diff --git a/custom-words.txt b/custom-words.txt index 563283df46c7..ce746112a834 100644 --- a/custom-words.txt +++ b/custom-words.txt @@ -1,4 +1,4 @@ -AADDS +AADDS aadiam abcxyz ABFS @@ -198,6 +198,7 @@ browsable bruceper Bsaling BYOC +BYOK BYOL BYOS bzip @@ -1103,6 +1104,7 @@ retargeted retargeting Retriable Retryable +Revalidates Revertable REVOKEACE rgname diff --git a/specification/sql/resource-manager/Microsoft.Sql/preview/2015-05-01-preview/encryptionProtectors.json b/specification/sql/resource-manager/Microsoft.Sql/preview/2015-05-01-preview/encryptionProtectors.json index ec376c42b9d8..673df291e8d9 100644 --- a/specification/sql/resource-manager/Microsoft.Sql/preview/2015-05-01-preview/encryptionProtectors.json +++ b/specification/sql/resource-manager/Microsoft.Sql/preview/2015-05-01-preview/encryptionProtectors.json @@ -16,6 +16,60 @@ "application/json" ], "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/encryptionProtector/{encryptionProtectorName}/revalidate": { + "post": { + "tags": [ + "EncryptionProtectors" + ], + "description": "Revalidates an existing encryption protector.", + "operationId": "EncryptionProtectors_Revalidate", + "parameters": [ + { + "$ref": "#/parameters/ResourceGroupParameter" + }, + { + "$ref": "#/parameters/ServerNameParameter" + }, + { + "name": "encryptionProtectorName", + "in": "path", + "description": "The name of the encryption protector to be updated.", + "required": true, + "type": "string", + "enum": [ + "current" + ], + "x-ms-enum": { + "name": "EncryptionProtectorName", + "modelAsString": true + } + }, + { + "$ref": "#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "Successfully revalidated the encryption protector." + }, + "default": { + "description": "*** Error Responses: ***\n\n * 400 InvalidKeyName - An invalid value was given for the server key name.\n\n * 400 InvalidKeyType - The create server key type is not supported.\n\n * 400 InvalidUpsertKeyType - Service Managed type keys are managed by Azure SQL. This key type does not support create or update by the user.\n\n * 400 InvalidKeyUpsertRequest - The create server key request does not exist or has no properties object.\n\n * 400 InvalidEncryptionProtectorName - The encryption protector key name is not supported.\n\n * 400 SecurityAzureKeyVaultGeoChainError - Creating secondary of secondary (a process known as chaining) is not supported when enabling Transparent Data Encryption using Azure Key Vault (BYOK).\n\n * 400 AzureKeyVaultInvalidExpirationDate - The operation could not be completed because the Azure Key Vault key expiration date is invalid.\n\n * 400 SecurityAzureKeyVaultUrlNullOrEmpty - The operation could not be completed because the Azure Key Vault Uri is null or empty.\n\n * 400 AzureKeyVaultInvalidUri - An invalid response from Azure Key Vault. Please use a valid Azure Key Vault URI.\n\n * 400 SecurityAzureKeyVaultInvalidKeyName - The operation could not be completed because of an invalid Server Key name.\n\n * 400 AzureKeyVaultMalformedVaultUri - The provided Key Vault uri is not valid.\n\n * 400 SecurityAdalPrincipalCertExpiredError - The operation could not be completed because the Azure Key Vault principal certificate has expired.\n\n * 400 SecurityInvalidAzureKeyVaultRecoveryLevel - The provided Key Vault uri is not valid.\n\n * 400 KeyMaterialNotFoundOnRemoteServer - Remote server does not have access to key material used as a TDE protector.\n\n * 400 AzureKeyVaultMismatchError - Unexpected Key Vault region found in the http response.\n\n * 400 AzureKeyVaultRsaKeyNotSupported - The provided key vault uses unsupported RSA Key Size or Key Type. The supported RSA key size is 2048 and Key Type is RSA.\n\n * 401 AzureKeyVaultKeyDisabled - The operation could not be completed on the server because the Azure Key Vault key is disabled.\n\n * 401 AzureKeyVaultNoServerIdentity - The server identity is not correctly configured.\n\n * 401 AzureKeyVaultMissingPermissions - The server is missing required permissions on the Azure Key Vault. \n\n * 401 AdalGenericError - The operation could not be completed because an Azure Active Directory error was encountered.\n\n * 401 AdalServicePrincipalNotFound - The operation could not be completed because an Azure Active Directory library Service Principal not found error was encountered.