From b3a5de480406f0d4288fd4a2c127079ae0d294bc Mon Sep 17 00:00:00 2001 From: Alfurquan Zahedi Date: Tue, 6 Jun 2023 16:11:35 +0530 Subject: [PATCH 1/3] Updated spec for arc sql mi to include security and network settings --- .../CreateOrUpdateSqlManagedInstance.json | 77 +++++++++++- .../examples/GetSqlManagedInstance.json | 27 ++++- ...ListByResourceGroupSqlManagedInstance.json | 27 ++++- .../ListSubscriptionSqlManagedInstance.json | 27 ++++- .../examples/UpdateSqlManagedInstance.json | 27 ++++- .../sqlManagedInstances.json | 110 +++++++++++++++++- 6 files changed, 289 insertions(+), 6 deletions(-) diff --git a/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/examples/CreateOrUpdateSqlManagedInstance.json b/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/examples/CreateOrUpdateSqlManagedInstance.json index eb882a9d3cb9..8b8abca49d43 100644 --- a/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/examples/CreateOrUpdateSqlManagedInstance.json +++ b/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/examples/CreateOrUpdateSqlManagedInstance.json @@ -53,6 +53,31 @@ } } } + }, + "security": { + "adminLoginSecret": "test-sql-login-secret", + "serviceCertificateSecret": "Service Certificate Secret", + "activeDirectory": { + "connector": { + "name": "Name of connector", + "namespace": "Namespace of connector" + }, + "accountName": "Account name", + "keytabSecret": "Key tab secret of account", + "encryptionTypes": [ + "Encryption type item1, Encryption type item2,..." + ] + }, + "transparentDataEncryption": { + "mode": "SystemManaged" + } + }, + "settings": { + "network": { + "forceencryption": 0, + "tlsciphers": "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384", + "tlsprotocols": "1.2" + } } } } @@ -94,6 +119,31 @@ } } } + }, + "security": { + "adminLoginSecret": "test-sql-login-secret", + "serviceCertificateSecret": "Service Certificate Secret", + "activeDirectory": { + "connector": { + "name": "Name of connector", + "namespace": "Namespace of connector" + }, + "accountName": "Account name", + "keytabSecret": "Key tab secret of account", + "encryptionTypes": [ + "Encryption type item1, Encryption type item2,..." + ] + }, + "transparentDataEncryption": { + "mode": "SystemManaged" + } + }, + "settings": { + "network": { + "forceencryption": 0, + "tlsciphers": "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384", + "tlsprotocols": "1.2" + } } } } @@ -158,6 +208,31 @@ } } } + }, + "security": { + "adminLoginSecret": "test-sql-login-secret", + "serviceCertificateSecret": "Service Certificate Secret", + "activeDirectory": { + "connector": { + "name": "Name of connector", + "namespace": "Namespace of connector" + }, + "accountName": "Account name", + "keytabSecret": "Key tab secret of account", + "encryptionTypes": [ + "Encryption type item1, Encryption type item2,..." + ] + }, + "transparentDataEncryption": { + "mode": "SystemManaged" + } + }, + "settings": { + "network": { + "forceencryption": 0, + "tlsciphers": "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384", + "tlsprotocols": "1.2" + } } } } @@ -189,4 +264,4 @@ } } } -} +} \ No newline at end of file diff --git a/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/examples/GetSqlManagedInstance.json b/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/examples/GetSqlManagedInstance.json index 1c2a682140b0..1ada6a321234 100644 --- a/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/examples/GetSqlManagedInstance.json +++ b/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/examples/GetSqlManagedInstance.json @@ -40,6 +40,31 @@ } } } + }, + "security": { + "adminLoginSecret": "test-sql-login-secret", + "serviceCertificateSecret": "Service Certificate Secret", + "activeDirectory": { + "connector": { + "name": "Name of connector", + "namespace": "Namespace of connector" + }, + "accountName": "Account name", + "keytabSecret": "Key tab secret of account", + "encryptionTypes": [ + "Encryption type item1, Encryption type item2,..." + ] + }, + "transparentDataEncryption": { + "mode": "SystemManaged" + } + }, + "settings": { + "network": { + "forceencryption": 0, + "tlsciphers": "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384", + "tlsprotocols": "1.2" + } } } } @@ -71,4 +96,4 @@ } } } -} +} \ No newline at end of file diff --git a/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/examples/ListByResourceGroupSqlManagedInstance.json b/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/examples/ListByResourceGroupSqlManagedInstance.json index ff3a532df851..4ce069165aef 100644 --- a/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/examples/ListByResourceGroupSqlManagedInstance.json +++ b/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/examples/ListByResourceGroupSqlManagedInstance.json @@ -39,6 +39,31 @@ } } } + }, + "security": { + "adminLoginSecret": "test-sql-login-secret", + "serviceCertificateSecret": "Service Certificate Secret", + "activeDirectory": { + "connector": { + "name": "Name of connector", + "namespace": "Namespace of connector" + }, + "accountName": "Account name", + "keytabSecret": "Key tab secret of account", + "encryptionTypes": [ + "Encryption type item1, Encryption