diff --git a/specification/security/resource-manager/Microsoft.Security/Security/preview/2026-01-01-preview/common/v1/types.json b/specification/security/resource-manager/Microsoft.Security/Security/preview/2026-01-01-preview/common/v1/types.json new file mode 100644 index 000000000000..7b9fe0ada0e5 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/Security/preview/2026-01-01-preview/common/v1/types.json @@ -0,0 +1,473 @@ +{ + "swagger": "2.0", + "info": { + "version": "v1", + "title": "Common types" + }, + "paths": {}, + "definitions": { + "CloudError": { + "x-ms-external": true, + "type": "object", + "description": "Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.).", + "properties": { + "error": { + "x-ms-client-flatten": true, + "description": "The error object.", + "$ref": "#/definitions/CloudErrorBody" + } + } + }, + "CloudErrorBody": { + "x-ms-external": true, + "type": "object", + "description": "The error detail.", + "properties": { + "code": { + "readOnly": true, + "type": "string", + "description": "The error code." + }, + "message": { + "readOnly": true, + "type": "string", + "description": "The error message." + }, + "target": { + "readOnly": true, + "type": "string", + "description": "The error target." + }, + "details": { + "readOnly": true, + "type": "array", + "items": { + "$ref": "#/definitions/CloudErrorBody" + }, + "description": "The error details." + }, + "additionalInfo": { + "readOnly": true, + "type": "array", + "items": { + "$ref": "#/definitions/ErrorAdditionalInfo" + }, + "description": "The error additional info." + } + } + }, + "ErrorAdditionalInfo": { + "properties": { + "type": { + "readOnly": true, + "type": "string", + "description": "The additional info type." + }, + "info": { + "readOnly": true, + "type": "object", + "description": "The additional info." + } + }, + "description": "The resource management error additional info." + }, + "Resource": { + "type": "object", + "description": "Describes an Azure resource.", + "properties": { + "id": { + "readOnly": true, + "type": "string", + "description": "Resource Id" + }, + "name": { + "readOnly": true, + "type": "string", + "description": "Resource name" + }, + "type": { + "readOnly": true, + "type": "string", + "description": "Resource type" + } + }, + "x-ms-azure-resource": true + }, + "TrackedResource": { + "type": "object", + "description": "Describes an Azure tracked resource.", + "allOf": [ + { + "$ref": "#/definitions/Resource" + }, + { + "$ref": "#/definitions/AzureTrackedResourceLocation" + }, + { + "$ref": "#/definitions/Kind" + }, + { + "$ref": "#/definitions/ETag" + }, + { + "$ref": "#/definitions/Tags" + } + ] + }, + "ETag": { + "type": "object", + "description": "Entity tag is used for comparing two or more entities from the same requested resource.", + "properties": { + "etag": { + "type": "string", + "description": "Entity tag is used for comparing two or more entities from the same requested resource." + } + } + }, + "Tags": { + "type": "object", + "description": "A list of key value pairs that describe the resource.", + "properties": { + "tags": { + "type": "object", + "description": "A list of key value pairs that describe the resource.", + "additionalProperties": { + "type": "string" + } + } + } + }, + "Kind": { + "type": "object", + "description": "Describes an Azure resource with kind", + "properties": { + "kind": { + "type": "string", + "description": "Kind of the resource" + } + } + }, + "Location": { + "type": "object", + "description": "Describes an Azure resource with location", + "properties": { + "location": { + "readOnly": true, + "type": "string", + "description": "Location where the resource is stored" + } + } + }, + "AzureTrackedResourceLocation": { + "type": "object", + "description": "Describes an Azure resource with location", + "properties": { + "location": { + "type": "string", + "description": "Location where the resource is stored" + } + } + }, + "AscLocationList": { + "type": "object", + "description": "List of locations where ASC saves your data", + "properties": { + "value": { + "readOnly": true, + "type": "array", + "items": { + "$ref": "#/definitions/AscLocation" + } + }, + "nextLink": { + "readOnly": true, + "type": "string", + "description": "The URI to fetch the next page." + } + } + }, + "AscLocation": { + "type": "object", + "description": "The ASC location of the subscription is in the \"name\" field", + "properties": { + "properties": { + "x-ms-client-flatten": true, + "$ref": "#/definitions/AscLocationProperties" + } + }, + "allOf": [ + { + "$ref": "#/definitions/Resource" + } + ] + }, + "AscLocationProperties": { + "type": "object", + "description": "An empty set of properties" + }, + "ResourceDetails": { + "type": "object", + "description": "Details of the resource that was assessed", + "discriminator": "source", + "properties": { + "source": { + "type": "string", + "description": "The platform where the assessed resource resides", + "enum": [ + "Azure", + "OnPremise", + "OnPremiseSql" + ], + "x-ms-enum": { + "name": "source", + "modelAsString": true, + "values": [ + { + "value": "Azure", + "description": "Resource is in Azure" + }, + { + "value": "OnPremise", + "description": "Resource in an on premise machine connected to Azure cloud" + }, + { + "value": "OnPremiseSql", + "description": "SQL Resource in an on premise machine connected to Azure cloud" + } + ] + } + } + }, + "required": [ + "source" + ] + }, + "AzureResourceDetails": { + "type": "object", + "description": "Details of the Azure resource that was assessed", + "x-ms-discriminator-value": "Azure", + "allOf": [ + { + "$ref": "#/definitions/ResourceDetails" + } + ], + "properties": { + "id": { + "readOnly": true, + "type": "string", + "description": "Azure resource Id of the assessed resource" + } + } + }, + "OnPremiseResourceDetails": { + "type": "object", + "description": "Details of the On Premise resource that was assessed", + "x-ms-discriminator-value": "OnPremise", + "allOf": [ + { + "$ref": "#/definitions/ResourceDetails" + } + ], + "properties": { + "workspaceId": { + "type": "string", + "description": "Azure resource Id of the workspace the machine is attached to" + }, + "vmuuid": { + "type": "string", + "description": "The unique Id of the machine" + }, + "sourceComputerId": { + "type": "string", + "description": "The oms agent Id installed on the machine" + }, + "machineName": { + "type": "string", + "description": "The name of the machine" + } + }, + "required": [ + "workspaceId", + "vmuuid", + "sourceComputerId", + "machineName" + ] + }, + "OnPremiseSqlResourceDetails": { + "type": "object", + "description": "Details of the On Premise Sql resource that was assessed", + "x-ms-discriminator-value": "OnPremiseSql", + "allOf": [ + { + "$ref": "#/definitions/OnPremiseResourceDetails" + } + ], + "properties": { + "serverName": { + "type": "string", + "description": "The Sql server name installed on the machine" + }, + "databaseName": { + "type": "string", + "description": "The Sql database name installed on the machine" + } + }, + "required": [ + "serverName", + "databaseName" + ] + }, + "AzureResourceLinks": { + "description": "array of azure resource IDs", + "readOnly": true, + "type": "array", + "items": { + "$ref": "#/definitions/AzureResourceLink" + } + }, + "AzureResourceLink": { + "type": "object", + "description": "Describes an Azure resource with kind", + "properties": { + "id": { + "readOnly": true, + "type": "string", + "description": "Azure resource Id" + } + } + }, + "ExternalSecuritySolutionKind": { + "type": "object", + "description": "Describes an Azure resource with kind", + "properties": { + "kind": { + "type": "string", + "description": "The kind of the external solution", + "enum": [ + "CEF", + "ATA", + "AAD" + ], + "x-ms-enum": { + "name": "ExternalSecuritySolutionKind", + "modelAsString": true, + "values": [ + { + "value": "CEF" + }, + { + "value": "ATA" + }, + { + "value": "AAD" + } + ] + } + } + } + } + }, + "parameters": { + "SubscriptionId": { + "name": "subscriptionId", + "in": "path", + "required": true, + "pattern": "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$", + "type": "string", + "description": "Azure subscription ID" + }, + "ManagementGroupId": { + "name": "managementGroupId", + "in": "path", + "required": true, + "type": "string", + "description": "Azure Management Group ID" + }, + "ResourceGroupName": { + "name": "resourceGroupName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the resource group within the user's subscription. The name is case insensitive.", + "pattern": "^[-\\w\\._\\(\\)]+$", + "minLength": 1, + "maxLength": 90, + "x-ms-parameter-location": "method" + }, + "ApiVersion": { + "name": "api-version", + "in": "query", + "required": true, + "type": "string", + "description": "API version for the operation" + }, + "AscLocation": { + "name": "ascLocation", + "in": "path", + "required": true, + "type": "string", + "description": "The location where ASC stores the data of the subscription. can be retrieved from Get locations", + "x-ms-parameter-location": "method" + }, + "ResourceId": { + "name": "resourceId", + "in": "path", + "required": true, + "type": "string", + "description": "The identifier of the resource.", + "x-ms-parameter-location": "method", + "x-ms-skip-url-encoding": true + }, + "Scope": { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "Scope of the query, can be subscription (/subscriptions/0b06d9ea-afe6-4779-bd59-30e5c2d9d13f) or