From ff2d93f229fde11a0393da50df109ae9ae6a3c3d Mon Sep 17 00:00:00 2001 From: SDKAuto Date: Tue, 15 Mar 2022 13:27:28 +0000 Subject: [PATCH] CodeGen from PR 18267 in Azure/azure-rest-api-specs Merge e0548392abdd126c92f982c02cc065831ebab087 into 6354ca8bf06ea064f4f0fef331a10c1baf62ac35 --- .../Microsoft.Security.json | 1161 +++++++++++++++++ schemas/common/autogeneratedResources.json | 3 + 2 files changed, 1164 insertions(+) create mode 100644 schemas/2021-12-01-preview/Microsoft.Security.json diff --git a/schemas/2021-12-01-preview/Microsoft.Security.json b/schemas/2021-12-01-preview/Microsoft.Security.json new file mode 100644 index 0000000000..fcea740cac --- /dev/null +++ b/schemas/2021-12-01-preview/Microsoft.Security.json @@ -0,0 +1,1161 @@ +{ + "id": "https://schema.management.azure.com/schemas/2021-12-01-preview/Microsoft.Security.json#", + "$schema": "http://json-schema.org/draft-04/schema#", + "title": "Microsoft.Security", + "description": "Microsoft Security Resource Types", + "resourceDefinitions": { + "securityConnectors": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-12-01-preview" + ] + }, + "etag": { + "type": "string", + "description": "Entity tag is used for comparing two or more entities from the same requested resource." + }, + "kind": { + "type": "string", + "description": "Kind of the resource" + }, + "location": { + "type": "string", + "description": "Location where the resource is stored" + }, + "name": { + "type": "string", + "description": "The security connector name." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/SecurityConnectorProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "A set of properties that defines the security connector configuration." + }, + "tags": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "A list of key value pairs that describe the resource." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Security/securityConnectors" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Security/securityConnectors" + } + }, + "definitions": { + "AWSEnvironmentData": { + "type": "object", + "properties": { + "environmentType": { + "type": "string", + "enum": [ + "AwsAccount" + ] + }, + "organizationalData": { + "oneOf": [ + { + "$ref": "#/definitions/AwsOrganizationalData" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The awsOrganization data " + } + }, + "required": [ + "environmentType" + ], + "description": "The aws connector environment data" + }, + "AwsOrganizationalData": { + "type": "object", + "oneOf": [ + { + "$ref": "#/definitions/AwsOrganizationalDataMaster" + }, + { + "$ref": "#/definitions/AwsOrganizationalDataMember" + } + ], + "properties": {}, + "description": "The awsOrganization data " + }, + "AwsOrganizationalDataMaster": { + "type": "object", + "properties": { + "excludedAccountIds": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "If the multi cloud account is of membership type organization, list of accounts excluded from offering" + }, + "organizationMembershipType": { + "type": "string", + "enum": [ + "Organization" + ] + }, + "stacksetName": { + "type": "string", + "description": "If the multi cloud account is of membership type organization, this will be the name of the onboarding stackset" + } + }, + "required": [ + "organizationMembershipType" + ], + "description": "The awsOrganization data for the master account" + }, + "AwsOrganizationalDataMember": { + "type": "object", + "properties": { + "organizationMembershipType": { + "type": "string", + "enum": [ + "Member" + ] + }, + "parentHierarchyId": { + "type": "string", + "description": "If the multi cloud account is not of membership type organization, this will be the ID of the account's parent" + } + }, + "required": [ + "organizationMembershipType" + ], + "description": "The awsOrganization data for the member account" + }, + "CloudOffering": { + "type": "object", + "oneOf": [ + { + "$ref": "#/definitions/CspmMonitorAwsOffering" + }, + { + "$ref": "#/definitions/DefenderForContainersAwsOffering" + }, + { + "$ref": "#/definitions/DefenderForServersAwsOffering" + }, + { + "$ref": "#/definitions/InformationProtectionAwsOffering" + }, + { + "$ref": "#/definitions/CspmMonitorGcpOffering" + }, + { + "$ref": "#/definitions/DefenderForServersGcpOffering" + }, + { + "$ref": "#/definitions/DefenderForContainersGcpOffering" + }, + { + "$ref": "#/definitions/CspmMonitorGithubOffering" + } + ], + "properties": {}, + "description": "The security offering details" + }, + "CspmMonitorAwsOffering": { + "type": "object", + "properties": { + "nativeCloudConnection": { + "oneOf": [ + { + "$ref": "#/definitions/CspmMonitorAwsOfferingNativeCloudConnection" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The native cloud connection configuration" + }, + "offeringType": { + "type": "string", + "enum": [ + "CspmMonitorAws" + ] + } + }, + "required": [ + "offeringType" + ], + "description": "The CSPM monitoring for AWS offering" + }, + "CspmMonitorAwsOfferingNativeCloudConnection": { + "type": "object", + "properties": { + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS for this feature" + } + }, + "description": "The native cloud connection configuration" + }, + "CspmMonitorGcpOffering": { + "type": "object", + "properties": { + "nativeCloudConnection": { + "oneOf": [ + { + "$ref": "#/definitions/CspmMonitorGcpOfferingNativeCloudConnection" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The native cloud connection configuration" + }, + "offeringType": { + "type": "string", + "enum": [ + "CspmMonitorGcp" + ] + } + }, + "required": [ + "offeringType" + ], + "description": "The CSPM monitoring for GCP offering" + }, + "CspmMonitorGcpOfferingNativeCloudConnection": { + "type": "object", + "properties": { + "serviceAccountEmailAddress": { + "type": "string", + "description": "The service account email address in GCP for this offering" + }, + "workloadIdentityProviderId": { + "type": "string", + "description": "The GCP workload identity provider id for the offering" + } + }, + "description": "The native cloud connection configuration" + }, + "CspmMonitorGithubOffering": { + "type": "object", + "properties": { + "offeringType": { + "type": "string", + "enum": [ + "CspmMonitorGithub" + ] + } + }, + "required": [ + "offeringType" + ], + "description": "The CSPM monitoring for github offering" + }, + "DefenderForContainersAwsOffering": { + "type": "object", + "properties": { + "cloudWatchToKinesis": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderForContainersAwsOfferingCloudWatchToKinesis" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The cloudwatch to kinesis connection configuration" + }, + "kinesisToS3": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderForContainersAwsOfferingKinesisToS3" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The kinesis to s3 connection configuration" + }, + "kubernetesScubaReader": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderForContainersAwsOfferingKubernetesScubaReader" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The kubernetes to scuba connection configuration" + }, + "kubernetesService": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderForContainersAwsOfferingKubernetesService" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The kubernetes service connection configuration" + }, + "offeringType": { + "type": "string", + "enum": [ + "DefenderForContainersAws" + ] + } + }, + "required": [ + "offeringType" + ], + "description": "The Defender for Containers AWS offering" + }, + "DefenderForContainersAwsOfferingCloudWatchToKinesis": { + "type": "object", + "properties": { + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS for this feature" + } + }, + "description": "The cloudwatch to kinesis connection configuration" + }, + "DefenderForContainersAwsOfferingKinesisToS3": { + "type": "object", + "properties": { + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS for this feature" + } + }, + "description": "The kinesis to s3 connection configuration" + }, + "DefenderForContainersAwsOfferingKubernetesScubaReader": { + "type": "object", + "properties": { + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS for this feature" + } + }, + "description": "The kubernetes to scuba connection configuration" + }, + "DefenderForContainersAwsOfferingKubernetesService": { + "type": "object", + "properties": { + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS for this feature" + } + }, + "description": "The kubernetes service connection configuration" + }, + "DefenderForContainersGcpOffering": { + "type": "object", + "properties": { + "auditLogsAutoProvisioningFlag": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Is audit logs data collection enabled" + }, + "dataPipelineNativeCloudConnection": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderForContainersGcpOfferingDataPipelineNativeCloudConnection" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The native cloud connection configuration" + }, + "defenderAgentAutoProvisioningFlag": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Is Microsoft Defender for Cloud Kubernetes agent auto provisioning enabled" + }, + "nativeCloudConnection": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderForContainersGcpOfferingNativeCloudConnection" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The native cloud connection configuration" + }, + "offeringType": { + "type": "string", + "enum": [ + "DefenderForContainersGcp" + ] + }, + "policyAgentAutoProvisioningFlag": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Is Policy Kubernetes agent auto provisioning enabled" + } + }, + "required": [ + "offeringType" + ], + "description": "The containers GCP offering" + }, + "DefenderForContainersGcpOfferingDataPipelineNativeCloudConnection": { + "type": "object", + "properties": { + "serviceAccountEmailAddress": { + "type": "string", + "description": "The data collection service account email address in GCP for this offering" + }, + "workloadIdentityProviderId": { + "type": "string", + "description": "The data collection GCP workload identity provider