diff --git a/schemas/2019-06-01-preview/Microsoft.Synapse.json b/schemas/2019-06-01-preview/Microsoft.Synapse.json index fad418f555..11bf9d74e4 100644 --- a/schemas/2019-06-01-preview/Microsoft.Synapse.json +++ b/schemas/2019-06-01-preview/Microsoft.Synapse.json @@ -19,7 +19,7 @@ }, "name": { "type": "string", - "description": "The name of the privateLinkHub" + "description": "Name of the privateLinkHub" }, "properties": { "oneOf": [ @@ -118,6 +118,9 @@ { "$ref": "#/definitions/workspaces_administrators_childResource" }, + { + "$ref": "#/definitions/workspaces_sqlAdministrators_childResource" + }, { "$ref": "#/definitions/workspaces_managedIdentitySqlControlSettings_childResource" }, @@ -126,6 +129,21 @@ }, { "$ref": "#/definitions/workspaces_privateEndpointConnections_childResource" + }, + { + "$ref": "#/definitions/workspaces_auditingSettings_childResource" + }, + { + "$ref": "#/definitions/workspaces_extendedAuditingSettings_childResource" + }, + { + "$ref": "#/definitions/workspaces_securityAlertPolicies_childResource" + }, + { + "$ref": "#/definitions/workspaces_vulnerabilityAssessments_childResource" + }, + { + "$ref": "#/definitions/workspaces_encryptionProtector_childResource" } ] } @@ -207,6 +225,53 @@ ], "description": "Microsoft.Synapse/workspaces/administrators" }, + "workspaces_auditingSettings": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2019-06-01-preview" + ] + }, + "name": { + "oneOf": [ + { + "type": "string", + "pattern": "^.*/default$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The name of the blob auditing policy." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ServerBlobAuditingPolicyProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a server blob auditing policy." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Synapse/workspaces/auditingSettings" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Synapse/workspaces/auditingSettings" + }, "workspaces_bigDataPools": { "type": "object", "properties": { @@ -266,6 +331,100 @@ ], "description": "Microsoft.Synapse/workspaces/bigDataPools" }, + "workspaces_encryptionProtector": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2019-06-01-preview" + ] + }, + "name": { + "oneOf": [ + { + "type": "string", + "pattern": "^.*/current$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The name of the encryption protector." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/EncryptionProtectorProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties for an encryption protector execution." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Synapse/workspaces/encryptionProtector" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Synapse/workspaces/encryptionProtector" + }, + "workspaces_extendedAuditingSettings": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2019-06-01-preview" + ] + }, + "name": { + "oneOf": [ + { + "type": "string", + "pattern": "^.*/default$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The name of the blob auditing policy." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ExtendedServerBlobAuditingPolicyProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of an extended server blob auditing policy." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Synapse/workspaces/extendedAuditingSettings" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Synapse/workspaces/extendedAuditingSettings" + }, "workspaces_firewallRules": { "type": "object", "properties": { @@ -403,6 +562,17 @@ "type": "string", "description": "The name of the private endpoint connection." }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/PrivateEndpointConnectionProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a private endpoint connection." + }, "type": { "type": "string", "enum": [ @@ -413,10 +583,104 @@ "required": [ "apiVersion", "name", + "properties", "type" ], "description": "Microsoft.Synapse/workspaces/privateEndpointConnections" }, + "workspaces_securityAlertPolicies": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2019-06-01-preview" + ] + }, + "name": { + "oneOf": [ + { + "type": "string", + "pattern": "^.*/default$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The name of the security alert policy." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ServerSecurityAlertPolicyProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a security alert policy." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Synapse/workspaces/securityAlertPolicies" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Synapse/workspaces/securityAlertPolicies" + }, + "workspaces_sqlAdministrators": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2019-06-01-preview" + ] + }, + "name": { + "oneOf": [ + { + "type": "string", + "pattern": "^.*/activeDirectory$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/AadAdminProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Workspace active directory administrator properties" + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Synapse/workspaces/sqlAdministrators" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Synapse/workspaces/sqlAdministrators" + }, "workspaces_sqlPools": { "type": "object", "properties": { @@ -469,6 +733,9 @@ }, { "$ref": "#/definitions/workspaces_sqlPools_dataMaskingPolicies_childResource" + }, + { + "$ref": "#/definitions/workspaces_sqlPools_workloadGroups_childResource" } ] } @@ -988,26 +1255,161 @@ "type" ], "description": "Microsoft.Synapse/workspaces/sqlPools/vulnerabilityAssessments/rules/baselines" - } - }, - "definitions": { - "AadAdminProperties": { + }, + "workspaces_sqlPools_workloadGroups": { "type": "object", "properties": { - "administratorType": { - "type": "string", - "description": "Workspace active directory administrator type" - }, - "login": { + "apiVersion": { "type": "string", - "description": "Login of the workspace active directory administrator" + "enum": [ + "2019-06-01-preview" + ] }, - "sid": { + "name": { "type": "string", - "description": "Object ID of the workspace active directory administrator" + "description": "The name of the workload group." }, - "tenantId": { - "type": "string", + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/WorkloadGroupProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Workload group definition. For more information look at sys.workload_management_workload_groups (DMV)." + }, + "resources": { + "type": "array", + "items": { + "oneOf": [ + { + "$ref": "#/definitions/workspaces_sqlPools_workloadGroups_workloadClassifiers_childResource" + } + ] + } + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Synapse/workspaces/sqlPools/workloadGroups" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Synapse/workspaces/sqlPools/workloadGroups" + }, + "workspaces_sqlPools_workloadGroups_workloadClassifiers": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2019-06-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The name of the workload classifier." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/WorkloadClassifierProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Workload classifier definition. For more information look at sys.workload_management_workload_classifiers (DMV)." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Synapse/workspaces/sqlPools/workloadGroups/workloadClassifiers" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Synapse/workspaces/sqlPools/workloadGroups/workloadClassifiers" + }, + "workspaces_vulnerabilityAssessments": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2019-06-01-preview" + ] + }, + "name": { + "oneOf": [ + { + "type": "string", + "pattern": "^.*/default$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The name of the vulnerability assessment." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ServerVulnerabilityAssessmentProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a server Vulnerability Assessment." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Synapse/workspaces/vulnerabilityAssessments" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Synapse/workspaces/vulnerabilityAssessments" + } + }, + "definitions": { + "AadAdminProperties": { + "type": "object", + "properties": { + "administratorType": { + "type": "string", + "description": "Workspace active directory administrator type" + }, + "login": { + "type": "string", + "description": "Login of the workspace active directory administrator" + }, + "sid": { + "type": "string", + "description": "Object ID of the workspace active directory administrator" + }, + "tenantId": { + "type": "string", "description": "Tenant ID of the workspace active directory administrator" } }, @@ -1080,16 +1482,6 @@ }, "description": "Auto-scaling properties of a Big Data pool powered by Apache Spark" }, - "BabylonConfiguration": { - "type": "object", - "properties": { - "babylonResourceId": { - "type": "string", - "description": "Babylon Resource ID" - } - }, - "description": "Babylon Configuration" - }, "BigDataPoolResourceProperties": { "type": "object", "properties": { @@ -1120,20 +1512,6 @@ "format": "date-time", "description": "The time when the Big Data pool was created." }, - "customLibraries": { - "oneOf": [ - { - "type": "array", - "items": { - "$ref": "#/definitions/LibraryInfo" - } - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "List of custom libraries/packages associated with the spark pool." - }, "defaultSparkLogFolder": { "type": "string", "description": "The default folder where Spark logs will be written." @@ -1210,17 +1588,6 @@ "type": "string", "description": "The state of the Big Data pool." }, - "sessionLevelPackagesEnabled": { - "oneOf": [ - { - "type": "boolean" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "Whether session level library/package management is enabled or not." - }, "sparkConfigProperties": { "oneOf": [ { @@ -1503,6 +1870,34 @@ }, "description": "Details of the encryption associated with the workspace" }, + "EncryptionProtectorProperties": { + "type": "object", + "properties": { + "serverKeyName": { + "type": "string", + "description": "The name of the server key." + }, + "serverKeyType": { + "oneOf": [ + { + "type": "string", + "enum": [ + "ServiceManaged", + "AzureKeyVault" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The encryption protector type like 'ServiceManaged', 'AzureKeyVault'." + } + }, + "required": [ + "serverKeyType" + ], + "description": "Properties for an encryption protector execution." + }, "EntityReference": { "type": "object", "properties": { @@ -1573,7 +1968,7 @@ ], "description": "Environment variable custom setup type properties." }, - "ExtendedSqlPoolBlobAuditingPolicyProperties": { + "ExtendedServerBlobAuditingPolicyProperties": { "type": "object", "properties": { "auditActionsAndGroups": { @@ -1677,116 +2072,222 @@ "required": [ "state" ], - "description": "Properties of an extended Sql pool blob auditing policy." + "description": "Properties of an extended server blob auditing policy." }, - "IntegrationRuntime": { + "ExtendedSqlPoolBlobAuditingPolicyProperties": { "type": "object", - "oneOf": [ - { - "$ref": "#/definitions/ManagedIntegrationRuntime" - }, - { - "$ref": "#/definitions/SelfHostedIntegrationRuntime" - } - ], "properties": { - "additionalProperties": { + "auditActionsAndGroups": { "oneOf": [ { - "type": "object", - "additionalProperties": { - "type": "object", - "properties": {} - }, - "properties": {} + "type": "array", + "items": { + "type": "string" + } }, { "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" } ], - "description": "Unmatched properties from the message are deserialized this collection" + "description": "Specifies the Actions-Groups and Actions to audit.\r\n\r\nThe recommended set of action groups to use is the following combination - this will audit all the queries and stored procedures executed against the database, as well as successful and failed logins:\r\n\r\nBATCH_COMPLETED_GROUP,\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,\r\nFAILED_DATABASE_AUTHENTICATION_GROUP.\r\n\r\nThis above combination is also the set that is configured by default when enabling auditing from the Azure portal.