\n\n * 404 ServerNotInSubscriptionResourceGroup - Specified server does not exist in the specified resource group and subscription.\n\n * 404 SubscriptionDoesNotHaveServer - The requested server was not found\n\n * 404 ResourceNotFound - The requested resource was not found.\n\n * 404 ServerKeyNotFound - The requested server key was not found on the current subscription.\n\n * 409 ServerKeyNameAlreadyExists - The server key already exists on the server.\n\n * 409 ServerKeyUriAlreadyExists - The server key URI already exists on the server.\n\n * 409 ServerKeyDoesNotExists - The server key does not exist.\n\n * 409 AzureKeyVaultKeyNameNotFound - The operation could not be completed because the Azure Key Vault Key name does not exist.\n\n * 409 AzureKeyVaultKeyInUse - The key is currently being used by the server.\n\n * 503 AzureKeyVaultConnectionFailed - The operation could not be completed on the server because attempts to connect to Azure Key Vault have failed\n\n * 503 AzureKeyVaultGenericConnectionError - The operation could not be completed because an error was encountered when attempting to retrieve Key Vault information ." + }, + "202": { + "description": "Accepted" + } + }, + "x-ms-long-running-operation": true, + "x-ms-examples": { + "Revalidates the encryption protector": { + "$ref": "./examples/EncryptionProtectorRevalidate.json" + } + } + } + }, "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/encryptionProtector": { "get": { "tags": [ @@ -45,7 +99,7 @@ } }, "default": { - "description": "*** Error Responses: ***\n\n * 400 InvalidKeyName - An invalid value was given for the server key name.\n\n * 400 InvalidKeyType - The create server key type is not supported.\n\n * 400 InvalidKeyUpsertRequest - The create server key request does not exist or has no properties object.\n\n * 400 InvalidEncryptionProtectorName - The encryption protector key name is not supported.\n\n * 404 SubscriptionDoesNotHaveServer - The requested server was not found" + "description": "*** Error Responses: ***\n\n * 400 InvalidKeyName - An invalid value was given for the server key name.\n\n * 400 InvalidKeyType - The create server key type is not supported.\n\n * 400 InvalidUpsertKeyType - Service Managed type keys are managed by Azure SQL. This key type does not support create or update by the user.\n\n * 400 InvalidKeyUpsertRequest - The create server key request does not exist or has no properties object.\n\n * 400 InvalidEncryptionProtectorName - The encryption protector key name is not supported.\n\n * 404 ServerNotInSubscriptionResourceGroup - Specified server does not exist in the specified resource group and subscription.\n\n * 404 SubscriptionDoesNotHaveServer - The requested server was not found" } }, "x-ms-pageable": { @@ -101,7 +155,7 @@ } }, "default": { - "description": "*** Error Responses: ***\n\n * 400 InvalidKeyName - An invalid value was given for the server key name.\n\n * 400 InvalidKeyType - The create server key type is not supported.\n\n * 400 InvalidKeyUpsertRequest - The create server key request does not exist or has no properties object.\n\n * 400 InvalidEncryptionProtectorName - The encryption protector key name is not supported.\n\n * 404 SubscriptionDoesNotHaveServer - The requested server was not found\n\n * 404 ResourceNotFound - The requested resource was not found." + "description": "*** Error Responses: ***\n\n * 400 InvalidKeyName - An invalid value was given for the server key name.\n\n * 400 InvalidKeyType - The create server key type is not supported.\n\n * 400 InvalidUpsertKeyType - Service Managed type keys are managed by Azure SQL. This key type does not support create or update by the user.\n\n * 400 InvalidKeyUpsertRequest - The create server key request does not exist or has no properties object.\n\n * 400 InvalidEncryptionProtectorName - The encryption protector key name is not supported.\n\n * 404 ServerNotInSubscriptionResourceGroup - Specified server does not exist in the specified resource group and subscription.\n\n * 404 SubscriptionDoesNotHaveServer - The requested server was not found\n\n * 404 ResourceNotFound - The requested resource was not found." } }, "x-ms-examples": { @@ -161,7 +215,7 @@ } }, "default": { - "description": "*** Error Responses: ***\n\n * 400 InvalidKeyName - An invalid value was given for the server key name.\n\n * 400 InvalidKeyType - The create server key type is not supported.\n\n * 400 InvalidKeyUpsertRequest - The create server key request does not exist or has no properties object.\n\n * 400 InvalidEncryptionProtectorName - The encryption protector key name is not supported.\n\n * 400 AzureKeyVaultInvalidExpirationDate - The operation could not be completed because the Azure Key Vault key expiration date is invalid.\n\n * 400 AzureKeyVaultInvalidUri - An invalid response from Azure Key Vault. Please use a valid Azure Key Vault URI.\n\n * 400 AzureKeyVaultMalformedVaultUri - The provided Key Vault uri is not valid.\n\n * 401 AzureKeyVaultKeyDisabled - The operation could not be completed on the server because the Azure Key Vault key is disabled.\n\n * 401 AzureKeyVaultNoServerIdentity - The server identity is not correctly configured on server. Please contact support.\n\n * 401 AzureKeyVaultMissingPermissions - The server is missing required permissions on the Azure Key Vault. \n\n * 401 AdalGenericError - The operation could not be completed because an Azure Active Directory error was encountered.\n\n * 401 AdalServicePrincipalNotFound - The operation could not be completed because an Azure Active Directory library Service Principal not found error was encountered.\n\n * 404 SubscriptionDoesNotHaveServer - The requested server was not found\n\n * 404 ResourceNotFound - The requested resource was not found.\n\n * 404 ServerKeyNotFound - The requested server key was not found on the current subscription.\n\n * 409 ServerKeyUriAlreadyExists - The server key URI already exists on the server.\n\n * 409 ServerKeyDoesNotExists - The server key does not exist.\n\n * 409 AzureKeyVaultKeyNameNotFound - The operation could not be completed because the Azure Key Vault Key name does not exist.\n\n * 409 AzureKeyVaultKeyInUse - The key is currently being used by the server.\n\n * 409 ServerKeyNameAlreadyExists - The server key already exists on the server.\n\n * 503 AzureKeyVaultConnectionFailed - The operation could not be completed on the server because attempts to connect to Azure Key Vault have failed\n\n * 503 AzureKeyVaultGenericConnectionError - The operation could not be completed because an error was encountered when attempting to retrieve Key Vault information ." + "description": "*** Error Responses: ***\n\n * 400 InvalidKeyName - An invalid value was given for the server key name.\n\n * 400 InvalidKeyType - The create server key type is not supported.\n\n * 400 InvalidUpsertKeyType - Service Managed type keys are managed by Azure SQL. This key type does not support create or update by the user.\n\n * 400 InvalidKeyUpsertRequest - The create server key request does not exist or has no properties object.\n\n * 400 InvalidEncryptionProtectorName - The encryption protector key name is not supported.\n\n * 400 SecurityAzureKeyVaultGeoChainError - Creating secondary of secondary (a process known as chaining) is not supported when enabling Transparent Data Encryption using Azure Key Vault (BYOK).\n\n * 400 AzureKeyVaultInvalidExpirationDate - The operation could not be completed because the Azure Key Vault key expiration date is invalid.\n\n * 400 SecurityAzureKeyVaultUrlNullOrEmpty - The operation could not be completed because the Azure Key Vault Uri is null or empty.\n\n * 400 AzureKeyVaultInvalidUri - An invalid response from Azure Key Vault. Please use a valid Azure Key Vault URI.\n\n * 400 SecurityAzureKeyVaultInvalidKeyName - The operation could not be completed because of an invalid Server Key name.\n\n * 400 AzureKeyVaultMalformedVaultUri - The provided Key Vault uri is not valid.\n\n * 400 SecurityAdalPrincipalCertExpiredError - The operation could not be completed because the Azure Key Vault principal certificate has expired.\n\n * 400 SecurityInvalidAzureKeyVaultRecoveryLevel - The provided Key Vault uri is not valid.\n\n * 400 KeyMaterialNotFoundOnRemoteServer - Remote server does not have access to key material used as a TDE protector.\n\n * 400 AzureKeyVaultMismatchError - Unexpected Key Vault region found in the http response.\n\n * 400 AzureKeyVaultRsaKeyNotSupported - The provided key vault uses unsupported RSA Key Size or Key Type. The supported RSA key size is 2048 and Key Type is RSA.\n\n * 401 AzureKeyVaultKeyDisabled - The operation could not be completed on the server because the Azure Key Vault key is disabled.\n\n * 401 AzureKeyVaultNoServerIdentity - The server identity is not correctly configured.\n\n * 401 AzureKeyVaultMissingPermissions - The server is missing required permissions on the Azure Key Vault. \n\n * 401 AdalGenericError - The operation could not be completed because an Azure Active Directory error was encountered.\n\n * 401 AdalServicePrincipalNotFound - The operation could not be completed because an Azure Active Directory library Service Principal not found error was encountered.\n\n * 404 ServerNotInSubscriptionResourceGroup - Specified server does not exist in the specified resource group and subscription.\n\n * 404 SubscriptionDoesNotHaveServer - The requested server was not found\n\n * 404 ResourceNotFound - The requested resource was not found.\n\n * 404 ServerKeyNotFound - The requested server key was not found on the current subscription.\n\n * 409 ServerKeyNameAlreadyExists - The server key already exists on the server.\n\n * 409 ServerKeyUriAlreadyExists - The server key URI already exists on the server.\n\n * 409 ServerKeyDoesNotExists - The server key does not exist.\n\n * 409 AzureKeyVaultKeyNameNotFound - The operation could not be completed because the Azure Key Vault Key name does not exist.\n\n * 409 AzureKeyVaultKeyInUse - The key is currently being used by the server.\n\n * 503 AzureKeyVaultConnectionFailed - The operation could not be completed on the server because attempts to connect to Azure Key Vault have failed\n\n * 503 AzureKeyVaultGenericConnectionError - The operation could not be completed because an error was encountered when attempting to retrieve Key Vault information ." }, "202": { "description": "Accepted" @@ -250,7 +304,8 @@ "properties": { "kind": { "description": "Kind of encryption protector. This is metadata used for the Azure portal experience.", - "type": "string" + "type": "string", + "readOnly": true }, "location": { "description": "Resource location.", @@ -298,6 +353,14 @@ "type": "string", "x-ms-parameter-location": "method" }, + "ManagedInstanceNameParameter": { + "name": "managedInstanceName", + "in": "path", + "description": "The name of the managed instance.", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, "DatabaseNameParameter": { "name": "databaseName", "in": "path", @@ -305,6 +368,41 @@ "required": true, "type": "string", "x-ms-parameter-location": "method" + }, + "BlobAuditingPolicyNameParameter": { + "name": "blobAuditingPolicyName", + "in": "path", + "description": "The name of the blob auditing policy.", + "required": true, + "type": "string", + "enum": [ + "default" + ], + "x-ms-parameter-location": "method" + }, + "SqlVirtualMachineInstanceNameParameter": { + "name": "sqlVirtualMachineInstanceName", + "in": "path", + "description": "The name of the SqlVirtualMachineInstance.", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "SqlVirtualMachineContainerNameParameter": { + "name": "sqlVirtualMachineContainerName", + "in": "path", + "description": "The name of the SqlVirtualMachineContainer.", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "VirtualClusterNameParameter": { + "name": "virtualClusterName", + "in": "path", + "description": "The name of the virtual cluster.", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" } }, "securityDefinitions": { @@ -318,4 +416,4 @@ } } } -} +} \ No newline at end of file diff --git a/specification/sql/resource-manager/Microsoft.Sql/preview/2015-05-01-preview/examples/EncryptionProtectorRevalidate.json b/specification/sql/resource-manager/Microsoft.Sql/preview/2015-05-01-preview/examples/EncryptionProtectorRevalidate.json new file mode 100644 index 000000000000..de53530efda5 --- /dev/null +++ b/specification/sql/resource-manager/Microsoft.Sql/preview/2015-05-01-preview/examples/EncryptionProtectorRevalidate.