id for this offering" + } + }, + "description": "The native cloud connection configuration" + }, + "DefenderForContainersGcpOfferingNativeCloudConnection": { + "type": "object", + "properties": { + "serviceAccountEmailAddress": { + "type": "string", + "description": "The service account email address in GCP for this offering" + }, + "workloadIdentityProviderId": { + "type": "string", + "description": "The GCP workload identity provider id for this offering" + } + }, + "description": "The native cloud connection configuration" + }, + "DefenderForServersAwsOffering": { + "type": "object", + "properties": { + "arcAutoProvisioning": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderForServersAwsOfferingArcAutoProvisioning" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The ARC autoprovisioning configuration" + }, + "defenderForServers": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderForServersAwsOfferingDefenderForServers" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The Defender for servers connection configuration" + }, + "mdeAutoProvisioning": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderForServersAwsOfferingMdeAutoProvisioning" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The Microsoft Defender for Endpoint autoprovisioning configuration" + }, + "offeringType": { + "type": "string", + "enum": [ + "DefenderForServersAws" + ] + }, + "subPlan": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderForServersAwsOfferingSubPlan" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "configuration for the servers offering subPlan" + }, + "vaAutoProvisioning": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderForServersAwsOfferingVaAutoProvisioning" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The Vulnerability Assessment autoprovisioning configuration" + } + }, + "required": [ + "offeringType" + ], + "description": "The Defender for Servers AWS offering" + }, + "DefenderForServersAwsOfferingArcAutoProvisioning": { + "type": "object", + "properties": { + "enabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Is arc auto provisioning enabled" + }, + "servicePrincipalSecretMetadata": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderForServersAwsOfferingArcAutoProvisioningServicePrincipalSecretMetadata" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Metadata of Service Principal secret for autoprovisioning" + } + }, + "description": "The ARC autoprovisioning configuration" + }, + "DefenderForServersAwsOfferingArcAutoProvisioningServicePrincipalSecretMetadata": { + "type": "object", + "properties": { + "expiryDate": { + "type": "string", + "description": "expiration date of service principal secret" + }, + "parameterNameInStore": { + "type": "string", + "description": "name of secret resource in parameter store" + }, + "parameterStoreRegion": { + "type": "string", + "description": "region of parameter store where secret is kept" + } + }, + "description": "Metadata of Service Principal secret for autoprovisioning" + }, + "DefenderForServersAwsOfferingDefenderForServers": { + "type": "object", + "properties": { + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS for this feature" + } + }, + "description": "The Defender for servers connection configuration" + }, + "DefenderForServersAwsOfferingMdeAutoProvisioning": { + "type": "object", + "properties": { + "configuration": { + "type": "object", + "properties": {}, + "description": "configuration for Microsoft Defender for Endpoint autoprovisioning" + }, + "enabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Is Microsoft Defender for Endpoint auto provisioning enabled" + } + }, + "description": "The Microsoft Defender for Endpoint autoprovisioning configuration" + }, + "DefenderForServersAwsOfferingSubPlan": { + "type": "object", + "properties": { + "type": { + "oneOf": [ + { + "type": "string", + "enum": [ + "P1", + "P2" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The available sub plans." + } + }, + "description": "configuration for the servers offering subPlan" + }, + "DefenderForServersAwsOfferingVaAutoProvisioning": { + "type": "object", + "properties": { + "configuration": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderForServersAwsOfferingVaAutoProvisioningConfiguration" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "configuration for Vulnerability Assessment autoprovisioning" + }, + "enabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Is Vulnerability Assessment auto provisioning enabled" + } + }, + "description": "The Vulnerability Assessment autoprovisioning configuration" + }, + "DefenderForServersAwsOfferingVaAutoProvisioningConfiguration": { + "type": "object", + "properties": { + "type": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Qualys", + "TVM" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The Vulnerability Assessment solution to be provisioned. Can be either 'TVM' or 'Qualys'." + } + }, + "description": "configuration for Vulnerability Assessment