Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Dev security microsoft.security 2020 08 06 preview #10418

Merged

Conversation

liranc
Copy link
Contributor

@liranc liranc commented Aug 11, 2020

MSFT employees can try out our new experience at OpenAPI Hub - one location for using our validation tools and finding your workflow.

Contribution checklist:

If any further question about AME onboarding or validation tools, please view the FAQ.

ARM API Review Checklist

  • Ensure to check this box if one of the following scenarios meet updates in the PR, so that label “WaitForARMFeedback” will be added automatically to involve ARM API Review. Failure to comply may result in delays for manifest application. Note this does not apply to data plane APIs, all “removals” and “adding a new property” no more require ARM API review.

    • Adding new API(s)
    • Adding a new API version
    • Adding a new service
  • If you are blocked on ARM review and want to get the PR merged with urgency, please get the ARM oncall for reviews (RP Manifest Approvers team under Azure Resource Manager service) from IcM and reach out to them.

Breaking Change Review Checklist

If there are following updates in the PR, ensure to request an approval from API Review Board as defined in the Breaking Change Policy.

  • Removing API(s) in stable version
  • Removing properties in stable version
  • Removing API version(s) in stable version
  • Updating API in stable version with Breaking Change Validation errors
  • Updating API(s) in preview over 1 year

Please follow the link to find more details on PR review process.

@openapi-pipeline-app
Copy link

openapi-pipeline-app bot commented Aug 11, 2020

[Staging] Swagger Validation Report

️✔️BreakingChange [Detail]
 There are no breaking changes. 
️✔️LintDiff [Detail]
 Validation passes for LintDiff. 
️✔️Avocado [Detail]
 Validation passes for Avocado. 
Posted by Swagger Pipeline | How to fix these errors?

@azure-pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@azuresdkci
Copy link
Contributor

Can one of the admins verify this patch?

@openapi-sdkautomation
Copy link

openapi-sdkautomation bot commented Aug 11, 2020

Azure CLI Extension Generation - Release

No readme.md specification configuration files were found that are associated with the files modified in this pull request, or swagger_to_sdk section in readme.md is not configured

@openapi-sdkautomation
Copy link

openapi-sdkautomation bot commented Aug 11, 2020

azure-sdk-for-go - Release

️✔️ succeeded [Logs] [Expand Details]