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "subscriptionId": "00000000-1111-2222-3333-444444444444", + "resourceGroupName": "sqlcrudtest-7398", + "serverName": "sqlcrudtest-4645", + "encryptionProtectorName": "current", + "api-version": "2015-05-01-preview" + }, + "responses": { + "200": { }, + "202": { } + } +} \ No newline at end of file diff --git a/specification/sql/resource-manager/Microsoft.Sql/preview/2017-10-01-preview/ManagedInstanceEncryptionProtectors.json b/specification/sql/resource-manager/Microsoft.Sql/preview/2017-10-01-preview/ManagedInstanceEncryptionProtectors.json index 6c2388153be7..d66c7e1cf4c0 100644 --- a/specification/sql/resource-manager/Microsoft.Sql/preview/2017-10-01-preview/ManagedInstanceEncryptionProtectors.json +++ b/specification/sql/resource-manager/Microsoft.Sql/preview/2017-10-01-preview/ManagedInstanceEncryptionProtectors.json @@ -16,6 +16,60 @@ "application/json" ], "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/managedInstances/{managedInstanceName}/encryptionProtector/{encryptionProtectorName}/revalidate": { + "post": { + "tags": [ + "ManagedInstanceEncryptionProtectors" + ], + "description": "Revalidates an existing encryption protector.", + "operationId": "ManagedInstanceEncryptionProtectors_Revalidate", + "parameters": [ + { + "$ref": "#/parameters/ResourceGroupParameter" + }, + { + "$ref": "#/parameters/ManagedInstanceNameParameter" + }, + { + "name": "encryptionProtectorName", + "in": "path", + "description": "The name of the encryption protector to be updated.", + "required": true, + "type": "string", + "enum": [ + "current" + ], + "x-ms-enum": { + "name": "EncryptionProtectorName", + "modelAsString": true + } + }, + { + "$ref": "#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "Successfully revalidated the encryption protector." + }, + "default": { + "description": "*** Error Responses: ***\n\n * 400 InvalidKeyName - An invalid value was given for the server key name.\n\n * 400 InvalidKeyType - The create server key type is not supported.\n\n * 400 InvalidUpsertKeyType - Service Managed type keys are managed by Azure SQL. This key type does not support create or update by the user.\n\n * 400 InvalidKeyUpsertRequest - The create server key request does not exist or has no properties object.\n\n * 400 InvalidEncryptionProtectorName - The encryption protector key name is not supported.\n\n * 400 SecurityAzureKeyVaultGeoChainError - Creating secondary of secondary (a process known as chaining) is not supported when enabling Transparent Data Encryption using Azure Key Vault (BYOK).\n\n * 400 AzureKeyVaultInvalidExpirationDate - The operation could not be completed because the Azure Key Vault key expiration date is invalid.\n\n * 400 SecurityAzureKeyVaultUrlNullOrEmpty - The operation could not be completed because the Azure Key Vault Uri is null or empty.\n\n * 400 AzureKeyVaultInvalidUri - An invalid response from Azure Key Vault. Please use a valid Azure Key Vault URI.\n\n * 400 SecurityAzureKeyVaultInvalidKeyName - The operation could not be completed because of an invalid Server Key name.\n\n * 400 AzureKeyVaultMalformedVaultUri - The provided Key Vault uri is not valid.\n\n * 400 SecurityAdalPrincipalCertExpiredError - The operation could not be completed because the Azure Key Vault principal certificate has expired.\n\n * 400 SecurityInvalidAzureKeyVaultRecoveryLevel - The provided Key Vault uri is not valid.\n\n * 400 KeyMaterialNotFoundOnRemoteServer - Remote server does not have access to key material used as a TDE protector.\n\n * 400 AzureKeyVaultMismatchError - Unexpected Key Vault region found in the http response.\n\n * 400 AzureKeyVaultRsaKeyNotSupported - The provided key vault uses unsupported RSA Key Size or Key Type. The supported RSA key size is 2048 and Key Type is RSA.\n\n * 401 AzureKeyVaultKeyDisabled - The operation could not be completed on the server because the Azure Key Vault key is disabled.\n\n * 401 AzureKeyVaultNoServerIdentity - The server identity is not correctly configured.\n\n * 401 AzureKeyVaultMissingPermissions - The server is missing required permissions on the Azure Key Vault. \n\n * 401 AdalGenericError - The operation could not be completed because an Azure Active Directory error was encountered.\n\n * 401 AdalServicePrincipalNotFound - The operation could not be completed because an Azure Active Directory library Service Principal not found error was encountered.\n\n * 404 ServerNotInSubscriptionResourceGroup - Specified server does not exist in the specified resource group and subscription.\n\n * 404 SubscriptionDoesNotHaveServer - The requested server was not found\n\n * 404 ResourceNotFound - The requested resource was not found.\n\n * 404 ServerKeyNotFound - The requested server key was not found on the current subscription.\n\n * 409 ServerKeyNameAlreadyExists - The server key already exists on the server.\n\n * 409 ServerKeyUriAlreadyExists - The server key URI already exists on the server.\n\n * 409 ServerKeyDoesNotExists - The server key does not exist.\n\n * 409 AzureKeyVaultKeyNameNotFound - The operation could not be completed because the Azure Key Vault Key name does not exist.\n\n * 409 AzureKeyVaultKeyInUse - The key is currently being used by the server.\n\n * 503 AzureKeyVaultConnectionFailed - The operation could not be completed on the server because attempts to connect to Azure Key Vault have failed\n\n * 503 AzureKeyVaultGenericConnectionError - The operation could not be completed because an error was encountered when attempting to retrieve Key Vault information ." + }, + "202": { + "description": "Accepted" + } + }, + "x-ms-long-running-operation": true, + "x-ms-examples": { + "Revalidates the encryption protector": { + "$ref": "./examples/ManagedInstanceEncryptionProtectorRevalidate.json" + } + } + } + }, "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/managedInstances/{managedInstanceName}/encryptionProtector": { "get": { "tags": [ @@ -45,7 +99,7 @@ } }, "default": { - "description": "*** Error Responses: ***\n\n * 400 InvalidKeyName - An invalid value was given for the server key name.\n\n * 400 InvalidKeyType - The create server key type is not supported.\n\n * 400 InvalidUpsertKeyType - Service Managed type keys are managed by Azure SQL. This key type does not support create or update by the user.\n\n * 400 InvalidKeyUpsertRequest - The create server key request does not exist or has no properties object.\n\n * 400 InvalidEncryptionProtectorName - The encryption protector key name is not supported.\n\n * 404 SubscriptionDoesNotHaveServer - The requested server was not found" + "description": "*** Error Responses: ***\n\n * 400 InvalidKeyName - An invalid value was given for the server key name.\n\n * 400 InvalidKeyType - The create server key type is not supported.\n\n * 400 InvalidUpsertKeyType - Service Managed type keys are managed by Azure SQL. This key type does not support create or update by the user.\n\n * 400 InvalidKeyUpsertRequest - The create server key request does not exist or has no properties object.\n\n * 400 InvalidEncryptionProtectorName - The encryption protector key name is not supported.\n\n * 404 ServerNotInSubscriptionResourceGroup - Specified server does not exist in the specified resource group and subscription.\n\n * 404 SubscriptionDoesNotHaveServer - The requested server was not found" } }, "x-ms-pageable": { @@ -101,7 +155,7 @@ } }, "default": { - "description": "*** Error Responses: ***\n\n * 400 InvalidKeyName - An invalid value was given for the server key name.\n\n * 400 InvalidKeyType - The create server key type is not supported.\n\n * 400 InvalidUpsertKeyType - Service Managed type keys are managed by Azure SQL. This key type does not support create or update by the user.\n\n * 400 InvalidKeyUpsertRequest - The create server key request does not exist or has no properties object.\n\n * 400 InvalidEncryptionProtectorName - The encryption protector key name is not supported.\n\n * 404 SubscriptionDoesNotHaveServer - The requested server was not found\n\n * 404 ResourceNotFound - The requested resource was not found." + "description": "*** Error Responses: ***\n\n * 400 InvalidKeyName - An invalid value was given for the server key name.\n\n * 400 InvalidKeyType - The create server key type is not supported.\n\n * 400 InvalidUpsertKeyType - Service Managed type keys are managed by Azure SQL. This key type does not support create or update by the user.\n\n * 400 InvalidKeyUpsertRequest - The create server key request does not exist or has no properties object.\n\n * 400 InvalidEncryptionProtectorName - The encryption protector key name is not supported.\n\n * 404 ServerNotInSubscriptionResourceGroup - Specified server does not exist in the specified resource group and subscription.\n\n * 404 SubscriptionDoesNotHaveServer - The requested server was not found\n\n * 404 ResourceNotFound - The requested resource was not found." } }, "x-ms-examples": { @@ -126,7 +180,7 @@ { "name": "encryptionProtectorName", "in": "path", - "description": "The name of the encryption protector to be created or updated.", + "description": "The name of the encryption protector to be updated.", "required": true, "type": "string", "enum": [ @@ -161,7 +215,7 @@ } }, "default": { - "description": "*** Error Responses: ***\n\n * 400 InvalidKeyName - An invalid value was given for the server key name.\n\n * 400 InvalidKeyType - The create server key type is not supported.\n\n * 400 InvalidUpsertKeyType - Service Managed type keys are managed by Azure SQL. This key type does not support create or update by the user.\n\n * 400 InvalidKeyUpsertRequest - The create server key request does not exist or has no properties object.\n\n * 400 InvalidEncryptionProtectorName - The encryption protector key name is not supported.\n\n * 400 AzureKeyVaultInvalidExpirationDate - The operation could not be completed because the Azure Key Vault key expiration date is invalid.\n\n * 400 SecurityAzureKeyVaultUrlNullOrEmpty - The operation could not be completed because the Azure Key Vault Uri is null or empty.\n\n * 400 AzureKeyVaultInvalidUri - An invalid response from Azure Key Vault. Please use a valid Azure Key Vault URI.\n\n * 400 SecurityAzureKeyVaultInvalidKeyName - The operation could not be completed because of an invalid Server Key name.\n\n * 400 AzureKeyVaultMalformedVaultUri - The provided Key Vault uri is not valid.\n\n * 400 SecurityAdalPrincipalCertExpiredError - The operation could not be completed because the Azure Key Vault principal certificate has expired.\n\n * 400 SecurityInvalidAzureKeyVaultRecoveryLevel - The provided Key Vault uri is not valid.\n\n * 400 KeyMaterialNotFoundOnRemoteServer - Remote server does not have access to key material used as a TDE protector.\n\n * 400 AzureKeyVaultMismatchError - Unexpected Key Vault region found in the http response.\n\n * 400 AzureKeyVaultRsaKeyNotSupported - The provided key vault uses unsupported RSA Key Size or Key Type. The supported RSA key size is 2048 and Key Type is RSA.\n\n * 401 AzureKeyVaultKeyDisabled - The operation could not be completed on the server because the Azure Key Vault key is disabled.\n\n * 401 AzureKeyVaultNoServerIdentity - The server identity is not correctly configured.\n\n * 401 AzureKeyVaultMissingPermissions - The server is missing required permissions on the Azure Key Vault. \n\n * 401 AdalGenericError - The operation could not be completed because an Azure Active Directory error was encountered.\n\n * 401 AdalServicePrincipalNotFound - The operation could not be completed because an Azure Active Directory library Service Principal not found error was encountered.\n\n * 404 SubscriptionDoesNotHaveServer - The requested server was not found\n\n * 404 ResourceNotFound - The requested resource was not found.\n\n * 404 ServerKeyNotFound - The requested server key was not found on the current subscription.\n\n * 409 ServerKeyNameAlreadyExists - The server key already exists on the server.\n\n * 409 ServerKeyUriAlreadyExists - The server key URI already exists on the server.\n\n * 409 ServerKeyDoesNotExists - The server key does not exist.\n\n * 409 AzureKeyVaultKeyNameNotFound - The operation could not be completed because the Azure Key Vault Key name does not exist.\n\n * 409 AzureKeyVaultKeyInUse - The key is currently being used by the server.\n\n * 503 AzureKeyVaultConnectionFailed - The operation could not be completed on the server because attempts to connect to Azure Key Vault have failed\n\n * 503 AzureKeyVaultGenericConnectionError - The operation could not be completed because an error was encountered when attempting to retrieve Key Vault information ." + "description": "*** Error Responses: ***\n\n * 400 InvalidKeyName - An invalid value was given for the server key name.\n\n * 400 InvalidKeyType - The create server key type is not supported.\n\n * 400 InvalidUpsertKeyType - Service Managed type keys are managed by Azure SQL. This key type does not support create or update by the user.\n\n * 400 InvalidKeyUpsertRequest - The create server key request does not exist or has no properties object.\n\n * 400 InvalidEncryptionProtectorName - The encryption protector key name is not supported.\n\n * 400 SecurityAzureKeyVaultGeoChainError - Creating secondary of secondary (a process known as chaining) is not supported when enabling Transparent Data Encryption using Azure Key Vault (BYOK).\n\n * 400 AzureKeyVaultInvalidExpirationDate - The operation could not be completed because the Azure Key Vault key expiration date is invalid.\n\n * 400 SecurityAzureKeyVaultUrlNullOrEmpty - The operation could not be completed because the Azure Key Vault Uri is null or empty.\n\n * 400 AzureKeyVaultInvalidUri - An invalid response from Azure Key Vault. Please use a valid Azure Key Vault URI.\n\n * 400 SecurityAzureKeyVaultInvalidKeyName - The operation could not be completed because of an invalid Server Key name.\n\n * 400 AzureKeyVaultMalformedVaultUri - The provided Key Vault uri is not valid.\n\n * 400 SecurityAdalPrincipalCertExpiredError - The operation could not be completed because the Azure Key Vault principal certificate has expired.\n\n * 400 SecurityInvalidAzureKeyVaultRecoveryLevel - The provided Key Vault uri is not valid.\n\n * 400 KeyMaterialNotFoundOnRemoteServer - Remote server does not have access to key material used as a TDE protector.\n\n * 400 AzureKeyVaultMismatchError - Unexpected Key Vault region found in the http response.\n\n * 400 AzureKeyVaultRsaKeyNotSupported - The provided key vault uses unsupported RSA Key Size or Key Type. The supported RSA key size is 2048 and Key Type is RSA.\n\n * 401 AzureKeyVaultKeyDisabled - The operation could not be completed on the server because the Azure Key Vault key is disabled.\n\n * 401 AzureKeyVaultNoServerIdentity - The server identity is not correctly configured.\n\n * 401 AzureKeyVaultMissingPermissions - The server is missing required permissions on the Azure Key Vault. \n\n * 401 AdalGenericError - The operation could not be completed because an Azure Active Directory error was encountered.\n\n * 401 AdalServicePrincipalNotFound - The operation could not be completed because an Azure Active Directory library Service Principal not found error was encountered.\n\n * 404 ServerNotInSubscriptionResourceGroup - Specified server does not exist in the specified resource group and subscription.\n\n * 404 SubscriptionDoesNotHaveServer - The requested server was not found\n\n * 404 ResourceNotFound - The requested resource was not found.\n\n * 404 ServerKeyNotFound - The requested server key was not found on the current subscription.\n\n * 409 ServerKeyNameAlreadyExists - The server key already exists on the server.\n\n * 409 ServerKeyUriAlreadyExists - The server key URI already exists on the server.\n\n * 409 ServerKeyDoesNotExists - The server key does not exist.\n\n * 409 AzureKeyVaultKeyNameNotFound - The operation could not be completed because the Azure Key Vault Key name does not exist.\n\n * 409 AzureKeyVaultKeyInUse - The key is currently being used by the server.\n\n * 503 AzureKeyVaultConnectionFailed - The operation could not be completed on the server because attempts to connect to Azure Key Vault have failed\n\n * 503 AzureKeyVaultGenericConnectionError - The operation could not be completed because an error was encountered when attempting to retrieve Key Vault information ." }, "202": { "description": "Accepted" @@ -352,4 +406,4 @@ } } } -} +} \ No newline at end of file diff --git a/specification/sql/resource-manager/Microsoft.Sql/preview/2017-10-01-preview/examples/ManagedInstanceEncryptionProtectorRevalidate.json b/specification/sql/resource-manager/Microsoft.Sql/preview/2017-10-01-preview/examples/ManagedInstanceEncryptionProtectorRevalidate.json new file mode 100644 index 000000000000..3259df58fca6 --- /dev/null +++ b/specification/sql/resource-manager/Microsoft.Sql/preview/2017-10-01-preview/examples/ManagedInstanceEncryptionProtectorRevalidate.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "subscriptionId": "00000000-1111-2222-3333-444444444444", + "resourceGroupName": "sqlcrudtest-7398", + "managedInstanceName": "sqlcrudtest-4645", + "encryptionProtectorName": "current", + "api-version": "2017-10-01-preview" + }, + "responses": { + "200": {}, + "202": {} + } +} \ No newline at end of file