autoprovisioning" + }, + "DefenderForServersGcpOffering": { + "type": "object", + "properties": { + "arcAutoProvisioning": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderForServersGcpOfferingArcAutoProvisioning" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The ARC autoprovisioning configuration" + }, + "defenderForServers": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderForServersGcpOfferingDefenderForServers" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The Defender for servers connection configuration" + }, + "mdeAutoProvisioning": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderForServersGcpOfferingMdeAutoProvisioning" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The Microsoft Defender for Endpoint autoprovisioning configuration" + }, + "offeringType": { + "type": "string", + "enum": [ + "DefenderForServersGcp" + ] + }, + "subPlan": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderForServersGcpOfferingSubPlan" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "configuration for the servers offering subPlan" + }, + "vaAutoProvisioning": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderForServersGcpOfferingVaAutoProvisioning" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The Vulnerability Assessment autoprovisioning configuration" + } + }, + "required": [ + "offeringType" + ], + "description": "The Defender for Servers GCP offering configurations" + }, + "DefenderForServersGcpOfferingArcAutoProvisioning": { + "type": "object", + "properties": { + "configuration": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderForServersGcpOfferingArcAutoProvisioningConfiguration" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Configuration for ARC autoprovisioning" + }, + "enabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Is arc auto provisioning enabled" + } + }, + "description": "The ARC autoprovisioning configuration" + }, + "DefenderForServersGcpOfferingArcAutoProvisioningConfiguration": { + "type": "object", + "properties": { + "agentOnboardingServiceAccountNumericId": { + "type": "string", + "description": "The agent onboarding service account numeric id" + }, + "clientId": { + "type": "string", + "description": "The Azure service principal client id for agent onboarding" + } + }, + "description": "Configuration for ARC autoprovisioning" + }, + "DefenderForServersGcpOfferingDefenderForServers": { + "type": "object", + "properties": { + "serviceAccountEmailAddress": { + "type": "string", + "description": "The service account email address in GCP for this feature" + }, + "workloadIdentityProviderId": { + "type": "string", + "description": "The workload identity provider id in GCP for this feature" + } + }, + "description": "The Defender for servers connection configuration" + }, + "DefenderForServersGcpOfferingMdeAutoProvisioning": { + "type": "object", + "properties": { + "configuration": { + "type": "object", + "properties": {}, + "description": "configuration for Microsoft Defender for Endpoint autoprovisioning" + }, + "enabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Is Microsoft Defender for Endpoint auto provisioning enabled" + } + }, + "description": "The Microsoft Defender for Endpoint autoprovisioning configuration" + }, + "DefenderForServersGcpOfferingSubPlan": { + "type": "object", + "properties": { + "type": { + "oneOf": [ + { + "type": "string", + "enum": [ + "P1", + "P2" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The available sub plans." + } + }, + "description": "configuration for the servers offering subPlan" + }, + "DefenderForServersGcpOfferingVaAutoProvisioning": { + "type": "object", + "properties": { + "configuration": { + "oneOf": [ + { + "$ref": "#/definitions/DefenderForServersGcpOfferingVaAutoProvisioningConfiguration" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "configuration for Vulnerability Assessment autoprovisioning" + }, + "enabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Is Vulnerability Assessment auto provisioning enabled" + } + }, + "description": "The Vulnerability Assessment autoprovisioning configuration" + }, + "DefenderForServersGcpOfferingVaAutoProvisioningConfiguration": { + "type": "object", + "properties": { + "type": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Qualys", + "TVM" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The Vulnerability Assessment solution to be provisioned. Can be either 'TVM' or 'Qualys'." + } + }, + "description": "configuration for Vulnerability Assessment autoprovisioning" + }, + "EnvironmentData": { + "type": "object", + "oneOf": [ + { + "$ref": "#/definitions/AWSEnvironmentData" + }, + { + "$ref": "#/definitions/GcpProjectEnvironmentData" + }, + { + "$ref": "#/definitions/GithubScopeEnvironmentData" + } + ], + "properties": {}, + "description": "The security connector environment data." + }, + "GcpOrganizationalData": { + "type": "object", + "oneOf": [ + { + "$ref": "#/definitions/GcpOrganizationalDataOrganization" + }, + { + "$ref": "#/definitions/GcpOrganizationalDataMember" + } + ], + "properties": {}, + "description": "The