: to.Ptr("lastUpdatedTimeUtc"), - SortOrder: to.Ptr(armsecurityinsights.ThreatIntelligenceSortingCriteriaEnumDescending), - }}, - Sources: []*string{ - to.Ptr("Azure Sentinel")}, - }, nil) - for pager.More() { - page, err := pager.NextPage(ctx) - if err != nil { - log.Fatalf("failed to advance page: %v", err) - } - for _, v := range page.Value { - // You could use page here. We use blank identifier for just demo purposes. - _ = v - } - // If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // page.ThreatIntelligenceInformationList = armsecurityinsights.ThreatIntelligenceInformationList{ - // Value: []armsecurityinsights.ThreatIntelligenceInformationClassification{ - // &armsecurityinsights.ThreatIntelligenceIndicatorModel{ - // Name: to.Ptr("27d963e6-e6e4-e0f9-e9d7-c53985b3bbe8"), - // Type: to.Ptr("Microsoft.SecurityInsights/ThreatIntelligence"), - // ID: to.Ptr("/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/27d963e6-e6e4-e0f9-e9d7-c53985b3bbe8"), - // Etag: to.Ptr("\"00002f2c-0000-0800-0000-5e976a8e0000\""), - // Kind: to.Ptr(armsecurityinsights.ThreatIntelligenceResourceKindEnumIndicator), - // Properties: &armsecurityinsights.ThreatIntelligenceIndicatorProperties{ - // Description: to.Ptr("debugging indicators 2"), - // Confidence: to.Ptr[int32](90), - // Created: to.Ptr("2021-04-15T20:11:57.9666134Z"), - // CreatedByRef: to.Ptr("contoso@contoso.com"), - // DisplayName: to.Ptr("new schema 2"), - // ExternalID: to.Ptr("indicator--8516d567-0daa-4614-8745-e3591e1b48cf"), - // ExternalReferences: []*armsecurityinsights.ThreatIntelligenceExternalReference{ - // }, - // GranularMarkings: []*armsecurityinsights.ThreatIntelligenceGranularMarkingModel{ - // }, - // KillChainPhases: []*armsecurityinsights.ThreatIntelligenceKillChainPhase{ - // }, - // LastUpdatedTimeUTC: to.Ptr("2020-04-15T20:15:11.0746926Z"), - // ParsedPattern: []*armsecurityinsights.ThreatIntelligenceParsedPattern{ - // { - // PatternTypeKey: to.Ptr("network-traffic"), - // PatternTypeValues: []*armsecurityinsights.ThreatIntelligenceParsedPatternTypeValue{ - // { - // Value: to.Ptr("SSH-2.0-PuTTY_Release_0.64"), - // ValueType: to.Ptr("0"), - // }, - // { - // Value: to.Ptr("194.88.106.146"), - // ValueType: to.Ptr("1"), - // }}, - // }}, - // Pattern: to.Ptr("[url:value = 'https://www.contoso.com']"), - // PatternType: to.Ptr("url"), - // Revoked: to.Ptr(false), - // Source: to.Ptr("Azure Sentinel"), - // ThreatIntelligenceTags: []*string{ - // to.Ptr("new schema")}, - // ThreatTypes: []*string{ - // to.Ptr("compromised")}, - // ValidFrom: to.Ptr("2021-04-15T17:44:00.114052Z"), - // }, - // }, - // &armsecurityinsights.ThreatIntelligenceIndicatorModel{ - // Name: to.Ptr("e16ef847-962e-d7b6-9c8b-a33e4bd30e47"), - // Type: to.Ptr("Microsoft.SecurityInsights/ThreatIntelligence"), - // ID: to.Ptr("/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/e16ef847-962e-d7b6-9c8b-a33e4bd30e47"), - // Etag: to.Ptr("\"00002a2c-0000-0800-0000-5e97683b0000\""), - // Kind: to.Ptr(armsecurityinsights.ThreatIntelligenceResourceKindEnumIndicator), - // Properties: &armsecurityinsights.ThreatIntelligenceIndicatorProperties{ - // Description: to.Ptr("debugging indicators"), - // Confidence: to.Ptr[int32](78), - // Created: to.Ptr("2021-04-15T19:51:17.1050923Z"), - // CreatedByRef: to.Ptr("contoso@contoso.com"), - // DisplayName: to.Ptr("updated indicator"), - // ExternalID: to.Ptr("indicator--73be1729-babb-4348-a6c4-94621cae2530"), - // ExternalReferences: []*armsecurityinsights.ThreatIntelligenceExternalReference{ - // }, - // GranularMarkings: []*armsecurityinsights.ThreatIntelligenceGranularMarkingModel{ - // }, - // KillChainPhases: []*armsecurityinsights.ThreatIntelligenceKillChainPhase{ - // }, - // LastUpdatedTimeUTC: to.Ptr("2021-04-15T20:15:11.074903Z"), - // Pattern: to.Ptr("[url:value = 'https://www.contoso.com']"), - // PatternType: to.Ptr("url"), - // Revoked: to.Ptr(false), - // Source: to.Ptr("Azure Sentinel"), - // ThreatIntelligenceTags: []*string{ - // to.Ptr("patching tags")}, - // ThreatTypes: []*string{ - // to.Ptr("compromised")}, - // ValidFrom: to.Ptr("2021-04-15T17:44:00.114052Z"), - // }, - // }}, - // } - } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/threatintelligence/AppendTagsThreatIntelligence.json -func ExampleThreatIntelligenceIndicatorClient_AppendTags() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - _, err = clientFactory.NewThreatIntelligenceIndicatorClient().AppendTags(ctx, "myRg", "myWorkspace", "d9cd6f0b-96b9-3984-17cd-a779d1e15a93", armsecurityinsights.ThreatIntelligenceAppendTags{ - ThreatIntelligenceTags: []*string{ - to.Ptr("tag1"), - to.Ptr("tag2")}, - }, nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/threatintelligence/ReplaceTagsThreatIntelligence.json -func ExampleThreatIntelligenceIndicatorClient_ReplaceTags() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewThreatIntelligenceIndicatorClient().ReplaceTags(ctx, "myRg", "myWorkspace", "d9cd6f0b-96b9-3984-17cd-a779d1e15a93", armsecurityinsights.ThreatIntelligenceIndicatorModel{ - Etag: to.Ptr("\"0000262c-0000-0800-0000-5e9767060000\""), - Kind: to.Ptr(armsecurityinsights.ThreatIntelligenceResourceKindEnumIndicator), - Properties: &armsecurityinsights.ThreatIntelligenceIndicatorProperties{ - ThreatIntelligenceTags: []*string{ - to.Ptr("patching tags")}, - }, - }, nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res = armsecurityinsights.ThreatIntelligenceIndicatorClientReplaceTagsResponse{ - // ThreatIntelligenceInformationClassification: &armsecurityinsights.ThreatIntelligenceIndicatorModel{ - // Name: to.Ptr("e16ef847-962e-d7b6-9c8b-a33e4bd30e47"), - // Type: to.Ptr("Microsoft.SecurityInsights/ThreatIntelligence"), - // ID: to.Ptr("/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/e16ef847-962e-d7b6-9c8b-a33e4bd30e47"), - // Etag: to.Ptr("\"00002a2c-0000-0800-0000-5e97683b0000\""), - // Kind: to.Ptr(armsecurityinsights.ThreatIntelligenceResourceKindEnumIndicator), - // Properties: &armsecurityinsights.ThreatIntelligenceIndicatorProperties{ - // Description: to.Ptr("debugging indicators"), - // Confidence: to.Ptr[int32](78), - // Created: to.Ptr("2021-04-15T19:51:17.1050923Z"), - // CreatedByRef: to.Ptr("aztestConnectors@dataconnector.ccsctp.net"), - // DisplayName: to.Ptr("updated indicator"), - // ExternalID: to.Ptr("indicator--73be1729-babb-4348-a6c4-94621cae2530"), - // ExternalReferences: []*armsecurityinsights.ThreatIntelligenceExternalReference{ - // }, - // GranularMarkings: []*armsecurityinsights.ThreatIntelligenceGranularMarkingModel{ - // }, - // KillChainPhases: []*armsecurityinsights.ThreatIntelligenceKillChainPhase{ - // }, - // LastUpdatedTimeUTC: to.Ptr("2021-04-15T19:56:08.828946Z"), - // Pattern: to.Ptr("[url:value = 'https://abc.com']"), - // PatternType: to.Ptr("url"), - // Revoked: to.Ptr(false), - // Source: to.Ptr("Azure Sentinel"), - // ThreatIntelligenceTags: []*string{ - // to.Ptr("patching tags")}, - // ThreatTypes: []*string{ - // to.Ptr("compromised")}, - // ValidFrom: to.Ptr("2021-04-15T17:44:00.114052Z"), - // }, - // }, - // } -} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/threatintelligenceindicatormetrics_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/threatintelligenceindicatormetrics_client.go index f1251c15ae6d..2b56eb4cef72 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/threatintelligenceindicatormetrics_client.