From 461cca4c0a864b6b3af99561179c03058c192570 Mon Sep 17 00:00:00 2001 From: SDK Automation Date: Sun, 28 Jun 2020 03:04:12 +0000 Subject: [PATCH] Generated from a9ed5043091171d44d57e25aa9bf22829be34643 Merge branch 'master' into alerts-2019-08-01 --- .../azure/mgmt/security/_security_center.py | 15 + .../azure/mgmt/security/models/__init__.py | 47 ++ .../azure/mgmt/security/models/_models.py | 546 ++++++++++++++++++ .../azure/mgmt/security/models/_models_py3.py | 546 ++++++++++++++++++ .../mgmt/security/models/_paged_models.py | 26 + .../security/models/_security_center_enums.py | 51 ++ .../mgmt/security/operations/__init__.py | 6 + .../operations/_connectors_operations.py | 289 +++++++++ .../operations/_iot_alert_types_operations.py | 167 ++++++ .../operations/_iot_alerts_operations.py | 200 +++++++ 10 files changed, 1893 insertions(+) create mode 100644 sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_connectors_operations.py create mode 100644 sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_iot_alert_types_operations.py create mode 100644 sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_iot_alerts_operations.py diff --git a/sdk/security/azure-mgmt-security/azure/mgmt/security/_security_center.py b/sdk/security/azure-mgmt-security/azure/mgmt/security/_security_center.py index 604180eb1c4d..0032bf554c24 100644 --- a/sdk/security/azure-mgmt-security/azure/mgmt/security/_security_center.py +++ b/sdk/security/azure-mgmt-security/azure/mgmt/security/_security_center.py @@ -23,6 +23,8 @@ from .operations import IotSecuritySolutionAnalyticsOperations from .operations import IotSecuritySolutionsAnalyticsAggregatedAlertOperations from .operations import IotSecuritySolutionsAnalyticsRecommendationOperations +from .operations import IotAlertTypesOperations +from .operations import IotAlertsOperations from .operations import LocationsOperations from .operations import Operations from .operations import TasksOperations @@ -50,6 +52,7 @@ from .operations import SecureScoresOperations from .operations import SecureScoreControlsOperations from .operations import SecureScoreControlDefinitionsOperations +from .operations import ConnectorsOperations from . import models @@ -79,6 +82,10 @@ class SecurityCenter(SDKClient): :vartype iot_security_solutions_analytics_aggregated_alert: azure.mgmt.security.operations.IotSecuritySolutionsAnalyticsAggregatedAlertOperations :ivar iot_security_solutions_analytics_recommendation: IotSecuritySolutionsAnalyticsRecommendation operations :vartype iot_security_solutions_analytics_recommendation: azure.mgmt.security.operations.IotSecuritySolutionsAnalyticsRecommendationOperations + :ivar iot_alert_types: IotAlertTypes operations + :vartype iot_alert_types: azure.mgmt.security.operations.IotAlertTypesOperations + :ivar iot_alerts: IotAlerts operations + :vartype iot_alerts: azure.mgmt.security.operations.IotAlertsOperations :ivar locations: Locations operations :vartype locations: azure.mgmt.security.operations.LocationsOperations :ivar operations: Operations operations @@ -133,6 +140,8 @@ class SecurityCenter(SDKClient): :vartype secure_score_controls: azure.mgmt.security.operations.SecureScoreControlsOperations :ivar secure_score_control_definitions: SecureScoreControlDefinitions operations :vartype secure_score_control_definitions: azure.mgmt.security.operations.SecureScoreControlDefinitionsOperations + :ivar connectors: Connectors operations + :vartype connectors: azure.mgmt.security.operations.ConnectorsOperations :param credentials: Credentials needed for the client to connect to Azure. :type credentials: :mod:`A msrestazure Credentials @@ -175,6 +184,10 @@ def __init__( self._client, self.config, self._serialize, self._deserialize) self.iot_security_solutions_analytics_recommendation = IotSecuritySolutionsAnalyticsRecommendationOperations( self._client, self.config, self._serialize, self._deserialize) + self.iot_alert_types = IotAlertTypesOperations( + self._client, self.config, self._serialize, self._deserialize) + self.iot_alerts = IotAlertsOperations( + self._client, self.config, self._serialize, self._deserialize) self.locations = LocationsOperations( self._client, self.config, self._serialize, self._deserialize) self.operations = Operations( @@ -229,3 +242,5 @@ def __init__( self._client, self.config, self._serialize, self._deserialize) self.secure_score_control_definitions = SecureScoreControlDefinitionsOperations( self._client, self.config, self._serialize, self._deserialize) + self.connectors = ConnectorsOperations( + self._client, self.config, self._serialize, self._deserialize) diff --git a/sdk/security/azure-mgmt-security/azure/mgmt/security/models/__init__.py b/sdk/security/azure-mgmt-security/azure/mgmt/security/models/__init__.py index 0ec802c22392..6801ac7b2e87 100644 --- a/sdk/security/azure-mgmt-security/azure/mgmt/security/models/__init__.py +++ b/sdk/security/azure-mgmt-security/azure/mgmt/security/models/__init__.py @@ -35,6 +35,7 @@ from ._models_py3 import AssessmentStatus from ._models_py3 import AtaExternalSecuritySolution from ._models_py3 import AtaSolutionProperties + from ._models_py3 import AuthenticationDetailsProperties from ._models_py3 import Automation from ._models_py3 import AutomationAction from ._models_py3 import AutomationActionEventHub @@ -46,6 +47,8 @@ from ._models_py3 import AutomationTriggeringRule from ._models_py3 import AutomationValidationStatus from ._models_py3 import AutoProvisioningSetting + from ._models_py3 import AwAssumeRoleAuthenticationDetailsProperties + from ._models_py3 import AwsCredsAuthenticationDetailsProperties from ._models_py3 import AzureResourceDetails from ._models_py3 import AzureResourceLink from ._models_py3 import CefExternalSecuritySolution @@ -57,6 +60,7 @@ from ._models_py3 import ConnectedResource from ._models_py3 import ConnectedWorkspace from ._models_py3 import ConnectionToIpNotAllowed + from ._models_py3 import ConnectorSetting from ._models_py3 import ContainerRegistryVulnerabilityProperties from ._models_py3 import CustomAlertRule from ._models_py3 import CVE @@ -73,12 +77,17 @@ from ._models_py3 import ExternalSecuritySolutionProperties from ._models_py3 import FailedLocalLoginsNotInAllowedRange from ._models_py3 import FileUploadsNotInAllowedRange + from ._models_py3 import GcpCredentialsDetailsProperties from ._models_py3 import HttpC2DMessagesNotInAllowedRange from ._models_py3 import HttpC2DRejectedMessagesNotInAllowedRange from ._models_py3 import HttpD2CMessagesNotInAllowedRange + from ._models_py3 import HybridComputeSettingsProperties from ._models_py3 import InformationProtectionKeyword from ._models_py3 import InformationProtectionPolicy from ._models_py3 import InformationType + from ._models_py3 import IotAlert + from ._models_py3 import IotAlertType + from ._models_py3 import IotAlertTypeList from ._models_py3 import IoTSecurityAggregatedAlert from ._models_py3 import IoTSecurityAggregatedAlertPropertiesTopDevicesListItem from ._models_py3 import IoTSecurityAggregatedRecommendation @@ -114,6 +123,7 @@ from ._models_py3 import PricingList from ._models_py3 import ProcessNotAllowed from ._models_py3 import ProtectionMode + from ._models_py3 import ProxyServerProperties from ._models_py3 import PublisherInfo from ._models_py3 import QueuePurgesNotInAllowedRange from ._models_py3 import RecommendationConfigurationProperties @@ -142,6 +152,7 @@ from ._models_py3 import ServerVulnerabilityAssessment from ._models_py3 import ServerVulnerabilityAssessmentsList from ._models_py3 import ServerVulnerabilityProperties + from ._models_py3 import ServicePrincipalProperties from ._models_py3 import Setting from ._models_py3 import SettingResource from ._models_py3 import SqlServerVulnerabilityProperties @@ -190,6 +201,7 @@ from ._models import AssessmentStatus from ._models import AtaExternalSecuritySolution from ._models import AtaSolutionProperties + from ._models import AuthenticationDetailsProperties from ._models import Automation from ._models import AutomationAction from ._models import AutomationActionEventHub @@ -201,6 +213,8 @@ from ._models import AutomationTriggeringRule from ._models import AutomationValidationStatus from ._models import AutoProvisioningSetting + from ._models import AwAssumeRoleAuthenticationDetailsProperties + from ._models import AwsCredsAuthenticationDetailsProperties from ._models import AzureResourceDetails from ._models import AzureResourceLink from ._models import CefExternalSecuritySolution @@ -212,6 +226,7 @@ from ._models import ConnectedResource from ._models import ConnectedWorkspace from ._models import ConnectionToIpNotAllowed + from ._models import ConnectorSetting from ._models import ContainerRegistryVulnerabilityProperties from ._models import CustomAlertRule from ._models import CVE @@ -228,12 +243,17 @@ from ._models import ExternalSecuritySolutionProperties from ._models import FailedLocalLoginsNotInAllowedRange from ._models import FileUploadsNotInAllowedRange + from ._models import GcpCredentialsDetailsProperties from ._models import HttpC2DMessagesNotInAllowedRange from ._models import HttpC2DRejectedMessagesNotInAllowedRange from ._models import HttpD2CMessagesNotInAllowedRange + from ._models import HybridComputeSettingsProperties from ._models import InformationProtectionKeyword from ._models import InformationProtectionPolicy from ._models import InformationType + from ._models import IotAlert + from ._models import IotAlertType + from ._models import IotAlertTypeList from ._models import IoTSecurityAggregatedAlert from ._models import IoTSecurityAggregatedAlertPropertiesTopDevicesListItem from ._models import IoTSecurityAggregatedRecommendation @@ -269,6 +289,7 @@ from ._models import PricingList from ._models import ProcessNotAllowed from ._models import ProtectionMode + from ._models import ProxyServerProperties