management group (/providers/Microsoft.Management/managementGroups/mgName).", + "x-ms-parameter-location": "method", + "x-ms-skip-url-encoding": true + }, + "ScopeResourceId": { + "name": "scopeId", + "in": "path", + "required": true, + "type": "string", + "description": "The identifier of the resource, (format: 'subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName})", + "x-ms-parameter-location": "method", + "x-ms-skip-url-encoding": true + }, + "ScopeId": { + "name": "scopeId", + "in": "path", + "required": true, + "type": "string", + "description": "The scope id of the pricing. Valid scopes are: subscription (format: 'subscriptions/{subscriptionId}'), or a specific resource (format: 'subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}) - Supported resources are (VirtualMachines)", + "x-ms-parameter-location": "method", + "x-ms-skip-url-encoding": true + }, + "ODataFilter": { + "name": "$filter", + "in": "query", + "required": false, + "type": "string", + "description": "OData filter. Optional.", + "x-ms-parameter-location": "method" + }, + "ODataSelect": { + "name": "$select", + "in": "query", + "required": false, + "type": "string", + "description": "OData select. Optional.", + "x-ms-parameter-location": "method" + }, + "ODataExpand": { + "name": "$expand", + "in": "query", + "required": false, + "type": "string", + "description": "OData expand. Optional.", + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/Security/preview/2026-01-01-preview/examples/SecurityConnectors/DeleteSecurityConnector_example.json b/specification/security/resource-manager/Microsoft.Security/Security/preview/2026-01-01-preview/examples/SecurityConnectors/DeleteSecurityConnector_example.json new file mode 100644 index 000000000000..dec28b7ab6bc --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/Security/preview/2026-01-01-preview/examples/SecurityConnectors/DeleteSecurityConnector_example.json @@ -0,0 +1,12 @@ +{ + "parameters": { + "api-version": "2026-01-01-preview", + "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "resourceGroupName": "myRg", + "securityConnectorName": "mySecurityConnectorName" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/Security/preview/2026-01-01-preview/examples/SecurityConnectors/GetSecurityConnectorSingleResource_example.json b/specification/security/resource-manager/Microsoft.Security/Security/preview/2026-01-01-preview/examples/SecurityConnectors/GetSecurityConnectorSingleResource_example.json new file mode 100644 index 000000000000..6e855d375ca4 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/Security/preview/2026-01-01-preview/examples/SecurityConnectors/GetSecurityConnectorSingleResource_example.json @@ -0,0 +1,45 @@ +{ + "parameters": { + "api-version": "2026-01-01-preview", + "subscriptionId": "a5caac9c-5c04-49af-b3d0-e204f40345d5", + "resourceGroupName": "exampleResourceGroup", + "securityConnectorName": "exampleSecurityConnectorName" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/securityConnectors/exampleSecurityConnectorName", + "name": "exampleSecurityConnectorName", + "type": "Microsoft.Security/securityConnectors", + "etag": "etag value", + "kind": "", + "location": "Central US", + "tags": {}, + "systemData": { + "createdBy": "user@contoso.com", + "createdByType": "User", + "createdAt": "2021-08-31T13:47:50.328Z", + "lastModifiedBy": "user@contoso.com", + "lastModifiedByType": "User", + "lastModifiedAt": "2021-08-31T13:47:50.328Z" + }, + "properties": { + "environmentData": { + "environmentType": "AwsAccount", + "scanInterval": 4 + }, + "hierarchyIdentifier": "exampleHierarchyId", + "environmentName": "AWS", + "offerings": [ + { + "offeringType": "CspmMonitorAws", + "nativeCloudConnection": { + "cloudRoleArn": "arn:aws:iam::00000000:role/ASCMonitor" + } + } + ] + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/Security/preview/2026-01-01-preview/examples/SecurityConnectors/GetSecurityConnectorsResourceGroup_example.json b/specification/security/resource-manager/Microsoft.Security/Security/preview/2026-01-01-preview/examples/SecurityConnectors/GetSecurityConnectorsResourceGroup_example.json new file mode 100644 index 000000000000..02ebe9c4b542 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/Security/preview/2026-01-01-preview/examples/SecurityConnectors/GetSecurityConnectorsResourceGroup_example.json @@ -0,0 +1,126 @@ +{ + "parameters": { + "api-version": "2026-01-01-preview", + "subscriptionId": "a5caac9c-5c04-49af-b3d0-e204f40345d5", + "resourceGroupName": "exampleResourceGroup" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/securityConnectors/exampleSecurityConnectorAws", + "name": "exampleSecurityConnectorAws", + "type": "Microsoft.Security/securityConnectors", + "etag": "etag value", + "kind": "", + "location": "Central US", + "tags": {}, + "systemData": { + "createdBy": "user@contoso.com", + "createdByType": "User", + "createdAt": "2021-08-31T13:47:50.328Z", + "lastModifiedBy": "user@contoso.com", + "lastModifiedByType": "User", + "lastModifiedAt": "2021-08-31T13:47:50.328Z" + }, + "properties": { + "hierarchyIdentifier": "exampleHierarchyId", + "environmentData": { + "environmentType": "AwsAccount", + "scanInterval": 4 + }, + "environmentName": "AWS", + "offerings": [ + { + "offeringType": "CspmMonitorAws", + "nativeCloudConnection": { + "cloudRoleArn": "arn:aws:iam::00000000:role/ASCMonitor" + } + } + ] + } + }, + { + "id": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/securityConnectors/exampleSecurityConnectorAwsOrganization", + "name": "exampleSecurityConnectorAwsOrganization", + "type": "Microsoft.Security/securityConnectors", + "etag": "etag value", + "kind": "", + "location": "Central US", + "tags": {}, + "systemData": { + "createdBy": "user@contoso.com", + "createdByType": "User", + "createdAt": "2021-12-15T13:47:50.328Z", + "lastModifiedBy": "user@contoso.com", + "lastModifiedByType": "User", + "lastModifiedAt": "2021-12-15T13:47:50.328Z" + }, + "properties": { + "hierarchyIdentifier": "exampleHierarchyId", + "environmentData": { + "environmentType": "AwsAccount", + "scanInterval": 4, + "organizationalData": { + "organizationMembershipType": "Organization", + "stacksetName": "myStackSetName", + "excludedAccountIds": [ + "excludedAccountIdExample" + ] + } + }, + "environmentName": "AWS", + "offerings": [ + { + "offeringType": "CspmMonitorAws", + "nativeCloudConnection": { + "cloudRoleArn": "arn:aws:iam::00000000:role/ASCMonitor" + } + } + ] + } + }, + { + "id": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/securityConnectors/exampleSecurityConnectorGcp", + "name": "exampleSecurityConnectorGcp", + "type": "Microsoft.Security/securityConnectors", + "etag": "etag value", + "kind": "", + "location": "Central US", + "tags": {}, + "systemData": { + "createdBy": "user@contoso.com", + "createdByType": "User", + "createdAt": "2021-12-15T13:47:50.328Z", + "lastModifiedBy": "user@contoso.com", + "lastModifiedByType": "User", + "lastModifiedAt": "2021-12-15T13:47:50.328Z" + }, + "properties": { + "hierarchyIdentifier": "exampleHierarchyId", + "environmentData": { + "environmentType": "GcpProject", + "projectDetails": { + "projectNumber": "exampleHierarchyId", + "projectId": "My-0GCP-Project", + "workloadIdentityPoolId": "My-workload-identity-federation-pool-id" + } + }, + "environmentName": "GCP", + "offerings": [ + { + "offeringType": "CspmMonitorGcp", + "nativeCloudConnection": { + "workloadIdentityProviderId": "My workload identity provider Id", + "serviceAccountEmailAddress": "capm@projectName.com" + } + } + ] + } + } + ] + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/Security/preview/2026-01-01-preview/examples/SecurityConnectors/GetSecurityConnectorsSubscription_example.json b/specification/security/resource-manager/Microsoft.Security/Security/preview/2026-01-01-preview/examples/SecurityConnectors/GetSecurityConnectorsSubscription_example.json new file mode 100644 index 000000000000..6a30bdea2039 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/Security/preview/2026-01-01-preview/examples/SecurityConnectors/GetSecurityConnectorsSubscription_example.json @@ -0,0 +1,183 @@ +{ + "parameters": { + "api-version": "2026-01-01-preview", + "subscriptionId": "a5caac9c-5c04-49af-b3d0-e204f40345d5" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup1/providers/Microsoft.Security/securityConnectors/exampleSecurityConnectorAws", + "name": "exampleSecurityConnectorAws", + "type": "Microsoft.Security/securityConnectors", + "etag": "etag value", + "kind": "", + "location": "Central US", + "tags": {}, + "systemData": { + "createdBy": "user@contoso.com", + "createdByType": "User", + "createdAt": "2021-08-31T13:47:50.328Z", + "lastModifiedBy": "user@contoso.com", + "lastModifiedByType": "User", + "lastModifiedAt": "2021-08-31T13:47:50.328Z" + }, + "properties": { + "hierarchyIdentifier": "exampleHierarchyId", + "environmentData": { + "environmentType": "AwsAccount", + "scanInterval": 4 + }, + "environmentName": "AWS", + "offerings": [ + { + "offeringType": "CspmMonitorAws", + "nativeCloudConnection": { + "cloudRoleArn": "arn:aws:iam::00000000:role/ASCMonitor" + } + } + ] + } + }, + { + "id": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup2/providers/Microsoft.Security/securityConnectors/exampleSecurityConnectorAwsOrganization", + "name": "exampleSecurityConnectorAwsOrganization", + "type": "Microsoft.Security/securityConnectors", + "etag": "etag value", + "kind": "", + "location": "Central