From 5e66be9bba64b2b337e79273326b1758dbedb893 Mon Sep 17 00:00:00 2001 From: "FAREAST\\boxi" Date: Thu, 1 Nov 2018 11:33:06 +0800 Subject: [PATCH 1/2] Add sensitive fields extracted from connection string in swagger for akv reference --- .../2018-06-01/entityTypes/LinkedService.json | 72 +++++++++++++++++++ 1 file changed, 72 insertions(+) diff --git a/specification/datafactory/resource-manager/Microsoft.DataFactory/stable/2018-06-01/entityTypes/LinkedService.json b/specification/datafactory/resource-manager/Microsoft.DataFactory/stable/2018-06-01/entityTypes/LinkedService.json index b893ab4f12a0..74b877547205 100644 --- a/specification/datafactory/resource-manager/Microsoft.DataFactory/stable/2018-06-01/entityTypes/LinkedService.json +++ b/specification/datafactory/resource-manager/Microsoft.DataFactory/stable/2018-06-01/entityTypes/LinkedService.json @@ -109,10 +109,18 @@ "description": "The connection string. It is mutually exclusive with sasUri property. Type: string, SecureString or AzureKeyVaultSecretReference.", "type": "object" }, + "accountKey": { + "$ref": "../datafactory.json#/definitions/AzureKeyVaultSecretReference", + "description": "The Azure key vault secret reference of accountKey in connection string." + }, "sasUri": { "description": "SAS URI of the Azure Storage resource. It is mutually exclusive with connectionString property.", "$ref": "../datafactory.json#/definitions/SecretBase" }, + "sasToken": { + "$ref": "../datafactory.json#/definitions/AzureKeyVaultSecretReference", + "description": "The Azure key vault secret reference of sasToken in sas uri." + }, "encryptedCredential": { "type": "string", "description": "The encrypted credential used for authentication. Credentials are encrypted using the integration runtime credential manager. Type: string (or Expression with resultType string)." @@ -126,10 +134,18 @@ "type": "object", "description": "The connection string. It is mutually exclusive with sasUri, serviceEndpoint property. Type: string, SecureString or AzureKeyVaultSecretReference." }, + "accountKey": { + "$ref": "../datafactory.json#/definitions/AzureKeyVaultSecretReference", + "description": "The Azure key vault secret reference of accountKey in connection string." + }, "sasUri": { "description": "SAS URI of the Azure Blob Storage resource. It is mutually exclusive with connectionString, serviceEndpoint property.", "$ref": "../datafactory.json#/definitions/SecretBase" }, + "sasToken": { + "$ref": "../datafactory.json#/definitions/AzureKeyVaultSecretReference", + "description": "The Azure key vault secret reference of sasToken in sas uri." + }, "serviceEndpoint": { "type": "string", "description": "Blob service endpoint of the Azure Blob Storage resource. It is mutually exclusive with connectionString, sasUri property." @@ -179,6 +195,10 @@ "description": "The connection string. Type: string, SecureString or AzureKeyVaultSecretReference. Type: string, SecureString or AzureKeyVaultSecretReference.", "type": "object" }, + "password": { + "$ref": "../datafactory.json#/definitions/AzureKeyVaultSecretReference", + "description": "The Azure key vault secret reference of password in connection string." + }, "servicePrincipalId": { "type": "object", "description": "The ID of the service principal used to authenticate against Azure SQL Data Warehouse. Type: string (or Expression with resultType string)." @@ -271,6 +291,10 @@ "description": "The connection string. Type: string, SecureString or AzureKeyVaultSecretReference.", "type": "object" }, + "password": { + "$ref": "../datafactory.json#/definitions/AzureKeyVaultSecretReference", + "description": "The Azure key vault secret reference of password in connection string." + }, "servicePrincipalId": { "type": "object", "description": "The ID of the service principal used to authenticate against Azure SQL Database. Type: string (or Expression with resultType string)." @@ -406,6 +430,10 @@ "description": "The connection string. Type: string, SecureString or AzureKeyVaultSecretReference.", "type": "object" }, + "accountKey": { + "$ref": "../datafactory.json#/definitions/AzureKeyVaultSecretReference", + "description": "The Azure key vault secret reference of accountKey in connection string." + }, "encryptedCredential": { "type": "object", "description": "The encrypted credential used for authentication. Credentials are encrypted using the integration runtime credential manager. Type: string (or Expression with resultType string)." @@ -620,6 +648,10 @@ "description": "The connection string. Type: string, SecureString or AzureKeyVaultSecretReference.", "type": "object" }, + "password": { + "$ref": "../datafactory.json#/definitions/AzureKeyVaultSecretReference", + "description": "The Azure key vault secret reference of password in connection string." + }, "encryptedCredential": { "type": "object", "description": "The encrypted credential used for authentication. Credentials are encrypted using the integration runtime credential manager. Type: string (or Expression with resultType string)." @@ -656,6 +688,10 @@ "description": "The connection string. Type: string, SecureString or AzureKeyVaultSecretReference.", "type": "object" }, + "password": { + "$ref": "../datafactory.json#/definitions/AzureKeyVaultSecretReference", + "description": "The Azure key vault secret reference of password in connection string." + }, "encryptedCredential": { "type": "object", "description": "The encrypted credential used for authentication. Credentials are encrypted using the integration runtime credential manager. Type: string (or Expression with resultType string)." @@ -692,6 +728,10 @@ "description": "The connection string.", "$ref": "../datafactory.json#/definitions/SecretBase" }, + "password": { + "$ref": "../datafactory.json#/definitions/AzureKeyVaultSecretReference", + "description": "The Azure key vault secret reference of password in connection string." + }, "encryptedCredential": { "type": "object", "description": "The encrypted credential used for authentication. Credentials are encrypted using the integration runtime credential manager. Type: string (or Expression with resultType string)." @@ -728,6 +768,10 @@ "description": "The connection string.", "$ref": "../datafactory.json#/definitions/SecretBase" }, + "password": { + "$ref": "../datafactory.json#/definitions/AzureKeyVaultSecretReference", + "description": "The Azure key vault secret reference of password in connection string." + }, "encryptedCredential": { "type": "object", "description": "The encrypted credential used for authentication. Credentials are encrypted using the integration runtime credential manager. Type: string (or Expression with resultType string)." @@ -2132,6 +2176,10 @@ "description": "An ODBC connection string. Type: string, SecureString or AzureKeyVaultSecretReference.", "type": "object" }, + "password": { + "$ref": "../datafactory.json#/definitions/AzureKeyVaultSecretReference", + "description": "The Azure key vault secret reference of password in connection string." + }, "encryptedCredential": { "description": "The encrypted credential used for authentication. Credentials are encrypted using the integration runtime credential manager. Type: string (or Expression with resultType string).", "type": "object" @@ -2222,6 +2270,10 @@ "description": "An ODBC connection string. Type: string, SecureString or AzureKeyVaultSecretReference.", "type": "object" }, + "credString": { + "$ref": "../datafactory.json#/definitions/AzureKeyVaultSecretReference", + "description": "The Azure key vault secret reference of credString in connection string." + }, "encryptedCredential": { "description": "The encrypted credential used for authentication. Credentials are encrypted using the integration runtime credential manager. Type: string (or Expression with resultType string).", "type": "object" @@ -2255,6 +2307,10 @@ "description": "An ODBC connection string. Type: string, SecureString or AzureKeyVaultSecretReference.", "type": "object" }, + "pwd": { + "$ref": "../datafactory.json#/definitions/AzureKeyVaultSecretReference", + "description": "The Azure key vault secret reference of password in connection string." + }, "encryptedCredential": { "description": "The encrypted credential used for authentication. Credentials are encrypted using the integration runtime credential manager. Type: string (or Expression with resultType string).", "type": "object" @@ -2430,6 +2486,10 @@ "description": "An ODBC connection string. Type: string, SecureString or AzureKeyVaultSecretReference.", "type": "object" }, + "pwd": { + "$ref": "../datafactory.json#/definitions/AzureKeyVaultSecretReference", + "description": "The Azure key vault secret reference of password in connection string." + }, "encryptedCredential": { "description": "The encrypted credential used for authentication. Credentials are encrypted using the integration runtime credential manager. Type: string (or Expression with resultType string).", "type": "object" @@ -2924,6 +2984,10 @@ "description": "An ODBC connection string. Type: string, SecureString or AzureKeyVaultSecretReference.", "type": "object" }, + "pwd": { + "$ref": "../datafactory.json#/definitions/AzureKeyVaultSecretReference", + "description": "The Azure key vault secret reference of password in connection string." + }, "encryptedCredential": { "description": "The encrypted credential used for authentication. Credentials are encrypted using the integration runtime credential manager. Type: string (or Expression with resultType string).", "type": "object" @@ -3730,6 +3794,10 @@ "description": "An ODBC connection string. Type: string, SecureString or AzureKeyVaultSecretReference.", "type": "object" }, + "pwd": { + "$ref": "../datafactory.json#/definitions/AzureKeyVaultSecretReference", + "description": "The Azure key vault secret reference of password in connection string." + }, "encryptedCredential": { "description": "The encrypted credential used for authentication. Credentials are encrypted using the integration runtime credential manager. Type: string (or Expression with resultType string).", "type": "object" @@ -3763,6 +3831,10 @@ "description": "An ODBC connection string. Type: string, SecureString or AzureKeyVaultSecretReference.", "type": "object" }, + "pwd": { + "$ref": "../datafactory.json#/definitions/AzureKeyVaultSecretReference", + "description": "The Azure key vault secret reference of password in connection string." + }, "encryptedCredential": { "description": "The encrypted credential used for authentication. Credentials are encrypted using the integration runtime credential manager. Type: string (or Expression with resultType string).", "type": "object" From f0f730dbcd8cc298ba9332b3e607b9a0e7a2d665 Mon Sep 17 00:00:00 2001 From: "FAREAST\\boxi" Date: Fri, 2 Nov 2018 15:40:55 +0800 Subject: [PATCH 2/2] Change sasUri type to object as it supports string, SecureString and AzureKeyVaultSecretReference, same with connection string. --- .../stable/2018-06-01/entityTypes/LinkedService.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/specification/datafactory/resource-manager/Microsoft.DataFactory/stable/2018-06-01/entityTypes/LinkedService.json b/specification/datafactory/resource-manager/Microsoft.DataFactory/stable/2018-06-01/entityTypes/LinkedService.json index 74b877547205..224334b3370e 100644 --- a/specification/datafactory/resource-manager/Microsoft.DataFactory/stable/2018-06-01/entityTypes/LinkedService.json +++ b/specification/datafactory/resource-manager/Microsoft.DataFactory/stable/2018-06-01/entityTypes/LinkedService.json @@ -114,8 +114,8 @@ "description": "The Azure key vault secret reference of accountKey in connection string." }, "sasUri": { - "description": "SAS URI of the Azure Storage resource. It is mutually exclusive with connectionString property.", - "$ref": "../datafactory.json#/definitions/SecretBase" + "description": "SAS URI of the Azure Storage resource. It is mutually exclusive with connectionString property. Type: string, SecureString or AzureKeyVaultSecretReference.", + "type": "object" }, "sasToken": { "$ref": "../datafactory.json#/definitions/AzureKeyVaultSecretReference", @@ -139,8 +139,8 @@ "description": "The Azure key vault secret reference of accountKey in connection string." }, "sasUri": { - "description": "SAS URI of the Azure Blob Storage resource. It is mutually exclusive with connectionString, serviceEndpoint property.", - "$ref": "../datafactory.json#/definitions/SecretBase" + "description": "SAS URI of the Azure Blob Storage resource. It is mutually exclusive with connectionString, serviceEndpoint property. Type: string, SecureString or AzureKeyVaultSecretReference.", + "type": "object" }, "sasToken": { "$ref": "../datafactory.json#/definitions/AzureKeyVaultSecretReference",