/
servers_databases_auditing_setting_status_arm_types_gen.go
119 lines (105 loc) · 6.04 KB
/
servers_databases_auditing_setting_status_arm_types_gen.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
// Code generated by azure-service-operator-codegen. DO NOT EDIT.
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT license.
package v1api20211101
type Servers_Databases_AuditingSetting_STATUS_ARM struct {
// Id: Resource ID.
Id *string `json:"id,omitempty"`
// Kind: Resource kind.
Kind *string `json:"kind,omitempty"`
// Name: Resource name.
Name *string `json:"name,omitempty"`
// Properties: Resource properties.
Properties *DatabaseBlobAuditingPolicyProperties_STATUS_ARM `json:"properties,omitempty"`
// Type: Resource type.
Type *string `json:"type,omitempty"`
}
// Properties of a database blob auditing policy.
type DatabaseBlobAuditingPolicyProperties_STATUS_ARM struct {
// AuditActionsAndGroups: Specifies the Actions-Groups and Actions to audit.
// The recommended set of action groups to use is the following combination - this will audit all the queries and stored
// procedures executed against the database, as well as successful and failed logins:
// BATCH_COMPLETED_GROUP,
// SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,
// FAILED_DATABASE_AUTHENTICATION_GROUP.
// This above combination is also the set that is configured by default when enabling auditing from the Azure portal.
// The supported action groups to audit are (note: choose only specific groups that cover your auditing needs. Using
// unnecessary groups could lead to very large quantities of audit records):
// APPLICATION_ROLE_CHANGE_PASSWORD_GROUP
// BACKUP_RESTORE_GROUP
// DATABASE_LOGOUT_GROUP
// DATABASE_OBJECT_CHANGE_GROUP
// DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP
// DATABASE_OBJECT_PERMISSION_CHANGE_GROUP
// DATABASE_OPERATION_GROUP
// DATABASE_PERMISSION_CHANGE_GROUP
// DATABASE_PRINCIPAL_CHANGE_GROUP
// DATABASE_PRINCIPAL_IMPERSONATION_GROUP
// DATABASE_ROLE_MEMBER_CHANGE_GROUP
// FAILED_DATABASE_AUTHENTICATION_GROUP
// SCHEMA_OBJECT_ACCESS_GROUP
// SCHEMA_OBJECT_CHANGE_GROUP
// SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP
// SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP
// SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP
// USER_CHANGE_PASSWORD_GROUP
// BATCH_STARTED_GROUP
// BATCH_COMPLETED_GROUP
// DBCC_GROUP
// DATABASE_OWNERSHIP_CHANGE_GROUP
// DATABASE_CHANGE_GROUP
// LEDGER_OPERATION_GROUP
// These are groups that cover all sql statements and stored procedures executed against the database, and should not be
// used in combination with other groups as this will result in duplicate audit logs.
// For more information, see [Database-Level Audit Action
// Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups).
// For Database auditing policy, specific Actions can also be specified (note that Actions cannot be specified for Server
// auditing policy). The supported actions to audit are:
// SELECT
// UPDATE
// INSERT
// DELETE
// EXECUTE
// RECEIVE
// REFERENCES
// The general form for defining an action to be audited is:
// {action} ON {object} BY {principal}
// Note that <object> in the above format can refer to an object like a table, view, or stored procedure, or an entire
// database or schema. For the latter cases, the forms DATABASE::{db_name} and SCHEMA::{schema_name} are used, respectively.
// For example:
// SELECT on dbo.myTable by public
// SELECT on DATABASE::myDatabase by public
// SELECT on SCHEMA::mySchema by public
// For more information, see [Database-Level Audit
// Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions)
AuditActionsAndGroups []string `json:"auditActionsAndGroups,omitempty"`
// IsAzureMonitorTargetEnabled: Specifies whether audit events are sent to Azure Monitor.
// In order to send the events to Azure Monitor, specify 'State' as 'Enabled' and 'IsAzureMonitorTargetEnabled' as true.
// When using REST API to configure auditing, Diagnostic Settings with 'SQLSecurityAuditEvents' diagnostic logs category on
// the database should be also created.
// Note that for server level audit you should use the 'master' database as {databaseName}.
// Diagnostic Settings URI format:
// PUT
// https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Sql/servers/{serverName}/databases/{databaseName}/providers/microsoft.insights/diagnosticSettings/{settingsName}?api-version=2017-05-01-preview
// For more information, see [Diagnostic Settings REST API](https://go.microsoft.com/fwlink/?linkid=2033207)
// or [Diagnostic Settings PowerShell](https://go.microsoft.com/fwlink/?linkid=2033043)
IsAzureMonitorTargetEnabled *bool `json:"isAzureMonitorTargetEnabled,omitempty"`
// IsManagedIdentityInUse: Specifies whether Managed Identity is used to access blob storage
IsManagedIdentityInUse *bool `json:"isManagedIdentityInUse,omitempty"`
// IsStorageSecondaryKeyInUse: Specifies whether storageAccountAccessKey value is the storage's secondary key.
IsStorageSecondaryKeyInUse *bool `json:"isStorageSecondaryKeyInUse,omitempty"`
// QueueDelayMs: Specifies the amount of time in milliseconds that can elapse before audit actions are forced to be
// processed.
// The default minimum value is 1000 (1 second). The maximum is 2,147,483,647.
QueueDelayMs *int `json:"queueDelayMs,omitempty"`
// RetentionDays: Specifies the number of days to keep in the audit logs in the storage account.
RetentionDays *int `json:"retentionDays,omitempty"`
// State: Specifies the state of the audit. If state is Enabled, storageEndpoint or isAzureMonitorTargetEnabled are
// required.
State *DatabaseBlobAuditingPolicyProperties_State_STATUS `json:"state,omitempty"`
// StorageAccountSubscriptionId: Specifies the blob storage subscription Id.
StorageAccountSubscriptionId *string `json:"storageAccountSubscriptionId,omitempty"`
// StorageEndpoint: Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). If state is
// Enabled, storageEndpoint or isAzureMonitorTargetEnabled is required.
StorageEndpoint *string `json:"storageEndpoint,omitempty"`
}