US", + "tags": {}, + "systemData": { + "createdBy": "user@contoso.com", + "createdByType": "User", + "createdAt": "2021-12-15T13:47:50.328Z", + "lastModifiedBy": "user@contoso.com", + "lastModifiedByType": "User", + "lastModifiedAt": "2021-12-15T13:47:50.328Z" + }, + "properties": { + "hierarchyIdentifier": "exampleHierarchyId", + "environmentData": { + "environmentType": "AwsAccount", + "scanInterval": 4, + "organizationalData": { + "organizationMembershipType": "Organization", + "stacksetName": "myStackSetName", + "excludedAccountIds": [ + "excludedAccountIdExample" + ] + } + }, + "environmentName": "AWS", + "offerings": [ + { + "offeringType": "CspmMonitorAws", + "nativeCloudConnection": { + "cloudRoleArn": "arn:aws:iam::00000000:role/ASCMonitor" + } + } + ] + } + }, + { + "id": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup3/providers/Microsoft.Security/securityConnectors/exampleSecurityConnectorGithub", + "name": "githubTest", + "etag": "etag value", + "type": "Microsoft.Security/securityconnectors", + "location": "centralus", + "kind": "", + "tags": {}, + "systemData": { + "createdBy": "user@contoso.com", + "createdByType": "User", + "createdAt": "2021-12-15T13:47:50.328Z", + "lastModifiedBy": "user@contoso.com", + "lastModifiedByType": "User", + "lastModifiedAt": "2021-12-15T13:47:50.328Z" + }, + "properties": { + "hierarchyIdentifier": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup3/providers/Microsoft.SecurityDevops/githubConnectors/exampleGithubConnector", + "environmentName": "Github", + "environmentData": { + "environmentType": "GithubScope" + }, + "offerings": [ + { + "offeringType": "CspmMonitorGithub" + } + ] + } + }, + { + "id": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup3/providers/Microsoft.Security/securityConnectors/exampleSecurityConnectorAzureDevOpsConnectors", + "name": "AzureDevOpsTest", + "etag": "etag value", + "type": "Microsoft.Security/securityconnectors", + "location": "centralus", + "kind": "", + "tags": {}, + "systemData": { + "createdBy": "user@contoso.com", + "createdByType": "User", + "createdAt": "2021-12-15T13:47:50.328Z", + "lastModifiedBy": "user@contoso.com", + "lastModifiedByType": "User", + "lastModifiedAt": "2021-12-15T13:47:50.328Z" + }, + "properties": { + "hierarchyIdentifier": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup3/providers/Microsoft.SecurityDevops/azureDevOpsConnectors/exampleAzureDevOpsConnector", + "environmentName": "Github", + "environmentData": { + "environmentType": "GithubScope" + }, + "offerings": [ + { + "offeringType": "CspmMonitorGithub" + } + ] + } + }, + { + "id": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup3/providers/Microsoft.Security/securityConnectors/exampleSecurityConnectorGcp", + "name": "exampleSecurityConnectorGcp", + "type": "Microsoft.Security/securityConnectors", + "etag": "etag value", + "kind": "", + "location": "Central US", + "tags": {}, + "systemData": { + "createdBy": "user@contoso.com", + "createdByType": "User", + "createdAt": "2021-12-15T13:47:50.328Z", + "lastModifiedBy": "user@contoso.com", + "lastModifiedByType": "User", + "lastModifiedAt": "2021-12-15T13:47:50.328Z" + }, + "properties": { + "hierarchyIdentifier": "exampleHierarchyId", + "environmentData": { + "environmentType": "GcpProject", + "projectDetails": { + "projectNumber": "exampleHierarchyId", + "projectId": "My-0GCP-Project", + "workloadIdentityPoolId": "6c78da41157548d3b1d8b3c72effdf8c" + } + }, + "environmentName": "GCP", + "offerings": [ + { + "offeringType": "CspmMonitorGcp", + "nativeCloudConnection": { + "workloadIdentityProviderId": "My workload identity provider Id", + "serviceAccountEmailAddress": "capm@projectName.com" + } + } + ] + } + } + ] + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/Security/preview/2026-01-01-preview/examples/SecurityConnectors/PatchSecurityConnector_example.json b/specification/security/resource-manager/Microsoft.Security/Security/preview/2026-01-01-preview/examples/SecurityConnectors/PatchSecurityConnector_example.json new file mode 100644 index 000000000000..be752a8b21e0 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/Security/preview/2026-01-01-preview/examples/SecurityConnectors/PatchSecurityConnector_example.json @@ -0,0 +1,64 @@ +{ + "parameters": { + "api-version": "2026-01-01-preview", + "subscriptionId": "a5caac9c-5c04-49af-b3d0-e204f40345d5", + "securityConnectorName": "exampleSecurityConnectorName", + "resourceGroupName": "exampleResourceGroup", + "securityConnector": { + "location": "Central US", + "etag": "etag value (must be supplied for update)", + "tags": {}, + "properties": { + "hierarchyIdentifier": "exampleHierarchyId", + "environmentData": { + "environmentType": "AwsAccount" + }, + "environmentName": "AWS", + "offerings": [ + { + "offeringType": "CspmMonitorAws", + "nativeCloudConnection": { + "cloudRoleArn": "arn:aws:iam::00000000:role/ASCMonitor" + } + } + ] + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/securityConnectors/exampleSecurityConnectorName", + "name": "exampleSecurityConnectorName", + "type": "Microsoft.Security/securityConnectors", + "location": "Central US", + "kind": "", + "etag": "etag value", + "tags": {}, + "systemData": { + "createdBy": "user@contoso.com", + "createdByType": "User", + "createdAt": "2021-08-31T13:47:50.328Z", + "lastModifiedBy": "user@contoso.com", + "lastModifiedByType": "User", + "lastModifiedAt": "2021-08-31T13:47:50.328Z" + }, + "properties": { + "hierarchyIdentifier": "exampleHierarchyId", + "environmentData": { + "environmentType": "AwsAccount" + }, + "environmentName": "AWS", + "offerings": [ + { + "offeringType": "CspmMonitorAws", + "nativeCloudConnection": { + "cloudRoleArn": "arn:aws:iam::00000000:role/ASCMonitor" + } + } + ] + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/Security/preview/2026-01-01-preview/examples/SecurityConnectors/PutSecurityConnector_example.json b/specification/security/resource-manager/Microsoft.Security/Security/preview/2026-01-01-preview/examples/SecurityConnectors/PutSecurityConnector_example.json new file mode 100644 index 000000000000..f30230f76d22 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/Security/preview/2026-01-01-preview/examples/SecurityConnectors/PutSecurityConnector_example.json @@ -0,0 +1,99 @@ +{ + "parameters": { + "api-version": "2026-01-01-preview", + "subscriptionId": "a5caac9c-5c04-49af-b3d0-e204f40345d5", + "securityConnectorName": "exampleSecurityConnectorName", + "resourceGroupName": "exampleResourceGroup", + "securityConnector": { + "location": "Central US", + "etag": "etag value (must be supplied for update)", + "tags": {}, + "properties": { + "hierarchyIdentifier": "exampleHierarchyId", + "environmentName": "AWS", + "environmentData": { + "environmentType": "AwsAccount", + "scanInterval": 4 + }, + "offerings": [ + { + "offeringType": "CspmMonitorAws", + "nativeCloudConnection": { + "cloudRoleArn": "arn:aws:iam::00000000:role/ASCMonitor" + } + } + ] + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/securityConnectors/exampleSecurityConnectorName", + "name": "exampleSecurityConnectorName", + "type": "Microsoft.Security/securityConnectors", + "location": "Central US", + "kind": "", + "etag": "", + "tags": {}, + "systemData": { + "createdBy": "user@contoso.com", + "createdByType": "User", + "createdAt": "2021-08-31T13:47:50.328Z", + "lastModifiedBy": "user@contoso.com", + "lastModifiedByType": "User", + "lastModifiedAt": "2021-08-31T13:47:50.328Z" + }, + "properties": { + "hierarchyIdentifier": "exampleHierarchyId", + "environmentData": { + "environmentType": "AwsAccount" + }, + "environmentName": "AWS", + "offerings": [ + { + "offeringType": "CspmMonitorAws", + "nativeCloudConnection": { + "cloudRoleArn": "arn:aws:iam::00000000:role/ASCMonitor" + } + } + ] + } + } + }, + "201": { + "body": { + "id": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/securityConnectors/exampleSecurityConnectorName", + "name": "exampleSecurityConnectorName", + "type": "Microsoft.Security/securityConnectors", + "location": "Central US", + "kind": "", + "etag": "", + "tags": {}, + "systemData": { + "createdBy": "user@contoso.com", + "createdByType": "User", + "createdAt": "2021-08-31T13:47:50.328Z", + "lastModifiedBy": "user@contoso.com", + "lastModifiedByType": "User", + "lastModifiedAt": "2021-08-31T13:47:50.328Z" + }, + "properties": { + "hierarchyIdentifier": "exampleHierarchyId", + "environmentData": { + "environmentType": "AwsAccount" + }, + "environmentName": "AWS", + "offerings": [ + { + "offeringType": "CspmMonitorAws", + "nativeCloudConnection": { + "cloudRoleArn": "arn:aws:iam::00000000:role/ASCMonitor" + } + } + ] + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/Security/preview/2026-01-01-preview/securityConnectors.json b/specification/security/resource-manager/Microsoft.Security/Security/preview/2026-01-01-preview/securityConnectors.json new file mode 100644 index 000000000000..6d0723ff8c4c --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/Security/preview/2026-01-01-preview/securityConnectors.json @@ -0,0 +1,1807 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Center", + "description": "API spec for Microsoft.Security (Azure Security Center) resource provider", + "version": "2026-01-01-preview" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/providers/Microsoft.Security/securityConnectors": { + "get": { + "x-ms-examples": { + "List all security connectors of a specified subscription": { + "$ref": "./examples/SecurityConnectors/GetSecurityConnectorsSubscription_example.json" + } + }, + "tags": [ + "SecurityConnectors" + ], + "description": "Lists all the security connectors in the specified subscription. Use the 'nextLink' property in the response to get the next page of security connectors for the specified subscription.", + "operationId": "SecurityConnectors_List", + "parameters": [ + { + "$ref": "./common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "./common/v1/types.json#/parameters/SubscriptionId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/SecurityConnectorsList" + } + }, + "default": { + "description": "Error response that describes why the operation failed.", + "schema": { + "$ref": "./common/v1/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/securityConnectors": { + "get": { + "x-ms-examples": { + "List all security connectors of a specified resource group": { + "$ref": "./examples/SecurityConnectors/GetSecurityConnectorsResourceGroup_example.json" + } + }, + "tags": [ + "SecurityConnectors" + ], + "description": "Lists all the security connectors in the specified resource group. Use the 'nextLink' property in the response to get the next page of security connectors for the specified resource group.", + "operationId": "SecurityConnectors_ListByResourceGroup", + "parameters": [ + { + "$ref": "./common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "./common/v1/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "./common/v1/types.json#/parameters/ResourceGroupName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/SecurityConnectorsList" + } + }, + "default": { + "description": "Error response that describes why the operation failed.", + "schema": { + "$ref": "./common/v1/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/securityConnectors/{securityConnectorName}": { + "get": { + "x-ms-examples": { + "Retrieve a security connector": { + "$ref": "./examples/SecurityConnectors/GetSecurityConnectorSingleResource_example.json" + } + }, + "tags": [ + "SecurityConnectors" + ], + "description": "Retrieves details of a specific security connector", + "operationId": "SecurityConnectors_Get", + "parameters": [ + { + "$ref": "./common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "./common/v1/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "./common/v1/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/securityConnectorName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/SecurityConnector" + } + }, + "default": { + "description": "Error response that describes why the operation failed.", + "schema": { + "$ref": "./common/v1/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Create or update a security connector": { + "$ref": "./examples/SecurityConnectors/PutSecurityConnector_example.json" + } + }, + "tags": [ + "SecurityConnectors" + ], + "description": "Creates or updates a security connector. If a security connector is already created and a subsequent request is issued for the same security connector id, then it will be updated.", + "operationId": "SecurityConnectors_CreateOrUpdate", + "parameters": [ + { + "$ref": "./common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "./common/v1/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "./common/v1/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/securityConnectorName" + }, + { + "$ref": "#/parameters/securityConnectorInBody" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/SecurityConnector" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/SecurityConnector" + } + }, + "default": { + "description": "Error response that describes why the operation failed.", + "schema": { + "$ref": "./common/v1/types.json#/definitions/CloudError" + } + } + } + }, + "patch": { + "x-ms-examples": { + "Update a security connector": { + "$ref": "./examples/SecurityConnectors/PatchSecurityConnector_example.json" + } + }, + "tags": [ + "SecurityConnectors" + ], + "description": "Updates a security connector", + "operationId": "SecurityConnectors_Update", + "parameters": [ + { + "$ref": "./common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "./common/v1/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "./common/v1/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/securityConnectorName" + }, + { + "$ref": "#/parameters/securityConnectorInBody" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/SecurityConnector" + } + }, + "default": { + "description": "Error response that describes why the operation failed.", + "schema": { + "$ref": "./common/v1/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a security connector": { + "$ref": "./examples/SecurityConnectors/DeleteSecurityConnector_example.json" + } + }, + "tags": [ + "SecurityConnectors" + ], + "operationId": "SecurityConnectors_Delete", + "description": "Deletes a security connector.", + "parameters": [ + { + "$ref": "./common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "./common/v1/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "./common/v1/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/securityConnectorName" + } + ], + "responses": { + "200": { + "description": "The resource was deleted successfully" + }, + "204": { + "description": "NoContent" + }, + "default": { + "description": "Error response that describes why the operation failed.", + "schema": { + "$ref": "./common/v1/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "SecurityConnectorsList": { + "type": "object", + "description": "List of security connectors response.", + "required": [ + "value" + ], + "properties": { + "value": { + "type": "array", + "description": "The list of security connectors under the given scope.", + "items": { + "$ref": "#/definitions/SecurityConnector" + } + }, + "nextLink": { + "readOnly": true, + "type": "string", + "description": "The URI to fetch the next page." + } + } + }, + "SecurityConnector": { + "type": "object", + "description": "The security connector resource.", + "properties": { + "systemData": { + "readOnly": true, + "type": "object", + "description": "Azure Resource Manager metadata containing createdBy and modifiedBy information.", + "$ref": "../../../../../../common-types/resource-management/v2/types.json#/definitions/systemData" + }, + "properties": { + "x-ms-client-flatten": true, + "description": "Security connector data", + "$ref": "#/definitions/SecurityConnectorProperties" + } + }, + "allOf": [ + { + "$ref": "./common/v1/types.json#/definitions/TrackedResource" + } + ] + }, + "SecurityConnectorProperties": { + "type": "object", + "description": "A set of properties that defines the security connector configuration.", + "properties": { + "hierarchyIdentifier": { + "type": "string", + "description": "The multi cloud resource identifier (account id in case of AWS connector, project number in case of GCP connector)." + }, + "hierarchyIdentifierTrialEndDate": { + "type": "string", + "format": "date-time", + "readOnly": true, + "description": "The date on which the trial period will end, if applicable. Trial period exists for 30 days after upgrading to payed offerings." + }, + "environmentName": { + "type": "string", + "description": "The multi cloud resource's cloud name.", + "enum": [ + "Azure", + "AWS", + "GCP", + "Github", + "AzureDevOps", + "GitLab" + ], + "x-ms-enum": { + "name": "cloudName", + "modelAsString": true + } + }, + "offerings": { + "type": "array", + "description": "A collection of offerings for the security connector.", + "items": { + "$ref": "#/definitions/cloudOffering" + }, + "x-ms-identifiers": [] + }, + "environmentData": { + "type": "object", + "description": "The security connector environment data.", + "$ref": "#/definitions/EnvironmentData" + } + } + }, + "EnvironmentData": { + "type": "object", + "description": "The security connector environment data.", + "discriminator": "environmentType", + "required": [ + "environmentType" + ], + "properties": { + "environmentType": { + "type": "string", + "description": "The type of the environment data.", + "enum": [ + "AwsAccount", + "GcpProject", + "GithubScope", + "AzureDevOpsScope", + "GitlabScope", + "DockerHubOrganization", + "JFrogArtifactory" + ], + "x-ms-enum": { + "name": "environmentType", + "modelAsString": true + } + } + } + }, + "AwsEnvironmentData": { + "type": "object", + "description": "The AWS connector environment data", + "x-ms-discriminator-value": "AwsAccount", + "allOf": [ + { + "$ref": "#/definitions/EnvironmentData" + } + ], + "properties": { + "organizationalData": { + "type": "object", + "description": "The AWS account's organizational data", + "$ref": "#/definitions/AwsOrganizationalData" + }, + "regions": { + "type": "array", + "description": "list of regions to scan", + "items": { + "type": "string", + "description": "AWS regions names" + } + }, + "accountName": { + "type": "string", + "description": "The AWS account name", + "readOnly": true + }, + "scanInterval": { + "type": "integer", + "format": "int64", + "description": "Scan interval in hours (value should be between 1-hour to 24-hours)" + } + } + }, + "AwsOrganizationalData": { + "type": "object", + "description": "The AWS organization data", + "discriminator": "organizationMembershipType", + "required": [ + "organizationMembershipType" + ], + "properties": { + "organizationMembershipType": { + "type": "string", + "description": "The multi cloud account's membership type in the organization", + "enum": [ + "Member", + "Organization" + ], + "x-ms-enum": { + "name": "organizationMembershipType", + "modelAsString": true + } + } + } + }, + "AwsOrganizationalDataMaster": { + "type": "object", + "description": "The AWS organization data for the master account", + "x-ms-discriminator-value": "Organization", + "allOf": [ + { + "$ref": "#/definitions/AwsOrganizationalData" + } + ], + "properties": { + "stacksetName": { + "type": "string", + "description": "If the multi cloud account is of membership type organization, this will be the name of the onboarding stackset" + }, + "excludedAccountIds": { + "type": "array", + "description": "If the multi cloud account is of membership type organization, list of accounts excluded from offering", + "items": { + "type": "string", + "description": "account IDs" + } + } + } + }, + "AwsOrganizationalDataMember": { + "type": "object", + "description": "The AWS organization data for the member account", + "x-ms-discriminator-value": "Member", + "allOf": [ + { + "$ref": "#/definitions/AwsOrganizationalData" + } + ], + "properties": { + "parentHierarchyId": { + "type": "string", + "description": "If the multi cloud account is not of membership type organization, this will be the ID of the account's parent" + } + } + }, + "GcpProjectEnvironmentData": { + "type": "object", + "description": "The GCP project connector environment data", + "x-ms-discriminator-value": "GcpProject", + "allOf": [ + { + "$ref": "#/definitions/EnvironmentData" + } + ], + "properties": { + "organizationalData": { + "type": "object", + "description": "The Gcp project's organizational data", + "$ref": "#/definitions/GcpOrganizationalData" + }, + "projectDetails": { + "type": "object", + "description": "The Gcp project's details", + "$ref": "#/definitions/GcpProjectDetails" + }, + "scanInterval": { + "type": "integer", + "format": "int64", + "description": "Scan interval in hours (value should be between 1-hour to 24-hours)" + } + } + }, + "GcpProjectDetails": { + "type": "object", + "description": "The details about the project represented by the security connector", + "properties": { + "projectNumber": { + "type": "string", + "description": "The unique GCP Project number" + }, + "projectId": { + "type": "string", + "description": "The GCP Project id" + }, + "workloadIdentityPoolId": { + "readOnly": true, + "type": "string", + "description": "The GCP workload identity federation pool id" + }, + "projectName": { + "readOnly": true, + "type": "string", + "description": "GCP project name" + } + } + }, + "GcpOrganizationalData": { + "type": "object", + "description": "The gcpOrganization data", + "discriminator": "organizationMembershipType", + "required": [ + "organizationMembershipType" + ], + "properties": { + "organizationMembershipType": { + "type": "string", + "description": "The multi cloud account's membership type in the organization", + "enum": [ + "Member", + "Organization" + ], + "x-ms-enum": { + "name": "organizationMembershipType", + "modelAsString": true + } + } + } + }, + "GcpOrganizationalDataOrganization": { + "type": "object", + "description": "The gcpOrganization data for the parent account", + "x-ms-discriminator-value": "Organization", + "allOf": [ + { + "$ref": "#/definitions/GcpOrganizationalData" + } + ], + "properties": { + "excludedProjectNumbers": { + "type": "array", + "description": "If the multi cloud account is of membership type organization, list of accounts excluded from offering", + "items": { + "type": "string", + "description": "account IDs" + } + }, + "serviceAccountEmailAddress": { + "type": "string", + "description": "The service account email address which represents the organization level permissions container." + }, + "workloadIdentityProviderId": { + "type": "string", + "description": "The GCP workload identity provider id which represents the permissions required to auto provision security connectors" + }, + "organizationName": { + "readOnly": true, + "type": "string", + "description": "GCP organization name" + } + } + }, + "GcpOrganizationalDataMember": { + "type": "object", + "description": "The gcpOrganization data for the member account", + "x-ms-discriminator-value": "Member", + "allOf": [ + { + "$ref": "#/definitions/GcpOrganizationalData" + } + ], + "properties": { + "parentHierarchyId": { + "type": "string", + "description": "If the multi cloud account is not of membership type organization, this will be the ID of the project's parent" + }, + "managementProjectNumber": { + "type": "string", + "description": "The GCP management project number from organizational onboarding" + } + } + }, + "GithubScopeEnvironmentData": { + "type": "object", + "description": "The github scope connector's environment data", + "x-ms-discriminator-value": "GithubScope", + "allOf": [ + { + "$ref": "#/definitions/EnvironmentData" + } + ], + "properties": {} + }, + "AzureDevOpsScopeEnvironmentData": { + "type": "object", + "description": "The AzureDevOps scope connector's environment data", + "x-ms-discriminator-value": "AzureDevOpsScope", + "allOf": [ + { + "$ref": "#/definitions/EnvironmentData" + } + ], + "properties": {} + }, + "GitlabScopeEnvironmentData": { + "type": "object", + "description": "The GitLab scope connector's environment data", + "x-ms-discriminator-value": "GitlabScope", + "allOf": [ + { + "$ref": "#/definitions/EnvironmentData" + } + ], + "properties": {} + }, + "DockerHubEnvironmentData": { + "type": "object", + "description": "The Docker Hub connector environment data", + "x-ms-discriminator-value": "DockerHubOrganization", + "allOf": [ + { + "$ref": "#/definitions/EnvironmentData" + } + ], + "properties": { + "authentication": { + "type": "object", + "description": "The Docker Hub organization authentication details", + "$ref": "#/definitions/Authentication" + }, + "scanInterval": { + "type": "integer", + "format": "int64", + "description": "Scan interval in hours (value should be between 1-hour to 24-hours)" + } + } + }, + "Authentication": { + "type": "object", + "description": "The environment authentication details", + "discriminator": "authenticationType", + "required": [ + "authenticationType" + ], + "properties": { + "authenticationType": { + "type": "string", + "description": "The authentication type", + "enum": [ + "AccessToken" + ], + "x-ms-enum": { + "name": "authenticationType", + "modelAsString": true + } + } + } + }, + "AccessTokenAuthentication": { + "type": "object", + "description": "The environment authentication details", + "x-ms-discriminator-value": "AccessToken", + "allOf": [ + { + "$ref": "#/definitions/Authentication" + } + ], + "properties": { + "username": { + "type": "string", + "description": "The user name that will be used while authenticating with the onboarded environment" + }, + "accessToken": { + "type": "string", + "description": "The access token that will be used while authenticating with the onboarded environment" + } + } + }, + "JFrogEnvironmentData": { + "type": "object", + "description": "The JFrog Artifactory connector environment data", + "x-ms-discriminator-value": "JFrogArtifactory", + "allOf": [ + { + "$ref": "#/definitions/EnvironmentData" + } + ], + "properties": { + "scanInterval": { + "type": "integer", + "format": "int32", + "description": "Scan interval in hours (value should be between 1-hour to 24-hours)", + "minimum": 1, + "maximum": 24 + } + } + }, + "cloudOffering": { + "type": "object", + "description": "The security offering details", + "discriminator": "offeringType", + "required": [ + "offeringType" + ], + "properties": { + "offeringType": { + "type": "string", + "description": "The type of the security offering.", + "enum": [ + "CspmMonitorAws", + "DefenderForContainersAws", + "DefenderForServersAws", + "DefenderForDatabasesAws", + "CspmMonitorGcp", + "CspmMonitorGithub", + "CspmMonitorAzureDevOps", + "DefenderForServersGcp", + "DefenderForContainersGcp", + "DefenderForDatabasesGcp", + "DefenderCspmAws", + "DefenderCspmGcp", + "CspmMonitorGitLab", + "CspmMonitorDockerHub", + "DefenderForContainersDockerHub", + "DefenderCspmDockerHub", + "CspmMonitorJFrog", + "DefenderForContainersJFrog", + "DefenderCspmJFrog" + ], + "x-ms-enum": { + "name": "offeringType", + "modelAsString": true + } + }, + "description": { + "type": "string", + "description": "The offering description.", + "readOnly": true + } + } + }, + "cspmMonitorAwsOffering": { + "type": "object", + "description": "The CSPM monitoring for AWS offering", + "x-ms-discriminator-value": "CspmMonitorAws", + "allOf": [ + { + "$ref": "#/definitions/cloudOffering" + } + ], + "properties": { + "nativeCloudConnection": { + "type": "object", + "description": "The native cloud connection configuration", + "properties": { + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS for this feature" + } + } + } + } + }, + "defenderForContainersAwsOffering": { + "type": "object", + "description": "The Defender for Containers AWS offering", + "x-ms-discriminator-value": "DefenderForContainersAws", + "allOf": [ + { + "$ref": "#/definitions/cloudOffering" + } + ], + "properties": { + "kubernetesService": { + "type": "object", + "description": "The kubernetes service connection configuration", + "properties": { + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS for this feature used for provisioning resources" + } + } + }, + "kubernetesDataCollection": { + "type": "object", + "description": "The kubernetes data collection connection configuration", + "properties": { + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS for this feature used for reading data" + } + } + }, + "cloudWatchToKinesis": { + "type": "object", + "description": "The cloudwatch to kinesis connection configuration", + "properties": { + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS used by CloudWatch to transfer data into Kinesis" + } + } + }, + "kinesisToS3": { + "type": "object", + "description": "The kinesis to s3 connection configuration", + "properties": { + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS used by Kinesis to transfer data into S3" + } + } + }, + "securityGatingEnabled": { + "type": "boolean", + "description": "Is security gating enabled" + }, + "containerAntiMalwareEnabled": { + "type": "boolean", + "description": "Is defender anti-malware enabled" + }, + "enableAuditLogsAutoProvisioning": { + "type": "boolean", + "description": "Is audit logs data collection enabled" + }, + "enableDefenderAgentAutoProvisioning": { + "type": "boolean", + "description": "Is Microsoft Defender for Cloud Kubernetes agent auto provisioning enabled" + }, + "enablePolicyAgentAutoProvisioning": { + "type": "boolean", + "description": "Is Policy Kubernetes agent auto provisioning enabled" + }, + "kubeAuditRetentionTime": { + "type": "integer", + "format": "int64", + "description": "The retention time in days of kube audit logs set on the CloudWatch log group" + }, + "dataCollectionExternalId": { + "type": "string", + "description": "The externalId used by the data reader to prevent the confused deputy attack" + }, + "mdcContainersImageAssessment": { + "type": "object", + "description": "The Microsoft Defender container image assessment configuration", + "properties": { + "enabled": { + "type": "boolean", + "description": "Is Microsoft Defender container image assessment enabled" + }, + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS for this feature" + }, + "securityFindingsEnabled": { + "type": "boolean", + "description": "Is security findings enabled for container image assessment" + } + } + }, + "mdcContainersAgentlessDiscoveryK8s": { + "type": "object", + "description": "The Microsoft Defender container agentless discovery K8s configuration", + "properties": { + "enabled": { + "type": "boolean", + "description": "Is Microsoft Defender container agentless discovery K8s enabled" + }, + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS for this feature" + } + } + }, + "vmScanners": { + "type": "object", + "description": "The Microsoft Defender for Container K8s VM host scanning configuration", + "allOf": [ + { + "$ref": "#/definitions/vmScannersAws" + } + ], + "properties": {} + } + } + }, + "defenderForServersAwsOffering": { + "type": "object", + "description": "The Defender for Servers AWS offering", + "x-ms-discriminator-value": "DefenderForServersAws", + "allOf": [ + { + "$ref": "#/definitions/cloudOffering" + } + ], + "properties": { + "defenderForServers": { + "type": "object", + "description": "The Defender for servers connection configuration", + "properties": { + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS for this feature" + } + } + }, + "arcAutoProvisioning": { + "type": "object", + "description": "The ARC autoprovisioning configuration", + "allOf": [ + { + "$ref": "#/definitions/arcAutoProvisioningAws" + } + ], + "properties": {} + }, + "vaAutoProvisioning": { + "type": "object", + "description": "The Vulnerability Assessment autoprovisioning configuration", + "properties": { + "enabled": { + "type": "boolean", + "description": "Is Vulnerability Assessment auto provisioning enabled" + }, + "configuration": { + "type": "object", + "description": "configuration for Vulnerability Assessment autoprovisioning", + "properties": { + "type": { + "type": "string", + "description": "The Vulnerability Assessment solution to be provisioned. Can be either 'TVM' or 'Qualys'", + "enum": [ + "Qualys", + "TVM" + ], + "x-ms-enum": { + "name": "type", + "modelAsString": true + } + } + } + } + } + }, + "mdeAutoProvisioning": { + "type": "object", + "description": "The Microsoft Defender for Endpoint autoprovisioning configuration", + "properties": { + "enabled": { + "type": "boolean", + "description": "Is Microsoft Defender for Endpoint auto provisioning enabled" + }, + "configuration": { + "type": "object", + "description": "configuration for Microsoft Defender for Endpoint autoprovisioning", + "properties": {} + } + } + }, + "subPlan": { + "type": "object", + "description": "configuration for the servers offering subPlan", + "properties": { + "type": { + "type": "string", + "description": "The available sub plans", + "enum": [ + "P1", + "P2" + ], + "x-ms-enum": { + "name": "subPlan", + "modelAsString": true + } + } + } + }, + "vmScanners": { + "type": "object", + "description": "The Microsoft Defender for Server VM scanning configuration", + "allOf": [ + { + "$ref": "#/definitions/vmScannersAws" + } + ], + "properties": {} + } + } + }, + "defenderFoDatabasesAwsOffering": { + "type": "object", + "description": "The Defender for Databases AWS offering", + "x-ms-discriminator-value": "DefenderForDatabasesAws", + "allOf": [ + { + "$ref": "#/definitions/cloudOffering" + } + ], + "properties": { + "arcAutoProvisioning": { + "type": "object", + "description": "The ARC autoprovisioning configuration", + "allOf": [ + { + "$ref": "#/definitions/arcAutoProvisioningAws" + } + ], + "properties": {} + }, + "rds": { + "type": "object", + "description": "The RDS configuration", + "properties": { + "enabled": { + "type": "boolean", + "description": "Is RDS protection enabled" + }, + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS for this feature" + } + } + }, + "databasesDspm": { + "type": "object", + "description": "The databases data security posture management (DSPM) configuration", + "properties": { + "enabled": { + "type": "boolean", + "description": "Is databases data security posture management (DSPM) protection enabled" + }, + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS for this feature" + } + } + } + } + }, + "cspmMonitorGcpOffering": { + "type": "object", + "description": "The CSPM monitoring for GCP offering", + "x-ms-discriminator-value": "CspmMonitorGcp", + "allOf": [ + { + "$ref": "#/definitions/cloudOffering" + } + ], + "properties": { + "nativeCloudConnection": { + "type": "object", + "description": "The native cloud connection configuration", + "properties": { + "workloadIdentityProviderId": { + "type": "string", + "description": "The GCP workload identity provider id for the offering" + }, + "serviceAccountEmailAddress": { + "type": "string", + "description": "The service account email address in GCP for this offering" + } + } + } + } + }, + "defenderForServersGcpOffering": { + "type": "object", + "description": "The Defender for Servers GCP offering configurations", + "x-ms-discriminator-value": "DefenderForServersGcp", + "allOf": [ + { + "$ref": "#/definitions/cloudOffering" + } + ], + "properties": { + "defenderForServers": { + "type": "object", + "description": "The Defender for servers connection configuration", + "properties": { + "workloadIdentityProviderId": { + "type": "string", + "description": "The workload identity provider id in GCP for this feature" + }, + "serviceAccountEmailAddress": { + "type": "string", + "description": "The service account email address in GCP for this feature" + } + } + }, + "arcAutoProvisioning": { + "type": "object", + "description": "The ARC autoprovisioning configuration", + "allOf": [ + { + "$ref": "#/definitions/arcAutoProvisioningGcp" + } + ], + "properties": {} + }, + "vaAutoProvisioning": { + "type": "object", + "description": "The Vulnerability Assessment autoprovisioning configuration", + "properties": { + "enabled": { + "type": "boolean", + "description": "Is Vulnerability Assessment auto provisioning enabled" + }, + "configuration": { + "type": "object", + "description": "configuration for Vulnerability Assessment autoprovisioning", + "properties": { + "type": { + "type": "string", + "description": "The Vulnerability Assessment solution to be provisioned. Can be either 'TVM' or 'Qualys'", + "enum": [ + "Qualys", + "TVM" + ], + "x-ms-enum": { + "name": "type", + "modelAsString": true + } + } + } + } + } + }, + "mdeAutoProvisioning": { + "type": "object", + "description": "The Microsoft Defender for Endpoint autoprovisioning configuration", + "properties": { + "enabled": { + "type": "boolean", + "description": "Is Microsoft Defender for Endpoint auto provisioning enabled" + }, + "configuration": { + "type": "object", + "description": "configuration for Microsoft Defender for Endpoint autoprovisioning", + "properties": {} + } + } + }, + "subPlan": { + "type": "object", + "description": "configuration for the servers offering subPlan", + "properties": { + "type": { + "type": "string", + "description": "The available sub plans", + "enum": [ + "P1", + "P2" + ], + "x-ms-enum": { + "name": "subPlan", + "modelAsString": true + } + } + } + }, + "vmScanners": { + "type": "object", + "description": "The Microsoft Defender for Server VM scanning configuration", + "allOf": [ + { + "$ref": "#/definitions/vmScannersGcp" + } + ], + "properties": {} + } + } + }, + "defenderForDatabasesGcpOffering": { + "type": "object", + "description": "The Defender for Databases GCP offering configurations", + "x-ms-discriminator-value": "DefenderForDatabasesGcp", + "allOf": [ + { + "$ref": "#/definitions/cloudOffering" + } + ], + "properties": { + "arcAutoProvisioning": { + "type": "object", + "description": "The