from ._models import PublisherInfo from ._models import QueuePurgesNotInAllowedRange from ._models import RecommendationConfigurationProperties @@ -297,6 +318,7 @@ from ._models import ServerVulnerabilityAssessment from ._models import ServerVulnerabilityAssessmentsList from ._models import ServerVulnerabilityProperties + from ._models import ServicePrincipalProperties from ._models import Setting from ._models import SettingResource from ._models import SqlServerVulnerabilityProperties @@ -328,10 +350,12 @@ from ._paged_models import AutoProvisioningSettingPaged from ._paged_models import CompliancePaged from ._paged_models import ComplianceResultPaged +from ._paged_models import ConnectorSettingPaged from ._paged_models import DeviceSecurityGroupPaged from ._paged_models import DiscoveredSecuritySolutionPaged from ._paged_models import ExternalSecuritySolutionPaged from ._paged_models import InformationProtectionPolicyPaged +from ._paged_models import IotAlertPaged from ._paged_models import IoTSecurityAggregatedAlertPaged from ._paged_models import IoTSecurityAggregatedRecommendationPaged from ._paged_models import IoTSecuritySolutionModelPaged @@ -362,6 +386,8 @@ RecommendationType, RecommendationConfigStatus, UnmaskedIpLoggingStatus, + AlertSeverity, + AlertIntent, AutoProvision, Rank, AlertNotifications, @@ -388,6 +414,9 @@ AadConnectivityState, ExternalSecuritySolutionKind, ControlType, + HybridComputeProvisioningState, + AuthenticationProvisioningState, + PermissionProperty, ExpandEnum, ConnectionType, ExpandControlsEnum, @@ -419,6 +448,7 @@ 'AssessmentStatus', 'AtaExternalSecuritySolution', 'AtaSolutionProperties', + 'AuthenticationDetailsProperties', 'Automation', 'AutomationAction', 'AutomationActionEventHub', @@ -430,6 +460,8 @@ 'AutomationTriggeringRule', 'AutomationValidationStatus', 'AutoProvisioningSetting', + 'AwAssumeRoleAuthenticationDetailsProperties', + 'AwsCredsAuthenticationDetailsProperties', 'AzureResourceDetails', 'AzureResourceLink', 'CefExternalSecuritySolution', @@ -441,6 +473,7 @@ 'ConnectedResource', 'ConnectedWorkspace', 'ConnectionToIpNotAllowed', + 'ConnectorSetting', 'ContainerRegistryVulnerabilityProperties', 'CustomAlertRule', 'CVE', @@ -457,12 +490,17 @@ 'ExternalSecuritySolutionProperties', 'FailedLocalLoginsNotInAllowedRange', 'FileUploadsNotInAllowedRange', + 'GcpCredentialsDetailsProperties', 'HttpC2DMessagesNotInAllowedRange', 'HttpC2DRejectedMessagesNotInAllowedRange', 'HttpD2CMessagesNotInAllowedRange', + 'HybridComputeSettingsProperties', 'InformationProtectionKeyword', 'InformationProtectionPolicy', 'InformationType', + 'IotAlert', + 'IotAlertType', + 'IotAlertTypeList', 'IoTSecurityAggregatedAlert', 'IoTSecurityAggregatedAlertPropertiesTopDevicesListItem', 'IoTSecurityAggregatedRecommendation', @@ -498,6 +536,7 @@ 'PricingList', 'ProcessNotAllowed', 'ProtectionMode', + 'ProxyServerProperties', 'PublisherInfo', 'QueuePurgesNotInAllowedRange', 'RecommendationConfigurationProperties', @@ -526,6 +565,7 @@ 'ServerVulnerabilityAssessment', 'ServerVulnerabilityAssessmentsList', 'ServerVulnerabilityProperties', + 'ServicePrincipalProperties', 'Setting', 'SettingResource', 'SqlServerVulnerabilityProperties', @@ -555,6 +595,7 @@ 'IoTSecuritySolutionModelPaged', 'IoTSecurityAggregatedAlertPaged', 'IoTSecurityAggregatedRecommendationPaged', + 'IotAlertPaged', 'AscLocationPaged', 'OperationPaged', 'SecurityTaskPaged', @@ -580,6 +621,7 @@ 'SecureScoreItemPaged', 'SecureScoreControlDetailsPaged', 'SecureScoreControlDefinitionItemPaged', + 'ConnectorSettingPaged', 'ResourceStatus', 'PricingTier', 'ReportedSeverity', @@ -590,6 +632,8 @@ 'RecommendationType', 'RecommendationConfigStatus', 'UnmaskedIpLoggingStatus', + 'AlertSeverity', + 'AlertIntent', 'AutoProvision', 'Rank', 'AlertNotifications', @@ -616,6 +660,9 @@ 'AadConnectivityState', 'ExternalSecuritySolutionKind', 'ControlType', + 'HybridComputeProvisioningState', + 'AuthenticationProvisioningState', + 'PermissionProperty', 'ExpandEnum', 'ConnectionType', 'ExpandControlsEnum', diff --git a/sdk/security/azure-mgmt-security/azure/mgmt/security/models/_models.py b/sdk/security/azure-mgmt-security/azure/mgmt/security/models/_models.py index d6d9e2596d17..1b6438f60c82 100644 --- a/sdk/security/azure-mgmt-security/azure/mgmt/security/models/_models.py +++ b/sdk/security/azure-mgmt-security/azure/mgmt/security/models/_models.py @@ -1452,6 +1452,54 @@ def __init__(self, **kwargs): self.last_event_received = kwargs.get('last_event_received', None) +class AuthenticationDetailsProperties(Model): + """Settings for cloud authentication management. + + You probably want to use the sub-classes and not this class directly. Known + sub-classes are: AwsCredsAuthenticationDetailsProperties, + AwAssumeRoleAuthenticationDetailsProperties, + GcpCredentialsDetailsProperties + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar authentication_provisioning_state: State of the multi-cloud + connector. Possible values include: 'Valid', 'Invalid', 'Expired', + 'IncorrectPolicy' + :vartype authentication_provisioning_state: str or + ~azure.mgmt.security.models.AuthenticationProvisioningState + :ivar granted_permissions: The permissions detected in the cloud account. + :vartype granted_permissions: list[str or + ~azure.mgmt.security.models.PermissionProperty] + :param authentication_type: Required. Constant filled by server. + :type authentication_type: str + """ + + _validation = { + 'authentication_provisioning_state': {'readonly': True}, + 'granted_permissions': {'readonly': True}, + 'authentication_type': {'required': True}, + } + + _attribute_map = { + 'authentication_provisioning_state': {'key': 'authenticationProvisioningState', 'type': 'str'}, + 'granted_permissions': {'key': 'grantedPermissions', 'type': '[str]'}, + 'authentication_type': {'key': 'authenticationType', 'type': 'str'}, + } + + _subtype_map = { + 'authentication_type': {'awsCreds': 'AwsCredsAuthenticationDetailsProperties', 'awsAssumeRole': 'AwAssumeRoleAuthenticationDetailsProperties', 'gcpCredentials': 'GcpCredentialsDetailsProperties'} + } + + def __init__(self, **kwargs): + super(AuthenticationDetailsProperties, self).__init__(**kwargs) + self.authentication_provisioning_state = None + self.granted_permissions = None + self.authentication_type = None + + class TrackedResource(Model): """Describes an Azure tracked resource. @@ -1871,6 +1919,121 @@ def __init__(self, **kwargs): self.auto_provision = kwargs.get('auto_provision', None) +class AwAssumeRoleAuthenticationDetailsProperties(AuthenticationDetailsProperties): + """AWS cloud account connector based assume role, the role enables delegating + access to your AWS resources. The role is composed of role arn and external + id, for more details, refer to Creating + a Role to Delegate Permissions to an IAM User (write only). + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar authentication_provisioning_state: State of the multi-cloud + connector. Possible values include: 'Valid', 'Invalid', 'Expired', + 'IncorrectPolicy' + :vartype authentication_provisioning_state: str or + ~azure.mgmt.security.models.AuthenticationProvisioningState + :ivar granted_permissions: The permissions detected in the cloud account. + :vartype granted_permissions: list[str or + ~azure.mgmt.security.models.PermissionProperty] + :param authentication_type: Required. Constant filled by server. + :type authentication_type: str + :ivar account_id: The ID of the cloud account + :vartype account_id: str + :param aws_assume_role_arn: Required. Assumed role ID is an identifier + that you can use to create temporary security credentials. + :type aws_assume_role_arn: str + :param aws_external_id: Required. A unique identifier that is required + when you assume a role in another account. + :type aws_external_id: str + """ + + _validation = { + 'authentication_provisioning_state': {'readonly': True}, + 'granted_permissions': {'readonly': True}, + 'authentication_type': {'required': True}, + 'account_id': {'readonly': True}, + 'aws_assume_role_arn': {'required': True}, + 'aws_external_id': {'required': True}, + } + + _attribute_map = { + 'authentication_provisioning_state': {'key': 'authenticationProvisioningState', 'type': 'str'}, + 'granted_permissions': {'key': 'grantedPermissions', 'type': '[str]'}, + 'authentication_type': {'key': 'authenticationType', 'type': 'str'}, + 'account_id': {'key': 'accountId', 'type': 'str'}, + 'aws_assume_role_arn': {'key': 'awsAssumeRoleArn', 'type': 'str'}, + 'aws_external_id': {'key': 'awsExternalId', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(AwAssumeRoleAuthenticationDetailsProperties, self).__init__(**kwargs) + self.account_id = None + self.aws_assume_role_arn = kwargs.get('aws_assume_role_arn', None) + self.aws_external_id = kwargs.get('aws_external_id', None) + self.authentication_type = 'awsAssumeRole' + + +class AwsCredsAuthenticationDetailsProperties(AuthenticationDetailsProperties): + """AWS cloud account connector based credentials, the credentials is composed + of access key id and secret key, for more details, refer to Creating + an IAM User in Your AWS Account (write only). + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar authentication_provisioning_state: State of the multi-cloud + connector. Possible values include: 'Valid', 'Invalid', 'Expired', + 'IncorrectPolicy' + :vartype authentication_provisioning_state: str or + ~azure.mgmt.security.models.AuthenticationProvisioningState + :ivar granted_permissions: The permissions detected in the cloud account. + :vartype granted_permissions: list[str or + ~azure.mgmt.security.models.PermissionProperty] + :param authentication_type: Required. Constant filled by server. + :type authentication_type: str + :ivar account_id: The ID of the cloud account + :vartype account_id: str + :param aws_access_key_id: Required. Public key element of the AWS + credential object (write only) + :type aws_access_key_id: str + :param aws_secret_access_key: Required. Secret key element of the AWS + credential object (write only) + :type aws_secret_access_key: str + """ + + _validation = { + 'authentication_provisioning_state': {'readonly': True}, + 'granted_permissions': {'readonly': True}, + 'authentication_type': {'required': True}, + 'account_id': {'readonly': True}, + 'aws_access_key_id': {'required': True}, + 'aws_secret_access_key': {'required': True}, + } + + _attribute_map = { + 'authentication_provisioning_state': {'key': 'authenticationProvisioningState', 'type': 'str'}, + 'granted_permissions': {'key': 'grantedPermissions', 'type': '[str]'}, + 'authentication_type': {'key': 'authenticationType', 'type': 'str'}, + 'account_id': {'key': 'accountId', 'type': 'str'}, + 'aws_access_key_id': {'key': 'awsAccessKeyId', 'type': 'str'}, + 'aws_secret_access_key': {'key': 'awsSecretAccessKey', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(AwsCredsAuthenticationDetailsProperties, self).