@openapi-sdkautomation
Copy link

openapi-sdkautomation bot commented Aug 11, 2020

azure-sdk-for-js - Release

️✔️ succeeded [Logs] [Expand Details]
  • ️✔️ Generate from c1370e4 with merge commit fd30c1c. SDK Automation 13.0.17.20200807.2
  • ️✔️@azure/arm-security [View full logs]  [Release SDK Changes]
    Only show 100 items here, please refer to log for details.
    [npmPack] npm WARN deprecated [email protected]: This package has been deprecated and is no longer maintained. Please use @rollup/plugin-node-resolve.
    [npmPack] npm WARN deprecated [email protected]: https://github.com/lydell/resolve-url#deprecated
    [npmPack] npm WARN deprecated [email protected]: Please see https://github.com/lydell/urix#deprecated
    [npmPack] npm notice created a lockfile as package-lock.json. You should commit this file.
    [npmPack] loaded rollup.config.js with warnings
    [npmPack] (!) Unused external imports
    [npmPack] default imported from external module 'rollup' but never used
    [npmPack] 
    [npmPack] ./esm/securityCenter.js → ./dist/arm-security.js...
    [npmPack] created ./dist/arm-security.js in 1s
    [npmPack] npm notice 
    [npmPack] npm notice package: @azure/[email protected]
    [npmPack] npm notice === Tarball Contents === 
    [npmPack] npm notice 4.8kB   esm/operations/adaptiveApplicationControls.js                          
    [npmPack] npm notice 634B    esm/models/adaptiveApplicationControlsMappers.js                       
    [npmPack] npm notice 7.9kB   esm/operations/adaptiveNetworkHardenings.js                            
    [npmPack] npm notice 3.1kB   esm/models/adaptiveNetworkHardeningsMappers.js                         
    [npmPack] npm notice 3.0kB   esm/operations/advancedThreatProtection.js                             
    [npmPack] npm notice 3.1kB   esm/models/advancedThreatProtectionMappers.js                          
    [npmPack] npm notice 13.7kB  esm/operations/alerts.js                                               
    [npmPack] npm notice 3.0kB   esm/models/alertsMappers.js                                            
    [npmPack] npm notice 5.5kB   esm/operations/alertsSuppressionRules.js                               
    [npmPack] npm notice 3.1kB   esm/models/alertsSuppressionRulesMappers.js                            
    [npmPack] npm notice 5.0kB   esm/operations/allowedConnections.js                                   
    [npmPack] npm notice 521B    esm/models/allowedConnectionsMappers.js                                
    [npmPack] npm notice 761.4kB dist/arm-security.js                                                   
    [npmPack] npm notice 297.2kB dist/arm-security.min.js                                               
    [npmPack] npm notice 5.3kB   esm/operations/assessments.js                                          
    [npmPack] npm notice 3.1kB   esm/models/assessmentsMappers.js                                       
    [npmPack] npm notice 7.7kB   esm/operations/assessmentsMetadata.js                                  
    [npmPack] npm notice 3.1kB   esm/models/assessmentsMetadataMappers.js                               
    [npmPack] npm notice 8.3kB   esm/operations/automations.js                                          
    [npmPack] npm notice 672B    esm/models/automationsMappers.js                                       
    [npmPack] npm notice 4.4kB   esm/operations/autoProvisioningSettings.js                             
    [npmPack] npm notice 3.1kB   esm/models/autoProvisioningSettingsMappers.js                          
    [npmPack] npm notice 3.3kB   esm/operations/complianceResults.js                                    
    [npmPack] npm notice 3.1kB   esm/models/complianceResultsMappers.js                                 
    [npmPack] npm notice 3.2kB   esm/operations/compliances.js                                          
    [npmPack] npm notice 3.1kB   esm/models/compliancesMappers.js                                       
    [npmPack] npm notice 5.1kB   esm/operations/connectors.js                                           
    [npmPack] npm notice 3.1kB   esm/models/connectorsMappers.js                                        
    [npmPack] npm notice 5.6kB   esm/operations/deviceSecurityGroups.js                                 
    [npmPack] npm notice 3.1kB   esm/models/deviceSecurityGroupsMappers.js                              
    [npmPack] npm notice 5.3kB   esm/operations/discoveredSecuritySolutions.js                          
    [npmPack] npm notice 498B    esm/models/discoveredSecuritySolutionsMappers.js                       
    [npmPack] npm notice 5.3kB   esm/operations/externalSecuritySolutions.js                            
    [npmPack] npm notice 704B    esm/models/externalSecuritySolutionsMappers.js                         
    [npmPack] npm notice 345B    esm/models/index.js                                                    
    [npmPack] npm notice 2.2kB   esm/operations/index.js                                                
    [npmPack] npm notice 4.9kB   esm/operations/informationProtectionPolicies.js                        