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/threatintelligenceindicatormetrics_client.go @@ -28,7 +28,7 @@ type ThreatIntelligenceIndicatorMetricsClient struct { } // NewThreatIntelligenceIndicatorMetricsClient creates a new instance of ThreatIntelligenceIndicatorMetricsClient with the specified values. -// - subscriptionID - The ID of the target subscription. +// - subscriptionID - The ID of the target subscription. The value must be an UUID. // - credential - used to authorize requests. Usually a credential from azidentity. // - options - pass nil to accept the default values. func NewThreatIntelligenceIndicatorMetricsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*ThreatIntelligenceIndicatorMetricsClient, error) { @@ -46,7 +46,7 @@ func NewThreatIntelligenceIndicatorMetricsClient(subscriptionID string, credenti // List - Get threat intelligence indicators metrics (Indicators counts by Type, Threat Type, Source). // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. // - options - ThreatIntelligenceIndicatorMetricsClientListOptions contains the optional parameters for the ThreatIntelligenceIndicatorMetricsClient.List @@ -93,7 +93,7 @@ func (client *ThreatIntelligenceIndicatorMetricsClient) listCreateRequest(ctx co return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/threatintelligenceindicatormetrics_client_example_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/threatintelligenceindicatormetrics_client_example_test.go deleted file mode 100644 index 161336e742d5..000000000000 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/threatintelligenceindicatormetrics_client_example_test.go +++ /dev/null @@ -1,65 +0,0 @@ -//go:build go1.18 -// +build go1.18 - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See License.txt in the project root for license information. -// Code generated by Microsoft (R) AutoRest Code Generator. -// Changes may cause incorrect behavior and will be lost if the code is regenerated. -// DO NOT EDIT. - -package armsecurityinsights_test - -import ( - "context" - "log" - - "github.com/Azure/azure-sdk-for-go/sdk/azidentity" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" -) - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/threatintelligence/CollectThreatIntelligenceMetrics.json -func ExampleThreatIntelligenceIndicatorMetricsClient_List() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewThreatIntelligenceIndicatorMetricsClient().List(ctx, "myRg", "myWorkspace", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res.ThreatIntelligenceMetricsList = armsecurityinsights.ThreatIntelligenceMetricsList{ - // Value: []*armsecurityinsights.ThreatIntelligenceMetrics{ - // { - // Properties: &armsecurityinsights.ThreatIntelligenceMetric{ - // LastUpdatedTimeUTC: to.Ptr("2021-09-01T19:44:44.117403Z"), - // PatternTypeMetrics: []*armsecurityinsights.ThreatIntelligenceMetricEntity{ - // { - // MetricName: to.Ptr("url"), - // MetricValue: to.Ptr[int32](20), - // }}, - // SourceMetrics: []*armsecurityinsights.ThreatIntelligenceMetricEntity{ - // { - // MetricName: to.Ptr("Azure Sentinel"), - // MetricValue: to.Ptr[int32](10315), - // }, - // { - // MetricName: to.Ptr("zinga"), - // MetricValue: to.Ptr[int32](2), - // }}, - // ThreatTypeMetrics: []*armsecurityinsights.ThreatIntelligenceMetricEntity{ - // { - // MetricName: to.Ptr("compromised"), - // MetricValue: to.Ptr[int32](20), - // }}, - // }, - // }}, - // } -} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/threatintelligenceindicators_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/threatintelligenceindicators_client.go index 0c46a4244ac7..32fddf526e4a 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/threatintelligenceindicators_client.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/threatintelligenceindicators_client.go @@ -29,7 +29,7 @@ type ThreatIntelligenceIndicatorsClient struct { } // NewThreatIntelligenceIndicatorsClient creates a new instance of ThreatIntelligenceIndicatorsClient with the specified values. -// - subscriptionID - The ID of the target subscription. +// - subscriptionID - The ID of the target subscription. The value must be an UUID. // - credential - used to authorize requests. Usually a credential from azidentity. // - options - pass nil to accept the default values. func NewThreatIntelligenceIndicatorsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*ThreatIntelligenceIndicatorsClient, error) { @@ -46,7 +46,7 @@ func NewThreatIntelligenceIndicatorsClient(subscriptionID string, credential azc // NewListPager - Get all threat intelligence indicators. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. // - options - ThreatIntelligenceIndicatorsClientListOptions contains the optional parameters for the ThreatIntelligenceIndicatorsClient.NewListPager @@ -106,7 +106,7 @@ func (client *ThreatIntelligenceIndicatorsClient) listCreateRequest(ctx context. if options != nil && options.Top != nil { reqQP.Set("$top", strconv.FormatInt(int64(*options.Top), 10)) } - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/threatintelligenceindicators_client_example_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/threatintelligenceindicators_client_example_test.go deleted file mode 100644 index 2dd351bee7e7..000000000000 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/threatintelligenceindicators_client_example_test.go +++ /dev/null @@ -1,112 +0,0 @@ -//go:build go1.18 -// +build go1.18 - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See License.txt in the project root for license information. -// Code generated by Microsoft (R) AutoRest Code Generator. -// Changes may cause incorrect behavior and will be lost if the code is regenerated. -// DO NOT EDIT. - -package armsecurityinsights_test - -import ( - "context" - "log" - - "github.com/Azure/azure-sdk-for-go/sdk/azidentity" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" -) - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/threatintelligence/GetThreatIntelligence.json -func ExampleThreatIntelligenceIndicatorsClient_NewListPager() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - pager := clientFactory.NewThreatIntelligenceIndicatorsClient().NewListPager("myRg", "myWorkspace", &armsecurityinsights.ThreatIntelligenceIndicatorsClientListOptions{Filter: nil, - Orderby: nil, - Top: nil, - SkipToken: nil, - }) - for pager.More() { - page, err := pager.NextPage(ctx) - if err != nil { - log.Fatalf("failed to advance page: %v", err) - } - for _, v := range page.Value { - // You could use page here. We use blank identifier for just demo purposes. - _ = v - } - // If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // page.ThreatIntelligenceInformationList = armsecurityinsights.ThreatIntelligenceInformationList{ - // Value: []armsecurityinsights.ThreatIntelligenceInformationClassification{ - // &armsecurityinsights.ThreatIntelligenceIndicatorModel{ - // Name: to.Ptr("27d963e6-e6e4-e0f9-e9d7-c53985b3bbe8"), - // Type: to.Ptr("Microsoft.SecurityInsights/ThreatIntelligence"), - // ID: to.Ptr("/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/27d963e6-e6e4-e0f9-e9d7-c53985b3bbe8"), - // Etag: to.Ptr("\"00002f2c-0000-0800-0000-5e976a8e0000\""), - // Kind: to.Ptr(armsecurityinsights.ThreatIntelligenceResourceKindEnumIndicator), - // Properties: &armsecurityinsights.ThreatIntelligenceIndicatorProperties{ - // Description: to.Ptr("debugging indicators"), - // Confidence: to.Ptr[int32](90), - // Created: to.Ptr("2021-04-15T20:11:57.9666134Z"), - // CreatedByRef: to.Ptr("contoso@contoso.com"), - // DisplayName: to.Ptr("new schema 2"), - // ExternalID: to.Ptr("indicator--8516d567-0daa-4614-8745-e3591e1b48cf"), - // ExternalReferences: []*armsecurityinsights.ThreatIntelligenceExternalReference{ - // }, - // GranularMarkings: []*armsecurityinsights.ThreatIntelligenceGranularMarkingModel{ - // }, - // KillChainPhases: []*armsecurityinsights.ThreatIntelligenceKillChainPhase{ - // }, - // LastUpdatedTimeUTC: to.Ptr("2021-04-15T20:15:11.0746926Z"), - // Pattern: to.Ptr("[url:value = 'https://www.contoso.com']"), - // PatternType: to.Ptr("url"), - // Revoked: to.Ptr(false), - // Source: to.Ptr("Azure Sentinel"), - // ThreatIntelligenceTags: []*string{ - // to.Ptr("new schema")}, - // ThreatTypes: []*string{ - // to.Ptr("compromised")}, - // ValidFrom: to.Ptr("2021-04-15T17:44:00.114052Z"), - // }, - // }, - // &armsecurityinsights.ThreatIntelligenceIndicatorModel{ - // Name: to.Ptr("e16ef847-962e-d7b6-9c8b-a33e4bd30e47"), - // Type: to.Ptr("Microsoft.SecurityInsights/ThreatIntelligence"), - // ID: to.Ptr("/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/e16ef847-962e-d7b6-9c8b-a33e4bd30e47"), - // Etag: to.Ptr("\"00002a2c-0000-0800-0000-5e97683b0000\""), - // Kind: to.Ptr(armsecurityinsights.ThreatIntelligenceResourceKindEnumIndicator), - // Properties: &armsecurityinsights.ThreatIntelligenceIndicatorProperties{ - // Description: to.Ptr("debugging indicators"), - // Confidence: to.Ptr[int32](78), - // Created: to.Ptr("2021-04-15T19:51:17.1050923Z"), - // CreatedByRef: to.Ptr("contoso@contoso.com"), - // DisplayName: to.Ptr("updated indicator"), - // ExternalID: to.Ptr("indicator--73be1729-babb-4348-a6c4-94621cae2530"), - // ExternalReferences: []*armsecurityinsights.ThreatIntelligenceExternalReference{ - // }, - // GranularMarkings: []*armsecurityinsights.ThreatIntelligenceGranularMarkingModel{ - // }, - // KillChainPhases: []*armsecurityinsights.ThreatIntelligenceKillChainPhase{ - // }, - // LastUpdatedTimeUTC: to.Ptr("2021-04-15T20:15:11.074903Z"), - // Pattern: to.Ptr("[url:value = 'https://www.contoso.com']"), - // PatternType: to.Ptr("url"), - // Revoked: to.Ptr(false), - // Source: to.Ptr("Azure Sentinel"), - // ThreatIntelligenceTags: []*string{ - // to.Ptr("patching tags")}, - // ThreatTypes: []*string{ - // to.Ptr("compromised")}, - // ValidFrom: to.Ptr("2021-04-15T17:44:00.114052Z"), - // }, - // }}, - // } - } -} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/watchlistitems_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/watchlistitems_client.go index 16773e249ff9..bdfa4d958983 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/watchlistitems_client.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/watchlistitems_client.go @@ -28,7 +28,7 @@ type WatchlistItemsClient struct { } // NewWatchlistItemsClient creates a new instance of WatchlistItemsClient with the specified values. -// - subscriptionID - The ID of the target subscription. +// - subscriptionID - The ID of the target subscription. The value must be an UUID. // - credential - used to authorize requests. Usually a credential from azidentity. // - options - pass nil to accept the default values. func NewWatchlistItemsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*WatchlistItemsClient, error) { @@ -43,14 +43,14 @@ func NewWatchlistItemsClient(subscriptionID string, credential azcore.TokenCrede return client, nil } -// CreateOrUpdate - Creates or updates a watchlist item. +// CreateOrUpdate - Create or update a watchlist item. // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. -// - watchlistAlias - Watchlist Alias -// - watchlistItemID - Watchlist Item Id (GUID) +// - watchlistAlias - The watchlist alias +// - watchlistItemID - The watchlist item id (GUID) // - watchlistItem - The watchlist item // - options - WatchlistItemsClientCreateOrUpdateOptions contains the optional parameters for the WatchlistItemsClient.CreateOrUpdate // method. @@ -104,7 +104,7 @@ func (client *WatchlistItemsClient) createOrUpdateCreateRequest(ctx context.Cont return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} if err := runtime.MarshalAsJSON(req, watchlistItem); err != nil { @@ -125,11 +125,11 @@ func (client *WatchlistItemsClient) createOrUpdateHandleResponse(resp *http.Resp // Delete - Delete a watchlist item. // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. -// - watchlistAlias - Watchlist Alias -// - watchlistItemID - Watchlist Item Id (GUID) +// - watchlistAlias - The watchlist alias +// - watchlistItemID - The watchlist item id (GUID) // - options - WatchlistItemsClientDeleteOptions contains the optional parameters for the WatchlistItemsClient.Delete method. func (client *WatchlistItemsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, watchlistAlias string, watchlistItemID string, options *WatchlistItemsClientDeleteOptions) (WatchlistItemsClientDeleteResponse, error) { var err error @@ -180,20 +180,20 @@ func (client *WatchlistItemsClient) deleteCreateRequest(ctx context.Context, res return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil } -// Get - Gets a watchlist, without its watchlist items. +// Get - Get a watchlist item. // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. -// - watchlistAlias - Watchlist Alias -// - watchlistItemID - Watchlist Item Id (GUID) +// - watchlistAlias - The watchlist alias +// - watchlistItemID - The watchlist item id (GUID) // - options - WatchlistItemsClientGetOptions contains the optional parameters for the WatchlistItemsClient.Get method. func (client *WatchlistItemsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, watchlistAlias string, watchlistItemID string, options *WatchlistItemsClientGetOptions) (WatchlistItemsClientGetResponse, error) { var err error @@ -245,7 +245,7 @@ func (client *WatchlistItemsClient) getCreateRequest(ctx context.Context, resour return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil @@ -260,12 +260,12 @@ func (client *WatchlistItemsClient) getHandleResponse(resp *http.Response) (Watc return result, nil } -// NewListPager - Gets all watchlist Items. +// NewListPager - Get all watchlist Items. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. -// - watchlistAlias - Watchlist Alias +// - watchlistAlias - The watchlist alias // - options - WatchlistItemsClientListOptions contains the optional parameters for the WatchlistItemsClient.NewListPager method. func (client *WatchlistItemsClient) NewListPager(resourceGroupName string, workspaceName string, watchlistAlias string, options *WatchlistItemsClientListOptions) *runtime.Pager[WatchlistItemsClientListResponse] { return runtime.NewPager(runtime.PagingHandler[WatchlistItemsClientListResponse]{ @@ -317,7 +317,7 @@ func (client *WatchlistItemsClient) listCreateRequest(ctx context.Context, resou if options != nil && options.SkipToken != nil { reqQP.Set("$skipToken", *options.SkipToken) } - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/watchlistitems_client_example_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/watchlistitems_client_example_test.go deleted file mode 100644 index afad7a041d8c..000000000000 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/watchlistitems_client_example_test.go +++ /dev/null @@ -1,213 +0,0 @@ -//go:build go1.18 -// +build go1.18 - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See License.txt in the project root for license information. -// Code generated by Microsoft (R) AutoRest Code Generator. -// Changes may cause incorrect behavior and will be lost if the code is regenerated. -// DO NOT EDIT. - -package armsecurityinsights_test - -import ( - "context" - "log" - - "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" - "github.com/Azure/azure-sdk-for-go/sdk/azidentity" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" -) - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/watchlists/GetWatchlistItems.json -func ExampleWatchlistItemsClient_NewListPager() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - pager := clientFactory.NewWatchlistItemsClient().NewListPager("myRg", "myWorkspace", "highValueAsset", &armsecurityinsights.WatchlistItemsClientListOptions{SkipToken: nil}) - for pager.More() { - page, err := pager.NextPage(ctx) - if err != nil { - log.Fatalf("failed to advance page: %v", err) - } - for _, v := range page.Value { - // You could use page here. We use blank identifier for just demo purposes. - _ = v - } - // If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // page.WatchlistItemList = armsecurityinsights.WatchlistItemList{ - // Value: []*armsecurityinsights.WatchlistItem{ - // { - // Name: to.Ptr("fd37d325-7090-47fe-851a-5b5a00c3f576"), - // Type: to.Ptr("Microsoft.SecurityInsights/Watchlists/WatchlistItems"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Watchlists/highValueAsset/WatchlistItems/fd37d325-7090-47fe-851a-5b5a00c3f576"), - // Etag: to.Ptr("\"f2089bfa-0000-0d00-0000-601c58b42021\""), - // Properties: &armsecurityinsights.WatchlistItemProperties{ - // Created: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-02-04T20:27:32.378Z"); return t}()), - // CreatedBy: &armsecurityinsights.UserInfo{ - // Name: to.Ptr("john doe"), - // Email: to.Ptr("john@contoso.com"), - // ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"), - // }, - // EntityMapping: map[string]any{ - // }, - // IsDeleted: to.Ptr(false), - // ItemsKeyValue: map[string]any{ - // "Header-1": "v1_1", - // "Header-2": "v1_2", - // "Header-3": "v1_3", - // "Header-4": "v1_4", - // "Header-5": "v1_5", - // }, - // TenantID: to.Ptr("3f8901fe-63d9-4875-9ad5-9fb3b8105797"), - // Updated: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-02-04T20:27:32.378Z"); return t}()), - // UpdatedBy: &armsecurityinsights.UserInfo{ - // Name: to.Ptr("john doe"), - // Email: to.Ptr("john@contoso.com"), - // ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"), - // }, - // WatchlistItemID: to.Ptr("fd37d325-7090-47fe-851a-5b5a00c3f576"), - // WatchlistItemType: to.Ptr("watchlist-item"), - // }, - // }}, - // } - } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/watchlists/GetWatchlistItemById.json -func ExampleWatchlistItemsClient_Get() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewWatchlistItemsClient().Get(ctx, "myRg", "myWorkspace", "highValueAsset", "3f8901fe-63d9-4875-9ad5-9fb3b8105797", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res.WatchlistItem = armsecurityinsights.WatchlistItem{ - // Name: to.Ptr("fd37d325-7090-47fe-851a-5b5a00c3f576"), - // Type: to.Ptr("Microsoft.SecurityInsights/Watchlists/WatchlistItems"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Watchlists/highValueAsset/WatchlistItems/fd37d325-7090-47fe-851a-5b5a00c3f576"), - // Etag: to.Ptr("\"f2089bfa-0000-0d00-0000-601c58b42021\""), - // Properties: &armsecurityinsights.WatchlistItemProperties{ - // Created: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-02-04T20:27:32.378Z"); return t}()), - // CreatedBy: &armsecurityinsights.UserInfo{ - // Name: to.Ptr("john doe"), - // Email: to.Ptr("john@contoso.com"), - // ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"), - // }, - // EntityMapping: map[string]any{ - // }, - // IsDeleted: to.Ptr(false), - // ItemsKeyValue: map[string]any{ - // "Header-1": "v1_1", - // "Header-2": "v1_2", - // "Header-3": "v1_3", - // "Header-4": "v1_4", - // "Header-5": "v1_5", - // }, - // TenantID: to.Ptr("3f8901fe-63d9-4875-9ad5-9fb3b8105797"), - // Updated: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-02-04T20:27:32.378Z"); return t}()), - // UpdatedBy: &armsecurityinsights.UserInfo{ - // Name: to.Ptr("john doe"), - // Email: to.Ptr("john@contoso.com"), - // ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"), - // }, - // WatchlistItemID: to.Ptr("fd37d325-7090-47fe-851a-5b5a00c3f576"), - // WatchlistItemType: to.Ptr("watchlist-item"), - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/watchlists/DeleteWatchlistItem.json -func ExampleWatchlistItemsClient_Delete() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - _, err = clientFactory.NewWatchlistItemsClient().Delete(ctx, "myRg", "myWorkspace", "highValueAsset", "4008512e-1d30-48b2-9ee2-d3612ed9d3ea", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/watchlists/CreateWatchlistItem.json -func ExampleWatchlistItemsClient_CreateOrUpdate() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewWatchlistItemsClient().CreateOrUpdate(ctx, "myRg", "myWorkspace", "highValueAsset", "82ba292c-dc97-4dfc-969d-d4dd9e666842", armsecurityinsights.WatchlistItem{ - Etag: to.Ptr("0300bf09-0000-0000-0000-5c37296e0000"), - Properties: &armsecurityinsights.WatchlistItemProperties{ - ItemsKeyValue: map[string]any{ - "Business tier": "10.0.2.0/24", - "Data tier": "10.0.2.0/24", - "Gateway subnet": "10.0.255.224/27", - "Private DMZ in": "10.0.0.0/27", - "Public DMZ out": "10.0.0.96/27", - "Web Tier": "10.0.1.0/24", - }, - }, - }, nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res.WatchlistItem = armsecurityinsights.WatchlistItem{ - // Type: to.Ptr("Microsoft.SecurityInsights/Watchlists/WatchlistItems"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Watchlists/highValueAsset/WatchlistItems/82ba292c-dc97-4dfc-969d-d4dd9e666842"), - // Etag: to.Ptr("0300bf09-0000-0000-0000-5c37296e0000"), - // Properties: &armsecurityinsights.WatchlistItemProperties{ - // Created: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-11-15T04:58:56.074Z"); return t}()), - // CreatedBy: &armsecurityinsights.UserInfo{ - // Name: to.Ptr("john doe"), - // Email: to.Ptr("john@contoso.com"), - // ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"), - // }, - // IsDeleted: to.Ptr(false), - // ItemsKeyValue: map[string]any{ - // "Business tier": "10.0.2.0/24", - // "Data tier": "10.0.2.0/24", - // "Gateway subnet": "10.0.255.224/27", - // "Private DMZ in": "10.0.0.0/27", - // "Public DMZ out": "10.0.0.96/27", - // "Web Tier": "10.0.1.0/24", - // }, - // TenantID: to.Ptr("4008512e-1d30-48b2-9ee2-d3612ed9d3ea"), - // Updated: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-11-16T16:05:20.000Z"); return t}()), - // UpdatedBy: &armsecurityinsights.UserInfo{ - // Name: to.Ptr("john doe"), - // Email: to.Ptr("john@contoso.com"), - // ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"), - // }, - // WatchlistItemID: to.Ptr("82ba292c-dc97-4dfc-969d-d4dd9e666842"), - // WatchlistItemType: to.Ptr("watchlist-item"), - // }, - // } -} diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/watchlists_client.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/watchlists_client.go index 66f0e39aa75b..91171ea88400 100644 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/watchlists_client.go +++ b/sdk/resourcemanager/securityinsights/armsecurityinsights/watchlists_client.go @@ -28,7 +28,7 @@ type WatchlistsClient struct { } // NewWatchlistsClient creates a new instance of WatchlistsClient with the specified values. -// - subscriptionID - The ID of the target subscription. +// - subscriptionID - The ID of the target subscription. The value must be an UUID. // - credential - used to authorize requests. Usually a credential from azidentity. // - options - pass nil to accept the default values. func NewWatchlistsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*WatchlistsClient, error) { @@ -43,45 +43,65 @@ func NewWatchlistsClient(subscriptionID string, credential azcore.TokenCredentia return client, nil } -// CreateOrUpdate - Create or update a Watchlist and its Watchlist Items (bulk creation, e.g. through text/csv content type). -// To create a Watchlist and its Items, we should call this endpoint with either rawContent or a -// valid SAR URI and contentType properties. The rawContent is mainly used for small watchlist (content size below 3.8 MB). -// The SAS URI enables the creation of large watchlist, where the content size can -// go up to 500 MB. The status of processing such large file can be polled through the URL returned in Azure-AsyncOperation -// header. +// BeginCreateOrUpdate - Create or update a Watchlist and its Watchlist Items (bulk creation, e.g. through text/csv content +// type). To create a Watchlist and its Items, we should call this endpoint with rawContent and +// contentType properties. // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. -// - watchlistAlias - Watchlist Alias +// - watchlistAlias - The watchlist alias // - watchlist - The watchlist -// - options - WatchlistsClientCreateOrUpdateOptions contains the optional parameters for the WatchlistsClient.CreateOrUpdate +// - options - WatchlistsClientBeginCreateOrUpdateOptions contains the optional parameters for the WatchlistsClient.BeginCreateOrUpdate // method. -func (client *WatchlistsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, watchlistAlias string, watchlist Watchlist, options *WatchlistsClientCreateOrUpdateOptions) (WatchlistsClientCreateOrUpdateResponse, error) { +func (client *WatchlistsClient) BeginCreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, watchlistAlias string, watchlist Watchlist, options *WatchlistsClientBeginCreateOrUpdateOptions) (*runtime.Poller[WatchlistsClientCreateOrUpdateResponse], error) { + if options == nil || options.ResumeToken == "" { + resp, err := client.createOrUpdate(ctx, resourceGroupName, workspaceName, watchlistAlias, watchlist, options) + if err != nil { + return nil, err + } + poller, err := runtime.NewPoller(resp, client.internal.Pipeline(), &runtime.NewPollerOptions[WatchlistsClientCreateOrUpdateResponse]{ + FinalStateVia: runtime.FinalStateViaAzureAsyncOp, + Tracer: client.internal.Tracer(), + }) + return poller, err + } else { + return runtime.NewPollerFromResumeToken(options.ResumeToken, client.internal.Pipeline(), &runtime.NewPollerFromResumeTokenOptions[WatchlistsClientCreateOrUpdateResponse]{ + Tracer: client.internal.Tracer(), + }) + } +} + +// CreateOrUpdate - Create or update a Watchlist and its Watchlist Items (bulk creation, e.g. through text/csv content type). +// To create a Watchlist and its Items, we should call this endpoint with rawContent and +// contentType properties. +// If the operation fails it returns an *azcore.ResponseError type. +// +// Generated from API version 2024-09-01 +func (client *WatchlistsClient) createOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, watchlistAlias string, watchlist Watchlist, options *WatchlistsClientBeginCreateOrUpdateOptions) (*http.Response, error) { var err error - const operationName = "WatchlistsClient.CreateOrUpdate" + const operationName = "WatchlistsClient.BeginCreateOrUpdate" ctx = context.WithValue(ctx, runtime.CtxAPINameKey{}, operationName) ctx, endSpan := runtime.StartSpan(ctx, operationName, client.internal.Tracer(), nil) defer func() { endSpan(err) }() req, err := client.createOrUpdateCreateRequest(ctx, resourceGroupName, workspaceName, watchlistAlias, watchlist, options) if err != nil { - return WatchlistsClientCreateOrUpdateResponse{}, err + return nil, err } httpResp, err := client.internal.Pipeline().Do(req) if err != nil { - return WatchlistsClientCreateOrUpdateResponse{}, err + return nil, err } if !runtime.HasStatusCode(httpResp, http.StatusOK, http.StatusCreated) { err = runtime.NewResponseError(httpResp) - return WatchlistsClientCreateOrUpdateResponse{}, err + return nil, err } - resp, err := client.createOrUpdateHandleResponse(httpResp) - return resp, err + return httpResp, nil } // createOrUpdateCreateRequest creates the CreateOrUpdate request. -func (client *WatchlistsClient) createOrUpdateCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, watchlistAlias string, watchlist Watchlist, options *WatchlistsClientCreateOrUpdateOptions) (*policy.Request, error) { +func (client *WatchlistsClient) createOrUpdateCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, watchlistAlias string, watchlist Watchlist, options *WatchlistsClientBeginCreateOrUpdateOptions) (*policy.Request, error) { urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}" if client.subscriptionID == "" { return nil, errors.New("parameter client.subscriptionID cannot be empty") @@ -104,7 +124,7 @@ func (client *WatchlistsClient) createOrUpdateCreateRequest(ctx context.Context, return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} if err := runtime.MarshalAsJSON(req, watchlist); err != nil { @@ -113,50 +133,59 @@ func (client *WatchlistsClient) createOrUpdateCreateRequest(ctx context.Context, return req, nil } -// createOrUpdateHandleResponse handles the CreateOrUpdate response. -func (client *WatchlistsClient) createOrUpdateHandleResponse(resp *http.Response) (WatchlistsClientCreateOrUpdateResponse, error) { - result := WatchlistsClientCreateOrUpdateResponse{} - if val := resp.Header.Get("Azure-AsyncOperation"); val != "" { - result.AzureAsyncOperation = &val - } - if err := runtime.UnmarshalAsJSON(resp, &result.Watchlist); err != nil { - return WatchlistsClientCreateOrUpdateResponse{}, err +// BeginDelete - Delete a watchlist. +// If the operation fails it returns an *azcore.ResponseError type. +// +// Generated from API version 2024-09-01 +// - resourceGroupName - The name of the resource group. The name is case insensitive. +// - workspaceName - The name of the workspace. +// - watchlistAlias - The watchlist alias +// - options - WatchlistsClientBeginDeleteOptions contains the optional parameters for the WatchlistsClient.BeginDelete method. +func (client *WatchlistsClient) BeginDelete(ctx context.Context, resourceGroupName string, workspaceName string, watchlistAlias string, options *WatchlistsClientBeginDeleteOptions) (*runtime.Poller[WatchlistsClientDeleteResponse], error) { + if options == nil || options.ResumeToken == "" { + resp, err := client.deleteOperation(ctx, resourceGroupName, workspaceName, watchlistAlias, options) + if err != nil { + return nil, err + } + poller, err := runtime.NewPoller(resp, client.internal.Pipeline(), &runtime.NewPollerOptions[WatchlistsClientDeleteResponse]{ + FinalStateVia: runtime.FinalStateViaAzureAsyncOp, + Tracer: client.internal.Tracer(), + }) + return poller, err + } else { + return runtime.NewPollerFromResumeToken(options.ResumeToken, client.internal.Pipeline(), &runtime.NewPollerFromResumeTokenOptions[WatchlistsClientDeleteResponse]{ + Tracer: client.internal.Tracer(), + }) } - return result, nil } // Delete - Delete a watchlist. // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview -// - resourceGroupName - The name of the resource group. The name is case insensitive. -// - workspaceName - The name of the workspace. -// - watchlistAlias - Watchlist Alias -// - options - WatchlistsClientDeleteOptions contains the optional parameters for the WatchlistsClient.Delete method. -func (client *WatchlistsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, watchlistAlias string, options *WatchlistsClientDeleteOptions) (WatchlistsClientDeleteResponse, error) { +// Generated from API version 2024-09-01 +func (client *WatchlistsClient) deleteOperation(ctx context.Context, resourceGroupName string, workspaceName string, watchlistAlias string, options *WatchlistsClientBeginDeleteOptions) (*http.Response, error) { var err error - const operationName = "WatchlistsClient.Delete" + const operationName = "WatchlistsClient.BeginDelete" ctx = context.WithValue(ctx, runtime.CtxAPINameKey{}, operationName) ctx, endSpan := runtime.StartSpan(ctx, operationName, client.internal.Tracer(), nil) defer func() { endSpan(err) }() req, err := client.deleteCreateRequest(ctx, resourceGroupName, workspaceName, watchlistAlias, options) if err != nil { - return WatchlistsClientDeleteResponse{}, err + return nil, err } httpResp, err := client.internal.Pipeline().Do(req) if err != nil { - return WatchlistsClientDeleteResponse{}, err + return nil, err } - if !runtime.HasStatusCode(httpResp, http.StatusOK, http.StatusNoContent) { + if !runtime.HasStatusCode(httpResp, http.StatusAccepted, http.StatusNoContent) { err = runtime.NewResponseError(httpResp) - return WatchlistsClientDeleteResponse{}, err + return nil, err } - resp, err := client.deleteHandleResponse(httpResp) - return resp, err + return httpResp, nil } // deleteCreateRequest creates the Delete request. -func (client *WatchlistsClient) deleteCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, watchlistAlias string, options *WatchlistsClientDeleteOptions) (*policy.Request, error) { +func (client *WatchlistsClient) deleteCreateRequest(ctx context.Context, resourceGroupName string, workspaceName string, watchlistAlias string, options *WatchlistsClientBeginDeleteOptions) (*policy.Request, error) { urlPath := "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}" if client.subscriptionID == "" { return nil, errors.New("parameter client.subscriptionID cannot be empty") @@ -179,28 +208,19 @@ func (client *WatchlistsClient) deleteCreateRequest(ctx context.Context, resourc return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil } -// deleteHandleResponse handles the Delete response. -func (client *WatchlistsClient) deleteHandleResponse(resp *http.Response) (WatchlistsClientDeleteResponse, error) { - result := WatchlistsClientDeleteResponse{} - if val := resp.Header.Get("Azure-AsyncOperation"); val != "" { - result.AzureAsyncOperation = &val - } - return result, nil -} - -// Get - Gets a watchlist, without its watchlist items. +// Get - Get a watchlist, without its watchlist items. // If the operation fails it returns an *azcore.ResponseError type. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. -// - watchlistAlias - Watchlist Alias +// - watchlistAlias - The watchlist alias // - options - WatchlistsClientGetOptions contains the optional parameters for the WatchlistsClient.Get method. func (client *WatchlistsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, watchlistAlias string, options *WatchlistsClientGetOptions) (WatchlistsClientGetResponse, error) { var err error @@ -248,7 +268,7 @@ func (client *WatchlistsClient) getCreateRequest(ctx context.Context, resourceGr return nil, err } reqQP := req.Raw().URL.Query() - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil @@ -263,9 +283,9 @@ func (client *WatchlistsClient) getHandleResponse(resp *http.Response) (Watchlis return result, nil } -// NewListPager - Gets all watchlists, without watchlist items. +// NewListPager - Get all watchlists, without watchlist items. // -// Generated from API version 2022-09-01-preview +// Generated from API version 2024-09-01 // - resourceGroupName - The name of the resource group. The name is case insensitive. // - workspaceName - The name of the workspace. // - options - WatchlistsClientListOptions contains the optional parameters for the WatchlistsClient.NewListPager method. @@ -315,7 +335,7 @@ func (client *WatchlistsClient) listCreateRequest(ctx context.Context, resourceG if options != nil && options.SkipToken != nil { reqQP.Set("$skipToken", *options.SkipToken) } - reqQP.Set("api-version", "2022-09-01-preview") + reqQP.Set("api-version", "2024-09-01") req.Raw().URL.RawQuery = reqQP.Encode() req.Raw().Header["Accept"] = []string{"application/json"} return req, nil diff --git a/sdk/resourcemanager/securityinsights/armsecurityinsights/watchlists_client_example_test.go b/sdk/resourcemanager/securityinsights/armsecurityinsights/watchlists_client_example_test.go deleted file mode 100644 index 3357c5ec8e1e..000000000000 --- a/sdk/resourcemanager/securityinsights/armsecurityinsights/watchlists_client_example_test.go +++ /dev/null @@ -1,279 +0,0 @@ -//go:build go1.18 -// +build go1.18 - -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. See License.txt in the project root for license information. -// Code generated by Microsoft (R) AutoRest Code Generator. -// Changes may cause incorrect behavior and will be lost if the code is regenerated. -// DO NOT EDIT. - -package armsecurityinsights_test - -import ( - "context" - "log" - - "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" - "github.com/Azure/azure-sdk-for-go/sdk/azidentity" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2" -) - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/watchlists/GetWatchlists.json -func ExampleWatchlistsClient_NewListPager() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - pager := clientFactory.NewWatchlistsClient().NewListPager("myRg", "myWorkspace", &armsecurityinsights.WatchlistsClientListOptions{SkipToken: nil}) - for pager.More() { - page, err := pager.NextPage(ctx) - if err != nil { - log.Fatalf("failed to advance page: %v", err) - } - for _, v := range page.Value { - // You could use page here. We use blank identifier for just demo purposes. - _ = v - } - // If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // page.WatchlistList = armsecurityinsights.WatchlistList{ - // Value: []*armsecurityinsights.Watchlist{ - // { - // Name: to.Ptr("highValueAsset"), - // Type: to.Ptr("Microsoft.SecurityInsights/Watchlists"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset"), - // Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - // Properties: &armsecurityinsights.WatchlistProperties{ - // Description: to.Ptr("Watchlist from CSV content"), - // Created: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-09-28T00:26:54.774Z"); return t}()), - // CreatedBy: &armsecurityinsights.UserInfo{ - // Name: to.Ptr("john doe"), - // Email: to.Ptr("john@contoso.com"), - // ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"), - // }, - // DefaultDuration: to.Ptr("P1279DT12H30M5S"), - // DisplayName: to.Ptr("High Value Assets Watchlist"), - // IsDeleted: to.Ptr(false), - // ItemsSearchKey: to.Ptr("header1"), - // Labels: []*string{ - // to.Ptr("Tag1"), - // to.Ptr("Tag2")}, - // Provider: to.Ptr("Microsoft"), - // Source: to.Ptr("watchlist.csv"), - // SourceType: to.Ptr(armsecurityinsights.SourceTypeLocalFile), - // TenantID: to.Ptr("f686d426-8d16-42db-81b7-ab578e110ccd"), - // Updated: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-09-28T00:26:57.000Z"); return t}()), - // UpdatedBy: &armsecurityinsights.UserInfo{ - // Name: to.Ptr("john doe"), - // Email: to.Ptr("john@contoso.com"), - // ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"), - // }, - // WatchlistAlias: to.Ptr("highValueAsset"), - // WatchlistID: to.Ptr("76d5a51f-ba1f-4038-9d22-59fda38dc017"), - // WatchlistType: to.Ptr("watchlist"), - // }, - // }}, - // } - } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/watchlists/GetWatchlistByAlias.json -func ExampleWatchlistsClient_Get() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewWatchlistsClient().Get(ctx, "myRg", "myWorkspace", "highValueAsset", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res.Watchlist = armsecurityinsights.Watchlist{ - // Name: to.Ptr("highValueAsset"), - // Type: to.Ptr("Microsoft.SecurityInsights/Watchlists"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset"), - // Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - // Properties: &armsecurityinsights.WatchlistProperties{ - // Description: to.Ptr("Watchlist from CSV content"), - // Created: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-09-28T00:26:54.774Z"); return t}()), - // CreatedBy: &armsecurityinsights.UserInfo{ - // Name: to.Ptr("john doe"), - // Email: to.Ptr("john@contoso.com"), - // ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"), - // }, - // DefaultDuration: to.Ptr("P1279DT12H30M5S"), - // DisplayName: to.Ptr("High Value Assets Watchlist"), - // IsDeleted: to.Ptr(false), - // ItemsSearchKey: to.Ptr("header1"), - // Labels: []*string{ - // to.Ptr("Tag1"), - // to.Ptr("Tag2")}, - // Provider: to.Ptr("Microsoft"), - // Source: to.Ptr("watchlist.csv"), - // SourceType: to.Ptr(armsecurityinsights.SourceTypeLocalFile), - // TenantID: to.Ptr("f686d426-8d16-42db-81b7-ab578e110ccd"), - // Updated: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-09-28T00:26:57.000Z"); return t}()), - // UpdatedBy: &armsecurityinsights.UserInfo{ - // Name: to.Ptr("john doe"), - // Email: to.Ptr("john@contoso.com"), - // ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"), - // }, - // WatchlistAlias: to.Ptr("highValueAsset"), - // WatchlistID: to.Ptr("76d5a51f-ba1f-4038-9d22-59fda38dc017"), - // WatchlistType: to.Ptr("watchlist"), - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/watchlists/DeleteWatchlist.json -func ExampleWatchlistsClient_Delete() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - _, err = clientFactory.NewWatchlistsClient().Delete(ctx, "myRg", "myWorkspace", "highValueAsset", nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/watchlists/CreateWatchlistAndWatchlistItems.json -func ExampleWatchlistsClient_CreateOrUpdate_createsOrUpdatesAWatchlistAndBulkCreatesWatchlistItems() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewWatchlistsClient().CreateOrUpdate(ctx, "myRg", "myWorkspace", "highValueAsset", armsecurityinsights.Watchlist{ - Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - Properties: &armsecurityinsights.WatchlistProperties{ - Description: to.Ptr("Watchlist from CSV content"), - ContentType: to.Ptr("text/csv"), - DisplayName: to.Ptr("High Value Assets Watchlist"), - ItemsSearchKey: to.Ptr("header1"), - NumberOfLinesToSkip: to.Ptr[int32](1), - Provider: to.Ptr("Microsoft"), - RawContent: to.Ptr("This line will be skipped\nheader1,header2\nvalue1,value2"), - Source: to.Ptr("watchlist.csv"), - SourceType: to.Ptr(armsecurityinsights.SourceTypeLocalFile), - }, - }, nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res.Watchlist = armsecurityinsights.Watchlist{ - // Name: to.Ptr("highValueAsset"), - // Type: to.Ptr("Microsoft.SecurityInsights/Watchlists"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset"), - // Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - // Properties: &armsecurityinsights.WatchlistProperties{ - // Description: to.Ptr("Watchlist from CSV content"), - // Created: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-09-28T00:26:54.774Z"); return t}()), - // CreatedBy: &armsecurityinsights.UserInfo{ - // Name: to.Ptr("john doe"), - // Email: to.Ptr("john@contoso.com"), - // ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"), - // }, - // DisplayName: to.Ptr("High Value Assets Watchlist"), - // IsDeleted: to.Ptr(false), - // ItemsSearchKey: to.Ptr("header1"), - // Provider: to.Ptr("Microsoft"), - // Source: to.Ptr("watchlist.csv"), - // SourceType: to.Ptr(armsecurityinsights.SourceTypeLocalFile), - // TenantID: to.Ptr("f686d426-8d16-42db-81b7-ab578e110ccd"), - // Updated: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-09-28T00:26:57.000Z"); return t}()), - // UpdatedBy: &armsecurityinsights.UserInfo{ - // Name: to.Ptr("john doe"), - // Email: to.Ptr("john@contoso.com"), - // ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"), - // }, - // WatchlistAlias: to.Ptr("highValueAsset"), - // WatchlistID: to.Ptr("76d5a51f-ba1f-4038-9d22-59fda38dc017"), - // WatchlistType: to.Ptr("watchlist"), - // }, - // } -} - -// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/6c4f3c695f0250dcb261598a62004f0aef10b9db/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/watchlists/CreateWatchlist.json -func ExampleWatchlistsClient_CreateOrUpdate_createsOrUpdatesAWatchlist() { - cred, err := azidentity.NewDefaultAzureCredential(nil) - if err != nil { - log.Fatalf("failed to obtain a credential: %v", err) - } - ctx := context.Background() - clientFactory, err := armsecurityinsights.NewClientFactory("", cred, nil) - if err != nil { - log.Fatalf("failed to create client: %v", err) - } - res, err := clientFactory.NewWatchlistsClient().CreateOrUpdate(ctx, "myRg", "myWorkspace", "highValueAsset", armsecurityinsights.Watchlist{ - Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - Properties: &armsecurityinsights.WatchlistProperties{ - Description: to.Ptr("Watchlist from CSV content"), - DisplayName: to.Ptr("High Value Assets Watchlist"), - ItemsSearchKey: to.Ptr("header1"), - Provider: to.Ptr("Microsoft"), - Source: to.Ptr("watchlist.csv"), - SourceType: to.Ptr(armsecurityinsights.SourceTypeLocalFile), - }, - }, nil) - if err != nil { - log.Fatalf("failed to finish the request: %v", err) - } - // You could use response here. We use blank identifier for just demo purposes. - _ = res - // If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes. - // res.Watchlist = armsecurityinsights.Watchlist{ - // Name: to.Ptr("highValueAsset"), - // Type: to.Ptr("Microsoft.SecurityInsights/Watchlists"), - // ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset"), - // Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""), - // Properties: &armsecurityinsights.WatchlistProperties{ - // Description: to.Ptr("Watchlist from CSV content"), - // Created: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-09-28T00:26:54.774Z"); return t}()), - // CreatedBy: &armsecurityinsights.UserInfo{ - // Name: to.Ptr("john doe"), - // Email: to.Ptr("john@contoso.com"), - // ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"), - // }, - // DisplayName: to.Ptr("High Value Assets Watchlist"), - // IsDeleted: to.Ptr(false), - // ItemsSearchKey: to.Ptr("header1"), - // Provider: to.Ptr("Microsoft"), - // Source: to.Ptr("watchlist.csv"), - // SourceType: to.Ptr(armsecurityinsights.SourceTypeLocalFile), - // TenantID: to.Ptr("f686d426-8d16-42db-81b7-ab578e110ccd"), - // Updated: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-09-28T00:26:57.000Z"); return t}()), - // UpdatedBy: &armsecurityinsights.UserInfo{ - // Name: to.Ptr("john doe"), - // Email: to.Ptr("john@contoso.com"), - // ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"), - // }, - // WatchlistAlias: to.Ptr("highValueAsset"), - // WatchlistID: to.Ptr("76d5a51f-ba1f-4038-9d22-59fda38dc017"), - // WatchlistType: to.Ptr("watchlist"), - // }, - // } -}