__init__(**kwargs) + self.account_id = None + self.aws_access_key_id = kwargs.get('aws_access_key_id', None) + self.aws_secret_access_key = kwargs.get('aws_secret_access_key', None) + self.authentication_type = 'awsCreds' + + class ResourceDetails(Model): """Details of the resource that was assessed. @@ -2329,6 +2492,48 @@ def __init__(self, **kwargs): self.rule_type = 'ConnectionToIpNotAllowed' +class ConnectorSetting(Resource): + """The connector setting. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: Resource Id + :vartype id: str + :ivar name: Resource name + :vartype name: str + :ivar type: Resource type + :vartype type: str + :param hybrid_compute_settings: Settings for hybrid compute management, + these settings are relevant only Arc autoProvision (Hybrid Compute). + :type hybrid_compute_settings: + ~azure.mgmt.security.models.HybridComputeSettingsProperties + :param authentication_details: Settings for authentication management, + these settings are relevant only for the cloud connector. + :type authentication_details: + ~azure.mgmt.security.models.AuthenticationDetailsProperties + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'hybrid_compute_settings': {'key': 'properties.hybridComputeSettings', 'type': 'HybridComputeSettingsProperties'}, + 'authentication_details': {'key': 'properties.authenticationDetails', 'type': 'AuthenticationDetailsProperties'}, + } + + def __init__(self, **kwargs): + super(ConnectorSetting, self).__init__(**kwargs) + self.hybrid_compute_settings = kwargs.get('hybrid_compute_settings', None) + self.authentication_details = kwargs.get('authentication_details', None) + + class ContainerRegistryVulnerabilityProperties(AdditionalData): """Additional context fields for container registry Vulnerability assessment. @@ -2943,6 +3148,106 @@ def __init__(self, **kwargs): self.rule_type = 'FileUploadsNotInAllowedRange' +class GcpCredentialsDetailsProperties(AuthenticationDetailsProperties): + """GCP cloud account connector based service to service credentials, the + credentials is composed of organization id and json api key (write + only). + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar authentication_provisioning_state: State of the multi-cloud + connector. Possible values include: 'Valid', 'Invalid', 'Expired', + 'IncorrectPolicy' + :vartype authentication_provisioning_state: str or + ~azure.mgmt.security.models.AuthenticationProvisioningState + :ivar granted_permissions: The permissions detected in the cloud account. + :vartype granted_permissions: list[str or + ~azure.mgmt.security.models.PermissionProperty] + :param authentication_type: Required. Constant filled by server. + :type authentication_type: str + :param organization_id: Required. The Organization ID of the GCP cloud + account + :type organization_id: str + :param type: Required. Type field of the API key (write only) + :type type: str + :param project_id: Required. Project Id field of the API key (write only) + :type project_id: str + :param private_key_id: Required. Private key Id field of the API key + (write only) + :type private_key_id: str + :param private_key: Required. Private key field of the API key (write + only) + :type private_key: str + :param client_email: Required. Client email field of the API key (write + only) + :type client_email: str + :param client_id: Required. Client Id field of the API key (write only) + :type client_id: str + :param auth_uri: Required. Auth Uri field of the API key (write only) + :type auth_uri: str + :param token_uri: Required. Token Uri field of the API key (write only) + :type token_uri: str + :param auth_provider_x509_cert_url: Required. Auth provider x509 + certificate url field of the API key (write only) + :type auth_provider_x509_cert_url: str + :param client_x509_cert_url: Required. Client x509 certificate url field + of the API key (write only) + :type client_x509_cert_url: str + """ + + _validation = { + 'authentication_provisioning_state': {'readonly': True}, + 'granted_permissions': {'readonly': True}, + 'authentication_type': {'required': True}, + 'organization_id': {'required': True}, + 'type': {'required': True}, + 'project_id': {'required': True}, + 'private_key_id': {'required': True}, + 'private_key': {'required': True}, + 'client_email': {'required': True}, + 'client_id': {'required': True}, + 'auth_uri': {'required': True}, + 'token_uri': {'required': True}, + 'auth_provider_x509_cert_url': {'required': True}, + 'client_x509_cert_url': {'required': True}, + } + + _attribute_map = { + 'authentication_provisioning_state': {'key': 'authenticationProvisioningState', 'type': 'str'}, + 'granted_permissions': {'key': 'grantedPermissions', 'type': '[str]'}, + 'authentication_type': {'key': 'authenticationType', 'type': 'str'}, + 'organization_id': {'key': 'organizationId', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'project_id': {'key': 'projectId', 'type': 'str'}, + 'private_key_id': {'key': 'privateKeyId', 'type': 'str'}, + 'private_key': {'key': 'privateKey', 'type': 'str'}, + 'client_email': {'key': 'clientEmail', 'type': 'str'}, + 'client_id': {'key': 'clientId', 'type': 'str'}, + 'auth_uri': {'key': 'authUri', 'type': 'str'}, + 'token_uri': {'key': 'tokenUri', 'type': 'str'}, + 'auth_provider_x509_cert_url': {'key': 'authProviderX509CertUrl', 'type': 'str'}, + 'client_x509_cert_url': {'key': 'clientX509CertUrl', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(GcpCredentialsDetailsProperties, self).__init__(**kwargs) + self.organization_id = kwargs.get('organization_id', None) + self.type = kwargs.get('type', None) + self.project_id = kwargs.get('project_id', None) + self.private_key_id = kwargs.get('private_key_id', None) + self.private_key = kwargs.get('private_key', None) + self.client_email = kwargs.get('client_email', None) + self.client_id = kwargs.get('client_id', None) + self.auth_uri = kwargs.get('auth_uri', None) + self.token_uri = kwargs.get('token_uri', None) + self.auth_provider_x509_cert_url = kwargs.get('auth_provider_x509_cert_url', None) + self.client_x509_cert_url = kwargs.get('client_x509_cert_url', None) + self.authentication_type = 'gcpCredentials' + + class HttpC2DMessagesNotInAllowedRange(TimeWindowCustomAlertRule): """Number of cloud to device messages (HTTP protocol) is not in allowed range. @@ -3091,6 +3396,61 @@ def __init__(self, **kwargs): self.rule_type = 'HttpD2CMessagesNotInAllowedRange' +class HybridComputeSettingsProperties(Model): + """Settings for hybrid compute management. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar hybrid_compute_provisioning_state: State of the service principal + and its secret. Possible values include: 'Valid', 'Invalid', 'Expired' + :vartype hybrid_compute_provisioning_state: str or + ~azure.mgmt.security.models.HybridComputeProvisioningState + :param auto_provision: Required. Whether or not to automatically install + Azure Arc (hybrid compute) agents on machines. Possible values include: + 'On', 'Off' + :type auto_provision: str or ~azure.mgmt.security.models.AutoProvision + :param resource_group_name: The name of the resource group where Arc + (Hybrid Compute) connectors are connected. + :type resource_group_name: str + :param region: The location where the meta data of machines will be stored + :type region: str + :param proxy_server: For a non-Azure machine that is not connected + directly to the internet, specify a proxy server that the non-Azure + machine can use. + :type proxy_server: ~azure.mgmt.security.models.ProxyServerProperties + :param service_principal: An object to access resources that are secured + by an Azure AD tenant. + :type service_principal: + ~azure.mgmt.security.models.ServicePrincipalProperties + """ + + _validation = { + 'hybrid_compute_provisioning_state': {'readonly': True}, + 'auto_provision': {'required': True}, + } + + _attribute_map = { + 'hybrid_compute_provisioning_state': {'key': 'hybridComputeProvisioningState', 'type': 'str'}, + 'auto_provision': {'key': 'autoProvision', 'type': 'str'}, + 'resource_group_name': {'key': 'resourceGroupName', 'type': 'str'}, + 'region': {'key': 'region', 'type': 'str'}, + 'proxy_server': {'key': 'proxyServer', 'type': 'ProxyServerProperties'}, + 'service_principal': {'key': 'servicePrincipal', 'type': 'ServicePrincipalProperties'}, + } + + def __init__(self, **kwargs): + super(HybridComputeSettingsProperties, self).__init__(**kwargs) + self.hybrid_compute_provisioning_state = None + self.auto_provision = kwargs.get('auto_provision', None) + self.resource_group_name = kwargs.get('resource_group_name', None) + self.region = kwargs.get('region', None) + self.proxy_server = kwargs.get('proxy_server', None) + self.service_principal = kwargs.get('service_principal', None) + + class InformationProtectionKeyword(Model): """The information type keyword. @@ -3212,6 +3572,150 @@ def __init__(self, **kwargs): self.keywords = kwargs.get('keywords', None) +class IotAlert(Model): + """IoT alert. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar system_alert_id: Holds the product canonical identifier of the alert + within the scope of a product + :vartype system_alert_id: str + :ivar compromised_entity: Display name of the main entity being reported + on + :vartype compromised_entity: str + :ivar alert_type: The type name of the alert + :vartype alert_type: str + :ivar start_time_utc: The impact start time of the alert (the time of the + first event or activity included in the alert) + :vartype start_time_utc: str + :ivar end_time_utc: The impact end time of the alert (the time of the last + event or activity included in the alert) + :vartype end_time_utc: str + :param entities: A list of entities related to the alert + :type entities: list[object] + :param extended_properties: A bag of fields which extends the alert + information + :type extended_properties: object + """ + + _validation = { + 'system_alert_id': {'readonly': True}, + 'compromised_entity': {'readonly': True}, + 'alert_type': {'readonly': True}, + 'start_time_utc': {'readonly': True}, + 'end_time_utc': {'readonly': True}, + } + + _attribute_map = { + 'system_alert_id': {'key': 'properties.systemAlertId', 'type': 'str'}, + 'compromised_entity': {'key': 'properties.compromisedEntity', 'type': 'str'}, + 'alert_type': {'key': 'properties.alertType', 'type': 'str'}, + 'start_time_utc': {'key': 'properties.startTimeUtc', 'type': 'str'}, + 'end_time_utc': {'key': 'properties.endTimeUtc', 'type': 'str'}, + 'entities': {'key': 'properties.entities', 'type': '[object]'}, + 'extended_properties': {'key': 'properties.extendedProperties', 'type': 'object'}, + } + + def __init__(self, **kwargs): + super(IotAlert, self).__init__(**kwargs) + self.system_alert_id = None + self.compromised_entity = None + self.alert_type = None + self.start_time_utc = None + self.end_time_utc = None + self.entities = kwargs.get('entities', None) + self.extended_properties = kwargs.get('extended_properties', None) + + +class IotAlertType(Resource): + """IoT alert type. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: Resource Id + :vartype id: str + :ivar name: Resource name + :vartype name: str + :ivar type: Resource type + :vartype type: str + :ivar alert_display_name: The display name of the alert + :vartype alert_display_name: str + :ivar severity: The severity of the alert. Possible values include: + 'Informational', 'Low', 'Medium', 'High' + :vartype severity: str or ~azure.mgmt.security.models.AlertSeverity + :ivar description: Description of the suspected vulnerability and meaning. + :vartype description: str + :ivar provider_name: The name of the alert provider or internal partner + :vartype provider_name: str + :ivar vendor_name: The name of the vendor that raise the alert + :vartype vendor_name: str + :ivar intent: Kill chain related intent behind the alert. Could contain + multiple enum values (separated by commas). Possible values include: + 'Unknown', 'PreAttack', 'InitialAccess', 'Persistence', + 'PrivilegeEscalation', 'DefenseEvasion', 'CredentialAccess', 'Discovery', + 'LateralMovement', 'Execution', 'Collection', 'Exfiltration', + 'CommandAndControl', 'Impact', 'Probing', 'Exploitation' + :vartype intent: str or ~azure.mgmt.security.models.AlertIntent + :ivar remediation_steps: Manual action items to take to remediate the + alert + :vartype remediation_steps: list[str] + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'alert_display_name': {'readonly': True}, + 'severity': {'readonly': True}, + 'description': {'readonly': True}, + 'provider_name': {'readonly': True}, + 'vendor_name': {'readonly': True}, + 'intent': {'readonly': True}, + 'remediation_steps': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'alert_display_name': {'key': 'properties.alertDisplayName', 'type': 'str'}, + 'severity': {'key': 'properties.severity', 'type': 'str'}, + 'description': {'key': 'properties.description', 'type': 'str'}, + 'provider_name': {'key': 'properties.providerName', 'type': 'str'}, + 'vendor_name': {'key': 'properties.vendorName', 'type': 'str'}, + 'intent': {'key': 'properties.intent', 'type': 'str'}, + 'remediation_steps': {'key': 'properties.remediationSteps', 'type': '[str]'}, + } + + def __init__(self, **kwargs): + super(IotAlertType, self).__init__(**kwargs) + self.alert_display_name = None + self.severity = None + self.description = None + self.provider_name = None + self.vendor_name = None + self.intent = None + self.remediation_steps = None + + +class IotAlertTypeList(Model): + """List of alert types. + + :param value: List data + :type value: list[~azure.mgmt.security.models.IotAlertType] + """ + + _attribute_map = { + 'value': {'key': 'value', 'type': '[IotAlertType]'}, + } + + def __init__(self, **kwargs): + super(IotAlertTypeList, self).__init__(**kwargs) + self.value = kwargs.get('value', None) + + class IoTSecurityAggregatedAlert(Model): """Security Solution Aggregated Alert information. @@ -4687,6 +5191,27 @@ def __init__(self, **kwargs): self.executable = kwargs.get('executable', None) +class ProxyServerProperties(Model): + """For a non-Azure machine that is not connected directly to the internet, + specify a proxy server that the non-Azure machine can use. + + :param ip: Proxy server IP + :type ip: str + :param port: Proxy server port + :type port: str + """ + + _attribute_map = { + 'ip': {'key': 'ip', 'type': 'str'}, + 'port': {'key': 'port', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(ProxyServerProperties, self).__init__(**kwargs) + self.ip = kwargs.get('ip', None) + self.port = kwargs.get('port', None) + + class PublisherInfo(Model): """Represents the publisher information of a process/rule. @@ -5959,6 +6484,27 @@ def __init__(self, **kwargs): self.assessed_resource_type = 'ServerVulnerabilityAssessment' +class ServicePrincipalProperties(Model): + """Details of the service principal. + + :param application_id: Application id of service principal. + :type application_id: str + :param secret: A secret string that the application uses to prove its + identity, also can be referred to as application password (write only). + :type secret: str + """ + + _attribute_map = { + 'application_id': {'key': 'applicationId', 'type': 'str'}, + 'secret': {'key': 'secret', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(ServicePrincipalProperties, self).__init__(**kwargs) + self.application_id = kwargs.get('application_id', None) + self.secret = kwargs.get('secret', None) + + class SqlServerVulnerabilityProperties(AdditionalData): """Details of the resource that was assessed. diff --git a/sdk/security/azure-mgmt-security/azure/mgmt/security/models/_models_py3.py b/sdk/security/azure-mgmt-security/azure/mgmt/security/models/_models_py3.py index 0a92ed90bee4..0326368fd585 100644 --- a/sdk/security/azure-mgmt-security/azure/mgmt/security/models/_models_py3.py +++ b/sdk/security/azure-mgmt-security/azure/mgmt/security/models/_models_py3.py @@ -1452,6 +1452,54 @@ def __init__(self, *, additional_properties=None, device_vendor: str=None, devic self.last_event_received = last_event_received +class AuthenticationDetailsProperties(Model): + """Settings for cloud authentication management. + + You probably want to use the sub-classes and not this class directly. Known + sub-classes are: AwsCredsAuthenticationDetailsProperties, + AwAssumeRoleAuthenticationDetailsProperties, + GcpCredentialsDetailsProperties + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar authentication_provisioning_state: State of the multi-cloud + connector. Possible values include: 'Valid', 'Invalid', 'Expired', + 'IncorrectPolicy' + :vartype authentication_provisioning_state: str or + ~azure.mgmt.security.models.AuthenticationProvisioningState + :ivar granted_permissions: The permissions detected in the cloud account. + :vartype granted_permissions: list[str or + ~azure.mgmt.security.models.PermissionProperty] + :param authentication_type: Required. Constant filled by server. + :type authentication_type: str + """ + + _validation = { + 'authentication_provisioning_state': {'readonly': True}, + 'granted_permissions': {'readonly': True}, + 'authentication_type': {'required': True}, + } + + _attribute_map = { + 'authentication_provisioning_state': {'key': 'authenticationProvisioningState', 'type': 'str'}, + 'granted_permissions': {'key': 'grantedPermissions', 'type': '[str]'}, + 'authentication_type': {'key': 'authenticationType', 'type': 'str'}, + } + + _subtype_map = { + 'authentication_type': {'awsCreds': 'AwsCredsAuthenticationDetailsProperties', 'awsAssumeRole': 'AwAssumeRoleAuthenticationDetailsProperties', 'gcpCredentials': 'GcpCredentialsDetailsProperties'} + } + + def __init__(self, **kwargs) -> None: + super(AuthenticationDetailsProperties, self).__init__(**kwargs) + self.authentication_provisioning_state = None + self.granted_permissions = None + self.authentication_type = None + + class TrackedResource(Model): """Describes an Azure tracked resource. @@ -1871,6 +1919,121 @@ def __init__(self, *, auto_provision, **kwargs) -> None: self.auto_provision = auto_provision +class AwAssumeRoleAuthenticationDetailsProperties(AuthenticationDetailsProperties): + """AWS cloud account connector based assume role, the role enables delegating + access to your AWS resources. The role is composed of role arn and external + id, for more details, refer to Creating + a Role to Delegate Permissions to an IAM User (write only). + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar authentication_provisioning_state: State of the multi-cloud + connector. Possible values include: 'Valid', 'Invalid', 'Expired', + 'IncorrectPolicy' + :vartype authentication_provisioning_state: str or + ~azure.mgmt.security.models.AuthenticationProvisioningState + :ivar granted_permissions: The permissions detected in the cloud account. + :vartype granted_permissions: list[str or + ~azure.mgmt.security.models.PermissionProperty] + :param authentication_type: Required. Constant filled by server. + :type authentication_type: str + :ivar account_id: The ID of the cloud account + :vartype account_id: str + :param aws_assume_role_arn: Required. Assumed role ID is an identifier + that you can use to create temporary security credentials. + :type aws_assume_role_arn: str + :param aws_external_id: Required. A unique identifier that is required + when you assume a role in another account. + :type aws_external_id: str + """ + + _validation = { + 'authentication_provisioning_state': {'readonly': True}, + 'granted_permissions': {'readonly': True}, + 'authentication_type': {'required': True}, + 'account_id': {'readonly': True}, + 'aws_assume_role_arn': {'required': True}, + 'aws_external_id': {'required': True}, + } + + _attribute_map = { + 'authentication_provisioning_state': {'key': 'authenticationProvisioningState', 'type': 'str'}, + 'granted_permissions': {'key': 'grantedPermissions', 'type': '[str]'}, + 'authentication_type': {'key': 'authenticationType', 'type': 'str'}, + 'account_id': {'key': 'accountId', 'type': 'str'}, + 'aws_assume_role_arn': {'key': 'awsAssumeRoleArn', 'type': 'str'}, + 'aws_external_id': {'key': 'awsExternalId', 'type': 'str'}, + } + + def __init__(self, *, aws_assume_role_arn: str, aws_external_id: str, **kwargs) -> None: + super(AwAssumeRoleAuthenticationDetailsProperties, self).__init__(**kwargs) + self.account_id = None + self.aws_assume_role_arn = aws_assume_role_arn + self.aws_external_id = aws_external_id + self.authentication_type = 'awsAssumeRole' + + +class AwsCredsAuthenticationDetailsProperties(AuthenticationDetailsProperties): + """AWS cloud account connector based credentials, the credentials is composed + of access key id and secret key, for more details, refer to Creating + an IAM User in Your AWS Account (write only). + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar authentication_provisioning_state: State of the multi-cloud + connector. Possible values include: 'Valid', 'Invalid', 'Expired', + 'IncorrectPolicy' + :vartype authentication_provisioning_state: str or + ~azure.mgmt.security.models.AuthenticationProvisioningState + :ivar granted_permissions: The permissions detected in the cloud account. + :vartype granted_permissions: list[str or + ~azure.mgmt.security.models.PermissionProperty] + :param authentication_type: Required. Constant filled by server. + :type authentication_type: str + :ivar account_id: The ID of the cloud account + :vartype account_id: str + :param aws_access_key_id: Required. Public key element of the AWS + credential object (write only) + :type aws_access_key_id: str + :param aws_secret_access_key: Required. Secret key element of the AWS + credential object (write only) + :type aws_secret_access_key: str + """ + + _validation = { + 'authentication_provisioning_state': {'readonly': True}, + 'granted_permissions': {'readonly': True}, + 'authentication_type': {'required': True}, + 'account_id': {'readonly': True}, + 'aws_access_key_id': {'required': True}, + 'aws_secret_access_key': {'required': True}, + } + + _attribute_map = { + 'authentication_provisioning_state': {'key': 'authenticationProvisioningState', 'type': 'str'}, + 'granted_permissions': {'key': 'grantedPermissions', 'type': '[str]'}, + 'authentication_type': {'key': 'authenticationType', 'type': 'str'}, + 'account_id': {'key': 'accountId', 'type': 'str'}, + 'aws_access_key_id': {'key': 'awsAccessKeyId', 'type': 'str'}, + 'aws_secret_access_key': {'key': 'awsSecretAccessKey', 'type': 'str'}, + } + + def __init__(self, *, aws_access_key_id: str, aws_secret_access_key: str, **kwargs) -> None: + super(AwsCredsAuthenticationDetailsProperties, self).__init__(**kwargs) + self.account_id = None + self.aws_access_key_id = aws_access_key_id + self.aws_secret_access_key = aws_secret_access_key + self.authentication_type = 'awsCreds' + + class ResourceDetails(Model): """Details of the resource that was assessed. @@ -2329,6 +2492,48 @@ def __init__(self, *, is_enabled: bool, allowlist_values, **kwargs) -> None: self.rule_type = 'ConnectionToIpNotAllowed' +class ConnectorSetting(Resource): + """The connector setting. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: Resource Id + :vartype id: str + :ivar name: Resource name + :vartype name: str + :ivar type: Resource type + :vartype type: str + :param hybrid_compute_settings: Settings for hybrid compute management, + these settings are relevant only Arc autoProvision (Hybrid Compute). + :type hybrid_compute_settings: + ~azure.mgmt.security.models.HybridComputeSettingsProperties + :param authentication_details: Settings for authentication management, + these settings are relevant only for the cloud connector. + :type authentication_details: + ~azure.mgmt.security.models.AuthenticationDetailsProperties + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'hybrid_compute_settings': {'key': 'properties.hybridComputeSettings', 'type': 'HybridComputeSettingsProperties'}, + 'authentication_details': {'key': 'properties.authenticationDetails', 'type': 'AuthenticationDetailsProperties'}, + } + + def __init__(self, *, hybrid_compute_settings=None, authentication_details=None, **kwargs) -> None: + super(ConnectorSetting, self).__init__(**kwargs) + self.hybrid_compute_settings = hybrid_compute_settings + self.authentication_details = authentication_details + + class ContainerRegistryVulnerabilityProperties(AdditionalData): """Additional context fields for container registry Vulnerability assessment. @@ -2943,6 +3148,106 @@ def __init__(self, *, is_enabled: bool, min_threshold: int, max_threshold: int, self.rule_type = 'FileUploadsNotInAllowedRange' +class GcpCredentialsDetailsProperties(AuthenticationDetailsProperties): + """GCP cloud account connector based service to service credentials, the + credentials is composed of organization id and json api key (write + only). + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar authentication_provisioning_state: State of the multi-cloud + connector. Possible values include: 'Valid', 'Invalid', 'Expired', + 'IncorrectPolicy' + :vartype authentication_provisioning_state: str or + ~azure.mgmt.security.models.AuthenticationProvisioningState + :ivar granted_permissions: The permissions detected in the cloud account. + :vartype granted_permissions: list[str or + ~azure.mgmt.security.models.PermissionProperty] + :param authentication_type: Required. Constant filled by server. + :type authentication_type: str + :param organization_id: Required. The Organization ID of the GCP cloud + account + :type organization_id: str + :param type: Required. Type field of the API key (write only) + :type type: str + :param project_id: Required. Project Id field of the API key (write only) + :type project_id: str + :param private_key_id: Required. Private key Id field of the API key + (write only) + :type private_key_id: str + :param private_key: Required. Private key field of the API key (write + only) + :type private_key: str + :param client_email: Required. Client email field of the API key (write + only) + :type client_email: str + :param client_id: Required. Client Id field of the API key (write only) + :type client_id: str + :param auth_uri: Required. Auth Uri field of the API key (write only) + :type auth_uri: str + :param token_uri: Required. Token Uri field of the API key (write only) + :type token_uri: str + :param auth_provider_x509_cert_url: Required. Auth provider x509 + certificate url field of the API key (write only) + :type auth_provider_x509_cert_url: str + :param client_x509_cert_url: Required. Client x509 certificate url field + of the API key (write only) + :type client_x509_cert_url: str + """ + + _validation = { + 'authentication_provisioning_state': {'readonly': True}, + 'granted_permissions': {'readonly': True}, + 'authentication_type': {'required': True}, + 'organization_id': {'required': True}, + 'type': {'required': True}, + 'project_id': {'required': True}, + 'private_key_id': {'required': True}, + 'private_key': {'required': True}, + 'client_email': {'required': True}, + 'client_id': {'required': True}, + 'auth_uri': {'required': True}, + 'token_uri': {'required': True}, + 'auth_provider_x509_cert_url': {'required': True}, + 'client_x509_cert_url': {'required': True}, + } + + _attribute_map = { + 'authentication_provisioning_state': {'key': 'authenticationProvisioningState', 'type': 'str'}, + 'granted_permissions': {'key': 'grantedPermissions', 'type': '[str]'}, + 'authentication_type': {'key': 'authenticationType', 'type': 'str'}, + 'organization_id': {'key': 'organizationId', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'project_id': {'key': 'projectId', 'type': 'str'}, + 'private_key_id': {'key': 'privateKeyId', 'type': 'str'}, + 'private_key': {'key': 'privateKey', 'type': 'str'}, + 'client_email': {'key': 'clientEmail', 'type': 'str'}, + 'client_id': {'key': 'clientId', 'type': 'str'}, + 'auth_uri': {'key': 'authUri', 'type': 'str'}, + 'token_uri': {'key': 'tokenUri', 'type': 'str'}, + 'auth_provider_x509_cert_url': {'key': 'authProviderX509CertUrl', 'type': 'str'}, + 'client_x509_cert_url': {'key': 'clientX509CertUrl', 'type': 'str'}, + } + + def __init__(self, *, organization_id: str, type: str, project_id: str, private_key_id: str, private_key: str, client_email: str, client_id: str, auth_uri: str, token_uri: str, auth_provider_x509_cert_url: str, client_x509_cert_url: str, **kwargs) -> None: + super(GcpCredentialsDetailsProperties, self).__init__(**kwargs) + self.organization_id = organization_id + self.type = type + self.project_id = project_id + self.private_key_id = private_key_id + self.private_key = private_key + self.client_email = client_email + self.client_id = client_id + self.auth_uri = auth_uri + self.token_uri = token_uri + self.auth_provider_x509_cert_url = auth_provider_x509_cert_url + self.client_x509_cert_url = client_x509_cert_url + self.authentication_type = 'gcpCredentials' + + class HttpC2DMessagesNotInAllowedRange(TimeWindowCustomAlertRule): """Number of cloud to device messages (HTTP protocol) is not in allowed range. @@ -3091,6 +3396,61 @@ def __init__(self, *, is_enabled: bool, min_threshold: int, max_threshold: int, self.rule_type = 'HttpD2CMessagesNotInAllowedRange' +class HybridComputeSettingsProperties(Model): + """Settings for hybrid compute management. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar hybrid_compute_provisioning_state: State of the service principal + and its secret. Possible values include: 'Valid', 'Invalid', 'Expired' + :vartype hybrid_compute_provisioning_state: str or + ~azure.mgmt.security.models.HybridComputeProvisioningState + :param auto_provision: Required. Whether or not to automatically install + Azure Arc (hybrid compute) agents on machines. Possible values include: + 'On', 'Off' + :type auto_provision: str or ~azure.mgmt.security.models.AutoProvision + :param resource_group_name: The name of the resource group where Arc + (Hybrid Compute) connectors are connected. + :type resource_group_name: str + :param region: The location where the meta data of machines will be stored + :type region: str + :param proxy_server: For a non-Azure machine that is not connected + directly to the internet, specify a proxy server that the non-Azure + machine can use. + :type proxy_server: ~azure.mgmt.security.models.ProxyServerProperties + :param service_principal: An object to access resources that are secured + by an Azure AD tenant. + :type service_principal: + ~azure.mgmt.security.models.ServicePrincipalProperties + """ + + _validation = { + 'hybrid_compute_provisioning_state': {'readonly': True}, + 'auto_provision': {'required': True}, + } + + _attribute_map = { + 'hybrid_compute_provisioning_state': {'key': 'hybridComputeProvisioningState', 'type': 'str'}, + 'auto_provision': {'key': 'autoProvision', 'type': 'str'}, + 'resource_group_name': {'key': 'resourceGroupName', 'type': 'str'}, + 'region': {'key': 'region', 'type': 'str'}, + 'proxy_server': {'key': 'proxyServer', 'type': 'ProxyServerProperties'}, + 'service_principal': {'key': 'servicePrincipal', 'type': 'ServicePrincipalProperties'}, + } + + def __init__(self, *, auto_provision, resource_group_name: str=None, region: str=None, proxy_server=None, service_principal=None, **kwargs) -> None: + super(HybridComputeSettingsProperties, self).__init__(**kwargs) + self.hybrid_compute_provisioning_state = None + self.auto_provision = auto_provision + self.resource_group_name = resource_group_name + self.region = region + self.proxy_server = proxy_server + self.service_principal = service_principal + + class InformationProtectionKeyword(Model): """The information type keyword. @@ -3212,6 +3572,150 @@ def __init__(self, *, display_name: str=None, description: str=None, order: int= self.keywords = keywords +class IotAlert(Model): + """IoT alert. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar system_alert_id: Holds the product canonical identifier of the alert + within the scope of a product + :vartype system_alert_id: str + :ivar compromised_entity: Display name of the main entity being reported + on + :vartype compromised_entity: str + :ivar alert_type: The type name of the alert + :vartype alert_type: str + :ivar start_time_utc: The impact start time of the alert (the time of the + first event or activity included in the alert) + :vartype start_time_utc: str + :ivar end_time_utc: The impact end time of the alert (the time of the last + event or activity included in the alert) + :vartype end_time_utc: str + :param entities: A list of entities related to the alert + :type entities: list[object] + :param extended_properties: A bag of fields which extends the alert + information + :type extended_properties: object + """ + + _validation = { + 'system_alert_id': {'readonly': True}, + 'compromised_entity': {'readonly': True}, + 'alert_type': {'readonly': True}, + 'start_time_utc': {'readonly': True}, + 'end_time_utc': {'readonly': True}, + } + + _attribute_map = { + 'system_alert_id': {'key': 'properties.systemAlertId', 'type': 'str'}, + 'compromised_entity': {'key': 'properties.compromisedEntity', 'type': 'str'}, + 'alert_type': {'key': 'properties.alertType', 'type': 'str'}, + 'start_time_utc': {'key': 'properties.startTimeUtc', 'type': 'str'}, + 'end_time_utc': {'key': 'properties.endTimeUtc', 'type': 'str'}, + 'entities': {'key': 'properties.entities', 'type': '[object]'}, + 'extended_properties': {'key': 'properties.extendedProperties', 'type': 'object'}, + } + + def __init__(self, *, entities=None, extended_properties=None, **kwargs) -> None: + super(IotAlert, self).__init__(**kwargs) + self.system_alert_id = None + self.compromised_entity = None + self.alert_type = None + self.start_time_utc = None + self.end_time_utc = None + self.entities = entities + self.extended_properties = extended_properties + + +class IotAlertType(Resource): + """IoT alert type. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: Resource Id + :vartype id: str + :ivar name: Resource name + :vartype name: str + :ivar type: Resource type + :vartype type: str + :ivar alert_display_name: The display name of the alert + :vartype alert_display_name: str + :ivar severity: The severity of the alert. Possible values include: + 'Informational', 'Low', 'Medium', 'High' + :vartype severity: str or ~azure.mgmt.security.models.AlertSeverity + :ivar description: Description of the suspected vulnerability and meaning. + :vartype description: str + :ivar provider_name: The name of the alert provider or internal partner + :vartype provider_name: str + :ivar vendor_name: The name of the vendor that raise the alert + :vartype vendor_name: str + :ivar intent: Kill chain related intent behind the alert. Could contain + multiple enum values (separated by commas). Possible values include: + 'Unknown', 'PreAttack', 'InitialAccess', 'Persistence', + 'PrivilegeEscalation', 'DefenseEvasion', 'CredentialAccess', 'Discovery', + 'LateralMovement', 'Execution', 'Collection', 'Exfiltration', + 'CommandAndControl', 'Impact', 'Probing', 'Exploitation' + :vartype intent: str or ~azure.mgmt.security.models.AlertIntent + :ivar remediation_steps: Manual action items to take to remediate the + alert + :vartype remediation_steps: list[str] + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'alert_display_name': {'readonly': True}, + 'severity': {'readonly': True}, + 'description': {'readonly': True}, + 'provider_name': {'readonly': True}, + 'vendor_name': {'readonly': True}, + 'intent': {'readonly': True}, + 'remediation_steps': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'alert_display_name': {'key': 'properties.alertDisplayName', 'type': 'str'}, + 'severity': {'key': 'properties.severity', 'type': 'str'}, + 'description': {'key': 'properties.description', 'type': 'str'}, + 'provider_name': {'key': 'properties.providerName', 'type': 'str'}, + 'vendor_name': {'key': 'properties.vendorName', 'type': 'str'}, + 'intent': {'key': 'properties.intent', 'type': 'str'}, + 'remediation_steps': {'key': 'properties.remediationSteps', 'type': '[str]'}, + } + + def __init__(self, **kwargs) -> None: + super(IotAlertType, self).__init__(**kwargs) + self.alert_display_name = None + self.severity = None + self.description = None + self.provider_name = None + self.vendor_name = None + self.intent = None + self.remediation_steps = None + + +class IotAlertTypeList(Model): + """List of alert types. + + :param value: List data + :type value: list[~azure.mgmt.security.models.IotAlertType] + """ + + _attribute_map = { + 'value': {'key': 'value', 'type': '[IotAlertType]'}, + } + + def __init__(self, *, value=None, **kwargs) -> None: + super(IotAlertTypeList, self).__init__(**kwargs) + self.value = value + + class IoTSecurityAggregatedAlert(Model): """Security Solution Aggregated Alert information. @@ -4687,6 +5191,27 @@ def __init__(self, *, exe=None, msi=None, script=None, executable=None, **kwargs self.executable = executable +class ProxyServerProperties(Model): + """For a non-Azure machine that is not connected directly to the internet, + specify a proxy server that the non-Azure machine can use. + + :param ip: Proxy server IP + :type ip: str + :param port: Proxy server port + :type port: str + """ + + _attribute_map = { + 'ip': {'key': 'ip', 'type': 'str'}, + 'port': {'key': 'port', 'type': 'str'}, + } + + def __init__(self, *, ip: str=None, port: str=None, **kwargs) -> None: + super(ProxyServerProperties, self).__init__(**kwargs) + self.ip = ip + self.port = port + + class PublisherInfo(Model): """Represents the publisher information of a process/rule. @@ -5959,6 +6484,27 @@ def __init__(self, **kwargs) -> None: self.assessed_resource_type = 'ServerVulnerabilityAssessment' +class ServicePrincipalProperties(Model): + """Details of the service principal. + + :param application_id: Application id of service principal. + :type application_id: str + :param secret: A secret string that the application uses to prove its + identity, also can be referred to as application password (write only). + :type secret: str + """ + + _attribute_map = { + 'application_id': {'key': 'applicationId', 'type': 'str'}, + 'secret': {'key': 'secret', 'type': 'str'}, + } + + def __init__(self, *, application_id: str=None, secret: str=None, **kwargs) -> None: + super(ServicePrincipalProperties, self).__init__(**kwargs) + self.application_id = application_id + self.secret = secret + + class SqlServerVulnerabilityProperties(AdditionalData): """Details of the resource that was assessed. diff --git a/sdk/security/azure-mgmt-security/azure/mgmt/security/models/_paged_models.py b/sdk/security/azure-mgmt-security/azure/mgmt/security/models/_paged_models.py index c470a56ff2ad..4e443bea1650 100644 --- a/sdk/security/azure-mgmt-security/azure/mgmt/security/models/_paged_models.py +++ b/sdk/security/azure-mgmt-security/azure/mgmt/security/models/_paged_models.py @@ -103,6 +103,19 @@ class IoTSecurityAggregatedRecommendationPaged(Paged): def __init__(self, *args, **kwargs): super(IoTSecurityAggregatedRecommendationPaged, self).__init__(*args, **kwargs) +class IotAlertPaged(Paged): + """ + A paging container for iterating over a list of :class:`IotAlert ` object + """ + + _attribute_map = { + 'next_link': {'key': 'nextLink', 'type': 'str'}, + 'current_page': {'key': 'value', 'type': '[IotAlert]'} + } + + def __init__(self, *args, **kwargs): + + super(IotAlertPaged, self).__init__(*args, **kwargs) class AscLocationPaged(Paged): """ A paging container for iterating over a list of :class:`AscLocation ` object @@ -428,3 +441,16 @@ class SecureScoreControlDefinitionItemPaged(Paged): def __init__(self, *args, **kwargs): super(SecureScoreControlDefinitionItemPaged, self).__init__(*args, **kwargs) +class ConnectorSettingPaged(Paged): + """ + A paging container for iterating over a list of :class:`ConnectorSetting ` object + """ + + _attribute_map = { + 'next_link': {'key': 'nextLink', 'type': 'str'}, + 'current_page': {'key': 'value', 'type': '[ConnectorSetting]'} + } + + def __init__(self, *args, **kwargs): + + super(ConnectorSettingPaged, self).__init__(*args, **kwargs) diff --git a/sdk/security/azure-mgmt-security/azure/mgmt/security/models/_security_center_enums.py b/sdk/security/azure-mgmt-security/azure/mgmt/security/models/_security_center_enums.py index 80839b6b303a..ed857f044a4f 100644 --- a/sdk/security/azure-mgmt-security/azure/mgmt/security/models/_security_center_enums.py +++ b/sdk/security/azure-mgmt-security/azure/mgmt/security/models/_security_center_enums.py @@ -88,6 +88,34 @@ class UnmaskedIpLoggingStatus(str, Enum): enabled = "Enabled" #: Unmasked IP logging is enabled +class AlertSeverity(str, Enum): + + informational = "Informational" + low = "Low" + medium = "Medium" + high = "High" + + +class AlertIntent(str, Enum): + + unknown = "Unknown" + pre_attack = "PreAttack" + initial_access = "InitialAccess" + persistence = "Persistence" + privilege_escalation = "PrivilegeEscalation" + defense_evasion = "DefenseEvasion" + credential_access = "CredentialAccess" + discovery = "Discovery" + lateral_movement = "LateralMovement" + execution = "Execution" + collection = "Collection" + exfiltration = "Exfiltration" + command_and_control = "CommandAndControl" + impact = "Impact" + probing = "Probing" + exploitation = "Exploitation" + + class AutoProvision(str, Enum): on = "On" #: Install missing security agent on VMs automatically @@ -281,6 +309,29 @@ class ControlType(str, Enum): custom = "Custom" #: Non Azure Security Center managed assessments +class HybridComputeProvisioningState(str, Enum): + + valid = "Valid" #: Valid service principal details. + invalid = "Invalid" #: Invalid service principal details. + expired = "Expired" #: the service principal details are expired + + +class AuthenticationProvisioningState(str, Enum): + + valid = "Valid" #: Valid connector + invalid = "Invalid" #: Invalid connector + expired = "Expired" #: the connection is expired + incorrect_policy = "IncorrectPolicy" #: Incorrect policy of the connector + + +class PermissionProperty(str, Enum): + + awsaws_security_hub_read_only_access = "AWS::AWSSecurityHubReadOnlyAccess" #: This permission provides read only access to AWS Security Hub resources. + aws_security_audit = "AWS::SecurityAudit" #: This permission grants access to read security configuration metadata. + aws_amazon_ssm_automation_role = "AWS::AmazonSSMAutomationRole" #: The permission provides for EC2 Automation service to execute activities defined within Automation documents. + gcp_security_center_admin_viewer = "GCP::Security Center Admin Viewer" #: This permission provides read only access to GCP Security Command Center. + + class ExpandEnum(str, Enum): links = "links" #: All links associated with an assessment diff --git a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/__init__.py b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/__init__.py index 149a68ddb81e..5b0415d25386 100644 --- a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/__init__.py +++ b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/__init__.py @@ -19,6 +19,8 @@ from ._iot_security_solution_analytics_operations import IotSecuritySolutionAnalyticsOperations from ._iot_security_solutions_analytics_aggregated_alert_operations import IotSecuritySolutionsAnalyticsAggregatedAlertOperations from ._iot_security_solutions_analytics_recommendation_operations import IotSecuritySolutionsAnalyticsRecommendationOperations +from ._iot_alert_types_operations import IotAlertTypesOperations +from ._iot_alerts_operations import IotAlertsOperations from ._locations_operations import LocationsOperations from ._operations import Operations from ._tasks_operations import TasksOperations @@ -46,6 +48,7 @@ from ._secure_scores_operations import SecureScoresOperations from ._secure_score_controls_operations import SecureScoreControlsOperations from ._secure_score_control_definitions_operations import SecureScoreControlDefinitionsOperations +from ._connectors_operations import ConnectorsOperations __all__ = [ 'ComplianceResultsOperations', @@ -58,6 +61,8 @@ 'IotSecuritySolutionAnalyticsOperations', 'IotSecuritySolutionsAnalyticsAggregatedAlertOperations', 'IotSecuritySolutionsAnalyticsRecommendationOperations', + 'IotAlertTypesOperations', + 'IotAlertsOperations', 'LocationsOperations', 'Operations', 'TasksOperations', @@ -85,4 +90,5 @@ 'SecureScoresOperations', 'SecureScoreControlsOperations', 'SecureScoreControlDefinitionsOperations', + 'ConnectorsOperations', ] diff --git a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_connectors_operations.py b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_connectors_operations.py new file mode 100644 index 000000000000..3b41670485db --- /dev/null +++ b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_connectors_operations.py @@ -0,0 +1,289 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +import uuid +from msrest.pipeline import ClientRawResponse +from msrestazure.azure_exceptions import CloudError + +from .. import models + + +class ConnectorsOperations(object): + """ConnectorsOperations operations. + + You should not instantiate directly this class, but create a Client instance that will create it for you and attach it as attribute. + + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + :ivar api_version: API version for the operation. Constant value: "2020-01-01-preview". + """ + + models = models + + def __init__(self, client, config, serializer, deserializer): + + self._client = client + self._serialize = serializer + self._deserialize = deserializer + self.api_version = "2020-01-01-preview" + + self.config = config + + def list( + self, custom_headers=None, raw=False, **operation_config): + """Cloud accounts connectors of a subscription. + + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: An iterator like instance of ConnectorSetting + :rtype: + ~azure.mgmt.security.models.ConnectorSettingPaged[~azure.mgmt.security.models.ConnectorSetting] + :raises: :class:`CloudError` + """ + def prepare_request(next_link=None): + if not next_link: + # Construct URL + url = self.list.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + query_parameters = {} + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def internal_paging(next_link=None): + request = prepare_request(next_link) + + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + return response + + # Deserialize response + header_dict = None + if raw: + header_dict = {} + deserialized = models.ConnectorSettingPaged(internal_paging, self._deserialize.dependencies, header_dict) + + return deserialized + list.metadata = {'url': '/subscriptions/{subscriptionId}/providers/Microsoft.Security/connectors'} + + def get( + self, connector_name, custom_headers=None, raw=False, **operation_config): + """Details of a specific cloud account connector. + + :param connector_name: Name of the cloud account connector + :type connector_name: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: ConnectorSetting or ClientRawResponse if raw=true + :rtype: ~azure.mgmt.security.models.ConnectorSetting or + ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.get.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'connectorName': self._serialize.url("connector_name", connector_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('ConnectorSetting', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + get.metadata = {'url': '/subscriptions/{subscriptionId}/providers/Microsoft.Security/connectors/{connectorName}'} + + def create_or_update( + self, connector_name, hybrid_compute_settings=None, authentication_details=None, custom_headers=None, raw=False, **operation_config): + """Create a cloud account connector or update an existing one. Connect to + your AWS cloud account using either account credentials or role-based + authentication. + + :param connector_name: Name of the cloud account connector + :type connector_name: str + :param hybrid_compute_settings: Settings for hybrid compute + management, these settings are relevant only Arc autoProvision (Hybrid + Compute). + :type hybrid_compute_settings: + ~azure.mgmt.security.models.HybridComputeSettingsProperties + :param authentication_details: Settings for authentication management, + these settings are relevant only for the cloud connector. + :type authentication_details: + ~azure.mgmt.security.models.AuthenticationDetailsProperties + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: ConnectorSetting or ClientRawResponse if raw=true + :rtype: ~azure.mgmt.security.models.ConnectorSetting or + ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + connector_setting = models.ConnectorSetting(hybrid_compute_settings=hybrid_compute_settings, authentication_details=authentication_details) + + # Construct URL + url = self.create_or_update.