    [npmPack] npm notice 3.1kB   esm/models/informationProtectionPoliciesMappers.js                     
    [npmPack] npm notice 3.8kB   esm/operations/iotAlerts.js                                            
    [npmPack] npm notice 444B    esm/models/iotAlertsMappers.js                                         
    [npmPack] npm notice 3.0kB   esm/operations/iotAlertTypes.js                                        
    [npmPack] npm notice 3.1kB   esm/models/iotAlertTypesMappers.js                                     
    [npmPack] npm notice 4.9kB   esm/operations/iotDefenderSettings.js                                  
    [npmPack] npm notice 3.3kB   esm/models/iotDefenderSettingsMappers.js                               
    [npmPack] npm notice 3.9kB   esm/operations/iotRecommendations.js                                   
    [npmPack] npm notice 3.1kB   esm/models/iotRecommendationsMappers.js                                
    [npmPack] npm notice 3.2kB   esm/operations/iotRecommendationTypes.js                               
    [npmPack] npm notice 3.1kB   esm/models/iotRecommendationTypesMappers.js                            
    [npmPack] npm notice 8.9kB   esm/operations/iotSecuritySolution.js                                  
    [npmPack] npm notice 3.1kB   esm/operations/iotSecuritySolutionAnalytics.js                         
    [npmPack] npm notice 3.1kB   esm/models/iotSecuritySolutionAnalyticsMappers.js                      
    [npmPack] npm notice 598B    esm/models/iotSecuritySolutionMappers.js                               
    [npmPack] npm notice 5.3kB   esm/operations/iotSecuritySolutionsAnalyticsAggregatedAlert.js         
    [npmPack] npm notice 571B    esm/models/iotSecuritySolutionsAnalyticsAggregatedAlertMappers.js      
    [npmPack] npm notice 4.3kB   esm/operations/iotSecuritySolutionsAnalyticsRecommendation.js          
    [npmPack] npm notice 532B    esm/models/iotSecuritySolutionsAnalyticsRecommendationMappers.js       
    [npmPack] npm notice 5.0kB   esm/operations/iotSensors.js                                           
    [npmPack] npm notice 3.1kB   esm/models/iotSensorsMappers.js                                        
    [npmPack] npm notice 12.6kB  esm/operations/jitNetworkAccessPolicies.js                             
    [npmPack] npm notice 767B    esm/models/jitNetworkAccessPoliciesMappers.js                          
    [npmPack] npm notice 3.1kB   esm/operations/locations.js                                            
    [npmPack] npm notice 3.1kB   esm/models/locationsMappers.js                                         
    [npmPack] npm notice 220.3kB esm/models/mappers.js                                                  
    [npmPack] npm notice 2.2kB   esm/operations/operations.js                                           
    [npmPack] npm notice 465B    esm/models/operationsMappers.js                                        
    [npmPack] npm notice 17.9kB  esm/models/parameters.js                                               
    [npmPack] npm notice 3.4kB   esm/operations/pricings.js                                             
    [npmPack] npm notice 3.0kB   esm/models/pricingsMappers.js                                          
    [npmPack] npm notice 4.5kB   esm/operations/regulatoryComplianceAssessments.js                      
    [npmPack] npm notice 3.1kB   esm/models/regulatoryComplianceAssessmentsMappers.js                   
    [npmPack] npm notice 4.0kB   esm/operations/regulatoryComplianceControls.js                         
    [npmPack] npm notice 3.1kB   esm/models/regulatoryComplianceControlsMappers.js                      
    [npmPack] npm notice 3.6kB   esm/operations/regulatoryComplianceStandards.js                        
    [npmPack] npm notice 3.1kB   esm/models/regulatoryComplianceStandardsMappers.js                     
    [npmPack] npm notice 976B    rollup.config.js                                                       
    [npmPack] npm notice 4.1kB   esm/operations/secureScoreControlDefinitions.js                        
    [npmPack] npm notice 3.1kB   esm/models/secureScoreControlDefinitionsMappers.js                     
    [npmPack] npm notice 4.2kB   esm/operations/secureScoreControls.js                                  
    [npmPack] npm notice 3.1kB   esm/models/secureScoreControlsMappers.js                               
    [npmPack] npm notice 3.2kB   esm/operations/secureScores.js                                         
    [npmPack] npm notice 3.1kB   esm/models/secureScoresMappers.js                                      
    [npmPack] npm notice 5.2kB   esm/securityCenter.js                                                  
    [npmPack] npm notice 2.7kB   esm/securityCenterContext.js                                           
    [npmPack] npm notice 6.3kB   esm/operations/securityContacts.js                                     
    [npmPack] npm notice 3.1kB   esm/models/securityContactsMappers.js                                  
    [npmPack] npm notice 3.5kB   esm/operations/securitySolutions.js                                    
    [npmPack] npm notice 468B    esm/models/securitySolutionsMappers.js                                 

