Adding fixes for Jan 2022 preview version (sasUri/provisioningState params) & PoSH fixes

specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-01-01-preview/Watchlists.json

@@ -182,6 +182,9 @@
           },
           "Creates or updates a watchlist and bulk creates watchlist items.": {
             "$ref": "./examples/watchlists/CreateWatchlistAndWatchlistItems.json"
+          },
+          "Create or update a watchlist and bulk creates watchlist items from SAL URI.": {
+            "$ref": "./examples/watchlists/CreateWatchlistAndWatchlistItemsFromSasUri.json"
           }
         },
         "tags": [
@@ -568,6 +571,11 @@
           "description": "The raw content that represents to watchlist items to create. In case of csv/tsv content type, it's the content of the file that will parsed by the endpoint",
           "type": "string"
         },
+        "sasUri": {
+          "x-ms-secret": true,
+          "description": "The Shared Access Signature (SAS) URI under which the large csv watchlist file is located and from which the watchlist and its items will be created",
+          "type": "string"
+        },
         "itemsSearchKey": {
           "description": "The search key is used to optimize query performance when using watchlists for joins with other data. For example, enable a column with IP addresses to be the designated SearchKey field, then use this field as the key field when joining to other event data by IP address.",
           "type": "string"
@@ -579,6 +587,11 @@
         "uploadStatus": {
           "description": "The status of the Watchlist upload : New, InProgress or Complete. Pls note : When a Watchlist upload status is equal to InProgress, the Watchlist cannot be deleted",
           "type": "string"
+        },
+        "provisioningState": {
+          "readOnly": true,
+          "$ref": "#/definitions/ProvisioningState",
+          "description": "The provisioning state of the watchlist resource."
         }
       },
       "required": [
@@ -665,17 +678,38 @@
         },
         "itemsKeyValue": {
           "description": "key-value pairs for a watchlist item",
-          "type": "object"
+          "type": "object",
+          "additionalProperties": {}
         },
         "entityMapping": {
           "description": "key-value pairs for a watchlist item entity mapping",
-          "type": "object"
+          "type": "object",
+          "additionalProperties": {}
         }
       },
       "required": [
         "itemsKeyValue"
       ],
       "type": "object"
+    },
+    "Label": {
+      "description": "Label that will be used to tag and filter on.",
+      "type": "string"
+    },
+    "ProvisioningState": {
+      "type": "string",
+      "readOnly": true,
+      "description": "The current provisioning state.",
+      "enum": [
+        "Succeeded",
+        "Failed",
+        "Canceled",
+        "InProgress"
+      ],
+      "x-ms-enum": {
+        "name": "ProvisioningState",
+        "modelAsString": true
+      }
     }
   },
   "parameters": {

specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-01-01-preview/examples/watchlists/CreateWatchlistAndWatchlistItemsFromSasUri.json

@@ -0,0 +1,88 @@
+{
+  "parameters": {
+    "api-version": "2022-01-01-preview",
+    "subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0",
+    "resourceGroupName": "myRg",
+    "workspaceName": "myWorkspace",
+    "operationalInsightsResourceProvider": "Microsoft.OperationalInsights",
+    "watchlistAlias": "highValueAsset",
+    "watchlist": {
+      "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"",
+      "properties": {
+        "displayName": "High Value Assets Watchlist",
+        "sourceType": "Remote storage",
+        "provider": "Microsoft",
+        "description": "Watchlist from a large CSV file under Blob storage",
+        "numberOfLinesToSkip": 1,
+        "sasUri": "https://storagesample.blob.core.windows.net/sample-contaier/sampleBlob.csv?sp=r&st=2021-09-24T01:15:52Z&se=2021-10-01T09:15:52Z&spr=https&sv=2020-08-04&sr=b&sig=HRRRMc43ZJz634eBc402X%2FFPxam5sZVPSkLOY14baEd%4Z",
+        "itemsSearchKey": "header1"
+      }
+    }
+  },
+  "responses": {
+    "200": {
+      "body": {
+        "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset",
+        "name": "highValueAsset",
+        "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"",
+        "type": "Microsoft.SecurityInsights/Watchlists",
+        "properties": {
+          "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017",
+          "displayName": "High Value Assets Watchlist",
+          "provider": "Microsoft",
+          "sourceType": "Local file",
+          "created": "2020-09-28T00:26:54.7746089+00:00",
+          "updated": "2020-09-28T00:26:57+00:00",
+          "createdBy": {
+            "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70",
+            "email": "[email protected]",
+            "name": "john doe"
+          },
+          "updatedBy": {
+            "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70",
+            "email": "[email protected]",
+            "name": "john doe"
+          },
+          "description": "Watchlist from CSV content",
+          "watchlistType": "watchlist",
+          "watchlistAlias": "highValueAsset",
+          "itemsSearchKey": "header1",
+          "isDeleted": false,
+          "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd"
+        }
+      }
+    },
+    "201": {
+      "body": {
+        "id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset",
+        "name": "highValueAsset",
+        "etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"",
+        "type": "Microsoft.SecurityInsights/Watchlists",
+        "properties": {
+          "watchlistId": "76d5a51f-ba1f-4038-9d22-59fda38dc017",
+          "displayName": "High Value Assets Watchlist",
+          "provider": "Microsoft",
+          "sourceType": "Local file",
+          "created": "2020-09-28T00:26:54.7746089+00:00",
+          "updated": "2020-09-28T00:26:57+00:00",
+          "createdBy": {
+            "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70",
+            "email": "[email protected]",
+            "name": "john doe"
+          },
+          "updatedBy": {
+            "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70",
+            "email": "[email protected]",
+            "name": "john doe"
+          },
+          "description": "Watchlist from CSV content",
+          "watchlistType": "watchlist",
+          "watchlistAlias": "highValueAsset",
+          "itemsSearchKey": "header1",
+          "isDeleted": false,
+          "tenantId": "f686d426-8d16-42db-81b7-ab578e110ccd"
+        }
+      }
+    }
+  }
+}