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'connectorName': self._serialize.url("connector_name", connector_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct body + body_content = self._serialize.body(connector_setting, 'ConnectorSetting') + + # Construct and send request + request = self._client.put(url, query_parameters, header_parameters, body_content) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('ConnectorSetting', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + create_or_update.metadata = {'url': '/subscriptions/{subscriptionId}/providers/Microsoft.Security/connectors/{connectorName}'} + + def delete( + self, connector_name, custom_headers=None, raw=False, **operation_config): + """Delete a cloud account connector from a subscription. + + :param connector_name: Name of the cloud account connector + :type connector_name: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: None or ClientRawResponse if raw=true + :rtype: None or ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.delete.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'connectorName': self._serialize.url("connector_name", connector_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200, 204]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + if raw: + client_raw_response = ClientRawResponse(None, response) + return client_raw_response + delete.metadata = {'url': '/subscriptions/{subscriptionId}/providers/Microsoft.Security/connectors/{connectorName}'} diff --git a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_iot_alert_types_operations.py b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_iot_alert_types_operations.py new file mode 100644 index 000000000000..7cf80ec7889b --- /dev/null +++ b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_iot_alert_types_operations.py @@ -0,0 +1,167 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +import uuid +from msrest.pipeline import ClientRawResponse +from msrestazure.azure_exceptions import CloudError + +from .. import models + + +class IotAlertTypesOperations(object): + """IotAlertTypesOperations operations. + + You should not instantiate directly this class, but create a Client instance that will create it for you and attach it as attribute. + + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + :ivar api_version: API version for the operation. Constant value: "2019-08-01". + """ + + models = models + + def __init__(self, client, config, serializer, deserializer): + + self._client = client + self._serialize = serializer + self._deserialize = deserializer + self.api_version = "2019-08-01" + + self.config = config + + def list( + self, resource_group_name, solution_name, custom_headers=None, raw=False, **operation_config): + """List IoT alert types. + + :param resource_group_name: The name of the resource group within the + user's subscription. The name is case insensitive. + :type resource_group_name: str + :param solution_name: The name of the IoT Security solution. + :type solution_name: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: IotAlertTypeList or ClientRawResponse if raw=true + :rtype: ~azure.mgmt.security.models.IotAlertTypeList or + ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.list.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'solutionName': self._serialize.url("solution_name", solution_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('IotAlertTypeList', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + list.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions/{solutionName}/iotAlertTypes'} + + def get( + self, resource_group_name, solution_name, iot_alert_type_name, custom_headers=None, raw=False, **operation_config): + """Get IoT alert type. + + :param resource_group_name: The name of the resource group within the + user's subscription. The name is case insensitive. + :type resource_group_name: str + :param solution_name: The name of the IoT Security solution. + :type solution_name: str + :param iot_alert_type_name: Name of the alert type + :type iot_alert_type_name: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: IotAlertType or ClientRawResponse if raw=true + :rtype: ~azure.mgmt.security.models.IotAlertType or + ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.get.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'solutionName': self._serialize.url("solution_name", solution_name, 'str'), + 'iotAlertTypeName': self._serialize.url("iot_alert_type_name", iot_alert_type_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('IotAlertType', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + get.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions/{solutionName}/iotAlertTypes/{iotAlertTypeName}'} diff --git a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_iot_alerts_operations.py b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_iot_alerts_operations.py new file mode 100644 index 000000000000..9b7400574cae --- /dev/null +++ b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_iot_alerts_operations.py @@ -0,0 +1,200 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +import uuid +from msrest.pipeline import ClientRawResponse +from msrestazure.azure_exceptions import CloudError + +from .. import models + + +class IotAlertsOperations(object): + """IotAlertsOperations operations. + + You should not instantiate directly this class, but create a Client instance that will create it for you and attach it as attribute. + + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + :ivar api_version: API version for the operation. Constant value: "2019-08-01". + """ + + models = models + + def __init__(self, client, config, serializer, deserializer): + + self._client = client + self._serialize = serializer + self._deserialize = deserializer + self.api_version = "2019-08-01" + + self.config = config + + def list( + self, resource_group_name, solution_name, min_start_time_utc=None, max_start_time_utc=None, alert_type=None, limit=None, skip_token=None, custom_headers=None, raw=False, **operation_config): + """List IoT alerts. + + :param resource_group_name: The name of the resource group within the + user's subscription. The name is case insensitive. + :type resource_group_name: str + :param solution_name: The name of the IoT Security solution. + :type solution_name: str + :param min_start_time_utc: Filter by minimum startTimeUtc (ISO 8601 + format) + :type min_start_time_utc: str + :param max_start_time_utc: Filter by maximum startTimeUtc (ISO 8601 + format) + :type max_start_time_utc: str + :param alert_type: Filter by alert type + :type alert_type: str + :param limit: Limit the number of items returned in a single page + :type limit: int + :param skip_token: Skip token used for pagination + :type skip_token: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: An iterator like instance of IotAlert + :rtype: + ~azure.mgmt.security.models.IotAlertPaged[~azure.mgmt.security.models.IotAlert] + :raises: :class:`CloudError` + """ + def prepare_request(next_link=None): + if not next_link: + # Construct URL + url = self.list.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'solutionName': self._serialize.url("solution_name", solution_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + if min_start_time_utc is not None: + query_parameters['startTimeUtc>'] = self._serialize.query("min_start_time_utc", min_start_time_utc, 'str') + if max_start_time_utc is not None: + query_parameters['startTimeUtc<'] = self._serialize.query("max_start_time_utc", max_start_time_utc, 'str') + if alert_type is not None: + query_parameters['alertType'] = self._serialize.query("alert_type", alert_type, 'str') + if limit is not None: + query_parameters['$limit'] = self._serialize.query("limit", limit, 'int') + if skip_token is not None: + query_parameters['$skipToken'] = self._serialize.query("skip_token", skip_token, 'str') + + else: + url = next_link + query_parameters = {} + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def internal_paging(next_link=None): + request = prepare_request(next_link) + + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + return response + + # Deserialize response + header_dict = None + if raw: + header_dict = {} + deserialized = models.IotAlertPaged(internal_paging, self._deserialize.dependencies, header_dict) + + return deserialized + list.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions/{solutionName}/iotAlerts'} + + def get( + self, resource_group_name, solution_name, iot_alert_id, custom_headers=None, raw=False, **operation_config): + """Get IoT alert. + + :param resource_group_name: The name of the resource group within the + user's subscription. The name is case insensitive. + :type resource_group_name: str + :param solution_name: The name of the IoT Security solution. + :type solution_name: str + :param iot_alert_id: Id of the alert + :type iot_alert_id: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: IotAlert or ClientRawResponse if raw=true + :rtype: ~azure.mgmt.security.models.IotAlert or + ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.get.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'solutionName': self._serialize.url("solution_name", solution_name, 'str'), + 'iotAlertId': self._serialize.url("iot_alert_id", iot_alert_id, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('IotAlert', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + get.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions/{solutionName}/iotAlerts/{iotAlertId}'}