ARC autoprovisioning configuration", + "allOf": [ + { + "$ref": "#/definitions/arcAutoProvisioningGcp" + } + ], + "properties": {} + }, + "defenderForDatabasesArcAutoProvisioning": { + "type": "object", + "description": "The native cloud connection configuration", + "properties": { + "serviceAccountEmailAddress": { + "type": "string", + "description": "The service account email address in GCP for this offering" + }, + "workloadIdentityProviderId": { + "type": "string", + "description": "The GCP workload identity provider id for this offering" + } + } + } + } + }, + "defenderForContainersGcpOffering": { + "type": "object", + "description": "The containers GCP offering", + "x-ms-discriminator-value": "DefenderForContainersGcp", + "allOf": [ + { + "$ref": "#/definitions/cloudOffering" + } + ], + "properties": { + "nativeCloudConnection": { + "type": "object", + "description": "The native cloud connection configuration", + "properties": { + "serviceAccountEmailAddress": { + "type": "string", + "description": "The service account email address in GCP for this offering" + }, + "workloadIdentityProviderId": { + "type": "string", + "description": "The GCP workload identity provider id for this offering" + } + } + }, + "dataPipelineNativeCloudConnection": { + "type": "object", + "description": "The native cloud connection configuration", + "properties": { + "serviceAccountEmailAddress": { + "type": "string", + "description": "The data collection service account email address in GCP for this offering" + }, + "workloadIdentityProviderId": { + "type": "string", + "description": "The data collection GCP workload identity provider id for this offering" + } + } + }, + "securityGatingEnabled": { + "type": "boolean", + "description": "Is security gating enabled" + }, + "containerAntiMalwareEnabled": { + "type": "boolean", + "description": "Is defender anti-malware enabled" + }, + "enableAuditLogsAutoProvisioning": { + "type": "boolean", + "description": "Is audit logs data collection enabled" + }, + "enableDefenderAgentAutoProvisioning": { + "type": "boolean", + "description": "Is Microsoft Defender for Cloud Kubernetes agent auto provisioning enabled" + }, + "enablePolicyAgentAutoProvisioning": { + "type": "boolean", + "description": "Is Policy Kubernetes agent auto provisioning enabled" + }, + "mdcContainersImageAssessment": { + "type": "object", + "description": "The Microsoft Defender Container image assessment configuration", + "properties": { + "enabled": { + "type": "boolean", + "description": "Is Microsoft Defender container image assessment enabled" + }, + "workloadIdentityProviderId": { + "type": "string", + "description": "The workload identity provider id in GCP for this feature" + }, + "serviceAccountEmailAddress": { + "type": "string", + "description": "The service account email address in GCP for this feature" + }, + "securityGatingEnabled": { + "type": "boolean", + "description": "Is security findings enabled for container image assessment" + } + } + }, + "mdcContainersAgentlessDiscoveryK8s": { + "type": "object", + "description": "The Microsoft Defender Container agentless discovery configuration", + "properties": { + "enabled": { + "type": "boolean", + "description": "Is Microsoft Defender container agentless discovery enabled" + }, + "workloadIdentityProviderId": { + "type": "string", + "description": "The workload identity provider id in GCP for this feature" + }, + "serviceAccountEmailAddress": { + "type": "string", + "description": "The service account email address in GCP for this feature" + } + } + }, + "vmScanners": { + "type": "object", + "description": "The Microsoft Defender for Container K8s VM host scanning configuration", + "allOf": [ + { + "$ref": "#/definitions/vmScannersGcp" + } + ], + "properties": {} + } + } + }, + "cspmMonitorGithubOffering": { + "type": "object", + "description": "The CSPM monitoring for github offering", + "x-ms-discriminator-value": "CspmMonitorGithub", + "allOf": [ + { + "$ref": "#/definitions/cloudOffering" + } + ], + "properties": {} + }, + "cspmMonitorAzureDevOpsOffering": { + "type": "object", + "description": "The CSPM monitoring for AzureDevOps offering", + "x-ms-discriminator-value": "CspmMonitorAzureDevOps", + "allOf": [ + { + "$ref": "#/definitions/cloudOffering" + } + ], + "properties": {} + }, + "defenderCspmAwsOffering": { + "type": "object", + "description": "The CSPM P1 for AWS offering", + "x-ms-discriminator-value": "DefenderCspmAws", + "allOf": [ + { + "$ref": "#/definitions/cloudOffering" + } + ], + "properties": { + "vmScanners": { + "type": "object", + "description": "The Microsoft Defender for CSPM offering VM scanning configuration", + "allOf": [ + { + "$ref": "#/definitions/vmScannersAws" + } + ], + "properties": {} + }, + "dataSensitivityDiscovery": { + "type": "object", + "description": "The Microsoft Defender Data Sensitivity discovery configuration", + "properties": { + "enabled": { + "type": "boolean", + "description": "Is Microsoft Defender Data Sensitivity discovery enabled" + }, + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS for this feature" + } + } + }, + "databasesDspm": { + "type": "object", + "description": "The databases DSPM configuration", + "properties": { + "enabled": { + "type": "boolean", + "description": "Is databases DSPM protection enabled" + }, + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS for this feature" + } + } + }, + "ciem": { + "type": "object", + "description": "Defenders CSPM Permissions Management offering configurations", + "properties": { + "ciemDiscovery": { + "type": "object", + "description": "Defender CSPM Permissions Management discovery configuration", + "properties": { + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS for Permissions Management discovery" + } + } + }, + "ciemOidc": { + "type": "object", + "description": "AWS Defender CSPM Permissions Management OIDC (open id connect) connection configurations", + "properties": { + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS for Permissions Management used for oidc connection" + }, + "azureActiveDirectoryAppName": { + "type": "string", + "description": "the azure active directory app name used of authenticating against AWS" + } + } + } + } + }, + "mdcContainersImageAssessment": { + "type": "object", + "description": "The Microsoft Defender container image assessment configuration", + "properties": { + "enabled": { + "type": "boolean", + "description": "Is Microsoft Defender container image assessment enabled" + }, + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS for this feature" + } + } + }, + "mdcContainersAgentlessDiscoveryK8s": { + "type": "object", + "description": "The Microsoft Defender container agentless discovery K8s configuration", + "properties": { + "enabled": { + "type": "boolean", + "description": "Is Microsoft Defender container agentless discovery K8s enabled" + }, + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS for this feature" + } + } + } + } + }, + "defenderCspmGcpOffering": { + "type": "object", + "description": "The CSPM P1 for GCP offering", + "x-ms-discriminator-value": "DefenderCspmGcp", + "allOf": [ + { + "$ref": "#/definitions/cloudOffering" + } + ], + "properties": { + "ciemDiscovery": { + "type": "object", + "description": "GCP Defenders CSPM Permissions Management OIDC (Open ID connect) connection configurations", + "properties": { + "workloadIdentityProviderId": { + "type": "string", + "description": "The GCP workload identity provider id for Permissions Management offering" + }, + "serviceAccountEmailAddress": { + "type": "string", + "description": "The service account email address in GCP for Permissions Management offering" + }, + "azureActiveDirectoryAppName": { + "type": "string", + "description": "the azure active directory app name used of authenticating against GCP workload identity federation" + } + } + }, + "vmScanners": { + "type": "object", + "description": "The Microsoft Defender for CSPM VM scanning configuration", + "allOf": [ + { + "$ref": "#/definitions/vmScannersGcp" + } + ], + "properties": {} + }, + "dataSensitivityDiscovery": { + "type": "object", + "description": "The Microsoft Defender Data Sensitivity discovery configuration", + "properties": { + "enabled": { + "type": "boolean", + "description": "Is Microsoft Defender Data Sensitivity discovery enabled" + }, + "workloadIdentityProviderId": { + "type": "string", + "description": "The workload identity provider id in GCP for this feature" + }, + "serviceAccountEmailAddress": { + "type": "string", + "description": "The service account email address in GCP for this feature" + } + } + }, + "mdcContainersImageAssessment": { + "type": "object", + "description": "The Microsoft Defender Container image assessment configuration", + "properties": { + "enabled": { + "type": "boolean", + "description": "Is Microsoft Defender container image assessment enabled" + }, + "workloadIdentityProviderId": { + "type": "string", + "description": "The workload identity provider id in GCP for this feature" + }, + "serviceAccountEmailAddress": { + "type": "string", + "description": "The service account email address in GCP for this feature" + } + } + }, + "mdcContainersAgentlessDiscoveryK8s": { + "type": "object", + "description": "The Microsoft Defender Container agentless discovery configuration", + "properties": { + "enabled": { + "type": "boolean", + "description": "Is Microsoft Defender container agentless discovery enabled" + }, + "workloadIdentityProviderId": { + "type": "string", + "description": "The workload identity provider id in GCP for this feature" + }, + "serviceAccountEmailAddress": { + "type": "string", + "description": "The service account email address in GCP for this feature" + } + } + } + } + }, + "cspmMonitorGitLabOffering": { + "type": "object", + "description": "The CSPM (Cloud security posture management) monitoring for gitlab offering", + "x-ms-discriminator-value": "CspmMonitorGitLab", + "allOf": [ + { + "$ref": "#/definitions/cloudOffering" + } + ], + "properties": {} + }, + "cspmMonitorDockerHubOffering": { + "type": "object", + "description": "The CSPM (Cloud security posture management) monitoring for Docker Hub offering", + "x-ms-discriminator-value": "CspmMonitorDockerHub", + "allOf": [ + { + "$ref": "#/definitions/cloudOffering" + } + ], + "properties": {} + }, + "defenderForContainersDockerHubOffering": { + "type": "object", + "description": "The Defender for containers Docker Hub offering configurations", + "x-ms-discriminator-value": "DefenderForContainersDockerHub", + "allOf": [ + { + "$ref": "#/definitions/cloudOffering" + } + ], + "properties": {} + }, + "defenderCspmDockerHubOffering": { + "type": "object", + "description": "The Defender for CSPM Docker Hub offering configurations", + "x-ms-discriminator-value": "DefenderCspmDockerHub", + "allOf": [ + { + "$ref": "#/definitions/cloudOffering" + } + ], + "properties": {} + }, + "cspmMonitorJFrogOffering": { + "type": "object", + "description": "The CSPM (Cloud security posture management) monitoring for JFrog Artifactory offering", + "x-ms-discriminator-value": "CspmMonitorJFrog", + "allOf": [ + { + "$ref": "#/definitions/cloudOffering" + } + ] + }, + "defenderForContainersJFrogOffering": { + "type": "object", + "description": "The Defender for Containers for JFrog Artifactory offering", + "x-ms-discriminator-value": "DefenderForContainersJFrog", + "allOf": [ + { + "$ref": "#/definitions/cloudOffering" + } + ] + }, + "defenderCspmJFrogOffering": { + "type": "object", + "description": "The CSPM P1 for JFrog Artifactory offering", + "x-ms-discriminator-value": "DefenderCspmJFrog", + "allOf": [ + { + "$ref": "#/definitions/cloudOffering" + } + ], + "properties": { + "mdcContainersImageAssessment": { + "type": "object", + "description": "The Microsoft Defender Container image assessment configuration", + "properties": { + "enabled": { + "type": "boolean", + "description": "Is Microsoft Defender container image assessment enabled" + } + } + } + } + }, + "vmScannersBase": { + "type": "object", + "description": "A VM scanning configuration for a security offering of a given environment", + "properties": { + "enabled": { + "type": "boolean", + "description": "Is VM scanning enabled" + }, + "configuration": { + "type": "object", + "description": "Configuration for VM scanning", + "properties": { + "scanningMode": { + "type": "string", + "description": "The scanning mode for the VM scan.", + "enum": [ + "Default" + ], + "x-ms-enum": { + "name": "scanningMode", + "modelAsString": true + } + }, + "exclusionTags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Tags that indicates that a resource should not be scanned" + } + } + } + } + }, + "vmScannersGcp": { + "type": "object", + "description": "A VM scanning configuration for a security offering of a GCP environment", + "properties": {}, + "allOf": [ + { + "$ref": "#/definitions/vmScannersBase" + } + ] + }, + "vmScannersAws": { + "type": "object", + "description": "A VM scanning configuration for a security offering of a Aws environment", + "properties": { + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS for this feature" + } + }, + "allOf": [ + { + "$ref": "#/definitions/vmScannersBase" + } + ] + }, + "arcAutoProvisioning": { + "type": "object", + "description": "The ARC autoprovisioning configuration", + "properties": { + "enabled": { + "type": "boolean", + "description": "Is arc auto provisioning enabled" + }, + "configuration": { + "type": "object", + "description": "Configuration for servers Arc auto provisioning for a given environment", + "properties": { + "proxy": { + "type": "string", + "description": "Optional HTTP proxy endpoint to use for the Arc agent" + }, + "privateLinkScope": { + "type": "string", + "description": "Optional Arc private link scope resource id to link the Arc agent" + } + } + } + } + }, + "arcAutoProvisioningGcp": { + "type": "object", + "description": "The ARC autoprovisioning configuration for an GCP environment", + "properties": {}, + "allOf": [ + { + "$ref": "#/definitions/arcAutoProvisioning" + } + ] + }, + "arcAutoProvisioningAws": { + "type": "object", + "description": "The ARC autoprovisioning configuration for an AWS environment", + "properties": { + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS for this feature" + } + }, + "allOf": [ + { + "$ref": "#/definitions/arcAutoProvisioning" + } + ] + } + }, + "parameters": { + "securityConnectorName": { + "name": "securityConnectorName", + "in": "path", + "required": true, + "type": "string", + "description": "The security connector name.", + "x-ms-parameter-location": "method" + }, + "securityConnectorInBody": { + "name": "securityConnector", + "in": "body", + "required": true, + "description": "The security connector resource", + "schema": { + "$ref": "#/definitions/SecurityConnector" + }, + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/Security/readme.md b/specification/security/resource-manager/Microsoft.Security/Security/readme.md index 0e3111c8c6d9..6ed0e91d8660 100644 --- a/specification/security/resource-manager/Microsoft.Security/Security/readme.md +++ b/specification/security/resource-manager/Microsoft.Security/Security/readme.md @@ -77,18 +77,18 @@ suppressions: - code: GetCollectionOnlyHasValueAndNextLink from: Microsoft.Security\stable\2024-01-01\pricings.json reason: The collections is limited to 13 items maximum. No need for paging. Also old versions did not have these fields as well. + - code: AvoidAdditionalProperties + from: Microsoft.Security\preview\2026-01-01-preview\securityConnectors.json + reason: This is a property used across all API versions. changing it would be a breaking change, and is required for + - code: UnSupportedPatchProperties + from: Microsoft.Security\preview\2026-01-01-preview\securityConnectors.json + reason: Patch uses a complex composable object model which cannot be easily split. it will be addressed in a future PR, as this occurs in previous API versions as well. - code: ResourceNameRestriction - from: Microsoft.Security\preview\2024-03-01\securityConnectors.json + from: Microsoft.Security\preview\2026-01-01-preview\securityConnectors.json reason: Old versions do not have pattern as well, and if I add a pattern to this version, I get another error about breaking the last version's pattern. - code: PatchBodyParametersSchema - from: Microsoft.Security\preview\2024-03-01\securityConnectors.json - reason: Patch uses a complex composable object model which cannot be easily split. it will be addressed in a future PR, as this occurs in previous API versions as well. - - code: UnSupportedPatchProperties - from: Microsoft.Security\preview\2024-03-01\securityConnectors.json + from: Microsoft.Security\preview\2026-01-01-preview\securityConnectors.json reason: Patch uses a complex composable object model which cannot be easily split. it will be addressed in a future PR, as this occurs in previous API versions as well. - - code: AvoidAdditionalProperties - from: Microsoft.Security\preview\2024-03-01\securityConnectors.json - reason: This is a property used across all API versions. changing it would be a breaking change, and is required for ``` ### Basic Information @@ -106,6 +106,14 @@ tag: package-composite-v3 The following packages may be composed from multiple api-versions. +### Tag: package-preview-2026-01-01-preview +These settings apply only when `--tag=package-preview-2026-01-01-preview` is specified on the command line. + +```yaml $(tag) == 'package-preview-2026-01-01-preview' +input-file: + - preview/2026-01-01-preview/securityConnectors.json +``` + ### Tag: package-2026-01 These settings apply only when `--tag=package-2026-01` is specified on the command line. @@ -657,7 +665,7 @@ input-file: - preview/2023-05-01-preview/healthReports.json - preview/2023-12-01-preview/automations.json - preview/2023-12-01-preview/securityContacts.json -- preview/2024-08-01-preview/securityConnectors.json +- preview/2026-01-01-preview/securityConnectors.json - preview/2025-05-04-preview/assessmentMetadata.json - preview/2025-05-04-preview/assessments.json - preview/2025-09-01-preview/defenderForStorageSettings.json diff --git a/specification/security/resource-manager/Microsoft.Security/Security/suppressions.yaml b/specification/security/resource-manager/Microsoft.Security/Security/suppressions.yaml index 863df9532fcf..b951b91bfe87 100644 --- a/specification/security/resource-manager/Microsoft.Security/Security/suppressions.yaml +++ b/specification/security/resource-manager/Microsoft.Security/Security/suppressions.yaml @@ -105,6 +105,9 @@ - tool: TypeSpecRequirement path: ./preview/2025-11-01-preview/*.json reason: Brownfield service not ready to migrate +- tool: TypeSpecRequirement + path: ./preview/2026-01-01-preview/*.json + reason: Brownfield service not ready to migrate # Stable versions - tool: TypeSpecRequirement path: ./stable/2017-08-01/*.json