type item2,..." + ] + }, + "transparentDataEncryption": { + "mode": "SystemManaged" + } + }, + "settings": { + "network": { + "forceencryption": 0, + "tlsciphers": "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384", + "tlsprotocols": "1.2" + } } } } @@ -134,4 +159,4 @@ } } } -} +} \ No newline at end of file diff --git a/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/examples/ListSubscriptionSqlManagedInstance.json b/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/examples/ListSubscriptionSqlManagedInstance.json index 942a11f3853e..9fb3b2b8a9b2 100644 --- a/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/examples/ListSubscriptionSqlManagedInstance.json +++ b/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/examples/ListSubscriptionSqlManagedInstance.json @@ -40,6 +40,31 @@ } } } + }, + "security": { + "adminLoginSecret": "test-sql-login-secret", + "serviceCertificateSecret": "Service Certificate Secret", + "activeDirectory": { + "connector": { + "name": "Name of connector", + "namespace": "Namespace of connector" + }, + "accountName": "Account name", + "keytabSecret": "Key tab secret of account", + "encryptionTypes": [ + "Encryption type item1, Encryption type item2,..." + ] + }, + "transparentDataEncryption": { + "mode": "SystemManaged" + } + }, + "settings": { + "network": { + "forceencryption": 0, + "tlsciphers": "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384", + "tlsprotocols": "1.2" + } } } } @@ -135,4 +160,4 @@ } } } -} +} \ No newline at end of file diff --git a/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/examples/UpdateSqlManagedInstance.json b/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/examples/UpdateSqlManagedInstance.json index d5ff2b0ae598..7ae6e6cfa447 100644 --- a/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/examples/UpdateSqlManagedInstance.json +++ b/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/examples/UpdateSqlManagedInstance.json @@ -45,6 +45,31 @@ } } } + }, + "security": { + "adminLoginSecret": "test-sql-login-secret", + "serviceCertificateSecret": "Service Certificate Secret", + "activeDirectory": { + "connector": { + "name": "Name of connector", + "namespace": "Namespace of connector" + }, + "accountName": "Account name", + "keytabSecret": "Key tab secret of account", + "encryptionTypes": [ + "Encryption type item1, Encryption type item2,..." + ] + }, + "transparentDataEncryption": { + "mode": "SystemManaged" + } + }, + "settings": { + "network": { + "forceencryption": 0, + "tlsciphers": "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384", + "tlsprotocols": "1.2" + } } } } @@ -73,4 +98,4 @@ } } } -} +} \ No newline at end of file diff --git a/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/sqlManagedInstances.json b/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/sqlManagedInstances.json index 6145742e5826..18344198464b 100644 --- a/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/sqlManagedInstances.json +++ b/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/sqlManagedInstances.json @@ -185,6 +185,12 @@ "type": "integer", "format": "int32", "description": "This option specifies the number of SQL Managed Instance replicas that will be deployed in your Kubernetes cluster for high availability purposes. If sku.tier is BusinessCritical, allowed values are '2' or '3' with default of '3'. If sku.tier is GeneralPurpose, replicas must be '1'." + }, + "security": { + "$ref": "#/definitions/K8sSecurity" + }, + "settings": { + "$ref": "#/definitions/K8sSettings" } }, "additionalProperties": { @@ -238,6 +244,108 @@ "type": "object" } }, + "K8sSecurity": { + "type": "object", + "description": "The kubernetes security information.", + "properties": { + "adminLoginSecret": { + "type": "string", + "description": "Admin login secret key" + }, + "serviceCertificateSecret": { + "type": "string", + "description": "Service certificate secret used" + }, + "activeDirectory": { + "$ref": "#/definitions/K8sActiveDirectory" + }, + "transparentDataEncryption": { + "$ref": "#/definitions/k8stransparentDataEncryption" + } + }, + "additionalProperties": { + "type": "object" + } + }, + "K8sActiveDirectory": { + "type": "object", + "description": "The kubernetes active directory information.", + "properties": { + "connector": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Name of the connector" + }, + "namespace": { + "type": "string", + "description": "Name space of the connector" + } + } + }, + "accountName": { + "type": "string", + "description": "Account name for AAD" + }, + "keytabSecret": { + "type": "string", + "description": "Keytab secret used to authenticate with Active Directory." + }, + "encryptionTypes": { + "type": "array", + "description": "An array of encryption types", + "items": { + "type": "string" + } + } + } + }, + "k8stransparentDataEncryption": { + "type": "object", + "description": "Transparent data encryption information.", + "properties": { + "mode": { + "type": "string", + "description": "Transparent data encryption mode. Can be Service Managed, Customer managed or disabled" + }, + "protectorSecret": { + "type": "string", + "description": "Protector secret for customer managed Transparent data encryption mode" + } + } + }, + "K8sSettings": { + "type": "object", + "description": "The kubernetes settings information.", + "properties": { + "network": { + "$ref": "#/definitions/K8sNetworkSettings" + } + }, + "additionalProperties": { + "type": "object" + } + }, + "K8sNetworkSettings": { + "type": "object", + "description": "The kubernetes network settings information.", + "properties": { + "forceencryption": { + "type": "integer", + "format": "int32", + "description": "If 1, then SQL Server forces all connections to be encrypted. By default, this option is 0" + }, + "tlsciphers": { + "type": "string", + "description": "Specifies which ciphers are allowed by SQL Server for TLS" + }, + "tlsprotocols": { + "type": "string", + "description": "A comma-separated list of which TLS protocols are allowed by SQL Server" + } + } + }, "KeytabInformation": { "type": "object", "description": "Keytab used for authenticate with Active Directory.", @@ -304,4 +412,4 @@ } } } -} +} \ No newline at end of file From 640e811efe256b12744c5760c1b7d5488f874ea6 Mon Sep 17 00:00:00 2001 From: Alfurquan Zahedi Date: Tue, 6 Jun 2023 16:41:49 +0530 Subject: [PATCH 2/3] Fixed prettier issues --- .../examples/CreateOrUpdateSqlManagedInstance.json | 2 +- .../2023-01-15-preview/examples/GetSqlManagedInstance.json | 2 +- .../examples/ListByResourceGroupSqlManagedInstance.json | 2 +- .../examples/ListSubscriptionSqlManagedInstance.json | 2 +- .../2023-01-15-preview/examples/UpdateSqlManagedInstance.json | 2 +- .../preview/2023-01-15-preview/sqlManagedInstances.json | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/examples/CreateOrUpdateSqlManagedInstance.json b/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/examples/CreateOrUpdateSqlManagedInstance.json index 8b8abca49d43..a67f3dc45a95 100644 --- a/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/examples/CreateOrUpdateSqlManagedInstance.json +++ b/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/examples/CreateOrUpdateSqlManagedInstance.json @@ -264,4 +264,4 @@ } } } -} \ No newline at end of file +} diff --git a/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/examples/GetSqlManagedInstance.json b/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/examples/GetSqlManagedInstance.json index 1ada6a321234..79bb311aedd4 100644 --- a/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/examples/GetSqlManagedInstance.json +++ b/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/examples/GetSqlManagedInstance.json @@ -96,4 +96,4 @@ } } } -} \ No newline at end of file +} diff --git a/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/examples/ListByResourceGroupSqlManagedInstance.json b/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/examples/ListByResourceGroupSqlManagedInstance.json index 4ce069165aef..ff6a721aeee5 100644 --- a/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/examples/ListByResourceGroupSqlManagedInstance.json +++ b/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/examples/ListByResourceGroupSqlManagedInstance.json @@ -159,4 +159,4 @@ } } } -} \ No newline at end of file +} diff --git a/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/examples/ListSubscriptionSqlManagedInstance.json b/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/examples/ListSubscriptionSqlManagedInstance.json index 9fb3b2b8a9b2..59a191f54c5d 100644 --- a/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/examples/ListSubscriptionSqlManagedInstance.json +++ b/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/examples/ListSubscriptionSqlManagedInstance.json @@ -160,4 +160,4 @@ } } } -} \ No newline at end of file +} diff --git a/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/examples/UpdateSqlManagedInstance.json b/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/examples/UpdateSqlManagedInstance.json index 7ae6e6cfa447..02b246ec362a 100644 --- a/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/examples/UpdateSqlManagedInstance.json +++ b/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/examples/UpdateSqlManagedInstance.json @@ -98,4 +98,4 @@ } } } -} \ No newline at end of file +} diff --git a/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/sqlManagedInstances.json b/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/sqlManagedInstances.json index 18344198464b..b5e729802aff 100644 --- a/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/sqlManagedInstances.json +++ b/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/sqlManagedInstances.json @@ -412,4 +412,4 @@ } } } -} \ No newline at end of file +} From a3d444692b790553d8077dd351494a9e27d74726 Mon Sep 17 00:00:00 2001 From: Alfurquan Zahedi Date: Tue, 6 Jun 2023 16:49:21 +0530 Subject: [PATCH 3/3] Resolved spell checks --- custom-words.txt | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/custom-words.txt b/custom-words.txt index 92f893c3a760..346031465131 100644 --- a/custom-words.txt +++ b/custom-words.txt @@ -2838,4 +2838,8 @@ serde onetoone onetomany manytoone -manytomany \ No newline at end of file +manytomany +stransparent +forceencryption +tlsciphers +tlsprotocols \ No newline at end of file