\r\n\r\nThe supported action groups to audit are (note: choose only specific groups that cover your auditing needs. Using unnecessary groups could lead to very large quantities of audit records):\r\n\r\nAPPLICATION_ROLE_CHANGE_PASSWORD_GROUP\r\nBACKUP_RESTORE_GROUP\r\nDATABASE_LOGOUT_GROUP\r\nDATABASE_OBJECT_CHANGE_GROUP\r\nDATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nDATABASE_OBJECT_PERMISSION_CHANGE_GROUP\r\nDATABASE_OPERATION_GROUP\r\nDATABASE_PERMISSION_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_IMPERSONATION_GROUP\r\nDATABASE_ROLE_MEMBER_CHANGE_GROUP\r\nFAILED_DATABASE_AUTHENTICATION_GROUP\r\nSCHEMA_OBJECT_ACCESS_GROUP\r\nSCHEMA_OBJECT_CHANGE_GROUP\r\nSCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nSCHEMA_OBJECT_PERMISSION_CHANGE_GROUP\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP\r\nUSER_CHANGE_PASSWORD_GROUP\r\nBATCH_STARTED_GROUP\r\nBATCH_COMPLETED_GROUP\r\n\r\nThese are groups that cover all sql statements and stored procedures executed against the database, and should not be used in combination with other groups as this will result in duplicate audit logs.\r\n\r\nFor more information, see [Database-Level Audit Action Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups).\r\n\r\nFor Database auditing policy, specific Actions can also be specified (note that Actions cannot be specified for Server auditing policy). The supported actions to audit are:\r\nSELECT\r\nUPDATE\r\nINSERT\r\nDELETE\r\nEXECUTE\r\nRECEIVE\r\nREFERENCES\r\n\r\nThe general form for defining an action to be audited is:\r\n{action} ON {object} BY {principal}\r\n\r\nNote that in the above format can refer to an object like a table, view, or stored procedure, or an entire database or schema. For the latter cases, the forms DATABASE::{db_name} and SCHEMA::{schema_name} are used, respectively.\r\n\r\nFor example:\r\nSELECT on dbo.myTable by public\r\nSELECT on DATABASE::myDatabase by public\r\nSELECT on SCHEMA::mySchema by public\r\n\r\nFor more information, see [Database-Level Audit Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions)" }, - "description": { - "type": "string", - "description": "Integration runtime description." - } - }, - "description": "Azure Synapse nested object which serves as a compute resource for activities." - }, - "IntegrationRuntimeComputeProperties": { - "type": "object", - "properties": { - "additionalProperties": { + "isAzureMonitorTargetEnabled": { "oneOf": [ { - "type": "object", - "additionalProperties": { - "type": "object", - "properties": {} - }, - "properties": {} + "type": "boolean" }, { "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" } ], - "description": "Unmatched properties from the message are deserialized this collection" + "description": "Specifies whether audit events are sent to Azure Monitor. \r\nIn order to send the events to Azure Monitor, specify 'state' as 'Enabled' and 'isAzureMonitorTargetEnabled' as true.\r\n\r\nWhen using REST API to configure auditing, Diagnostic Settings with 'SQLSecurityAuditEvents' diagnostic logs category on the database should be also created.\r\nNote that for server level audit you should use the 'master' database as {databaseName}.\r\n\r\nDiagnostic Settings URI format:\r\nPUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Sql/servers/{serverName}/databases/{databaseName}/providers/microsoft.insights/diagnosticSettings/{settingsName}?api-version=2017-05-01-preview\r\n\r\nFor more information, see [Diagnostic Settings REST API](https://go.microsoft.com/fwlink/?linkid=2033207)\r\nor [Diagnostic Settings PowerShell](https://go.microsoft.com/fwlink/?linkid=2033043)\r\n" }, - "dataFlowProperties": { + "isStorageSecondaryKeyInUse": { "oneOf": [ { - "$ref": "#/definitions/IntegrationRuntimeDataFlowProperties" + "type": "boolean" }, { "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" } ], - "description": "Data flow properties for managed integration runtime." + "description": "Specifies whether storageAccountAccessKey value is the storage's secondary key." }, - "location": { + "predicateExpression": { "type": "string", - "description": "The location for managed integration runtime. The supported regions could be found on https://docs.microsoft.com/en-us/azure/data-factory/data-factory-data-movement-activities" + "description": "Specifies condition of where clause when creating an audit." }, - "maxParallelExecutionsPerNode": { + "queueDelayMs": { "oneOf": [ { - "type": "integer", - "minimum": 1 + "type": "integer" }, { "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" } ], - "description": "Maximum parallel executions count per node for managed integration runtime." - }, - "nodeSize": { - "type": "string", - "description": "The node size requirement to managed integration runtime." + "description": "Specifies the amount of time in milliseconds that can elapse before audit actions are forced to be processed.\r\nThe default minimum value is 1000 (1 second). The maximum is 2,147,483,647." }, - "numberOfNodes": { + "retentionDays": { "oneOf": [ { - "type": "integer", - "minimum": 1 + "type": "integer" }, { "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" } ], - "description": "The required number of nodes for managed integration runtime." + "description": "Specifies the number of days to keep in the audit logs in the storage account." }, - "vNetProperties": { + "state": { "oneOf": [ { - "$ref": "#/definitions/IntegrationRuntimeVNetProperties" + "type": "string", + "enum": [ + "Enabled", + "Disabled" + ] }, { "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" } ], - "description": "VNet properties for managed integration runtime." - } - }, + "description": "Specifies the state of the policy. If state is Enabled, storageEndpoint or isAzureMonitorTargetEnabled are required." + }, + "storageAccountAccessKey": { + "type": "string", + "description": "Specifies the identifier key of the auditing storage account. \r\nIf state is Enabled and storageEndpoint is specified, not specifying the storageAccountAccessKey will use SQL server system-assigned managed identity to access the storage.\r\nPrerequisites for using managed identity authentication:\r\n1. Assign SQL Server a system-assigned managed identity in Azure Active Directory (AAD).\r\n2. Grant SQL Server identity access to the storage account by adding 'Storage Blob Data Contributor' RBAC role to the server identity.