Add topology Rest API#3426
Conversation
Automation for azure-sdk-for-pythonNothing to generate for azure-sdk-for-python |
Automation for azure-sdk-for-goA PR has been created for you based on this PR content. Once this PR will be merged, content will be added to your service PR: |
Automation for azure-sdk-for-rubyNothing to generate for azure-sdk-for-ruby |
Automation for azure-sdk-for-nodeNothing to generate for azure-sdk-for-node |
Automation for azure-sdk-for-javaNothing to generate for azure-sdk-for-java |
| } | ||
| } | ||
| }, | ||
| "/subscriptions/{subscriptionId}/providers/Microsoft.Security/topology": { |
| "type": "string", | ||
| "description": "The UTC time on which topology where calculated" | ||
| }, | ||
| "Resources": { |
| "TopologyResourceProperties": { | ||
| "type": "object", | ||
| "properties": { | ||
| "calculatedDateTime": { |
| "properties": { | ||
| "calculatedDateTime": { | ||
| "type": "string", | ||
| "description": "The UTC time on which topology where calculated" |
There was a problem hiding this comment.
"The UTC time on which the topology was calculated
| }, | ||
| "Resources": { | ||
| "type": "array", | ||
| "description": "Azure resources which re part of this topology resource", |
There was a problem hiding this comment.
Azure resources which are part of this topology
| "TopologyResourceName": { | ||
| "name": "topologyResourceName", | ||
| "in": "path", | ||
| "description": "Name of an topology resource group.", |
There was a problem hiding this comment.
resource group?
isn't it just a resource?
There was a problem hiding this comment.
No. Each topology contains list of Azure resource. For example: topology/vms contains all vms belongs to this topology
There was a problem hiding this comment.
the term "resource group" is already in use so it might confuse customers, please change the description
| "/subscriptions/{subscriptionId}/providers/Microsoft.Security/topology": { | ||
| "get": { | ||
| "tags": ["Topology"], | ||
| "description": "Gets a list that allows to build a toplogy view of subscription.", |
There was a problem hiding this comment.
Gets a list that allows to build a topology view of a subscription.
| "/subscriptions/{subscriptionId}/providers/Microsoft.Security/locations/{ascLocation}/topology": { | ||
| "get": { | ||
| "tags": ["Topology"], | ||
| "description": "Gets a list that allows to build a toplogy view of subscription and location.", |
There was a problem hiding this comment.
Gets a list that allows to build a topology view of a subscription and location.
| "get": { | ||
| "tags": ["Topology"], | ||
| "description": "Gets a list that allows to build a toplogy view of subscription and location.", | ||
| "operationId": "Toplogy_ListByHomeRegion", |
| "get": { | ||
| "tags": ["Topology"], | ||
| "description": "Gets a list that allows to build a toplogy view of subscription.", | ||
| "operationId": "Toplogy_List", |
lmazuel
added
the
WaitForARMFeedback
chlahav
added
the
DoNotMerge
| @@ -1254,9 +1254,14 @@ | |||
| }, | |||
| "/subscriptions/{subscriptionId}/providers/Microsoft.Security/topology": { | |||
There was a problem hiding this comment.
type names should be plural (topologies)
There was a problem hiding this comment.
This is a different case, since we return single topology.
| "resources": [ | ||
| { | ||
| "resourceId": { | ||
| "ID": "/subscriptions/3eeab341-f466-499c-a8be-85427e154bad/resourceGroups/myservers/providers/Microsoft.Network/virtualNetworks/myvnet" |
There was a problem hiding this comment.
field names should be camel case (id)
There was a problem hiding this comment.
Yes. Example was old version. resourceId is a string, not an object.
| "location": "westus", | ||
| "children": [ | ||
| { | ||
| "resourceId": "/subscriptions/3eeab341-f466-499c-a8be-85427e154bad/resourceGroups/myservers/providers/Microsoft.Network/virtualNetworks/myvnet/subnets/mysubnet" |
There was a problem hiding this comment.
resource Id should be an object containing the "id" property you also have a test that failed on that
| "type": "boolean", | ||
| "description": "Indicates if the resource has direct connectivity to the Internet" | ||
| }, | ||
| "secureScore": { |
There was a problem hiding this comment.
talked to PMs,
this field name should be changed
| "TopologyResourceName": { | ||
| "name": "topologyResourceName", | ||
| "in": "path", | ||
| "description": "Name of an topology resource group.", |
There was a problem hiding this comment.
the term "resource group" is already in use so it might confuse customers, please change the description
|
please make the "MODE=model PR_ONLY=true" test pass |
chlahav
left a comment
chlahav
left a comment
There was a problem hiding this comment.
Please address these minor changes
| ] | ||
| }, | ||
| "TopologyList": { | ||
| "type": "object", |
| } | ||
| }, | ||
| "TopologyResource": { | ||
| "type": "object", |
| }, | ||
| "TopologyResourceProperties": { | ||
| "type": "object", | ||
| "properties": { |
There was a problem hiding this comment.
for all the objects below as well, it will make the documentation look better
| "topologyScore": { | ||
| "type": "integer", | ||
| "readOnly": true, | ||
| "description": "Security score of the resource based on its severity, siblings security status and location in topology (to be used for clustering similar objects together)" |
There was a problem hiding this comment.
can you change the term security score in the description as well?
I think that "Score of the resource based on its security severity" is good enough
ravbhatnagar
left a comment
ravbhatnagar
left a comment
There was a problem hiding this comment.
Looks fine. Just few comments. Can be merged based on the reply to my comments.
| "readOnly": true, | ||
| "description": "The UTC time on which the topology was calculated" | ||
| }, | ||
| "resources": { |
There was a problem hiding this comment.
please rename this property to something else. It can potentially conflict with the Deep PUT common model that ARM team is working on enabling
There was a problem hiding this comment.
Changed to topologyResources
| "readOnly": true, | ||
| "description": "Indicates if the resource has security recommendations" | ||
| }, | ||
| "internetFacing": { |
There was a problem hiding this comment.
bools are generally not recommended, they are less descriptive and have removes any scope of future expansion in case you need more states to be reflected through that property.
There was a problem hiding this comment.
Agree. In the UI we actually show this as "Network Zones", changed to networkZones here as well (InternetFacing is one of the options).
| "readOnly": true, | ||
| "description": "Indicates if the resource has direct connectivity to the Internet" | ||
| }, | ||
| "topologyScore": { |
There was a problem hiding this comment.
How does a customer interpret an integer value for the topologyScore? Is 5 good or does it indicate a problem? what is the range of supported values. String enum better for this? If you need integer, may be add description. can it be an enum?
There was a problem hiding this comment.
The goal of the score is for clustering and filtering in UI. Since we have customers with many resources, by default we show resources with higher score (lower score items will be less visible). also, resources with same score may be clustered into same UI object.
This is private preview concept and we may improve the explanation upon feedback from customers (before going public)
ravbhatnagar
added
ARMSignedOff
|
Looks good |
|
Can one of the admins verify this patch? |
|
@chlahav I'm waiting for the fix on the minor changes you asked. Let me know if there is anything I can do. |
Automation for azure-sdk-for-jsNothing to generate for azure-sdk-for-js |
chlahav
removed
the
DoNotMerge
|
Please look at the model job for remaining errors: Thanks, |
|
Hi |
7 participants
Adding topology Rest API for Azure Security Center.
TFS item: https://msazure.visualstudio.com/One/_workitems/edit/2555019