@openapi-sdkautomation
Copy link

openapi-sdkautomation bot commented Aug 11, 2020

azure-sdk-for-java - Release

No readme.md specification configuration files were found that are associated with the files modified in this pull request, or swagger_to_sdk section in readme.md is not configured

@openapi-sdkautomation
Copy link

openapi-sdkautomation bot commented Aug 11, 2020

azure-sdk-for-python - Release

️✔️ succeeded [Logs] [Expand Details]
  • ️✔️ Generate from c1370e4 with merge commit fd30c1c. SDK Automation 13.0.17.20200807.2
  • ️✔️azure-mgmt-security [View full logs]  [Release SDK Changes]
    [build_conf] INFO:packaging_tools:Building template azure-mgmt-security
    [build_conf] INFO:packaging_tools.conf:Skipping default conf since the file exists
    [build_conf] INFO:packaging_tools:Skipping CHANGELOG.md template, since a previous one was found
    [build_conf] INFO:packaging_tools:Template done azure-mgmt-security
    [build_package] /usr/lib/python3.6/distutils/dist.py:261: UserWarning: Unknown distribution option: 'long_description_content_type'
    [build_package]   warnings.warn(msg)
    [build_package] warning: no files found matching '*.py' under directory 'tests'
    [build_package] warning: no files found matching '*.yaml' under directory 'tests'
    [build_package] /usr/lib/python3.6/distutils/dist.py:261: UserWarning: Unknown distribution option: 'long_description_content_type'
    [build_package]   warnings.warn(msg)
    [build_package] warning: no files found matching '*.py' under directory 'tests'
    [build_package] warning: no files found matching '*.yaml' under directory 'tests'
    [breaking_change_setup] Ignoring mock: markers 'python_version <= "2.7"' don't match your environment
    [ChangeLog] Size of delta 18.043% size of original (original: 166231 chars, delta: 29993 chars)
    [ChangeLog] **Features**
    [ChangeLog] 
    [ChangeLog]   - Model SecureScoreItem has a new parameter weight
    [ChangeLog]   - Added operation group IotRecommendationsOperations
    [ChangeLog]   - Added operation group IotDefenderSettingsOperations
    [ChangeLog]   - Added operation group SecuritySolutionsReferenceDataOperations
    [ChangeLog]   - Added operation group IotAlertTypesOperations
    [ChangeLog]   - Added operation group SecuritySolutionsOperations
    [ChangeLog]   - Added operation group IotRecommendationTypesOperations
    [ChangeLog]   - Added operation group ConnectorsOperations
    [ChangeLog]   - Added operation group IotSensorsOperations
    [ChangeLog]   - Added operation group IotAlertsOperations

@openapi-sdkautomation
Copy link

openapi-sdkautomation bot commented Aug 11, 2020

azure-sdk-for-python-track2 - Release

No readme.md specification configuration files were found that are associated with the files modified in this pull request, or swagger_to_sdk section in readme.md is not configured

@openapi-sdkautomation
Copy link

openapi-sdkautomation bot commented Aug 11, 2020

Trenton Generation - Release

No readme.md specification configuration files were found that are associated with the files modified in this pull request, or swagger_to_sdk section in readme.md is not configured

@openapi-sdkautomation
Copy link

openapi-sdkautomation bot commented Aug 11, 2020

azure-sdk-for-net - Release

️✔️ succeeded [Logs] [Expand Details]

}
}
},
"/subscriptions/{subscriptionId}/providers/Microsoft.Security/iotDefenderSettings/default": {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/subscriptions/{subscriptionId}/ [](start = 5, length = 32)

Is it a Proxy resource? Tracked resources are only modeled under a RG.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, this would be a proxy resource.