\r\nFor more information, see [Auditing to storage using Managed Identity authentication](https://go.microsoft.com/fwlink/?linkid=2114355)" + }, + "storageAccountSubscriptionId": { + "oneOf": [ + { + "type": "string", + "pattern": "^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Specifies the blob storage subscription Id." + }, + "storageEndpoint": { + "type": "string", + "description": "Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). If state is Enabled, storageEndpoint or isAzureMonitorTargetEnabled is required." + } + }, + "required": [ + "state" + ], + "description": "Properties of an extended Sql pool blob auditing policy." + }, + "IntegrationRuntime": { + "type": "object", + "oneOf": [ + { + "$ref": "#/definitions/ManagedIntegrationRuntime" + }, + { + "$ref": "#/definitions/SelfHostedIntegrationRuntime" + } + ], + "properties": { + "additionalProperties": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "object", + "properties": {} + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Unmatched properties from the message are deserialized this collection" + }, + "description": { + "type": "string", + "description": "Integration runtime description." + } + }, + "description": "Azure Synapse nested object which serves as a compute resource for activities." + }, + "IntegrationRuntimeComputeProperties": { + "type": "object", + "properties": { + "additionalProperties": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "object", + "properties": {} + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Unmatched properties from the message are deserialized this collection" + }, + "dataFlowProperties": { + "oneOf": [ + { + "$ref": "#/definitions/IntegrationRuntimeDataFlowProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Data flow properties for managed integration runtime." + }, + "location": { + "type": "string", + "description": "The location for managed integration runtime. The supported regions could be found on https://docs.microsoft.com/en-us/azure/data-factory/data-factory-data-movement-activities" + }, + "maxParallelExecutionsPerNode": { + "oneOf": [ + { + "type": "integer", + "minimum": 1 + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Maximum parallel executions count per node for managed integration runtime." + }, + "nodeSize": { + "type": "string", + "description": "The node size requirement to managed integration runtime." + }, + "numberOfNodes": { + "oneOf": [ + { + "type": "integer", + "minimum": 1 + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The required number of nodes for managed integration runtime." + }, + "vNetProperties": { + "oneOf": [ + { + "$ref": "#/definitions/IntegrationRuntimeVNetProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "VNet properties for managed integration runtime." + } + }, "description": "The compute resource properties for managed integration runtime." }, "IntegrationRuntimeCustomSetupScriptProperties": { @@ -2120,33 +2621,6 @@ }, "description": "IP firewall rule properties" }, - "LibraryInfo": { - "type": "object", - "properties": { - "containerName": { - "type": "string", - "description": "Storage blob container name." - }, - "name": { - "type": "string", - "description": "Name of the library." - }, - "path": { - "type": "string", - "description": "Storage blob path of library." - }, - "type": { - "type": "string", - "description": "Type of the library." - }, - "uploadedTimestamp": { - "type": "string", - "format": "date-time", - "description": "The last update time of the library." - } - }, - "description": "Library/package information of a Big Data pool powered by Apache Spark" - }, "LibraryRequirements": { "type": "object", "properties": { @@ -2414,6 +2888,17 @@ } ], "description": "Indicates whether the metadata sync is enabled or disabled" + }, + "syncIntervalInMinutes": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The Sync Interval in minutes." } }, "description": "Metadata Sync Config properties" @@ -2421,7 +2906,7 @@ "PrivateEndpoint": { "type": "object", "properties": {}, - "description": "Private Endpoint" + "description": "Private endpoint details" }, "PrivateEndpointConnection": { "type": "object", @@ -2435,9 +2920,10 @@ "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" } ], - "description": "Private Endpoint Connection Properties" + "description": "Properties of a private endpoint connection." } - } + }, + "description": "A private endpoint connection" }, "PrivateEndpointConnectionProperties": { "type": "object", @@ -2451,7 +2937,7 @@ "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" } ], - "description": "Private Endpoint" + "description": "Private endpoint details" }, "privateLinkServiceConnectionState": { "oneOf": [ @@ -2462,20 +2948,44 @@ "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" } ], - "description": "Private Link Service Connection State" + "description": "Connection state details of the private endpoint" } }, - "description": "Private Endpoint Connection Properties" + "description": "Properties of a private endpoint connection." }, "PrivateLinkHubProperties": { "type": "object", - "properties": {}, + "properties": { + "provisioningState": { + "type": "string", + "description": "PrivateLinkHub provisioning state" + } + }, "description": "PrivateLinkHub properties" }, "PrivateLinkServiceConnectionState": { "type": "object", - "properties": {}, - "description": "Private Link Service Connection State" + "properties": { + "description": { + "type": "string", + "description": "The private link service connection description." + }, + "status": { + "type": "string", + "description": "The private link service connection status." + } + }, + "description": "Connection state details of the private endpoint" + }, + "PurviewConfiguration": { + "type": "object", + "properties": { + "purviewResourceId": { + "type": "string", + "description": "Purview Resource ID" + } + }, + "description": "Purview Configuration" }, "SecretBase": { "type": "object", @@ -2655,32 +3165,7 @@ }, "description": "Properties of a sensitivity label." }, - "Sku": { - "type": "object", - "properties": { - "capacity": { - "oneOf": [ - { - "type": "integer" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } - ], - "description": "If the SKU supports scale out/in then the capacity integer should be included. If scale out/in is not possible for the resource this may be omitted." - }, - "name": { - "type": "string", - "description": "The SKU name" - }, - "tier": { - "type": "string", - "description": "The service tier" - } - }, - "description": "SQL pool SKU" - }, - "SqlPoolBlobAuditingPolicyProperties": { + "ServerBlobAuditingPolicyProperties": { "type": "object", "properties": { "auditActionsAndGroups": { @@ -2719,6 +3204,17 @@ ], "description": "Specifies whether storageAccountAccessKey value is the storage's secondary key." }, + "queueDelayMs": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Specifies the amount of time in milliseconds that can elapse before audit actions are forced to be processed.\r\nThe default minimum value is 1000 (1 second). The maximum is 2,147,483,647." + }, "retentionDays": { "oneOf": [ { @@ -2747,7 +3243,7 @@ }, "storageAccountAccessKey": { "type": "string", - "description": "Specifies the identifier key of the auditing storage account. If state is Enabled and storageEndpoint is specified, storageAccountAccessKey is required." + "description": "Specifies the identifier key of the auditing storage account. \r\nIf state is Enabled and storageEndpoint is specified, not specifying the storageAccountAccessKey will use SQL server system-assigned managed identity to access the storage.\r\nPrerequisites for using managed identity authentication:\r\n1. Assign SQL Server a system-assigned managed identity in Azure Active Directory (AAD).\r\n2. Grant SQL Server identity access to the storage account by adding 'Storage Blob Data Contributor' RBAC role to the server identity.\r\nFor more information, see [Auditing to storage using Managed Identity authentication](https://go.microsoft.com/fwlink/?linkid=2114355)" }, "storageAccountSubscriptionId": { "oneOf": [ @@ -2763,47 +3259,278 @@ }, "storageEndpoint": { "type": "string", - "description": "Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). If state is Enabled, storageEndpoint is required." + "description": "Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). If state is Enabled, storageEndpoint or isAzureMonitorTargetEnabled is required." } }, "required": [ "state" ], - "description": "Properties of a Sql pool blob auditing policy." + "description": "Properties of a server blob auditing policy." }, - "SqlPoolResourceProperties": { + "ServerSecurityAlertPolicyProperties": { "type": "object", "properties": { - "collation": { - "type": "string", - "description": "Collation mode" - }, - "createMode": { - "type": "string", - "description": "What is this?" - }, - "creationDate": { - "type": "string", - "format": "date-time", - "description": "Date the SQL pool was created" - }, - "maxSizeBytes": { + "disabledAlerts": { "oneOf": [ { - "type": "integer" + "type": "array", + "items": { + "type": "string" + } }, { "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" } ], - "description": "Maximum size in bytes" - }, - "provisioningState": { - "type": "string", - "description": "Resource state" + "description": "Specifies an array of alerts that are disabled. Allowed values are: Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly, Data_Exfiltration, Unsafe_Action" }, - "recoverableDatabaseId": { - "type": "string", + "emailAccountAdmins": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Specifies that the alert is sent to the account administrators." + }, + "emailAddresses": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Specifies an array of e-mail addresses to which the alert is sent." + }, + "retentionDays": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Specifies the number of days to keep in the Threat Detection audit logs." + }, + "state": { + "oneOf": [ + { + "type": "string", + "enum": [ + "New", + "Enabled", + "Disabled" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Specifies the state of the policy, whether it is enabled or disabled or a policy has not been applied yet on the specific server." + }, + "storageAccountAccessKey": { + "type": "string", + "description": "Specifies the identifier key of the Threat Detection audit storage account." + }, + "storageEndpoint": { + "type": "string", + "description": "Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs." + } + }, + "required": [ + "state" + ], + "description": "Properties of a security alert policy." + }, + "ServerVulnerabilityAssessmentProperties": { + "type": "object", + "properties": { + "recurringScans": { + "oneOf": [ + { + "$ref": "#/definitions/VulnerabilityAssessmentRecurringScansProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a Vulnerability Assessment recurring scans." + }, + "storageAccountAccessKey": { + "type": "string", + "description": "Specifies the identifier key of the storage account for vulnerability assessment scan results. If 'StorageContainerSasKey' isn't specified, storageAccountAccessKey is required." + }, + "storageContainerPath": { + "type": "string", + "description": "A blob storage container path to hold the scan results (e.g. https://myStorage.blob.core.windows.net/VaScans/)." + }, + "storageContainerSasKey": { + "type": "string", + "description": "A shared access signature (SAS Key) that has read and write access to the blob container specified in 'storageContainerPath' parameter. If 'storageAccountAccessKey' isn't specified, StorageContainerSasKey is required." + } + }, + "required": [ + "storageContainerPath" + ], + "description": "Properties of a server Vulnerability Assessment." + }, + "Sku": { + "type": "object", + "properties": { + "capacity": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "If the SKU supports scale out/in then the capacity integer should be included. If scale out/in is not possible for the resource this may be omitted." + }, + "name": { + "type": "string", + "description": "The SKU name" + }, + "tier": { + "type": "string", + "description": "The service tier" + } + }, + "description": "SQL pool SKU" + }, + "SqlPoolBlobAuditingPolicyProperties": { + "type": "object", + "properties": { + "auditActionsAndGroups": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Specifies the Actions-Groups and Actions to audit.\r\n\r\nThe recommended set of action groups to use is the following combination - this will audit all the queries and stored procedures executed against the database, as well as successful and failed logins:\r\n\r\nBATCH_COMPLETED_GROUP,\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,\r\nFAILED_DATABASE_AUTHENTICATION_GROUP.\r\n\r\nThis above combination is also the set that is configured by default when enabling auditing from the Azure portal.\r\n\r\nThe supported action groups to audit are (note: choose only specific groups that cover your auditing needs. Using unnecessary groups could lead to very large quantities of audit records):\r\n\r\nAPPLICATION_ROLE_CHANGE_PASSWORD_GROUP\r\nBACKUP_RESTORE_GROUP\r\nDATABASE_LOGOUT_GROUP\r\nDATABASE_OBJECT_CHANGE_GROUP\r\nDATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nDATABASE_OBJECT_PERMISSION_CHANGE_GROUP\r\nDATABASE_OPERATION_GROUP\r\nDATABASE_PERMISSION_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_IMPERSONATION_GROUP\r\nDATABASE_ROLE_MEMBER_CHANGE_GROUP\r\nFAILED_DATABASE_AUTHENTICATION_GROUP\r\nSCHEMA_OBJECT_ACCESS_GROUP\r\nSCHEMA_OBJECT_CHANGE_GROUP\r\nSCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nSCHEMA_OBJECT_PERMISSION_CHANGE_GROUP\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP\r\nUSER_CHANGE_PASSWORD_GROUP\r\nBATCH_STARTED_GROUP\r\nBATCH_COMPLETED_GROUP\r\n\r\nThese are groups that cover all sql statements and stored procedures executed against the database, and should not be used in combination with other groups as this will result in duplicate audit logs.\r\n\r\nFor more information, see [Database-Level Audit Action Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups).\r\n\r\nFor Database auditing policy, specific Actions can also be specified (note that Actions cannot be specified for Server auditing policy). The supported actions to audit are:\r\nSELECT\r\nUPDATE\r\nINSERT\r\nDELETE\r\nEXECUTE\r\nRECEIVE\r\nREFERENCES\r\n\r\nThe general form for defining an action to be audited is:\r\n{action} ON {object} BY {principal}\r\n\r\nNote that in the above format can refer to an object like a table, view, or stored procedure, or an entire database or schema. For the latter cases, the forms DATABASE::{db_name} and SCHEMA::{schema_name} are used, respectively.\r\n\r\nFor example:\r\nSELECT on dbo.myTable by public\r\nSELECT on DATABASE::myDatabase by public\r\nSELECT on SCHEMA::mySchema by public\r\n\r\nFor more information, see [Database-Level Audit Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions)" + }, + "isAzureMonitorTargetEnabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Specifies whether audit events are sent to Azure Monitor. \r\nIn order to send the events to Azure Monitor, specify 'state' as 'Enabled' and 'isAzureMonitorTargetEnabled' as true.\r\n\r\nWhen using REST API to configure auditing, Diagnostic Settings with 'SQLSecurityAuditEvents' diagnostic logs category on the database should be also created.\r\nNote that for server level audit you should use the 'master' database as {databaseName}.\r\n\r\nDiagnostic Settings URI format:\r\nPUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Sql/servers/{serverName}/databases/{databaseName}/providers/microsoft.insights/diagnosticSettings/{settingsName}?api-version=2017-05-01-preview\r\n\r\nFor more information, see [Diagnostic Settings REST API](https://go.microsoft.com/fwlink/?linkid=2033207)\r\nor [Diagnostic Settings PowerShell](https://go.microsoft.com/fwlink/?linkid=2033043)\r\n" + }, + "isStorageSecondaryKeyInUse": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Specifies whether storageAccountAccessKey value is the storage's secondary key." + }, + "retentionDays": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Specifies the number of days to keep in the audit logs in the storage account." + }, + "state": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Enabled", + "Disabled" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Specifies the state of the policy. If state is Enabled, storageEndpoint or isAzureMonitorTargetEnabled are required." + }, + "storageAccountAccessKey": { + "type": "string", + "description": "Specifies the identifier key of the auditing storage account. If state is Enabled and storageEndpoint is specified, storageAccountAccessKey is required." + }, + "storageAccountSubscriptionId": { + "oneOf": [ + { + "type": "string", + "pattern": "^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Specifies the blob storage subscription Id." + }, + "storageEndpoint": { + "type": "string", + "description": "Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). If state is Enabled, storageEndpoint is required." + } + }, + "required": [ + "state" + ], + "description": "Properties of a Sql pool blob auditing policy." + }, + "SqlPoolResourceProperties": { + "type": "object", + "properties": { + "collation": { + "type": "string", + "description": "Collation mode" + }, + "createMode": { + "type": "string", + "description": "What is this?" + }, + "creationDate": { + "type": "string", + "format": "date-time", + "description": "Date the SQL pool was created" + }, + "maxSizeBytes": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Maximum size in bytes" + }, + "provisioningState": { + "type": "string", + "description": "Resource state" + }, + "recoverableDatabaseId": { + "type": "string", "description": "Backup database to restore from" }, "restorePointInTime": { @@ -2971,34 +3698,126 @@ }, "description": "Properties of a Vulnerability Assessment recurring scans." }, - "WorkspaceKeyDetails": { + "WorkloadClassifierProperties": { "type": "object", "properties": { - "keyVaultUrl": { + "context": { "type": "string", - "description": "Workspace Key sub-resource key vault url" + "description": "The workload classifier context." }, - "name": { + "endTime": { "type": "string", - "description": "Workspace Key sub-resource name" + "description": "The workload classifier end time for classification." + }, + "importance": { + "type": "string", + "description": "The workload classifier importance." + }, + "label": { + "type": "string", + "description": "The workload classifier label." + }, + "memberName": { + "type": "string", + "description": "The workload classifier member name." + }, + "startTime": { + "type": "string", + "description": "The workload classifier start time for classification." } }, - "description": "Details of the customer managed key associated with the workspace" + "required": [ + "memberName" + ], + "description": "Workload classifier definition. For more information look at sys.workload_management_workload_classifiers (DMV)." }, - "WorkspaceProperties": { + "WorkloadGroupProperties": { "type": "object", "properties": { - "babylonConfiguration": { + "importance": { + "type": "string", + "description": "The workload group importance level." + }, + "maxResourcePercent": { "oneOf": [ { - "$ref": "#/definitions/BabylonConfiguration" + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The workload group cap percentage resource." + }, + "maxResourcePercentPerRequest": { + "oneOf": [ + { + "type": "number" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The workload group request maximum grant percentage." + }, + "minResourcePercent": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The workload group minimum percentage resource." + }, + "minResourcePercentPerRequest": { + "oneOf": [ + { + "type": "number" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The workload group request minimum grant percentage." + }, + "queryExecutionTimeout": { + "oneOf": [ + { + "type": "integer" }, { "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" } ], - "description": "Babylon Configuration" + "description": "The workload group query execution timeout." + } + }, + "required": [ + "maxResourcePercent", + "minResourcePercent", + "minResourcePercentPerRequest" + ], + "description": "Workload group definition. For more information look at sys.workload_management_workload_groups (DMV)." + }, + "WorkspaceKeyDetails": { + "type": "object", + "properties": { + "keyVaultUrl": { + "type": "string", + "description": "Workspace Key sub-resource key vault url" }, + "name": { + "type": "string", + "description": "Workspace Key sub-resource name" + } + }, + "description": "Details of the customer managed key associated with the workspace" + }, + "WorkspaceProperties": { + "type": "object", + "properties": { "connectivityEndpoints": { "oneOf": [ { @@ -3069,6 +3888,17 @@ ], "description": "Private endpoint connections to the workspace" }, + "purviewConfiguration": { + "oneOf": [ + { + "$ref": "#/definitions/PurviewConfiguration" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Purview Configuration" + }, "sqlAdministratorLogin": { "type": "string", "description": "Login for workspace SQL active directory administrator" @@ -3080,18 +3910,205 @@ "virtualNetworkProfile": { "oneOf": [ { - "$ref": "#/definitions/VirtualNetworkProfile" + "$ref": "#/definitions/VirtualNetworkProfile" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Virtual Network Profile" + }, + "workspaceRepositoryConfiguration": { + "oneOf": [ + { + "$ref": "#/definitions/WorkspaceRepositoryConfiguration" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Git integration settings" + } + }, + "description": "Workspace properties" + }, + "WorkspaceRepositoryConfiguration": { + "type": "object", + "properties": { + "accountName": { + "type": "string", + "description": "Account name" + }, + "collaborationBranch": { + "type": "string", + "description": "Collaboration branch" + }, + "hostName": { + "type": "string", + "description": "GitHub Enterprise host name. For example: https://github.mydomain.com" + }, + "projectName": { + "type": "string", + "description": "VSTS project name" + }, + "repositoryName": { + "type": "string", + "description": "Repository name" + }, + "rootFolder": { + "type": "string", + "description": "Root folder to use in the repository" + }, + "type": { + "type": "string", + "description": "Type of workspace repositoryID configuration. Example WorkspaceVSTSConfiguration, WorkspaceGitHubConfiguration" + } + }, + "description": "Git integration settings" + }, + "workspaces_administrators_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2019-06-01-preview" + ] + }, + "name": { + "type": "string", + "enum": [ + "activeDirectory" + ] + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/AadAdminProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Workspace active directory administrator properties" + }, + "type": { + "type": "string", + "enum": [ + "administrators" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Synapse/workspaces/administrators" + }, + "workspaces_auditingSettings_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2019-06-01-preview" + ] + }, + "name": { + "type": "string", + "enum": [ + "default" + ], + "description": "The name of the blob auditing policy." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ServerBlobAuditingPolicyProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a server blob auditing policy." + }, + "type": { + "type": "string", + "enum": [ + "auditingSettings" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Synapse/workspaces/auditingSettings" + }, + "workspaces_bigDataPools_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2019-06-01-preview" + ] + }, + "location": { + "type": "string", + "description": "The geo-location where the resource lives" + }, + "name": { + "type": "string", + "description": "Big Data pool name" + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/BigDataPoolResourceProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a Big Data pool powered by Apache Spark" + }, + "tags": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} }, { "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" } ], - "description": "Virtual Network Profile" + "description": "Resource tags." + }, + "type": { + "type": "string", + "enum": [ + "bigDataPools" + ] } }, - "description": "Workspace properties" + "required": [ + "apiVersion", + "location", + "name", + "properties", + "type" + ], + "description": "Microsoft.Synapse/workspaces/bigDataPools" }, - "workspaces_administrators_childResource": { + "workspaces_encryptionProtector_childResource": { "type": "object", "properties": { "apiVersion": { @@ -3103,24 +4120,25 @@ "name": { "type": "string", "enum": [ - "activeDirectory" - ] + "current" + ], + "description": "The name of the encryption protector." }, "properties": { "oneOf": [ { - "$ref": "#/definitions/AadAdminProperties" + "$ref": "#/definitions/EncryptionProtectorProperties" }, { "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" } ], - "description": "Workspace active directory administrator properties" + "description": "Properties for an encryption protector execution." }, "type": { "type": "string", "enum": [ - "administrators" + "encryptionProtector" ] } }, @@ -3130,9 +4148,9 @@ "properties", "type" ], - "description": "Microsoft.Synapse/workspaces/administrators" + "description": "Microsoft.Synapse/workspaces/encryptionProtector" }, - "workspaces_bigDataPools_childResource": { + "workspaces_extendedAuditingSettings_childResource": { "type": "object", "properties": { "apiVersion": { @@ -3141,55 +4159,38 @@ "2019-06-01-preview" ] }, - "location": { - "type": "string", - "description": "The geo-location where the resource lives" - }, "name": { "type": "string", - "description": "Big Data pool name" - }, - "properties": { - "oneOf": [ - { - "$ref": "#/definitions/BigDataPoolResourceProperties" - }, - { - "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" - } + "enum": [ + "default" ], - "description": "Properties of a Big Data pool powered by Apache Spark" + "description": "The name of the blob auditing policy." }, - "tags": { + "properties": { "oneOf": [ { - "type": "object", - "additionalProperties": { - "type": "string" - }, - "properties": {} + "$ref": "#/definitions/ExtendedServerBlobAuditingPolicyProperties" }, { "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" } ], - "description": "Resource tags." + "description": "Properties of an extended server blob auditing policy." }, "type": { "type": "string", "enum": [ - "bigDataPools" + "extendedAuditingSettings" ] } }, "required": [ "apiVersion", - "location", "name", "properties", "type" ], - "description": "Microsoft.Synapse/workspaces/bigDataPools" + "description": "Microsoft.Synapse/workspaces/extendedAuditingSettings" }, "workspaces_firewallRules_childResource": { "type": "object", @@ -3323,6 +4324,17 @@ "type": "string", "description": "The name of the private endpoint connection." }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/PrivateEndpointConnectionProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a private endpoint connection." + }, "type": { "type": "string", "enum": [ @@ -3333,10 +4345,94 @@ "required": [ "apiVersion", "name", + "properties", "type" ], "description": "Microsoft.Synapse/workspaces/privateEndpointConnections" }, + "workspaces_securityAlertPolicies_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2019-06-01-preview" + ] + }, + "name": { + "type": "string", + "enum": [ + "default" + ], + "description": "The name of the security alert policy." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ServerSecurityAlertPolicyProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a security alert policy." + }, + "type": { + "type": "string", + "enum": [ + "securityAlertPolicies" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Synapse/workspaces/securityAlertPolicies" + }, + "workspaces_sqlAdministrators_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2019-06-01-preview" + ] + }, + "name": { + "type": "string", + "enum": [ + "activeDirectory" + ] + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/AadAdminProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Workspace active directory administrator properties" + }, + "type": { + "type": "string", + "enum": [ + "sqlAdministrators" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Synapse/workspaces/sqlAdministrators" + }, "workspaces_sqlPools_auditingSettings_childResource": { "type": "object", "properties": { @@ -3738,6 +4834,126 @@ "type" ], "description": "Microsoft.Synapse/workspaces/sqlPools/vulnerabilityAssessments" + }, + "workspaces_sqlPools_workloadGroups_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2019-06-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The name of the workload group." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/WorkloadGroupProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Workload group definition. For more information look at sys.workload_management_workload_groups (DMV)." + }, + "type": { + "type": "string", + "enum": [ + "workloadGroups" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Synapse/workspaces/sqlPools/workloadGroups" + }, + "workspaces_sqlPools_workloadGroups_workloadClassifiers_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2019-06-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The name of the workload classifier." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/WorkloadClassifierProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Workload classifier definition. For more information look at sys.workload_management_workload_classifiers (DMV)." + }, + "type": { + "type": "string", + "enum": [ + "workloadClassifiers" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Synapse/workspaces/sqlPools/workloadGroups/workloadClassifiers" + }, + "workspaces_vulnerabilityAssessments_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2019-06-01-preview" + ] + }, + "name": { + "type": "string", + "enum": [ + "default" + ], + "description": "The name of the vulnerability assessment." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ServerVulnerabilityAssessmentProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a server Vulnerability Assessment." + }, + "type": { + "type": "string", + "enum": [ + "vulnerabilityAssessments" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Synapse/workspaces/vulnerabilityAssessments" } } -} \ No newline at end of file +} diff --git a/schemas/2020-04-01-preview/Microsoft.Synapse.json b/schemas/2020-04-01-preview/Microsoft.Synapse.json index ca0f96833e..44155674a0 100644 --- a/schemas/2020-04-01-preview/Microsoft.Synapse.json +++ b/schemas/2020-04-01-preview/Microsoft.Synapse.json @@ -179,4 +179,4 @@ "description": "The sql pool's properties." } } -} \ No newline at end of file +}