gcpOrganization data" + }, + "GcpOrganizationalDataMember": { + "type": "object", + "properties": { + "organizationMembershipType": { + "type": "string", + "enum": [ + "Member" + ] + }, + "parentHierarchyId": { + "type": "string", + "description": "If the multi cloud account is not of membership type organization, this will be the ID of the project's parent" + } + }, + "required": [ + "organizationMembershipType" + ], + "description": "The gcpOrganization data for the member account" + }, + "GcpOrganizationalDataOrganization": { + "type": "object", + "properties": { + "excludedProjectNumbers": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "If the multi cloud account is of membership type organization, list of accounts excluded from offering" + }, + "organizationMembershipType": { + "type": "string", + "enum": [ + "Organization" + ] + }, + "serviceAccountEmailAddress": { + "type": "string", + "description": "The service account email address which represents the organization level permissions container." + }, + "workloadIdentityProviderId": { + "type": "string", + "description": "The GCP workload identity provider id which represents the permissions required to auto provision security connectors" + } + }, + "required": [ + "organizationMembershipType" + ], + "description": "The gcpOrganization data for the parent account" + }, + "GcpProjectDetails": { + "type": "object", + "properties": { + "projectId": { + "type": "string", + "description": "The GCP Project id" + }, + "projectNumber": { + "type": "string", + "description": "The unique GCP Project number" + } + }, + "description": "The details about the project represented by the security connector" + }, + "GcpProjectEnvironmentData": { + "type": "object", + "properties": { + "environmentType": { + "type": "string", + "enum": [ + "GcpProject" + ] + }, + "organizationalData": { + "oneOf": [ + { + "$ref": "#/definitions/GcpOrganizationalData" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The gcpOrganization data" + }, + "projectDetails": { + "oneOf": [ + { + "$ref": "#/definitions/GcpProjectDetails" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The details about the project represented by the security connector" + } + }, + "required": [ + "environmentType" + ], + "description": "The GCP project connector environment data" + }, + "GithubScopeEnvironmentData": { + "type": "object", + "properties": { + "environmentType": { + "type": "string", + "enum": [ + "GithubScope" + ] + } + }, + "required": [ + "environmentType" + ], + "description": "The github scope connector's environment data" + }, + "InformationProtectionAwsOffering": { + "type": "object", + "properties": { + "informationProtection": { + "oneOf": [ + { + "$ref": "#/definitions/InformationProtectionAwsOfferingInformationProtection" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The native cloud connection configuration" + }, + "offeringType": { + "type": "string", + "enum": [ + "InformationProtectionAws" + ] + } + }, + "required": [ + "offeringType" + ], + "description": "The information protection for AWS offering" + }, + "InformationProtectionAwsOfferingInformationProtection": { + "type": "object", + "properties": { + "cloudRoleArn": { + "type": "string", + "description": "The cloud role ARN in AWS for this feature" + } + }, + "description": "The native cloud connection configuration" + }, + "SecurityConnectorProperties": { + "type": "object", + "properties": { + "environmentData": { + "oneOf": [ + { + "$ref": "#/definitions/EnvironmentData" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The security connector environment data." + }, + "environmentName": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Azure", + "AWS", + "GCP", + "Github" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The multi cloud resource's cloud name." + }, + "hierarchyIdentifier": { + "type": "string", + "description": "The multi cloud resource identifier (account id in case of AWS connector, project number in case of GCP connector)." + }, + "offerings": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/CloudOffering" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "A collection of offerings for the security connector." + } + }, + "description": "A set of properties that defines the security connector configuration." + } + } +} \ No newline at end of file diff --git a/schemas/common/autogeneratedResources.json b/schemas/common/autogeneratedResources.json index 8684f9b3c1..1887c45fd2 100644 --- a/schemas/common/autogeneratedResources.json +++ b/schemas/common/autogeneratedResources.json @@ -12400,6 +12400,9 @@ { "$ref": "https://schema.management.azure.com/schemas/2021-08-01-preview/Microsoft.Security.json#/resourceDefinitions/standards" }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-12-01-preview/Microsoft.Security.json#/resourceDefinitions/securityConnectors" + }, { "$ref": "https://schema.management.azure.com/schemas/2021-01-11/Microsoft.SecurityAndCompliance.json#/resourceDefinitions/privateLinkServicesForEDMUpload" },