},
"allOf": [
{
"$ref": "../../../common/v1/types.json#/definitions/Resource"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#/definitions/Resource" [](start = 48, length = 23)

Check if it's a tracked or ProxyResource.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The shared Resource definition includes only the standard id, type, name fields.
iotDefenderSettings would be a proxy resource that would use them.

"IotDefenderSettingsProperties": {
"type": "object",
"description": "IoT Defender settings properties",
"properties": {}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No properties for this object?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Planned to be added in the future, but not as part of this preview API version.

}
},
"paths": {
"/subscriptions/{subscriptionId}/providers/Microsoft.Security/iotDefenderSettings": {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

iotDefenderSettings [](start = 66, length = 19)

Can you explain the scenario? Why does it needs to be subscription level? Can this be different per resource group? How about reusing it across a Management group?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The service ("Defender for IoT") is similar in nature to Azure Security Center while also operates in a subscription level. So some of our (proxy) resource types are also maintained at the subscription level.

}
},
"paths": {
"/subscriptions/{subscriptionId}/providers/Microsoft.Security/iotSensors": {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Microsoft.Security/iotSensors [](start = 47, length = 29)

Can you explain why IOT objects are modeled under Microsoft namespace?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IoT Defender is a new security service that specializes in enhancing security/discoverability of IoT devices.
In Service Tree, it's located under Cloud + AI Platform \ Security \ Azure IoT Security, and it's resources are available under the Microsoft.Security provider (that is, sharing the provider with Azure Security Center).

@azure-pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@azure-pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@azure-pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@azure-pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@openapi-assignment-bot openapi-assignment-bot bot added the WaitForARMFeedback <valid label in PR review process> add this label when ARM review is required label Aug 18, 2020
@azure-pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

Copy link
Contributor

@ravbhatnagar ravbhatnagar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@liranc few comments

}
}
},
"put": {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

no request body?

}
}
},
"put": {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

request body?

"IotSensorProperties": {
"type": "object",
"description": "IoT sensor properties",
"properties": {}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is weird, Is this resource type currently in test? if so, why do you have it in public repo. empty properties dont make sense.

@ravbhatnagar
Copy link
Contributor

After discussion with Liran, the device name is the deviceId which identifies the iotSensor, in the next few months the team will add more properties as per the schema of the iotSensor. and this is preview while team is exploring the scenario. signing off from ARM side.

@ravbhatnagar ravbhatnagar added ARMSignedOff <valid label in PR review process>add this label when ARM approve updates after review and removed WaitForARMFeedback <valid label in PR review process> add this label when ARM review is required labels Aug 19, 2020
@akning-ms
Copy link
Contributor

@leni-msft to check why schema generation fail

@liranc
Copy link
Contributor Author

liranc commented Aug 20, 2020

@leni-msft to check why schema generation fail

@akning-ms @leni-msft , just to make sure we're aligned, the failure is on a different resource type, from an old preview API version (isn't related to this PR).
We had some issues in the past in that resource type definition. Those issues were fixed in the stable API version (I guess that's why only the preview version breaks the CI). This is the relevant PR: #8820

@leni-msft
Copy link
Contributor

Hi @liranc, you're right. It's an existing lint violation (UniqueXmsEnumName) in old apiVersion swagger causing the schema generation failure. Though it doesn't block this PR, yet please note that, it will block the ARM template schema auto-generation for your swagger. Would you consider fixing the lint violation with another PR? cc. @apclouds

@liranc
Copy link
Contributor Author

liranc commented Aug 20, 2020

@leni-msft I assume we'll eventually have to if that's the case 🙂

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
ARMSignedOff <valid label in PR review process>add this label when ARM approve updates after review
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants